From fa7d5392b15f1b25a3a6cb8845753f27d8d32072 Mon Sep 17 00:00:00 2001
From: Diogo Martins <diogoalves@ua.pt>
Date: Thu, 12 Feb 2026 21:53:31 +0000
Subject: [PATCH 1/2] Add feature - ON mouse hover or click show a detailed
 info on request and response

---
 .github/workflows/probe.yml                   |    3 +
 docs/hugo.yaml                                |    7 +-
 docs/static/probe/data.js                     |    1 +
 docs/static/probe/render.js                   |  111 +-
 src/Http11Probe.Cli/Reporting/JsonReporter.cs |    5 +-
 src/Http11Probe/Response/HttpResponse.cs      |    2 +
 src/Http11Probe/Response/ResponseParser.cs    |   19 +-
 src/Http11Probe/Runner/TestRunner.cs          |    5 +
 .../TestCases/Suites/SmugglingSuite.cs        |   68 +-
 src/Http11Probe/TestCases/TestCase.cs         |    3 +
 src/Http11Probe/TestCases/TestResult.cs       |    2 +
 src/Servers/ActixServer/src/main.rs           |   18 +-
 src/Servers/AspNetMinimal/Program.cs          |    7 +-
 src/Servers/BunServer/server.ts               |    6 +-
 src/Servers/DenoServer/server.ts              |    6 +-
 src/Servers/EmbedIOServer/Program.cs          |   13 +-
 .../ExpressServer/node_modules/.bin/mime      |    1 +
 .../node_modules/.package-lock.json           |  751 ++
 .../node_modules/accepts/HISTORY.md           |  243 +
 .../node_modules/accepts/LICENSE              |   23 +
 .../node_modules/accepts/README.md            |  140 +
 .../node_modules/accepts/index.js             |  238 +
 .../node_modules/accepts/package.json         |   47 +
 .../node_modules/array-flatten/LICENSE        |   21 +
 .../node_modules/array-flatten/README.md      |   43 +
 .../array-flatten/array-flatten.js            |   64 +
 .../node_modules/array-flatten/package.json   |   39 +
 .../node_modules/body-parser/HISTORY.md       |  680 ++
 .../node_modules/body-parser/LICENSE          |   23 +
 .../node_modules/body-parser/README.md        |  476 +
 .../node_modules/body-parser/index.js         |  156 +
 .../node_modules/body-parser/lib/read.js      |  205 +
 .../body-parser/lib/types/json.js             |  247 +
 .../node_modules/body-parser/lib/types/raw.js |  101 +
 .../body-parser/lib/types/text.js             |  121 +
 .../body-parser/lib/types/urlencoded.js       |  300 +
 .../node_modules/body-parser/package.json     |   55 +
 .../node_modules/bytes/History.md             |   97 +
 .../ExpressServer/node_modules/bytes/LICENSE  |   23 +
 .../node_modules/bytes/Readme.md              |  152 +
 .../ExpressServer/node_modules/bytes/index.js |  170 +
 .../node_modules/bytes/package.json           |   42 +
 .../call-bind-apply-helpers/.eslintrc         |   17 +
 .../.github/FUNDING.yml                       |   12 +
 .../call-bind-apply-helpers/.nycrc            |    9 +
 .../call-bind-apply-helpers/CHANGELOG.md      |   30 +
 .../call-bind-apply-helpers/LICENSE           |   21 +
 .../call-bind-apply-helpers/README.md         |   62 +
 .../call-bind-apply-helpers/actualApply.d.ts  |    1 +
 .../call-bind-apply-helpers/actualApply.js    |   10 +
 .../call-bind-apply-helpers/applyBind.d.ts    |   19 +
 .../call-bind-apply-helpers/applyBind.js      |   10 +
 .../functionApply.d.ts                        |    1 +
 .../call-bind-apply-helpers/functionApply.js  |    4 +
 .../call-bind-apply-helpers/functionCall.d.ts |    1 +
 .../call-bind-apply-helpers/functionCall.js   |    4 +
 .../call-bind-apply-helpers/index.d.ts        |   64 +
 .../call-bind-apply-helpers/index.js          |   15 +
 .../call-bind-apply-helpers/package.json      |   85 +
 .../call-bind-apply-helpers/reflectApply.d.ts |    3 +
 .../call-bind-apply-helpers/reflectApply.js   |    4 +
 .../call-bind-apply-helpers/test/index.js     |   63 +
 .../call-bind-apply-helpers/tsconfig.json     |    9 +
 .../node_modules/call-bound/.eslintrc         |   13 +
 .../call-bound/.github/FUNDING.yml            |   12 +
 .../node_modules/call-bound/.nycrc            |    9 +
 .../node_modules/call-bound/CHANGELOG.md      |   42 +
 .../node_modules/call-bound/LICENSE           |   21 +
 .../node_modules/call-bound/README.md         |   53 +
 .../node_modules/call-bound/index.d.ts        |   94 +
 .../node_modules/call-bound/index.js          |   19 +
 .../node_modules/call-bound/package.json      |   99 +
 .../node_modules/call-bound/test/index.js     |   61 +
 .../node_modules/call-bound/tsconfig.json     |   10 +
 .../content-disposition/HISTORY.md            |   60 +
 .../node_modules/content-disposition/LICENSE  |   22 +
 .../content-disposition/README.md             |  142 +
 .../node_modules/content-disposition/index.js |  458 +
 .../content-disposition/package.json          |   44 +
 .../node_modules/content-type/HISTORY.md      |   29 +
 .../node_modules/content-type/LICENSE         |   22 +
 .../node_modules/content-type/README.md       |   94 +
 .../node_modules/content-type/index.js        |  225 +
 .../node_modules/content-type/package.json    |   42 +
 .../node_modules/cookie-signature/History.md  |   42 +
 .../node_modules/cookie-signature/Readme.md   |   42 +
 .../node_modules/cookie-signature/index.js    |   51 +
 .../cookie-signature/package.json             |   18 +
 .../ExpressServer/node_modules/cookie/LICENSE |   24 +
 .../node_modules/cookie/README.md             |  317 +
 .../node_modules/cookie/SECURITY.md           |   25 +
 .../node_modules/cookie/index.js              |  335 +
 .../node_modules/cookie/package.json          |   44 +
 .../node_modules/depd/History.md              |  103 +
 .../ExpressServer/node_modules/depd/LICENSE   |   22 +
 .../ExpressServer/node_modules/depd/Readme.md |  280 +
 .../ExpressServer/node_modules/depd/index.js  |  538 ++
 .../node_modules/depd/lib/browser/index.js    |   77 +
 .../node_modules/depd/package.json            |   45 +
 .../node_modules/destroy/LICENSE              |   23 +
 .../node_modules/destroy/README.md            |   63 +
 .../node_modules/destroy/index.js             |  209 +
 .../node_modules/destroy/package.json         |   48 +
 .../node_modules/dunder-proto/.eslintrc       |    5 +
 .../dunder-proto/.github/FUNDING.yml          |   12 +
 .../node_modules/dunder-proto/.nycrc          |   13 +
 .../node_modules/dunder-proto/CHANGELOG.md    |   24 +
 .../node_modules/dunder-proto/LICENSE         |   21 +
 .../node_modules/dunder-proto/README.md       |   54 +
 .../node_modules/dunder-proto/get.d.ts        |    5 +
 .../node_modules/dunder-proto/get.js          |   30 +
 .../node_modules/dunder-proto/package.json    |   76 +
 .../node_modules/dunder-proto/set.d.ts        |    5 +
 .../node_modules/dunder-proto/set.js          |   35 +
 .../node_modules/dunder-proto/test/get.js     |   34 +
 .../node_modules/dunder-proto/test/index.js   |    4 +
 .../node_modules/dunder-proto/test/set.js     |   50 +
 .../node_modules/dunder-proto/tsconfig.json   |    9 +
 .../node_modules/ee-first/LICENSE             |   22 +
 .../node_modules/ee-first/README.md           |   80 +
 .../node_modules/ee-first/index.js            |   95 +
 .../node_modules/ee-first/package.json        |   29 +
 .../node_modules/encodeurl/LICENSE            |   22 +
 .../node_modules/encodeurl/README.md          |  109 +
 .../node_modules/encodeurl/index.js           |   60 +
 .../node_modules/encodeurl/package.json       |   40 +
 .../node_modules/es-define-property/.eslintrc |   13 +
 .../es-define-property/.github/FUNDING.yml    |   12 +
 .../node_modules/es-define-property/.nycrc    |    9 +
 .../es-define-property/CHANGELOG.md           |   29 +
 .../node_modules/es-define-property/LICENSE   |   21 +
 .../node_modules/es-define-property/README.md |   49 +
 .../es-define-property/index.d.ts             |    3 +
 .../node_modules/es-define-property/index.js  |   14 +
 .../es-define-property/package.json           |   81 +
 .../es-define-property/test/index.js          |   56 +
 .../es-define-property/tsconfig.json          |   10 +
 .../node_modules/es-errors/.eslintrc          |    5 +
 .../es-errors/.github/FUNDING.yml             |   12 +
 .../node_modules/es-errors/CHANGELOG.md       |   40 +
 .../node_modules/es-errors/LICENSE            |   21 +
 .../node_modules/es-errors/README.md          |   55 +
 .../node_modules/es-errors/eval.d.ts          |    3 +
 .../node_modules/es-errors/eval.js            |    4 +
 .../node_modules/es-errors/index.d.ts         |    3 +
 .../node_modules/es-errors/index.js           |    4 +
 .../node_modules/es-errors/package.json       |   80 +
 .../node_modules/es-errors/range.d.ts         |    3 +
 .../node_modules/es-errors/range.js           |    4 +
 .../node_modules/es-errors/ref.d.ts           |    3 +
 .../node_modules/es-errors/ref.js             |    4 +
 .../node_modules/es-errors/syntax.d.ts        |    3 +
 .../node_modules/es-errors/syntax.js          |    4 +
 .../node_modules/es-errors/test/index.js      |   19 +
 .../node_modules/es-errors/tsconfig.json      |   49 +
 .../node_modules/es-errors/type.d.ts          |    3 +
 .../node_modules/es-errors/type.js            |    4 +
 .../node_modules/es-errors/uri.d.ts           |    3 +
 .../node_modules/es-errors/uri.js             |    4 +
 .../node_modules/es-object-atoms/.eslintrc    |   16 +
 .../es-object-atoms/.github/FUNDING.yml       |   12 +
 .../node_modules/es-object-atoms/CHANGELOG.md |   37 +
 .../node_modules/es-object-atoms/LICENSE      |   21 +
 .../node_modules/es-object-atoms/README.md    |   63 +
 .../RequireObjectCoercible.d.ts               |    3 +
 .../es-object-atoms/RequireObjectCoercible.js |   11 +
 .../es-object-atoms/ToObject.d.ts             |    7 +
 .../node_modules/es-object-atoms/ToObject.js  |   10 +
 .../node_modules/es-object-atoms/index.d.ts   |    3 +
 .../node_modules/es-object-atoms/index.js     |    4 +
 .../es-object-atoms/isObject.d.ts             |    3 +
 .../node_modules/es-object-atoms/isObject.js  |    6 +
 .../node_modules/es-object-atoms/package.json |   80 +
 .../es-object-atoms/test/index.js             |   38 +
 .../es-object-atoms/tsconfig.json             |    6 +
 .../node_modules/escape-html/LICENSE          |   24 +
 .../node_modules/escape-html/Readme.md        |   43 +
 .../node_modules/escape-html/index.js         |   78 +
 .../node_modules/escape-html/package.json     |   24 +
 .../node_modules/etag/HISTORY.md              |   83 +
 .../ExpressServer/node_modules/etag/LICENSE   |   22 +
 .../ExpressServer/node_modules/etag/README.md |  159 +
 .../ExpressServer/node_modules/etag/index.js  |  131 +
 .../node_modules/etag/package.json            |   47 +
 .../node_modules/express/History.md           | 3667 +++++++
 .../node_modules/express/LICENSE              |   24 +
 .../node_modules/express/Readme.md            |  260 +
 .../node_modules/express/index.js             |   11 +
 .../node_modules/express/lib/application.js   |  661 ++
 .../node_modules/express/lib/express.js       |  116 +
 .../express/lib/middleware/init.js            |   43 +
 .../express/lib/middleware/query.js           |   47 +
 .../node_modules/express/lib/request.js       |  525 +
 .../node_modules/express/lib/response.js      | 1179 +++
 .../node_modules/express/lib/router/index.js  |  673 ++
 .../node_modules/express/lib/router/layer.js  |  181 +
 .../node_modules/express/lib/router/route.js  |  230 +
 .../node_modules/express/lib/utils.js         |  303 +
 .../node_modules/express/lib/view.js          |  182 +
 .../node_modules/express/package.json         |  102 +
 .../node_modules/finalhandler/HISTORY.md      |  216 +
 .../node_modules/finalhandler/LICENSE         |   22 +
 .../node_modules/finalhandler/README.md       |  147 +
 .../node_modules/finalhandler/SECURITY.md     |   25 +
 .../node_modules/finalhandler/index.js        |  341 +
 .../node_modules/finalhandler/package.json    |   47 +
 .../node_modules/forwarded/HISTORY.md         |   21 +
 .../node_modules/forwarded/LICENSE            |   22 +
 .../node_modules/forwarded/README.md          |   57 +
 .../node_modules/forwarded/index.js           |   90 +
 .../node_modules/forwarded/package.json       |   45 +
 .../node_modules/fresh/HISTORY.md             |   70 +
 .../ExpressServer/node_modules/fresh/LICENSE  |   23 +
 .../node_modules/fresh/README.md              |  119 +
 .../ExpressServer/node_modules/fresh/index.js |  137 +
 .../node_modules/fresh/package.json           |   46 +
 .../node_modules/function-bind/.eslintrc      |   21 +
 .../function-bind/.github/FUNDING.yml         |   12 +
 .../function-bind/.github/SECURITY.md         |    3 +
 .../node_modules/function-bind/.nycrc         |   13 +
 .../node_modules/function-bind/CHANGELOG.md   |  136 +
 .../node_modules/function-bind/LICENSE        |   20 +
 .../node_modules/function-bind/README.md      |   46 +
 .../function-bind/implementation.js           |   84 +
 .../node_modules/function-bind/index.js       |    5 +
 .../node_modules/function-bind/package.json   |   87 +
 .../node_modules/function-bind/test/.eslintrc |    9 +
 .../node_modules/function-bind/test/index.js  |  252 +
 .../node_modules/get-intrinsic/.eslintrc      |   42 +
 .../get-intrinsic/.github/FUNDING.yml         |   12 +
 .../node_modules/get-intrinsic/.nycrc         |    9 +
 .../node_modules/get-intrinsic/CHANGELOG.md   |  186 +
 .../node_modules/get-intrinsic/LICENSE        |   21 +
 .../node_modules/get-intrinsic/README.md      |   71 +
 .../node_modules/get-intrinsic/index.js       |  378 +
 .../node_modules/get-intrinsic/package.json   |   97 +
 .../get-intrinsic/test/GetIntrinsic.js        |  274 +
 .../node_modules/get-proto/.eslintrc          |   10 +
 .../get-proto/.github/FUNDING.yml             |   12 +
 .../node_modules/get-proto/.nycrc             |    9 +
 .../node_modules/get-proto/CHANGELOG.md       |   21 +
 .../node_modules/get-proto/LICENSE            |   21 +
 .../get-proto/Object.getPrototypeOf.d.ts      |    5 +
 .../get-proto/Object.getPrototypeOf.js        |    6 +
 .../node_modules/get-proto/README.md          |   50 +
 .../get-proto/Reflect.getPrototypeOf.d.ts     |    3 +
 .../get-proto/Reflect.getPrototypeOf.js       |    4 +
 .../node_modules/get-proto/index.d.ts         |    5 +
 .../node_modules/get-proto/index.js           |   27 +
 .../node_modules/get-proto/package.json       |   81 +
 .../node_modules/get-proto/test/index.js      |   68 +
 .../node_modules/get-proto/tsconfig.json      |    9 +
 .../ExpressServer/node_modules/gopd/.eslintrc |   16 +
 .../node_modules/gopd/.github/FUNDING.yml     |   12 +
 .../node_modules/gopd/CHANGELOG.md            |   45 +
 .../ExpressServer/node_modules/gopd/LICENSE   |   21 +
 .../ExpressServer/node_modules/gopd/README.md |   40 +
 .../ExpressServer/node_modules/gopd/gOPD.d.ts |    1 +
 .../ExpressServer/node_modules/gopd/gOPD.js   |    4 +
 .../node_modules/gopd/index.d.ts              |    5 +
 .../ExpressServer/node_modules/gopd/index.js  |   15 +
 .../node_modules/gopd/package.json            |   77 +
 .../node_modules/gopd/test/index.js           |   36 +
 .../node_modules/gopd/tsconfig.json           |    9 +
 .../node_modules/has-symbols/.eslintrc        |   11 +
 .../has-symbols/.github/FUNDING.yml           |   12 +
 .../node_modules/has-symbols/.nycrc           |    9 +
 .../node_modules/has-symbols/CHANGELOG.md     |   91 +
 .../node_modules/has-symbols/LICENSE          |   21 +
 .../node_modules/has-symbols/README.md        |   46 +
 .../node_modules/has-symbols/index.d.ts       |    3 +
 .../node_modules/has-symbols/index.js         |   14 +
 .../node_modules/has-symbols/package.json     |  111 +
 .../node_modules/has-symbols/shams.d.ts       |    3 +
 .../node_modules/has-symbols/shams.js         |   45 +
 .../node_modules/has-symbols/test/index.js    |   22 +
 .../has-symbols/test/shams/core-js.js         |   29 +
 .../test/shams/get-own-property-symbols.js    |   29 +
 .../node_modules/has-symbols/test/tests.js    |   58 +
 .../node_modules/has-symbols/tsconfig.json    |   10 +
 .../node_modules/hasown/.eslintrc             |    5 +
 .../node_modules/hasown/.github/FUNDING.yml   |   12 +
 .../ExpressServer/node_modules/hasown/.nycrc  |   13 +
 .../node_modules/hasown/CHANGELOG.md          |   40 +
 .../ExpressServer/node_modules/hasown/LICENSE |   21 +
 .../node_modules/hasown/README.md             |   40 +
 .../node_modules/hasown/index.d.ts            |    3 +
 .../node_modules/hasown/index.js              |    8 +
 .../node_modules/hasown/package.json          |   92 +
 .../node_modules/hasown/tsconfig.json         |    6 +
 .../node_modules/http-errors/HISTORY.md       |  186 +
 .../node_modules/http-errors/LICENSE          |   23 +
 .../node_modules/http-errors/README.md        |  169 +
 .../node_modules/http-errors/index.js         |  290 +
 .../node_modules/http-errors/package.json     |   54 +
 .../node_modules/iconv-lite/Changelog.md      |  162 +
 .../node_modules/iconv-lite/LICENSE           |   21 +
 .../node_modules/iconv-lite/README.md         |  156 +
 .../iconv-lite/encodings/dbcs-codec.js        |  555 ++
 .../iconv-lite/encodings/dbcs-data.js         |  176 +
 .../iconv-lite/encodings/index.js             |   22 +
 .../iconv-lite/encodings/internal.js          |  188 +
 .../iconv-lite/encodings/sbcs-codec.js        |   72 +
 .../encodings/sbcs-data-generated.js          |  451 +
 .../iconv-lite/encodings/sbcs-data.js         |  174 +
 .../encodings/tables/big5-added.json          |  122 +
 .../iconv-lite/encodings/tables/cp936.json    |  264 +
 .../iconv-lite/encodings/tables/cp949.json    |  273 +
 .../iconv-lite/encodings/tables/cp950.json    |  177 +
 .../iconv-lite/encodings/tables/eucjp.json    |  182 +
 .../encodings/tables/gb18030-ranges.json      |    1 +
 .../encodings/tables/gbk-added.json           |   55 +
 .../iconv-lite/encodings/tables/shiftjis.json |  125 +
 .../iconv-lite/encodings/utf16.js             |  177 +
 .../node_modules/iconv-lite/encodings/utf7.js |  290 +
 .../iconv-lite/lib/bom-handling.js            |   52 +
 .../iconv-lite/lib/extend-node.js             |  217 +
 .../node_modules/iconv-lite/lib/index.d.ts    |   24 +
 .../node_modules/iconv-lite/lib/index.js      |  153 +
 .../node_modules/iconv-lite/lib/streams.js    |  121 +
 .../node_modules/iconv-lite/package.json      |   46 +
 .../node_modules/inherits/LICENSE             |   16 +
 .../node_modules/inherits/README.md           |   42 +
 .../node_modules/inherits/inherits.js         |    9 +
 .../node_modules/inherits/inherits_browser.js |   27 +
 .../node_modules/inherits/package.json        |   29 +
 .../node_modules/ipaddr.js/LICENSE            |   19 +
 .../node_modules/ipaddr.js/README.md          |  233 +
 .../node_modules/ipaddr.js/ipaddr.min.js      |    1 +
 .../node_modules/ipaddr.js/lib/ipaddr.js      |  673 ++
 .../node_modules/ipaddr.js/lib/ipaddr.js.d.ts |   68 +
 .../node_modules/ipaddr.js/package.json       |   35 +
 .../node_modules/math-intrinsics/.eslintrc    |   16 +
 .../math-intrinsics/.github/FUNDING.yml       |   12 +
 .../node_modules/math-intrinsics/CHANGELOG.md |   24 +
 .../node_modules/math-intrinsics/LICENSE      |   21 +
 .../node_modules/math-intrinsics/README.md    |   50 +
 .../node_modules/math-intrinsics/abs.d.ts     |    1 +
 .../node_modules/math-intrinsics/abs.js       |    4 +
 .../constants/maxArrayLength.d.ts             |    3 +
 .../constants/maxArrayLength.js               |    4 +
 .../constants/maxSafeInteger.d.ts             |    3 +
 .../constants/maxSafeInteger.js               |    5 +
 .../math-intrinsics/constants/maxValue.d.ts   |    3 +
 .../math-intrinsics/constants/maxValue.js     |    5 +
 .../node_modules/math-intrinsics/floor.d.ts   |    1 +
 .../node_modules/math-intrinsics/floor.js     |    4 +
 .../math-intrinsics/isFinite.d.ts             |    3 +
 .../node_modules/math-intrinsics/isFinite.js  |   12 +
 .../math-intrinsics/isInteger.d.ts            |    3 +
 .../node_modules/math-intrinsics/isInteger.js |   16 +
 .../node_modules/math-intrinsics/isNaN.d.ts   |    1 +
 .../node_modules/math-intrinsics/isNaN.js     |    6 +
 .../math-intrinsics/isNegativeZero.d.ts       |    3 +
 .../math-intrinsics/isNegativeZero.js         |    6 +
 .../node_modules/math-intrinsics/max.d.ts     |    1 +
 .../node_modules/math-intrinsics/max.js       |    4 +
 .../node_modules/math-intrinsics/min.d.ts     |    1 +
 .../node_modules/math-intrinsics/min.js       |    4 +
 .../node_modules/math-intrinsics/mod.d.ts     |    3 +
 .../node_modules/math-intrinsics/mod.js       |    9 +
 .../node_modules/math-intrinsics/package.json |   86 +
 .../node_modules/math-intrinsics/pow.d.ts     |    1 +
 .../node_modules/math-intrinsics/pow.js       |    4 +
 .../node_modules/math-intrinsics/round.d.ts   |    1 +
 .../node_modules/math-intrinsics/round.js     |    4 +
 .../node_modules/math-intrinsics/sign.d.ts    |    3 +
 .../node_modules/math-intrinsics/sign.js      |   11 +
 .../math-intrinsics/test/index.js             |  192 +
 .../math-intrinsics/tsconfig.json             |    3 +
 .../node_modules/media-typer/HISTORY.md       |   22 +
 .../node_modules/media-typer/LICENSE          |   22 +
 .../node_modules/media-typer/README.md        |   81 +
 .../node_modules/media-typer/index.js         |  270 +
 .../node_modules/media-typer/package.json     |   26 +
 .../node_modules/merge-descriptors/HISTORY.md |   21 +
 .../node_modules/merge-descriptors/LICENSE    |   23 +
 .../node_modules/merge-descriptors/README.md  |   49 +
 .../node_modules/merge-descriptors/index.js   |   60 +
 .../merge-descriptors/package.json            |   39 +
 .../node_modules/methods/HISTORY.md           |   29 +
 .../node_modules/methods/LICENSE              |   24 +
 .../node_modules/methods/README.md            |   51 +
 .../node_modules/methods/index.js             |   69 +
 .../node_modules/methods/package.json         |   36 +
 .../node_modules/mime-db/HISTORY.md           |  507 +
 .../node_modules/mime-db/LICENSE              |   23 +
 .../node_modules/mime-db/README.md            |  100 +
 .../node_modules/mime-db/db.json              | 8519 +++++++++++++++++
 .../node_modules/mime-db/index.js             |   12 +
 .../node_modules/mime-db/package.json         |   60 +
 .../node_modules/mime-types/HISTORY.md        |  397 +
 .../node_modules/mime-types/LICENSE           |   23 +
 .../node_modules/mime-types/README.md         |  113 +
 .../node_modules/mime-types/index.js          |  188 +
 .../node_modules/mime-types/package.json      |   44 +
 .../node_modules/mime/.npmignore              |    0
 .../node_modules/mime/CHANGELOG.md            |  164 +
 .../ExpressServer/node_modules/mime/LICENSE   |   21 +
 .../ExpressServer/node_modules/mime/README.md |   90 +
 .../ExpressServer/node_modules/mime/cli.js    |    8 +
 .../ExpressServer/node_modules/mime/mime.js   |  108 +
 .../node_modules/mime/package.json            |   44 +
 .../node_modules/mime/src/build.js            |   53 +
 .../node_modules/mime/src/test.js             |   60 +
 .../node_modules/mime/types.json              |    1 +
 .../ExpressServer/node_modules/ms/index.js    |  152 +
 .../ExpressServer/node_modules/ms/license.md  |   21 +
 .../node_modules/ms/package.json              |   37 +
 .../ExpressServer/node_modules/ms/readme.md   |   51 +
 .../node_modules/negotiator/HISTORY.md        |  108 +
 .../node_modules/negotiator/LICENSE           |   24 +
 .../node_modules/negotiator/README.md         |  203 +
 .../node_modules/negotiator/index.js          |   82 +
 .../node_modules/negotiator/lib/charset.js    |  169 +
 .../node_modules/negotiator/lib/encoding.js   |  184 +
 .../node_modules/negotiator/lib/language.js   |  179 +
 .../node_modules/negotiator/lib/mediaType.js  |  294 +
 .../node_modules/negotiator/package.json      |   42 +
 .../node_modules/object-inspect/.eslintrc     |   53 +
 .../object-inspect/.github/FUNDING.yml        |   12 +
 .../node_modules/object-inspect/.nycrc        |   13 +
 .../node_modules/object-inspect/CHANGELOG.md  |  424 +
 .../node_modules/object-inspect/LICENSE       |   21 +
 .../object-inspect/example/all.js             |   23 +
 .../object-inspect/example/circular.js        |    6 +
 .../node_modules/object-inspect/example/fn.js |    5 +
 .../object-inspect/example/inspect.js         |   10 +
 .../node_modules/object-inspect/index.js      |  544 ++
 .../object-inspect/package-support.json       |   20 +
 .../node_modules/object-inspect/package.json  |  105 +
 .../object-inspect/readme.markdown            |   84 +
 .../object-inspect/test-core-js.js            |   26 +
 .../object-inspect/test/bigint.js             |   58 +
 .../object-inspect/test/browser/dom.js        |   15 +
 .../object-inspect/test/circular.js           |   16 +
 .../node_modules/object-inspect/test/deep.js  |   12 +
 .../object-inspect/test/element.js            |   53 +
 .../node_modules/object-inspect/test/err.js   |   48 +
 .../node_modules/object-inspect/test/fakes.js |   29 +
 .../node_modules/object-inspect/test/fn.js    |   76 +
 .../object-inspect/test/global.js             |   17 +
 .../node_modules/object-inspect/test/has.js   |   15 +
 .../node_modules/object-inspect/test/holes.js |   15 +
 .../object-inspect/test/indent-option.js      |  271 +
 .../object-inspect/test/inspect.js            |  139 +
 .../object-inspect/test/lowbyte.js            |   12 +
 .../object-inspect/test/number.js             |   58 +
 .../object-inspect/test/quoteStyle.js         |   26 +
 .../object-inspect/test/toStringTag.js        |   40 +
 .../node_modules/object-inspect/test/undef.js |   12 +
 .../object-inspect/test/values.js             |  261 +
 .../object-inspect/util.inspect.js            |    1 +
 .../node_modules/on-finished/HISTORY.md       |   98 +
 .../node_modules/on-finished/LICENSE          |   23 +
 .../node_modules/on-finished/README.md        |  162 +
 .../node_modules/on-finished/index.js         |  234 +
 .../node_modules/on-finished/package.json     |   39 +
 .../node_modules/parseurl/HISTORY.md          |   58 +
 .../node_modules/parseurl/LICENSE             |   24 +
 .../node_modules/parseurl/README.md           |  133 +
 .../node_modules/parseurl/index.js            |  158 +
 .../node_modules/parseurl/package.json        |   40 +
 .../node_modules/path-to-regexp/LICENSE       |   21 +
 .../node_modules/path-to-regexp/Readme.md     |   35 +
 .../node_modules/path-to-regexp/index.js      |  156 +
 .../node_modules/path-to-regexp/package.json  |   30 +
 .../node_modules/proxy-addr/HISTORY.md        |  161 +
 .../node_modules/proxy-addr/LICENSE           |   22 +
 .../node_modules/proxy-addr/README.md         |  139 +
 .../node_modules/proxy-addr/index.js          |  327 +
 .../node_modules/proxy-addr/package.json      |   47 +
 .../node_modules/qs/.editorconfig             |   46 +
 .../node_modules/qs/.github/FUNDING.yml       |   12 +
 .../node_modules/qs/.github/SECURITY.md       |   11 +
 .../node_modules/qs/.github/THREAT_MODEL.md   |   78 +
 .../ExpressServer/node_modules/qs/.nycrc      |   13 +
 .../node_modules/qs/CHANGELOG.md              |  644 ++
 .../ExpressServer/node_modules/qs/LICENSE.md  |   29 +
 .../ExpressServer/node_modules/qs/README.md   |  740 ++
 .../ExpressServer/node_modules/qs/dist/qs.js  |  141 +
 .../node_modules/qs/eslint.config.mjs         |   56 +
 .../node_modules/qs/lib/formats.js            |   23 +
 .../node_modules/qs/lib/index.js              |   11 +
 .../node_modules/qs/lib/parse.js              |  371 +
 .../node_modules/qs/lib/stringify.js          |  356 +
 .../node_modules/qs/lib/utils.js              |  340 +
 .../node_modules/qs/package.json              |   94 +
 .../node_modules/qs/test/empty-keys-cases.js  |  267 +
 .../node_modules/qs/test/parse.js             | 1512 +++
 .../node_modules/qs/test/stringify.js         | 1310 +++
 .../node_modules/qs/test/utils.js             |  397 +
 .../node_modules/range-parser/HISTORY.md      |   56 +
 .../node_modules/range-parser/LICENSE         |   23 +
 .../node_modules/range-parser/README.md       |   84 +
 .../node_modules/range-parser/index.js        |  162 +
 .../node_modules/range-parser/package.json    |   44 +
 .../node_modules/raw-body/LICENSE             |   22 +
 .../node_modules/raw-body/README.md           |  223 +
 .../node_modules/raw-body/index.d.ts          |   87 +
 .../node_modules/raw-body/index.js            |  336 +
 .../node_modules/raw-body/package.json        |   47 +
 .../node_modules/safe-buffer/LICENSE          |   21 +
 .../node_modules/safe-buffer/README.md        |  584 ++
 .../node_modules/safe-buffer/index.d.ts       |  187 +
 .../node_modules/safe-buffer/index.js         |   65 +
 .../node_modules/safe-buffer/package.json     |   51 +
 .../node_modules/safer-buffer/LICENSE         |   21 +
 .../safer-buffer/Porting-Buffer.md            |  268 +
 .../node_modules/safer-buffer/Readme.md       |  156 +
 .../node_modules/safer-buffer/dangerous.js    |   58 +
 .../node_modules/safer-buffer/package.json    |   34 +
 .../node_modules/safer-buffer/safer.js        |   77 +
 .../node_modules/safer-buffer/tests.js        |  406 +
 .../node_modules/send/HISTORY.md              |  538 ++
 .../ExpressServer/node_modules/send/LICENSE   |   23 +
 .../ExpressServer/node_modules/send/README.md |  327 +
 .../node_modules/send/SECURITY.md             |   24 +
 .../ExpressServer/node_modules/send/index.js  | 1142 +++
 .../send/node_modules/ms/index.js             |  162 +
 .../send/node_modules/ms/license.md           |   21 +
 .../send/node_modules/ms/package.json         |   38 +
 .../send/node_modules/ms/readme.md            |   59 +
 .../node_modules/send/package.json            |   62 +
 .../node_modules/serve-static/HISTORY.md      |  493 +
 .../node_modules/serve-static/LICENSE         |   25 +
 .../node_modules/serve-static/README.md       |  257 +
 .../node_modules/serve-static/index.js        |  209 +
 .../node_modules/serve-static/package.json    |   42 +
 .../node_modules/setprototypeof/LICENSE       |   13 +
 .../node_modules/setprototypeof/README.md     |   31 +
 .../node_modules/setprototypeof/index.d.ts    |    2 +
 .../node_modules/setprototypeof/index.js      |   17 +
 .../node_modules/setprototypeof/package.json  |   38 +
 .../node_modules/setprototypeof/test/index.js |   24 +
 .../side-channel-list/.editorconfig           |    9 +
 .../node_modules/side-channel-list/.eslintrc  |   11 +
 .../side-channel-list/.github/FUNDING.yml     |   12 +
 .../node_modules/side-channel-list/.nycrc     |   13 +
 .../side-channel-list/CHANGELOG.md            |   15 +
 .../node_modules/side-channel-list/LICENSE    |   21 +
 .../node_modules/side-channel-list/README.md  |   62 +
 .../node_modules/side-channel-list/index.d.ts |   13 +
 .../node_modules/side-channel-list/index.js   |  113 +
 .../node_modules/side-channel-list/list.d.ts  |   14 +
 .../side-channel-list/package.json            |   77 +
 .../side-channel-list/test/index.js           |  104 +
 .../side-channel-list/tsconfig.json           |    9 +
 .../side-channel-map/.editorconfig            |    9 +
 .../node_modules/side-channel-map/.eslintrc   |   11 +
 .../side-channel-map/.github/FUNDING.yml      |   12 +
 .../node_modules/side-channel-map/.nycrc      |   13 +
 .../side-channel-map/CHANGELOG.md             |   22 +
 .../node_modules/side-channel-map/LICENSE     |   21 +
 .../node_modules/side-channel-map/README.md   |   62 +
 .../node_modules/side-channel-map/index.d.ts  |   15 +
 .../node_modules/side-channel-map/index.js    |   68 +
 .../side-channel-map/package.json             |   80 +
 .../side-channel-map/test/index.js            |  114 +
 .../side-channel-map/tsconfig.json            |    9 +
 .../side-channel-weakmap/.editorconfig        |    9 +
 .../side-channel-weakmap/.eslintrc            |   12 +
 .../side-channel-weakmap/.github/FUNDING.yml  |   12 +
 .../node_modules/side-channel-weakmap/.nycrc  |   13 +
 .../side-channel-weakmap/CHANGELOG.md         |   28 +
 .../node_modules/side-channel-weakmap/LICENSE |   21 +
 .../side-channel-weakmap/README.md            |   62 +
 .../side-channel-weakmap/index.d.ts           |   15 +
 .../side-channel-weakmap/index.js             |   84 +
 .../side-channel-weakmap/package.json         |   87 +
 .../side-channel-weakmap/test/index.js        |  114 +
 .../side-channel-weakmap/tsconfig.json        |    9 +
 .../node_modules/side-channel/.editorconfig   |    9 +
 .../node_modules/side-channel/.eslintrc       |   12 +
 .../side-channel/.github/FUNDING.yml          |   12 +
 .../node_modules/side-channel/.nycrc          |   13 +
 .../node_modules/side-channel/CHANGELOG.md    |  110 +
 .../node_modules/side-channel/LICENSE         |   21 +
 .../node_modules/side-channel/README.md       |   61 +
 .../node_modules/side-channel/index.d.ts      |   14 +
 .../node_modules/side-channel/index.js        |   43 +
 .../node_modules/side-channel/package.json    |   85 +
 .../node_modules/side-channel/test/index.js   |  104 +
 .../node_modules/side-channel/tsconfig.json   |    9 +
 .../node_modules/statuses/HISTORY.md          |   87 +
 .../node_modules/statuses/LICENSE             |   23 +
 .../node_modules/statuses/README.md           |  139 +
 .../node_modules/statuses/codes.json          |   65 +
 .../node_modules/statuses/index.js            |  146 +
 .../node_modules/statuses/package.json        |   49 +
 .../node_modules/toidentifier/HISTORY.md      |    9 +
 .../node_modules/toidentifier/LICENSE         |   21 +
 .../node_modules/toidentifier/README.md       |   61 +
 .../node_modules/toidentifier/index.js        |   32 +
 .../node_modules/toidentifier/package.json    |   38 +
 .../node_modules/type-is/HISTORY.md           |  259 +
 .../node_modules/type-is/LICENSE              |   23 +
 .../node_modules/type-is/README.md            |  170 +
 .../node_modules/type-is/index.js             |  266 +
 .../node_modules/type-is/package.json         |   45 +
 .../node_modules/unpipe/HISTORY.md            |    4 +
 .../ExpressServer/node_modules/unpipe/LICENSE |   22 +
 .../node_modules/unpipe/README.md             |   43 +
 .../node_modules/unpipe/index.js              |   69 +
 .../node_modules/unpipe/package.json          |   27 +
 .../node_modules/utils-merge/.npmignore       |    9 +
 .../node_modules/utils-merge/LICENSE          |   20 +
 .../node_modules/utils-merge/README.md        |   34 +
 .../node_modules/utils-merge/index.js         |   23 +
 .../node_modules/utils-merge/package.json     |   40 +
 .../node_modules/vary/HISTORY.md              |   39 +
 .../ExpressServer/node_modules/vary/LICENSE   |   22 +
 .../ExpressServer/node_modules/vary/README.md |  101 +
 .../ExpressServer/node_modules/vary/index.js  |  149 +
 .../node_modules/vary/package.json            |   43 +
 src/Servers/ExpressServer/package-lock.json   |  757 ++
 src/Servers/ExpressServer/server.js           |    6 +-
 src/Servers/FastHttpServer/main.go            |    4 +
 src/Servers/FlaskServer/app.py                |    4 +-
 .../GenHttpServer/GenHttpServer.csproj        |    1 +
 src/Servers/GenHttpServer/Program.cs          |   22 +-
 src/Servers/GinServer/main.go                 |    6 +
 src/Servers/GlyphServer/Program.cs            |   29 +-
 .../__pycache__/app.cpython-312.pyc           |  Bin 0 -> 790 bytes
 src/Servers/GunicornServer/app.py             |    7 +
 src/Servers/H2OServer/h2o.conf                |    9 +-
 src/Servers/HyperServer/src/main.rs           |    9 +-
 .../src/main/java/server/Application.java     |    9 +-
 src/Servers/LighttpdServer/index.cgi          |    7 +-
 src/Servers/NancyServer/Program.cs            |   10 +-
 src/Servers/NetCoreServerFramework/Program.cs |    5 +-
 src/Servers/NodeServer/server.js              |   13 +-
 src/Servers/NtexServer/src/main.rs            |   15 +-
 src/Servers/PhpServer/index.php               |    6 +-
 src/Servers/PingoraServer/src/main.rs         |   14 +-
 src/Servers/PumaServer/config.ru              |    9 +-
 .../src/main/java/server/Application.java     |    7 +-
 src/Servers/ServiceStackServer/Program.cs     |   11 +-
 src/Servers/SimpleWServer/Program.cs          |    4 +-
 src/Servers/SiskServer/Program.cs             |    5 +
 .../src/main/java/server/Application.java     |   13 +-
 src/Servers/TomcatServer/webapp/ok.jsp        |   10 +-
 .../__pycache__/app.cpython-312.pyc           |  Bin 0 -> 1038 bytes
 src/Servers/UvicornServer/app.py              |   11 +-
 src/Servers/WatsonServer/Program.cs           |   11 +-
 645 files changed, 66129 insertions(+), 57 deletions(-)
 create mode 100644 docs/static/probe/data.js
 create mode 120000 src/Servers/ExpressServer/node_modules/.bin/mime
 create mode 100644 src/Servers/ExpressServer/node_modules/.package-lock.json
 create mode 100644 src/Servers/ExpressServer/node_modules/accepts/HISTORY.md
 create mode 100644 src/Servers/ExpressServer/node_modules/accepts/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/accepts/README.md
 create mode 100644 src/Servers/ExpressServer/node_modules/accepts/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/accepts/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/array-flatten/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/array-flatten/README.md
 create mode 100644 src/Servers/ExpressServer/node_modules/array-flatten/array-flatten.js
 create mode 100644 src/Servers/ExpressServer/node_modules/array-flatten/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/body-parser/HISTORY.md
 create mode 100644 src/Servers/ExpressServer/node_modules/body-parser/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/body-parser/README.md
 create mode 100644 src/Servers/ExpressServer/node_modules/body-parser/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/body-parser/lib/read.js
 create mode 100644 src/Servers/ExpressServer/node_modules/body-parser/lib/types/json.js
 create mode 100644 src/Servers/ExpressServer/node_modules/body-parser/lib/types/raw.js
 create mode 100644 src/Servers/ExpressServer/node_modules/body-parser/lib/types/text.js
 create mode 100644 src/Servers/ExpressServer/node_modules/body-parser/lib/types/urlencoded.js
 create mode 100644 src/Servers/ExpressServer/node_modules/body-parser/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/bytes/History.md
 create mode 100644 src/Servers/ExpressServer/node_modules/bytes/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/bytes/Readme.md
 create mode 100644 src/Servers/ExpressServer/node_modules/bytes/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/bytes/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/.eslintrc
 create mode 100644 src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/.github/FUNDING.yml
 create mode 100644 src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/.nycrc
 create mode 100644 src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/CHANGELOG.md
 create mode 100644 src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/README.md
 create mode 100644 src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/actualApply.d.ts
 create mode 100644 src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/actualApply.js
 create mode 100644 src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/applyBind.d.ts
 create mode 100644 src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/applyBind.js
 create mode 100644 src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/functionApply.d.ts
 create mode 100644 src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/functionApply.js
 create mode 100644 src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/functionCall.d.ts
 create mode 100644 src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/functionCall.js
 create mode 100644 src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/index.d.ts
 create mode 100644 src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/reflectApply.d.ts
 create mode 100644 src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/reflectApply.js
 create mode 100644 src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/test/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/tsconfig.json
 create mode 100644 src/Servers/ExpressServer/node_modules/call-bound/.eslintrc
 create mode 100644 src/Servers/ExpressServer/node_modules/call-bound/.github/FUNDING.yml
 create mode 100644 src/Servers/ExpressServer/node_modules/call-bound/.nycrc
 create mode 100644 src/Servers/ExpressServer/node_modules/call-bound/CHANGELOG.md
 create mode 100644 src/Servers/ExpressServer/node_modules/call-bound/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/call-bound/README.md
 create mode 100644 src/Servers/ExpressServer/node_modules/call-bound/index.d.ts
 create mode 100644 src/Servers/ExpressServer/node_modules/call-bound/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/call-bound/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/call-bound/test/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/call-bound/tsconfig.json
 create mode 100644 src/Servers/ExpressServer/node_modules/content-disposition/HISTORY.md
 create mode 100644 src/Servers/ExpressServer/node_modules/content-disposition/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/content-disposition/README.md
 create mode 100644 src/Servers/ExpressServer/node_modules/content-disposition/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/content-disposition/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/content-type/HISTORY.md
 create mode 100644 src/Servers/ExpressServer/node_modules/content-type/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/content-type/README.md
 create mode 100644 src/Servers/ExpressServer/node_modules/content-type/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/content-type/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/cookie-signature/History.md
 create mode 100644 src/Servers/ExpressServer/node_modules/cookie-signature/Readme.md
 create mode 100644 src/Servers/ExpressServer/node_modules/cookie-signature/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/cookie-signature/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/cookie/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/cookie/README.md
 create mode 100644 src/Servers/ExpressServer/node_modules/cookie/SECURITY.md
 create mode 100644 src/Servers/ExpressServer/node_modules/cookie/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/cookie/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/depd/History.md
 create mode 100644 src/Servers/ExpressServer/node_modules/depd/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/depd/Readme.md
 create mode 100644 src/Servers/ExpressServer/node_modules/depd/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/depd/lib/browser/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/depd/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/destroy/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/destroy/README.md
 create mode 100644 src/Servers/ExpressServer/node_modules/destroy/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/destroy/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/dunder-proto/.eslintrc
 create mode 100644 src/Servers/ExpressServer/node_modules/dunder-proto/.github/FUNDING.yml
 create mode 100644 src/Servers/ExpressServer/node_modules/dunder-proto/.nycrc
 create mode 100644 src/Servers/ExpressServer/node_modules/dunder-proto/CHANGELOG.md
 create mode 100644 src/Servers/ExpressServer/node_modules/dunder-proto/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/dunder-proto/README.md
 create mode 100644 src/Servers/ExpressServer/node_modules/dunder-proto/get.d.ts
 create mode 100644 src/Servers/ExpressServer/node_modules/dunder-proto/get.js
 create mode 100644 src/Servers/ExpressServer/node_modules/dunder-proto/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/dunder-proto/set.d.ts
 create mode 100644 src/Servers/ExpressServer/node_modules/dunder-proto/set.js
 create mode 100644 src/Servers/ExpressServer/node_modules/dunder-proto/test/get.js
 create mode 100644 src/Servers/ExpressServer/node_modules/dunder-proto/test/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/dunder-proto/test/set.js
 create mode 100644 src/Servers/ExpressServer/node_modules/dunder-proto/tsconfig.json
 create mode 100644 src/Servers/ExpressServer/node_modules/ee-first/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/ee-first/README.md
 create mode 100644 src/Servers/ExpressServer/node_modules/ee-first/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/ee-first/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/encodeurl/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/encodeurl/README.md
 create mode 100644 src/Servers/ExpressServer/node_modules/encodeurl/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/encodeurl/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/es-define-property/.eslintrc
 create mode 100644 src/Servers/ExpressServer/node_modules/es-define-property/.github/FUNDING.yml
 create mode 100644 src/Servers/ExpressServer/node_modules/es-define-property/.nycrc
 create mode 100644 src/Servers/ExpressServer/node_modules/es-define-property/CHANGELOG.md
 create mode 100644 src/Servers/ExpressServer/node_modules/es-define-property/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/es-define-property/README.md
 create mode 100644 src/Servers/ExpressServer/node_modules/es-define-property/index.d.ts
 create mode 100644 src/Servers/ExpressServer/node_modules/es-define-property/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/es-define-property/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/es-define-property/test/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/es-define-property/tsconfig.json
 create mode 100644 src/Servers/ExpressServer/node_modules/es-errors/.eslintrc
 create mode 100644 src/Servers/ExpressServer/node_modules/es-errors/.github/FUNDING.yml
 create mode 100644 src/Servers/ExpressServer/node_modules/es-errors/CHANGELOG.md
 create mode 100644 src/Servers/ExpressServer/node_modules/es-errors/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/es-errors/README.md
 create mode 100644 src/Servers/ExpressServer/node_modules/es-errors/eval.d.ts
 create mode 100644 src/Servers/ExpressServer/node_modules/es-errors/eval.js
 create mode 100644 src/Servers/ExpressServer/node_modules/es-errors/index.d.ts
 create mode 100644 src/Servers/ExpressServer/node_modules/es-errors/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/es-errors/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/es-errors/range.d.ts
 create mode 100644 src/Servers/ExpressServer/node_modules/es-errors/range.js
 create mode 100644 src/Servers/ExpressServer/node_modules/es-errors/ref.d.ts
 create mode 100644 src/Servers/ExpressServer/node_modules/es-errors/ref.js
 create mode 100644 src/Servers/ExpressServer/node_modules/es-errors/syntax.d.ts
 create mode 100644 src/Servers/ExpressServer/node_modules/es-errors/syntax.js
 create mode 100644 src/Servers/ExpressServer/node_modules/es-errors/test/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/es-errors/tsconfig.json
 create mode 100644 src/Servers/ExpressServer/node_modules/es-errors/type.d.ts
 create mode 100644 src/Servers/ExpressServer/node_modules/es-errors/type.js
 create mode 100644 src/Servers/ExpressServer/node_modules/es-errors/uri.d.ts
 create mode 100644 src/Servers/ExpressServer/node_modules/es-errors/uri.js
 create mode 100644 src/Servers/ExpressServer/node_modules/es-object-atoms/.eslintrc
 create mode 100644 src/Servers/ExpressServer/node_modules/es-object-atoms/.github/FUNDING.yml
 create mode 100644 src/Servers/ExpressServer/node_modules/es-object-atoms/CHANGELOG.md
 create mode 100644 src/Servers/ExpressServer/node_modules/es-object-atoms/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/es-object-atoms/README.md
 create mode 100644 src/Servers/ExpressServer/node_modules/es-object-atoms/RequireObjectCoercible.d.ts
 create mode 100644 src/Servers/ExpressServer/node_modules/es-object-atoms/RequireObjectCoercible.js
 create mode 100644 src/Servers/ExpressServer/node_modules/es-object-atoms/ToObject.d.ts
 create mode 100644 src/Servers/ExpressServer/node_modules/es-object-atoms/ToObject.js
 create mode 100644 src/Servers/ExpressServer/node_modules/es-object-atoms/index.d.ts
 create mode 100644 src/Servers/ExpressServer/node_modules/es-object-atoms/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/es-object-atoms/isObject.d.ts
 create mode 100644 src/Servers/ExpressServer/node_modules/es-object-atoms/isObject.js
 create mode 100644 src/Servers/ExpressServer/node_modules/es-object-atoms/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/es-object-atoms/test/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/es-object-atoms/tsconfig.json
 create mode 100644 src/Servers/ExpressServer/node_modules/escape-html/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/escape-html/Readme.md
 create mode 100644 src/Servers/ExpressServer/node_modules/escape-html/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/escape-html/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/etag/HISTORY.md
 create mode 100644 src/Servers/ExpressServer/node_modules/etag/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/etag/README.md
 create mode 100644 src/Servers/ExpressServer/node_modules/etag/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/etag/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/express/History.md
 create mode 100644 src/Servers/ExpressServer/node_modules/express/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/express/Readme.md
 create mode 100644 src/Servers/ExpressServer/node_modules/express/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/express/lib/application.js
 create mode 100644 src/Servers/ExpressServer/node_modules/express/lib/express.js
 create mode 100644 src/Servers/ExpressServer/node_modules/express/lib/middleware/init.js
 create mode 100644 src/Servers/ExpressServer/node_modules/express/lib/middleware/query.js
 create mode 100644 src/Servers/ExpressServer/node_modules/express/lib/request.js
 create mode 100644 src/Servers/ExpressServer/node_modules/express/lib/response.js
 create mode 100644 src/Servers/ExpressServer/node_modules/express/lib/router/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/express/lib/router/layer.js
 create mode 100644 src/Servers/ExpressServer/node_modules/express/lib/router/route.js
 create mode 100644 src/Servers/ExpressServer/node_modules/express/lib/utils.js
 create mode 100644 src/Servers/ExpressServer/node_modules/express/lib/view.js
 create mode 100644 src/Servers/ExpressServer/node_modules/express/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/finalhandler/HISTORY.md
 create mode 100644 src/Servers/ExpressServer/node_modules/finalhandler/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/finalhandler/README.md
 create mode 100644 src/Servers/ExpressServer/node_modules/finalhandler/SECURITY.md
 create mode 100644 src/Servers/ExpressServer/node_modules/finalhandler/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/finalhandler/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/forwarded/HISTORY.md
 create mode 100644 src/Servers/ExpressServer/node_modules/forwarded/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/forwarded/README.md
 create mode 100644 src/Servers/ExpressServer/node_modules/forwarded/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/forwarded/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/fresh/HISTORY.md
 create mode 100644 src/Servers/ExpressServer/node_modules/fresh/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/fresh/README.md
 create mode 100644 src/Servers/ExpressServer/node_modules/fresh/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/fresh/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/function-bind/.eslintrc
 create mode 100644 src/Servers/ExpressServer/node_modules/function-bind/.github/FUNDING.yml
 create mode 100644 src/Servers/ExpressServer/node_modules/function-bind/.github/SECURITY.md
 create mode 100644 src/Servers/ExpressServer/node_modules/function-bind/.nycrc
 create mode 100644 src/Servers/ExpressServer/node_modules/function-bind/CHANGELOG.md
 create mode 100644 src/Servers/ExpressServer/node_modules/function-bind/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/function-bind/README.md
 create mode 100644 src/Servers/ExpressServer/node_modules/function-bind/implementation.js
 create mode 100644 src/Servers/ExpressServer/node_modules/function-bind/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/function-bind/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/function-bind/test/.eslintrc
 create mode 100644 src/Servers/ExpressServer/node_modules/function-bind/test/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/get-intrinsic/.eslintrc
 create mode 100644 src/Servers/ExpressServer/node_modules/get-intrinsic/.github/FUNDING.yml
 create mode 100644 src/Servers/ExpressServer/node_modules/get-intrinsic/.nycrc
 create mode 100644 src/Servers/ExpressServer/node_modules/get-intrinsic/CHANGELOG.md
 create mode 100644 src/Servers/ExpressServer/node_modules/get-intrinsic/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/get-intrinsic/README.md
 create mode 100644 src/Servers/ExpressServer/node_modules/get-intrinsic/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/get-intrinsic/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/get-intrinsic/test/GetIntrinsic.js
 create mode 100644 src/Servers/ExpressServer/node_modules/get-proto/.eslintrc
 create mode 100644 src/Servers/ExpressServer/node_modules/get-proto/.github/FUNDING.yml
 create mode 100644 src/Servers/ExpressServer/node_modules/get-proto/.nycrc
 create mode 100644 src/Servers/ExpressServer/node_modules/get-proto/CHANGELOG.md
 create mode 100644 src/Servers/ExpressServer/node_modules/get-proto/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/get-proto/Object.getPrototypeOf.d.ts
 create mode 100644 src/Servers/ExpressServer/node_modules/get-proto/Object.getPrototypeOf.js
 create mode 100644 src/Servers/ExpressServer/node_modules/get-proto/README.md
 create mode 100644 src/Servers/ExpressServer/node_modules/get-proto/Reflect.getPrototypeOf.d.ts
 create mode 100644 src/Servers/ExpressServer/node_modules/get-proto/Reflect.getPrototypeOf.js
 create mode 100644 src/Servers/ExpressServer/node_modules/get-proto/index.d.ts
 create mode 100644 src/Servers/ExpressServer/node_modules/get-proto/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/get-proto/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/get-proto/test/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/get-proto/tsconfig.json
 create mode 100644 src/Servers/ExpressServer/node_modules/gopd/.eslintrc
 create mode 100644 src/Servers/ExpressServer/node_modules/gopd/.github/FUNDING.yml
 create mode 100644 src/Servers/ExpressServer/node_modules/gopd/CHANGELOG.md
 create mode 100644 src/Servers/ExpressServer/node_modules/gopd/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/gopd/README.md
 create mode 100644 src/Servers/ExpressServer/node_modules/gopd/gOPD.d.ts
 create mode 100644 src/Servers/ExpressServer/node_modules/gopd/gOPD.js
 create mode 100644 src/Servers/ExpressServer/node_modules/gopd/index.d.ts
 create mode 100644 src/Servers/ExpressServer/node_modules/gopd/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/gopd/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/gopd/test/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/gopd/tsconfig.json
 create mode 100644 src/Servers/ExpressServer/node_modules/has-symbols/.eslintrc
 create mode 100644 src/Servers/ExpressServer/node_modules/has-symbols/.github/FUNDING.yml
 create mode 100644 src/Servers/ExpressServer/node_modules/has-symbols/.nycrc
 create mode 100644 src/Servers/ExpressServer/node_modules/has-symbols/CHANGELOG.md
 create mode 100644 src/Servers/ExpressServer/node_modules/has-symbols/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/has-symbols/README.md
 create mode 100644 src/Servers/ExpressServer/node_modules/has-symbols/index.d.ts
 create mode 100644 src/Servers/ExpressServer/node_modules/has-symbols/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/has-symbols/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/has-symbols/shams.d.ts
 create mode 100644 src/Servers/ExpressServer/node_modules/has-symbols/shams.js
 create mode 100644 src/Servers/ExpressServer/node_modules/has-symbols/test/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/has-symbols/test/shams/core-js.js
 create mode 100644 src/Servers/ExpressServer/node_modules/has-symbols/test/shams/get-own-property-symbols.js
 create mode 100644 src/Servers/ExpressServer/node_modules/has-symbols/test/tests.js
 create mode 100644 src/Servers/ExpressServer/node_modules/has-symbols/tsconfig.json
 create mode 100644 src/Servers/ExpressServer/node_modules/hasown/.eslintrc
 create mode 100644 src/Servers/ExpressServer/node_modules/hasown/.github/FUNDING.yml
 create mode 100644 src/Servers/ExpressServer/node_modules/hasown/.nycrc
 create mode 100644 src/Servers/ExpressServer/node_modules/hasown/CHANGELOG.md
 create mode 100644 src/Servers/ExpressServer/node_modules/hasown/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/hasown/README.md
 create mode 100644 src/Servers/ExpressServer/node_modules/hasown/index.d.ts
 create mode 100644 src/Servers/ExpressServer/node_modules/hasown/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/hasown/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/hasown/tsconfig.json
 create mode 100644 src/Servers/ExpressServer/node_modules/http-errors/HISTORY.md
 create mode 100644 src/Servers/ExpressServer/node_modules/http-errors/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/http-errors/README.md
 create mode 100644 src/Servers/ExpressServer/node_modules/http-errors/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/http-errors/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/iconv-lite/Changelog.md
 create mode 100644 src/Servers/ExpressServer/node_modules/iconv-lite/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/iconv-lite/README.md
 create mode 100644 src/Servers/ExpressServer/node_modules/iconv-lite/encodings/dbcs-codec.js
 create mode 100644 src/Servers/ExpressServer/node_modules/iconv-lite/encodings/dbcs-data.js
 create mode 100644 src/Servers/ExpressServer/node_modules/iconv-lite/encodings/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/iconv-lite/encodings/internal.js
 create mode 100644 src/Servers/ExpressServer/node_modules/iconv-lite/encodings/sbcs-codec.js
 create mode 100644 src/Servers/ExpressServer/node_modules/iconv-lite/encodings/sbcs-data-generated.js
 create mode 100644 src/Servers/ExpressServer/node_modules/iconv-lite/encodings/sbcs-data.js
 create mode 100644 src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/big5-added.json
 create mode 100644 src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/cp936.json
 create mode 100644 src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/cp949.json
 create mode 100644 src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/cp950.json
 create mode 100644 src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/eucjp.json
 create mode 100644 src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/gb18030-ranges.json
 create mode 100644 src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/gbk-added.json
 create mode 100644 src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/shiftjis.json
 create mode 100644 src/Servers/ExpressServer/node_modules/iconv-lite/encodings/utf16.js
 create mode 100644 src/Servers/ExpressServer/node_modules/iconv-lite/encodings/utf7.js
 create mode 100644 src/Servers/ExpressServer/node_modules/iconv-lite/lib/bom-handling.js
 create mode 100644 src/Servers/ExpressServer/node_modules/iconv-lite/lib/extend-node.js
 create mode 100644 src/Servers/ExpressServer/node_modules/iconv-lite/lib/index.d.ts
 create mode 100644 src/Servers/ExpressServer/node_modules/iconv-lite/lib/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/iconv-lite/lib/streams.js
 create mode 100644 src/Servers/ExpressServer/node_modules/iconv-lite/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/inherits/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/inherits/README.md
 create mode 100644 src/Servers/ExpressServer/node_modules/inherits/inherits.js
 create mode 100644 src/Servers/ExpressServer/node_modules/inherits/inherits_browser.js
 create mode 100644 src/Servers/ExpressServer/node_modules/inherits/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/ipaddr.js/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/ipaddr.js/README.md
 create mode 100644 src/Servers/ExpressServer/node_modules/ipaddr.js/ipaddr.min.js
 create mode 100644 src/Servers/ExpressServer/node_modules/ipaddr.js/lib/ipaddr.js
 create mode 100644 src/Servers/ExpressServer/node_modules/ipaddr.js/lib/ipaddr.js.d.ts
 create mode 100644 src/Servers/ExpressServer/node_modules/ipaddr.js/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/.eslintrc
 create mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/.github/FUNDING.yml
 create mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/CHANGELOG.md
 create mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/README.md
 create mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/abs.d.ts
 create mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/abs.js
 create mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/constants/maxArrayLength.d.ts
 create mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/constants/maxArrayLength.js
 create mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/constants/maxSafeInteger.d.ts
 create mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/constants/maxSafeInteger.js
 create mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/constants/maxValue.d.ts
 create mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/constants/maxValue.js
 create mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/floor.d.ts
 create mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/floor.js
 create mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/isFinite.d.ts
 create mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/isFinite.js
 create mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/isInteger.d.ts
 create mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/isInteger.js
 create mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/isNaN.d.ts
 create mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/isNaN.js
 create mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/isNegativeZero.d.ts
 create mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/isNegativeZero.js
 create mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/max.d.ts
 create mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/max.js
 create mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/min.d.ts
 create mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/min.js
 create mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/mod.d.ts
 create mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/mod.js
 create mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/pow.d.ts
 create mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/pow.js
 create mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/round.d.ts
 create mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/round.js
 create mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/sign.d.ts
 create mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/sign.js
 create mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/test/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/tsconfig.json
 create mode 100644 src/Servers/ExpressServer/node_modules/media-typer/HISTORY.md
 create mode 100644 src/Servers/ExpressServer/node_modules/media-typer/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/media-typer/README.md
 create mode 100644 src/Servers/ExpressServer/node_modules/media-typer/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/media-typer/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/merge-descriptors/HISTORY.md
 create mode 100644 src/Servers/ExpressServer/node_modules/merge-descriptors/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/merge-descriptors/README.md
 create mode 100644 src/Servers/ExpressServer/node_modules/merge-descriptors/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/merge-descriptors/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/methods/HISTORY.md
 create mode 100644 src/Servers/ExpressServer/node_modules/methods/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/methods/README.md
 create mode 100644 src/Servers/ExpressServer/node_modules/methods/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/methods/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/mime-db/HISTORY.md
 create mode 100644 src/Servers/ExpressServer/node_modules/mime-db/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/mime-db/README.md
 create mode 100644 src/Servers/ExpressServer/node_modules/mime-db/db.json
 create mode 100644 src/Servers/ExpressServer/node_modules/mime-db/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/mime-db/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/mime-types/HISTORY.md
 create mode 100644 src/Servers/ExpressServer/node_modules/mime-types/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/mime-types/README.md
 create mode 100644 src/Servers/ExpressServer/node_modules/mime-types/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/mime-types/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/mime/.npmignore
 create mode 100644 src/Servers/ExpressServer/node_modules/mime/CHANGELOG.md
 create mode 100644 src/Servers/ExpressServer/node_modules/mime/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/mime/README.md
 create mode 100755 src/Servers/ExpressServer/node_modules/mime/cli.js
 create mode 100644 src/Servers/ExpressServer/node_modules/mime/mime.js
 create mode 100644 src/Servers/ExpressServer/node_modules/mime/package.json
 create mode 100755 src/Servers/ExpressServer/node_modules/mime/src/build.js
 create mode 100644 src/Servers/ExpressServer/node_modules/mime/src/test.js
 create mode 100644 src/Servers/ExpressServer/node_modules/mime/types.json
 create mode 100644 src/Servers/ExpressServer/node_modules/ms/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/ms/license.md
 create mode 100644 src/Servers/ExpressServer/node_modules/ms/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/ms/readme.md
 create mode 100644 src/Servers/ExpressServer/node_modules/negotiator/HISTORY.md
 create mode 100644 src/Servers/ExpressServer/node_modules/negotiator/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/negotiator/README.md
 create mode 100644 src/Servers/ExpressServer/node_modules/negotiator/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/negotiator/lib/charset.js
 create mode 100644 src/Servers/ExpressServer/node_modules/negotiator/lib/encoding.js
 create mode 100644 src/Servers/ExpressServer/node_modules/negotiator/lib/language.js
 create mode 100644 src/Servers/ExpressServer/node_modules/negotiator/lib/mediaType.js
 create mode 100644 src/Servers/ExpressServer/node_modules/negotiator/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/.eslintrc
 create mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/.github/FUNDING.yml
 create mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/.nycrc
 create mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/CHANGELOG.md
 create mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/example/all.js
 create mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/example/circular.js
 create mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/example/fn.js
 create mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/example/inspect.js
 create mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/package-support.json
 create mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/readme.markdown
 create mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/test-core-js.js
 create mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/test/bigint.js
 create mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/test/browser/dom.js
 create mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/test/circular.js
 create mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/test/deep.js
 create mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/test/element.js
 create mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/test/err.js
 create mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/test/fakes.js
 create mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/test/fn.js
 create mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/test/global.js
 create mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/test/has.js
 create mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/test/holes.js
 create mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/test/indent-option.js
 create mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/test/inspect.js
 create mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/test/lowbyte.js
 create mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/test/number.js
 create mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/test/quoteStyle.js
 create mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/test/toStringTag.js
 create mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/test/undef.js
 create mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/test/values.js
 create mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/util.inspect.js
 create mode 100644 src/Servers/ExpressServer/node_modules/on-finished/HISTORY.md
 create mode 100644 src/Servers/ExpressServer/node_modules/on-finished/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/on-finished/README.md
 create mode 100644 src/Servers/ExpressServer/node_modules/on-finished/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/on-finished/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/parseurl/HISTORY.md
 create mode 100644 src/Servers/ExpressServer/node_modules/parseurl/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/parseurl/README.md
 create mode 100644 src/Servers/ExpressServer/node_modules/parseurl/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/parseurl/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/path-to-regexp/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/path-to-regexp/Readme.md
 create mode 100644 src/Servers/ExpressServer/node_modules/path-to-regexp/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/path-to-regexp/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/proxy-addr/HISTORY.md
 create mode 100644 src/Servers/ExpressServer/node_modules/proxy-addr/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/proxy-addr/README.md
 create mode 100644 src/Servers/ExpressServer/node_modules/proxy-addr/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/proxy-addr/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/qs/.editorconfig
 create mode 100644 src/Servers/ExpressServer/node_modules/qs/.github/FUNDING.yml
 create mode 100644 src/Servers/ExpressServer/node_modules/qs/.github/SECURITY.md
 create mode 100644 src/Servers/ExpressServer/node_modules/qs/.github/THREAT_MODEL.md
 create mode 100644 src/Servers/ExpressServer/node_modules/qs/.nycrc
 create mode 100644 src/Servers/ExpressServer/node_modules/qs/CHANGELOG.md
 create mode 100644 src/Servers/ExpressServer/node_modules/qs/LICENSE.md
 create mode 100644 src/Servers/ExpressServer/node_modules/qs/README.md
 create mode 100644 src/Servers/ExpressServer/node_modules/qs/dist/qs.js
 create mode 100644 src/Servers/ExpressServer/node_modules/qs/eslint.config.mjs
 create mode 100644 src/Servers/ExpressServer/node_modules/qs/lib/formats.js
 create mode 100644 src/Servers/ExpressServer/node_modules/qs/lib/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/qs/lib/parse.js
 create mode 100644 src/Servers/ExpressServer/node_modules/qs/lib/stringify.js
 create mode 100644 src/Servers/ExpressServer/node_modules/qs/lib/utils.js
 create mode 100644 src/Servers/ExpressServer/node_modules/qs/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/qs/test/empty-keys-cases.js
 create mode 100644 src/Servers/ExpressServer/node_modules/qs/test/parse.js
 create mode 100644 src/Servers/ExpressServer/node_modules/qs/test/stringify.js
 create mode 100644 src/Servers/ExpressServer/node_modules/qs/test/utils.js
 create mode 100644 src/Servers/ExpressServer/node_modules/range-parser/HISTORY.md
 create mode 100644 src/Servers/ExpressServer/node_modules/range-parser/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/range-parser/README.md
 create mode 100644 src/Servers/ExpressServer/node_modules/range-parser/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/range-parser/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/raw-body/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/raw-body/README.md
 create mode 100644 src/Servers/ExpressServer/node_modules/raw-body/index.d.ts
 create mode 100644 src/Servers/ExpressServer/node_modules/raw-body/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/raw-body/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/safe-buffer/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/safe-buffer/README.md
 create mode 100644 src/Servers/ExpressServer/node_modules/safe-buffer/index.d.ts
 create mode 100644 src/Servers/ExpressServer/node_modules/safe-buffer/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/safe-buffer/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/safer-buffer/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/safer-buffer/Porting-Buffer.md
 create mode 100644 src/Servers/ExpressServer/node_modules/safer-buffer/Readme.md
 create mode 100644 src/Servers/ExpressServer/node_modules/safer-buffer/dangerous.js
 create mode 100644 src/Servers/ExpressServer/node_modules/safer-buffer/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/safer-buffer/safer.js
 create mode 100644 src/Servers/ExpressServer/node_modules/safer-buffer/tests.js
 create mode 100644 src/Servers/ExpressServer/node_modules/send/HISTORY.md
 create mode 100644 src/Servers/ExpressServer/node_modules/send/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/send/README.md
 create mode 100644 src/Servers/ExpressServer/node_modules/send/SECURITY.md
 create mode 100644 src/Servers/ExpressServer/node_modules/send/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/send/node_modules/ms/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/send/node_modules/ms/license.md
 create mode 100644 src/Servers/ExpressServer/node_modules/send/node_modules/ms/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/send/node_modules/ms/readme.md
 create mode 100644 src/Servers/ExpressServer/node_modules/send/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/serve-static/HISTORY.md
 create mode 100644 src/Servers/ExpressServer/node_modules/serve-static/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/serve-static/README.md
 create mode 100644 src/Servers/ExpressServer/node_modules/serve-static/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/serve-static/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/setprototypeof/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/setprototypeof/README.md
 create mode 100644 src/Servers/ExpressServer/node_modules/setprototypeof/index.d.ts
 create mode 100644 src/Servers/ExpressServer/node_modules/setprototypeof/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/setprototypeof/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/setprototypeof/test/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/side-channel-list/.editorconfig
 create mode 100644 src/Servers/ExpressServer/node_modules/side-channel-list/.eslintrc
 create mode 100644 src/Servers/ExpressServer/node_modules/side-channel-list/.github/FUNDING.yml
 create mode 100644 src/Servers/ExpressServer/node_modules/side-channel-list/.nycrc
 create mode 100644 src/Servers/ExpressServer/node_modules/side-channel-list/CHANGELOG.md
 create mode 100644 src/Servers/ExpressServer/node_modules/side-channel-list/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/side-channel-list/README.md
 create mode 100644 src/Servers/ExpressServer/node_modules/side-channel-list/index.d.ts
 create mode 100644 src/Servers/ExpressServer/node_modules/side-channel-list/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/side-channel-list/list.d.ts
 create mode 100644 src/Servers/ExpressServer/node_modules/side-channel-list/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/side-channel-list/test/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/side-channel-list/tsconfig.json
 create mode 100644 src/Servers/ExpressServer/node_modules/side-channel-map/.editorconfig
 create mode 100644 src/Servers/ExpressServer/node_modules/side-channel-map/.eslintrc
 create mode 100644 src/Servers/ExpressServer/node_modules/side-channel-map/.github/FUNDING.yml
 create mode 100644 src/Servers/ExpressServer/node_modules/side-channel-map/.nycrc
 create mode 100644 src/Servers/ExpressServer/node_modules/side-channel-map/CHANGELOG.md
 create mode 100644 src/Servers/ExpressServer/node_modules/side-channel-map/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/side-channel-map/README.md
 create mode 100644 src/Servers/ExpressServer/node_modules/side-channel-map/index.d.ts
 create mode 100644 src/Servers/ExpressServer/node_modules/side-channel-map/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/side-channel-map/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/side-channel-map/test/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/side-channel-map/tsconfig.json
 create mode 100644 src/Servers/ExpressServer/node_modules/side-channel-weakmap/.editorconfig
 create mode 100644 src/Servers/ExpressServer/node_modules/side-channel-weakmap/.eslintrc
 create mode 100644 src/Servers/ExpressServer/node_modules/side-channel-weakmap/.github/FUNDING.yml
 create mode 100644 src/Servers/ExpressServer/node_modules/side-channel-weakmap/.nycrc
 create mode 100644 src/Servers/ExpressServer/node_modules/side-channel-weakmap/CHANGELOG.md
 create mode 100644 src/Servers/ExpressServer/node_modules/side-channel-weakmap/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/side-channel-weakmap/README.md
 create mode 100644 src/Servers/ExpressServer/node_modules/side-channel-weakmap/index.d.ts
 create mode 100644 src/Servers/ExpressServer/node_modules/side-channel-weakmap/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/side-channel-weakmap/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/side-channel-weakmap/test/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/side-channel-weakmap/tsconfig.json
 create mode 100644 src/Servers/ExpressServer/node_modules/side-channel/.editorconfig
 create mode 100644 src/Servers/ExpressServer/node_modules/side-channel/.eslintrc
 create mode 100644 src/Servers/ExpressServer/node_modules/side-channel/.github/FUNDING.yml
 create mode 100644 src/Servers/ExpressServer/node_modules/side-channel/.nycrc
 create mode 100644 src/Servers/ExpressServer/node_modules/side-channel/CHANGELOG.md
 create mode 100644 src/Servers/ExpressServer/node_modules/side-channel/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/side-channel/README.md
 create mode 100644 src/Servers/ExpressServer/node_modules/side-channel/index.d.ts
 create mode 100644 src/Servers/ExpressServer/node_modules/side-channel/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/side-channel/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/side-channel/test/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/side-channel/tsconfig.json
 create mode 100644 src/Servers/ExpressServer/node_modules/statuses/HISTORY.md
 create mode 100644 src/Servers/ExpressServer/node_modules/statuses/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/statuses/README.md
 create mode 100644 src/Servers/ExpressServer/node_modules/statuses/codes.json
 create mode 100644 src/Servers/ExpressServer/node_modules/statuses/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/statuses/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/toidentifier/HISTORY.md
 create mode 100644 src/Servers/ExpressServer/node_modules/toidentifier/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/toidentifier/README.md
 create mode 100644 src/Servers/ExpressServer/node_modules/toidentifier/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/toidentifier/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/type-is/HISTORY.md
 create mode 100644 src/Servers/ExpressServer/node_modules/type-is/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/type-is/README.md
 create mode 100644 src/Servers/ExpressServer/node_modules/type-is/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/type-is/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/unpipe/HISTORY.md
 create mode 100644 src/Servers/ExpressServer/node_modules/unpipe/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/unpipe/README.md
 create mode 100644 src/Servers/ExpressServer/node_modules/unpipe/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/unpipe/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/utils-merge/.npmignore
 create mode 100644 src/Servers/ExpressServer/node_modules/utils-merge/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/utils-merge/README.md
 create mode 100644 src/Servers/ExpressServer/node_modules/utils-merge/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/utils-merge/package.json
 create mode 100644 src/Servers/ExpressServer/node_modules/vary/HISTORY.md
 create mode 100644 src/Servers/ExpressServer/node_modules/vary/LICENSE
 create mode 100644 src/Servers/ExpressServer/node_modules/vary/README.md
 create mode 100644 src/Servers/ExpressServer/node_modules/vary/index.js
 create mode 100644 src/Servers/ExpressServer/node_modules/vary/package.json
 create mode 100644 src/Servers/ExpressServer/package-lock.json
 create mode 100644 src/Servers/GunicornServer/__pycache__/app.cpython-312.pyc
 create mode 100644 src/Servers/UvicornServer/__pycache__/app.cpython-312.pyc

diff --git a/.github/workflows/probe.yml b/.github/workflows/probe.yml
index 332e8be..22613ca 100644
--- a/.github/workflows/probe.yml
+++ b/.github/workflows/probe.yml
@@ -156,6 +156,9 @@ jobs:
                     'connectionState': conn, 'reason': reason,
                     'scored': scored,
                     'durationMs': r.get('durationMs', 0),
+                    'rawRequest': r.get('rawRequest'),
+                    'rawResponse': r.get('rawResponse'),
+                    'behavioralNote': r.get('behavioralNote'),
                 })
 
             scored_results = [r for r in results if r['scored']]
diff --git a/docs/hugo.yaml b/docs/hugo.yaml
index f96ab52..db64c5a 100644
--- a/docs/hugo.yaml
+++ b/docs/hugo.yaml
@@ -41,8 +41,13 @@ menu:
       weight: 8
       params:
         type: theme-toggle
-    - name: GitHub
+    - name: Discord
       weight: 9
+      url: https://discord.gg/H84B5ZqDXR
+      params:
+        icon: discord
+    - name: GitHub
+      weight: 10
       url: https://github.com/MDA2AV/Http11Probe
       params:
         icon: github
diff --git a/docs/static/probe/data.js b/docs/static/probe/data.js
new file mode 100644
index 0000000..35330dc
--- /dev/null
+++ b/docs/static/probe/data.js
@@ -0,0 +1 @@
+window.PROBE_DATA = {"commit": {"id": "acfa55caef2f31a94883ee9c52c9ee97235b349a", "message": "Merge pull request #21 from MDA2AV/fix/adjust-bare-lf", "timestamp": "2026-02-12T18:31:51+00:00"}, "servers": [{"summary": {"total": 143, "scored": 125, "passed": 93, "failed": 15, "warnings": 17, "unscored": 18}, "results": [{"id": "COMP-BASELINE", "description": "Valid GET request \u2014 confirms server is reachable", "category": "Compliance", "rfc": null, "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid GET request \u2014 confirms server is reachable", "scored": true, "durationMs": 63.9613, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:05:53 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-2.2-BARE-LF-REQUEST-LINE", "description": "Bare LF in request line should be rejected, but MAY be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or close (pass), 2xx (warn)", "got": "200", "connectionState": "Open", "reason": "Bare LF in request line should be rejected, but MAY be accepted", "scored": true, "durationMs": 50.8521, "rawRequest": "GET / HTTP/1.1\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:05:53 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-2.2-BARE-LF-HEADER", "description": "Bare LF in header should be rejected, but MAY be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or close (pass), 2xx (warn)", "got": "200", "connectionState": "Open", "reason": "Bare LF in header should be rejected, but MAY be accepted", "scored": true, "durationMs": 51.7311, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\nX-Test: value\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:05:53 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-5.1-OBS-FOLD", "description": "Obs-fold (line folding) in headers should be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75.1", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Obs-fold (line folding) in headers should be rejected", "scored": true, "durationMs": 51.7214, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: value\r\n continued\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:05:53 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "RFC9110-5.6.2-SP-BEFORE-COLON", "description": "Whitespace between header name and colon must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Whitespace between header name and colon must be rejected", "scored": true, "durationMs": 50.6919, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test : value\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:05:53 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-3-MULTI-SP-REQUEST-LINE", "description": "Multiple spaces between request-line components \u2014 SHOULD reject but MAY parse leniently", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Multiple spaces between request-line components \u2014 SHOULD reject but MAY parse leniently", "scored": true, "durationMs": 50.9083, "rawRequest": "GET  / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:05:53 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-7.1-MISSING-HOST", "description": "Request without Host header must be rejected with 400", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Request without Host header must be rejected with 400", "scored": true, "durationMs": 50.6966, "rawRequest": "GET / HTTP/1.1\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:05:53 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-2.3-INVALID-VERSION", "description": "Invalid HTTP version must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 505, "expected": "400/505 or close", "got": "505", "connectionState": "ClosedByServer", "reason": "Invalid HTTP version must be rejected", "scored": true, "durationMs": 50.8775, "rawRequest": "GET / HTTP/9.9\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 505 HTTP Version Not Supported\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:05:53 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-5-EMPTY-HEADER-NAME", "description": "Empty header name (leading colon) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Empty header name (leading colon) must be rejected", "scored": true, "durationMs": 50.6139, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\n: empty-name\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:05:53 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-3-CR-ONLY-LINE-ENDING", "description": "CR without LF as line ending must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "CR without LF as line ending must be rejected", "scored": true, "durationMs": 50.5972, "rawRequest": "GET / HTTP/1.1\rHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:05:53 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-3-MISSING-TARGET", "description": "Request line with no target (space but no path) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Request line with no target (space but no path) must be rejected", "scored": true, "durationMs": 50.5834, "rawRequest": "GET HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:05:53 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-3.2-FRAGMENT-IN-TARGET", "description": "Fragment (#) in request-target \u2014 not part of origin-form grammar", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 404, "expected": "400 or 2xx", "got": "404", "connectionState": "Open", "reason": "Expected 400 or 2xx, got 404 \u2014 Fragment (#) in request-target \u2014 not part of origin-form grammar", "scored": true, "durationMs": 51.238, "rawRequest": "GET /path#frag HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nContent-Length: 0\r\nDate: Thu, 12 Feb 2026 21:05:53 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-2.3-HTTP09-REQUEST", "description": "HTTP/0.9 request (no version) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/0.9 request (no version) must be rejected", "scored": true, "durationMs": 50.834, "rawRequest": "GET /\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:05:53 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-5-INVALID-HEADER-NAME", "description": "Header name with invalid characters (brackets) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Header name with invalid characters (brackets) must be rejected", "scored": true, "durationMs": 50.6348, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nBad[Name: value\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:05:53 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-5-HEADER-NO-COLON", "description": "Header line without colon must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Header line without colon must be rejected", "scored": true, "durationMs": 50.6964, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nNoColonHere\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:05:53 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "RFC9110-5.4-DUPLICATE-HOST", "description": "Duplicate Host headers with different values must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Duplicate Host headers with different values must be rejected", "scored": true, "durationMs": 50.8738, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nHost: other.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:05:53 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-6.1-CL-NON-NUMERIC", "description": "Non-numeric Content-Length must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Non-numeric Content-Length must be rejected", "scored": true, "durationMs": 50.8284, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: abc\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:05:53 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-6.1-CL-PLUS-SIGN", "description": "Content-Length with plus sign must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Content-Length with plus sign must be rejected", "scored": true, "durationMs": 52.5229, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: +5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:05:53 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-WHITESPACE-BEFORE-HEADERS", "description": "Whitespace before first header line must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Whitespace before first header line must be rejected", "scored": true, "durationMs": 50.5472, "rawRequest": "GET / HTTP/1.1\r\n \r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:05:53 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "COMP-DUPLICATE-HOST-SAME", "description": "Duplicate Host headers with identical values must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Duplicate Host headers with identical values must be rejected", "scored": true, "durationMs": 50.7728, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:05:54 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "COMP-HOST-WITH-USERINFO", "description": "Host header with userinfo (user@host) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Host header with userinfo (user@host) must be rejected", "scored": true, "durationMs": 50.8696, "rawRequest": "GET / HTTP/1.1\r\nHost: user@localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:05:54 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "COMP-HOST-WITH-PATH", "description": "Host header with path component must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Host header with path component must be rejected", "scored": true, "durationMs": 50.4779, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080/path\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:05:54 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "COMP-ASTERISK-WITH-GET", "description": "Asterisk-form (*) request-target with GET must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.4", "verdict": "Fail", "statusCode": 405, "expected": "400 or close", "got": "405", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 405 \u2014 Asterisk-form (*) request-target with GET must be rejected", "scored": true, "durationMs": 50.5336, "rawRequest": "GET * HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 405 Method Not Allowed\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:05:54 GMT\r\nServer: Kestrel\r\nAllow: OPTIONS\r\n\r\n", "behavioralNote": null}, {"id": "COMP-OPTIONS-STAR", "description": "OPTIONS * is the only valid asterisk-form request", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.4", "verdict": "Fail", "statusCode": 405, "expected": "2xx", "got": "405", "connectionState": "Open", "reason": "Expected 2xx, got 405 \u2014 OPTIONS * is the only valid asterisk-form request", "scored": true, "durationMs": 50.5558, "rawRequest": "OPTIONS * HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 405 Method Not Allowed\r\nContent-Length: 0\r\nDate: Thu, 12 Feb 2026 21:05:54 GMT\r\nServer: Kestrel\r\nAllow: GET, POST\r\n\r\n", "behavioralNote": null}, {"id": "COMP-UNKNOWN-TE-501", "description": "Unknown Transfer-Encoding without CL should be rejected with 501", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400/501 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Unknown Transfer-Encoding without CL should be rejected with 501", "scored": true, "durationMs": 50.7638, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: gzip\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:05:54 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "COMP-LEADING-CRLF", "description": "Leading CRLF before request-line \u2014 server may ignore per RFC", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Leading CRLF before request-line \u2014 server may ignore per RFC", "scored": true, "durationMs": 51.0067, "rawRequest": "\r\n\r\nGET / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:05:54 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-ABSOLUTE-FORM", "description": "Absolute-form request-target \u2014 server should accept per RFC", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Absolute-form request-target \u2014 server should accept per RFC", "scored": true, "durationMs": 51.6673, "rawRequest": "GET http://localhost:8080/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:05:54 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n", "behavioralNote": null}, {"id": "COMP-METHOD-CASE", "description": "Lowercase method 'get' \u2014 methods are case-sensitive per RFC", "category": "Compliance", "rfc": "RFC 9110 \u00a79.1", "verdict": "Warn", "statusCode": 200, "expected": "400/405/501 or 2xx", "got": "200", "connectionState": "Open", "reason": "Lowercase method 'get' \u2014 methods are case-sensitive per RFC", "scored": true, "durationMs": 50.6896, "rawRequest": "get / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:05:54 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-POST-CL-BODY", "description": "POST with Content-Length and matching body must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "POST with Content-Length and matching body must be accepted", "scored": true, "durationMs": 50.5437, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:05:54 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-POST-CL-ZERO", "description": "POST with Content-Length: 0 and no body must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "POST with Content-Length: 0 and no body must be accepted", "scored": true, "durationMs": 50.4767, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:05:54 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "COMP-POST-NO-CL-NO-TE", "description": "POST with neither Content-Length nor Transfer-Encoding \u2014 implicit zero-length body", "category": "Compliance", "rfc": "RFC 9112 \u00a76.3", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "POST with neither Content-Length nor Transfer-Encoding \u2014 implicit zero-length body", "scored": true, "durationMs": 50.567, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:05:54 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "COMP-POST-CL-UNDERSEND", "description": "POST with Content-Length: 10 but only 5 bytes sent \u2014 incomplete body", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "POST with Content-Length: 10 but only 5 bytes sent \u2014 incomplete body", "scored": true, "durationMs": 5001.0418, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 10\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-CHUNKED-BODY", "description": "Valid single-chunk POST must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid single-chunk POST must be accepted", "scored": true, "durationMs": 51.8296, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:05:59 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-CHUNKED-MULTI", "description": "Valid multi-chunk POST must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid multi-chunk POST must be accepted", "scored": true, "durationMs": 50.5902, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n6\r\n world\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:05:59 GMT\r\nServer: Kestrel\r\n\r\nhello world", "behavioralNote": null}, {"id": "COMP-CHUNKED-EMPTY", "description": "Zero-length chunked body (just terminator) must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "Zero-length chunked body (just terminator) must be accepted", "scored": true, "durationMs": 50.563, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:05:59 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-NO-FINAL", "description": "Chunked body without zero terminator \u2014 incomplete transfer", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Chunked body without zero terminator \u2014 incomplete transfer", "scored": true, "durationMs": 5001.0627, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-UPGRADE-POST", "description": "WebSocket upgrade via POST must not be accepted", "category": "Compliance", "rfc": "RFC 6455 \u00a74.1", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "WebSocket upgrade via POST must not be accepted", "scored": true, "durationMs": 50.8326, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 13\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:04 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "COMP-UPGRADE-MISSING-CONN", "description": "Upgrade header without Connection: Upgrade must not trigger protocol switch", "category": "Compliance", "rfc": "RFC 9110 \u00a77.8", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "Upgrade header without Connection: Upgrade must not trigger protocol switch", "scored": true, "durationMs": 51.1047, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 13\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:04 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-UPGRADE-UNKNOWN", "description": "Upgrade to unknown protocol must not return 101", "category": "Compliance", "rfc": "RFC 9110 \u00a77.8", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "Upgrade to unknown protocol must not return 101", "scored": true, "durationMs": 50.553, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: totally-made-up/1.0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:04 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-METHOD-CONNECT", "description": "CONNECT to an origin server must be rejected", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.6", "verdict": "Pass", "statusCode": 405, "expected": "400/405/501 or close", "got": "405", "connectionState": "Open", "reason": "CONNECT to an origin server must be rejected", "scored": true, "durationMs": 50.6154, "rawRequest": "CONNECT example.com:443 HTTP/1.1\r\nHost: example.com:443\r\n\r\n", "rawResponse": "HTTP/1.1 405 Method Not Allowed\r\nContent-Length: 0\r\nDate: Thu, 12 Feb 2026 21:06:04 GMT\r\nServer: Kestrel\r\nAllow: GET, POST\r\n\r\n", "behavioralNote": null}, {"id": "COMP-EXPECT-UNKNOWN", "description": "Unknown Expect value should be rejected with 417", "category": "Compliance", "rfc": "RFC 9110 \u00a710.1.1", "verdict": "Warn", "statusCode": 200, "expected": "417 or 2xx", "got": "200", "connectionState": "Open", "reason": "Unknown Expect value should be rejected with 417", "scored": true, "durationMs": 50.4924, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nExpect: 200-ok\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:04 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-GET-WITH-CL-BODY", "description": "GET with Content-Length and body \u2014 semantically unusual", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "GET with Content-Length and body \u2014 semantically unusual", "scored": false, "durationMs": 50.4628, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:05 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-EXTENSION", "description": "Chunk extension (valid per RFC) \u2014 server should accept or may reject", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx or 400", "got": "200", "connectionState": "Open", "reason": "Chunk extension (valid per RFC) \u2014 server should accept or may reject", "scored": true, "durationMs": 50.7131, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;ext=value\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:05 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-UPGRADE-INVALID-VER", "description": "WebSocket upgrade with unsupported version \u2014 should return 426", "category": "Compliance", "rfc": "RFC 6455 \u00a74.4", "verdict": "Warn", "statusCode": 200, "expected": "426 or 2xx", "got": "200", "connectionState": "Open", "reason": "WebSocket upgrade with unsupported version \u2014 should return 426", "scored": true, "durationMs": 50.5868, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 99\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:05 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-METHOD-TRACE", "description": "TRACE request \u2014 should be disabled in production", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.8", "verdict": "Pass", "statusCode": 405, "expected": "405/501 or 2xx", "got": "405", "connectionState": "Open", "reason": "TRACE request \u2014 should be disabled in production", "scored": false, "durationMs": 50.6518, "rawRequest": "TRACE / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 405 Method Not Allowed\r\nContent-Length: 0\r\nDate: Thu, 12 Feb 2026 21:06:05 GMT\r\nServer: Kestrel\r\nAllow: GET, POST\r\n\r\n", "behavioralNote": null}, {"id": "COMP-HOST-EMPTY-VALUE", "description": "Empty Host header value must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Empty Host header value must be rejected", "scored": true, "durationMs": 50.4216, "rawRequest": "GET / HTTP/1.1\r\nHost: \r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:05 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-REQUEST-LINE-TAB", "description": "Tab as request-line delimiter \u2014 SHOULD reject but MAY parse on whitespace", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Tab as request-line delimiter \u2014 SHOULD reject but MAY parse on whitespace", "scored": true, "durationMs": 50.6045, "rawRequest": "GET\t/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:05 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "COMP-VERSION-MISSING-MINOR", "description": "HTTP/1 with no minor version digit is invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/1 with no minor version digit is invalid", "scored": true, "durationMs": 50.4746, "rawRequest": "GET / HTTP/1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:05 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "COMP-VERSION-LEADING-ZEROS", "description": "HTTP/01.01 \u2014 leading zeros in version digits are invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/01.01 \u2014 leading zeros in version digits are invalid", "scored": true, "durationMs": 50.3841, "rawRequest": "GET / HTTP/01.01\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:05 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "COMP-VERSION-WHITESPACE", "description": "HTTP/ 1.1 \u2014 whitespace inside version token is invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/ 1.1 \u2014 whitespace inside version token is invalid", "scored": true, "durationMs": 50.3768, "rawRequest": "GET / HTTP/ 1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:05 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CONNECTION-CLOSE", "description": "Server must close connection after responding to Connection: close", "category": "Compliance", "rfc": "RFC 9112 \u00a79.3", "verdict": "Pass", "statusCode": 200, "expected": "2xx + close", "got": "200", "connectionState": "ClosedByServer", "reason": "Server must close connection after responding to Connection: close", "scored": true, "durationMs": 50.6001, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nConnection: close\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:05 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-HTTP10-DEFAULT-CLOSE", "description": "HTTP/1.0 without keep-alive \u2014 server should close connection after response", "category": "Compliance", "rfc": "RFC 9112 \u00a79.3", "verdict": "Pass", "statusCode": 200, "expected": "2xx + close", "got": "200", "connectionState": "ClosedByServer", "reason": "HTTP/1.0 without keep-alive \u2014 server should close connection after response", "scored": true, "durationMs": 50.6256, "rawRequest": "GET / HTTP/1.0\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nConnection: close\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:05 GMT\r\nServer: Kestrel\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HTTP10-NO-HOST", "description": "HTTP/1.0 without Host header \u2014 valid per HTTP/1.0", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Warn", "statusCode": 200, "expected": "200 or 400", "got": "200", "connectionState": "ClosedByServer", "reason": "HTTP/1.0 without Host header \u2014 valid per HTTP/1.0", "scored": false, "durationMs": 50.4733, "rawRequest": "GET / HTTP/1.0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nConnection: close\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:05 GMT\r\nServer: Kestrel\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HTTP12-VERSION", "description": "HTTP/1.2 \u2014 higher minor version should be accepted as HTTP/1.x compatible", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Warn", "statusCode": 505, "expected": "200 or 505", "got": "505", "connectionState": "ClosedByServer", "reason": "HTTP/1.2 \u2014 higher minor version should be accepted as HTTP/1.x compatible", "scored": false, "durationMs": 50.5612, "rawRequest": "GET / HTTP/1.2\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 505 HTTP Version Not Supported\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:05 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "COMP-TRACE-WITH-BODY", "description": "TRACE with Content-Length body should be rejected", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.8", "verdict": "Pass", "statusCode": 405, "expected": "400/405 or 200", "got": "405", "connectionState": "Open", "reason": "TRACE with Content-Length body should be rejected", "scored": false, "durationMs": 50.69, "rawRequest": "TRACE / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 405 Method Not Allowed\r\nContent-Length: 0\r\nDate: Thu, 12 Feb 2026 21:06:05 GMT\r\nServer: Kestrel\r\nAllow: GET, POST\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-TRAILER-VALID", "description": "Valid chunked body with trailer field should be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid chunked body with trailer field should be accepted", "scored": true, "durationMs": 50.55, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nX-Checksum: abc\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:05 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-CHUNKED-HEX-UPPERCASE", "description": "Chunk size with uppercase hex (A = 10) should be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Chunk size with uppercase hex (A = 10) should be accepted", "scored": true, "durationMs": 50.5699, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\nA\r\nhelloworld\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 10\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:05 GMT\r\nServer: Kestrel\r\n\r\nhelloworld", "behavioralNote": null}, {"id": "SMUG-CL-TE-BOTH", "description": "Both Content-Length and Transfer-Encoding present \u2014 server MAY reject or process with TE alone", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Both Content-Length and Transfer-Encoding present \u2014 server MAY reject or process with TE alone", "scored": true, "durationMs": 50.9074, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 6\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:05 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": "Used TE (chunked 0-length \u2192 empty body)"}, {"id": "SMUG-DUPLICATE-CL", "description": "Duplicate Content-Length with different values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Duplicate Content-Length with different values must be rejected", "scored": true, "durationMs": 50.5989, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nContent-Length: 10\r\n\r\nhelloworld", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:05 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-LEADING-ZEROS", "description": "Content-Length with leading zeros \u2014 valid per 1*DIGIT grammar but may cause parser disagreement", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with leading zeros \u2014 valid per 1*DIGIT grammar but may cause parser disagreement", "scored": true, "durationMs": 50.5974, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 005\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:05 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TE-XCHUNKED", "description": "Transfer-Encoding: xchunked must not be treated as chunked", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: xchunked must not be treated as chunked", "scored": true, "durationMs": 50.6735, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: xchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:05 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-TRAILING-SPACE", "description": "Transfer-Encoding: 'chunked ' (trailing space) must not be treated as chunked", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: 'chunked ' (trailing space) must not be treated as chunked", "scored": true, "durationMs": 56.9713, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked \r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:06 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-SP-BEFORE-COLON", "description": "Transfer-Encoding with space before colon must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with space before colon must be rejected", "scored": true, "durationMs": 50.3571, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding : chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:06 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-NEGATIVE", "description": "Negative Content-Length must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Negative Content-Length must be rejected", "scored": true, "durationMs": 50.4327, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: -1\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:06 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CLTE-PIPELINE", "description": "CL.TE smuggling probe \u2014 follow-up should not receive smuggled response", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 CL.TE smuggling probe \u2014 follow-up should not receive smuggled response", "scored": true, "durationMs": 0.4616, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 4\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:06 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TECL-PIPELINE", "description": "TE.CL smuggling probe \u2014 TE: chunked + CL: 30 with pipelined GET", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 TE.CL smuggling probe \u2014 TE: chunked + CL: 30 with pipelined GET", "scored": true, "durationMs": 0.3813, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nContent-Length: 30\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:06 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-TRAILING-SPACE", "description": "Content-Length with trailing space \u2014 OWS trimming is valid per RFC 9110 \u00a75.5", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with trailing space \u2014 OWS trimming is valid per RFC 9110 \u00a75.5", "scored": true, "durationMs": 50.4264, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5 \r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:06 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TE-DOUBLE-CHUNKED", "description": "Transfer-Encoding: chunked, chunked with CL is ambiguous", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: chunked, chunked with CL is ambiguous", "scored": true, "durationMs": 50.9583, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked, chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:06 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-EXTRA-LEADING-SP", "description": "Content-Length with extra leading whitespace (double space OWS)", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with extra leading whitespace (double space OWS)", "scored": true, "durationMs": 50.5576, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length:  5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:06 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TE-CASE-MISMATCH", "description": "Transfer-Encoding: Chunked (capital C) with CL \u2014 case-insensitive is valid", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: Chunked (capital C) with CL \u2014 case-insensitive is valid", "scored": true, "durationMs": 50.8788, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: Chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:06 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-COMMA-DIFFERENT", "description": "Content-Length with comma-separated different values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with comma-separated different values must be rejected", "scored": true, "durationMs": 50.3231, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5, 10\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:06 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-NOT-FINAL-CHUNKED", "description": "Transfer-Encoding where chunked is not final \u2014 server MUST respond with 400 (RFC 9112 \u00a76.3)", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding where chunked is not final \u2014 server MUST respond with 400 (RFC 9112 \u00a76.3)", "scored": true, "durationMs": 50.597, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked, gzip\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:06 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-HTTP10", "description": "Transfer-Encoding in HTTP/1.0 request must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding in HTTP/1.0 request must be rejected", "scored": true, "durationMs": 50.805, "rawRequest": "POST / HTTP/1.0\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:06 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-BARE-SEMICOLON", "description": "Chunk size with bare semicolon and no extension name must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Chunk size with bare semicolon and no extension name must be rejected", "scored": true, "durationMs": 50.5703, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:06 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-BARE-CR-HEADER-VALUE", "description": "Bare CR in header value must be rejected or replaced with SP", "category": "Smuggling", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare CR in header value must be rejected or replaced with SP", "scored": true, "durationMs": 50.7052, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nX-Test: val\rue\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:06 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-OCTAL", "description": "Content-Length with octal prefix (0o5) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with octal prefix (0o5) must be rejected", "scored": true, "durationMs": 50.372, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0o5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:06 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-UNDERSCORE", "description": "Chunk size with underscores (1_0) must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size with underscores (1_0) must be rejected", "scored": true, "durationMs": 50.9501, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n1_0\r\nhello world!!!!!\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:06 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-EMPTY-VALUE", "description": "Transfer-Encoding with empty value must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with empty value must be rejected", "scored": true, "durationMs": 50.3571, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:06 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-LEADING-COMMA", "description": "Transfer-Encoding with leading comma (, chunked) \u2014 RFC says empty list elements MUST be ignored", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.6.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with leading comma (, chunked) \u2014 RFC says empty list elements MUST be ignored", "scored": true, "durationMs": 51.0878, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: , chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:06 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-DUPLICATE-HEADERS", "description": "Two Transfer-Encoding headers with CL present \u2014 ambiguous framing", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Two Transfer-Encoding headers with CL present \u2014 ambiguous framing", "scored": true, "durationMs": 50.4488, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nTransfer-Encoding: identity\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:06 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-HEX-PREFIX", "description": "Chunk size with 0x prefix must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size with 0x prefix must be rejected", "scored": true, "durationMs": 50.818, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n0x5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:06 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-HEX-PREFIX", "description": "Content-Length with hex prefix (0x5) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with hex prefix (0x5) must be rejected", "scored": true, "durationMs": 50.6808, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0x5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:06 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-INTERNAL-SPACE", "description": "Content-Length with internal space (1 0) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with internal space (1 0) must be rejected", "scored": true, "durationMs": 50.5266, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 1 0\r\n\r\nhello12345", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:07 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-LEADING-SP", "description": "Chunk size with leading space must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size with leading space must be rejected", "scored": true, "durationMs": 50.8318, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n 5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:07 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-MISSING-TRAILING-CRLF", "description": "Chunk data without trailing CRLF must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk data without trailing CRLF must be rejected", "scored": true, "durationMs": 50.7802, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:07 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-LF", "description": "Bare LF in chunk extension \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare LF in chunk extension \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 51.2805, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:07 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-SPILL", "description": "Chunk declares size 5 but sends 7 bytes \u2014 oversized chunk data must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk declares size 5 but sends 7 bytes \u2014 oversized chunk data must be rejected", "scored": true, "durationMs": 50.7555, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello!!\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:07 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-LF-TERM", "description": "Bare LF as chunk data terminator \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare LF as chunk data terminator \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 50.7244, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:07 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-CTRL", "description": "NUL byte in chunk extension must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 NUL byte in chunk extension must be rejected", "scored": true, "durationMs": 50.4353, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\u0000ext\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:07 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-CR", "description": "Bare CR (not CRLF) in chunk extension \u2014 some parsers treat CR alone as line ending", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare CR (not CRLF) in chunk extension \u2014 some parsers treat CR alone as line ending", "scored": true, "durationMs": 50.8682, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;a\rX\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:07 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-VTAB", "description": "Vertical tab before 'chunked' in TE value \u2014 control char obfuscation vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Vertical tab before 'chunked' in TE value \u2014 control char obfuscation vector", "scored": true, "durationMs": 50.4556, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \u000bchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:07 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-FORMFEED", "description": "Form feed before 'chunked' in TE value \u2014 control char obfuscation vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Form feed before 'chunked' in TE value \u2014 control char obfuscation vector", "scored": true, "durationMs": 50.4942, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \fchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:07 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-NULL", "description": "NUL byte appended to 'chunked' in TE value \u2014 C-string truncation attack", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "NUL byte appended to 'chunked' in TE value \u2014 C-string truncation attack", "scored": true, "durationMs": 50.4, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\u0000\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:07 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-LF-TRAILER", "description": "Bare LF in chunked trailer termination \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Bare LF in chunked trailer termination \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 5000.0705, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-IDENTITY", "description": "Transfer-Encoding: identity (deprecated) with CL must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: identity (deprecated) with CL must be rejected", "scored": true, "durationMs": 50.3507, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: identity\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:12 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-NEGATIVE", "description": "Negative chunk size must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Negative chunk size must be rejected", "scored": true, "durationMs": 50.6773, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n-1\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:12 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRANSFER_ENCODING", "description": "Transfer_Encoding (underscore) header with CL \u2014 not a valid header but some parsers accept", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer_Encoding (underscore) header with CL \u2014 not a valid header but some parsers accept", "scored": false, "durationMs": 50.6048, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer_Encoding: chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:12 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-CL-COMMA-SAME", "description": "Content-Length with comma-separated identical values \u2014 some servers merge", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with comma-separated identical values \u2014 some servers merge", "scored": false, "durationMs": 50.5078, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5, 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:12 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNKED-WITH-PARAMS", "description": "Transfer-Encoding: chunked;ext=val \u2014 parameters on chunked encoding", "category": "Smuggling", "rfc": "RFC 9112 \u00a77", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: chunked;ext=val \u2014 parameters on chunked encoding", "scored": true, "durationMs": 50.5134, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked;ext=val\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:12 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-EXPECT-100-CL", "description": "Expect: 100-continue with Content-Length \u2014 server should send 100 then read body", "category": "Smuggling", "rfc": "RFC 9110 \u00a710.1.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Expect: 100-continue with Content-Length \u2014 server should send 100 then read body", "scored": false, "durationMs": 50.463, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nExpect: 100-continue\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:12 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TRAILER-CL", "description": "Content-Length in chunked trailers must be ignored \u2014 prohibited trailer field", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length in chunked trailers must be ignored \u2014 prohibited trailer field", "scored": false, "durationMs": 50.5165, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nContent-Length: 50\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:12 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TRAILER-TE", "description": "Transfer-Encoding in chunked trailers must be ignored \u2014 prohibited trailer field", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer-Encoding in chunked trailers must be ignored \u2014 prohibited trailer field", "scored": false, "durationMs": 50.5979, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nTransfer-Encoding: chunked\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:12 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TRAILER-HOST", "description": "Host header in chunked trailers must not be used for routing", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Host header in chunked trailers must not be used for routing", "scored": false, "durationMs": 50.8176, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nHost: evil.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:12 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TRAILER-AUTH", "description": "Authorization header in chunked trailers \u2014 prohibited per RFC 9110 \u00a76.5.1", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Authorization header in chunked trailers \u2014 prohibited per RFC 9110 \u00a76.5.1", "scored": false, "durationMs": 50.4916, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nAuthorization: Bearer evil\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:13 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-HEAD-CL-BODY", "description": "HEAD request with Content-Length and body \u2014 server must not leave body on connection", "category": "Smuggling", "rfc": "RFC 9110 \u00a79.3.2", "verdict": "Fail", "statusCode": 405, "expected": "400 or 2xx", "got": "405", "connectionState": "Open", "reason": "Expected 400 or 2xx, got 405 \u2014 HEAD request with Content-Length and body \u2014 server must not leave body on connection", "scored": false, "durationMs": 50.5122, "rawRequest": "HEAD / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 405 Method Not Allowed\r\nDate: Thu, 12 Feb 2026 21:06:13 GMT\r\nServer: Kestrel\r\nAllow: GET, POST\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-OPTIONS-CL-BODY", "description": "OPTIONS with Content-Length and body \u2014 server should consume or reject body", "category": "Smuggling", "rfc": "RFC 9110 \u00a79.3.7", "verdict": "Fail", "statusCode": 405, "expected": "400 or 2xx", "got": "405", "connectionState": "Open", "reason": "Expected 400 or 2xx, got 405 \u2014 OPTIONS with Content-Length and body \u2014 server should consume or reject body", "scored": false, "durationMs": 50.4106, "rawRequest": "OPTIONS / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 405 Method Not Allowed\r\nContent-Length: 0\r\nDate: Thu, 12 Feb 2026 21:06:13 GMT\r\nServer: Kestrel\r\nAllow: GET, POST\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-UNDERSCORE", "description": "Content-Length with underscore digit separator (1_0) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with underscore digit separator (1_0) must be rejected", "scored": true, "durationMs": 50.3345, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 1_0\r\n\r\nhelloworld", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:13 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-NEGATIVE-ZERO", "description": "Content-Length: -0 must be rejected \u2014 not valid 1*DIGIT", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Content-Length: -0 must be rejected \u2014 not valid 1*DIGIT", "scored": true, "durationMs": 50.3982, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: -0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:13 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-DOUBLE-ZERO", "description": "Content-Length: 00 \u2014 matches 1*DIGIT but leading zero ambiguity", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length: 00 \u2014 matches 1*DIGIT but leading zero ambiguity", "scored": true, "durationMs": 50.5182, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 00\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:13 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-LEADING-ZEROS-OCTAL", "description": "Content-Length: 0200 \u2014 octal 128 vs decimal 200, parser disagreement vector", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length: 0200 \u2014 octal 128 vs decimal 200, parser disagreement vector", "scored": true, "durationMs": 50.6327, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0200\r\n\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 200\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:13 GMT\r\nServer: Kestrel\r\n\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "behavioralNote": null}, {"id": "SMUG-TE-OBS-FOLD", "description": "Transfer-Encoding with obs-fold line wrapping must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a75.1", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with obs-fold line wrapping must be rejected", "scored": true, "durationMs": 50.3608, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding:\r\n chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:13 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-TRAILING-COMMA", "description": "Transfer-Encoding: chunked, \u2014 trailing comma produces empty list element", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.6.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: chunked, \u2014 trailing comma produces empty list element", "scored": true, "durationMs": 50.6948, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked,\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:13 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-TAB-BEFORE-VALUE", "description": "Transfer-Encoding with tab as OWS before value", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with tab as OWS before value", "scored": false, "durationMs": 50.7319, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding:\tchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:13 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-ABSOLUTE-URI-HOST-MISMATCH", "description": "Absolute-form URI with different Host header \u2014 routing confusion vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a73.2.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Absolute-form URI with different Host header \u2014 routing confusion vector", "scored": false, "durationMs": 50.7775, "rawRequest": "GET http://other.example.com/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:13 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-MULTIPLE-HOST-COMMA", "description": "Host header with comma-separated values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a77.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Host header with comma-separated values must be rejected", "scored": true, "durationMs": 50.3249, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080, other.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:13 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-BARE-CR-TERM", "description": "Chunk size line terminated by bare CR \u2014 not a valid line terminator", "category": "Smuggling", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size line terminated by bare CR \u2014 not a valid line terminator", "scored": true, "durationMs": 50.6562, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\rhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:13 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-CONTENT-TYPE", "description": "Content-Type in chunked trailer \u2014 prohibited per RFC 9110 \u00a76.5.1", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Type in chunked trailer \u2014 prohibited per RFC 9110 \u00a76.5.1", "scored": false, "durationMs": 50.5449, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nContent-Type: text/evil\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:13 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "MAL-BINARY-GARBAGE", "description": "Random binary garbage should be rejected or connection closed", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "Random binary garbage should be rejected or connection closed", "scored": true, "durationMs": 50.7432, "rawRequest": ">\u0017???\u0004?;???V???:o?M%U\u0017]?n?\t\u0014W??6??(\u000b??\u0007???p??\u0005\tngk??\rF?'??'\"?????g?\u001a?????rvc??7i??????)??\u0000Q?????\u000eq\u0005-~????>B??u?8???`\u000b?J\u0017>?\u001d?b?\t???T5{\n????\u0006t|????\u0018\u0010?D??\u0015'????dQ%5w\tN K???\r?\u0011????D?\u0003I?(?\u0011??\r?\u001bi?L???\u0005?kg4Ze\f6??\"QT><<`\u0007u\f????=1?jMah\u0012??+?-??J\u001cP??\u001d?7?,???j2\u0014????(", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:13 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-LONG-URL", "description": "100KB URL should be rejected with 414 URI Too Long", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 414, "expected": "400/414/431 or close", "got": "414", "connectionState": "ClosedByServer", "reason": "100KB URL should be rejected with 414 URI Too Long", "scored": true, "durationMs": 51.0139, "rawRequest": "GET /AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 414 URI Too Long\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:13 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-LONG-HEADER-VALUE", "description": "100KB header value should be rejected with 431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 431, "expected": "400/431 or close", "got": "431", "connectionState": "ClosedByServer", "reason": "100KB header value should be rejected with 431", "scored": true, "durationMs": 50.9136, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Big: BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB", "rawResponse": "HTTP/1.1 431 Request Header Fields Too Large\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:13 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-MANY-HEADERS", "description": "10,000 headers should be rejected with 431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 431, "expected": "400/431 or close", "got": "431", "connectionState": "ClosedByServer", "reason": "10,000 headers should be rejected with 431", "scored": true, "durationMs": 51.5534, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-H-0: value\r\nX-H-1: value\r\nX-H-2: value\r\nX-H-3: value\r\nX-H-4: value\r\nX-H-5: value\r\nX-H-6: value\r\nX-H-7: value\r\nX-H-8: value\r\nX-H-9: value\r\nX-H-10: value\r\nX-H-11: value\r\nX-H-12: value\r\nX-H-13: value\r\nX-H-14: value\r\nX-H-15: value\r\nX-H-16: value\r\nX-H-17: value\r\nX-H-18: value\r\nX-H-19: value\r\nX-H-20: value\r\nX-H-21: value\r\nX-H-22: value\r\nX-H-23: value\r\nX-H-24: value\r\nX-H-25: value\r\nX-H-26: value\r\nX-H-27: value\r\nX-H-28: value\r\nX-H-29: value\r\nX-H-30: value\r\nX-H-31: value\r\nX-H-32: value\r\nX-H-33: value\r\nX-H-34: value\r\nX-H-35: value\r\nX-H-36: value\r\nX-H-37: value\r\nX-H-38: value\r\nX-H-39: value\r\nX-H-40: value\r\nX-H-41: value\r\nX-H-42: value\r\nX-H-43: value\r\nX-H-44: value\r\nX-H-45: value\r\nX-H-46: value\r\nX-H-47: value\r\nX-H-48: value\r\nX-H-49: value\r\nX-H-50: value\r\nX-H-51: value\r\nX-H-52: value\r\nX-H-53: value\r\nX-H-54: value\r\nX-H-55: value\r\nX-H-56: value\r\nX-H-57: value\r\nX-H-58: value\r\nX-H-59: value\r\nX-H-60: value\r\nX-H-61: value\r\nX-H-62: value\r\nX-H-63: value\r\nX-H-64: value\r\nX-H-65: value\r\nX-H-66: value\r\nX-H-67: value\r\nX-H-68: value\r\nX-H-69: value\r\nX-H-70: value\r\nX-H-71: value\r\nX-H-72: value\r\nX-H-73: value\r\nX-H-74: value\r\nX-H-75: value\r\nX-H-76: value\r\nX-H-77: value\r\nX-H-78: value\r\nX-H-79: value\r\nX-H-80: value\r\nX-H-81: value\r\nX-H-82: value\r\nX-H-83: value\r\nX-H-84: value\r\nX-H-85: value\r\nX-H-86: value\r\nX-H-87: value\r\nX-H-88: value\r\nX-H-89: value\r\nX-H-90: value\r\nX-H-91: value\r\nX-H-92: value\r\nX-H-93: value\r\nX-H-94: value\r\nX-H-95: value\r\nX-H-96: value\r\nX-H-97: value\r\nX-H-98: value\r\nX-H-99: value\r\nX-H-100: value\r\nX-H-101: value\r\nX-H-102: value\r\nX-H-103: value\r\nX-H-104: value\r\nX-H-105: value\r\nX-H-106: value\r\nX-H-107: value\r\nX-H-108: value\r\nX-H-109: value\r\nX-H-110: value\r\nX-H-111: value\r\nX-H-112: value\r\nX-H-113: value\r\nX-H-114: value\r\nX-H-115: value\r\nX-H-116: value\r\nX-H-117: value\r\nX-H-118: value\r\nX-H-119: value\r\nX-H-120: value\r\nX-H-121: value\r\nX-H-122: value\r\nX-H-123: value\r\nX-H-124: value\r\nX-H-125: value\r\nX-H-126: value\r\nX-H-127: value\r\nX-H-128: value\r\nX-H-129: value\r\nX-H-130: value\r\nX-H-131: value\r\nX-H-132: value\r\nX-H-133: value\r\nX-H-134: value\r\nX-H-135: value\r\nX-H-136: value\r\nX-H-137: value\r\nX-H-138: value\r\nX-H-139: value\r\nX-H-140: value\r\nX-H-141: value\r\nX-H-142: value\r\nX-H-143: value\r\nX-H-144: value\r\nX-H-145: value\r\nX-H-146: value\r\nX-H-147: value\r\nX-H-148: value\r\nX-H-149: value\r\nX-H-150: value\r\nX-H-151: value\r\nX-H-152: value\r\nX-H-153: value\r\nX-H-154: value\r\nX-H-155: value\r\nX-H-156: value\r\nX-H-157: value\r\nX-H-158: value\r\nX-H-159: value\r\nX-H-160: value\r\nX-H-161: value\r\nX-H-162: value\r\nX-H-163: value\r\nX-H-164: value\r\nX-H-165: value\r\nX-H-166: value\r\nX-H-167: value\r\nX-H-168: value\r\nX-H-169: value\r\nX-H-170: value\r\nX-H-171: value\r\nX-H-172: value\r\nX-H-173: value\r\nX-H-174: value\r\nX-H-175: value\r\nX-H-176: value\r\nX-H-177: value\r\nX-H-178: value\r\nX-H-179: value\r\nX-H-180: value\r\nX-H-181: value\r\nX-H-182: value\r\nX-H-183: value\r\nX-H-184: value\r\nX-H-185: value\r\nX-H-186: value\r\nX-H-187: value\r\nX-H-188: value\r\nX-H-189: value\r\nX-H-190: value\r\nX-H-191: value\r\nX-H-192: value\r\nX-H-193: value\r\nX-H-194: value\r\nX-H-195: value\r\nX-H-196: value\r\nX-H-197: value\r\nX-H-198: value\r\nX-H-199: value\r\nX-H-200: value\r\nX-H-201: value\r\nX-H-202: value\r\nX-H-203: value\r\nX-H-204: value\r\nX-H-205: value\r\nX-H-206: value\r\nX-H-207: value\r\nX-H-208: value\r\nX-H-209: value\r\nX-H-210: value\r\nX-H-211: value\r\nX-H-212: value\r\nX-H-213: value\r\nX-H-214: value\r\nX-H-215: value\r\nX-H-216: value\r\nX-H-217: value\r\nX-H-218: value\r\nX-H-219: value\r\nX-H-220: value\r\nX-H-221: value\r\nX-H-222: value\r\nX-H-223: value\r\nX-H-224: value\r\nX-H-225: value\r\nX-H-226: value\r\nX-H-227: value\r\nX-H-228: value\r\nX-H-229: value\r\nX-H-230: value\r\nX-H-231: value\r\nX-H-232: value\r\nX-H-233: value\r\nX-H-234: value\r\nX-H-235: value\r\nX-H-236: value\r\nX-H-237: value\r\nX-H-238: value\r\nX-H-239: value\r\nX-H-240: value\r\nX-H-241: value\r\nX-H-242: value\r\nX-H-243: value\r\nX-H-244: value\r\nX-H-245: value\r\nX-H-246: value\r\nX-H-247: value\r\nX-H-248: value\r\nX-H-249: value\r\nX-H-250: value\r\nX-H-251: value\r\nX-H-252: value\r\nX-H-253: value\r\nX-H-254: value\r\nX-H-255: value\r\nX-H-256: value\r\nX-H-257: value\r\nX-H-258: value\r\nX-H-259: value\r\nX-H-260: value\r\nX-H-261: value\r\nX-H-262: value\r\nX-H-263: value\r\nX-H-264: value\r\nX-H-265: value\r\nX-H-266: value\r\nX-H-267: value\r\nX-H-268: value\r\nX-H-269: value\r\nX-H-270: value\r\nX-H-271: value\r\nX-H-272: value\r\nX-H-273: value\r\nX-H-274: value\r\nX-H-275: value\r\nX-H-276: value\r\nX-H-277: value\r\nX-H-278: value\r\nX-H-279: value\r\nX-H-280: value\r\nX-H-281: value\r\nX-H-282: value\r\nX-H-283: value\r\nX-H-284: value\r\nX-H-285: value\r\nX-H-286: value\r\nX-H-287: value\r\nX-H-288: value\r\nX-H-289: value\r\nX-H-290: value\r\nX-H-291: value\r\nX-H-292: value\r\nX-H-293: value\r\nX-H-294: value\r\nX-H-295: value\r\nX-H-296: value\r\nX-H-297: value\r\nX-H-298: value\r\nX-H-299: value\r\nX-H-300: value\r\nX-H-301: value\r\nX-H-302: value\r\nX-H-303: value\r\nX-H-304: value\r\nX-H-305: value\r\nX-H-306: value\r\nX-H-307: value\r\nX-H-308: value\r\nX-H-309: value\r\nX-H-310: value\r\nX-H-311: value\r\nX-H-312: value\r\nX-H-313: value\r\nX-H-314: value\r\nX-H-315: value\r\nX-H-316: value\r\nX-H-317: value\r\nX-H-318: value\r\nX-H-319: value\r\nX-H-320: value\r\nX-H-321: value\r\nX-H-322: value\r\nX-H-323: value\r\nX-H-324: value\r\nX-H-325: value\r\nX-H-326: value\r\nX-H-327: value\r\nX-H-328: value\r\nX-H-329: value\r\nX-H-330: value\r\nX-H-331: value\r\nX-H-332: value\r\nX-H-333: value\r\nX-H-334: value\r\nX-H-335: value\r\nX-H-336: value\r\nX-H-337: value\r\nX-H-338: value\r\nX-H-339: value\r\nX-H-340: value\r\nX-H-341: value\r\nX-H-342: value\r\nX-H-343: value\r\nX-H-344: value\r\nX-H-345: value\r\nX-H-346: value\r\nX-H-347: value\r\nX-H-348: value\r\nX-H-349: value\r\nX-H-350: value\r\nX-H-351: value\r\nX-H-352: value\r\nX-H-353: value\r\nX-H-354: value\r\nX-H-355: value\r\nX-H-356: value\r\nX-H-357: value\r\nX-H-358: value\r\nX-H-359: value\r\nX-H-360: value\r\nX-H-361: value\r\nX-H-362: value\r\nX-H-363: value\r\nX-H-364: value\r\nX-H-365: value\r\nX-H-366: value\r\nX-H-367: value\r\nX-H-368: value\r\nX-H-369: value\r\nX-H-370: value\r\nX-H-371: value\r\nX-H-372: value\r\nX-H-373: value\r\nX-H-374: value\r\nX-H-375: value\r\nX-H-376: value\r\nX-H-377: value\r\nX-H-378: value\r\nX-H-379: value\r\nX-H-380: value\r\nX-H-381: value\r\nX-H-382: value\r\nX-H-383: value\r\nX-H-384: value\r\nX-H-385: value\r\nX-H-386: value\r\nX-H-387: value\r\nX-H-388: value\r\nX-H-389: value\r\nX-H-390: value\r\nX-H-391: value\r\nX-H-392: value\r\nX-H-393: value\r\nX-H-394: value\r\nX-H-395: value\r\nX-H-396: value\r\nX-H-397: value\r\nX-H-398: value\r\nX-H-399: value\r\nX-H-400: value\r\nX-H-401: value\r\nX-H-402: value\r\nX-H-403: value\r\nX-H-404: value\r\nX-H-405: value\r\nX-H-406: value\r\nX-H-407: value\r\nX-H-408: value\r\nX-H-409: value\r\nX-H-410: value\r\nX-H-411: value\r\nX-H-412: value\r\nX-H-413: value\r\nX-H-414: value\r\nX-H-415: value\r\nX-H-416: value\r\nX-H-417: value\r\nX-H-418: value\r\nX-H-419: value\r\nX-H-420: value\r\nX-H-421: value\r\nX-H-422: value\r\nX-H-423: value\r\nX-H-424: value\r\nX-H-425: value\r\nX-H-426: value\r\nX-H-427: value\r\nX-H-428: value\r\nX-H-429: value\r\nX-H-430: value\r\nX-H-431: value\r\nX-H-432: value\r\nX-H-433: value\r\nX-H-434: value\r\nX-H-435: value\r\nX-H-436: value\r\nX-H-437: value\r\nX-H-438: value\r\nX-H-439: value\r\nX-H-440: value\r\nX-H-441: value\r\nX-H-442: value\r\nX-H-443: value\r\nX-H-444: value\r\nX-H-445: value\r\nX-H-446: value\r\nX-H-447: value\r\nX-H-448: value\r\nX-H-449: value\r\nX-H-450: value\r\nX-H-451: value\r\nX-H-452: value\r\nX-H-453: value\r\nX-H-454: value\r\nX-H-455: value\r\nX-H-456: value\r\nX-H-457: value\r\nX-H-458: value\r\nX-H-459: value\r\nX-H-460: value\r\nX-H-461: value\r\nX-H-462: value\r\nX-H-463: value\r\nX-H-464: value\r\nX-H-465: value\r\nX-H-466: value\r\nX-H-467: value\r\nX-H-468: value\r\nX-H-469: value\r\nX-H-470: value\r\nX-H-471: value\r\nX-H-472: value\r\nX-H-473: value\r\nX-H-474: value\r\nX-H-475: value\r\nX-H-476: value\r\nX-H-477: value\r\nX-H-478: value\r\nX-H-479: value\r\nX-H-480: value\r\nX-H-481: value\r\nX-H-482: value\r\nX-H-483: value\r\nX-H-484: value\r\nX-H-485: value\r\nX-H-486: value\r\nX-H-487: value\r\nX-H-488: value\r\nX-H-489: value\r\nX-H-490: value\r\nX-H-491: value\r\nX-H-492: value\r\nX-H-493: value\r\nX-H-494: value\r\nX-H-495: value\r\nX-H-496: value\r\nX-H-497: value\r\nX-H-498: value\r\nX-H-499: value\r\nX-H-500: value\r\nX-H-501: value\r\nX-H-502: value\r\nX-H-503: value\r\nX-H-504: value\r\nX-H-505: value\r\nX-H-506: value\r\nX-H-507: value\r\nX-H-508: value\r\nX-H-509: value\r\nX-H-510: value\r\nX-H-511: value\r\nX-H-512: value\r\nX-H-513: value\r\nX-H-514: value\r\nX-H-515: value\r\nX-H-516:", "rawResponse": "HTTP/1.1 431 Request Header Fields Too Large\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:13 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-NUL-IN-URL", "description": "NUL byte in URL should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "NUL byte in URL should be rejected", "scored": true, "durationMs": 50.4295, "rawRequest": "GET /\u0000test HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:13 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-CONTROL-CHARS-HEADER", "description": "Control characters in header value should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Control characters in header value should be rejected", "scored": true, "durationMs": 51.485, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: abc\u0007\b?f\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:13 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-INCOMPLETE-REQUEST", "description": "Partial HTTP request \u2014 request-line and headers but no final CRLF", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Partial HTTP request \u2014 request-line and headers but no final CRLF", "scored": true, "durationMs": 5000.7124, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: value", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-EMPTY-REQUEST", "description": "Zero bytes \u2014 TCP connection established without sending any data", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Zero bytes \u2014 TCP connection established without sending any data", "scored": true, "durationMs": 5000.452, "rawRequest": "", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-LONG-HEADER-NAME", "description": "100KB header name should be rejected with 400/431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 431, "expected": "400/431 or close", "got": "431", "connectionState": "ClosedByServer", "reason": "100KB header name should be rejected with 400/431", "scored": true, "durationMs": 50.7265, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 431 Request Header Fields Too Large\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:24 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-LONG-METHOD", "description": "100KB method name should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 414, "expected": "400 or close", "got": "414", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 414 \u2014 100KB method name should be rejected", "scored": true, "durationMs": 50.9427, "rawRequest": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 414 URI Too Long\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:24 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-NON-ASCII-HEADER-NAME", "description": "Non-ASCII bytes (UTF-8 \u00eb) in header name must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Non-ASCII bytes (UTF-8 \u00eb) in header name must be rejected", "scored": true, "durationMs": 50.6813, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-T??st: value\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:24 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-NON-ASCII-URL", "description": "Non-ASCII bytes (UTF-8 \u00e9) in URL must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Non-ASCII bytes (UTF-8 \u00e9) in URL must be rejected", "scored": true, "durationMs": 50.7907, "rawRequest": "GET /caf?? HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:24 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-CL-OVERFLOW", "description": "Content-Length with integer overflow value must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with integer overflow value must be rejected", "scored": true, "durationMs": 50.5514, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 99999999999999999999\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:24 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-WHITESPACE-ONLY-LINE", "description": "Whitespace-only request line should be rejected or timeout", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "Whitespace-only request line should be rejected or timeout", "scored": true, "durationMs": 49.526, "rawRequest": "   \r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:24 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-NUL-IN-HEADER-VALUE", "description": "NUL byte in header value should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "NUL byte in header value should be rejected", "scored": true, "durationMs": 50.3307, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: val\u0000ue\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:24 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-CHUNK-SIZE-OVERFLOW", "description": "Chunk size with integer overflow must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 500, "expected": "400 or close", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 500 \u2014 Chunk size with integer overflow must be rejected", "scored": true, "durationMs": 50.7695, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\nFFFFFFFFFFFFFFFF0\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 500 Internal Server Error\r\nContent-Length: 0\r\nDate: Thu, 12 Feb 2026 21:06:24 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-H2-PREFACE", "description": "HTTP/2 connection preface sent to HTTP/1.1 server must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/505/close/timeout", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "HTTP/2 connection preface sent to HTTP/1.1 server must be rejected", "scored": true, "durationMs": 0.363, "rawRequest": "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-CL-EMPTY", "description": "Empty Content-Length value must be rejected", "category": "MalformedInput", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Empty Content-Length value must be rejected", "scored": true, "durationMs": 50.4228, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: \r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:24 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-CL-TAB-BEFORE-VALUE", "description": "Content-Length with tab as OWS \u2014 valid per RFC but unusual", "category": "MalformedInput", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with tab as OWS \u2014 valid per RFC but unusual", "scored": true, "durationMs": 50.5968, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length:\t5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:24 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "MAL-URL-BACKSLASH", "description": "Backslash in URL path \u2014 not valid URI character, some servers normalize to /", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 404, "expected": "400 or 2xx/404", "got": "404", "connectionState": "Open", "reason": "Backslash in URL path \u2014 not valid URI character, some servers normalize to /", "scored": true, "durationMs": 50.4421, "rawRequest": "GET /path\\file HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nContent-Length: 0\r\nDate: Thu, 12 Feb 2026 21:06:24 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-URL-OVERLONG-UTF8", "description": "Overlong UTF-8 encoding of / (0xC0 0xAF) in URL must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Overlong UTF-8 encoding of / (0xC0 0xAF) in URL must be rejected", "scored": true, "durationMs": 50.4549, "rawRequest": "GET /?? HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:24 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-URL-PERCENT-NULL", "description": "Percent-encoded NUL byte (%00) in URL \u2014 security risk from null byte injection", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx/404", "got": "400", "connectionState": "ClosedByServer", "reason": "Percent-encoded NUL byte (%00) in URL \u2014 security risk from null byte injection", "scored": true, "durationMs": 50.5505, "rawRequest": "GET /path%00.html HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:24 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-URL-PERCENT-CRLF", "description": "Percent-encoded CRLF (%0d%0a) in URL \u2014 header injection if server decodes during parsing", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 404, "expected": "400 or 2xx/404", "got": "404", "connectionState": "Open", "reason": "Percent-encoded CRLF (%0d%0a) in URL \u2014 header injection if server decodes during parsing", "scored": true, "durationMs": 50.5531, "rawRequest": "GET /path%0d%0aX-Injected:%20true HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nContent-Length: 0\r\nDate: Thu, 12 Feb 2026 21:06:24 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-CHUNK-EXT-64K", "description": "64KB chunk extension \u2014 tests extension length limits (CVE-2023-39326 class)", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "64KB chunk extension \u2014 tests extension length limits (CVE-2023-39326 class)", "scored": true, "durationMs": 50.9734, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;ext=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:24 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "MAL-RANGE-OVERLAPPING", "description": "1000 overlapping Range values \u2014 resource exhaustion vector (CVE-2011-3192 class)", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "200/206/400/416", "got": "200", "connectionState": "Open", "reason": "1000 overlapping Range values \u2014 resource exhaustion vector (CVE-2011-3192 class)", "scored": false, "durationMs": 51.4104, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nRange: bytes=0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:24 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-POST-CL-HUGE-NO-BODY", "description": "POST with Content-Length: 999999999 but no body \u2014 tests timeout vs memory allocation", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 413, "expected": "400/close/timeout", "got": "413", "connectionState": "ClosedByServer", "reason": "POST with Content-Length: 999999999 but no body \u2014 tests timeout vs memory allocation", "scored": true, "durationMs": 51.0306, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 999999999\r\n\r\n", "rawResponse": "HTTP/1.1 413 Payload Too Large\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:24 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}], "name": "ASP.NET Minimal", "language": "C#"}, {"summary": {"total": 143, "scored": 125, "passed": 37, "failed": 61, "warnings": 27, "unscored": 18}, "results": [{"id": "COMP-BASELINE", "description": "Valid GET request \u2014 confirms server is reachable", "category": "Compliance", "rfc": null, "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid GET request \u2014 confirms server is reachable", "scored": true, "durationMs": 64.3781, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:46 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-2.2-BARE-LF-REQUEST-LINE", "description": "Bare LF in request line should be rejected, but MAY be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or close (pass), 2xx (warn)", "got": "200", "connectionState": "Open", "reason": "Bare LF in request line should be rejected, but MAY be accepted", "scored": true, "durationMs": 50.7735, "rawRequest": "GET / HTTP/1.1\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:46 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": null}, {"id": "RFC9112-2.2-BARE-LF-HEADER", "description": "Bare LF in header should be rejected, but MAY be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or close (pass), 2xx (warn)", "got": "200", "connectionState": "Open", "reason": "Bare LF in header should be rejected, but MAY be accepted", "scored": true, "durationMs": 50.6053, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\nX-Test: value\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:46 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": null}, {"id": "RFC9112-5.1-OBS-FOLD", "description": "Obs-fold (line folding) in headers should be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75.1", "verdict": "Fail", "statusCode": null, "expected": "400", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "Expected 400, got ClosedByServer \u2014 Obs-fold (line folding) in headers should be rejected", "scored": true, "durationMs": 0.3113, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: value\r\n continued\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "RFC9110-5.6.2-SP-BEFORE-COLON", "description": "Whitespace between header name and colon must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "Open", "reason": "Expected 400, got 200 \u2014 Whitespace between header name and colon must be rejected", "scored": true, "durationMs": 50.4123, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test : value\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:46 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": null}, {"id": "RFC9112-3-MULTI-SP-REQUEST-LINE", "description": "Multiple spaces between request-line components \u2014 SHOULD reject but MAY parse leniently", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": null, "expected": "400 or 2xx", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "Multiple spaces between request-line components \u2014 SHOULD reject but MAY parse leniently", "scored": true, "durationMs": 0.3401, "rawRequest": "GET  / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "RFC9112-7.1-MISSING-HOST", "description": "Request without Host header must be rejected with 400", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": null, "expected": "400", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "Expected 400, got ClosedByServer \u2014 Request without Host header must be rejected with 400", "scored": true, "durationMs": 0.344, "rawRequest": "GET / HTTP/1.1\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "RFC9112-2.3-INVALID-VERSION", "description": "Invalid HTTP version must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Fail", "statusCode": 200, "expected": "400/505 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400/505 or close, got 200 \u2014 Invalid HTTP version must be rejected", "scored": true, "durationMs": 50.5644, "rawRequest": "GET / HTTP/9.9\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/9.9 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:46 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n2\r\nOK\r\n", "behavioralNote": null}, {"id": "RFC9112-5-EMPTY-HEADER-NAME", "description": "Empty header name (leading colon) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "Empty header name (leading colon) must be rejected", "scored": true, "durationMs": 0.3423, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\n: empty-name\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "RFC9112-3-CR-ONLY-LINE-ENDING", "description": "CR without LF as line ending must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Fail", "statusCode": null, "expected": "400", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "Expected 400, got ClosedByServer \u2014 CR without LF as line ending must be rejected", "scored": true, "durationMs": 0.1922, "rawRequest": "GET / HTTP/1.1\rHost: localhost:8080\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "RFC9112-3-MISSING-TARGET", "description": "Request line with no target (space but no path) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "Request line with no target (space but no path) must be rejected", "scored": true, "durationMs": 0.0994, "rawRequest": "GET HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "RFC9112-3.2-FRAGMENT-IN-TARGET", "description": "Fragment (#) in request-target \u2014 not part of origin-form grammar", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Fragment (#) in request-target \u2014 not part of origin-form grammar", "scored": true, "durationMs": 51.1572, "rawRequest": "GET /path#frag HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:46 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": null}, {"id": "RFC9112-2.3-HTTP09-REQUEST", "description": "HTTP/0.9 request (no version) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "HTTP/0.9 request (no version) must be rejected", "scored": true, "durationMs": 0.284, "rawRequest": "GET /\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "RFC9112-5-INVALID-HEADER-NAME", "description": "Header name with invalid characters (brackets) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Header name with invalid characters (brackets) must be rejected", "scored": true, "durationMs": 50.4229, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nBad[Name: value\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:46 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": null}, {"id": "RFC9112-5-HEADER-NO-COLON", "description": "Header line without colon must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "Header line without colon must be rejected", "scored": true, "durationMs": 0.2881, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nNoColonHere\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "RFC9110-5.4-DUPLICATE-HOST", "description": "Duplicate Host headers with different values must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "Open", "reason": "Expected 400, got 200 \u2014 Duplicate Host headers with different values must be rejected", "scored": true, "durationMs": 50.6508, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nHost: other.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:46 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": null}, {"id": "RFC9112-6.1-CL-NON-NUMERIC", "description": "Non-numeric Content-Length must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Non-numeric Content-Length must be rejected", "scored": true, "durationMs": 51.2014, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: abc\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:46 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-6.1-CL-PLUS-SIGN", "description": "Content-Length with plus sign must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Content-Length with plus sign must be rejected", "scored": true, "durationMs": 51.7666, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: +5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:46 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n5\r\n", "behavioralNote": null}, {"id": "COMP-WHITESPACE-BEFORE-HEADERS", "description": "Whitespace before first header line must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "Whitespace before first header line must be rejected", "scored": true, "durationMs": 0.3487, "rawRequest": "GET / HTTP/1.1\r\n \r\nHost: localhost:8080\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-DUPLICATE-HOST-SAME", "description": "Duplicate Host headers with identical values must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "Open", "reason": "Expected 400, got 200 \u2014 Duplicate Host headers with identical values must be rejected", "scored": true, "durationMs": 50.6412, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:46 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n2\r\nOK\r\n", "behavioralNote": null}, {"id": "COMP-HOST-WITH-USERINFO", "description": "Host header with userinfo (user@host) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Host header with userinfo (user@host) must be rejected", "scored": true, "durationMs": 50.5834, "rawRequest": "GET / HTTP/1.1\r\nHost: user@localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:47 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-HOST-WITH-PATH", "description": "Host header with path component must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Host header with path component must be rejected", "scored": true, "durationMs": 50.6544, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080/path\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:47 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-ASTERISK-WITH-GET", "description": "Asterisk-form (*) request-target with GET must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.4", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "Asterisk-form (*) request-target with GET must be rejected", "scored": true, "durationMs": 0.8217, "rawRequest": "GET * HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-OPTIONS-STAR", "description": "OPTIONS * is the only valid asterisk-form request", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.4", "verdict": "Fail", "statusCode": null, "expected": "2xx", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "Expected 2xx, got ClosedByServer \u2014 OPTIONS * is the only valid asterisk-form request", "scored": true, "durationMs": 0.2103, "rawRequest": "OPTIONS * HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-UNKNOWN-TE-501", "description": "Unknown Transfer-Encoding without CL should be rejected with 501", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400/501 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400/501 or close, got 200 \u2014 Unknown Transfer-Encoding without CL should be rejected with 501", "scored": true, "durationMs": 50.7134, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: gzip\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:47 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-LEADING-CRLF", "description": "Leading CRLF before request-line \u2014 server may ignore per RFC", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Leading CRLF before request-line \u2014 server may ignore per RFC", "scored": true, "durationMs": 50.9592, "rawRequest": "\r\n\r\nGET / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:47 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-ABSOLUTE-FORM", "description": "Absolute-form request-target \u2014 server should accept per RFC", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Absolute-form request-target \u2014 server should accept per RFC", "scored": true, "durationMs": 50.8956, "rawRequest": "GET http://localhost:8080/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:47 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-METHOD-CASE", "description": "Lowercase method 'get' \u2014 methods are case-sensitive per RFC", "category": "Compliance", "rfc": "RFC 9110 \u00a79.1", "verdict": "Warn", "statusCode": 200, "expected": "400/405/501 or 2xx", "got": "200", "connectionState": "Open", "reason": "Lowercase method 'get' \u2014 methods are case-sensitive per RFC", "scored": true, "durationMs": 50.797, "rawRequest": "get / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:47 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-POST-CL-BODY", "description": "POST with Content-Length and matching body must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "POST with Content-Length and matching body must be accepted", "scored": true, "durationMs": 50.7784, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:47 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-POST-CL-ZERO", "description": "POST with Content-Length: 0 and no body must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "POST with Content-Length: 0 and no body must be accepted", "scored": true, "durationMs": 50.7095, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:47 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-POST-NO-CL-NO-TE", "description": "POST with neither Content-Length nor Transfer-Encoding \u2014 implicit zero-length body", "category": "Compliance", "rfc": "RFC 9112 \u00a76.3", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "POST with neither Content-Length nor Transfer-Encoding \u2014 implicit zero-length body", "scored": true, "durationMs": 50.7361, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:47 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-POST-CL-UNDERSEND", "description": "POST with Content-Length: 10 but only 5 bytes sent \u2014 incomplete body", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "POST with Content-Length: 10 but only 5 bytes sent \u2014 incomplete body", "scored": true, "durationMs": 5001.0906, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 10\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-CHUNKED-BODY", "description": "Valid single-chunk POST must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid single-chunk POST must be accepted", "scored": true, "durationMs": 50.7762, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:52 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-MULTI", "description": "Valid multi-chunk POST must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid multi-chunk POST must be accepted", "scored": true, "durationMs": 50.5748, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n6\r\n world\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:52 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-EMPTY", "description": "Zero-length chunked body (just terminator) must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "Zero-length chunked body (just terminator) must be accepted", "scored": true, "durationMs": 50.7801, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:52 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-NO-FINAL", "description": "Chunked body without zero terminator \u2014 incomplete transfer", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 200, "expected": "400/close/timeout", "got": "200", "connectionState": "Open", "reason": "Expected 400/close/timeout, got 200 \u2014 Chunked body without zero terminator \u2014 incomplete transfer", "scored": true, "durationMs": 51.0933, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:52 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-UPGRADE-POST", "description": "WebSocket upgrade via POST must not be accepted", "category": "Compliance", "rfc": "RFC 6455 \u00a74.1", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "WebSocket upgrade via POST must not be accepted", "scored": true, "durationMs": 50.8535, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 13\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:52 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": null}, {"id": "COMP-UPGRADE-MISSING-CONN", "description": "Upgrade header without Connection: Upgrade must not trigger protocol switch", "category": "Compliance", "rfc": "RFC 9110 \u00a77.8", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "Upgrade header without Connection: Upgrade must not trigger protocol switch", "scored": true, "durationMs": 50.7361, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 13\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:52 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-UPGRADE-UNKNOWN", "description": "Upgrade to unknown protocol must not return 101", "category": "Compliance", "rfc": "RFC 9110 \u00a77.8", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "Upgrade to unknown protocol must not return 101", "scored": true, "durationMs": 50.8169, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: totally-made-up/1.0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:52 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-METHOD-CONNECT", "description": "CONNECT to an origin server must be rejected", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.6", "verdict": "Pass", "statusCode": null, "expected": "400/405/501 or close", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "CONNECT to an origin server must be rejected", "scored": true, "durationMs": 0.3716, "rawRequest": "CONNECT example.com:443 HTTP/1.1\r\nHost: example.com:443\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-EXPECT-UNKNOWN", "description": "Unknown Expect value should be rejected with 417", "category": "Compliance", "rfc": "RFC 9110 \u00a710.1.1", "verdict": "Warn", "statusCode": 200, "expected": "417 or 2xx", "got": "200", "connectionState": "Open", "reason": "Unknown Expect value should be rejected with 417", "scored": true, "durationMs": 50.8932, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nExpect: 200-ok\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:52 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": null}, {"id": "COMP-GET-WITH-CL-BODY", "description": "GET with Content-Length and body \u2014 semantically unusual", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "GET with Content-Length and body \u2014 semantically unusual", "scored": false, "durationMs": 50.8532, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:52 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-EXTENSION", "description": "Chunk extension (valid per RFC) \u2014 server should accept or may reject", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx or 400", "got": "200", "connectionState": "Open", "reason": "Chunk extension (valid per RFC) \u2014 server should accept or may reject", "scored": true, "durationMs": 50.8891, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;ext=value\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:52 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": null}, {"id": "COMP-UPGRADE-INVALID-VER", "description": "WebSocket upgrade with unsupported version \u2014 should return 426", "category": "Compliance", "rfc": "RFC 6455 \u00a74.4", "verdict": "Warn", "statusCode": 200, "expected": "426 or 2xx", "got": "200", "connectionState": "Open", "reason": "WebSocket upgrade with unsupported version \u2014 should return 426", "scored": true, "durationMs": 50.8855, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 99\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:52 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": null}, {"id": "COMP-METHOD-TRACE", "description": "TRACE request \u2014 should be disabled in production", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.8", "verdict": "Warn", "statusCode": 200, "expected": "405/501 or 2xx", "got": "200", "connectionState": "Open", "reason": "TRACE request \u2014 should be disabled in production", "scored": false, "durationMs": 50.867, "rawRequest": "TRACE / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": null}, {"id": "COMP-HOST-EMPTY-VALUE", "description": "Empty Host header value must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "Empty Host header value must be rejected", "scored": true, "durationMs": 0.3747, "rawRequest": "GET / HTTP/1.1\r\nHost: \r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-REQUEST-LINE-TAB", "description": "Tab as request-line delimiter \u2014 SHOULD reject but MAY parse on whitespace", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": null, "expected": "400 or 2xx", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "Tab as request-line delimiter \u2014 SHOULD reject but MAY parse on whitespace", "scored": true, "durationMs": 0.1832, "rawRequest": "GET\t/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-VERSION-MISSING-MINOR", "description": "HTTP/1 with no minor version digit is invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "HTTP/1 with no minor version digit is invalid", "scored": true, "durationMs": 0.6986, "rawRequest": "GET / HTTP/1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-VERSION-LEADING-ZEROS", "description": "HTTP/01.01 \u2014 leading zeros in version digits are invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "HTTP/01.01 \u2014 leading zeros in version digits are invalid", "scored": true, "durationMs": 0.165, "rawRequest": "GET / HTTP/01.01\r\nHost: localhost:8080\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-VERSION-WHITESPACE", "description": "HTTP/ 1.1 \u2014 whitespace inside version token is invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "HTTP/ 1.1 \u2014 whitespace inside version token is invalid", "scored": true, "durationMs": 0.1544, "rawRequest": "GET / HTTP/ 1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-CONNECTION-CLOSE", "description": "Server must close connection after responding to Connection: close", "category": "Compliance", "rfc": "RFC 9112 \u00a79.3", "verdict": "Fail", "statusCode": 200, "expected": "2xx + close", "got": "200", "connectionState": "Open", "reason": "Expected 2xx + close, got 200 \u2014 Server must close connection after responding to Connection: close", "scored": true, "durationMs": 50.6109, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": null}, {"id": "COMP-HTTP10-DEFAULT-CLOSE", "description": "HTTP/1.0 without keep-alive \u2014 server should close connection after response", "category": "Compliance", "rfc": "RFC 9112 \u00a79.3", "verdict": "Warn", "statusCode": 200, "expected": "2xx + close", "got": "200", "connectionState": "Open", "reason": "HTTP/1.0 without keep-alive \u2014 server should close connection after response", "scored": true, "durationMs": 51.0971, "rawRequest": "GET / HTTP/1.0\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.0 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:53 GMT\r\nConnection: keep-alive\r\n\r\n???OK", "behavioralNote": null}, {"id": "COMP-HTTP10-NO-HOST", "description": "HTTP/1.0 without Host header \u2014 valid per HTTP/1.0", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Warn", "statusCode": 200, "expected": "200 or 400", "got": "200", "connectionState": "Open", "reason": "HTTP/1.0 without Host header \u2014 valid per HTTP/1.0", "scored": false, "durationMs": 55.6087, "rawRequest": "GET / HTTP/1.0\r\n\r\n", "rawResponse": "HTTP/1.0 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:53 GMT\r\nConnection: keep-alive\r\n\r\n???OK", "behavioralNote": null}, {"id": "COMP-HTTP12-VERSION", "description": "HTTP/1.2 \u2014 higher minor version should be accepted as HTTP/1.x compatible", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Warn", "statusCode": 200, "expected": "200 or 505", "got": "200", "connectionState": "Open", "reason": "HTTP/1.2 \u2014 higher minor version should be accepted as HTTP/1.x compatible", "scored": false, "durationMs": 50.6809, "rawRequest": "GET / HTTP/1.2\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.2 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-TRACE-WITH-BODY", "description": "TRACE with Content-Length body should be rejected", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.8", "verdict": "Warn", "statusCode": 200, "expected": "400/405 or 200", "got": "200", "connectionState": "Open", "reason": "TRACE with Content-Length body should be rejected", "scored": false, "durationMs": 50.7968, "rawRequest": "TRACE / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-TRAILER-VALID", "description": "Valid chunked body with trailer field should be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid chunked body with trailer field should be accepted", "scored": true, "durationMs": 50.7687, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nX-Checksum: abc\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": null}, {"id": "COMP-CHUNKED-HEX-UPPERCASE", "description": "Chunk size with uppercase hex (A = 10) should be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Chunk size with uppercase hex (A = 10) should be accepted", "scored": true, "durationMs": 50.7982, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\nA\r\nhelloworld\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-TE-BOTH", "description": "Both Content-Length and Transfer-Encoding present \u2014 server MAY reject or process with TE alone", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Both Content-Length and Transfer-Encoding present \u2014 server MAY reject or process with TE alone", "scored": true, "durationMs": 5001.1998, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 6\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-DUPLICATE-CL", "description": "Duplicate Content-Length with different values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Duplicate Content-Length with different values must be rejected", "scored": true, "durationMs": 51.4727, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nContent-Length: 10\r\n\r\nhelloworld", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:58 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\na\r\nhelloworld\r\n0\r\n\r\n", "behavioralNote": "Body: 3\r\n???\r\na\r\nhelloworld\r\n0"}, {"id": "SMUG-CL-LEADING-ZEROS", "description": "Content-Length with leading zeros \u2014 valid per 1*DIGIT grammar but may cause parser disagreement", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with leading zeros \u2014 valid per 1*DIGIT grammar but may cause parser disagreement", "scored": true, "durationMs": 50.7815, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 005\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:58 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n5\r\nhello", "behavioralNote": null}, {"id": "SMUG-TE-XCHUNKED", "description": "Transfer-Encoding: xchunked must not be treated as chunked", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding: xchunked must not be treated as chunked", "scored": true, "durationMs": 50.8256, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: xchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:58 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": "Body: 3\r\n???\r\n5\r\nhello\r\n0"}, {"id": "SMUG-TE-TRAILING-SPACE", "description": "Transfer-Encoding: 'chunked ' (trailing space) must not be treated as chunked", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding: 'chunked ' (trailing space) must not be treated as chunked", "scored": true, "durationMs": 50.7274, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked \r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:58 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": "Body: 3\r\n???\r\n5\r\nhello\r\n0"}, {"id": "SMUG-TE-SP-BEFORE-COLON", "description": "Transfer-Encoding with space before colon must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a75", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding with space before colon must be rejected", "scored": true, "durationMs": 50.7069, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding : chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:58 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": "Body: 3\r\n???\r\n5\r\nhello\r\n0"}, {"id": "SMUG-CL-NEGATIVE", "description": "Negative Content-Length must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "Negative Content-Length must be rejected", "scored": true, "durationMs": 0.244, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: -1\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CLTE-PIPELINE", "description": "CL.TE smuggling probe \u2014 follow-up should not receive smuggled response", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 CL.TE smuggling probe \u2014 follow-up should not receive smuggled response", "scored": true, "durationMs": 0.3495, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 4\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:58 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": null}, {"id": "SMUG-TECL-PIPELINE", "description": "TE.CL smuggling probe \u2014 TE: chunked + CL: 30 with pipelined GET", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or close, got TimedOut \u2014 TE.CL smuggling probe \u2014 TE: chunked + CL: 30 with pipelined GET", "scored": true, "durationMs": 5000.2989, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nContent-Length: 30\r\n\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CL-TRAILING-SPACE", "description": "Content-Length with trailing space \u2014 OWS trimming is valid per RFC 9110 \u00a75.5", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with trailing space \u2014 OWS trimming is valid per RFC 9110 \u00a75.5", "scored": true, "durationMs": 50.742, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5 \r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:03 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": null}, {"id": "SMUG-TE-DOUBLE-CHUNKED", "description": "Transfer-Encoding: chunked, chunked with CL is ambiguous", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer-Encoding: chunked, chunked with CL is ambiguous", "scored": true, "durationMs": 50.5914, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked, chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:03 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n5\r\n", "behavioralNote": "Body: 3\r\n???\r\n5"}, {"id": "SMUG-CL-EXTRA-LEADING-SP", "description": "Content-Length with extra leading whitespace (double space OWS)", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with extra leading whitespace (double space OWS)", "scored": true, "durationMs": 50.5761, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length:  5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:03 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": null}, {"id": "SMUG-TE-CASE-MISMATCH", "description": "Transfer-Encoding: Chunked (capital C) with CL \u2014 case-insensitive is valid", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer-Encoding: Chunked (capital C) with CL \u2014 case-insensitive is valid", "scored": true, "durationMs": 50.5102, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: Chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:03 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": "Body: 3\r\n???"}, {"id": "SMUG-CL-COMMA-DIFFERENT", "description": "Content-Length with comma-separated different values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Content-Length with comma-separated different values must be rejected", "scored": true, "durationMs": 50.3701, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5, 10\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:03 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-NOT-FINAL-CHUNKED", "description": "Transfer-Encoding where chunked is not final \u2014 server MUST respond with 400 (RFC 9112 \u00a76.3)", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.3", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding where chunked is not final \u2014 server MUST respond with 400 (RFC 9112 \u00a76.3)", "scored": true, "durationMs": 50.558, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked, gzip\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:03 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": null}, {"id": "SMUG-TE-HTTP10", "description": "Transfer-Encoding in HTTP/1.0 request must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding in HTTP/1.0 request must be rejected", "scored": true, "durationMs": 50.4028, "rawRequest": "POST / HTTP/1.0\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.0 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:04 GMT\r\nConnection: keep-alive\r\n\r\n???", "behavioralNote": "Body: ???"}, {"id": "SMUG-CHUNK-BARE-SEMICOLON", "description": "Chunk size with bare semicolon and no extension name must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Chunk size with bare semicolon and no extension name must be rejected", "scored": true, "durationMs": 50.4824, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:04 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-BARE-CR-HEADER-VALUE", "description": "Bare CR in header value must be rejected or replaced with SP", "category": "Smuggling", "rfc": "RFC 9112 \u00a72.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Bare CR in header value must be rejected or replaced with SP", "scored": true, "durationMs": 50.6682, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nX-Test: val\rue\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:04 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": null}, {"id": "SMUG-CL-OCTAL", "description": "Content-Length with octal prefix (0o5) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Content-Length with octal prefix (0o5) must be rejected", "scored": true, "durationMs": 50.6301, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0o5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:04 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-UNDERSCORE", "description": "Chunk size with underscores (1_0) must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Chunk size with underscores (1_0) must be rejected", "scored": true, "durationMs": 50.5703, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n1_0\r\nhello world!!!!!\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:04 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": null}, {"id": "SMUG-TE-EMPTY-VALUE", "description": "Transfer-Encoding with empty value must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding with empty value must be rejected", "scored": true, "durationMs": 50.6253, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:04 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n5\r\n", "behavioralNote": "Body: 3\r\n???\r\n5"}, {"id": "SMUG-TE-LEADING-COMMA", "description": "Transfer-Encoding with leading comma (, chunked) \u2014 RFC says empty list elements MUST be ignored", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.6.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer-Encoding with leading comma (, chunked) \u2014 RFC says empty list elements MUST be ignored", "scored": true, "durationMs": 50.666, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: , chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:04 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": "Body: 3\r\n???\r\n5\r\nhello\r\n0"}, {"id": "SMUG-TE-DUPLICATE-HEADERS", "description": "Two Transfer-Encoding headers with CL present \u2014 ambiguous framing", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Two Transfer-Encoding headers with CL present \u2014 ambiguous framing", "scored": true, "durationMs": 50.6127, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nTransfer-Encoding: identity\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:04 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": "Body: 3\r\n???\r\n5\r\nhello\r\n0"}, {"id": "SMUG-CHUNK-HEX-PREFIX", "description": "Chunk size with 0x prefix must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Chunk size with 0x prefix must be rejected", "scored": true, "durationMs": 50.7414, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n0x5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:04 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-HEX-PREFIX", "description": "Content-Length with hex prefix (0x5) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Content-Length with hex prefix (0x5) must be rejected", "scored": true, "durationMs": 50.8767, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0x5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:04 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": null}, {"id": "SMUG-CL-INTERNAL-SPACE", "description": "Content-Length with internal space (1 0) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Content-Length with internal space (1 0) must be rejected", "scored": true, "durationMs": 50.6687, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 1 0\r\n\r\nhello12345", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:04 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-LEADING-SP", "description": "Chunk size with leading space must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Chunk size with leading space must be rejected", "scored": true, "durationMs": 50.4005, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n 5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:04 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": null}, {"id": "SMUG-CHUNK-MISSING-TRAILING-CRLF", "description": "Chunk data without trailing CRLF must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Chunk data without trailing CRLF must be rejected", "scored": true, "durationMs": 50.5308, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:04 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-LF", "description": "Bare LF in chunk extension \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Bare LF in chunk extension \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 50.7621, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:04 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-SPILL", "description": "Chunk declares size 5 but sends 7 bytes \u2014 oversized chunk data must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Chunk declares size 5 but sends 7 bytes \u2014 oversized chunk data must be rejected", "scored": true, "durationMs": 50.6888, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello!!\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:04 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-LF-TERM", "description": "Bare LF as chunk data terminator \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Bare LF as chunk data terminator \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 50.7034, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:04 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-CTRL", "description": "NUL byte in chunk extension must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 NUL byte in chunk extension must be rejected", "scored": true, "durationMs": 50.576, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\u0000ext\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:04 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-CR", "description": "Bare CR (not CRLF) in chunk extension \u2014 some parsers treat CR alone as line ending", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Bare CR (not CRLF) in chunk extension \u2014 some parsers treat CR alone as line ending", "scored": true, "durationMs": 50.6333, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;a\rX\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:04 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": null}, {"id": "SMUG-TE-VTAB", "description": "Vertical tab before 'chunked' in TE value \u2014 control char obfuscation vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Vertical tab before 'chunked' in TE value \u2014 control char obfuscation vector", "scored": true, "durationMs": 49.6763, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \u000bchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:04 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": "Body: 3\r\n???"}, {"id": "SMUG-TE-FORMFEED", "description": "Form feed before 'chunked' in TE value \u2014 control char obfuscation vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Form feed before 'chunked' in TE value \u2014 control char obfuscation vector", "scored": true, "durationMs": 50.5281, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \fchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:04 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": "Body: 3\r\n???"}, {"id": "SMUG-TE-NULL", "description": "NUL byte appended to 'chunked' in TE value \u2014 C-string truncation attack", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 NUL byte appended to 'chunked' in TE value \u2014 C-string truncation attack", "scored": true, "durationMs": 50.8357, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\u0000\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:05 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": "Body: 3\r\n???"}, {"id": "SMUG-CHUNK-LF-TRAILER", "description": "Bare LF in chunked trailer termination \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Bare LF in chunked trailer termination \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 50.6658, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:05 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-IDENTITY", "description": "Transfer-Encoding: identity (deprecated) with CL must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding: identity (deprecated) with CL must be rejected", "scored": true, "durationMs": 50.4198, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: identity\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:05 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": "Body: 3\r\n???"}, {"id": "SMUG-CHUNK-NEGATIVE", "description": "Negative chunk size must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Negative chunk size must be rejected", "scored": true, "durationMs": 50.4041, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n-1\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:05 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": null}, {"id": "SMUG-TRANSFER_ENCODING", "description": "Transfer_Encoding (underscore) header with CL \u2014 not a valid header but some parsers accept", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer_Encoding (underscore) header with CL \u2014 not a valid header but some parsers accept", "scored": false, "durationMs": 50.8277, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer_Encoding: chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:05 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": "Body: 3\r\n???"}, {"id": "SMUG-CL-COMMA-SAME", "description": "Content-Length with comma-separated identical values \u2014 some servers merge", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with comma-separated identical values \u2014 some servers merge", "scored": false, "durationMs": 50.5174, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5, 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:05 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": null}, {"id": "SMUG-CHUNKED-WITH-PARAMS", "description": "Transfer-Encoding: chunked;ext=val \u2014 parameters on chunked encoding", "category": "Smuggling", "rfc": "RFC 9112 \u00a77", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer-Encoding: chunked;ext=val \u2014 parameters on chunked encoding", "scored": true, "durationMs": 50.6123, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked;ext=val\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:05 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": "Body: 3\r\n???\r\n5\r\nhello\r\n0"}, {"id": "SMUG-EXPECT-100-CL", "description": "Expect: 100-continue with Content-Length \u2014 server should send 100 then read body", "category": "Smuggling", "rfc": "RFC 9110 \u00a710.1.1", "verdict": "Fail", "statusCode": 100, "expected": "400 or 2xx", "got": "100", "connectionState": "Open", "reason": "Expected 400 or 2xx, got 100 \u2014 Expect: 100-continue with Content-Length \u2014 server should send 100 then read body", "scored": false, "durationMs": 50.5709, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nExpect: 100-continue\r\n\r\nhello", "rawResponse": "HTTP/1.1 100 Continue\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-CL", "description": "Content-Length in chunked trailers must be ignored \u2014 prohibited trailer field", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length in chunked trailers must be ignored \u2014 prohibited trailer field", "scored": false, "durationMs": 50.4987, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nContent-Length: 50\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:05 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": null}, {"id": "SMUG-TRAILER-TE", "description": "Transfer-Encoding in chunked trailers must be ignored \u2014 prohibited trailer field", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer-Encoding in chunked trailers must be ignored \u2014 prohibited trailer field", "scored": false, "durationMs": 50.5716, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nTransfer-Encoding: chunked\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:05 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-HOST", "description": "Host header in chunked trailers must not be used for routing", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Host header in chunked trailers must not be used for routing", "scored": false, "durationMs": 50.5196, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nHost: evil.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:05 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": null}, {"id": "SMUG-TRAILER-AUTH", "description": "Authorization header in chunked trailers \u2014 prohibited per RFC 9110 \u00a76.5.1", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Authorization header in chunked trailers \u2014 prohibited per RFC 9110 \u00a76.5.1", "scored": false, "durationMs": 50.5713, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nAuthorization: Bearer evil\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:05 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": null}, {"id": "SMUG-HEAD-CL-BODY", "description": "HEAD request with Content-Length and body \u2014 server must not leave body on connection", "category": "Smuggling", "rfc": "RFC 9110 \u00a79.3.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "HEAD request with Content-Length and body \u2014 server must not leave body on connection", "scored": false, "durationMs": 50.4708, "rawRequest": "HEAD / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:05 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": null}, {"id": "SMUG-OPTIONS-CL-BODY", "description": "OPTIONS with Content-Length and body \u2014 server should consume or reject body", "category": "Smuggling", "rfc": "RFC 9110 \u00a79.3.7", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "OPTIONS with Content-Length and body \u2014 server should consume or reject body", "scored": false, "durationMs": 50.5316, "rawRequest": "OPTIONS / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:05 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": null}, {"id": "SMUG-CL-UNDERSCORE", "description": "Content-Length with underscore digit separator (1_0) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Content-Length with underscore digit separator (1_0) must be rejected", "scored": true, "durationMs": 50.3814, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 1_0\r\n\r\nhelloworld", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:05 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": null}, {"id": "SMUG-CL-NEGATIVE-ZERO", "description": "Content-Length: -0 must be rejected \u2014 not valid 1*DIGIT", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Content-Length: -0 must be rejected \u2014 not valid 1*DIGIT", "scored": true, "durationMs": 50.4307, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: -0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:05 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": null}, {"id": "SMUG-CL-DOUBLE-ZERO", "description": "Content-Length: 00 \u2014 matches 1*DIGIT but leading zero ambiguity", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length: 00 \u2014 matches 1*DIGIT but leading zero ambiguity", "scored": true, "durationMs": 50.4829, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 00\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:05 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": null}, {"id": "SMUG-CL-LEADING-ZEROS-OCTAL", "description": "Content-Length: 0200 \u2014 octal 128 vs decimal 200, parser disagreement vector", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length: 0200 \u2014 octal 128 vs decimal 200, parser disagreement vector", "scored": true, "durationMs": 50.5981, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0200\r\n\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:05 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": null}, {"id": "SMUG-TE-OBS-FOLD", "description": "Transfer-Encoding with obs-fold line wrapping must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a75.1", "verdict": "Fail", "statusCode": null, "expected": "400", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "Expected 400, got ClosedByServer \u2014 Transfer-Encoding with obs-fold line wrapping must be rejected", "scored": true, "durationMs": 0.2049, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding:\r\n chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-TRAILING-COMMA", "description": "Transfer-Encoding: chunked, \u2014 trailing comma produces empty list element", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.6.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer-Encoding: chunked, \u2014 trailing comma produces empty list element", "scored": true, "durationMs": 50.4725, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked,\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:05 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": "Body: 3\r\n???"}, {"id": "SMUG-TE-TAB-BEFORE-VALUE", "description": "Transfer-Encoding with tab as OWS before value", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer-Encoding with tab as OWS before value", "scored": false, "durationMs": 50.6371, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding:\tchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:05 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": "Body: 3\r\n???"}, {"id": "SMUG-ABSOLUTE-URI-HOST-MISMATCH", "description": "Absolute-form URI with different Host header \u2014 routing confusion vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a73.2.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Absolute-form URI with different Host header \u2014 routing confusion vector", "scored": false, "durationMs": 50.5973, "rawRequest": "GET http://other.example.com/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:06 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-MULTIPLE-HOST-COMMA", "description": "Host header with comma-separated values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a77.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Host header with comma-separated values must be rejected", "scored": true, "durationMs": 50.511, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080, other.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:06 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-BARE-CR-TERM", "description": "Chunk size line terminated by bare CR \u2014 not a valid line terminator", "category": "Smuggling", "rfc": "RFC 9112 \u00a72.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Chunk size line terminated by bare CR \u2014 not a valid line terminator", "scored": true, "durationMs": 50.4016, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\rhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:06 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": null}, {"id": "SMUG-TRAILER-CONTENT-TYPE", "description": "Content-Type in chunked trailer \u2014 prohibited per RFC 9110 \u00a76.5.1", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Type in chunked trailer \u2014 prohibited per RFC 9110 \u00a76.5.1", "scored": false, "durationMs": 50.6072, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nContent-Type: text/evil\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:06 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-BINARY-GARBAGE", "description": "Random binary garbage should be rejected or connection closed", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "Random binary garbage should be rejected or connection closed", "scored": true, "durationMs": 0.5196, "rawRequest": ">\u0017???\u0004?;???V???:o?M%U\u0017]?n?\t\u0014W??6??(\u000b??\u0007???p??\u0005\tngk??\rF?'??'\"?????g?\u001a?????rvc??7i??????)??\u0000Q?????\u000eq\u0005-~????>B??u?8???`\u000b?J\u0017>?\u001d?b?\t???T5{\n????\u0006t|????\u0018\u0010?D??\u0015'????dQ%5w\tN K???\r?\u0011????D?\u0003I?(?\u0011??\r?\u001bi?L???\u0005?kg4Ze\f6??\"QT><<`\u0007u\f????=1?jMah\u0012??+?-??J\u001cP??\u001d?7?,???j2\u0014????(", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-LONG-URL", "description": "100KB URL should be rejected with 414 URI Too Long", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400/414/431 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400/414/431 or close, got 200 \u2014 100KB URL should be rejected with 414 URI Too Long", "scored": true, "durationMs": 52.0159, "rawRequest": "GET /AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:06 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-LONG-HEADER-VALUE", "description": "100KB header value should be rejected with 431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/431 or close", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "100KB header value should be rejected with 431", "scored": true, "durationMs": 0.4432, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Big: BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-MANY-HEADERS", "description": "10,000 headers should be rejected with 431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/431 or close", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "10,000 headers should be rejected with 431", "scored": true, "durationMs": 1.768, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-H-0: value\r\nX-H-1: value\r\nX-H-2: value\r\nX-H-3: value\r\nX-H-4: value\r\nX-H-5: value\r\nX-H-6: value\r\nX-H-7: value\r\nX-H-8: value\r\nX-H-9: value\r\nX-H-10: value\r\nX-H-11: value\r\nX-H-12: value\r\nX-H-13: value\r\nX-H-14: value\r\nX-H-15: value\r\nX-H-16: value\r\nX-H-17: value\r\nX-H-18: value\r\nX-H-19: value\r\nX-H-20: value\r\nX-H-21: value\r\nX-H-22: value\r\nX-H-23: value\r\nX-H-24: value\r\nX-H-25: value\r\nX-H-26: value\r\nX-H-27: value\r\nX-H-28: value\r\nX-H-29: value\r\nX-H-30: value\r\nX-H-31: value\r\nX-H-32: value\r\nX-H-33: value\r\nX-H-34: value\r\nX-H-35: value\r\nX-H-36: value\r\nX-H-37: value\r\nX-H-38: value\r\nX-H-39: value\r\nX-H-40: value\r\nX-H-41: value\r\nX-H-42: value\r\nX-H-43: value\r\nX-H-44: value\r\nX-H-45: value\r\nX-H-46: value\r\nX-H-47: value\r\nX-H-48: value\r\nX-H-49: value\r\nX-H-50: value\r\nX-H-51: value\r\nX-H-52: value\r\nX-H-53: value\r\nX-H-54: value\r\nX-H-55: value\r\nX-H-56: value\r\nX-H-57: value\r\nX-H-58: value\r\nX-H-59: value\r\nX-H-60: value\r\nX-H-61: value\r\nX-H-62: value\r\nX-H-63: value\r\nX-H-64: value\r\nX-H-65: value\r\nX-H-66: value\r\nX-H-67: value\r\nX-H-68: value\r\nX-H-69: value\r\nX-H-70: value\r\nX-H-71: value\r\nX-H-72: value\r\nX-H-73: value\r\nX-H-74: value\r\nX-H-75: value\r\nX-H-76: value\r\nX-H-77: value\r\nX-H-78: value\r\nX-H-79: value\r\nX-H-80: value\r\nX-H-81: value\r\nX-H-82: value\r\nX-H-83: value\r\nX-H-84: value\r\nX-H-85: value\r\nX-H-86: value\r\nX-H-87: value\r\nX-H-88: value\r\nX-H-89: value\r\nX-H-90: value\r\nX-H-91: value\r\nX-H-92: value\r\nX-H-93: value\r\nX-H-94: value\r\nX-H-95: value\r\nX-H-96: value\r\nX-H-97: value\r\nX-H-98: value\r\nX-H-99: value\r\nX-H-100: value\r\nX-H-101: value\r\nX-H-102: value\r\nX-H-103: value\r\nX-H-104: value\r\nX-H-105: value\r\nX-H-106: value\r\nX-H-107: value\r\nX-H-108: value\r\nX-H-109: value\r\nX-H-110: value\r\nX-H-111: value\r\nX-H-112: value\r\nX-H-113: value\r\nX-H-114: value\r\nX-H-115: value\r\nX-H-116: value\r\nX-H-117: value\r\nX-H-118: value\r\nX-H-119: value\r\nX-H-120: value\r\nX-H-121: value\r\nX-H-122: value\r\nX-H-123: value\r\nX-H-124: value\r\nX-H-125: value\r\nX-H-126: value\r\nX-H-127: value\r\nX-H-128: value\r\nX-H-129: value\r\nX-H-130: value\r\nX-H-131: value\r\nX-H-132: value\r\nX-H-133: value\r\nX-H-134: value\r\nX-H-135: value\r\nX-H-136: value\r\nX-H-137: value\r\nX-H-138: value\r\nX-H-139: value\r\nX-H-140: value\r\nX-H-141: value\r\nX-H-142: value\r\nX-H-143: value\r\nX-H-144: value\r\nX-H-145: value\r\nX-H-146: value\r\nX-H-147: value\r\nX-H-148: value\r\nX-H-149: value\r\nX-H-150: value\r\nX-H-151: value\r\nX-H-152: value\r\nX-H-153: value\r\nX-H-154: value\r\nX-H-155: value\r\nX-H-156: value\r\nX-H-157: value\r\nX-H-158: value\r\nX-H-159: value\r\nX-H-160: value\r\nX-H-161: value\r\nX-H-162: value\r\nX-H-163: value\r\nX-H-164: value\r\nX-H-165: value\r\nX-H-166: value\r\nX-H-167: value\r\nX-H-168: value\r\nX-H-169: value\r\nX-H-170: value\r\nX-H-171: value\r\nX-H-172: value\r\nX-H-173: value\r\nX-H-174: value\r\nX-H-175: value\r\nX-H-176: value\r\nX-H-177: value\r\nX-H-178: value\r\nX-H-179: value\r\nX-H-180: value\r\nX-H-181: value\r\nX-H-182: value\r\nX-H-183: value\r\nX-H-184: value\r\nX-H-185: value\r\nX-H-186: value\r\nX-H-187: value\r\nX-H-188: value\r\nX-H-189: value\r\nX-H-190: value\r\nX-H-191: value\r\nX-H-192: value\r\nX-H-193: value\r\nX-H-194: value\r\nX-H-195: value\r\nX-H-196: value\r\nX-H-197: value\r\nX-H-198: value\r\nX-H-199: value\r\nX-H-200: value\r\nX-H-201: value\r\nX-H-202: value\r\nX-H-203: value\r\nX-H-204: value\r\nX-H-205: value\r\nX-H-206: value\r\nX-H-207: value\r\nX-H-208: value\r\nX-H-209: value\r\nX-H-210: value\r\nX-H-211: value\r\nX-H-212: value\r\nX-H-213: value\r\nX-H-214: value\r\nX-H-215: value\r\nX-H-216: value\r\nX-H-217: value\r\nX-H-218: value\r\nX-H-219: value\r\nX-H-220: value\r\nX-H-221: value\r\nX-H-222: value\r\nX-H-223: value\r\nX-H-224: value\r\nX-H-225: value\r\nX-H-226: value\r\nX-H-227: value\r\nX-H-228: value\r\nX-H-229: value\r\nX-H-230: value\r\nX-H-231: value\r\nX-H-232: value\r\nX-H-233: value\r\nX-H-234: value\r\nX-H-235: value\r\nX-H-236: value\r\nX-H-237: value\r\nX-H-238: value\r\nX-H-239: value\r\nX-H-240: value\r\nX-H-241: value\r\nX-H-242: value\r\nX-H-243: value\r\nX-H-244: value\r\nX-H-245: value\r\nX-H-246: value\r\nX-H-247: value\r\nX-H-248: value\r\nX-H-249: value\r\nX-H-250: value\r\nX-H-251: value\r\nX-H-252: value\r\nX-H-253: value\r\nX-H-254: value\r\nX-H-255: value\r\nX-H-256: value\r\nX-H-257: value\r\nX-H-258: value\r\nX-H-259: value\r\nX-H-260: value\r\nX-H-261: value\r\nX-H-262: value\r\nX-H-263: value\r\nX-H-264: value\r\nX-H-265: value\r\nX-H-266: value\r\nX-H-267: value\r\nX-H-268: value\r\nX-H-269: value\r\nX-H-270: value\r\nX-H-271: value\r\nX-H-272: value\r\nX-H-273: value\r\nX-H-274: value\r\nX-H-275: value\r\nX-H-276: value\r\nX-H-277: value\r\nX-H-278: value\r\nX-H-279: value\r\nX-H-280: value\r\nX-H-281: value\r\nX-H-282: value\r\nX-H-283: value\r\nX-H-284: value\r\nX-H-285: value\r\nX-H-286: value\r\nX-H-287: value\r\nX-H-288: value\r\nX-H-289: value\r\nX-H-290: value\r\nX-H-291: value\r\nX-H-292: value\r\nX-H-293: value\r\nX-H-294: value\r\nX-H-295: value\r\nX-H-296: value\r\nX-H-297: value\r\nX-H-298: value\r\nX-H-299: value\r\nX-H-300: value\r\nX-H-301: value\r\nX-H-302: value\r\nX-H-303: value\r\nX-H-304: value\r\nX-H-305: value\r\nX-H-306: value\r\nX-H-307: value\r\nX-H-308: value\r\nX-H-309: value\r\nX-H-310: value\r\nX-H-311: value\r\nX-H-312: value\r\nX-H-313: value\r\nX-H-314: value\r\nX-H-315: value\r\nX-H-316: value\r\nX-H-317: value\r\nX-H-318: value\r\nX-H-319: value\r\nX-H-320: value\r\nX-H-321: value\r\nX-H-322: value\r\nX-H-323: value\r\nX-H-324: value\r\nX-H-325: value\r\nX-H-326: value\r\nX-H-327: value\r\nX-H-328: value\r\nX-H-329: value\r\nX-H-330: value\r\nX-H-331: value\r\nX-H-332: value\r\nX-H-333: value\r\nX-H-334: value\r\nX-H-335: value\r\nX-H-336: value\r\nX-H-337: value\r\nX-H-338: value\r\nX-H-339: value\r\nX-H-340: value\r\nX-H-341: value\r\nX-H-342: value\r\nX-H-343: value\r\nX-H-344: value\r\nX-H-345: value\r\nX-H-346: value\r\nX-H-347: value\r\nX-H-348: value\r\nX-H-349: value\r\nX-H-350: value\r\nX-H-351: value\r\nX-H-352: value\r\nX-H-353: value\r\nX-H-354: value\r\nX-H-355: value\r\nX-H-356: value\r\nX-H-357: value\r\nX-H-358: value\r\nX-H-359: value\r\nX-H-360: value\r\nX-H-361: value\r\nX-H-362: value\r\nX-H-363: value\r\nX-H-364: value\r\nX-H-365: value\r\nX-H-366: value\r\nX-H-367: value\r\nX-H-368: value\r\nX-H-369: value\r\nX-H-370: value\r\nX-H-371: value\r\nX-H-372: value\r\nX-H-373: value\r\nX-H-374: value\r\nX-H-375: value\r\nX-H-376: value\r\nX-H-377: value\r\nX-H-378: value\r\nX-H-379: value\r\nX-H-380: value\r\nX-H-381: value\r\nX-H-382: value\r\nX-H-383: value\r\nX-H-384: value\r\nX-H-385: value\r\nX-H-386: value\r\nX-H-387: value\r\nX-H-388: value\r\nX-H-389: value\r\nX-H-390: value\r\nX-H-391: value\r\nX-H-392: value\r\nX-H-393: value\r\nX-H-394: value\r\nX-H-395: value\r\nX-H-396: value\r\nX-H-397: value\r\nX-H-398: value\r\nX-H-399: value\r\nX-H-400: value\r\nX-H-401: value\r\nX-H-402: value\r\nX-H-403: value\r\nX-H-404: value\r\nX-H-405: value\r\nX-H-406: value\r\nX-H-407: value\r\nX-H-408: value\r\nX-H-409: value\r\nX-H-410: value\r\nX-H-411: value\r\nX-H-412: value\r\nX-H-413: value\r\nX-H-414: value\r\nX-H-415: value\r\nX-H-416: value\r\nX-H-417: value\r\nX-H-418: value\r\nX-H-419: value\r\nX-H-420: value\r\nX-H-421: value\r\nX-H-422: value\r\nX-H-423: value\r\nX-H-424: value\r\nX-H-425: value\r\nX-H-426: value\r\nX-H-427: value\r\nX-H-428: value\r\nX-H-429: value\r\nX-H-430: value\r\nX-H-431: value\r\nX-H-432: value\r\nX-H-433: value\r\nX-H-434: value\r\nX-H-435: value\r\nX-H-436: value\r\nX-H-437: value\r\nX-H-438: value\r\nX-H-439: value\r\nX-H-440: value\r\nX-H-441: value\r\nX-H-442: value\r\nX-H-443: value\r\nX-H-444: value\r\nX-H-445: value\r\nX-H-446: value\r\nX-H-447: value\r\nX-H-448: value\r\nX-H-449: value\r\nX-H-450: value\r\nX-H-451: value\r\nX-H-452: value\r\nX-H-453: value\r\nX-H-454: value\r\nX-H-455: value\r\nX-H-456: value\r\nX-H-457: value\r\nX-H-458: value\r\nX-H-459: value\r\nX-H-460: value\r\nX-H-461: value\r\nX-H-462: value\r\nX-H-463: value\r\nX-H-464: value\r\nX-H-465: value\r\nX-H-466: value\r\nX-H-467: value\r\nX-H-468: value\r\nX-H-469: value\r\nX-H-470: value\r\nX-H-471: value\r\nX-H-472: value\r\nX-H-473: value\r\nX-H-474: value\r\nX-H-475: value\r\nX-H-476: value\r\nX-H-477: value\r\nX-H-478: value\r\nX-H-479: value\r\nX-H-480: value\r\nX-H-481: value\r\nX-H-482: value\r\nX-H-483: value\r\nX-H-484: value\r\nX-H-485: value\r\nX-H-486: value\r\nX-H-487: value\r\nX-H-488: value\r\nX-H-489: value\r\nX-H-490: value\r\nX-H-491: value\r\nX-H-492: value\r\nX-H-493: value\r\nX-H-494: value\r\nX-H-495: value\r\nX-H-496: value\r\nX-H-497: value\r\nX-H-498: value\r\nX-H-499: value\r\nX-H-500: value\r\nX-H-501: value\r\nX-H-502: value\r\nX-H-503: value\r\nX-H-504: value\r\nX-H-505: value\r\nX-H-506: value\r\nX-H-507: value\r\nX-H-508: value\r\nX-H-509: value\r\nX-H-510: value\r\nX-H-511: value\r\nX-H-512: value\r\nX-H-513: value\r\nX-H-514: value\r\nX-H-515: value\r\nX-H-516:", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-NUL-IN-URL", "description": "NUL byte in URL should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 NUL byte in URL should be rejected", "scored": true, "durationMs": 50.5345, "rawRequest": "GET /\u0000test HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:06 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": null}, {"id": "MAL-CONTROL-CHARS-HEADER", "description": "Control characters in header value should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Control characters in header value should be rejected", "scored": true, "durationMs": 50.4417, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: abc\u0007\b?f\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:06 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": null}, {"id": "MAL-INCOMPLETE-REQUEST", "description": "Partial HTTP request \u2014 request-line and headers but no final CRLF", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Partial HTTP request \u2014 request-line and headers but no final CRLF", "scored": true, "durationMs": 5001.145, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: value", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-EMPTY-REQUEST", "description": "Zero bytes \u2014 TCP connection established without sending any data", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Zero bytes \u2014 TCP connection established without sending any data", "scored": true, "durationMs": 5000.2467, "rawRequest": "", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-LONG-HEADER-NAME", "description": "100KB header name should be rejected with 400/431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/431 or close", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "100KB header name should be rejected with 400/431", "scored": true, "durationMs": 0.4604, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-LONG-METHOD", "description": "100KB method name should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 100KB method name should be rejected", "scored": true, "durationMs": 51.4514, "rawRequest": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:16 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n2\r\nOK", "behavioralNote": null}, {"id": "MAL-NON-ASCII-HEADER-NAME", "description": "Non-ASCII bytes (UTF-8 \u00eb) in header name must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Non-ASCII bytes (UTF-8 \u00eb) in header name must be rejected", "scored": true, "durationMs": 50.5193, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-T??st: value\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:16 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": null}, {"id": "MAL-NON-ASCII-URL", "description": "Non-ASCII bytes (UTF-8 \u00e9) in URL must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Non-ASCII bytes (UTF-8 \u00e9) in URL must be rejected", "scored": true, "durationMs": 50.6458, "rawRequest": "GET /caf?? HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:16 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": null}, {"id": "MAL-CL-OVERFLOW", "description": "Content-Length with integer overflow value must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Content-Length with integer overflow value must be rejected", "scored": true, "durationMs": 50.3615, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 99999999999999999999\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:16 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": null}, {"id": "MAL-WHITESPACE-ONLY-LINE", "description": "Whitespace-only request line should be rejected or timeout", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "Whitespace-only request line should be rejected or timeout", "scored": true, "durationMs": 0.2699, "rawRequest": "   \r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-NUL-IN-HEADER-VALUE", "description": "NUL byte in header value should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 NUL byte in header value should be rejected", "scored": true, "durationMs": 50.3026, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: val\u0000ue\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:16 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": null}, {"id": "MAL-CHUNK-SIZE-OVERFLOW", "description": "Chunk size with integer overflow must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Chunk size with integer overflow must be rejected", "scored": true, "durationMs": 50.3949, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\nFFFFFFFFFFFFFFFF0\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:16 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": null}, {"id": "MAL-H2-PREFACE", "description": "HTTP/2 connection preface sent to HTTP/1.1 server must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/505/close/timeout", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "HTTP/2 connection preface sent to HTTP/1.1 server must be rejected", "scored": true, "durationMs": 0.2355, "rawRequest": "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-CL-EMPTY", "description": "Empty Content-Length value must be rejected", "category": "MalformedInput", "rfc": "RFC 9110 \u00a78.6", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Empty Content-Length value must be rejected", "scored": true, "durationMs": 50.26, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: \r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:16 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": null}, {"id": "MAL-CL-TAB-BEFORE-VALUE", "description": "Content-Length with tab as OWS \u2014 valid per RFC but unusual", "category": "MalformedInput", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with tab as OWS \u2014 valid per RFC but unusual", "scored": true, "durationMs": 50.5124, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length:\t5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:16 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": null}, {"id": "MAL-URL-BACKSLASH", "description": "Backslash in URL path \u2014 not valid URI character, some servers normalize to /", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx/404", "got": "200", "connectionState": "Open", "reason": "Backslash in URL path \u2014 not valid URI character, some servers normalize to /", "scored": true, "durationMs": 50.7833, "rawRequest": "GET /path\\file HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:16 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": null}, {"id": "MAL-URL-OVERLONG-UTF8", "description": "Overlong UTF-8 encoding of / (0xC0 0xAF) in URL must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Overlong UTF-8 encoding of / (0xC0 0xAF) in URL must be rejected", "scored": true, "durationMs": 50.3676, "rawRequest": "GET /?? HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:16 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": null}, {"id": "MAL-URL-PERCENT-NULL", "description": "Percent-encoded NUL byte (%00) in URL \u2014 security risk from null byte injection", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx/404", "got": "200", "connectionState": "Open", "reason": "Percent-encoded NUL byte (%00) in URL \u2014 security risk from null byte injection", "scored": true, "durationMs": 50.5167, "rawRequest": "GET /path%00.html HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:16 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": null}, {"id": "MAL-URL-PERCENT-CRLF", "description": "Percent-encoded CRLF (%0d%0a) in URL \u2014 header injection if server decodes during parsing", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx/404", "got": "200", "connectionState": "Open", "reason": "Percent-encoded CRLF (%0d%0a) in URL \u2014 header injection if server decodes during parsing", "scored": true, "durationMs": 50.8334, "rawRequest": "GET /path%0d%0aX-Injected:%20true HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:16 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": null}, {"id": "MAL-CHUNK-EXT-64K", "description": "64KB chunk extension \u2014 tests extension length limits (CVE-2023-39326 class)", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "64KB chunk extension \u2014 tests extension length limits (CVE-2023-39326 class)", "scored": true, "durationMs": 50.7678, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;ext=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:16 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": null}, {"id": "MAL-RANGE-OVERLAPPING", "description": "1000 overlapping Range values \u2014 resource exhaustion vector (CVE-2011-3192 class)", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "200/206/400/416", "got": "200", "connectionState": "Open", "reason": "1000 overlapping Range values \u2014 resource exhaustion vector (CVE-2011-3192 class)", "scored": false, "durationMs": 50.4908, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nRange: bytes=0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:17 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": null}, {"id": "MAL-POST-CL-HUGE-NO-BODY", "description": "POST with Content-Length: 999999999 but no body \u2014 tests timeout vs memory allocation", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "POST with Content-Length: 999999999 but no body \u2014 tests timeout vs memory allocation", "scored": true, "durationMs": 5001.0565, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 999999999\r\n\r\n", "rawResponse": null, "behavioralNote": null}], "name": "EmbedIO", "language": "C#"}, {"summary": {"total": 143, "scored": 125, "passed": 93, "failed": 14, "warnings": 18, "unscored": 18}, "results": [{"id": "COMP-BASELINE", "description": "Valid GET request \u2014 confirms server is reachable", "category": "Compliance", "rfc": null, "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid GET request \u2014 confirms server is reachable", "scored": true, "durationMs": 64.4801, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: application/json; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:24 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n4\r\n\"OK\"\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-2.2-BARE-LF-REQUEST-LINE", "description": "Bare LF in request line should be rejected, but MAY be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or close (pass), 2xx (warn)", "got": "200", "connectionState": "Open", "reason": "Bare LF in request line should be rejected, but MAY be accepted", "scored": true, "durationMs": 50.9708, "rawRequest": "GET / HTTP/1.1\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: application/json; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:24 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n4\r\n\"OK\"\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-2.2-BARE-LF-HEADER", "description": "Bare LF in header should be rejected, but MAY be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or close (pass), 2xx (warn)", "got": "200", "connectionState": "Open", "reason": "Bare LF in header should be rejected, but MAY be accepted", "scored": true, "durationMs": 52.2787, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\nX-Test: value\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: application/json; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:24 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n4\r\n\"OK\"\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-5.1-OBS-FOLD", "description": "Obs-fold (line folding) in headers should be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75.1", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Obs-fold (line folding) in headers should be rejected", "scored": true, "durationMs": 52.0217, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: value\r\n continued\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:25 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "RFC9110-5.6.2-SP-BEFORE-COLON", "description": "Whitespace between header name and colon must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Whitespace between header name and colon must be rejected", "scored": true, "durationMs": 50.7755, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test : value\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:25 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-3-MULTI-SP-REQUEST-LINE", "description": "Multiple spaces between request-line components \u2014 SHOULD reject but MAY parse leniently", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Multiple spaces between request-line components \u2014 SHOULD reject but MAY parse leniently", "scored": true, "durationMs": 50.8332, "rawRequest": "GET  / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:25 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-7.1-MISSING-HOST", "description": "Request without Host header must be rejected with 400", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Request without Host header must be rejected with 400", "scored": true, "durationMs": 50.8459, "rawRequest": "GET / HTTP/1.1\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:25 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-2.3-INVALID-VERSION", "description": "Invalid HTTP version must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 505, "expected": "400/505 or close", "got": "505", "connectionState": "ClosedByServer", "reason": "Invalid HTTP version must be rejected", "scored": true, "durationMs": 51.1186, "rawRequest": "GET / HTTP/9.9\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 505 HTTP Version Not Supported\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:25 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-5-EMPTY-HEADER-NAME", "description": "Empty header name (leading colon) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Empty header name (leading colon) must be rejected", "scored": true, "durationMs": 50.9291, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\n: empty-name\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:25 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-3-CR-ONLY-LINE-ENDING", "description": "CR without LF as line ending must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "CR without LF as line ending must be rejected", "scored": true, "durationMs": 50.8973, "rawRequest": "GET / HTTP/1.1\rHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:25 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-3-MISSING-TARGET", "description": "Request line with no target (space but no path) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Request line with no target (space but no path) must be rejected", "scored": true, "durationMs": 50.9172, "rawRequest": "GET HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:25 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-3.2-FRAGMENT-IN-TARGET", "description": "Fragment (#) in request-target \u2014 not part of origin-form grammar", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Fragment (#) in request-target \u2014 not part of origin-form grammar", "scored": true, "durationMs": 54.6011, "rawRequest": "GET /path#frag HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: application/json; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:25 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n4\r\n\"OK\"\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-2.3-HTTP09-REQUEST", "description": "HTTP/0.9 request (no version) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/0.9 request (no version) must be rejected", "scored": true, "durationMs": 50.7769, "rawRequest": "GET /\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:25 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-5-INVALID-HEADER-NAME", "description": "Header name with invalid characters (brackets) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Header name with invalid characters (brackets) must be rejected", "scored": true, "durationMs": 50.9095, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nBad[Name: value\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: application/json; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:25 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n4\r\n\"OK\"\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-5-HEADER-NO-COLON", "description": "Header line without colon must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Header line without colon must be rejected", "scored": true, "durationMs": 50.6241, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nNoColonHere\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:25 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "RFC9110-5.4-DUPLICATE-HOST", "description": "Duplicate Host headers with different values must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Duplicate Host headers with different values must be rejected", "scored": true, "durationMs": 50.7631, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nHost: other.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:25 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-6.1-CL-NON-NUMERIC", "description": "Non-numeric Content-Length must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Non-numeric Content-Length must be rejected", "scored": true, "durationMs": 51.0065, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: abc\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:25 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-6.1-CL-PLUS-SIGN", "description": "Content-Length with plus sign must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Content-Length with plus sign must be rejected", "scored": true, "durationMs": 52.608, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: +5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:25 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-WHITESPACE-BEFORE-HEADERS", "description": "Whitespace before first header line must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Whitespace before first header line must be rejected", "scored": true, "durationMs": 50.6225, "rawRequest": "GET / HTTP/1.1\r\n \r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:25 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "COMP-DUPLICATE-HOST-SAME", "description": "Duplicate Host headers with identical values must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Duplicate Host headers with identical values must be rejected", "scored": true, "durationMs": 50.579, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:25 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "COMP-HOST-WITH-USERINFO", "description": "Host header with userinfo (user@host) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Host header with userinfo (user@host) must be rejected", "scored": true, "durationMs": 50.6911, "rawRequest": "GET / HTTP/1.1\r\nHost: user@localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:25 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "COMP-HOST-WITH-PATH", "description": "Host header with path component must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Host header with path component must be rejected", "scored": true, "durationMs": 50.6017, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080/path\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:25 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "COMP-ASTERISK-WITH-GET", "description": "Asterisk-form (*) request-target with GET must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.4", "verdict": "Fail", "statusCode": 405, "expected": "400 or close", "got": "405", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 405 \u2014 Asterisk-form (*) request-target with GET must be rejected", "scored": true, "durationMs": 50.7305, "rawRequest": "GET * HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 405 Method Not Allowed\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:26 GMT\r\nServer: Kestrel\r\nAllow: OPTIONS\r\n\r\n", "behavioralNote": null}, {"id": "COMP-OPTIONS-STAR", "description": "OPTIONS * is the only valid asterisk-form request", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.4", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "OPTIONS * is the only valid asterisk-form request", "scored": true, "durationMs": 50.8757, "rawRequest": "OPTIONS * HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: application/json; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:26 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n4\r\n\"OK\"\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-UNKNOWN-TE-501", "description": "Unknown Transfer-Encoding without CL should be rejected with 501", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400/501 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Unknown Transfer-Encoding without CL should be rejected with 501", "scored": true, "durationMs": 50.641, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: gzip\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:26 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "COMP-LEADING-CRLF", "description": "Leading CRLF before request-line \u2014 server may ignore per RFC", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Leading CRLF before request-line \u2014 server may ignore per RFC", "scored": true, "durationMs": 51.386, "rawRequest": "\r\n\r\nGET / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: application/json; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:26 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n4\r\n\"OK\"\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-ABSOLUTE-FORM", "description": "Absolute-form request-target \u2014 server should accept per RFC", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Absolute-form request-target \u2014 server should accept per RFC", "scored": true, "durationMs": 51.9918, "rawRequest": "GET http://localhost:8080/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: application/json; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:26 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n4\r\n\"OK\"\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-METHOD-CASE", "description": "Lowercase method 'get' \u2014 methods are case-sensitive per RFC", "category": "Compliance", "rfc": "RFC 9110 \u00a79.1", "verdict": "Warn", "statusCode": 200, "expected": "400/405/501 or 2xx", "got": "200", "connectionState": "Open", "reason": "Lowercase method 'get' \u2014 methods are case-sensitive per RFC", "scored": true, "durationMs": 51.2473, "rawRequest": "get / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: application/json; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:26 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n4\r\n\"OK\"\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-POST-CL-BODY", "description": "POST with Content-Length and matching body must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "POST with Content-Length and matching body must be accepted", "scored": true, "durationMs": 50.6625, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:26 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-POST-CL-ZERO", "description": "POST with Content-Length: 0 and no body must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "POST with Content-Length: 0 and no body must be accepted", "scored": true, "durationMs": 50.8321, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:26 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "COMP-POST-NO-CL-NO-TE", "description": "POST with neither Content-Length nor Transfer-Encoding \u2014 implicit zero-length body", "category": "Compliance", "rfc": "RFC 9112 \u00a76.3", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "POST with neither Content-Length nor Transfer-Encoding \u2014 implicit zero-length body", "scored": true, "durationMs": 50.707, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:26 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "COMP-POST-CL-UNDERSEND", "description": "POST with Content-Length: 10 but only 5 bytes sent \u2014 incomplete body", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "POST with Content-Length: 10 but only 5 bytes sent \u2014 incomplete body", "scored": true, "durationMs": 5001.2158, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 10\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-CHUNKED-BODY", "description": "Valid single-chunk POST must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid single-chunk POST must be accepted", "scored": true, "durationMs": 51.777, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:31 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-CHUNKED-MULTI", "description": "Valid multi-chunk POST must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid multi-chunk POST must be accepted", "scored": true, "durationMs": 50.6944, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n6\r\n world\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:31 GMT\r\nServer: Kestrel\r\n\r\nhello world", "behavioralNote": null}, {"id": "COMP-CHUNKED-EMPTY", "description": "Zero-length chunked body (just terminator) must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "Zero-length chunked body (just terminator) must be accepted", "scored": true, "durationMs": 50.5012, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:31 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-NO-FINAL", "description": "Chunked body without zero terminator \u2014 incomplete transfer", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Chunked body without zero terminator \u2014 incomplete transfer", "scored": true, "durationMs": 5000.467, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-UPGRADE-POST", "description": "WebSocket upgrade via POST must not be accepted", "category": "Compliance", "rfc": "RFC 6455 \u00a74.1", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "WebSocket upgrade via POST must not be accepted", "scored": true, "durationMs": 50.9586, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 13\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:36 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "COMP-UPGRADE-MISSING-CONN", "description": "Upgrade header without Connection: Upgrade must not trigger protocol switch", "category": "Compliance", "rfc": "RFC 9110 \u00a77.8", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "Upgrade header without Connection: Upgrade must not trigger protocol switch", "scored": true, "durationMs": 50.8909, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 13\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: application/json; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:36 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n4\r\n\"OK\"\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-UPGRADE-UNKNOWN", "description": "Upgrade to unknown protocol must not return 101", "category": "Compliance", "rfc": "RFC 9110 \u00a77.8", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "Upgrade to unknown protocol must not return 101", "scored": true, "durationMs": 50.7161, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: totally-made-up/1.0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: application/json; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:36 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n4\r\n\"OK\"\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-METHOD-CONNECT", "description": "CONNECT to an origin server must be rejected", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.6", "verdict": "Fail", "statusCode": 200, "expected": "400/405/501 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400/405/501 or close, got 200 \u2014 CONNECT to an origin server must be rejected", "scored": true, "durationMs": 50.6353, "rawRequest": "CONNECT example.com:443 HTTP/1.1\r\nHost: example.com:443\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: application/json; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:36 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n4\r\n\"OK\"\r\n", "behavioralNote": null}, {"id": "COMP-EXPECT-UNKNOWN", "description": "Unknown Expect value should be rejected with 417", "category": "Compliance", "rfc": "RFC 9110 \u00a710.1.1", "verdict": "Warn", "statusCode": 200, "expected": "417 or 2xx", "got": "200", "connectionState": "Open", "reason": "Unknown Expect value should be rejected with 417", "scored": true, "durationMs": 50.6143, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nExpect: 200-ok\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: application/json; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:36 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n4\r\n\"OK\"\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-GET-WITH-CL-BODY", "description": "GET with Content-Length and body \u2014 semantically unusual", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "GET with Content-Length and body \u2014 semantically unusual", "scored": false, "durationMs": 50.7231, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: application/json; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:36 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n4\r\n\"OK\"\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-EXTENSION", "description": "Chunk extension (valid per RFC) \u2014 server should accept or may reject", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx or 400", "got": "200", "connectionState": "Open", "reason": "Chunk extension (valid per RFC) \u2014 server should accept or may reject", "scored": true, "durationMs": 51.0463, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;ext=value\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:36 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-UPGRADE-INVALID-VER", "description": "WebSocket upgrade with unsupported version \u2014 should return 426", "category": "Compliance", "rfc": "RFC 6455 \u00a74.4", "verdict": "Warn", "statusCode": 200, "expected": "426 or 2xx", "got": "200", "connectionState": "Open", "reason": "WebSocket upgrade with unsupported version \u2014 should return 426", "scored": true, "durationMs": 50.6648, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 99\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: application/json; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:36 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n4\r\n\"OK\"\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-METHOD-TRACE", "description": "TRACE request \u2014 should be disabled in production", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.8", "verdict": "Warn", "statusCode": 200, "expected": "405/501 or 2xx", "got": "200", "connectionState": "Open", "reason": "TRACE request \u2014 should be disabled in production", "scored": false, "durationMs": 49.9036, "rawRequest": "TRACE / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: application/json; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:37 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n4\r\n\"OK\"\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-HOST-EMPTY-VALUE", "description": "Empty Host header value must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Empty Host header value must be rejected", "scored": true, "durationMs": 50.7033, "rawRequest": "GET / HTTP/1.1\r\nHost: \r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: application/json; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:37 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n4\r\n\"OK\"\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-REQUEST-LINE-TAB", "description": "Tab as request-line delimiter \u2014 SHOULD reject but MAY parse on whitespace", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Tab as request-line delimiter \u2014 SHOULD reject but MAY parse on whitespace", "scored": true, "durationMs": 50.8671, "rawRequest": "GET\t/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:37 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "COMP-VERSION-MISSING-MINOR", "description": "HTTP/1 with no minor version digit is invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/1 with no minor version digit is invalid", "scored": true, "durationMs": 50.6103, "rawRequest": "GET / HTTP/1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:37 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "COMP-VERSION-LEADING-ZEROS", "description": "HTTP/01.01 \u2014 leading zeros in version digits are invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/01.01 \u2014 leading zeros in version digits are invalid", "scored": true, "durationMs": 50.6228, "rawRequest": "GET / HTTP/01.01\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:37 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "COMP-VERSION-WHITESPACE", "description": "HTTP/ 1.1 \u2014 whitespace inside version token is invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/ 1.1 \u2014 whitespace inside version token is invalid", "scored": true, "durationMs": 50.58, "rawRequest": "GET / HTTP/ 1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:37 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CONNECTION-CLOSE", "description": "Server must close connection after responding to Connection: close", "category": "Compliance", "rfc": "RFC 9112 \u00a79.3", "verdict": "Pass", "statusCode": 200, "expected": "2xx + close", "got": "200", "connectionState": "ClosedByServer", "reason": "Server must close connection after responding to Connection: close", "scored": true, "durationMs": 51.0132, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nConnection: close\r\nContent-Type: application/json; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:37 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n4\r\n\"OK\"\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-HTTP10-DEFAULT-CLOSE", "description": "HTTP/1.0 without keep-alive \u2014 server should close connection after response", "category": "Compliance", "rfc": "RFC 9112 \u00a79.3", "verdict": "Pass", "statusCode": 200, "expected": "2xx + close", "got": "200", "connectionState": "ClosedByServer", "reason": "HTTP/1.0 without keep-alive \u2014 server should close connection after response", "scored": true, "durationMs": 50.6599, "rawRequest": "GET / HTTP/1.0\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nConnection: close\r\nContent-Type: application/json; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:37 GMT\r\nServer: Kestrel\r\n\r\n\"OK\"", "behavioralNote": null}, {"id": "COMP-HTTP10-NO-HOST", "description": "HTTP/1.0 without Host header \u2014 valid per HTTP/1.0", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Warn", "statusCode": 200, "expected": "200 or 400", "got": "200", "connectionState": "ClosedByServer", "reason": "HTTP/1.0 without Host header \u2014 valid per HTTP/1.0", "scored": false, "durationMs": 50.7088, "rawRequest": "GET / HTTP/1.0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nConnection: close\r\nContent-Type: application/json; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:37 GMT\r\nServer: Kestrel\r\n\r\n\"OK\"", "behavioralNote": null}, {"id": "COMP-HTTP12-VERSION", "description": "HTTP/1.2 \u2014 higher minor version should be accepted as HTTP/1.x compatible", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Warn", "statusCode": 505, "expected": "200 or 505", "got": "505", "connectionState": "ClosedByServer", "reason": "HTTP/1.2 \u2014 higher minor version should be accepted as HTTP/1.x compatible", "scored": false, "durationMs": 50.6706, "rawRequest": "GET / HTTP/1.2\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 505 HTTP Version Not Supported\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:37 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "COMP-TRACE-WITH-BODY", "description": "TRACE with Content-Length body should be rejected", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.8", "verdict": "Warn", "statusCode": 200, "expected": "400/405 or 200", "got": "200", "connectionState": "Open", "reason": "TRACE with Content-Length body should be rejected", "scored": false, "durationMs": 50.6557, "rawRequest": "TRACE / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: application/json; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:37 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n4\r\n\"OK\"\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-TRAILER-VALID", "description": "Valid chunked body with trailer field should be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid chunked body with trailer field should be accepted", "scored": true, "durationMs": 50.7584, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nX-Checksum: abc\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:37 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-CHUNKED-HEX-UPPERCASE", "description": "Chunk size with uppercase hex (A = 10) should be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Chunk size with uppercase hex (A = 10) should be accepted", "scored": true, "durationMs": 50.5519, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\nA\r\nhelloworld\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 10\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:37 GMT\r\nServer: Kestrel\r\n\r\nhelloworld", "behavioralNote": null}, {"id": "SMUG-CL-TE-BOTH", "description": "Both Content-Length and Transfer-Encoding present \u2014 server MAY reject or process with TE alone", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Both Content-Length and Transfer-Encoding present \u2014 server MAY reject or process with TE alone", "scored": true, "durationMs": 50.9255, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 6\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:37 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": "Used TE (chunked 0-length \u2192 empty body)"}, {"id": "SMUG-DUPLICATE-CL", "description": "Duplicate Content-Length with different values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Duplicate Content-Length with different values must be rejected", "scored": true, "durationMs": 50.6301, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nContent-Length: 10\r\n\r\nhelloworld", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:37 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-LEADING-ZEROS", "description": "Content-Length with leading zeros \u2014 valid per 1*DIGIT grammar but may cause parser disagreement", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with leading zeros \u2014 valid per 1*DIGIT grammar but may cause parser disagreement", "scored": true, "durationMs": 50.5755, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 005\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:37 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TE-XCHUNKED", "description": "Transfer-Encoding: xchunked must not be treated as chunked", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: xchunked must not be treated as chunked", "scored": true, "durationMs": 50.7153, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: xchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:37 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-TRAILING-SPACE", "description": "Transfer-Encoding: 'chunked ' (trailing space) must not be treated as chunked", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: 'chunked ' (trailing space) must not be treated as chunked", "scored": true, "durationMs": 58.5966, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked \r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:37 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-SP-BEFORE-COLON", "description": "Transfer-Encoding with space before colon must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with space before colon must be rejected", "scored": true, "durationMs": 50.803, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding : chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:37 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-NEGATIVE", "description": "Negative Content-Length must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Negative Content-Length must be rejected", "scored": true, "durationMs": 50.545, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: -1\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:37 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CLTE-PIPELINE", "description": "CL.TE smuggling probe \u2014 follow-up should not receive smuggled response", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 CL.TE smuggling probe \u2014 follow-up should not receive smuggled response", "scored": true, "durationMs": 0.7445, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 4\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:38 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TECL-PIPELINE", "description": "TE.CL smuggling probe \u2014 TE: chunked + CL: 30 with pipelined GET", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 TE.CL smuggling probe \u2014 TE: chunked + CL: 30 with pipelined GET", "scored": true, "durationMs": 0.4043, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nContent-Length: 30\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:38 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-TRAILING-SPACE", "description": "Content-Length with trailing space \u2014 OWS trimming is valid per RFC 9110 \u00a75.5", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with trailing space \u2014 OWS trimming is valid per RFC 9110 \u00a75.5", "scored": true, "durationMs": 50.4732, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5 \r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:38 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TE-DOUBLE-CHUNKED", "description": "Transfer-Encoding: chunked, chunked with CL is ambiguous", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: chunked, chunked with CL is ambiguous", "scored": true, "durationMs": 50.9619, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked, chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:38 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-EXTRA-LEADING-SP", "description": "Content-Length with extra leading whitespace (double space OWS)", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with extra leading whitespace (double space OWS)", "scored": true, "durationMs": 50.8436, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length:  5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:38 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TE-CASE-MISMATCH", "description": "Transfer-Encoding: Chunked (capital C) with CL \u2014 case-insensitive is valid", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: Chunked (capital C) with CL \u2014 case-insensitive is valid", "scored": true, "durationMs": 51.4282, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: Chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:38 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-COMMA-DIFFERENT", "description": "Content-Length with comma-separated different values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with comma-separated different values must be rejected", "scored": true, "durationMs": 50.5125, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5, 10\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:38 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-NOT-FINAL-CHUNKED", "description": "Transfer-Encoding where chunked is not final \u2014 server MUST respond with 400 (RFC 9112 \u00a76.3)", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding where chunked is not final \u2014 server MUST respond with 400 (RFC 9112 \u00a76.3)", "scored": true, "durationMs": 50.5629, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked, gzip\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:38 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-HTTP10", "description": "Transfer-Encoding in HTTP/1.0 request must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding in HTTP/1.0 request must be rejected", "scored": true, "durationMs": 50.8594, "rawRequest": "POST / HTTP/1.0\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:38 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-BARE-SEMICOLON", "description": "Chunk size with bare semicolon and no extension name must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Chunk size with bare semicolon and no extension name must be rejected", "scored": true, "durationMs": 50.7972, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:38 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-BARE-CR-HEADER-VALUE", "description": "Bare CR in header value must be rejected or replaced with SP", "category": "Smuggling", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare CR in header value must be rejected or replaced with SP", "scored": true, "durationMs": 50.4838, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nX-Test: val\rue\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:38 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-OCTAL", "description": "Content-Length with octal prefix (0o5) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with octal prefix (0o5) must be rejected", "scored": true, "durationMs": 50.438, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0o5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:38 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-UNDERSCORE", "description": "Chunk size with underscores (1_0) must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size with underscores (1_0) must be rejected", "scored": true, "durationMs": 51.5078, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n1_0\r\nhello world!!!!!\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:38 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-EMPTY-VALUE", "description": "Transfer-Encoding with empty value must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with empty value must be rejected", "scored": true, "durationMs": 51.0859, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:38 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-LEADING-COMMA", "description": "Transfer-Encoding with leading comma (, chunked) \u2014 RFC says empty list elements MUST be ignored", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.6.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with leading comma (, chunked) \u2014 RFC says empty list elements MUST be ignored", "scored": true, "durationMs": 51.5125, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: , chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:38 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-DUPLICATE-HEADERS", "description": "Two Transfer-Encoding headers with CL present \u2014 ambiguous framing", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Two Transfer-Encoding headers with CL present \u2014 ambiguous framing", "scored": true, "durationMs": 50.4828, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nTransfer-Encoding: identity\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:38 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-HEX-PREFIX", "description": "Chunk size with 0x prefix must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size with 0x prefix must be rejected", "scored": true, "durationMs": 51.0528, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n0x5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:38 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-HEX-PREFIX", "description": "Content-Length with hex prefix (0x5) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with hex prefix (0x5) must be rejected", "scored": true, "durationMs": 50.5188, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0x5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:38 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-INTERNAL-SPACE", "description": "Content-Length with internal space (1 0) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with internal space (1 0) must be rejected", "scored": true, "durationMs": 50.4488, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 1 0\r\n\r\nhello12345", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:38 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-LEADING-SP", "description": "Chunk size with leading space must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size with leading space must be rejected", "scored": true, "durationMs": 50.9069, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n 5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:38 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-MISSING-TRAILING-CRLF", "description": "Chunk data without trailing CRLF must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk data without trailing CRLF must be rejected", "scored": true, "durationMs": 50.9564, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:38 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-LF", "description": "Bare LF in chunk extension \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare LF in chunk extension \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 51.2247, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:39 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-SPILL", "description": "Chunk declares size 5 but sends 7 bytes \u2014 oversized chunk data must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk declares size 5 but sends 7 bytes \u2014 oversized chunk data must be rejected", "scored": true, "durationMs": 50.84, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello!!\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:39 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-LF-TERM", "description": "Bare LF as chunk data terminator \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare LF as chunk data terminator \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 50.9952, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:39 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-CTRL", "description": "NUL byte in chunk extension must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 NUL byte in chunk extension must be rejected", "scored": true, "durationMs": 50.5043, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\u0000ext\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:39 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-CR", "description": "Bare CR (not CRLF) in chunk extension \u2014 some parsers treat CR alone as line ending", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare CR (not CRLF) in chunk extension \u2014 some parsers treat CR alone as line ending", "scored": true, "durationMs": 50.9341, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;a\rX\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:39 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-VTAB", "description": "Vertical tab before 'chunked' in TE value \u2014 control char obfuscation vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Vertical tab before 'chunked' in TE value \u2014 control char obfuscation vector", "scored": true, "durationMs": 50.5435, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \u000bchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:39 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-FORMFEED", "description": "Form feed before 'chunked' in TE value \u2014 control char obfuscation vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Form feed before 'chunked' in TE value \u2014 control char obfuscation vector", "scored": true, "durationMs": 50.5554, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \fchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:39 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-NULL", "description": "NUL byte appended to 'chunked' in TE value \u2014 C-string truncation attack", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "NUL byte appended to 'chunked' in TE value \u2014 C-string truncation attack", "scored": true, "durationMs": 50.8001, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\u0000\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:39 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-LF-TRAILER", "description": "Bare LF in chunked trailer termination \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Bare LF in chunked trailer termination \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 5000.0752, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-IDENTITY", "description": "Transfer-Encoding: identity (deprecated) with CL must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: identity (deprecated) with CL must be rejected", "scored": true, "durationMs": 50.3928, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: identity\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:44 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-NEGATIVE", "description": "Negative chunk size must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Negative chunk size must be rejected", "scored": true, "durationMs": 50.8306, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n-1\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:44 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRANSFER_ENCODING", "description": "Transfer_Encoding (underscore) header with CL \u2014 not a valid header but some parsers accept", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer_Encoding (underscore) header with CL \u2014 not a valid header but some parsers accept", "scored": false, "durationMs": 50.76, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer_Encoding: chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:44 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-CL-COMMA-SAME", "description": "Content-Length with comma-separated identical values \u2014 some servers merge", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with comma-separated identical values \u2014 some servers merge", "scored": false, "durationMs": 50.5044, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5, 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:44 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNKED-WITH-PARAMS", "description": "Transfer-Encoding: chunked;ext=val \u2014 parameters on chunked encoding", "category": "Smuggling", "rfc": "RFC 9112 \u00a77", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: chunked;ext=val \u2014 parameters on chunked encoding", "scored": true, "durationMs": 50.546, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked;ext=val\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:44 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-EXPECT-100-CL", "description": "Expect: 100-continue with Content-Length \u2014 server should send 100 then read body", "category": "Smuggling", "rfc": "RFC 9110 \u00a710.1.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Expect: 100-continue with Content-Length \u2014 server should send 100 then read body", "scored": false, "durationMs": 50.5372, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nExpect: 100-continue\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:44 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TRAILER-CL", "description": "Content-Length in chunked trailers must be ignored \u2014 prohibited trailer field", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length in chunked trailers must be ignored \u2014 prohibited trailer field", "scored": false, "durationMs": 50.8157, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nContent-Length: 50\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:44 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TRAILER-TE", "description": "Transfer-Encoding in chunked trailers must be ignored \u2014 prohibited trailer field", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer-Encoding in chunked trailers must be ignored \u2014 prohibited trailer field", "scored": false, "durationMs": 50.5525, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nTransfer-Encoding: chunked\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:44 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TRAILER-HOST", "description": "Host header in chunked trailers must not be used for routing", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Host header in chunked trailers must not be used for routing", "scored": false, "durationMs": 50.6006, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nHost: evil.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:44 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TRAILER-AUTH", "description": "Authorization header in chunked trailers \u2014 prohibited per RFC 9110 \u00a76.5.1", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Authorization header in chunked trailers \u2014 prohibited per RFC 9110 \u00a76.5.1", "scored": false, "durationMs": 50.6276, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nAuthorization: Bearer evil\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:44 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-HEAD-CL-BODY", "description": "HEAD request with Content-Length and body \u2014 server must not leave body on connection", "category": "Smuggling", "rfc": "RFC 9110 \u00a79.3.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "HEAD request with Content-Length and body \u2014 server must not leave body on connection", "scored": false, "durationMs": 50.6852, "rawRequest": "HEAD / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: application/json; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:44 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-OPTIONS-CL-BODY", "description": "OPTIONS with Content-Length and body \u2014 server should consume or reject body", "category": "Smuggling", "rfc": "RFC 9110 \u00a79.3.7", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "OPTIONS with Content-Length and body \u2014 server should consume or reject body", "scored": false, "durationMs": 50.6402, "rawRequest": "OPTIONS / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: application/json; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:44 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n4\r\n\"OK\"\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-UNDERSCORE", "description": "Content-Length with underscore digit separator (1_0) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with underscore digit separator (1_0) must be rejected", "scored": true, "durationMs": 50.4314, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 1_0\r\n\r\nhelloworld", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:45 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-NEGATIVE-ZERO", "description": "Content-Length: -0 must be rejected \u2014 not valid 1*DIGIT", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Content-Length: -0 must be rejected \u2014 not valid 1*DIGIT", "scored": true, "durationMs": 50.4324, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: -0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:45 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-DOUBLE-ZERO", "description": "Content-Length: 00 \u2014 matches 1*DIGIT but leading zero ambiguity", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length: 00 \u2014 matches 1*DIGIT but leading zero ambiguity", "scored": true, "durationMs": 50.7729, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 00\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:45 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-LEADING-ZEROS-OCTAL", "description": "Content-Length: 0200 \u2014 octal 128 vs decimal 200, parser disagreement vector", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length: 0200 \u2014 octal 128 vs decimal 200, parser disagreement vector", "scored": true, "durationMs": 50.7375, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0200\r\n\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 200\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:45 GMT\r\nServer: Kestrel\r\n\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "behavioralNote": null}, {"id": "SMUG-TE-OBS-FOLD", "description": "Transfer-Encoding with obs-fold line wrapping must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a75.1", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with obs-fold line wrapping must be rejected", "scored": true, "durationMs": 50.364, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding:\r\n chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:45 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-TRAILING-COMMA", "description": "Transfer-Encoding: chunked, \u2014 trailing comma produces empty list element", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.6.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: chunked, \u2014 trailing comma produces empty list element", "scored": true, "durationMs": 50.8576, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked,\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:45 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-TAB-BEFORE-VALUE", "description": "Transfer-Encoding with tab as OWS before value", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with tab as OWS before value", "scored": false, "durationMs": 51.0947, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding:\tchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:45 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-ABSOLUTE-URI-HOST-MISMATCH", "description": "Absolute-form URI with different Host header \u2014 routing confusion vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a73.2.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Absolute-form URI with different Host header \u2014 routing confusion vector", "scored": false, "durationMs": 50.6017, "rawRequest": "GET http://other.example.com/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:45 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-MULTIPLE-HOST-COMMA", "description": "Host header with comma-separated values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a77.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Host header with comma-separated values must be rejected", "scored": true, "durationMs": 50.4665, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080, other.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:45 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-BARE-CR-TERM", "description": "Chunk size line terminated by bare CR \u2014 not a valid line terminator", "category": "Smuggling", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size line terminated by bare CR \u2014 not a valid line terminator", "scored": true, "durationMs": 51.145, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\rhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:45 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-CONTENT-TYPE", "description": "Content-Type in chunked trailer \u2014 prohibited per RFC 9110 \u00a76.5.1", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Type in chunked trailer \u2014 prohibited per RFC 9110 \u00a76.5.1", "scored": false, "durationMs": 50.9427, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nContent-Type: text/evil\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:45 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "MAL-BINARY-GARBAGE", "description": "Random binary garbage should be rejected or connection closed", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "Random binary garbage should be rejected or connection closed", "scored": true, "durationMs": 50.8779, "rawRequest": ">\u0017???\u0004?;???V???:o?M%U\u0017]?n?\t\u0014W??6??(\u000b??\u0007???p??\u0005\tngk??\rF?'??'\"?????g?\u001a?????rvc??7i??????)??\u0000Q?????\u000eq\u0005-~????>B??u?8???`\u000b?J\u0017>?\u001d?b?\t???T5{\n????\u0006t|????\u0018\u0010?D??\u0015'????dQ%5w\tN K???\r?\u0011????D?\u0003I?(?\u0011??\r?\u001bi?L???\u0005?kg4Ze\f6??\"QT><<`\u0007u\f????=1?jMah\u0012??+?-??J\u001cP??\u001d?7?,???j2\u0014????(", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:45 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-LONG-URL", "description": "100KB URL should be rejected with 414 URI Too Long", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 414, "expected": "400/414/431 or close", "got": "414", "connectionState": "ClosedByServer", "reason": "100KB URL should be rejected with 414 URI Too Long", "scored": true, "durationMs": 51.327, "rawRequest": "GET /AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 414 URI Too Long\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:45 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-LONG-HEADER-VALUE", "description": "100KB header value should be rejected with 431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 431, "expected": "400/431 or close", "got": "431", "connectionState": "ClosedByServer", "reason": "100KB header value should be rejected with 431", "scored": true, "durationMs": 51.1445, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Big: BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB", "rawResponse": "HTTP/1.1 431 Request Header Fields Too Large\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:45 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-MANY-HEADERS", "description": "10,000 headers should be rejected with 431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 431, "expected": "400/431 or close", "got": "431", "connectionState": "ClosedByServer", "reason": "10,000 headers should be rejected with 431", "scored": true, "durationMs": 52.1356, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-H-0: value\r\nX-H-1: value\r\nX-H-2: value\r\nX-H-3: value\r\nX-H-4: value\r\nX-H-5: value\r\nX-H-6: value\r\nX-H-7: value\r\nX-H-8: value\r\nX-H-9: value\r\nX-H-10: value\r\nX-H-11: value\r\nX-H-12: value\r\nX-H-13: value\r\nX-H-14: value\r\nX-H-15: value\r\nX-H-16: value\r\nX-H-17: value\r\nX-H-18: value\r\nX-H-19: value\r\nX-H-20: value\r\nX-H-21: value\r\nX-H-22: value\r\nX-H-23: value\r\nX-H-24: value\r\nX-H-25: value\r\nX-H-26: value\r\nX-H-27: value\r\nX-H-28: value\r\nX-H-29: value\r\nX-H-30: value\r\nX-H-31: value\r\nX-H-32: value\r\nX-H-33: value\r\nX-H-34: value\r\nX-H-35: value\r\nX-H-36: value\r\nX-H-37: value\r\nX-H-38: value\r\nX-H-39: value\r\nX-H-40: value\r\nX-H-41: value\r\nX-H-42: value\r\nX-H-43: value\r\nX-H-44: value\r\nX-H-45: value\r\nX-H-46: value\r\nX-H-47: value\r\nX-H-48: value\r\nX-H-49: value\r\nX-H-50: value\r\nX-H-51: value\r\nX-H-52: value\r\nX-H-53: value\r\nX-H-54: value\r\nX-H-55: value\r\nX-H-56: value\r\nX-H-57: value\r\nX-H-58: value\r\nX-H-59: value\r\nX-H-60: value\r\nX-H-61: value\r\nX-H-62: value\r\nX-H-63: value\r\nX-H-64: value\r\nX-H-65: value\r\nX-H-66: value\r\nX-H-67: value\r\nX-H-68: value\r\nX-H-69: value\r\nX-H-70: value\r\nX-H-71: value\r\nX-H-72: value\r\nX-H-73: value\r\nX-H-74: value\r\nX-H-75: value\r\nX-H-76: value\r\nX-H-77: value\r\nX-H-78: value\r\nX-H-79: value\r\nX-H-80: value\r\nX-H-81: value\r\nX-H-82: value\r\nX-H-83: value\r\nX-H-84: value\r\nX-H-85: value\r\nX-H-86: value\r\nX-H-87: value\r\nX-H-88: value\r\nX-H-89: value\r\nX-H-90: value\r\nX-H-91: value\r\nX-H-92: value\r\nX-H-93: value\r\nX-H-94: value\r\nX-H-95: value\r\nX-H-96: value\r\nX-H-97: value\r\nX-H-98: value\r\nX-H-99: value\r\nX-H-100: value\r\nX-H-101: value\r\nX-H-102: value\r\nX-H-103: value\r\nX-H-104: value\r\nX-H-105: value\r\nX-H-106: value\r\nX-H-107: value\r\nX-H-108: value\r\nX-H-109: value\r\nX-H-110: value\r\nX-H-111: value\r\nX-H-112: value\r\nX-H-113: value\r\nX-H-114: value\r\nX-H-115: value\r\nX-H-116: value\r\nX-H-117: value\r\nX-H-118: value\r\nX-H-119: value\r\nX-H-120: value\r\nX-H-121: value\r\nX-H-122: value\r\nX-H-123: value\r\nX-H-124: value\r\nX-H-125: value\r\nX-H-126: value\r\nX-H-127: value\r\nX-H-128: value\r\nX-H-129: value\r\nX-H-130: value\r\nX-H-131: value\r\nX-H-132: value\r\nX-H-133: value\r\nX-H-134: value\r\nX-H-135: value\r\nX-H-136: value\r\nX-H-137: value\r\nX-H-138: value\r\nX-H-139: value\r\nX-H-140: value\r\nX-H-141: value\r\nX-H-142: value\r\nX-H-143: value\r\nX-H-144: value\r\nX-H-145: value\r\nX-H-146: value\r\nX-H-147: value\r\nX-H-148: value\r\nX-H-149: value\r\nX-H-150: value\r\nX-H-151: value\r\nX-H-152: value\r\nX-H-153: value\r\nX-H-154: value\r\nX-H-155: value\r\nX-H-156: value\r\nX-H-157: value\r\nX-H-158: value\r\nX-H-159: value\r\nX-H-160: value\r\nX-H-161: value\r\nX-H-162: value\r\nX-H-163: value\r\nX-H-164: value\r\nX-H-165: value\r\nX-H-166: value\r\nX-H-167: value\r\nX-H-168: value\r\nX-H-169: value\r\nX-H-170: value\r\nX-H-171: value\r\nX-H-172: value\r\nX-H-173: value\r\nX-H-174: value\r\nX-H-175: value\r\nX-H-176: value\r\nX-H-177: value\r\nX-H-178: value\r\nX-H-179: value\r\nX-H-180: value\r\nX-H-181: value\r\nX-H-182: value\r\nX-H-183: value\r\nX-H-184: value\r\nX-H-185: value\r\nX-H-186: value\r\nX-H-187: value\r\nX-H-188: value\r\nX-H-189: value\r\nX-H-190: value\r\nX-H-191: value\r\nX-H-192: value\r\nX-H-193: value\r\nX-H-194: value\r\nX-H-195: value\r\nX-H-196: value\r\nX-H-197: value\r\nX-H-198: value\r\nX-H-199: value\r\nX-H-200: value\r\nX-H-201: value\r\nX-H-202: value\r\nX-H-203: value\r\nX-H-204: value\r\nX-H-205: value\r\nX-H-206: value\r\nX-H-207: value\r\nX-H-208: value\r\nX-H-209: value\r\nX-H-210: value\r\nX-H-211: value\r\nX-H-212: value\r\nX-H-213: value\r\nX-H-214: value\r\nX-H-215: value\r\nX-H-216: value\r\nX-H-217: value\r\nX-H-218: value\r\nX-H-219: value\r\nX-H-220: value\r\nX-H-221: value\r\nX-H-222: value\r\nX-H-223: value\r\nX-H-224: value\r\nX-H-225: value\r\nX-H-226: value\r\nX-H-227: value\r\nX-H-228: value\r\nX-H-229: value\r\nX-H-230: value\r\nX-H-231: value\r\nX-H-232: value\r\nX-H-233: value\r\nX-H-234: value\r\nX-H-235: value\r\nX-H-236: value\r\nX-H-237: value\r\nX-H-238: value\r\nX-H-239: value\r\nX-H-240: value\r\nX-H-241: value\r\nX-H-242: value\r\nX-H-243: value\r\nX-H-244: value\r\nX-H-245: value\r\nX-H-246: value\r\nX-H-247: value\r\nX-H-248: value\r\nX-H-249: value\r\nX-H-250: value\r\nX-H-251: value\r\nX-H-252: value\r\nX-H-253: value\r\nX-H-254: value\r\nX-H-255: value\r\nX-H-256: value\r\nX-H-257: value\r\nX-H-258: value\r\nX-H-259: value\r\nX-H-260: value\r\nX-H-261: value\r\nX-H-262: value\r\nX-H-263: value\r\nX-H-264: value\r\nX-H-265: value\r\nX-H-266: value\r\nX-H-267: value\r\nX-H-268: value\r\nX-H-269: value\r\nX-H-270: value\r\nX-H-271: value\r\nX-H-272: value\r\nX-H-273: value\r\nX-H-274: value\r\nX-H-275: value\r\nX-H-276: value\r\nX-H-277: value\r\nX-H-278: value\r\nX-H-279: value\r\nX-H-280: value\r\nX-H-281: value\r\nX-H-282: value\r\nX-H-283: value\r\nX-H-284: value\r\nX-H-285: value\r\nX-H-286: value\r\nX-H-287: value\r\nX-H-288: value\r\nX-H-289: value\r\nX-H-290: value\r\nX-H-291: value\r\nX-H-292: value\r\nX-H-293: value\r\nX-H-294: value\r\nX-H-295: value\r\nX-H-296: value\r\nX-H-297: value\r\nX-H-298: value\r\nX-H-299: value\r\nX-H-300: value\r\nX-H-301: value\r\nX-H-302: value\r\nX-H-303: value\r\nX-H-304: value\r\nX-H-305: value\r\nX-H-306: value\r\nX-H-307: value\r\nX-H-308: value\r\nX-H-309: value\r\nX-H-310: value\r\nX-H-311: value\r\nX-H-312: value\r\nX-H-313: value\r\nX-H-314: value\r\nX-H-315: value\r\nX-H-316: value\r\nX-H-317: value\r\nX-H-318: value\r\nX-H-319: value\r\nX-H-320: value\r\nX-H-321: value\r\nX-H-322: value\r\nX-H-323: value\r\nX-H-324: value\r\nX-H-325: value\r\nX-H-326: value\r\nX-H-327: value\r\nX-H-328: value\r\nX-H-329: value\r\nX-H-330: value\r\nX-H-331: value\r\nX-H-332: value\r\nX-H-333: value\r\nX-H-334: value\r\nX-H-335: value\r\nX-H-336: value\r\nX-H-337: value\r\nX-H-338: value\r\nX-H-339: value\r\nX-H-340: value\r\nX-H-341: value\r\nX-H-342: value\r\nX-H-343: value\r\nX-H-344: value\r\nX-H-345: value\r\nX-H-346: value\r\nX-H-347: value\r\nX-H-348: value\r\nX-H-349: value\r\nX-H-350: value\r\nX-H-351: value\r\nX-H-352: value\r\nX-H-353: value\r\nX-H-354: value\r\nX-H-355: value\r\nX-H-356: value\r\nX-H-357: value\r\nX-H-358: value\r\nX-H-359: value\r\nX-H-360: value\r\nX-H-361: value\r\nX-H-362: value\r\nX-H-363: value\r\nX-H-364: value\r\nX-H-365: value\r\nX-H-366: value\r\nX-H-367: value\r\nX-H-368: value\r\nX-H-369: value\r\nX-H-370: value\r\nX-H-371: value\r\nX-H-372: value\r\nX-H-373: value\r\nX-H-374: value\r\nX-H-375: value\r\nX-H-376: value\r\nX-H-377: value\r\nX-H-378: value\r\nX-H-379: value\r\nX-H-380: value\r\nX-H-381: value\r\nX-H-382: value\r\nX-H-383: value\r\nX-H-384: value\r\nX-H-385: value\r\nX-H-386: value\r\nX-H-387: value\r\nX-H-388: value\r\nX-H-389: value\r\nX-H-390: value\r\nX-H-391: value\r\nX-H-392: value\r\nX-H-393: value\r\nX-H-394: value\r\nX-H-395: value\r\nX-H-396: value\r\nX-H-397: value\r\nX-H-398: value\r\nX-H-399: value\r\nX-H-400: value\r\nX-H-401: value\r\nX-H-402: value\r\nX-H-403: value\r\nX-H-404: value\r\nX-H-405: value\r\nX-H-406: value\r\nX-H-407: value\r\nX-H-408: value\r\nX-H-409: value\r\nX-H-410: value\r\nX-H-411: value\r\nX-H-412: value\r\nX-H-413: value\r\nX-H-414: value\r\nX-H-415: value\r\nX-H-416: value\r\nX-H-417: value\r\nX-H-418: value\r\nX-H-419: value\r\nX-H-420: value\r\nX-H-421: value\r\nX-H-422: value\r\nX-H-423: value\r\nX-H-424: value\r\nX-H-425: value\r\nX-H-426: value\r\nX-H-427: value\r\nX-H-428: value\r\nX-H-429: value\r\nX-H-430: value\r\nX-H-431: value\r\nX-H-432: value\r\nX-H-433: value\r\nX-H-434: value\r\nX-H-435: value\r\nX-H-436: value\r\nX-H-437: value\r\nX-H-438: value\r\nX-H-439: value\r\nX-H-440: value\r\nX-H-441: value\r\nX-H-442: value\r\nX-H-443: value\r\nX-H-444: value\r\nX-H-445: value\r\nX-H-446: value\r\nX-H-447: value\r\nX-H-448: value\r\nX-H-449: value\r\nX-H-450: value\r\nX-H-451: value\r\nX-H-452: value\r\nX-H-453: value\r\nX-H-454: value\r\nX-H-455: value\r\nX-H-456: value\r\nX-H-457: value\r\nX-H-458: value\r\nX-H-459: value\r\nX-H-460: value\r\nX-H-461: value\r\nX-H-462: value\r\nX-H-463: value\r\nX-H-464: value\r\nX-H-465: value\r\nX-H-466: value\r\nX-H-467: value\r\nX-H-468: value\r\nX-H-469: value\r\nX-H-470: value\r\nX-H-471: value\r\nX-H-472: value\r\nX-H-473: value\r\nX-H-474: value\r\nX-H-475: value\r\nX-H-476: value\r\nX-H-477: value\r\nX-H-478: value\r\nX-H-479: value\r\nX-H-480: value\r\nX-H-481: value\r\nX-H-482: value\r\nX-H-483: value\r\nX-H-484: value\r\nX-H-485: value\r\nX-H-486: value\r\nX-H-487: value\r\nX-H-488: value\r\nX-H-489: value\r\nX-H-490: value\r\nX-H-491: value\r\nX-H-492: value\r\nX-H-493: value\r\nX-H-494: value\r\nX-H-495: value\r\nX-H-496: value\r\nX-H-497: value\r\nX-H-498: value\r\nX-H-499: value\r\nX-H-500: value\r\nX-H-501: value\r\nX-H-502: value\r\nX-H-503: value\r\nX-H-504: value\r\nX-H-505: value\r\nX-H-506: value\r\nX-H-507: value\r\nX-H-508: value\r\nX-H-509: value\r\nX-H-510: value\r\nX-H-511: value\r\nX-H-512: value\r\nX-H-513: value\r\nX-H-514: value\r\nX-H-515: value\r\nX-H-516:", "rawResponse": "HTTP/1.1 431 Request Header Fields Too Large\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:45 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-NUL-IN-URL", "description": "NUL byte in URL should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "NUL byte in URL should be rejected", "scored": true, "durationMs": 50.4819, "rawRequest": "GET /\u0000test HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:45 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-CONTROL-CHARS-HEADER", "description": "Control characters in header value should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Control characters in header value should be rejected", "scored": true, "durationMs": 50.5536, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: abc\u0007\b?f\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: application/json; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:45 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n4\r\n\"OK\"\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-INCOMPLETE-REQUEST", "description": "Partial HTTP request \u2014 request-line and headers but no final CRLF", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Partial HTTP request \u2014 request-line and headers but no final CRLF", "scored": true, "durationMs": 5000.9967, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: value", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-EMPTY-REQUEST", "description": "Zero bytes \u2014 TCP connection established without sending any data", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Zero bytes \u2014 TCP connection established without sending any data", "scored": true, "durationMs": 5000.6596, "rawRequest": "", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-LONG-HEADER-NAME", "description": "100KB header name should be rejected with 400/431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 431, "expected": "400/431 or close", "got": "431", "connectionState": "ClosedByServer", "reason": "100KB header name should be rejected with 400/431", "scored": true, "durationMs": 50.821, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 431 Request Header Fields Too Large\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:55 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-LONG-METHOD", "description": "100KB method name should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 414, "expected": "400 or close", "got": "414", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 414 \u2014 100KB method name should be rejected", "scored": true, "durationMs": 51.4029, "rawRequest": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 414 URI Too Long\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:55 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-NON-ASCII-HEADER-NAME", "description": "Non-ASCII bytes (UTF-8 \u00eb) in header name must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Non-ASCII bytes (UTF-8 \u00eb) in header name must be rejected", "scored": true, "durationMs": 50.7683, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-T??st: value\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:55 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-NON-ASCII-URL", "description": "Non-ASCII bytes (UTF-8 \u00e9) in URL must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Non-ASCII bytes (UTF-8 \u00e9) in URL must be rejected", "scored": true, "durationMs": 50.7009, "rawRequest": "GET /caf?? HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:56 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-CL-OVERFLOW", "description": "Content-Length with integer overflow value must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with integer overflow value must be rejected", "scored": true, "durationMs": 50.5294, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 99999999999999999999\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:56 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-WHITESPACE-ONLY-LINE", "description": "Whitespace-only request line should be rejected or timeout", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "Whitespace-only request line should be rejected or timeout", "scored": true, "durationMs": 50.5932, "rawRequest": "   \r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:56 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-NUL-IN-HEADER-VALUE", "description": "NUL byte in header value should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "NUL byte in header value should be rejected", "scored": true, "durationMs": 50.434, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: val\u0000ue\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:56 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-CHUNK-SIZE-OVERFLOW", "description": "Chunk size with integer overflow must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 500, "expected": "400 or close", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 500 \u2014 Chunk size with integer overflow must be rejected", "scored": true, "durationMs": 51.0682, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\nFFFFFFFFFFFFFFFF0\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 500 Internal Server Error\r\nContent-Length: 0\r\nDate: Thu, 12 Feb 2026 21:07:56 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-H2-PREFACE", "description": "HTTP/2 connection preface sent to HTTP/1.1 server must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/505/close/timeout", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "HTTP/2 connection preface sent to HTTP/1.1 server must be rejected", "scored": true, "durationMs": 0.4447, "rawRequest": "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-CL-EMPTY", "description": "Empty Content-Length value must be rejected", "category": "MalformedInput", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Empty Content-Length value must be rejected", "scored": true, "durationMs": 50.5891, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: \r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:56 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-CL-TAB-BEFORE-VALUE", "description": "Content-Length with tab as OWS \u2014 valid per RFC but unusual", "category": "MalformedInput", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with tab as OWS \u2014 valid per RFC but unusual", "scored": true, "durationMs": 50.7394, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length:\t5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:56 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "MAL-URL-BACKSLASH", "description": "Backslash in URL path \u2014 not valid URI character, some servers normalize to /", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx/404", "got": "200", "connectionState": "Open", "reason": "Backslash in URL path \u2014 not valid URI character, some servers normalize to /", "scored": true, "durationMs": 50.9679, "rawRequest": "GET /path\\file HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: application/json; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:56 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n4\r\n\"OK\"\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-URL-OVERLONG-UTF8", "description": "Overlong UTF-8 encoding of / (0xC0 0xAF) in URL must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Overlong UTF-8 encoding of / (0xC0 0xAF) in URL must be rejected", "scored": true, "durationMs": 50.5508, "rawRequest": "GET /?? HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:56 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-URL-PERCENT-NULL", "description": "Percent-encoded NUL byte (%00) in URL \u2014 security risk from null byte injection", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx/404", "got": "400", "connectionState": "ClosedByServer", "reason": "Percent-encoded NUL byte (%00) in URL \u2014 security risk from null byte injection", "scored": true, "durationMs": 50.5908, "rawRequest": "GET /path%00.html HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:56 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-URL-PERCENT-CRLF", "description": "Percent-encoded CRLF (%0d%0a) in URL \u2014 header injection if server decodes during parsing", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx/404", "got": "200", "connectionState": "Open", "reason": "Percent-encoded CRLF (%0d%0a) in URL \u2014 header injection if server decodes during parsing", "scored": true, "durationMs": 50.5902, "rawRequest": "GET /path%0d%0aX-Injected:%20true HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: application/json; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:56 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n4\r\n\"OK\"\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-CHUNK-EXT-64K", "description": "64KB chunk extension \u2014 tests extension length limits (CVE-2023-39326 class)", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "64KB chunk extension \u2014 tests extension length limits (CVE-2023-39326 class)", "scored": true, "durationMs": 51.929, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;ext=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:56 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "MAL-RANGE-OVERLAPPING", "description": "1000 overlapping Range values \u2014 resource exhaustion vector (CVE-2011-3192 class)", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "200/206/400/416", "got": "200", "connectionState": "Open", "reason": "1000 overlapping Range values \u2014 resource exhaustion vector (CVE-2011-3192 class)", "scored": false, "durationMs": 51.5522, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nRange: bytes=0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: application/json; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:56 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n4\r\n\"OK\"\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-POST-CL-HUGE-NO-BODY", "description": "POST with Content-Length: 999999999 but no body \u2014 tests timeout vs memory allocation", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 413, "expected": "400/close/timeout", "got": "413", "connectionState": "ClosedByServer", "reason": "POST with Content-Length: 999999999 but no body \u2014 tests timeout vs memory allocation", "scored": true, "durationMs": 51.4641, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 999999999\r\n\r\n", "rawResponse": "HTTP/1.1 413 Payload Too Large\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:56 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}], "name": "ServiceStack", "language": "C#"}, {"summary": {"total": 143, "scored": 125, "passed": 37, "failed": 63, "warnings": 25, "unscored": 18}, "results": [{"id": "COMP-BASELINE", "description": "Valid GET request \u2014 confirms server is reachable", "category": "Compliance", "rfc": null, "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid GET request \u2014 confirms server is reachable", "scored": true, "durationMs": 63.5191, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-2.2-BARE-LF-REQUEST-LINE", "description": "Bare LF in request line should be rejected, but MAY be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or close (pass), 2xx (warn)", "got": "200", "connectionState": "Open", "reason": "Bare LF in request line should be rejected, but MAY be accepted", "scored": true, "durationMs": 51.5126, "rawRequest": "GET / HTTP/1.1\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-2.2-BARE-LF-HEADER", "description": "Bare LF in header should be rejected, but MAY be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or close (pass), 2xx (warn)", "got": "200", "connectionState": "Open", "reason": "Bare LF in header should be rejected, but MAY be accepted", "scored": true, "durationMs": 50.614, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\nX-Test: value\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-5.1-OBS-FOLD", "description": "Obs-fold (line folding) in headers should be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75.1", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "Open", "reason": "Expected 400, got 200 \u2014 Obs-fold (line folding) in headers should be rejected", "scored": true, "durationMs": 50.4004, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: value\r\n continued\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9110-5.6.2-SP-BEFORE-COLON", "description": "Whitespace between header name and colon must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "Open", "reason": "Expected 400, got 200 \u2014 Whitespace between header name and colon must be rejected", "scored": true, "durationMs": 50.4281, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test : value\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-3-MULTI-SP-REQUEST-LINE", "description": "Multiple spaces between request-line components \u2014 SHOULD reject but MAY parse leniently", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Multiple spaces between request-line components \u2014 SHOULD reject but MAY parse leniently", "scored": true, "durationMs": 51.1071, "rawRequest": "GET  / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-7.1-MISSING-HOST", "description": "Request without Host header must be rejected with 400", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "Open", "reason": "Expected 400, got 200 \u2014 Request without Host header must be rejected with 400", "scored": true, "durationMs": 50.6765, "rawRequest": "GET / HTTP/1.1\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-2.3-INVALID-VERSION", "description": "Invalid HTTP version must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Fail", "statusCode": 200, "expected": "400/505 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400/505 or close, got 200 \u2014 Invalid HTTP version must be rejected", "scored": true, "durationMs": 50.5977, "rawRequest": "GET / HTTP/9.9\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-5-EMPTY-HEADER-NAME", "description": "Empty header name (leading colon) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Empty header name (leading colon) must be rejected", "scored": true, "durationMs": 50.7725, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\n: empty-name\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 0\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-3-CR-ONLY-LINE-ENDING", "description": "CR without LF as line ending must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "CR without LF as line ending must be rejected", "scored": true, "durationMs": 50.3754, "rawRequest": "GET / HTTP/1.1\rHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 0\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-3-MISSING-TARGET", "description": "Request line with no target (space but no path) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Request line with no target (space but no path) must be rejected", "scored": true, "durationMs": 50.445, "rawRequest": "GET HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-3.2-FRAGMENT-IN-TARGET", "description": "Fragment (#) in request-target \u2014 not part of origin-form grammar", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Fragment (#) in request-target \u2014 not part of origin-form grammar", "scored": true, "durationMs": 50.4698, "rawRequest": "GET /path#frag HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-2.3-HTTP09-REQUEST", "description": "HTTP/0.9 request (no version) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "HTTP/0.9 request (no version) must be rejected", "scored": true, "durationMs": 5001.3604, "rawRequest": "GET /\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "RFC9112-5-INVALID-HEADER-NAME", "description": "Header name with invalid characters (brackets) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Header name with invalid characters (brackets) must be rejected", "scored": true, "durationMs": 50.3916, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nBad[Name: value\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-5-HEADER-NO-COLON", "description": "Header line without colon must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Header line without colon must be rejected", "scored": true, "durationMs": 50.5183, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nNoColonHere\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9110-5.4-DUPLICATE-HOST", "description": "Duplicate Host headers with different values must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "Open", "reason": "Expected 400, got 200 \u2014 Duplicate Host headers with different values must be rejected", "scored": true, "durationMs": 50.6166, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nHost: other.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-6.1-CL-NON-NUMERIC", "description": "Non-numeric Content-Length must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Non-numeric Content-Length must be rejected", "scored": true, "durationMs": 50.4561, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: abc\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 0\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-6.1-CL-PLUS-SIGN", "description": "Content-Length with plus sign must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with plus sign must be rejected", "scored": true, "durationMs": 50.5674, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: +5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-WHITESPACE-BEFORE-HEADERS", "description": "Whitespace before first header line must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Whitespace before first header line must be rejected", "scored": true, "durationMs": 50.5923, "rawRequest": "GET / HTTP/1.1\r\n \r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-DUPLICATE-HOST-SAME", "description": "Duplicate Host headers with identical values must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "Open", "reason": "Expected 400, got 200 \u2014 Duplicate Host headers with identical values must be rejected", "scored": true, "durationMs": 50.6545, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HOST-WITH-USERINFO", "description": "Host header with userinfo (user@host) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Host header with userinfo (user@host) must be rejected", "scored": true, "durationMs": 50.6255, "rawRequest": "GET / HTTP/1.1\r\nHost: user@localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HOST-WITH-PATH", "description": "Host header with path component must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Host header with path component must be rejected", "scored": true, "durationMs": 50.4274, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080/path\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-ASTERISK-WITH-GET", "description": "Asterisk-form (*) request-target with GET must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.4", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Asterisk-form (*) request-target with GET must be rejected", "scored": true, "durationMs": 50.3512, "rawRequest": "GET * HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-OPTIONS-STAR", "description": "OPTIONS * is the only valid asterisk-form request", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.4", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "OPTIONS * is the only valid asterisk-form request", "scored": true, "durationMs": 50.6326, "rawRequest": "OPTIONS * HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-UNKNOWN-TE-501", "description": "Unknown Transfer-Encoding without CL should be rejected with 501", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": null, "expected": "400/501 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400/501 or close, got TimedOut \u2014 Unknown Transfer-Encoding without CL should be rejected with 501", "scored": true, "durationMs": 5001.2737, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: gzip\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-LEADING-CRLF", "description": "Leading CRLF before request-line \u2014 server may ignore per RFC", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Leading CRLF before request-line \u2014 server may ignore per RFC", "scored": true, "durationMs": 50.4981, "rawRequest": "\r\n\r\nGET / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-ABSOLUTE-FORM", "description": "Absolute-form request-target \u2014 server should accept per RFC", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Absolute-form request-target \u2014 server should accept per RFC", "scored": true, "durationMs": 50.5966, "rawRequest": "GET http://localhost:8080/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-METHOD-CASE", "description": "Lowercase method 'get' \u2014 methods are case-sensitive per RFC", "category": "Compliance", "rfc": "RFC 9110 \u00a79.1", "verdict": "Fail", "statusCode": null, "expected": "400/405/501 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400/405/501 or 2xx, got TimedOut \u2014 Lowercase method 'get' \u2014 methods are case-sensitive per RFC", "scored": true, "durationMs": 5001.5791, "rawRequest": "get / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-POST-CL-BODY", "description": "POST with Content-Length and matching body must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "POST with Content-Length and matching body must be accepted", "scored": true, "durationMs": 51.0864, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-POST-CL-ZERO", "description": "POST with Content-Length: 0 and no body must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "POST with Content-Length: 0 and no body must be accepted", "scored": true, "durationMs": 50.5865, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-POST-NO-CL-NO-TE", "description": "POST with neither Content-Length nor Transfer-Encoding \u2014 implicit zero-length body", "category": "Compliance", "rfc": "RFC 9112 \u00a76.3", "verdict": "Pass", "statusCode": null, "expected": "2xx or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "POST with neither Content-Length nor Transfer-Encoding \u2014 implicit zero-length body", "scored": true, "durationMs": 5000.5495, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-POST-CL-UNDERSEND", "description": "POST with Content-Length: 10 but only 5 bytes sent \u2014 incomplete body", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "POST with Content-Length: 10 but only 5 bytes sent \u2014 incomplete body", "scored": true, "durationMs": 5000.7836, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 10\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-CHUNKED-BODY", "description": "Valid single-chunk POST must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid single-chunk POST must be accepted", "scored": true, "durationMs": 50.5449, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 15\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-MULTI", "description": "Valid multi-chunk POST must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid multi-chunk POST must be accepted", "scored": true, "durationMs": 50.9227, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n6\r\n world\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 26\r\n\r\n5\r\nhello\r\n6\r\n world\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-EMPTY", "description": "Zero-length chunked body (just terminator) must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "Zero-length chunked body (just terminator) must be accepted", "scored": true, "durationMs": 50.5233, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 5\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-NO-FINAL", "description": "Chunked body without zero terminator \u2014 incomplete transfer", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Chunked body without zero terminator \u2014 incomplete transfer", "scored": true, "durationMs": 5000.9442, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-UPGRADE-POST", "description": "WebSocket upgrade via POST must not be accepted", "category": "Compliance", "rfc": "RFC 6455 \u00a74.1", "verdict": "Fail", "statusCode": null, "expected": "!101", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected !101, got TimedOut \u2014 WebSocket upgrade via POST must not be accepted", "scored": true, "durationMs": 5000.3044, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 13\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-UPGRADE-MISSING-CONN", "description": "Upgrade header without Connection: Upgrade must not trigger protocol switch", "category": "Compliance", "rfc": "RFC 9110 \u00a77.8", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "Upgrade header without Connection: Upgrade must not trigger protocol switch", "scored": true, "durationMs": 50.7769, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 13\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-UPGRADE-UNKNOWN", "description": "Upgrade to unknown protocol must not return 101", "category": "Compliance", "rfc": "RFC 9110 \u00a77.8", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "Upgrade to unknown protocol must not return 101", "scored": true, "durationMs": 50.5844, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: totally-made-up/1.0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-METHOD-CONNECT", "description": "CONNECT to an origin server must be rejected", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.6", "verdict": "Fail", "statusCode": null, "expected": "400/405/501 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400/405/501 or close, got TimedOut \u2014 CONNECT to an origin server must be rejected", "scored": true, "durationMs": 5001.1693, "rawRequest": "CONNECT example.com:443 HTTP/1.1\r\nHost: example.com:443\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-EXPECT-UNKNOWN", "description": "Unknown Expect value should be rejected with 417", "category": "Compliance", "rfc": "RFC 9110 \u00a710.1.1", "verdict": "Warn", "statusCode": 200, "expected": "417 or 2xx", "got": "200", "connectionState": "Open", "reason": "Unknown Expect value should be rejected with 417", "scored": true, "durationMs": 50.5932, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nExpect: 200-ok\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-GET-WITH-CL-BODY", "description": "GET with Content-Length and body \u2014 semantically unusual", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "GET with Content-Length and body \u2014 semantically unusual", "scored": false, "durationMs": 50.4759, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-CHUNKED-EXTENSION", "description": "Chunk extension (valid per RFC) \u2014 server should accept or may reject", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx or 400", "got": "200", "connectionState": "Open", "reason": "Chunk extension (valid per RFC) \u2014 server should accept or may reject", "scored": true, "durationMs": 50.5498, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;ext=value\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 25\r\n\r\n5;ext=value\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-UPGRADE-INVALID-VER", "description": "WebSocket upgrade with unsupported version \u2014 should return 426", "category": "Compliance", "rfc": "RFC 6455 \u00a74.4", "verdict": "Warn", "statusCode": 200, "expected": "426 or 2xx", "got": "200", "connectionState": "Open", "reason": "WebSocket upgrade with unsupported version \u2014 should return 426", "scored": true, "durationMs": 50.6774, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 99\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-METHOD-TRACE", "description": "TRACE request \u2014 should be disabled in production", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.8", "verdict": "Warn", "statusCode": 200, "expected": "405/501 or 2xx", "got": "200", "connectionState": "Open", "reason": "TRACE request \u2014 should be disabled in production", "scored": false, "durationMs": 50.7116, "rawRequest": "TRACE / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HOST-EMPTY-VALUE", "description": "Empty Host header value must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Empty Host header value must be rejected", "scored": true, "durationMs": 50.5393, "rawRequest": "GET / HTTP/1.1\r\nHost: \r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-REQUEST-LINE-TAB", "description": "Tab as request-line delimiter \u2014 SHOULD reject but MAY parse on whitespace", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Tab as request-line delimiter \u2014 SHOULD reject but MAY parse on whitespace", "scored": true, "durationMs": 5000.5504, "rawRequest": "GET\t/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-VERSION-MISSING-MINOR", "description": "HTTP/1 with no minor version digit is invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 HTTP/1 with no minor version digit is invalid", "scored": true, "durationMs": 50.3927, "rawRequest": "GET / HTTP/1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-VERSION-LEADING-ZEROS", "description": "HTTP/01.01 \u2014 leading zeros in version digits are invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 HTTP/01.01 \u2014 leading zeros in version digits are invalid", "scored": true, "durationMs": 50.4493, "rawRequest": "GET / HTTP/01.01\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-VERSION-WHITESPACE", "description": "HTTP/ 1.1 \u2014 whitespace inside version token is invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 HTTP/ 1.1 \u2014 whitespace inside version token is invalid", "scored": true, "durationMs": 50.4873, "rawRequest": "GET / HTTP/ 1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-CONNECTION-CLOSE", "description": "Server must close connection after responding to Connection: close", "category": "Compliance", "rfc": "RFC 9112 \u00a79.3", "verdict": "Fail", "statusCode": 200, "expected": "2xx + close", "got": "200", "connectionState": "Open", "reason": "Expected 2xx + close, got 200 \u2014 Server must close connection after responding to Connection: close", "scored": true, "durationMs": 50.4874, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HTTP10-DEFAULT-CLOSE", "description": "HTTP/1.0 without keep-alive \u2014 server should close connection after response", "category": "Compliance", "rfc": "RFC 9112 \u00a79.3", "verdict": "Warn", "statusCode": 200, "expected": "2xx + close", "got": "200", "connectionState": "Open", "reason": "HTTP/1.0 without keep-alive \u2014 server should close connection after response", "scored": true, "durationMs": 50.3474, "rawRequest": "GET / HTTP/1.0\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HTTP10-NO-HOST", "description": "HTTP/1.0 without Host header \u2014 valid per HTTP/1.0", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Warn", "statusCode": 200, "expected": "200 or 400", "got": "200", "connectionState": "Open", "reason": "HTTP/1.0 without Host header \u2014 valid per HTTP/1.0", "scored": false, "durationMs": 50.4578, "rawRequest": "GET / HTTP/1.0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HTTP12-VERSION", "description": "HTTP/1.2 \u2014 higher minor version should be accepted as HTTP/1.x compatible", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Warn", "statusCode": 200, "expected": "200 or 505", "got": "200", "connectionState": "Open", "reason": "HTTP/1.2 \u2014 higher minor version should be accepted as HTTP/1.x compatible", "scored": false, "durationMs": 50.6558, "rawRequest": "GET / HTTP/1.2\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-TRACE-WITH-BODY", "description": "TRACE with Content-Length body should be rejected", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.8", "verdict": "Warn", "statusCode": 200, "expected": "400/405 or 200", "got": "200", "connectionState": "Open", "reason": "TRACE with Content-Length body should be rejected", "scored": false, "durationMs": 50.802, "rawRequest": "TRACE / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-CHUNKED-TRAILER-VALID", "description": "Valid chunked body with trailer field should be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid chunked body with trailer field should be accepted", "scored": true, "durationMs": 50.6864, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nX-Checksum: abc\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 32\r\n\r\n5\r\nhello\r\n0\r\nX-Checksum: abc\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-HEX-UPPERCASE", "description": "Chunk size with uppercase hex (A = 10) should be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Chunk size with uppercase hex (A = 10) should be accepted", "scored": true, "durationMs": 50.6547, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\nA\r\nhelloworld\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 20\r\n\r\nA\r\nhelloworld\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-TE-BOTH", "description": "Both Content-Length and Transfer-Encoding present \u2014 server MAY reject or process with TE alone", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Both Content-Length and Transfer-Encoding present \u2014 server MAY reject or process with TE alone", "scored": true, "durationMs": 5001.5699, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 6\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-DUPLICATE-CL", "description": "Duplicate Content-Length with different values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Duplicate Content-Length with different values must be rejected", "scored": true, "durationMs": 50.969, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nContent-Length: 10\r\n\r\nhelloworld", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 10\r\n\r\nhelloworld", "behavioralNote": "Body: Content-Length: 10\r\n\r\nhelloworld"}, {"id": "SMUG-CL-LEADING-ZEROS", "description": "Content-Length with leading zeros \u2014 valid per 1*DIGIT grammar but may cause parser disagreement", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with leading zeros \u2014 valid per 1*DIGIT grammar but may cause parser disagreement", "scored": true, "durationMs": 50.4794, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 005\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TE-XCHUNKED", "description": "Transfer-Encoding: xchunked must not be treated as chunked", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding: xchunked must not be treated as chunked", "scored": true, "durationMs": 50.605, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: xchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Body: Content-Length: 5\r\n\r\nhello"}, {"id": "SMUG-TE-TRAILING-SPACE", "description": "Transfer-Encoding: 'chunked ' (trailing space) must not be treated as chunked", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding: 'chunked ' (trailing space) must not be treated as chunked", "scored": true, "durationMs": 50.6944, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked \r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Body: Content-Length: 5\r\n\r\nhello"}, {"id": "SMUG-TE-SP-BEFORE-COLON", "description": "Transfer-Encoding with space before colon must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a75", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding with space before colon must be rejected", "scored": true, "durationMs": 50.4628, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding : chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Body: Content-Length: 5\r\n\r\nhello"}, {"id": "SMUG-CL-NEGATIVE", "description": "Negative Content-Length must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Negative Content-Length must be rejected", "scored": true, "durationMs": 50.3812, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: -1\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CLTE-PIPELINE", "description": "CL.TE smuggling probe \u2014 follow-up should not receive smuggled response", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 CL.TE smuggling probe \u2014 follow-up should not receive smuggled response", "scored": true, "durationMs": 0.4844, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 4\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 4\r\n\r\n0\r\n\r", "behavioralNote": null}, {"id": "SMUG-TECL-PIPELINE", "description": "TE.CL smuggling probe \u2014 TE: chunked + CL: 30 with pipelined GET", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or close, got TimedOut \u2014 TE.CL smuggling probe \u2014 TE: chunked + CL: 30 with pipelined GET", "scored": true, "durationMs": 5001.1093, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nContent-Length: 30\r\n\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CL-TRAILING-SPACE", "description": "Content-Length with trailing space \u2014 OWS trimming is valid per RFC 9110 \u00a75.5", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with trailing space \u2014 OWS trimming is valid per RFC 9110 \u00a75.5", "scored": true, "durationMs": 50.9841, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5 \r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-DOUBLE-CHUNKED", "description": "Transfer-Encoding: chunked, chunked with CL is ambiguous", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer-Encoding: chunked, chunked with CL is ambiguous", "scored": true, "durationMs": 50.3643, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked, chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Body: Content-Length: 5\r\n\r\nhello"}, {"id": "SMUG-CL-EXTRA-LEADING-SP", "description": "Content-Length with extra leading whitespace (double space OWS)", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with extra leading whitespace (double space OWS)", "scored": true, "durationMs": 50.4987, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length:  5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TE-CASE-MISMATCH", "description": "Transfer-Encoding: Chunked (capital C) with CL \u2014 case-insensitive is valid", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer-Encoding: Chunked (capital C) with CL \u2014 case-insensitive is valid", "scored": true, "durationMs": 50.427, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: Chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Body: Content-Length: 5\r\n\r\nhello"}, {"id": "SMUG-CL-COMMA-DIFFERENT", "description": "Content-Length with comma-separated different values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with comma-separated different values must be rejected", "scored": true, "durationMs": 50.2745, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5, 10\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-NOT-FINAL-CHUNKED", "description": "Transfer-Encoding where chunked is not final \u2014 server MUST respond with 400 (RFC 9112 \u00a76.3)", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.3", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding where chunked is not final \u2014 server MUST respond with 400 (RFC 9112 \u00a76.3)", "scored": true, "durationMs": 50.2333, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked, gzip\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 5\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-HTTP10", "description": "Transfer-Encoding in HTTP/1.0 request must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding in HTTP/1.0 request must be rejected", "scored": true, "durationMs": 50.3484, "rawRequest": "POST / HTTP/1.0\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Body: Content-Length: 5\r\n\r\nhello"}, {"id": "SMUG-CHUNK-BARE-SEMICOLON", "description": "Chunk size with bare semicolon and no extension name must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Chunk size with bare semicolon and no extension name must be rejected", "scored": true, "durationMs": 50.3925, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 16\r\n\r\n5;\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-BARE-CR-HEADER-VALUE", "description": "Bare CR in header value must be rejected or replaced with SP", "category": "Smuggling", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare CR in header value must be rejected or replaced with SP", "scored": true, "durationMs": 50.3286, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nX-Test: val\rue\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-OCTAL", "description": "Content-Length with octal prefix (0o5) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with octal prefix (0o5) must be rejected", "scored": true, "durationMs": 50.3789, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0o5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-UNDERSCORE", "description": "Chunk size with underscores (1_0) must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Chunk size with underscores (1_0) must be rejected", "scored": true, "durationMs": 50.3412, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n1_0\r\nhello world!!!!!\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 28\r\n\r\n1_0\r\nhello world!!!!!\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-EMPTY-VALUE", "description": "Transfer-Encoding with empty value must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Transfer-Encoding with empty value must be rejected", "scored": true, "durationMs": 5000.4025, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-LEADING-COMMA", "description": "Transfer-Encoding with leading comma (, chunked) \u2014 RFC says empty list elements MUST be ignored", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.6.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer-Encoding with leading comma (, chunked) \u2014 RFC says empty list elements MUST be ignored", "scored": true, "durationMs": 50.7948, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: , chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Body: Content-Length: 5\r\n\r\nhello"}, {"id": "SMUG-TE-DUPLICATE-HEADERS", "description": "Two Transfer-Encoding headers with CL present \u2014 ambiguous framing", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Two Transfer-Encoding headers with CL present \u2014 ambiguous framing", "scored": true, "durationMs": 50.732, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nTransfer-Encoding: identity\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Body: Content-Length: 5\r\n\r\nhello"}, {"id": "SMUG-CHUNK-HEX-PREFIX", "description": "Chunk size with 0x prefix must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Chunk size with 0x prefix must be rejected", "scored": true, "durationMs": 50.6196, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n0x5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 17\r\n\r\n0x5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-HEX-PREFIX", "description": "Content-Length with hex prefix (0x5) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with hex prefix (0x5) must be rejected", "scored": true, "durationMs": 50.7224, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0x5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-INTERNAL-SPACE", "description": "Content-Length with internal space (1 0) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with internal space (1 0) must be rejected", "scored": true, "durationMs": 50.4991, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 1 0\r\n\r\nhello12345", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-LEADING-SP", "description": "Chunk size with leading space must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Chunk size with leading space must be rejected", "scored": true, "durationMs": 50.5771, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n 5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 16\r\n\r\n 5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-MISSING-TRAILING-CRLF", "description": "Chunk data without trailing CRLF must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Chunk data without trailing CRLF must be rejected", "scored": true, "durationMs": 50.6041, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 13\r\n\r\n5\r\nhello0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-LF", "description": "Bare LF in chunk extension \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Bare LF in chunk extension \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 50.7357, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 15\r\n\r\n5;\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-SPILL", "description": "Chunk declares size 5 but sends 7 bytes \u2014 oversized chunk data must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Chunk declares size 5 but sends 7 bytes \u2014 oversized chunk data must be rejected", "scored": true, "durationMs": 50.9336, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello!!\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 17\r\n\r\n5\r\nhello!!\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-LF-TERM", "description": "Bare LF as chunk data terminator \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Bare LF as chunk data terminator \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 50.8636, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 14\r\n\r\n5\r\nhello\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-CTRL", "description": "NUL byte in chunk extension must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 NUL byte in chunk extension must be rejected", "scored": true, "durationMs": 50.7226, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\u0000ext\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 20\r\n\r\n5;\u0000ext\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-CR", "description": "Bare CR (not CRLF) in chunk extension \u2014 some parsers treat CR alone as line ending", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Bare CR (not CRLF) in chunk extension \u2014 some parsers treat CR alone as line ending", "scored": true, "durationMs": 50.7314, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;a\rX\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 19\r\n\r\n5;a\rX\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-VTAB", "description": "Vertical tab before 'chunked' in TE value \u2014 control char obfuscation vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Vertical tab before 'chunked' in TE value \u2014 control char obfuscation vector", "scored": true, "durationMs": 50.7689, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \u000bchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Body: Content-Length: 5\r\n\r\nhello"}, {"id": "SMUG-TE-FORMFEED", "description": "Form feed before 'chunked' in TE value \u2014 control char obfuscation vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Form feed before 'chunked' in TE value \u2014 control char obfuscation vector", "scored": true, "durationMs": 50.6859, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \fchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Body: Content-Length: 5\r\n\r\nhello"}, {"id": "SMUG-TE-NULL", "description": "NUL byte appended to 'chunked' in TE value \u2014 C-string truncation attack", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 NUL byte appended to 'chunked' in TE value \u2014 C-string truncation attack", "scored": true, "durationMs": 50.6594, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\u0000\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Body: Content-Length: 5\r\n\r\nhello"}, {"id": "SMUG-CHUNK-LF-TRAILER", "description": "Bare LF in chunked trailer termination \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Bare LF in chunked trailer termination \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 5000.9136, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-IDENTITY", "description": "Transfer-Encoding: identity (deprecated) with CL must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding: identity (deprecated) with CL must be rejected", "scored": true, "durationMs": 50.5865, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: identity\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Body: Content-Length: 5\r\n\r\nhello"}, {"id": "SMUG-CHUNK-NEGATIVE", "description": "Negative chunk size must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Negative chunk size must be rejected", "scored": true, "durationMs": 50.5641, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n-1\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 16\r\n\r\n-1\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRANSFER_ENCODING", "description": "Transfer_Encoding (underscore) header with CL \u2014 not a valid header but some parsers accept", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer_Encoding (underscore) header with CL \u2014 not a valid header but some parsers accept", "scored": false, "durationMs": 50.4299, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer_Encoding: chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Body: Content-Length: 5\r\n\r\nhello"}, {"id": "SMUG-CL-COMMA-SAME", "description": "Content-Length with comma-separated identical values \u2014 some servers merge", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with comma-separated identical values \u2014 some servers merge", "scored": false, "durationMs": 50.4173, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5, 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNKED-WITH-PARAMS", "description": "Transfer-Encoding: chunked;ext=val \u2014 parameters on chunked encoding", "category": "Smuggling", "rfc": "RFC 9112 \u00a77", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer-Encoding: chunked;ext=val \u2014 parameters on chunked encoding", "scored": true, "durationMs": 50.5059, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked;ext=val\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Body: Content-Length: 5\r\n\r\nhello"}, {"id": "SMUG-EXPECT-100-CL", "description": "Expect: 100-continue with Content-Length \u2014 server should send 100 then read body", "category": "Smuggling", "rfc": "RFC 9110 \u00a710.1.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Expect: 100-continue with Content-Length \u2014 server should send 100 then read body", "scored": false, "durationMs": 50.5028, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nExpect: 100-continue\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TRAILER-CL", "description": "Content-Length in chunked trailers must be ignored \u2014 prohibited trailer field", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length in chunked trailers must be ignored \u2014 prohibited trailer field", "scored": false, "durationMs": 50.6183, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nContent-Length: 50\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 35\r\n\r\n5\r\nhello\r\n0\r\nContent-Length: 50\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-TE", "description": "Transfer-Encoding in chunked trailers must be ignored \u2014 prohibited trailer field", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer-Encoding in chunked trailers must be ignored \u2014 prohibited trailer field", "scored": false, "durationMs": 50.3602, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nTransfer-Encoding: chunked\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 43\r\n\r\n5\r\nhello\r\n0\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-HOST", "description": "Host header in chunked trailers must not be used for routing", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Host header in chunked trailers must not be used for routing", "scored": false, "durationMs": 50.316, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nHost: evil.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 39\r\n\r\n5\r\nhello\r\n0\r\nHost: evil.example.com\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-AUTH", "description": "Authorization header in chunked trailers \u2014 prohibited per RFC 9110 \u00a76.5.1", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Authorization header in chunked trailers \u2014 prohibited per RFC 9110 \u00a76.5.1", "scored": false, "durationMs": 50.4099, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nAuthorization: Bearer evil\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 43\r\n\r\n5\r\nhello\r\n0\r\nAuthorization: Bearer evil\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-HEAD-CL-BODY", "description": "HEAD request with Content-Length and body \u2014 server must not leave body on connection", "category": "Smuggling", "rfc": "RFC 9110 \u00a79.3.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "HEAD request with Content-Length and body \u2014 server must not leave body on connection", "scored": false, "durationMs": 50.3459, "rawRequest": "HEAD / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "SMUG-OPTIONS-CL-BODY", "description": "OPTIONS with Content-Length and body \u2014 server should consume or reject body", "category": "Smuggling", "rfc": "RFC 9110 \u00a79.3.7", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "OPTIONS with Content-Length and body \u2014 server should consume or reject body", "scored": false, "durationMs": 50.4016, "rawRequest": "OPTIONS / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "SMUG-CL-UNDERSCORE", "description": "Content-Length with underscore digit separator (1_0) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with underscore digit separator (1_0) must be rejected", "scored": true, "durationMs": 50.3477, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 1_0\r\n\r\nhelloworld", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-NEGATIVE-ZERO", "description": "Content-Length: -0 must be rejected \u2014 not valid 1*DIGIT", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length: -0 must be rejected \u2014 not valid 1*DIGIT", "scored": true, "durationMs": 50.4989, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: -0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-DOUBLE-ZERO", "description": "Content-Length: 00 \u2014 matches 1*DIGIT but leading zero ambiguity", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length: 00 \u2014 matches 1*DIGIT but leading zero ambiguity", "scored": true, "durationMs": 50.4322, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 00\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "SMUG-CL-LEADING-ZEROS-OCTAL", "description": "Content-Length: 0200 \u2014 octal 128 vs decimal 200, parser disagreement vector", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length: 0200 \u2014 octal 128 vs decimal 200, parser disagreement vector", "scored": true, "durationMs": 50.5358, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0200\r\n\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 200\r\n\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "behavioralNote": null}, {"id": "SMUG-TE-OBS-FOLD", "description": "Transfer-Encoding with obs-fold line wrapping must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a75.1", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "Open", "reason": "Expected 400, got 200 \u2014 Transfer-Encoding with obs-fold line wrapping must be rejected", "scored": true, "durationMs": 50.547, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding:\r\n chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Body: Content-Length: 5\r\n\r\nhello"}, {"id": "SMUG-TE-TRAILING-COMMA", "description": "Transfer-Encoding: chunked, \u2014 trailing comma produces empty list element", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.6.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer-Encoding: chunked, \u2014 trailing comma produces empty list element", "scored": true, "durationMs": 50.7201, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked,\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Body: Content-Length: 5\r\n\r\nhello"}, {"id": "SMUG-TE-TAB-BEFORE-VALUE", "description": "Transfer-Encoding with tab as OWS before value", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer-Encoding with tab as OWS before value", "scored": false, "durationMs": 50.4874, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding:\tchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Body: Content-Length: 5\r\n\r\nhello"}, {"id": "SMUG-ABSOLUTE-URI-HOST-MISMATCH", "description": "Absolute-form URI with different Host header \u2014 routing confusion vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a73.2.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Absolute-form URI with different Host header \u2014 routing confusion vector", "scored": false, "durationMs": 51.5216, "rawRequest": "GET http://other.example.com/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "SMUG-MULTIPLE-HOST-COMMA", "description": "Host header with comma-separated values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a77.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Host header with comma-separated values must be rejected", "scored": true, "durationMs": 50.3366, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080, other.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "SMUG-CHUNK-BARE-CR-TERM", "description": "Chunk size line terminated by bare CR \u2014 not a valid line terminator", "category": "Smuggling", "rfc": "RFC 9112 \u00a72.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Chunk size line terminated by bare CR \u2014 not a valid line terminator", "scored": true, "durationMs": 50.3992, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\rhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 14\r\n\r\n5\rhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-CONTENT-TYPE", "description": "Content-Type in chunked trailer \u2014 prohibited per RFC 9110 \u00a76.5.1", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Type in chunked trailer \u2014 prohibited per RFC 9110 \u00a76.5.1", "scored": false, "durationMs": 50.4944, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nContent-Type: text/evil\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 40\r\n\r\n5\r\nhello\r\n0\r\nContent-Type: text/evil\r\n\r\n", "behavioralNote": null}, {"id": "MAL-BINARY-GARBAGE", "description": "Random binary garbage should be rejected or connection closed", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Random binary garbage should be rejected or connection closed", "scored": true, "durationMs": 5001.1692, "rawRequest": ">\u0017???\u0004?;???V???:o?M%U\u0017]?n?\t\u0014W??6??(\u000b??\u0007???p??\u0005\tngk??\rF?'??'\"?????g?\u001a?????rvc??7i??????)??\u0000Q?????\u000eq\u0005-~????>B??u?8???`\u000b?J\u0017>?\u001d?b?\t???T5{\n????\u0006t|????\u0018\u0010?D??\u0015'????dQ%5w\tN K???\r?\u0011????D?\u0003I?(?\u0011??\r?\u001bi?L???\u0005?kg4Ze\f6??\"QT><<`\u0007u\f????=1?jMah\u0012??+?-??J\u001cP??\u001d?7?,???j2\u0014????(", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-LONG-URL", "description": "100KB URL should be rejected with 414 URI Too Long", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400/414/431 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400/414/431 or close, got 200 \u2014 100KB URL should be rejected with 414 URI Too Long", "scored": true, "durationMs": 51.0049, "rawRequest": "GET /AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-LONG-HEADER-VALUE", "description": "100KB header value should be rejected with 431", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400/431 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400/431 or close, got 200 \u2014 100KB header value should be rejected with 431", "scored": true, "durationMs": 50.808, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Big: BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-MANY-HEADERS", "description": "10,000 headers should be rejected with 431", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400/431 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400/431 or close, got 200 \u2014 10,000 headers should be rejected with 431", "scored": true, "durationMs": 52.2522, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-H-0: value\r\nX-H-1: value\r\nX-H-2: value\r\nX-H-3: value\r\nX-H-4: value\r\nX-H-5: value\r\nX-H-6: value\r\nX-H-7: value\r\nX-H-8: value\r\nX-H-9: value\r\nX-H-10: value\r\nX-H-11: value\r\nX-H-12: value\r\nX-H-13: value\r\nX-H-14: value\r\nX-H-15: value\r\nX-H-16: value\r\nX-H-17: value\r\nX-H-18: value\r\nX-H-19: value\r\nX-H-20: value\r\nX-H-21: value\r\nX-H-22: value\r\nX-H-23: value\r\nX-H-24: value\r\nX-H-25: value\r\nX-H-26: value\r\nX-H-27: value\r\nX-H-28: value\r\nX-H-29: value\r\nX-H-30: value\r\nX-H-31: value\r\nX-H-32: value\r\nX-H-33: value\r\nX-H-34: value\r\nX-H-35: value\r\nX-H-36: value\r\nX-H-37: value\r\nX-H-38: value\r\nX-H-39: value\r\nX-H-40: value\r\nX-H-41: value\r\nX-H-42: value\r\nX-H-43: value\r\nX-H-44: value\r\nX-H-45: value\r\nX-H-46: value\r\nX-H-47: value\r\nX-H-48: value\r\nX-H-49: value\r\nX-H-50: value\r\nX-H-51: value\r\nX-H-52: value\r\nX-H-53: value\r\nX-H-54: value\r\nX-H-55: value\r\nX-H-56: value\r\nX-H-57: value\r\nX-H-58: value\r\nX-H-59: value\r\nX-H-60: value\r\nX-H-61: value\r\nX-H-62: value\r\nX-H-63: value\r\nX-H-64: value\r\nX-H-65: value\r\nX-H-66: value\r\nX-H-67: value\r\nX-H-68: value\r\nX-H-69: value\r\nX-H-70: value\r\nX-H-71: value\r\nX-H-72: value\r\nX-H-73: value\r\nX-H-74: value\r\nX-H-75: value\r\nX-H-76: value\r\nX-H-77: value\r\nX-H-78: value\r\nX-H-79: value\r\nX-H-80: value\r\nX-H-81: value\r\nX-H-82: value\r\nX-H-83: value\r\nX-H-84: value\r\nX-H-85: value\r\nX-H-86: value\r\nX-H-87: value\r\nX-H-88: value\r\nX-H-89: value\r\nX-H-90: value\r\nX-H-91: value\r\nX-H-92: value\r\nX-H-93: value\r\nX-H-94: value\r\nX-H-95: value\r\nX-H-96: value\r\nX-H-97: value\r\nX-H-98: value\r\nX-H-99: value\r\nX-H-100: value\r\nX-H-101: value\r\nX-H-102: value\r\nX-H-103: value\r\nX-H-104: value\r\nX-H-105: value\r\nX-H-106: value\r\nX-H-107: value\r\nX-H-108: value\r\nX-H-109: value\r\nX-H-110: value\r\nX-H-111: value\r\nX-H-112: value\r\nX-H-113: value\r\nX-H-114: value\r\nX-H-115: value\r\nX-H-116: value\r\nX-H-117: value\r\nX-H-118: value\r\nX-H-119: value\r\nX-H-120: value\r\nX-H-121: value\r\nX-H-122: value\r\nX-H-123: value\r\nX-H-124: value\r\nX-H-125: value\r\nX-H-126: value\r\nX-H-127: value\r\nX-H-128: value\r\nX-H-129: value\r\nX-H-130: value\r\nX-H-131: value\r\nX-H-132: value\r\nX-H-133: value\r\nX-H-134: value\r\nX-H-135: value\r\nX-H-136: value\r\nX-H-137: value\r\nX-H-138: value\r\nX-H-139: value\r\nX-H-140: value\r\nX-H-141: value\r\nX-H-142: value\r\nX-H-143: value\r\nX-H-144: value\r\nX-H-145: value\r\nX-H-146: value\r\nX-H-147: value\r\nX-H-148: value\r\nX-H-149: value\r\nX-H-150: value\r\nX-H-151: value\r\nX-H-152: value\r\nX-H-153: value\r\nX-H-154: value\r\nX-H-155: value\r\nX-H-156: value\r\nX-H-157: value\r\nX-H-158: value\r\nX-H-159: value\r\nX-H-160: value\r\nX-H-161: value\r\nX-H-162: value\r\nX-H-163: value\r\nX-H-164: value\r\nX-H-165: value\r\nX-H-166: value\r\nX-H-167: value\r\nX-H-168: value\r\nX-H-169: value\r\nX-H-170: value\r\nX-H-171: value\r\nX-H-172: value\r\nX-H-173: value\r\nX-H-174: value\r\nX-H-175: value\r\nX-H-176: value\r\nX-H-177: value\r\nX-H-178: value\r\nX-H-179: value\r\nX-H-180: value\r\nX-H-181: value\r\nX-H-182: value\r\nX-H-183: value\r\nX-H-184: value\r\nX-H-185: value\r\nX-H-186: value\r\nX-H-187: value\r\nX-H-188: value\r\nX-H-189: value\r\nX-H-190: value\r\nX-H-191: value\r\nX-H-192: value\r\nX-H-193: value\r\nX-H-194: value\r\nX-H-195: value\r\nX-H-196: value\r\nX-H-197: value\r\nX-H-198: value\r\nX-H-199: value\r\nX-H-200: value\r\nX-H-201: value\r\nX-H-202: value\r\nX-H-203: value\r\nX-H-204: value\r\nX-H-205: value\r\nX-H-206: value\r\nX-H-207: value\r\nX-H-208: value\r\nX-H-209: value\r\nX-H-210: value\r\nX-H-211: value\r\nX-H-212: value\r\nX-H-213: value\r\nX-H-214: value\r\nX-H-215: value\r\nX-H-216: value\r\nX-H-217: value\r\nX-H-218: value\r\nX-H-219: value\r\nX-H-220: value\r\nX-H-221: value\r\nX-H-222: value\r\nX-H-223: value\r\nX-H-224: value\r\nX-H-225: value\r\nX-H-226: value\r\nX-H-227: value\r\nX-H-228: value\r\nX-H-229: value\r\nX-H-230: value\r\nX-H-231: value\r\nX-H-232: value\r\nX-H-233: value\r\nX-H-234: value\r\nX-H-235: value\r\nX-H-236: value\r\nX-H-237: value\r\nX-H-238: value\r\nX-H-239: value\r\nX-H-240: value\r\nX-H-241: value\r\nX-H-242: value\r\nX-H-243: value\r\nX-H-244: value\r\nX-H-245: value\r\nX-H-246: value\r\nX-H-247: value\r\nX-H-248: value\r\nX-H-249: value\r\nX-H-250: value\r\nX-H-251: value\r\nX-H-252: value\r\nX-H-253: value\r\nX-H-254: value\r\nX-H-255: value\r\nX-H-256: value\r\nX-H-257: value\r\nX-H-258: value\r\nX-H-259: value\r\nX-H-260: value\r\nX-H-261: value\r\nX-H-262: value\r\nX-H-263: value\r\nX-H-264: value\r\nX-H-265: value\r\nX-H-266: value\r\nX-H-267: value\r\nX-H-268: value\r\nX-H-269: value\r\nX-H-270: value\r\nX-H-271: value\r\nX-H-272: value\r\nX-H-273: value\r\nX-H-274: value\r\nX-H-275: value\r\nX-H-276: value\r\nX-H-277: value\r\nX-H-278: value\r\nX-H-279: value\r\nX-H-280: value\r\nX-H-281: value\r\nX-H-282: value\r\nX-H-283: value\r\nX-H-284: value\r\nX-H-285: value\r\nX-H-286: value\r\nX-H-287: value\r\nX-H-288: value\r\nX-H-289: value\r\nX-H-290: value\r\nX-H-291: value\r\nX-H-292: value\r\nX-H-293: value\r\nX-H-294: value\r\nX-H-295: value\r\nX-H-296: value\r\nX-H-297: value\r\nX-H-298: value\r\nX-H-299: value\r\nX-H-300: value\r\nX-H-301: value\r\nX-H-302: value\r\nX-H-303: value\r\nX-H-304: value\r\nX-H-305: value\r\nX-H-306: value\r\nX-H-307: value\r\nX-H-308: value\r\nX-H-309: value\r\nX-H-310: value\r\nX-H-311: value\r\nX-H-312: value\r\nX-H-313: value\r\nX-H-314: value\r\nX-H-315: value\r\nX-H-316: value\r\nX-H-317: value\r\nX-H-318: value\r\nX-H-319: value\r\nX-H-320: value\r\nX-H-321: value\r\nX-H-322: value\r\nX-H-323: value\r\nX-H-324: value\r\nX-H-325: value\r\nX-H-326: value\r\nX-H-327: value\r\nX-H-328: value\r\nX-H-329: value\r\nX-H-330: value\r\nX-H-331: value\r\nX-H-332: value\r\nX-H-333: value\r\nX-H-334: value\r\nX-H-335: value\r\nX-H-336: value\r\nX-H-337: value\r\nX-H-338: value\r\nX-H-339: value\r\nX-H-340: value\r\nX-H-341: value\r\nX-H-342: value\r\nX-H-343: value\r\nX-H-344: value\r\nX-H-345: value\r\nX-H-346: value\r\nX-H-347: value\r\nX-H-348: value\r\nX-H-349: value\r\nX-H-350: value\r\nX-H-351: value\r\nX-H-352: value\r\nX-H-353: value\r\nX-H-354: value\r\nX-H-355: value\r\nX-H-356: value\r\nX-H-357: value\r\nX-H-358: value\r\nX-H-359: value\r\nX-H-360: value\r\nX-H-361: value\r\nX-H-362: value\r\nX-H-363: value\r\nX-H-364: value\r\nX-H-365: value\r\nX-H-366: value\r\nX-H-367: value\r\nX-H-368: value\r\nX-H-369: value\r\nX-H-370: value\r\nX-H-371: value\r\nX-H-372: value\r\nX-H-373: value\r\nX-H-374: value\r\nX-H-375: value\r\nX-H-376: value\r\nX-H-377: value\r\nX-H-378: value\r\nX-H-379: value\r\nX-H-380: value\r\nX-H-381: value\r\nX-H-382: value\r\nX-H-383: value\r\nX-H-384: value\r\nX-H-385: value\r\nX-H-386: value\r\nX-H-387: value\r\nX-H-388: value\r\nX-H-389: value\r\nX-H-390: value\r\nX-H-391: value\r\nX-H-392: value\r\nX-H-393: value\r\nX-H-394: value\r\nX-H-395: value\r\nX-H-396: value\r\nX-H-397: value\r\nX-H-398: value\r\nX-H-399: value\r\nX-H-400: value\r\nX-H-401: value\r\nX-H-402: value\r\nX-H-403: value\r\nX-H-404: value\r\nX-H-405: value\r\nX-H-406: value\r\nX-H-407: value\r\nX-H-408: value\r\nX-H-409: value\r\nX-H-410: value\r\nX-H-411: value\r\nX-H-412: value\r\nX-H-413: value\r\nX-H-414: value\r\nX-H-415: value\r\nX-H-416: value\r\nX-H-417: value\r\nX-H-418: value\r\nX-H-419: value\r\nX-H-420: value\r\nX-H-421: value\r\nX-H-422: value\r\nX-H-423: value\r\nX-H-424: value\r\nX-H-425: value\r\nX-H-426: value\r\nX-H-427: value\r\nX-H-428: value\r\nX-H-429: value\r\nX-H-430: value\r\nX-H-431: value\r\nX-H-432: value\r\nX-H-433: value\r\nX-H-434: value\r\nX-H-435: value\r\nX-H-436: value\r\nX-H-437: value\r\nX-H-438: value\r\nX-H-439: value\r\nX-H-440: value\r\nX-H-441: value\r\nX-H-442: value\r\nX-H-443: value\r\nX-H-444: value\r\nX-H-445: value\r\nX-H-446: value\r\nX-H-447: value\r\nX-H-448: value\r\nX-H-449: value\r\nX-H-450: value\r\nX-H-451: value\r\nX-H-452: value\r\nX-H-453: value\r\nX-H-454: value\r\nX-H-455: value\r\nX-H-456: value\r\nX-H-457: value\r\nX-H-458: value\r\nX-H-459: value\r\nX-H-460: value\r\nX-H-461: value\r\nX-H-462: value\r\nX-H-463: value\r\nX-H-464: value\r\nX-H-465: value\r\nX-H-466: value\r\nX-H-467: value\r\nX-H-468: value\r\nX-H-469: value\r\nX-H-470: value\r\nX-H-471: value\r\nX-H-472: value\r\nX-H-473: value\r\nX-H-474: value\r\nX-H-475: value\r\nX-H-476: value\r\nX-H-477: value\r\nX-H-478: value\r\nX-H-479: value\r\nX-H-480: value\r\nX-H-481: value\r\nX-H-482: value\r\nX-H-483: value\r\nX-H-484: value\r\nX-H-485: value\r\nX-H-486: value\r\nX-H-487: value\r\nX-H-488: value\r\nX-H-489: value\r\nX-H-490: value\r\nX-H-491: value\r\nX-H-492: value\r\nX-H-493: value\r\nX-H-494: value\r\nX-H-495: value\r\nX-H-496: value\r\nX-H-497: value\r\nX-H-498: value\r\nX-H-499: value\r\nX-H-500: value\r\nX-H-501: value\r\nX-H-502: value\r\nX-H-503: value\r\nX-H-504: value\r\nX-H-505: value\r\nX-H-506: value\r\nX-H-507: value\r\nX-H-508: value\r\nX-H-509: value\r\nX-H-510: value\r\nX-H-511: value\r\nX-H-512: value\r\nX-H-513: value\r\nX-H-514: value\r\nX-H-515: value\r\nX-H-516:", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-NUL-IN-URL", "description": "NUL byte in URL should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 NUL byte in URL should be rejected", "scored": true, "durationMs": 50.3462, "rawRequest": "GET /\u0000test HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-CONTROL-CHARS-HEADER", "description": "Control characters in header value should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Control characters in header value should be rejected", "scored": true, "durationMs": 50.3888, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: abc\u0007\b?f\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-INCOMPLETE-REQUEST", "description": "Partial HTTP request \u2014 request-line and headers but no final CRLF", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Partial HTTP request \u2014 request-line and headers but no final CRLF", "scored": true, "durationMs": 5000.6353, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: value", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-EMPTY-REQUEST", "description": "Zero bytes \u2014 TCP connection established without sending any data", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Zero bytes \u2014 TCP connection established without sending any data", "scored": true, "durationMs": 5000.5708, "rawRequest": "", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-LONG-HEADER-NAME", "description": "100KB header name should be rejected with 400/431", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400/431 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400/431 or close, got 200 \u2014 100KB header name should be rejected with 400/431", "scored": true, "durationMs": 51.4913, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-LONG-METHOD", "description": "100KB method name should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or close, got TimedOut \u2014 100KB method name should be rejected", "scored": true, "durationMs": 5000.5432, "rawRequest": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-NON-ASCII-HEADER-NAME", "description": "Non-ASCII bytes (UTF-8 \u00eb) in header name must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Non-ASCII bytes (UTF-8 \u00eb) in header name must be rejected", "scored": true, "durationMs": 50.3934, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-T??st: value\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-NON-ASCII-URL", "description": "Non-ASCII bytes (UTF-8 \u00e9) in URL must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Non-ASCII bytes (UTF-8 \u00e9) in URL must be rejected", "scored": true, "durationMs": 50.411, "rawRequest": "GET /caf?? HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-CL-OVERFLOW", "description": "Content-Length with integer overflow value must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Content-Length with integer overflow value must be rejected", "scored": true, "durationMs": 5000.2636, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 99999999999999999999\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-WHITESPACE-ONLY-LINE", "description": "Whitespace-only request line should be rejected or timeout", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Whitespace-only request line should be rejected or timeout", "scored": true, "durationMs": 5000.2703, "rawRequest": "   \r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-NUL-IN-HEADER-VALUE", "description": "NUL byte in header value should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 NUL byte in header value should be rejected", "scored": true, "durationMs": 50.4229, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: val\u0000ue\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-CHUNK-SIZE-OVERFLOW", "description": "Chunk size with integer overflow must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Chunk size with integer overflow must be rejected", "scored": true, "durationMs": 50.3448, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\nFFFFFFFFFFFFFFFF0\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 31\r\n\r\nFFFFFFFFFFFFFFFF0\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-H2-PREFACE", "description": "HTTP/2 connection preface sent to HTTP/1.1 server must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400/505/close/timeout", "got": "200", "connectionState": "Open", "reason": "Expected 400/505/close/timeout, got 200 \u2014 HTTP/2 connection preface sent to HTTP/1.1 server must be rejected", "scored": true, "durationMs": 50.4745, "rawRequest": "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-CL-EMPTY", "description": "Empty Content-Length value must be rejected", "category": "MalformedInput", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Empty Content-Length value must be rejected", "scored": true, "durationMs": 5000.5358, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: \r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-CL-TAB-BEFORE-VALUE", "description": "Content-Length with tab as OWS \u2014 valid per RFC but unusual", "category": "MalformedInput", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with tab as OWS \u2014 valid per RFC but unusual", "scored": true, "durationMs": 50.6308, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length:\t5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "MAL-URL-BACKSLASH", "description": "Backslash in URL path \u2014 not valid URI character, some servers normalize to /", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx/404", "got": "200", "connectionState": "Open", "reason": "Backslash in URL path \u2014 not valid URI character, some servers normalize to /", "scored": true, "durationMs": 50.8525, "rawRequest": "GET /path\\file HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-URL-OVERLONG-UTF8", "description": "Overlong UTF-8 encoding of / (0xC0 0xAF) in URL must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Overlong UTF-8 encoding of / (0xC0 0xAF) in URL must be rejected", "scored": true, "durationMs": 51.3225, "rawRequest": "GET /?? HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-URL-PERCENT-NULL", "description": "Percent-encoded NUL byte (%00) in URL \u2014 security risk from null byte injection", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx/404", "got": "200", "connectionState": "Open", "reason": "Percent-encoded NUL byte (%00) in URL \u2014 security risk from null byte injection", "scored": true, "durationMs": 49.6858, "rawRequest": "GET /path%00.html HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-URL-PERCENT-CRLF", "description": "Percent-encoded CRLF (%0d%0a) in URL \u2014 header injection if server decodes during parsing", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx/404", "got": "200", "connectionState": "Open", "reason": "Percent-encoded CRLF (%0d%0a) in URL \u2014 header injection if server decodes during parsing", "scored": true, "durationMs": 50.7989, "rawRequest": "GET /path%0d%0aX-Injected:%20true HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-CHUNK-EXT-64K", "description": "64KB chunk extension \u2014 tests extension length limits (CVE-2023-39326 class)", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "64KB chunk extension \u2014 tests extension length limits (CVE-2023-39326 class)", "scored": true, "durationMs": 51.9701, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;ext=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 65556\r\n\r\n5;ext=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "behavioralNote": null}, {"id": "MAL-RANGE-OVERLAPPING", "description": "1000 overlapping Range values \u2014 resource exhaustion vector (CVE-2011-3192 class)", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "200/206/400/416", "got": "200", "connectionState": "Open", "reason": "1000 overlapping Range values \u2014 resource exhaustion vector (CVE-2011-3192 class)", "scored": false, "durationMs": 51.595, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nRange: bytes=0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-POST-CL-HUGE-NO-BODY", "description": "POST with Content-Length: 999999999 but no body \u2014 tests timeout vs memory allocation", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "POST with Content-Length: 999999999 but no body \u2014 tests timeout vs memory allocation", "scored": true, "durationMs": 5000.8277, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 999999999\r\n\r\n", "rawResponse": null, "behavioralNote": null}], "name": "NetCoreServer", "language": "C#"}, {"summary": {"total": 143, "scored": 125, "passed": 75, "failed": 32, "warnings": 18, "unscored": 18}, "results": [{"id": "COMP-BASELINE", "description": "Valid GET request \u2014 confirms server is reachable", "category": "Compliance", "rfc": null, "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid GET request \u2014 confirms server is reachable", "scored": true, "durationMs": 63.5033, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:55 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-2.2-BARE-LF-REQUEST-LINE", "description": "Bare LF in request line should be rejected, but MAY be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or close (pass), 2xx (warn)", "got": "200", "connectionState": "Open", "reason": "Bare LF in request line should be rejected, but MAY be accepted", "scored": true, "durationMs": 51.3799, "rawRequest": "GET / HTTP/1.1\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:55 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-2.2-BARE-LF-HEADER", "description": "Bare LF in header should be rejected, but MAY be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or close (pass), 2xx (warn)", "got": "200", "connectionState": "Open", "reason": "Bare LF in header should be rejected, but MAY be accepted", "scored": true, "durationMs": 50.5625, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\nX-Test: value\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:55 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-5.1-OBS-FOLD", "description": "Obs-fold (line folding) in headers should be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75.1", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Obs-fold (line folding) in headers should be rejected", "scored": true, "durationMs": 50.5445, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: value\r\n continued\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:55 GMT\r\nContent-Length: 34\r\nConnection: close\r\n\r\n<h1>Bad Request (Bad Request)</h1>", "behavioralNote": null}, {"id": "RFC9110-5.6.2-SP-BEFORE-COLON", "description": "Whitespace between header name and colon must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "Open", "reason": "Expected 400, got 200 \u2014 Whitespace between header name and colon must be rejected", "scored": true, "durationMs": 50.5362, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test : value\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:55 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-3-MULTI-SP-REQUEST-LINE", "description": "Multiple spaces between request-line components \u2014 SHOULD reject but MAY parse leniently", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Multiple spaces between request-line components \u2014 SHOULD reject but MAY parse leniently", "scored": true, "durationMs": 50.6879, "rawRequest": "GET  / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:55 GMT\r\nContent-Length: 54\r\nConnection: close\r\nKeep-Alive: true\r\n\r\n<h1>Bad Request (Invalid request line (version).)</h1>", "behavioralNote": null}, {"id": "RFC9112-7.1-MISSING-HOST", "description": "Request without Host header must be rejected with 400", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Request without Host header must be rejected with 400", "scored": true, "durationMs": 50.2565, "rawRequest": "GET / HTTP/1.1\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:55 GMT\r\nContent-Length: 40\r\nConnection: close\r\n\r\n<h1>Bad Request (Invalid host name)</h1>", "behavioralNote": null}, {"id": "RFC9112-2.3-INVALID-VERSION", "description": "Invalid HTTP version must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 505, "expected": "400/505 or close", "got": "505", "connectionState": "Open", "reason": "Invalid HTTP version must be rejected", "scored": true, "durationMs": 50.4323, "rawRequest": "GET / HTTP/9.9\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 505 Http Version Not Supported\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:55 GMT\r\nContent-Length: 64\r\n\r\n<h1>Http Version Not Supported (Http Version Not Supported)</h1>", "behavioralNote": null}, {"id": "RFC9112-5-EMPTY-HEADER-NAME", "description": "Empty header name (leading colon) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Empty header name (leading colon) must be rejected", "scored": true, "durationMs": 50.4481, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\n: empty-name\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:55 GMT\r\nContent-Length: 34\r\nConnection: close\r\n\r\n<h1>Bad Request (Bad Request)</h1>", "behavioralNote": null}, {"id": "RFC9112-3-CR-ONLY-LINE-ENDING", "description": "CR without LF as line ending must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "CR without LF as line ending must be rejected", "scored": true, "durationMs": 50.461, "rawRequest": "GET / HTTP/1.1\rHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:55 GMT\r\nContent-Length: 54\r\nConnection: close\r\nKeep-Alive: true\r\n\r\n<h1>Bad Request (Invalid request line (version).)</h1>", "behavioralNote": null}, {"id": "RFC9112-3-MISSING-TARGET", "description": "Request line with no target (space but no path) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Request line with no target (space but no path) must be rejected", "scored": true, "durationMs": 50.4874, "rawRequest": "GET HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:55 GMT\r\nContent-Length: 52\r\nConnection: close\r\nKeep-Alive: true\r\n\r\n<h1>Bad Request (Invalid request line (parts).)</h1>", "behavioralNote": null}, {"id": "RFC9112-3.2-FRAGMENT-IN-TARGET", "description": "Fragment (#) in request-target \u2014 not part of origin-form grammar", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Fragment (#) in request-target \u2014 not part of origin-form grammar", "scored": true, "durationMs": 50.6829, "rawRequest": "GET /path#frag HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:55 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-2.3-HTTP09-REQUEST", "description": "HTTP/0.9 request (no version) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/0.9 request (no version) must be rejected", "scored": true, "durationMs": 50.4506, "rawRequest": "GET /\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:55 GMT\r\nContent-Length: 52\r\nConnection: close\r\nKeep-Alive: true\r\n\r\n<h1>Bad Request (Invalid request line (parts).)</h1>", "behavioralNote": null}, {"id": "RFC9112-5-INVALID-HEADER-NAME", "description": "Header name with invalid characters (brackets) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Header name with invalid characters (brackets) must be rejected", "scored": true, "durationMs": 50.6697, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nBad[Name: value\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:55 GMT\r\nContent-Length: 104\r\nConnection: close\r\n\r\n<h1>Bad Request (Specified value 'Bad[Name' has invalid HTTP Header characters. (Parameter 'name'))</h1>", "behavioralNote": null}, {"id": "RFC9112-5-HEADER-NO-COLON", "description": "Header line without colon must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Header line without colon must be rejected", "scored": true, "durationMs": 50.5028, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nNoColonHere\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:55 GMT\r\nContent-Length: 34\r\nConnection: close\r\n\r\n<h1>Bad Request (Bad Request)</h1>", "behavioralNote": null}, {"id": "RFC9110-5.4-DUPLICATE-HOST", "description": "Duplicate Host headers with different values must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "Open", "reason": "Expected 400, got 200 \u2014 Duplicate Host headers with different values must be rejected", "scored": true, "durationMs": 50.5913, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nHost: other.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:56 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-6.1-CL-NON-NUMERIC", "description": "Non-numeric Content-Length must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Non-numeric Content-Length must be rejected", "scored": true, "durationMs": 51.1327, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: abc\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:56 GMT\r\nContent-Length: 74\r\nConnection: close\r\n\r\n<h1>Bad Request (The input string 'abc' was not in a correct format.)</h1>", "behavioralNote": null}, {"id": "RFC9112-6.1-CL-PLUS-SIGN", "description": "Content-Length with plus sign must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Content-Length with plus sign must be rejected", "scored": true, "durationMs": 51.1007, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: +5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:56 GMT\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-WHITESPACE-BEFORE-HEADERS", "description": "Whitespace before first header line must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Whitespace before first header line must be rejected", "scored": true, "durationMs": 50.5618, "rawRequest": "GET / HTTP/1.1\r\n \r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:56 GMT\r\nContent-Length: 34\r\nConnection: close\r\n\r\n<h1>Bad Request (Bad Request)</h1>", "behavioralNote": null}, {"id": "COMP-DUPLICATE-HOST-SAME", "description": "Duplicate Host headers with identical values must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "Open", "reason": "Expected 400, got 200 \u2014 Duplicate Host headers with identical values must be rejected", "scored": true, "durationMs": 50.7804, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:56 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HOST-WITH-USERINFO", "description": "Host header with userinfo (user@host) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Host header with userinfo (user@host) must be rejected", "scored": true, "durationMs": 50.5007, "rawRequest": "GET / HTTP/1.1\r\nHost: user@localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:56 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HOST-WITH-PATH", "description": "Host header with path component must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Host header with path component must be rejected", "scored": true, "durationMs": 50.6651, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080/path\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:56 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-ASTERISK-WITH-GET", "description": "Asterisk-form (*) request-target with GET must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.4", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Asterisk-form (*) request-target with GET must be rejected", "scored": true, "durationMs": 50.8171, "rawRequest": "GET * HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:56 GMT\r\nContent-Length: 58\r\nConnection: close\r\n\r\n<h1>Bad Request (Invalid url: http://localhost:8080*)</h1>", "behavioralNote": null}, {"id": "COMP-OPTIONS-STAR", "description": "OPTIONS * is the only valid asterisk-form request", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.4", "verdict": "Fail", "statusCode": 400, "expected": "2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Expected 2xx, got 400 \u2014 OPTIONS * is the only valid asterisk-form request", "scored": true, "durationMs": 50.7987, "rawRequest": "OPTIONS * HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:56 GMT\r\nContent-Length: 58\r\nConnection: close\r\n\r\n<h1>Bad Request (Invalid url: http://localhost:8080*)</h1>", "behavioralNote": null}, {"id": "COMP-UNKNOWN-TE-501", "description": "Unknown Transfer-Encoding without CL should be rejected with 501", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 501, "expected": "400/501 or close", "got": "501", "connectionState": "Open", "reason": "Unknown Transfer-Encoding without CL should be rejected with 501", "scored": true, "durationMs": 50.8482, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: gzip\r\n\r\n", "rawResponse": "HTTP/1.1 501 Not Implemented\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:56 GMT\r\nContent-Length: 24\r\n\r\n<h1>Not Implemented</h1>", "behavioralNote": null}, {"id": "COMP-LEADING-CRLF", "description": "Leading CRLF before request-line \u2014 server may ignore per RFC", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Leading CRLF before request-line \u2014 server may ignore per RFC", "scored": true, "durationMs": 50.5891, "rawRequest": "\r\n\r\nGET / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:56 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-ABSOLUTE-FORM", "description": "Absolute-form request-target \u2014 server should accept per RFC", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Absolute-form request-target \u2014 server should accept per RFC", "scored": true, "durationMs": 50.5984, "rawRequest": "GET http://localhost:8080/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:56 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-METHOD-CASE", "description": "Lowercase method 'get' \u2014 methods are case-sensitive per RFC", "category": "Compliance", "rfc": "RFC 9110 \u00a79.1", "verdict": "Warn", "statusCode": 200, "expected": "400/405/501 or 2xx", "got": "200", "connectionState": "Open", "reason": "Lowercase method 'get' \u2014 methods are case-sensitive per RFC", "scored": true, "durationMs": 50.5363, "rawRequest": "get / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:56 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-POST-CL-BODY", "description": "POST with Content-Length and matching body must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "POST with Content-Length and matching body must be accepted", "scored": true, "durationMs": 50.4926, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:56 GMT\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-POST-CL-ZERO", "description": "POST with Content-Length: 0 and no body must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "POST with Content-Length: 0 and no body must be accepted", "scored": true, "durationMs": 50.4292, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:56 GMT\r\nContent-Length: 0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-POST-NO-CL-NO-TE", "description": "POST with neither Content-Length nor Transfer-Encoding \u2014 implicit zero-length body", "category": "Compliance", "rfc": "RFC 9112 \u00a76.3", "verdict": "Fail", "statusCode": 411, "expected": "2xx or close", "got": "411", "connectionState": "ClosedByServer", "reason": "Expected 2xx or close, got 411 \u2014 POST with neither Content-Length nor Transfer-Encoding \u2014 implicit zero-length body", "scored": true, "durationMs": 50.3962, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 411 Length Required\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:56 GMT\r\nContent-Length: 24\r\nConnection: close\r\n\r\n<h1>Length Required</h1>", "behavioralNote": null}, {"id": "COMP-POST-CL-UNDERSEND", "description": "POST with Content-Length: 10 but only 5 bytes sent \u2014 incomplete body", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "POST with Content-Length: 10 but only 5 bytes sent \u2014 incomplete body", "scored": true, "durationMs": 5000.8952, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 10\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-CHUNKED-BODY", "description": "Valid single-chunk POST must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid single-chunk POST must be accepted", "scored": true, "durationMs": 51.4415, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:01 GMT\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-CHUNKED-MULTI", "description": "Valid multi-chunk POST must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid multi-chunk POST must be accepted", "scored": true, "durationMs": 50.6216, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n6\r\n world\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:01 GMT\r\nContent-Length: 11\r\n\r\nhello world", "behavioralNote": null}, {"id": "COMP-CHUNKED-EMPTY", "description": "Zero-length chunked body (just terminator) must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "Zero-length chunked body (just terminator) must be accepted", "scored": true, "durationMs": 50.468, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:01 GMT\r\nContent-Length: 0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-NO-FINAL", "description": "Chunked body without zero terminator \u2014 incomplete transfer", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Chunked body without zero terminator \u2014 incomplete transfer", "scored": true, "durationMs": 5000.9998, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-UPGRADE-POST", "description": "WebSocket upgrade via POST must not be accepted", "category": "Compliance", "rfc": "RFC 6455 \u00a74.1", "verdict": "Pass", "statusCode": 411, "expected": "!101", "got": "411", "connectionState": "ClosedByServer", "reason": "WebSocket upgrade via POST must not be accepted", "scored": true, "durationMs": 50.6764, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 13\r\n\r\n", "rawResponse": "HTTP/1.1 411 Length Required\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:06 GMT\r\nContent-Length: 24\r\nConnection: close\r\n\r\n<h1>Length Required</h1>", "behavioralNote": null}, {"id": "COMP-UPGRADE-MISSING-CONN", "description": "Upgrade header without Connection: Upgrade must not trigger protocol switch", "category": "Compliance", "rfc": "RFC 9110 \u00a77.8", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "Upgrade header without Connection: Upgrade must not trigger protocol switch", "scored": true, "durationMs": 50.7966, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 13\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:07 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-UPGRADE-UNKNOWN", "description": "Upgrade to unknown protocol must not return 101", "category": "Compliance", "rfc": "RFC 9110 \u00a77.8", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "Upgrade to unknown protocol must not return 101", "scored": true, "durationMs": 50.6511, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: totally-made-up/1.0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:07 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-METHOD-CONNECT", "description": "CONNECT to an origin server must be rejected", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.6", "verdict": "Pass", "statusCode": 400, "expected": "400/405/501 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "CONNECT to an origin server must be rejected", "scored": true, "durationMs": 50.6827, "rawRequest": "CONNECT example.com:443 HTTP/1.1\r\nHost: example.com:443\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:07 GMT\r\nContent-Length: 74\r\nConnection: close\r\n\r\n<h1>Bad Request (Invalid url: http://example.com:8080example.com:443)</h1>", "behavioralNote": null}, {"id": "COMP-EXPECT-UNKNOWN", "description": "Unknown Expect value should be rejected with 417", "category": "Compliance", "rfc": "RFC 9110 \u00a710.1.1", "verdict": "Warn", "statusCode": 200, "expected": "417 or 2xx", "got": "200", "connectionState": "Open", "reason": "Unknown Expect value should be rejected with 417", "scored": true, "durationMs": 50.977, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nExpect: 200-ok\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:07 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-GET-WITH-CL-BODY", "description": "GET with Content-Length and body \u2014 semantically unusual", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "GET with Content-Length and body \u2014 semantically unusual", "scored": false, "durationMs": 50.8667, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:07 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-CHUNKED-EXTENSION", "description": "Chunk extension (valid per RFC) \u2014 server should accept or may reject", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx or 400", "got": "200", "connectionState": "Open", "reason": "Chunk extension (valid per RFC) \u2014 server should accept or may reject", "scored": true, "durationMs": 50.7826, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;ext=value\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:07 GMT\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-UPGRADE-INVALID-VER", "description": "WebSocket upgrade with unsupported version \u2014 should return 426", "category": "Compliance", "rfc": "RFC 6455 \u00a74.4", "verdict": "Warn", "statusCode": 200, "expected": "426 or 2xx", "got": "200", "connectionState": "Open", "reason": "WebSocket upgrade with unsupported version \u2014 should return 426", "scored": true, "durationMs": 50.591, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 99\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:07 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-METHOD-TRACE", "description": "TRACE request \u2014 should be disabled in production", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.8", "verdict": "Warn", "statusCode": 200, "expected": "405/501 or 2xx", "got": "200", "connectionState": "Open", "reason": "TRACE request \u2014 should be disabled in production", "scored": false, "durationMs": 50.4413, "rawRequest": "TRACE / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:07 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HOST-EMPTY-VALUE", "description": "Empty Host header value must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Empty Host header value must be rejected", "scored": true, "durationMs": 50.5397, "rawRequest": "GET / HTTP/1.1\r\nHost: \r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:07 GMT\r\nContent-Length: 40\r\nConnection: close\r\n\r\n<h1>Bad Request (Invalid host name)</h1>", "behavioralNote": null}, {"id": "COMP-REQUEST-LINE-TAB", "description": "Tab as request-line delimiter \u2014 SHOULD reject but MAY parse on whitespace", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Tab as request-line delimiter \u2014 SHOULD reject but MAY parse on whitespace", "scored": true, "durationMs": 50.6292, "rawRequest": "GET\t/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:07 GMT\r\nContent-Length: 52\r\nConnection: close\r\nKeep-Alive: true\r\n\r\n<h1>Bad Request (Invalid request line (parts).)</h1>", "behavioralNote": null}, {"id": "COMP-VERSION-MISSING-MINOR", "description": "HTTP/1 with no minor version digit is invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/1 with no minor version digit is invalid", "scored": true, "durationMs": 50.7173, "rawRequest": "GET / HTTP/1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:07 GMT\r\nContent-Length: 54\r\nConnection: close\r\nKeep-Alive: true\r\n\r\n<h1>Bad Request (Invalid request line (version).)</h1>", "behavioralNote": null}, {"id": "COMP-VERSION-LEADING-ZEROS", "description": "HTTP/01.01 \u2014 leading zeros in version digits are invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/01.01 \u2014 leading zeros in version digits are invalid", "scored": true, "durationMs": 50.4046, "rawRequest": "GET / HTTP/01.01\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:07 GMT\r\nContent-Length: 54\r\nConnection: close\r\nKeep-Alive: true\r\n\r\n<h1>Bad Request (Invalid request line (version).)</h1>", "behavioralNote": null}, {"id": "COMP-VERSION-WHITESPACE", "description": "HTTP/ 1.1 \u2014 whitespace inside version token is invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/ 1.1 \u2014 whitespace inside version token is invalid", "scored": true, "durationMs": 50.3698, "rawRequest": "GET / HTTP/ 1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:07 GMT\r\nContent-Length: 54\r\nConnection: close\r\nKeep-Alive: true\r\n\r\n<h1>Bad Request (Invalid request line (version).)</h1>", "behavioralNote": null}, {"id": "COMP-CONNECTION-CLOSE", "description": "Server must close connection after responding to Connection: close", "category": "Compliance", "rfc": "RFC 9112 \u00a79.3", "verdict": "Pass", "statusCode": 200, "expected": "2xx + close", "got": "200", "connectionState": "ClosedByServer", "reason": "Server must close connection after responding to Connection: close", "scored": true, "durationMs": 50.9712, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:07 GMT\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HTTP10-DEFAULT-CLOSE", "description": "HTTP/1.0 without keep-alive \u2014 server should close connection after response", "category": "Compliance", "rfc": "RFC 9112 \u00a79.3", "verdict": "Pass", "statusCode": 200, "expected": "2xx + close", "got": "200", "connectionState": "ClosedByServer", "reason": "HTTP/1.0 without keep-alive \u2014 server should close connection after response", "scored": true, "durationMs": 50.8411, "rawRequest": "GET / HTTP/1.0\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:07 GMT\r\nContent-Length: 2\r\nConnection: close\r\nKeep-Alive: true\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HTTP10-NO-HOST", "description": "HTTP/1.0 without Host header \u2014 valid per HTTP/1.0", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Warn", "statusCode": 200, "expected": "200 or 400", "got": "200", "connectionState": "ClosedByServer", "reason": "HTTP/1.0 without Host header \u2014 valid per HTTP/1.0", "scored": false, "durationMs": 51.4605, "rawRequest": "GET / HTTP/1.0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:07 GMT\r\nContent-Length: 2\r\nConnection: close\r\nKeep-Alive: true\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HTTP12-VERSION", "description": "HTTP/1.2 \u2014 higher minor version should be accepted as HTTP/1.x compatible", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Warn", "statusCode": 200, "expected": "200 or 505", "got": "200", "connectionState": "Open", "reason": "HTTP/1.2 \u2014 higher minor version should be accepted as HTTP/1.x compatible", "scored": false, "durationMs": 49.7763, "rawRequest": "GET / HTTP/1.2\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:07 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-TRACE-WITH-BODY", "description": "TRACE with Content-Length body should be rejected", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.8", "verdict": "Warn", "statusCode": 200, "expected": "400/405 or 200", "got": "200", "connectionState": "Open", "reason": "TRACE with Content-Length body should be rejected", "scored": false, "durationMs": 50.6088, "rawRequest": "TRACE / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:07 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-CHUNKED-TRAILER-VALID", "description": "Valid chunked body with trailer field should be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid chunked body with trailer field should be accepted", "scored": true, "durationMs": 50.3949, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nX-Checksum: abc\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:07 GMT\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-CHUNKED-HEX-UPPERCASE", "description": "Chunk size with uppercase hex (A = 10) should be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Chunk size with uppercase hex (A = 10) should be accepted", "scored": true, "durationMs": 50.447, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\nA\r\nhelloworld\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:07 GMT\r\nContent-Length: 10\r\n\r\nhelloworld", "behavioralNote": null}, {"id": "SMUG-CL-TE-BOTH", "description": "Both Content-Length and Transfer-Encoding present \u2014 server MAY reject or process with TE alone", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Both Content-Length and Transfer-Encoding present \u2014 server MAY reject or process with TE alone", "scored": true, "durationMs": 50.701, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 6\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:08 GMT\r\nContent-Length: 0\r\n\r\n", "behavioralNote": "Used TE (chunked 0-length \u2192 empty body)"}, {"id": "SMUG-DUPLICATE-CL", "description": "Duplicate Content-Length with different values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Duplicate Content-Length with different values must be rejected", "scored": true, "durationMs": 50.5314, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nContent-Length: 10\r\n\r\nhelloworld", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:08 GMT\r\nContent-Length: 46\r\nConnection: close\r\n\r\n<h1>Bad Request (Invalid Content-Length.)</h1>", "behavioralNote": null}, {"id": "SMUG-CL-LEADING-ZEROS", "description": "Content-Length with leading zeros \u2014 valid per 1*DIGIT grammar but may cause parser disagreement", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with leading zeros \u2014 valid per 1*DIGIT grammar but may cause parser disagreement", "scored": true, "durationMs": 50.6376, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 005\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:08 GMT\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TE-XCHUNKED", "description": "Transfer-Encoding: xchunked must not be treated as chunked", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 501, "expected": "400 or close", "got": "501", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 501 \u2014 Transfer-Encoding: xchunked must not be treated as chunked", "scored": true, "durationMs": 50.6611, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: xchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 501 Not Implemented\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:08 GMT\r\nContent-Length: 24\r\n\r\n<h1>Not Implemented</h1>HTTP/1.1 404 Not Found\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:08 GMT\r\nContent-Length: 30\r\nConnection: close\r\nKeep-Alive: true\r\n\r\n<h1>Not Found (Not Found)</h1>", "behavioralNote": null}, {"id": "SMUG-TE-TRAILING-SPACE", "description": "Transfer-Encoding: 'chunked ' (trailing space) must not be treated as chunked", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "Open", "reason": "Transfer-Encoding: 'chunked ' (trailing space) must not be treated as chunked", "scored": true, "durationMs": 50.544, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked \r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:08 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\n\r\n2f\r\n<h1>Bad Request (Cannot parse chunk size.)</h1>", "behavioralNote": null}, {"id": "SMUG-TE-SP-BEFORE-COLON", "description": "Transfer-Encoding with space before colon must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "Open", "reason": "Transfer-Encoding with space before colon must be rejected", "scored": true, "durationMs": 50.6248, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding : chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:08 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\n\r\n2f\r\n<h1>Bad Request (Cannot parse chunk size.)</h1>", "behavioralNote": null}, {"id": "SMUG-CL-NEGATIVE", "description": "Negative Content-Length must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Negative Content-Length must be rejected", "scored": true, "durationMs": 50.3688, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: -1\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:08 GMT\r\nContent-Length: 46\r\nConnection: close\r\n\r\n<h1>Bad Request (Invalid Content-Length.)</h1>", "behavioralNote": null}, {"id": "SMUG-CLTE-PIPELINE", "description": "CL.TE smuggling probe \u2014 follow-up should not receive smuggled response", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 CL.TE smuggling probe \u2014 follow-up should not receive smuggled response", "scored": true, "durationMs": 0.4598, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 4\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:08 GMT\r\nContent-Length: 0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TECL-PIPELINE", "description": "TE.CL smuggling probe \u2014 TE: chunked + CL: 30 with pipelined GET", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 TE.CL smuggling probe \u2014 TE: chunked + CL: 30 with pipelined GET", "scored": true, "durationMs": 0.2281, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nContent-Length: 30\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:08 GMT\r\nContent-Length: 0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-TRAILING-SPACE", "description": "Content-Length with trailing space \u2014 OWS trimming is valid per RFC 9110 \u00a75.5", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with trailing space \u2014 OWS trimming is valid per RFC 9110 \u00a75.5", "scored": true, "durationMs": 50.3457, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5 \r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:08 GMT\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TE-DOUBLE-CHUNKED", "description": "Transfer-Encoding: chunked, chunked with CL is ambiguous", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 501, "expected": "400 or 2xx", "got": "501", "connectionState": "Open", "reason": "Expected 400 or 2xx, got 501 \u2014 Transfer-Encoding: chunked, chunked with CL is ambiguous", "scored": true, "durationMs": 50.4349, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked, chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 501 Not Implemented\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:08 GMT\r\nContent-Length: 24\r\n\r\n<h1>Not Implemented</h1>", "behavioralNote": null}, {"id": "SMUG-CL-EXTRA-LEADING-SP", "description": "Content-Length with extra leading whitespace (double space OWS)", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with extra leading whitespace (double space OWS)", "scored": true, "durationMs": 50.4216, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length:  5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:08 GMT\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TE-CASE-MISMATCH", "description": "Transfer-Encoding: Chunked (capital C) with CL \u2014 case-insensitive is valid", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "Open", "reason": "Transfer-Encoding: Chunked (capital C) with CL \u2014 case-insensitive is valid", "scored": true, "durationMs": 50.6288, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: Chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:08 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\n\r\n2f\r\n<h1>Bad Request (Cannot parse chunk size.)</h1>\r\n", "behavioralNote": null}, {"id": "SMUG-CL-COMMA-DIFFERENT", "description": "Content-Length with comma-separated different values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with comma-separated different values must be rejected", "scored": true, "durationMs": 50.5935, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5, 10\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:08 GMT\r\nContent-Length: 76\r\nConnection: close\r\n\r\n<h1>Bad Request (The input string '5, 10' was not in a correct format.)</h1>", "behavioralNote": null}, {"id": "SMUG-TE-NOT-FINAL-CHUNKED", "description": "Transfer-Encoding where chunked is not final \u2014 server MUST respond with 400 (RFC 9112 \u00a76.3)", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.3", "verdict": "Fail", "statusCode": 501, "expected": "400 or close", "got": "501", "connectionState": "Open", "reason": "Expected 400 or close, got 501 \u2014 Transfer-Encoding where chunked is not final \u2014 server MUST respond with 400 (RFC 9112 \u00a76.3)", "scored": true, "durationMs": 50.4238, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked, gzip\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 501 Not Implemented\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:08 GMT\r\nContent-Length: 24\r\n\r\n<h1>Not Implemented</h1>", "behavioralNote": null}, {"id": "SMUG-TE-HTTP10", "description": "Transfer-Encoding in HTTP/1.0 request must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding in HTTP/1.0 request must be rejected", "scored": true, "durationMs": 50.5095, "rawRequest": "POST / HTTP/1.0\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:08 GMT\r\nContent-Length: 5\r\nConnection: close\r\nKeep-Alive: true\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-CHUNK-BARE-SEMICOLON", "description": "Chunk size with bare semicolon and no extension name must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Chunk size with bare semicolon and no extension name must be rejected", "scored": true, "durationMs": 50.7029, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:08 GMT\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-BARE-CR-HEADER-VALUE", "description": "Bare CR in header value must be rejected or replaced with SP", "category": "Smuggling", "rfc": "RFC 9112 \u00a72.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Bare CR in header value must be rejected or replaced with SP", "scored": true, "durationMs": 50.7019, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nX-Test: val\rue\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:08 GMT\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-CL-OCTAL", "description": "Content-Length with octal prefix (0o5) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with octal prefix (0o5) must be rejected", "scored": true, "durationMs": 50.4264, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0o5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:08 GMT\r\nContent-Length: 74\r\nConnection: close\r\n\r\n<h1>Bad Request (The input string '0o5' was not in a correct format.)</h1>", "behavioralNote": null}, {"id": "SMUG-CHUNK-UNDERSCORE", "description": "Chunk size with underscores (1_0) must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size with underscores (1_0) must be rejected", "scored": true, "durationMs": 50.9023, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n1_0\r\nhello world!!!!!\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:08 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\n\r\n2f\r\n<h1>Bad Request (Cannot parse chunk size.)</h1>\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-EMPTY-VALUE", "description": "Transfer-Encoding with empty value must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 501, "expected": "400 or close", "got": "501", "connectionState": "Open", "reason": "Expected 400 or close, got 501 \u2014 Transfer-Encoding with empty value must be rejected", "scored": true, "durationMs": 50.7524, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 501 Not Implemented\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:08 GMT\r\nContent-Length: 24\r\n\r\n<h1>Not Implemented</h1>", "behavioralNote": null}, {"id": "SMUG-TE-LEADING-COMMA", "description": "Transfer-Encoding with leading comma (, chunked) \u2014 RFC says empty list elements MUST be ignored", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.6.1", "verdict": "Fail", "statusCode": 501, "expected": "400 or 2xx", "got": "501", "connectionState": "Open", "reason": "Expected 400 or 2xx, got 501 \u2014 Transfer-Encoding with leading comma (, chunked) \u2014 RFC says empty list elements MUST be ignored", "scored": true, "durationMs": 50.756, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: , chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 501 Not Implemented\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:09 GMT\r\nContent-Length: 24\r\n\r\n<h1>Not Implemented</h1>", "behavioralNote": null}, {"id": "SMUG-TE-DUPLICATE-HEADERS", "description": "Two Transfer-Encoding headers with CL present \u2014 ambiguous framing", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 501, "expected": "400 or close", "got": "501", "connectionState": "Open", "reason": "Expected 400 or close, got 501 \u2014 Two Transfer-Encoding headers with CL present \u2014 ambiguous framing", "scored": true, "durationMs": 50.5554, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nTransfer-Encoding: identity\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 501 Not Implemented\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:09 GMT\r\nContent-Length: 42\r\n\r\n<h1>Not Implemented (Not Implemented)</h1>", "behavioralNote": null}, {"id": "SMUG-CHUNK-HEX-PREFIX", "description": "Chunk size with 0x prefix must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size with 0x prefix must be rejected", "scored": true, "durationMs": 50.7736, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n0x5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:09 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\n\r\n2f\r\n<h1>Bad Request (Cannot parse chunk size.)</h1>\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-HEX-PREFIX", "description": "Content-Length with hex prefix (0x5) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with hex prefix (0x5) must be rejected", "scored": true, "durationMs": 50.4233, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0x5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:09 GMT\r\nContent-Length: 74\r\nConnection: close\r\n\r\n<h1>Bad Request (The input string '0x5' was not in a correct format.)</h1>", "behavioralNote": null}, {"id": "SMUG-CL-INTERNAL-SPACE", "description": "Content-Length with internal space (1 0) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with internal space (1 0) must be rejected", "scored": true, "durationMs": 50.5545, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 1 0\r\n\r\nhello12345", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:09 GMT\r\nContent-Length: 74\r\nConnection: close\r\n\r\n<h1>Bad Request (The input string '1 0' was not in a correct format.)</h1>", "behavioralNote": null}, {"id": "SMUG-CHUNK-LEADING-SP", "description": "Chunk size with leading space must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size with leading space must be rejected", "scored": true, "durationMs": 50.6092, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n 5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:09 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\n\r\n2f\r\n<h1>Bad Request (Cannot parse chunk size.)</h1>\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-MISSING-TRAILING-CRLF", "description": "Chunk data without trailing CRLF must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "Open", "reason": "Chunk data without trailing CRLF must be rejected", "scored": true, "durationMs": 50.4345, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:09 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\n\r\n23\r\n<h1>Bad Request (Expecting \\r)</h1>\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-LF", "description": "Bare LF in chunk extension \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Bare LF in chunk extension \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 5000.678, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\nhello\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CHUNK-SPILL", "description": "Chunk declares size 5 but sends 7 bytes \u2014 oversized chunk data must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "Open", "reason": "Chunk declares size 5 but sends 7 bytes \u2014 oversized chunk data must be rejected", "scored": true, "durationMs": 50.4152, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello!!\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:14 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\n\r\n23\r\n<h1>Bad Request (Expecting \\r)</h1>", "behavioralNote": null}, {"id": "SMUG-CHUNK-LF-TERM", "description": "Bare LF as chunk data terminator \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "Open", "reason": "Bare LF as chunk data terminator \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 50.6052, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:14 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\n\r\n23\r\n<h1>Bad Request (Expecting \\r)</h1>\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-CTRL", "description": "NUL byte in chunk extension must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 NUL byte in chunk extension must be rejected", "scored": true, "durationMs": 50.6347, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\u0000ext\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:14 GMT\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-CR", "description": "Bare CR (not CRLF) in chunk extension \u2014 some parsers treat CR alone as line ending", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare CR (not CRLF) in chunk extension \u2014 some parsers treat CR alone as line ending", "scored": true, "durationMs": 50.8026, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;a\rX\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:14 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\n\r\n21\r\n<h1>Bad Request (2 CR found)</h1>\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-VTAB", "description": "Vertical tab before 'chunked' in TE value \u2014 control char obfuscation vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "Open", "reason": "Vertical tab before 'chunked' in TE value \u2014 control char obfuscation vector", "scored": true, "durationMs": 50.5021, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \u000bchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:14 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\n\r\n2f\r\n<h1>Bad Request (Cannot parse chunk size.)</h1>\r\n", "behavioralNote": null}, {"id": "SMUG-TE-FORMFEED", "description": "Form feed before 'chunked' in TE value \u2014 control char obfuscation vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "Open", "reason": "Form feed before 'chunked' in TE value \u2014 control char obfuscation vector", "scored": true, "durationMs": 50.4251, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \fchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:14 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\n\r\n2f\r\n<h1>Bad Request (Cannot parse chunk size.)</h1>\r\n", "behavioralNote": null}, {"id": "SMUG-TE-NULL", "description": "NUL byte appended to 'chunked' in TE value \u2014 C-string truncation attack", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "NUL byte appended to 'chunked' in TE value \u2014 C-string truncation attack", "scored": true, "durationMs": 50.4535, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\u0000\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:14 GMT\r\nContent-Length: 90\r\nConnection: close\r\n\r\n<h1>Bad Request (Specified value has invalid Control characters. (Parameter 'value'))</h1>", "behavioralNote": null}, {"id": "SMUG-CHUNK-LF-TRAILER", "description": "Bare LF in chunked trailer termination \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Bare LF in chunked trailer termination \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 5000.7821, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-IDENTITY", "description": "Transfer-Encoding: identity (deprecated) with CL must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77", "verdict": "Fail", "statusCode": 501, "expected": "400 or close", "got": "501", "connectionState": "Open", "reason": "Expected 400 or close, got 501 \u2014 Transfer-Encoding: identity (deprecated) with CL must be rejected", "scored": true, "durationMs": 50.5672, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: identity\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 501 Not Implemented\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:19 GMT\r\nContent-Length: 24\r\n\r\n<h1>Not Implemented</h1>", "behavioralNote": null}, {"id": "SMUG-CHUNK-NEGATIVE", "description": "Negative chunk size must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "Open", "reason": "Negative chunk size must be rejected", "scored": true, "durationMs": 50.3783, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n-1\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:19 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\n\r\n2f\r\n<h1>Bad Request (Cannot parse chunk size.)</h1>", "behavioralNote": null}, {"id": "SMUG-TRANSFER_ENCODING", "description": "Transfer_Encoding (underscore) header with CL \u2014 not a valid header but some parsers accept", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer_Encoding (underscore) header with CL \u2014 not a valid header but some parsers accept", "scored": false, "durationMs": 50.4397, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer_Encoding: chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:19 GMT\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-CL-COMMA-SAME", "description": "Content-Length with comma-separated identical values \u2014 some servers merge", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with comma-separated identical values \u2014 some servers merge", "scored": false, "durationMs": 50.4921, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5, 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:19 GMT\r\nContent-Length: 75\r\nConnection: close\r\n\r\n<h1>Bad Request (The input string '5, 5' was not in a correct format.)</h1>", "behavioralNote": null}, {"id": "SMUG-CHUNKED-WITH-PARAMS", "description": "Transfer-Encoding: chunked;ext=val \u2014 parameters on chunked encoding", "category": "Smuggling", "rfc": "RFC 9112 \u00a77", "verdict": "Fail", "statusCode": 501, "expected": "400 or 2xx", "got": "501", "connectionState": "Open", "reason": "Expected 400 or 2xx, got 501 \u2014 Transfer-Encoding: chunked;ext=val \u2014 parameters on chunked encoding", "scored": true, "durationMs": 50.409, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked;ext=val\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 501 Not Implemented\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:19 GMT\r\nContent-Length: 24\r\n\r\n<h1>Not Implemented</h1>", "behavioralNote": null}, {"id": "SMUG-EXPECT-100-CL", "description": "Expect: 100-continue with Content-Length \u2014 server should send 100 then read body", "category": "Smuggling", "rfc": "RFC 9110 \u00a710.1.1", "verdict": "Fail", "statusCode": 100, "expected": "400 or 2xx", "got": "100", "connectionState": "Open", "reason": "Expected 400 or 2xx, got 100 \u2014 Expect: 100-continue with Content-Length \u2014 server should send 100 then read body", "scored": false, "durationMs": 50.3937, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nExpect: 100-continue\r\n\r\nhello", "rawResponse": "HTTP/1.1 100 Continue\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-CL", "description": "Content-Length in chunked trailers must be ignored \u2014 prohibited trailer field", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length in chunked trailers must be ignored \u2014 prohibited trailer field", "scored": false, "durationMs": 50.5483, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nContent-Length: 50\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:20 GMT\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TRAILER-TE", "description": "Transfer-Encoding in chunked trailers must be ignored \u2014 prohibited trailer field", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer-Encoding in chunked trailers must be ignored \u2014 prohibited trailer field", "scored": false, "durationMs": 50.5818, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nTransfer-Encoding: chunked\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:20 GMT\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TRAILER-HOST", "description": "Host header in chunked trailers must not be used for routing", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Host header in chunked trailers must not be used for routing", "scored": false, "durationMs": 50.5645, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nHost: evil.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:20 GMT\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TRAILER-AUTH", "description": "Authorization header in chunked trailers \u2014 prohibited per RFC 9110 \u00a76.5.1", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Authorization header in chunked trailers \u2014 prohibited per RFC 9110 \u00a76.5.1", "scored": false, "durationMs": 50.8437, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nAuthorization: Bearer evil\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:20 GMT\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-HEAD-CL-BODY", "description": "HEAD request with Content-Length and body \u2014 server must not leave body on connection", "category": "Smuggling", "rfc": "RFC 9110 \u00a79.3.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "HEAD request with Content-Length and body \u2014 server must not leave body on connection", "scored": false, "durationMs": 50.5677, "rawRequest": "HEAD / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:20 GMT\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-OPTIONS-CL-BODY", "description": "OPTIONS with Content-Length and body \u2014 server should consume or reject body", "category": "Smuggling", "rfc": "RFC 9110 \u00a79.3.7", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "OPTIONS with Content-Length and body \u2014 server should consume or reject body", "scored": false, "durationMs": 50.6227, "rawRequest": "OPTIONS / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:20 GMT\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-UNDERSCORE", "description": "Content-Length with underscore digit separator (1_0) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with underscore digit separator (1_0) must be rejected", "scored": true, "durationMs": 50.5771, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 1_0\r\n\r\nhelloworld", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:20 GMT\r\nContent-Length: 74\r\nConnection: close\r\n\r\n<h1>Bad Request (The input string '1_0' was not in a correct format.)</h1>", "behavioralNote": null}, {"id": "SMUG-CL-NEGATIVE-ZERO", "description": "Content-Length: -0 must be rejected \u2014 not valid 1*DIGIT", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Content-Length: -0 must be rejected \u2014 not valid 1*DIGIT", "scored": true, "durationMs": 50.642, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: -0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:20 GMT\r\nContent-Length: 0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-DOUBLE-ZERO", "description": "Content-Length: 00 \u2014 matches 1*DIGIT but leading zero ambiguity", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length: 00 \u2014 matches 1*DIGIT but leading zero ambiguity", "scored": true, "durationMs": 50.5495, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 00\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:20 GMT\r\nContent-Length: 0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-LEADING-ZEROS-OCTAL", "description": "Content-Length: 0200 \u2014 octal 128 vs decimal 200, parser disagreement vector", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length: 0200 \u2014 octal 128 vs decimal 200, parser disagreement vector", "scored": true, "durationMs": 50.7211, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0200\r\n\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:20 GMT\r\nContent-Length: 200\r\n\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "behavioralNote": null}, {"id": "SMUG-TE-OBS-FOLD", "description": "Transfer-Encoding with obs-fold line wrapping must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a75.1", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with obs-fold line wrapping must be rejected", "scored": true, "durationMs": 50.5629, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding:\r\n chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:20 GMT\r\nContent-Length: 34\r\nConnection: close\r\n\r\n<h1>Bad Request (Bad Request)</h1>", "behavioralNote": null}, {"id": "SMUG-TE-TRAILING-COMMA", "description": "Transfer-Encoding: chunked, \u2014 trailing comma produces empty list element", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.6.1", "verdict": "Fail", "statusCode": 501, "expected": "400 or 2xx", "got": "501", "connectionState": "Open", "reason": "Expected 400 or 2xx, got 501 \u2014 Transfer-Encoding: chunked, \u2014 trailing comma produces empty list element", "scored": true, "durationMs": 50.5604, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked,\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 501 Not Implemented\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:20 GMT\r\nContent-Length: 24\r\n\r\n<h1>Not Implemented</h1>", "behavioralNote": null}, {"id": "SMUG-TE-TAB-BEFORE-VALUE", "description": "Transfer-Encoding with tab as OWS before value", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "Open", "reason": "Transfer-Encoding with tab as OWS before value", "scored": false, "durationMs": 50.5504, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding:\tchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:20 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\n\r\n2f\r\n<h1>Bad Request (Cannot parse chunk size.)</h1>", "behavioralNote": null}, {"id": "SMUG-ABSOLUTE-URI-HOST-MISMATCH", "description": "Absolute-form URI with different Host header \u2014 routing confusion vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a73.2.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Absolute-form URI with different Host header \u2014 routing confusion vector", "scored": false, "durationMs": 50.4726, "rawRequest": "GET http://other.example.com/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:20 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "SMUG-MULTIPLE-HOST-COMMA", "description": "Host header with comma-separated values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a77.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Host header with comma-separated values must be rejected", "scored": true, "durationMs": 50.3955, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080, other.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:20 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "SMUG-CHUNK-BARE-CR-TERM", "description": "Chunk size line terminated by bare CR \u2014 not a valid line terminator", "category": "Smuggling", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "Open", "reason": "Chunk size line terminated by bare CR \u2014 not a valid line terminator", "scored": true, "durationMs": 50.6415, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\rhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:20 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\n\r\n21\r\n<h1>Bad Request (2 CR found)</h1>\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-CONTENT-TYPE", "description": "Content-Type in chunked trailer \u2014 prohibited per RFC 9110 \u00a76.5.1", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Type in chunked trailer \u2014 prohibited per RFC 9110 \u00a76.5.1", "scored": false, "durationMs": 50.7684, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nContent-Type: text/evil\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:20 GMT\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "MAL-BINARY-GARBAGE", "description": "Random binary garbage should be rejected or connection closed", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "Random binary garbage should be rejected or connection closed", "scored": true, "durationMs": 50.6062, "rawRequest": ">\u0017???\u0004?;???V???:o?M%U\u0017]?n?\t\u0014W??6??(\u000b??\u0007???p??\u0005\tngk??\rF?'??'\"?????g?\u001a?????rvc??7i??????)??\u0000Q?????\u000eq\u0005-~????>B??u?8???`\u000b?J\u0017>?\u001d?b?\t???T5{\n????\u0006t|????\u0018\u0010?D??\u0015'????dQ%5w\tN K???\r?\u0011????D?\u0003I?(?\u0011??\r?\u001bi?L???\u0005?kg4Ze\f6??\"QT><<`\u0007u\f????=1?jMah\u0012??+?-??J\u001cP??\u001d?7?,???j2\u0014????(", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:20 GMT\r\nContent-Length: 52\r\nConnection: close\r\nKeep-Alive: true\r\n\r\n<h1>Bad Request (Invalid request line (parts).)</h1>", "behavioralNote": null}, {"id": "MAL-LONG-URL", "description": "100KB URL should be rejected with 414 URI Too Long", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400/414/431 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400/414/431 or close, got 200 \u2014 100KB URL should be rejected with 414 URI Too Long", "scored": true, "durationMs": 52.028, "rawRequest": "GET /AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:20 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-LONG-HEADER-VALUE", "description": "100KB header value should be rejected with 431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/431 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "100KB header value should be rejected with 431", "scored": true, "durationMs": 50.6715, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Big: BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:20 GMT\r\nContent-Length: 34\r\nConnection: close\r\n\r\n<h1>Bad Request (Bad Request)</h1>", "behavioralNote": null}, {"id": "MAL-MANY-HEADERS", "description": "10,000 headers should be rejected with 431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/431 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "10,000 headers should be rejected with 431", "scored": true, "durationMs": 51.6275, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-H-0: value\r\nX-H-1: value\r\nX-H-2: value\r\nX-H-3: value\r\nX-H-4: value\r\nX-H-5: value\r\nX-H-6: value\r\nX-H-7: value\r\nX-H-8: value\r\nX-H-9: value\r\nX-H-10: value\r\nX-H-11: value\r\nX-H-12: value\r\nX-H-13: value\r\nX-H-14: value\r\nX-H-15: value\r\nX-H-16: value\r\nX-H-17: value\r\nX-H-18: value\r\nX-H-19: value\r\nX-H-20: value\r\nX-H-21: value\r\nX-H-22: value\r\nX-H-23: value\r\nX-H-24: value\r\nX-H-25: value\r\nX-H-26: value\r\nX-H-27: value\r\nX-H-28: value\r\nX-H-29: value\r\nX-H-30: value\r\nX-H-31: value\r\nX-H-32: value\r\nX-H-33: value\r\nX-H-34: value\r\nX-H-35: value\r\nX-H-36: value\r\nX-H-37: value\r\nX-H-38: value\r\nX-H-39: value\r\nX-H-40: value\r\nX-H-41: value\r\nX-H-42: value\r\nX-H-43: value\r\nX-H-44: value\r\nX-H-45: value\r\nX-H-46: value\r\nX-H-47: value\r\nX-H-48: value\r\nX-H-49: value\r\nX-H-50: value\r\nX-H-51: value\r\nX-H-52: value\r\nX-H-53: value\r\nX-H-54: value\r\nX-H-55: value\r\nX-H-56: value\r\nX-H-57: value\r\nX-H-58: value\r\nX-H-59: value\r\nX-H-60: value\r\nX-H-61: value\r\nX-H-62: value\r\nX-H-63: value\r\nX-H-64: value\r\nX-H-65: value\r\nX-H-66: value\r\nX-H-67: value\r\nX-H-68: value\r\nX-H-69: value\r\nX-H-70: value\r\nX-H-71: value\r\nX-H-72: value\r\nX-H-73: value\r\nX-H-74: value\r\nX-H-75: value\r\nX-H-76: value\r\nX-H-77: value\r\nX-H-78: value\r\nX-H-79: value\r\nX-H-80: value\r\nX-H-81: value\r\nX-H-82: value\r\nX-H-83: value\r\nX-H-84: value\r\nX-H-85: value\r\nX-H-86: value\r\nX-H-87: value\r\nX-H-88: value\r\nX-H-89: value\r\nX-H-90: value\r\nX-H-91: value\r\nX-H-92: value\r\nX-H-93: value\r\nX-H-94: value\r\nX-H-95: value\r\nX-H-96: value\r\nX-H-97: value\r\nX-H-98: value\r\nX-H-99: value\r\nX-H-100: value\r\nX-H-101: value\r\nX-H-102: value\r\nX-H-103: value\r\nX-H-104: value\r\nX-H-105: value\r\nX-H-106: value\r\nX-H-107: value\r\nX-H-108: value\r\nX-H-109: value\r\nX-H-110: value\r\nX-H-111: value\r\nX-H-112: value\r\nX-H-113: value\r\nX-H-114: value\r\nX-H-115: value\r\nX-H-116: value\r\nX-H-117: value\r\nX-H-118: value\r\nX-H-119: value\r\nX-H-120: value\r\nX-H-121: value\r\nX-H-122: value\r\nX-H-123: value\r\nX-H-124: value\r\nX-H-125: value\r\nX-H-126: value\r\nX-H-127: value\r\nX-H-128: value\r\nX-H-129: value\r\nX-H-130: value\r\nX-H-131: value\r\nX-H-132: value\r\nX-H-133: value\r\nX-H-134: value\r\nX-H-135: value\r\nX-H-136: value\r\nX-H-137: value\r\nX-H-138: value\r\nX-H-139: value\r\nX-H-140: value\r\nX-H-141: value\r\nX-H-142: value\r\nX-H-143: value\r\nX-H-144: value\r\nX-H-145: value\r\nX-H-146: value\r\nX-H-147: value\r\nX-H-148: value\r\nX-H-149: value\r\nX-H-150: value\r\nX-H-151: value\r\nX-H-152: value\r\nX-H-153: value\r\nX-H-154: value\r\nX-H-155: value\r\nX-H-156: value\r\nX-H-157: value\r\nX-H-158: value\r\nX-H-159: value\r\nX-H-160: value\r\nX-H-161: value\r\nX-H-162: value\r\nX-H-163: value\r\nX-H-164: value\r\nX-H-165: value\r\nX-H-166: value\r\nX-H-167: value\r\nX-H-168: value\r\nX-H-169: value\r\nX-H-170: value\r\nX-H-171: value\r\nX-H-172: value\r\nX-H-173: value\r\nX-H-174: value\r\nX-H-175: value\r\nX-H-176: value\r\nX-H-177: value\r\nX-H-178: value\r\nX-H-179: value\r\nX-H-180: value\r\nX-H-181: value\r\nX-H-182: value\r\nX-H-183: value\r\nX-H-184: value\r\nX-H-185: value\r\nX-H-186: value\r\nX-H-187: value\r\nX-H-188: value\r\nX-H-189: value\r\nX-H-190: value\r\nX-H-191: value\r\nX-H-192: value\r\nX-H-193: value\r\nX-H-194: value\r\nX-H-195: value\r\nX-H-196: value\r\nX-H-197: value\r\nX-H-198: value\r\nX-H-199: value\r\nX-H-200: value\r\nX-H-201: value\r\nX-H-202: value\r\nX-H-203: value\r\nX-H-204: value\r\nX-H-205: value\r\nX-H-206: value\r\nX-H-207: value\r\nX-H-208: value\r\nX-H-209: value\r\nX-H-210: value\r\nX-H-211: value\r\nX-H-212: value\r\nX-H-213: value\r\nX-H-214: value\r\nX-H-215: value\r\nX-H-216: value\r\nX-H-217: value\r\nX-H-218: value\r\nX-H-219: value\r\nX-H-220: value\r\nX-H-221: value\r\nX-H-222: value\r\nX-H-223: value\r\nX-H-224: value\r\nX-H-225: value\r\nX-H-226: value\r\nX-H-227: value\r\nX-H-228: value\r\nX-H-229: value\r\nX-H-230: value\r\nX-H-231: value\r\nX-H-232: value\r\nX-H-233: value\r\nX-H-234: value\r\nX-H-235: value\r\nX-H-236: value\r\nX-H-237: value\r\nX-H-238: value\r\nX-H-239: value\r\nX-H-240: value\r\nX-H-241: value\r\nX-H-242: value\r\nX-H-243: value\r\nX-H-244: value\r\nX-H-245: value\r\nX-H-246: value\r\nX-H-247: value\r\nX-H-248: value\r\nX-H-249: value\r\nX-H-250: value\r\nX-H-251: value\r\nX-H-252: value\r\nX-H-253: value\r\nX-H-254: value\r\nX-H-255: value\r\nX-H-256: value\r\nX-H-257: value\r\nX-H-258: value\r\nX-H-259: value\r\nX-H-260: value\r\nX-H-261: value\r\nX-H-262: value\r\nX-H-263: value\r\nX-H-264: value\r\nX-H-265: value\r\nX-H-266: value\r\nX-H-267: value\r\nX-H-268: value\r\nX-H-269: value\r\nX-H-270: value\r\nX-H-271: value\r\nX-H-272: value\r\nX-H-273: value\r\nX-H-274: value\r\nX-H-275: value\r\nX-H-276: value\r\nX-H-277: value\r\nX-H-278: value\r\nX-H-279: value\r\nX-H-280: value\r\nX-H-281: value\r\nX-H-282: value\r\nX-H-283: value\r\nX-H-284: value\r\nX-H-285: value\r\nX-H-286: value\r\nX-H-287: value\r\nX-H-288: value\r\nX-H-289: value\r\nX-H-290: value\r\nX-H-291: value\r\nX-H-292: value\r\nX-H-293: value\r\nX-H-294: value\r\nX-H-295: value\r\nX-H-296: value\r\nX-H-297: value\r\nX-H-298: value\r\nX-H-299: value\r\nX-H-300: value\r\nX-H-301: value\r\nX-H-302: value\r\nX-H-303: value\r\nX-H-304: value\r\nX-H-305: value\r\nX-H-306: value\r\nX-H-307: value\r\nX-H-308: value\r\nX-H-309: value\r\nX-H-310: value\r\nX-H-311: value\r\nX-H-312: value\r\nX-H-313: value\r\nX-H-314: value\r\nX-H-315: value\r\nX-H-316: value\r\nX-H-317: value\r\nX-H-318: value\r\nX-H-319: value\r\nX-H-320: value\r\nX-H-321: value\r\nX-H-322: value\r\nX-H-323: value\r\nX-H-324: value\r\nX-H-325: value\r\nX-H-326: value\r\nX-H-327: value\r\nX-H-328: value\r\nX-H-329: value\r\nX-H-330: value\r\nX-H-331: value\r\nX-H-332: value\r\nX-H-333: value\r\nX-H-334: value\r\nX-H-335: value\r\nX-H-336: value\r\nX-H-337: value\r\nX-H-338: value\r\nX-H-339: value\r\nX-H-340: value\r\nX-H-341: value\r\nX-H-342: value\r\nX-H-343: value\r\nX-H-344: value\r\nX-H-345: value\r\nX-H-346: value\r\nX-H-347: value\r\nX-H-348: value\r\nX-H-349: value\r\nX-H-350: value\r\nX-H-351: value\r\nX-H-352: value\r\nX-H-353: value\r\nX-H-354: value\r\nX-H-355: value\r\nX-H-356: value\r\nX-H-357: value\r\nX-H-358: value\r\nX-H-359: value\r\nX-H-360: value\r\nX-H-361: value\r\nX-H-362: value\r\nX-H-363: value\r\nX-H-364: value\r\nX-H-365: value\r\nX-H-366: value\r\nX-H-367: value\r\nX-H-368: value\r\nX-H-369: value\r\nX-H-370: value\r\nX-H-371: value\r\nX-H-372: value\r\nX-H-373: value\r\nX-H-374: value\r\nX-H-375: value\r\nX-H-376: value\r\nX-H-377: value\r\nX-H-378: value\r\nX-H-379: value\r\nX-H-380: value\r\nX-H-381: value\r\nX-H-382: value\r\nX-H-383: value\r\nX-H-384: value\r\nX-H-385: value\r\nX-H-386: value\r\nX-H-387: value\r\nX-H-388: value\r\nX-H-389: value\r\nX-H-390: value\r\nX-H-391: value\r\nX-H-392: value\r\nX-H-393: value\r\nX-H-394: value\r\nX-H-395: value\r\nX-H-396: value\r\nX-H-397: value\r\nX-H-398: value\r\nX-H-399: value\r\nX-H-400: value\r\nX-H-401: value\r\nX-H-402: value\r\nX-H-403: value\r\nX-H-404: value\r\nX-H-405: value\r\nX-H-406: value\r\nX-H-407: value\r\nX-H-408: value\r\nX-H-409: value\r\nX-H-410: value\r\nX-H-411: value\r\nX-H-412: value\r\nX-H-413: value\r\nX-H-414: value\r\nX-H-415: value\r\nX-H-416: value\r\nX-H-417: value\r\nX-H-418: value\r\nX-H-419: value\r\nX-H-420: value\r\nX-H-421: value\r\nX-H-422: value\r\nX-H-423: value\r\nX-H-424: value\r\nX-H-425: value\r\nX-H-426: value\r\nX-H-427: value\r\nX-H-428: value\r\nX-H-429: value\r\nX-H-430: value\r\nX-H-431: value\r\nX-H-432: value\r\nX-H-433: value\r\nX-H-434: value\r\nX-H-435: value\r\nX-H-436: value\r\nX-H-437: value\r\nX-H-438: value\r\nX-H-439: value\r\nX-H-440: value\r\nX-H-441: value\r\nX-H-442: value\r\nX-H-443: value\r\nX-H-444: value\r\nX-H-445: value\r\nX-H-446: value\r\nX-H-447: value\r\nX-H-448: value\r\nX-H-449: value\r\nX-H-450: value\r\nX-H-451: value\r\nX-H-452: value\r\nX-H-453: value\r\nX-H-454: value\r\nX-H-455: value\r\nX-H-456: value\r\nX-H-457: value\r\nX-H-458: value\r\nX-H-459: value\r\nX-H-460: value\r\nX-H-461: value\r\nX-H-462: value\r\nX-H-463: value\r\nX-H-464: value\r\nX-H-465: value\r\nX-H-466: value\r\nX-H-467: value\r\nX-H-468: value\r\nX-H-469: value\r\nX-H-470: value\r\nX-H-471: value\r\nX-H-472: value\r\nX-H-473: value\r\nX-H-474: value\r\nX-H-475: value\r\nX-H-476: value\r\nX-H-477: value\r\nX-H-478: value\r\nX-H-479: value\r\nX-H-480: value\r\nX-H-481: value\r\nX-H-482: value\r\nX-H-483: value\r\nX-H-484: value\r\nX-H-485: value\r\nX-H-486: value\r\nX-H-487: value\r\nX-H-488: value\r\nX-H-489: value\r\nX-H-490: value\r\nX-H-491: value\r\nX-H-492: value\r\nX-H-493: value\r\nX-H-494: value\r\nX-H-495: value\r\nX-H-496: value\r\nX-H-497: value\r\nX-H-498: value\r\nX-H-499: value\r\nX-H-500: value\r\nX-H-501: value\r\nX-H-502: value\r\nX-H-503: value\r\nX-H-504: value\r\nX-H-505: value\r\nX-H-506: value\r\nX-H-507: value\r\nX-H-508: value\r\nX-H-509: value\r\nX-H-510: value\r\nX-H-511: value\r\nX-H-512: value\r\nX-H-513: value\r\nX-H-514: value\r\nX-H-515: value\r\nX-H-516:", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:21 GMT\r\nContent-Length: 34\r\nConnection: close\r\n\r\n<h1>Bad Request (Bad Request)</h1>", "behavioralNote": null}, {"id": "MAL-NUL-IN-URL", "description": "NUL byte in URL should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 NUL byte in URL should be rejected", "scored": true, "durationMs": 50.4628, "rawRequest": "GET /\u0000test HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:21 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-CONTROL-CHARS-HEADER", "description": "Control characters in header value should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Control characters in header value should be rejected", "scored": true, "durationMs": 50.5616, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: abc\u0007\b?f\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:21 GMT\r\nContent-Length: 90\r\nConnection: close\r\n\r\n<h1>Bad Request (Specified value has invalid Control characters. (Parameter 'value'))</h1>", "behavioralNote": null}, {"id": "MAL-INCOMPLETE-REQUEST", "description": "Partial HTTP request \u2014 request-line and headers but no final CRLF", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Partial HTTP request \u2014 request-line and headers but no final CRLF", "scored": true, "durationMs": 4999.8568, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: value", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-EMPTY-REQUEST", "description": "Zero bytes \u2014 TCP connection established without sending any data", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Zero bytes \u2014 TCP connection established without sending any data", "scored": true, "durationMs": 5000.4764, "rawRequest": "", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-LONG-HEADER-NAME", "description": "100KB header name should be rejected with 400/431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/431 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "100KB header name should be rejected with 400/431", "scored": true, "durationMs": 50.8204, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:31 GMT\r\nContent-Length: 34\r\nConnection: close\r\n\r\n<h1>Bad Request (Bad Request)</h1>", "behavioralNote": null}, {"id": "MAL-LONG-METHOD", "description": "100KB method name should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 100KB method name should be rejected", "scored": true, "durationMs": 53.6198, "rawRequest": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:31 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-NON-ASCII-HEADER-NAME", "description": "Non-ASCII bytes (UTF-8 \u00eb) in header name must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Non-ASCII bytes (UTF-8 \u00eb) in header name must be rejected", "scored": true, "durationMs": 50.4591, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-T??st: value\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:31 GMT\r\nContent-Length: 105\r\nConnection: close\r\n\r\n<h1>Bad Request (Specified value 'X-T????st' has invalid HTTP Header characters. (Parameter 'name'))</h1>", "behavioralNote": null}, {"id": "MAL-NON-ASCII-URL", "description": "Non-ASCII bytes (UTF-8 \u00e9) in URL must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Non-ASCII bytes (UTF-8 \u00e9) in URL must be rejected", "scored": true, "durationMs": 50.6024, "rawRequest": "GET /caf?? HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:31 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-CL-OVERFLOW", "description": "Content-Length with integer overflow value must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with integer overflow value must be rejected", "scored": true, "durationMs": 50.4893, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 99999999999999999999\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:31 GMT\r\nContent-Length: 76\r\nConnection: close\r\n\r\n<h1>Bad Request (Value was either too large or too small for an Int64.)</h1>", "behavioralNote": null}, {"id": "MAL-WHITESPACE-ONLY-LINE", "description": "Whitespace-only request line should be rejected or timeout", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "Whitespace-only request line should be rejected or timeout", "scored": true, "durationMs": 50.5236, "rawRequest": "   \r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:31 GMT\r\nContent-Length: 54\r\nConnection: close\r\nKeep-Alive: true\r\n\r\n<h1>Bad Request (Invalid request line (version).)</h1>", "behavioralNote": null}, {"id": "MAL-NUL-IN-HEADER-VALUE", "description": "NUL byte in header value should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "NUL byte in header value should be rejected", "scored": true, "durationMs": 50.3718, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: val\u0000ue\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:31 GMT\r\nContent-Length: 90\r\nConnection: close\r\n\r\n<h1>Bad Request (Specified value has invalid Control characters. (Parameter 'value'))</h1>", "behavioralNote": null}, {"id": "MAL-CHUNK-SIZE-OVERFLOW", "description": "Chunk size with integer overflow must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size with integer overflow must be rejected", "scored": true, "durationMs": 50.5764, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\nFFFFFFFFFFFFFFFF0\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:31 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\n\r\n2f\r\n<h1>Bad Request (Cannot parse chunk size.)</h1>\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-H2-PREFACE", "description": "HTTP/2 connection preface sent to HTTP/1.1 server must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 505, "expected": "400/505/close/timeout", "got": "505", "connectionState": "Open", "reason": "HTTP/2 connection preface sent to HTTP/1.1 server must be rejected", "scored": true, "durationMs": 50.5224, "rawRequest": "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", "rawResponse": "HTTP/1.1 505 Http Version Not Supported\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:31 GMT\r\nContent-Length: 64\r\n\r\n<h1>Http Version Not Supported (Http Version Not Supported)</h1>", "behavioralNote": null}, {"id": "MAL-CL-EMPTY", "description": "Empty Content-Length value must be rejected", "category": "MalformedInput", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Empty Content-Length value must be rejected", "scored": true, "durationMs": 50.5213, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: \r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:31 GMT\r\nContent-Length: 71\r\nConnection: close\r\n\r\n<h1>Bad Request (The input string '' was not in a correct format.)</h1>", "behavioralNote": null}, {"id": "MAL-CL-TAB-BEFORE-VALUE", "description": "Content-Length with tab as OWS \u2014 valid per RFC but unusual", "category": "MalformedInput", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with tab as OWS \u2014 valid per RFC but unusual", "scored": true, "durationMs": 50.7574, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length:\t5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:31 GMT\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "MAL-URL-BACKSLASH", "description": "Backslash in URL path \u2014 not valid URI character, some servers normalize to /", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx/404", "got": "200", "connectionState": "Open", "reason": "Backslash in URL path \u2014 not valid URI character, some servers normalize to /", "scored": true, "durationMs": 50.8522, "rawRequest": "GET /path\\file HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:31 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-URL-OVERLONG-UTF8", "description": "Overlong UTF-8 encoding of / (0xC0 0xAF) in URL must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Overlong UTF-8 encoding of / (0xC0 0xAF) in URL must be rejected", "scored": true, "durationMs": 50.6845, "rawRequest": "GET /?? HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:31 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-URL-PERCENT-NULL", "description": "Percent-encoded NUL byte (%00) in URL \u2014 security risk from null byte injection", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx/404", "got": "200", "connectionState": "Open", "reason": "Percent-encoded NUL byte (%00) in URL \u2014 security risk from null byte injection", "scored": true, "durationMs": 51.0683, "rawRequest": "GET /path%00.html HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:31 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-URL-PERCENT-CRLF", "description": "Percent-encoded CRLF (%0d%0a) in URL \u2014 header injection if server decodes during parsing", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx/404", "got": "200", "connectionState": "Open", "reason": "Percent-encoded CRLF (%0d%0a) in URL \u2014 header injection if server decodes during parsing", "scored": true, "durationMs": 49.5657, "rawRequest": "GET /path%0d%0aX-Injected:%20true HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:31 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-CHUNK-EXT-64K", "description": "64KB chunk extension \u2014 tests extension length limits (CVE-2023-39326 class)", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "64KB chunk extension \u2014 tests extension length limits (CVE-2023-39326 class)", "scored": true, "durationMs": 51.5051, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;ext=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "rawResponse": "HTTP/1.1 400 Bad Request\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:31 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\n\r\n2b\r\n<h1>Bad Request (chunk size too long.)</h1>\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-RANGE-OVERLAPPING", "description": "1000 overlapping Range values \u2014 resource exhaustion vector (CVE-2011-3192 class)", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "200/206/400/416", "got": "200", "connectionState": "Open", "reason": "1000 overlapping Range values \u2014 resource exhaustion vector (CVE-2011-3192 class)", "scored": false, "durationMs": 51.3004, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nRange: bytes=0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:31 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-POST-CL-HUGE-NO-BODY", "description": "POST with Content-Length: 999999999 but no body \u2014 tests timeout vs memory allocation", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "POST with Content-Length: 999999999 but no body \u2014 tests timeout vs memory allocation", "scored": true, "durationMs": 5001.0079, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 999999999\r\n\r\n", "rawResponse": null, "behavioralNote": null}], "name": "Sisk", "language": "C#"}, {"summary": {"total": 143, "scored": 125, "passed": 72, "failed": 47, "warnings": 6, "unscored": 18}, "results": [{"id": "COMP-BASELINE", "description": "Valid GET request \u2014 confirms server is reachable", "category": "Compliance", "rfc": null, "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Valid GET request \u2014 confirms server is reachable", "scored": true, "durationMs": 62.4722, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Expose-Headers: \r\nAccept: */*\r\nAccept-Language: en-US, en\r\nAccept-Charset: ISO-8859-1, utf-8\r\nCache-Control: no-cache\r\nConnection: close\r\nHost: diogo-system-product-name:8080\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:40 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-2.2-BARE-LF-REQUEST-LINE", "description": "Bare LF in request line should be rejected, but MAY be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or close (pass), 2xx (warn)", "got": "200", "connectionState": "ClosedByServer", "reason": "Bare LF in request line should be rejected, but MAY be accepted", "scored": true, "durationMs": 51.4321, "rawRequest": "GET / HTTP/1.1\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Expose-Headers: \r\nAccept: */*\r\nAccept-Language: en-US, en\r\nAccept-Charset: ISO-8859-1, utf-8\r\nCache-Control: no-cache\r\nConnection: close\r\nHost: diogo-system-product-name:8080\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:40 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-2.2-BARE-LF-HEADER", "description": "Bare LF in header should be rejected, but MAY be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or close (pass), 2xx (warn)", "got": "200", "connectionState": "ClosedByServer", "reason": "Bare LF in header should be rejected, but MAY be accepted", "scored": true, "durationMs": 50.6734, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\nX-Test: value\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Expose-Headers: \r\nAccept: */*\r\nAccept-Language: en-US, en\r\nAccept-Charset: ISO-8859-1, utf-8\r\nCache-Control: no-cache\r\nConnection: close\r\nHost: diogo-system-product-name:8080\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:40 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-5.1-OBS-FOLD", "description": "Obs-fold (line folding) in headers should be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75.1", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Obs-fold (line folding) in headers should be rejected", "scored": true, "durationMs": 50.438, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: value\r\n continued\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:40 GMT\r\nContent-Length: 34\r\nConnection: close\r\n\r\n<h1>Bad Request (Bad Request)</h1>", "behavioralNote": null}, {"id": "RFC9110-5.6.2-SP-BEFORE-COLON", "description": "Whitespace between header name and colon must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400, got 200 \u2014 Whitespace between header name and colon must be rejected", "scored": true, "durationMs": 51.0559, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test : value\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Expose-Headers: \r\nAccept: */*\r\nAccept-Language: en-US, en\r\nAccept-Charset: ISO-8859-1, utf-8\r\nCache-Control: no-cache\r\nConnection: close\r\nHost: diogo-system-product-name:8080\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:40 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-3-MULTI-SP-REQUEST-LINE", "description": "Multiple spaces between request-line components \u2014 SHOULD reject but MAY parse leniently", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Multiple spaces between request-line components \u2014 SHOULD reject but MAY parse leniently", "scored": true, "durationMs": 50.7878, "rawRequest": "GET  / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:40 GMT\r\nContent-Length: 54\r\nConnection: close\r\nKeep-Alive: true\r\n\r\n<h1>Bad Request (Invalid request line (version).)</h1>", "behavioralNote": null}, {"id": "RFC9112-7.1-MISSING-HOST", "description": "Request without Host header must be rejected with 400", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Request without Host header must be rejected with 400", "scored": true, "durationMs": 50.532, "rawRequest": "GET / HTTP/1.1\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:40 GMT\r\nContent-Length: 40\r\nConnection: close\r\n\r\n<h1>Bad Request (Invalid host name)</h1>", "behavioralNote": null}, {"id": "RFC9112-2.3-INVALID-VERSION", "description": "Invalid HTTP version must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 505, "expected": "400/505 or close", "got": "505", "connectionState": "Open", "reason": "Invalid HTTP version must be rejected", "scored": true, "durationMs": 50.6595, "rawRequest": "GET / HTTP/9.9\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 505 Http Version Not Supported\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:40 GMT\r\nContent-Length: 64\r\n\r\n<h1>Http Version Not Supported (Http Version Not Supported)</h1>", "behavioralNote": null}, {"id": "RFC9112-5-EMPTY-HEADER-NAME", "description": "Empty header name (leading colon) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Empty header name (leading colon) must be rejected", "scored": true, "durationMs": 50.6008, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\n: empty-name\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:40 GMT\r\nContent-Length: 34\r\nConnection: close\r\n\r\n<h1>Bad Request (Bad Request)</h1>", "behavioralNote": null}, {"id": "RFC9112-3-CR-ONLY-LINE-ENDING", "description": "CR without LF as line ending must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "CR without LF as line ending must be rejected", "scored": true, "durationMs": 50.6136, "rawRequest": "GET / HTTP/1.1\rHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:40 GMT\r\nContent-Length: 54\r\nConnection: close\r\nKeep-Alive: true\r\n\r\n<h1>Bad Request (Invalid request line (version).)</h1>", "behavioralNote": null}, {"id": "RFC9112-3-MISSING-TARGET", "description": "Request line with no target (space but no path) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Request line with no target (space but no path) must be rejected", "scored": true, "durationMs": 50.6843, "rawRequest": "GET HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:40 GMT\r\nContent-Length: 52\r\nConnection: close\r\nKeep-Alive: true\r\n\r\n<h1>Bad Request (Invalid request line (parts).)</h1>", "behavioralNote": null}, {"id": "RFC9112-3.2-FRAGMENT-IN-TARGET", "description": "Fragment (#) in request-target \u2014 not part of origin-form grammar", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Fragment (#) in request-target \u2014 not part of origin-form grammar", "scored": true, "durationMs": 51.0658, "rawRequest": "GET /path#frag HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Expose-Headers: \r\nAccept: */*\r\nAccept-Language: en-US, en\r\nAccept-Charset: ISO-8859-1, utf-8\r\nCache-Control: no-cache\r\nConnection: close\r\nHost: diogo-system-product-name:8080\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:40 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-2.3-HTTP09-REQUEST", "description": "HTTP/0.9 request (no version) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/0.9 request (no version) must be rejected", "scored": true, "durationMs": 50.6345, "rawRequest": "GET /\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:41 GMT\r\nContent-Length: 52\r\nConnection: close\r\nKeep-Alive: true\r\n\r\n<h1>Bad Request (Invalid request line (parts).)</h1>", "behavioralNote": null}, {"id": "RFC9112-5-INVALID-HEADER-NAME", "description": "Header name with invalid characters (brackets) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Header name with invalid characters (brackets) must be rejected", "scored": true, "durationMs": 50.7229, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nBad[Name: value\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:41 GMT\r\nContent-Length: 104\r\nConnection: close\r\n\r\n<h1>Bad Request (Specified value 'Bad[Name' has invalid HTTP Header characters. (Parameter 'name'))</h1>", "behavioralNote": null}, {"id": "RFC9112-5-HEADER-NO-COLON", "description": "Header line without colon must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Header line without colon must be rejected", "scored": true, "durationMs": 50.5229, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nNoColonHere\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:41 GMT\r\nContent-Length: 34\r\nConnection: close\r\n\r\n<h1>Bad Request (Bad Request)</h1>", "behavioralNote": null}, {"id": "RFC9110-5.4-DUPLICATE-HOST", "description": "Duplicate Host headers with different values must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400, got 200 \u2014 Duplicate Host headers with different values must be rejected", "scored": true, "durationMs": 50.7704, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nHost: other.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Expose-Headers: \r\nAccept: */*\r\nAccept-Language: en-US, en\r\nAccept-Charset: ISO-8859-1, utf-8\r\nCache-Control: no-cache\r\nConnection: close\r\nHost: diogo-system-product-name:8080\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:41 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-6.1-CL-NON-NUMERIC", "description": "Non-numeric Content-Length must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Non-numeric Content-Length must be rejected", "scored": true, "durationMs": 51.071, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: abc\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:41 GMT\r\nContent-Length: 74\r\nConnection: close\r\n\r\n<h1>Bad Request (The input string 'abc' was not in a correct format.)</h1>", "behavioralNote": null}, {"id": "RFC9112-6.1-CL-PLUS-SIGN", "description": "Content-Length with plus sign must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Content-Length with plus sign must be rejected", "scored": true, "durationMs": 51.9757, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: +5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Expose-Headers: \r\nAccept: */*\r\nAccept-Language: en-US, en\r\nAccept-Charset: ISO-8859-1, utf-8\r\nCache-Control: no-cache\r\nConnection: close\r\nHost: diogo-system-product-name:8080\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:41 GMT\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-WHITESPACE-BEFORE-HEADERS", "description": "Whitespace before first header line must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Whitespace before first header line must be rejected", "scored": true, "durationMs": 50.5522, "rawRequest": "GET / HTTP/1.1\r\n \r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:41 GMT\r\nContent-Length: 34\r\nConnection: close\r\n\r\n<h1>Bad Request (Bad Request)</h1>", "behavioralNote": null}, {"id": "COMP-DUPLICATE-HOST-SAME", "description": "Duplicate Host headers with identical values must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400, got 200 \u2014 Duplicate Host headers with identical values must be rejected", "scored": true, "durationMs": 50.9081, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Expose-Headers: \r\nAccept: */*\r\nAccept-Language: en-US, en\r\nAccept-Charset: ISO-8859-1, utf-8\r\nCache-Control: no-cache\r\nConnection: close\r\nHost: diogo-system-product-name:8080\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:41 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HOST-WITH-USERINFO", "description": "Host header with userinfo (user@host) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Host header with userinfo (user@host) must be rejected", "scored": true, "durationMs": 50.7459, "rawRequest": "GET / HTTP/1.1\r\nHost: user@localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Expose-Headers: \r\nAccept: */*\r\nAccept-Language: en-US, en\r\nAccept-Charset: ISO-8859-1, utf-8\r\nCache-Control: no-cache\r\nConnection: close\r\nHost: diogo-system-product-name:8080\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:41 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HOST-WITH-PATH", "description": "Host header with path component must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Host header with path component must be rejected", "scored": true, "durationMs": 50.778, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080/path\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Expose-Headers: \r\nAccept: */*\r\nAccept-Language: en-US, en\r\nAccept-Charset: ISO-8859-1, utf-8\r\nCache-Control: no-cache\r\nConnection: close\r\nHost: diogo-system-product-name:8080\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:41 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-ASTERISK-WITH-GET", "description": "Asterisk-form (*) request-target with GET must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.4", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Asterisk-form (*) request-target with GET must be rejected", "scored": true, "durationMs": 50.6973, "rawRequest": "GET * HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:41 GMT\r\nContent-Length: 58\r\nConnection: close\r\n\r\n<h1>Bad Request (Invalid url: http://localhost:8080*)</h1>", "behavioralNote": null}, {"id": "COMP-OPTIONS-STAR", "description": "OPTIONS * is the only valid asterisk-form request", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.4", "verdict": "Fail", "statusCode": 400, "expected": "2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Expected 2xx, got 400 \u2014 OPTIONS * is the only valid asterisk-form request", "scored": true, "durationMs": 50.7106, "rawRequest": "OPTIONS * HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:41 GMT\r\nContent-Length: 58\r\nConnection: close\r\n\r\n<h1>Bad Request (Invalid url: http://localhost:8080*)</h1>", "behavioralNote": null}, {"id": "COMP-UNKNOWN-TE-501", "description": "Unknown Transfer-Encoding without CL should be rejected with 501", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 501, "expected": "400/501 or close", "got": "501", "connectionState": "Open", "reason": "Unknown Transfer-Encoding without CL should be rejected with 501", "scored": true, "durationMs": 50.8556, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: gzip\r\n\r\n", "rawResponse": "HTTP/1.1 501 Not Implemented\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:41 GMT\r\nContent-Length: 24\r\n\r\n<h1>Not Implemented</h1>", "behavioralNote": null}, {"id": "COMP-LEADING-CRLF", "description": "Leading CRLF before request-line \u2014 server may ignore per RFC", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Leading CRLF before request-line \u2014 server may ignore per RFC", "scored": true, "durationMs": 51.09, "rawRequest": "\r\n\r\nGET / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Expose-Headers: \r\nAccept: */*\r\nAccept-Language: en-US, en\r\nAccept-Charset: ISO-8859-1, utf-8\r\nCache-Control: no-cache\r\nConnection: close\r\nHost: diogo-system-product-name:8080\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:41 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-ABSOLUTE-FORM", "description": "Absolute-form request-target \u2014 server should accept per RFC", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Absolute-form request-target \u2014 server should accept per RFC", "scored": true, "durationMs": 50.9935, "rawRequest": "GET http://localhost:8080/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Expose-Headers: \r\nAccept: */*\r\nAccept-Language: en-US, en\r\nAccept-Charset: ISO-8859-1, utf-8\r\nCache-Control: no-cache\r\nConnection: close\r\nHost: diogo-system-product-name:8080\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:41 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-METHOD-CASE", "description": "Lowercase method 'get' \u2014 methods are case-sensitive per RFC", "category": "Compliance", "rfc": "RFC 9110 \u00a79.1", "verdict": "Warn", "statusCode": 200, "expected": "400/405/501 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Lowercase method 'get' \u2014 methods are case-sensitive per RFC", "scored": true, "durationMs": 50.9143, "rawRequest": "get / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Expose-Headers: \r\nAccept: */*\r\nAccept-Language: en-US, en\r\nAccept-Charset: ISO-8859-1, utf-8\r\nCache-Control: no-cache\r\nConnection: close\r\nHost: diogo-system-product-name:8080\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:41 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-POST-CL-BODY", "description": "POST with Content-Length and matching body must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "POST with Content-Length and matching body must be accepted", "scored": true, "durationMs": 49.9016, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Expose-Headers: \r\nAccept: */*\r\nAccept-Language: en-US, en\r\nAccept-Charset: ISO-8859-1, utf-8\r\nCache-Control: no-cache\r\nConnection: close\r\nHost: diogo-system-product-name:8080\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:41 GMT\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-POST-CL-ZERO", "description": "POST with Content-Length: 0 and no body must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "ClosedByServer", "reason": "POST with Content-Length: 0 and no body must be accepted", "scored": true, "durationMs": 49.8863, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Expose-Headers: \r\nAccept: */*\r\nAccept-Language: en-US, en\r\nAccept-Charset: ISO-8859-1, utf-8\r\nCache-Control: no-cache\r\nConnection: close\r\nHost: diogo-system-product-name:8080\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:41 GMT\r\nContent-Length: 0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-POST-NO-CL-NO-TE", "description": "POST with neither Content-Length nor Transfer-Encoding \u2014 implicit zero-length body", "category": "Compliance", "rfc": "RFC 9112 \u00a76.3", "verdict": "Fail", "statusCode": 411, "expected": "2xx or close", "got": "411", "connectionState": "ClosedByServer", "reason": "Expected 2xx or close, got 411 \u2014 POST with neither Content-Length nor Transfer-Encoding \u2014 implicit zero-length body", "scored": true, "durationMs": 50.839, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 411 Length Required\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:41 GMT\r\nContent-Length: 24\r\nConnection: close\r\n\r\n<h1>Length Required</h1>", "behavioralNote": null}, {"id": "COMP-POST-CL-UNDERSEND", "description": "POST with Content-Length: 10 but only 5 bytes sent \u2014 incomplete body", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "POST with Content-Length: 10 but only 5 bytes sent \u2014 incomplete body", "scored": true, "durationMs": 5000.9497, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 10\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-CHUNKED-BODY", "description": "Valid single-chunk POST must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": null, "expected": "2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 2xx, got TimedOut \u2014 Valid single-chunk POST must be accepted", "scored": true, "durationMs": 5000.5871, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-CHUNKED-MULTI", "description": "Valid multi-chunk POST must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": null, "expected": "2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 2xx, got TimedOut \u2014 Valid multi-chunk POST must be accepted", "scored": true, "durationMs": 5000.2458, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n6\r\n world\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-CHUNKED-EMPTY", "description": "Zero-length chunked body (just terminator) must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": null, "expected": "2xx or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Zero-length chunked body (just terminator) must be accepted", "scored": true, "durationMs": 5001.196, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-CHUNKED-NO-FINAL", "description": "Chunked body without zero terminator \u2014 incomplete transfer", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Chunked body without zero terminator \u2014 incomplete transfer", "scored": true, "durationMs": 5001.0558, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-UPGRADE-POST", "description": "WebSocket upgrade via POST must not be accepted", "category": "Compliance", "rfc": "RFC 6455 \u00a74.1", "verdict": "Pass", "statusCode": 411, "expected": "!101", "got": "411", "connectionState": "ClosedByServer", "reason": "WebSocket upgrade via POST must not be accepted", "scored": true, "durationMs": 50.8215, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 13\r\n\r\n", "rawResponse": "HTTP/1.1 411 Length Required\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:11:06 GMT\r\nContent-Length: 24\r\nConnection: close\r\n\r\n<h1>Length Required</h1>", "behavioralNote": null}, {"id": "COMP-UPGRADE-MISSING-CONN", "description": "Upgrade header without Connection: Upgrade must not trigger protocol switch", "category": "Compliance", "rfc": "RFC 9110 \u00a77.8", "verdict": "Fail", "statusCode": null, "expected": "!101", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected !101, got TimedOut \u2014 Upgrade header without Connection: Upgrade must not trigger protocol switch", "scored": true, "durationMs": 5001.1303, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 13\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-UPGRADE-UNKNOWN", "description": "Upgrade to unknown protocol must not return 101", "category": "Compliance", "rfc": "RFC 9110 \u00a77.8", "verdict": "Fail", "statusCode": null, "expected": "!101", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected !101, got TimedOut \u2014 Upgrade to unknown protocol must not return 101", "scored": true, "durationMs": 5000.4173, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: totally-made-up/1.0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-METHOD-CONNECT", "description": "CONNECT to an origin server must be rejected", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.6", "verdict": "Pass", "statusCode": 400, "expected": "400/405/501 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "CONNECT to an origin server must be rejected", "scored": true, "durationMs": 50.9251, "rawRequest": "CONNECT example.com:443 HTTP/1.1\r\nHost: example.com:443\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:11:17 GMT\r\nContent-Length: 74\r\nConnection: close\r\n\r\n<h1>Bad Request (Invalid url: http://example.com:8080example.com:443)</h1>", "behavioralNote": null}, {"id": "COMP-EXPECT-UNKNOWN", "description": "Unknown Expect value should be rejected with 417", "category": "Compliance", "rfc": "RFC 9110 \u00a710.1.1", "verdict": "Fail", "statusCode": null, "expected": "417 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 417 or 2xx, got TimedOut \u2014 Unknown Expect value should be rejected with 417", "scored": true, "durationMs": 5000.7811, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nExpect: 200-ok\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-GET-WITH-CL-BODY", "description": "GET with Content-Length and body \u2014 semantically unusual", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.1", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 GET with Content-Length and body \u2014 semantically unusual", "scored": false, "durationMs": 5000.4996, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-CHUNKED-EXTENSION", "description": "Chunk extension (valid per RFC) \u2014 server should accept or may reject", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": null, "expected": "2xx or 400", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 2xx or 400, got TimedOut \u2014 Chunk extension (valid per RFC) \u2014 server should accept or may reject", "scored": true, "durationMs": 5000.735, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;ext=value\r\nhello\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-UPGRADE-INVALID-VER", "description": "WebSocket upgrade with unsupported version \u2014 should return 426", "category": "Compliance", "rfc": "RFC 6455 \u00a74.4", "verdict": "Fail", "statusCode": null, "expected": "426 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 426 or 2xx, got TimedOut \u2014 WebSocket upgrade with unsupported version \u2014 should return 426", "scored": true, "durationMs": 5000.5493, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 99\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-METHOD-TRACE", "description": "TRACE request \u2014 should be disabled in production", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.8", "verdict": "Fail", "statusCode": null, "expected": "405/501 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 405/501 or 2xx, got TimedOut \u2014 TRACE request \u2014 should be disabled in production", "scored": false, "durationMs": 5001.4962, "rawRequest": "TRACE / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-HOST-EMPTY-VALUE", "description": "Empty Host header value must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Empty Host header value must be rejected", "scored": true, "durationMs": 50.7924, "rawRequest": "GET / HTTP/1.1\r\nHost: \r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:11:42 GMT\r\nContent-Length: 40\r\nConnection: close\r\n\r\n<h1>Bad Request (Invalid host name)</h1>", "behavioralNote": null}, {"id": "COMP-REQUEST-LINE-TAB", "description": "Tab as request-line delimiter \u2014 SHOULD reject but MAY parse on whitespace", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Tab as request-line delimiter \u2014 SHOULD reject but MAY parse on whitespace", "scored": true, "durationMs": 50.85, "rawRequest": "GET\t/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:11:42 GMT\r\nContent-Length: 52\r\nConnection: close\r\nKeep-Alive: true\r\n\r\n<h1>Bad Request (Invalid request line (parts).)</h1>", "behavioralNote": null}, {"id": "COMP-VERSION-MISSING-MINOR", "description": "HTTP/1 with no minor version digit is invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/1 with no minor version digit is invalid", "scored": true, "durationMs": 50.7097, "rawRequest": "GET / HTTP/1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:11:42 GMT\r\nContent-Length: 54\r\nConnection: close\r\nKeep-Alive: true\r\n\r\n<h1>Bad Request (Invalid request line (version).)</h1>", "behavioralNote": null}, {"id": "COMP-VERSION-LEADING-ZEROS", "description": "HTTP/01.01 \u2014 leading zeros in version digits are invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/01.01 \u2014 leading zeros in version digits are invalid", "scored": true, "durationMs": 50.687, "rawRequest": "GET / HTTP/01.01\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:11:42 GMT\r\nContent-Length: 54\r\nConnection: close\r\nKeep-Alive: true\r\n\r\n<h1>Bad Request (Invalid request line (version).)</h1>", "behavioralNote": null}, {"id": "COMP-VERSION-WHITESPACE", "description": "HTTP/ 1.1 \u2014 whitespace inside version token is invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/ 1.1 \u2014 whitespace inside version token is invalid", "scored": true, "durationMs": 50.4743, "rawRequest": "GET / HTTP/ 1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:11:42 GMT\r\nContent-Length: 54\r\nConnection: close\r\nKeep-Alive: true\r\n\r\n<h1>Bad Request (Invalid request line (version).)</h1>", "behavioralNote": null}, {"id": "COMP-CONNECTION-CLOSE", "description": "Server must close connection after responding to Connection: close", "category": "Compliance", "rfc": "RFC 9112 \u00a79.3", "verdict": "Fail", "statusCode": null, "expected": "2xx + close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 2xx + close, got TimedOut \u2014 Server must close connection after responding to Connection: close", "scored": true, "durationMs": 5000.8464, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-HTTP10-DEFAULT-CLOSE", "description": "HTTP/1.0 without keep-alive \u2014 server should close connection after response", "category": "Compliance", "rfc": "RFC 9112 \u00a79.3", "verdict": "Fail", "statusCode": null, "expected": "2xx + close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 2xx + close, got TimedOut \u2014 HTTP/1.0 without keep-alive \u2014 server should close connection after response", "scored": true, "durationMs": 5000.7992, "rawRequest": "GET / HTTP/1.0\r\nHost: localhost:8080\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-HTTP10-NO-HOST", "description": "HTTP/1.0 without Host header \u2014 valid per HTTP/1.0", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": null, "expected": "200 or 400", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 200 or 400, got TimedOut \u2014 HTTP/1.0 without Host header \u2014 valid per HTTP/1.0", "scored": false, "durationMs": 5000.5845, "rawRequest": "GET / HTTP/1.0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-HTTP12-VERSION", "description": "HTTP/1.2 \u2014 higher minor version should be accepted as HTTP/1.x compatible", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Fail", "statusCode": null, "expected": "200 or 505", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 200 or 505, got TimedOut \u2014 HTTP/1.2 \u2014 higher minor version should be accepted as HTTP/1.x compatible", "scored": false, "durationMs": 5001.2249, "rawRequest": "GET / HTTP/1.2\r\nHost: localhost:8080\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-TRACE-WITH-BODY", "description": "TRACE with Content-Length body should be rejected", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.8", "verdict": "Fail", "statusCode": null, "expected": "400/405 or 200", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400/405 or 200, got TimedOut \u2014 TRACE with Content-Length body should be rejected", "scored": false, "durationMs": 5000.6362, "rawRequest": "TRACE / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-CHUNKED-TRAILER-VALID", "description": "Valid chunked body with trailer field should be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1.2", "verdict": "Fail", "statusCode": null, "expected": "2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 2xx, got TimedOut \u2014 Valid chunked body with trailer field should be accepted", "scored": true, "durationMs": 5000.2995, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nX-Checksum: abc\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-CHUNKED-HEX-UPPERCASE", "description": "Chunk size with uppercase hex (A = 10) should be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": null, "expected": "2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 2xx, got TimedOut \u2014 Chunk size with uppercase hex (A = 10) should be accepted", "scored": true, "durationMs": 5000.5502, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\nA\r\nhelloworld\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CL-TE-BOTH", "description": "Both Content-Length and Transfer-Encoding present \u2014 server MAY reject or process with TE alone", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Both Content-Length and Transfer-Encoding present \u2014 server MAY reject or process with TE alone", "scored": true, "durationMs": 5001.024, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 6\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-DUPLICATE-CL", "description": "Duplicate Content-Length with different values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Duplicate Content-Length with different values must be rejected", "scored": true, "durationMs": 51.2144, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nContent-Length: 10\r\n\r\nhelloworld", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:12:22 GMT\r\nContent-Length: 46\r\nConnection: close\r\n\r\n<h1>Bad Request (Invalid Content-Length.)</h1>", "behavioralNote": null}, {"id": "SMUG-CL-LEADING-ZEROS", "description": "Content-Length with leading zeros \u2014 valid per 1*DIGIT grammar but may cause parser disagreement", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Content-Length with leading zeros \u2014 valid per 1*DIGIT grammar but may cause parser disagreement", "scored": true, "durationMs": 5000.6635, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 005\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-XCHUNKED", "description": "Transfer-Encoding: xchunked must not be treated as chunked", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 501, "expected": "400 or close", "got": "501", "connectionState": "Open", "reason": "Expected 400 or close, got 501 \u2014 Transfer-Encoding: xchunked must not be treated as chunked", "scored": true, "durationMs": 50.6881, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: xchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 501 Not Implemented\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:12:27 GMT\r\nContent-Length: 24\r\n\r\n<h1>Not Implemented</h1>", "behavioralNote": null}, {"id": "SMUG-TE-TRAILING-SPACE", "description": "Transfer-Encoding: 'chunked ' (trailing space) must not be treated as chunked", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Transfer-Encoding: 'chunked ' (trailing space) must not be treated as chunked", "scored": true, "durationMs": 5000.8747, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked \r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-SP-BEFORE-COLON", "description": "Transfer-Encoding with space before colon must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Transfer-Encoding with space before colon must be rejected", "scored": true, "durationMs": 5000.5322, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding : chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CL-NEGATIVE", "description": "Negative Content-Length must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Negative Content-Length must be rejected", "scored": true, "durationMs": 50.5764, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: -1\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:12:37 GMT\r\nContent-Length: 46\r\nConnection: close\r\n\r\n<h1>Bad Request (Invalid Content-Length.)</h1>", "behavioralNote": null}, {"id": "SMUG-CLTE-PIPELINE", "description": "CL.TE smuggling probe \u2014 follow-up should not receive smuggled response", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or close, got TimedOut \u2014 CL.TE smuggling probe \u2014 follow-up should not receive smuggled response", "scored": true, "durationMs": 5001.3467, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 4\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TECL-PIPELINE", "description": "TE.CL smuggling probe \u2014 TE: chunked + CL: 30 with pipelined GET", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or close, got TimedOut \u2014 TE.CL smuggling probe \u2014 TE: chunked + CL: 30 with pipelined GET", "scored": true, "durationMs": 5000.6815, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nContent-Length: 30\r\n\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CL-TRAILING-SPACE", "description": "Content-Length with trailing space \u2014 OWS trimming is valid per RFC 9110 \u00a75.5", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Content-Length with trailing space \u2014 OWS trimming is valid per RFC 9110 \u00a75.5", "scored": true, "durationMs": 5001.1962, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5 \r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-DOUBLE-CHUNKED", "description": "Transfer-Encoding: chunked, chunked with CL is ambiguous", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 501, "expected": "400 or 2xx", "got": "501", "connectionState": "ClosedByServer", "reason": "Expected 400 or 2xx, got 501 \u2014 Transfer-Encoding: chunked, chunked with CL is ambiguous", "scored": true, "durationMs": 50.8155, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked, chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 501 Not Implemented\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:12:52 GMT\r\nContent-Length: 24\r\n\r\n<h1>Not Implemented</h1>HTTP/1.1 404 Not Found\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:12:52 GMT\r\nContent-Length: 30\r\nConnection: close\r\nKeep-Alive: true\r\n\r\n<h1>Not Found (Not Found)</h1>", "behavioralNote": null}, {"id": "SMUG-CL-EXTRA-LEADING-SP", "description": "Content-Length with extra leading whitespace (double space OWS)", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Content-Length with extra leading whitespace (double space OWS)", "scored": true, "durationMs": 5000.2496, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length:  5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-CASE-MISMATCH", "description": "Transfer-Encoding: Chunked (capital C) with CL \u2014 case-insensitive is valid", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Transfer-Encoding: Chunked (capital C) with CL \u2014 case-insensitive is valid", "scored": true, "durationMs": 5000.7097, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: Chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CL-COMMA-DIFFERENT", "description": "Content-Length with comma-separated different values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with comma-separated different values must be rejected", "scored": true, "durationMs": 50.696, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5, 10\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:13:02 GMT\r\nContent-Length: 76\r\nConnection: close\r\n\r\n<h1>Bad Request (The input string '5, 10' was not in a correct format.)</h1>", "behavioralNote": null}, {"id": "SMUG-TE-NOT-FINAL-CHUNKED", "description": "Transfer-Encoding where chunked is not final \u2014 server MUST respond with 400 (RFC 9112 \u00a76.3)", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.3", "verdict": "Fail", "statusCode": 501, "expected": "400 or close", "got": "501", "connectionState": "Open", "reason": "Expected 400 or close, got 501 \u2014 Transfer-Encoding where chunked is not final \u2014 server MUST respond with 400 (RFC 9112 \u00a76.3)", "scored": true, "durationMs": 50.3862, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked, gzip\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 501 Not Implemented\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:13:02 GMT\r\nContent-Length: 24\r\n\r\n<h1>Not Implemented</h1>", "behavioralNote": null}, {"id": "SMUG-TE-HTTP10", "description": "Transfer-Encoding in HTTP/1.0 request must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Transfer-Encoding in HTTP/1.0 request must be rejected", "scored": true, "durationMs": 5000.3743, "rawRequest": "POST / HTTP/1.0\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CHUNK-BARE-SEMICOLON", "description": "Chunk size with bare semicolon and no extension name must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Chunk size with bare semicolon and no extension name must be rejected", "scored": true, "durationMs": 5000.7535, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\r\nhello\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-BARE-CR-HEADER-VALUE", "description": "Bare CR in header value must be rejected or replaced with SP", "category": "Smuggling", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Bare CR in header value must be rejected or replaced with SP", "scored": true, "durationMs": 5000.5138, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nX-Test: val\rue\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CL-OCTAL", "description": "Content-Length with octal prefix (0o5) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with octal prefix (0o5) must be rejected", "scored": true, "durationMs": 50.8968, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0o5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:13:17 GMT\r\nContent-Length: 74\r\nConnection: close\r\n\r\n<h1>Bad Request (The input string '0o5' was not in a correct format.)</h1>", "behavioralNote": null}, {"id": "SMUG-CHUNK-UNDERSCORE", "description": "Chunk size with underscores (1_0) must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Chunk size with underscores (1_0) must be rejected", "scored": true, "durationMs": 5001.4599, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n1_0\r\nhello world!!!!!\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-EMPTY-VALUE", "description": "Transfer-Encoding with empty value must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 501, "expected": "400 or close", "got": "501", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 501 \u2014 Transfer-Encoding with empty value must be rejected", "scored": true, "durationMs": 50.706, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 501 Not Implemented\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:13:22 GMT\r\nContent-Length: 24\r\n\r\n<h1>Not Implemented</h1>HTTP/1.1 404 Not Found\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:13:22 GMT\r\nContent-Length: 30\r\nConnection: close\r\nKeep-Alive: true\r\n\r\n<h1>Not Found (Not Found)</h1>", "behavioralNote": null}, {"id": "SMUG-TE-LEADING-COMMA", "description": "Transfer-Encoding with leading comma (, chunked) \u2014 RFC says empty list elements MUST be ignored", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.6.1", "verdict": "Fail", "statusCode": 501, "expected": "400 or 2xx", "got": "501", "connectionState": "Open", "reason": "Expected 400 or 2xx, got 501 \u2014 Transfer-Encoding with leading comma (, chunked) \u2014 RFC says empty list elements MUST be ignored", "scored": true, "durationMs": 50.8293, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: , chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 501 Not Implemented\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:13:22 GMT\r\nContent-Length: 24\r\n\r\n<h1>Not Implemented</h1>", "behavioralNote": null}, {"id": "SMUG-TE-DUPLICATE-HEADERS", "description": "Two Transfer-Encoding headers with CL present \u2014 ambiguous framing", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 501, "expected": "400 or close", "got": "501", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 501 \u2014 Two Transfer-Encoding headers with CL present \u2014 ambiguous framing", "scored": true, "durationMs": 50.4682, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nTransfer-Encoding: identity\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 501 Not Implemented\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:13:22 GMT\r\nContent-Length: 42\r\n\r\n<h1>Not Implemented (Not Implemented)</h1>HTTP/1.1 200 OK\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:13:22 GMT\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-HEX-PREFIX", "description": "Chunk size with 0x prefix must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Chunk size with 0x prefix must be rejected", "scored": true, "durationMs": 5000.5998, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n0x5\r\nhello\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CL-HEX-PREFIX", "description": "Content-Length with hex prefix (0x5) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with hex prefix (0x5) must be rejected", "scored": true, "durationMs": 50.6014, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0x5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:13:27 GMT\r\nContent-Length: 74\r\nConnection: close\r\n\r\n<h1>Bad Request (The input string '0x5' was not in a correct format.)</h1>", "behavioralNote": null}, {"id": "SMUG-CL-INTERNAL-SPACE", "description": "Content-Length with internal space (1 0) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with internal space (1 0) must be rejected", "scored": true, "durationMs": 50.3408, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 1 0\r\n\r\nhello12345", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:13:27 GMT\r\nContent-Length: 74\r\nConnection: close\r\n\r\n<h1>Bad Request (The input string '1 0' was not in a correct format.)</h1>", "behavioralNote": null}, {"id": "SMUG-CHUNK-LEADING-SP", "description": "Chunk size with leading space must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Chunk size with leading space must be rejected", "scored": true, "durationMs": 5000.1543, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n 5\r\nhello\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CHUNK-MISSING-TRAILING-CRLF", "description": "Chunk data without trailing CRLF must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Chunk data without trailing CRLF must be rejected", "scored": true, "durationMs": 5000.1132, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-LF", "description": "Bare LF in chunk extension \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Bare LF in chunk extension \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 5000.2466, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\nhello\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CHUNK-SPILL", "description": "Chunk declares size 5 but sends 7 bytes \u2014 oversized chunk data must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Chunk declares size 5 but sends 7 bytes \u2014 oversized chunk data must be rejected", "scored": true, "durationMs": 5000.3329, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello!!\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CHUNK-LF-TERM", "description": "Bare LF as chunk data terminator \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Bare LF as chunk data terminator \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 5000.239, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-CTRL", "description": "NUL byte in chunk extension must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "NUL byte in chunk extension must be rejected", "scored": true, "durationMs": 5000.1441, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\u0000ext\r\nhello\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-CR", "description": "Bare CR (not CRLF) in chunk extension \u2014 some parsers treat CR alone as line ending", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Bare CR (not CRLF) in chunk extension \u2014 some parsers treat CR alone as line ending", "scored": true, "durationMs": 5000.6841, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;a\rX\r\nhello\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-VTAB", "description": "Vertical tab before 'chunked' in TE value \u2014 control char obfuscation vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Vertical tab before 'chunked' in TE value \u2014 control char obfuscation vector", "scored": true, "durationMs": 5000.5707, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \u000bchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-FORMFEED", "description": "Form feed before 'chunked' in TE value \u2014 control char obfuscation vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Form feed before 'chunked' in TE value \u2014 control char obfuscation vector", "scored": true, "durationMs": 5000.4606, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \fchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-NULL", "description": "NUL byte appended to 'chunked' in TE value \u2014 C-string truncation attack", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "NUL byte appended to 'chunked' in TE value \u2014 C-string truncation attack", "scored": true, "durationMs": 50.6991, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\u0000\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:14:12 GMT\r\nContent-Length: 90\r\nConnection: close\r\n\r\n<h1>Bad Request (Specified value has invalid Control characters. (Parameter 'value'))</h1>", "behavioralNote": null}, {"id": "SMUG-CHUNK-LF-TRAILER", "description": "Bare LF in chunked trailer termination \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Bare LF in chunked trailer termination \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 5000.3574, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-IDENTITY", "description": "Transfer-Encoding: identity (deprecated) with CL must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77", "verdict": "Fail", "statusCode": 501, "expected": "400 or close", "got": "501", "connectionState": "Open", "reason": "Expected 400 or close, got 501 \u2014 Transfer-Encoding: identity (deprecated) with CL must be rejected", "scored": true, "durationMs": 50.5382, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: identity\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 501 Not Implemented\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:14:18 GMT\r\nContent-Length: 24\r\n\r\n<h1>Not Implemented</h1>", "behavioralNote": null}, {"id": "SMUG-CHUNK-NEGATIVE", "description": "Negative chunk size must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Negative chunk size must be rejected", "scored": true, "durationMs": 5000.212, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n-1\r\nhello\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TRANSFER_ENCODING", "description": "Transfer_Encoding (underscore) header with CL \u2014 not a valid header but some parsers accept", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Transfer_Encoding (underscore) header with CL \u2014 not a valid header but some parsers accept", "scored": false, "durationMs": 5000.2438, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer_Encoding: chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CL-COMMA-SAME", "description": "Content-Length with comma-separated identical values \u2014 some servers merge", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with comma-separated identical values \u2014 some servers merge", "scored": false, "durationMs": 50.4451, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5, 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:14:28 GMT\r\nContent-Length: 75\r\nConnection: close\r\n\r\n<h1>Bad Request (The input string '5, 5' was not in a correct format.)</h1>", "behavioralNote": null}, {"id": "SMUG-CHUNKED-WITH-PARAMS", "description": "Transfer-Encoding: chunked;ext=val \u2014 parameters on chunked encoding", "category": "Smuggling", "rfc": "RFC 9112 \u00a77", "verdict": "Fail", "statusCode": 501, "expected": "400 or 2xx", "got": "501", "connectionState": "Open", "reason": "Expected 400 or 2xx, got 501 \u2014 Transfer-Encoding: chunked;ext=val \u2014 parameters on chunked encoding", "scored": true, "durationMs": 50.4734, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked;ext=val\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 501 Not Implemented\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:14:28 GMT\r\nContent-Length: 24\r\n\r\n<h1>Not Implemented</h1>", "behavioralNote": null}, {"id": "SMUG-EXPECT-100-CL", "description": "Expect: 100-continue with Content-Length \u2014 server should send 100 then read body", "category": "Smuggling", "rfc": "RFC 9110 \u00a710.1.1", "verdict": "Fail", "statusCode": 100, "expected": "400 or 2xx", "got": "100", "connectionState": "Open", "reason": "Expected 400 or 2xx, got 100 \u2014 Expect: 100-continue with Content-Length \u2014 server should send 100 then read body", "scored": false, "durationMs": 50.4413, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nExpect: 100-continue\r\n\r\nhello", "rawResponse": "HTTP/1.1 100 Continue\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-CL", "description": "Content-Length in chunked trailers must be ignored \u2014 prohibited trailer field", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Content-Length in chunked trailers must be ignored \u2014 prohibited trailer field", "scored": false, "durationMs": 5000.8345, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nContent-Length: 50\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TRAILER-TE", "description": "Transfer-Encoding in chunked trailers must be ignored \u2014 prohibited trailer field", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Transfer-Encoding in chunked trailers must be ignored \u2014 prohibited trailer field", "scored": false, "durationMs": 5000.3279, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nTransfer-Encoding: chunked\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TRAILER-HOST", "description": "Host header in chunked trailers must not be used for routing", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.2", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Host header in chunked trailers must not be used for routing", "scored": false, "durationMs": 5000.5226, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nHost: evil.example.com\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TRAILER-AUTH", "description": "Authorization header in chunked trailers \u2014 prohibited per RFC 9110 \u00a76.5.1", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Authorization header in chunked trailers \u2014 prohibited per RFC 9110 \u00a76.5.1", "scored": false, "durationMs": 5000.4892, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nAuthorization: Bearer evil\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-HEAD-CL-BODY", "description": "HEAD request with Content-Length and body \u2014 server must not leave body on connection", "category": "Smuggling", "rfc": "RFC 9110 \u00a79.3.2", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 HEAD request with Content-Length and body \u2014 server must not leave body on connection", "scored": false, "durationMs": 5000.4802, "rawRequest": "HEAD / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-OPTIONS-CL-BODY", "description": "OPTIONS with Content-Length and body \u2014 server should consume or reject body", "category": "Smuggling", "rfc": "RFC 9110 \u00a79.3.7", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 OPTIONS with Content-Length and body \u2014 server should consume or reject body", "scored": false, "durationMs": 5000.4273, "rawRequest": "OPTIONS / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CL-UNDERSCORE", "description": "Content-Length with underscore digit separator (1_0) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with underscore digit separator (1_0) must be rejected", "scored": true, "durationMs": 50.4404, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 1_0\r\n\r\nhelloworld", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:14:58 GMT\r\nContent-Length: 74\r\nConnection: close\r\n\r\n<h1>Bad Request (The input string '1_0' was not in a correct format.)</h1>", "behavioralNote": null}, {"id": "SMUG-CL-NEGATIVE-ZERO", "description": "Content-Length: -0 must be rejected \u2014 not valid 1*DIGIT", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Content-Length: -0 must be rejected \u2014 not valid 1*DIGIT", "scored": true, "durationMs": 5000.4135, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: -0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CL-DOUBLE-ZERO", "description": "Content-Length: 00 \u2014 matches 1*DIGIT but leading zero ambiguity", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Content-Length: 00 \u2014 matches 1*DIGIT but leading zero ambiguity", "scored": true, "durationMs": 5000.5927, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 00\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CL-LEADING-ZEROS-OCTAL", "description": "Content-Length: 0200 \u2014 octal 128 vs decimal 200, parser disagreement vector", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Content-Length: 0200 \u2014 octal 128 vs decimal 200, parser disagreement vector", "scored": true, "durationMs": 5001.5829, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0200\r\n\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-OBS-FOLD", "description": "Transfer-Encoding with obs-fold line wrapping must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a75.1", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with obs-fold line wrapping must be rejected", "scored": true, "durationMs": 51.1831, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding:\r\n chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:15:13 GMT\r\nContent-Length: 34\r\nConnection: close\r\n\r\n<h1>Bad Request (Bad Request)</h1>", "behavioralNote": null}, {"id": "SMUG-TE-TRAILING-COMMA", "description": "Transfer-Encoding: chunked, \u2014 trailing comma produces empty list element", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.6.1", "verdict": "Fail", "statusCode": 501, "expected": "400 or 2xx", "got": "501", "connectionState": "Open", "reason": "Expected 400 or 2xx, got 501 \u2014 Transfer-Encoding: chunked, \u2014 trailing comma produces empty list element", "scored": true, "durationMs": 50.658, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked,\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 501 Not Implemented\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:15:13 GMT\r\nContent-Length: 24\r\n\r\n<h1>Not Implemented</h1>", "behavioralNote": null}, {"id": "SMUG-TE-TAB-BEFORE-VALUE", "description": "Transfer-Encoding with tab as OWS before value", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Transfer-Encoding with tab as OWS before value", "scored": false, "durationMs": 5000.6416, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding:\tchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-ABSOLUTE-URI-HOST-MISMATCH", "description": "Absolute-form URI with different Host header \u2014 routing confusion vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a73.2.2", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Absolute-form URI with different Host header \u2014 routing confusion vector", "scored": false, "durationMs": 5000.456, "rawRequest": "GET http://other.example.com/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-MULTIPLE-HOST-COMMA", "description": "Host header with comma-separated values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a77.2", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Host header with comma-separated values must be rejected", "scored": true, "durationMs": 5000.4887, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080, other.example.com\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CHUNK-BARE-CR-TERM", "description": "Chunk size line terminated by bare CR \u2014 not a valid line terminator", "category": "Smuggling", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Chunk size line terminated by bare CR \u2014 not a valid line terminator", "scored": true, "durationMs": 5000.205, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\rhello\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TRAILER-CONTENT-TYPE", "description": "Content-Type in chunked trailer \u2014 prohibited per RFC 9110 \u00a76.5.1", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Content-Type in chunked trailer \u2014 prohibited per RFC 9110 \u00a76.5.1", "scored": false, "durationMs": 5000.528, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nContent-Type: text/evil\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-BINARY-GARBAGE", "description": "Random binary garbage should be rejected or connection closed", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "Random binary garbage should be rejected or connection closed", "scored": true, "durationMs": 51.0283, "rawRequest": ">\u0017???\u0004?;???V???:o?M%U\u0017]?n?\t\u0014W??6??(\u000b??\u0007???p??\u0005\tngk??\rF?'??'\"?????g?\u001a?????rvc??7i??????)??\u0000Q?????\u000eq\u0005-~????>B??u?8???`\u000b?J\u0017>?\u001d?b?\t???T5{\n????\u0006t|????\u0018\u0010?D??\u0015'????dQ%5w\tN K???\r?\u0011????D?\u0003I?(?\u0011??\r?\u001bi?L???\u0005?kg4Ze\f6??\"QT><<`\u0007u\f????=1?jMah\u0012??+?-??J\u001cP??\u001d?7?,???j2\u0014????(", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:15:38 GMT\r\nContent-Length: 52\r\nConnection: close\r\nKeep-Alive: true\r\n\r\n<h1>Bad Request (Invalid request line (parts).)</h1>", "behavioralNote": null}, {"id": "MAL-LONG-URL", "description": "100KB URL should be rejected with 414 URI Too Long", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": null, "expected": "400/414/431 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400/414/431 or close, got TimedOut \u2014 100KB URL should be rejected with 414 URI Too Long", "scored": true, "durationMs": 5001.2794, "rawRequest": "GET /AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-LONG-HEADER-VALUE", "description": "100KB header value should be rejected with 431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/431 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "100KB header value should be rejected with 431", "scored": true, "durationMs": 51.027, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Big: BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:15:43 GMT\r\nContent-Length: 34\r\nConnection: close\r\n\r\n<h1>Bad Request (Bad Request)</h1>", "behavioralNote": null}, {"id": "MAL-MANY-HEADERS", "description": "10,000 headers should be rejected with 431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/431 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "10,000 headers should be rejected with 431", "scored": true, "durationMs": 51.6348, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-H-0: value\r\nX-H-1: value\r\nX-H-2: value\r\nX-H-3: value\r\nX-H-4: value\r\nX-H-5: value\r\nX-H-6: value\r\nX-H-7: value\r\nX-H-8: value\r\nX-H-9: value\r\nX-H-10: value\r\nX-H-11: value\r\nX-H-12: value\r\nX-H-13: value\r\nX-H-14: value\r\nX-H-15: value\r\nX-H-16: value\r\nX-H-17: value\r\nX-H-18: value\r\nX-H-19: value\r\nX-H-20: value\r\nX-H-21: value\r\nX-H-22: value\r\nX-H-23: value\r\nX-H-24: value\r\nX-H-25: value\r\nX-H-26: value\r\nX-H-27: value\r\nX-H-28: value\r\nX-H-29: value\r\nX-H-30: value\r\nX-H-31: value\r\nX-H-32: value\r\nX-H-33: value\r\nX-H-34: value\r\nX-H-35: value\r\nX-H-36: value\r\nX-H-37: value\r\nX-H-38: value\r\nX-H-39: value\r\nX-H-40: value\r\nX-H-41: value\r\nX-H-42: value\r\nX-H-43: value\r\nX-H-44: value\r\nX-H-45: value\r\nX-H-46: value\r\nX-H-47: value\r\nX-H-48: value\r\nX-H-49: value\r\nX-H-50: value\r\nX-H-51: value\r\nX-H-52: value\r\nX-H-53: value\r\nX-H-54: value\r\nX-H-55: value\r\nX-H-56: value\r\nX-H-57: value\r\nX-H-58: value\r\nX-H-59: value\r\nX-H-60: value\r\nX-H-61: value\r\nX-H-62: value\r\nX-H-63: value\r\nX-H-64: value\r\nX-H-65: value\r\nX-H-66: value\r\nX-H-67: value\r\nX-H-68: value\r\nX-H-69: value\r\nX-H-70: value\r\nX-H-71: value\r\nX-H-72: value\r\nX-H-73: value\r\nX-H-74: value\r\nX-H-75: value\r\nX-H-76: value\r\nX-H-77: value\r\nX-H-78: value\r\nX-H-79: value\r\nX-H-80: value\r\nX-H-81: value\r\nX-H-82: value\r\nX-H-83: value\r\nX-H-84: value\r\nX-H-85: value\r\nX-H-86: value\r\nX-H-87: value\r\nX-H-88: value\r\nX-H-89: value\r\nX-H-90: value\r\nX-H-91: value\r\nX-H-92: value\r\nX-H-93: value\r\nX-H-94: value\r\nX-H-95: value\r\nX-H-96: value\r\nX-H-97: value\r\nX-H-98: value\r\nX-H-99: value\r\nX-H-100: value\r\nX-H-101: value\r\nX-H-102: value\r\nX-H-103: value\r\nX-H-104: value\r\nX-H-105: value\r\nX-H-106: value\r\nX-H-107: value\r\nX-H-108: value\r\nX-H-109: value\r\nX-H-110: value\r\nX-H-111: value\r\nX-H-112: value\r\nX-H-113: value\r\nX-H-114: value\r\nX-H-115: value\r\nX-H-116: value\r\nX-H-117: value\r\nX-H-118: value\r\nX-H-119: value\r\nX-H-120: value\r\nX-H-121: value\r\nX-H-122: value\r\nX-H-123: value\r\nX-H-124: value\r\nX-H-125: value\r\nX-H-126: value\r\nX-H-127: value\r\nX-H-128: value\r\nX-H-129: value\r\nX-H-130: value\r\nX-H-131: value\r\nX-H-132: value\r\nX-H-133: value\r\nX-H-134: value\r\nX-H-135: value\r\nX-H-136: value\r\nX-H-137: value\r\nX-H-138: value\r\nX-H-139: value\r\nX-H-140: value\r\nX-H-141: value\r\nX-H-142: value\r\nX-H-143: value\r\nX-H-144: value\r\nX-H-145: value\r\nX-H-146: value\r\nX-H-147: value\r\nX-H-148: value\r\nX-H-149: value\r\nX-H-150: value\r\nX-H-151: value\r\nX-H-152: value\r\nX-H-153: value\r\nX-H-154: value\r\nX-H-155: value\r\nX-H-156: value\r\nX-H-157: value\r\nX-H-158: value\r\nX-H-159: value\r\nX-H-160: value\r\nX-H-161: value\r\nX-H-162: value\r\nX-H-163: value\r\nX-H-164: value\r\nX-H-165: value\r\nX-H-166: value\r\nX-H-167: value\r\nX-H-168: value\r\nX-H-169: value\r\nX-H-170: value\r\nX-H-171: value\r\nX-H-172: value\r\nX-H-173: value\r\nX-H-174: value\r\nX-H-175: value\r\nX-H-176: value\r\nX-H-177: value\r\nX-H-178: value\r\nX-H-179: value\r\nX-H-180: value\r\nX-H-181: value\r\nX-H-182: value\r\nX-H-183: value\r\nX-H-184: value\r\nX-H-185: value\r\nX-H-186: value\r\nX-H-187: value\r\nX-H-188: value\r\nX-H-189: value\r\nX-H-190: value\r\nX-H-191: value\r\nX-H-192: value\r\nX-H-193: value\r\nX-H-194: value\r\nX-H-195: value\r\nX-H-196: value\r\nX-H-197: value\r\nX-H-198: value\r\nX-H-199: value\r\nX-H-200: value\r\nX-H-201: value\r\nX-H-202: value\r\nX-H-203: value\r\nX-H-204: value\r\nX-H-205: value\r\nX-H-206: value\r\nX-H-207: value\r\nX-H-208: value\r\nX-H-209: value\r\nX-H-210: value\r\nX-H-211: value\r\nX-H-212: value\r\nX-H-213: value\r\nX-H-214: value\r\nX-H-215: value\r\nX-H-216: value\r\nX-H-217: value\r\nX-H-218: value\r\nX-H-219: value\r\nX-H-220: value\r\nX-H-221: value\r\nX-H-222: value\r\nX-H-223: value\r\nX-H-224: value\r\nX-H-225: value\r\nX-H-226: value\r\nX-H-227: value\r\nX-H-228: value\r\nX-H-229: value\r\nX-H-230: value\r\nX-H-231: value\r\nX-H-232: value\r\nX-H-233: value\r\nX-H-234: value\r\nX-H-235: value\r\nX-H-236: value\r\nX-H-237: value\r\nX-H-238: value\r\nX-H-239: value\r\nX-H-240: value\r\nX-H-241: value\r\nX-H-242: value\r\nX-H-243: value\r\nX-H-244: value\r\nX-H-245: value\r\nX-H-246: value\r\nX-H-247: value\r\nX-H-248: value\r\nX-H-249: value\r\nX-H-250: value\r\nX-H-251: value\r\nX-H-252: value\r\nX-H-253: value\r\nX-H-254: value\r\nX-H-255: value\r\nX-H-256: value\r\nX-H-257: value\r\nX-H-258: value\r\nX-H-259: value\r\nX-H-260: value\r\nX-H-261: value\r\nX-H-262: value\r\nX-H-263: value\r\nX-H-264: value\r\nX-H-265: value\r\nX-H-266: value\r\nX-H-267: value\r\nX-H-268: value\r\nX-H-269: value\r\nX-H-270: value\r\nX-H-271: value\r\nX-H-272: value\r\nX-H-273: value\r\nX-H-274: value\r\nX-H-275: value\r\nX-H-276: value\r\nX-H-277: value\r\nX-H-278: value\r\nX-H-279: value\r\nX-H-280: value\r\nX-H-281: value\r\nX-H-282: value\r\nX-H-283: value\r\nX-H-284: value\r\nX-H-285: value\r\nX-H-286: value\r\nX-H-287: value\r\nX-H-288: value\r\nX-H-289: value\r\nX-H-290: value\r\nX-H-291: value\r\nX-H-292: value\r\nX-H-293: value\r\nX-H-294: value\r\nX-H-295: value\r\nX-H-296: value\r\nX-H-297: value\r\nX-H-298: value\r\nX-H-299: value\r\nX-H-300: value\r\nX-H-301: value\r\nX-H-302: value\r\nX-H-303: value\r\nX-H-304: value\r\nX-H-305: value\r\nX-H-306: value\r\nX-H-307: value\r\nX-H-308: value\r\nX-H-309: value\r\nX-H-310: value\r\nX-H-311: value\r\nX-H-312: value\r\nX-H-313: value\r\nX-H-314: value\r\nX-H-315: value\r\nX-H-316: value\r\nX-H-317: value\r\nX-H-318: value\r\nX-H-319: value\r\nX-H-320: value\r\nX-H-321: value\r\nX-H-322: value\r\nX-H-323: value\r\nX-H-324: value\r\nX-H-325: value\r\nX-H-326: value\r\nX-H-327: value\r\nX-H-328: value\r\nX-H-329: value\r\nX-H-330: value\r\nX-H-331: value\r\nX-H-332: value\r\nX-H-333: value\r\nX-H-334: value\r\nX-H-335: value\r\nX-H-336: value\r\nX-H-337: value\r\nX-H-338: value\r\nX-H-339: value\r\nX-H-340: value\r\nX-H-341: value\r\nX-H-342: value\r\nX-H-343: value\r\nX-H-344: value\r\nX-H-345: value\r\nX-H-346: value\r\nX-H-347: value\r\nX-H-348: value\r\nX-H-349: value\r\nX-H-350: value\r\nX-H-351: value\r\nX-H-352: value\r\nX-H-353: value\r\nX-H-354: value\r\nX-H-355: value\r\nX-H-356: value\r\nX-H-357: value\r\nX-H-358: value\r\nX-H-359: value\r\nX-H-360: value\r\nX-H-361: value\r\nX-H-362: value\r\nX-H-363: value\r\nX-H-364: value\r\nX-H-365: value\r\nX-H-366: value\r\nX-H-367: value\r\nX-H-368: value\r\nX-H-369: value\r\nX-H-370: value\r\nX-H-371: value\r\nX-H-372: value\r\nX-H-373: value\r\nX-H-374: value\r\nX-H-375: value\r\nX-H-376: value\r\nX-H-377: value\r\nX-H-378: value\r\nX-H-379: value\r\nX-H-380: value\r\nX-H-381: value\r\nX-H-382: value\r\nX-H-383: value\r\nX-H-384: value\r\nX-H-385: value\r\nX-H-386: value\r\nX-H-387: value\r\nX-H-388: value\r\nX-H-389: value\r\nX-H-390: value\r\nX-H-391: value\r\nX-H-392: value\r\nX-H-393: value\r\nX-H-394: value\r\nX-H-395: value\r\nX-H-396: value\r\nX-H-397: value\r\nX-H-398: value\r\nX-H-399: value\r\nX-H-400: value\r\nX-H-401: value\r\nX-H-402: value\r\nX-H-403: value\r\nX-H-404: value\r\nX-H-405: value\r\nX-H-406: value\r\nX-H-407: value\r\nX-H-408: value\r\nX-H-409: value\r\nX-H-410: value\r\nX-H-411: value\r\nX-H-412: value\r\nX-H-413: value\r\nX-H-414: value\r\nX-H-415: value\r\nX-H-416: value\r\nX-H-417: value\r\nX-H-418: value\r\nX-H-419: value\r\nX-H-420: value\r\nX-H-421: value\r\nX-H-422: value\r\nX-H-423: value\r\nX-H-424: value\r\nX-H-425: value\r\nX-H-426: value\r\nX-H-427: value\r\nX-H-428: value\r\nX-H-429: value\r\nX-H-430: value\r\nX-H-431: value\r\nX-H-432: value\r\nX-H-433: value\r\nX-H-434: value\r\nX-H-435: value\r\nX-H-436: value\r\nX-H-437: value\r\nX-H-438: value\r\nX-H-439: value\r\nX-H-440: value\r\nX-H-441: value\r\nX-H-442: value\r\nX-H-443: value\r\nX-H-444: value\r\nX-H-445: value\r\nX-H-446: value\r\nX-H-447: value\r\nX-H-448: value\r\nX-H-449: value\r\nX-H-450: value\r\nX-H-451: value\r\nX-H-452: value\r\nX-H-453: value\r\nX-H-454: value\r\nX-H-455: value\r\nX-H-456: value\r\nX-H-457: value\r\nX-H-458: value\r\nX-H-459: value\r\nX-H-460: value\r\nX-H-461: value\r\nX-H-462: value\r\nX-H-463: value\r\nX-H-464: value\r\nX-H-465: value\r\nX-H-466: value\r\nX-H-467: value\r\nX-H-468: value\r\nX-H-469: value\r\nX-H-470: value\r\nX-H-471: value\r\nX-H-472: value\r\nX-H-473: value\r\nX-H-474: value\r\nX-H-475: value\r\nX-H-476: value\r\nX-H-477: value\r\nX-H-478: value\r\nX-H-479: value\r\nX-H-480: value\r\nX-H-481: value\r\nX-H-482: value\r\nX-H-483: value\r\nX-H-484: value\r\nX-H-485: value\r\nX-H-486: value\r\nX-H-487: value\r\nX-H-488: value\r\nX-H-489: value\r\nX-H-490: value\r\nX-H-491: value\r\nX-H-492: value\r\nX-H-493: value\r\nX-H-494: value\r\nX-H-495: value\r\nX-H-496: value\r\nX-H-497: value\r\nX-H-498: value\r\nX-H-499: value\r\nX-H-500: value\r\nX-H-501: value\r\nX-H-502: value\r\nX-H-503: value\r\nX-H-504: value\r\nX-H-505: value\r\nX-H-506: value\r\nX-H-507: value\r\nX-H-508: value\r\nX-H-509: value\r\nX-H-510: value\r\nX-H-511: value\r\nX-H-512: value\r\nX-H-513: value\r\nX-H-514: value\r\nX-H-515: value\r\nX-H-516:", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:15:43 GMT\r\nContent-Length: 34\r\nConnection: close\r\n\r\n<h1>Bad Request (Bad Request)</h1>", "behavioralNote": null}, {"id": "MAL-NUL-IN-URL", "description": "NUL byte in URL should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "NUL byte in URL should be rejected", "scored": true, "durationMs": 5000.614, "rawRequest": "GET /\u0000test HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-CONTROL-CHARS-HEADER", "description": "Control characters in header value should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Control characters in header value should be rejected", "scored": true, "durationMs": 50.4787, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: abc\u0007\b?f\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:15:48 GMT\r\nContent-Length: 90\r\nConnection: close\r\n\r\n<h1>Bad Request (Specified value has invalid Control characters. (Parameter 'value'))</h1>", "behavioralNote": null}, {"id": "MAL-INCOMPLETE-REQUEST", "description": "Partial HTTP request \u2014 request-line and headers but no final CRLF", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Partial HTTP request \u2014 request-line and headers but no final CRLF", "scored": true, "durationMs": 5000.7961, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: value", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-EMPTY-REQUEST", "description": "Zero bytes \u2014 TCP connection established without sending any data", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Zero bytes \u2014 TCP connection established without sending any data", "scored": true, "durationMs": 4999.6169, "rawRequest": "", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-LONG-HEADER-NAME", "description": "100KB header name should be rejected with 400/431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/431 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "100KB header name should be rejected with 400/431", "scored": true, "durationMs": 50.8427, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:15:58 GMT\r\nContent-Length: 34\r\nConnection: close\r\n\r\n<h1>Bad Request (Bad Request)</h1>", "behavioralNote": null}, {"id": "MAL-LONG-METHOD", "description": "100KB method name should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or close, got TimedOut \u2014 100KB method name should be rejected", "scored": true, "durationMs": 5001.4795, "rawRequest": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-NON-ASCII-HEADER-NAME", "description": "Non-ASCII bytes (UTF-8 \u00eb) in header name must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Non-ASCII bytes (UTF-8 \u00eb) in header name must be rejected", "scored": true, "durationMs": 50.721, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-T??st: value\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:16:03 GMT\r\nContent-Length: 105\r\nConnection: close\r\n\r\n<h1>Bad Request (Specified value 'X-T????st' has invalid HTTP Header characters. (Parameter 'name'))</h1>", "behavioralNote": null}, {"id": "MAL-NON-ASCII-URL", "description": "Non-ASCII bytes (UTF-8 \u00e9) in URL must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Non-ASCII bytes (UTF-8 \u00e9) in URL must be rejected", "scored": true, "durationMs": 5000.4641, "rawRequest": "GET /caf?? HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-CL-OVERFLOW", "description": "Content-Length with integer overflow value must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with integer overflow value must be rejected", "scored": true, "durationMs": 51.5922, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 99999999999999999999\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:16:08 GMT\r\nContent-Length: 76\r\nConnection: close\r\n\r\n<h1>Bad Request (Value was either too large or too small for an Int64.)</h1>", "behavioralNote": null}, {"id": "MAL-WHITESPACE-ONLY-LINE", "description": "Whitespace-only request line should be rejected or timeout", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "Whitespace-only request line should be rejected or timeout", "scored": true, "durationMs": 50.8616, "rawRequest": "   \r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:16:08 GMT\r\nContent-Length: 54\r\nConnection: close\r\nKeep-Alive: true\r\n\r\n<h1>Bad Request (Invalid request line (version).)</h1>", "behavioralNote": null}, {"id": "MAL-NUL-IN-HEADER-VALUE", "description": "NUL byte in header value should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "NUL byte in header value should be rejected", "scored": true, "durationMs": 50.7507, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: val\u0000ue\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:16:08 GMT\r\nContent-Length: 90\r\nConnection: close\r\n\r\n<h1>Bad Request (Specified value has invalid Control characters. (Parameter 'value'))</h1>", "behavioralNote": null}, {"id": "MAL-CHUNK-SIZE-OVERFLOW", "description": "Chunk size with integer overflow must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Chunk size with integer overflow must be rejected", "scored": true, "durationMs": 5000.4531, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\nFFFFFFFFFFFFFFFF0\r\nhello\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-H2-PREFACE", "description": "HTTP/2 connection preface sent to HTTP/1.1 server must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 505, "expected": "400/505/close/timeout", "got": "505", "connectionState": "Open", "reason": "HTTP/2 connection preface sent to HTTP/1.1 server must be rejected", "scored": true, "durationMs": 50.6962, "rawRequest": "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", "rawResponse": "HTTP/1.1 505 Http Version Not Supported\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:16:13 GMT\r\nContent-Length: 64\r\n\r\n<h1>Http Version Not Supported (Http Version Not Supported)</h1>", "behavioralNote": null}, {"id": "MAL-CL-EMPTY", "description": "Empty Content-Length value must be rejected", "category": "MalformedInput", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Empty Content-Length value must be rejected", "scored": true, "durationMs": 50.3291, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: \r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:16:13 GMT\r\nContent-Length: 71\r\nConnection: close\r\n\r\n<h1>Bad Request (The input string '' was not in a correct format.)</h1>", "behavioralNote": null}, {"id": "MAL-CL-TAB-BEFORE-VALUE", "description": "Content-Length with tab as OWS \u2014 valid per RFC but unusual", "category": "MalformedInput", "rfc": "RFC 9110 \u00a75.5", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Content-Length with tab as OWS \u2014 valid per RFC but unusual", "scored": true, "durationMs": 5000.4282, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length:\t5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-URL-BACKSLASH", "description": "Backslash in URL path \u2014 not valid URI character, some servers normalize to /", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx/404", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx/404, got TimedOut \u2014 Backslash in URL path \u2014 not valid URI character, some servers normalize to /", "scored": true, "durationMs": 5000.5795, "rawRequest": "GET /path\\file HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-URL-OVERLONG-UTF8", "description": "Overlong UTF-8 encoding of / (0xC0 0xAF) in URL must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Overlong UTF-8 encoding of / (0xC0 0xAF) in URL must be rejected", "scored": true, "durationMs": 5000.5436, "rawRequest": "GET /?? HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-URL-PERCENT-NULL", "description": "Percent-encoded NUL byte (%00) in URL \u2014 security risk from null byte injection", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx/404", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx/404, got TimedOut \u2014 Percent-encoded NUL byte (%00) in URL \u2014 security risk from null byte injection", "scored": true, "durationMs": 5000.4861, "rawRequest": "GET /path%00.html HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-URL-PERCENT-CRLF", "description": "Percent-encoded CRLF (%0d%0a) in URL \u2014 header injection if server decodes during parsing", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx/404", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx/404, got TimedOut \u2014 Percent-encoded CRLF (%0d%0a) in URL \u2014 header injection if server decodes during parsing", "scored": true, "durationMs": 5000.7692, "rawRequest": "GET /path%0d%0aX-Injected:%20true HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-CHUNK-EXT-64K", "description": "64KB chunk extension \u2014 tests extension length limits (CVE-2023-39326 class)", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 64KB chunk extension \u2014 tests extension length limits (CVE-2023-39326 class)", "scored": true, "durationMs": 5001.5843, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;ext=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-RANGE-OVERLAPPING", "description": "1000 overlapping Range values \u2014 resource exhaustion vector (CVE-2011-3192 class)", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": null, "expected": "200/206/400/416", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 200/206/400/416, got TimedOut \u2014 1000 overlapping Range values \u2014 resource exhaustion vector (CVE-2011-3192 class)", "scored": false, "durationMs": 5000.5681, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nRange: bytes=0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-POST-CL-HUGE-NO-BODY", "description": "POST with Content-Length: 999999999 but no body \u2014 tests timeout vs memory allocation", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "POST with Content-Length: 999999999 but no body \u2014 tests timeout vs memory allocation", "scored": true, "durationMs": 5000.6982, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 999999999\r\n\r\n", "rawResponse": null, "behavioralNote": null}], "name": "Watson", "language": "C#"}, {"summary": {"total": 143, "scored": 125, "passed": 112, "failed": 4, "warnings": 9, "unscored": 18}, "results": [{"id": "COMP-BASELINE", "description": "Valid GET request \u2014 confirms server is reachable", "category": "Compliance", "rfc": null, "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid GET request \u2014 confirms server is reachable", "scored": true, "durationMs": 64.1536, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 46\r\nConnection: keep-alive\r\n\r\nHello from GlyphServer\r\nMethod: GET\r\nPath: /\r\n", "behavioralNote": null}, {"id": "RFC9112-2.2-BARE-LF-REQUEST-LINE", "description": "Bare LF in request line should be rejected, but MAY be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close (pass), 2xx (warn)", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare LF in request line should be rejected, but MAY be accepted", "scored": true, "durationMs": 52.4886, "rawRequest": "GET / HTTP/1.1\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "RFC9112-2.2-BARE-LF-HEADER", "description": "Bare LF in header should be rejected, but MAY be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close (pass), 2xx (warn)", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare LF in header should be rejected, but MAY be accepted", "scored": true, "durationMs": 50.7329, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\nX-Test: value\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "RFC9112-5.1-OBS-FOLD", "description": "Obs-fold (line folding) in headers should be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75.1", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Obs-fold (line folding) in headers should be rejected", "scored": true, "durationMs": 50.4747, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: value\r\n continued\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "RFC9110-5.6.2-SP-BEFORE-COLON", "description": "Whitespace between header name and colon must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Whitespace between header name and colon must be rejected", "scored": true, "durationMs": 50.5019, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test : value\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "RFC9112-3-MULTI-SP-REQUEST-LINE", "description": "Multiple spaces between request-line components \u2014 SHOULD reject but MAY parse leniently", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Multiple spaces between request-line components \u2014 SHOULD reject but MAY parse leniently", "scored": true, "durationMs": 50.7475, "rawRequest": "GET  / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "RFC9112-7.1-MISSING-HOST", "description": "Request without Host header must be rejected with 400", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Request without Host header must be rejected with 400", "scored": true, "durationMs": 50.6011, "rawRequest": "GET / HTTP/1.1\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "RFC9112-2.3-INVALID-VERSION", "description": "Invalid HTTP version must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400/505 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Invalid HTTP version must be rejected", "scored": true, "durationMs": 50.9628, "rawRequest": "GET / HTTP/9.9\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "RFC9112-5-EMPTY-HEADER-NAME", "description": "Empty header name (leading colon) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Empty header name (leading colon) must be rejected", "scored": true, "durationMs": 50.7536, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\n: empty-name\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "RFC9112-3-CR-ONLY-LINE-ENDING", "description": "CR without LF as line ending must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "CR without LF as line ending must be rejected", "scored": true, "durationMs": 50.4728, "rawRequest": "GET / HTTP/1.1\rHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "RFC9112-3-MISSING-TARGET", "description": "Request line with no target (space but no path) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Request line with no target (space but no path) must be rejected", "scored": true, "durationMs": 50.4665, "rawRequest": "GET HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "RFC9112-3.2-FRAGMENT-IN-TARGET", "description": "Fragment (#) in request-target \u2014 not part of origin-form grammar", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Fragment (#) in request-target \u2014 not part of origin-form grammar", "scored": true, "durationMs": 50.481, "rawRequest": "GET /path#frag HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "RFC9112-2.3-HTTP09-REQUEST", "description": "HTTP/0.9 request (no version) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "HTTP/0.9 request (no version) must be rejected", "scored": true, "durationMs": 5002.0627, "rawRequest": "GET /\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "RFC9112-5-INVALID-HEADER-NAME", "description": "Header name with invalid characters (brackets) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Header name with invalid characters (brackets) must be rejected", "scored": true, "durationMs": 50.777, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nBad[Name: value\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "RFC9112-5-HEADER-NO-COLON", "description": "Header line without colon must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Header line without colon must be rejected", "scored": true, "durationMs": 50.8102, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nNoColonHere\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "RFC9110-5.4-DUPLICATE-HOST", "description": "Duplicate Host headers with different values must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Duplicate Host headers with different values must be rejected", "scored": true, "durationMs": 51.2952, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nHost: other.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "RFC9112-6.1-CL-NON-NUMERIC", "description": "Non-numeric Content-Length must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Non-numeric Content-Length must be rejected", "scored": true, "durationMs": 50.9495, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: abc\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "RFC9112-6.1-CL-PLUS-SIGN", "description": "Content-Length with plus sign must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with plus sign must be rejected", "scored": true, "durationMs": 50.8053, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: +5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "COMP-WHITESPACE-BEFORE-HEADERS", "description": "Whitespace before first header line must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Whitespace before first header line must be rejected", "scored": true, "durationMs": 51.1739, "rawRequest": "GET / HTTP/1.1\r\n \r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "COMP-DUPLICATE-HOST-SAME", "description": "Duplicate Host headers with identical values must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Duplicate Host headers with identical values must be rejected", "scored": true, "durationMs": 51.0106, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "COMP-HOST-WITH-USERINFO", "description": "Host header with userinfo (user@host) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Host header with userinfo (user@host) must be rejected", "scored": true, "durationMs": 51.0824, "rawRequest": "GET / HTTP/1.1\r\nHost: user@localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "COMP-HOST-WITH-PATH", "description": "Host header with path component must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Host header with path component must be rejected", "scored": true, "durationMs": 50.9351, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080/path\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "COMP-ASTERISK-WITH-GET", "description": "Asterisk-form (*) request-target with GET must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.4", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Asterisk-form (*) request-target with GET must be rejected", "scored": true, "durationMs": 51.1257, "rawRequest": "GET * HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "COMP-OPTIONS-STAR", "description": "OPTIONS * is the only valid asterisk-form request", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.4", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "OPTIONS * is the only valid asterisk-form request", "scored": true, "durationMs": 50.6799, "rawRequest": "OPTIONS * HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 50\r\nConnection: keep-alive\r\n\r\nHello from GlyphServer\r\nMethod: OPTIONS\r\nPath: *\r\n", "behavioralNote": null}, {"id": "COMP-UNKNOWN-TE-501", "description": "Unknown Transfer-Encoding without CL should be rejected with 501", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400/501 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Unknown Transfer-Encoding without CL should be rejected with 501", "scored": true, "durationMs": 51.1447, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: gzip\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "COMP-LEADING-CRLF", "description": "Leading CRLF before request-line \u2014 server may ignore per RFC", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Leading CRLF before request-line \u2014 server may ignore per RFC", "scored": true, "durationMs": 50.8412, "rawRequest": "\r\n\r\nGET / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "COMP-ABSOLUTE-FORM", "description": "Absolute-form request-target \u2014 server should accept per RFC", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Absolute-form request-target \u2014 server should accept per RFC", "scored": true, "durationMs": 49.9191, "rawRequest": "GET http://localhost:8080/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 67\r\nConnection: keep-alive\r\n\r\nHello from GlyphServer\r\nMethod: GET\r\nPath: http://localhost:8080/\r\n", "behavioralNote": null}, {"id": "COMP-METHOD-CASE", "description": "Lowercase method 'get' \u2014 methods are case-sensitive per RFC", "category": "Compliance", "rfc": "RFC 9110 \u00a79.1", "verdict": "Warn", "statusCode": 200, "expected": "400/405/501 or 2xx", "got": "200", "connectionState": "Open", "reason": "Lowercase method 'get' \u2014 methods are case-sensitive per RFC", "scored": true, "durationMs": 50.6323, "rawRequest": "get / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 46\r\nConnection: keep-alive\r\n\r\nHello from GlyphServer\r\nMethod: get\r\nPath: /\r\n", "behavioralNote": null}, {"id": "COMP-POST-CL-BODY", "description": "POST with Content-Length and matching body must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "POST with Content-Length and matching body must be accepted", "scored": true, "durationMs": 50.9646, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 5\r\nConnection: keep-alive\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-POST-CL-ZERO", "description": "POST with Content-Length: 0 and no body must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "POST with Content-Length: 0 and no body must be accepted", "scored": true, "durationMs": 50.7535, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 47\r\nConnection: keep-alive\r\n\r\nHello from GlyphServer\r\nMethod: POST\r\nPath: /\r\n", "behavioralNote": null}, {"id": "COMP-POST-NO-CL-NO-TE", "description": "POST with neither Content-Length nor Transfer-Encoding \u2014 implicit zero-length body", "category": "Compliance", "rfc": "RFC 9112 \u00a76.3", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "POST with neither Content-Length nor Transfer-Encoding \u2014 implicit zero-length body", "scored": true, "durationMs": 50.5553, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 47\r\nConnection: keep-alive\r\n\r\nHello from GlyphServer\r\nMethod: POST\r\nPath: /\r\n", "behavioralNote": null}, {"id": "COMP-POST-CL-UNDERSEND", "description": "POST with Content-Length: 10 but only 5 bytes sent \u2014 incomplete body", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "POST with Content-Length: 10 but only 5 bytes sent \u2014 incomplete body", "scored": true, "durationMs": 5000.9572, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 10\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-CHUNKED-BODY", "description": "Valid single-chunk POST must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid single-chunk POST must be accepted", "scored": true, "durationMs": 51.9869, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 5\r\nConnection: keep-alive\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-CHUNKED-MULTI", "description": "Valid multi-chunk POST must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid multi-chunk POST must be accepted", "scored": true, "durationMs": 50.6962, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n6\r\n world\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 11\r\nConnection: keep-alive\r\n\r\nhello world", "behavioralNote": null}, {"id": "COMP-CHUNKED-EMPTY", "description": "Zero-length chunked body (just terminator) must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "Zero-length chunked body (just terminator) must be accepted", "scored": true, "durationMs": 50.4689, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 47\r\nConnection: keep-alive\r\n\r\nHello from GlyphServer\r\nMethod: POST\r\nPath: /\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-NO-FINAL", "description": "Chunked body without zero terminator \u2014 incomplete transfer", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Chunked body without zero terminator \u2014 incomplete transfer", "scored": true, "durationMs": 5000.5005, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-UPGRADE-POST", "description": "WebSocket upgrade via POST must not be accepted", "category": "Compliance", "rfc": "RFC 6455 \u00a74.1", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "WebSocket upgrade via POST must not be accepted", "scored": true, "durationMs": 50.9831, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 13\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 47\r\nConnection: keep-alive\r\n\r\nHello from GlyphServer\r\nMethod: POST\r\nPath: /\r\n", "behavioralNote": null}, {"id": "COMP-UPGRADE-MISSING-CONN", "description": "Upgrade header without Connection: Upgrade must not trigger protocol switch", "category": "Compliance", "rfc": "RFC 9110 \u00a77.8", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "Upgrade header without Connection: Upgrade must not trigger protocol switch", "scored": true, "durationMs": 50.6176, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 13\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 46\r\nConnection: keep-alive\r\n\r\nHello from GlyphServer\r\nMethod: GET\r\nPath: /\r\n", "behavioralNote": null}, {"id": "COMP-UPGRADE-UNKNOWN", "description": "Upgrade to unknown protocol must not return 101", "category": "Compliance", "rfc": "RFC 9110 \u00a77.8", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "Upgrade to unknown protocol must not return 101", "scored": true, "durationMs": 50.5587, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: totally-made-up/1.0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 46\r\nConnection: keep-alive\r\n\r\nHello from GlyphServer\r\nMethod: GET\r\nPath: /\r\n", "behavioralNote": null}, {"id": "COMP-METHOD-CONNECT", "description": "CONNECT to an origin server must be rejected", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.6", "verdict": "Pass", "statusCode": 400, "expected": "400/405/501 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "CONNECT to an origin server must be rejected", "scored": true, "durationMs": 50.3654, "rawRequest": "CONNECT example.com:443 HTTP/1.1\r\nHost: example.com:443\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "COMP-EXPECT-UNKNOWN", "description": "Unknown Expect value should be rejected with 417", "category": "Compliance", "rfc": "RFC 9110 \u00a710.1.1", "verdict": "Warn", "statusCode": 200, "expected": "417 or 2xx", "got": "200", "connectionState": "Open", "reason": "Unknown Expect value should be rejected with 417", "scored": true, "durationMs": 50.4333, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nExpect: 200-ok\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 46\r\nConnection: keep-alive\r\n\r\nHello from GlyphServer\r\nMethod: GET\r\nPath: /\r\n", "behavioralNote": null}, {"id": "COMP-GET-WITH-CL-BODY", "description": "GET with Content-Length and body \u2014 semantically unusual", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "GET with Content-Length and body \u2014 semantically unusual", "scored": false, "durationMs": 50.533, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 46\r\nConnection: keep-alive\r\n\r\nHello from GlyphServer\r\nMethod: GET\r\nPath: /\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-EXTENSION", "description": "Chunk extension (valid per RFC) \u2014 server should accept or may reject", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx or 400", "got": "200", "connectionState": "Open", "reason": "Chunk extension (valid per RFC) \u2014 server should accept or may reject", "scored": true, "durationMs": 50.4751, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;ext=value\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 5\r\nConnection: keep-alive\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-UPGRADE-INVALID-VER", "description": "WebSocket upgrade with unsupported version \u2014 should return 426", "category": "Compliance", "rfc": "RFC 6455 \u00a74.4", "verdict": "Warn", "statusCode": 200, "expected": "426 or 2xx", "got": "200", "connectionState": "Open", "reason": "WebSocket upgrade with unsupported version \u2014 should return 426", "scored": true, "durationMs": 50.5151, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 99\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 46\r\nConnection: keep-alive\r\n\r\nHello from GlyphServer\r\nMethod: GET\r\nPath: /\r\n", "behavioralNote": null}, {"id": "COMP-METHOD-TRACE", "description": "TRACE request \u2014 should be disabled in production", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.8", "verdict": "Warn", "statusCode": 200, "expected": "405/501 or 2xx", "got": "200", "connectionState": "Open", "reason": "TRACE request \u2014 should be disabled in production", "scored": false, "durationMs": 50.4066, "rawRequest": "TRACE / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 48\r\nConnection: keep-alive\r\n\r\nHello from GlyphServer\r\nMethod: TRACE\r\nPath: /\r\n", "behavioralNote": null}, {"id": "COMP-HOST-EMPTY-VALUE", "description": "Empty Host header value must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Empty Host header value must be rejected", "scored": true, "durationMs": 50.3499, "rawRequest": "GET / HTTP/1.1\r\nHost: \r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 46\r\nConnection: keep-alive\r\n\r\nHello from GlyphServer\r\nMethod: GET\r\nPath: /\r\n", "behavioralNote": null}, {"id": "COMP-REQUEST-LINE-TAB", "description": "Tab as request-line delimiter \u2014 SHOULD reject but MAY parse on whitespace", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Tab as request-line delimiter \u2014 SHOULD reject but MAY parse on whitespace", "scored": true, "durationMs": 50.541, "rawRequest": "GET\t/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "COMP-VERSION-MISSING-MINOR", "description": "HTTP/1 with no minor version digit is invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/1 with no minor version digit is invalid", "scored": true, "durationMs": 50.5026, "rawRequest": "GET / HTTP/1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "COMP-VERSION-LEADING-ZEROS", "description": "HTTP/01.01 \u2014 leading zeros in version digits are invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/01.01 \u2014 leading zeros in version digits are invalid", "scored": true, "durationMs": 50.5292, "rawRequest": "GET / HTTP/01.01\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "COMP-VERSION-WHITESPACE", "description": "HTTP/ 1.1 \u2014 whitespace inside version token is invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/ 1.1 \u2014 whitespace inside version token is invalid", "scored": true, "durationMs": 50.501, "rawRequest": "GET / HTTP/ 1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "COMP-CONNECTION-CLOSE", "description": "Server must close connection after responding to Connection: close", "category": "Compliance", "rfc": "RFC 9112 \u00a79.3", "verdict": "Fail", "statusCode": 200, "expected": "2xx + close", "got": "200", "connectionState": "Open", "reason": "Expected 2xx + close, got 200 \u2014 Server must close connection after responding to Connection: close", "scored": true, "durationMs": 50.565, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 46\r\nConnection: keep-alive\r\n\r\nHello from GlyphServer\r\nMethod: GET\r\nPath: /\r\n", "behavioralNote": null}, {"id": "COMP-HTTP10-DEFAULT-CLOSE", "description": "HTTP/1.0 without keep-alive \u2014 server should close connection after response", "category": "Compliance", "rfc": "RFC 9112 \u00a79.3", "verdict": "Warn", "statusCode": 200, "expected": "2xx + close", "got": "200", "connectionState": "Open", "reason": "HTTP/1.0 without keep-alive \u2014 server should close connection after response", "scored": true, "durationMs": 50.4862, "rawRequest": "GET / HTTP/1.0\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 46\r\nConnection: keep-alive\r\n\r\nHello from GlyphServer\r\nMethod: GET\r\nPath: /\r\n", "behavioralNote": null}, {"id": "COMP-HTTP10-NO-HOST", "description": "HTTP/1.0 without Host header \u2014 valid per HTTP/1.0", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Pass", "statusCode": 400, "expected": "200 or 400", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/1.0 without Host header \u2014 valid per HTTP/1.0", "scored": false, "durationMs": 50.5342, "rawRequest": "GET / HTTP/1.0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "COMP-HTTP12-VERSION", "description": "HTTP/1.2 \u2014 higher minor version should be accepted as HTTP/1.x compatible", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Fail", "statusCode": 400, "expected": "200 or 505", "got": "400", "connectionState": "ClosedByServer", "reason": "Expected 200 or 505, got 400 \u2014 HTTP/1.2 \u2014 higher minor version should be accepted as HTTP/1.x compatible", "scored": false, "durationMs": 50.7081, "rawRequest": "GET / HTTP/1.2\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "COMP-TRACE-WITH-BODY", "description": "TRACE with Content-Length body should be rejected", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.8", "verdict": "Warn", "statusCode": 200, "expected": "400/405 or 200", "got": "200", "connectionState": "Open", "reason": "TRACE with Content-Length body should be rejected", "scored": false, "durationMs": 50.5638, "rawRequest": "TRACE / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 48\r\nConnection: keep-alive\r\n\r\nHello from GlyphServer\r\nMethod: TRACE\r\nPath: /\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-TRAILER-VALID", "description": "Valid chunked body with trailer field should be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid chunked body with trailer field should be accepted", "scored": true, "durationMs": 49.3848, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nX-Checksum: abc\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 5\r\nConnection: keep-alive\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-CHUNKED-HEX-UPPERCASE", "description": "Chunk size with uppercase hex (A = 10) should be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Chunk size with uppercase hex (A = 10) should be accepted", "scored": true, "durationMs": 50.5384, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\nA\r\nhelloworld\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 10\r\nConnection: keep-alive\r\n\r\nhelloworld", "behavioralNote": null}, {"id": "SMUG-CL-TE-BOTH", "description": "Both Content-Length and Transfer-Encoding present \u2014 server MAY reject or process with TE alone", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Both Content-Length and Transfer-Encoding present \u2014 server MAY reject or process with TE alone", "scored": true, "durationMs": 50.8144, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 6\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-DUPLICATE-CL", "description": "Duplicate Content-Length with different values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Duplicate Content-Length with different values must be rejected", "scored": true, "durationMs": 49.6558, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nContent-Length: 10\r\n\r\nhelloworld", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-CL-LEADING-ZEROS", "description": "Content-Length with leading zeros \u2014 valid per 1*DIGIT grammar but may cause parser disagreement", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with leading zeros \u2014 valid per 1*DIGIT grammar but may cause parser disagreement", "scored": true, "durationMs": 50.9471, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 005\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-TE-XCHUNKED", "description": "Transfer-Encoding: xchunked must not be treated as chunked", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: xchunked must not be treated as chunked", "scored": true, "durationMs": 50.783, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: xchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-TE-TRAILING-SPACE", "description": "Transfer-Encoding: 'chunked ' (trailing space) must not be treated as chunked", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: 'chunked ' (trailing space) must not be treated as chunked", "scored": true, "durationMs": 50.5162, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked \r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-TE-SP-BEFORE-COLON", "description": "Transfer-Encoding with space before colon must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with space before colon must be rejected", "scored": true, "durationMs": 50.9989, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding : chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-CL-NEGATIVE", "description": "Negative Content-Length must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Negative Content-Length must be rejected", "scored": true, "durationMs": 50.8507, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: -1\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-CLTE-PIPELINE", "description": "CL.TE smuggling probe \u2014 follow-up should not receive smuggled response", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "CL.TE smuggling probe \u2014 follow-up should not receive smuggled response", "scored": true, "durationMs": 0.5979, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 4\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-TECL-PIPELINE", "description": "TE.CL smuggling probe \u2014 TE: chunked + CL: 30 with pipelined GET", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "TE.CL smuggling probe \u2014 TE: chunked + CL: 30 with pipelined GET", "scored": true, "durationMs": 0.4491, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nContent-Length: 30\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-CL-TRAILING-SPACE", "description": "Content-Length with trailing space \u2014 OWS trimming is valid per RFC 9110 \u00a75.5", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with trailing space \u2014 OWS trimming is valid per RFC 9110 \u00a75.5", "scored": true, "durationMs": 50.4316, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5 \r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 5\r\nConnection: keep-alive\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TE-DOUBLE-CHUNKED", "description": "Transfer-Encoding: chunked, chunked with CL is ambiguous", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: chunked, chunked with CL is ambiguous", "scored": true, "durationMs": 50.418, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked, chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-CL-EXTRA-LEADING-SP", "description": "Content-Length with extra leading whitespace (double space OWS)", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with extra leading whitespace (double space OWS)", "scored": true, "durationMs": 50.4211, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length:  5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 5\r\nConnection: keep-alive\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TE-CASE-MISMATCH", "description": "Transfer-Encoding: Chunked (capital C) with CL \u2014 case-insensitive is valid", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: Chunked (capital C) with CL \u2014 case-insensitive is valid", "scored": true, "durationMs": 50.6137, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: Chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-CL-COMMA-DIFFERENT", "description": "Content-Length with comma-separated different values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with comma-separated different values must be rejected", "scored": true, "durationMs": 50.5536, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5, 10\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-TE-NOT-FINAL-CHUNKED", "description": "Transfer-Encoding where chunked is not final \u2014 server MUST respond with 400 (RFC 9112 \u00a76.3)", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding where chunked is not final \u2014 server MUST respond with 400 (RFC 9112 \u00a76.3)", "scored": true, "durationMs": 50.3415, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked, gzip\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-TE-HTTP10", "description": "Transfer-Encoding in HTTP/1.0 request must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding in HTTP/1.0 request must be rejected", "scored": true, "durationMs": 50.3249, "rawRequest": "POST / HTTP/1.0\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-BARE-SEMICOLON", "description": "Chunk size with bare semicolon and no extension name must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size with bare semicolon and no extension name must be rejected", "scored": true, "durationMs": 50.4974, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-BARE-CR-HEADER-VALUE", "description": "Bare CR in header value must be rejected or replaced with SP", "category": "Smuggling", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare CR in header value must be rejected or replaced with SP", "scored": true, "durationMs": 50.5784, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nX-Test: val\rue\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-CL-OCTAL", "description": "Content-Length with octal prefix (0o5) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with octal prefix (0o5) must be rejected", "scored": true, "durationMs": 49.4626, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0o5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-UNDERSCORE", "description": "Chunk size with underscores (1_0) must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size with underscores (1_0) must be rejected", "scored": true, "durationMs": 50.4838, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n1_0\r\nhello world!!!!!\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-TE-EMPTY-VALUE", "description": "Transfer-Encoding with empty value must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with empty value must be rejected", "scored": true, "durationMs": 50.4658, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-TE-LEADING-COMMA", "description": "Transfer-Encoding with leading comma (, chunked) \u2014 RFC says empty list elements MUST be ignored", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.6.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with leading comma (, chunked) \u2014 RFC says empty list elements MUST be ignored", "scored": true, "durationMs": 50.6179, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: , chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-TE-DUPLICATE-HEADERS", "description": "Two Transfer-Encoding headers with CL present \u2014 ambiguous framing", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Two Transfer-Encoding headers with CL present \u2014 ambiguous framing", "scored": true, "durationMs": 50.4478, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nTransfer-Encoding: identity\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-HEX-PREFIX", "description": "Chunk size with 0x prefix must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size with 0x prefix must be rejected", "scored": true, "durationMs": 50.6664, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n0x5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-CL-HEX-PREFIX", "description": "Content-Length with hex prefix (0x5) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with hex prefix (0x5) must be rejected", "scored": true, "durationMs": 50.4959, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0x5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-CL-INTERNAL-SPACE", "description": "Content-Length with internal space (1 0) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with internal space (1 0) must be rejected", "scored": true, "durationMs": 50.4542, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 1 0\r\n\r\nhello12345", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-LEADING-SP", "description": "Chunk size with leading space must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size with leading space must be rejected", "scored": true, "durationMs": 50.5819, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n 5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-MISSING-TRAILING-CRLF", "description": "Chunk data without trailing CRLF must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk data without trailing CRLF must be rejected", "scored": true, "durationMs": 50.6117, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-LF", "description": "Bare LF in chunk extension \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare LF in chunk extension \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 50.5458, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-SPILL", "description": "Chunk declares size 5 but sends 7 bytes \u2014 oversized chunk data must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk declares size 5 but sends 7 bytes \u2014 oversized chunk data must be rejected", "scored": true, "durationMs": 50.3306, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello!!\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-LF-TERM", "description": "Bare LF as chunk data terminator \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare LF as chunk data terminator \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 50.5127, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-CTRL", "description": "NUL byte in chunk extension must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "NUL byte in chunk extension must be rejected", "scored": true, "durationMs": 50.5018, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\u0000ext\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-CR", "description": "Bare CR (not CRLF) in chunk extension \u2014 some parsers treat CR alone as line ending", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare CR (not CRLF) in chunk extension \u2014 some parsers treat CR alone as line ending", "scored": true, "durationMs": 50.6975, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;a\rX\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-TE-VTAB", "description": "Vertical tab before 'chunked' in TE value \u2014 control char obfuscation vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Vertical tab before 'chunked' in TE value \u2014 control char obfuscation vector", "scored": true, "durationMs": 50.8717, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \u000bchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-TE-FORMFEED", "description": "Form feed before 'chunked' in TE value \u2014 control char obfuscation vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Form feed before 'chunked' in TE value \u2014 control char obfuscation vector", "scored": true, "durationMs": 50.4149, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \fchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-TE-NULL", "description": "NUL byte appended to 'chunked' in TE value \u2014 C-string truncation attack", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "NUL byte appended to 'chunked' in TE value \u2014 C-string truncation attack", "scored": true, "durationMs": 50.5559, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\u0000\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-LF-TRAILER", "description": "Bare LF in chunked trailer termination \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare LF in chunked trailer termination \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 50.7566, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-TE-IDENTITY", "description": "Transfer-Encoding: identity (deprecated) with CL must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: identity (deprecated) with CL must be rejected", "scored": true, "durationMs": 50.6059, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: identity\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-NEGATIVE", "description": "Negative chunk size must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Negative chunk size must be rejected", "scored": true, "durationMs": 50.7459, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n-1\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-TRANSFER_ENCODING", "description": "Transfer_Encoding (underscore) header with CL \u2014 not a valid header but some parsers accept", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer_Encoding (underscore) header with CL \u2014 not a valid header but some parsers accept", "scored": false, "durationMs": 50.8341, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer_Encoding: chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 5\r\nConnection: keep-alive\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-CL-COMMA-SAME", "description": "Content-Length with comma-separated identical values \u2014 some servers merge", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with comma-separated identical values \u2014 some servers merge", "scored": false, "durationMs": 50.8491, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5, 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 5\r\nConnection: keep-alive\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-CHUNKED-WITH-PARAMS", "description": "Transfer-Encoding: chunked;ext=val \u2014 parameters on chunked encoding", "category": "Smuggling", "rfc": "RFC 9112 \u00a77", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: chunked;ext=val \u2014 parameters on chunked encoding", "scored": true, "durationMs": 50.7338, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked;ext=val\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-EXPECT-100-CL", "description": "Expect: 100-continue with Content-Length \u2014 server should send 100 then read body", "category": "Smuggling", "rfc": "RFC 9110 \u00a710.1.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Expect: 100-continue with Content-Length \u2014 server should send 100 then read body", "scored": false, "durationMs": 50.6422, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nExpect: 100-continue\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 5\r\nConnection: keep-alive\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TRAILER-CL", "description": "Content-Length in chunked trailers must be ignored \u2014 prohibited trailer field", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length in chunked trailers must be ignored \u2014 prohibited trailer field", "scored": false, "durationMs": 50.5962, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nContent-Length: 50\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 5\r\nConnection: keep-alive\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TRAILER-TE", "description": "Transfer-Encoding in chunked trailers must be ignored \u2014 prohibited trailer field", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer-Encoding in chunked trailers must be ignored \u2014 prohibited trailer field", "scored": false, "durationMs": 50.4943, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nTransfer-Encoding: chunked\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 5\r\nConnection: keep-alive\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TRAILER-HOST", "description": "Host header in chunked trailers must not be used for routing", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Host header in chunked trailers must not be used for routing", "scored": false, "durationMs": 50.511, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nHost: evil.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 5\r\nConnection: keep-alive\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TRAILER-AUTH", "description": "Authorization header in chunked trailers \u2014 prohibited per RFC 9110 \u00a76.5.1", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Authorization header in chunked trailers \u2014 prohibited per RFC 9110 \u00a76.5.1", "scored": false, "durationMs": 50.5386, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nAuthorization: Bearer evil\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 5\r\nConnection: keep-alive\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-HEAD-CL-BODY", "description": "HEAD request with Content-Length and body \u2014 server must not leave body on connection", "category": "Smuggling", "rfc": "RFC 9110 \u00a79.3.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "HEAD request with Content-Length and body \u2014 server must not leave body on connection", "scored": false, "durationMs": 50.5363, "rawRequest": "HEAD / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 47\r\nConnection: keep-alive\r\n\r\nHello from GlyphServer\r\nMethod: HEAD\r\nPath: /\r\n", "behavioralNote": null}, {"id": "SMUG-OPTIONS-CL-BODY", "description": "OPTIONS with Content-Length and body \u2014 server should consume or reject body", "category": "Smuggling", "rfc": "RFC 9110 \u00a79.3.7", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "OPTIONS with Content-Length and body \u2014 server should consume or reject body", "scored": false, "durationMs": 50.5884, "rawRequest": "OPTIONS / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 50\r\nConnection: keep-alive\r\n\r\nHello from GlyphServer\r\nMethod: OPTIONS\r\nPath: /\r\n", "behavioralNote": null}, {"id": "SMUG-CL-UNDERSCORE", "description": "Content-Length with underscore digit separator (1_0) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with underscore digit separator (1_0) must be rejected", "scored": true, "durationMs": 50.3715, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 1_0\r\n\r\nhelloworld", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-CL-NEGATIVE-ZERO", "description": "Content-Length: -0 must be rejected \u2014 not valid 1*DIGIT", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length: -0 must be rejected \u2014 not valid 1*DIGIT", "scored": true, "durationMs": 50.4233, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: -0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-CL-DOUBLE-ZERO", "description": "Content-Length: 00 \u2014 matches 1*DIGIT but leading zero ambiguity", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length: 00 \u2014 matches 1*DIGIT but leading zero ambiguity", "scored": true, "durationMs": 50.653, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 00\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-CL-LEADING-ZEROS-OCTAL", "description": "Content-Length: 0200 \u2014 octal 128 vs decimal 200, parser disagreement vector", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length: 0200 \u2014 octal 128 vs decimal 200, parser disagreement vector", "scored": true, "durationMs": 50.5752, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0200\r\n\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-TE-OBS-FOLD", "description": "Transfer-Encoding with obs-fold line wrapping must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a75.1", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with obs-fold line wrapping must be rejected", "scored": true, "durationMs": 50.5395, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding:\r\n chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-TE-TRAILING-COMMA", "description": "Transfer-Encoding: chunked, \u2014 trailing comma produces empty list element", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.6.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: chunked, \u2014 trailing comma produces empty list element", "scored": true, "durationMs": 50.5349, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked,\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-TE-TAB-BEFORE-VALUE", "description": "Transfer-Encoding with tab as OWS before value", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with tab as OWS before value", "scored": false, "durationMs": 50.5968, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding:\tchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-ABSOLUTE-URI-HOST-MISMATCH", "description": "Absolute-form URI with different Host header \u2014 routing confusion vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a73.2.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Absolute-form URI with different Host header \u2014 routing confusion vector", "scored": false, "durationMs": 50.7231, "rawRequest": "GET http://other.example.com/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 70\r\nConnection: keep-alive\r\n\r\nHello from GlyphServer\r\nMethod: GET\r\nPath: http://other.example.com/\r\n", "behavioralNote": null}, {"id": "SMUG-MULTIPLE-HOST-COMMA", "description": "Host header with comma-separated values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a77.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Host header with comma-separated values must be rejected", "scored": true, "durationMs": 50.4568, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080, other.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 46\r\nConnection: keep-alive\r\n\r\nHello from GlyphServer\r\nMethod: GET\r\nPath: /\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-BARE-CR-TERM", "description": "Chunk size line terminated by bare CR \u2014 not a valid line terminator", "category": "Smuggling", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size line terminated by bare CR \u2014 not a valid line terminator", "scored": true, "durationMs": 50.5515, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\rhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-CONTENT-TYPE", "description": "Content-Type in chunked trailer \u2014 prohibited per RFC 9110 \u00a76.5.1", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Type in chunked trailer \u2014 prohibited per RFC 9110 \u00a76.5.1", "scored": false, "durationMs": 50.5077, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nContent-Type: text/evil\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 5\r\nConnection: keep-alive\r\n\r\nhello", "behavioralNote": null}, {"id": "MAL-BINARY-GARBAGE", "description": "Random binary garbage should be rejected or connection closed", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Random binary garbage should be rejected or connection closed", "scored": true, "durationMs": 5000.4971, "rawRequest": ">\u0017???\u0004?;???V???:o?M%U\u0017]?n?\t\u0014W??6??(\u000b??\u0007???p??\u0005\tngk??\rF?'??'\"?????g?\u001a?????rvc??7i??????)??\u0000Q?????\u000eq\u0005-~????>B??u?8???`\u000b?J\u0017>?\u001d?b?\t???T5{\n????\u0006t|????\u0018\u0010?D??\u0015'????dQ%5w\tN K???\r?\u0011????D?\u0003I?(?\u0011??\r?\u001bi?L???\u0005?kg4Ze\f6??\"QT><<`\u0007u\f????=1?jMah\u0012??+?-??J\u001cP??\u001d?7?,???j2\u0014????(", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-LONG-URL", "description": "100KB URL should be rejected with 414 URI Too Long", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 431, "expected": "400/414/431 or close", "got": "431", "connectionState": "ClosedByServer", "reason": "100KB URL should be rejected with 414 URI Too Long", "scored": true, "durationMs": 52.6188, "rawRequest": "GET /AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 431 Request Header Fields Too Large\r\nContent-Type: text/plain\r\nContent-Length: 37\r\nConnection: keep-alive\r\n\r\n431 Request Header Fields Too Large\r\n", "behavioralNote": null}, {"id": "MAL-LONG-HEADER-VALUE", "description": "100KB header value should be rejected with 431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 431, "expected": "400/431 or close", "got": "431", "connectionState": "ClosedByServer", "reason": "100KB header value should be rejected with 431", "scored": true, "durationMs": 50.8309, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Big: BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB", "rawResponse": "HTTP/1.1 431 Request Header Fields Too Large\r\nContent-Type: text/plain\r\nContent-Length: 37\r\nConnection: keep-alive\r\n\r\n431 Request Header Fields Too Large\r\n", "behavioralNote": null}, {"id": "MAL-MANY-HEADERS", "description": "10,000 headers should be rejected with 431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 431, "expected": "400/431 or close", "got": "431", "connectionState": "ClosedByServer", "reason": "10,000 headers should be rejected with 431", "scored": true, "durationMs": 61.0772, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-H-0: value\r\nX-H-1: value\r\nX-H-2: value\r\nX-H-3: value\r\nX-H-4: value\r\nX-H-5: value\r\nX-H-6: value\r\nX-H-7: value\r\nX-H-8: value\r\nX-H-9: value\r\nX-H-10: value\r\nX-H-11: value\r\nX-H-12: value\r\nX-H-13: value\r\nX-H-14: value\r\nX-H-15: value\r\nX-H-16: value\r\nX-H-17: value\r\nX-H-18: value\r\nX-H-19: value\r\nX-H-20: value\r\nX-H-21: value\r\nX-H-22: value\r\nX-H-23: value\r\nX-H-24: value\r\nX-H-25: value\r\nX-H-26: value\r\nX-H-27: value\r\nX-H-28: value\r\nX-H-29: value\r\nX-H-30: value\r\nX-H-31: value\r\nX-H-32: value\r\nX-H-33: value\r\nX-H-34: value\r\nX-H-35: value\r\nX-H-36: value\r\nX-H-37: value\r\nX-H-38: value\r\nX-H-39: value\r\nX-H-40: value\r\nX-H-41: value\r\nX-H-42: value\r\nX-H-43: value\r\nX-H-44: value\r\nX-H-45: value\r\nX-H-46: value\r\nX-H-47: value\r\nX-H-48: value\r\nX-H-49: value\r\nX-H-50: value\r\nX-H-51: value\r\nX-H-52: value\r\nX-H-53: value\r\nX-H-54: value\r\nX-H-55: value\r\nX-H-56: value\r\nX-H-57: value\r\nX-H-58: value\r\nX-H-59: value\r\nX-H-60: value\r\nX-H-61: value\r\nX-H-62: value\r\nX-H-63: value\r\nX-H-64: value\r\nX-H-65: value\r\nX-H-66: value\r\nX-H-67: value\r\nX-H-68: value\r\nX-H-69: value\r\nX-H-70: value\r\nX-H-71: value\r\nX-H-72: value\r\nX-H-73: value\r\nX-H-74: value\r\nX-H-75: value\r\nX-H-76: value\r\nX-H-77: value\r\nX-H-78: value\r\nX-H-79: value\r\nX-H-80: value\r\nX-H-81: value\r\nX-H-82: value\r\nX-H-83: value\r\nX-H-84: value\r\nX-H-85: value\r\nX-H-86: value\r\nX-H-87: value\r\nX-H-88: value\r\nX-H-89: value\r\nX-H-90: value\r\nX-H-91: value\r\nX-H-92: value\r\nX-H-93: value\r\nX-H-94: value\r\nX-H-95: value\r\nX-H-96: value\r\nX-H-97: value\r\nX-H-98: value\r\nX-H-99: value\r\nX-H-100: value\r\nX-H-101: value\r\nX-H-102: value\r\nX-H-103: value\r\nX-H-104: value\r\nX-H-105: value\r\nX-H-106: value\r\nX-H-107: value\r\nX-H-108: value\r\nX-H-109: value\r\nX-H-110: value\r\nX-H-111: value\r\nX-H-112: value\r\nX-H-113: value\r\nX-H-114: value\r\nX-H-115: value\r\nX-H-116: value\r\nX-H-117: value\r\nX-H-118: value\r\nX-H-119: value\r\nX-H-120: value\r\nX-H-121: value\r\nX-H-122: value\r\nX-H-123: value\r\nX-H-124: value\r\nX-H-125: value\r\nX-H-126: value\r\nX-H-127: value\r\nX-H-128: value\r\nX-H-129: value\r\nX-H-130: value\r\nX-H-131: value\r\nX-H-132: value\r\nX-H-133: value\r\nX-H-134: value\r\nX-H-135: value\r\nX-H-136: value\r\nX-H-137: value\r\nX-H-138: value\r\nX-H-139: value\r\nX-H-140: value\r\nX-H-141: value\r\nX-H-142: value\r\nX-H-143: value\r\nX-H-144: value\r\nX-H-145: value\r\nX-H-146: value\r\nX-H-147: value\r\nX-H-148: value\r\nX-H-149: value\r\nX-H-150: value\r\nX-H-151: value\r\nX-H-152: value\r\nX-H-153: value\r\nX-H-154: value\r\nX-H-155: value\r\nX-H-156: value\r\nX-H-157: value\r\nX-H-158: value\r\nX-H-159: value\r\nX-H-160: value\r\nX-H-161: value\r\nX-H-162: value\r\nX-H-163: value\r\nX-H-164: value\r\nX-H-165: value\r\nX-H-166: value\r\nX-H-167: value\r\nX-H-168: value\r\nX-H-169: value\r\nX-H-170: value\r\nX-H-171: value\r\nX-H-172: value\r\nX-H-173: value\r\nX-H-174: value\r\nX-H-175: value\r\nX-H-176: value\r\nX-H-177: value\r\nX-H-178: value\r\nX-H-179: value\r\nX-H-180: value\r\nX-H-181: value\r\nX-H-182: value\r\nX-H-183: value\r\nX-H-184: value\r\nX-H-185: value\r\nX-H-186: value\r\nX-H-187: value\r\nX-H-188: value\r\nX-H-189: value\r\nX-H-190: value\r\nX-H-191: value\r\nX-H-192: value\r\nX-H-193: value\r\nX-H-194: value\r\nX-H-195: value\r\nX-H-196: value\r\nX-H-197: value\r\nX-H-198: value\r\nX-H-199: value\r\nX-H-200: value\r\nX-H-201: value\r\nX-H-202: value\r\nX-H-203: value\r\nX-H-204: value\r\nX-H-205: value\r\nX-H-206: value\r\nX-H-207: value\r\nX-H-208: value\r\nX-H-209: value\r\nX-H-210: value\r\nX-H-211: value\r\nX-H-212: value\r\nX-H-213: value\r\nX-H-214: value\r\nX-H-215: value\r\nX-H-216: value\r\nX-H-217: value\r\nX-H-218: value\r\nX-H-219: value\r\nX-H-220: value\r\nX-H-221: value\r\nX-H-222: value\r\nX-H-223: value\r\nX-H-224: value\r\nX-H-225: value\r\nX-H-226: value\r\nX-H-227: value\r\nX-H-228: value\r\nX-H-229: value\r\nX-H-230: value\r\nX-H-231: value\r\nX-H-232: value\r\nX-H-233: value\r\nX-H-234: value\r\nX-H-235: value\r\nX-H-236: value\r\nX-H-237: value\r\nX-H-238: value\r\nX-H-239: value\r\nX-H-240: value\r\nX-H-241: value\r\nX-H-242: value\r\nX-H-243: value\r\nX-H-244: value\r\nX-H-245: value\r\nX-H-246: value\r\nX-H-247: value\r\nX-H-248: value\r\nX-H-249: value\r\nX-H-250: value\r\nX-H-251: value\r\nX-H-252: value\r\nX-H-253: value\r\nX-H-254: value\r\nX-H-255: value\r\nX-H-256: value\r\nX-H-257: value\r\nX-H-258: value\r\nX-H-259: value\r\nX-H-260: value\r\nX-H-261: value\r\nX-H-262: value\r\nX-H-263: value\r\nX-H-264: value\r\nX-H-265: value\r\nX-H-266: value\r\nX-H-267: value\r\nX-H-268: value\r\nX-H-269: value\r\nX-H-270: value\r\nX-H-271: value\r\nX-H-272: value\r\nX-H-273: value\r\nX-H-274: value\r\nX-H-275: value\r\nX-H-276: value\r\nX-H-277: value\r\nX-H-278: value\r\nX-H-279: value\r\nX-H-280: value\r\nX-H-281: value\r\nX-H-282: value\r\nX-H-283: value\r\nX-H-284: value\r\nX-H-285: value\r\nX-H-286: value\r\nX-H-287: value\r\nX-H-288: value\r\nX-H-289: value\r\nX-H-290: value\r\nX-H-291: value\r\nX-H-292: value\r\nX-H-293: value\r\nX-H-294: value\r\nX-H-295: value\r\nX-H-296: value\r\nX-H-297: value\r\nX-H-298: value\r\nX-H-299: value\r\nX-H-300: value\r\nX-H-301: value\r\nX-H-302: value\r\nX-H-303: value\r\nX-H-304: value\r\nX-H-305: value\r\nX-H-306: value\r\nX-H-307: value\r\nX-H-308: value\r\nX-H-309: value\r\nX-H-310: value\r\nX-H-311: value\r\nX-H-312: value\r\nX-H-313: value\r\nX-H-314: value\r\nX-H-315: value\r\nX-H-316: value\r\nX-H-317: value\r\nX-H-318: value\r\nX-H-319: value\r\nX-H-320: value\r\nX-H-321: value\r\nX-H-322: value\r\nX-H-323: value\r\nX-H-324: value\r\nX-H-325: value\r\nX-H-326: value\r\nX-H-327: value\r\nX-H-328: value\r\nX-H-329: value\r\nX-H-330: value\r\nX-H-331: value\r\nX-H-332: value\r\nX-H-333: value\r\nX-H-334: value\r\nX-H-335: value\r\nX-H-336: value\r\nX-H-337: value\r\nX-H-338: value\r\nX-H-339: value\r\nX-H-340: value\r\nX-H-341: value\r\nX-H-342: value\r\nX-H-343: value\r\nX-H-344: value\r\nX-H-345: value\r\nX-H-346: value\r\nX-H-347: value\r\nX-H-348: value\r\nX-H-349: value\r\nX-H-350: value\r\nX-H-351: value\r\nX-H-352: value\r\nX-H-353: value\r\nX-H-354: value\r\nX-H-355: value\r\nX-H-356: value\r\nX-H-357: value\r\nX-H-358: value\r\nX-H-359: value\r\nX-H-360: value\r\nX-H-361: value\r\nX-H-362: value\r\nX-H-363: value\r\nX-H-364: value\r\nX-H-365: value\r\nX-H-366: value\r\nX-H-367: value\r\nX-H-368: value\r\nX-H-369: value\r\nX-H-370: value\r\nX-H-371: value\r\nX-H-372: value\r\nX-H-373: value\r\nX-H-374: value\r\nX-H-375: value\r\nX-H-376: value\r\nX-H-377: value\r\nX-H-378: value\r\nX-H-379: value\r\nX-H-380: value\r\nX-H-381: value\r\nX-H-382: value\r\nX-H-383: value\r\nX-H-384: value\r\nX-H-385: value\r\nX-H-386: value\r\nX-H-387: value\r\nX-H-388: value\r\nX-H-389: value\r\nX-H-390: value\r\nX-H-391: value\r\nX-H-392: value\r\nX-H-393: value\r\nX-H-394: value\r\nX-H-395: value\r\nX-H-396: value\r\nX-H-397: value\r\nX-H-398: value\r\nX-H-399: value\r\nX-H-400: value\r\nX-H-401: value\r\nX-H-402: value\r\nX-H-403: value\r\nX-H-404: value\r\nX-H-405: value\r\nX-H-406: value\r\nX-H-407: value\r\nX-H-408: value\r\nX-H-409: value\r\nX-H-410: value\r\nX-H-411: value\r\nX-H-412: value\r\nX-H-413: value\r\nX-H-414: value\r\nX-H-415: value\r\nX-H-416: value\r\nX-H-417: value\r\nX-H-418: value\r\nX-H-419: value\r\nX-H-420: value\r\nX-H-421: value\r\nX-H-422: value\r\nX-H-423: value\r\nX-H-424: value\r\nX-H-425: value\r\nX-H-426: value\r\nX-H-427: value\r\nX-H-428: value\r\nX-H-429: value\r\nX-H-430: value\r\nX-H-431: value\r\nX-H-432: value\r\nX-H-433: value\r\nX-H-434: value\r\nX-H-435: value\r\nX-H-436: value\r\nX-H-437: value\r\nX-H-438: value\r\nX-H-439: value\r\nX-H-440: value\r\nX-H-441: value\r\nX-H-442: value\r\nX-H-443: value\r\nX-H-444: value\r\nX-H-445: value\r\nX-H-446: value\r\nX-H-447: value\r\nX-H-448: value\r\nX-H-449: value\r\nX-H-450: value\r\nX-H-451: value\r\nX-H-452: value\r\nX-H-453: value\r\nX-H-454: value\r\nX-H-455: value\r\nX-H-456: value\r\nX-H-457: value\r\nX-H-458: value\r\nX-H-459: value\r\nX-H-460: value\r\nX-H-461: value\r\nX-H-462: value\r\nX-H-463: value\r\nX-H-464: value\r\nX-H-465: value\r\nX-H-466: value\r\nX-H-467: value\r\nX-H-468: value\r\nX-H-469: value\r\nX-H-470: value\r\nX-H-471: value\r\nX-H-472: value\r\nX-H-473: value\r\nX-H-474: value\r\nX-H-475: value\r\nX-H-476: value\r\nX-H-477: value\r\nX-H-478: value\r\nX-H-479: value\r\nX-H-480: value\r\nX-H-481: value\r\nX-H-482: value\r\nX-H-483: value\r\nX-H-484: value\r\nX-H-485: value\r\nX-H-486: value\r\nX-H-487: value\r\nX-H-488: value\r\nX-H-489: value\r\nX-H-490: value\r\nX-H-491: value\r\nX-H-492: value\r\nX-H-493: value\r\nX-H-494: value\r\nX-H-495: value\r\nX-H-496: value\r\nX-H-497: value\r\nX-H-498: value\r\nX-H-499: value\r\nX-H-500: value\r\nX-H-501: value\r\nX-H-502: value\r\nX-H-503: value\r\nX-H-504: value\r\nX-H-505: value\r\nX-H-506: value\r\nX-H-507: value\r\nX-H-508: value\r\nX-H-509: value\r\nX-H-510: value\r\nX-H-511: value\r\nX-H-512: value\r\nX-H-513: value\r\nX-H-514: value\r\nX-H-515: value\r\nX-H-516:", "rawResponse": "HTTP/1.1 431 Request Header Fields Too Large\r\nContent-Type: text/plain\r\nContent-Length: 37\r\nConnection: keep-alive\r\n\r\n431 Request Header Fields Too Large\r\n", "behavioralNote": null}, {"id": "MAL-NUL-IN-URL", "description": "NUL byte in URL should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "NUL byte in URL should be rejected", "scored": true, "durationMs": 50.4006, "rawRequest": "GET /\u0000test HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "MAL-CONTROL-CHARS-HEADER", "description": "Control characters in header value should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Control characters in header value should be rejected", "scored": true, "durationMs": 50.4138, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: abc\u0007\b?f\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "MAL-INCOMPLETE-REQUEST", "description": "Partial HTTP request \u2014 request-line and headers but no final CRLF", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Partial HTTP request \u2014 request-line and headers but no final CRLF", "scored": true, "durationMs": 5000.6895, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: value", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-EMPTY-REQUEST", "description": "Zero bytes \u2014 TCP connection established without sending any data", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Zero bytes \u2014 TCP connection established without sending any data", "scored": true, "durationMs": 5000.3526, "rawRequest": "", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-LONG-HEADER-NAME", "description": "100KB header name should be rejected with 400/431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 431, "expected": "400/431 or close", "got": "431", "connectionState": "ClosedByServer", "reason": "100KB header name should be rejected with 400/431", "scored": true, "durationMs": 51.3942, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 431 Request Header Fields Too Large\r\nContent-Type: text/plain\r\nContent-Length: 37\r\nConnection: keep-alive\r\n\r\n431 Request Header Fields Too Large\r\n", "behavioralNote": null}, {"id": "MAL-LONG-METHOD", "description": "100KB method name should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "100KB method name should be rejected", "scored": true, "durationMs": 51.2742, "rawRequest": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "MAL-NON-ASCII-HEADER-NAME", "description": "Non-ASCII bytes (UTF-8 \u00eb) in header name must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Non-ASCII bytes (UTF-8 \u00eb) in header name must be rejected", "scored": true, "durationMs": 50.4057, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-T??st: value\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "MAL-NON-ASCII-URL", "description": "Non-ASCII bytes (UTF-8 \u00e9) in URL must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Non-ASCII bytes (UTF-8 \u00e9) in URL must be rejected", "scored": true, "durationMs": 50.5138, "rawRequest": "GET /caf?? HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "MAL-CL-OVERFLOW", "description": "Content-Length with integer overflow value must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with integer overflow value must be rejected", "scored": true, "durationMs": 50.5086, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 99999999999999999999\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "MAL-WHITESPACE-ONLY-LINE", "description": "Whitespace-only request line should be rejected or timeout", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "Whitespace-only request line should be rejected or timeout", "scored": true, "durationMs": 50.6341, "rawRequest": "   \r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "MAL-NUL-IN-HEADER-VALUE", "description": "NUL byte in header value should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "NUL byte in header value should be rejected", "scored": true, "durationMs": 50.4248, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: val\u0000ue\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "MAL-CHUNK-SIZE-OVERFLOW", "description": "Chunk size with integer overflow must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size with integer overflow must be rejected", "scored": true, "durationMs": 50.5211, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\nFFFFFFFFFFFFFFFF0\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "MAL-H2-PREFACE", "description": "HTTP/2 connection preface sent to HTTP/1.1 server must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/505/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/2 connection preface sent to HTTP/1.1 server must be rejected", "scored": true, "durationMs": 50.6572, "rawRequest": "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "MAL-CL-EMPTY", "description": "Empty Content-Length value must be rejected", "category": "MalformedInput", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Empty Content-Length value must be rejected", "scored": true, "durationMs": 50.4577, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: \r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "MAL-CL-TAB-BEFORE-VALUE", "description": "Content-Length with tab as OWS \u2014 valid per RFC but unusual", "category": "MalformedInput", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with tab as OWS \u2014 valid per RFC but unusual", "scored": true, "durationMs": 50.8263, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length:\t5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 5\r\nConnection: keep-alive\r\n\r\nhello", "behavioralNote": null}, {"id": "MAL-URL-BACKSLASH", "description": "Backslash in URL path \u2014 not valid URI character, some servers normalize to /", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx/404", "got": "400", "connectionState": "ClosedByServer", "reason": "Backslash in URL path \u2014 not valid URI character, some servers normalize to /", "scored": true, "durationMs": 50.5492, "rawRequest": "GET /path\\file HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "MAL-URL-OVERLONG-UTF8", "description": "Overlong UTF-8 encoding of / (0xC0 0xAF) in URL must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Overlong UTF-8 encoding of / (0xC0 0xAF) in URL must be rejected", "scored": true, "durationMs": 50.5769, "rawRequest": "GET /?? HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "MAL-URL-PERCENT-NULL", "description": "Percent-encoded NUL byte (%00) in URL \u2014 security risk from null byte injection", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx/404", "got": "400", "connectionState": "ClosedByServer", "reason": "Percent-encoded NUL byte (%00) in URL \u2014 security risk from null byte injection", "scored": true, "durationMs": 50.6839, "rawRequest": "GET /path%00.html HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "MAL-URL-PERCENT-CRLF", "description": "Percent-encoded CRLF (%0d%0a) in URL \u2014 header injection if server decodes during parsing", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx/404", "got": "200", "connectionState": "Open", "reason": "Percent-encoded CRLF (%0d%0a) in URL \u2014 header injection if server decodes during parsing", "scored": true, "durationMs": 50.7737, "rawRequest": "GET /path%0d%0aX-Injected:%20true HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 74\r\nConnection: keep-alive\r\n\r\nHello from GlyphServer\r\nMethod: GET\r\nPath: /path%0d%0aX-Injected:%20true\r\n", "behavioralNote": null}, {"id": "MAL-CHUNK-EXT-64K", "description": "64KB chunk extension \u2014 tests extension length limits (CVE-2023-39326 class)", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 64KB chunk extension \u2014 tests extension length limits (CVE-2023-39326 class)", "scored": true, "durationMs": 5000.9566, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;ext=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-RANGE-OVERLAPPING", "description": "1000 overlapping Range values \u2014 resource exhaustion vector (CVE-2011-3192 class)", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "200/206/400/416", "got": "200", "connectionState": "Open", "reason": "1000 overlapping Range values \u2014 resource exhaustion vector (CVE-2011-3192 class)", "scored": false, "durationMs": 51.8433, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nRange: bytes=0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 46\r\nConnection: keep-alive\r\n\r\nHello from GlyphServer\r\nMethod: GET\r\nPath: /\r\n", "behavioralNote": null}, {"id": "MAL-POST-CL-HUGE-NO-BODY", "description": "POST with Content-Length: 999999999 but no body \u2014 tests timeout vs memory allocation", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "POST with Content-Length: 999999999 but no body \u2014 tests timeout vs memory allocation", "scored": true, "durationMs": 5000.7516, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 999999999\r\n\r\n", "rawResponse": null, "behavioralNote": null}], "name": "Glyph", "language": "C#"}, {"summary": {"total": 143, "scored": 125, "passed": 75, "failed": 39, "warnings": 11, "unscored": 18}, "results": [{"id": "COMP-BASELINE", "description": "Valid GET request \u2014 confirms server is reachable", "category": "Compliance", "rfc": null, "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid GET request \u2014 confirms server is reachable", "scored": true, "durationMs": 62.8133, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 4\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"OK\"", "behavioralNote": null}, {"id": "RFC9112-2.2-BARE-LF-REQUEST-LINE", "description": "Bare LF in request line should be rejected, but MAY be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close (pass), 2xx (warn)", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare LF in request line should be rejected, but MAY be accepted", "scored": true, "durationMs": 51.5176, "rawRequest": "GET / HTTP/1.1\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "RFC9112-2.2-BARE-LF-HEADER", "description": "Bare LF in header should be rejected, but MAY be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close (pass), 2xx (warn)", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare LF in header should be rejected, but MAY be accepted", "scored": true, "durationMs": 50.5514, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\nX-Test: value\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "RFC9112-5.1-OBS-FOLD", "description": "Obs-fold (line folding) in headers should be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75.1", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Obs-fold (line folding) in headers should be rejected", "scored": true, "durationMs": 49.5731, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: value\r\n continued\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "RFC9110-5.6.2-SP-BEFORE-COLON", "description": "Whitespace between header name and colon must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Whitespace between header name and colon must be rejected", "scored": true, "durationMs": 50.7634, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test : value\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "RFC9112-3-MULTI-SP-REQUEST-LINE", "description": "Multiple spaces between request-line components \u2014 SHOULD reject but MAY parse leniently", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Multiple spaces between request-line components \u2014 SHOULD reject but MAY parse leniently", "scored": true, "durationMs": 50.6961, "rawRequest": "GET  / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "RFC9112-7.1-MISSING-HOST", "description": "Request without Host header must be rejected with 400", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Request without Host header must be rejected with 400", "scored": true, "durationMs": 50.5479, "rawRequest": "GET / HTTP/1.1\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "RFC9112-2.3-INVALID-VERSION", "description": "Invalid HTTP version must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400/505 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Invalid HTTP version must be rejected", "scored": true, "durationMs": 50.4936, "rawRequest": "GET / HTTP/9.9\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 26\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nHTTP Version Not Supported", "behavioralNote": null}, {"id": "RFC9112-5-EMPTY-HEADER-NAME", "description": "Empty header name (leading colon) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Empty header name (leading colon) must be rejected", "scored": true, "durationMs": 50.4252, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\n: empty-name\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "RFC9112-3-CR-ONLY-LINE-ENDING", "description": "CR without LF as line ending must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "CR without LF as line ending must be rejected", "scored": true, "durationMs": 50.4346, "rawRequest": "GET / HTTP/1.1\rHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "RFC9112-3-MISSING-TARGET", "description": "Request line with no target (space but no path) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Request line with no target (space but no path) must be rejected", "scored": true, "durationMs": 50.4728, "rawRequest": "GET HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "RFC9112-3.2-FRAGMENT-IN-TARGET", "description": "Fragment (#) in request-target \u2014 not part of origin-form grammar", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 404, "expected": "400 or 2xx", "got": "404", "connectionState": "Open", "reason": "Expected 400 or 2xx, got 404 \u2014 Fragment (#) in request-target \u2014 not part of origin-form grammar", "scored": true, "durationMs": 50.8778, "rawRequest": "GET /path#frag HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nContent-Length: 9\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: keep-alive\r\n\r\nNot Found", "behavioralNote": null}, {"id": "RFC9112-2.3-HTTP09-REQUEST", "description": "HTTP/0.9 request (no version) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "HTTP/0.9 request (no version) must be rejected", "scored": true, "durationMs": 5001.1041, "rawRequest": "GET /\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "RFC9112-5-INVALID-HEADER-NAME", "description": "Header name with invalid characters (brackets) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Header name with invalid characters (brackets) must be rejected", "scored": true, "durationMs": 50.3397, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nBad[Name: value\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "RFC9112-5-HEADER-NO-COLON", "description": "Header line without colon must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Header line without colon must be rejected", "scored": true, "durationMs": 50.4472, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nNoColonHere\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "RFC9110-5.4-DUPLICATE-HOST", "description": "Duplicate Host headers with different values must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Duplicate Host headers with different values must be rejected", "scored": true, "durationMs": 50.473, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nHost: other.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "RFC9112-6.1-CL-NON-NUMERIC", "description": "Non-numeric Content-Length must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Non-numeric Content-Length must be rejected", "scored": true, "durationMs": 50.6565, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: abc\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "RFC9112-6.1-CL-PLUS-SIGN", "description": "Content-Length with plus sign must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with plus sign must be rejected", "scored": true, "durationMs": 50.497, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: +5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "COMP-WHITESPACE-BEFORE-HEADERS", "description": "Whitespace before first header line must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Whitespace before first header line must be rejected", "scored": true, "durationMs": 50.4891, "rawRequest": "GET / HTTP/1.1\r\n \r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "COMP-DUPLICATE-HOST-SAME", "description": "Duplicate Host headers with identical values must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Duplicate Host headers with identical values must be rejected", "scored": true, "durationMs": 50.4846, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "COMP-HOST-WITH-USERINFO", "description": "Host header with userinfo (user@host) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Host header with userinfo (user@host) must be rejected", "scored": true, "durationMs": 50.4164, "rawRequest": "GET / HTTP/1.1\r\nHost: user@localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 4\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"OK\"", "behavioralNote": null}, {"id": "COMP-HOST-WITH-PATH", "description": "Host header with path component must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Host header with path component must be rejected", "scored": true, "durationMs": 50.5474, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080/path\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 4\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"OK\"", "behavioralNote": null}, {"id": "COMP-ASTERISK-WITH-GET", "description": "Asterisk-form (*) request-target with GET must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.4", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Asterisk-form (*) request-target with GET must be rejected", "scored": true, "durationMs": 50.5147, "rawRequest": "GET * HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "COMP-OPTIONS-STAR", "description": "OPTIONS * is the only valid asterisk-form request", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.4", "verdict": "Fail", "statusCode": 400, "expected": "2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Expected 2xx, got 400 \u2014 OPTIONS * is the only valid asterisk-form request", "scored": true, "durationMs": 50.4662, "rawRequest": "OPTIONS * HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "COMP-UNKNOWN-TE-501", "description": "Unknown Transfer-Encoding without CL should be rejected with 501", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400/501 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400/501 or close, got 200 \u2014 Unknown Transfer-Encoding without CL should be rejected with 501", "scored": true, "durationMs": 50.8815, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: gzip\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 2\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"\"", "behavioralNote": null}, {"id": "COMP-LEADING-CRLF", "description": "Leading CRLF before request-line \u2014 server may ignore per RFC", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Leading CRLF before request-line \u2014 server may ignore per RFC", "scored": true, "durationMs": 50.5792, "rawRequest": "\r\n\r\nGET / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "COMP-ABSOLUTE-FORM", "description": "Absolute-form request-target \u2014 server should accept per RFC", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Absolute-form request-target \u2014 server should accept per RFC", "scored": true, "durationMs": 50.5991, "rawRequest": "GET http://localhost:8080/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "COMP-METHOD-CASE", "description": "Lowercase method 'get' \u2014 methods are case-sensitive per RFC", "category": "Compliance", "rfc": "RFC 9110 \u00a79.1", "verdict": "Fail", "statusCode": 404, "expected": "400/405/501 or 2xx", "got": "404", "connectionState": "Open", "reason": "Expected 400/405/501 or 2xx, got 404 \u2014 Lowercase method 'get' \u2014 methods are case-sensitive per RFC", "scored": true, "durationMs": 50.7745, "rawRequest": "get / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nContent-Length: 9\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: keep-alive\r\n\r\nNot Found", "behavioralNote": null}, {"id": "COMP-POST-CL-BODY", "description": "POST with Content-Length and matching body must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "POST with Content-Length and matching body must be accepted", "scored": true, "durationMs": 49.8704, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 7\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"hello\"", "behavioralNote": null}, {"id": "COMP-POST-CL-ZERO", "description": "POST with Content-Length: 0 and no body must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "POST with Content-Length: 0 and no body must be accepted", "scored": true, "durationMs": 50.534, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 2\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"\"", "behavioralNote": null}, {"id": "COMP-POST-NO-CL-NO-TE", "description": "POST with neither Content-Length nor Transfer-Encoding \u2014 implicit zero-length body", "category": "Compliance", "rfc": "RFC 9112 \u00a76.3", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "POST with neither Content-Length nor Transfer-Encoding \u2014 implicit zero-length body", "scored": true, "durationMs": 50.5612, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 2\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"\"", "behavioralNote": null}, {"id": "COMP-POST-CL-UNDERSEND", "description": "POST with Content-Length: 10 but only 5 bytes sent \u2014 incomplete body", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "POST with Content-Length: 10 but only 5 bytes sent \u2014 incomplete body", "scored": true, "durationMs": 5000.0539, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 10\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-CHUNKED-BODY", "description": "Valid single-chunk POST must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": null, "expected": "2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 2xx, got TimedOut \u2014 Valid single-chunk POST must be accepted", "scored": true, "durationMs": 5000.4685, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-CHUNKED-MULTI", "description": "Valid multi-chunk POST must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": null, "expected": "2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 2xx, got TimedOut \u2014 Valid multi-chunk POST must be accepted", "scored": true, "durationMs": 5000.8152, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n6\r\n world\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-CHUNKED-EMPTY", "description": "Zero-length chunked body (just terminator) must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": null, "expected": "2xx or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Zero-length chunked body (just terminator) must be accepted", "scored": true, "durationMs": 5000.4628, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-CHUNKED-NO-FINAL", "description": "Chunked body without zero terminator \u2014 incomplete transfer", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Chunked body without zero terminator \u2014 incomplete transfer", "scored": true, "durationMs": 5000.7505, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-UPGRADE-POST", "description": "WebSocket upgrade via POST must not be accepted", "category": "Compliance", "rfc": "RFC 6455 \u00a74.1", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "WebSocket upgrade via POST must not be accepted", "scored": true, "durationMs": 49.7838, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 13\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 2\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"\"", "behavioralNote": null}, {"id": "COMP-UPGRADE-MISSING-CONN", "description": "Upgrade header without Connection: Upgrade must not trigger protocol switch", "category": "Compliance", "rfc": "RFC 9110 \u00a77.8", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "Upgrade header without Connection: Upgrade must not trigger protocol switch", "scored": true, "durationMs": 50.8762, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 13\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 4\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"OK\"", "behavioralNote": null}, {"id": "COMP-UPGRADE-UNKNOWN", "description": "Upgrade to unknown protocol must not return 101", "category": "Compliance", "rfc": "RFC 9110 \u00a77.8", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "Upgrade to unknown protocol must not return 101", "scored": true, "durationMs": 50.4694, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: totally-made-up/1.0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 4\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"OK\"", "behavioralNote": null}, {"id": "COMP-METHOD-CONNECT", "description": "CONNECT to an origin server must be rejected", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.6", "verdict": "Pass", "statusCode": 400, "expected": "400/405/501 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "CONNECT to an origin server must be rejected", "scored": true, "durationMs": 50.4791, "rawRequest": "CONNECT example.com:443 HTTP/1.1\r\nHost: example.com:443\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "COMP-EXPECT-UNKNOWN", "description": "Unknown Expect value should be rejected with 417", "category": "Compliance", "rfc": "RFC 9110 \u00a710.1.1", "verdict": "Warn", "statusCode": 200, "expected": "417 or 2xx", "got": "200", "connectionState": "Open", "reason": "Unknown Expect value should be rejected with 417", "scored": true, "durationMs": 50.6982, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nExpect: 200-ok\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 4\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"OK\"", "behavioralNote": null}, {"id": "COMP-GET-WITH-CL-BODY", "description": "GET with Content-Length and body \u2014 semantically unusual", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "GET with Content-Length and body \u2014 semantically unusual", "scored": false, "durationMs": 50.7519, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 4\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"OK\"", "behavioralNote": null}, {"id": "COMP-CHUNKED-EXTENSION", "description": "Chunk extension (valid per RFC) \u2014 server should accept or may reject", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": null, "expected": "2xx or 400", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 2xx or 400, got TimedOut \u2014 Chunk extension (valid per RFC) \u2014 server should accept or may reject", "scored": true, "durationMs": 5000.743, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;ext=value\r\nhello\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-UPGRADE-INVALID-VER", "description": "WebSocket upgrade with unsupported version \u2014 should return 426", "category": "Compliance", "rfc": "RFC 6455 \u00a74.4", "verdict": "Warn", "statusCode": 200, "expected": "426 or 2xx", "got": "200", "connectionState": "Open", "reason": "WebSocket upgrade with unsupported version \u2014 should return 426", "scored": true, "durationMs": 50.8045, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 99\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 4\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"OK\"", "behavioralNote": null}, {"id": "COMP-METHOD-TRACE", "description": "TRACE request \u2014 should be disabled in production", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.8", "verdict": "Fail", "statusCode": 404, "expected": "405/501 or 2xx", "got": "404", "connectionState": "Open", "reason": "Expected 405/501 or 2xx, got 404 \u2014 TRACE request \u2014 should be disabled in production", "scored": false, "durationMs": 51.9391, "rawRequest": "TRACE / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nContent-Length: 9\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: keep-alive\r\n\r\nNot Found", "behavioralNote": null}, {"id": "COMP-HOST-EMPTY-VALUE", "description": "Empty Host header value must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Empty Host header value must be rejected", "scored": true, "durationMs": 50.8946, "rawRequest": "GET / HTTP/1.1\r\nHost: \r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 4\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"OK\"", "behavioralNote": null}, {"id": "COMP-REQUEST-LINE-TAB", "description": "Tab as request-line delimiter \u2014 SHOULD reject but MAY parse on whitespace", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Tab as request-line delimiter \u2014 SHOULD reject but MAY parse on whitespace", "scored": true, "durationMs": 50.7707, "rawRequest": "GET\t/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "COMP-VERSION-MISSING-MINOR", "description": "HTTP/1 with no minor version digit is invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/1 with no minor version digit is invalid", "scored": true, "durationMs": 50.8339, "rawRequest": "GET / HTTP/1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 26\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nHTTP Version Not Supported", "behavioralNote": null}, {"id": "COMP-VERSION-LEADING-ZEROS", "description": "HTTP/01.01 \u2014 leading zeros in version digits are invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/01.01 \u2014 leading zeros in version digits are invalid", "scored": true, "durationMs": 50.7473, "rawRequest": "GET / HTTP/01.01\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 26\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nHTTP Version Not Supported", "behavioralNote": null}, {"id": "COMP-VERSION-WHITESPACE", "description": "HTTP/ 1.1 \u2014 whitespace inside version token is invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/ 1.1 \u2014 whitespace inside version token is invalid", "scored": true, "durationMs": 50.5882, "rawRequest": "GET / HTTP/ 1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 26\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nHTTP Version Not Supported", "behavioralNote": null}, {"id": "COMP-CONNECTION-CLOSE", "description": "Server must close connection after responding to Connection: close", "category": "Compliance", "rfc": "RFC 9112 \u00a79.3", "verdict": "Pass", "statusCode": 200, "expected": "2xx + close", "got": "200", "connectionState": "ClosedByServer", "reason": "Server must close connection after responding to Connection: close", "scored": true, "durationMs": 50.586, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 4\r\nContent-Type: application/json; charset=utf-8\r\nConnection: close\r\n\r\n\"OK\"", "behavioralNote": null}, {"id": "COMP-HTTP10-DEFAULT-CLOSE", "description": "HTTP/1.0 without keep-alive \u2014 server should close connection after response", "category": "Compliance", "rfc": "RFC 9112 \u00a79.3", "verdict": "Pass", "statusCode": 200, "expected": "2xx + close", "got": "200", "connectionState": "ClosedByServer", "reason": "HTTP/1.0 without keep-alive \u2014 server should close connection after response", "scored": true, "durationMs": 50.6636, "rawRequest": "GET / HTTP/1.0\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 4\r\nContent-Type: application/json; charset=utf-8\r\nConnection: close\r\n\r\n\"OK\"", "behavioralNote": null}, {"id": "COMP-HTTP10-NO-HOST", "description": "HTTP/1.0 without Host header \u2014 valid per HTTP/1.0", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Warn", "statusCode": 200, "expected": "200 or 400", "got": "200", "connectionState": "ClosedByServer", "reason": "HTTP/1.0 without Host header \u2014 valid per HTTP/1.0", "scored": false, "durationMs": 50.5638, "rawRequest": "GET / HTTP/1.0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 4\r\nContent-Type: application/json; charset=utf-8\r\nConnection: close\r\n\r\n\"OK\"", "behavioralNote": null}, {"id": "COMP-HTTP12-VERSION", "description": "HTTP/1.2 \u2014 higher minor version should be accepted as HTTP/1.x compatible", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Fail", "statusCode": 400, "expected": "200 or 505", "got": "400", "connectionState": "ClosedByServer", "reason": "Expected 200 or 505, got 400 \u2014 HTTP/1.2 \u2014 higher minor version should be accepted as HTTP/1.x compatible", "scored": false, "durationMs": 50.704, "rawRequest": "GET / HTTP/1.2\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 26\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nHTTP Version Not Supported", "behavioralNote": null}, {"id": "COMP-TRACE-WITH-BODY", "description": "TRACE with Content-Length body should be rejected", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.8", "verdict": "Fail", "statusCode": 404, "expected": "400/405 or 200", "got": "404", "connectionState": "Open", "reason": "Expected 400/405 or 200, got 404 \u2014 TRACE with Content-Length body should be rejected", "scored": false, "durationMs": 51.7265, "rawRequest": "TRACE / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 404 Not Found\r\nContent-Length: 9\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: keep-alive\r\n\r\nNot Found", "behavioralNote": null}, {"id": "COMP-CHUNKED-TRAILER-VALID", "description": "Valid chunked body with trailer field should be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid chunked body with trailer field should be accepted", "scored": true, "durationMs": 50.4011, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nX-Checksum: abc\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 7\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"hello\"", "behavioralNote": null}, {"id": "COMP-CHUNKED-HEX-UPPERCASE", "description": "Chunk size with uppercase hex (A = 10) should be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": null, "expected": "2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 2xx, got TimedOut \u2014 Chunk size with uppercase hex (A = 10) should be accepted", "scored": true, "durationMs": 5000.6571, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\nA\r\nhelloworld\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CL-TE-BOTH", "description": "Both Content-Length and Transfer-Encoding present \u2014 server MAY reject or process with TE alone", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Both Content-Length and Transfer-Encoding present \u2014 server MAY reject or process with TE alone", "scored": true, "durationMs": 5001.3465, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 6\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-DUPLICATE-CL", "description": "Duplicate Content-Length with different values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Duplicate Content-Length with different values must be rejected", "scored": true, "durationMs": 50.8504, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nContent-Length: 10\r\n\r\nhelloworld", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "SMUG-CL-LEADING-ZEROS", "description": "Content-Length with leading zeros \u2014 valid per 1*DIGIT grammar but may cause parser disagreement", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with leading zeros \u2014 valid per 1*DIGIT grammar but may cause parser disagreement", "scored": true, "durationMs": 50.8372, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 005\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 7\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"hello\"", "behavioralNote": null}, {"id": "SMUG-TE-XCHUNKED", "description": "Transfer-Encoding: xchunked must not be treated as chunked", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Transfer-Encoding: xchunked must not be treated as chunked", "scored": true, "durationMs": 5000.8539, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: xchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-TRAILING-SPACE", "description": "Transfer-Encoding: 'chunked ' (trailing space) must not be treated as chunked", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Transfer-Encoding: 'chunked ' (trailing space) must not be treated as chunked", "scored": true, "durationMs": 5000.5894, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked \r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-SP-BEFORE-COLON", "description": "Transfer-Encoding with space before colon must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with space before colon must be rejected", "scored": true, "durationMs": 50.7873, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding : chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "SMUG-CL-NEGATIVE", "description": "Negative Content-Length must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Negative Content-Length must be rejected", "scored": true, "durationMs": 50.6048, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: -1\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "SMUG-CLTE-PIPELINE", "description": "CL.TE smuggling probe \u2014 follow-up should not receive smuggled response", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or close, got TimedOut \u2014 CL.TE smuggling probe \u2014 follow-up should not receive smuggled response", "scored": true, "durationMs": 4999.5808, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 4\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TECL-PIPELINE", "description": "TE.CL smuggling probe \u2014 TE: chunked + CL: 30 with pipelined GET", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or close, got TimedOut \u2014 TE.CL smuggling probe \u2014 TE: chunked + CL: 30 with pipelined GET", "scored": true, "durationMs": 5000.7047, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nContent-Length: 30\r\n\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CL-TRAILING-SPACE", "description": "Content-Length with trailing space \u2014 OWS trimming is valid per RFC 9110 \u00a75.5", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with trailing space \u2014 OWS trimming is valid per RFC 9110 \u00a75.5", "scored": true, "durationMs": 51.1134, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5 \r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 7\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"hello\"", "behavioralNote": null}, {"id": "SMUG-TE-DOUBLE-CHUNKED", "description": "Transfer-Encoding: chunked, chunked with CL is ambiguous", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Transfer-Encoding: chunked, chunked with CL is ambiguous", "scored": true, "durationMs": 5000.5905, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked, chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CL-EXTRA-LEADING-SP", "description": "Content-Length with extra leading whitespace (double space OWS)", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with extra leading whitespace (double space OWS)", "scored": true, "durationMs": 50.8056, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length:  5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 7\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"hello\"", "behavioralNote": null}, {"id": "SMUG-TE-CASE-MISMATCH", "description": "Transfer-Encoding: Chunked (capital C) with CL \u2014 case-insensitive is valid", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Transfer-Encoding: Chunked (capital C) with CL \u2014 case-insensitive is valid", "scored": true, "durationMs": 5000.5414, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: Chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CL-COMMA-DIFFERENT", "description": "Content-Length with comma-separated different values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with comma-separated different values must be rejected", "scored": true, "durationMs": 50.3412, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5, 10\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "SMUG-TE-NOT-FINAL-CHUNKED", "description": "Transfer-Encoding where chunked is not final \u2014 server MUST respond with 400 (RFC 9112 \u00a76.3)", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.3", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Transfer-Encoding where chunked is not final \u2014 server MUST respond with 400 (RFC 9112 \u00a76.3)", "scored": true, "durationMs": 5000.4343, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked, gzip\r\n\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-HTTP10", "description": "Transfer-Encoding in HTTP/1.0 request must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Transfer-Encoding in HTTP/1.0 request must be rejected", "scored": true, "durationMs": 5000.4789, "rawRequest": "POST / HTTP/1.0\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CHUNK-BARE-SEMICOLON", "description": "Chunk size with bare semicolon and no extension name must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Chunk size with bare semicolon and no extension name must be rejected", "scored": true, "durationMs": 5001.2706, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\r\nhello\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-BARE-CR-HEADER-VALUE", "description": "Bare CR in header value must be rejected or replaced with SP", "category": "Smuggling", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare CR in header value must be rejected or replaced with SP", "scored": true, "durationMs": 50.6385, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nX-Test: val\rue\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "SMUG-CL-OCTAL", "description": "Content-Length with octal prefix (0o5) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with octal prefix (0o5) must be rejected", "scored": true, "durationMs": 50.8375, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0o5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "SMUG-CHUNK-UNDERSCORE", "description": "Chunk size with underscores (1_0) must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size with underscores (1_0) must be rejected", "scored": true, "durationMs": 50.5163, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n1_0\r\nhello world!!!!!\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "SMUG-TE-EMPTY-VALUE", "description": "Transfer-Encoding with empty value must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding with empty value must be rejected", "scored": true, "durationMs": 50.6487, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 7\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"hello\"", "behavioralNote": "Body: \"hello\""}, {"id": "SMUG-TE-LEADING-COMMA", "description": "Transfer-Encoding with leading comma (, chunked) \u2014 RFC says empty list elements MUST be ignored", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.6.1", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Transfer-Encoding with leading comma (, chunked) \u2014 RFC says empty list elements MUST be ignored", "scored": true, "durationMs": 5000.7187, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: , chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-DUPLICATE-HEADERS", "description": "Two Transfer-Encoding headers with CL present \u2014 ambiguous framing", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Two Transfer-Encoding headers with CL present \u2014 ambiguous framing", "scored": true, "durationMs": 5000.2481, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nTransfer-Encoding: identity\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CHUNK-HEX-PREFIX", "description": "Chunk size with 0x prefix must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size with 0x prefix must be rejected", "scored": true, "durationMs": 50.703, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n0x5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "SMUG-CL-HEX-PREFIX", "description": "Content-Length with hex prefix (0x5) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with hex prefix (0x5) must be rejected", "scored": true, "durationMs": 50.4826, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0x5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "SMUG-CL-INTERNAL-SPACE", "description": "Content-Length with internal space (1 0) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with internal space (1 0) must be rejected", "scored": true, "durationMs": 50.4152, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 1 0\r\n\r\nhello12345", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "SMUG-CHUNK-LEADING-SP", "description": "Chunk size with leading space must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Chunk size with leading space must be rejected", "scored": true, "durationMs": 5000.3738, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n 5\r\nhello\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CHUNK-MISSING-TRAILING-CRLF", "description": "Chunk data without trailing CRLF must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 500, "expected": "400 or close", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 500 \u2014 Chunk data without trailing CRLF must be rejected", "scored": true, "durationMs": 50.4431, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello0\r\n\r\n", "rawResponse": "HTTP/1.1 500 Internal Server Error\r\nContent-Length: 21\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInternal Server Error", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-LF", "description": "Bare LF in chunk extension \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Bare LF in chunk extension \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 4999.7736, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\nhello\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CHUNK-SPILL", "description": "Chunk declares size 5 but sends 7 bytes \u2014 oversized chunk data must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 500, "expected": "400 or close", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 500 \u2014 Chunk declares size 5 but sends 7 bytes \u2014 oversized chunk data must be rejected", "scored": true, "durationMs": 50.8345, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello!!\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 500 Internal Server Error\r\nContent-Length: 21\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInternal Server Error", "behavioralNote": null}, {"id": "SMUG-CHUNK-LF-TERM", "description": "Bare LF as chunk data terminator \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 500, "expected": "400 or 2xx", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or 2xx, got 500 \u2014 Bare LF as chunk data terminator \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 50.5986, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\n0\r\n\r\n", "rawResponse": "HTTP/1.1 500 Internal Server Error\r\nContent-Length: 21\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInternal Server Error", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-CTRL", "description": "NUL byte in chunk extension must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "NUL byte in chunk extension must be rejected", "scored": true, "durationMs": 5000.2352, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\u0000ext\r\nhello\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-CR", "description": "Bare CR (not CRLF) in chunk extension \u2014 some parsers treat CR alone as line ending", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Bare CR (not CRLF) in chunk extension \u2014 some parsers treat CR alone as line ending", "scored": true, "durationMs": 5000.4682, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;a\rX\r\nhello\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-VTAB", "description": "Vertical tab before 'chunked' in TE value \u2014 control char obfuscation vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Vertical tab before 'chunked' in TE value \u2014 control char obfuscation vector", "scored": true, "durationMs": 5000.4096, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \u000bchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-FORMFEED", "description": "Form feed before 'chunked' in TE value \u2014 control char obfuscation vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Form feed before 'chunked' in TE value \u2014 control char obfuscation vector", "scored": true, "durationMs": 5000.4962, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \fchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-NULL", "description": "NUL byte appended to 'chunked' in TE value \u2014 C-string truncation attack", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "NUL byte appended to 'chunked' in TE value \u2014 C-string truncation attack", "scored": true, "durationMs": 5000.5818, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\u0000\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CHUNK-LF-TRAILER", "description": "Bare LF in chunked trailer termination \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Bare LF in chunked trailer termination \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 5000.5806, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-IDENTITY", "description": "Transfer-Encoding: identity (deprecated) with CL must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding: identity (deprecated) with CL must be rejected", "scored": true, "durationMs": 50.8429, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: identity\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 7\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"hello\"", "behavioralNote": "Body: \"hello\""}, {"id": "SMUG-CHUNK-NEGATIVE", "description": "Negative chunk size must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Negative chunk size must be rejected", "scored": true, "durationMs": 50.6868, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n-1\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "SMUG-TRANSFER_ENCODING", "description": "Transfer_Encoding (underscore) header with CL \u2014 not a valid header but some parsers accept", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer_Encoding (underscore) header with CL \u2014 not a valid header but some parsers accept", "scored": false, "durationMs": 50.6299, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer_Encoding: chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 7\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"hello\"", "behavioralNote": "Body: \"hello\""}, {"id": "SMUG-CL-COMMA-SAME", "description": "Content-Length with comma-separated identical values \u2014 some servers merge", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with comma-separated identical values \u2014 some servers merge", "scored": false, "durationMs": 50.4452, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5, 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "SMUG-CHUNKED-WITH-PARAMS", "description": "Transfer-Encoding: chunked;ext=val \u2014 parameters on chunked encoding", "category": "Smuggling", "rfc": "RFC 9112 \u00a77", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Transfer-Encoding: chunked;ext=val \u2014 parameters on chunked encoding", "scored": true, "durationMs": 5000.5383, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked;ext=val\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-EXPECT-100-CL", "description": "Expect: 100-continue with Content-Length \u2014 server should send 100 then read body", "category": "Smuggling", "rfc": "RFC 9110 \u00a710.1.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Expect: 100-continue with Content-Length \u2014 server should send 100 then read body", "scored": false, "durationMs": 50.5004, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nExpect: 100-continue\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 7\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"hello\"", "behavioralNote": null}, {"id": "SMUG-TRAILER-CL", "description": "Content-Length in chunked trailers must be ignored \u2014 prohibited trailer field", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length in chunked trailers must be ignored \u2014 prohibited trailer field", "scored": false, "durationMs": 50.6207, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nContent-Length: 50\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 7\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"hello\"", "behavioralNote": null}, {"id": "SMUG-TRAILER-TE", "description": "Transfer-Encoding in chunked trailers must be ignored \u2014 prohibited trailer field", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer-Encoding in chunked trailers must be ignored \u2014 prohibited trailer field", "scored": false, "durationMs": 50.4815, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nTransfer-Encoding: chunked\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 7\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"hello\"", "behavioralNote": null}, {"id": "SMUG-TRAILER-HOST", "description": "Host header in chunked trailers must not be used for routing", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Host header in chunked trailers must not be used for routing", "scored": false, "durationMs": 50.6271, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nHost: evil.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 7\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"hello\"", "behavioralNote": null}, {"id": "SMUG-TRAILER-AUTH", "description": "Authorization header in chunked trailers \u2014 prohibited per RFC 9110 \u00a76.5.1", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Authorization header in chunked trailers \u2014 prohibited per RFC 9110 \u00a76.5.1", "scored": false, "durationMs": 50.5334, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nAuthorization: Bearer evil\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 7\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"hello\"", "behavioralNote": null}, {"id": "SMUG-HEAD-CL-BODY", "description": "HEAD request with Content-Length and body \u2014 server must not leave body on connection", "category": "Smuggling", "rfc": "RFC 9110 \u00a79.3.2", "verdict": "Fail", "statusCode": 404, "expected": "400 or 2xx", "got": "404", "connectionState": "Open", "reason": "Expected 400 or 2xx, got 404 \u2014 HEAD request with Content-Length and body \u2014 server must not leave body on connection", "scored": false, "durationMs": 51.5928, "rawRequest": "HEAD / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 404 Not Found\r\nContent-Length: 9\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: keep-alive\r\n\r\nNot Found", "behavioralNote": null}, {"id": "SMUG-OPTIONS-CL-BODY", "description": "OPTIONS with Content-Length and body \u2014 server should consume or reject body", "category": "Smuggling", "rfc": "RFC 9110 \u00a79.3.7", "verdict": "Fail", "statusCode": 404, "expected": "400 or 2xx", "got": "404", "connectionState": "Open", "reason": "Expected 400 or 2xx, got 404 \u2014 OPTIONS with Content-Length and body \u2014 server should consume or reject body", "scored": false, "durationMs": 51.4409, "rawRequest": "OPTIONS / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 404 Not Found\r\nContent-Length: 9\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: keep-alive\r\n\r\nNot Found", "behavioralNote": null}, {"id": "SMUG-CL-UNDERSCORE", "description": "Content-Length with underscore digit separator (1_0) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with underscore digit separator (1_0) must be rejected", "scored": true, "durationMs": 50.4351, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 1_0\r\n\r\nhelloworld", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "SMUG-CL-NEGATIVE-ZERO", "description": "Content-Length: -0 must be rejected \u2014 not valid 1*DIGIT", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length: -0 must be rejected \u2014 not valid 1*DIGIT", "scored": true, "durationMs": 50.614, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: -0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "SMUG-CL-DOUBLE-ZERO", "description": "Content-Length: 00 \u2014 matches 1*DIGIT but leading zero ambiguity", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length: 00 \u2014 matches 1*DIGIT but leading zero ambiguity", "scored": true, "durationMs": 51.077, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 00\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 2\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"\"", "behavioralNote": null}, {"id": "SMUG-CL-LEADING-ZEROS-OCTAL", "description": "Content-Length: 0200 \u2014 octal 128 vs decimal 200, parser disagreement vector", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length: 0200 \u2014 octal 128 vs decimal 200, parser disagreement vector", "scored": true, "durationMs": 51.3181, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0200\r\n\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 202\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\"", "behavioralNote": null}, {"id": "SMUG-TE-OBS-FOLD", "description": "Transfer-Encoding with obs-fold line wrapping must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a75.1", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with obs-fold line wrapping must be rejected", "scored": true, "durationMs": 50.412, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding:\r\n chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "SMUG-TE-TRAILING-COMMA", "description": "Transfer-Encoding: chunked, \u2014 trailing comma produces empty list element", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.6.1", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Transfer-Encoding: chunked, \u2014 trailing comma produces empty list element", "scored": true, "durationMs": 5000.7837, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked,\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-TAB-BEFORE-VALUE", "description": "Transfer-Encoding with tab as OWS before value", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Transfer-Encoding with tab as OWS before value", "scored": false, "durationMs": 5000.7768, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding:\tchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-ABSOLUTE-URI-HOST-MISMATCH", "description": "Absolute-form URI with different Host header \u2014 routing confusion vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a73.2.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Absolute-form URI with different Host header \u2014 routing confusion vector", "scored": false, "durationMs": 50.7373, "rawRequest": "GET http://other.example.com/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "SMUG-MULTIPLE-HOST-COMMA", "description": "Host header with comma-separated values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a77.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Host header with comma-separated values must be rejected", "scored": true, "durationMs": 50.5219, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080, other.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 4\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"OK\"", "behavioralNote": null}, {"id": "SMUG-CHUNK-BARE-CR-TERM", "description": "Chunk size line terminated by bare CR \u2014 not a valid line terminator", "category": "Smuggling", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size line terminated by bare CR \u2014 not a valid line terminator", "scored": true, "durationMs": 50.6452, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\rhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "SMUG-TRAILER-CONTENT-TYPE", "description": "Content-Type in chunked trailer \u2014 prohibited per RFC 9110 \u00a76.5.1", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Type in chunked trailer \u2014 prohibited per RFC 9110 \u00a76.5.1", "scored": false, "durationMs": 50.6824, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nContent-Type: text/evil\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 7\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"hello\"", "behavioralNote": null}, {"id": "MAL-BINARY-GARBAGE", "description": "Random binary garbage should be rejected or connection closed", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "Random binary garbage should be rejected or connection closed", "scored": true, "durationMs": 50.6282, "rawRequest": ">\u0017???\u0004?;???V???:o?M%U\u0017]?n?\t\u0014W??6??(\u000b??\u0007???p??\u0005\tngk??\rF?'??'\"?????g?\u001a?????rvc??7i??????)??\u0000Q?????\u000eq\u0005-~????>B??u?8???`\u000b?J\u0017>?\u001d?b?\t???T5{\n????\u0006t|????\u0018\u0010?D??\u0015'????dQ%5w\tN K???\r?\u0011????D?\u0003I?(?\u0011??\r?\u001bi?L???\u0005?kg4Ze\f6??\"QT><<`\u0007u\f????=1?jMah\u0012??+?-??J\u001cP??\u001d?7?,???j2\u0014????(", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "MAL-LONG-URL", "description": "100KB URL should be rejected with 414 URI Too Long", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 413, "expected": "400/414/431 or close", "got": "413", "connectionState": "ClosedByServer", "reason": "Expected 400/414/431 or close, got 413 \u2014 100KB URL should be rejected with 414 URI Too Long", "scored": true, "durationMs": 51.3174, "rawRequest": "GET /AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 413 Payload Too Large\r\nContent-Length: 17\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nPayload Too Large", "behavioralNote": null}, {"id": "MAL-LONG-HEADER-VALUE", "description": "100KB header value should be rejected with 431", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 413, "expected": "400/431 or close", "got": "413", "connectionState": "ClosedByServer", "reason": "Expected 400/431 or close, got 413 \u2014 100KB header value should be rejected with 431", "scored": true, "durationMs": 50.9704, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Big: BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB", "rawResponse": "HTTP/1.1 413 Payload Too Large\r\nContent-Length: 17\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nPayload Too Large", "behavioralNote": null}, {"id": "MAL-MANY-HEADERS", "description": "10,000 headers should be rejected with 431", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 413, "expected": "400/431 or close", "got": "413", "connectionState": "ClosedByServer", "reason": "Expected 400/431 or close, got 413 \u2014 10,000 headers should be rejected with 431", "scored": true, "durationMs": 51.5718, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-H-0: value\r\nX-H-1: value\r\nX-H-2: value\r\nX-H-3: value\r\nX-H-4: value\r\nX-H-5: value\r\nX-H-6: value\r\nX-H-7: value\r\nX-H-8: value\r\nX-H-9: value\r\nX-H-10: value\r\nX-H-11: value\r\nX-H-12: value\r\nX-H-13: value\r\nX-H-14: value\r\nX-H-15: value\r\nX-H-16: value\r\nX-H-17: value\r\nX-H-18: value\r\nX-H-19: value\r\nX-H-20: value\r\nX-H-21: value\r\nX-H-22: value\r\nX-H-23: value\r\nX-H-24: value\r\nX-H-25: value\r\nX-H-26: value\r\nX-H-27: value\r\nX-H-28: value\r\nX-H-29: value\r\nX-H-30: value\r\nX-H-31: value\r\nX-H-32: value\r\nX-H-33: value\r\nX-H-34: value\r\nX-H-35: value\r\nX-H-36: value\r\nX-H-37: value\r\nX-H-38: value\r\nX-H-39: value\r\nX-H-40: value\r\nX-H-41: value\r\nX-H-42: value\r\nX-H-43: value\r\nX-H-44: value\r\nX-H-45: value\r\nX-H-46: value\r\nX-H-47: value\r\nX-H-48: value\r\nX-H-49: value\r\nX-H-50: value\r\nX-H-51: value\r\nX-H-52: value\r\nX-H-53: value\r\nX-H-54: value\r\nX-H-55: value\r\nX-H-56: value\r\nX-H-57: value\r\nX-H-58: value\r\nX-H-59: value\r\nX-H-60: value\r\nX-H-61: value\r\nX-H-62: value\r\nX-H-63: value\r\nX-H-64: value\r\nX-H-65: value\r\nX-H-66: value\r\nX-H-67: value\r\nX-H-68: value\r\nX-H-69: value\r\nX-H-70: value\r\nX-H-71: value\r\nX-H-72: value\r\nX-H-73: value\r\nX-H-74: value\r\nX-H-75: value\r\nX-H-76: value\r\nX-H-77: value\r\nX-H-78: value\r\nX-H-79: value\r\nX-H-80: value\r\nX-H-81: value\r\nX-H-82: value\r\nX-H-83: value\r\nX-H-84: value\r\nX-H-85: value\r\nX-H-86: value\r\nX-H-87: value\r\nX-H-88: value\r\nX-H-89: value\r\nX-H-90: value\r\nX-H-91: value\r\nX-H-92: value\r\nX-H-93: value\r\nX-H-94: value\r\nX-H-95: value\r\nX-H-96: value\r\nX-H-97: value\r\nX-H-98: value\r\nX-H-99: value\r\nX-H-100: value\r\nX-H-101: value\r\nX-H-102: value\r\nX-H-103: value\r\nX-H-104: value\r\nX-H-105: value\r\nX-H-106: value\r\nX-H-107: value\r\nX-H-108: value\r\nX-H-109: value\r\nX-H-110: value\r\nX-H-111: value\r\nX-H-112: value\r\nX-H-113: value\r\nX-H-114: value\r\nX-H-115: value\r\nX-H-116: value\r\nX-H-117: value\r\nX-H-118: value\r\nX-H-119: value\r\nX-H-120: value\r\nX-H-121: value\r\nX-H-122: value\r\nX-H-123: value\r\nX-H-124: value\r\nX-H-125: value\r\nX-H-126: value\r\nX-H-127: value\r\nX-H-128: value\r\nX-H-129: value\r\nX-H-130: value\r\nX-H-131: value\r\nX-H-132: value\r\nX-H-133: value\r\nX-H-134: value\r\nX-H-135: value\r\nX-H-136: value\r\nX-H-137: value\r\nX-H-138: value\r\nX-H-139: value\r\nX-H-140: value\r\nX-H-141: value\r\nX-H-142: value\r\nX-H-143: value\r\nX-H-144: value\r\nX-H-145: value\r\nX-H-146: value\r\nX-H-147: value\r\nX-H-148: value\r\nX-H-149: value\r\nX-H-150: value\r\nX-H-151: value\r\nX-H-152: value\r\nX-H-153: value\r\nX-H-154: value\r\nX-H-155: value\r\nX-H-156: value\r\nX-H-157: value\r\nX-H-158: value\r\nX-H-159: value\r\nX-H-160: value\r\nX-H-161: value\r\nX-H-162: value\r\nX-H-163: value\r\nX-H-164: value\r\nX-H-165: value\r\nX-H-166: value\r\nX-H-167: value\r\nX-H-168: value\r\nX-H-169: value\r\nX-H-170: value\r\nX-H-171: value\r\nX-H-172: value\r\nX-H-173: value\r\nX-H-174: value\r\nX-H-175: value\r\nX-H-176: value\r\nX-H-177: value\r\nX-H-178: value\r\nX-H-179: value\r\nX-H-180: value\r\nX-H-181: value\r\nX-H-182: value\r\nX-H-183: value\r\nX-H-184: value\r\nX-H-185: value\r\nX-H-186: value\r\nX-H-187: value\r\nX-H-188: value\r\nX-H-189: value\r\nX-H-190: value\r\nX-H-191: value\r\nX-H-192: value\r\nX-H-193: value\r\nX-H-194: value\r\nX-H-195: value\r\nX-H-196: value\r\nX-H-197: value\r\nX-H-198: value\r\nX-H-199: value\r\nX-H-200: value\r\nX-H-201: value\r\nX-H-202: value\r\nX-H-203: value\r\nX-H-204: value\r\nX-H-205: value\r\nX-H-206: value\r\nX-H-207: value\r\nX-H-208: value\r\nX-H-209: value\r\nX-H-210: value\r\nX-H-211: value\r\nX-H-212: value\r\nX-H-213: value\r\nX-H-214: value\r\nX-H-215: value\r\nX-H-216: value\r\nX-H-217: value\r\nX-H-218: value\r\nX-H-219: value\r\nX-H-220: value\r\nX-H-221: value\r\nX-H-222: value\r\nX-H-223: value\r\nX-H-224: value\r\nX-H-225: value\r\nX-H-226: value\r\nX-H-227: value\r\nX-H-228: value\r\nX-H-229: value\r\nX-H-230: value\r\nX-H-231: value\r\nX-H-232: value\r\nX-H-233: value\r\nX-H-234: value\r\nX-H-235: value\r\nX-H-236: value\r\nX-H-237: value\r\nX-H-238: value\r\nX-H-239: value\r\nX-H-240: value\r\nX-H-241: value\r\nX-H-242: value\r\nX-H-243: value\r\nX-H-244: value\r\nX-H-245: value\r\nX-H-246: value\r\nX-H-247: value\r\nX-H-248: value\r\nX-H-249: value\r\nX-H-250: value\r\nX-H-251: value\r\nX-H-252: value\r\nX-H-253: value\r\nX-H-254: value\r\nX-H-255: value\r\nX-H-256: value\r\nX-H-257: value\r\nX-H-258: value\r\nX-H-259: value\r\nX-H-260: value\r\nX-H-261: value\r\nX-H-262: value\r\nX-H-263: value\r\nX-H-264: value\r\nX-H-265: value\r\nX-H-266: value\r\nX-H-267: value\r\nX-H-268: value\r\nX-H-269: value\r\nX-H-270: value\r\nX-H-271: value\r\nX-H-272: value\r\nX-H-273: value\r\nX-H-274: value\r\nX-H-275: value\r\nX-H-276: value\r\nX-H-277: value\r\nX-H-278: value\r\nX-H-279: value\r\nX-H-280: value\r\nX-H-281: value\r\nX-H-282: value\r\nX-H-283: value\r\nX-H-284: value\r\nX-H-285: value\r\nX-H-286: value\r\nX-H-287: value\r\nX-H-288: value\r\nX-H-289: value\r\nX-H-290: value\r\nX-H-291: value\r\nX-H-292: value\r\nX-H-293: value\r\nX-H-294: value\r\nX-H-295: value\r\nX-H-296: value\r\nX-H-297: value\r\nX-H-298: value\r\nX-H-299: value\r\nX-H-300: value\r\nX-H-301: value\r\nX-H-302: value\r\nX-H-303: value\r\nX-H-304: value\r\nX-H-305: value\r\nX-H-306: value\r\nX-H-307: value\r\nX-H-308: value\r\nX-H-309: value\r\nX-H-310: value\r\nX-H-311: value\r\nX-H-312: value\r\nX-H-313: value\r\nX-H-314: value\r\nX-H-315: value\r\nX-H-316: value\r\nX-H-317: value\r\nX-H-318: value\r\nX-H-319: value\r\nX-H-320: value\r\nX-H-321: value\r\nX-H-322: value\r\nX-H-323: value\r\nX-H-324: value\r\nX-H-325: value\r\nX-H-326: value\r\nX-H-327: value\r\nX-H-328: value\r\nX-H-329: value\r\nX-H-330: value\r\nX-H-331: value\r\nX-H-332: value\r\nX-H-333: value\r\nX-H-334: value\r\nX-H-335: value\r\nX-H-336: value\r\nX-H-337: value\r\nX-H-338: value\r\nX-H-339: value\r\nX-H-340: value\r\nX-H-341: value\r\nX-H-342: value\r\nX-H-343: value\r\nX-H-344: value\r\nX-H-345: value\r\nX-H-346: value\r\nX-H-347: value\r\nX-H-348: value\r\nX-H-349: value\r\nX-H-350: value\r\nX-H-351: value\r\nX-H-352: value\r\nX-H-353: value\r\nX-H-354: value\r\nX-H-355: value\r\nX-H-356: value\r\nX-H-357: value\r\nX-H-358: value\r\nX-H-359: value\r\nX-H-360: value\r\nX-H-361: value\r\nX-H-362: value\r\nX-H-363: value\r\nX-H-364: value\r\nX-H-365: value\r\nX-H-366: value\r\nX-H-367: value\r\nX-H-368: value\r\nX-H-369: value\r\nX-H-370: value\r\nX-H-371: value\r\nX-H-372: value\r\nX-H-373: value\r\nX-H-374: value\r\nX-H-375: value\r\nX-H-376: value\r\nX-H-377: value\r\nX-H-378: value\r\nX-H-379: value\r\nX-H-380: value\r\nX-H-381: value\r\nX-H-382: value\r\nX-H-383: value\r\nX-H-384: value\r\nX-H-385: value\r\nX-H-386: value\r\nX-H-387: value\r\nX-H-388: value\r\nX-H-389: value\r\nX-H-390: value\r\nX-H-391: value\r\nX-H-392: value\r\nX-H-393: value\r\nX-H-394: value\r\nX-H-395: value\r\nX-H-396: value\r\nX-H-397: value\r\nX-H-398: value\r\nX-H-399: value\r\nX-H-400: value\r\nX-H-401: value\r\nX-H-402: value\r\nX-H-403: value\r\nX-H-404: value\r\nX-H-405: value\r\nX-H-406: value\r\nX-H-407: value\r\nX-H-408: value\r\nX-H-409: value\r\nX-H-410: value\r\nX-H-411: value\r\nX-H-412: value\r\nX-H-413: value\r\nX-H-414: value\r\nX-H-415: value\r\nX-H-416: value\r\nX-H-417: value\r\nX-H-418: value\r\nX-H-419: value\r\nX-H-420: value\r\nX-H-421: value\r\nX-H-422: value\r\nX-H-423: value\r\nX-H-424: value\r\nX-H-425: value\r\nX-H-426: value\r\nX-H-427: value\r\nX-H-428: value\r\nX-H-429: value\r\nX-H-430: value\r\nX-H-431: value\r\nX-H-432: value\r\nX-H-433: value\r\nX-H-434: value\r\nX-H-435: value\r\nX-H-436: value\r\nX-H-437: value\r\nX-H-438: value\r\nX-H-439: value\r\nX-H-440: value\r\nX-H-441: value\r\nX-H-442: value\r\nX-H-443: value\r\nX-H-444: value\r\nX-H-445: value\r\nX-H-446: value\r\nX-H-447: value\r\nX-H-448: value\r\nX-H-449: value\r\nX-H-450: value\r\nX-H-451: value\r\nX-H-452: value\r\nX-H-453: value\r\nX-H-454: value\r\nX-H-455: value\r\nX-H-456: value\r\nX-H-457: value\r\nX-H-458: value\r\nX-H-459: value\r\nX-H-460: value\r\nX-H-461: value\r\nX-H-462: value\r\nX-H-463: value\r\nX-H-464: value\r\nX-H-465: value\r\nX-H-466: value\r\nX-H-467: value\r\nX-H-468: value\r\nX-H-469: value\r\nX-H-470: value\r\nX-H-471: value\r\nX-H-472: value\r\nX-H-473: value\r\nX-H-474: value\r\nX-H-475: value\r\nX-H-476: value\r\nX-H-477: value\r\nX-H-478: value\r\nX-H-479: value\r\nX-H-480: value\r\nX-H-481: value\r\nX-H-482: value\r\nX-H-483: value\r\nX-H-484: value\r\nX-H-485: value\r\nX-H-486: value\r\nX-H-487: value\r\nX-H-488: value\r\nX-H-489: value\r\nX-H-490: value\r\nX-H-491: value\r\nX-H-492: value\r\nX-H-493: value\r\nX-H-494: value\r\nX-H-495: value\r\nX-H-496: value\r\nX-H-497: value\r\nX-H-498: value\r\nX-H-499: value\r\nX-H-500: value\r\nX-H-501: value\r\nX-H-502: value\r\nX-H-503: value\r\nX-H-504: value\r\nX-H-505: value\r\nX-H-506: value\r\nX-H-507: value\r\nX-H-508: value\r\nX-H-509: value\r\nX-H-510: value\r\nX-H-511: value\r\nX-H-512: value\r\nX-H-513: value\r\nX-H-514: value\r\nX-H-515: value\r\nX-H-516:", "rawResponse": "HTTP/1.1 413 Payload Too Large\r\nContent-Length: 17\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nPayload Too Large", "behavioralNote": null}, {"id": "MAL-NUL-IN-URL", "description": "NUL byte in URL should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 404, "expected": "400 or close", "got": "404", "connectionState": "Open", "reason": "Expected 400 or close, got 404 \u2014 NUL byte in URL should be rejected", "scored": true, "durationMs": 51.5093, "rawRequest": "GET /\u0000test HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nContent-Length: 9\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: keep-alive\r\n\r\nNot Found", "behavioralNote": null}, {"id": "MAL-CONTROL-CHARS-HEADER", "description": "Control characters in header value should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Control characters in header value should be rejected", "scored": true, "durationMs": 50.3983, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: abc\u0007\b?f\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 4\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"OK\"", "behavioralNote": null}, {"id": "MAL-INCOMPLETE-REQUEST", "description": "Partial HTTP request \u2014 request-line and headers but no final CRLF", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Partial HTTP request \u2014 request-line and headers but no final CRLF", "scored": true, "durationMs": 5000.5762, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: value", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-EMPTY-REQUEST", "description": "Zero bytes \u2014 TCP connection established without sending any data", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Zero bytes \u2014 TCP connection established without sending any data", "scored": true, "durationMs": 5000.4175, "rawRequest": "", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-LONG-HEADER-NAME", "description": "100KB header name should be rejected with 400/431", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 413, "expected": "400/431 or close", "got": "413", "connectionState": "ClosedByServer", "reason": "Expected 400/431 or close, got 413 \u2014 100KB header name should be rejected with 400/431", "scored": true, "durationMs": 51.1875, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 413 Payload Too Large\r\nContent-Length: 17\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nPayload Too Large", "behavioralNote": null}, {"id": "MAL-LONG-METHOD", "description": "100KB method name should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 413, "expected": "400 or close", "got": "413", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 413 \u2014 100KB method name should be rejected", "scored": true, "durationMs": 51.8841, "rawRequest": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 413 Payload Too Large\r\nContent-Length: 17\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nPayload Too Large", "behavioralNote": null}, {"id": "MAL-NON-ASCII-HEADER-NAME", "description": "Non-ASCII bytes (UTF-8 \u00eb) in header name must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Non-ASCII bytes (UTF-8 \u00eb) in header name must be rejected", "scored": true, "durationMs": 50.6163, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-T??st: value\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "MAL-NON-ASCII-URL", "description": "Non-ASCII bytes (UTF-8 \u00e9) in URL must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 404, "expected": "400 or close", "got": "404", "connectionState": "Open", "reason": "Expected 400 or close, got 404 \u2014 Non-ASCII bytes (UTF-8 \u00e9) in URL must be rejected", "scored": true, "durationMs": 52.1939, "rawRequest": "GET /caf?? HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nContent-Length: 9\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: keep-alive\r\n\r\nNot Found", "behavioralNote": null}, {"id": "MAL-CL-OVERFLOW", "description": "Content-Length with integer overflow value must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with integer overflow value must be rejected", "scored": true, "durationMs": 50.4251, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 99999999999999999999\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "MAL-WHITESPACE-ONLY-LINE", "description": "Whitespace-only request line should be rejected or timeout", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "Whitespace-only request line should be rejected or timeout", "scored": true, "durationMs": 50.6313, "rawRequest": "   \r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "MAL-NUL-IN-HEADER-VALUE", "description": "NUL byte in header value should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 NUL byte in header value should be rejected", "scored": true, "durationMs": 50.3623, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: val\u0000ue\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 4\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"OK\"", "behavioralNote": null}, {"id": "MAL-CHUNK-SIZE-OVERFLOW", "description": "Chunk size with integer overflow must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 500, "expected": "400 or close", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 500 \u2014 Chunk size with integer overflow must be rejected", "scored": true, "durationMs": 51.228, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\nFFFFFFFFFFFFFFFF0\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 500 Internal Server Error\r\nContent-Length: 21\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInternal Server Error", "behavioralNote": null}, {"id": "MAL-H2-PREFACE", "description": "HTTP/2 connection preface sent to HTTP/1.1 server must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/505/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/2 connection preface sent to HTTP/1.1 server must be rejected", "scored": true, "durationMs": 50.5707, "rawRequest": "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "MAL-CL-EMPTY", "description": "Empty Content-Length value must be rejected", "category": "MalformedInput", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Empty Content-Length value must be rejected", "scored": true, "durationMs": 50.4358, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: \r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "MAL-CL-TAB-BEFORE-VALUE", "description": "Content-Length with tab as OWS \u2014 valid per RFC but unusual", "category": "MalformedInput", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with tab as OWS \u2014 valid per RFC but unusual", "scored": true, "durationMs": 50.4959, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length:\t5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 7\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"hello\"", "behavioralNote": null}, {"id": "MAL-URL-BACKSLASH", "description": "Backslash in URL path \u2014 not valid URI character, some servers normalize to /", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 404, "expected": "400 or 2xx/404", "got": "404", "connectionState": "Open", "reason": "Backslash in URL path \u2014 not valid URI character, some servers normalize to /", "scored": true, "durationMs": 51.4402, "rawRequest": "GET /path\\file HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nContent-Length: 9\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: keep-alive\r\n\r\nNot Found", "behavioralNote": null}, {"id": "MAL-URL-OVERLONG-UTF8", "description": "Overlong UTF-8 encoding of / (0xC0 0xAF) in URL must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 404, "expected": "400 or close", "got": "404", "connectionState": "Open", "reason": "Expected 400 or close, got 404 \u2014 Overlong UTF-8 encoding of / (0xC0 0xAF) in URL must be rejected", "scored": true, "durationMs": 51.3093, "rawRequest": "GET /?? HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nContent-Length: 9\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: keep-alive\r\n\r\nNot Found", "behavioralNote": null}, {"id": "MAL-URL-PERCENT-NULL", "description": "Percent-encoded NUL byte (%00) in URL \u2014 security risk from null byte injection", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 404, "expected": "400 or 2xx/404", "got": "404", "connectionState": "Open", "reason": "Percent-encoded NUL byte (%00) in URL \u2014 security risk from null byte injection", "scored": true, "durationMs": 51.4646, "rawRequest": "GET /path%00.html HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nContent-Length: 9\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: keep-alive\r\n\r\nNot Found", "behavioralNote": null}, {"id": "MAL-URL-PERCENT-CRLF", "description": "Percent-encoded CRLF (%0d%0a) in URL \u2014 header injection if server decodes during parsing", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 404, "expected": "400 or 2xx/404", "got": "404", "connectionState": "Open", "reason": "Percent-encoded CRLF (%0d%0a) in URL \u2014 header injection if server decodes during parsing", "scored": true, "durationMs": 51.418, "rawRequest": "GET /path%0d%0aX-Injected:%20true HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nContent-Length: 9\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: keep-alive\r\n\r\nNot Found", "behavioralNote": null}, {"id": "MAL-CHUNK-EXT-64K", "description": "64KB chunk extension \u2014 tests extension length limits (CVE-2023-39326 class)", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 64KB chunk extension \u2014 tests extension length limits (CVE-2023-39326 class)", "scored": true, "durationMs": 5001.5014, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;ext=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-RANGE-OVERLAPPING", "description": "1000 overlapping Range values \u2014 resource exhaustion vector (CVE-2011-3192 class)", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "200/206/400/416", "got": "200", "connectionState": "Open", "reason": "1000 overlapping Range values \u2014 resource exhaustion vector (CVE-2011-3192 class)", "scored": false, "durationMs": 51.2636, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nRange: bytes=0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 4\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"OK\"", "behavioralNote": null}, {"id": "MAL-POST-CL-HUGE-NO-BODY", "description": "POST with Content-Length: 999999999 but no body \u2014 tests timeout vs memory allocation", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 413, "expected": "400/close/timeout", "got": "413", "connectionState": "ClosedByServer", "reason": "POST with Content-Length: 999999999 but no body \u2014 tests timeout vs memory allocation", "scored": true, "durationMs": 50.4371, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 999999999\r\n\r\n", "rawResponse": "HTTP/1.1 413 Payload Too Large\r\nContent-Length: 17\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nPayload Too Large", "behavioralNote": null}], "name": "SimpleW", "language": "C#"}, {"summary": {"total": 143, "scored": 125, "passed": 47, "failed": 59, "warnings": 19, "unscored": 18}, "results": [{"id": "COMP-BASELINE", "description": "Valid GET request \u2014 confirms server is reachable", "category": "Compliance", "rfc": null, "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid GET request \u2014 confirms server is reachable", "scored": true, "durationMs": 66.2604, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:46 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 2\r\nETag: \"1979081074\"\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-2.2-BARE-LF-REQUEST-LINE", "description": "Bare LF in request line should be rejected, but MAY be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close (pass), 2xx (warn)", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare LF in request line should be rejected, but MAY be accepted", "scored": true, "durationMs": 51.7703, "rawRequest": "GET / HTTP/1.1\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:46 GMT\r\nConnection: Close\r\nContent-Length: 54\r\n\r\nHTTP protocol version expected (got: 'HTTP/1.1\nHost:')", "behavioralNote": null}, {"id": "RFC9112-2.2-BARE-LF-HEADER", "description": "Bare LF in header should be rejected, but MAY be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or close (pass), 2xx (warn)", "got": "200", "connectionState": "Open", "reason": "Bare LF in header should be rejected, but MAY be accepted", "scored": true, "durationMs": 50.5597, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\nX-Test: value\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:46 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 2\r\nETag: \"1979081074\"\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-5.1-OBS-FOLD", "description": "Obs-fold (line folding) in headers should be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75.1", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400, got 200 \u2014 Obs-fold (line folding) in headers should be rejected", "scored": true, "durationMs": 51.7091, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: value\r\n continued\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:46 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 2\r\nETag: \"1979081074\"\r\n\r\nOKHTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:46 GMT\r\nConnection: Close\r\nContent-Length: 41\r\n\r\nUnexpected token while parsing path: None", "behavioralNote": null}, {"id": "RFC9110-5.6.2-SP-BEFORE-COLON", "description": "Whitespace between header name and colon must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "Open", "reason": "Expected 400, got 200 \u2014 Whitespace between header name and colon must be rejected", "scored": true, "durationMs": 50.6933, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test : value\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:46 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 2\r\nETag: \"1979081074\"\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-3-MULTI-SP-REQUEST-LINE", "description": "Multiple spaces between request-line components \u2014 SHOULD reject but MAY parse leniently", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Multiple spaces between request-line components \u2014 SHOULD reject but MAY parse leniently", "scored": true, "durationMs": 51.0538, "rawRequest": "GET  / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:46 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 2\r\nETag: \"1979081074\"\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-7.1-MISSING-HOST", "description": "Request without Host header must be rejected with 400", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Request without Host header must be rejected with 400", "scored": true, "durationMs": 50.5462, "rawRequest": "GET / HTTP/1.1\r\n\r\n", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:46 GMT\r\nConnection: Close\r\nContent-Length: 51\r\n\r\nMandatory 'Host' header is missing from the request", "behavioralNote": null}, {"id": "RFC9112-2.3-INVALID-VERSION", "description": "Invalid HTTP version must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400/505 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Invalid HTTP version must be rejected", "scored": true, "durationMs": 50.6558, "rawRequest": "GET / HTTP/9.9\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:46 GMT\r\nConnection: Close\r\nContent-Length: 33\r\n\r\nUnexpected protocol version '9.9'", "behavioralNote": null}, {"id": "RFC9112-5-EMPTY-HEADER-NAME", "description": "Empty header name (leading colon) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Empty header name (leading colon) must be rejected", "scored": true, "durationMs": 50.7642, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\n: empty-name\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:46 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 2\r\nETag: \"1979081074\"\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-3-CR-ONLY-LINE-ENDING", "description": "CR without LF as line ending must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "CR without LF as line ending must be rejected", "scored": true, "durationMs": 50.4536, "rawRequest": "GET / HTTP/1.1\rHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:46 GMT\r\nConnection: Close\r\nContent-Length: 51\r\n\r\nMandatory 'Host' header is missing from the request", "behavioralNote": null}, {"id": "RFC9112-3-MISSING-TARGET", "description": "Request line with no target (space but no path) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Request line with no target (space but no path) must be rejected", "scored": true, "durationMs": 50.5232, "rawRequest": "GET HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:46 GMT\r\nConnection: Close\r\nContent-Length: 41\r\n\r\nUnexpected token while parsing path: None", "behavioralNote": null}, {"id": "RFC9112-3.2-FRAGMENT-IN-TARGET", "description": "Fragment (#) in request-target \u2014 not part of origin-form grammar", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 404, "expected": "400 or 2xx", "got": "404", "connectionState": "Open", "reason": "Expected 400 or 2xx, got 404 \u2014 Fragment (#) in request-target \u2014 not part of origin-form grammar", "scored": true, "durationMs": 60.7928, "rawRequest": "GET /path#frag HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:46 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nETag: \"18446744071584333603\"\r\n\r\n4F\r\n{\"status\":404,\"message\":\"The requested resource does not exist on this server\"}\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-2.3-HTTP09-REQUEST", "description": "HTTP/0.9 request (no version) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/0.9 request (no version) must be rejected", "scored": true, "durationMs": 50.5491, "rawRequest": "GET /\r\n", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:47 GMT\r\nConnection: Close\r\nContent-Length: 41\r\n\r\nUnexpected token while parsing path: None", "behavioralNote": null}, {"id": "RFC9112-5-INVALID-HEADER-NAME", "description": "Header name with invalid characters (brackets) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Header name with invalid characters (brackets) must be rejected", "scored": true, "durationMs": 50.5167, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nBad[Name: value\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:47 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 2\r\nETag: \"1979081074\"\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-5-HEADER-NO-COLON", "description": "Header line without colon must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Header line without colon must be rejected", "scored": true, "durationMs": 50.5865, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nNoColonHere\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:47 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 2\r\nETag: \"1979081074\"\r\n\r\nOKHTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:47 GMT\r\nConnection: Close\r\nContent-Length: 41\r\n\r\nUnexpected token while parsing path: None", "behavioralNote": null}, {"id": "RFC9110-5.4-DUPLICATE-HOST", "description": "Duplicate Host headers with different values must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "Open", "reason": "Expected 400, got 200 \u2014 Duplicate Host headers with different values must be rejected", "scored": true, "durationMs": 50.5164, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nHost: other.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:47 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 2\r\nETag: \"1979081074\"\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-6.1-CL-NON-NUMERIC", "description": "Non-numeric Content-Length must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Non-numeric Content-Length must be rejected", "scored": true, "durationMs": 50.4892, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: abc\r\n\r\n", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:47 GMT\r\nConnection: Close\r\nContent-Length: 55\r\n\r\nContent-Length header is expected to be a numeric value", "behavioralNote": null}, {"id": "RFC9112-6.1-CL-PLUS-SIGN", "description": "Content-Length with plus sign must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Content-Length with plus sign must be rejected", "scored": true, "durationMs": 51.6871, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: +5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:47 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-WHITESPACE-BEFORE-HEADERS", "description": "Whitespace before first header line must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Whitespace before first header line must be rejected", "scored": true, "durationMs": 50.6326, "rawRequest": "GET / HTTP/1.1\r\n \r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:47 GMT\r\nConnection: Close\r\nContent-Length: 51\r\n\r\nMandatory 'Host' header is missing from the request", "behavioralNote": null}, {"id": "COMP-DUPLICATE-HOST-SAME", "description": "Duplicate Host headers with identical values must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "Open", "reason": "Expected 400, got 200 \u2014 Duplicate Host headers with identical values must be rejected", "scored": true, "durationMs": 50.6653, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:47 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 2\r\nETag: \"1979081074\"\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HOST-WITH-USERINFO", "description": "Host header with userinfo (user@host) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Host header with userinfo (user@host) must be rejected", "scored": true, "durationMs": 50.4756, "rawRequest": "GET / HTTP/1.1\r\nHost: user@localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:47 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 2\r\nETag: \"1979081074\"\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HOST-WITH-PATH", "description": "Host header with path component must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Host header with path component must be rejected", "scored": true, "durationMs": 50.4789, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080/path\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:47 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 2\r\nETag: \"1979081074\"\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-ASTERISK-WITH-GET", "description": "Asterisk-form (*) request-target with GET must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.4", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Asterisk-form (*) request-target with GET must be rejected", "scored": true, "durationMs": 50.3781, "rawRequest": "GET * HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:47 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 2\r\nETag: \"1979081074\"\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-OPTIONS-STAR", "description": "OPTIONS * is the only valid asterisk-form request", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.4", "verdict": "Fail", "statusCode": 405, "expected": "2xx", "got": "405", "connectionState": "Open", "reason": "Expected 2xx, got 405 \u2014 OPTIONS * is the only valid asterisk-form request", "scored": true, "durationMs": 51.0982, "rawRequest": "OPTIONS * HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 405 Method Not Allowed\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:47 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\n\r\n48\r\n{\"status\":405,\"message\":\"There is no method of a matching request type\"}\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-UNKNOWN-TE-501", "description": "Unknown Transfer-Encoding without CL should be rejected with 501", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400/501 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400/501 or close, got 200 \u2014 Unknown Transfer-Encoding without CL should be rejected with 501", "scored": true, "durationMs": 50.7198, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: gzip\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:47 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-LEADING-CRLF", "description": "Leading CRLF before request-line \u2014 server may ignore per RFC", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Leading CRLF before request-line \u2014 server may ignore per RFC", "scored": true, "durationMs": 50.6956, "rawRequest": "\r\n\r\nGET / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:47 GMT\r\nConnection: Close\r\nContent-Length: 41\r\n\r\nUnexpected token while parsing path: None", "behavioralNote": null}, {"id": "COMP-ABSOLUTE-FORM", "description": "Absolute-form request-target \u2014 server should accept per RFC", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.2", "verdict": "Fail", "statusCode": 404, "expected": "400 or 2xx", "got": "404", "connectionState": "Open", "reason": "Expected 400 or 2xx, got 404 \u2014 Absolute-form request-target \u2014 server should accept per RFC", "scored": true, "durationMs": 50.7514, "rawRequest": "GET http://localhost:8080/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:47 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nETag: \"18446744071584333603\"\r\n\r\n4F\r\n{\"status\":404,\"message\":\"The requested resource does not exist on this server\"}\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-METHOD-CASE", "description": "Lowercase method 'get' \u2014 methods are case-sensitive per RFC", "category": "Compliance", "rfc": "RFC 9110 \u00a79.1", "verdict": "Warn", "statusCode": 200, "expected": "400/405/501 or 2xx", "got": "200", "connectionState": "Open", "reason": "Lowercase method 'get' \u2014 methods are case-sensitive per RFC", "scored": true, "durationMs": 50.6361, "rawRequest": "get / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:47 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 2\r\nETag: \"1979081074\"\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-POST-CL-BODY", "description": "POST with Content-Length and matching body must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "POST with Content-Length and matching body must be accepted", "scored": true, "durationMs": 50.4244, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:47 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-POST-CL-ZERO", "description": "POST with Content-Length: 0 and no body must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "POST with Content-Length: 0 and no body must be accepted", "scored": true, "durationMs": 50.5143, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:47 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-POST-NO-CL-NO-TE", "description": "POST with neither Content-Length nor Transfer-Encoding \u2014 implicit zero-length body", "category": "Compliance", "rfc": "RFC 9112 \u00a76.3", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "POST with neither Content-Length nor Transfer-Encoding \u2014 implicit zero-length body", "scored": true, "durationMs": 50.4565, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:47 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-POST-CL-UNDERSEND", "description": "POST with Content-Length: 10 but only 5 bytes sent \u2014 incomplete body", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "POST with Content-Length: 10 but only 5 bytes sent \u2014 incomplete body", "scored": true, "durationMs": 5000.8595, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 10\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-CHUNKED-BODY", "description": "Valid single-chunk POST must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid single-chunk POST must be accepted", "scored": true, "durationMs": 57.2396, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:53 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-CHUNKED-MULTI", "description": "Valid multi-chunk POST must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid multi-chunk POST must be accepted", "scored": true, "durationMs": 52.5418, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n6\r\n world\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:53 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 11\r\n\r\nhello world", "behavioralNote": null}, {"id": "COMP-CHUNKED-EMPTY", "description": "Zero-length chunked body (just terminator) must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "Zero-length chunked body (just terminator) must be accepted", "scored": true, "durationMs": 52.2898, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:53 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-NO-FINAL", "description": "Chunked body without zero terminator \u2014 incomplete transfer", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Chunked body without zero terminator \u2014 incomplete transfer", "scored": true, "durationMs": 5000.83, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-UPGRADE-POST", "description": "WebSocket upgrade via POST must not be accepted", "category": "Compliance", "rfc": "RFC 6455 \u00a74.1", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "ClosedByServer", "reason": "WebSocket upgrade via POST must not be accepted", "scored": true, "durationMs": 50.7663, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 13\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:58 GMT\r\nConnection: Close\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-UPGRADE-MISSING-CONN", "description": "Upgrade header without Connection: Upgrade must not trigger protocol switch", "category": "Compliance", "rfc": "RFC 9110 \u00a77.8", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "Upgrade header without Connection: Upgrade must not trigger protocol switch", "scored": true, "durationMs": 50.7136, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 13\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:58 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 2\r\nETag: \"1979081074\"\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-UPGRADE-UNKNOWN", "description": "Upgrade to unknown protocol must not return 101", "category": "Compliance", "rfc": "RFC 9110 \u00a77.8", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "ClosedByServer", "reason": "Upgrade to unknown protocol must not return 101", "scored": true, "durationMs": 50.6393, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: totally-made-up/1.0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:58 GMT\r\nConnection: Close\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 2\r\nETag: \"1979081074\"\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-METHOD-CONNECT", "description": "CONNECT to an origin server must be rejected", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.6", "verdict": "Fail", "statusCode": 404, "expected": "400/405/501 or close", "got": "404", "connectionState": "Open", "reason": "Expected 400/405/501 or close, got 404 \u2014 CONNECT to an origin server must be rejected", "scored": true, "durationMs": 50.6147, "rawRequest": "CONNECT example.com:443 HTTP/1.1\r\nHost: example.com:443\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:58 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\n\r\n4F\r\n{\"status\":404,\"message\":\"The requested resource does not exist on this server\"}\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-EXPECT-UNKNOWN", "description": "Unknown Expect value should be rejected with 417", "category": "Compliance", "rfc": "RFC 9110 \u00a710.1.1", "verdict": "Warn", "statusCode": 200, "expected": "417 or 2xx", "got": "200", "connectionState": "Open", "reason": "Unknown Expect value should be rejected with 417", "scored": true, "durationMs": 50.6065, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nExpect: 200-ok\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:58 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 2\r\nETag: \"1979081074\"\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-GET-WITH-CL-BODY", "description": "GET with Content-Length and body \u2014 semantically unusual", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "GET with Content-Length and body \u2014 semantically unusual", "scored": false, "durationMs": 50.5171, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:58 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 2\r\nETag: \"1979081074\"\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-CHUNKED-EXTENSION", "description": "Chunk extension (valid per RFC) \u2014 server should accept or may reject", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": 500, "expected": "2xx or 400", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 2xx or 400, got 500 \u2014 Chunk extension (valid per RFC) \u2014 server should accept or may reject", "scored": true, "durationMs": 51.588, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;ext=value\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.0 500 Internal Server Error\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:58 GMT\r\nConnection: Close\r\nContent-Length: 59\r\n\r\nThe input string '5;ext=value' was not in a correct format.", "behavioralNote": null}, {"id": "COMP-UPGRADE-INVALID-VER", "description": "WebSocket upgrade with unsupported version \u2014 should return 426", "category": "Compliance", "rfc": "RFC 6455 \u00a74.4", "verdict": "Warn", "statusCode": 200, "expected": "426 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "WebSocket upgrade with unsupported version \u2014 should return 426", "scored": true, "durationMs": 50.6835, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 99\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:58 GMT\r\nConnection: Close\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 2\r\nETag: \"1979081074\"\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-METHOD-TRACE", "description": "TRACE request \u2014 should be disabled in production", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.8", "verdict": "Pass", "statusCode": 405, "expected": "405/501 or 2xx", "got": "405", "connectionState": "Open", "reason": "TRACE request \u2014 should be disabled in production", "scored": false, "durationMs": 50.7191, "rawRequest": "TRACE / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 405 Method Not Allowed\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:58 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\n\r\n48\r\n{\"status\":405,\"message\":\"There is no method of a matching request type\"}\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-HOST-EMPTY-VALUE", "description": "Empty Host header value must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Empty Host header value must be rejected", "scored": true, "durationMs": 50.4585, "rawRequest": "GET / HTTP/1.1\r\nHost: \r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:58 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 2\r\nETag: \"1979081074\"\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-REQUEST-LINE-TAB", "description": "Tab as request-line delimiter \u2014 SHOULD reject but MAY parse on whitespace", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Tab as request-line delimiter \u2014 SHOULD reject but MAY parse on whitespace", "scored": true, "durationMs": 50.8047, "rawRequest": "GET\t/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:58 GMT\r\nConnection: Close\r\nContent-Length: 41\r\n\r\nUnexpected token while parsing path: None", "behavioralNote": null}, {"id": "COMP-VERSION-MISSING-MINOR", "description": "HTTP/1 with no minor version digit is invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/1 with no minor version digit is invalid", "scored": true, "durationMs": 50.5112, "rawRequest": "GET / HTTP/1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:58 GMT\r\nConnection: Close\r\nContent-Length: 46\r\n\r\nHTTP protocol version expected (got: 'HTTP/1')", "behavioralNote": null}, {"id": "COMP-VERSION-LEADING-ZEROS", "description": "HTTP/01.01 \u2014 leading zeros in version digits are invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/01.01 \u2014 leading zeros in version digits are invalid", "scored": true, "durationMs": 50.4363, "rawRequest": "GET / HTTP/01.01\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:58 GMT\r\nConnection: Close\r\nContent-Length: 50\r\n\r\nHTTP protocol version expected (got: 'HTTP/01.01')", "behavioralNote": null}, {"id": "COMP-VERSION-WHITESPACE", "description": "HTTP/ 1.1 \u2014 whitespace inside version token is invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/ 1.1 \u2014 whitespace inside version token is invalid", "scored": true, "durationMs": 50.518, "rawRequest": "GET / HTTP/ 1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:58 GMT\r\nConnection: Close\r\nContent-Length: 45\r\n\r\nHTTP protocol version expected (got: 'HTTP/')", "behavioralNote": null}, {"id": "COMP-CONNECTION-CLOSE", "description": "Server must close connection after responding to Connection: close", "category": "Compliance", "rfc": "RFC 9112 \u00a79.3", "verdict": "Pass", "statusCode": 200, "expected": "2xx + close", "got": "200", "connectionState": "ClosedByServer", "reason": "Server must close connection after responding to Connection: close", "scored": true, "durationMs": 50.7123, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:58 GMT\r\nConnection: Close\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 2\r\nETag: \"1979081074\"\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HTTP10-DEFAULT-CLOSE", "description": "HTTP/1.0 without keep-alive \u2014 server should close connection after response", "category": "Compliance", "rfc": "RFC 9112 \u00a79.3", "verdict": "Pass", "statusCode": 200, "expected": "2xx + close", "got": "200", "connectionState": "ClosedByServer", "reason": "HTTP/1.0 without keep-alive \u2014 server should close connection after response", "scored": true, "durationMs": 50.6471, "rawRequest": "GET / HTTP/1.0\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.0 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:58 GMT\r\nConnection: Close\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 2\r\nETag: \"1979081074\"\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HTTP10-NO-HOST", "description": "HTTP/1.0 without Host header \u2014 valid per HTTP/1.0", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Pass", "statusCode": 400, "expected": "200 or 400", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/1.0 without Host header \u2014 valid per HTTP/1.0", "scored": false, "durationMs": 50.482, "rawRequest": "GET / HTTP/1.0\r\n\r\n", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:58 GMT\r\nConnection: Close\r\nContent-Length: 51\r\n\r\nMandatory 'Host' header is missing from the request", "behavioralNote": null}, {"id": "COMP-HTTP12-VERSION", "description": "HTTP/1.2 \u2014 higher minor version should be accepted as HTTP/1.x compatible", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Fail", "statusCode": 400, "expected": "200 or 505", "got": "400", "connectionState": "ClosedByServer", "reason": "Expected 200 or 505, got 400 \u2014 HTTP/1.2 \u2014 higher minor version should be accepted as HTTP/1.x compatible", "scored": false, "durationMs": 49.6991, "rawRequest": "GET / HTTP/1.2\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:59 GMT\r\nConnection: Close\r\nContent-Length: 33\r\n\r\nUnexpected protocol version '1.2'", "behavioralNote": null}, {"id": "COMP-TRACE-WITH-BODY", "description": "TRACE with Content-Length body should be rejected", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.8", "verdict": "Pass", "statusCode": 405, "expected": "400/405 or 200", "got": "405", "connectionState": "Open", "reason": "TRACE with Content-Length body should be rejected", "scored": false, "durationMs": 50.5504, "rawRequest": "TRACE / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 405 Method Not Allowed\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:59 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\n\r\n48\r\n{\"status\":405,\"message\":\"There is no method of a matching request type\"}\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-TRAILER-VALID", "description": "Valid chunked body with trailer field should be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Valid chunked body with trailer field should be accepted", "scored": true, "durationMs": 50.6543, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nX-Checksum: abc\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:59 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhelloHTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:59 GMT\r\nConnection: Close\r\nContent-Length: 41\r\n\r\nUnexpected token while parsing path: None", "behavioralNote": null}, {"id": "COMP-CHUNKED-HEX-UPPERCASE", "description": "Chunk size with uppercase hex (A = 10) should be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Chunk size with uppercase hex (A = 10) should be accepted", "scored": true, "durationMs": 50.6917, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\nA\r\nhelloworld\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:59 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 10\r\n\r\nhelloworld", "behavioralNote": null}, {"id": "SMUG-CL-TE-BOTH", "description": "Both Content-Length and Transfer-Encoding present \u2014 server MAY reject or process with TE alone", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Both Content-Length and Transfer-Encoding present \u2014 server MAY reject or process with TE alone", "scored": true, "durationMs": 5000.8313, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 6\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-DUPLICATE-CL", "description": "Duplicate Content-Length with different values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Duplicate Content-Length with different values must be rejected", "scored": true, "durationMs": 50.8999, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nContent-Length: 10\r\n\r\nhelloworld", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:04 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 10\r\n\r\nhelloworld", "behavioralNote": "Used second CL (10 bytes)"}, {"id": "SMUG-CL-LEADING-ZEROS", "description": "Content-Length with leading zeros \u2014 valid per 1*DIGIT grammar but may cause parser disagreement", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with leading zeros \u2014 valid per 1*DIGIT grammar but may cause parser disagreement", "scored": true, "durationMs": 50.5409, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 005\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:04 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TE-XCHUNKED", "description": "Transfer-Encoding: xchunked must not be treated as chunked", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding: xchunked must not be treated as chunked", "scored": true, "durationMs": 50.735, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: xchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:04 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-TE-TRAILING-SPACE", "description": "Transfer-Encoding: 'chunked ' (trailing space) must not be treated as chunked", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding: 'chunked ' (trailing space) must not be treated as chunked", "scored": true, "durationMs": 50.4658, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked \r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:04 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-TE-SP-BEFORE-COLON", "description": "Transfer-Encoding with space before colon must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a75", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding with space before colon must be rejected", "scored": true, "durationMs": 50.4284, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding : chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:04 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-CL-NEGATIVE", "description": "Negative Content-Length must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Negative Content-Length must be rejected", "scored": true, "durationMs": 50.5226, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: -1\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:04 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CLTE-PIPELINE", "description": "CL.TE smuggling probe \u2014 follow-up should not receive smuggled response", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "CL.TE smuggling probe \u2014 follow-up should not receive smuggled response", "scored": true, "durationMs": 0.5688, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 4\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:04 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 4\r\n\r\n0\r\n\rHTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:04 GMT\r\nConnection: Close\r\nContent-Length: 43\r\n\r\nUnable to read HTTP verb from request line.", "behavioralNote": null}, {"id": "SMUG-TECL-PIPELINE", "description": "TE.CL smuggling probe \u2014 TE: chunked + CL: 30 with pipelined GET", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or close, got TimedOut \u2014 TE.CL smuggling probe \u2014 TE: chunked + CL: 30 with pipelined GET", "scored": true, "durationMs": 5000.5441, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nContent-Length: 30\r\n\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CL-TRAILING-SPACE", "description": "Content-Length with trailing space \u2014 OWS trimming is valid per RFC 9110 \u00a75.5", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with trailing space \u2014 OWS trimming is valid per RFC 9110 \u00a75.5", "scored": true, "durationMs": 50.571, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5 \r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:09 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TE-DOUBLE-CHUNKED", "description": "Transfer-Encoding: chunked, chunked with CL is ambiguous", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer-Encoding: chunked, chunked with CL is ambiguous", "scored": true, "durationMs": 50.5363, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked, chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:09 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-CL-EXTRA-LEADING-SP", "description": "Content-Length with extra leading whitespace (double space OWS)", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with extra leading whitespace (double space OWS)", "scored": true, "durationMs": 50.629, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length:  5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:09 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TE-CASE-MISMATCH", "description": "Transfer-Encoding: Chunked (capital C) with CL \u2014 case-insensitive is valid", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer-Encoding: Chunked (capital C) with CL \u2014 case-insensitive is valid", "scored": true, "durationMs": 50.6372, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: Chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:09 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-CL-COMMA-DIFFERENT", "description": "Content-Length with comma-separated different values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with comma-separated different values must be rejected", "scored": true, "durationMs": 50.5827, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5, 10\r\n\r\nhello", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:09 GMT\r\nConnection: Close\r\nContent-Length: 55\r\n\r\nContent-Length header is expected to be a numeric value", "behavioralNote": null}, {"id": "SMUG-TE-NOT-FINAL-CHUNKED", "description": "Transfer-Encoding where chunked is not final \u2014 server MUST respond with 400 (RFC 9112 \u00a76.3)", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.3", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding where chunked is not final \u2014 server MUST respond with 400 (RFC 9112 \u00a76.3)", "scored": true, "durationMs": 50.6892, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked, gzip\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:09 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 0\r\n\r\nHTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:09 GMT\r\nConnection: Close\r\nContent-Length: 41\r\n\r\nUnexpected token while parsing path: None", "behavioralNote": null}, {"id": "SMUG-TE-HTTP10", "description": "Transfer-Encoding in HTTP/1.0 request must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding in HTTP/1.0 request must be rejected", "scored": true, "durationMs": 50.4438, "rawRequest": "POST / HTTP/1.0\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.0 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:09 GMT\r\nConnection: Close\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-CHUNK-BARE-SEMICOLON", "description": "Chunk size with bare semicolon and no extension name must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": 500, "expected": "400 or close", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 500 \u2014 Chunk size with bare semicolon and no extension name must be rejected", "scored": true, "durationMs": 51.1015, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.0 500 Internal Server Error\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:09 GMT\r\nConnection: Close\r\nContent-Length: 50\r\n\r\nThe input string '5;' was not in a correct format.", "behavioralNote": null}, {"id": "SMUG-BARE-CR-HEADER-VALUE", "description": "Bare CR in header value must be rejected or replaced with SP", "category": "Smuggling", "rfc": "RFC 9112 \u00a72.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Bare CR in header value must be rejected or replaced with SP", "scored": true, "durationMs": 50.5681, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nX-Test: val\rue\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:09 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\ne\r\n\r\nHTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:09 GMT\r\nConnection: Close\r\nContent-Length: 43\r\n\r\nUnable to read HTTP verb from request line.", "behavioralNote": null}, {"id": "SMUG-CL-OCTAL", "description": "Content-Length with octal prefix (0o5) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with octal prefix (0o5) must be rejected", "scored": true, "durationMs": 49.484, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0o5\r\n\r\nhello", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:09 GMT\r\nConnection: Close\r\nContent-Length: 55\r\n\r\nContent-Length header is expected to be a numeric value", "behavioralNote": null}, {"id": "SMUG-CHUNK-UNDERSCORE", "description": "Chunk size with underscores (1_0) must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 500, "expected": "400 or close", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 500 \u2014 Chunk size with underscores (1_0) must be rejected", "scored": true, "durationMs": 50.5992, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n1_0\r\nhello world!!!!!\r\n0\r\n\r\n", "rawResponse": "HTTP/1.0 500 Internal Server Error\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:10 GMT\r\nConnection: Close\r\nContent-Length: 51\r\n\r\nThe input string '1_0' was not in a correct format.", "behavioralNote": null}, {"id": "SMUG-TE-EMPTY-VALUE", "description": "Transfer-Encoding with empty value must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding with empty value must be rejected", "scored": true, "durationMs": 50.5157, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:10 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-TE-LEADING-COMMA", "description": "Transfer-Encoding with leading comma (, chunked) \u2014 RFC says empty list elements MUST be ignored", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.6.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer-Encoding with leading comma (, chunked) \u2014 RFC says empty list elements MUST be ignored", "scored": true, "durationMs": 50.9025, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: , chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:10 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-TE-DUPLICATE-HEADERS", "description": "Two Transfer-Encoding headers with CL present \u2014 ambiguous framing", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Two Transfer-Encoding headers with CL present \u2014 ambiguous framing", "scored": true, "durationMs": 50.4986, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nTransfer-Encoding: identity\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:10 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-CHUNK-HEX-PREFIX", "description": "Chunk size with 0x prefix must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Chunk size with 0x prefix must be rejected", "scored": true, "durationMs": 50.8361, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n0x5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:10 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 0\r\n\r\nHTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:10 GMT\r\nConnection: Close\r\nContent-Length: 41\r\n\r\nUnexpected token while parsing path: None", "behavioralNote": null}, {"id": "SMUG-CL-HEX-PREFIX", "description": "Content-Length with hex prefix (0x5) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with hex prefix (0x5) must be rejected", "scored": true, "durationMs": 50.5151, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0x5\r\n\r\nhello", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:10 GMT\r\nConnection: Close\r\nContent-Length: 55\r\n\r\nContent-Length header is expected to be a numeric value", "behavioralNote": null}, {"id": "SMUG-CL-INTERNAL-SPACE", "description": "Content-Length with internal space (1 0) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with internal space (1 0) must be rejected", "scored": true, "durationMs": 50.533, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 1 0\r\n\r\nhello12345", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:10 GMT\r\nConnection: Close\r\nContent-Length: 55\r\n\r\nContent-Length header is expected to be a numeric value", "behavioralNote": null}, {"id": "SMUG-CHUNK-LEADING-SP", "description": "Chunk size with leading space must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Chunk size with leading space must be rejected", "scored": true, "durationMs": 50.7602, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n 5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:10 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-CHUNK-MISSING-TRAILING-CRLF", "description": "Chunk data without trailing CRLF must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 500, "expected": "400 or close", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 500 \u2014 Chunk data without trailing CRLF must be rejected", "scored": true, "durationMs": 50.7, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello0\r\n\r\n", "rawResponse": "HTTP/1.0 500 Internal Server Error\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:10 GMT\r\nConnection: Close\r\nContent-Length: 48\r\n\r\nThe input string '' was not in a correct format.", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-LF", "description": "Bare LF in chunk extension \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": 500, "expected": "400 or 2xx", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or 2xx, got 500 \u2014 Bare LF in chunk extension \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 50.8937, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.0 500 Internal Server Error\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:10 GMT\r\nConnection: Close\r\nContent-Length: 56\r\n\r\nThe input string '5;\nhello' was not in a correct format.", "behavioralNote": null}, {"id": "SMUG-CHUNK-SPILL", "description": "Chunk declares size 5 but sends 7 bytes \u2014 oversized chunk data must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 500, "expected": "400 or close", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 500 \u2014 Chunk declares size 5 but sends 7 bytes \u2014 oversized chunk data must be rejected", "scored": true, "durationMs": 50.5938, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello!!\r\n0\r\n\r\n", "rawResponse": "HTTP/1.0 500 Internal Server Error\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:10 GMT\r\nConnection: Close\r\nContent-Length: 48\r\n\r\nThe input string '' was not in a correct format.", "behavioralNote": null}, {"id": "SMUG-CHUNK-LF-TERM", "description": "Bare LF as chunk data terminator \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 500, "expected": "400 or 2xx", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or 2xx, got 500 \u2014 Bare LF as chunk data terminator \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 50.7731, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\n0\r\n\r\n", "rawResponse": "HTTP/1.0 500 Internal Server Error\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:10 GMT\r\nConnection: Close\r\nContent-Length: 48\r\n\r\nThe input string '' was not in a correct format.", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-CTRL", "description": "NUL byte in chunk extension must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": 500, "expected": "400 or close", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 500 \u2014 NUL byte in chunk extension must be rejected", "scored": true, "durationMs": 50.5165, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\u0000ext\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.0 500 Internal Server Error\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:10 GMT\r\nConnection: Close\r\nContent-Length: 54\r\n\r\nThe input string '5;\u0000ext' was not in a correct format.", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-CR", "description": "Bare CR (not CRLF) in chunk extension \u2014 some parsers treat CR alone as line ending", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": 500, "expected": "400 or close", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 500 \u2014 Bare CR (not CRLF) in chunk extension \u2014 some parsers treat CR alone as line ending", "scored": true, "durationMs": 50.6521, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;a\rX\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.0 500 Internal Server Error\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:10 GMT\r\nConnection: Close\r\nContent-Length: 51\r\n\r\nThe input string '5;a' was not in a correct format.", "behavioralNote": null}, {"id": "SMUG-TE-VTAB", "description": "Vertical tab before 'chunked' in TE value \u2014 control char obfuscation vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Vertical tab before 'chunked' in TE value \u2014 control char obfuscation vector", "scored": true, "durationMs": 51.5725, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \u000bchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:10 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-TE-FORMFEED", "description": "Form feed before 'chunked' in TE value \u2014 control char obfuscation vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Form feed before 'chunked' in TE value \u2014 control char obfuscation vector", "scored": true, "durationMs": 50.67, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \fchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:10 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-TE-NULL", "description": "NUL byte appended to 'chunked' in TE value \u2014 C-string truncation attack", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 NUL byte appended to 'chunked' in TE value \u2014 C-string truncation attack", "scored": true, "durationMs": 50.5211, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\u0000\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:10 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-CHUNK-LF-TRAILER", "description": "Bare LF in chunked trailer termination \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 500, "expected": "400 or 2xx", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or 2xx, got 500 \u2014 Bare LF in chunked trailer termination \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 50.8017, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\n", "rawResponse": "HTTP/1.0 500 Internal Server Error\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:10 GMT\r\nConnection: Close\r\nContent-Length: 76\r\n\r\nSpecified argument was out of the range of valid values. (Parameter 'start')", "behavioralNote": null}, {"id": "SMUG-TE-IDENTITY", "description": "Transfer-Encoding: identity (deprecated) with CL must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding: identity (deprecated) with CL must be rejected", "scored": true, "durationMs": 50.3537, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: identity\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:10 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-CHUNK-NEGATIVE", "description": "Negative chunk size must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 500, "expected": "400 or close", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 500 \u2014 Negative chunk size must be rejected", "scored": true, "durationMs": 50.4585, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n-1\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.0 500 Internal Server Error\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:11 GMT\r\nConnection: Close\r\nContent-Length: 50\r\n\r\nThe input string '-1' was not in a correct format.", "behavioralNote": null}, {"id": "SMUG-TRANSFER_ENCODING", "description": "Transfer_Encoding (underscore) header with CL \u2014 not a valid header but some parsers accept", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer_Encoding (underscore) header with CL \u2014 not a valid header but some parsers accept", "scored": false, "durationMs": 50.4807, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer_Encoding: chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:11 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-CL-COMMA-SAME", "description": "Content-Length with comma-separated identical values \u2014 some servers merge", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with comma-separated identical values \u2014 some servers merge", "scored": false, "durationMs": 50.4551, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5, 5\r\n\r\nhello", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:11 GMT\r\nConnection: Close\r\nContent-Length: 55\r\n\r\nContent-Length header is expected to be a numeric value", "behavioralNote": null}, {"id": "SMUG-CHUNKED-WITH-PARAMS", "description": "Transfer-Encoding: chunked;ext=val \u2014 parameters on chunked encoding", "category": "Smuggling", "rfc": "RFC 9112 \u00a77", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer-Encoding: chunked;ext=val \u2014 parameters on chunked encoding", "scored": true, "durationMs": 50.5067, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked;ext=val\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:11 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-EXPECT-100-CL", "description": "Expect: 100-continue with Content-Length \u2014 server should send 100 then read body", "category": "Smuggling", "rfc": "RFC 9110 \u00a710.1.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Expect: 100-continue with Content-Length \u2014 server should send 100 then read body", "scored": false, "durationMs": 50.5884, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nExpect: 100-continue\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:11 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TRAILER-CL", "description": "Content-Length in chunked trailers must be ignored \u2014 prohibited trailer field", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Content-Length in chunked trailers must be ignored \u2014 prohibited trailer field", "scored": false, "durationMs": 50.7916, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nContent-Length: 50\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:11 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhelloHTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:11 GMT\r\nConnection: Close\r\nContent-Length: 41\r\n\r\nUnexpected token while parsing path: None", "behavioralNote": null}, {"id": "SMUG-TRAILER-TE", "description": "Transfer-Encoding in chunked trailers must be ignored \u2014 prohibited trailer field", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding in chunked trailers must be ignored \u2014 prohibited trailer field", "scored": false, "durationMs": 50.7363, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nTransfer-Encoding: chunked\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:11 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhelloHTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:11 GMT\r\nConnection: Close\r\nContent-Length: 41\r\n\r\nUnexpected token while parsing path: None", "behavioralNote": null}, {"id": "SMUG-TRAILER-HOST", "description": "Host header in chunked trailers must not be used for routing", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Host header in chunked trailers must not be used for routing", "scored": false, "durationMs": 50.6439, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nHost: evil.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:11 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhelloHTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:11 GMT\r\nConnection: Close\r\nContent-Length: 41\r\n\r\nUnexpected token while parsing path: None", "behavioralNote": null}, {"id": "SMUG-TRAILER-AUTH", "description": "Authorization header in chunked trailers \u2014 prohibited per RFC 9110 \u00a76.5.1", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Authorization header in chunked trailers \u2014 prohibited per RFC 9110 \u00a76.5.1", "scored": false, "durationMs": 50.7511, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nAuthorization: Bearer evil\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:11 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhelloHTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:11 GMT\r\nConnection: Close\r\nContent-Length: 44\r\n\r\nHTTP protocol version expected (got: 'evil')", "behavioralNote": null}, {"id": "SMUG-HEAD-CL-BODY", "description": "HEAD request with Content-Length and body \u2014 server must not leave body on connection", "category": "Smuggling", "rfc": "RFC 9110 \u00a79.3.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "HEAD request with Content-Length and body \u2014 server must not leave body on connection", "scored": false, "durationMs": 50.4799, "rawRequest": "HEAD / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:11 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 2\r\nETag: \"1979081074\"\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-OPTIONS-CL-BODY", "description": "OPTIONS with Content-Length and body \u2014 server should consume or reject body", "category": "Smuggling", "rfc": "RFC 9110 \u00a79.3.7", "verdict": "Fail", "statusCode": 405, "expected": "400 or 2xx", "got": "405", "connectionState": "Open", "reason": "Expected 400 or 2xx, got 405 \u2014 OPTIONS with Content-Length and body \u2014 server should consume or reject body", "scored": false, "durationMs": 50.6573, "rawRequest": "OPTIONS / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 405 Method Not Allowed\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:11 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\n\r\n48\r\n{\"status\":405,\"message\":\"There is no method of a matching request type\"}\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-UNDERSCORE", "description": "Content-Length with underscore digit separator (1_0) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with underscore digit separator (1_0) must be rejected", "scored": true, "durationMs": 50.4615, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 1_0\r\n\r\nhelloworld", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:11 GMT\r\nConnection: Close\r\nContent-Length: 55\r\n\r\nContent-Length header is expected to be a numeric value", "behavioralNote": null}, {"id": "SMUG-CL-NEGATIVE-ZERO", "description": "Content-Length: -0 must be rejected \u2014 not valid 1*DIGIT", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Content-Length: -0 must be rejected \u2014 not valid 1*DIGIT", "scored": true, "durationMs": 50.471, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: -0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:11 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-DOUBLE-ZERO", "description": "Content-Length: 00 \u2014 matches 1*DIGIT but leading zero ambiguity", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length: 00 \u2014 matches 1*DIGIT but leading zero ambiguity", "scored": true, "durationMs": 50.7718, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 00\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:11 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-LEADING-ZEROS-OCTAL", "description": "Content-Length: 0200 \u2014 octal 128 vs decimal 200, parser disagreement vector", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length: 0200 \u2014 octal 128 vs decimal 200, parser disagreement vector", "scored": true, "durationMs": 50.5014, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0200\r\n\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:11 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 200\r\n\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "behavioralNote": null}, {"id": "SMUG-TE-OBS-FOLD", "description": "Transfer-Encoding with obs-fold line wrapping must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a75.1", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "Open", "reason": "Expected 400, got 200 \u2014 Transfer-Encoding with obs-fold line wrapping must be rejected", "scored": true, "durationMs": 49.2783, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding:\r\n chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:11 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-TE-TRAILING-COMMA", "description": "Transfer-Encoding: chunked, \u2014 trailing comma produces empty list element", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.6.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer-Encoding: chunked, \u2014 trailing comma produces empty list element", "scored": true, "durationMs": 50.5091, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked,\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:11 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-TE-TAB-BEFORE-VALUE", "description": "Transfer-Encoding with tab as OWS before value", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer-Encoding with tab as OWS before value", "scored": false, "durationMs": 50.428, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding:\tchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:11 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-ABSOLUTE-URI-HOST-MISMATCH", "description": "Absolute-form URI with different Host header \u2014 routing confusion vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a73.2.2", "verdict": "Fail", "statusCode": 404, "expected": "400 or 2xx", "got": "404", "connectionState": "Open", "reason": "Expected 400 or 2xx, got 404 \u2014 Absolute-form URI with different Host header \u2014 routing confusion vector", "scored": false, "durationMs": 50.6142, "rawRequest": "GET http://other.example.com/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:11 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nETag: \"18446744071584333603\"\r\n\r\n4F\r\n{\"status\":404,\"message\":\"The requested resource does not exist on this server\"}\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-MULTIPLE-HOST-COMMA", "description": "Host header with comma-separated values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a77.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Host header with comma-separated values must be rejected", "scored": true, "durationMs": 50.4935, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080, other.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:11 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 2\r\nETag: \"1979081074\"\r\n\r\nOK", "behavioralNote": null}, {"id": "SMUG-CHUNK-BARE-CR-TERM", "description": "Chunk size line terminated by bare CR \u2014 not a valid line terminator", "category": "Smuggling", "rfc": "RFC 9112 \u00a72.2", "verdict": "Fail", "statusCode": 500, "expected": "400 or close", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 500 \u2014 Chunk size line terminated by bare CR \u2014 not a valid line terminator", "scored": true, "durationMs": 50.6737, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\rhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.0 500 Internal Server Error\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:12 GMT\r\nConnection: Close\r\nContent-Length: 48\r\n\r\nThe input string '' was not in a correct format.", "behavioralNote": null}, {"id": "SMUG-TRAILER-CONTENT-TYPE", "description": "Content-Type in chunked trailer \u2014 prohibited per RFC 9110 \u00a76.5.1", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Content-Type in chunked trailer \u2014 prohibited per RFC 9110 \u00a76.5.1", "scored": false, "durationMs": 50.7068, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nContent-Type: text/evil\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:12 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhelloHTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:12 GMT\r\nConnection: Close\r\nContent-Length: 41\r\n\r\nUnexpected token while parsing path: None", "behavioralNote": null}, {"id": "MAL-BINARY-GARBAGE", "description": "Random binary garbage should be rejected or connection closed", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "Random binary garbage should be rejected or connection closed", "scored": true, "durationMs": 50.6494, "rawRequest": ">\u0017???\u0004?;???V???:o?M%U\u0017]?n?\t\u0014W??6??(\u000b??\u0007???p??\u0005\tngk??\rF?'??'\"?????g?\u001a?????rvc??7i??????)??\u0000Q?????\u000eq\u0005-~????>B??u?8???`\u000b?J\u0017>?\u001d?b?\t???T5{\n????\u0006t|????\u0018\u0010?D??\u0015'????dQ%5w\tN K???\r?\u0011????D?\u0003I?(?\u0011??\r?\u001bi?L???\u0005?kg4Ze\f6??\"QT><<`\u0007u\f????=1?jMah\u0012??+?-??J\u001cP??\u001d?7?,???j2\u0014????(", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:12 GMT\r\nConnection: Close\r\nContent-Length: 44\r\n\r\nHTTP protocol version expected (got: 'K???')", "behavioralNote": null}, {"id": "MAL-LONG-URL", "description": "100KB URL should be rejected with 414 URI Too Long", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/414/431 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "100KB URL should be rejected with 414 URI Too Long", "scored": true, "durationMs": 50.9511, "rawRequest": "GET /AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:12 GMT\r\nConnection: Close\r\nContent-Length: 41\r\n\r\nUnexpected token while parsing path: None", "behavioralNote": null}, {"id": "MAL-LONG-HEADER-VALUE", "description": "100KB header value should be rejected with 431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/431 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "100KB header value should be rejected with 431", "scored": true, "durationMs": 50.88, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Big: BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:12 GMT\r\nConnection: Close\r\nContent-Length: 41\r\n\r\nUnexpected token 'None' (expected 'Word')", "behavioralNote": null}, {"id": "MAL-MANY-HEADERS", "description": "10,000 headers should be rejected with 431", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 500, "expected": "400/431 or close", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400/431 or close, got 500 \u2014 10,000 headers should be rejected with 431", "scored": true, "durationMs": 52.1064, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-H-0: value\r\nX-H-1: value\r\nX-H-2: value\r\nX-H-3: value\r\nX-H-4: value\r\nX-H-5: value\r\nX-H-6: value\r\nX-H-7: value\r\nX-H-8: value\r\nX-H-9: value\r\nX-H-10: value\r\nX-H-11: value\r\nX-H-12: value\r\nX-H-13: value\r\nX-H-14: value\r\nX-H-15: value\r\nX-H-16: value\r\nX-H-17: value\r\nX-H-18: value\r\nX-H-19: value\r\nX-H-20: value\r\nX-H-21: value\r\nX-H-22: value\r\nX-H-23: value\r\nX-H-24: value\r\nX-H-25: value\r\nX-H-26: value\r\nX-H-27: value\r\nX-H-28: value\r\nX-H-29: value\r\nX-H-30: value\r\nX-H-31: value\r\nX-H-32: value\r\nX-H-33: value\r\nX-H-34: value\r\nX-H-35: value\r\nX-H-36: value\r\nX-H-37: value\r\nX-H-38: value\r\nX-H-39: value\r\nX-H-40: value\r\nX-H-41: value\r\nX-H-42: value\r\nX-H-43: value\r\nX-H-44: value\r\nX-H-45: value\r\nX-H-46: value\r\nX-H-47: value\r\nX-H-48: value\r\nX-H-49: value\r\nX-H-50: value\r\nX-H-51: value\r\nX-H-52: value\r\nX-H-53: value\r\nX-H-54: value\r\nX-H-55: value\r\nX-H-56: value\r\nX-H-57: value\r\nX-H-58: value\r\nX-H-59: value\r\nX-H-60: value\r\nX-H-61: value\r\nX-H-62: value\r\nX-H-63: value\r\nX-H-64: value\r\nX-H-65: value\r\nX-H-66: value\r\nX-H-67: value\r\nX-H-68: value\r\nX-H-69: value\r\nX-H-70: value\r\nX-H-71: value\r\nX-H-72: value\r\nX-H-73: value\r\nX-H-74: value\r\nX-H-75: value\r\nX-H-76: value\r\nX-H-77: value\r\nX-H-78: value\r\nX-H-79: value\r\nX-H-80: value\r\nX-H-81: value\r\nX-H-82: value\r\nX-H-83: value\r\nX-H-84: value\r\nX-H-85: value\r\nX-H-86: value\r\nX-H-87: value\r\nX-H-88: value\r\nX-H-89: value\r\nX-H-90: value\r\nX-H-91: value\r\nX-H-92: value\r\nX-H-93: value\r\nX-H-94: value\r\nX-H-95: value\r\nX-H-96: value\r\nX-H-97: value\r\nX-H-98: value\r\nX-H-99: value\r\nX-H-100: value\r\nX-H-101: value\r\nX-H-102: value\r\nX-H-103: value\r\nX-H-104: value\r\nX-H-105: value\r\nX-H-106: value\r\nX-H-107: value\r\nX-H-108: value\r\nX-H-109: value\r\nX-H-110: value\r\nX-H-111: value\r\nX-H-112: value\r\nX-H-113: value\r\nX-H-114: value\r\nX-H-115: value\r\nX-H-116: value\r\nX-H-117: value\r\nX-H-118: value\r\nX-H-119: value\r\nX-H-120: value\r\nX-H-121: value\r\nX-H-122: value\r\nX-H-123: value\r\nX-H-124: value\r\nX-H-125: value\r\nX-H-126: value\r\nX-H-127: value\r\nX-H-128: value\r\nX-H-129: value\r\nX-H-130: value\r\nX-H-131: value\r\nX-H-132: value\r\nX-H-133: value\r\nX-H-134: value\r\nX-H-135: value\r\nX-H-136: value\r\nX-H-137: value\r\nX-H-138: value\r\nX-H-139: value\r\nX-H-140: value\r\nX-H-141: value\r\nX-H-142: value\r\nX-H-143: value\r\nX-H-144: value\r\nX-H-145: value\r\nX-H-146: value\r\nX-H-147: value\r\nX-H-148: value\r\nX-H-149: value\r\nX-H-150: value\r\nX-H-151: value\r\nX-H-152: value\r\nX-H-153: value\r\nX-H-154: value\r\nX-H-155: value\r\nX-H-156: value\r\nX-H-157: value\r\nX-H-158: value\r\nX-H-159: value\r\nX-H-160: value\r\nX-H-161: value\r\nX-H-162: value\r\nX-H-163: value\r\nX-H-164: value\r\nX-H-165: value\r\nX-H-166: value\r\nX-H-167: value\r\nX-H-168: value\r\nX-H-169: value\r\nX-H-170: value\r\nX-H-171: value\r\nX-H-172: value\r\nX-H-173: value\r\nX-H-174: value\r\nX-H-175: value\r\nX-H-176: value\r\nX-H-177: value\r\nX-H-178: value\r\nX-H-179: value\r\nX-H-180: value\r\nX-H-181: value\r\nX-H-182: value\r\nX-H-183: value\r\nX-H-184: value\r\nX-H-185: value\r\nX-H-186: value\r\nX-H-187: value\r\nX-H-188: value\r\nX-H-189: value\r\nX-H-190: value\r\nX-H-191: value\r\nX-H-192: value\r\nX-H-193: value\r\nX-H-194: value\r\nX-H-195: value\r\nX-H-196: value\r\nX-H-197: value\r\nX-H-198: value\r\nX-H-199: value\r\nX-H-200: value\r\nX-H-201: value\r\nX-H-202: value\r\nX-H-203: value\r\nX-H-204: value\r\nX-H-205: value\r\nX-H-206: value\r\nX-H-207: value\r\nX-H-208: value\r\nX-H-209: value\r\nX-H-210: value\r\nX-H-211: value\r\nX-H-212: value\r\nX-H-213: value\r\nX-H-214: value\r\nX-H-215: value\r\nX-H-216: value\r\nX-H-217: value\r\nX-H-218: value\r\nX-H-219: value\r\nX-H-220: value\r\nX-H-221: value\r\nX-H-222: value\r\nX-H-223: value\r\nX-H-224: value\r\nX-H-225: value\r\nX-H-226: value\r\nX-H-227: value\r\nX-H-228: value\r\nX-H-229: value\r\nX-H-230: value\r\nX-H-231: value\r\nX-H-232: value\r\nX-H-233: value\r\nX-H-234: value\r\nX-H-235: value\r\nX-H-236: value\r\nX-H-237: value\r\nX-H-238: value\r\nX-H-239: value\r\nX-H-240: value\r\nX-H-241: value\r\nX-H-242: value\r\nX-H-243: value\r\nX-H-244: value\r\nX-H-245: value\r\nX-H-246: value\r\nX-H-247: value\r\nX-H-248: value\r\nX-H-249: value\r\nX-H-250: value\r\nX-H-251: value\r\nX-H-252: value\r\nX-H-253: value\r\nX-H-254: value\r\nX-H-255: value\r\nX-H-256: value\r\nX-H-257: value\r\nX-H-258: value\r\nX-H-259: value\r\nX-H-260: value\r\nX-H-261: value\r\nX-H-262: value\r\nX-H-263: value\r\nX-H-264: value\r\nX-H-265: value\r\nX-H-266: value\r\nX-H-267: value\r\nX-H-268: value\r\nX-H-269: value\r\nX-H-270: value\r\nX-H-271: value\r\nX-H-272: value\r\nX-H-273: value\r\nX-H-274: value\r\nX-H-275: value\r\nX-H-276: value\r\nX-H-277: value\r\nX-H-278: value\r\nX-H-279: value\r\nX-H-280: value\r\nX-H-281: value\r\nX-H-282: value\r\nX-H-283: value\r\nX-H-284: value\r\nX-H-285: value\r\nX-H-286: value\r\nX-H-287: value\r\nX-H-288: value\r\nX-H-289: value\r\nX-H-290: value\r\nX-H-291: value\r\nX-H-292: value\r\nX-H-293: value\r\nX-H-294: value\r\nX-H-295: value\r\nX-H-296: value\r\nX-H-297: value\r\nX-H-298: value\r\nX-H-299: value\r\nX-H-300: value\r\nX-H-301: value\r\nX-H-302: value\r\nX-H-303: value\r\nX-H-304: value\r\nX-H-305: value\r\nX-H-306: value\r\nX-H-307: value\r\nX-H-308: value\r\nX-H-309: value\r\nX-H-310: value\r\nX-H-311: value\r\nX-H-312: value\r\nX-H-313: value\r\nX-H-314: value\r\nX-H-315: value\r\nX-H-316: value\r\nX-H-317: value\r\nX-H-318: value\r\nX-H-319: value\r\nX-H-320: value\r\nX-H-321: value\r\nX-H-322: value\r\nX-H-323: value\r\nX-H-324: value\r\nX-H-325: value\r\nX-H-326: value\r\nX-H-327: value\r\nX-H-328: value\r\nX-H-329: value\r\nX-H-330: value\r\nX-H-331: value\r\nX-H-332: value\r\nX-H-333: value\r\nX-H-334: value\r\nX-H-335: value\r\nX-H-336: value\r\nX-H-337: value\r\nX-H-338: value\r\nX-H-339: value\r\nX-H-340: value\r\nX-H-341: value\r\nX-H-342: value\r\nX-H-343: value\r\nX-H-344: value\r\nX-H-345: value\r\nX-H-346: value\r\nX-H-347: value\r\nX-H-348: value\r\nX-H-349: value\r\nX-H-350: value\r\nX-H-351: value\r\nX-H-352: value\r\nX-H-353: value\r\nX-H-354: value\r\nX-H-355: value\r\nX-H-356: value\r\nX-H-357: value\r\nX-H-358: value\r\nX-H-359: value\r\nX-H-360: value\r\nX-H-361: value\r\nX-H-362: value\r\nX-H-363: value\r\nX-H-364: value\r\nX-H-365: value\r\nX-H-366: value\r\nX-H-367: value\r\nX-H-368: value\r\nX-H-369: value\r\nX-H-370: value\r\nX-H-371: value\r\nX-H-372: value\r\nX-H-373: value\r\nX-H-374: value\r\nX-H-375: value\r\nX-H-376: value\r\nX-H-377: value\r\nX-H-378: value\r\nX-H-379: value\r\nX-H-380: value\r\nX-H-381: value\r\nX-H-382: value\r\nX-H-383: value\r\nX-H-384: value\r\nX-H-385: value\r\nX-H-386: value\r\nX-H-387: value\r\nX-H-388: value\r\nX-H-389: value\r\nX-H-390: value\r\nX-H-391: value\r\nX-H-392: value\r\nX-H-393: value\r\nX-H-394: value\r\nX-H-395: value\r\nX-H-396: value\r\nX-H-397: value\r\nX-H-398: value\r\nX-H-399: value\r\nX-H-400: value\r\nX-H-401: value\r\nX-H-402: value\r\nX-H-403: value\r\nX-H-404: value\r\nX-H-405: value\r\nX-H-406: value\r\nX-H-407: value\r\nX-H-408: value\r\nX-H-409: value\r\nX-H-410: value\r\nX-H-411: value\r\nX-H-412: value\r\nX-H-413: value\r\nX-H-414: value\r\nX-H-415: value\r\nX-H-416: value\r\nX-H-417: value\r\nX-H-418: value\r\nX-H-419: value\r\nX-H-420: value\r\nX-H-421: value\r\nX-H-422: value\r\nX-H-423: value\r\nX-H-424: value\r\nX-H-425: value\r\nX-H-426: value\r\nX-H-427: value\r\nX-H-428: value\r\nX-H-429: value\r\nX-H-430: value\r\nX-H-431: value\r\nX-H-432: value\r\nX-H-433: value\r\nX-H-434: value\r\nX-H-435: value\r\nX-H-436: value\r\nX-H-437: value\r\nX-H-438: value\r\nX-H-439: value\r\nX-H-440: value\r\nX-H-441: value\r\nX-H-442: value\r\nX-H-443: value\r\nX-H-444: value\r\nX-H-445: value\r\nX-H-446: value\r\nX-H-447: value\r\nX-H-448: value\r\nX-H-449: value\r\nX-H-450: value\r\nX-H-451: value\r\nX-H-452: value\r\nX-H-453: value\r\nX-H-454: value\r\nX-H-455: value\r\nX-H-456: value\r\nX-H-457: value\r\nX-H-458: value\r\nX-H-459: value\r\nX-H-460: value\r\nX-H-461: value\r\nX-H-462: value\r\nX-H-463: value\r\nX-H-464: value\r\nX-H-465: value\r\nX-H-466: value\r\nX-H-467: value\r\nX-H-468: value\r\nX-H-469: value\r\nX-H-470: value\r\nX-H-471: value\r\nX-H-472: value\r\nX-H-473: value\r\nX-H-474: value\r\nX-H-475: value\r\nX-H-476: value\r\nX-H-477: value\r\nX-H-478: value\r\nX-H-479: value\r\nX-H-480: value\r\nX-H-481: value\r\nX-H-482: value\r\nX-H-483: value\r\nX-H-484: value\r\nX-H-485: value\r\nX-H-486: value\r\nX-H-487: value\r\nX-H-488: value\r\nX-H-489: value\r\nX-H-490: value\r\nX-H-491: value\r\nX-H-492: value\r\nX-H-493: value\r\nX-H-494: value\r\nX-H-495: value\r\nX-H-496: value\r\nX-H-497: value\r\nX-H-498: value\r\nX-H-499: value\r\nX-H-500: value\r\nX-H-501: value\r\nX-H-502: value\r\nX-H-503: value\r\nX-H-504: value\r\nX-H-505: value\r\nX-H-506: value\r\nX-H-507: value\r\nX-H-508: value\r\nX-H-509: value\r\nX-H-510: value\r\nX-H-511: value\r\nX-H-512: value\r\nX-H-513: value\r\nX-H-514: value\r\nX-H-515: value\r\nX-H-516:", "rawResponse": "HTTP/1.0 500 Internal Server Error\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:12 GMT\r\nConnection: Close\r\nContent-Length: 76\r\n\r\nSpecified argument was out of the range of valid values. (Parameter 'start')", "behavioralNote": null}, {"id": "MAL-NUL-IN-URL", "description": "NUL byte in URL should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 404, "expected": "400 or close", "got": "404", "connectionState": "Open", "reason": "Expected 400 or close, got 404 \u2014 NUL byte in URL should be rejected", "scored": true, "durationMs": 50.4389, "rawRequest": "GET /\u0000test HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:12 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nETag: \"18446744071584333603\"\r\n\r\n4F\r\n{\"status\":404,\"message\":\"The requested resource does not exist on this server\"}\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-CONTROL-CHARS-HEADER", "description": "Control characters in header value should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Control characters in header value should be rejected", "scored": true, "durationMs": 50.3938, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: abc\u0007\b?f\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:12 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 2\r\nETag: \"1979081074\"\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-INCOMPLETE-REQUEST", "description": "Partial HTTP request \u2014 request-line and headers but no final CRLF", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "Partial HTTP request \u2014 request-line and headers but no final CRLF", "scored": true, "durationMs": 50.4967, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: value", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:12 GMT\r\nConnection: Close\r\nContent-Length: 41\r\n\r\nUnexpected token 'None' (expected 'Word')", "behavioralNote": null}, {"id": "MAL-EMPTY-REQUEST", "description": "Zero bytes \u2014 TCP connection established without sending any data", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Zero bytes \u2014 TCP connection established without sending any data", "scored": true, "durationMs": 5000.5901, "rawRequest": "", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-LONG-HEADER-NAME", "description": "100KB header name should be rejected with 400/431", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400/431 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400/431 or close, got 200 \u2014 100KB header name should be rejected with 400/431", "scored": true, "durationMs": 51.0465, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:17 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 2\r\nETag: \"1979081074\"\r\n\r\nOKHTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:17 GMT\r\nConnection: Close\r\nContent-Length: 43\r\n\r\nUnable to read HTTP verb from request line.", "behavioralNote": null}, {"id": "MAL-LONG-METHOD", "description": "100KB method name should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "100KB method name should be rejected", "scored": true, "durationMs": 50.8501, "rawRequest": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:17 GMT\r\nConnection: Close\r\nContent-Length: 43\r\n\r\nUnable to read HTTP verb from request line.", "behavioralNote": null}, {"id": "MAL-NON-ASCII-HEADER-NAME", "description": "Non-ASCII bytes (UTF-8 \u00eb) in header name must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Non-ASCII bytes (UTF-8 \u00eb) in header name must be rejected", "scored": true, "durationMs": 50.5093, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-T??st: value\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:17 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 2\r\nETag: \"1979081074\"\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-NON-ASCII-URL", "description": "Non-ASCII bytes (UTF-8 \u00e9) in URL must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 404, "expected": "400 or close", "got": "404", "connectionState": "Open", "reason": "Expected 400 or close, got 404 \u2014 Non-ASCII bytes (UTF-8 \u00e9) in URL must be rejected", "scored": true, "durationMs": 50.6117, "rawRequest": "GET /caf?? HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:17 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nETag: \"18446744071584333603\"\r\n\r\n4F\r\n{\"status\":404,\"message\":\"The requested resource does not exist on this server\"}\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-CL-OVERFLOW", "description": "Content-Length with integer overflow value must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with integer overflow value must be rejected", "scored": true, "durationMs": 50.4384, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 99999999999999999999\r\n\r\n", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:17 GMT\r\nConnection: Close\r\nContent-Length: 55\r\n\r\nContent-Length header is expected to be a numeric value", "behavioralNote": null}, {"id": "MAL-WHITESPACE-ONLY-LINE", "description": "Whitespace-only request line should be rejected or timeout", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "Whitespace-only request line should be rejected or timeout", "scored": true, "durationMs": 50.5321, "rawRequest": "   \r\n\r\n", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:17 GMT\r\nConnection: Close\r\nContent-Length: 41\r\n\r\nUnexpected token while parsing path: None", "behavioralNote": null}, {"id": "MAL-NUL-IN-HEADER-VALUE", "description": "NUL byte in header value should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 NUL byte in header value should be rejected", "scored": true, "durationMs": 50.3839, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: val\u0000ue\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:17 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 2\r\nETag: \"1979081074\"\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-CHUNK-SIZE-OVERFLOW", "description": "Chunk size with integer overflow must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 500, "expected": "400 or close", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 500 \u2014 Chunk size with integer overflow must be rejected", "scored": true, "durationMs": 51.0058, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\nFFFFFFFFFFFFFFFF0\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.0 500 Internal Server Error\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:17 GMT\r\nConnection: Close\r\nContent-Length: 53\r\n\r\nValue was either too large or too small for an Int64.", "behavioralNote": null}, {"id": "MAL-H2-PREFACE", "description": "HTTP/2 connection preface sent to HTTP/1.1 server must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/505/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/2 connection preface sent to HTTP/1.1 server must be rejected", "scored": true, "durationMs": 50.5406, "rawRequest": "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:17 GMT\r\nConnection: Close\r\nContent-Length: 33\r\n\r\nUnexpected protocol version '2.0'", "behavioralNote": null}, {"id": "MAL-CL-EMPTY", "description": "Empty Content-Length value must be rejected", "category": "MalformedInput", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Empty Content-Length value must be rejected", "scored": true, "durationMs": 50.4564, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: \r\n\r\n", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:17 GMT\r\nConnection: Close\r\nContent-Length: 55\r\n\r\nContent-Length header is expected to be a numeric value", "behavioralNote": null}, {"id": "MAL-CL-TAB-BEFORE-VALUE", "description": "Content-Length with tab as OWS \u2014 valid per RFC but unusual", "category": "MalformedInput", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with tab as OWS \u2014 valid per RFC but unusual", "scored": true, "durationMs": 50.5792, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length:\t5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:17 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "MAL-URL-BACKSLASH", "description": "Backslash in URL path \u2014 not valid URI character, some servers normalize to /", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 404, "expected": "400 or 2xx/404", "got": "404", "connectionState": "Open", "reason": "Backslash in URL path \u2014 not valid URI character, some servers normalize to /", "scored": true, "durationMs": 50.4555, "rawRequest": "GET /path\\file HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:18 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nETag: \"18446744071584333603\"\r\n\r\n4F\r\n{\"status\":404,\"message\":\"The requested resource does not exist on this server\"}\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-URL-OVERLONG-UTF8", "description": "Overlong UTF-8 encoding of / (0xC0 0xAF) in URL must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 404, "expected": "400 or close", "got": "404", "connectionState": "Open", "reason": "Expected 400 or close, got 404 \u2014 Overlong UTF-8 encoding of / (0xC0 0xAF) in URL must be rejected", "scored": true, "durationMs": 50.5266, "rawRequest": "GET /?? HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:18 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nETag: \"18446744071584333603\"\r\n\r\n4F\r\n{\"status\":404,\"message\":\"The requested resource does not exist on this server\"}\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-URL-PERCENT-NULL", "description": "Percent-encoded NUL byte (%00) in URL \u2014 security risk from null byte injection", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 404, "expected": "400 or 2xx/404", "got": "404", "connectionState": "Open", "reason": "Percent-encoded NUL byte (%00) in URL \u2014 security risk from null byte injection", "scored": true, "durationMs": 50.5749, "rawRequest": "GET /path%00.html HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:18 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nETag: \"18446744071584333603\"\r\n\r\n4F\r\n{\"status\":404,\"message\":\"The requested resource does not exist on this server\"}\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-URL-PERCENT-CRLF", "description": "Percent-encoded CRLF (%0d%0a) in URL \u2014 header injection if server decodes during parsing", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 404, "expected": "400 or 2xx/404", "got": "404", "connectionState": "Open", "reason": "Percent-encoded CRLF (%0d%0a) in URL \u2014 header injection if server decodes during parsing", "scored": true, "durationMs": 50.5162, "rawRequest": "GET /path%0d%0aX-Injected:%20true HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:18 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nETag: \"18446744071584333603\"\r\n\r\n4F\r\n{\"status\":404,\"message\":\"The requested resource does not exist on this server\"}\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-CHUNK-EXT-64K", "description": "64KB chunk extension \u2014 tests extension length limits (CVE-2023-39326 class)", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "64KB chunk extension \u2014 tests extension length limits (CVE-2023-39326 class)", "scored": true, "durationMs": 51.7402, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;ext=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:18 GMT\r\nConnection: Close\r\nContent-Length: 19\r\n\r\nChunk size expected", "behavioralNote": null}, {"id": "MAL-RANGE-OVERLAPPING", "description": "1000 overlapping Range values \u2014 resource exhaustion vector (CVE-2011-3192 class)", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "200/206/400/416", "got": "200", "connectionState": "Open", "reason": "1000 overlapping Range values \u2014 resource exhaustion vector (CVE-2011-3192 class)", "scored": false, "durationMs": 51.9884, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nRange: bytes=0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:18 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 2\r\nETag: \"1979081074\"\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-POST-CL-HUGE-NO-BODY", "description": "POST with Content-Length: 999999999 but no body \u2014 tests timeout vs memory allocation", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "POST with Content-Length: 999999999 but no body \u2014 tests timeout vs memory allocation", "scored": true, "durationMs": 5000.7971, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 999999999\r\n\r\n", "rawResponse": null, "behavioralNote": null}], "name": "GenHTTP", "language": "C#"}, {"summary": {"total": 143, "scored": 125, "passed": 93, "failed": 16, "warnings": 16, "unscored": 18}, "results": [{"id": "COMP-BASELINE", "description": "Valid GET request \u2014 confirms server is reachable", "category": "Compliance", "rfc": null, "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid GET request \u2014 confirms server is reachable", "scored": true, "durationMs": 64.6484, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:26 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-2.2-BARE-LF-REQUEST-LINE", "description": "Bare LF in request line should be rejected, but MAY be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or close (pass), 2xx (warn)", "got": "200", "connectionState": "Open", "reason": "Bare LF in request line should be rejected, but MAY be accepted", "scored": true, "durationMs": 51.8297, "rawRequest": "GET / HTTP/1.1\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:26 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-2.2-BARE-LF-HEADER", "description": "Bare LF in header should be rejected, but MAY be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close (pass), 2xx (warn)", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare LF in header should be rejected, but MAY be accepted", "scored": true, "durationMs": 51.0005, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\nX-Test: value\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-5.1-OBS-FOLD", "description": "Obs-fold (line folding) in headers should be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75.1", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "Open", "reason": "Expected 400, got 200 \u2014 Obs-fold (line folding) in headers should be rejected", "scored": true, "durationMs": 50.6841, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: value\r\n continued\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:26 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "RFC9110-5.6.2-SP-BEFORE-COLON", "description": "Whitespace between header name and colon must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "Open", "reason": "Expected 400, got 200 \u2014 Whitespace between header name and colon must be rejected", "scored": true, "durationMs": 50.6348, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test : value\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:26 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-3-MULTI-SP-REQUEST-LINE", "description": "Multiple spaces between request-line components \u2014 SHOULD reject but MAY parse leniently", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Multiple spaces between request-line components \u2014 SHOULD reject but MAY parse leniently", "scored": true, "durationMs": 50.7369, "rawRequest": "GET  / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:26 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-7.1-MISSING-HOST", "description": "Request without Host header must be rejected with 400", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "Open", "reason": "Expected 400, got 200 \u2014 Request without Host header must be rejected with 400", "scored": true, "durationMs": 50.5551, "rawRequest": "GET / HTTP/1.1\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:26 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-2.3-INVALID-VERSION", "description": "Invalid HTTP version must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400/505 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Invalid HTTP version must be rejected", "scored": true, "durationMs": 50.6366, "rawRequest": "GET / HTTP/9.9\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-5-EMPTY-HEADER-NAME", "description": "Empty header name (leading colon) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Empty header name (leading colon) must be rejected", "scored": true, "durationMs": 50.5245, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\n: empty-name\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:27 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-3-CR-ONLY-LINE-ENDING", "description": "CR without LF as line ending must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "CR without LF as line ending must be rejected", "scored": true, "durationMs": 50.453, "rawRequest": "GET / HTTP/1.1\rHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-3-MISSING-TARGET", "description": "Request line with no target (space but no path) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Request line with no target (space but no path) must be rejected", "scored": true, "durationMs": 50.5609, "rawRequest": "GET HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-3.2-FRAGMENT-IN-TARGET", "description": "Fragment (#) in request-target \u2014 not part of origin-form grammar", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Fragment (#) in request-target \u2014 not part of origin-form grammar", "scored": true, "durationMs": 50.7386, "rawRequest": "GET /path#frag HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:27 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-2.3-HTTP09-REQUEST", "description": "HTTP/0.9 request (no version) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "HTTP/0.9 request (no version) must be rejected", "scored": true, "durationMs": 5001.6214, "rawRequest": "GET /\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "RFC9112-5-INVALID-HEADER-NAME", "description": "Header name with invalid characters (brackets) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Header name with invalid characters (brackets) must be rejected", "scored": true, "durationMs": 50.8197, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nBad[Name: value\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-5-HEADER-NO-COLON", "description": "Header line without colon must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Header line without colon must be rejected", "scored": true, "durationMs": 50.5, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nNoColonHere\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "RFC9110-5.4-DUPLICATE-HOST", "description": "Duplicate Host headers with different values must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "Open", "reason": "Expected 400, got 200 \u2014 Duplicate Host headers with different values must be rejected", "scored": true, "durationMs": 50.5977, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nHost: other.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:32 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-6.1-CL-NON-NUMERIC", "description": "Non-numeric Content-Length must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Non-numeric Content-Length must be rejected", "scored": true, "durationMs": 50.5943, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: abc\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-6.1-CL-PLUS-SIGN", "description": "Content-Length with plus sign must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with plus sign must be rejected", "scored": true, "durationMs": 50.546, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: +5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "COMP-WHITESPACE-BEFORE-HEADERS", "description": "Whitespace before first header line must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Whitespace before first header line must be rejected", "scored": true, "durationMs": 50.592, "rawRequest": "GET / HTTP/1.1\r\n \r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "COMP-DUPLICATE-HOST-SAME", "description": "Duplicate Host headers with identical values must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "Open", "reason": "Expected 400, got 200 \u2014 Duplicate Host headers with identical values must be rejected", "scored": true, "durationMs": 50.8565, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:32 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-HOST-WITH-USERINFO", "description": "Host header with userinfo (user@host) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Host header with userinfo (user@host) must be rejected", "scored": true, "durationMs": 50.5896, "rawRequest": "GET / HTTP/1.1\r\nHost: user@localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:32 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-HOST-WITH-PATH", "description": "Host header with path component must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Host header with path component must be rejected", "scored": true, "durationMs": 50.6118, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080/path\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:32 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-ASTERISK-WITH-GET", "description": "Asterisk-form (*) request-target with GET must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.4", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Asterisk-form (*) request-target with GET must be rejected", "scored": true, "durationMs": 50.501, "rawRequest": "GET * HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:32 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-OPTIONS-STAR", "description": "OPTIONS * is the only valid asterisk-form request", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.4", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "OPTIONS * is the only valid asterisk-form request", "scored": true, "durationMs": 50.4324, "rawRequest": "OPTIONS * HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:32 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-UNKNOWN-TE-501", "description": "Unknown Transfer-Encoding without CL should be rejected with 501", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400/501 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Unknown Transfer-Encoding without CL should be rejected with 501", "scored": true, "durationMs": 50.6672, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: gzip\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "COMP-LEADING-CRLF", "description": "Leading CRLF before request-line \u2014 server may ignore per RFC", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Leading CRLF before request-line \u2014 server may ignore per RFC", "scored": true, "durationMs": 50.6934, "rawRequest": "\r\n\r\nGET / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:32 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-ABSOLUTE-FORM", "description": "Absolute-form request-target \u2014 server should accept per RFC", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Absolute-form request-target \u2014 server should accept per RFC", "scored": true, "durationMs": 50.6295, "rawRequest": "GET http://localhost:8080/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:32 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-METHOD-CASE", "description": "Lowercase method 'get' \u2014 methods are case-sensitive per RFC", "category": "Compliance", "rfc": "RFC 9110 \u00a79.1", "verdict": "Pass", "statusCode": 400, "expected": "400/405/501 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Lowercase method 'get' \u2014 methods are case-sensitive per RFC", "scored": true, "durationMs": 50.6157, "rawRequest": "get / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "COMP-POST-CL-BODY", "description": "POST with Content-Length and matching body must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "POST with Content-Length and matching body must be accepted", "scored": true, "durationMs": 50.9981, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:33 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-POST-CL-ZERO", "description": "POST with Content-Length: 0 and no body must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "POST with Content-Length: 0 and no body must be accepted", "scored": true, "durationMs": 50.7705, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:33 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-POST-NO-CL-NO-TE", "description": "POST with neither Content-Length nor Transfer-Encoding \u2014 implicit zero-length body", "category": "Compliance", "rfc": "RFC 9112 \u00a76.3", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "POST with neither Content-Length nor Transfer-Encoding \u2014 implicit zero-length body", "scored": true, "durationMs": 50.572, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:33 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-POST-CL-UNDERSEND", "description": "POST with Content-Length: 10 but only 5 bytes sent \u2014 incomplete body", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "POST with Content-Length: 10 but only 5 bytes sent \u2014 incomplete body", "scored": true, "durationMs": 5000.6292, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 10\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-CHUNKED-BODY", "description": "Valid single-chunk POST must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid single-chunk POST must be accepted", "scored": true, "durationMs": 50.6623, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:38 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-MULTI", "description": "Valid multi-chunk POST must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid multi-chunk POST must be accepted", "scored": true, "durationMs": 50.7012, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n6\r\n world\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:38 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\nb\r\nhello world\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-EMPTY", "description": "Zero-length chunked body (just terminator) must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "Zero-length chunked body (just terminator) must be accepted", "scored": true, "durationMs": 50.5963, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:38 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-NO-FINAL", "description": "Chunked body without zero terminator \u2014 incomplete transfer", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Chunked body without zero terminator \u2014 incomplete transfer", "scored": true, "durationMs": 5000.7364, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-UPGRADE-POST", "description": "WebSocket upgrade via POST must not be accepted", "category": "Compliance", "rfc": "RFC 6455 \u00a74.1", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "WebSocket upgrade via POST must not be accepted", "scored": true, "durationMs": 50.9231, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 13\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:43 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-UPGRADE-MISSING-CONN", "description": "Upgrade header without Connection: Upgrade must not trigger protocol switch", "category": "Compliance", "rfc": "RFC 9110 \u00a77.8", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "Upgrade header without Connection: Upgrade must not trigger protocol switch", "scored": true, "durationMs": 50.7796, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 13\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:43 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-UPGRADE-UNKNOWN", "description": "Upgrade to unknown protocol must not return 101", "category": "Compliance", "rfc": "RFC 9110 \u00a77.8", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "Upgrade to unknown protocol must not return 101", "scored": true, "durationMs": 50.678, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: totally-made-up/1.0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:43 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-METHOD-CONNECT", "description": "CONNECT to an origin server must be rejected", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.6", "verdict": "Pass", "statusCode": null, "expected": "400/405/501 or close", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "CONNECT to an origin server must be rejected", "scored": true, "durationMs": 0.7167, "rawRequest": "CONNECT example.com:443 HTTP/1.1\r\nHost: example.com:443\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-EXPECT-UNKNOWN", "description": "Unknown Expect value should be rejected with 417", "category": "Compliance", "rfc": "RFC 9110 \u00a710.1.1", "verdict": "Pass", "statusCode": 417, "expected": "417 or 2xx", "got": "417", "connectionState": "Open", "reason": "Unknown Expect value should be rejected with 417", "scored": true, "durationMs": 50.6444, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nExpect: 200-ok\r\n\r\n", "rawResponse": "HTTP/1.1 417 Expectation Failed\r\nDate: Thu, 12 Feb 2026 21:21:43 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-GET-WITH-CL-BODY", "description": "GET with Content-Length and body \u2014 semantically unusual", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "GET with Content-Length and body \u2014 semantically unusual", "scored": false, "durationMs": 50.7066, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:43 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-EXTENSION", "description": "Chunk extension (valid per RFC) \u2014 server should accept or may reject", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx or 400", "got": "200", "connectionState": "Open", "reason": "Chunk extension (valid per RFC) \u2014 server should accept or may reject", "scored": true, "durationMs": 50.6394, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;ext=value\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:43 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-UPGRADE-INVALID-VER", "description": "WebSocket upgrade with unsupported version \u2014 should return 426", "category": "Compliance", "rfc": "RFC 6455 \u00a74.4", "verdict": "Warn", "statusCode": 200, "expected": "426 or 2xx", "got": "200", "connectionState": "Open", "reason": "WebSocket upgrade with unsupported version \u2014 should return 426", "scored": true, "durationMs": 50.7276, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 99\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:43 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-METHOD-TRACE", "description": "TRACE request \u2014 should be disabled in production", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.8", "verdict": "Warn", "statusCode": 200, "expected": "405/501 or 2xx", "got": "200", "connectionState": "Open", "reason": "TRACE request \u2014 should be disabled in production", "scored": false, "durationMs": 50.5623, "rawRequest": "TRACE / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:43 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-HOST-EMPTY-VALUE", "description": "Empty Host header value must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Empty Host header value must be rejected", "scored": true, "durationMs": 50.4932, "rawRequest": "GET / HTTP/1.1\r\nHost: \r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:43 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-REQUEST-LINE-TAB", "description": "Tab as request-line delimiter \u2014 SHOULD reject but MAY parse on whitespace", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Tab as request-line delimiter \u2014 SHOULD reject but MAY parse on whitespace", "scored": true, "durationMs": 50.5577, "rawRequest": "GET\t/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "COMP-VERSION-MISSING-MINOR", "description": "HTTP/1 with no minor version digit is invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/1 with no minor version digit is invalid", "scored": true, "durationMs": 50.4082, "rawRequest": "GET / HTTP/1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "COMP-VERSION-LEADING-ZEROS", "description": "HTTP/01.01 \u2014 leading zeros in version digits are invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/01.01 \u2014 leading zeros in version digits are invalid", "scored": true, "durationMs": 50.63, "rawRequest": "GET / HTTP/01.01\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "COMP-VERSION-WHITESPACE", "description": "HTTP/ 1.1 \u2014 whitespace inside version token is invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/ 1.1 \u2014 whitespace inside version token is invalid", "scored": true, "durationMs": 50.4301, "rawRequest": "GET / HTTP/ 1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CONNECTION-CLOSE", "description": "Server must close connection after responding to Connection: close", "category": "Compliance", "rfc": "RFC 9112 \u00a79.3", "verdict": "Pass", "statusCode": 200, "expected": "2xx + close", "got": "200", "connectionState": "ClosedByServer", "reason": "Server must close connection after responding to Connection: close", "scored": true, "durationMs": 50.7356, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:44 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-HTTP10-DEFAULT-CLOSE", "description": "HTTP/1.0 without keep-alive \u2014 server should close connection after response", "category": "Compliance", "rfc": "RFC 9112 \u00a79.3", "verdict": "Pass", "statusCode": 200, "expected": "2xx + close", "got": "200", "connectionState": "ClosedByServer", "reason": "HTTP/1.0 without keep-alive \u2014 server should close connection after response", "scored": true, "durationMs": 51.2459, "rawRequest": "GET / HTTP/1.0\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:44 GMT\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HTTP10-NO-HOST", "description": "HTTP/1.0 without Host header \u2014 valid per HTTP/1.0", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Warn", "statusCode": 200, "expected": "200 or 400", "got": "200", "connectionState": "ClosedByServer", "reason": "HTTP/1.0 without Host header \u2014 valid per HTTP/1.0", "scored": false, "durationMs": 50.7033, "rawRequest": "GET / HTTP/1.0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:44 GMT\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HTTP12-VERSION", "description": "HTTP/1.2 \u2014 higher minor version should be accepted as HTTP/1.x compatible", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Fail", "statusCode": 400, "expected": "200 or 505", "got": "400", "connectionState": "ClosedByServer", "reason": "Expected 200 or 505, got 400 \u2014 HTTP/1.2 \u2014 higher minor version should be accepted as HTTP/1.x compatible", "scored": false, "durationMs": 50.5458, "rawRequest": "GET / HTTP/1.2\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "COMP-TRACE-WITH-BODY", "description": "TRACE with Content-Length body should be rejected", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.8", "verdict": "Warn", "statusCode": 200, "expected": "400/405 or 200", "got": "200", "connectionState": "Open", "reason": "TRACE with Content-Length body should be rejected", "scored": false, "durationMs": 50.7148, "rawRequest": "TRACE / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:44 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-TRAILER-VALID", "description": "Valid chunked body with trailer field should be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid chunked body with trailer field should be accepted", "scored": true, "durationMs": 51.0362, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nX-Checksum: abc\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:44 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-HEX-UPPERCASE", "description": "Chunk size with uppercase hex (A = 10) should be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Chunk size with uppercase hex (A = 10) should be accepted", "scored": true, "durationMs": 50.7144, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\nA\r\nhelloworld\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:44 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\na\r\nhelloworld\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-TE-BOTH", "description": "Both Content-Length and Transfer-Encoding present \u2014 server MAY reject or process with TE alone", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Both Content-Length and Transfer-Encoding present \u2014 server MAY reject or process with TE alone", "scored": true, "durationMs": 50.873, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 6\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-DUPLICATE-CL", "description": "Duplicate Content-Length with different values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Duplicate Content-Length with different values must be rejected", "scored": true, "durationMs": 50.9324, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nContent-Length: 10\r\n\r\nhelloworld", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-LEADING-ZEROS", "description": "Content-Length with leading zeros \u2014 valid per 1*DIGIT grammar but may cause parser disagreement", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with leading zeros \u2014 valid per 1*DIGIT grammar but may cause parser disagreement", "scored": true, "durationMs": 50.9295, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 005\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:44 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-XCHUNKED", "description": "Transfer-Encoding: xchunked must not be treated as chunked", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: xchunked must not be treated as chunked", "scored": true, "durationMs": 50.6252, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: xchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-TRAILING-SPACE", "description": "Transfer-Encoding: 'chunked ' (trailing space) must not be treated as chunked", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: 'chunked ' (trailing space) must not be treated as chunked", "scored": true, "durationMs": 50.5194, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked \r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-SP-BEFORE-COLON", "description": "Transfer-Encoding with space before colon must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with space before colon must be rejected", "scored": true, "durationMs": 50.6993, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding : chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-NEGATIVE", "description": "Negative Content-Length must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Negative Content-Length must be rejected", "scored": true, "durationMs": 50.6332, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: -1\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CLTE-PIPELINE", "description": "CL.TE smuggling probe \u2014 follow-up should not receive smuggled response", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "CL.TE smuggling probe \u2014 follow-up should not receive smuggled response", "scored": true, "durationMs": 0.6537, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 4\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TECL-PIPELINE", "description": "TE.CL smuggling probe \u2014 TE: chunked + CL: 30 with pipelined GET", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "TE.CL smuggling probe \u2014 TE: chunked + CL: 30 with pipelined GET", "scored": true, "durationMs": 0.5155, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nContent-Length: 30\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-TRAILING-SPACE", "description": "Content-Length with trailing space \u2014 OWS trimming is valid per RFC 9110 \u00a75.5", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with trailing space \u2014 OWS trimming is valid per RFC 9110 \u00a75.5", "scored": true, "durationMs": 50.4891, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5 \r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:44 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-DOUBLE-CHUNKED", "description": "Transfer-Encoding: chunked, chunked with CL is ambiguous", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: chunked, chunked with CL is ambiguous", "scored": true, "durationMs": 50.6381, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked, chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-EXTRA-LEADING-SP", "description": "Content-Length with extra leading whitespace (double space OWS)", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with extra leading whitespace (double space OWS)", "scored": true, "durationMs": 50.9601, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length:  5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:44 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-CASE-MISMATCH", "description": "Transfer-Encoding: Chunked (capital C) with CL \u2014 case-insensitive is valid", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: Chunked (capital C) with CL \u2014 case-insensitive is valid", "scored": true, "durationMs": 50.6626, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: Chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-COMMA-DIFFERENT", "description": "Content-Length with comma-separated different values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with comma-separated different values must be rejected", "scored": true, "durationMs": 50.4656, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5, 10\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-NOT-FINAL-CHUNKED", "description": "Transfer-Encoding where chunked is not final \u2014 server MUST respond with 400 (RFC 9112 \u00a76.3)", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding where chunked is not final \u2014 server MUST respond with 400 (RFC 9112 \u00a76.3)", "scored": true, "durationMs": 50.4504, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked, gzip\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-HTTP10", "description": "Transfer-Encoding in HTTP/1.0 request must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding in HTTP/1.0 request must be rejected", "scored": true, "durationMs": 50.4561, "rawRequest": "POST / HTTP/1.0\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-BARE-SEMICOLON", "description": "Chunk size with bare semicolon and no extension name must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Chunk size with bare semicolon and no extension name must be rejected", "scored": true, "durationMs": 50.7708, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:45 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-BARE-CR-HEADER-VALUE", "description": "Bare CR in header value must be rejected or replaced with SP", "category": "Smuggling", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare CR in header value must be rejected or replaced with SP", "scored": true, "durationMs": 50.5966, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nX-Test: val\rue\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-OCTAL", "description": "Content-Length with octal prefix (0o5) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with octal prefix (0o5) must be rejected", "scored": true, "durationMs": 50.5203, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0o5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-UNDERSCORE", "description": "Chunk size with underscores (1_0) must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size with underscores (1_0) must be rejected", "scored": true, "durationMs": 50.6234, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n1_0\r\nhello world!!!!!\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-EMPTY-VALUE", "description": "Transfer-Encoding with empty value must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding with empty value must be rejected", "scored": true, "durationMs": 50.6327, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:45 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": "Body: 5\r\nhello\r\n0"}, {"id": "SMUG-TE-LEADING-COMMA", "description": "Transfer-Encoding with leading comma (, chunked) \u2014 RFC says empty list elements MUST be ignored", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.6.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with leading comma (, chunked) \u2014 RFC says empty list elements MUST be ignored", "scored": true, "durationMs": 50.4681, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: , chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-DUPLICATE-HEADERS", "description": "Two Transfer-Encoding headers with CL present \u2014 ambiguous framing", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Two Transfer-Encoding headers with CL present \u2014 ambiguous framing", "scored": true, "durationMs": 50.4368, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nTransfer-Encoding: identity\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-HEX-PREFIX", "description": "Chunk size with 0x prefix must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size with 0x prefix must be rejected", "scored": true, "durationMs": 50.5234, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n0x5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-HEX-PREFIX", "description": "Content-Length with hex prefix (0x5) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with hex prefix (0x5) must be rejected", "scored": true, "durationMs": 50.4144, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0x5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-INTERNAL-SPACE", "description": "Content-Length with internal space (1 0) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with internal space (1 0) must be rejected", "scored": true, "durationMs": 50.3506, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 1 0\r\n\r\nhello12345", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-LEADING-SP", "description": "Chunk size with leading space must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size with leading space must be rejected", "scored": true, "durationMs": 50.4362, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n 5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-MISSING-TRAILING-CRLF", "description": "Chunk data without trailing CRLF must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk data without trailing CRLF must be rejected", "scored": true, "durationMs": 50.5271, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-LF", "description": "Bare LF in chunk extension \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare LF in chunk extension \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 50.602, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-SPILL", "description": "Chunk declares size 5 but sends 7 bytes \u2014 oversized chunk data must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk declares size 5 but sends 7 bytes \u2014 oversized chunk data must be rejected", "scored": true, "durationMs": 50.4697, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello!!\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-LF-TERM", "description": "Bare LF as chunk data terminator \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare LF as chunk data terminator \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 50.6501, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-CTRL", "description": "NUL byte in chunk extension must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "NUL byte in chunk extension must be rejected", "scored": true, "durationMs": 50.4874, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\u0000ext\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-CR", "description": "Bare CR (not CRLF) in chunk extension \u2014 some parsers treat CR alone as line ending", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare CR (not CRLF) in chunk extension \u2014 some parsers treat CR alone as line ending", "scored": true, "durationMs": 50.5505, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;a\rX\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-VTAB", "description": "Vertical tab before 'chunked' in TE value \u2014 control char obfuscation vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Vertical tab before 'chunked' in TE value \u2014 control char obfuscation vector", "scored": true, "durationMs": 50.3761, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \u000bchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-FORMFEED", "description": "Form feed before 'chunked' in TE value \u2014 control char obfuscation vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Form feed before 'chunked' in TE value \u2014 control char obfuscation vector", "scored": true, "durationMs": 50.46, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \fchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-NULL", "description": "NUL byte appended to 'chunked' in TE value \u2014 C-string truncation attack", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "NUL byte appended to 'chunked' in TE value \u2014 C-string truncation attack", "scored": true, "durationMs": 50.5705, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\u0000\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-LF-TRAILER", "description": "Bare LF in chunked trailer termination \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Bare LF in chunked trailer termination \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 50.7627, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:46 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-IDENTITY", "description": "Transfer-Encoding: identity (deprecated) with CL must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: identity (deprecated) with CL must be rejected", "scored": true, "durationMs": 50.4691, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: identity\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-NEGATIVE", "description": "Negative chunk size must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Negative chunk size must be rejected", "scored": true, "durationMs": 50.559, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n-1\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRANSFER_ENCODING", "description": "Transfer_Encoding (underscore) header with CL \u2014 not a valid header but some parsers accept", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer_Encoding (underscore) header with CL \u2014 not a valid header but some parsers accept", "scored": false, "durationMs": 50.694, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer_Encoding: chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:46 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": "Body: 5\r\nhello\r\n0"}, {"id": "SMUG-CL-COMMA-SAME", "description": "Content-Length with comma-separated identical values \u2014 some servers merge", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with comma-separated identical values \u2014 some servers merge", "scored": false, "durationMs": 50.588, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5, 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNKED-WITH-PARAMS", "description": "Transfer-Encoding: chunked;ext=val \u2014 parameters on chunked encoding", "category": "Smuggling", "rfc": "RFC 9112 \u00a77", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: chunked;ext=val \u2014 parameters on chunked encoding", "scored": true, "durationMs": 50.5987, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked;ext=val\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-EXPECT-100-CL", "description": "Expect: 100-continue with Content-Length \u2014 server should send 100 then read body", "category": "Smuggling", "rfc": "RFC 9110 \u00a710.1.1", "verdict": "Fail", "statusCode": 100, "expected": "400 or 2xx", "got": "100", "connectionState": "Open", "reason": "Expected 400 or 2xx, got 100 \u2014 Expect: 100-continue with Content-Length \u2014 server should send 100 then read body", "scored": false, "durationMs": 50.8377, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nExpect: 100-continue\r\n\r\nhello", "rawResponse": "HTTP/1.1 100 Continue\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-CL", "description": "Content-Length in chunked trailers must be ignored \u2014 prohibited trailer field", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length in chunked trailers must be ignored \u2014 prohibited trailer field", "scored": false, "durationMs": 50.7368, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nContent-Length: 50\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:46 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-TE", "description": "Transfer-Encoding in chunked trailers must be ignored \u2014 prohibited trailer field", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding in chunked trailers must be ignored \u2014 prohibited trailer field", "scored": false, "durationMs": 50.5185, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nTransfer-Encoding: chunked\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-HOST", "description": "Host header in chunked trailers must not be used for routing", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Host header in chunked trailers must not be used for routing", "scored": false, "durationMs": 50.6865, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nHost: evil.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:46 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-AUTH", "description": "Authorization header in chunked trailers \u2014 prohibited per RFC 9110 \u00a76.5.1", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Authorization header in chunked trailers \u2014 prohibited per RFC 9110 \u00a76.5.1", "scored": false, "durationMs": 50.6587, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nAuthorization: Bearer evil\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:46 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-HEAD-CL-BODY", "description": "HEAD request with Content-Length and body \u2014 server must not leave body on connection", "category": "Smuggling", "rfc": "RFC 9110 \u00a79.3.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "HEAD request with Content-Length and body \u2014 server must not leave body on connection", "scored": false, "durationMs": 50.6829, "rawRequest": "HEAD / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:46 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-OPTIONS-CL-BODY", "description": "OPTIONS with Content-Length and body \u2014 server should consume or reject body", "category": "Smuggling", "rfc": "RFC 9110 \u00a79.3.7", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "OPTIONS with Content-Length and body \u2014 server should consume or reject body", "scored": false, "durationMs": 50.6338, "rawRequest": "OPTIONS / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:46 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-UNDERSCORE", "description": "Content-Length with underscore digit separator (1_0) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with underscore digit separator (1_0) must be rejected", "scored": true, "durationMs": 50.5511, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 1_0\r\n\r\nhelloworld", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-NEGATIVE-ZERO", "description": "Content-Length: -0 must be rejected \u2014 not valid 1*DIGIT", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length: -0 must be rejected \u2014 not valid 1*DIGIT", "scored": true, "durationMs": 50.6602, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: -0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-DOUBLE-ZERO", "description": "Content-Length: 00 \u2014 matches 1*DIGIT but leading zero ambiguity", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length: 00 \u2014 matches 1*DIGIT but leading zero ambiguity", "scored": true, "durationMs": 50.915, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 00\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:46 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-LEADING-ZEROS-OCTAL", "description": "Content-Length: 0200 \u2014 octal 128 vs decimal 200, parser disagreement vector", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length: 0200 \u2014 octal 128 vs decimal 200, parser disagreement vector", "scored": true, "durationMs": 50.7828, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0200\r\n\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:46 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\nc8\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-OBS-FOLD", "description": "Transfer-Encoding with obs-fold line wrapping must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a75.1", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with obs-fold line wrapping must be rejected", "scored": true, "durationMs": 50.572, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding:\r\n chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-TRAILING-COMMA", "description": "Transfer-Encoding: chunked, \u2014 trailing comma produces empty list element", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.6.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: chunked, \u2014 trailing comma produces empty list element", "scored": true, "durationMs": 50.6026, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked,\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-TAB-BEFORE-VALUE", "description": "Transfer-Encoding with tab as OWS before value", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with tab as OWS before value", "scored": false, "durationMs": 50.6711, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding:\tchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-ABSOLUTE-URI-HOST-MISMATCH", "description": "Absolute-form URI with different Host header \u2014 routing confusion vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a73.2.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Absolute-form URI with different Host header \u2014 routing confusion vector", "scored": false, "durationMs": 50.7558, "rawRequest": "GET http://other.example.com/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:47 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-MULTIPLE-HOST-COMMA", "description": "Host header with comma-separated values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a77.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Host header with comma-separated values must be rejected", "scored": true, "durationMs": 50.537, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080, other.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:47 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-BARE-CR-TERM", "description": "Chunk size line terminated by bare CR \u2014 not a valid line terminator", "category": "Smuggling", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size line terminated by bare CR \u2014 not a valid line terminator", "scored": true, "durationMs": 50.6954, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\rhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-CONTENT-TYPE", "description": "Content-Type in chunked trailer \u2014 prohibited per RFC 9110 \u00a76.5.1", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Type in chunked trailer \u2014 prohibited per RFC 9110 \u00a76.5.1", "scored": false, "durationMs": 50.8122, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nContent-Type: text/evil\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:47 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-BINARY-GARBAGE", "description": "Random binary garbage should be rejected or connection closed", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "Random binary garbage should be rejected or connection closed", "scored": true, "durationMs": 50.8293, "rawRequest": ">\u0017???\u0004?;???V???:o?M%U\u0017]?n?\t\u0014W??6??(\u000b??\u0007???p??\u0005\tngk??\rF?'??'\"?????g?\u001a?????rvc??7i??????)??\u0000Q?????\u000eq\u0005-~????>B??u?8???`\u000b?J\u0017>?\u001d?b?\t???T5{\n????\u0006t|????\u0018\u0010?D??\u0015'????dQ%5w\tN K???\r?\u0011????D?\u0003I?(?\u0011??\r?\u001bi?L???\u0005?kg4Ze\f6??\"QT><<`\u0007u\f????=1?jMah\u0012??+?-??J\u001cP??\u001d?7?,???j2\u0014????(", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-LONG-URL", "description": "100KB URL should be rejected with 414 URI Too Long", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 431, "expected": "400/414/431 or close", "got": "431", "connectionState": "ClosedByServer", "reason": "100KB URL should be rejected with 414 URI Too Long", "scored": true, "durationMs": 52.7912, "rawRequest": "GET /AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 431 Request Header Fields Too Large\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-LONG-HEADER-VALUE", "description": "100KB header value should be rejected with 431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 431, "expected": "400/431 or close", "got": "431", "connectionState": "ClosedByServer", "reason": "100KB header value should be rejected with 431", "scored": true, "durationMs": 51.2137, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Big: BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB", "rawResponse": "HTTP/1.1 431 Request Header Fields Too Large\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-MANY-HEADERS", "description": "10,000 headers should be rejected with 431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 431, "expected": "400/431 or close", "got": "431", "connectionState": "ClosedByServer", "reason": "10,000 headers should be rejected with 431", "scored": true, "durationMs": 51.6279, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-H-0: value\r\nX-H-1: value\r\nX-H-2: value\r\nX-H-3: value\r\nX-H-4: value\r\nX-H-5: value\r\nX-H-6: value\r\nX-H-7: value\r\nX-H-8: value\r\nX-H-9: value\r\nX-H-10: value\r\nX-H-11: value\r\nX-H-12: value\r\nX-H-13: value\r\nX-H-14: value\r\nX-H-15: value\r\nX-H-16: value\r\nX-H-17: value\r\nX-H-18: value\r\nX-H-19: value\r\nX-H-20: value\r\nX-H-21: value\r\nX-H-22: value\r\nX-H-23: value\r\nX-H-24: value\r\nX-H-25: value\r\nX-H-26: value\r\nX-H-27: value\r\nX-H-28: value\r\nX-H-29: value\r\nX-H-30: value\r\nX-H-31: value\r\nX-H-32: value\r\nX-H-33: value\r\nX-H-34: value\r\nX-H-35: value\r\nX-H-36: value\r\nX-H-37: value\r\nX-H-38: value\r\nX-H-39: value\r\nX-H-40: value\r\nX-H-41: value\r\nX-H-42: value\r\nX-H-43: value\r\nX-H-44: value\r\nX-H-45: value\r\nX-H-46: value\r\nX-H-47: value\r\nX-H-48: value\r\nX-H-49: value\r\nX-H-50: value\r\nX-H-51: value\r\nX-H-52: value\r\nX-H-53: value\r\nX-H-54: value\r\nX-H-55: value\r\nX-H-56: value\r\nX-H-57: value\r\nX-H-58: value\r\nX-H-59: value\r\nX-H-60: value\r\nX-H-61: value\r\nX-H-62: value\r\nX-H-63: value\r\nX-H-64: value\r\nX-H-65: value\r\nX-H-66: value\r\nX-H-67: value\r\nX-H-68: value\r\nX-H-69: value\r\nX-H-70: value\r\nX-H-71: value\r\nX-H-72: value\r\nX-H-73: value\r\nX-H-74: value\r\nX-H-75: value\r\nX-H-76: value\r\nX-H-77: value\r\nX-H-78: value\r\nX-H-79: value\r\nX-H-80: value\r\nX-H-81: value\r\nX-H-82: value\r\nX-H-83: value\r\nX-H-84: value\r\nX-H-85: value\r\nX-H-86: value\r\nX-H-87: value\r\nX-H-88: value\r\nX-H-89: value\r\nX-H-90: value\r\nX-H-91: value\r\nX-H-92: value\r\nX-H-93: value\r\nX-H-94: value\r\nX-H-95: value\r\nX-H-96: value\r\nX-H-97: value\r\nX-H-98: value\r\nX-H-99: value\r\nX-H-100: value\r\nX-H-101: value\r\nX-H-102: value\r\nX-H-103: value\r\nX-H-104: value\r\nX-H-105: value\r\nX-H-106: value\r\nX-H-107: value\r\nX-H-108: value\r\nX-H-109: value\r\nX-H-110: value\r\nX-H-111: value\r\nX-H-112: value\r\nX-H-113: value\r\nX-H-114: value\r\nX-H-115: value\r\nX-H-116: value\r\nX-H-117: value\r\nX-H-118: value\r\nX-H-119: value\r\nX-H-120: value\r\nX-H-121: value\r\nX-H-122: value\r\nX-H-123: value\r\nX-H-124: value\r\nX-H-125: value\r\nX-H-126: value\r\nX-H-127: value\r\nX-H-128: value\r\nX-H-129: value\r\nX-H-130: value\r\nX-H-131: value\r\nX-H-132: value\r\nX-H-133: value\r\nX-H-134: value\r\nX-H-135: value\r\nX-H-136: value\r\nX-H-137: value\r\nX-H-138: value\r\nX-H-139: value\r\nX-H-140: value\r\nX-H-141: value\r\nX-H-142: value\r\nX-H-143: value\r\nX-H-144: value\r\nX-H-145: value\r\nX-H-146: value\r\nX-H-147: value\r\nX-H-148: value\r\nX-H-149: value\r\nX-H-150: value\r\nX-H-151: value\r\nX-H-152: value\r\nX-H-153: value\r\nX-H-154: value\r\nX-H-155: value\r\nX-H-156: value\r\nX-H-157: value\r\nX-H-158: value\r\nX-H-159: value\r\nX-H-160: value\r\nX-H-161: value\r\nX-H-162: value\r\nX-H-163: value\r\nX-H-164: value\r\nX-H-165: value\r\nX-H-166: value\r\nX-H-167: value\r\nX-H-168: value\r\nX-H-169: value\r\nX-H-170: value\r\nX-H-171: value\r\nX-H-172: value\r\nX-H-173: value\r\nX-H-174: value\r\nX-H-175: value\r\nX-H-176: value\r\nX-H-177: value\r\nX-H-178: value\r\nX-H-179: value\r\nX-H-180: value\r\nX-H-181: value\r\nX-H-182: value\r\nX-H-183: value\r\nX-H-184: value\r\nX-H-185: value\r\nX-H-186: value\r\nX-H-187: value\r\nX-H-188: value\r\nX-H-189: value\r\nX-H-190: value\r\nX-H-191: value\r\nX-H-192: value\r\nX-H-193: value\r\nX-H-194: value\r\nX-H-195: value\r\nX-H-196: value\r\nX-H-197: value\r\nX-H-198: value\r\nX-H-199: value\r\nX-H-200: value\r\nX-H-201: value\r\nX-H-202: value\r\nX-H-203: value\r\nX-H-204: value\r\nX-H-205: value\r\nX-H-206: value\r\nX-H-207: value\r\nX-H-208: value\r\nX-H-209: value\r\nX-H-210: value\r\nX-H-211: value\r\nX-H-212: value\r\nX-H-213: value\r\nX-H-214: value\r\nX-H-215: value\r\nX-H-216: value\r\nX-H-217: value\r\nX-H-218: value\r\nX-H-219: value\r\nX-H-220: value\r\nX-H-221: value\r\nX-H-222: value\r\nX-H-223: value\r\nX-H-224: value\r\nX-H-225: value\r\nX-H-226: value\r\nX-H-227: value\r\nX-H-228: value\r\nX-H-229: value\r\nX-H-230: value\r\nX-H-231: value\r\nX-H-232: value\r\nX-H-233: value\r\nX-H-234: value\r\nX-H-235: value\r\nX-H-236: value\r\nX-H-237: value\r\nX-H-238: value\r\nX-H-239: value\r\nX-H-240: value\r\nX-H-241: value\r\nX-H-242: value\r\nX-H-243: value\r\nX-H-244: value\r\nX-H-245: value\r\nX-H-246: value\r\nX-H-247: value\r\nX-H-248: value\r\nX-H-249: value\r\nX-H-250: value\r\nX-H-251: value\r\nX-H-252: value\r\nX-H-253: value\r\nX-H-254: value\r\nX-H-255: value\r\nX-H-256: value\r\nX-H-257: value\r\nX-H-258: value\r\nX-H-259: value\r\nX-H-260: value\r\nX-H-261: value\r\nX-H-262: value\r\nX-H-263: value\r\nX-H-264: value\r\nX-H-265: value\r\nX-H-266: value\r\nX-H-267: value\r\nX-H-268: value\r\nX-H-269: value\r\nX-H-270: value\r\nX-H-271: value\r\nX-H-272: value\r\nX-H-273: value\r\nX-H-274: value\r\nX-H-275: value\r\nX-H-276: value\r\nX-H-277: value\r\nX-H-278: value\r\nX-H-279: value\r\nX-H-280: value\r\nX-H-281: value\r\nX-H-282: value\r\nX-H-283: value\r\nX-H-284: value\r\nX-H-285: value\r\nX-H-286: value\r\nX-H-287: value\r\nX-H-288: value\r\nX-H-289: value\r\nX-H-290: value\r\nX-H-291: value\r\nX-H-292: value\r\nX-H-293: value\r\nX-H-294: value\r\nX-H-295: value\r\nX-H-296: value\r\nX-H-297: value\r\nX-H-298: value\r\nX-H-299: value\r\nX-H-300: value\r\nX-H-301: value\r\nX-H-302: value\r\nX-H-303: value\r\nX-H-304: value\r\nX-H-305: value\r\nX-H-306: value\r\nX-H-307: value\r\nX-H-308: value\r\nX-H-309: value\r\nX-H-310: value\r\nX-H-311: value\r\nX-H-312: value\r\nX-H-313: value\r\nX-H-314: value\r\nX-H-315: value\r\nX-H-316: value\r\nX-H-317: value\r\nX-H-318: value\r\nX-H-319: value\r\nX-H-320: value\r\nX-H-321: value\r\nX-H-322: value\r\nX-H-323: value\r\nX-H-324: value\r\nX-H-325: value\r\nX-H-326: value\r\nX-H-327: value\r\nX-H-328: value\r\nX-H-329: value\r\nX-H-330: value\r\nX-H-331: value\r\nX-H-332: value\r\nX-H-333: value\r\nX-H-334: value\r\nX-H-335: value\r\nX-H-336: value\r\nX-H-337: value\r\nX-H-338: value\r\nX-H-339: value\r\nX-H-340: value\r\nX-H-341: value\r\nX-H-342: value\r\nX-H-343: value\r\nX-H-344: value\r\nX-H-345: value\r\nX-H-346: value\r\nX-H-347: value\r\nX-H-348: value\r\nX-H-349: value\r\nX-H-350: value\r\nX-H-351: value\r\nX-H-352: value\r\nX-H-353: value\r\nX-H-354: value\r\nX-H-355: value\r\nX-H-356: value\r\nX-H-357: value\r\nX-H-358: value\r\nX-H-359: value\r\nX-H-360: value\r\nX-H-361: value\r\nX-H-362: value\r\nX-H-363: value\r\nX-H-364: value\r\nX-H-365: value\r\nX-H-366: value\r\nX-H-367: value\r\nX-H-368: value\r\nX-H-369: value\r\nX-H-370: value\r\nX-H-371: value\r\nX-H-372: value\r\nX-H-373: value\r\nX-H-374: value\r\nX-H-375: value\r\nX-H-376: value\r\nX-H-377: value\r\nX-H-378: value\r\nX-H-379: value\r\nX-H-380: value\r\nX-H-381: value\r\nX-H-382: value\r\nX-H-383: value\r\nX-H-384: value\r\nX-H-385: value\r\nX-H-386: value\r\nX-H-387: value\r\nX-H-388: value\r\nX-H-389: value\r\nX-H-390: value\r\nX-H-391: value\r\nX-H-392: value\r\nX-H-393: value\r\nX-H-394: value\r\nX-H-395: value\r\nX-H-396: value\r\nX-H-397: value\r\nX-H-398: value\r\nX-H-399: value\r\nX-H-400: value\r\nX-H-401: value\r\nX-H-402: value\r\nX-H-403: value\r\nX-H-404: value\r\nX-H-405: value\r\nX-H-406: value\r\nX-H-407: value\r\nX-H-408: value\r\nX-H-409: value\r\nX-H-410: value\r\nX-H-411: value\r\nX-H-412: value\r\nX-H-413: value\r\nX-H-414: value\r\nX-H-415: value\r\nX-H-416: value\r\nX-H-417: value\r\nX-H-418: value\r\nX-H-419: value\r\nX-H-420: value\r\nX-H-421: value\r\nX-H-422: value\r\nX-H-423: value\r\nX-H-424: value\r\nX-H-425: value\r\nX-H-426: value\r\nX-H-427: value\r\nX-H-428: value\r\nX-H-429: value\r\nX-H-430: value\r\nX-H-431: value\r\nX-H-432: value\r\nX-H-433: value\r\nX-H-434: value\r\nX-H-435: value\r\nX-H-436: value\r\nX-H-437: value\r\nX-H-438: value\r\nX-H-439: value\r\nX-H-440: value\r\nX-H-441: value\r\nX-H-442: value\r\nX-H-443: value\r\nX-H-444: value\r\nX-H-445: value\r\nX-H-446: value\r\nX-H-447: value\r\nX-H-448: value\r\nX-H-449: value\r\nX-H-450: value\r\nX-H-451: value\r\nX-H-452: value\r\nX-H-453: value\r\nX-H-454: value\r\nX-H-455: value\r\nX-H-456: value\r\nX-H-457: value\r\nX-H-458: value\r\nX-H-459: value\r\nX-H-460: value\r\nX-H-461: value\r\nX-H-462: value\r\nX-H-463: value\r\nX-H-464: value\r\nX-H-465: value\r\nX-H-466: value\r\nX-H-467: value\r\nX-H-468: value\r\nX-H-469: value\r\nX-H-470: value\r\nX-H-471: value\r\nX-H-472: value\r\nX-H-473: value\r\nX-H-474: value\r\nX-H-475: value\r\nX-H-476: value\r\nX-H-477: value\r\nX-H-478: value\r\nX-H-479: value\r\nX-H-480: value\r\nX-H-481: value\r\nX-H-482: value\r\nX-H-483: value\r\nX-H-484: value\r\nX-H-485: value\r\nX-H-486: value\r\nX-H-487: value\r\nX-H-488: value\r\nX-H-489: value\r\nX-H-490: value\r\nX-H-491: value\r\nX-H-492: value\r\nX-H-493: value\r\nX-H-494: value\r\nX-H-495: value\r\nX-H-496: value\r\nX-H-497: value\r\nX-H-498: value\r\nX-H-499: value\r\nX-H-500: value\r\nX-H-501: value\r\nX-H-502: value\r\nX-H-503: value\r\nX-H-504: value\r\nX-H-505: value\r\nX-H-506: value\r\nX-H-507: value\r\nX-H-508: value\r\nX-H-509: value\r\nX-H-510: value\r\nX-H-511: value\r\nX-H-512: value\r\nX-H-513: value\r\nX-H-514: value\r\nX-H-515: value\r\nX-H-516:", "rawResponse": "HTTP/1.1 431 Request Header Fields Too Large\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-NUL-IN-URL", "description": "NUL byte in URL should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "NUL byte in URL should be rejected", "scored": true, "durationMs": 50.3974, "rawRequest": "GET /\u0000test HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-CONTROL-CHARS-HEADER", "description": "Control characters in header value should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Control characters in header value should be rejected", "scored": true, "durationMs": 50.4214, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: abc\u0007\b?f\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-INCOMPLETE-REQUEST", "description": "Partial HTTP request \u2014 request-line and headers but no final CRLF", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Partial HTTP request \u2014 request-line and headers but no final CRLF", "scored": true, "durationMs": 5000.5739, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: value", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-EMPTY-REQUEST", "description": "Zero bytes \u2014 TCP connection established without sending any data", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Zero bytes \u2014 TCP connection established without sending any data", "scored": true, "durationMs": 5000.3686, "rawRequest": "", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-LONG-HEADER-NAME", "description": "100KB header name should be rejected with 400/431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 431, "expected": "400/431 or close", "got": "431", "connectionState": "ClosedByServer", "reason": "100KB header name should be rejected with 400/431", "scored": true, "durationMs": 51.3496, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 431 Request Header Fields Too Large\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-LONG-METHOD", "description": "100KB method name should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "100KB method name should be rejected", "scored": true, "durationMs": 50.9727, "rawRequest": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-NON-ASCII-HEADER-NAME", "description": "Non-ASCII bytes (UTF-8 \u00eb) in header name must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Non-ASCII bytes (UTF-8 \u00eb) in header name must be rejected", "scored": true, "durationMs": 50.5403, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-T??st: value\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-NON-ASCII-URL", "description": "Non-ASCII bytes (UTF-8 \u00e9) in URL must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Non-ASCII bytes (UTF-8 \u00e9) in URL must be rejected", "scored": true, "durationMs": 50.7459, "rawRequest": "GET /caf?? HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:57 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-CL-OVERFLOW", "description": "Content-Length with integer overflow value must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with integer overflow value must be rejected", "scored": true, "durationMs": 50.5161, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 99999999999999999999\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-WHITESPACE-ONLY-LINE", "description": "Whitespace-only request line should be rejected or timeout", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "Whitespace-only request line should be rejected or timeout", "scored": true, "durationMs": 50.7649, "rawRequest": "   \r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-NUL-IN-HEADER-VALUE", "description": "NUL byte in header value should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "NUL byte in header value should be rejected", "scored": true, "durationMs": 50.6501, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: val\u0000ue\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-CHUNK-SIZE-OVERFLOW", "description": "Chunk size with integer overflow must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size with integer overflow must be rejected", "scored": true, "durationMs": 50.5715, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\nFFFFFFFFFFFFFFFF0\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-H2-PREFACE", "description": "HTTP/2 connection preface sent to HTTP/1.1 server must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/505/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/2 connection preface sent to HTTP/1.1 server must be rejected", "scored": true, "durationMs": 50.671, "rawRequest": "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-CL-EMPTY", "description": "Empty Content-Length value must be rejected", "category": "MalformedInput", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Empty Content-Length value must be rejected", "scored": true, "durationMs": 50.6155, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: \r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-CL-TAB-BEFORE-VALUE", "description": "Content-Length with tab as OWS \u2014 valid per RFC but unusual", "category": "MalformedInput", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with tab as OWS \u2014 valid per RFC but unusual", "scored": true, "durationMs": 50.8027, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length:\t5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:58 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-URL-BACKSLASH", "description": "Backslash in URL path \u2014 not valid URI character, some servers normalize to /", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx/404", "got": "200", "connectionState": "Open", "reason": "Backslash in URL path \u2014 not valid URI character, some servers normalize to /", "scored": true, "durationMs": 50.6406, "rawRequest": "GET /path\\file HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:58 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-URL-OVERLONG-UTF8", "description": "Overlong UTF-8 encoding of / (0xC0 0xAF) in URL must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Overlong UTF-8 encoding of / (0xC0 0xAF) in URL must be rejected", "scored": true, "durationMs": 50.5769, "rawRequest": "GET /?? HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:58 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-URL-PERCENT-NULL", "description": "Percent-encoded NUL byte (%00) in URL \u2014 security risk from null byte injection", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx/404", "got": "200", "connectionState": "Open", "reason": "Percent-encoded NUL byte (%00) in URL \u2014 security risk from null byte injection", "scored": true, "durationMs": 50.5369, "rawRequest": "GET /path%00.html HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:58 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-URL-PERCENT-CRLF", "description": "Percent-encoded CRLF (%0d%0a) in URL \u2014 header injection if server decodes during parsing", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx/404", "got": "200", "connectionState": "Open", "reason": "Percent-encoded CRLF (%0d%0a) in URL \u2014 header injection if server decodes during parsing", "scored": true, "durationMs": 50.6145, "rawRequest": "GET /path%0d%0aX-Injected:%20true HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:58 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-CHUNK-EXT-64K", "description": "64KB chunk extension \u2014 tests extension length limits (CVE-2023-39326 class)", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 413, "expected": "400 or 2xx", "got": "413", "connectionState": "ClosedByServer", "reason": "Expected 400 or 2xx, got 413 \u2014 64KB chunk extension \u2014 tests extension length limits (CVE-2023-39326 class)", "scored": true, "durationMs": 51.4966, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;ext=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "rawResponse": "HTTP/1.1 413 Payload Too Large\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-RANGE-OVERLAPPING", "description": "1000 overlapping Range values \u2014 resource exhaustion vector (CVE-2011-3192 class)", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "200/206/400/416", "got": "200", "connectionState": "Open", "reason": "1000 overlapping Range values \u2014 resource exhaustion vector (CVE-2011-3192 class)", "scored": false, "durationMs": 50.3643, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nRange: bytes=0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:58 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-POST-CL-HUGE-NO-BODY", "description": "POST with Content-Length: 999999999 but no body \u2014 tests timeout vs memory allocation", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "POST with Content-Length: 999999999 but no body \u2014 tests timeout vs memory allocation", "scored": true, "durationMs": 5000.9877, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 999999999\r\n\r\n", "rawResponse": null, "behavioralNote": null}], "name": "Node.js HTTP", "language": "JavaScript"}, {"summary": {"total": 143, "scored": 125, "passed": 92, "failed": 18, "warnings": 15, "unscored": 18}, "results": [{"id": "COMP-BASELINE", "description": "Valid GET request \u2014 confirms server is reachable", "category": "Compliance", "rfc": null, "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid GET request \u2014 confirms server is reachable", "scored": true, "durationMs": 63.37, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nETag: W/\"2-nOO9QiTIwXgNtWtBJezz8kv3SLc\"\r\nDate: Thu, 12 Feb 2026 21:23:37 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-2.2-BARE-LF-REQUEST-LINE", "description": "Bare LF in request line should be rejected, but MAY be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or close (pass), 2xx (warn)", "got": "200", "connectionState": "Open", "reason": "Bare LF in request line should be rejected, but MAY be accepted", "scored": true, "durationMs": 51.0953, "rawRequest": "GET / HTTP/1.1\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nETag: W/\"2-nOO9QiTIwXgNtWtBJezz8kv3SLc\"\r\nDate: Thu, 12 Feb 2026 21:23:37 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-2.2-BARE-LF-HEADER", "description": "Bare LF in header should be rejected, but MAY be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close (pass), 2xx (warn)", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare LF in header should be rejected, but MAY be accepted", "scored": true, "durationMs": 50.8883, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\nX-Test: value\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-5.1-OBS-FOLD", "description": "Obs-fold (line folding) in headers should be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75.1", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "Open", "reason": "Expected 400, got 200 \u2014 Obs-fold (line folding) in headers should be rejected", "scored": true, "durationMs": 50.9017, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: value\r\n continued\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nETag: W/\"2-nOO9QiTIwXgNtWtBJezz8kv3SLc\"\r\nDate: Thu, 12 Feb 2026 21:23:37 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9110-5.6.2-SP-BEFORE-COLON", "description": "Whitespace between header name and colon must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "Open", "reason": "Expected 400, got 200 \u2014 Whitespace between header name and colon must be rejected", "scored": true, "durationMs": 51.1526, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test : value\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nETag: W/\"2-nOO9QiTIwXgNtWtBJezz8kv3SLc\"\r\nDate: Thu, 12 Feb 2026 21:23:37 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-3-MULTI-SP-REQUEST-LINE", "description": "Multiple spaces between request-line components \u2014 SHOULD reject but MAY parse leniently", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Multiple spaces between request-line components \u2014 SHOULD reject but MAY parse leniently", "scored": true, "durationMs": 51.0697, "rawRequest": "GET  / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nETag: W/\"2-nOO9QiTIwXgNtWtBJezz8kv3SLc\"\r\nDate: Thu, 12 Feb 2026 21:23:37 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-7.1-MISSING-HOST", "description": "Request without Host header must be rejected with 400", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "Open", "reason": "Expected 400, got 200 \u2014 Request without Host header must be rejected with 400", "scored": true, "durationMs": 50.8575, "rawRequest": "GET / HTTP/1.1\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nETag: W/\"2-nOO9QiTIwXgNtWtBJezz8kv3SLc\"\r\nDate: Thu, 12 Feb 2026 21:23:37 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-2.3-INVALID-VERSION", "description": "Invalid HTTP version must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400/505 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Invalid HTTP version must be rejected", "scored": true, "durationMs": 51.0255, "rawRequest": "GET / HTTP/9.9\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-5-EMPTY-HEADER-NAME", "description": "Empty header name (leading colon) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Empty header name (leading colon) must be rejected", "scored": true, "durationMs": 50.8396, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\n: empty-name\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nETag: W/\"2-nOO9QiTIwXgNtWtBJezz8kv3SLc\"\r\nDate: Thu, 12 Feb 2026 21:23:37 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-3-CR-ONLY-LINE-ENDING", "description": "CR without LF as line ending must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "CR without LF as line ending must be rejected", "scored": true, "durationMs": 50.5573, "rawRequest": "GET / HTTP/1.1\rHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-3-MISSING-TARGET", "description": "Request line with no target (space but no path) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Request line with no target (space but no path) must be rejected", "scored": true, "durationMs": 50.5865, "rawRequest": "GET HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-3.2-FRAGMENT-IN-TARGET", "description": "Fragment (#) in request-target \u2014 not part of origin-form grammar", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 404, "expected": "400 or 2xx", "got": "404", "connectionState": "Open", "reason": "Expected 400 or 2xx, got 404 \u2014 Fragment (#) in request-target \u2014 not part of origin-form grammar", "scored": true, "durationMs": 53.6657, "rawRequest": "GET /path#frag HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nX-Powered-By: Express\r\nContent-Security-Policy: default-src 'none'\r\nX-Content-Type-Options: nosniff\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 143\r\nDate: Thu, 12 Feb 2026 21:23:37 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\n<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n<meta charset=\"utf-8\">\n<title>Error</title>\n</head>\n<body>\n<pre>Cannot GET /path</pre>\n</body>\n</html>\n", "behavioralNote": null}, {"id": "RFC9112-2.3-HTTP09-REQUEST", "description": "HTTP/0.9 request (no version) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "HTTP/0.9 request (no version) must be rejected", "scored": true, "durationMs": 5001.1242, "rawRequest": "GET /\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "RFC9112-5-INVALID-HEADER-NAME", "description": "Header name with invalid characters (brackets) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Header name with invalid characters (brackets) must be rejected", "scored": true, "durationMs": 50.6979, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nBad[Name: value\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-5-HEADER-NO-COLON", "description": "Header line without colon must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Header line without colon must be rejected", "scored": true, "durationMs": 50.6634, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nNoColonHere\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "RFC9110-5.4-DUPLICATE-HOST", "description": "Duplicate Host headers with different values must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "Open", "reason": "Expected 400, got 200 \u2014 Duplicate Host headers with different values must be rejected", "scored": true, "durationMs": 51.6926, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nHost: other.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nETag: W/\"2-nOO9QiTIwXgNtWtBJezz8kv3SLc\"\r\nDate: Thu, 12 Feb 2026 21:23:42 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-6.1-CL-NON-NUMERIC", "description": "Non-numeric Content-Length must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Non-numeric Content-Length must be rejected", "scored": true, "durationMs": 50.8487, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: abc\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-6.1-CL-PLUS-SIGN", "description": "Content-Length with plus sign must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with plus sign must be rejected", "scored": true, "durationMs": 51.0356, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: +5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "COMP-WHITESPACE-BEFORE-HEADERS", "description": "Whitespace before first header line must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Whitespace before first header line must be rejected", "scored": true, "durationMs": 51.2123, "rawRequest": "GET / HTTP/1.1\r\n \r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "COMP-DUPLICATE-HOST-SAME", "description": "Duplicate Host headers with identical values must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "Open", "reason": "Expected 400, got 200 \u2014 Duplicate Host headers with identical values must be rejected", "scored": true, "durationMs": 51.5242, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nETag: W/\"2-nOO9QiTIwXgNtWtBJezz8kv3SLc\"\r\nDate: Thu, 12 Feb 2026 21:23:42 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HOST-WITH-USERINFO", "description": "Host header with userinfo (user@host) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Host header with userinfo (user@host) must be rejected", "scored": true, "durationMs": 51.3682, "rawRequest": "GET / HTTP/1.1\r\nHost: user@localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nETag: W/\"2-nOO9QiTIwXgNtWtBJezz8kv3SLc\"\r\nDate: Thu, 12 Feb 2026 21:23:42 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HOST-WITH-PATH", "description": "Host header with path component must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Host header with path component must be rejected", "scored": true, "durationMs": 51.4255, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080/path\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nETag: W/\"2-nOO9QiTIwXgNtWtBJezz8kv3SLc\"\r\nDate: Thu, 12 Feb 2026 21:23:43 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-ASTERISK-WITH-GET", "description": "Asterisk-form (*) request-target with GET must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.4", "verdict": "Fail", "statusCode": 404, "expected": "400 or close", "got": "404", "connectionState": "Open", "reason": "Expected 400 or close, got 404 \u2014 Asterisk-form (*) request-target with GET must be rejected", "scored": true, "durationMs": 50.4704, "rawRequest": "GET * HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nX-Powered-By: Express\r\nContent-Security-Policy: default-src 'none'\r\nX-Content-Type-Options: nosniff\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 139\r\nDate: Thu, 12 Feb 2026 21:23:43 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\n<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n<meta charset=\"utf-8\">\n<title>Error</title>\n</head>\n<body>\n<pre>Cannot GET *</pre>\n</body>\n</html>\n", "behavioralNote": null}, {"id": "COMP-OPTIONS-STAR", "description": "OPTIONS * is the only valid asterisk-form request", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.4", "verdict": "Fail", "statusCode": 404, "expected": "2xx", "got": "404", "connectionState": "Open", "reason": "Expected 2xx, got 404 \u2014 OPTIONS * is the only valid asterisk-form request", "scored": true, "durationMs": 51.3717, "rawRequest": "OPTIONS * HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nX-Powered-By: Express\r\nContent-Security-Policy: default-src 'none'\r\nX-Content-Type-Options: nosniff\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 143\r\nDate: Thu, 12 Feb 2026 21:23:43 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\n<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n<meta charset=\"utf-8\">\n<title>Error</title>\n</head>\n<body>\n<pre>Cannot OPTIONS *</pre>\n</body>\n</html>\n", "behavioralNote": null}, {"id": "COMP-UNKNOWN-TE-501", "description": "Unknown Transfer-Encoding without CL should be rejected with 501", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400/501 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Unknown Transfer-Encoding without CL should be rejected with 501", "scored": true, "durationMs": 51.2451, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: gzip\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "COMP-LEADING-CRLF", "description": "Leading CRLF before request-line \u2014 server may ignore per RFC", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Leading CRLF before request-line \u2014 server may ignore per RFC", "scored": true, "durationMs": 51.5222, "rawRequest": "\r\n\r\nGET / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nETag: W/\"2-nOO9QiTIwXgNtWtBJezz8kv3SLc\"\r\nDate: Thu, 12 Feb 2026 21:23:43 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-ABSOLUTE-FORM", "description": "Absolute-form request-target \u2014 server should accept per RFC", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Absolute-form request-target \u2014 server should accept per RFC", "scored": true, "durationMs": 50.7465, "rawRequest": "GET http://localhost:8080/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nETag: W/\"2-nOO9QiTIwXgNtWtBJezz8kv3SLc\"\r\nDate: Thu, 12 Feb 2026 21:23:43 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-METHOD-CASE", "description": "Lowercase method 'get' \u2014 methods are case-sensitive per RFC", "category": "Compliance", "rfc": "RFC 9110 \u00a79.1", "verdict": "Pass", "statusCode": 400, "expected": "400/405/501 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Lowercase method 'get' \u2014 methods are case-sensitive per RFC", "scored": true, "durationMs": 50.707, "rawRequest": "get / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "COMP-POST-CL-BODY", "description": "POST with Content-Length and matching body must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "POST with Content-Length and matching body must be accepted", "scored": true, "durationMs": 51.0053, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: application/octet-stream\r\nContent-Length: 5\r\nETag: W/\"5-qvTGHdzF6KLavt4PO0gs2a6pQ00\"\r\nDate: Thu, 12 Feb 2026 21:23:43 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-POST-CL-ZERO", "description": "POST with Content-Length: 0 and no body must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "POST with Content-Length: 0 and no body must be accepted", "scored": true, "durationMs": 50.691, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: application/octet-stream\r\nContent-Length: 0\r\nETag: W/\"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk\"\r\nDate: Thu, 12 Feb 2026 21:23:43 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\n", "behavioralNote": null}, {"id": "COMP-POST-NO-CL-NO-TE", "description": "POST with neither Content-Length nor Transfer-Encoding \u2014 implicit zero-length body", "category": "Compliance", "rfc": "RFC 9112 \u00a76.3", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "POST with neither Content-Length nor Transfer-Encoding \u2014 implicit zero-length body", "scored": true, "durationMs": 50.8111, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: application/octet-stream\r\nContent-Length: 0\r\nETag: W/\"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk\"\r\nDate: Thu, 12 Feb 2026 21:23:43 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\n", "behavioralNote": null}, {"id": "COMP-POST-CL-UNDERSEND", "description": "POST with Content-Length: 10 but only 5 bytes sent \u2014 incomplete body", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "POST with Content-Length: 10 but only 5 bytes sent \u2014 incomplete body", "scored": true, "durationMs": 5001.0059, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 10\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-CHUNKED-BODY", "description": "Valid single-chunk POST must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid single-chunk POST must be accepted", "scored": true, "durationMs": 51.2161, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: application/octet-stream\r\nContent-Length: 5\r\nETag: W/\"5-qvTGHdzF6KLavt4PO0gs2a6pQ00\"\r\nDate: Thu, 12 Feb 2026 21:23:48 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-CHUNKED-MULTI", "description": "Valid multi-chunk POST must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid multi-chunk POST must be accepted", "scored": true, "durationMs": 51.3143, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n6\r\n world\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: application/octet-stream\r\nContent-Length: 11\r\nETag: W/\"b-Kq5sNclPz7QV2+lfQIuc6R7oRu0\"\r\nDate: Thu, 12 Feb 2026 21:23:48 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nhello world", "behavioralNote": null}, {"id": "COMP-CHUNKED-EMPTY", "description": "Zero-length chunked body (just terminator) must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "Zero-length chunked body (just terminator) must be accepted", "scored": true, "durationMs": 51.1874, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: application/octet-stream\r\nContent-Length: 0\r\nETag: W/\"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk\"\r\nDate: Thu, 12 Feb 2026 21:23:48 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-NO-FINAL", "description": "Chunked body without zero terminator \u2014 incomplete transfer", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Chunked body without zero terminator \u2014 incomplete transfer", "scored": true, "durationMs": 5001.4548, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-UPGRADE-POST", "description": "WebSocket upgrade via POST must not be accepted", "category": "Compliance", "rfc": "RFC 6455 \u00a74.1", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "WebSocket upgrade via POST must not be accepted", "scored": true, "durationMs": 51.6302, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 13\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: application/octet-stream\r\nContent-Length: 0\r\nETag: W/\"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk\"\r\nDate: Thu, 12 Feb 2026 21:23:53 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\n", "behavioralNote": null}, {"id": "COMP-UPGRADE-MISSING-CONN", "description": "Upgrade header without Connection: Upgrade must not trigger protocol switch", "category": "Compliance", "rfc": "RFC 9110 \u00a77.8", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "Upgrade header without Connection: Upgrade must not trigger protocol switch", "scored": true, "durationMs": 51.2674, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 13\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nETag: W/\"2-nOO9QiTIwXgNtWtBJezz8kv3SLc\"\r\nDate: Thu, 12 Feb 2026 21:23:53 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-UPGRADE-UNKNOWN", "description": "Upgrade to unknown protocol must not return 101", "category": "Compliance", "rfc": "RFC 9110 \u00a77.8", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "Upgrade to unknown protocol must not return 101", "scored": true, "durationMs": 51.5506, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: totally-made-up/1.0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nETag: W/\"2-nOO9QiTIwXgNtWtBJezz8kv3SLc\"\r\nDate: Thu, 12 Feb 2026 21:23:53 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-METHOD-CONNECT", "description": "CONNECT to an origin server must be rejected", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.6", "verdict": "Pass", "statusCode": null, "expected": "400/405/501 or close", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "CONNECT to an origin server must be rejected", "scored": true, "durationMs": 0.7334, "rawRequest": "CONNECT example.com:443 HTTP/1.1\r\nHost: example.com:443\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-EXPECT-UNKNOWN", "description": "Unknown Expect value should be rejected with 417", "category": "Compliance", "rfc": "RFC 9110 \u00a710.1.1", "verdict": "Pass", "statusCode": 417, "expected": "417 or 2xx", "got": "417", "connectionState": "Open", "reason": "Unknown Expect value should be rejected with 417", "scored": true, "durationMs": 50.9382, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nExpect: 200-ok\r\n\r\n", "rawResponse": "HTTP/1.1 417 Expectation Failed\r\nDate: Thu, 12 Feb 2026 21:23:53 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-GET-WITH-CL-BODY", "description": "GET with Content-Length and body \u2014 semantically unusual", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "GET with Content-Length and body \u2014 semantically unusual", "scored": false, "durationMs": 50.9575, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nETag: W/\"2-nOO9QiTIwXgNtWtBJezz8kv3SLc\"\r\nDate: Thu, 12 Feb 2026 21:23:53 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-CHUNKED-EXTENSION", "description": "Chunk extension (valid per RFC) \u2014 server should accept or may reject", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx or 400", "got": "200", "connectionState": "Open", "reason": "Chunk extension (valid per RFC) \u2014 server should accept or may reject", "scored": true, "durationMs": 51.1366, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;ext=value\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: application/octet-stream\r\nContent-Length: 5\r\nETag: W/\"5-qvTGHdzF6KLavt4PO0gs2a6pQ00\"\r\nDate: Thu, 12 Feb 2026 21:23:53 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-UPGRADE-INVALID-VER", "description": "WebSocket upgrade with unsupported version \u2014 should return 426", "category": "Compliance", "rfc": "RFC 6455 \u00a74.4", "verdict": "Warn", "statusCode": 200, "expected": "426 or 2xx", "got": "200", "connectionState": "Open", "reason": "WebSocket upgrade with unsupported version \u2014 should return 426", "scored": true, "durationMs": 51.3889, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 99\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nETag: W/\"2-nOO9QiTIwXgNtWtBJezz8kv3SLc\"\r\nDate: Thu, 12 Feb 2026 21:23:54 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-METHOD-TRACE", "description": "TRACE request \u2014 should be disabled in production", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.8", "verdict": "Fail", "statusCode": 404, "expected": "405/501 or 2xx", "got": "404", "connectionState": "Open", "reason": "Expected 405/501 or 2xx, got 404 \u2014 TRACE request \u2014 should be disabled in production", "scored": false, "durationMs": 51.4814, "rawRequest": "TRACE / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nX-Powered-By: Express\r\nContent-Security-Policy: default-src 'none'\r\nX-Content-Type-Options: nosniff\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 141\r\nDate: Thu, 12 Feb 2026 21:23:54 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\n<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n<meta charset=\"utf-8\">\n<title>Error</title>\n</head>\n<body>\n<pre>Cannot TRACE /</pre>\n</body>\n</html>\n", "behavioralNote": null}, {"id": "COMP-HOST-EMPTY-VALUE", "description": "Empty Host header value must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Empty Host header value must be rejected", "scored": true, "durationMs": 51.0979, "rawRequest": "GET / HTTP/1.1\r\nHost: \r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nETag: W/\"2-nOO9QiTIwXgNtWtBJezz8kv3SLc\"\r\nDate: Thu, 12 Feb 2026 21:23:54 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-REQUEST-LINE-TAB", "description": "Tab as request-line delimiter \u2014 SHOULD reject but MAY parse on whitespace", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Tab as request-line delimiter \u2014 SHOULD reject but MAY parse on whitespace", "scored": true, "durationMs": 50.6573, "rawRequest": "GET\t/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "COMP-VERSION-MISSING-MINOR", "description": "HTTP/1 with no minor version digit is invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/1 with no minor version digit is invalid", "scored": true, "durationMs": 50.5622, "rawRequest": "GET / HTTP/1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "COMP-VERSION-LEADING-ZEROS", "description": "HTTP/01.01 \u2014 leading zeros in version digits are invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/01.01 \u2014 leading zeros in version digits are invalid", "scored": true, "durationMs": 50.5099, "rawRequest": "GET / HTTP/01.01\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "COMP-VERSION-WHITESPACE", "description": "HTTP/ 1.1 \u2014 whitespace inside version token is invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/ 1.1 \u2014 whitespace inside version token is invalid", "scored": true, "durationMs": 50.4268, "rawRequest": "GET / HTTP/ 1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CONNECTION-CLOSE", "description": "Server must close connection after responding to Connection: close", "category": "Compliance", "rfc": "RFC 9112 \u00a79.3", "verdict": "Pass", "statusCode": 200, "expected": "2xx + close", "got": "200", "connectionState": "ClosedByServer", "reason": "Server must close connection after responding to Connection: close", "scored": true, "durationMs": 50.8559, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nETag: W/\"2-nOO9QiTIwXgNtWtBJezz8kv3SLc\"\r\nDate: Thu, 12 Feb 2026 21:23:54 GMT\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HTTP10-DEFAULT-CLOSE", "description": "HTTP/1.0 without keep-alive \u2014 server should close connection after response", "category": "Compliance", "rfc": "RFC 9112 \u00a79.3", "verdict": "Pass", "statusCode": 200, "expected": "2xx + close", "got": "200", "connectionState": "ClosedByServer", "reason": "HTTP/1.0 without keep-alive \u2014 server should close connection after response", "scored": true, "durationMs": 50.9114, "rawRequest": "GET / HTTP/1.0\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nETag: W/\"2-nOO9QiTIwXgNtWtBJezz8kv3SLc\"\r\nDate: Thu, 12 Feb 2026 21:23:54 GMT\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HTTP10-NO-HOST", "description": "HTTP/1.0 without Host header \u2014 valid per HTTP/1.0", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Warn", "statusCode": 200, "expected": "200 or 400", "got": "200", "connectionState": "ClosedByServer", "reason": "HTTP/1.0 without Host header \u2014 valid per HTTP/1.0", "scored": false, "durationMs": 50.9263, "rawRequest": "GET / HTTP/1.0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nETag: W/\"2-nOO9QiTIwXgNtWtBJezz8kv3SLc\"\r\nDate: Thu, 12 Feb 2026 21:23:54 GMT\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HTTP12-VERSION", "description": "HTTP/1.2 \u2014 higher minor version should be accepted as HTTP/1.x compatible", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Fail", "statusCode": 400, "expected": "200 or 505", "got": "400", "connectionState": "ClosedByServer", "reason": "Expected 200 or 505, got 400 \u2014 HTTP/1.2 \u2014 higher minor version should be accepted as HTTP/1.x compatible", "scored": false, "durationMs": 50.6584, "rawRequest": "GET / HTTP/1.2\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "COMP-TRACE-WITH-BODY", "description": "TRACE with Content-Length body should be rejected", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.8", "verdict": "Fail", "statusCode": 404, "expected": "400/405 or 200", "got": "404", "connectionState": "Open", "reason": "Expected 400/405 or 200, got 404 \u2014 TRACE with Content-Length body should be rejected", "scored": false, "durationMs": 50.8889, "rawRequest": "TRACE / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 404 Not Found\r\nX-Powered-By: Express\r\nContent-Security-Policy: default-src 'none'\r\nX-Content-Type-Options: nosniff\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 141\r\nDate: Thu, 12 Feb 2026 21:23:54 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\n<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n<meta charset=\"utf-8\">\n<title>Error</title>\n</head>\n<body>\n<pre>Cannot TRACE /</pre>\n</body>\n</html>\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-TRAILER-VALID", "description": "Valid chunked body with trailer field should be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid chunked body with trailer field should be accepted", "scored": true, "durationMs": 50.9379, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nX-Checksum: abc\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: application/octet-stream\r\nContent-Length: 5\r\nETag: W/\"5-qvTGHdzF6KLavt4PO0gs2a6pQ00\"\r\nDate: Thu, 12 Feb 2026 21:23:54 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-CHUNKED-HEX-UPPERCASE", "description": "Chunk size with uppercase hex (A = 10) should be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Chunk size with uppercase hex (A = 10) should be accepted", "scored": true, "durationMs": 50.7925, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\nA\r\nhelloworld\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: application/octet-stream\r\nContent-Length: 10\r\nETag: W/\"a-at+xg6SiyUovktq1redipHiJpaE\"\r\nDate: Thu, 12 Feb 2026 21:23:54 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nhelloworld", "behavioralNote": null}, {"id": "SMUG-CL-TE-BOTH", "description": "Both Content-Length and Transfer-Encoding present \u2014 server MAY reject or process with TE alone", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Both Content-Length and Transfer-Encoding present \u2014 server MAY reject or process with TE alone", "scored": true, "durationMs": 49.8195, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 6\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-DUPLICATE-CL", "description": "Duplicate Content-Length with different values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Duplicate Content-Length with different values must be rejected", "scored": true, "durationMs": 50.7988, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nContent-Length: 10\r\n\r\nhelloworld", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-LEADING-ZEROS", "description": "Content-Length with leading zeros \u2014 valid per 1*DIGIT grammar but may cause parser disagreement", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with leading zeros \u2014 valid per 1*DIGIT grammar but may cause parser disagreement", "scored": true, "durationMs": 49.965, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 005\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: application/octet-stream\r\nContent-Length: 5\r\nETag: W/\"5-qvTGHdzF6KLavt4PO0gs2a6pQ00\"\r\nDate: Thu, 12 Feb 2026 21:23:54 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TE-XCHUNKED", "description": "Transfer-Encoding: xchunked must not be treated as chunked", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: xchunked must not be treated as chunked", "scored": true, "durationMs": 50.5897, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: xchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-TRAILING-SPACE", "description": "Transfer-Encoding: 'chunked ' (trailing space) must not be treated as chunked", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: 'chunked ' (trailing space) must not be treated as chunked", "scored": true, "durationMs": 50.5539, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked \r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-SP-BEFORE-COLON", "description": "Transfer-Encoding with space before colon must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with space before colon must be rejected", "scored": true, "durationMs": 50.5574, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding : chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-NEGATIVE", "description": "Negative Content-Length must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Negative Content-Length must be rejected", "scored": true, "durationMs": 50.6232, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: -1\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CLTE-PIPELINE", "description": "CL.TE smuggling probe \u2014 follow-up should not receive smuggled response", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "CL.TE smuggling probe \u2014 follow-up should not receive smuggled response", "scored": true, "durationMs": 0.5162, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 4\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TECL-PIPELINE", "description": "TE.CL smuggling probe \u2014 TE: chunked + CL: 30 with pipelined GET", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "TE.CL smuggling probe \u2014 TE: chunked + CL: 30 with pipelined GET", "scored": true, "durationMs": 0.2708, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nContent-Length: 30\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-TRAILING-SPACE", "description": "Content-Length with trailing space \u2014 OWS trimming is valid per RFC 9110 \u00a75.5", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with trailing space \u2014 OWS trimming is valid per RFC 9110 \u00a75.5", "scored": true, "durationMs": 50.8814, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5 \r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: application/octet-stream\r\nContent-Length: 5\r\nETag: W/\"5-qvTGHdzF6KLavt4PO0gs2a6pQ00\"\r\nDate: Thu, 12 Feb 2026 21:23:55 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TE-DOUBLE-CHUNKED", "description": "Transfer-Encoding: chunked, chunked with CL is ambiguous", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: chunked, chunked with CL is ambiguous", "scored": true, "durationMs": 49.7716, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked, chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-EXTRA-LEADING-SP", "description": "Content-Length with extra leading whitespace (double space OWS)", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with extra leading whitespace (double space OWS)", "scored": true, "durationMs": 49.8863, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length:  5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: application/octet-stream\r\nContent-Length: 5\r\nETag: W/\"5-qvTGHdzF6KLavt4PO0gs2a6pQ00\"\r\nDate: Thu, 12 Feb 2026 21:23:55 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TE-CASE-MISMATCH", "description": "Transfer-Encoding: Chunked (capital C) with CL \u2014 case-insensitive is valid", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: Chunked (capital C) with CL \u2014 case-insensitive is valid", "scored": true, "durationMs": 50.6845, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: Chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-COMMA-DIFFERENT", "description": "Content-Length with comma-separated different values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with comma-separated different values must be rejected", "scored": true, "durationMs": 50.7436, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5, 10\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-NOT-FINAL-CHUNKED", "description": "Transfer-Encoding where chunked is not final \u2014 server MUST respond with 400 (RFC 9112 \u00a76.3)", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding where chunked is not final \u2014 server MUST respond with 400 (RFC 9112 \u00a76.3)", "scored": true, "durationMs": 50.8198, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked, gzip\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-HTTP10", "description": "Transfer-Encoding in HTTP/1.0 request must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding in HTTP/1.0 request must be rejected", "scored": true, "durationMs": 50.7059, "rawRequest": "POST / HTTP/1.0\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-BARE-SEMICOLON", "description": "Chunk size with bare semicolon and no extension name must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Chunk size with bare semicolon and no extension name must be rejected", "scored": true, "durationMs": 50.8265, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: application/octet-stream\r\nContent-Length: 5\r\nETag: W/\"5-qvTGHdzF6KLavt4PO0gs2a6pQ00\"\r\nDate: Thu, 12 Feb 2026 21:23:55 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-BARE-CR-HEADER-VALUE", "description": "Bare CR in header value must be rejected or replaced with SP", "category": "Smuggling", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare CR in header value must be rejected or replaced with SP", "scored": true, "durationMs": 50.6293, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nX-Test: val\rue\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-OCTAL", "description": "Content-Length with octal prefix (0o5) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with octal prefix (0o5) must be rejected", "scored": true, "durationMs": 51.1325, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0o5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-UNDERSCORE", "description": "Chunk size with underscores (1_0) must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size with underscores (1_0) must be rejected", "scored": true, "durationMs": 50.7666, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n1_0\r\nhello world!!!!!\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-EMPTY-VALUE", "description": "Transfer-Encoding with empty value must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding with empty value must be rejected", "scored": true, "durationMs": 50.8017, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: application/octet-stream\r\nContent-Length: 5\r\nETag: W/\"5-qvTGHdzF6KLavt4PO0gs2a6pQ00\"\r\nDate: Thu, 12 Feb 2026 21:23:55 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-TE-LEADING-COMMA", "description": "Transfer-Encoding with leading comma (, chunked) \u2014 RFC says empty list elements MUST be ignored", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.6.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with leading comma (, chunked) \u2014 RFC says empty list elements MUST be ignored", "scored": true, "durationMs": 50.7531, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: , chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-DUPLICATE-HEADERS", "description": "Two Transfer-Encoding headers with CL present \u2014 ambiguous framing", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Two Transfer-Encoding headers with CL present \u2014 ambiguous framing", "scored": true, "durationMs": 50.7167, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nTransfer-Encoding: identity\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-HEX-PREFIX", "description": "Chunk size with 0x prefix must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size with 0x prefix must be rejected", "scored": true, "durationMs": 49.7896, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n0x5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-HEX-PREFIX", "description": "Content-Length with hex prefix (0x5) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with hex prefix (0x5) must be rejected", "scored": true, "durationMs": 50.5865, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0x5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-INTERNAL-SPACE", "description": "Content-Length with internal space (1 0) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with internal space (1 0) must be rejected", "scored": true, "durationMs": 50.553, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 1 0\r\n\r\nhello12345", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-LEADING-SP", "description": "Chunk size with leading space must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size with leading space must be rejected", "scored": true, "durationMs": 49.7451, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n 5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-MISSING-TRAILING-CRLF", "description": "Chunk data without trailing CRLF must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk data without trailing CRLF must be rejected", "scored": true, "durationMs": 50.7151, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-LF", "description": "Bare LF in chunk extension \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare LF in chunk extension \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 50.8975, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-SPILL", "description": "Chunk declares size 5 but sends 7 bytes \u2014 oversized chunk data must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk declares size 5 but sends 7 bytes \u2014 oversized chunk data must be rejected", "scored": true, "durationMs": 50.7527, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello!!\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-LF-TERM", "description": "Bare LF as chunk data terminator \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare LF as chunk data terminator \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 50.8634, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-CTRL", "description": "NUL byte in chunk extension must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "NUL byte in chunk extension must be rejected", "scored": true, "durationMs": 50.727, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\u0000ext\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-CR", "description": "Bare CR (not CRLF) in chunk extension \u2014 some parsers treat CR alone as line ending", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare CR (not CRLF) in chunk extension \u2014 some parsers treat CR alone as line ending", "scored": true, "durationMs": 49.7211, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;a\rX\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-VTAB", "description": "Vertical tab before 'chunked' in TE value \u2014 control char obfuscation vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Vertical tab before 'chunked' in TE value \u2014 control char obfuscation vector", "scored": true, "durationMs": 50.7109, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \u000bchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-FORMFEED", "description": "Form feed before 'chunked' in TE value \u2014 control char obfuscation vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Form feed before 'chunked' in TE value \u2014 control char obfuscation vector", "scored": true, "durationMs": 50.6598, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \fchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-NULL", "description": "NUL byte appended to 'chunked' in TE value \u2014 C-string truncation attack", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "NUL byte appended to 'chunked' in TE value \u2014 C-string truncation attack", "scored": true, "durationMs": 50.6701, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\u0000\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-LF-TRAILER", "description": "Bare LF in chunked trailer termination \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Bare LF in chunked trailer termination \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 51.0029, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: application/octet-stream\r\nContent-Length: 5\r\nETag: W/\"5-qvTGHdzF6KLavt4PO0gs2a6pQ00\"\r\nDate: Thu, 12 Feb 2026 21:23:56 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TE-IDENTITY", "description": "Transfer-Encoding: identity (deprecated) with CL must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: identity (deprecated) with CL must be rejected", "scored": true, "durationMs": 49.7351, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: identity\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-NEGATIVE", "description": "Negative chunk size must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Negative chunk size must be rejected", "scored": true, "durationMs": 50.8031, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n-1\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRANSFER_ENCODING", "description": "Transfer_Encoding (underscore) header with CL \u2014 not a valid header but some parsers accept", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer_Encoding (underscore) header with CL \u2014 not a valid header but some parsers accept", "scored": false, "durationMs": 51.0884, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer_Encoding: chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: application/octet-stream\r\nContent-Length: 5\r\nETag: W/\"5-qvTGHdzF6KLavt4PO0gs2a6pQ00\"\r\nDate: Thu, 12 Feb 2026 21:23:56 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-CL-COMMA-SAME", "description": "Content-Length with comma-separated identical values \u2014 some servers merge", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with comma-separated identical values \u2014 some servers merge", "scored": false, "durationMs": 50.8647, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5, 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNKED-WITH-PARAMS", "description": "Transfer-Encoding: chunked;ext=val \u2014 parameters on chunked encoding", "category": "Smuggling", "rfc": "RFC 9112 \u00a77", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: chunked;ext=val \u2014 parameters on chunked encoding", "scored": true, "durationMs": 50.6935, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked;ext=val\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-EXPECT-100-CL", "description": "Expect: 100-continue with Content-Length \u2014 server should send 100 then read body", "category": "Smuggling", "rfc": "RFC 9110 \u00a710.1.1", "verdict": "Fail", "statusCode": 100, "expected": "400 or 2xx", "got": "100", "connectionState": "Open", "reason": "Expected 400 or 2xx, got 100 \u2014 Expect: 100-continue with Content-Length \u2014 server should send 100 then read body", "scored": false, "durationMs": 50.7274, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nExpect: 100-continue\r\n\r\nhello", "rawResponse": "HTTP/1.1 100 Continue\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-CL", "description": "Content-Length in chunked trailers must be ignored \u2014 prohibited trailer field", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length in chunked trailers must be ignored \u2014 prohibited trailer field", "scored": false, "durationMs": 50.6979, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nContent-Length: 50\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: application/octet-stream\r\nContent-Length: 5\r\nETag: W/\"5-qvTGHdzF6KLavt4PO0gs2a6pQ00\"\r\nDate: Thu, 12 Feb 2026 21:23:56 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TRAILER-TE", "description": "Transfer-Encoding in chunked trailers must be ignored \u2014 prohibited trailer field", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding in chunked trailers must be ignored \u2014 prohibited trailer field", "scored": false, "durationMs": 50.8383, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nTransfer-Encoding: chunked\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-HOST", "description": "Host header in chunked trailers must not be used for routing", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Host header in chunked trailers must not be used for routing", "scored": false, "durationMs": 50.8704, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nHost: evil.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: application/octet-stream\r\nContent-Length: 5\r\nETag: W/\"5-qvTGHdzF6KLavt4PO0gs2a6pQ00\"\r\nDate: Thu, 12 Feb 2026 21:23:56 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TRAILER-AUTH", "description": "Authorization header in chunked trailers \u2014 prohibited per RFC 9110 \u00a76.5.1", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Authorization header in chunked trailers \u2014 prohibited per RFC 9110 \u00a76.5.1", "scored": false, "durationMs": 50.9114, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nAuthorization: Bearer evil\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: application/octet-stream\r\nContent-Length: 5\r\nETag: W/\"5-qvTGHdzF6KLavt4PO0gs2a6pQ00\"\r\nDate: Thu, 12 Feb 2026 21:23:56 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-HEAD-CL-BODY", "description": "HEAD request with Content-Length and body \u2014 server must not leave body on connection", "category": "Smuggling", "rfc": "RFC 9110 \u00a79.3.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "HEAD request with Content-Length and body \u2014 server must not leave body on connection", "scored": false, "durationMs": 50.8266, "rawRequest": "HEAD / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nETag: W/\"2-nOO9QiTIwXgNtWtBJezz8kv3SLc\"\r\nDate: Thu, 12 Feb 2026 21:23:57 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-OPTIONS-CL-BODY", "description": "OPTIONS with Content-Length and body \u2014 server should consume or reject body", "category": "Smuggling", "rfc": "RFC 9110 \u00a79.3.7", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "OPTIONS with Content-Length and body \u2014 server should consume or reject body", "scored": false, "durationMs": 51.0243, "rawRequest": "OPTIONS / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nAllow: GET,HEAD,POST\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 13\r\nETag: W/\"d-bMedpZYGrVt1nR4x+qdNZ2GqyRo\"\r\nDate: Thu, 12 Feb 2026 21:23:57 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nGET,HEAD,POST", "behavioralNote": null}, {"id": "SMUG-CL-UNDERSCORE", "description": "Content-Length with underscore digit separator (1_0) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with underscore digit separator (1_0) must be rejected", "scored": true, "durationMs": 50.5776, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 1_0\r\n\r\nhelloworld", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-NEGATIVE-ZERO", "description": "Content-Length: -0 must be rejected \u2014 not valid 1*DIGIT", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length: -0 must be rejected \u2014 not valid 1*DIGIT", "scored": true, "durationMs": 50.5957, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: -0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-DOUBLE-ZERO", "description": "Content-Length: 00 \u2014 matches 1*DIGIT but leading zero ambiguity", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length: 00 \u2014 matches 1*DIGIT but leading zero ambiguity", "scored": true, "durationMs": 50.8385, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 00\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: application/octet-stream\r\nContent-Length: 0\r\nETag: W/\"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk\"\r\nDate: Thu, 12 Feb 2026 21:23:57 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-LEADING-ZEROS-OCTAL", "description": "Content-Length: 0200 \u2014 octal 128 vs decimal 200, parser disagreement vector", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length: 0200 \u2014 octal 128 vs decimal 200, parser disagreement vector", "scored": true, "durationMs": 49.9557, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0200\r\n\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: application/octet-stream\r\nContent-Length: 200\r\nETag: W/\"c8-KcGVM93JXf68/JJNjkF5IIKlj94\"\r\nDate: Thu, 12 Feb 2026 21:23:57 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "behavioralNote": null}, {"id": "SMUG-TE-OBS-FOLD", "description": "Transfer-Encoding with obs-fold line wrapping must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a75.1", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with obs-fold line wrapping must be rejected", "scored": true, "durationMs": 50.6159, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding:\r\n chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-TRAILING-COMMA", "description": "Transfer-Encoding: chunked, \u2014 trailing comma produces empty list element", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.6.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: chunked, \u2014 trailing comma produces empty list element", "scored": true, "durationMs": 50.7455, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked,\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-TAB-BEFORE-VALUE", "description": "Transfer-Encoding with tab as OWS before value", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with tab as OWS before value", "scored": false, "durationMs": 50.9782, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding:\tchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-ABSOLUTE-URI-HOST-MISMATCH", "description": "Absolute-form URI with different Host header \u2014 routing confusion vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a73.2.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Absolute-form URI with different Host header \u2014 routing confusion vector", "scored": false, "durationMs": 51.2105, "rawRequest": "GET http://other.example.com/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nETag: W/\"2-nOO9QiTIwXgNtWtBJezz8kv3SLc\"\r\nDate: Thu, 12 Feb 2026 21:23:57 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nOK", "behavioralNote": null}, {"id": "SMUG-MULTIPLE-HOST-COMMA", "description": "Host header with comma-separated values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a77.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Host header with comma-separated values must be rejected", "scored": true, "durationMs": 50.8591, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080, other.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nETag: W/\"2-nOO9QiTIwXgNtWtBJezz8kv3SLc\"\r\nDate: Thu, 12 Feb 2026 21:23:57 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nOK", "behavioralNote": null}, {"id": "SMUG-CHUNK-BARE-CR-TERM", "description": "Chunk size line terminated by bare CR \u2014 not a valid line terminator", "category": "Smuggling", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size line terminated by bare CR \u2014 not a valid line terminator", "scored": true, "durationMs": 50.6624, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\rhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-CONTENT-TYPE", "description": "Content-Type in chunked trailer \u2014 prohibited per RFC 9110 \u00a76.5.1", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Type in chunked trailer \u2014 prohibited per RFC 9110 \u00a76.5.1", "scored": false, "durationMs": 50.9695, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nContent-Type: text/evil\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: application/octet-stream\r\nContent-Length: 5\r\nETag: W/\"5-qvTGHdzF6KLavt4PO0gs2a6pQ00\"\r\nDate: Thu, 12 Feb 2026 21:23:57 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nhello", "behavioralNote": null}, {"id": "MAL-BINARY-GARBAGE", "description": "Random binary garbage should be rejected or connection closed", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "Random binary garbage should be rejected or connection closed", "scored": true, "durationMs": 50.7601, "rawRequest": ">\u0017???\u0004?;???V???:o?M%U\u0017]?n?\t\u0014W??6??(\u000b??\u0007???p??\u0005\tngk??\rF?'??'\"?????g?\u001a?????rvc??7i??????)??\u0000Q?????\u000eq\u0005-~????>B??u?8???`\u000b?J\u0017>?\u001d?b?\t???T5{\n????\u0006t|????\u0018\u0010?D??\u0015'????dQ%5w\tN K???\r?\u0011????D?\u0003I?(?\u0011??\r?\u001bi?L???\u0005?kg4Ze\f6??\"QT><<`\u0007u\f????=1?jMah\u0012??+?-??J\u001cP??\u001d?7?,???j2\u0014????(", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-LONG-URL", "description": "100KB URL should be rejected with 414 URI Too Long", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 431, "expected": "400/414/431 or close", "got": "431", "connectionState": "ClosedByServer", "reason": "100KB URL should be rejected with 414 URI Too Long", "scored": true, "durationMs": 52.2013, "rawRequest": "GET /AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 431 Request Header Fields Too Large\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-LONG-HEADER-VALUE", "description": "100KB header value should be rejected with 431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 431, "expected": "400/431 or close", "got": "431", "connectionState": "ClosedByServer", "reason": "100KB header value should be rejected with 431", "scored": true, "durationMs": 51.2139, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Big: BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB", "rawResponse": "HTTP/1.1 431 Request Header Fields Too Large\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-MANY-HEADERS", "description": "10,000 headers should be rejected with 431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 431, "expected": "400/431 or close", "got": "431", "connectionState": "ClosedByServer", "reason": "10,000 headers should be rejected with 431", "scored": true, "durationMs": 51.3963, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-H-0: value\r\nX-H-1: value\r\nX-H-2: value\r\nX-H-3: value\r\nX-H-4: value\r\nX-H-5: value\r\nX-H-6: value\r\nX-H-7: value\r\nX-H-8: value\r\nX-H-9: value\r\nX-H-10: value\r\nX-H-11: value\r\nX-H-12: value\r\nX-H-13: value\r\nX-H-14: value\r\nX-H-15: value\r\nX-H-16: value\r\nX-H-17: value\r\nX-H-18: value\r\nX-H-19: value\r\nX-H-20: value\r\nX-H-21: value\r\nX-H-22: value\r\nX-H-23: value\r\nX-H-24: value\r\nX-H-25: value\r\nX-H-26: value\r\nX-H-27: value\r\nX-H-28: value\r\nX-H-29: value\r\nX-H-30: value\r\nX-H-31: value\r\nX-H-32: value\r\nX-H-33: value\r\nX-H-34: value\r\nX-H-35: value\r\nX-H-36: value\r\nX-H-37: value\r\nX-H-38: value\r\nX-H-39: value\r\nX-H-40: value\r\nX-H-41: value\r\nX-H-42: value\r\nX-H-43: value\r\nX-H-44: value\r\nX-H-45: value\r\nX-H-46: value\r\nX-H-47: value\r\nX-H-48: value\r\nX-H-49: value\r\nX-H-50: value\r\nX-H-51: value\r\nX-H-52: value\r\nX-H-53: value\r\nX-H-54: value\r\nX-H-55: value\r\nX-H-56: value\r\nX-H-57: value\r\nX-H-58: value\r\nX-H-59: value\r\nX-H-60: value\r\nX-H-61: value\r\nX-H-62: value\r\nX-H-63: value\r\nX-H-64: value\r\nX-H-65: value\r\nX-H-66: value\r\nX-H-67: value\r\nX-H-68: value\r\nX-H-69: value\r\nX-H-70: value\r\nX-H-71: value\r\nX-H-72: value\r\nX-H-73: value\r\nX-H-74: value\r\nX-H-75: value\r\nX-H-76: value\r\nX-H-77: value\r\nX-H-78: value\r\nX-H-79: value\r\nX-H-80: value\r\nX-H-81: value\r\nX-H-82: value\r\nX-H-83: value\r\nX-H-84: value\r\nX-H-85: value\r\nX-H-86: value\r\nX-H-87: value\r\nX-H-88: value\r\nX-H-89: value\r\nX-H-90: value\r\nX-H-91: value\r\nX-H-92: value\r\nX-H-93: value\r\nX-H-94: value\r\nX-H-95: value\r\nX-H-96: value\r\nX-H-97: value\r\nX-H-98: value\r\nX-H-99: value\r\nX-H-100: value\r\nX-H-101: value\r\nX-H-102: value\r\nX-H-103: value\r\nX-H-104: value\r\nX-H-105: value\r\nX-H-106: value\r\nX-H-107: value\r\nX-H-108: value\r\nX-H-109: value\r\nX-H-110: value\r\nX-H-111: value\r\nX-H-112: value\r\nX-H-113: value\r\nX-H-114: value\r\nX-H-115: value\r\nX-H-116: value\r\nX-H-117: value\r\nX-H-118: value\r\nX-H-119: value\r\nX-H-120: value\r\nX-H-121: value\r\nX-H-122: value\r\nX-H-123: value\r\nX-H-124: value\r\nX-H-125: value\r\nX-H-126: value\r\nX-H-127: value\r\nX-H-128: value\r\nX-H-129: value\r\nX-H-130: value\r\nX-H-131: value\r\nX-H-132: value\r\nX-H-133: value\r\nX-H-134: value\r\nX-H-135: value\r\nX-H-136: value\r\nX-H-137: value\r\nX-H-138: value\r\nX-H-139: value\r\nX-H-140: value\r\nX-H-141: value\r\nX-H-142: value\r\nX-H-143: value\r\nX-H-144: value\r\nX-H-145: value\r\nX-H-146: value\r\nX-H-147: value\r\nX-H-148: value\r\nX-H-149: value\r\nX-H-150: value\r\nX-H-151: value\r\nX-H-152: value\r\nX-H-153: value\r\nX-H-154: value\r\nX-H-155: value\r\nX-H-156: value\r\nX-H-157: value\r\nX-H-158: value\r\nX-H-159: value\r\nX-H-160: value\r\nX-H-161: value\r\nX-H-162: value\r\nX-H-163: value\r\nX-H-164: value\r\nX-H-165: value\r\nX-H-166: value\r\nX-H-167: value\r\nX-H-168: value\r\nX-H-169: value\r\nX-H-170: value\r\nX-H-171: value\r\nX-H-172: value\r\nX-H-173: value\r\nX-H-174: value\r\nX-H-175: value\r\nX-H-176: value\r\nX-H-177: value\r\nX-H-178: value\r\nX-H-179: value\r\nX-H-180: value\r\nX-H-181: value\r\nX-H-182: value\r\nX-H-183: value\r\nX-H-184: value\r\nX-H-185: value\r\nX-H-186: value\r\nX-H-187: value\r\nX-H-188: value\r\nX-H-189: value\r\nX-H-190: value\r\nX-H-191: value\r\nX-H-192: value\r\nX-H-193: value\r\nX-H-194: value\r\nX-H-195: value\r\nX-H-196: value\r\nX-H-197: value\r\nX-H-198: value\r\nX-H-199: value\r\nX-H-200: value\r\nX-H-201: value\r\nX-H-202: value\r\nX-H-203: value\r\nX-H-204: value\r\nX-H-205: value\r\nX-H-206: value\r\nX-H-207: value\r\nX-H-208: value\r\nX-H-209: value\r\nX-H-210: value\r\nX-H-211: value\r\nX-H-212: value\r\nX-H-213: value\r\nX-H-214: value\r\nX-H-215: value\r\nX-H-216: value\r\nX-H-217: value\r\nX-H-218: value\r\nX-H-219: value\r\nX-H-220: value\r\nX-H-221: value\r\nX-H-222: value\r\nX-H-223: value\r\nX-H-224: value\r\nX-H-225: value\r\nX-H-226: value\r\nX-H-227: value\r\nX-H-228: value\r\nX-H-229: value\r\nX-H-230: value\r\nX-H-231: value\r\nX-H-232: value\r\nX-H-233: value\r\nX-H-234: value\r\nX-H-235: value\r\nX-H-236: value\r\nX-H-237: value\r\nX-H-238: value\r\nX-H-239: value\r\nX-H-240: value\r\nX-H-241: value\r\nX-H-242: value\r\nX-H-243: value\r\nX-H-244: value\r\nX-H-245: value\r\nX-H-246: value\r\nX-H-247: value\r\nX-H-248: value\r\nX-H-249: value\r\nX-H-250: value\r\nX-H-251: value\r\nX-H-252: value\r\nX-H-253: value\r\nX-H-254: value\r\nX-H-255: value\r\nX-H-256: value\r\nX-H-257: value\r\nX-H-258: value\r\nX-H-259: value\r\nX-H-260: value\r\nX-H-261: value\r\nX-H-262: value\r\nX-H-263: value\r\nX-H-264: value\r\nX-H-265: value\r\nX-H-266: value\r\nX-H-267: value\r\nX-H-268: value\r\nX-H-269: value\r\nX-H-270: value\r\nX-H-271: value\r\nX-H-272: value\r\nX-H-273: value\r\nX-H-274: value\r\nX-H-275: value\r\nX-H-276: value\r\nX-H-277: value\r\nX-H-278: value\r\nX-H-279: value\r\nX-H-280: value\r\nX-H-281: value\r\nX-H-282: value\r\nX-H-283: value\r\nX-H-284: value\r\nX-H-285: value\r\nX-H-286: value\r\nX-H-287: value\r\nX-H-288: value\r\nX-H-289: value\r\nX-H-290: value\r\nX-H-291: value\r\nX-H-292: value\r\nX-H-293: value\r\nX-H-294: value\r\nX-H-295: value\r\nX-H-296: value\r\nX-H-297: value\r\nX-H-298: value\r\nX-H-299: value\r\nX-H-300: value\r\nX-H-301: value\r\nX-H-302: value\r\nX-H-303: value\r\nX-H-304: value\r\nX-H-305: value\r\nX-H-306: value\r\nX-H-307: value\r\nX-H-308: value\r\nX-H-309: value\r\nX-H-310: value\r\nX-H-311: value\r\nX-H-312: value\r\nX-H-313: value\r\nX-H-314: value\r\nX-H-315: value\r\nX-H-316: value\r\nX-H-317: value\r\nX-H-318: value\r\nX-H-319: value\r\nX-H-320: value\r\nX-H-321: value\r\nX-H-322: value\r\nX-H-323: value\r\nX-H-324: value\r\nX-H-325: value\r\nX-H-326: value\r\nX-H-327: value\r\nX-H-328: value\r\nX-H-329: value\r\nX-H-330: value\r\nX-H-331: value\r\nX-H-332: value\r\nX-H-333: value\r\nX-H-334: value\r\nX-H-335: value\r\nX-H-336: value\r\nX-H-337: value\r\nX-H-338: value\r\nX-H-339: value\r\nX-H-340: value\r\nX-H-341: value\r\nX-H-342: value\r\nX-H-343: value\r\nX-H-344: value\r\nX-H-345: value\r\nX-H-346: value\r\nX-H-347: value\r\nX-H-348: value\r\nX-H-349: value\r\nX-H-350: value\r\nX-H-351: value\r\nX-H-352: value\r\nX-H-353: value\r\nX-H-354: value\r\nX-H-355: value\r\nX-H-356: value\r\nX-H-357: value\r\nX-H-358: value\r\nX-H-359: value\r\nX-H-360: value\r\nX-H-361: value\r\nX-H-362: value\r\nX-H-363: value\r\nX-H-364: value\r\nX-H-365: value\r\nX-H-366: value\r\nX-H-367: value\r\nX-H-368: value\r\nX-H-369: value\r\nX-H-370: value\r\nX-H-371: value\r\nX-H-372: value\r\nX-H-373: value\r\nX-H-374: value\r\nX-H-375: value\r\nX-H-376: value\r\nX-H-377: value\r\nX-H-378: value\r\nX-H-379: value\r\nX-H-380: value\r\nX-H-381: value\r\nX-H-382: value\r\nX-H-383: value\r\nX-H-384: value\r\nX-H-385: value\r\nX-H-386: value\r\nX-H-387: value\r\nX-H-388: value\r\nX-H-389: value\r\nX-H-390: value\r\nX-H-391: value\r\nX-H-392: value\r\nX-H-393: value\r\nX-H-394: value\r\nX-H-395: value\r\nX-H-396: value\r\nX-H-397: value\r\nX-H-398: value\r\nX-H-399: value\r\nX-H-400: value\r\nX-H-401: value\r\nX-H-402: value\r\nX-H-403: value\r\nX-H-404: value\r\nX-H-405: value\r\nX-H-406: value\r\nX-H-407: value\r\nX-H-408: value\r\nX-H-409: value\r\nX-H-410: value\r\nX-H-411: value\r\nX-H-412: value\r\nX-H-413: value\r\nX-H-414: value\r\nX-H-415: value\r\nX-H-416: value\r\nX-H-417: value\r\nX-H-418: value\r\nX-H-419: value\r\nX-H-420: value\r\nX-H-421: value\r\nX-H-422: value\r\nX-H-423: value\r\nX-H-424: value\r\nX-H-425: value\r\nX-H-426: value\r\nX-H-427: value\r\nX-H-428: value\r\nX-H-429: value\r\nX-H-430: value\r\nX-H-431: value\r\nX-H-432: value\r\nX-H-433: value\r\nX-H-434: value\r\nX-H-435: value\r\nX-H-436: value\r\nX-H-437: value\r\nX-H-438: value\r\nX-H-439: value\r\nX-H-440: value\r\nX-H-441: value\r\nX-H-442: value\r\nX-H-443: value\r\nX-H-444: value\r\nX-H-445: value\r\nX-H-446: value\r\nX-H-447: value\r\nX-H-448: value\r\nX-H-449: value\r\nX-H-450: value\r\nX-H-451: value\r\nX-H-452: value\r\nX-H-453: value\r\nX-H-454: value\r\nX-H-455: value\r\nX-H-456: value\r\nX-H-457: value\r\nX-H-458: value\r\nX-H-459: value\r\nX-H-460: value\r\nX-H-461: value\r\nX-H-462: value\r\nX-H-463: value\r\nX-H-464: value\r\nX-H-465: value\r\nX-H-466: value\r\nX-H-467: value\r\nX-H-468: value\r\nX-H-469: value\r\nX-H-470: value\r\nX-H-471: value\r\nX-H-472: value\r\nX-H-473: value\r\nX-H-474: value\r\nX-H-475: value\r\nX-H-476: value\r\nX-H-477: value\r\nX-H-478: value\r\nX-H-479: value\r\nX-H-480: value\r\nX-H-481: value\r\nX-H-482: value\r\nX-H-483: value\r\nX-H-484: value\r\nX-H-485: value\r\nX-H-486: value\r\nX-H-487: value\r\nX-H-488: value\r\nX-H-489: value\r\nX-H-490: value\r\nX-H-491: value\r\nX-H-492: value\r\nX-H-493: value\r\nX-H-494: value\r\nX-H-495: value\r\nX-H-496: value\r\nX-H-497: value\r\nX-H-498: value\r\nX-H-499: value\r\nX-H-500: value\r\nX-H-501: value\r\nX-H-502: value\r\nX-H-503: value\r\nX-H-504: value\r\nX-H-505: value\r\nX-H-506: value\r\nX-H-507: value\r\nX-H-508: value\r\nX-H-509: value\r\nX-H-510: value\r\nX-H-511: value\r\nX-H-512: value\r\nX-H-513: value\r\nX-H-514: value\r\nX-H-515: value\r\nX-H-516:", "rawResponse": "HTTP/1.1 431 Request Header Fields Too Large\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-NUL-IN-URL", "description": "NUL byte in URL should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "NUL byte in URL should be rejected", "scored": true, "durationMs": 49.7666, "rawRequest": "GET /\u0000test HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-CONTROL-CHARS-HEADER", "description": "Control characters in header value should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Control characters in header value should be rejected", "scored": true, "durationMs": 50.7887, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: abc\u0007\b?f\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-INCOMPLETE-REQUEST", "description": "Partial HTTP request \u2014 request-line and headers but no final CRLF", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Partial HTTP request \u2014 request-line and headers but no final CRLF", "scored": true, "durationMs": 5001.5034, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: value", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-EMPTY-REQUEST", "description": "Zero bytes \u2014 TCP connection established without sending any data", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Zero bytes \u2014 TCP connection established without sending any data", "scored": true, "durationMs": 5000.6057, "rawRequest": "", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-LONG-HEADER-NAME", "description": "100KB header name should be rejected with 400/431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 431, "expected": "400/431 or close", "got": "431", "connectionState": "ClosedByServer", "reason": "100KB header name should be rejected with 400/431", "scored": true, "durationMs": 51.1108, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 431 Request Header Fields Too Large\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-LONG-METHOD", "description": "100KB method name should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "100KB method name should be rejected", "scored": true, "durationMs": 50.9935, "rawRequest": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-NON-ASCII-HEADER-NAME", "description": "Non-ASCII bytes (UTF-8 \u00eb) in header name must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Non-ASCII bytes (UTF-8 \u00eb) in header name must be rejected", "scored": true, "durationMs": 50.5539, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-T??st: value\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-NON-ASCII-URL", "description": "Non-ASCII bytes (UTF-8 \u00e9) in URL must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 404, "expected": "400 or close", "got": "404", "connectionState": "Open", "reason": "Expected 400 or close, got 404 \u2014 Non-ASCII bytes (UTF-8 \u00e9) in URL must be rejected", "scored": true, "durationMs": 50.7677, "rawRequest": "GET /caf?? HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nX-Powered-By: Express\r\nContent-Security-Policy: default-src 'none'\r\nX-Content-Type-Options: nosniff\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 154\r\nDate: Thu, 12 Feb 2026 21:24:08 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\n<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n<meta charset=\"utf-8\">\n<title>Error</title>\n</head>\n<body>\n<pre>Cannot GET /caf%C3%83%C2%A9</pre>\n</body>\n</html>\n", "behavioralNote": null}, {"id": "MAL-CL-OVERFLOW", "description": "Content-Length with integer overflow value must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with integer overflow value must be rejected", "scored": true, "durationMs": 50.4495, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 99999999999999999999\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-WHITESPACE-ONLY-LINE", "description": "Whitespace-only request line should be rejected or timeout", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "Whitespace-only request line should be rejected or timeout", "scored": true, "durationMs": 50.5111, "rawRequest": "   \r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-NUL-IN-HEADER-VALUE", "description": "NUL byte in header value should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "NUL byte in header value should be rejected", "scored": true, "durationMs": 50.4034, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: val\u0000ue\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-CHUNK-SIZE-OVERFLOW", "description": "Chunk size with integer overflow must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size with integer overflow must be rejected", "scored": true, "durationMs": 50.4494, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\nFFFFFFFFFFFFFFFF0\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-H2-PREFACE", "description": "HTTP/2 connection preface sent to HTTP/1.1 server must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/505/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/2 connection preface sent to HTTP/1.1 server must be rejected", "scored": true, "durationMs": 50.522, "rawRequest": "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-CL-EMPTY", "description": "Empty Content-Length value must be rejected", "category": "MalformedInput", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Empty Content-Length value must be rejected", "scored": true, "durationMs": 50.3537, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: \r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-CL-TAB-BEFORE-VALUE", "description": "Content-Length with tab as OWS \u2014 valid per RFC but unusual", "category": "MalformedInput", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with tab as OWS \u2014 valid per RFC but unusual", "scored": true, "durationMs": 50.7905, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length:\t5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: application/octet-stream\r\nContent-Length: 5\r\nETag: W/\"5-qvTGHdzF6KLavt4PO0gs2a6pQ00\"\r\nDate: Thu, 12 Feb 2026 21:24:08 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nhello", "behavioralNote": null}, {"id": "MAL-URL-BACKSLASH", "description": "Backslash in URL path \u2014 not valid URI character, some servers normalize to /", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 404, "expected": "400 or 2xx/404", "got": "404", "connectionState": "Open", "reason": "Backslash in URL path \u2014 not valid URI character, some servers normalize to /", "scored": true, "durationMs": 50.6927, "rawRequest": "GET /path\\file HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nX-Powered-By: Express\r\nContent-Security-Policy: default-src 'none'\r\nX-Content-Type-Options: nosniff\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 148\r\nDate: Thu, 12 Feb 2026 21:24:08 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\n<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n<meta charset=\"utf-8\">\n<title>Error</title>\n</head>\n<body>\n<pre>Cannot GET /path\\file</pre>\n</body>\n</html>\n", "behavioralNote": null}, {"id": "MAL-URL-OVERLONG-UTF8", "description": "Overlong UTF-8 encoding of / (0xC0 0xAF) in URL must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 404, "expected": "400 or close", "got": "404", "connectionState": "Open", "reason": "Expected 400 or close, got 404 \u2014 Overlong UTF-8 encoding of / (0xC0 0xAF) in URL must be rejected", "scored": true, "durationMs": 50.5365, "rawRequest": "GET /?? HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nX-Powered-By: Express\r\nContent-Security-Policy: default-src 'none'\r\nX-Content-Type-Options: nosniff\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 151\r\nDate: Thu, 12 Feb 2026 21:24:08 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\n<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n<meta charset=\"utf-8\">\n<title>Error</title>\n</head>\n<body>\n<pre>Cannot GET /%C3%80%C2%AF</pre>\n</body>\n</html>\n", "behavioralNote": null}, {"id": "MAL-URL-PERCENT-NULL", "description": "Percent-encoded NUL byte (%00) in URL \u2014 security risk from null byte injection", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 404, "expected": "400 or 2xx/404", "got": "404", "connectionState": "Open", "reason": "Percent-encoded NUL byte (%00) in URL \u2014 security risk from null byte injection", "scored": true, "durationMs": 50.9791, "rawRequest": "GET /path%00.html HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nX-Powered-By: Express\r\nContent-Security-Policy: default-src 'none'\r\nX-Content-Type-Options: nosniff\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 151\r\nDate: Thu, 12 Feb 2026 21:24:08 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\n<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n<meta charset=\"utf-8\">\n<title>Error</title>\n</head>\n<body>\n<pre>Cannot GET /path%00.html</pre>\n</body>\n</html>\n", "behavioralNote": null}, {"id": "MAL-URL-PERCENT-CRLF", "description": "Percent-encoded CRLF (%0d%0a) in URL \u2014 header injection if server decodes during parsing", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 404, "expected": "400 or 2xx/404", "got": "404", "connectionState": "Open", "reason": "Percent-encoded CRLF (%0d%0a) in URL \u2014 header injection if server decodes during parsing", "scored": true, "durationMs": 50.7585, "rawRequest": "GET /path%0d%0aX-Injected:%20true HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nX-Powered-By: Express\r\nContent-Security-Policy: default-src 'none'\r\nX-Content-Type-Options: nosniff\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 167\r\nDate: Thu, 12 Feb 2026 21:24:08 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\n<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n<meta charset=\"utf-8\">\n<title>Error</title>\n</head>\n<body>\n<pre>Cannot GET /path%0d%0aX-Injected:%20true</pre>\n</body>\n</html>\n", "behavioralNote": null}, {"id": "MAL-CHUNK-EXT-64K", "description": "64KB chunk extension \u2014 tests extension length limits (CVE-2023-39326 class)", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 413, "expected": "400 or 2xx", "got": "413", "connectionState": "ClosedByServer", "reason": "Expected 400 or 2xx, got 413 \u2014 64KB chunk extension \u2014 tests extension length limits (CVE-2023-39326 class)", "scored": true, "durationMs": 52.1877, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;ext=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "rawResponse": "HTTP/1.1 413 Payload Too Large\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-RANGE-OVERLAPPING", "description": "1000 overlapping Range values \u2014 resource exhaustion vector (CVE-2011-3192 class)", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "200/206/400/416", "got": "200", "connectionState": "Open", "reason": "1000 overlapping Range values \u2014 resource exhaustion vector (CVE-2011-3192 class)", "scored": false, "durationMs": 52.5594, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nRange: bytes=0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nETag: W/\"2-nOO9QiTIwXgNtWtBJezz8kv3SLc\"\r\nDate: Thu, 12 Feb 2026 21:24:08 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-POST-CL-HUGE-NO-BODY", "description": "POST with Content-Length: 999999999 but no body \u2014 tests timeout vs memory allocation", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "POST with Content-Length: 999999999 but no body \u2014 tests timeout vs memory allocation", "scored": true, "durationMs": 5000.5129, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 999999999\r\n\r\n", "rawResponse": null, "behavioralNote": null}], "name": "Express", "language": "JavaScript"}, {"summary": {"total": 143, "scored": 125, "passed": 38, "failed": 63, "warnings": 24, "unscored": 18}, "results": [{"id": "COMP-BASELINE", "description": "Valid GET request \u2014 confirms server is reachable", "category": "Compliance", "rfc": null, "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Valid GET request \u2014 confirms server is reachable", "scored": true, "durationMs": 64.1275, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:41 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-2.2-BARE-LF-REQUEST-LINE", "description": "Bare LF in request line should be rejected, but MAY be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or close (pass), 2xx (warn)", "got": "200", "connectionState": "ClosedByServer", "reason": "Bare LF in request line should be rejected, but MAY be accepted", "scored": true, "durationMs": 51.5278, "rawRequest": "GET / HTTP/1.1\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:41 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-2.2-BARE-LF-HEADER", "description": "Bare LF in header should be rejected, but MAY be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or close (pass), 2xx (warn)", "got": "200", "connectionState": "ClosedByServer", "reason": "Bare LF in header should be rejected, but MAY be accepted", "scored": true, "durationMs": 51.1228, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\nX-Test: value\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:41 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-5.1-OBS-FOLD", "description": "Obs-fold (line folding) in headers should be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75.1", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400, got 200 \u2014 Obs-fold (line folding) in headers should be rejected", "scored": true, "durationMs": 50.9901, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: value\r\n continued\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:42 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9110-5.6.2-SP-BEFORE-COLON", "description": "Whitespace between header name and colon must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400, got 200 \u2014 Whitespace between header name and colon must be rejected", "scored": true, "durationMs": 51.3224, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test : value\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:42 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-3-MULTI-SP-REQUEST-LINE", "description": "Multiple spaces between request-line components \u2014 SHOULD reject but MAY parse leniently", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Multiple spaces between request-line components \u2014 SHOULD reject but MAY parse leniently", "scored": true, "durationMs": 51.0584, "rawRequest": "GET  / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:42 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-7.1-MISSING-HOST", "description": "Request without Host header must be rejected with 400", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400, got 200 \u2014 Request without Host header must be rejected with 400", "scored": true, "durationMs": 51.1509, "rawRequest": "GET / HTTP/1.1\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:42 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-2.3-INVALID-VERSION", "description": "Invalid HTTP version must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": null, "expected": "400/505 or close", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "Invalid HTTP version must be rejected", "scored": true, "durationMs": 0.8707, "rawRequest": "GET / HTTP/9.9\r\nHost: localhost:8080\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "RFC9112-5-EMPTY-HEADER-NAME", "description": "Empty header name (leading colon) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Empty header name (leading colon) must be rejected", "scored": true, "durationMs": 51.087, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\n: empty-name\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:42 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-3-CR-ONLY-LINE-ENDING", "description": "CR without LF as line ending must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Fail", "statusCode": null, "expected": "400", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "Expected 400, got ClosedByServer \u2014 CR without LF as line ending must be rejected", "scored": true, "durationMs": 0.8828, "rawRequest": "GET / HTTP/1.1\rHost: localhost:8080\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "RFC9112-3-MISSING-TARGET", "description": "Request line with no target (space but no path) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "Request line with no target (space but no path) must be rejected", "scored": true, "durationMs": 11.2157, "rawRequest": "GET HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "RFC9112-3.2-FRAGMENT-IN-TARGET", "description": "Fragment (#) in request-target \u2014 not part of origin-form grammar", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Fragment (#) in request-target \u2014 not part of origin-form grammar", "scored": true, "durationMs": 51.1402, "rawRequest": "GET /path#frag HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:42 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-2.3-HTTP09-REQUEST", "description": "HTTP/0.9 request (no version) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "HTTP/0.9 request (no version) must be rejected", "scored": true, "durationMs": 5001.4755, "rawRequest": "GET /\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "RFC9112-5-INVALID-HEADER-NAME", "description": "Header name with invalid characters (brackets) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Header name with invalid characters (brackets) must be rejected", "scored": true, "durationMs": 50.3884, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nBad[Name: value\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:47 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-5-HEADER-NO-COLON", "description": "Header line without colon must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Header line without colon must be rejected", "scored": true, "durationMs": 50.9732, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nNoColonHere\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:47 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9110-5.4-DUPLICATE-HOST", "description": "Duplicate Host headers with different values must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400, got 200 \u2014 Duplicate Host headers with different values must be rejected", "scored": true, "durationMs": 50.7464, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nHost: other.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:47 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-6.1-CL-NON-NUMERIC", "description": "Non-numeric Content-Length must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Non-numeric Content-Length must be rejected", "scored": true, "durationMs": 51.0015, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: abc\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:47 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 0\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-6.1-CL-PLUS-SIGN", "description": "Content-Length with plus sign must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Content-Length with plus sign must be rejected", "scored": true, "durationMs": 51.0586, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: +5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:47 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 0\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "COMP-WHITESPACE-BEFORE-HEADERS", "description": "Whitespace before first header line must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Whitespace before first header line must be rejected", "scored": true, "durationMs": 51.0661, "rawRequest": "GET / HTTP/1.1\r\n \r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:47 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-DUPLICATE-HOST-SAME", "description": "Duplicate Host headers with identical values must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400, got 200 \u2014 Duplicate Host headers with identical values must be rejected", "scored": true, "durationMs": 50.9032, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:47 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HOST-WITH-USERINFO", "description": "Host header with userinfo (user@host) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Host header with userinfo (user@host) must be rejected", "scored": true, "durationMs": 51.169, "rawRequest": "GET / HTTP/1.1\r\nHost: user@localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:47 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HOST-WITH-PATH", "description": "Host header with path component must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Host header with path component must be rejected", "scored": true, "durationMs": 51.0055, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080/path\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:47 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-ASTERISK-WITH-GET", "description": "Asterisk-form (*) request-target with GET must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.4", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Asterisk-form (*) request-target with GET must be rejected", "scored": true, "durationMs": 51.1805, "rawRequest": "GET * HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:47 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-OPTIONS-STAR", "description": "OPTIONS * is the only valid asterisk-form request", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.4", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "OPTIONS * is the only valid asterisk-form request", "scored": true, "durationMs": 51.0511, "rawRequest": "OPTIONS * HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:47 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-UNKNOWN-TE-501", "description": "Unknown Transfer-Encoding without CL should be rejected with 501", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400/501 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400/501 or close, got 200 \u2014 Unknown Transfer-Encoding without CL should be rejected with 501", "scored": true, "durationMs": 51.1108, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: gzip\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:47 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 0\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "COMP-LEADING-CRLF", "description": "Leading CRLF before request-line \u2014 server may ignore per RFC", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": null, "expected": "400 or 2xx", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "Leading CRLF before request-line \u2014 server may ignore per RFC", "scored": true, "durationMs": 0.3919, "rawRequest": "\r\n\r\nGET / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-ABSOLUTE-FORM", "description": "Absolute-form request-target \u2014 server should accept per RFC", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Absolute-form request-target \u2014 server should accept per RFC", "scored": true, "durationMs": 51.1408, "rawRequest": "GET http://localhost:8080/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:47 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-METHOD-CASE", "description": "Lowercase method 'get' \u2014 methods are case-sensitive per RFC", "category": "Compliance", "rfc": "RFC 9110 \u00a79.1", "verdict": "Warn", "statusCode": 200, "expected": "400/405/501 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Lowercase method 'get' \u2014 methods are case-sensitive per RFC", "scored": true, "durationMs": 51.0866, "rawRequest": "get / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:48 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-POST-CL-BODY", "description": "POST with Content-Length and matching body must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "POST with Content-Length and matching body must be accepted", "scored": true, "durationMs": 51.0159, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:48 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 5\r\nConnection: close\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-POST-CL-ZERO", "description": "POST with Content-Length: 0 and no body must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "ClosedByServer", "reason": "POST with Content-Length: 0 and no body must be accepted", "scored": true, "durationMs": 51.0346, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:48 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 0\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "COMP-POST-NO-CL-NO-TE", "description": "POST with neither Content-Length nor Transfer-Encoding \u2014 implicit zero-length body", "category": "Compliance", "rfc": "RFC 9112 \u00a76.3", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "ClosedByServer", "reason": "POST with neither Content-Length nor Transfer-Encoding \u2014 implicit zero-length body", "scored": true, "durationMs": 51.0915, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:48 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 0\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "COMP-POST-CL-UNDERSEND", "description": "POST with Content-Length: 10 but only 5 bytes sent \u2014 incomplete body", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "POST with Content-Length: 10 but only 5 bytes sent \u2014 incomplete body", "scored": true, "durationMs": 5000.8786, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 10\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-CHUNKED-BODY", "description": "Valid single-chunk POST must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Valid single-chunk POST must be accepted", "scored": true, "durationMs": 51.7321, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:53 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 5\r\nConnection: close\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-CHUNKED-MULTI", "description": "Valid multi-chunk POST must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Valid multi-chunk POST must be accepted", "scored": true, "durationMs": 51.0045, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n6\r\n world\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:53 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 11\r\nConnection: close\r\n\r\nhello world", "behavioralNote": null}, {"id": "COMP-CHUNKED-EMPTY", "description": "Zero-length chunked body (just terminator) must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Zero-length chunked body (just terminator) must be accepted", "scored": true, "durationMs": 50.8687, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:53 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 0\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-NO-FINAL", "description": "Chunked body without zero terminator \u2014 incomplete transfer", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Chunked body without zero terminator \u2014 incomplete transfer", "scored": true, "durationMs": 5000.3863, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-UPGRADE-POST", "description": "WebSocket upgrade via POST must not be accepted", "category": "Compliance", "rfc": "RFC 6455 \u00a74.1", "verdict": "Pass", "statusCode": 400, "expected": "!101", "got": "400", "connectionState": "ClosedByServer", "reason": "WebSocket upgrade via POST must not be accepted", "scored": true, "durationMs": 51.2851, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 13\r\n\r\n", "rawResponse": "HTTP/1.1 400 BAD REQUEST\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:58 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 167\r\nConnection: close\r\n\r\n<!doctype html>\n<html lang=en>\n<title>400 Bad Request</title>\n<h1>Bad Request</h1>\n<p>The browser (or proxy) sent a request that this server could not understand.</p>\n", "behavioralNote": null}, {"id": "COMP-UPGRADE-MISSING-CONN", "description": "Upgrade header without Connection: Upgrade must not trigger protocol switch", "category": "Compliance", "rfc": "RFC 9110 \u00a77.8", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "ClosedByServer", "reason": "Upgrade header without Connection: Upgrade must not trigger protocol switch", "scored": true, "durationMs": 51.0085, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 13\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:58 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-UPGRADE-UNKNOWN", "description": "Upgrade to unknown protocol must not return 101", "category": "Compliance", "rfc": "RFC 9110 \u00a77.8", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "ClosedByServer", "reason": "Upgrade to unknown protocol must not return 101", "scored": true, "durationMs": 51.0268, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: totally-made-up/1.0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:58 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-METHOD-CONNECT", "description": "CONNECT to an origin server must be rejected", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.6", "verdict": "Fail", "statusCode": 200, "expected": "400/405/501 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400/405/501 or close, got 200 \u2014 CONNECT to an origin server must be rejected", "scored": true, "durationMs": 51.0958, "rawRequest": "CONNECT example.com:443 HTTP/1.1\r\nHost: example.com:443\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:58 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-EXPECT-UNKNOWN", "description": "Unknown Expect value should be rejected with 417", "category": "Compliance", "rfc": "RFC 9110 \u00a710.1.1", "verdict": "Warn", "statusCode": 200, "expected": "417 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Unknown Expect value should be rejected with 417", "scored": true, "durationMs": 51.1795, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nExpect: 200-ok\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:58 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-GET-WITH-CL-BODY", "description": "GET with Content-Length and body \u2014 semantically unusual", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "GET with Content-Length and body \u2014 semantically unusual", "scored": false, "durationMs": 50.881, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:58 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-CHUNKED-EXTENSION", "description": "Chunk extension (valid per RFC) \u2014 server should accept or may reject", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": 500, "expected": "2xx or 400", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 2xx or 400, got 500 \u2014 Chunk extension (valid per RFC) \u2014 server should accept or may reject", "scored": true, "durationMs": 51.3861, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;ext=value\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 500 INTERNAL SERVER ERROR\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:58 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 265\r\nConnection: close\r\n\r\n<!doctype html>\n<html lang=en>\n<title>500 Internal Server Error</title>\n<h1>Internal Server Error</h1>\n<p>The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.</p>\n", "behavioralNote": null}, {"id": "COMP-UPGRADE-INVALID-VER", "description": "WebSocket upgrade with unsupported version \u2014 should return 426", "category": "Compliance", "rfc": "RFC 6455 \u00a74.4", "verdict": "Fail", "statusCode": 400, "expected": "426 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Expected 426 or 2xx, got 400 \u2014 WebSocket upgrade with unsupported version \u2014 should return 426", "scored": true, "durationMs": 51.0216, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 99\r\n\r\n", "rawResponse": "HTTP/1.1 400 BAD REQUEST\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:58 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 167\r\nConnection: close\r\n\r\n<!doctype html>\n<html lang=en>\n<title>400 Bad Request</title>\n<h1>Bad Request</h1>\n<p>The browser (or proxy) sent a request that this server could not understand.</p>\n", "behavioralNote": null}, {"id": "COMP-METHOD-TRACE", "description": "TRACE request \u2014 should be disabled in production", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.8", "verdict": "Warn", "statusCode": 200, "expected": "405/501 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "TRACE request \u2014 should be disabled in production", "scored": false, "durationMs": 50.9237, "rawRequest": "TRACE / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:58 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HOST-EMPTY-VALUE", "description": "Empty Host header value must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Empty Host header value must be rejected", "scored": true, "durationMs": 51.0373, "rawRequest": "GET / HTTP/1.1\r\nHost: \r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:58 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-REQUEST-LINE-TAB", "description": "Tab as request-line delimiter \u2014 SHOULD reject but MAY parse on whitespace", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Tab as request-line delimiter \u2014 SHOULD reject but MAY parse on whitespace", "scored": true, "durationMs": 50.9836, "rawRequest": "GET\t/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:58 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-VERSION-MISSING-MINOR", "description": "HTTP/1 with no minor version digit is invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "HTTP/1 with no minor version digit is invalid", "scored": true, "durationMs": 0.6404, "rawRequest": "GET / HTTP/1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-VERSION-LEADING-ZEROS", "description": "HTTP/01.01 \u2014 leading zeros in version digits are invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 HTTP/01.01 \u2014 leading zeros in version digits are invalid", "scored": true, "durationMs": 50.5053, "rawRequest": "GET / HTTP/01.01\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:58 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-VERSION-WHITESPACE", "description": "HTTP/ 1.1 \u2014 whitespace inside version token is invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "HTTP/ 1.1 \u2014 whitespace inside version token is invalid", "scored": true, "durationMs": 0.6198, "rawRequest": "GET / HTTP/ 1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-CONNECTION-CLOSE", "description": "Server must close connection after responding to Connection: close", "category": "Compliance", "rfc": "RFC 9112 \u00a79.3", "verdict": "Pass", "statusCode": 200, "expected": "2xx + close", "got": "200", "connectionState": "ClosedByServer", "reason": "Server must close connection after responding to Connection: close", "scored": true, "durationMs": 50.8372, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:58 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HTTP10-DEFAULT-CLOSE", "description": "HTTP/1.0 without keep-alive \u2014 server should close connection after response", "category": "Compliance", "rfc": "RFC 9112 \u00a79.3", "verdict": "Pass", "statusCode": 200, "expected": "2xx + close", "got": "200", "connectionState": "ClosedByServer", "reason": "HTTP/1.0 without keep-alive \u2014 server should close connection after response", "scored": true, "durationMs": 51.1858, "rawRequest": "GET / HTTP/1.0\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:59 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HTTP10-NO-HOST", "description": "HTTP/1.0 without Host header \u2014 valid per HTTP/1.0", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Warn", "statusCode": 200, "expected": "200 or 400", "got": "200", "connectionState": "ClosedByServer", "reason": "HTTP/1.0 without Host header \u2014 valid per HTTP/1.0", "scored": false, "durationMs": 51.0315, "rawRequest": "GET / HTTP/1.0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:59 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HTTP12-VERSION", "description": "HTTP/1.2 \u2014 higher minor version should be accepted as HTTP/1.x compatible", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Warn", "statusCode": 200, "expected": "200 or 505", "got": "200", "connectionState": "ClosedByServer", "reason": "HTTP/1.2 \u2014 higher minor version should be accepted as HTTP/1.x compatible", "scored": false, "durationMs": 51.1331, "rawRequest": "GET / HTTP/1.2\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:59 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-TRACE-WITH-BODY", "description": "TRACE with Content-Length body should be rejected", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.8", "verdict": "Warn", "statusCode": 200, "expected": "400/405 or 200", "got": "200", "connectionState": "ClosedByServer", "reason": "TRACE with Content-Length body should be rejected", "scored": false, "durationMs": 51.4576, "rawRequest": "TRACE / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:59 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-CHUNKED-TRAILER-VALID", "description": "Valid chunked body with trailer field should be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1.2", "verdict": "Fail", "statusCode": 500, "expected": "2xx", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 2xx, got 500 \u2014 Valid chunked body with trailer field should be accepted", "scored": true, "durationMs": 51.7031, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nX-Checksum: abc\r\n\r\n", "rawResponse": "HTTP/1.1 500 INTERNAL SERVER ERROR\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:59 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 265\r\nConnection: close\r\n\r\n<!doctype html>\n<html lang=en>\n<title>500 Internal Server Error</title>\n<h1>Internal Server Error</h1>\n<p>The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.</p>\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-HEX-UPPERCASE", "description": "Chunk size with uppercase hex (A = 10) should be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Chunk size with uppercase hex (A = 10) should be accepted", "scored": true, "durationMs": 51.091, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\nA\r\nhelloworld\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:59 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 10\r\nConnection: close\r\n\r\nhelloworld", "behavioralNote": null}, {"id": "SMUG-CL-TE-BOTH", "description": "Both Content-Length and Transfer-Encoding present \u2014 server MAY reject or process with TE alone", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Both Content-Length and Transfer-Encoding present \u2014 server MAY reject or process with TE alone", "scored": true, "durationMs": 51.1471, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 6\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:59 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 0\r\nConnection: close\r\n\r\n", "behavioralNote": "Used TE (chunked 0-length \u2192 empty body)"}, {"id": "SMUG-DUPLICATE-CL", "description": "Duplicate Content-Length with different values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Duplicate Content-Length with different values must be rejected", "scored": true, "durationMs": 51.1806, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nContent-Length: 10\r\n\r\nhelloworld", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:59 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 10\r\nConnection: close\r\n\r\nhelloworld", "behavioralNote": "Used second CL (10 bytes)"}, {"id": "SMUG-CL-LEADING-ZEROS", "description": "Content-Length with leading zeros \u2014 valid per 1*DIGIT grammar but may cause parser disagreement", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Content-Length with leading zeros \u2014 valid per 1*DIGIT grammar but may cause parser disagreement", "scored": true, "durationMs": 50.9098, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 005\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:59 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 5\r\nConnection: close\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TE-XCHUNKED", "description": "Transfer-Encoding: xchunked must not be treated as chunked", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding: xchunked must not be treated as chunked", "scored": true, "durationMs": 51.1161, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: xchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:59 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 5\r\nConnection: close\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-TE-TRAILING-SPACE", "description": "Transfer-Encoding: 'chunked ' (trailing space) must not be treated as chunked", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Transfer-Encoding: 'chunked ' (trailing space) must not be treated as chunked", "scored": true, "durationMs": 4999.7948, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked \r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-SP-BEFORE-COLON", "description": "Transfer-Encoding with space before colon must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a75", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding with space before colon must be rejected", "scored": true, "durationMs": 51.7129, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding : chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:04 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 0\r\nConnection: close\r\n\r\n", "behavioralNote": "Used TE (treated as chunked)"}, {"id": "SMUG-CL-NEGATIVE", "description": "Negative Content-Length must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Negative Content-Length must be rejected", "scored": true, "durationMs": 50.82, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: -1\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:04 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 0\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CLTE-PIPELINE", "description": "CL.TE smuggling probe \u2014 follow-up should not receive smuggled response", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "TimedOut", "reason": "Expected 400 or close, got 200 \u2014 CL.TE smuggling probe \u2014 follow-up should not receive smuggled response", "scored": true, "durationMs": 5001.2088, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 4\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:04 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 0\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TECL-PIPELINE", "description": "TE.CL smuggling probe \u2014 TE: chunked + CL: 30 with pipelined GET", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "TimedOut", "reason": "Expected 400 or close, got 200 \u2014 TE.CL smuggling probe \u2014 TE: chunked + CL: 30 with pipelined GET", "scored": true, "durationMs": 5001.7333, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nContent-Length: 30\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:09 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 0\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-TRAILING-SPACE", "description": "Content-Length with trailing space \u2014 OWS trimming is valid per RFC 9110 \u00a75.5", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Content-Length with trailing space \u2014 OWS trimming is valid per RFC 9110 \u00a75.5", "scored": true, "durationMs": 51.2029, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5 \r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:14 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 5\r\nConnection: close\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TE-DOUBLE-CHUNKED", "description": "Transfer-Encoding: chunked, chunked with CL is ambiguous", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: chunked, chunked with CL is ambiguous", "scored": true, "durationMs": 51.2511, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked, chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:14 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 5\r\nConnection: close\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-CL-EXTRA-LEADING-SP", "description": "Content-Length with extra leading whitespace (double space OWS)", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Content-Length with extra leading whitespace (double space OWS)", "scored": true, "durationMs": 50.8585, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length:  5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:14 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 5\r\nConnection: close\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TE-CASE-MISMATCH", "description": "Transfer-Encoding: Chunked (capital C) with CL \u2014 case-insensitive is valid", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Transfer-Encoding: Chunked (capital C) with CL \u2014 case-insensitive is valid", "scored": true, "durationMs": 5000.9371, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: Chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CL-COMMA-DIFFERENT", "description": "Content-Length with comma-separated different values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Content-Length with comma-separated different values must be rejected", "scored": true, "durationMs": 51.7009, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5, 10\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:19 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 0\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-NOT-FINAL-CHUNKED", "description": "Transfer-Encoding where chunked is not final \u2014 server MUST respond with 400 (RFC 9112 \u00a76.3)", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.3", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding where chunked is not final \u2014 server MUST respond with 400 (RFC 9112 \u00a76.3)", "scored": true, "durationMs": 51.0149, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked, gzip\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:19 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 0\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-HTTP10", "description": "Transfer-Encoding in HTTP/1.0 request must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Transfer-Encoding in HTTP/1.0 request must be rejected", "scored": true, "durationMs": 5000.431, "rawRequest": "POST / HTTP/1.0\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CHUNK-BARE-SEMICOLON", "description": "Chunk size with bare semicolon and no extension name must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": 500, "expected": "400 or close", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 500 \u2014 Chunk size with bare semicolon and no extension name must be rejected", "scored": true, "durationMs": 51.8681, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 500 INTERNAL SERVER ERROR\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:24 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 265\r\nConnection: close\r\n\r\n<!doctype html>\n<html lang=en>\n<title>500 Internal Server Error</title>\n<h1>Internal Server Error</h1>\n<p>The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.</p>\n", "behavioralNote": null}, {"id": "SMUG-BARE-CR-HEADER-VALUE", "description": "Bare CR in header value must be rejected or replaced with SP", "category": "Smuggling", "rfc": "RFC 9112 \u00a72.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Bare CR in header value must be rejected or replaced with SP", "scored": true, "durationMs": 50.9615, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nX-Test: val\rue\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:24 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 5\r\nConnection: close\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-CL-OCTAL", "description": "Content-Length with octal prefix (0o5) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Content-Length with octal prefix (0o5) must be rejected", "scored": true, "durationMs": 51.0222, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0o5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:25 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 0\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-UNDERSCORE", "description": "Chunk size with underscores (1_0) must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Chunk size with underscores (1_0) must be rejected", "scored": true, "durationMs": 50.9653, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n1_0\r\nhello world!!!!!\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:25 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 16\r\nConnection: close\r\n\r\nhello world!!!!!", "behavioralNote": null}, {"id": "SMUG-TE-EMPTY-VALUE", "description": "Transfer-Encoding with empty value must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding with empty value must be rejected", "scored": true, "durationMs": 50.9303, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:25 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 5\r\nConnection: close\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-TE-LEADING-COMMA", "description": "Transfer-Encoding with leading comma (, chunked) \u2014 RFC says empty list elements MUST be ignored", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.6.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with leading comma (, chunked) \u2014 RFC says empty list elements MUST be ignored", "scored": true, "durationMs": 51.0064, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: , chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:25 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 5\r\nConnection: close\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-TE-DUPLICATE-HEADERS", "description": "Two Transfer-Encoding headers with CL present \u2014 ambiguous framing", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Two Transfer-Encoding headers with CL present \u2014 ambiguous framing", "scored": true, "durationMs": 51.2549, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nTransfer-Encoding: identity\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:25 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 5\r\nConnection: close\r\n\r\n", "behavioralNote": "Used TE (treated as chunked)"}, {"id": "SMUG-CHUNK-HEX-PREFIX", "description": "Chunk size with 0x prefix must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Chunk size with 0x prefix must be rejected", "scored": true, "durationMs": 50.8914, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n0x5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:25 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 5\r\nConnection: close\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-CL-HEX-PREFIX", "description": "Content-Length with hex prefix (0x5) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Content-Length with hex prefix (0x5) must be rejected", "scored": true, "durationMs": 49.9664, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0x5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:25 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 0\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-INTERNAL-SPACE", "description": "Content-Length with internal space (1 0) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Content-Length with internal space (1 0) must be rejected", "scored": true, "durationMs": 51.2946, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 1 0\r\n\r\nhello12345", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:25 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 0\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-LEADING-SP", "description": "Chunk size with leading space must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Chunk size with leading space must be rejected", "scored": true, "durationMs": 51.1973, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n 5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:25 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 5\r\nConnection: close\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-CHUNK-MISSING-TRAILING-CRLF", "description": "Chunk data without trailing CRLF must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 500, "expected": "400 or close", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 500 \u2014 Chunk data without trailing CRLF must be rejected", "scored": true, "durationMs": 51.7241, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello0\r\n\r\n", "rawResponse": "HTTP/1.1 500 INTERNAL SERVER ERROR\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:25 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 265\r\nConnection: close\r\n\r\n<!doctype html>\n<html lang=en>\n<title>500 Internal Server Error</title>\n<h1>Internal Server Error</h1>\n<p>The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.</p>\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-LF", "description": "Bare LF in chunk extension \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": 500, "expected": "400 or 2xx", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or 2xx, got 500 \u2014 Bare LF in chunk extension \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 51.8133, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 500 INTERNAL SERVER ERROR\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:25 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 265\r\nConnection: close\r\n\r\n<!doctype html>\n<html lang=en>\n<title>500 Internal Server Error</title>\n<h1>Internal Server Error</h1>\n<p>The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.</p>\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-SPILL", "description": "Chunk declares size 5 but sends 7 bytes \u2014 oversized chunk data must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 500, "expected": "400 or close", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 500 \u2014 Chunk declares size 5 but sends 7 bytes \u2014 oversized chunk data must be rejected", "scored": true, "durationMs": 51.2511, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello!!\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 500 INTERNAL SERVER ERROR\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:25 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 265\r\nConnection: close\r\n\r\n<!doctype html>\n<html lang=en>\n<title>500 Internal Server Error</title>\n<h1>Internal Server Error</h1>\n<p>The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.</p>\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-LF-TERM", "description": "Bare LF as chunk data terminator \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Bare LF as chunk data terminator \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 51.068, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:25 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 5\r\nConnection: close\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-CTRL", "description": "NUL byte in chunk extension must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": 500, "expected": "400 or close", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 500 \u2014 NUL byte in chunk extension must be rejected", "scored": true, "durationMs": 51.3776, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\u0000ext\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 500 INTERNAL SERVER ERROR\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:25 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 265\r\nConnection: close\r\n\r\n<!doctype html>\n<html lang=en>\n<title>500 Internal Server Error</title>\n<h1>Internal Server Error</h1>\n<p>The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.</p>\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-CR", "description": "Bare CR (not CRLF) in chunk extension \u2014 some parsers treat CR alone as line ending", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": 500, "expected": "400 or close", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 500 \u2014 Bare CR (not CRLF) in chunk extension \u2014 some parsers treat CR alone as line ending", "scored": true, "durationMs": 51.1065, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;a\rX\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 500 INTERNAL SERVER ERROR\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:25 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 265\r\nConnection: close\r\n\r\n<!doctype html>\n<html lang=en>\n<title>500 Internal Server Error</title>\n<h1>Internal Server Error</h1>\n<p>The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.</p>\n", "behavioralNote": null}, {"id": "SMUG-TE-VTAB", "description": "Vertical tab before 'chunked' in TE value \u2014 control char obfuscation vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Vertical tab before 'chunked' in TE value \u2014 control char obfuscation vector", "scored": true, "durationMs": 5000.3472, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \u000bchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-FORMFEED", "description": "Form feed before 'chunked' in TE value \u2014 control char obfuscation vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Form feed before 'chunked' in TE value \u2014 control char obfuscation vector", "scored": true, "durationMs": 5000.8455, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \fchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-NULL", "description": "NUL byte appended to 'chunked' in TE value \u2014 C-string truncation attack", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 NUL byte appended to 'chunked' in TE value \u2014 C-string truncation attack", "scored": true, "durationMs": 51.5911, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\u0000\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:35 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 5\r\nConnection: close\r\n\r\n", "behavioralNote": "Used TE (treated as chunked)"}, {"id": "SMUG-CHUNK-LF-TRAILER", "description": "Bare LF in chunked trailer termination \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Bare LF in chunked trailer termination \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 51.0847, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:35 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 5\r\nConnection: close\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TE-IDENTITY", "description": "Transfer-Encoding: identity (deprecated) with CL must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding: identity (deprecated) with CL must be rejected", "scored": true, "durationMs": 51.1059, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: identity\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:35 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 5\r\nConnection: close\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-CHUNK-NEGATIVE", "description": "Negative chunk size must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 500, "expected": "400 or close", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 500 \u2014 Negative chunk size must be rejected", "scored": true, "durationMs": 50.4409, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n-1\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 500 INTERNAL SERVER ERROR\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:35 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 265\r\nConnection: close\r\n\r\n<!doctype html>\n<html lang=en>\n<title>500 Internal Server Error</title>\n<h1>Internal Server Error</h1>\n<p>The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.</p>\n", "behavioralNote": null}, {"id": "SMUG-TRANSFER_ENCODING", "description": "Transfer_Encoding (underscore) header with CL \u2014 not a valid header but some parsers accept", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Transfer_Encoding (underscore) header with CL \u2014 not a valid header but some parsers accept", "scored": false, "durationMs": 50.9811, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer_Encoding: chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:35 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 5\r\nConnection: close\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-CL-COMMA-SAME", "description": "Content-Length with comma-separated identical values \u2014 some servers merge", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Content-Length with comma-separated identical values \u2014 some servers merge", "scored": false, "durationMs": 50.088, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5, 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:36 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 0\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNKED-WITH-PARAMS", "description": "Transfer-Encoding: chunked;ext=val \u2014 parameters on chunked encoding", "category": "Smuggling", "rfc": "RFC 9112 \u00a77", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: chunked;ext=val \u2014 parameters on chunked encoding", "scored": true, "durationMs": 50.9237, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked;ext=val\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:36 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 5\r\nConnection: close\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-EXPECT-100-CL", "description": "Expect: 100-continue with Content-Length \u2014 server should send 100 then read body", "category": "Smuggling", "rfc": "RFC 9110 \u00a710.1.1", "verdict": "Fail", "statusCode": 100, "expected": "400 or 2xx", "got": "100", "connectionState": "Open", "reason": "Expected 400 or 2xx, got 100 \u2014 Expect: 100-continue with Content-Length \u2014 server should send 100 then read body", "scored": false, "durationMs": 50.765, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nExpect: 100-continue\r\n\r\nhello", "rawResponse": "HTTP/1.1 100 Continue\r\n\r\nHTTP/1.1 100 Continue\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-CL", "description": "Content-Length in chunked trailers must be ignored \u2014 prohibited trailer field", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Fail", "statusCode": 500, "expected": "400 or 2xx", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or 2xx, got 500 \u2014 Content-Length in chunked trailers must be ignored \u2014 prohibited trailer field", "scored": false, "durationMs": 51.5309, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nContent-Length: 50\r\n\r\n", "rawResponse": "HTTP/1.1 500 INTERNAL SERVER ERROR\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:36 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 265\r\nConnection: close\r\n\r\n<!doctype html>\n<html lang=en>\n<title>500 Internal Server Error</title>\n<h1>Internal Server Error</h1>\n<p>The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.</p>\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-TE", "description": "Transfer-Encoding in chunked trailers must be ignored \u2014 prohibited trailer field", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Fail", "statusCode": 500, "expected": "400 or 2xx", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or 2xx, got 500 \u2014 Transfer-Encoding in chunked trailers must be ignored \u2014 prohibited trailer field", "scored": false, "durationMs": 51.2781, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nTransfer-Encoding: chunked\r\n\r\n", "rawResponse": "HTTP/1.1 500 INTERNAL SERVER ERROR\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:36 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 265\r\nConnection: close\r\n\r\n<!doctype html>\n<html lang=en>\n<title>500 Internal Server Error</title>\n<h1>Internal Server Error</h1>\n<p>The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.</p>\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-HOST", "description": "Host header in chunked trailers must not be used for routing", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.2", "verdict": "Fail", "statusCode": 500, "expected": "400 or 2xx", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or 2xx, got 500 \u2014 Host header in chunked trailers must not be used for routing", "scored": false, "durationMs": 51.2714, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nHost: evil.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 500 INTERNAL SERVER ERROR\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:36 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 265\r\nConnection: close\r\n\r\n<!doctype html>\n<html lang=en>\n<title>500 Internal Server Error</title>\n<h1>Internal Server Error</h1>\n<p>The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.</p>\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-AUTH", "description": "Authorization header in chunked trailers \u2014 prohibited per RFC 9110 \u00a76.5.1", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Fail", "statusCode": 500, "expected": "400 or 2xx", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or 2xx, got 500 \u2014 Authorization header in chunked trailers \u2014 prohibited per RFC 9110 \u00a76.5.1", "scored": false, "durationMs": 51.3456, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nAuthorization: Bearer evil\r\n\r\n", "rawResponse": "HTTP/1.1 500 INTERNAL SERVER ERROR\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:36 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 265\r\nConnection: close\r\n\r\n<!doctype html>\n<html lang=en>\n<title>500 Internal Server Error</title>\n<h1>Internal Server Error</h1>\n<p>The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.</p>\n", "behavioralNote": null}, {"id": "SMUG-HEAD-CL-BODY", "description": "HEAD request with Content-Length and body \u2014 server must not leave body on connection", "category": "Smuggling", "rfc": "RFC 9110 \u00a79.3.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "HEAD request with Content-Length and body \u2014 server must not leave body on connection", "scored": false, "durationMs": 50.9902, "rawRequest": "HEAD / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:36 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-OPTIONS-CL-BODY", "description": "OPTIONS with Content-Length and body \u2014 server should consume or reject body", "category": "Smuggling", "rfc": "RFC 9110 \u00a79.3.7", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "OPTIONS with Content-Length and body \u2014 server should consume or reject body", "scored": false, "durationMs": 51.1384, "rawRequest": "OPTIONS / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:36 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "SMUG-CL-UNDERSCORE", "description": "Content-Length with underscore digit separator (1_0) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Content-Length with underscore digit separator (1_0) must be rejected", "scored": true, "durationMs": 50.916, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 1_0\r\n\r\nhelloworld", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:36 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 0\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-NEGATIVE-ZERO", "description": "Content-Length: -0 must be rejected \u2014 not valid 1*DIGIT", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Content-Length: -0 must be rejected \u2014 not valid 1*DIGIT", "scored": true, "durationMs": 50.9624, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: -0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:36 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 0\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-DOUBLE-ZERO", "description": "Content-Length: 00 \u2014 matches 1*DIGIT but leading zero ambiguity", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Content-Length: 00 \u2014 matches 1*DIGIT but leading zero ambiguity", "scored": true, "durationMs": 51.3054, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 00\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:36 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 0\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-LEADING-ZEROS-OCTAL", "description": "Content-Length: 0200 \u2014 octal 128 vs decimal 200, parser disagreement vector", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Content-Length: 0200 \u2014 octal 128 vs decimal 200, parser disagreement vector", "scored": true, "durationMs": 51.2977, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0200\r\n\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:36 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 200\r\nConnection: close\r\n\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "behavioralNote": null}, {"id": "SMUG-TE-OBS-FOLD", "description": "Transfer-Encoding with obs-fold line wrapping must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a75.1", "verdict": "Fail", "statusCode": null, "expected": "400", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400, got TimedOut \u2014 Transfer-Encoding with obs-fold line wrapping must be rejected", "scored": true, "durationMs": 5000.441, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding:\r\n chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-TRAILING-COMMA", "description": "Transfer-Encoding: chunked, \u2014 trailing comma produces empty list element", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.6.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: chunked, \u2014 trailing comma produces empty list element", "scored": true, "durationMs": 51.7338, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked,\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:41 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 5\r\nConnection: close\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-TE-TAB-BEFORE-VALUE", "description": "Transfer-Encoding with tab as OWS before value", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Transfer-Encoding with tab as OWS before value", "scored": false, "durationMs": 5000.6487, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding:\tchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-ABSOLUTE-URI-HOST-MISMATCH", "description": "Absolute-form URI with different Host header \u2014 routing confusion vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a73.2.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Absolute-form URI with different Host header \u2014 routing confusion vector", "scored": false, "durationMs": 51.8785, "rawRequest": "GET http://other.example.com/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:46 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "SMUG-MULTIPLE-HOST-COMMA", "description": "Host header with comma-separated values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a77.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Host header with comma-separated values must be rejected", "scored": true, "durationMs": 51.031, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080, other.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:46 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "SMUG-CHUNK-BARE-CR-TERM", "description": "Chunk size line terminated by bare CR \u2014 not a valid line terminator", "category": "Smuggling", "rfc": "RFC 9112 \u00a72.2", "verdict": "Fail", "statusCode": 500, "expected": "400 or close", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 500 \u2014 Chunk size line terminated by bare CR \u2014 not a valid line terminator", "scored": true, "durationMs": 51.7973, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\rhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 500 INTERNAL SERVER ERROR\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:46 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 265\r\nConnection: close\r\n\r\n<!doctype html>\n<html lang=en>\n<title>500 Internal Server Error</title>\n<h1>Internal Server Error</h1>\n<p>The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.</p>\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-CONTENT-TYPE", "description": "Content-Type in chunked trailer \u2014 prohibited per RFC 9110 \u00a76.5.1", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Fail", "statusCode": 500, "expected": "400 or 2xx", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or 2xx, got 500 \u2014 Content-Type in chunked trailer \u2014 prohibited per RFC 9110 \u00a76.5.1", "scored": false, "durationMs": 51.6488, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nContent-Type: text/evil\r\n\r\n", "rawResponse": "HTTP/1.1 500 INTERNAL SERVER ERROR\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:46 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 265\r\nConnection: close\r\n\r\n<!doctype html>\n<html lang=en>\n<title>500 Internal Server Error</title>\n<h1>Internal Server Error</h1>\n<p>The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.</p>\n", "behavioralNote": null}, {"id": "MAL-BINARY-GARBAGE", "description": "Random binary garbage should be rejected or connection closed", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "Random binary garbage should be rejected or connection closed", "scored": true, "durationMs": 0.9069, "rawRequest": ">\u0017???\u0004?;???V???:o?M%U\u0017]?n?\t\u0014W??6??(\u000b??\u0007???p??\u0005\tngk??\rF?'??'\"?????g?\u001a?????rvc??7i??????)??\u0000Q?????\u000eq\u0005-~????>B??u?8???`\u000b?J\u0017>?\u001d?b?\t???T5{\n????\u0006t|????\u0018\u0010?D??\u0015'????dQ%5w\tN K???\r?\u0011????D?\u0003I?(?\u0011??\r?\u001bi?L???\u0005?kg4Ze\f6??\"QT><<`\u0007u\f????=1?jMah\u0012??+?-??J\u001cP??\u001d?7?,???j2\u0014????(", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-LONG-URL", "description": "100KB URL should be rejected with 414 URI Too Long", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 414, "expected": "400/414/431 or close", "got": "414", "connectionState": "ClosedByServer", "reason": "100KB URL should be rejected with 414 URI Too Long", "scored": true, "durationMs": 50.8257, "rawRequest": "GET /AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 414 Request-URI Too Long\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:46 GMT\r\nConnection: close\r\nContent-Type: text/html;charset=utf-8\r\nContent-Length: 327\r\n\r\n<!DOCTYPE HTML>\n<html lang=\"en\">\n    <head>\n        <meta charset=\"utf-8\">\n        <title>Error response</title>\n    </head>\n    <body>\n        <h1>Error response</h1>\n        <p>Error code: 414</p>\n        <p>Message: Request-URI Too Long.</p>\n        <p>Error code explanation: 414 - URI is too long.</p>\n    </body>\n</html>\n", "behavioralNote": null}, {"id": "MAL-LONG-HEADER-VALUE", "description": "100KB header value should be rejected with 431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 431, "expected": "400/431 or close", "got": "431", "connectionState": "ClosedByServer", "reason": "100KB header value should be rejected with 431", "scored": true, "durationMs": 50.9053, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Big: BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB", "rawResponse": "HTTP/1.1 431 Line too long\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:47 GMT\r\nConnection: close\r\nContent-Type: text/html;charset=utf-8\r\nContent-Length: 355\r\n\r\n<!DOCTYPE HTML>\n<html lang=\"en\">\n    <head>\n        <meta charset=\"utf-8\">\n        <title>Error response</title>\n    </head>\n    <body>\n        <h1>Error response</h1>\n        <p>Error code: 431</p>\n        <p>Message: Line too long.</p>\n        <p>Error code explanation: 431 - got more than 65536 bytes when reading header line.</p>\n    </body>\n</html>\n", "behavioralNote": null}, {"id": "MAL-MANY-HEADERS", "description": "10,000 headers should be rejected with 431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 431, "expected": "400/431 or close", "got": "431", "connectionState": "ClosedByServer", "reason": "10,000 headers should be rejected with 431", "scored": true, "durationMs": 51.3725, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-H-0: value\r\nX-H-1: value\r\nX-H-2: value\r\nX-H-3: value\r\nX-H-4: value\r\nX-H-5: value\r\nX-H-6: value\r\nX-H-7: value\r\nX-H-8: value\r\nX-H-9: value\r\nX-H-10: value\r\nX-H-11: value\r\nX-H-12: value\r\nX-H-13: value\r\nX-H-14: value\r\nX-H-15: value\r\nX-H-16: value\r\nX-H-17: value\r\nX-H-18: value\r\nX-H-19: value\r\nX-H-20: value\r\nX-H-21: value\r\nX-H-22: value\r\nX-H-23: value\r\nX-H-24: value\r\nX-H-25: value\r\nX-H-26: value\r\nX-H-27: value\r\nX-H-28: value\r\nX-H-29: value\r\nX-H-30: value\r\nX-H-31: value\r\nX-H-32: value\r\nX-H-33: value\r\nX-H-34: value\r\nX-H-35: value\r\nX-H-36: value\r\nX-H-37: value\r\nX-H-38: value\r\nX-H-39: value\r\nX-H-40: value\r\nX-H-41: value\r\nX-H-42: value\r\nX-H-43: value\r\nX-H-44: value\r\nX-H-45: value\r\nX-H-46: value\r\nX-H-47: value\r\nX-H-48: value\r\nX-H-49: value\r\nX-H-50: value\r\nX-H-51: value\r\nX-H-52: value\r\nX-H-53: value\r\nX-H-54: value\r\nX-H-55: value\r\nX-H-56: value\r\nX-H-57: value\r\nX-H-58: value\r\nX-H-59: value\r\nX-H-60: value\r\nX-H-61: value\r\nX-H-62: value\r\nX-H-63: value\r\nX-H-64: value\r\nX-H-65: value\r\nX-H-66: value\r\nX-H-67: value\r\nX-H-68: value\r\nX-H-69: value\r\nX-H-70: value\r\nX-H-71: value\r\nX-H-72: value\r\nX-H-73: value\r\nX-H-74: value\r\nX-H-75: value\r\nX-H-76: value\r\nX-H-77: value\r\nX-H-78: value\r\nX-H-79: value\r\nX-H-80: value\r\nX-H-81: value\r\nX-H-82: value\r\nX-H-83: value\r\nX-H-84: value\r\nX-H-85: value\r\nX-H-86: value\r\nX-H-87: value\r\nX-H-88: value\r\nX-H-89: value\r\nX-H-90: value\r\nX-H-91: value\r\nX-H-92: value\r\nX-H-93: value\r\nX-H-94: value\r\nX-H-95: value\r\nX-H-96: value\r\nX-H-97: value\r\nX-H-98: value\r\nX-H-99: value\r\nX-H-100: value\r\nX-H-101: value\r\nX-H-102: value\r\nX-H-103: value\r\nX-H-104: value\r\nX-H-105: value\r\nX-H-106: value\r\nX-H-107: value\r\nX-H-108: value\r\nX-H-109: value\r\nX-H-110: value\r\nX-H-111: value\r\nX-H-112: value\r\nX-H-113: value\r\nX-H-114: value\r\nX-H-115: value\r\nX-H-116: value\r\nX-H-117: value\r\nX-H-118: value\r\nX-H-119: value\r\nX-H-120: value\r\nX-H-121: value\r\nX-H-122: value\r\nX-H-123: value\r\nX-H-124: value\r\nX-H-125: value\r\nX-H-126: value\r\nX-H-127: value\r\nX-H-128: value\r\nX-H-129: value\r\nX-H-130: value\r\nX-H-131: value\r\nX-H-132: value\r\nX-H-133: value\r\nX-H-134: value\r\nX-H-135: value\r\nX-H-136: value\r\nX-H-137: value\r\nX-H-138: value\r\nX-H-139: value\r\nX-H-140: value\r\nX-H-141: value\r\nX-H-142: value\r\nX-H-143: value\r\nX-H-144: value\r\nX-H-145: value\r\nX-H-146: value\r\nX-H-147: value\r\nX-H-148: value\r\nX-H-149: value\r\nX-H-150: value\r\nX-H-151: value\r\nX-H-152: value\r\nX-H-153: value\r\nX-H-154: value\r\nX-H-155: value\r\nX-H-156: value\r\nX-H-157: value\r\nX-H-158: value\r\nX-H-159: value\r\nX-H-160: value\r\nX-H-161: value\r\nX-H-162: value\r\nX-H-163: value\r\nX-H-164: value\r\nX-H-165: value\r\nX-H-166: value\r\nX-H-167: value\r\nX-H-168: value\r\nX-H-169: value\r\nX-H-170: value\r\nX-H-171: value\r\nX-H-172: value\r\nX-H-173: value\r\nX-H-174: value\r\nX-H-175: value\r\nX-H-176: value\r\nX-H-177: value\r\nX-H-178: value\r\nX-H-179: value\r\nX-H-180: value\r\nX-H-181: value\r\nX-H-182: value\r\nX-H-183: value\r\nX-H-184: value\r\nX-H-185: value\r\nX-H-186: value\r\nX-H-187: value\r\nX-H-188: value\r\nX-H-189: value\r\nX-H-190: value\r\nX-H-191: value\r\nX-H-192: value\r\nX-H-193: value\r\nX-H-194: value\r\nX-H-195: value\r\nX-H-196: value\r\nX-H-197: value\r\nX-H-198: value\r\nX-H-199: value\r\nX-H-200: value\r\nX-H-201: value\r\nX-H-202: value\r\nX-H-203: value\r\nX-H-204: value\r\nX-H-205: value\r\nX-H-206: value\r\nX-H-207: value\r\nX-H-208: value\r\nX-H-209: value\r\nX-H-210: value\r\nX-H-211: value\r\nX-H-212: value\r\nX-H-213: value\r\nX-H-214: value\r\nX-H-215: value\r\nX-H-216: value\r\nX-H-217: value\r\nX-H-218: value\r\nX-H-219: value\r\nX-H-220: value\r\nX-H-221: value\r\nX-H-222: value\r\nX-H-223: value\r\nX-H-224: value\r\nX-H-225: value\r\nX-H-226: value\r\nX-H-227: value\r\nX-H-228: value\r\nX-H-229: value\r\nX-H-230: value\r\nX-H-231: value\r\nX-H-232: value\r\nX-H-233: value\r\nX-H-234: value\r\nX-H-235: value\r\nX-H-236: value\r\nX-H-237: value\r\nX-H-238: value\r\nX-H-239: value\r\nX-H-240: value\r\nX-H-241: value\r\nX-H-242: value\r\nX-H-243: value\r\nX-H-244: value\r\nX-H-245: value\r\nX-H-246: value\r\nX-H-247: value\r\nX-H-248: value\r\nX-H-249: value\r\nX-H-250: value\r\nX-H-251: value\r\nX-H-252: value\r\nX-H-253: value\r\nX-H-254: value\r\nX-H-255: value\r\nX-H-256: value\r\nX-H-257: value\r\nX-H-258: value\r\nX-H-259: value\r\nX-H-260: value\r\nX-H-261: value\r\nX-H-262: value\r\nX-H-263: value\r\nX-H-264: value\r\nX-H-265: value\r\nX-H-266: value\r\nX-H-267: value\r\nX-H-268: value\r\nX-H-269: value\r\nX-H-270: value\r\nX-H-271: value\r\nX-H-272: value\r\nX-H-273: value\r\nX-H-274: value\r\nX-H-275: value\r\nX-H-276: value\r\nX-H-277: value\r\nX-H-278: value\r\nX-H-279: value\r\nX-H-280: value\r\nX-H-281: value\r\nX-H-282: value\r\nX-H-283: value\r\nX-H-284: value\r\nX-H-285: value\r\nX-H-286: value\r\nX-H-287: value\r\nX-H-288: value\r\nX-H-289: value\r\nX-H-290: value\r\nX-H-291: value\r\nX-H-292: value\r\nX-H-293: value\r\nX-H-294: value\r\nX-H-295: value\r\nX-H-296: value\r\nX-H-297: value\r\nX-H-298: value\r\nX-H-299: value\r\nX-H-300: value\r\nX-H-301: value\r\nX-H-302: value\r\nX-H-303: value\r\nX-H-304: value\r\nX-H-305: value\r\nX-H-306: value\r\nX-H-307: value\r\nX-H-308: value\r\nX-H-309: value\r\nX-H-310: value\r\nX-H-311: value\r\nX-H-312: value\r\nX-H-313: value\r\nX-H-314: value\r\nX-H-315: value\r\nX-H-316: value\r\nX-H-317: value\r\nX-H-318: value\r\nX-H-319: value\r\nX-H-320: value\r\nX-H-321: value\r\nX-H-322: value\r\nX-H-323: value\r\nX-H-324: value\r\nX-H-325: value\r\nX-H-326: value\r\nX-H-327: value\r\nX-H-328: value\r\nX-H-329: value\r\nX-H-330: value\r\nX-H-331: value\r\nX-H-332: value\r\nX-H-333: value\r\nX-H-334: value\r\nX-H-335: value\r\nX-H-336: value\r\nX-H-337: value\r\nX-H-338: value\r\nX-H-339: value\r\nX-H-340: value\r\nX-H-341: value\r\nX-H-342: value\r\nX-H-343: value\r\nX-H-344: value\r\nX-H-345: value\r\nX-H-346: value\r\nX-H-347: value\r\nX-H-348: value\r\nX-H-349: value\r\nX-H-350: value\r\nX-H-351: value\r\nX-H-352: value\r\nX-H-353: value\r\nX-H-354: value\r\nX-H-355: value\r\nX-H-356: value\r\nX-H-357: value\r\nX-H-358: value\r\nX-H-359: value\r\nX-H-360: value\r\nX-H-361: value\r\nX-H-362: value\r\nX-H-363: value\r\nX-H-364: value\r\nX-H-365: value\r\nX-H-366: value\r\nX-H-367: value\r\nX-H-368: value\r\nX-H-369: value\r\nX-H-370: value\r\nX-H-371: value\r\nX-H-372: value\r\nX-H-373: value\r\nX-H-374: value\r\nX-H-375: value\r\nX-H-376: value\r\nX-H-377: value\r\nX-H-378: value\r\nX-H-379: value\r\nX-H-380: value\r\nX-H-381: value\r\nX-H-382: value\r\nX-H-383: value\r\nX-H-384: value\r\nX-H-385: value\r\nX-H-386: value\r\nX-H-387: value\r\nX-H-388: value\r\nX-H-389: value\r\nX-H-390: value\r\nX-H-391: value\r\nX-H-392: value\r\nX-H-393: value\r\nX-H-394: value\r\nX-H-395: value\r\nX-H-396: value\r\nX-H-397: value\r\nX-H-398: value\r\nX-H-399: value\r\nX-H-400: value\r\nX-H-401: value\r\nX-H-402: value\r\nX-H-403: value\r\nX-H-404: value\r\nX-H-405: value\r\nX-H-406: value\r\nX-H-407: value\r\nX-H-408: value\r\nX-H-409: value\r\nX-H-410: value\r\nX-H-411: value\r\nX-H-412: value\r\nX-H-413: value\r\nX-H-414: value\r\nX-H-415: value\r\nX-H-416: value\r\nX-H-417: value\r\nX-H-418: value\r\nX-H-419: value\r\nX-H-420: value\r\nX-H-421: value\r\nX-H-422: value\r\nX-H-423: value\r\nX-H-424: value\r\nX-H-425: value\r\nX-H-426: value\r\nX-H-427: value\r\nX-H-428: value\r\nX-H-429: value\r\nX-H-430: value\r\nX-H-431: value\r\nX-H-432: value\r\nX-H-433: value\r\nX-H-434: value\r\nX-H-435: value\r\nX-H-436: value\r\nX-H-437: value\r\nX-H-438: value\r\nX-H-439: value\r\nX-H-440: value\r\nX-H-441: value\r\nX-H-442: value\r\nX-H-443: value\r\nX-H-444: value\r\nX-H-445: value\r\nX-H-446: value\r\nX-H-447: value\r\nX-H-448: value\r\nX-H-449: value\r\nX-H-450: value\r\nX-H-451: value\r\nX-H-452: value\r\nX-H-453: value\r\nX-H-454: value\r\nX-H-455: value\r\nX-H-456: value\r\nX-H-457: value\r\nX-H-458: value\r\nX-H-459: value\r\nX-H-460: value\r\nX-H-461: value\r\nX-H-462: value\r\nX-H-463: value\r\nX-H-464: value\r\nX-H-465: value\r\nX-H-466: value\r\nX-H-467: value\r\nX-H-468: value\r\nX-H-469: value\r\nX-H-470: value\r\nX-H-471: value\r\nX-H-472: value\r\nX-H-473: value\r\nX-H-474: value\r\nX-H-475: value\r\nX-H-476: value\r\nX-H-477: value\r\nX-H-478: value\r\nX-H-479: value\r\nX-H-480: value\r\nX-H-481: value\r\nX-H-482: value\r\nX-H-483: value\r\nX-H-484: value\r\nX-H-485: value\r\nX-H-486: value\r\nX-H-487: value\r\nX-H-488: value\r\nX-H-489: value\r\nX-H-490: value\r\nX-H-491: value\r\nX-H-492: value\r\nX-H-493: value\r\nX-H-494: value\r\nX-H-495: value\r\nX-H-496: value\r\nX-H-497: value\r\nX-H-498: value\r\nX-H-499: value\r\nX-H-500: value\r\nX-H-501: value\r\nX-H-502: value\r\nX-H-503: value\r\nX-H-504: value\r\nX-H-505: value\r\nX-H-506: value\r\nX-H-507: value\r\nX-H-508: value\r\nX-H-509: value\r\nX-H-510: value\r\nX-H-511: value\r\nX-H-512: value\r\nX-H-513: value\r\nX-H-514: value\r\nX-H-515: value\r\nX-H-516:", "rawResponse": "HTTP/1.1 431 Too many headers\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:47 GMT\r\nConnection: close\r\nContent-Type: text/html;charset=utf-8\r\nContent-Length: 333\r\n\r\n<!DOCTYPE HTML>\n<html lang=\"en\">\n    <head>\n        <meta charset=\"utf-8\">\n        <title>Error response</title>\n    </head>\n    <body>\n        <h1>Error response</h1>\n        <p>Error code: 431</p>\n        <p>Message: Too many headers.</p>\n        <p>Error code explanation: 431 - got more than 100 headers.</p>\n    </body>\n</html>\n", "behavioralNote": null}, {"id": "MAL-NUL-IN-URL", "description": "NUL byte in URL should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 NUL byte in URL should be rejected", "scored": true, "durationMs": 50.9945, "rawRequest": "GET /\u0000test HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:47 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-CONTROL-CHARS-HEADER", "description": "Control characters in header value should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Control characters in header value should be rejected", "scored": true, "durationMs": 50.8824, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: abc\u0007\b?f\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:47 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-INCOMPLETE-REQUEST", "description": "Partial HTTP request \u2014 request-line and headers but no final CRLF", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Partial HTTP request \u2014 request-line and headers but no final CRLF", "scored": true, "durationMs": 5000.6172, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: value", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-EMPTY-REQUEST", "description": "Zero bytes \u2014 TCP connection established without sending any data", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Zero bytes \u2014 TCP connection established without sending any data", "scored": true, "durationMs": 5000.6772, "rawRequest": "", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-LONG-HEADER-NAME", "description": "100KB header name should be rejected with 400/431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 431, "expected": "400/431 or close", "got": "431", "connectionState": "ClosedByServer", "reason": "100KB header name should be rejected with 400/431", "scored": true, "durationMs": 50.7563, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 431 Line too long\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:57 GMT\r\nConnection: close\r\nContent-Type: text/html;charset=utf-8\r\nContent-Length: 355\r\n\r\n<!DOCTYPE HTML>\n<html lang=\"en\">\n    <head>\n        <meta charset=\"utf-8\">\n        <title>Error response</title>\n    </head>\n    <body>\n        <h1>Error response</h1>\n        <p>Error code: 431</p>\n        <p>Message: Line too long.</p>\n        <p>Error code explanation: 431 - got more than 65536 bytes when reading header line.</p>\n    </body>\n</html>\n", "behavioralNote": null}, {"id": "MAL-LONG-METHOD", "description": "100KB method name should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 414, "expected": "400 or close", "got": "414", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 414 \u2014 100KB method name should be rejected", "scored": true, "durationMs": 51.0386, "rawRequest": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 414 Request-URI Too Long\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:57 GMT\r\nConnection: close\r\nContent-Type: text/html;charset=utf-8\r\nContent-Length: 327\r\n\r\n<!DOCTYPE HTML>\n<html lang=\"en\">\n    <head>\n        <meta charset=\"utf-8\">\n        <title>Error response</title>\n    </head>\n    <body>\n        <h1>Error response</h1>\n        <p>Error code: 414</p>\n        <p>Message: Request-URI Too Long.</p>\n        <p>Error code explanation: 414 - URI is too long.</p>\n    </body>\n</html>\n", "behavioralNote": null}, {"id": "MAL-NON-ASCII-HEADER-NAME", "description": "Non-ASCII bytes (UTF-8 \u00eb) in header name must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Non-ASCII bytes (UTF-8 \u00eb) in header name must be rejected", "scored": true, "durationMs": 50.9741, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-T??st: value\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:57 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-NON-ASCII-URL", "description": "Non-ASCII bytes (UTF-8 \u00e9) in URL must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Non-ASCII bytes (UTF-8 \u00e9) in URL must be rejected", "scored": true, "durationMs": 50.9207, "rawRequest": "GET /caf?? HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:57 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-CL-OVERFLOW", "description": "Content-Length with integer overflow value must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Content-Length with integer overflow value must be rejected", "scored": true, "durationMs": 5000.5928, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 99999999999999999999\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-WHITESPACE-ONLY-LINE", "description": "Whitespace-only request line should be rejected or timeout", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "Whitespace-only request line should be rejected or timeout", "scored": true, "durationMs": 0.8114, "rawRequest": "   \r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-NUL-IN-HEADER-VALUE", "description": "NUL byte in header value should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 NUL byte in header value should be rejected", "scored": true, "durationMs": 50.9623, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: val\u0000ue\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:47:02 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-CHUNK-SIZE-OVERFLOW", "description": "Chunk size with integer overflow must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Chunk size with integer overflow must be rejected", "scored": true, "durationMs": 5000.197, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\nFFFFFFFFFFFFFFFF0\r\nhello\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-H2-PREFACE", "description": "HTTP/2 connection preface sent to HTTP/1.1 server must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/505/close/timeout", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "HTTP/2 connection preface sent to HTTP/1.1 server must be rejected", "scored": true, "durationMs": 2.5621, "rawRequest": "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-CL-EMPTY", "description": "Empty Content-Length value must be rejected", "category": "MalformedInput", "rfc": "RFC 9110 \u00a78.6", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Empty Content-Length value must be rejected", "scored": true, "durationMs": 54.1712, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: \r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:47:07 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 0\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-CL-TAB-BEFORE-VALUE", "description": "Content-Length with tab as OWS \u2014 valid per RFC but unusual", "category": "MalformedInput", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with tab as OWS \u2014 valid per RFC but unusual", "scored": true, "durationMs": 52.5457, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length:\t5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:47:07 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 5\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-URL-BACKSLASH", "description": "Backslash in URL path \u2014 not valid URI character, some servers normalize to /", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx/404", "got": "200", "connectionState": "ClosedByServer", "reason": "Backslash in URL path \u2014 not valid URI character, some servers normalize to /", "scored": true, "durationMs": 56.0703, "rawRequest": "GET /path\\file HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:47:07 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-URL-OVERLONG-UTF8", "description": "Overlong UTF-8 encoding of / (0xC0 0xAF) in URL must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Overlong UTF-8 encoding of / (0xC0 0xAF) in URL must be rejected", "scored": true, "durationMs": 60.2127, "rawRequest": "GET /?? HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:47:07 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-URL-PERCENT-NULL", "description": "Percent-encoded NUL byte (%00) in URL \u2014 security risk from null byte injection", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx/404", "got": "200", "connectionState": "ClosedByServer", "reason": "Percent-encoded NUL byte (%00) in URL \u2014 security risk from null byte injection", "scored": true, "durationMs": 55.8076, "rawRequest": "GET /path%00.html HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:47:07 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-URL-PERCENT-CRLF", "description": "Percent-encoded CRLF (%0d%0a) in URL \u2014 header injection if server decodes during parsing", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 404, "expected": "400 or 2xx/404", "got": "404", "connectionState": "Open", "reason": "Percent-encoded CRLF (%0d%0a) in URL \u2014 header injection if server decodes during parsing", "scored": true, "durationMs": 59.0245, "rawRequest": "GET /path%0d%0aX-Injected:%20true HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 NOT FOUND\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:47:07 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 207\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-CHUNK-EXT-64K", "description": "64KB chunk extension \u2014 tests extension length limits (CVE-2023-39326 class)", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 500, "expected": "400 or 2xx", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or 2xx, got 500 \u2014 64KB chunk extension \u2014 tests extension length limits (CVE-2023-39326 class)", "scored": true, "durationMs": 62.2175, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;ext=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "rawResponse": "HTTP/1.1 500 INTERNAL SERVER ERROR\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:47:07 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 265\r\nConnection: close\r\n\r\n<!doctype html>\n<html lang=en>\n<title>500 Internal Server Error</title>\n<h1>Internal Server Error</h1>\n<p>The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.</p>\n", "behavioralNote": null}, {"id": "MAL-RANGE-OVERLAPPING", "description": "1000 overlapping Range values \u2014 resource exhaustion vector (CVE-2011-3192 class)", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "200/206/400/416", "got": "200", "connectionState": "Open", "reason": "1000 overlapping Range values \u2014 resource exhaustion vector (CVE-2011-3192 class)", "scored": false, "durationMs": 68.5472, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nRange: bytes=0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:47:07 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-POST-CL-HUGE-NO-BODY", "description": "POST with Content-Length: 999999999 but no body \u2014 tests timeout vs memory allocation", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "POST with Content-Length: 999999999 but no body \u2014 tests timeout vs memory allocation", "scored": true, "durationMs": 5000.6755, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 999999999\r\n\r\n", "rawResponse": null, "behavioralNote": null}], "name": "Flask", "language": "Python"}, {"summary": {"total": 143, "scored": 125, "passed": 78, "failed": 31, "warnings": 16, "unscored": 18}, "results": [{"id": "COMP-BASELINE", "description": "Valid GET request \u2014 confirms server is reachable", "category": "Compliance", "rfc": null, "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Valid GET request \u2014 confirms server is reachable", "scored": true, "durationMs": 63.2272, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:28 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-2.2-BARE-LF-REQUEST-LINE", "description": "Bare LF in request line should be rejected, but MAY be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close (pass), 2xx (warn)", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare LF in request line should be rejected, but MAY be accepted", "scored": true, "durationMs": 51.417, "rawRequest": "GET / HTTP/1.1\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 218\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Version &#x27;Invalid HTTP Version: &#x27;HTTP/1.1\\nHost: localhost:8080&#x27;&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "RFC9112-2.2-BARE-LF-HEADER", "description": "Bare LF in header should be rejected, but MAY be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close (pass), 2xx (warn)", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare LF in header should be rejected, but MAY be accepted", "scored": true, "durationMs": 50.571, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\nX-Test: value\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 158\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27;HOST&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "RFC9112-5.1-OBS-FOLD", "description": "Obs-fold (line folding) in headers should be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75.1", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Obs-fold (line folding) in headers should be rejected", "scored": true, "durationMs": 50.558, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: value\r\n continued\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 178\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Obsolete line folding is unacceptable: &#x27;X-TEST&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "RFC9110-5.6.2-SP-BEFORE-COLON", "description": "Whitespace between header name and colon must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Whitespace between header name and colon must be rejected", "scored": true, "durationMs": 50.369, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test : value\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 166\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP header name: &#x27;X-Test &#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "RFC9112-3-MULTI-SP-REQUEST-LINE", "description": "Multiple spaces between request-line components \u2014 SHOULD reject but MAY parse leniently", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Multiple spaces between request-line components \u2014 SHOULD reject but MAY parse leniently", "scored": true, "durationMs": 50.5926, "rawRequest": "GET  / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 208\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid Request Line &#x27;Invalid HTTP request line: &#x27;GET  / HTTP/1.1&#x27;&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "RFC9112-7.1-MISSING-HOST", "description": "Request without Host header must be rejected with 400", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "Open", "reason": "Expected 400, got 200 \u2014 Request without Host header must be rejected with 400", "scored": true, "durationMs": 50.5195, "rawRequest": "GET / HTTP/1.1\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:29 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-2.3-INVALID-VERSION", "description": "Invalid HTTP version must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400/505 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Invalid HTTP version must be rejected", "scored": true, "durationMs": 50.5395, "rawRequest": "GET / HTTP/9.9\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 182\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Version &#x27;Invalid HTTP Version: (9, 9)&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "RFC9112-5-EMPTY-HEADER-NAME", "description": "Empty header name (leading colon) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Empty header name (leading colon) must be rejected", "scored": true, "durationMs": 50.4506, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\n: empty-name\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 166\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27;: empty-name&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "RFC9112-3-CR-ONLY-LINE-ENDING", "description": "CR without LF as line ending must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "CR without LF as line ending must be rejected", "scored": true, "durationMs": 50.4133, "rawRequest": "GET / HTTP/1.1\rHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 218\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Version &#x27;Invalid HTTP Version: &#x27;HTTP/1.1\\rHost: localhost:8080&#x27;&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "RFC9112-3-MISSING-TARGET", "description": "Request line with no target (space but no path) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Request line with no target (space but no path) must be rejected", "scored": true, "durationMs": 50.5105, "rawRequest": "GET HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 205\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid Request Line &#x27;Invalid HTTP request line: &#x27;GET HTTP/1.1&#x27;&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "RFC9112-3.2-FRAGMENT-IN-TARGET", "description": "Fragment (#) in request-target \u2014 not part of origin-form grammar", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Fragment (#) in request-target \u2014 not part of origin-form grammar", "scored": true, "durationMs": 50.6666, "rawRequest": "GET /path#frag HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:29 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n2\r\nOK\r\n", "behavioralNote": null}, {"id": "RFC9112-2.3-HTTP09-REQUEST", "description": "HTTP/0.9 request (no version) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/0.9 request (no version) must be rejected", "scored": true, "durationMs": 50.5421, "rawRequest": "GET /\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 198\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid Request Line &#x27;Invalid HTTP request line: &#x27;GET /&#x27;&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "RFC9112-5-INVALID-HEADER-NAME", "description": "Header name with invalid characters (brackets) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Header name with invalid characters (brackets) must be rejected", "scored": true, "durationMs": 50.5051, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nBad[Name: value\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 167\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP header name: &#x27;Bad[Name&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "RFC9112-5-HEADER-NO-COLON", "description": "Header line without colon must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Header line without colon must be rejected", "scored": true, "durationMs": 50.3649, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nNoColonHere\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 165\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27;NoColonHere&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "RFC9110-5.4-DUPLICATE-HOST", "description": "Duplicate Host headers with different values must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400, got 200 \u2014 Duplicate Host headers with different values must be rejected", "scored": true, "durationMs": 50.5603, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nHost: other.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:29 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-6.1-CL-NON-NUMERIC", "description": "Non-numeric Content-Length must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Non-numeric Content-Length must be rejected", "scored": true, "durationMs": 50.4725, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: abc\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 168\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27;CONTENT-LENGTH&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "RFC9112-6.1-CL-PLUS-SIGN", "description": "Content-Length with plus sign must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with plus sign must be rejected", "scored": true, "durationMs": 50.5542, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: +5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 168\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27;CONTENT-LENGTH&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "COMP-WHITESPACE-BEFORE-HEADERS", "description": "Whitespace before first header line must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Whitespace before first header line must be rejected", "scored": true, "durationMs": 50.569, "rawRequest": "GET / HTTP/1.1\r\n \r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 155\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27; &#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "COMP-DUPLICATE-HOST-SAME", "description": "Duplicate Host headers with identical values must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "Open", "reason": "Expected 400, got 200 \u2014 Duplicate Host headers with identical values must be rejected", "scored": true, "durationMs": 50.756, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:29 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n2\r\nOK\r\n", "behavioralNote": null}, {"id": "COMP-HOST-WITH-USERINFO", "description": "Host header with userinfo (user@host) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Host header with userinfo (user@host) must be rejected", "scored": true, "durationMs": 50.6329, "rawRequest": "GET / HTTP/1.1\r\nHost: user@localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:30 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-HOST-WITH-PATH", "description": "Host header with path component must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Host header with path component must be rejected", "scored": true, "durationMs": 50.7391, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080/path\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:30 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-ASTERISK-WITH-GET", "description": "Asterisk-form (*) request-target with GET must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.4", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Asterisk-form (*) request-target with GET must be rejected", "scored": true, "durationMs": 50.7021, "rawRequest": "GET * HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:30 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n", "behavioralNote": null}, {"id": "COMP-OPTIONS-STAR", "description": "OPTIONS * is the only valid asterisk-form request", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.4", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "OPTIONS * is the only valid asterisk-form request", "scored": true, "durationMs": 50.5281, "rawRequest": "OPTIONS * HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:30 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n", "behavioralNote": null}, {"id": "COMP-UNKNOWN-TE-501", "description": "Unknown Transfer-Encoding without CL should be rejected with 501", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400/501 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400/501 or close, got 200 \u2014 Unknown Transfer-Encoding without CL should be rejected with 501", "scored": true, "durationMs": 50.7119, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: gzip\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:30 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-LEADING-CRLF", "description": "Leading CRLF before request-line \u2014 server may ignore per RFC", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Leading CRLF before request-line \u2014 server may ignore per RFC", "scored": true, "durationMs": 50.6874, "rawRequest": "\r\n\r\nGET / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 193\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid Request Line &#x27;Invalid HTTP request line: &#x27;&#x27;&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "COMP-ABSOLUTE-FORM", "description": "Absolute-form request-target \u2014 server should accept per RFC", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Absolute-form request-target \u2014 server should accept per RFC", "scored": true, "durationMs": 50.6224, "rawRequest": "GET http://localhost:8080/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:30 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n", "behavioralNote": null}, {"id": "COMP-METHOD-CASE", "description": "Lowercase method 'get' \u2014 methods are case-sensitive per RFC", "category": "Compliance", "rfc": "RFC 9110 \u00a79.1", "verdict": "Pass", "statusCode": 400, "expected": "400/405/501 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Lowercase method 'get' \u2014 methods are case-sensitive per RFC", "scored": true, "durationMs": 50.6706, "rawRequest": "get / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 184\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid Method &#x27;Invalid HTTP method: &#x27;get&#x27;&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "COMP-POST-CL-BODY", "description": "POST with Content-Length and matching body must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "POST with Content-Length and matching body must be accepted", "scored": true, "durationMs": 50.617, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:30 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n", "behavioralNote": null}, {"id": "COMP-POST-CL-ZERO", "description": "POST with Content-Length: 0 and no body must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "POST with Content-Length: 0 and no body must be accepted", "scored": true, "durationMs": 50.5424, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:30 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n", "behavioralNote": null}, {"id": "COMP-POST-NO-CL-NO-TE", "description": "POST with neither Content-Length nor Transfer-Encoding \u2014 implicit zero-length body", "category": "Compliance", "rfc": "RFC 9112 \u00a76.3", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "POST with neither Content-Length nor Transfer-Encoding \u2014 implicit zero-length body", "scored": true, "durationMs": 50.5661, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:30 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n", "behavioralNote": null}, {"id": "COMP-POST-CL-UNDERSEND", "description": "POST with Content-Length: 10 but only 5 bytes sent \u2014 incomplete body", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "POST with Content-Length: 10 but only 5 bytes sent \u2014 incomplete body", "scored": true, "durationMs": 5001.7343, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 10\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-CHUNKED-BODY", "description": "Valid single-chunk POST must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Valid single-chunk POST must be accepted", "scored": true, "durationMs": 50.5848, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:35 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-MULTI", "description": "Valid multi-chunk POST must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid multi-chunk POST must be accepted", "scored": true, "durationMs": 50.5404, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n6\r\n world\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:35 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-EMPTY", "description": "Zero-length chunked body (just terminator) must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Zero-length chunked body (just terminator) must be accepted", "scored": true, "durationMs": 50.5389, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:35 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-NO-FINAL", "description": "Chunked body without zero terminator \u2014 incomplete transfer", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "400/close/timeout", "got": "200", "connectionState": "ClosedByServer", "reason": "Chunked body without zero terminator \u2014 incomplete transfer", "scored": true, "durationMs": 50.7832, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:35 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-UPGRADE-POST", "description": "WebSocket upgrade via POST must not be accepted", "category": "Compliance", "rfc": "RFC 6455 \u00a74.1", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "WebSocket upgrade via POST must not be accepted", "scored": true, "durationMs": 50.6355, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 13\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:35 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n", "behavioralNote": null}, {"id": "COMP-UPGRADE-MISSING-CONN", "description": "Upgrade header without Connection: Upgrade must not trigger protocol switch", "category": "Compliance", "rfc": "RFC 9110 \u00a77.8", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "ClosedByServer", "reason": "Upgrade header without Connection: Upgrade must not trigger protocol switch", "scored": true, "durationMs": 50.7589, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 13\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:35 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-UPGRADE-UNKNOWN", "description": "Upgrade to unknown protocol must not return 101", "category": "Compliance", "rfc": "RFC 9110 \u00a77.8", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "Upgrade to unknown protocol must not return 101", "scored": true, "durationMs": 50.6903, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: totally-made-up/1.0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:35 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n", "behavioralNote": null}, {"id": "COMP-METHOD-CONNECT", "description": "CONNECT to an origin server must be rejected", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.6", "verdict": "Fail", "statusCode": 200, "expected": "400/405/501 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400/405/501 or close, got 200 \u2014 CONNECT to an origin server must be rejected", "scored": true, "durationMs": 50.6098, "rawRequest": "CONNECT example.com:443 HTTP/1.1\r\nHost: example.com:443\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:35 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n", "behavioralNote": null}, {"id": "COMP-EXPECT-UNKNOWN", "description": "Unknown Expect value should be rejected with 417", "category": "Compliance", "rfc": "RFC 9110 \u00a710.1.1", "verdict": "Pass", "statusCode": 417, "expected": "417 or 2xx", "got": "417", "connectionState": "ClosedByServer", "reason": "Unknown Expect value should be rejected with 417", "scored": true, "durationMs": 50.758, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nExpect: 200-ok\r\n\r\n", "rawResponse": "HTTP/1.1 417 Expectation Failed\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 188\r\n\r\n<html>\n  <head>\n    <title>Expectation Failed</title>\n  </head>\n  <body>\n    <h1><p>Expectation Failed</p></h1>\n    Unable to comply with expectation: &#x27;200-ok&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "COMP-GET-WITH-CL-BODY", "description": "GET with Content-Length and body \u2014 semantically unusual", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "GET with Content-Length and body \u2014 semantically unusual", "scored": false, "durationMs": 50.7496, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:36 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-EXTENSION", "description": "Chunk extension (valid per RFC) \u2014 server should accept or may reject", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx or 400", "got": "200", "connectionState": "Open", "reason": "Chunk extension (valid per RFC) \u2014 server should accept or may reject", "scored": true, "durationMs": 50.688, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;ext=value\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:36 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n", "behavioralNote": null}, {"id": "COMP-UPGRADE-INVALID-VER", "description": "WebSocket upgrade with unsupported version \u2014 should return 426", "category": "Compliance", "rfc": "RFC 6455 \u00a74.4", "verdict": "Warn", "statusCode": 200, "expected": "426 or 2xx", "got": "200", "connectionState": "Open", "reason": "WebSocket upgrade with unsupported version \u2014 should return 426", "scored": true, "durationMs": 50.8859, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 99\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:36 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n", "behavioralNote": null}, {"id": "COMP-METHOD-TRACE", "description": "TRACE request \u2014 should be disabled in production", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.8", "verdict": "Warn", "statusCode": 200, "expected": "405/501 or 2xx", "got": "200", "connectionState": "Open", "reason": "TRACE request \u2014 should be disabled in production", "scored": false, "durationMs": 50.579, "rawRequest": "TRACE / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:36 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n2\r\nOK\r\n", "behavioralNote": null}, {"id": "COMP-HOST-EMPTY-VALUE", "description": "Empty Host header value must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Empty Host header value must be rejected", "scored": true, "durationMs": 50.4682, "rawRequest": "GET / HTTP/1.1\r\nHost: \r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:36 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n2\r\nOK\r\n", "behavioralNote": null}, {"id": "COMP-REQUEST-LINE-TAB", "description": "Tab as request-line delimiter \u2014 SHOULD reject but MAY parse on whitespace", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Tab as request-line delimiter \u2014 SHOULD reject but MAY parse on whitespace", "scored": true, "durationMs": 51.8408, "rawRequest": "GET\t/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 208\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid Request Line &#x27;Invalid HTTP request line: &#x27;GET\\t/ HTTP/1.1&#x27;&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "COMP-VERSION-MISSING-MINOR", "description": "HTTP/1 with no minor version digit is invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/1 with no minor version digit is invalid", "scored": true, "durationMs": 50.5515, "rawRequest": "GET / HTTP/1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 194\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Version &#x27;Invalid HTTP Version: &#x27;HTTP/1&#x27;&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "COMP-VERSION-LEADING-ZEROS", "description": "HTTP/01.01 \u2014 leading zeros in version digits are invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/01.01 \u2014 leading zeros in version digits are invalid", "scored": true, "durationMs": 50.7971, "rawRequest": "GET / HTTP/01.01\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 198\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Version &#x27;Invalid HTTP Version: &#x27;HTTP/01.01&#x27;&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "COMP-VERSION-WHITESPACE", "description": "HTTP/ 1.1 \u2014 whitespace inside version token is invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/ 1.1 \u2014 whitespace inside version token is invalid", "scored": true, "durationMs": 50.7982, "rawRequest": "GET / HTTP/ 1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 197\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Version &#x27;Invalid HTTP Version: &#x27;HTTP/ 1.1&#x27;&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "COMP-CONNECTION-CLOSE", "description": "Server must close connection after responding to Connection: close", "category": "Compliance", "rfc": "RFC 9112 \u00a79.3", "verdict": "Pass", "statusCode": 200, "expected": "2xx + close", "got": "200", "connectionState": "ClosedByServer", "reason": "Server must close connection after responding to Connection: close", "scored": true, "durationMs": 50.904, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:36 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-HTTP10-DEFAULT-CLOSE", "description": "HTTP/1.0 without keep-alive \u2014 server should close connection after response", "category": "Compliance", "rfc": "RFC 9112 \u00a79.3", "verdict": "Pass", "statusCode": 200, "expected": "2xx + close", "got": "200", "connectionState": "ClosedByServer", "reason": "HTTP/1.0 without keep-alive \u2014 server should close connection after response", "scored": true, "durationMs": 50.7442, "rawRequest": "GET / HTTP/1.0\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.0 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:36 GMT\r\nConnection: close\r\nContent-Type: text/plain\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HTTP10-NO-HOST", "description": "HTTP/1.0 without Host header \u2014 valid per HTTP/1.0", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Warn", "statusCode": 200, "expected": "200 or 400", "got": "200", "connectionState": "ClosedByServer", "reason": "HTTP/1.0 without Host header \u2014 valid per HTTP/1.0", "scored": false, "durationMs": 50.6616, "rawRequest": "GET / HTTP/1.0\r\n\r\n", "rawResponse": "HTTP/1.0 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:36 GMT\r\nConnection: close\r\nContent-Type: text/plain\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HTTP12-VERSION", "description": "HTTP/1.2 \u2014 higher minor version should be accepted as HTTP/1.x compatible", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Warn", "statusCode": 200, "expected": "200 or 505", "got": "200", "connectionState": "ClosedByServer", "reason": "HTTP/1.2 \u2014 higher minor version should be accepted as HTTP/1.x compatible", "scored": false, "durationMs": 50.7509, "rawRequest": "GET / HTTP/1.2\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.2 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:36 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-TRACE-WITH-BODY", "description": "TRACE with Content-Length body should be rejected", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.8", "verdict": "Warn", "statusCode": 200, "expected": "400/405 or 200", "got": "200", "connectionState": "Open", "reason": "TRACE with Content-Length body should be rejected", "scored": false, "durationMs": 50.642, "rawRequest": "TRACE / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:36 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n2\r\nOK\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-TRAILER-VALID", "description": "Valid chunked body with trailer field should be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Valid chunked body with trailer field should be accepted", "scored": true, "durationMs": 50.6925, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nX-Checksum: abc\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:36 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-HEX-UPPERCASE", "description": "Chunk size with uppercase hex (A = 10) should be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Chunk size with uppercase hex (A = 10) should be accepted", "scored": true, "durationMs": 50.5888, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\nA\r\nhelloworld\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:36 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-TE-BOTH", "description": "Both Content-Length and Transfer-Encoding present \u2014 server MAY reject or process with TE alone", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Both Content-Length and Transfer-Encoding present \u2014 server MAY reject or process with TE alone", "scored": true, "durationMs": 50.9641, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 6\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 168\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27;CONTENT-LENGTH&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "SMUG-DUPLICATE-CL", "description": "Duplicate Content-Length with different values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Duplicate Content-Length with different values must be rejected", "scored": true, "durationMs": 50.6354, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nContent-Length: 10\r\n\r\nhelloworld", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 168\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27;CONTENT-LENGTH&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "SMUG-CL-LEADING-ZEROS", "description": "Content-Length with leading zeros \u2014 valid per 1*DIGIT grammar but may cause parser disagreement", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with leading zeros \u2014 valid per 1*DIGIT grammar but may cause parser disagreement", "scored": true, "durationMs": 50.5931, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 005\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:36 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n5\r\nhello\r\n", "behavioralNote": null}, {"id": "SMUG-TE-XCHUNKED", "description": "Transfer-Encoding: xchunked must not be treated as chunked", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 501, "expected": "400 or close", "got": "501", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 501 \u2014 Transfer-Encoding: xchunked must not be treated as chunked", "scored": true, "durationMs": 50.7664, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: xchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 501 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 170\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Unsupported transfer coding: &#x27;xchunked&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "SMUG-TE-TRAILING-SPACE", "description": "Transfer-Encoding: 'chunked ' (trailing space) must not be treated as chunked", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: 'chunked ' (trailing space) must not be treated as chunked", "scored": true, "durationMs": 50.9132, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked \r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 168\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27;CONTENT-LENGTH&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "SMUG-TE-SP-BEFORE-COLON", "description": "Transfer-Encoding with space before colon must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with space before colon must be rejected", "scored": true, "durationMs": 50.6107, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding : chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 177\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP header name: &#x27;Transfer-Encoding &#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "SMUG-CL-NEGATIVE", "description": "Negative Content-Length must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Negative Content-Length must be rejected", "scored": true, "durationMs": 50.7714, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: -1\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 168\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27;CONTENT-LENGTH&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "SMUG-CLTE-PIPELINE", "description": "CL.TE smuggling probe \u2014 follow-up should not receive smuggled response", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "CL.TE smuggling probe \u2014 follow-up should not receive smuggled response", "scored": true, "durationMs": 0.5704, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 4\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 168\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27;CONTENT-LENGTH&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "SMUG-TECL-PIPELINE", "description": "TE.CL smuggling probe \u2014 TE: chunked + CL: 30 with pipelined GET", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "TE.CL smuggling probe \u2014 TE: chunked + CL: 30 with pipelined GET", "scored": true, "durationMs": 0.3664, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nContent-Length: 30\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 168\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27;CONTENT-LENGTH&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "SMUG-CL-TRAILING-SPACE", "description": "Content-Length with trailing space \u2014 OWS trimming is valid per RFC 9110 \u00a75.5", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Content-Length with trailing space \u2014 OWS trimming is valid per RFC 9110 \u00a75.5", "scored": true, "durationMs": 50.7751, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5 \r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:37 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-DOUBLE-CHUNKED", "description": "Transfer-Encoding: chunked, chunked with CL is ambiguous", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: chunked, chunked with CL is ambiguous", "scored": true, "durationMs": 50.8504, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked, chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 171\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27;TRANSFER-ENCODING&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "SMUG-CL-EXTRA-LEADING-SP", "description": "Content-Length with extra leading whitespace (double space OWS)", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with extra leading whitespace (double space OWS)", "scored": true, "durationMs": 50.7259, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length:  5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:37 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n5\r\nhello\r\n", "behavioralNote": null}, {"id": "SMUG-TE-CASE-MISMATCH", "description": "Transfer-Encoding: Chunked (capital C) with CL \u2014 case-insensitive is valid", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: Chunked (capital C) with CL \u2014 case-insensitive is valid", "scored": true, "durationMs": 50.8226, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: Chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 168\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27;CONTENT-LENGTH&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "SMUG-CL-COMMA-DIFFERENT", "description": "Content-Length with comma-separated different values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with comma-separated different values must be rejected", "scored": true, "durationMs": 50.5625, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5, 10\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 168\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27;CONTENT-LENGTH&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "SMUG-TE-NOT-FINAL-CHUNKED", "description": "Transfer-Encoding where chunked is not final \u2014 server MUST respond with 400 (RFC 9112 \u00a76.3)", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding where chunked is not final \u2014 server MUST respond with 400 (RFC 9112 \u00a76.3)", "scored": true, "durationMs": 50.5705, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked, gzip\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 171\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27;TRANSFER-ENCODING&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "SMUG-TE-HTTP10", "description": "Transfer-Encoding in HTTP/1.0 request must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding in HTTP/1.0 request must be rejected", "scored": true, "durationMs": 50.4617, "rawRequest": "POST / HTTP/1.0\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 171\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27;TRANSFER-ENCODING&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-BARE-SEMICOLON", "description": "Chunk size with bare semicolon and no extension name must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Chunk size with bare semicolon and no extension name must be rejected", "scored": true, "durationMs": 50.5737, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:37 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-BARE-CR-HEADER-VALUE", "description": "Bare CR in header value must be rejected or replaced with SP", "category": "Smuggling", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare CR in header value must be rejected or replaced with SP", "scored": true, "durationMs": 50.5369, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nX-Test: val\rue\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 160\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27;X-TEST&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "SMUG-CL-OCTAL", "description": "Content-Length with octal prefix (0o5) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with octal prefix (0o5) must be rejected", "scored": true, "durationMs": 50.566, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0o5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 168\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27;CONTENT-LENGTH&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-UNDERSCORE", "description": "Chunk size with underscores (1_0) must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Chunk size with underscores (1_0) must be rejected", "scored": true, "durationMs": 50.538, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n1_0\r\nhello world!!!!!\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:37 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-EMPTY-VALUE", "description": "Transfer-Encoding with empty value must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 501, "expected": "400 or close", "got": "501", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 501 \u2014 Transfer-Encoding with empty value must be rejected", "scored": true, "durationMs": 50.5948, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 501 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 162\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Unsupported transfer coding: &#x27;&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "SMUG-TE-LEADING-COMMA", "description": "Transfer-Encoding with leading comma (, chunked) \u2014 RFC says empty list elements MUST be ignored", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.6.1", "verdict": "Fail", "statusCode": 501, "expected": "400 or 2xx", "got": "501", "connectionState": "ClosedByServer", "reason": "Expected 400 or 2xx, got 501 \u2014 Transfer-Encoding with leading comma (, chunked) \u2014 RFC says empty list elements MUST be ignored", "scored": true, "durationMs": 50.6851, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: , chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 501 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 171\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Unsupported transfer coding: &#x27;, chunked&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "SMUG-TE-DUPLICATE-HEADERS", "description": "Two Transfer-Encoding headers with CL present \u2014 ambiguous framing", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Two Transfer-Encoding headers with CL present \u2014 ambiguous framing", "scored": true, "durationMs": 50.6045, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nTransfer-Encoding: identity\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 171\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27;TRANSFER-ENCODING&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-HEX-PREFIX", "description": "Chunk size with 0x prefix must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Chunk size with 0x prefix must be rejected", "scored": true, "durationMs": 50.6085, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n0x5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:37 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-HEX-PREFIX", "description": "Content-Length with hex prefix (0x5) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with hex prefix (0x5) must be rejected", "scored": true, "durationMs": 50.7532, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0x5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 168\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27;CONTENT-LENGTH&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "SMUG-CL-INTERNAL-SPACE", "description": "Content-Length with internal space (1 0) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with internal space (1 0) must be rejected", "scored": true, "durationMs": 50.5955, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 1 0\r\n\r\nhello12345", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 168\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27;CONTENT-LENGTH&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-LEADING-SP", "description": "Chunk size with leading space must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Chunk size with leading space must be rejected", "scored": true, "durationMs": 50.6996, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n 5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:38 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-MISSING-TRAILING-CRLF", "description": "Chunk data without trailing CRLF must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Chunk data without trailing CRLF must be rejected", "scored": true, "durationMs": 50.4792, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:38 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-LF", "description": "Bare LF in chunk extension \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Bare LF in chunk extension \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 50.5769, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:38 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-SPILL", "description": "Chunk declares size 5 but sends 7 bytes \u2014 oversized chunk data must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Chunk declares size 5 but sends 7 bytes \u2014 oversized chunk data must be rejected", "scored": true, "durationMs": 50.4709, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello!!\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:38 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-LF-TERM", "description": "Bare LF as chunk data terminator \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Bare LF as chunk data terminator \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 50.7422, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:38 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-CTRL", "description": "NUL byte in chunk extension must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 NUL byte in chunk extension must be rejected", "scored": true, "durationMs": 50.6551, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\u0000ext\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:38 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-CR", "description": "Bare CR (not CRLF) in chunk extension \u2014 some parsers treat CR alone as line ending", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Bare CR (not CRLF) in chunk extension \u2014 some parsers treat CR alone as line ending", "scored": true, "durationMs": 50.6842, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;a\rX\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:38 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-VTAB", "description": "Vertical tab before 'chunked' in TE value \u2014 control char obfuscation vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Vertical tab before 'chunked' in TE value \u2014 control char obfuscation vector", "scored": true, "durationMs": 50.7172, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \u000bchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 168\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27;CONTENT-LENGTH&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "SMUG-TE-FORMFEED", "description": "Form feed before 'chunked' in TE value \u2014 control char obfuscation vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Form feed before 'chunked' in TE value \u2014 control char obfuscation vector", "scored": true, "durationMs": 50.5901, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \fchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 168\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27;CONTENT-LENGTH&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "SMUG-TE-NULL", "description": "NUL byte appended to 'chunked' in TE value \u2014 C-string truncation attack", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "NUL byte appended to 'chunked' in TE value \u2014 C-string truncation attack", "scored": true, "durationMs": 49.7134, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\u0000\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 171\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27;TRANSFER-ENCODING&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-LF-TRAILER", "description": "Bare LF in chunked trailer termination \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Bare LF in chunked trailer termination \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 50.729, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:38 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-IDENTITY", "description": "Transfer-Encoding: identity (deprecated) with CL must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding: identity (deprecated) with CL must be rejected", "scored": true, "durationMs": 50.9367, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: identity\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:38 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": "Body: 5\r\nhello\r\n0"}, {"id": "SMUG-CHUNK-NEGATIVE", "description": "Negative chunk size must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Negative chunk size must be rejected", "scored": true, "durationMs": 50.4684, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n-1\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:38 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRANSFER_ENCODING", "description": "Transfer_Encoding (underscore) header with CL \u2014 not a valid header but some parsers accept", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Transfer_Encoding (underscore) header with CL \u2014 not a valid header but some parsers accept", "scored": false, "durationMs": 50.7366, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer_Encoding: chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:38 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": "Body: 5\r\nhello\r\n0"}, {"id": "SMUG-CL-COMMA-SAME", "description": "Content-Length with comma-separated identical values \u2014 some servers merge", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with comma-separated identical values \u2014 some servers merge", "scored": false, "durationMs": 50.8333, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5, 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 168\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27;CONTENT-LENGTH&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "SMUG-CHUNKED-WITH-PARAMS", "description": "Transfer-Encoding: chunked;ext=val \u2014 parameters on chunked encoding", "category": "Smuggling", "rfc": "RFC 9112 \u00a77", "verdict": "Fail", "statusCode": 501, "expected": "400 or 2xx", "got": "501", "connectionState": "ClosedByServer", "reason": "Expected 400 or 2xx, got 501 \u2014 Transfer-Encoding: chunked;ext=val \u2014 parameters on chunked encoding", "scored": true, "durationMs": 50.5365, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked;ext=val\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 501 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 177\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Unsupported transfer coding: &#x27;chunked;ext=val&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "SMUG-EXPECT-100-CL", "description": "Expect: 100-continue with Content-Length \u2014 server should send 100 then read body", "category": "Smuggling", "rfc": "RFC 9110 \u00a710.1.1", "verdict": "Fail", "statusCode": 100, "expected": "400 or 2xx", "got": "100", "connectionState": "Open", "reason": "Expected 400 or 2xx, got 100 \u2014 Expect: 100-continue with Content-Length \u2014 server should send 100 then read body", "scored": false, "durationMs": 50.5493, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nExpect: 100-continue\r\n\r\nhello", "rawResponse": "HTTP/1.1 100 Continue\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-CL", "description": "Content-Length in chunked trailers must be ignored \u2014 prohibited trailer field", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Content-Length in chunked trailers must be ignored \u2014 prohibited trailer field", "scored": false, "durationMs": 50.5505, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nContent-Length: 50\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:38 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-TE", "description": "Transfer-Encoding in chunked trailers must be ignored \u2014 prohibited trailer field", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding in chunked trailers must be ignored \u2014 prohibited trailer field", "scored": false, "durationMs": 50.6186, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nTransfer-Encoding: chunked\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:38 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-HOST", "description": "Host header in chunked trailers must not be used for routing", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Host header in chunked trailers must not be used for routing", "scored": false, "durationMs": 50.5122, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nHost: evil.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:39 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-AUTH", "description": "Authorization header in chunked trailers \u2014 prohibited per RFC 9110 \u00a76.5.1", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Authorization header in chunked trailers \u2014 prohibited per RFC 9110 \u00a76.5.1", "scored": false, "durationMs": 50.5891, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nAuthorization: Bearer evil\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:39 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-HEAD-CL-BODY", "description": "HEAD request with Content-Length and body \u2014 server must not leave body on connection", "category": "Smuggling", "rfc": "RFC 9110 \u00a79.3.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "HEAD request with Content-Length and body \u2014 server must not leave body on connection", "scored": false, "durationMs": 50.826, "rawRequest": "HEAD / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:39 GMT\r\nConnection: close\r\nContent-Type: text/plain\r\n\r\nOK", "behavioralNote": null}, {"id": "SMUG-OPTIONS-CL-BODY", "description": "OPTIONS with Content-Length and body \u2014 server should consume or reject body", "category": "Smuggling", "rfc": "RFC 9110 \u00a79.3.7", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "OPTIONS with Content-Length and body \u2014 server should consume or reject body", "scored": false, "durationMs": 50.6553, "rawRequest": "OPTIONS / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:39 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-UNDERSCORE", "description": "Content-Length with underscore digit separator (1_0) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with underscore digit separator (1_0) must be rejected", "scored": true, "durationMs": 50.4851, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 1_0\r\n\r\nhelloworld", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 168\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27;CONTENT-LENGTH&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "SMUG-CL-NEGATIVE-ZERO", "description": "Content-Length: -0 must be rejected \u2014 not valid 1*DIGIT", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length: -0 must be rejected \u2014 not valid 1*DIGIT", "scored": true, "durationMs": 50.6086, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: -0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 168\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27;CONTENT-LENGTH&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "SMUG-CL-DOUBLE-ZERO", "description": "Content-Length: 00 \u2014 matches 1*DIGIT but leading zero ambiguity", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length: 00 \u2014 matches 1*DIGIT but leading zero ambiguity", "scored": true, "durationMs": 50.6501, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 00\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:39 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-LEADING-ZEROS-OCTAL", "description": "Content-Length: 0200 \u2014 octal 128 vs decimal 200, parser disagreement vector", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length: 0200 \u2014 octal 128 vs decimal 200, parser disagreement vector", "scored": true, "durationMs": 50.7093, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0200\r\n\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:39 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-OBS-FOLD", "description": "Transfer-Encoding with obs-fold line wrapping must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a75.1", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with obs-fold line wrapping must be rejected", "scored": true, "durationMs": 50.5078, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding:\r\n chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 189\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Obsolete line folding is unacceptable: &#x27;TRANSFER-ENCODING&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "SMUG-TE-TRAILING-COMMA", "description": "Transfer-Encoding: chunked, \u2014 trailing comma produces empty list element", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.6.1", "verdict": "Fail", "statusCode": 501, "expected": "400 or 2xx", "got": "501", "connectionState": "ClosedByServer", "reason": "Expected 400 or 2xx, got 501 \u2014 Transfer-Encoding: chunked, \u2014 trailing comma produces empty list element", "scored": true, "durationMs": 51.0751, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked,\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 501 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 170\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Unsupported transfer coding: &#x27;chunked,&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "SMUG-TE-TAB-BEFORE-VALUE", "description": "Transfer-Encoding with tab as OWS before value", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with tab as OWS before value", "scored": false, "durationMs": 51.1137, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding:\tchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 168\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27;CONTENT-LENGTH&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "SMUG-ABSOLUTE-URI-HOST-MISMATCH", "description": "Absolute-form URI with different Host header \u2014 routing confusion vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a73.2.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Absolute-form URI with different Host header \u2014 routing confusion vector", "scored": false, "durationMs": 51.0542, "rawRequest": "GET http://other.example.com/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:39 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-MULTIPLE-HOST-COMMA", "description": "Host header with comma-separated values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a77.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Host header with comma-separated values must be rejected", "scored": true, "durationMs": 50.8514, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080, other.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:39 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-BARE-CR-TERM", "description": "Chunk size line terminated by bare CR \u2014 not a valid line terminator", "category": "Smuggling", "rfc": "RFC 9112 \u00a72.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Chunk size line terminated by bare CR \u2014 not a valid line terminator", "scored": true, "durationMs": 50.6342, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\rhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:39 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-CONTENT-TYPE", "description": "Content-Type in chunked trailer \u2014 prohibited per RFC 9110 \u00a76.5.1", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Type in chunked trailer \u2014 prohibited per RFC 9110 \u00a76.5.1", "scored": false, "durationMs": 50.681, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nContent-Type: text/evil\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:39 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n", "behavioralNote": null}, {"id": "MAL-BINARY-GARBAGE", "description": "Random binary garbage should be rejected or connection closed", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Random binary garbage should be rejected or connection closed", "scored": true, "durationMs": 5000.5685, "rawRequest": ">\u0017???\u0004?;???V???:o?M%U\u0017]?n?\t\u0014W??6??(\u000b??\u0007???p??\u0005\tngk??\rF?'??'\"?????g?\u001a?????rvc??7i??????)??\u0000Q?????\u000eq\u0005-~????>B??u?8???`\u000b?J\u0017>?\u001d?b?\t???T5{\n????\u0006t|????\u0018\u0010?D??\u0015'????dQ%5w\tN K???\r?\u0011????D?\u0003I?(?\u0011??\r?\u001bi?L???\u0005?kg4Ze\f6??\"QT><<`\u0007u\f????=1?jMah\u0012??+?-??J\u001cP??\u001d?7?,???j2\u0014????(", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-LONG-URL", "description": "100KB URL should be rejected with 414 URI Too Long", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/414/431 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "100KB URL should be rejected with 414 URI Too Long", "scored": true, "durationMs": 51.4053, "rawRequest": "GET /AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 163\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Request Line is too large (8192 &gt; 4094)\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "MAL-LONG-HEADER-VALUE", "description": "100KB header value should be rejected with 431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 431, "expected": "400/431 or close", "got": "431", "connectionState": "ClosedByServer", "reason": "100KB header value should be rejected with 431", "scored": true, "durationMs": 51.9932, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Big: BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB", "rawResponse": "HTTP/1.1 431 Request Header Fields Too Large\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 229\r\n\r\n<html>\n  <head>\n    <title>Request Header Fields Too Large</title>\n  </head>\n  <body>\n    <h1><p>Request Header Fields Too Large</p></h1>\n    Error parsing headers: &#x27;limit request headers fields size&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "MAL-MANY-HEADERS", "description": "10,000 headers should be rejected with 431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 431, "expected": "400/431 or close", "got": "431", "connectionState": "ClosedByServer", "reason": "10,000 headers should be rejected with 431", "scored": true, "durationMs": 52.9644, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-H-0: value\r\nX-H-1: value\r\nX-H-2: value\r\nX-H-3: value\r\nX-H-4: value\r\nX-H-5: value\r\nX-H-6: value\r\nX-H-7: value\r\nX-H-8: value\r\nX-H-9: value\r\nX-H-10: value\r\nX-H-11: value\r\nX-H-12: value\r\nX-H-13: value\r\nX-H-14: value\r\nX-H-15: value\r\nX-H-16: value\r\nX-H-17: value\r\nX-H-18: value\r\nX-H-19: value\r\nX-H-20: value\r\nX-H-21: value\r\nX-H-22: value\r\nX-H-23: value\r\nX-H-24: value\r\nX-H-25: value\r\nX-H-26: value\r\nX-H-27: value\r\nX-H-28: value\r\nX-H-29: value\r\nX-H-30: value\r\nX-H-31: value\r\nX-H-32: value\r\nX-H-33: value\r\nX-H-34: value\r\nX-H-35: value\r\nX-H-36: value\r\nX-H-37: value\r\nX-H-38: value\r\nX-H-39: value\r\nX-H-40: value\r\nX-H-41: value\r\nX-H-42: value\r\nX-H-43: value\r\nX-H-44: value\r\nX-H-45: value\r\nX-H-46: value\r\nX-H-47: value\r\nX-H-48: value\r\nX-H-49: value\r\nX-H-50: value\r\nX-H-51: value\r\nX-H-52: value\r\nX-H-53: value\r\nX-H-54: value\r\nX-H-55: value\r\nX-H-56: value\r\nX-H-57: value\r\nX-H-58: value\r\nX-H-59: value\r\nX-H-60: value\r\nX-H-61: value\r\nX-H-62: value\r\nX-H-63: value\r\nX-H-64: value\r\nX-H-65: value\r\nX-H-66: value\r\nX-H-67: value\r\nX-H-68: value\r\nX-H-69: value\r\nX-H-70: value\r\nX-H-71: value\r\nX-H-72: value\r\nX-H-73: value\r\nX-H-74: value\r\nX-H-75: value\r\nX-H-76: value\r\nX-H-77: value\r\nX-H-78: value\r\nX-H-79: value\r\nX-H-80: value\r\nX-H-81: value\r\nX-H-82: value\r\nX-H-83: value\r\nX-H-84: value\r\nX-H-85: value\r\nX-H-86: value\r\nX-H-87: value\r\nX-H-88: value\r\nX-H-89: value\r\nX-H-90: value\r\nX-H-91: value\r\nX-H-92: value\r\nX-H-93: value\r\nX-H-94: value\r\nX-H-95: value\r\nX-H-96: value\r\nX-H-97: value\r\nX-H-98: value\r\nX-H-99: value\r\nX-H-100: value\r\nX-H-101: value\r\nX-H-102: value\r\nX-H-103: value\r\nX-H-104: value\r\nX-H-105: value\r\nX-H-106: value\r\nX-H-107: value\r\nX-H-108: value\r\nX-H-109: value\r\nX-H-110: value\r\nX-H-111: value\r\nX-H-112: value\r\nX-H-113: value\r\nX-H-114: value\r\nX-H-115: value\r\nX-H-116: value\r\nX-H-117: value\r\nX-H-118: value\r\nX-H-119: value\r\nX-H-120: value\r\nX-H-121: value\r\nX-H-122: value\r\nX-H-123: value\r\nX-H-124: value\r\nX-H-125: value\r\nX-H-126: value\r\nX-H-127: value\r\nX-H-128: value\r\nX-H-129: value\r\nX-H-130: value\r\nX-H-131: value\r\nX-H-132: value\r\nX-H-133: value\r\nX-H-134: value\r\nX-H-135: value\r\nX-H-136: value\r\nX-H-137: value\r\nX-H-138: value\r\nX-H-139: value\r\nX-H-140: value\r\nX-H-141: value\r\nX-H-142: value\r\nX-H-143: value\r\nX-H-144: value\r\nX-H-145: value\r\nX-H-146: value\r\nX-H-147: value\r\nX-H-148: value\r\nX-H-149: value\r\nX-H-150: value\r\nX-H-151: value\r\nX-H-152: value\r\nX-H-153: value\r\nX-H-154: value\r\nX-H-155: value\r\nX-H-156: value\r\nX-H-157: value\r\nX-H-158: value\r\nX-H-159: value\r\nX-H-160: value\r\nX-H-161: value\r\nX-H-162: value\r\nX-H-163: value\r\nX-H-164: value\r\nX-H-165: value\r\nX-H-166: value\r\nX-H-167: value\r\nX-H-168: value\r\nX-H-169: value\r\nX-H-170: value\r\nX-H-171: value\r\nX-H-172: value\r\nX-H-173: value\r\nX-H-174: value\r\nX-H-175: value\r\nX-H-176: value\r\nX-H-177: value\r\nX-H-178: value\r\nX-H-179: value\r\nX-H-180: value\r\nX-H-181: value\r\nX-H-182: value\r\nX-H-183: value\r\nX-H-184: value\r\nX-H-185: value\r\nX-H-186: value\r\nX-H-187: value\r\nX-H-188: value\r\nX-H-189: value\r\nX-H-190: value\r\nX-H-191: value\r\nX-H-192: value\r\nX-H-193: value\r\nX-H-194: value\r\nX-H-195: value\r\nX-H-196: value\r\nX-H-197: value\r\nX-H-198: value\r\nX-H-199: value\r\nX-H-200: value\r\nX-H-201: value\r\nX-H-202: value\r\nX-H-203: value\r\nX-H-204: value\r\nX-H-205: value\r\nX-H-206: value\r\nX-H-207: value\r\nX-H-208: value\r\nX-H-209: value\r\nX-H-210: value\r\nX-H-211: value\r\nX-H-212: value\r\nX-H-213: value\r\nX-H-214: value\r\nX-H-215: value\r\nX-H-216: value\r\nX-H-217: value\r\nX-H-218: value\r\nX-H-219: value\r\nX-H-220: value\r\nX-H-221: value\r\nX-H-222: value\r\nX-H-223: value\r\nX-H-224: value\r\nX-H-225: value\r\nX-H-226: value\r\nX-H-227: value\r\nX-H-228: value\r\nX-H-229: value\r\nX-H-230: value\r\nX-H-231: value\r\nX-H-232: value\r\nX-H-233: value\r\nX-H-234: value\r\nX-H-235: value\r\nX-H-236: value\r\nX-H-237: value\r\nX-H-238: value\r\nX-H-239: value\r\nX-H-240: value\r\nX-H-241: value\r\nX-H-242: value\r\nX-H-243: value\r\nX-H-244: value\r\nX-H-245: value\r\nX-H-246: value\r\nX-H-247: value\r\nX-H-248: value\r\nX-H-249: value\r\nX-H-250: value\r\nX-H-251: value\r\nX-H-252: value\r\nX-H-253: value\r\nX-H-254: value\r\nX-H-255: value\r\nX-H-256: value\r\nX-H-257: value\r\nX-H-258: value\r\nX-H-259: value\r\nX-H-260: value\r\nX-H-261: value\r\nX-H-262: value\r\nX-H-263: value\r\nX-H-264: value\r\nX-H-265: value\r\nX-H-266: value\r\nX-H-267: value\r\nX-H-268: value\r\nX-H-269: value\r\nX-H-270: value\r\nX-H-271: value\r\nX-H-272: value\r\nX-H-273: value\r\nX-H-274: value\r\nX-H-275: value\r\nX-H-276: value\r\nX-H-277: value\r\nX-H-278: value\r\nX-H-279: value\r\nX-H-280: value\r\nX-H-281: value\r\nX-H-282: value\r\nX-H-283: value\r\nX-H-284: value\r\nX-H-285: value\r\nX-H-286: value\r\nX-H-287: value\r\nX-H-288: value\r\nX-H-289: value\r\nX-H-290: value\r\nX-H-291: value\r\nX-H-292: value\r\nX-H-293: value\r\nX-H-294: value\r\nX-H-295: value\r\nX-H-296: value\r\nX-H-297: value\r\nX-H-298: value\r\nX-H-299: value\r\nX-H-300: value\r\nX-H-301: value\r\nX-H-302: value\r\nX-H-303: value\r\nX-H-304: value\r\nX-H-305: value\r\nX-H-306: value\r\nX-H-307: value\r\nX-H-308: value\r\nX-H-309: value\r\nX-H-310: value\r\nX-H-311: value\r\nX-H-312: value\r\nX-H-313: value\r\nX-H-314: value\r\nX-H-315: value\r\nX-H-316: value\r\nX-H-317: value\r\nX-H-318: value\r\nX-H-319: value\r\nX-H-320: value\r\nX-H-321: value\r\nX-H-322: value\r\nX-H-323: value\r\nX-H-324: value\r\nX-H-325: value\r\nX-H-326: value\r\nX-H-327: value\r\nX-H-328: value\r\nX-H-329: value\r\nX-H-330: value\r\nX-H-331: value\r\nX-H-332: value\r\nX-H-333: value\r\nX-H-334: value\r\nX-H-335: value\r\nX-H-336: value\r\nX-H-337: value\r\nX-H-338: value\r\nX-H-339: value\r\nX-H-340: value\r\nX-H-341: value\r\nX-H-342: value\r\nX-H-343: value\r\nX-H-344: value\r\nX-H-345: value\r\nX-H-346: value\r\nX-H-347: value\r\nX-H-348: value\r\nX-H-349: value\r\nX-H-350: value\r\nX-H-351: value\r\nX-H-352: value\r\nX-H-353: value\r\nX-H-354: value\r\nX-H-355: value\r\nX-H-356: value\r\nX-H-357: value\r\nX-H-358: value\r\nX-H-359: value\r\nX-H-360: value\r\nX-H-361: value\r\nX-H-362: value\r\nX-H-363: value\r\nX-H-364: value\r\nX-H-365: value\r\nX-H-366: value\r\nX-H-367: value\r\nX-H-368: value\r\nX-H-369: value\r\nX-H-370: value\r\nX-H-371: value\r\nX-H-372: value\r\nX-H-373: value\r\nX-H-374: value\r\nX-H-375: value\r\nX-H-376: value\r\nX-H-377: value\r\nX-H-378: value\r\nX-H-379: value\r\nX-H-380: value\r\nX-H-381: value\r\nX-H-382: value\r\nX-H-383: value\r\nX-H-384: value\r\nX-H-385: value\r\nX-H-386: value\r\nX-H-387: value\r\nX-H-388: value\r\nX-H-389: value\r\nX-H-390: value\r\nX-H-391: value\r\nX-H-392: value\r\nX-H-393: value\r\nX-H-394: value\r\nX-H-395: value\r\nX-H-396: value\r\nX-H-397: value\r\nX-H-398: value\r\nX-H-399: value\r\nX-H-400: value\r\nX-H-401: value\r\nX-H-402: value\r\nX-H-403: value\r\nX-H-404: value\r\nX-H-405: value\r\nX-H-406: value\r\nX-H-407: value\r\nX-H-408: value\r\nX-H-409: value\r\nX-H-410: value\r\nX-H-411: value\r\nX-H-412: value\r\nX-H-413: value\r\nX-H-414: value\r\nX-H-415: value\r\nX-H-416: value\r\nX-H-417: value\r\nX-H-418: value\r\nX-H-419: value\r\nX-H-420: value\r\nX-H-421: value\r\nX-H-422: value\r\nX-H-423: value\r\nX-H-424: value\r\nX-H-425: value\r\nX-H-426: value\r\nX-H-427: value\r\nX-H-428: value\r\nX-H-429: value\r\nX-H-430: value\r\nX-H-431: value\r\nX-H-432: value\r\nX-H-433: value\r\nX-H-434: value\r\nX-H-435: value\r\nX-H-436: value\r\nX-H-437: value\r\nX-H-438: value\r\nX-H-439: value\r\nX-H-440: value\r\nX-H-441: value\r\nX-H-442: value\r\nX-H-443: value\r\nX-H-444: value\r\nX-H-445: value\r\nX-H-446: value\r\nX-H-447: value\r\nX-H-448: value\r\nX-H-449: value\r\nX-H-450: value\r\nX-H-451: value\r\nX-H-452: value\r\nX-H-453: value\r\nX-H-454: value\r\nX-H-455: value\r\nX-H-456: value\r\nX-H-457: value\r\nX-H-458: value\r\nX-H-459: value\r\nX-H-460: value\r\nX-H-461: value\r\nX-H-462: value\r\nX-H-463: value\r\nX-H-464: value\r\nX-H-465: value\r\nX-H-466: value\r\nX-H-467: value\r\nX-H-468: value\r\nX-H-469: value\r\nX-H-470: value\r\nX-H-471: value\r\nX-H-472: value\r\nX-H-473: value\r\nX-H-474: value\r\nX-H-475: value\r\nX-H-476: value\r\nX-H-477: value\r\nX-H-478: value\r\nX-H-479: value\r\nX-H-480: value\r\nX-H-481: value\r\nX-H-482: value\r\nX-H-483: value\r\nX-H-484: value\r\nX-H-485: value\r\nX-H-486: value\r\nX-H-487: value\r\nX-H-488: value\r\nX-H-489: value\r\nX-H-490: value\r\nX-H-491: value\r\nX-H-492: value\r\nX-H-493: value\r\nX-H-494: value\r\nX-H-495: value\r\nX-H-496: value\r\nX-H-497: value\r\nX-H-498: value\r\nX-H-499: value\r\nX-H-500: value\r\nX-H-501: value\r\nX-H-502: value\r\nX-H-503: value\r\nX-H-504: value\r\nX-H-505: value\r\nX-H-506: value\r\nX-H-507: value\r\nX-H-508: value\r\nX-H-509: value\r\nX-H-510: value\r\nX-H-511: value\r\nX-H-512: value\r\nX-H-513: value\r\nX-H-514: value\r\nX-H-515: value\r\nX-H-516:", "rawResponse": "HTTP/1.1 431 Request Header Fields Too Large\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 224\r\n\r\n<html>\n  <head>\n    <title>Request Header Fields Too Large</title>\n  </head>\n  <body>\n    <h1><p>Request Header Fields Too Large</p></h1>\n    Error parsing headers: &#x27;limit request headers fields&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "MAL-NUL-IN-URL", "description": "NUL byte in URL should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 NUL byte in URL should be rejected", "scored": true, "durationMs": 50.5559, "rawRequest": "GET /\u0000test HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:44 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n2\r\nOK\r\n", "behavioralNote": null}, {"id": "MAL-CONTROL-CHARS-HEADER", "description": "Control characters in header value should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Control characters in header value should be rejected", "scored": true, "durationMs": 50.4982, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: abc\u0007\b?f\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:44 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-INCOMPLETE-REQUEST", "description": "Partial HTTP request \u2014 request-line and headers but no final CRLF", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Partial HTTP request \u2014 request-line and headers but no final CRLF", "scored": true, "durationMs": 4999.6057, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: value", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-EMPTY-REQUEST", "description": "Zero bytes \u2014 TCP connection established without sending any data", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Zero bytes \u2014 TCP connection established without sending any data", "scored": true, "durationMs": 5000.9109, "rawRequest": "", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-LONG-HEADER-NAME", "description": "100KB header name should be rejected with 400/431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 431, "expected": "400/431 or close", "got": "431", "connectionState": "ClosedByServer", "reason": "100KB header name should be rejected with 400/431", "scored": true, "durationMs": 51.017, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 431 Request Header Fields Too Large\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 229\r\n\r\n<html>\n  <head>\n    <title>Request Header Fields Too Large</title>\n  </head>\n  <body>\n    <h1><p>Request Header Fields Too Large</p></h1>\n    Error parsing headers: &#x27;limit request headers fields size&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "MAL-LONG-METHOD", "description": "100KB method name should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "100KB method name should be rejected", "scored": true, "durationMs": 50.8706, "rawRequest": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 163\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Request Line is too large (8192 &gt; 4094)\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "MAL-NON-ASCII-HEADER-NAME", "description": "Non-ASCII bytes (UTF-8 \u00eb) in header name must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Non-ASCII bytes (UTF-8 \u00eb) in header name must be rejected", "scored": true, "durationMs": 50.527, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-T??st: value\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 166\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP header name: &#x27;X-T??st&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "MAL-NON-ASCII-URL", "description": "Non-ASCII bytes (UTF-8 \u00e9) in URL must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Non-ASCII bytes (UTF-8 \u00e9) in URL must be rejected", "scored": true, "durationMs": 50.6108, "rawRequest": "GET /caf?? HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:55 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-CL-OVERFLOW", "description": "Content-Length with integer overflow value must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Content-Length with integer overflow value must be rejected", "scored": true, "durationMs": 5000.3473, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 99999999999999999999\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-WHITESPACE-ONLY-LINE", "description": "Whitespace-only request line should be rejected or timeout", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "Whitespace-only request line should be rejected or timeout", "scored": true, "durationMs": 50.5651, "rawRequest": "   \r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 181\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid Method &#x27;Invalid HTTP method: &#x27;&#x27;&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "MAL-NUL-IN-HEADER-VALUE", "description": "NUL byte in header value should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "NUL byte in header value should be rejected", "scored": true, "durationMs": 50.381, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: val\u0000ue\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 160\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27;X-TEST&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "MAL-CHUNK-SIZE-OVERFLOW", "description": "Chunk size with integer overflow must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Chunk size with integer overflow must be rejected", "scored": true, "durationMs": 50.4732, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\nFFFFFFFFFFFFFFFF0\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:48:00 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-H2-PREFACE", "description": "HTTP/2 connection preface sent to HTTP/1.1 server must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/505/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/2 connection preface sent to HTTP/1.1 server must be rejected", "scored": true, "durationMs": 50.6012, "rawRequest": "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 182\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Version &#x27;Invalid HTTP Version: (2, 0)&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "MAL-CL-EMPTY", "description": "Empty Content-Length value must be rejected", "category": "MalformedInput", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Empty Content-Length value must be rejected", "scored": true, "durationMs": 50.3478, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: \r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 168\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27;CONTENT-LENGTH&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "MAL-CL-TAB-BEFORE-VALUE", "description": "Content-Length with tab as OWS \u2014 valid per RFC but unusual", "category": "MalformedInput", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with tab as OWS \u2014 valid per RFC but unusual", "scored": true, "durationMs": 50.479, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length:\t5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:48:00 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n5\r\nhello\r\n", "behavioralNote": null}, {"id": "MAL-URL-BACKSLASH", "description": "Backslash in URL path \u2014 not valid URI character, some servers normalize to /", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx/404", "got": "200", "connectionState": "ClosedByServer", "reason": "Backslash in URL path \u2014 not valid URI character, some servers normalize to /", "scored": true, "durationMs": 50.4149, "rawRequest": "GET /path\\file HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:48:00 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-URL-OVERLONG-UTF8", "description": "Overlong UTF-8 encoding of / (0xC0 0xAF) in URL must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Overlong UTF-8 encoding of / (0xC0 0xAF) in URL must be rejected", "scored": true, "durationMs": 50.5768, "rawRequest": "GET /?? HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:48:00 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-URL-PERCENT-NULL", "description": "Percent-encoded NUL byte (%00) in URL \u2014 security risk from null byte injection", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx/404", "got": "200", "connectionState": "ClosedByServer", "reason": "Percent-encoded NUL byte (%00) in URL \u2014 security risk from null byte injection", "scored": true, "durationMs": 50.7562, "rawRequest": "GET /path%00.html HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:48:00 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-URL-PERCENT-CRLF", "description": "Percent-encoded CRLF (%0d%0a) in URL \u2014 header injection if server decodes during parsing", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx/404", "got": "200", "connectionState": "Open", "reason": "Percent-encoded CRLF (%0d%0a) in URL \u2014 header injection if server decodes during parsing", "scored": true, "durationMs": 50.523, "rawRequest": "GET /path%0d%0aX-Injected:%20true HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:48:00 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n2\r\nOK\r\n", "behavioralNote": null}, {"id": "MAL-CHUNK-EXT-64K", "description": "64KB chunk extension \u2014 tests extension length limits (CVE-2023-39326 class)", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "64KB chunk extension \u2014 tests extension length limits (CVE-2023-39326 class)", "scored": true, "durationMs": 51.5823, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;ext=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:48:00 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-RANGE-OVERLAPPING", "description": "1000 overlapping Range values \u2014 resource exhaustion vector (CVE-2011-3192 class)", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "200/206/400/416", "got": "200", "connectionState": "ClosedByServer", "reason": "1000 overlapping Range values \u2014 resource exhaustion vector (CVE-2011-3192 class)", "scored": false, "durationMs": 51.4276, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nRange: bytes=0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:48:00 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-POST-CL-HUGE-NO-BODY", "description": "POST with Content-Length: 999999999 but no body \u2014 tests timeout vs memory allocation", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "POST with Content-Length: 999999999 but no body \u2014 tests timeout vs memory allocation", "scored": true, "durationMs": 5000.599, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 999999999\r\n\r\n", "rawResponse": null, "behavioralNote": null}], "name": "Gunicorn", "language": "Python"}, {"summary": {"total": 143, "scored": 125, "passed": 85, "failed": 20, "warnings": 20, "unscored": 18}, "results": [{"id": "COMP-BASELINE", "description": "Valid GET request \u2014 confirms server is reachable", "category": "Compliance", "rfc": null, "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid GET request \u2014 confirms server is reachable", "scored": true, "durationMs": 62.3402, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:25 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-2.2-BARE-LF-REQUEST-LINE", "description": "Bare LF in request line should be rejected, but MAY be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or close (pass), 2xx (warn)", "got": "200", "connectionState": "Open", "reason": "Bare LF in request line should be rejected, but MAY be accepted", "scored": true, "durationMs": 51.7448, "rawRequest": "GET / HTTP/1.1\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:25 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n", "behavioralNote": null}, {"id": "RFC9112-2.2-BARE-LF-HEADER", "description": "Bare LF in header should be rejected, but MAY be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or close (pass), 2xx (warn)", "got": "200", "connectionState": "Open", "reason": "Bare LF in header should be rejected, but MAY be accepted", "scored": true, "durationMs": 50.9861, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\nX-Test: value\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:25 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-5.1-OBS-FOLD", "description": "Obs-fold (line folding) in headers should be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75.1", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "Open", "reason": "Expected 400, got 200 \u2014 Obs-fold (line folding) in headers should be rejected", "scored": true, "durationMs": 50.9678, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: value\r\n continued\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:25 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "RFC9110-5.6.2-SP-BEFORE-COLON", "description": "Whitespace between header name and colon must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Whitespace between header name and colon must be rejected", "scored": true, "durationMs": 50.7578, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test : value\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInvalid HTTP request received.", "behavioralNote": null}, {"id": "RFC9112-3-MULTI-SP-REQUEST-LINE", "description": "Multiple spaces between request-line components \u2014 SHOULD reject but MAY parse leniently", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Multiple spaces between request-line components \u2014 SHOULD reject but MAY parse leniently", "scored": true, "durationMs": 50.9517, "rawRequest": "GET  / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInvalid HTTP request received.", "behavioralNote": null}, {"id": "RFC9112-7.1-MISSING-HOST", "description": "Request without Host header must be rejected with 400", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Request without Host header must be rejected with 400", "scored": true, "durationMs": 50.7915, "rawRequest": "GET / HTTP/1.1\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInvalid HTTP request received.", "behavioralNote": null}, {"id": "RFC9112-2.3-INVALID-VERSION", "description": "Invalid HTTP version must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Fail", "statusCode": 200, "expected": "400/505 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400/505 or close, got 200 \u2014 Invalid HTTP version must be rejected", "scored": true, "durationMs": 50.9502, "rawRequest": "GET / HTTP/9.9\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:25 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-5-EMPTY-HEADER-NAME", "description": "Empty header name (leading colon) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Empty header name (leading colon) must be rejected", "scored": true, "durationMs": 50.8482, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\n: empty-name\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInvalid HTTP request received.", "behavioralNote": null}, {"id": "RFC9112-3-CR-ONLY-LINE-ENDING", "description": "CR without LF as line ending must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "CR without LF as line ending must be rejected", "scored": true, "durationMs": 50.7359, "rawRequest": "GET / HTTP/1.1\rHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInvalid HTTP request received.", "behavioralNote": null}, {"id": "RFC9112-3-MISSING-TARGET", "description": "Request line with no target (space but no path) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Request line with no target (space but no path) must be rejected", "scored": true, "durationMs": 50.6041, "rawRequest": "GET HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInvalid HTTP request received.", "behavioralNote": null}, {"id": "RFC9112-3.2-FRAGMENT-IN-TARGET", "description": "Fragment (#) in request-target \u2014 not part of origin-form grammar", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Fragment (#) in request-target \u2014 not part of origin-form grammar", "scored": true, "durationMs": 49.9003, "rawRequest": "GET /path#frag HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:25 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-2.3-HTTP09-REQUEST", "description": "HTTP/0.9 request (no version) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "HTTP/0.9 request (no version) must be rejected", "scored": true, "durationMs": 5001.6638, "rawRequest": "GET /\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "RFC9112-5-INVALID-HEADER-NAME", "description": "Header name with invalid characters (brackets) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Header name with invalid characters (brackets) must be rejected", "scored": true, "durationMs": 50.6074, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nBad[Name: value\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInvalid HTTP request received.", "behavioralNote": null}, {"id": "RFC9112-5-HEADER-NO-COLON", "description": "Header line without colon must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "Open", "reason": "Header line without colon must be rejected", "scored": true, "durationMs": 50.9886, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nNoColonHere\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "RFC9110-5.4-DUPLICATE-HOST", "description": "Duplicate Host headers with different values must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "Open", "reason": "Duplicate Host headers with different values must be rejected", "scored": true, "durationMs": 50.9107, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nHost: other.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-6.1-CL-NON-NUMERIC", "description": "Non-numeric Content-Length must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "Open", "reason": "Non-numeric Content-Length must be rejected", "scored": true, "durationMs": 50.9071, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: abc\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-6.1-CL-PLUS-SIGN", "description": "Content-Length with plus sign must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with plus sign must be rejected", "scored": true, "durationMs": 51.3316, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: +5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInvalid HTTP request received.", "behavioralNote": null}, {"id": "COMP-WHITESPACE-BEFORE-HEADERS", "description": "Whitespace before first header line must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Whitespace before first header line must be rejected", "scored": true, "durationMs": 50.9102, "rawRequest": "GET / HTTP/1.1\r\n \r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInvalid HTTP request received.", "behavioralNote": null}, {"id": "COMP-DUPLICATE-HOST-SAME", "description": "Duplicate Host headers with identical values must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Duplicate Host headers with identical values must be rejected", "scored": true, "durationMs": 50.7826, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInvalid HTTP request received.", "behavioralNote": null}, {"id": "COMP-HOST-WITH-USERINFO", "description": "Host header with userinfo (user@host) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Host header with userinfo (user@host) must be rejected", "scored": true, "durationMs": 50.8792, "rawRequest": "GET / HTTP/1.1\r\nHost: user@localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:31 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-HOST-WITH-PATH", "description": "Host header with path component must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Host header with path component must be rejected", "scored": true, "durationMs": 50.8227, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080/path\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:31 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n", "behavioralNote": null}, {"id": "COMP-ASTERISK-WITH-GET", "description": "Asterisk-form (*) request-target with GET must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.4", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Asterisk-form (*) request-target with GET must be rejected", "scored": true, "durationMs": 50.74, "rawRequest": "GET * HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:31 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "COMP-OPTIONS-STAR", "description": "OPTIONS * is the only valid asterisk-form request", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.4", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "OPTIONS * is the only valid asterisk-form request", "scored": true, "durationMs": 50.6152, "rawRequest": "OPTIONS * HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:31 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "COMP-UNKNOWN-TE-501", "description": "Unknown Transfer-Encoding without CL should be rejected with 501", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400/501 or close", "got": "400", "connectionState": "Open", "reason": "Unknown Transfer-Encoding without CL should be rejected with 501", "scored": true, "durationMs": 50.5608, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: gzip\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "COMP-LEADING-CRLF", "description": "Leading CRLF before request-line \u2014 server may ignore per RFC", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "Open", "reason": "Leading CRLF before request-line \u2014 server may ignore per RFC", "scored": true, "durationMs": 50.7038, "rawRequest": "\r\n\r\nGET / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "COMP-ABSOLUTE-FORM", "description": "Absolute-form request-target \u2014 server should accept per RFC", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Absolute-form request-target \u2014 server should accept per RFC", "scored": true, "durationMs": 51.0306, "rawRequest": "GET http://localhost:8080/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:31 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "COMP-METHOD-CASE", "description": "Lowercase method 'get' \u2014 methods are case-sensitive per RFC", "category": "Compliance", "rfc": "RFC 9110 \u00a79.1", "verdict": "Warn", "statusCode": 200, "expected": "400/405/501 or 2xx", "got": "200", "connectionState": "Open", "reason": "Lowercase method 'get' \u2014 methods are case-sensitive per RFC", "scored": true, "durationMs": 50.7818, "rawRequest": "get / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:31 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "COMP-POST-CL-BODY", "description": "POST with Content-Length and matching body must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "POST with Content-Length and matching body must be accepted", "scored": true, "durationMs": 50.7804, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:31 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "COMP-POST-CL-ZERO", "description": "POST with Content-Length: 0 and no body must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "POST with Content-Length: 0 and no body must be accepted", "scored": true, "durationMs": 50.9257, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:31 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-POST-NO-CL-NO-TE", "description": "POST with neither Content-Length nor Transfer-Encoding \u2014 implicit zero-length body", "category": "Compliance", "rfc": "RFC 9112 \u00a76.3", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "POST with neither Content-Length nor Transfer-Encoding \u2014 implicit zero-length body", "scored": true, "durationMs": 50.7413, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:31 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-POST-CL-UNDERSEND", "description": "POST with Content-Length: 10 but only 5 bytes sent \u2014 incomplete body", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "POST with Content-Length: 10 but only 5 bytes sent \u2014 incomplete body", "scored": true, "durationMs": 5001.0503, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 10\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-CHUNKED-BODY", "description": "Valid single-chunk POST must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid single-chunk POST must be accepted", "scored": true, "durationMs": 50.7019, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:36 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-MULTI", "description": "Valid multi-chunk POST must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid multi-chunk POST must be accepted", "scored": true, "durationMs": 50.571, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n6\r\n world\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:36 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-EMPTY", "description": "Zero-length chunked body (just terminator) must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "Zero-length chunked body (just terminator) must be accepted", "scored": true, "durationMs": 50.628, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:36 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-NO-FINAL", "description": "Chunked body without zero terminator \u2014 incomplete transfer", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Chunked body without zero terminator \u2014 incomplete transfer", "scored": true, "durationMs": 5000.5766, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-UPGRADE-POST", "description": "WebSocket upgrade via POST must not be accepted", "category": "Compliance", "rfc": "RFC 6455 \u00a74.1", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "WebSocket upgrade via POST must not be accepted", "scored": true, "durationMs": 50.8872, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 13\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:42 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "COMP-UPGRADE-MISSING-CONN", "description": "Upgrade header without Connection: Upgrade must not trigger protocol switch", "category": "Compliance", "rfc": "RFC 9110 \u00a77.8", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "Upgrade header without Connection: Upgrade must not trigger protocol switch", "scored": true, "durationMs": 50.7074, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 13\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:42 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-UPGRADE-UNKNOWN", "description": "Upgrade to unknown protocol must not return 101", "category": "Compliance", "rfc": "RFC 9110 \u00a77.8", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "Upgrade to unknown protocol must not return 101", "scored": true, "durationMs": 50.7407, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: totally-made-up/1.0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:42 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "COMP-METHOD-CONNECT", "description": "CONNECT to an origin server must be rejected", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.6", "verdict": "Fail", "statusCode": 200, "expected": "400/405/501 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400/405/501 or close, got 200 \u2014 CONNECT to an origin server must be rejected", "scored": true, "durationMs": 50.9229, "rawRequest": "CONNECT example.com:443 HTTP/1.1\r\nHost: example.com:443\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:42 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\n\r\n", "behavioralNote": null}, {"id": "COMP-EXPECT-UNKNOWN", "description": "Unknown Expect value should be rejected with 417", "category": "Compliance", "rfc": "RFC 9110 \u00a710.1.1", "verdict": "Warn", "statusCode": 200, "expected": "417 or 2xx", "got": "200", "connectionState": "Open", "reason": "Unknown Expect value should be rejected with 417", "scored": true, "durationMs": 50.8266, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nExpect: 200-ok\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:42 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "COMP-GET-WITH-CL-BODY", "description": "GET with Content-Length and body \u2014 semantically unusual", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "GET with Content-Length and body \u2014 semantically unusual", "scored": false, "durationMs": 50.6728, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:42 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-EXTENSION", "description": "Chunk extension (valid per RFC) \u2014 server should accept or may reject", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx or 400", "got": "200", "connectionState": "Open", "reason": "Chunk extension (valid per RFC) \u2014 server should accept or may reject", "scored": true, "durationMs": 50.7213, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;ext=value\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:42 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "COMP-UPGRADE-INVALID-VER", "description": "WebSocket upgrade with unsupported version \u2014 should return 426", "category": "Compliance", "rfc": "RFC 6455 \u00a74.4", "verdict": "Warn", "statusCode": 200, "expected": "426 or 2xx", "got": "200", "connectionState": "Open", "reason": "WebSocket upgrade with unsupported version \u2014 should return 426", "scored": true, "durationMs": 50.6581, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 99\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:42 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "COMP-METHOD-TRACE", "description": "TRACE request \u2014 should be disabled in production", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.8", "verdict": "Warn", "statusCode": 200, "expected": "405/501 or 2xx", "got": "200", "connectionState": "Open", "reason": "TRACE request \u2014 should be disabled in production", "scored": false, "durationMs": 50.669, "rawRequest": "TRACE / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:42 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-HOST-EMPTY-VALUE", "description": "Empty Host header value must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Empty Host header value must be rejected", "scored": true, "durationMs": 50.6745, "rawRequest": "GET / HTTP/1.1\r\nHost: \r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:42 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-REQUEST-LINE-TAB", "description": "Tab as request-line delimiter \u2014 SHOULD reject but MAY parse on whitespace", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "Open", "reason": "Tab as request-line delimiter \u2014 SHOULD reject but MAY parse on whitespace", "scored": true, "durationMs": 50.5793, "rawRequest": "GET\t/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "COMP-VERSION-MISSING-MINOR", "description": "HTTP/1 with no minor version digit is invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/1 with no minor version digit is invalid", "scored": true, "durationMs": 50.4651, "rawRequest": "GET / HTTP/1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInvalid HTTP request received.", "behavioralNote": null}, {"id": "COMP-VERSION-LEADING-ZEROS", "description": "HTTP/01.01 \u2014 leading zeros in version digits are invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/01.01 \u2014 leading zeros in version digits are invalid", "scored": true, "durationMs": 50.5344, "rawRequest": "GET / HTTP/01.01\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInvalid HTTP request received.", "behavioralNote": null}, {"id": "COMP-VERSION-WHITESPACE", "description": "HTTP/ 1.1 \u2014 whitespace inside version token is invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/ 1.1 \u2014 whitespace inside version token is invalid", "scored": true, "durationMs": 50.6245, "rawRequest": "GET / HTTP/ 1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInvalid HTTP request received.", "behavioralNote": null}, {"id": "COMP-CONNECTION-CLOSE", "description": "Server must close connection after responding to Connection: close", "category": "Compliance", "rfc": "RFC 9112 \u00a79.3", "verdict": "Fail", "statusCode": 200, "expected": "2xx + close", "got": "200", "connectionState": "Open", "reason": "Expected 2xx + close, got 200 \u2014 Server must close connection after responding to Connection: close", "scored": true, "durationMs": 50.7503, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:42 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "COMP-HTTP10-DEFAULT-CLOSE", "description": "HTTP/1.0 without keep-alive \u2014 server should close connection after response", "category": "Compliance", "rfc": "RFC 9112 \u00a79.3", "verdict": "Warn", "statusCode": 200, "expected": "2xx + close", "got": "200", "connectionState": "Open", "reason": "HTTP/1.0 without keep-alive \u2014 server should close connection after response", "scored": true, "durationMs": 50.7274, "rawRequest": "GET / HTTP/1.0\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:42 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "COMP-HTTP10-NO-HOST", "description": "HTTP/1.0 without Host header \u2014 valid per HTTP/1.0", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Warn", "statusCode": 200, "expected": "200 or 400", "got": "200", "connectionState": "Open", "reason": "HTTP/1.0 without Host header \u2014 valid per HTTP/1.0", "scored": false, "durationMs": 50.7014, "rawRequest": "GET / HTTP/1.0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:42 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "COMP-HTTP12-VERSION", "description": "HTTP/1.2 \u2014 higher minor version should be accepted as HTTP/1.x compatible", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Warn", "statusCode": 200, "expected": "200 or 505", "got": "200", "connectionState": "Open", "reason": "HTTP/1.2 \u2014 higher minor version should be accepted as HTTP/1.x compatible", "scored": false, "durationMs": 50.7373, "rawRequest": "GET / HTTP/1.2\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:42 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "COMP-TRACE-WITH-BODY", "description": "TRACE with Content-Length body should be rejected", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.8", "verdict": "Warn", "statusCode": 200, "expected": "400/405 or 200", "got": "200", "connectionState": "Open", "reason": "TRACE with Content-Length body should be rejected", "scored": false, "durationMs": 50.9078, "rawRequest": "TRACE / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:42 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-TRAILER-VALID", "description": "Valid chunked body with trailer field should be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid chunked body with trailer field should be accepted", "scored": true, "durationMs": 50.6654, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nX-Checksum: abc\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:42 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-HEX-UPPERCASE", "description": "Chunk size with uppercase hex (A = 10) should be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Chunk size with uppercase hex (A = 10) should be accepted", "scored": true, "durationMs": 50.5743, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\nA\r\nhelloworld\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:43 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-TE-BOTH", "description": "Both Content-Length and Transfer-Encoding present \u2014 server MAY reject or process with TE alone", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Both Content-Length and Transfer-Encoding present \u2014 server MAY reject or process with TE alone", "scored": true, "durationMs": 50.8954, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 6\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:43 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": "Used TE (chunked 0-length \u2192 empty body)"}, {"id": "SMUG-DUPLICATE-CL", "description": "Duplicate Content-Length with different values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "Open", "reason": "Duplicate Content-Length with different values must be rejected", "scored": true, "durationMs": 50.7197, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nContent-Length: 10\r\n\r\nhelloworld", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-LEADING-ZEROS", "description": "Content-Length with leading zeros \u2014 valid per 1*DIGIT grammar but may cause parser disagreement", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with leading zeros \u2014 valid per 1*DIGIT grammar but may cause parser disagreement", "scored": true, "durationMs": 50.7336, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 005\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:43 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-XCHUNKED", "description": "Transfer-Encoding: xchunked must not be treated as chunked", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "Open", "reason": "Transfer-Encoding: xchunked must not be treated as chunked", "scored": true, "durationMs": 50.6049, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: xchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-TRAILING-SPACE", "description": "Transfer-Encoding: 'chunked ' (trailing space) must not be treated as chunked", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Transfer-Encoding: 'chunked ' (trailing space) must not be treated as chunked", "scored": true, "durationMs": 5000.019, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked \r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-SP-BEFORE-COLON", "description": "Transfer-Encoding with space before colon must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "Open", "reason": "Transfer-Encoding with space before colon must be rejected", "scored": true, "durationMs": 50.5502, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding : chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-NEGATIVE", "description": "Negative Content-Length must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "Open", "reason": "Negative Content-Length must be rejected", "scored": true, "durationMs": 50.5137, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: -1\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CLTE-PIPELINE", "description": "CL.TE smuggling probe \u2014 follow-up should not receive smuggled response", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 CL.TE smuggling probe \u2014 follow-up should not receive smuggled response", "scored": true, "durationMs": 0.621, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 4\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:48 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TECL-PIPELINE", "description": "TE.CL smuggling probe \u2014 TE: chunked + CL: 30 with pipelined GET", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 TE.CL smuggling probe \u2014 TE: chunked + CL: 30 with pipelined GET", "scored": true, "durationMs": 0.4612, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nContent-Length: 30\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:48 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-TRAILING-SPACE", "description": "Content-Length with trailing space \u2014 OWS trimming is valid per RFC 9110 \u00a75.5", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with trailing space \u2014 OWS trimming is valid per RFC 9110 \u00a75.5", "scored": true, "durationMs": 50.4525, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5 \r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:48 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-DOUBLE-CHUNKED", "description": "Transfer-Encoding: chunked, chunked with CL is ambiguous", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "Open", "reason": "Transfer-Encoding: chunked, chunked with CL is ambiguous", "scored": true, "durationMs": 50.5739, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked, chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-EXTRA-LEADING-SP", "description": "Content-Length with extra leading whitespace (double space OWS)", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with extra leading whitespace (double space OWS)", "scored": true, "durationMs": 50.6447, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length:  5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:48 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-CASE-MISMATCH", "description": "Transfer-Encoding: Chunked (capital C) with CL \u2014 case-insensitive is valid", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Transfer-Encoding: Chunked (capital C) with CL \u2014 case-insensitive is valid", "scored": true, "durationMs": 5000.7292, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: Chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CL-COMMA-DIFFERENT", "description": "Content-Length with comma-separated different values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with comma-separated different values must be rejected", "scored": true, "durationMs": 50.6604, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5, 10\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInvalid HTTP request received.", "behavioralNote": null}, {"id": "SMUG-TE-NOT-FINAL-CHUNKED", "description": "Transfer-Encoding where chunked is not final \u2014 server MUST respond with 400 (RFC 9112 \u00a76.3)", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding where chunked is not final \u2014 server MUST respond with 400 (RFC 9112 \u00a76.3)", "scored": true, "durationMs": 50.4817, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked, gzip\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInvalid HTTP request received.", "behavioralNote": null}, {"id": "SMUG-TE-HTTP10", "description": "Transfer-Encoding in HTTP/1.0 request must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Transfer-Encoding in HTTP/1.0 request must be rejected", "scored": true, "durationMs": 5000.3278, "rawRequest": "POST / HTTP/1.0\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CHUNK-BARE-SEMICOLON", "description": "Chunk size with bare semicolon and no extension name must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Chunk size with bare semicolon and no extension name must be rejected", "scored": true, "durationMs": 50.9338, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:58 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-BARE-CR-HEADER-VALUE", "description": "Bare CR in header value must be rejected or replaced with SP", "category": "Smuggling", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare CR in header value must be rejected or replaced with SP", "scored": true, "durationMs": 50.8606, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nX-Test: val\rue\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInvalid HTTP request received.", "behavioralNote": null}, {"id": "SMUG-CL-OCTAL", "description": "Content-Length with octal prefix (0o5) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "Open", "reason": "Content-Length with octal prefix (0o5) must be rejected", "scored": true, "durationMs": 50.6604, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0o5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-UNDERSCORE", "description": "Chunk size with underscores (1_0) must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size with underscores (1_0) must be rejected", "scored": true, "durationMs": 50.6999, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n1_0\r\nhello world!!!!!\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nconnection: close\r\nTransfer-Encoding: chunked\r\n\r\n1e\r\nInvalid HTTP request received.\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-EMPTY-VALUE", "description": "Transfer-Encoding with empty value must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "Open", "reason": "Transfer-Encoding with empty value must be rejected", "scored": true, "durationMs": 50.6741, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-LEADING-COMMA", "description": "Transfer-Encoding with leading comma (, chunked) \u2014 RFC says empty list elements MUST be ignored", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.6.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "Open", "reason": "Transfer-Encoding with leading comma (, chunked) \u2014 RFC says empty list elements MUST be ignored", "scored": true, "durationMs": 50.6842, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: , chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-DUPLICATE-HEADERS", "description": "Two Transfer-Encoding headers with CL present \u2014 ambiguous framing", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "Open", "reason": "Two Transfer-Encoding headers with CL present \u2014 ambiguous framing", "scored": true, "durationMs": 50.5305, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nTransfer-Encoding: identity\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-HEX-PREFIX", "description": "Chunk size with 0x prefix must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size with 0x prefix must be rejected", "scored": true, "durationMs": 50.5334, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n0x5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nconnection: close\r\nTransfer-Encoding: chunked\r\n\r\n1e\r\nInvalid HTTP request received.\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-HEX-PREFIX", "description": "Content-Length with hex prefix (0x5) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "Open", "reason": "Content-Length with hex prefix (0x5) must be rejected", "scored": true, "durationMs": 50.5695, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0x5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-INTERNAL-SPACE", "description": "Content-Length with internal space (1 0) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with internal space (1 0) must be rejected", "scored": true, "durationMs": 50.9582, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 1 0\r\n\r\nhello12345", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInvalid HTTP request received.", "behavioralNote": null}, {"id": "SMUG-CHUNK-LEADING-SP", "description": "Chunk size with leading space must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "Open", "reason": "Chunk size with leading space must be rejected", "scored": true, "durationMs": 50.6812, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n 5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nconnection: close\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-MISSING-TRAILING-CRLF", "description": "Chunk data without trailing CRLF must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "Open", "reason": "Chunk data without trailing CRLF must be rejected", "scored": true, "durationMs": 50.6774, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nconnection: close\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-LF", "description": "Bare LF in chunk extension \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "Open", "reason": "Bare LF in chunk extension \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 50.9612, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nconnection: close\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-SPILL", "description": "Chunk declares size 5 but sends 7 bytes \u2014 oversized chunk data must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "Open", "reason": "Chunk declares size 5 but sends 7 bytes \u2014 oversized chunk data must be rejected", "scored": true, "durationMs": 50.5894, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello!!\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nconnection: close\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-LF-TERM", "description": "Bare LF as chunk data terminator \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "Open", "reason": "Bare LF as chunk data terminator \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 50.8065, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nconnection: close\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-CTRL", "description": "NUL byte in chunk extension must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 NUL byte in chunk extension must be rejected", "scored": true, "durationMs": 51.0225, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\u0000ext\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:59 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-CR", "description": "Bare CR (not CRLF) in chunk extension \u2014 some parsers treat CR alone as line ending", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Bare CR (not CRLF) in chunk extension \u2014 some parsers treat CR alone as line ending", "scored": true, "durationMs": 51.1376, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;a\rX\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:59 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-VTAB", "description": "Vertical tab before 'chunked' in TE value \u2014 control char obfuscation vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Vertical tab before 'chunked' in TE value \u2014 control char obfuscation vector", "scored": true, "durationMs": 50.9521, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \u000bchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInvalid HTTP request received.", "behavioralNote": null}, {"id": "SMUG-TE-FORMFEED", "description": "Form feed before 'chunked' in TE value \u2014 control char obfuscation vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Form feed before 'chunked' in TE value \u2014 control char obfuscation vector", "scored": true, "durationMs": 50.9862, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \fchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInvalid HTTP request received.", "behavioralNote": null}, {"id": "SMUG-TE-NULL", "description": "NUL byte appended to 'chunked' in TE value \u2014 C-string truncation attack", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "Open", "reason": "NUL byte appended to 'chunked' in TE value \u2014 C-string truncation attack", "scored": true, "durationMs": 50.6127, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\u0000\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-LF-TRAILER", "description": "Bare LF in chunked trailer termination \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Bare LF in chunked trailer termination \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 51.0549, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:59 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-IDENTITY", "description": "Transfer-Encoding: identity (deprecated) with CL must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: identity (deprecated) with CL must be rejected", "scored": true, "durationMs": 50.6084, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: identity\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInvalid HTTP request received.", "behavioralNote": null}, {"id": "SMUG-CHUNK-NEGATIVE", "description": "Negative chunk size must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "Open", "reason": "Negative chunk size must be rejected", "scored": true, "durationMs": 50.6757, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n-1\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nconnection: close\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRANSFER_ENCODING", "description": "Transfer_Encoding (underscore) header with CL \u2014 not a valid header but some parsers accept", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer_Encoding (underscore) header with CL \u2014 not a valid header but some parsers accept", "scored": false, "durationMs": 50.0967, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer_Encoding: chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:59 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": "Used TE (treated as chunked)"}, {"id": "SMUG-CL-COMMA-SAME", "description": "Content-Length with comma-separated identical values \u2014 some servers merge", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with comma-separated identical values \u2014 some servers merge", "scored": false, "durationMs": 49.9302, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5, 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:59 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNKED-WITH-PARAMS", "description": "Transfer-Encoding: chunked;ext=val \u2014 parameters on chunked encoding", "category": "Smuggling", "rfc": "RFC 9112 \u00a77", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "Open", "reason": "Transfer-Encoding: chunked;ext=val \u2014 parameters on chunked encoding", "scored": true, "durationMs": 50.7447, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked;ext=val\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-EXPECT-100-CL", "description": "Expect: 100-continue with Content-Length \u2014 server should send 100 then read body", "category": "Smuggling", "rfc": "RFC 9110 \u00a710.1.1", "verdict": "Fail", "statusCode": 100, "expected": "400 or 2xx", "got": "100", "connectionState": "Open", "reason": "Expected 400 or 2xx, got 100 \u2014 Expect: 100-continue with Content-Length \u2014 server should send 100 then read body", "scored": false, "durationMs": 50.7851, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nExpect: 100-continue\r\n\r\nhello", "rawResponse": "HTTP/1.1 100 Continue\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-CL", "description": "Content-Length in chunked trailers must be ignored \u2014 prohibited trailer field", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length in chunked trailers must be ignored \u2014 prohibited trailer field", "scored": false, "durationMs": 50.848, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nContent-Length: 50\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:59 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-TE", "description": "Transfer-Encoding in chunked trailers must be ignored \u2014 prohibited trailer field", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer-Encoding in chunked trailers must be ignored \u2014 prohibited trailer field", "scored": false, "durationMs": 50.8771, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nTransfer-Encoding: chunked\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:59 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-HOST", "description": "Host header in chunked trailers must not be used for routing", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Host header in chunked trailers must not be used for routing", "scored": false, "durationMs": 50.9973, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nHost: evil.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:49:00 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-AUTH", "description": "Authorization header in chunked trailers \u2014 prohibited per RFC 9110 \u00a76.5.1", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Authorization header in chunked trailers \u2014 prohibited per RFC 9110 \u00a76.5.1", "scored": false, "durationMs": 50.8673, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nAuthorization: Bearer evil\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:49:00 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-HEAD-CL-BODY", "description": "HEAD request with Content-Length and body \u2014 server must not leave body on connection", "category": "Smuggling", "rfc": "RFC 9110 \u00a79.3.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "HEAD request with Content-Length and body \u2014 server must not leave body on connection", "scored": false, "durationMs": 50.787, "rawRequest": "HEAD / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:49:00 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-OPTIONS-CL-BODY", "description": "OPTIONS with Content-Length and body \u2014 server should consume or reject body", "category": "Smuggling", "rfc": "RFC 9110 \u00a79.3.7", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "OPTIONS with Content-Length and body \u2014 server should consume or reject body", "scored": false, "durationMs": 50.556, "rawRequest": "OPTIONS / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:49:00 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-UNDERSCORE", "description": "Content-Length with underscore digit separator (1_0) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "Open", "reason": "Content-Length with underscore digit separator (1_0) must be rejected", "scored": true, "durationMs": 50.4388, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 1_0\r\n\r\nhelloworld", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-NEGATIVE-ZERO", "description": "Content-Length: -0 must be rejected \u2014 not valid 1*DIGIT", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length: -0 must be rejected \u2014 not valid 1*DIGIT", "scored": true, "durationMs": 50.6022, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: -0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInvalid HTTP request received.", "behavioralNote": null}, {"id": "SMUG-CL-DOUBLE-ZERO", "description": "Content-Length: 00 \u2014 matches 1*DIGIT but leading zero ambiguity", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length: 00 \u2014 matches 1*DIGIT but leading zero ambiguity", "scored": true, "durationMs": 50.8023, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 00\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:49:00 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-LEADING-ZEROS-OCTAL", "description": "Content-Length: 0200 \u2014 octal 128 vs decimal 200, parser disagreement vector", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length: 0200 \u2014 octal 128 vs decimal 200, parser disagreement vector", "scored": true, "durationMs": 50.8786, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0200\r\n\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:49:00 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\nc8\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-OBS-FOLD", "description": "Transfer-Encoding with obs-fold line wrapping must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a75.1", "verdict": "Fail", "statusCode": null, "expected": "400", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400, got TimedOut \u2014 Transfer-Encoding with obs-fold line wrapping must be rejected", "scored": true, "durationMs": 5000.9378, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding:\r\n chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-TRAILING-COMMA", "description": "Transfer-Encoding: chunked, \u2014 trailing comma produces empty list element", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.6.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "Open", "reason": "Transfer-Encoding: chunked, \u2014 trailing comma produces empty list element", "scored": true, "durationMs": 50.6344, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked,\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-TAB-BEFORE-VALUE", "description": "Transfer-Encoding with tab as OWS before value", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Transfer-Encoding with tab as OWS before value", "scored": false, "durationMs": 5000.6603, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding:\tchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-ABSOLUTE-URI-HOST-MISMATCH", "description": "Absolute-form URI with different Host header \u2014 routing confusion vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a73.2.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Absolute-form URI with different Host header \u2014 routing confusion vector", "scored": false, "durationMs": 50.8371, "rawRequest": "GET http://other.example.com/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:49:10 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-MULTIPLE-HOST-COMMA", "description": "Host header with comma-separated values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a77.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Host header with comma-separated values must be rejected", "scored": true, "durationMs": 49.6981, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080, other.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:49:10 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-BARE-CR-TERM", "description": "Chunk size line terminated by bare CR \u2014 not a valid line terminator", "category": "Smuggling", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size line terminated by bare CR \u2014 not a valid line terminator", "scored": true, "durationMs": 50.6379, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\rhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nconnection: close\r\nTransfer-Encoding: chunked\r\n\r\n1e\r\nInvalid HTTP request received.\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-CONTENT-TYPE", "description": "Content-Type in chunked trailer \u2014 prohibited per RFC 9110 \u00a76.5.1", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Type in chunked trailer \u2014 prohibited per RFC 9110 \u00a76.5.1", "scored": false, "durationMs": 50.7183, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nContent-Type: text/evil\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:49:10 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-BINARY-GARBAGE", "description": "Random binary garbage should be rejected or connection closed", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Random binary garbage should be rejected or connection closed", "scored": true, "durationMs": 5000.6595, "rawRequest": ">\u0017???\u0004?;???V???:o?M%U\u0017]?n?\t\u0014W??6??(\u000b??\u0007???p??\u0005\tngk??\rF?'??'\"?????g?\u001a?????rvc??7i??????)??\u0000Q?????\u000eq\u0005-~????>B??u?8???`\u000b?J\u0017>?\u001d?b?\t???T5{\n????\u0006t|????\u0018\u0010?D??\u0015'????dQ%5w\tN K???\r?\u0011????D?\u0003I?(?\u0011??\r?\u001bi?L???\u0005?kg4Ze\f6??\"QT><<`\u0007u\f????=1?jMah\u0012??+?-??J\u001cP??\u001d?7?,???j2\u0014????(", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-LONG-URL", "description": "100KB URL should be rejected with 414 URI Too Long", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400/414/431 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400/414/431 or close, got 200 \u2014 100KB URL should be rejected with 414 URI Too Long", "scored": true, "durationMs": 52.5619, "rawRequest": "GET /AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:49:15 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-LONG-HEADER-VALUE", "description": "100KB header value should be rejected with 431", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400/431 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400/431 or close, got 200 \u2014 100KB header value should be rejected with 431", "scored": true, "durationMs": 51.9558, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Big: BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:49:15 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-MANY-HEADERS", "description": "10,000 headers should be rejected with 431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/431 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "10,000 headers should be rejected with 431", "scored": true, "durationMs": 54.4389, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-H-0: value\r\nX-H-1: value\r\nX-H-2: value\r\nX-H-3: value\r\nX-H-4: value\r\nX-H-5: value\r\nX-H-6: value\r\nX-H-7: value\r\nX-H-8: value\r\nX-H-9: value\r\nX-H-10: value\r\nX-H-11: value\r\nX-H-12: value\r\nX-H-13: value\r\nX-H-14: value\r\nX-H-15: value\r\nX-H-16: value\r\nX-H-17: value\r\nX-H-18: value\r\nX-H-19: value\r\nX-H-20: value\r\nX-H-21: value\r\nX-H-22: value\r\nX-H-23: value\r\nX-H-24: value\r\nX-H-25: value\r\nX-H-26: value\r\nX-H-27: value\r\nX-H-28: value\r\nX-H-29: value\r\nX-H-30: value\r\nX-H-31: value\r\nX-H-32: value\r\nX-H-33: value\r\nX-H-34: value\r\nX-H-35: value\r\nX-H-36: value\r\nX-H-37: value\r\nX-H-38: value\r\nX-H-39: value\r\nX-H-40: value\r\nX-H-41: value\r\nX-H-42: value\r\nX-H-43: value\r\nX-H-44: value\r\nX-H-45: value\r\nX-H-46: value\r\nX-H-47: value\r\nX-H-48: value\r\nX-H-49: value\r\nX-H-50: value\r\nX-H-51: value\r\nX-H-52: value\r\nX-H-53: value\r\nX-H-54: value\r\nX-H-55: value\r\nX-H-56: value\r\nX-H-57: value\r\nX-H-58: value\r\nX-H-59: value\r\nX-H-60: value\r\nX-H-61: value\r\nX-H-62: value\r\nX-H-63: value\r\nX-H-64: value\r\nX-H-65: value\r\nX-H-66: value\r\nX-H-67: value\r\nX-H-68: value\r\nX-H-69: value\r\nX-H-70: value\r\nX-H-71: value\r\nX-H-72: value\r\nX-H-73: value\r\nX-H-74: value\r\nX-H-75: value\r\nX-H-76: value\r\nX-H-77: value\r\nX-H-78: value\r\nX-H-79: value\r\nX-H-80: value\r\nX-H-81: value\r\nX-H-82: value\r\nX-H-83: value\r\nX-H-84: value\r\nX-H-85: value\r\nX-H-86: value\r\nX-H-87: value\r\nX-H-88: value\r\nX-H-89: value\r\nX-H-90: value\r\nX-H-91: value\r\nX-H-92: value\r\nX-H-93: value\r\nX-H-94: value\r\nX-H-95: value\r\nX-H-96: value\r\nX-H-97: value\r\nX-H-98: value\r\nX-H-99: value\r\nX-H-100: value\r\nX-H-101: value\r\nX-H-102: value\r\nX-H-103: value\r\nX-H-104: value\r\nX-H-105: value\r\nX-H-106: value\r\nX-H-107: value\r\nX-H-108: value\r\nX-H-109: value\r\nX-H-110: value\r\nX-H-111: value\r\nX-H-112: value\r\nX-H-113: value\r\nX-H-114: value\r\nX-H-115: value\r\nX-H-116: value\r\nX-H-117: value\r\nX-H-118: value\r\nX-H-119: value\r\nX-H-120: value\r\nX-H-121: value\r\nX-H-122: value\r\nX-H-123: value\r\nX-H-124: value\r\nX-H-125: value\r\nX-H-126: value\r\nX-H-127: value\r\nX-H-128: value\r\nX-H-129: value\r\nX-H-130: value\r\nX-H-131: value\r\nX-H-132: value\r\nX-H-133: value\r\nX-H-134: value\r\nX-H-135: value\r\nX-H-136: value\r\nX-H-137: value\r\nX-H-138: value\r\nX-H-139: value\r\nX-H-140: value\r\nX-H-141: value\r\nX-H-142: value\r\nX-H-143: value\r\nX-H-144: value\r\nX-H-145: value\r\nX-H-146: value\r\nX-H-147: value\r\nX-H-148: value\r\nX-H-149: value\r\nX-H-150: value\r\nX-H-151: value\r\nX-H-152: value\r\nX-H-153: value\r\nX-H-154: value\r\nX-H-155: value\r\nX-H-156: value\r\nX-H-157: value\r\nX-H-158: value\r\nX-H-159: value\r\nX-H-160: value\r\nX-H-161: value\r\nX-H-162: value\r\nX-H-163: value\r\nX-H-164: value\r\nX-H-165: value\r\nX-H-166: value\r\nX-H-167: value\r\nX-H-168: value\r\nX-H-169: value\r\nX-H-170: value\r\nX-H-171: value\r\nX-H-172: value\r\nX-H-173: value\r\nX-H-174: value\r\nX-H-175: value\r\nX-H-176: value\r\nX-H-177: value\r\nX-H-178: value\r\nX-H-179: value\r\nX-H-180: value\r\nX-H-181: value\r\nX-H-182: value\r\nX-H-183: value\r\nX-H-184: value\r\nX-H-185: value\r\nX-H-186: value\r\nX-H-187: value\r\nX-H-188: value\r\nX-H-189: value\r\nX-H-190: value\r\nX-H-191: value\r\nX-H-192: value\r\nX-H-193: value\r\nX-H-194: value\r\nX-H-195: value\r\nX-H-196: value\r\nX-H-197: value\r\nX-H-198: value\r\nX-H-199: value\r\nX-H-200: value\r\nX-H-201: value\r\nX-H-202: value\r\nX-H-203: value\r\nX-H-204: value\r\nX-H-205: value\r\nX-H-206: value\r\nX-H-207: value\r\nX-H-208: value\r\nX-H-209: value\r\nX-H-210: value\r\nX-H-211: value\r\nX-H-212: value\r\nX-H-213: value\r\nX-H-214: value\r\nX-H-215: value\r\nX-H-216: value\r\nX-H-217: value\r\nX-H-218: value\r\nX-H-219: value\r\nX-H-220: value\r\nX-H-221: value\r\nX-H-222: value\r\nX-H-223: value\r\nX-H-224: value\r\nX-H-225: value\r\nX-H-226: value\r\nX-H-227: value\r\nX-H-228: value\r\nX-H-229: value\r\nX-H-230: value\r\nX-H-231: value\r\nX-H-232: value\r\nX-H-233: value\r\nX-H-234: value\r\nX-H-235: value\r\nX-H-236: value\r\nX-H-237: value\r\nX-H-238: value\r\nX-H-239: value\r\nX-H-240: value\r\nX-H-241: value\r\nX-H-242: value\r\nX-H-243: value\r\nX-H-244: value\r\nX-H-245: value\r\nX-H-246: value\r\nX-H-247: value\r\nX-H-248: value\r\nX-H-249: value\r\nX-H-250: value\r\nX-H-251: value\r\nX-H-252: value\r\nX-H-253: value\r\nX-H-254: value\r\nX-H-255: value\r\nX-H-256: value\r\nX-H-257: value\r\nX-H-258: value\r\nX-H-259: value\r\nX-H-260: value\r\nX-H-261: value\r\nX-H-262: value\r\nX-H-263: value\r\nX-H-264: value\r\nX-H-265: value\r\nX-H-266: value\r\nX-H-267: value\r\nX-H-268: value\r\nX-H-269: value\r\nX-H-270: value\r\nX-H-271: value\r\nX-H-272: value\r\nX-H-273: value\r\nX-H-274: value\r\nX-H-275: value\r\nX-H-276: value\r\nX-H-277: value\r\nX-H-278: value\r\nX-H-279: value\r\nX-H-280: value\r\nX-H-281: value\r\nX-H-282: value\r\nX-H-283: value\r\nX-H-284: value\r\nX-H-285: value\r\nX-H-286: value\r\nX-H-287: value\r\nX-H-288: value\r\nX-H-289: value\r\nX-H-290: value\r\nX-H-291: value\r\nX-H-292: value\r\nX-H-293: value\r\nX-H-294: value\r\nX-H-295: value\r\nX-H-296: value\r\nX-H-297: value\r\nX-H-298: value\r\nX-H-299: value\r\nX-H-300: value\r\nX-H-301: value\r\nX-H-302: value\r\nX-H-303: value\r\nX-H-304: value\r\nX-H-305: value\r\nX-H-306: value\r\nX-H-307: value\r\nX-H-308: value\r\nX-H-309: value\r\nX-H-310: value\r\nX-H-311: value\r\nX-H-312: value\r\nX-H-313: value\r\nX-H-314: value\r\nX-H-315: value\r\nX-H-316: value\r\nX-H-317: value\r\nX-H-318: value\r\nX-H-319: value\r\nX-H-320: value\r\nX-H-321: value\r\nX-H-322: value\r\nX-H-323: value\r\nX-H-324: value\r\nX-H-325: value\r\nX-H-326: value\r\nX-H-327: value\r\nX-H-328: value\r\nX-H-329: value\r\nX-H-330: value\r\nX-H-331: value\r\nX-H-332: value\r\nX-H-333: value\r\nX-H-334: value\r\nX-H-335: value\r\nX-H-336: value\r\nX-H-337: value\r\nX-H-338: value\r\nX-H-339: value\r\nX-H-340: value\r\nX-H-341: value\r\nX-H-342: value\r\nX-H-343: value\r\nX-H-344: value\r\nX-H-345: value\r\nX-H-346: value\r\nX-H-347: value\r\nX-H-348: value\r\nX-H-349: value\r\nX-H-350: value\r\nX-H-351: value\r\nX-H-352: value\r\nX-H-353: value\r\nX-H-354: value\r\nX-H-355: value\r\nX-H-356: value\r\nX-H-357: value\r\nX-H-358: value\r\nX-H-359: value\r\nX-H-360: value\r\nX-H-361: value\r\nX-H-362: value\r\nX-H-363: value\r\nX-H-364: value\r\nX-H-365: value\r\nX-H-366: value\r\nX-H-367: value\r\nX-H-368: value\r\nX-H-369: value\r\nX-H-370: value\r\nX-H-371: value\r\nX-H-372: value\r\nX-H-373: value\r\nX-H-374: value\r\nX-H-375: value\r\nX-H-376: value\r\nX-H-377: value\r\nX-H-378: value\r\nX-H-379: value\r\nX-H-380: value\r\nX-H-381: value\r\nX-H-382: value\r\nX-H-383: value\r\nX-H-384: value\r\nX-H-385: value\r\nX-H-386: value\r\nX-H-387: value\r\nX-H-388: value\r\nX-H-389: value\r\nX-H-390: value\r\nX-H-391: value\r\nX-H-392: value\r\nX-H-393: value\r\nX-H-394: value\r\nX-H-395: value\r\nX-H-396: value\r\nX-H-397: value\r\nX-H-398: value\r\nX-H-399: value\r\nX-H-400: value\r\nX-H-401: value\r\nX-H-402: value\r\nX-H-403: value\r\nX-H-404: value\r\nX-H-405: value\r\nX-H-406: value\r\nX-H-407: value\r\nX-H-408: value\r\nX-H-409: value\r\nX-H-410: value\r\nX-H-411: value\r\nX-H-412: value\r\nX-H-413: value\r\nX-H-414: value\r\nX-H-415: value\r\nX-H-416: value\r\nX-H-417: value\r\nX-H-418: value\r\nX-H-419: value\r\nX-H-420: value\r\nX-H-421: value\r\nX-H-422: value\r\nX-H-423: value\r\nX-H-424: value\r\nX-H-425: value\r\nX-H-426: value\r\nX-H-427: value\r\nX-H-428: value\r\nX-H-429: value\r\nX-H-430: value\r\nX-H-431: value\r\nX-H-432: value\r\nX-H-433: value\r\nX-H-434: value\r\nX-H-435: value\r\nX-H-436: value\r\nX-H-437: value\r\nX-H-438: value\r\nX-H-439: value\r\nX-H-440: value\r\nX-H-441: value\r\nX-H-442: value\r\nX-H-443: value\r\nX-H-444: value\r\nX-H-445: value\r\nX-H-446: value\r\nX-H-447: value\r\nX-H-448: value\r\nX-H-449: value\r\nX-H-450: value\r\nX-H-451: value\r\nX-H-452: value\r\nX-H-453: value\r\nX-H-454: value\r\nX-H-455: value\r\nX-H-456: value\r\nX-H-457: value\r\nX-H-458: value\r\nX-H-459: value\r\nX-H-460: value\r\nX-H-461: value\r\nX-H-462: value\r\nX-H-463: value\r\nX-H-464: value\r\nX-H-465: value\r\nX-H-466: value\r\nX-H-467: value\r\nX-H-468: value\r\nX-H-469: value\r\nX-H-470: value\r\nX-H-471: value\r\nX-H-472: value\r\nX-H-473: value\r\nX-H-474: value\r\nX-H-475: value\r\nX-H-476: value\r\nX-H-477: value\r\nX-H-478: value\r\nX-H-479: value\r\nX-H-480: value\r\nX-H-481: value\r\nX-H-482: value\r\nX-H-483: value\r\nX-H-484: value\r\nX-H-485: value\r\nX-H-486: value\r\nX-H-487: value\r\nX-H-488: value\r\nX-H-489: value\r\nX-H-490: value\r\nX-H-491: value\r\nX-H-492: value\r\nX-H-493: value\r\nX-H-494: value\r\nX-H-495: value\r\nX-H-496: value\r\nX-H-497: value\r\nX-H-498: value\r\nX-H-499: value\r\nX-H-500: value\r\nX-H-501: value\r\nX-H-502: value\r\nX-H-503: value\r\nX-H-504: value\r\nX-H-505: value\r\nX-H-506: value\r\nX-H-507: value\r\nX-H-508: value\r\nX-H-509: value\r\nX-H-510: value\r\nX-H-511: value\r\nX-H-512: value\r\nX-H-513: value\r\nX-H-514: value\r\nX-H-515: value\r\nX-H-516:", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInvalid HTTP request received.", "behavioralNote": null}, {"id": "MAL-NUL-IN-URL", "description": "NUL byte in URL should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "NUL byte in URL should be rejected", "scored": true, "durationMs": 50.8348, "rawRequest": "GET /\u0000test HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInvalid HTTP request received.", "behavioralNote": null}, {"id": "MAL-CONTROL-CHARS-HEADER", "description": "Control characters in header value should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Control characters in header value should be rejected", "scored": true, "durationMs": 50.7822, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: abc\u0007\b?f\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:49:15 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-INCOMPLETE-REQUEST", "description": "Partial HTTP request \u2014 request-line and headers but no final CRLF", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Partial HTTP request \u2014 request-line and headers but no final CRLF", "scored": true, "durationMs": 5000.3577, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: value", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-EMPTY-REQUEST", "description": "Zero bytes \u2014 TCP connection established without sending any data", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Zero bytes \u2014 TCP connection established without sending any data", "scored": true, "durationMs": 5000.7272, "rawRequest": "", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-LONG-HEADER-NAME", "description": "100KB header name should be rejected with 400/431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/431 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "100KB header name should be rejected with 400/431", "scored": true, "durationMs": 50.7142, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInvalid HTTP request received.", "behavioralNote": null}, {"id": "MAL-LONG-METHOD", "description": "100KB method name should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "100KB method name should be rejected", "scored": true, "durationMs": 51.2156, "rawRequest": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInvalid HTTP request received.", "behavioralNote": null}, {"id": "MAL-NON-ASCII-HEADER-NAME", "description": "Non-ASCII bytes (UTF-8 \u00eb) in header name must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "Open", "reason": "Non-ASCII bytes (UTF-8 \u00eb) in header name must be rejected", "scored": true, "durationMs": 50.626, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-T??st: value\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-NON-ASCII-URL", "description": "Non-ASCII bytes (UTF-8 \u00e9) in URL must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Non-ASCII bytes (UTF-8 \u00e9) in URL must be rejected", "scored": true, "durationMs": 50.7771, "rawRequest": "GET /caf?? HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInvalid HTTP request received.", "behavioralNote": null}, {"id": "MAL-CL-OVERFLOW", "description": "Content-Length with integer overflow value must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Content-Length with integer overflow value must be rejected", "scored": true, "durationMs": 5000.5008, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 99999999999999999999\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-WHITESPACE-ONLY-LINE", "description": "Whitespace-only request line should be rejected or timeout", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "Whitespace-only request line should be rejected or timeout", "scored": true, "durationMs": 51.0287, "rawRequest": "   \r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInvalid HTTP request received.", "behavioralNote": null}, {"id": "MAL-NUL-IN-HEADER-VALUE", "description": "NUL byte in header value should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "NUL byte in header value should be rejected", "scored": true, "durationMs": 50.8133, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: val\u0000ue\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInvalid HTTP request received.", "behavioralNote": null}, {"id": "MAL-CHUNK-SIZE-OVERFLOW", "description": "Chunk size with integer overflow must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Chunk size with integer overflow must be rejected", "scored": true, "durationMs": 5001.2099, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\nFFFFFFFFFFFFFFFF0\r\nhello\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-H2-PREFACE", "description": "HTTP/2 connection preface sent to HTTP/1.1 server must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400/505/close/timeout", "got": "200", "connectionState": "Open", "reason": "Expected 400/505/close/timeout, got 200 \u2014 HTTP/2 connection preface sent to HTTP/1.1 server must be rejected", "scored": true, "durationMs": 51.1767, "rawRequest": "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:49:36 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-CL-EMPTY", "description": "Empty Content-Length value must be rejected", "category": "MalformedInput", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Empty Content-Length value must be rejected", "scored": true, "durationMs": 50.8716, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: \r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInvalid HTTP request received.", "behavioralNote": null}, {"id": "MAL-CL-TAB-BEFORE-VALUE", "description": "Content-Length with tab as OWS \u2014 valid per RFC but unusual", "category": "MalformedInput", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with tab as OWS \u2014 valid per RFC but unusual", "scored": true, "durationMs": 50.4443, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length:\t5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:49:36 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-URL-BACKSLASH", "description": "Backslash in URL path \u2014 not valid URI character, some servers normalize to /", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx/404", "got": "200", "connectionState": "Open", "reason": "Backslash in URL path \u2014 not valid URI character, some servers normalize to /", "scored": true, "durationMs": 51.0135, "rawRequest": "GET /path\\file HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:49:36 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "MAL-URL-OVERLONG-UTF8", "description": "Overlong UTF-8 encoding of / (0xC0 0xAF) in URL must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Overlong UTF-8 encoding of / (0xC0 0xAF) in URL must be rejected", "scored": true, "durationMs": 50.9902, "rawRequest": "GET /?? HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInvalid HTTP request received.", "behavioralNote": null}, {"id": "MAL-URL-PERCENT-NULL", "description": "Percent-encoded NUL byte (%00) in URL \u2014 security risk from null byte injection", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx/404", "got": "200", "connectionState": "Open", "reason": "Percent-encoded NUL byte (%00) in URL \u2014 security risk from null byte injection", "scored": true, "durationMs": 51.2808, "rawRequest": "GET /path%00.html HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:49:36 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-URL-PERCENT-CRLF", "description": "Percent-encoded CRLF (%0d%0a) in URL \u2014 header injection if server decodes during parsing", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx/404", "got": "200", "connectionState": "Open", "reason": "Percent-encoded CRLF (%0d%0a) in URL \u2014 header injection if server decodes during parsing", "scored": true, "durationMs": 51.1843, "rawRequest": "GET /path%0d%0aX-Injected:%20true HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:49:36 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-CHUNK-EXT-64K", "description": "64KB chunk extension \u2014 tests extension length limits (CVE-2023-39326 class)", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "64KB chunk extension \u2014 tests extension length limits (CVE-2023-39326 class)", "scored": true, "durationMs": 52.5252, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;ext=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:49:36 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-RANGE-OVERLAPPING", "description": "1000 overlapping Range values \u2014 resource exhaustion vector (CVE-2011-3192 class)", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "200/206/400/416", "got": "200", "connectionState": "Open", "reason": "1000 overlapping Range values \u2014 resource exhaustion vector (CVE-2011-3192 class)", "scored": false, "durationMs": 52.642, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nRange: bytes=0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:49:36 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-POST-CL-HUGE-NO-BODY", "description": "POST with Content-Length: 999999999 but no body \u2014 tests timeout vs memory allocation", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "POST with Content-Length: 999999999 but no body \u2014 tests timeout vs memory allocation", "scored": true, "durationMs": 5000.6612, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 999999999\r\n\r\n", "rawResponse": null, "behavioralNote": null}], "name": "Uvicorn", "language": "Python"}]};
\ No newline at end of file
diff --git a/docs/static/probe/render.js b/docs/static/probe/render.js
index 09d38b3..6065474 100644
--- a/docs/static/probe/render.js
+++ b/docs/static/probe/render.js
@@ -5,7 +5,12 @@ window.ProbeRender = (function () {
   var FAIL_BG = '#cf222e';
   var SKIP_BG = '#656d76';
   var EXPECT_BG = '#444c56';
-  var pillCss = 'text-align:center;padding:2px 4px;font-size:11px;font-weight:600;color:#fff;border-radius:3px;min-width:28px;display:inline-block;line-height:18px;';
+  var pillCss = 'text-align:center;padding:2px 4px;font-size:11px;font-weight:600;color:#fff;border-radius:3px;min-width:28px;display:inline-block;line-height:18px;cursor:default;';
+
+  function escapeAttr(s) {
+    if (!s) return '';
+    return s.replace(/&/g, '&amp;').replace(/"/g, '&quot;').replace(/</g, '&lt;').replace(/>/g, '&gt;');
+  }
 
   // Servers temporarily hidden from results (undergoing major changes)
   var BLACKLISTED_SERVERS = ['GenHTTP'];
@@ -44,10 +49,100 @@ window.ProbeRender = (function () {
       + 'html.dark .probe-table tbody tr{border-bottom-color:#30363d}'
       + 'html.dark .probe-server-row:hover{background:#161b22}'
       + 'html.dark .probe-server-row.probe-row-active{background:#2a3a50 !important}'
-      + 'html.dark .probe-table thead a{color:#58a6ff !important}';
+      + 'html.dark .probe-table thead a{color:#58a6ff !important}'
+      // Tooltip (hover)
+      + '.probe-tooltip{position:fixed;z-index:9999;background:#1c1c1c;color:#e0e0e0;font-family:monospace;font-size:11px;'
+      + 'white-space:pre;padding:8px 10px;border-radius:6px;max-width:500px;max-height:300px;overflow:auto;'
+      + 'pointer-events:none;box-shadow:0 4px 16px rgba(0,0,0,0.3);line-height:1.4}'
+      + '.probe-tooltip .probe-note{color:#f0c674;font-family:sans-serif;font-weight:600;font-size:11px;margin-bottom:6px;white-space:normal}'
+      + '.probe-tooltip .probe-label{color:#81a2be;font-family:sans-serif;font-weight:700;font-size:10px;text-transform:uppercase;letter-spacing:0.5px;margin-bottom:2px}'
+      + '.probe-tooltip .probe-label:not(:first-child){margin-top:8px;padding-top:8px;border-top:1px solid #333}'
+      // Modal (click)
+      + '.probe-modal-overlay{position:fixed;inset:0;z-index:10000;background:rgba(0,0,0,0.5);display:flex;align-items:center;justify-content:center}'
+      + '.probe-modal{background:#1c1c1c;color:#e0e0e0;font-family:monospace;font-size:12px;white-space:pre;'
+      + 'padding:16px 20px;border-radius:8px;max-width:700px;max-height:80vh;overflow:auto;'
+      + 'box-shadow:0 8px 32px rgba(0,0,0,0.5);line-height:1.5;position:relative;min-width:300px}'
+      + '.probe-modal .probe-note{color:#f0c674;font-family:sans-serif;font-weight:600;font-size:13px;margin-bottom:10px;white-space:normal}'
+      + '.probe-modal .probe-label{color:#81a2be;font-family:sans-serif;font-weight:700;font-size:11px;text-transform:uppercase;letter-spacing:0.5px;margin-bottom:4px}'
+      + '.probe-modal .probe-label:not(:first-child){margin-top:12px;padding-top:12px;border-top:1px solid #333}'
+      + '.probe-modal-close{position:sticky;top:0;float:right;background:none;border:none;color:#808080;font-size:20px;'
+      + 'cursor:pointer;padding:0 4px;line-height:1;font-family:sans-serif}'
+      + '.probe-modal-close:hover{color:#fff}';
     var style = document.createElement('style');
     style.textContent = css;
     document.head.appendChild(style);
+
+    // Tooltip hover handler (delegated)
+    var tip = null;
+    document.addEventListener('mouseover', function (e) {
+      var target = e.target.closest('[data-tooltip]');
+      if (!target) return;
+      if (tip) { tip.remove(); tip = null; }
+      var text = target.getAttribute('data-tooltip');
+      if (!text) return;
+      tip = document.createElement('div');
+      tip.className = 'probe-tooltip';
+      var note = target.getAttribute('data-note');
+      var req = target.getAttribute('data-request');
+      var html = '';
+      if (note) html += '<div class="probe-note">' + escapeAttr(note) + '</div>';
+      if (req) html += '<div class="probe-label">Request</div>' + escapeAttr(req);
+      if (text) html += '<div class="probe-label">Response</div>' + escapeAttr(text);
+      tip.innerHTML = html;
+      document.body.appendChild(tip);
+      var rect = target.getBoundingClientRect();
+      var tipRect = tip.getBoundingClientRect();
+      var left = rect.left + rect.width / 2 - tipRect.width / 2;
+      if (left < 4) left = 4;
+      if (left + tipRect.width > window.innerWidth - 4) left = window.innerWidth - 4 - tipRect.width;
+      var top = rect.top - tipRect.height - 6;
+      if (top < 4) top = rect.bottom + 6;
+      tip.style.left = left + 'px';
+      tip.style.top = top + 'px';
+    });
+    document.addEventListener('mouseout', function (e) {
+      var target = e.target.closest('[data-tooltip]');
+      if (target && tip) { tip.remove(); tip = null; }
+    });
+
+    // Modal click handler (delegated)
+    document.addEventListener('click', function (e) {
+      var target = e.target.closest('[data-tooltip]');
+      if (!target) return;
+      var text = target.getAttribute('data-tooltip');
+      var req = target.getAttribute('data-request');
+      if (!text && !req) return;
+      // Dismiss hover tooltip
+      if (tip) { tip.remove(); tip = null; }
+
+      var note = target.getAttribute('data-note');
+      var html = '<button class="probe-modal-close" title="Close">&times;</button>';
+      if (note) html += '<div class="probe-note">' + escapeAttr(note) + '</div>';
+      if (req) html += '<div class="probe-label">Request</div>' + escapeAttr(req);
+      if (text) html += '<div class="probe-label">Response</div>' + escapeAttr(text);
+
+      var overlay = document.createElement('div');
+      overlay.className = 'probe-modal-overlay';
+      var modal = document.createElement('div');
+      modal.className = 'probe-modal';
+      modal.innerHTML = html;
+      overlay.appendChild(modal);
+      document.body.appendChild(overlay);
+
+      // Close on X button
+      modal.querySelector('.probe-modal-close').addEventListener('click', function () {
+        overlay.remove();
+      });
+      // Close on overlay click (outside modal)
+      overlay.addEventListener('click', function (ev) {
+        if (ev.target === overlay) overlay.remove();
+      });
+      // Close on Escape
+      function onKey(ev) {
+        if (ev.key === 'Escape') { overlay.remove(); document.removeEventListener('keydown', onKey); }
+      }
+      document.addEventListener('keydown', onKey);
+    });
   }
 
   // ── Test ID → doc page URL mapping ─────────────────────────────
@@ -197,8 +292,14 @@ window.ProbeRender = (function () {
     return TEST_URLS[tid] || '';
   }
 
-  function pill(bg, label) {
-    return '<span style="' + pillCss + 'background:' + bg + ';">' + label + '</span>';
+  function pill(bg, label, tooltipRaw, tooltipNote, tooltipReq) {
+    var extra = '';
+    var hasData = tooltipRaw || tooltipReq;
+    if (hasData) extra += ' data-tooltip="' + escapeAttr(tooltipRaw || '') + '"';
+    if (tooltipNote) extra += ' data-note="' + escapeAttr(tooltipNote) + '"';
+    if (tooltipReq) extra += ' data-request="' + escapeAttr(tooltipReq) + '"';
+    var cursor = hasData ? 'cursor:pointer;' : 'cursor:default;';
+    return '<span style="' + pillCss + cursor + 'background:' + bg + ';"' + extra + '>' + label + '</span>';
   }
 
   function verdictBg(v) {
@@ -396,7 +497,7 @@ window.ProbeRender = (function () {
           t += '<td style="text-align:center;padding:2px 3px;' + opacity + '">' + pill(SKIP_BG, '\u2014') + '</td>';
           return;
         }
-        t += '<td style="text-align:center;padding:2px 3px;' + opacity + '">' + pill(verdictBg(r.verdict), r.got) + '</td>';
+        t += '<td style="text-align:center;padding:2px 3px;' + opacity + '">' + pill(verdictBg(r.verdict), r.got, r.rawResponse, r.behavioralNote, r.rawRequest) + '</td>';
       });
       t += '</tr>';
     });
diff --git a/src/Http11Probe.Cli/Reporting/JsonReporter.cs b/src/Http11Probe.Cli/Reporting/JsonReporter.cs
index c17635f..b66c2b8 100644
--- a/src/Http11Probe.Cli/Reporting/JsonReporter.cs
+++ b/src/Http11Probe.Cli/Reporting/JsonReporter.cs
@@ -41,7 +41,10 @@ public static string Generate(TestRunReport report)
                 statusCode = r.Response?.StatusCode,
                 connectionState = r.ConnectionState.ToString(),
                 error = r.ErrorMessage,
-                durationMs = r.Duration.TotalMilliseconds
+                durationMs = r.Duration.TotalMilliseconds,
+                rawRequest = r.RawRequest,
+                rawResponse = r.Response?.RawResponse,
+                behavioralNote = r.BehavioralNote
             })
         };
 
diff --git a/src/Http11Probe/Response/HttpResponse.cs b/src/Http11Probe/Response/HttpResponse.cs
index b98496a..03ad98d 100644
--- a/src/Http11Probe/Response/HttpResponse.cs
+++ b/src/Http11Probe/Response/HttpResponse.cs
@@ -7,4 +7,6 @@ public sealed class HttpResponse
     public required string HttpVersion { get; init; }
     public required IReadOnlyDictionary<string, string> Headers { get; init; }
     public bool IsEmpty { get; init; }
+    public string? RawResponse { get; init; }
+    public string? Body { get; init; }
 }
diff --git a/src/Http11Probe/Response/ResponseParser.cs b/src/Http11Probe/Response/ResponseParser.cs
index 0f12b4f..f302419 100644
--- a/src/Http11Probe/Response/ResponseParser.cs
+++ b/src/Http11Probe/Response/ResponseParser.cs
@@ -77,13 +77,30 @@ public static class ResponseParser
             pos = nextLineEnd + 1;
         }
 
+        // Extract body after \r\n\r\n
+        string? body = null;
+        var headerEnd = text.IndexOf("\r\n\r\n", StringComparison.Ordinal);
+        if (headerEnd >= 0)
+        {
+            var bodyStart = headerEnd + 4;
+            if (bodyStart < text.Length)
+            {
+                var bodyText = text[bodyStart..];
+                body = bodyText.Length > 4096 ? bodyText[..4096] : bodyText;
+            }
+        }
+
+        var rawResponse = text.Length > 8192 ? text[..8192] : text;
+
         return new HttpResponse
         {
             StatusCode = statusCode,
             ReasonPhrase = reasonPhrase,
             HttpVersion = httpVersion,
             Headers = headers,
-            IsEmpty = false
+            IsEmpty = false,
+            RawResponse = rawResponse,
+            Body = body
         };
     }
 }
diff --git a/src/Http11Probe/Runner/TestRunner.cs b/src/Http11Probe/Runner/TestRunner.cs
index e8ec42b..5d7be0e 100644
--- a/src/Http11Probe/Runner/TestRunner.cs
+++ b/src/Http11Probe/Runner/TestRunner.cs
@@ -1,4 +1,5 @@
 using System.Diagnostics;
+using System.Text;
 using Http11Probe.Client;
 using Http11Probe.Response;
 using Http11Probe.TestCases;
@@ -78,6 +79,7 @@ private async Task<TestResult> RunSingleAsync(TestCase testCase, TestContext con
 
             // Send the primary payload
             var payload = testCase.PayloadFactory(context);
+            var rawRequest = Encoding.ASCII.GetString(payload, 0, Math.Min(payload.Length, 8192));
             await client.SendAsync(payload);
 
             // Read primary response
@@ -105,6 +107,7 @@ private async Task<TestResult> RunSingleAsync(TestCase testCase, TestContext con
             }
 
             var verdict = testCase.Expected.Evaluate(response, connectionState);
+            var behavioralNote = testCase.BehavioralAnalyzer?.Invoke(response);
 
             return new TestResult
             {
@@ -113,6 +116,8 @@ private async Task<TestResult> RunSingleAsync(TestCase testCase, TestContext con
                 Response = response,
                 FollowUpResponse = followUpResponse,
                 ConnectionState = connectionState,
+                BehavioralNote = behavioralNote,
+                RawRequest = rawRequest,
                 Duration = sw.Elapsed
             };
         }
diff --git a/src/Http11Probe/TestCases/Suites/SmugglingSuite.cs b/src/Http11Probe/TestCases/Suites/SmugglingSuite.cs
index 91b8538..486a804 100644
--- a/src/Http11Probe/TestCases/Suites/SmugglingSuite.cs
+++ b/src/Http11Probe/TestCases/Suites/SmugglingSuite.cs
@@ -1,10 +1,56 @@
 using System.Text;
 using Http11Probe.Client;
+using Http11Probe.Response;
 
 namespace Http11Probe.TestCases.Suites;
 
 public static class SmugglingSuite
 {
+    // ── Behavioral analyzers ────────────────────────────────────
+    // Examine the echoed body to determine which framing the server used.
+    // Static-config servers (Nginx, Apache, etc.) always return "OK" and cannot echo.
+
+    private const string StaticNote = "Static response — server does not echo POST body";
+
+    private static bool IsStaticResponse(string body) => body == "OK";
+
+    private static string? AnalyzeClTeBoth(HttpResponse? r)
+    {
+        if (r is null || r.StatusCode is < 200 or >= 300) return null;
+        var body = (r.Body ?? "").TrimEnd('\r', '\n');
+        if (IsStaticResponse(body)) return StaticNote;
+        if (body.Length == 0) return "Used TE (chunked 0-length → empty body)";
+        if (body.Contains("0\r\n\r\n") || body == "0\r\n\r") return "Used CL (read 6 raw bytes including chunk terminator)";
+        return $"Body: {Truncate(body)}";
+    }
+
+    private static string? AnalyzeDuplicateCl(HttpResponse? r)
+    {
+        // Payload: "helloworld" with CL:5 and CL:10
+        // CL:5 → "hello", CL:10 → "helloworld"
+        if (r is null || r.StatusCode is < 200 or >= 300) return null;
+        var body = (r.Body ?? "").TrimEnd('\r', '\n');
+        if (IsStaticResponse(body)) return StaticNote;
+        if (body == "hello") return "Used first CL (5 bytes)";
+        if (body == "helloworld") return "Used second CL (10 bytes)";
+        if (body.Length == 0) return "Empty body (server consumed no body)";
+        return $"Body: {Truncate(body)}";
+    }
+
+    private static string? AnalyzeTeWithClFallback(HttpResponse? r)
+    {
+        // Tests with TE variant + CL:5 + body "hello"
+        // If server used CL → body is "hello"; if TE recognized → empty (chunked parse of "hello")
+        if (r is null || r.StatusCode is < 200 or >= 300) return null;
+        var body = (r.Body ?? "").TrimEnd('\r', '\n');
+        if (IsStaticResponse(body)) return StaticNote;
+        if (body == "hello") return "Used CL (ignored TE variant)";
+        if (body.Length == 0) return "Used TE (treated as chunked)";
+        return $"Body: {Truncate(body)}";
+    }
+
+    private static string Truncate(string s) => s.Length > 40 ? s[..40] + "..." : s;
+
     public static IEnumerable<TestCase> GetTestCases()
     {
         yield return new TestCase
@@ -15,6 +61,7 @@ public static IEnumerable<TestCase> GetTestCases()
             RfcReference = "RFC 9112 §6.1",
             PayloadFactory = ctx => MakeRequest(
                 $"POST / HTTP/1.1\r\nHost: {ctx.HostHeader}\r\nContent-Length: 6\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n"),
+            BehavioralAnalyzer = AnalyzeClTeBoth,
             Expected = new ExpectedBehavior
             {
                 Description = "400 or 2xx",
@@ -39,7 +86,8 @@ public static IEnumerable<TestCase> GetTestCases()
             Category = TestCategory.Smuggling,
             RfcReference = "RFC 9110 §8.6",
             PayloadFactory = ctx => MakeRequest(
-                $"POST / HTTP/1.1\r\nHost: {ctx.HostHeader}\r\nContent-Length: 5\r\nContent-Length: 10\r\n\r\nhello"),
+                $"POST / HTTP/1.1\r\nHost: {ctx.HostHeader}\r\nContent-Length: 5\r\nContent-Length: 10\r\n\r\nhelloworld"),
+            BehavioralAnalyzer = AnalyzeDuplicateCl,
             Expected = new ExpectedBehavior
             {
                 ExpectedStatus = StatusCodeRange.Exact(400),
@@ -79,6 +127,7 @@ public static IEnumerable<TestCase> GetTestCases()
             RfcReference = "RFC 9112 §6.1",
             PayloadFactory = ctx => MakeRequest(
                 $"POST / HTTP/1.1\r\nHost: {ctx.HostHeader}\r\nTransfer-Encoding: xchunked\r\nContent-Length: 5\r\n\r\nhello"),
+            BehavioralAnalyzer = AnalyzeTeWithClFallback,
             Expected = new ExpectedBehavior
             {
                 ExpectedStatus = StatusCodeRange.Exact(400),
@@ -94,6 +143,7 @@ public static IEnumerable<TestCase> GetTestCases()
             RfcReference = "RFC 9112 §6.1",
             PayloadFactory = ctx => MakeRequest(
                 $"POST / HTTP/1.1\r\nHost: {ctx.HostHeader}\r\nTransfer-Encoding: chunked \r\nContent-Length: 5\r\n\r\nhello"),
+            BehavioralAnalyzer = AnalyzeTeWithClFallback,
             Expected = new ExpectedBehavior
             {
                 ExpectedStatus = StatusCodeRange.Exact(400),
@@ -109,6 +159,7 @@ public static IEnumerable<TestCase> GetTestCases()
             RfcReference = "RFC 9112 §5",
             PayloadFactory = ctx => MakeRequest(
                 $"POST / HTTP/1.1\r\nHost: {ctx.HostHeader}\r\nTransfer-Encoding : chunked\r\nContent-Length: 5\r\n\r\nhello"),
+            BehavioralAnalyzer = AnalyzeTeWithClFallback,
             Expected = new ExpectedBehavior
             {
                 ExpectedStatus = StatusCodeRange.Exact(400),
@@ -225,6 +276,7 @@ public static IEnumerable<TestCase> GetTestCases()
             RfcReference = "RFC 9112 §6.1",
             PayloadFactory = ctx => MakeRequest(
                 $"POST / HTTP/1.1\r\nHost: {ctx.HostHeader}\r\nTransfer-Encoding: chunked, chunked\r\nContent-Length: 5\r\n\r\nhello"),
+            BehavioralAnalyzer = AnalyzeTeWithClFallback,
             Expected = new ExpectedBehavior
             {
                 Description = "400 or 2xx",
@@ -273,6 +325,7 @@ public static IEnumerable<TestCase> GetTestCases()
             RfcReference = "RFC 9112 §6.1",
             PayloadFactory = ctx => MakeRequest(
                 $"POST / HTTP/1.1\r\nHost: {ctx.HostHeader}\r\nTransfer-Encoding: Chunked\r\nContent-Length: 5\r\n\r\nhello"),
+            BehavioralAnalyzer = AnalyzeTeWithClFallback,
             Expected = new ExpectedBehavior
             {
                 Description = "400 or 2xx",
@@ -329,6 +382,7 @@ public static IEnumerable<TestCase> GetTestCases()
             RfcReference = "RFC 9112 §6.1",
             PayloadFactory = ctx => MakeRequest(
                 $"POST / HTTP/1.0\r\nHost: {ctx.HostHeader}\r\nTransfer-Encoding: chunked\r\nContent-Length: 5\r\n\r\nhello"),
+            BehavioralAnalyzer = AnalyzeTeWithClFallback,
             Expected = new ExpectedBehavior
             {
                 ExpectedStatus = StatusCodeRange.Exact(400),
@@ -407,6 +461,7 @@ public static IEnumerable<TestCase> GetTestCases()
             RfcReference = "RFC 9112 §6.1",
             PayloadFactory = ctx => MakeRequest(
                 $"POST / HTTP/1.1\r\nHost: {ctx.HostHeader}\r\nTransfer-Encoding: \r\nContent-Length: 5\r\n\r\nhello"),
+            BehavioralAnalyzer = AnalyzeTeWithClFallback,
             Expected = new ExpectedBehavior
             {
                 ExpectedStatus = StatusCodeRange.Exact(400),
@@ -422,6 +477,7 @@ public static IEnumerable<TestCase> GetTestCases()
             RfcReference = "RFC 9110 §5.6.1",
             PayloadFactory = ctx => MakeRequest(
                 $"POST / HTTP/1.1\r\nHost: {ctx.HostHeader}\r\nTransfer-Encoding: , chunked\r\nContent-Length: 5\r\n\r\nhello"),
+            BehavioralAnalyzer = AnalyzeTeWithClFallback,
             Expected = new ExpectedBehavior
             {
                 Description = "400 or 2xx",
@@ -447,6 +503,7 @@ public static IEnumerable<TestCase> GetTestCases()
             RfcReference = "RFC 9112 §6.1",
             PayloadFactory = ctx => MakeRequest(
                 $"POST / HTTP/1.1\r\nHost: {ctx.HostHeader}\r\nTransfer-Encoding: chunked\r\nTransfer-Encoding: identity\r\nContent-Length: 5\r\n\r\nhello"),
+            BehavioralAnalyzer = AnalyzeTeWithClFallback,
             Expected = new ExpectedBehavior
             {
                 ExpectedStatus = StatusCodeRange.Exact(400),
@@ -670,6 +727,7 @@ public static IEnumerable<TestCase> GetTestCases()
                 after.CopyTo(payload, before.Length + vtab.Length);
                 return payload;
             },
+            BehavioralAnalyzer = AnalyzeTeWithClFallback,
             Expected = new ExpectedBehavior
             {
                 ExpectedStatus = StatusCodeRange.Exact(400),
@@ -694,6 +752,7 @@ public static IEnumerable<TestCase> GetTestCases()
                 after.CopyTo(payload, before.Length + ff.Length);
                 return payload;
             },
+            BehavioralAnalyzer = AnalyzeTeWithClFallback,
             Expected = new ExpectedBehavior
             {
                 ExpectedStatus = StatusCodeRange.Exact(400),
@@ -718,6 +777,7 @@ public static IEnumerable<TestCase> GetTestCases()
                 after.CopyTo(payload, before.Length + nul.Length);
                 return payload;
             },
+            BehavioralAnalyzer = AnalyzeTeWithClFallback,
             Expected = new ExpectedBehavior
             {
                 ExpectedStatus = StatusCodeRange.Exact(400),
@@ -762,6 +822,7 @@ public static IEnumerable<TestCase> GetTestCases()
             RfcReference = "RFC 9112 §7",
             PayloadFactory = ctx => MakeRequest(
                 $"POST / HTTP/1.1\r\nHost: {ctx.HostHeader}\r\nTransfer-Encoding: identity\r\nContent-Length: 5\r\n\r\nhello"),
+            BehavioralAnalyzer = AnalyzeTeWithClFallback,
             Expected = new ExpectedBehavior
             {
                 ExpectedStatus = StatusCodeRange.Exact(400),
@@ -795,6 +856,7 @@ public static IEnumerable<TestCase> GetTestCases()
             Scored = false,
             PayloadFactory = ctx => MakeRequest(
                 $"POST / HTTP/1.1\r\nHost: {ctx.HostHeader}\r\nTransfer_Encoding: chunked\r\nContent-Length: 5\r\n\r\nhello"),
+            BehavioralAnalyzer = AnalyzeTeWithClFallback,
             Expected = new ExpectedBehavior
             {
                 Description = "400 or 2xx",
@@ -844,6 +906,7 @@ public static IEnumerable<TestCase> GetTestCases()
             RfcReference = "RFC 9112 §7",
             PayloadFactory = ctx => MakeRequest(
                 $"POST / HTTP/1.1\r\nHost: {ctx.HostHeader}\r\nTransfer-Encoding: chunked;ext=val\r\nContent-Length: 5\r\n\r\nhello"),
+            BehavioralAnalyzer = AnalyzeTeWithClFallback,
             Expected = new ExpectedBehavior
             {
                 Description = "400 or 2xx",
@@ -1129,6 +1192,7 @@ public static IEnumerable<TestCase> GetTestCases()
             RfcReference = "RFC 9112 §5.1",
             PayloadFactory = ctx => MakeRequest(
                 $"POST / HTTP/1.1\r\nHost: {ctx.HostHeader}\r\nTransfer-Encoding:\r\n chunked\r\nContent-Length: 5\r\n\r\nhello"),
+            BehavioralAnalyzer = AnalyzeTeWithClFallback,
             Expected = new ExpectedBehavior
             {
                 ExpectedStatus = StatusCodeRange.Exact(400)
@@ -1143,6 +1207,7 @@ public static IEnumerable<TestCase> GetTestCases()
             RfcReference = "RFC 9110 §5.6.1",
             PayloadFactory = ctx => MakeRequest(
                 $"POST / HTTP/1.1\r\nHost: {ctx.HostHeader}\r\nTransfer-Encoding: chunked,\r\nContent-Length: 5\r\n\r\nhello"),
+            BehavioralAnalyzer = AnalyzeTeWithClFallback,
             Expected = new ExpectedBehavior
             {
                 Description = "400 or 2xx",
@@ -1168,6 +1233,7 @@ public static IEnumerable<TestCase> GetTestCases()
             RfcReference = "RFC 9110 §5.5",
             PayloadFactory = ctx => MakeRequest(
                 $"POST / HTTP/1.1\r\nHost: {ctx.HostHeader}\r\nTransfer-Encoding:\tchunked\r\nContent-Length: 5\r\n\r\nhello"),
+            BehavioralAnalyzer = AnalyzeTeWithClFallback,
             Expected = new ExpectedBehavior
             {
                 Description = "400 or 2xx",
diff --git a/src/Http11Probe/TestCases/TestCase.cs b/src/Http11Probe/TestCases/TestCase.cs
index 586a7e2..72e590c 100644
--- a/src/Http11Probe/TestCases/TestCase.cs
+++ b/src/Http11Probe/TestCases/TestCase.cs
@@ -1,3 +1,5 @@
+using Http11Probe.Response;
+
 namespace Http11Probe.TestCases;
 
 public sealed class TestCase
@@ -11,4 +13,5 @@ public sealed class TestCase
     public required ExpectedBehavior Expected { get; init; }
     public bool RequiresConnectionReuse { get; init; }
     public bool Scored { get; init; } = true;
+    public Func<HttpResponse?, string?>? BehavioralAnalyzer { get; init; }
 }
diff --git a/src/Http11Probe/TestCases/TestResult.cs b/src/Http11Probe/TestCases/TestResult.cs
index 61f710f..79e1bcc 100644
--- a/src/Http11Probe/TestCases/TestResult.cs
+++ b/src/Http11Probe/TestCases/TestResult.cs
@@ -11,5 +11,7 @@ public sealed class TestResult
     public HttpResponse? FollowUpResponse { get; init; }
     public ConnectionState ConnectionState { get; init; }
     public string? ErrorMessage { get; init; }
+    public string? BehavioralNote { get; init; }
+    public string? RawRequest { get; init; }
     public TimeSpan Duration { get; init; }
 }
diff --git a/src/Servers/ActixServer/src/main.rs b/src/Servers/ActixServer/src/main.rs
index e6cde26..793a81f 100644
--- a/src/Servers/ActixServer/src/main.rs
+++ b/src/Servers/ActixServer/src/main.rs
@@ -1,9 +1,15 @@
-use actix_web::{web, App, HttpServer, HttpResponse};
+use actix_web::{web, App, HttpServer, HttpRequest, HttpResponse};
 
-async fn ok() -> HttpResponse {
-    HttpResponse::Ok()
-        .content_type("text/plain")
-        .body("OK")
+async fn handler(req: HttpRequest, body: web::Bytes) -> HttpResponse {
+    if req.method() == actix_web::http::Method::POST {
+        HttpResponse::Ok()
+            .content_type("text/plain")
+            .body(body)
+    } else {
+        HttpResponse::Ok()
+            .content_type("text/plain")
+            .body("OK")
+    }
 }
 
 #[actix_web::main]
@@ -14,7 +20,7 @@ async fn main() -> std::io::Result<()> {
         .unwrap_or(8080);
 
     HttpServer::new(|| {
-        App::new().default_service(web::to(ok))
+        App::new().default_service(web::to(handler))
     })
     .bind(("0.0.0.0", port))?
     .run()
diff --git a/src/Servers/AspNetMinimal/Program.cs b/src/Servers/AspNetMinimal/Program.cs
index 283d58d..022b93b 100644
--- a/src/Servers/AspNetMinimal/Program.cs
+++ b/src/Servers/AspNetMinimal/Program.cs
@@ -6,6 +6,11 @@
 
 app.MapGet("/", () => "OK");
 
-app.MapPost("/", () => "OK");
+app.MapPost("/", async (HttpContext ctx) =>
+{
+    using var reader = new StreamReader(ctx.Request.Body);
+    var body = await reader.ReadToEndAsync();
+    return Results.Text(body);
+});
 
 app.Run();
diff --git a/src/Servers/BunServer/server.ts b/src/Servers/BunServer/server.ts
index 7ffd53a..8cd288e 100644
--- a/src/Servers/BunServer/server.ts
+++ b/src/Servers/BunServer/server.ts
@@ -3,7 +3,11 @@ const port = parseInt(Bun.argv[2] || "8080", 10);
 Bun.serve({
   port,
   hostname: "0.0.0.0",
-  fetch() {
+  async fetch(req) {
+    if (req.method === "POST") {
+      const body = await req.text();
+      return new Response(body);
+    }
     return new Response("OK");
   },
 });
diff --git a/src/Servers/DenoServer/server.ts b/src/Servers/DenoServer/server.ts
index 3fe61c5..58efb4c 100644
--- a/src/Servers/DenoServer/server.ts
+++ b/src/Servers/DenoServer/server.ts
@@ -1,3 +1,7 @@
-Deno.serve({ port: 8080, hostname: "0.0.0.0" }, () => {
+Deno.serve({ port: 8080, hostname: "0.0.0.0" }, async (req) => {
+  if (req.method === "POST") {
+    const body = await req.text();
+    return new Response(body, { headers: { "content-type": "text/plain" } });
+  }
   return new Response("OK", { headers: { "content-type": "text/plain" } });
 });
diff --git a/src/Servers/EmbedIOServer/Program.cs b/src/Servers/EmbedIOServer/Program.cs
index 2606417..77e31c8 100644
--- a/src/Servers/EmbedIOServer/Program.cs
+++ b/src/Servers/EmbedIOServer/Program.cs
@@ -7,10 +7,19 @@
 using var server = new WebServer(o => o
     .WithUrlPrefix(url)
     .WithMode(HttpListenerMode.EmbedIO))
-    .WithModule(new ActionModule("/", HttpVerbs.Any, ctx =>
+    .WithModule(new ActionModule("/", HttpVerbs.Any, async ctx =>
     {
         ctx.Response.ContentType = "text/plain";
-        return ctx.SendStringAsync("OK", "text/plain", System.Text.Encoding.UTF8);
+        if (ctx.Request.HttpVerb == HttpVerbs.Post)
+        {
+            using var reader = new System.IO.StreamReader(ctx.Request.InputStream);
+            var body = await reader.ReadToEndAsync();
+            await ctx.SendStringAsync(body, "text/plain", System.Text.Encoding.UTF8);
+        }
+        else
+        {
+            await ctx.SendStringAsync("OK", "text/plain", System.Text.Encoding.UTF8);
+        }
     }));
 
 Console.WriteLine($"EmbedIO listening on http://localhost:{port}");
diff --git a/src/Servers/ExpressServer/node_modules/.bin/mime b/src/Servers/ExpressServer/node_modules/.bin/mime
new file mode 120000
index 0000000..fbb7ee0
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/.bin/mime
@@ -0,0 +1 @@
+../mime/cli.js
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/.package-lock.json b/src/Servers/ExpressServer/node_modules/.package-lock.json
new file mode 100644
index 0000000..e5bcf5f
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/.package-lock.json
@@ -0,0 +1,751 @@
+{
+  "name": "express-server",
+  "lockfileVersion": 3,
+  "requires": true,
+  "packages": {
+    "node_modules/accepts": {
+      "version": "1.3.8",
+      "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz",
+      "integrity": "sha512-PYAthTa2m2VKxuvSD3DPC/Gy+U+sOA1LAuT8mkmRuvw+NACSaeXEQ+NHcVF7rONl6qcaxV3Uuemwawk+7+SJLw==",
+      "dependencies": {
+        "mime-types": "~2.1.34",
+        "negotiator": "0.6.3"
+      },
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/array-flatten": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz",
+      "integrity": "sha512-PCVAQswWemu6UdxsDFFX/+gVeYqKAod3D3UVm91jHwynguOwAvYPhx8nNlM++NqRcK6CxxpUafjmhIdKiHibqg=="
+    },
+    "node_modules/body-parser": {
+      "version": "1.20.4",
+      "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.4.tgz",
+      "integrity": "sha512-ZTgYYLMOXY9qKU/57FAo8F+HA2dGX7bqGc71txDRC1rS4frdFI5R7NhluHxH6M0YItAP0sHB4uqAOcYKxO6uGA==",
+      "dependencies": {
+        "bytes": "~3.1.2",
+        "content-type": "~1.0.5",
+        "debug": "2.6.9",
+        "depd": "2.0.0",
+        "destroy": "~1.2.0",
+        "http-errors": "~2.0.1",
+        "iconv-lite": "~0.4.24",
+        "on-finished": "~2.4.1",
+        "qs": "~6.14.0",
+        "raw-body": "~2.5.3",
+        "type-is": "~1.6.18",
+        "unpipe": "~1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.8",
+        "npm": "1.2.8000 || >= 1.4.16"
+      }
+    },
+    "node_modules/bytes": {
+      "version": "3.1.2",
+      "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz",
+      "integrity": "sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg==",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/call-bind-apply-helpers": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz",
+      "integrity": "sha512-Sp1ablJ0ivDkSzjcaJdxEunN5/XvksFJ2sMBFfq6x0ryhQV/2b/KwFe21cMpmHtPOSij8K99/wSfoEuTObmuMQ==",
+      "dependencies": {
+        "es-errors": "^1.3.0",
+        "function-bind": "^1.1.2"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/call-bound": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/call-bound/-/call-bound-1.0.4.tgz",
+      "integrity": "sha512-+ys997U96po4Kx/ABpBCqhA9EuxJaQWDQg7295H4hBphv3IZg0boBKuwYpt4YXp6MZ5AmZQnU/tyMTlRpaSejg==",
+      "dependencies": {
+        "call-bind-apply-helpers": "^1.0.2",
+        "get-intrinsic": "^1.3.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/content-disposition": {
+      "version": "0.5.4",
+      "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.4.tgz",
+      "integrity": "sha512-FveZTNuGw04cxlAiWbzi6zTAL/lhehaWbTtgluJh4/E95DqMwTmha3KZN1aAWA8cFIhHzMZUvLevkw5Rqk+tSQ==",
+      "dependencies": {
+        "safe-buffer": "5.2.1"
+      },
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/content-type": {
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz",
+      "integrity": "sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA==",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/cookie": {
+      "version": "0.7.2",
+      "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.2.tgz",
+      "integrity": "sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w==",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/cookie-signature": {
+      "version": "1.0.7",
+      "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.7.tgz",
+      "integrity": "sha512-NXdYc3dLr47pBkpUCHtKSwIOQXLVn8dZEuywboCOJY/osA0wFSLlSawr3KN8qXJEyX66FcONTH8EIlVuK0yyFA=="
+    },
+    "node_modules/debug": {
+      "version": "2.6.9",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
+      "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==",
+      "dependencies": {
+        "ms": "2.0.0"
+      }
+    },
+    "node_modules/depd": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz",
+      "integrity": "sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw==",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/destroy": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/destroy/-/destroy-1.2.0.tgz",
+      "integrity": "sha512-2sJGJTaXIIaR1w4iJSNoN0hnMY7Gpc/n8D4qSCJw8QqFWXf7cuAgnEHxBpweaVcPevC2l3KpjYCx3NypQQgaJg==",
+      "engines": {
+        "node": ">= 0.8",
+        "npm": "1.2.8000 || >= 1.4.16"
+      }
+    },
+    "node_modules/dunder-proto": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/dunder-proto/-/dunder-proto-1.0.1.tgz",
+      "integrity": "sha512-KIN/nDJBQRcXw0MLVhZE9iQHmG68qAVIBg9CqmUYjmQIhgij9U5MFvrqkUL5FbtyyzZuOeOt0zdeRe4UY7ct+A==",
+      "dependencies": {
+        "call-bind-apply-helpers": "^1.0.1",
+        "es-errors": "^1.3.0",
+        "gopd": "^1.2.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/ee-first": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz",
+      "integrity": "sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow=="
+    },
+    "node_modules/encodeurl": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-2.0.0.tgz",
+      "integrity": "sha512-Q0n9HRi4m6JuGIV1eFlmvJB7ZEVxu93IrMyiMsGC0lrMJMWzRgx6WGquyfQgZVb31vhGgXnfmPNNXmxnOkRBrg==",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/es-define-property": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.1.tgz",
+      "integrity": "sha512-e3nRfgfUZ4rNGL232gUgX06QNyyez04KdjFrF+LTRoOXmrOgFKDg4BCdsjW8EnT69eqdYGmRpJwiPVYNrCaW3g==",
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/es-errors": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz",
+      "integrity": "sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw==",
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/es-object-atoms": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/es-object-atoms/-/es-object-atoms-1.1.1.tgz",
+      "integrity": "sha512-FGgH2h8zKNim9ljj7dankFPcICIK9Cp5bm+c2gQSYePhpaG5+esrLODihIorn+Pe6FGJzWhXQotPv73jTaldXA==",
+      "dependencies": {
+        "es-errors": "^1.3.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/escape-html": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz",
+      "integrity": "sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow=="
+    },
+    "node_modules/etag": {
+      "version": "1.8.1",
+      "resolved": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz",
+      "integrity": "sha512-aIL5Fx7mawVa300al2BnEE4iNvo1qETxLrPI/o05L7z6go7fCw1J6EQmbK4FmJ2AS7kgVF/KEZWufBfdClMcPg==",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/express": {
+      "version": "4.22.1",
+      "resolved": "https://registry.npmjs.org/express/-/express-4.22.1.tgz",
+      "integrity": "sha512-F2X8g9P1X7uCPZMA3MVf9wcTqlyNp7IhH5qPCI0izhaOIYXaW9L535tGA3qmjRzpH+bZczqq7hVKxTR4NWnu+g==",
+      "dependencies": {
+        "accepts": "~1.3.8",
+        "array-flatten": "1.1.1",
+        "body-parser": "~1.20.3",
+        "content-disposition": "~0.5.4",
+        "content-type": "~1.0.4",
+        "cookie": "~0.7.1",
+        "cookie-signature": "~1.0.6",
+        "debug": "2.6.9",
+        "depd": "2.0.0",
+        "encodeurl": "~2.0.0",
+        "escape-html": "~1.0.3",
+        "etag": "~1.8.1",
+        "finalhandler": "~1.3.1",
+        "fresh": "~0.5.2",
+        "http-errors": "~2.0.0",
+        "merge-descriptors": "1.0.3",
+        "methods": "~1.1.2",
+        "on-finished": "~2.4.1",
+        "parseurl": "~1.3.3",
+        "path-to-regexp": "~0.1.12",
+        "proxy-addr": "~2.0.7",
+        "qs": "~6.14.0",
+        "range-parser": "~1.2.1",
+        "safe-buffer": "5.2.1",
+        "send": "~0.19.0",
+        "serve-static": "~1.16.2",
+        "setprototypeof": "1.2.0",
+        "statuses": "~2.0.1",
+        "type-is": "~1.6.18",
+        "utils-merge": "1.0.1",
+        "vary": "~1.1.2"
+      },
+      "engines": {
+        "node": ">= 0.10.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/express"
+      }
+    },
+    "node_modules/finalhandler": {
+      "version": "1.3.2",
+      "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.3.2.tgz",
+      "integrity": "sha512-aA4RyPcd3badbdABGDuTXCMTtOneUCAYH/gxoYRTZlIJdF0YPWuGqiAsIrhNnnqdXGswYk6dGujem4w80UJFhg==",
+      "dependencies": {
+        "debug": "2.6.9",
+        "encodeurl": "~2.0.0",
+        "escape-html": "~1.0.3",
+        "on-finished": "~2.4.1",
+        "parseurl": "~1.3.3",
+        "statuses": "~2.0.2",
+        "unpipe": "~1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/forwarded": {
+      "version": "0.2.0",
+      "resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz",
+      "integrity": "sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow==",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/fresh": {
+      "version": "0.5.2",
+      "resolved": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz",
+      "integrity": "sha512-zJ2mQYM18rEFOudeV4GShTGIQ7RbzA7ozbU9I/XBpm7kqgMywgmylMwXHxZJmkVoYkna9d2pVXVXPdYTP9ej8Q==",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/function-bind": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz",
+      "integrity": "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==",
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/get-intrinsic": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.3.0.tgz",
+      "integrity": "sha512-9fSjSaos/fRIVIp+xSJlE6lfwhES7LNtKaCBIamHsjr2na1BiABJPo0mOjjz8GJDURarmCPGqaiVg5mfjb98CQ==",
+      "dependencies": {
+        "call-bind-apply-helpers": "^1.0.2",
+        "es-define-property": "^1.0.1",
+        "es-errors": "^1.3.0",
+        "es-object-atoms": "^1.1.1",
+        "function-bind": "^1.1.2",
+        "get-proto": "^1.0.1",
+        "gopd": "^1.2.0",
+        "has-symbols": "^1.1.0",
+        "hasown": "^2.0.2",
+        "math-intrinsics": "^1.1.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/get-proto": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/get-proto/-/get-proto-1.0.1.tgz",
+      "integrity": "sha512-sTSfBjoXBp89JvIKIefqw7U2CCebsc74kiY6awiGogKtoSGbgjYE/G/+l9sF3MWFPNc9IcoOC4ODfKHfxFmp0g==",
+      "dependencies": {
+        "dunder-proto": "^1.0.1",
+        "es-object-atoms": "^1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/gopd": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/gopd/-/gopd-1.2.0.tgz",
+      "integrity": "sha512-ZUKRh6/kUFoAiTAtTYPZJ3hw9wNxx+BIBOijnlG9PnrJsCcSjs1wyyD6vJpaYtgnzDrKYRSqf3OO6Rfa93xsRg==",
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/has-symbols": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.1.0.tgz",
+      "integrity": "sha512-1cDNdwJ2Jaohmb3sg4OmKaMBwuC48sYni5HUw2DvsC8LjGTLK9h+eb1X6RyuOHe4hT0ULCW68iomhjUoKUqlPQ==",
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/hasown": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz",
+      "integrity": "sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ==",
+      "dependencies": {
+        "function-bind": "^1.1.2"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/http-errors": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.1.tgz",
+      "integrity": "sha512-4FbRdAX+bSdmo4AUFuS0WNiPz8NgFt+r8ThgNWmlrjQjt1Q7ZR9+zTlce2859x4KSXrwIsaeTqDoKQmtP8pLmQ==",
+      "dependencies": {
+        "depd": "~2.0.0",
+        "inherits": "~2.0.4",
+        "setprototypeof": "~1.2.0",
+        "statuses": "~2.0.2",
+        "toidentifier": "~1.0.1"
+      },
+      "engines": {
+        "node": ">= 0.8"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/express"
+      }
+    },
+    "node_modules/iconv-lite": {
+      "version": "0.4.24",
+      "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz",
+      "integrity": "sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==",
+      "dependencies": {
+        "safer-buffer": ">= 2.1.2 < 3"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/inherits": {
+      "version": "2.0.4",
+      "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz",
+      "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ=="
+    },
+    "node_modules/ipaddr.js": {
+      "version": "1.9.1",
+      "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz",
+      "integrity": "sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==",
+      "engines": {
+        "node": ">= 0.10"
+      }
+    },
+    "node_modules/math-intrinsics": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/math-intrinsics/-/math-intrinsics-1.1.0.tgz",
+      "integrity": "sha512-/IXtbwEk5HTPyEwyKX6hGkYXxM9nbj64B+ilVJnC/R6B0pH5G4V3b0pVbL7DBj4tkhBAppbQUlf6F6Xl9LHu1g==",
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/media-typer": {
+      "version": "0.3.0",
+      "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz",
+      "integrity": "sha512-dq+qelQ9akHpcOl/gUVRTxVIOkAJ1wR3QAvb4RsVjS8oVoFjDGTc679wJYmUmknUF5HwMLOgb5O+a3KxfWapPQ==",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/merge-descriptors": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.3.tgz",
+      "integrity": "sha512-gaNvAS7TZ897/rVaZ0nMtAyxNyi/pdbjbAwUpFQpN70GqnVfOiXpeUUMKRBmzXaSQ8DdTX4/0ms62r2K+hE6mQ==",
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/methods": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz",
+      "integrity": "sha512-iclAHeNqNm68zFtnZ0e+1L2yUIdvzNoauKU4WBA3VvH/vPFieF7qfRlwUZU+DA9P9bPXIS90ulxoUoCH23sV2w==",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/mime": {
+      "version": "1.6.0",
+      "resolved": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz",
+      "integrity": "sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg==",
+      "bin": {
+        "mime": "cli.js"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/mime-db": {
+      "version": "1.52.0",
+      "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz",
+      "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/mime-types": {
+      "version": "2.1.35",
+      "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz",
+      "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==",
+      "dependencies": {
+        "mime-db": "1.52.0"
+      },
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/ms": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
+      "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A=="
+    },
+    "node_modules/negotiator": {
+      "version": "0.6.3",
+      "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz",
+      "integrity": "sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg==",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/object-inspect": {
+      "version": "1.13.4",
+      "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.4.tgz",
+      "integrity": "sha512-W67iLl4J2EXEGTbfeHCffrjDfitvLANg0UlX3wFUUSTx92KXRFegMHUVgSqE+wvhAbi4WqjGg9czysTV2Epbew==",
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/on-finished": {
+      "version": "2.4.1",
+      "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz",
+      "integrity": "sha512-oVlzkg3ENAhCk2zdv7IJwd/QUD4z2RxRwpkcGY8psCVcCYZNq4wYnVWALHM+brtuJjePWiYF/ClmuDr8Ch5+kg==",
+      "dependencies": {
+        "ee-first": "1.1.1"
+      },
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/parseurl": {
+      "version": "1.3.3",
+      "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz",
+      "integrity": "sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ==",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/path-to-regexp": {
+      "version": "0.1.12",
+      "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.12.tgz",
+      "integrity": "sha512-RA1GjUVMnvYFxuqovrEqZoxxW5NUZqbwKtYz/Tt7nXerk0LbLblQmrsgdeOxV5SFHf0UDggjS/bSeOZwt1pmEQ=="
+    },
+    "node_modules/proxy-addr": {
+      "version": "2.0.7",
+      "resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz",
+      "integrity": "sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==",
+      "dependencies": {
+        "forwarded": "0.2.0",
+        "ipaddr.js": "1.9.1"
+      },
+      "engines": {
+        "node": ">= 0.10"
+      }
+    },
+    "node_modules/qs": {
+      "version": "6.14.2",
+      "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.2.tgz",
+      "integrity": "sha512-V/yCWTTF7VJ9hIh18Ugr2zhJMP01MY7c5kh4J870L7imm6/DIzBsNLTXzMwUA3yZ5b/KBqLx8Kp3uRvd7xSe3Q==",
+      "dependencies": {
+        "side-channel": "^1.1.0"
+      },
+      "engines": {
+        "node": ">=0.6"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/range-parser": {
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz",
+      "integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/raw-body": {
+      "version": "2.5.3",
+      "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.3.tgz",
+      "integrity": "sha512-s4VSOf6yN0rvbRZGxs8Om5CWj6seneMwK3oDb4lWDH0UPhWcxwOWw5+qk24bxq87szX1ydrwylIOp2uG1ojUpA==",
+      "dependencies": {
+        "bytes": "~3.1.2",
+        "http-errors": "~2.0.1",
+        "iconv-lite": "~0.4.24",
+        "unpipe": "~1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/safe-buffer": {
+      "version": "5.2.1",
+      "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz",
+      "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/feross"
+        },
+        {
+          "type": "patreon",
+          "url": "https://www.patreon.com/feross"
+        },
+        {
+          "type": "consulting",
+          "url": "https://feross.org/support"
+        }
+      ]
+    },
+    "node_modules/safer-buffer": {
+      "version": "2.1.2",
+      "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz",
+      "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg=="
+    },
+    "node_modules/send": {
+      "version": "0.19.2",
+      "resolved": "https://registry.npmjs.org/send/-/send-0.19.2.tgz",
+      "integrity": "sha512-VMbMxbDeehAxpOtWJXlcUS5E8iXh6QmN+BkRX1GARS3wRaXEEgzCcB10gTQazO42tpNIya8xIyNx8fll1OFPrg==",
+      "dependencies": {
+        "debug": "2.6.9",
+        "depd": "2.0.0",
+        "destroy": "1.2.0",
+        "encodeurl": "~2.0.0",
+        "escape-html": "~1.0.3",
+        "etag": "~1.8.1",
+        "fresh": "~0.5.2",
+        "http-errors": "~2.0.1",
+        "mime": "1.6.0",
+        "ms": "2.1.3",
+        "on-finished": "~2.4.1",
+        "range-parser": "~1.2.1",
+        "statuses": "~2.0.2"
+      },
+      "engines": {
+        "node": ">= 0.8.0"
+      }
+    },
+    "node_modules/send/node_modules/ms": {
+      "version": "2.1.3",
+      "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
+      "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA=="
+    },
+    "node_modules/serve-static": {
+      "version": "1.16.3",
+      "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-1.16.3.tgz",
+      "integrity": "sha512-x0RTqQel6g5SY7Lg6ZreMmsOzncHFU7nhnRWkKgWuMTu5NN0DR5oruckMqRvacAN9d5w6ARnRBXl9xhDCgfMeA==",
+      "dependencies": {
+        "encodeurl": "~2.0.0",
+        "escape-html": "~1.0.3",
+        "parseurl": "~1.3.3",
+        "send": "~0.19.1"
+      },
+      "engines": {
+        "node": ">= 0.8.0"
+      }
+    },
+    "node_modules/setprototypeof": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz",
+      "integrity": "sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw=="
+    },
+    "node_modules/side-channel": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.1.0.tgz",
+      "integrity": "sha512-ZX99e6tRweoUXqR+VBrslhda51Nh5MTQwou5tnUDgbtyM0dBgmhEDtWGP/xbKn6hqfPRHujUNwz5fy/wbbhnpw==",
+      "dependencies": {
+        "es-errors": "^1.3.0",
+        "object-inspect": "^1.13.3",
+        "side-channel-list": "^1.0.0",
+        "side-channel-map": "^1.0.1",
+        "side-channel-weakmap": "^1.0.2"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/side-channel-list": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/side-channel-list/-/side-channel-list-1.0.0.tgz",
+      "integrity": "sha512-FCLHtRD/gnpCiCHEiJLOwdmFP+wzCmDEkc9y7NsYxeF4u7Btsn1ZuwgwJGxImImHicJArLP4R0yX4c2KCrMrTA==",
+      "dependencies": {
+        "es-errors": "^1.3.0",
+        "object-inspect": "^1.13.3"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/side-channel-map": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/side-channel-map/-/side-channel-map-1.0.1.tgz",
+      "integrity": "sha512-VCjCNfgMsby3tTdo02nbjtM/ewra6jPHmpThenkTYh8pG9ucZ/1P8So4u4FGBek/BjpOVsDCMoLA/iuBKIFXRA==",
+      "dependencies": {
+        "call-bound": "^1.0.2",
+        "es-errors": "^1.3.0",
+        "get-intrinsic": "^1.2.5",
+        "object-inspect": "^1.13.3"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/side-channel-weakmap": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/side-channel-weakmap/-/side-channel-weakmap-1.0.2.tgz",
+      "integrity": "sha512-WPS/HvHQTYnHisLo9McqBHOJk2FkHO/tlpvldyrnem4aeQp4hai3gythswg6p01oSoTl58rcpiFAjF2br2Ak2A==",
+      "dependencies": {
+        "call-bound": "^1.0.2",
+        "es-errors": "^1.3.0",
+        "get-intrinsic": "^1.2.5",
+        "object-inspect": "^1.13.3",
+        "side-channel-map": "^1.0.1"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/statuses": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.2.tgz",
+      "integrity": "sha512-DvEy55V3DB7uknRo+4iOGT5fP1slR8wQohVdknigZPMpMstaKJQWhwiYBACJE3Ul2pTnATihhBYnRhZQHGBiRw==",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/toidentifier": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz",
+      "integrity": "sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA==",
+      "engines": {
+        "node": ">=0.6"
+      }
+    },
+    "node_modules/type-is": {
+      "version": "1.6.18",
+      "resolved": "https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz",
+      "integrity": "sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==",
+      "dependencies": {
+        "media-typer": "0.3.0",
+        "mime-types": "~2.1.24"
+      },
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/unpipe": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz",
+      "integrity": "sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ==",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/utils-merge": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz",
+      "integrity": "sha512-pMZTvIkT1d+TFGvDOqodOclx0QWkkgi6Tdoa8gC8ffGAAqz9pzPTZWAybbsHHoED/ztMtkv/VoYTYyShUn81hA==",
+      "engines": {
+        "node": ">= 0.4.0"
+      }
+    },
+    "node_modules/vary": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz",
+      "integrity": "sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg==",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    }
+  }
+}
diff --git a/src/Servers/ExpressServer/node_modules/accepts/HISTORY.md b/src/Servers/ExpressServer/node_modules/accepts/HISTORY.md
new file mode 100644
index 0000000..cb5990c
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/accepts/HISTORY.md
@@ -0,0 +1,243 @@
+1.3.8 / 2022-02-02
+==================
+
+  * deps: mime-types@~2.1.34
+    - deps: mime-db@~1.51.0
+  * deps: negotiator@0.6.3
+
+1.3.7 / 2019-04-29
+==================
+
+  * deps: negotiator@0.6.2
+    - Fix sorting charset, encoding, and language with extra parameters
+
+1.3.6 / 2019-04-28
+==================
+
+  * deps: mime-types@~2.1.24
+    - deps: mime-db@~1.40.0
+
+1.3.5 / 2018-02-28
+==================
+
+  * deps: mime-types@~2.1.18
+    - deps: mime-db@~1.33.0
+
+1.3.4 / 2017-08-22
+==================
+
+  * deps: mime-types@~2.1.16
+    - deps: mime-db@~1.29.0
+
+1.3.3 / 2016-05-02
+==================
+
+  * deps: mime-types@~2.1.11
+    - deps: mime-db@~1.23.0
+  * deps: negotiator@0.6.1
+    - perf: improve `Accept` parsing speed
+    - perf: improve `Accept-Charset` parsing speed
+    - perf: improve `Accept-Encoding` parsing speed
+    - perf: improve `Accept-Language` parsing speed
+
+1.3.2 / 2016-03-08
+==================
+
+  * deps: mime-types@~2.1.10
+    - Fix extension of `application/dash+xml`
+    - Update primary extension for `audio/mp4`
+    - deps: mime-db@~1.22.0
+
+1.3.1 / 2016-01-19
+==================
+
+  * deps: mime-types@~2.1.9
+    - deps: mime-db@~1.21.0
+
+1.3.0 / 2015-09-29
+==================
+
+  * deps: mime-types@~2.1.7
+    - deps: mime-db@~1.19.0
+  * deps: negotiator@0.6.0
+    - Fix including type extensions in parameters in `Accept` parsing
+    - Fix parsing `Accept` parameters with quoted equals
+    - Fix parsing `Accept` parameters with quoted semicolons
+    - Lazy-load modules from main entry point
+    - perf: delay type concatenation until needed
+    - perf: enable strict mode
+    - perf: hoist regular expressions
+    - perf: remove closures getting spec properties
+    - perf: remove a closure from media type parsing
+    - perf: remove property delete from media type parsing
+
+1.2.13 / 2015-09-06
+===================
+
+  * deps: mime-types@~2.1.6
+    - deps: mime-db@~1.18.0
+
+1.2.12 / 2015-07-30
+===================
+
+  * deps: mime-types@~2.1.4
+    - deps: mime-db@~1.16.0
+
+1.2.11 / 2015-07-16
+===================
+
+  * deps: mime-types@~2.1.3
+    - deps: mime-db@~1.15.0
+
+1.2.10 / 2015-07-01
+===================
+
+  * deps: mime-types@~2.1.2
+    - deps: mime-db@~1.14.0
+
+1.2.9 / 2015-06-08
+==================
+
+  * deps: mime-types@~2.1.1
+    - perf: fix deopt during mapping
+
+1.2.8 / 2015-06-07
+==================
+
+  * deps: mime-types@~2.1.0
+    - deps: mime-db@~1.13.0
+  * perf: avoid argument reassignment & argument slice
+  * perf: avoid negotiator recursive construction
+  * perf: enable strict mode
+  * perf: remove unnecessary bitwise operator
+
+1.2.7 / 2015-05-10
+==================
+
+  * deps: negotiator@0.5.3
+    - Fix media type parameter matching to be case-insensitive
+
+1.2.6 / 2015-05-07
+==================
+
+  * deps: mime-types@~2.0.11
+    - deps: mime-db@~1.9.1
+  * deps: negotiator@0.5.2
+    - Fix comparing media types with quoted values
+    - Fix splitting media types with quoted commas
+
+1.2.5 / 2015-03-13
+==================
+
+  * deps: mime-types@~2.0.10
+    - deps: mime-db@~1.8.0
+
+1.2.4 / 2015-02-14
+==================
+
+  * Support Node.js 0.6
+  * deps: mime-types@~2.0.9
+    - deps: mime-db@~1.7.0
+  * deps: negotiator@0.5.1
+    - Fix preference sorting to be stable for long acceptable lists
+
+1.2.3 / 2015-01-31
+==================
+
+  * deps: mime-types@~2.0.8
+    - deps: mime-db@~1.6.0
+
+1.2.2 / 2014-12-30
+==================
+
+  * deps: mime-types@~2.0.7
+    - deps: mime-db@~1.5.0
+
+1.2.1 / 2014-12-30
+==================
+
+  * deps: mime-types@~2.0.5
+    - deps: mime-db@~1.3.1
+
+1.2.0 / 2014-12-19
+==================
+
+  * deps: negotiator@0.5.0
+    - Fix list return order when large accepted list
+    - Fix missing identity encoding when q=0 exists
+    - Remove dynamic building of Negotiator class
+
+1.1.4 / 2014-12-10
+==================
+
+  * deps: mime-types@~2.0.4
+    - deps: mime-db@~1.3.0
+
+1.1.3 / 2014-11-09
+==================
+
+  * deps: mime-types@~2.0.3
+    - deps: mime-db@~1.2.0
+
+1.1.2 / 2014-10-14
+==================
+
+  * deps: negotiator@0.4.9
+    - Fix error when media type has invalid parameter
+
+1.1.1 / 2014-09-28
+==================
+
+  * deps: mime-types@~2.0.2
+    - deps: mime-db@~1.1.0
+  * deps: negotiator@0.4.8
+    - Fix all negotiations to be case-insensitive
+    - Stable sort preferences of same quality according to client order
+
+1.1.0 / 2014-09-02
+==================
+
+  * update `mime-types`
+
+1.0.7 / 2014-07-04
+==================
+
+  * Fix wrong type returned from `type` when match after unknown extension
+
+1.0.6 / 2014-06-24
+==================
+
+  * deps: negotiator@0.4.7
+
+1.0.5 / 2014-06-20
+==================
+
+ * fix crash when unknown extension given
+
+1.0.4 / 2014-06-19
+==================
+
+  * use `mime-types`
+
+1.0.3 / 2014-06-11
+==================
+
+  * deps: negotiator@0.4.6
+    - Order by specificity when quality is the same
+
+1.0.2 / 2014-05-29
+==================
+
+  * Fix interpretation when header not in request
+  * deps: pin negotiator@0.4.5
+
+1.0.1 / 2014-01-18
+==================
+
+  * Identity encoding isn't always acceptable
+  * deps: negotiator@~0.4.0
+
+1.0.0 / 2013-12-27
+==================
+
+  * Genesis
diff --git a/src/Servers/ExpressServer/node_modules/accepts/LICENSE b/src/Servers/ExpressServer/node_modules/accepts/LICENSE
new file mode 100644
index 0000000..0616607
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/accepts/LICENSE
@@ -0,0 +1,23 @@
+(The MIT License)
+
+Copyright (c) 2014 Jonathan Ong <me@jongleberry.com>
+Copyright (c) 2015 Douglas Christopher Wilson <doug@somethingdoug.com>
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/accepts/README.md b/src/Servers/ExpressServer/node_modules/accepts/README.md
new file mode 100644
index 0000000..82680c5
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/accepts/README.md
@@ -0,0 +1,140 @@
+# accepts
+
+[![NPM Version][npm-version-image]][npm-url]
+[![NPM Downloads][npm-downloads-image]][npm-url]
+[![Node.js Version][node-version-image]][node-version-url]
+[![Build Status][github-actions-ci-image]][github-actions-ci-url]
+[![Test Coverage][coveralls-image]][coveralls-url]
+
+Higher level content negotiation based on [negotiator](https://www.npmjs.com/package/negotiator).
+Extracted from [koa](https://www.npmjs.com/package/koa) for general use.
+
+In addition to negotiator, it allows:
+
+- Allows types as an array or arguments list, ie `(['text/html', 'application/json'])`
+  as well as `('text/html', 'application/json')`.
+- Allows type shorthands such as `json`.
+- Returns `false` when no types match
+- Treats non-existent headers as `*`
+
+## Installation
+
+This is a [Node.js](https://nodejs.org/en/) module available through the
+[npm registry](https://www.npmjs.com/). Installation is done using the
+[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
+
+```sh
+$ npm install accepts
+```
+
+## API
+
+```js
+var accepts = require('accepts')
+```
+
+### accepts(req)
+
+Create a new `Accepts` object for the given `req`.
+
+#### .charset(charsets)
+
+Return the first accepted charset. If nothing in `charsets` is accepted,
+then `false` is returned.
+
+#### .charsets()
+
+Return the charsets that the request accepts, in the order of the client's
+preference (most preferred first).
+
+#### .encoding(encodings)
+
+Return the first accepted encoding. If nothing in `encodings` is accepted,
+then `false` is returned.
+
+#### .encodings()
+
+Return the encodings that the request accepts, in the order of the client's
+preference (most preferred first).
+
+#### .language(languages)
+
+Return the first accepted language. If nothing in `languages` is accepted,
+then `false` is returned.
+
+#### .languages()
+
+Return the languages that the request accepts, in the order of the client's
+preference (most preferred first).
+
+#### .type(types)
+
+Return the first accepted type (and it is returned as the same text as what
+appears in the `types` array). If nothing in `types` is accepted, then `false`
+is returned.
+
+The `types` array can contain full MIME types or file extensions. Any value
+that is not a full MIME types is passed to `require('mime-types').lookup`.
+
+#### .types()
+
+Return the types that the request accepts, in the order of the client's
+preference (most preferred first).
+
+## Examples
+
+### Simple type negotiation
+
+This simple example shows how to use `accepts` to return a different typed
+respond body based on what the client wants to accept. The server lists it's
+preferences in order and will get back the best match between the client and
+server.
+
+```js
+var accepts = require('accepts')
+var http = require('http')
+
+function app (req, res) {
+  var accept = accepts(req)
+
+  // the order of this list is significant; should be server preferred order
+  switch (accept.type(['json', 'html'])) {
+    case 'json':
+      res.setHeader('Content-Type', 'application/json')
+      res.write('{"hello":"world!"}')
+      break
+    case 'html':
+      res.setHeader('Content-Type', 'text/html')
+      res.write('<b>hello, world!</b>')
+      break
+    default:
+      // the fallback is text/plain, so no need to specify it above
+      res.setHeader('Content-Type', 'text/plain')
+      res.write('hello, world!')
+      break
+  }
+
+  res.end()
+}
+
+http.createServer(app).listen(3000)
+```
+
+You can test this out with the cURL program:
+```sh
+curl -I -H'Accept: text/html' http://localhost:3000/
+```
+
+## License
+
+[MIT](LICENSE)
+
+[coveralls-image]: https://badgen.net/coveralls/c/github/jshttp/accepts/master
+[coveralls-url]: https://coveralls.io/r/jshttp/accepts?branch=master
+[github-actions-ci-image]: https://badgen.net/github/checks/jshttp/accepts/master?label=ci
+[github-actions-ci-url]: https://github.com/jshttp/accepts/actions/workflows/ci.yml
+[node-version-image]: https://badgen.net/npm/node/accepts
+[node-version-url]: https://nodejs.org/en/download
+[npm-downloads-image]: https://badgen.net/npm/dm/accepts
+[npm-url]: https://npmjs.org/package/accepts
+[npm-version-image]: https://badgen.net/npm/v/accepts
diff --git a/src/Servers/ExpressServer/node_modules/accepts/index.js b/src/Servers/ExpressServer/node_modules/accepts/index.js
new file mode 100644
index 0000000..e9b2f63
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/accepts/index.js
@@ -0,0 +1,238 @@
+/*!
+ * accepts
+ * Copyright(c) 2014 Jonathan Ong
+ * Copyright(c) 2015 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict'
+
+/**
+ * Module dependencies.
+ * @private
+ */
+
+var Negotiator = require('negotiator')
+var mime = require('mime-types')
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = Accepts
+
+/**
+ * Create a new Accepts object for the given req.
+ *
+ * @param {object} req
+ * @public
+ */
+
+function Accepts (req) {
+  if (!(this instanceof Accepts)) {
+    return new Accepts(req)
+  }
+
+  this.headers = req.headers
+  this.negotiator = new Negotiator(req)
+}
+
+/**
+ * Check if the given `type(s)` is acceptable, returning
+ * the best match when true, otherwise `undefined`, in which
+ * case you should respond with 406 "Not Acceptable".
+ *
+ * The `type` value may be a single mime type string
+ * such as "application/json", the extension name
+ * such as "json" or an array `["json", "html", "text/plain"]`. When a list
+ * or array is given the _best_ match, if any is returned.
+ *
+ * Examples:
+ *
+ *     // Accept: text/html
+ *     this.types('html');
+ *     // => "html"
+ *
+ *     // Accept: text/*, application/json
+ *     this.types('html');
+ *     // => "html"
+ *     this.types('text/html');
+ *     // => "text/html"
+ *     this.types('json', 'text');
+ *     // => "json"
+ *     this.types('application/json');
+ *     // => "application/json"
+ *
+ *     // Accept: text/*, application/json
+ *     this.types('image/png');
+ *     this.types('png');
+ *     // => undefined
+ *
+ *     // Accept: text/*;q=.5, application/json
+ *     this.types(['html', 'json']);
+ *     this.types('html', 'json');
+ *     // => "json"
+ *
+ * @param {String|Array} types...
+ * @return {String|Array|Boolean}
+ * @public
+ */
+
+Accepts.prototype.type =
+Accepts.prototype.types = function (types_) {
+  var types = types_
+
+  // support flattened arguments
+  if (types && !Array.isArray(types)) {
+    types = new Array(arguments.length)
+    for (var i = 0; i < types.length; i++) {
+      types[i] = arguments[i]
+    }
+  }
+
+  // no types, return all requested types
+  if (!types || types.length === 0) {
+    return this.negotiator.mediaTypes()
+  }
+
+  // no accept header, return first given type
+  if (!this.headers.accept) {
+    return types[0]
+  }
+
+  var mimes = types.map(extToMime)
+  var accepts = this.negotiator.mediaTypes(mimes.filter(validMime))
+  var first = accepts[0]
+
+  return first
+    ? types[mimes.indexOf(first)]
+    : false
+}
+
+/**
+ * Return accepted encodings or best fit based on `encodings`.
+ *
+ * Given `Accept-Encoding: gzip, deflate`
+ * an array sorted by quality is returned:
+ *
+ *     ['gzip', 'deflate']
+ *
+ * @param {String|Array} encodings...
+ * @return {String|Array}
+ * @public
+ */
+
+Accepts.prototype.encoding =
+Accepts.prototype.encodings = function (encodings_) {
+  var encodings = encodings_
+
+  // support flattened arguments
+  if (encodings && !Array.isArray(encodings)) {
+    encodings = new Array(arguments.length)
+    for (var i = 0; i < encodings.length; i++) {
+      encodings[i] = arguments[i]
+    }
+  }
+
+  // no encodings, return all requested encodings
+  if (!encodings || encodings.length === 0) {
+    return this.negotiator.encodings()
+  }
+
+  return this.negotiator.encodings(encodings)[0] || false
+}
+
+/**
+ * Return accepted charsets or best fit based on `charsets`.
+ *
+ * Given `Accept-Charset: utf-8, iso-8859-1;q=0.2, utf-7;q=0.5`
+ * an array sorted by quality is returned:
+ *
+ *     ['utf-8', 'utf-7', 'iso-8859-1']
+ *
+ * @param {String|Array} charsets...
+ * @return {String|Array}
+ * @public
+ */
+
+Accepts.prototype.charset =
+Accepts.prototype.charsets = function (charsets_) {
+  var charsets = charsets_
+
+  // support flattened arguments
+  if (charsets && !Array.isArray(charsets)) {
+    charsets = new Array(arguments.length)
+    for (var i = 0; i < charsets.length; i++) {
+      charsets[i] = arguments[i]
+    }
+  }
+
+  // no charsets, return all requested charsets
+  if (!charsets || charsets.length === 0) {
+    return this.negotiator.charsets()
+  }
+
+  return this.negotiator.charsets(charsets)[0] || false
+}
+
+/**
+ * Return accepted languages or best fit based on `langs`.
+ *
+ * Given `Accept-Language: en;q=0.8, es, pt`
+ * an array sorted by quality is returned:
+ *
+ *     ['es', 'pt', 'en']
+ *
+ * @param {String|Array} langs...
+ * @return {Array|String}
+ * @public
+ */
+
+Accepts.prototype.lang =
+Accepts.prototype.langs =
+Accepts.prototype.language =
+Accepts.prototype.languages = function (languages_) {
+  var languages = languages_
+
+  // support flattened arguments
+  if (languages && !Array.isArray(languages)) {
+    languages = new Array(arguments.length)
+    for (var i = 0; i < languages.length; i++) {
+      languages[i] = arguments[i]
+    }
+  }
+
+  // no languages, return all requested languages
+  if (!languages || languages.length === 0) {
+    return this.negotiator.languages()
+  }
+
+  return this.negotiator.languages(languages)[0] || false
+}
+
+/**
+ * Convert extnames to mime.
+ *
+ * @param {String} type
+ * @return {String}
+ * @private
+ */
+
+function extToMime (type) {
+  return type.indexOf('/') === -1
+    ? mime.lookup(type)
+    : type
+}
+
+/**
+ * Check if mime is valid.
+ *
+ * @param {String} type
+ * @return {String}
+ * @private
+ */
+
+function validMime (type) {
+  return typeof type === 'string'
+}
diff --git a/src/Servers/ExpressServer/node_modules/accepts/package.json b/src/Servers/ExpressServer/node_modules/accepts/package.json
new file mode 100644
index 0000000..0f2d15d
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/accepts/package.json
@@ -0,0 +1,47 @@
+{
+  "name": "accepts",
+  "description": "Higher-level content negotiation",
+  "version": "1.3.8",
+  "contributors": [
+    "Douglas Christopher Wilson <doug@somethingdoug.com>",
+    "Jonathan Ong <me@jongleberry.com> (http://jongleberry.com)"
+  ],
+  "license": "MIT",
+  "repository": "jshttp/accepts",
+  "dependencies": {
+    "mime-types": "~2.1.34",
+    "negotiator": "0.6.3"
+  },
+  "devDependencies": {
+    "deep-equal": "1.0.1",
+    "eslint": "7.32.0",
+    "eslint-config-standard": "14.1.1",
+    "eslint-plugin-import": "2.25.4",
+    "eslint-plugin-markdown": "2.2.1",
+    "eslint-plugin-node": "11.1.0",
+    "eslint-plugin-promise": "4.3.1",
+    "eslint-plugin-standard": "4.1.0",
+    "mocha": "9.2.0",
+    "nyc": "15.1.0"
+  },
+  "files": [
+    "LICENSE",
+    "HISTORY.md",
+    "index.js"
+  ],
+  "engines": {
+    "node": ">= 0.6"
+  },
+  "scripts": {
+    "lint": "eslint .",
+    "test": "mocha --reporter spec --check-leaks --bail test/",
+    "test-ci": "nyc --reporter=lcov --reporter=text npm test",
+    "test-cov": "nyc --reporter=html --reporter=text npm test"
+  },
+  "keywords": [
+    "content",
+    "negotiation",
+    "accept",
+    "accepts"
+  ]
+}
diff --git a/src/Servers/ExpressServer/node_modules/array-flatten/LICENSE b/src/Servers/ExpressServer/node_modules/array-flatten/LICENSE
new file mode 100644
index 0000000..983fbe8
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/array-flatten/LICENSE
@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2014 Blake Embrey (hello@blakeembrey.com)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/array-flatten/README.md b/src/Servers/ExpressServer/node_modules/array-flatten/README.md
new file mode 100644
index 0000000..91fa5b6
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/array-flatten/README.md
@@ -0,0 +1,43 @@
+# Array Flatten
+
+[![NPM version][npm-image]][npm-url]
+[![NPM downloads][downloads-image]][downloads-url]
+[![Build status][travis-image]][travis-url]
+[![Test coverage][coveralls-image]][coveralls-url]
+
+> Flatten an array of nested arrays into a single flat array. Accepts an optional depth.
+
+## Installation
+
+```
+npm install array-flatten --save
+```
+
+## Usage
+
+```javascript
+var flatten = require('array-flatten')
+
+flatten([1, [2, [3, [4, [5], 6], 7], 8], 9])
+//=> [1, 2, 3, 4, 5, 6, 7, 8, 9]
+
+flatten([1, [2, [3, [4, [5], 6], 7], 8], 9], 2)
+//=> [1, 2, 3, [4, [5], 6], 7, 8, 9]
+
+(function () {
+  flatten(arguments) //=> [1, 2, 3]
+})(1, [2, 3])
+```
+
+## License
+
+MIT
+
+[npm-image]: https://img.shields.io/npm/v/array-flatten.svg?style=flat
+[npm-url]: https://npmjs.org/package/array-flatten
+[downloads-image]: https://img.shields.io/npm/dm/array-flatten.svg?style=flat
+[downloads-url]: https://npmjs.org/package/array-flatten
+[travis-image]: https://img.shields.io/travis/blakeembrey/array-flatten.svg?style=flat
+[travis-url]: https://travis-ci.org/blakeembrey/array-flatten
+[coveralls-image]: https://img.shields.io/coveralls/blakeembrey/array-flatten.svg?style=flat
+[coveralls-url]: https://coveralls.io/r/blakeembrey/array-flatten?branch=master
diff --git a/src/Servers/ExpressServer/node_modules/array-flatten/array-flatten.js b/src/Servers/ExpressServer/node_modules/array-flatten/array-flatten.js
new file mode 100644
index 0000000..089117b
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/array-flatten/array-flatten.js
@@ -0,0 +1,64 @@
+'use strict'
+
+/**
+ * Expose `arrayFlatten`.
+ */
+module.exports = arrayFlatten
+
+/**
+ * Recursive flatten function with depth.
+ *
+ * @param  {Array}  array
+ * @param  {Array}  result
+ * @param  {Number} depth
+ * @return {Array}
+ */
+function flattenWithDepth (array, result, depth) {
+  for (var i = 0; i < array.length; i++) {
+    var value = array[i]
+
+    if (depth > 0 && Array.isArray(value)) {
+      flattenWithDepth(value, result, depth - 1)
+    } else {
+      result.push(value)
+    }
+  }
+
+  return result
+}
+
+/**
+ * Recursive flatten function. Omitting depth is slightly faster.
+ *
+ * @param  {Array} array
+ * @param  {Array} result
+ * @return {Array}
+ */
+function flattenForever (array, result) {
+  for (var i = 0; i < array.length; i++) {
+    var value = array[i]
+
+    if (Array.isArray(value)) {
+      flattenForever(value, result)
+    } else {
+      result.push(value)
+    }
+  }
+
+  return result
+}
+
+/**
+ * Flatten an array, with the ability to define a depth.
+ *
+ * @param  {Array}  array
+ * @param  {Number} depth
+ * @return {Array}
+ */
+function arrayFlatten (array, depth) {
+  if (depth == null) {
+    return flattenForever(array, [])
+  }
+
+  return flattenWithDepth(array, [], depth)
+}
diff --git a/src/Servers/ExpressServer/node_modules/array-flatten/package.json b/src/Servers/ExpressServer/node_modules/array-flatten/package.json
new file mode 100644
index 0000000..1a24e2a
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/array-flatten/package.json
@@ -0,0 +1,39 @@
+{
+  "name": "array-flatten",
+  "version": "1.1.1",
+  "description": "Flatten an array of nested arrays into a single flat array",
+  "main": "array-flatten.js",
+  "files": [
+    "array-flatten.js",
+    "LICENSE"
+  ],
+  "scripts": {
+    "test": "istanbul cover _mocha -- -R spec"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git://github.com/blakeembrey/array-flatten.git"
+  },
+  "keywords": [
+    "array",
+    "flatten",
+    "arguments",
+    "depth"
+  ],
+  "author": {
+    "name": "Blake Embrey",
+    "email": "hello@blakeembrey.com",
+    "url": "http://blakeembrey.me"
+  },
+  "license": "MIT",
+  "bugs": {
+    "url": "https://github.com/blakeembrey/array-flatten/issues"
+  },
+  "homepage": "https://github.com/blakeembrey/array-flatten",
+  "devDependencies": {
+    "istanbul": "^0.3.13",
+    "mocha": "^2.2.4",
+    "pre-commit": "^1.0.7",
+    "standard": "^3.7.3"
+  }
+}
diff --git a/src/Servers/ExpressServer/node_modules/body-parser/HISTORY.md b/src/Servers/ExpressServer/node_modules/body-parser/HISTORY.md
new file mode 100644
index 0000000..c9b0b5b
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/body-parser/HISTORY.md
@@ -0,0 +1,680 @@
+1.20.4 / 2025-12-01
+===================
+
+  * deps: qs@~6.14.0
+  * deps: use tilde notation for dependencies
+  * deps: http-errors@~2.0.1
+  * deps: raw-body@~2.5.3
+
+1.20.3 / 2024-09-10
+===================
+
+  * deps: qs@6.13.0
+  * add `depth` option to customize the depth level in the parser
+  * IMPORTANT: The default `depth` level for parsing URL-encoded data is now `32` (previously was `Infinity`)
+
+1.20.2 / 2023-02-21
+===================
+
+  * Fix strict json error message on Node.js 19+
+  * deps: content-type@~1.0.5
+    - perf: skip value escaping when unnecessary
+  * deps: raw-body@2.5.2
+
+1.20.1 / 2022-10-06
+===================
+
+  * deps: qs@6.11.0
+  * perf: remove unnecessary object clone
+
+1.20.0 / 2022-04-02
+===================
+
+  * Fix error message for json parse whitespace in `strict`
+  * Fix internal error when inflated body exceeds limit
+  * Prevent loss of async hooks context
+  * Prevent hanging when request already read
+  * deps: depd@2.0.0
+    - Replace internal `eval` usage with `Function` constructor
+    - Use instance methods on `process` to check for listeners
+  * deps: http-errors@2.0.0
+    - deps: depd@2.0.0
+    - deps: statuses@2.0.1
+  * deps: on-finished@2.4.1
+  * deps: qs@6.10.3
+  * deps: raw-body@2.5.1
+    - deps: http-errors@2.0.0
+
+1.19.2 / 2022-02-15
+===================
+
+  * deps: bytes@3.1.2
+  * deps: qs@6.9.7
+    * Fix handling of `__proto__` keys
+  * deps: raw-body@2.4.3
+    - deps: bytes@3.1.2
+
+1.19.1 / 2021-12-10
+===================
+
+  * deps: bytes@3.1.1
+  * deps: http-errors@1.8.1
+    - deps: inherits@2.0.4
+    - deps: toidentifier@1.0.1
+    - deps: setprototypeof@1.2.0
+  * deps: qs@6.9.6
+  * deps: raw-body@2.4.2
+    - deps: bytes@3.1.1
+    - deps: http-errors@1.8.1
+  * deps: safe-buffer@5.2.1
+  * deps: type-is@~1.6.18
+
+1.19.0 / 2019-04-25
+===================
+
+  * deps: bytes@3.1.0
+    - Add petabyte (`pb`) support
+  * deps: http-errors@1.7.2
+    - Set constructor name when possible
+    - deps: setprototypeof@1.1.1
+    - deps: statuses@'>= 1.5.0 < 2'
+  * deps: iconv-lite@0.4.24
+    - Added encoding MIK
+  * deps: qs@6.7.0
+    - Fix parsing array brackets after index
+  * deps: raw-body@2.4.0
+    - deps: bytes@3.1.0
+    - deps: http-errors@1.7.2
+    - deps: iconv-lite@0.4.24
+  * deps: type-is@~1.6.17
+    - deps: mime-types@~2.1.24
+    - perf: prevent internal `throw` on invalid type
+
+1.18.3 / 2018-05-14
+===================
+
+  * Fix stack trace for strict json parse error
+  * deps: depd@~1.1.2
+    - perf: remove argument reassignment
+  * deps: http-errors@~1.6.3
+    - deps: depd@~1.1.2
+    - deps: setprototypeof@1.1.0
+    - deps: statuses@'>= 1.3.1 < 2'
+  * deps: iconv-lite@0.4.23
+    - Fix loading encoding with year appended
+    - Fix deprecation warnings on Node.js 10+
+  * deps: qs@6.5.2
+  * deps: raw-body@2.3.3
+    - deps: http-errors@1.6.3
+    - deps: iconv-lite@0.4.23
+  * deps: type-is@~1.6.16
+    - deps: mime-types@~2.1.18
+
+1.18.2 / 2017-09-22
+===================
+
+  * deps: debug@2.6.9
+  * perf: remove argument reassignment
+
+1.18.1 / 2017-09-12
+===================
+
+  * deps: content-type@~1.0.4
+    - perf: remove argument reassignment
+    - perf: skip parameter parsing when no parameters
+  * deps: iconv-lite@0.4.19
+    - Fix ISO-8859-1 regression
+    - Update Windows-1255
+  * deps: qs@6.5.1
+    - Fix parsing & compacting very deep objects
+  * deps: raw-body@2.3.2
+    - deps: iconv-lite@0.4.19
+
+1.18.0 / 2017-09-08
+===================
+
+  * Fix JSON strict violation error to match native parse error
+  * Include the `body` property on verify errors
+  * Include the `type` property on all generated errors
+  * Use `http-errors` to set status code on errors
+  * deps: bytes@3.0.0
+  * deps: debug@2.6.8
+  * deps: depd@~1.1.1
+    - Remove unnecessary `Buffer` loading
+  * deps: http-errors@~1.6.2
+    - deps: depd@1.1.1
+  * deps: iconv-lite@0.4.18
+    - Add support for React Native
+    - Add a warning if not loaded as utf-8
+    - Fix CESU-8 decoding in Node.js 8
+    - Improve speed of ISO-8859-1 encoding
+  * deps: qs@6.5.0
+  * deps: raw-body@2.3.1
+    - Use `http-errors` for standard emitted errors
+    - deps: bytes@3.0.0
+    - deps: iconv-lite@0.4.18
+    - perf: skip buffer decoding on overage chunk
+  * perf: prevent internal `throw` when missing charset
+
+1.17.2 / 2017-05-17
+===================
+
+  * deps: debug@2.6.7
+    - Fix `DEBUG_MAX_ARRAY_LENGTH`
+    - deps: ms@2.0.0
+  * deps: type-is@~1.6.15
+    - deps: mime-types@~2.1.15
+
+1.17.1 / 2017-03-06
+===================
+
+  * deps: qs@6.4.0
+    - Fix regression parsing keys starting with `[`
+
+1.17.0 / 2017-03-01
+===================
+
+  * deps: http-errors@~1.6.1
+    - Make `message` property enumerable for `HttpError`s
+    - deps: setprototypeof@1.0.3
+  * deps: qs@6.3.1
+    - Fix compacting nested arrays
+
+1.16.1 / 2017-02-10
+===================
+
+  * deps: debug@2.6.1
+    - Fix deprecation messages in WebStorm and other editors
+    - Undeprecate `DEBUG_FD` set to `1` or `2`
+
+1.16.0 / 2017-01-17
+===================
+
+  * deps: debug@2.6.0
+    - Allow colors in workers
+    - Deprecated `DEBUG_FD` environment variable
+    - Fix error when running under React Native
+    - Use same color for same namespace
+    - deps: ms@0.7.2
+  * deps: http-errors@~1.5.1
+    - deps: inherits@2.0.3
+    - deps: setprototypeof@1.0.2
+    - deps: statuses@'>= 1.3.1 < 2'
+  * deps: iconv-lite@0.4.15
+    - Added encoding MS-31J
+    - Added encoding MS-932
+    - Added encoding MS-936
+    - Added encoding MS-949
+    - Added encoding MS-950
+    - Fix GBK/GB18030 handling of Euro character
+  * deps: qs@6.2.1
+    - Fix array parsing from skipping empty values
+  * deps: raw-body@~2.2.0
+    - deps: iconv-lite@0.4.15
+  * deps: type-is@~1.6.14
+    - deps: mime-types@~2.1.13
+
+1.15.2 / 2016-06-19
+===================
+
+  * deps: bytes@2.4.0
+  * deps: content-type@~1.0.2
+    - perf: enable strict mode
+  * deps: http-errors@~1.5.0
+    - Use `setprototypeof` module to replace `__proto__` setting
+    - deps: statuses@'>= 1.3.0 < 2'
+    - perf: enable strict mode
+  * deps: qs@6.2.0
+  * deps: raw-body@~2.1.7
+    - deps: bytes@2.4.0
+    - perf: remove double-cleanup on happy path
+  * deps: type-is@~1.6.13
+    - deps: mime-types@~2.1.11
+
+1.15.1 / 2016-05-05
+===================
+
+  * deps: bytes@2.3.0
+    - Drop partial bytes on all parsed units
+    - Fix parsing byte string that looks like hex
+  * deps: raw-body@~2.1.6
+    - deps: bytes@2.3.0
+  * deps: type-is@~1.6.12
+    - deps: mime-types@~2.1.10
+
+1.15.0 / 2016-02-10
+===================
+
+  * deps: http-errors@~1.4.0
+    - Add `HttpError` export, for `err instanceof createError.HttpError`
+    - deps: inherits@2.0.1
+    - deps: statuses@'>= 1.2.1 < 2'
+  * deps: qs@6.1.0
+  * deps: type-is@~1.6.11
+    - deps: mime-types@~2.1.9
+
+1.14.2 / 2015-12-16
+===================
+
+  * deps: bytes@2.2.0
+  * deps: iconv-lite@0.4.13
+  * deps: qs@5.2.0
+  * deps: raw-body@~2.1.5
+    - deps: bytes@2.2.0
+    - deps: iconv-lite@0.4.13
+  * deps: type-is@~1.6.10
+    - deps: mime-types@~2.1.8
+
+1.14.1 / 2015-09-27
+===================
+
+  * Fix issue where invalid charset results in 400 when `verify` used
+  * deps: iconv-lite@0.4.12
+    - Fix CESU-8 decoding in Node.js 4.x
+  * deps: raw-body@~2.1.4
+    - Fix masking critical errors from `iconv-lite`
+    - deps: iconv-lite@0.4.12
+  * deps: type-is@~1.6.9
+    - deps: mime-types@~2.1.7
+
+1.14.0 / 2015-09-16
+===================
+
+  * Fix JSON strict parse error to match syntax errors
+  * Provide static `require` analysis in `urlencoded` parser
+  * deps: depd@~1.1.0
+    - Support web browser loading
+  * deps: qs@5.1.0
+  * deps: raw-body@~2.1.3
+    - Fix sync callback when attaching data listener causes sync read
+  * deps: type-is@~1.6.8
+    - Fix type error when given invalid type to match against
+    - deps: mime-types@~2.1.6
+
+1.13.3 / 2015-07-31
+===================
+
+  * deps: type-is@~1.6.6
+    - deps: mime-types@~2.1.4
+
+1.13.2 / 2015-07-05
+===================
+
+  * deps: iconv-lite@0.4.11
+  * deps: qs@4.0.0
+    - Fix dropping parameters like `hasOwnProperty`
+    - Fix user-visible incompatibilities from 3.1.0
+    - Fix various parsing edge cases
+  * deps: raw-body@~2.1.2
+    - Fix error stack traces to skip `makeError`
+    - deps: iconv-lite@0.4.11
+  * deps: type-is@~1.6.4
+    - deps: mime-types@~2.1.2
+    - perf: enable strict mode
+    - perf: remove argument reassignment
+
+1.13.1 / 2015-06-16
+===================
+
+  * deps: qs@2.4.2
+    - Downgraded from 3.1.0 because of user-visible incompatibilities
+
+1.13.0 / 2015-06-14
+===================
+
+  * Add `statusCode` property on `Error`s, in addition to `status`
+  * Change `type` default to `application/json` for JSON parser
+  * Change `type` default to `application/x-www-form-urlencoded` for urlencoded parser
+  * Provide static `require` analysis
+  * Use the `http-errors` module to generate errors
+  * deps: bytes@2.1.0
+    - Slight optimizations
+  * deps: iconv-lite@0.4.10
+    - The encoding UTF-16 without BOM now defaults to UTF-16LE when detection fails
+    - Leading BOM is now removed when decoding
+  * deps: on-finished@~2.3.0
+    - Add defined behavior for HTTP `CONNECT` requests
+    - Add defined behavior for HTTP `Upgrade` requests
+    - deps: ee-first@1.1.1
+  * deps: qs@3.1.0
+    - Fix dropping parameters like `hasOwnProperty`
+    - Fix various parsing edge cases
+    - Parsed object now has `null` prototype
+  * deps: raw-body@~2.1.1
+    - Use `unpipe` module for unpiping requests
+    - deps: iconv-lite@0.4.10
+  * deps: type-is@~1.6.3
+    - deps: mime-types@~2.1.1
+    - perf: reduce try block size
+    - perf: remove bitwise operations
+  * perf: enable strict mode
+  * perf: remove argument reassignment
+  * perf: remove delete call
+
+1.12.4 / 2015-05-10
+===================
+
+  * deps: debug@~2.2.0
+  * deps: qs@2.4.2
+    - Fix allowing parameters like `constructor`
+  * deps: on-finished@~2.2.1
+  * deps: raw-body@~2.0.1
+    - Fix a false-positive when unpiping in Node.js 0.8
+    - deps: bytes@2.0.1
+  * deps: type-is@~1.6.2
+    - deps: mime-types@~2.0.11
+
+1.12.3 / 2015-04-15
+===================
+
+  * Slight efficiency improvement when not debugging
+  * deps: depd@~1.0.1
+  * deps: iconv-lite@0.4.8
+    - Add encoding alias UNICODE-1-1-UTF-7
+  * deps: raw-body@1.3.4
+    - Fix hanging callback if request aborts during read
+    - deps: iconv-lite@0.4.8
+
+1.12.2 / 2015-03-16
+===================
+
+  * deps: qs@2.4.1
+    - Fix error when parameter `hasOwnProperty` is present
+
+1.12.1 / 2015-03-15
+===================
+
+  * deps: debug@~2.1.3
+    - Fix high intensity foreground color for bold
+    - deps: ms@0.7.0
+  * deps: type-is@~1.6.1
+    - deps: mime-types@~2.0.10
+
+1.12.0 / 2015-02-13
+===================
+
+  * add `debug` messages
+  * accept a function for the `type` option
+  * use `content-type` to parse `Content-Type` headers
+  * deps: iconv-lite@0.4.7
+    - Gracefully support enumerables on `Object.prototype`
+  * deps: raw-body@1.3.3
+    - deps: iconv-lite@0.4.7
+  * deps: type-is@~1.6.0
+    - fix argument reassignment
+    - fix false-positives in `hasBody` `Transfer-Encoding` check
+    - support wildcard for both type and subtype (`*/*`)
+    - deps: mime-types@~2.0.9
+
+1.11.0 / 2015-01-30
+===================
+
+  * make internal `extended: true` depth limit infinity
+  * deps: type-is@~1.5.6
+    - deps: mime-types@~2.0.8
+
+1.10.2 / 2015-01-20
+===================
+
+  * deps: iconv-lite@0.4.6
+    - Fix rare aliases of single-byte encodings
+  * deps: raw-body@1.3.2
+    - deps: iconv-lite@0.4.6
+
+1.10.1 / 2015-01-01
+===================
+
+  * deps: on-finished@~2.2.0
+  * deps: type-is@~1.5.5
+    - deps: mime-types@~2.0.7
+
+1.10.0 / 2014-12-02
+===================
+
+  * make internal `extended: true` array limit dynamic
+
+1.9.3 / 2014-11-21
+==================
+
+  * deps: iconv-lite@0.4.5
+    - Fix Windows-31J and X-SJIS encoding support
+  * deps: qs@2.3.3
+    - Fix `arrayLimit` behavior
+  * deps: raw-body@1.3.1
+    - deps: iconv-lite@0.4.5
+  * deps: type-is@~1.5.3
+    - deps: mime-types@~2.0.3
+
+1.9.2 / 2014-10-27
+==================
+
+  * deps: qs@2.3.2
+    - Fix parsing of mixed objects and values
+
+1.9.1 / 2014-10-22
+==================
+
+  * deps: on-finished@~2.1.1
+    - Fix handling of pipelined requests
+  * deps: qs@2.3.0
+    - Fix parsing of mixed implicit and explicit arrays
+  * deps: type-is@~1.5.2
+    - deps: mime-types@~2.0.2
+
+1.9.0 / 2014-09-24
+==================
+
+  * include the charset in "unsupported charset" error message
+  * include the encoding in "unsupported content encoding" error message
+  * deps: depd@~1.0.0
+
+1.8.4 / 2014-09-23
+==================
+
+  * fix content encoding to be case-insensitive
+
+1.8.3 / 2014-09-19
+==================
+
+  * deps: qs@2.2.4
+    - Fix issue with object keys starting with numbers truncated
+
+1.8.2 / 2014-09-15
+==================
+
+  * deps: depd@0.4.5
+
+1.8.1 / 2014-09-07
+==================
+
+  * deps: media-typer@0.3.0
+  * deps: type-is@~1.5.1
+
+1.8.0 / 2014-09-05
+==================
+
+  * make empty-body-handling consistent between chunked requests
+    - empty `json` produces `{}`
+    - empty `raw` produces `new Buffer(0)`
+    - empty `text` produces `''`
+    - empty `urlencoded` produces `{}`
+  * deps: qs@2.2.3
+    - Fix issue where first empty value in array is discarded
+  * deps: type-is@~1.5.0
+    - fix `hasbody` to be true for `content-length: 0`
+
+1.7.0 / 2014-09-01
+==================
+
+  * add `parameterLimit` option to `urlencoded` parser
+  * change `urlencoded` extended array limit to 100
+  * respond with 413 when over `parameterLimit` in `urlencoded`
+
+1.6.7 / 2014-08-29
+==================
+
+  * deps: qs@2.2.2
+    - Remove unnecessary cloning
+
+1.6.6 / 2014-08-27
+==================
+
+  * deps: qs@2.2.0
+    - Array parsing fix
+    - Performance improvements
+
+1.6.5 / 2014-08-16
+==================
+
+  * deps: on-finished@2.1.0
+
+1.6.4 / 2014-08-14
+==================
+
+  * deps: qs@1.2.2
+
+1.6.3 / 2014-08-10
+==================
+
+  * deps: qs@1.2.1
+
+1.6.2 / 2014-08-07
+==================
+
+  * deps: qs@1.2.0
+    - Fix parsing array of objects
+
+1.6.1 / 2014-08-06
+==================
+
+  * deps: qs@1.1.0
+    - Accept urlencoded square brackets
+    - Accept empty values in implicit array notation
+
+1.6.0 / 2014-08-05
+==================
+
+  * deps: qs@1.0.2
+    - Complete rewrite
+    - Limits array length to 20
+    - Limits object depth to 5
+    - Limits parameters to 1,000
+
+1.5.2 / 2014-07-27
+==================
+
+  * deps: depd@0.4.4
+    - Work-around v8 generating empty stack traces
+
+1.5.1 / 2014-07-26
+==================
+
+  * deps: depd@0.4.3
+    - Fix exception when global `Error.stackTraceLimit` is too low
+
+1.5.0 / 2014-07-20
+==================
+
+  * deps: depd@0.4.2
+    - Add `TRACE_DEPRECATION` environment variable
+    - Remove non-standard grey color from color output
+    - Support `--no-deprecation` argument
+    - Support `--trace-deprecation` argument
+  * deps: iconv-lite@0.4.4
+    - Added encoding UTF-7
+  * deps: raw-body@1.3.0
+    - deps: iconv-lite@0.4.4
+    - Added encoding UTF-7
+    - Fix `Cannot switch to old mode now` error on Node.js 0.10+
+  * deps: type-is@~1.3.2
+
+1.4.3 / 2014-06-19
+==================
+
+  * deps: type-is@1.3.1
+    - fix global variable leak
+
+1.4.2 / 2014-06-19
+==================
+
+  * deps: type-is@1.3.0
+    - improve type parsing
+
+1.4.1 / 2014-06-19
+==================
+
+  * fix urlencoded extended deprecation message
+
+1.4.0 / 2014-06-19
+==================
+
+  * add `text` parser
+  * add `raw` parser
+  * check accepted charset in content-type (accepts utf-8)
+  * check accepted encoding in content-encoding (accepts identity)
+  * deprecate `bodyParser()` middleware; use `.json()` and `.urlencoded()` as needed
+  * deprecate `urlencoded()` without provided `extended` option
+  * lazy-load urlencoded parsers
+  * parsers split into files for reduced mem usage
+  * support gzip and deflate bodies
+    - set `inflate: false` to turn off
+  * deps: raw-body@1.2.2
+    - Support all encodings from `iconv-lite`
+
+1.3.1 / 2014-06-11
+==================
+
+  * deps: type-is@1.2.1
+    - Switch dependency from mime to mime-types@1.0.0
+
+1.3.0 / 2014-05-31
+==================
+
+  * add `extended` option to urlencoded parser
+
+1.2.2 / 2014-05-27
+==================
+
+  * deps: raw-body@1.1.6
+    - assert stream encoding on node.js 0.8
+    - assert stream encoding on node.js < 0.10.6
+    - deps: bytes@1
+
+1.2.1 / 2014-05-26
+==================
+
+  * invoke `next(err)` after request fully read
+    - prevents hung responses and socket hang ups
+
+1.2.0 / 2014-05-11
+==================
+
+  * add `verify` option
+  * deps: type-is@1.2.0
+    - support suffix matching
+
+1.1.2 / 2014-05-11
+==================
+
+  * improve json parser speed
+
+1.1.1 / 2014-05-11
+==================
+
+  * fix repeated limit parsing with every request
+
+1.1.0 / 2014-05-10
+==================
+
+  * add `type` option
+  * deps: pin for safety and consistency
+
+1.0.2 / 2014-04-14
+==================
+
+  * use `type-is` module
+
+1.0.1 / 2014-03-20
+==================
+
+  * lower default limits to 100kb
diff --git a/src/Servers/ExpressServer/node_modules/body-parser/LICENSE b/src/Servers/ExpressServer/node_modules/body-parser/LICENSE
new file mode 100644
index 0000000..386b7b6
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/body-parser/LICENSE
@@ -0,0 +1,23 @@
+(The MIT License)
+
+Copyright (c) 2014 Jonathan Ong <me@jongleberry.com>
+Copyright (c) 2014-2015 Douglas Christopher Wilson <doug@somethingdoug.com>
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/body-parser/README.md b/src/Servers/ExpressServer/node_modules/body-parser/README.md
new file mode 100644
index 0000000..f6661b7
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/body-parser/README.md
@@ -0,0 +1,476 @@
+# body-parser
+
+[![NPM Version][npm-version-image]][npm-url]
+[![NPM Downloads][npm-downloads-image]][npm-url]
+[![Build Status][ci-image]][ci-url]
+[![Test Coverage][coveralls-image]][coveralls-url]
+[![OpenSSF Scorecard Badge][ossf-scorecard-badge]][ossf-scorecard-visualizer]
+
+Node.js body parsing middleware.
+
+Parse incoming request bodies in a middleware before your handlers, available
+under the `req.body` property.
+
+**Note** As `req.body`'s shape is based on user-controlled input, all
+properties and values in this object are untrusted and should be validated
+before trusting. For example, `req.body.foo.toString()` may fail in multiple
+ways, for example the `foo` property may not be there or may not be a string,
+and `toString` may not be a function and instead a string or other user input.
+
+[Learn about the anatomy of an HTTP transaction in Node.js](https://nodejs.org/en/docs/guides/anatomy-of-an-http-transaction/).
+
+_This does not handle multipart bodies_, due to their complex and typically
+large nature. For multipart bodies, you may be interested in the following
+modules:
+
+  * [busboy](https://www.npmjs.org/package/busboy#readme) and
+    [connect-busboy](https://www.npmjs.org/package/connect-busboy#readme)
+  * [multiparty](https://www.npmjs.org/package/multiparty#readme) and
+    [connect-multiparty](https://www.npmjs.org/package/connect-multiparty#readme)
+  * [formidable](https://www.npmjs.org/package/formidable#readme)
+  * [multer](https://www.npmjs.org/package/multer#readme)
+
+This module provides the following parsers:
+
+  * [JSON body parser](#bodyparserjsonoptions)
+  * [Raw body parser](#bodyparserrawoptions)
+  * [Text body parser](#bodyparsertextoptions)
+  * [URL-encoded form body parser](#bodyparserurlencodedoptions)
+
+Other body parsers you might be interested in:
+
+- [body](https://www.npmjs.org/package/body#readme)
+- [co-body](https://www.npmjs.org/package/co-body#readme)
+
+## Installation
+
+```sh
+$ npm install body-parser
+```
+
+## API
+
+```js
+var bodyParser = require('body-parser')
+```
+
+The `bodyParser` object exposes various factories to create middlewares. All
+middlewares will populate the `req.body` property with the parsed body when
+the `Content-Type` request header matches the `type` option, or an empty
+object (`{}`) if there was no body to parse, the `Content-Type` was not matched,
+or an error occurred.
+
+The various errors returned by this module are described in the
+[errors section](#errors).
+
+### bodyParser.json([options])
+
+Returns middleware that only parses `json` and only looks at requests where
+the `Content-Type` header matches the `type` option. This parser accepts any
+Unicode encoding of the body and supports automatic inflation of `gzip` and
+`deflate` encodings.
+
+A new `body` object containing the parsed data is populated on the `request`
+object after the middleware (i.e. `req.body`).
+
+#### Options
+
+The `json` function takes an optional `options` object that may contain any of
+the following keys:
+
+##### inflate
+
+When set to `true`, then deflated (compressed) bodies will be inflated; when
+`false`, deflated bodies are rejected. Defaults to `true`.
+
+##### limit
+
+Controls the maximum request body size. If this is a number, then the value
+specifies the number of bytes; if it is a string, the value is passed to the
+[bytes](https://www.npmjs.com/package/bytes) library for parsing. Defaults
+to `'100kb'`.
+
+##### reviver
+
+The `reviver` option is passed directly to `JSON.parse` as the second
+argument. You can find more information on this argument
+[in the MDN documentation about JSON.parse](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/JSON/parse#Example.3A_Using_the_reviver_parameter).
+
+##### strict
+
+When set to `true`, will only accept arrays and objects; when `false` will
+accept anything `JSON.parse` accepts. Defaults to `true`.
+
+##### type
+
+The `type` option is used to determine what media type the middleware will
+parse. This option can be a string, array of strings, or a function. If not a
+function, `type` option is passed directly to the
+[type-is](https://www.npmjs.org/package/type-is#readme) library and this can
+be an extension name (like `json`), a mime type (like `application/json`), or
+a mime type with a wildcard (like `*/*` or `*/json`). If a function, the `type`
+option is called as `fn(req)` and the request is parsed if it returns a truthy
+value. Defaults to `application/json`.
+
+##### verify
+
+The `verify` option, if supplied, is called as `verify(req, res, buf, encoding)`,
+where `buf` is a `Buffer` of the raw request body and `encoding` is the
+encoding of the request. The parsing can be aborted by throwing an error.
+
+### bodyParser.raw([options])
+
+Returns middleware that parses all bodies as a `Buffer` and only looks at
+requests where the `Content-Type` header matches the `type` option. This
+parser supports automatic inflation of `gzip` and `deflate` encodings.
+
+A new `body` object containing the parsed data is populated on the `request`
+object after the middleware (i.e. `req.body`). This will be a `Buffer` object
+of the body.
+
+#### Options
+
+The `raw` function takes an optional `options` object that may contain any of
+the following keys:
+
+##### inflate
+
+When set to `true`, then deflated (compressed) bodies will be inflated; when
+`false`, deflated bodies are rejected. Defaults to `true`.
+
+##### limit
+
+Controls the maximum request body size. If this is a number, then the value
+specifies the number of bytes; if it is a string, the value is passed to the
+[bytes](https://www.npmjs.com/package/bytes) library for parsing. Defaults
+to `'100kb'`.
+
+##### type
+
+The `type` option is used to determine what media type the middleware will
+parse. This option can be a string, array of strings, or a function.
+If not a function, `type` option is passed directly to the
+[type-is](https://www.npmjs.org/package/type-is#readme) library and this
+can be an extension name (like `bin`), a mime type (like
+`application/octet-stream`), or a mime type with a wildcard (like `*/*` or
+`application/*`). If a function, the `type` option is called as `fn(req)`
+and the request is parsed if it returns a truthy value. Defaults to
+`application/octet-stream`.
+
+##### verify
+
+The `verify` option, if supplied, is called as `verify(req, res, buf, encoding)`,
+where `buf` is a `Buffer` of the raw request body and `encoding` is the
+encoding of the request. The parsing can be aborted by throwing an error.
+
+### bodyParser.text([options])
+
+Returns middleware that parses all bodies as a string and only looks at
+requests where the `Content-Type` header matches the `type` option. This
+parser supports automatic inflation of `gzip` and `deflate` encodings.
+
+A new `body` string containing the parsed data is populated on the `request`
+object after the middleware (i.e. `req.body`). This will be a string of the
+body.
+
+#### Options
+
+The `text` function takes an optional `options` object that may contain any of
+the following keys:
+
+##### defaultCharset
+
+Specify the default character set for the text content if the charset is not
+specified in the `Content-Type` header of the request. Defaults to `utf-8`.
+
+##### inflate
+
+When set to `true`, then deflated (compressed) bodies will be inflated; when
+`false`, deflated bodies are rejected. Defaults to `true`.
+
+##### limit
+
+Controls the maximum request body size. If this is a number, then the value
+specifies the number of bytes; if it is a string, the value is passed to the
+[bytes](https://www.npmjs.com/package/bytes) library for parsing. Defaults
+to `'100kb'`.
+
+##### type
+
+The `type` option is used to determine what media type the middleware will
+parse. This option can be a string, array of strings, or a function. If not
+a function, `type` option is passed directly to the
+[type-is](https://www.npmjs.org/package/type-is#readme) library and this can
+be an extension name (like `txt`), a mime type (like `text/plain`), or a mime
+type with a wildcard (like `*/*` or `text/*`). If a function, the `type`
+option is called as `fn(req)` and the request is parsed if it returns a
+truthy value. Defaults to `text/plain`.
+
+##### verify
+
+The `verify` option, if supplied, is called as `verify(req, res, buf, encoding)`,
+where `buf` is a `Buffer` of the raw request body and `encoding` is the
+encoding of the request. The parsing can be aborted by throwing an error.
+
+### bodyParser.urlencoded([options])
+
+Returns middleware that only parses `urlencoded` bodies and only looks at
+requests where the `Content-Type` header matches the `type` option. This
+parser accepts only UTF-8 encoding of the body and supports automatic
+inflation of `gzip` and `deflate` encodings.
+
+A new `body` object containing the parsed data is populated on the `request`
+object after the middleware (i.e. `req.body`). This object will contain
+key-value pairs, where the value can be a string or array (when `extended` is
+`false`), or any type (when `extended` is `true`).
+
+#### Options
+
+The `urlencoded` function takes an optional `options` object that may contain
+any of the following keys:
+
+##### extended
+
+The `extended` option allows to choose between parsing the URL-encoded data
+with the `querystring` library (when `false`) or the `qs` library (when
+`true`). The "extended" syntax allows for rich objects and arrays to be
+encoded into the URL-encoded format, allowing for a JSON-like experience
+with URL-encoded. For more information, please
+[see the qs library](https://www.npmjs.org/package/qs#readme).
+
+Defaults to `true`, but using the default has been deprecated. Please
+research into the difference between `qs` and `querystring` and choose the
+appropriate setting.
+
+##### inflate
+
+When set to `true`, then deflated (compressed) bodies will be inflated; when
+`false`, deflated bodies are rejected. Defaults to `true`.
+
+##### limit
+
+Controls the maximum request body size. If this is a number, then the value
+specifies the number of bytes; if it is a string, the value is passed to the
+[bytes](https://www.npmjs.com/package/bytes) library for parsing. Defaults
+to `'100kb'`.
+
+##### parameterLimit
+
+The `parameterLimit` option controls the maximum number of parameters that
+are allowed in the URL-encoded data. If a request contains more parameters
+than this value, a 413 will be returned to the client. Defaults to `1000`.
+
+##### type
+
+The `type` option is used to determine what media type the middleware will
+parse. This option can be a string, array of strings, or a function. If not
+a function, `type` option is passed directly to the
+[type-is](https://www.npmjs.org/package/type-is#readme) library and this can
+be an extension name (like `urlencoded`), a mime type (like
+`application/x-www-form-urlencoded`), or a mime type with a wildcard (like
+`*/x-www-form-urlencoded`). If a function, the `type` option is called as
+`fn(req)` and the request is parsed if it returns a truthy value. Defaults
+to `application/x-www-form-urlencoded`.
+
+##### verify
+
+The `verify` option, if supplied, is called as `verify(req, res, buf, encoding)`,
+where `buf` is a `Buffer` of the raw request body and `encoding` is the
+encoding of the request. The parsing can be aborted by throwing an error.
+
+#### depth
+
+The `depth` option is used to configure the maximum depth of the `qs` library when `extended` is `true`. This allows you to limit the amount of keys that are parsed and can be useful to prevent certain types of abuse. Defaults to `32`. It is recommended to keep this value as low as possible.
+
+## Errors
+
+The middlewares provided by this module create errors using the
+[`http-errors` module](https://www.npmjs.com/package/http-errors). The errors
+will typically have a `status`/`statusCode` property that contains the suggested
+HTTP response code, an `expose` property to determine if the `message` property
+should be displayed to the client, a `type` property to determine the type of
+error without matching against the `message`, and a `body` property containing
+the read body, if available.
+
+The following are the common errors created, though any error can come through
+for various reasons.
+
+### content encoding unsupported
+
+This error will occur when the request had a `Content-Encoding` header that
+contained an encoding but the "inflation" option was set to `false`. The
+`status` property is set to `415`, the `type` property is set to
+`'encoding.unsupported'`, and the `charset` property will be set to the
+encoding that is unsupported.
+
+### entity parse failed
+
+This error will occur when the request contained an entity that could not be
+parsed by the middleware. The `status` property is set to `400`, the `type`
+property is set to `'entity.parse.failed'`, and the `body` property is set to
+the entity value that failed parsing.
+
+### entity verify failed
+
+This error will occur when the request contained an entity that could not be
+failed verification by the defined `verify` option. The `status` property is
+set to `403`, the `type` property is set to `'entity.verify.failed'`, and the
+`body` property is set to the entity value that failed verification.
+
+### request aborted
+
+This error will occur when the request is aborted by the client before reading
+the body has finished. The `received` property will be set to the number of
+bytes received before the request was aborted and the `expected` property is
+set to the number of expected bytes. The `status` property is set to `400`
+and `type` property is set to `'request.aborted'`.
+
+### request entity too large
+
+This error will occur when the request body's size is larger than the "limit"
+option. The `limit` property will be set to the byte limit and the `length`
+property will be set to the request body's length. The `status` property is
+set to `413` and the `type` property is set to `'entity.too.large'`.
+
+### request size did not match content length
+
+This error will occur when the request's length did not match the length from
+the `Content-Length` header. This typically occurs when the request is malformed,
+typically when the `Content-Length` header was calculated based on characters
+instead of bytes. The `status` property is set to `400` and the `type` property
+is set to `'request.size.invalid'`.
+
+### stream encoding should not be set
+
+This error will occur when something called the `req.setEncoding` method prior
+to this middleware. This module operates directly on bytes only and you cannot
+call `req.setEncoding` when using this module. The `status` property is set to
+`500` and the `type` property is set to `'stream.encoding.set'`.
+
+### stream is not readable
+
+This error will occur when the request is no longer readable when this middleware
+attempts to read it. This typically means something other than a middleware from
+this module read the request body already and the middleware was also configured to
+read the same request. The `status` property is set to `500` and the `type`
+property is set to `'stream.not.readable'`.
+
+### too many parameters
+
+This error will occur when the content of the request exceeds the configured
+`parameterLimit` for the `urlencoded` parser. The `status` property is set to
+`413` and the `type` property is set to `'parameters.too.many'`.
+
+### unsupported charset "BOGUS"
+
+This error will occur when the request had a charset parameter in the
+`Content-Type` header, but the `iconv-lite` module does not support it OR the
+parser does not support it. The charset is contained in the message as well
+as in the `charset` property. The `status` property is set to `415`, the
+`type` property is set to `'charset.unsupported'`, and the `charset` property
+is set to the charset that is unsupported.
+
+### unsupported content encoding "bogus"
+
+This error will occur when the request had a `Content-Encoding` header that
+contained an unsupported encoding. The encoding is contained in the message
+as well as in the `encoding` property. The `status` property is set to `415`,
+the `type` property is set to `'encoding.unsupported'`, and the `encoding`
+property is set to the encoding that is unsupported.
+
+### The input exceeded the depth
+
+This error occurs when using `bodyParser.urlencoded` with the `extended` property set to `true` and the input exceeds the configured `depth` option. The `status` property is set to `400`. It is recommended to review the `depth` option and evaluate if it requires a higher value. When the `depth` option is set to `32` (default value), the error will not be thrown.
+
+## Examples
+
+### Express/Connect top-level generic
+
+This example demonstrates adding a generic JSON and URL-encoded parser as a
+top-level middleware, which will parse the bodies of all incoming requests.
+This is the simplest setup.
+
+```js
+var express = require('express')
+var bodyParser = require('body-parser')
+
+var app = express()
+
+// parse application/x-www-form-urlencoded
+app.use(bodyParser.urlencoded({ extended: false }))
+
+// parse application/json
+app.use(bodyParser.json())
+
+app.use(function (req, res) {
+  res.setHeader('Content-Type', 'text/plain')
+  res.write('you posted:\n')
+  res.end(JSON.stringify(req.body, null, 2))
+})
+```
+
+### Express route-specific
+
+This example demonstrates adding body parsers specifically to the routes that
+need them. In general, this is the most recommended way to use body-parser with
+Express.
+
+```js
+var express = require('express')
+var bodyParser = require('body-parser')
+
+var app = express()
+
+// create application/json parser
+var jsonParser = bodyParser.json()
+
+// create application/x-www-form-urlencoded parser
+var urlencodedParser = bodyParser.urlencoded({ extended: false })
+
+// POST /login gets urlencoded bodies
+app.post('/login', urlencodedParser, function (req, res) {
+  res.send('welcome, ' + req.body.username)
+})
+
+// POST /api/users gets JSON bodies
+app.post('/api/users', jsonParser, function (req, res) {
+  // create user in req.body
+})
+```
+
+### Change accepted type for parsers
+
+All the parsers accept a `type` option which allows you to change the
+`Content-Type` that the middleware will parse.
+
+```js
+var express = require('express')
+var bodyParser = require('body-parser')
+
+var app = express()
+
+// parse various different custom JSON types as JSON
+app.use(bodyParser.json({ type: 'application/*+json' }))
+
+// parse some custom thing into a Buffer
+app.use(bodyParser.raw({ type: 'application/vnd.custom-type' }))
+
+// parse an HTML body into a string
+app.use(bodyParser.text({ type: 'text/html' }))
+```
+
+## License
+
+[MIT](LICENSE)
+
+[ci-image]: https://badgen.net/github/checks/expressjs/body-parser/master?label=ci
+[ci-url]: https://github.com/expressjs/body-parser/actions/workflows/ci.yml
+[coveralls-image]: https://badgen.net/coveralls/c/github/expressjs/body-parser/master
+[coveralls-url]: https://coveralls.io/r/expressjs/body-parser?branch=master
+[node-version-image]: https://badgen.net/npm/node/body-parser
+[node-version-url]: https://nodejs.org/en/download
+[npm-downloads-image]: https://badgen.net/npm/dm/body-parser
+[npm-url]: https://npmjs.org/package/body-parser
+[npm-version-image]: https://badgen.net/npm/v/body-parser
+[ossf-scorecard-badge]: https://api.scorecard.dev/projects/github.com/expressjs/body-parser/badge
+[ossf-scorecard-visualizer]: https://ossf.github.io/scorecard-visualizer/#/projects/github.com/expressjs/body-parser
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/body-parser/index.js b/src/Servers/ExpressServer/node_modules/body-parser/index.js
new file mode 100644
index 0000000..bb24d73
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/body-parser/index.js
@@ -0,0 +1,156 @@
+/*!
+ * body-parser
+ * Copyright(c) 2014-2015 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict'
+
+/**
+ * Module dependencies.
+ * @private
+ */
+
+var deprecate = require('depd')('body-parser')
+
+/**
+ * Cache of loaded parsers.
+ * @private
+ */
+
+var parsers = Object.create(null)
+
+/**
+ * @typedef Parsers
+ * @type {function}
+ * @property {function} json
+ * @property {function} raw
+ * @property {function} text
+ * @property {function} urlencoded
+ */
+
+/**
+ * Module exports.
+ * @type {Parsers}
+ */
+
+exports = module.exports = deprecate.function(bodyParser,
+  'bodyParser: use individual json/urlencoded middlewares')
+
+/**
+ * JSON parser.
+ * @public
+ */
+
+Object.defineProperty(exports, 'json', {
+  configurable: true,
+  enumerable: true,
+  get: createParserGetter('json')
+})
+
+/**
+ * Raw parser.
+ * @public
+ */
+
+Object.defineProperty(exports, 'raw', {
+  configurable: true,
+  enumerable: true,
+  get: createParserGetter('raw')
+})
+
+/**
+ * Text parser.
+ * @public
+ */
+
+Object.defineProperty(exports, 'text', {
+  configurable: true,
+  enumerable: true,
+  get: createParserGetter('text')
+})
+
+/**
+ * URL-encoded parser.
+ * @public
+ */
+
+Object.defineProperty(exports, 'urlencoded', {
+  configurable: true,
+  enumerable: true,
+  get: createParserGetter('urlencoded')
+})
+
+/**
+ * Create a middleware to parse json and urlencoded bodies.
+ *
+ * @param {object} [options]
+ * @return {function}
+ * @deprecated
+ * @public
+ */
+
+function bodyParser (options) {
+  // use default type for parsers
+  var opts = Object.create(options || null, {
+    type: {
+      configurable: true,
+      enumerable: true,
+      value: undefined,
+      writable: true
+    }
+  })
+
+  var _urlencoded = exports.urlencoded(opts)
+  var _json = exports.json(opts)
+
+  return function bodyParser (req, res, next) {
+    _json(req, res, function (err) {
+      if (err) return next(err)
+      _urlencoded(req, res, next)
+    })
+  }
+}
+
+/**
+ * Create a getter for loading a parser.
+ * @private
+ */
+
+function createParserGetter (name) {
+  return function get () {
+    return loadParser(name)
+  }
+}
+
+/**
+ * Load a parser module.
+ * @private
+ */
+
+function loadParser (parserName) {
+  var parser = parsers[parserName]
+
+  if (parser !== undefined) {
+    return parser
+  }
+
+  // this uses a switch for static require analysis
+  switch (parserName) {
+    case 'json':
+      parser = require('./lib/types/json')
+      break
+    case 'raw':
+      parser = require('./lib/types/raw')
+      break
+    case 'text':
+      parser = require('./lib/types/text')
+      break
+    case 'urlencoded':
+      parser = require('./lib/types/urlencoded')
+      break
+  }
+
+  // store to prevent invoking require()
+  return (parsers[parserName] = parser)
+}
diff --git a/src/Servers/ExpressServer/node_modules/body-parser/lib/read.js b/src/Servers/ExpressServer/node_modules/body-parser/lib/read.js
new file mode 100644
index 0000000..fce6283
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/body-parser/lib/read.js
@@ -0,0 +1,205 @@
+/*!
+ * body-parser
+ * Copyright(c) 2014-2015 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict'
+
+/**
+ * Module dependencies.
+ * @private
+ */
+
+var createError = require('http-errors')
+var destroy = require('destroy')
+var getBody = require('raw-body')
+var iconv = require('iconv-lite')
+var onFinished = require('on-finished')
+var unpipe = require('unpipe')
+var zlib = require('zlib')
+
+/**
+ * Module exports.
+ */
+
+module.exports = read
+
+/**
+ * Read a request into a buffer and parse.
+ *
+ * @param {object} req
+ * @param {object} res
+ * @param {function} next
+ * @param {function} parse
+ * @param {function} debug
+ * @param {object} options
+ * @private
+ */
+
+function read (req, res, next, parse, debug, options) {
+  var length
+  var opts = options
+  var stream
+
+  // flag as parsed
+  req._body = true
+
+  // read options
+  var encoding = opts.encoding !== null
+    ? opts.encoding
+    : null
+  var verify = opts.verify
+
+  try {
+    // get the content stream
+    stream = contentstream(req, debug, opts.inflate)
+    length = stream.length
+    stream.length = undefined
+  } catch (err) {
+    return next(err)
+  }
+
+  // set raw-body options
+  opts.length = length
+  opts.encoding = verify
+    ? null
+    : encoding
+
+  // assert charset is supported
+  if (opts.encoding === null && encoding !== null && !iconv.encodingExists(encoding)) {
+    return next(createError(415, 'unsupported charset "' + encoding.toUpperCase() + '"', {
+      charset: encoding.toLowerCase(),
+      type: 'charset.unsupported'
+    }))
+  }
+
+  // read body
+  debug('read body')
+  getBody(stream, opts, function (error, body) {
+    if (error) {
+      var _error
+
+      if (error.type === 'encoding.unsupported') {
+        // echo back charset
+        _error = createError(415, 'unsupported charset "' + encoding.toUpperCase() + '"', {
+          charset: encoding.toLowerCase(),
+          type: 'charset.unsupported'
+        })
+      } else {
+        // set status code on error
+        _error = createError(400, error)
+      }
+
+      // unpipe from stream and destroy
+      if (stream !== req) {
+        unpipe(req)
+        destroy(stream, true)
+      }
+
+      // read off entire request
+      dump(req, function onfinished () {
+        next(createError(400, _error))
+      })
+      return
+    }
+
+    // verify
+    if (verify) {
+      try {
+        debug('verify body')
+        verify(req, res, body, encoding)
+      } catch (err) {
+        next(createError(403, err, {
+          body: body,
+          type: err.type || 'entity.verify.failed'
+        }))
+        return
+      }
+    }
+
+    // parse
+    var str = body
+    try {
+      debug('parse body')
+      str = typeof body !== 'string' && encoding !== null
+        ? iconv.decode(body, encoding)
+        : body
+      req.body = parse(str)
+    } catch (err) {
+      next(createError(400, err, {
+        body: str,
+        type: err.type || 'entity.parse.failed'
+      }))
+      return
+    }
+
+    next()
+  })
+}
+
+/**
+ * Get the content stream of the request.
+ *
+ * @param {object} req
+ * @param {function} debug
+ * @param {boolean} [inflate=true]
+ * @return {object}
+ * @api private
+ */
+
+function contentstream (req, debug, inflate) {
+  var encoding = (req.headers['content-encoding'] || 'identity').toLowerCase()
+  var length = req.headers['content-length']
+  var stream
+
+  debug('content-encoding "%s"', encoding)
+
+  if (inflate === false && encoding !== 'identity') {
+    throw createError(415, 'content encoding unsupported', {
+      encoding: encoding,
+      type: 'encoding.unsupported'
+    })
+  }
+
+  switch (encoding) {
+    case 'deflate':
+      stream = zlib.createInflate()
+      debug('inflate body')
+      req.pipe(stream)
+      break
+    case 'gzip':
+      stream = zlib.createGunzip()
+      debug('gunzip body')
+      req.pipe(stream)
+      break
+    case 'identity':
+      stream = req
+      stream.length = length
+      break
+    default:
+      throw createError(415, 'unsupported content encoding "' + encoding + '"', {
+        encoding: encoding,
+        type: 'encoding.unsupported'
+      })
+  }
+
+  return stream
+}
+
+/**
+ * Dump the contents of a request.
+ *
+ * @param {object} req
+ * @param {function} callback
+ * @api private
+ */
+
+function dump (req, callback) {
+  if (onFinished.isFinished(req)) {
+    callback(null)
+  } else {
+    onFinished(req, callback)
+    req.resume()
+  }
+}
diff --git a/src/Servers/ExpressServer/node_modules/body-parser/lib/types/json.js b/src/Servers/ExpressServer/node_modules/body-parser/lib/types/json.js
new file mode 100644
index 0000000..59f3f7e
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/body-parser/lib/types/json.js
@@ -0,0 +1,247 @@
+/*!
+ * body-parser
+ * Copyright(c) 2014 Jonathan Ong
+ * Copyright(c) 2014-2015 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict'
+
+/**
+ * Module dependencies.
+ * @private
+ */
+
+var bytes = require('bytes')
+var contentType = require('content-type')
+var createError = require('http-errors')
+var debug = require('debug')('body-parser:json')
+var read = require('../read')
+var typeis = require('type-is')
+
+/**
+ * Module exports.
+ */
+
+module.exports = json
+
+/**
+ * RegExp to match the first non-space in a string.
+ *
+ * Allowed whitespace is defined in RFC 7159:
+ *
+ *    ws = *(
+ *            %x20 /              ; Space
+ *            %x09 /              ; Horizontal tab
+ *            %x0A /              ; Line feed or New line
+ *            %x0D )              ; Carriage return
+ */
+
+var FIRST_CHAR_REGEXP = /^[\x20\x09\x0a\x0d]*([^\x20\x09\x0a\x0d])/ // eslint-disable-line no-control-regex
+
+var JSON_SYNTAX_CHAR = '#'
+var JSON_SYNTAX_REGEXP = /#+/g
+
+/**
+ * Create a middleware to parse JSON bodies.
+ *
+ * @param {object} [options]
+ * @return {function}
+ * @public
+ */
+
+function json (options) {
+  var opts = options || {}
+
+  var limit = typeof opts.limit !== 'number'
+    ? bytes.parse(opts.limit || '100kb')
+    : opts.limit
+  var inflate = opts.inflate !== false
+  var reviver = opts.reviver
+  var strict = opts.strict !== false
+  var type = opts.type || 'application/json'
+  var verify = opts.verify || false
+
+  if (verify !== false && typeof verify !== 'function') {
+    throw new TypeError('option verify must be function')
+  }
+
+  // create the appropriate type checking function
+  var shouldParse = typeof type !== 'function'
+    ? typeChecker(type)
+    : type
+
+  function parse (body) {
+    if (body.length === 0) {
+      // special-case empty json body, as it's a common client-side mistake
+      // TODO: maybe make this configurable or part of "strict" option
+      return {}
+    }
+
+    if (strict) {
+      var first = firstchar(body)
+
+      if (first !== '{' && first !== '[') {
+        debug('strict violation')
+        throw createStrictSyntaxError(body, first)
+      }
+    }
+
+    try {
+      debug('parse json')
+      return JSON.parse(body, reviver)
+    } catch (e) {
+      throw normalizeJsonSyntaxError(e, {
+        message: e.message,
+        stack: e.stack
+      })
+    }
+  }
+
+  return function jsonParser (req, res, next) {
+    if (req._body) {
+      debug('body already parsed')
+      next()
+      return
+    }
+
+    req.body = req.body || {}
+
+    // skip requests without bodies
+    if (!typeis.hasBody(req)) {
+      debug('skip empty body')
+      next()
+      return
+    }
+
+    debug('content-type %j', req.headers['content-type'])
+
+    // determine if request should be parsed
+    if (!shouldParse(req)) {
+      debug('skip parsing')
+      next()
+      return
+    }
+
+    // assert charset per RFC 7159 sec 8.1
+    var charset = getCharset(req) || 'utf-8'
+    if (charset.slice(0, 4) !== 'utf-') {
+      debug('invalid charset')
+      next(createError(415, 'unsupported charset "' + charset.toUpperCase() + '"', {
+        charset: charset,
+        type: 'charset.unsupported'
+      }))
+      return
+    }
+
+    // read
+    read(req, res, next, parse, debug, {
+      encoding: charset,
+      inflate: inflate,
+      limit: limit,
+      verify: verify
+    })
+  }
+}
+
+/**
+ * Create strict violation syntax error matching native error.
+ *
+ * @param {string} str
+ * @param {string} char
+ * @return {Error}
+ * @private
+ */
+
+function createStrictSyntaxError (str, char) {
+  var index = str.indexOf(char)
+  var partial = ''
+
+  if (index !== -1) {
+    partial = str.substring(0, index) + JSON_SYNTAX_CHAR
+
+    for (var i = index + 1; i < str.length; i++) {
+      partial += JSON_SYNTAX_CHAR
+    }
+  }
+
+  try {
+    JSON.parse(partial); /* istanbul ignore next */ throw new SyntaxError('strict violation')
+  } catch (e) {
+    return normalizeJsonSyntaxError(e, {
+      message: e.message.replace(JSON_SYNTAX_REGEXP, function (placeholder) {
+        return str.substring(index, index + placeholder.length)
+      }),
+      stack: e.stack
+    })
+  }
+}
+
+/**
+ * Get the first non-whitespace character in a string.
+ *
+ * @param {string} str
+ * @return {function}
+ * @private
+ */
+
+function firstchar (str) {
+  var match = FIRST_CHAR_REGEXP.exec(str)
+
+  return match
+    ? match[1]
+    : undefined
+}
+
+/**
+ * Get the charset of a request.
+ *
+ * @param {object} req
+ * @api private
+ */
+
+function getCharset (req) {
+  try {
+    return (contentType.parse(req).parameters.charset || '').toLowerCase()
+  } catch (e) {
+    return undefined
+  }
+}
+
+/**
+ * Normalize a SyntaxError for JSON.parse.
+ *
+ * @param {SyntaxError} error
+ * @param {object} obj
+ * @return {SyntaxError}
+ */
+
+function normalizeJsonSyntaxError (error, obj) {
+  var keys = Object.getOwnPropertyNames(error)
+
+  for (var i = 0; i < keys.length; i++) {
+    var key = keys[i]
+    if (key !== 'stack' && key !== 'message') {
+      delete error[key]
+    }
+  }
+
+  // replace stack before message for Node.js 0.10 and below
+  error.stack = obj.stack.replace(error.message, obj.message)
+  error.message = obj.message
+
+  return error
+}
+
+/**
+ * Get the simple type checker.
+ *
+ * @param {string} type
+ * @return {function}
+ */
+
+function typeChecker (type) {
+  return function checkType (req) {
+    return Boolean(typeis(req, type))
+  }
+}
diff --git a/src/Servers/ExpressServer/node_modules/body-parser/lib/types/raw.js b/src/Servers/ExpressServer/node_modules/body-parser/lib/types/raw.js
new file mode 100644
index 0000000..f5d1b67
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/body-parser/lib/types/raw.js
@@ -0,0 +1,101 @@
+/*!
+ * body-parser
+ * Copyright(c) 2014-2015 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict'
+
+/**
+ * Module dependencies.
+ */
+
+var bytes = require('bytes')
+var debug = require('debug')('body-parser:raw')
+var read = require('../read')
+var typeis = require('type-is')
+
+/**
+ * Module exports.
+ */
+
+module.exports = raw
+
+/**
+ * Create a middleware to parse raw bodies.
+ *
+ * @param {object} [options]
+ * @return {function}
+ * @api public
+ */
+
+function raw (options) {
+  var opts = options || {}
+
+  var inflate = opts.inflate !== false
+  var limit = typeof opts.limit !== 'number'
+    ? bytes.parse(opts.limit || '100kb')
+    : opts.limit
+  var type = opts.type || 'application/octet-stream'
+  var verify = opts.verify || false
+
+  if (verify !== false && typeof verify !== 'function') {
+    throw new TypeError('option verify must be function')
+  }
+
+  // create the appropriate type checking function
+  var shouldParse = typeof type !== 'function'
+    ? typeChecker(type)
+    : type
+
+  function parse (buf) {
+    return buf
+  }
+
+  return function rawParser (req, res, next) {
+    if (req._body) {
+      debug('body already parsed')
+      next()
+      return
+    }
+
+    req.body = req.body || {}
+
+    // skip requests without bodies
+    if (!typeis.hasBody(req)) {
+      debug('skip empty body')
+      next()
+      return
+    }
+
+    debug('content-type %j', req.headers['content-type'])
+
+    // determine if request should be parsed
+    if (!shouldParse(req)) {
+      debug('skip parsing')
+      next()
+      return
+    }
+
+    // read
+    read(req, res, next, parse, debug, {
+      encoding: null,
+      inflate: inflate,
+      limit: limit,
+      verify: verify
+    })
+  }
+}
+
+/**
+ * Get the simple type checker.
+ *
+ * @param {string} type
+ * @return {function}
+ */
+
+function typeChecker (type) {
+  return function checkType (req) {
+    return Boolean(typeis(req, type))
+  }
+}
diff --git a/src/Servers/ExpressServer/node_modules/body-parser/lib/types/text.js b/src/Servers/ExpressServer/node_modules/body-parser/lib/types/text.js
new file mode 100644
index 0000000..083a009
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/body-parser/lib/types/text.js
@@ -0,0 +1,121 @@
+/*!
+ * body-parser
+ * Copyright(c) 2014-2015 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict'
+
+/**
+ * Module dependencies.
+ */
+
+var bytes = require('bytes')
+var contentType = require('content-type')
+var debug = require('debug')('body-parser:text')
+var read = require('../read')
+var typeis = require('type-is')
+
+/**
+ * Module exports.
+ */
+
+module.exports = text
+
+/**
+ * Create a middleware to parse text bodies.
+ *
+ * @param {object} [options]
+ * @return {function}
+ * @api public
+ */
+
+function text (options) {
+  var opts = options || {}
+
+  var defaultCharset = opts.defaultCharset || 'utf-8'
+  var inflate = opts.inflate !== false
+  var limit = typeof opts.limit !== 'number'
+    ? bytes.parse(opts.limit || '100kb')
+    : opts.limit
+  var type = opts.type || 'text/plain'
+  var verify = opts.verify || false
+
+  if (verify !== false && typeof verify !== 'function') {
+    throw new TypeError('option verify must be function')
+  }
+
+  // create the appropriate type checking function
+  var shouldParse = typeof type !== 'function'
+    ? typeChecker(type)
+    : type
+
+  function parse (buf) {
+    return buf
+  }
+
+  return function textParser (req, res, next) {
+    if (req._body) {
+      debug('body already parsed')
+      next()
+      return
+    }
+
+    req.body = req.body || {}
+
+    // skip requests without bodies
+    if (!typeis.hasBody(req)) {
+      debug('skip empty body')
+      next()
+      return
+    }
+
+    debug('content-type %j', req.headers['content-type'])
+
+    // determine if request should be parsed
+    if (!shouldParse(req)) {
+      debug('skip parsing')
+      next()
+      return
+    }
+
+    // get charset
+    var charset = getCharset(req) || defaultCharset
+
+    // read
+    read(req, res, next, parse, debug, {
+      encoding: charset,
+      inflate: inflate,
+      limit: limit,
+      verify: verify
+    })
+  }
+}
+
+/**
+ * Get the charset of a request.
+ *
+ * @param {object} req
+ * @api private
+ */
+
+function getCharset (req) {
+  try {
+    return (contentType.parse(req).parameters.charset || '').toLowerCase()
+  } catch (e) {
+    return undefined
+  }
+}
+
+/**
+ * Get the simple type checker.
+ *
+ * @param {string} type
+ * @return {function}
+ */
+
+function typeChecker (type) {
+  return function checkType (req) {
+    return Boolean(typeis(req, type))
+  }
+}
diff --git a/src/Servers/ExpressServer/node_modules/body-parser/lib/types/urlencoded.js b/src/Servers/ExpressServer/node_modules/body-parser/lib/types/urlencoded.js
new file mode 100644
index 0000000..832992c
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/body-parser/lib/types/urlencoded.js
@@ -0,0 +1,300 @@
+/*!
+ * body-parser
+ * Copyright(c) 2014 Jonathan Ong
+ * Copyright(c) 2014-2015 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict'
+
+/**
+ * Module dependencies.
+ * @private
+ */
+
+var bytes = require('bytes')
+var contentType = require('content-type')
+var createError = require('http-errors')
+var debug = require('debug')('body-parser:urlencoded')
+var deprecate = require('depd')('body-parser')
+var read = require('../read')
+var typeis = require('type-is')
+
+/**
+ * Module exports.
+ */
+
+module.exports = urlencoded
+
+/**
+ * Cache of parser modules.
+ */
+
+var parsers = Object.create(null)
+
+/**
+ * Create a middleware to parse urlencoded bodies.
+ *
+ * @param {object} [options]
+ * @return {function}
+ * @public
+ */
+
+function urlencoded (options) {
+  var opts = options || {}
+
+  // notice because option default will flip in next major
+  if (opts.extended === undefined) {
+    deprecate('undefined extended: provide extended option')
+  }
+
+  var extended = opts.extended !== false
+  var inflate = opts.inflate !== false
+  var limit = typeof opts.limit !== 'number'
+    ? bytes.parse(opts.limit || '100kb')
+    : opts.limit
+  var type = opts.type || 'application/x-www-form-urlencoded'
+  var verify = opts.verify || false
+
+  if (verify !== false && typeof verify !== 'function') {
+    throw new TypeError('option verify must be function')
+  }
+
+  // create the appropriate query parser
+  var queryparse = extended
+    ? extendedparser(opts)
+    : simpleparser(opts)
+
+  // create the appropriate type checking function
+  var shouldParse = typeof type !== 'function'
+    ? typeChecker(type)
+    : type
+
+  function parse (body) {
+    return body.length
+      ? queryparse(body)
+      : {}
+  }
+
+  return function urlencodedParser (req, res, next) {
+    if (req._body) {
+      debug('body already parsed')
+      next()
+      return
+    }
+
+    req.body = req.body || {}
+
+    // skip requests without bodies
+    if (!typeis.hasBody(req)) {
+      debug('skip empty body')
+      next()
+      return
+    }
+
+    debug('content-type %j', req.headers['content-type'])
+
+    // determine if request should be parsed
+    if (!shouldParse(req)) {
+      debug('skip parsing')
+      next()
+      return
+    }
+
+    // assert charset
+    var charset = getCharset(req) || 'utf-8'
+    if (charset !== 'utf-8') {
+      debug('invalid charset')
+      next(createError(415, 'unsupported charset "' + charset.toUpperCase() + '"', {
+        charset: charset,
+        type: 'charset.unsupported'
+      }))
+      return
+    }
+
+    // read
+    read(req, res, next, parse, debug, {
+      debug: debug,
+      encoding: charset,
+      inflate: inflate,
+      limit: limit,
+      verify: verify
+    })
+  }
+}
+
+/**
+ * Get the extended query parser.
+ *
+ * @param {object} options
+ */
+
+function extendedparser (options) {
+  var parameterLimit = options.parameterLimit !== undefined
+    ? options.parameterLimit
+    : 1000
+  var depth = options.depth !== undefined ? options.depth : 32
+  var parse = parser('qs')
+
+  if (isNaN(parameterLimit) || parameterLimit < 1) {
+    throw new TypeError('option parameterLimit must be a positive number')
+  }
+
+  if (isNaN(depth) || depth < 0) {
+    throw new TypeError('option depth must be a zero or a positive number')
+  }
+
+  if (isFinite(parameterLimit)) {
+    parameterLimit = parameterLimit | 0
+  }
+
+  return function queryparse (body) {
+    var paramCount = parameterCount(body, parameterLimit)
+
+    if (paramCount === undefined) {
+      debug('too many parameters')
+      throw createError(413, 'too many parameters', {
+        type: 'parameters.too.many'
+      })
+    }
+
+    var arrayLimit = Math.max(100, paramCount)
+
+    debug('parse extended urlencoding')
+    try {
+      return parse(body, {
+        allowPrototypes: true,
+        arrayLimit: arrayLimit,
+        depth: depth,
+        strictDepth: true,
+        parameterLimit: parameterLimit
+      })
+    } catch (err) {
+      if (err instanceof RangeError) {
+        throw createError(400, 'The input exceeded the depth', {
+          type: 'querystring.parse.rangeError'
+        })
+      } else {
+        throw err
+      }
+    }
+  }
+}
+
+/**
+ * Get the charset of a request.
+ *
+ * @param {object} req
+ * @api private
+ */
+
+function getCharset (req) {
+  try {
+    return (contentType.parse(req).parameters.charset || '').toLowerCase()
+  } catch (e) {
+    return undefined
+  }
+}
+
+/**
+ * Count the number of parameters, stopping once limit reached
+ *
+ * @param {string} body
+ * @param {number} limit
+ * @api private
+ */
+
+function parameterCount (body, limit) {
+  var count = 0
+  var index = 0
+
+  while ((index = body.indexOf('&', index)) !== -1) {
+    count++
+    index++
+
+    if (count === limit) {
+      return undefined
+    }
+  }
+
+  return count
+}
+
+/**
+ * Get parser for module name dynamically.
+ *
+ * @param {string} name
+ * @return {function}
+ * @api private
+ */
+
+function parser (name) {
+  var mod = parsers[name]
+
+  if (mod !== undefined) {
+    return mod.parse
+  }
+
+  // this uses a switch for static require analysis
+  switch (name) {
+    case 'qs':
+      mod = require('qs')
+      break
+    case 'querystring':
+      mod = require('querystring')
+      break
+  }
+
+  // store to prevent invoking require()
+  parsers[name] = mod
+
+  return mod.parse
+}
+
+/**
+ * Get the simple query parser.
+ *
+ * @param {object} options
+ */
+
+function simpleparser (options) {
+  var parameterLimit = options.parameterLimit !== undefined
+    ? options.parameterLimit
+    : 1000
+  var parse = parser('querystring')
+
+  if (isNaN(parameterLimit) || parameterLimit < 1) {
+    throw new TypeError('option parameterLimit must be a positive number')
+  }
+
+  if (isFinite(parameterLimit)) {
+    parameterLimit = parameterLimit | 0
+  }
+
+  return function queryparse (body) {
+    var paramCount = parameterCount(body, parameterLimit)
+
+    if (paramCount === undefined) {
+      debug('too many parameters')
+      throw createError(413, 'too many parameters', {
+        type: 'parameters.too.many'
+      })
+    }
+
+    debug('parse urlencoding')
+    return parse(body, undefined, undefined, { maxKeys: parameterLimit })
+  }
+}
+
+/**
+ * Get the simple type checker.
+ *
+ * @param {string} type
+ * @return {function}
+ */
+
+function typeChecker (type) {
+  return function checkType (req) {
+    return Boolean(typeis(req, type))
+  }
+}
diff --git a/src/Servers/ExpressServer/node_modules/body-parser/package.json b/src/Servers/ExpressServer/node_modules/body-parser/package.json
new file mode 100644
index 0000000..c8e61c1
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/body-parser/package.json
@@ -0,0 +1,55 @@
+{
+  "name": "body-parser",
+  "description": "Node.js body parsing middleware",
+  "version": "1.20.4",
+  "contributors": [
+    "Douglas Christopher Wilson <doug@somethingdoug.com>",
+    "Jonathan Ong <me@jongleberry.com> (http://jongleberry.com)"
+  ],
+  "license": "MIT",
+  "repository": "expressjs/body-parser",
+  "dependencies": {
+    "bytes": "~3.1.2",
+    "content-type": "~1.0.5",
+    "debug": "2.6.9",
+    "depd": "2.0.0",
+    "destroy": "~1.2.0",
+    "http-errors": "~2.0.1",
+    "iconv-lite": "~0.4.24",
+    "on-finished": "~2.4.1",
+    "qs": "~6.14.0",
+    "raw-body": "~2.5.3",
+    "type-is": "~1.6.18",
+    "unpipe": "~1.0.0"
+  },
+  "devDependencies": {
+    "eslint": "8.34.0",
+    "eslint-config-standard": "14.1.1",
+    "eslint-plugin-import": "2.27.5",
+    "eslint-plugin-markdown": "3.0.0",
+    "eslint-plugin-node": "11.1.0",
+    "eslint-plugin-promise": "6.1.1",
+    "eslint-plugin-standard": "4.1.0",
+    "methods": "1.1.2",
+    "mocha": "10.2.0",
+    "nyc": "15.1.0",
+    "safe-buffer": "5.2.1",
+    "supertest": "6.3.3"
+  },
+  "files": [
+    "lib/",
+    "LICENSE",
+    "HISTORY.md",
+    "index.js"
+  ],
+  "engines": {
+    "node": ">= 0.8",
+    "npm": "1.2.8000 || >= 1.4.16"
+  },
+  "scripts": {
+    "lint": "eslint .",
+    "test": "mocha --require test/support/env --reporter spec --check-leaks --bail test/",
+    "test-ci": "nyc --reporter=lcov --reporter=text npm test",
+    "test-cov": "nyc --reporter=html --reporter=text npm test"
+  }
+}
diff --git a/src/Servers/ExpressServer/node_modules/bytes/History.md b/src/Servers/ExpressServer/node_modules/bytes/History.md
new file mode 100644
index 0000000..d60ce0e
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/bytes/History.md
@@ -0,0 +1,97 @@
+3.1.2 / 2022-01-27
+==================
+
+  * Fix return value for un-parsable strings
+
+3.1.1 / 2021-11-15
+==================
+
+  * Fix "thousandsSeparator" incorrecting formatting fractional part
+
+3.1.0 / 2019-01-22
+==================
+
+  * Add petabyte (`pb`) support
+
+3.0.0 / 2017-08-31
+==================
+
+  * Change "kB" to "KB" in format output
+  * Remove support for Node.js 0.6
+  * Remove support for ComponentJS
+
+2.5.0 / 2017-03-24
+==================
+
+  * Add option "unit"
+
+2.4.0 / 2016-06-01
+==================
+
+  * Add option "unitSeparator"
+
+2.3.0 / 2016-02-15
+==================
+
+  * Drop partial bytes on all parsed units
+  * Fix non-finite numbers to `.format` to return `null`
+  * Fix parsing byte string that looks like hex
+  * perf: hoist regular expressions
+
+2.2.0 / 2015-11-13
+==================
+
+  * add option "decimalPlaces"
+  * add option "fixedDecimals"
+
+2.1.0 / 2015-05-21
+==================
+
+  * add `.format` export
+  * add `.parse` export
+
+2.0.2 / 2015-05-20
+==================
+
+  * remove map recreation
+  * remove unnecessary object construction
+
+2.0.1 / 2015-05-07
+==================
+
+  * fix browserify require
+  * remove node.extend dependency
+
+2.0.0 / 2015-04-12
+==================
+
+  * add option "case"
+  * add option "thousandsSeparator"
+  * return "null" on invalid parse input
+  * support proper round-trip: bytes(bytes(num)) === num
+  * units no longer case sensitive when parsing
+
+1.0.0 / 2014-05-05
+==================
+
+ * add negative support. fixes #6
+
+0.3.0 / 2014-03-19
+==================
+
+ * added terabyte support
+
+0.2.1 / 2013-04-01
+==================
+
+  * add .component
+
+0.2.0 / 2012-10-28
+==================
+
+  * bytes(200).should.eql('200b')
+
+0.1.0 / 2012-07-04
+==================
+
+  * add bytes to string conversion [yields]
diff --git a/src/Servers/ExpressServer/node_modules/bytes/LICENSE b/src/Servers/ExpressServer/node_modules/bytes/LICENSE
new file mode 100644
index 0000000..63e95a9
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/bytes/LICENSE
@@ -0,0 +1,23 @@
+(The MIT License)
+
+Copyright (c) 2012-2014 TJ Holowaychuk <tj@vision-media.ca>
+Copyright (c) 2015 Jed Watson <jed.watson@me.com>
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/bytes/Readme.md b/src/Servers/ExpressServer/node_modules/bytes/Readme.md
new file mode 100644
index 0000000..5790e23
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/bytes/Readme.md
@@ -0,0 +1,152 @@
+# Bytes utility
+
+[![NPM Version][npm-image]][npm-url]
+[![NPM Downloads][downloads-image]][downloads-url]
+[![Build Status][ci-image]][ci-url]
+[![Test Coverage][coveralls-image]][coveralls-url]
+
+Utility to parse a string bytes (ex: `1TB`) to bytes (`1099511627776`) and vice-versa.
+
+## Installation
+
+This is a [Node.js](https://nodejs.org/en/) module available through the
+[npm registry](https://www.npmjs.com/). Installation is done using the
+[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
+
+```bash
+$ npm install bytes
+```
+
+## Usage
+
+```js
+var bytes = require('bytes');
+```
+
+#### bytes(number｜string value, [options]): number｜string｜null
+
+Default export function. Delegates to either `bytes.format` or `bytes.parse` based on the type of `value`.
+
+**Arguments**
+
+| Name    | Type     | Description        |
+|---------|----------|--------------------|
+| value   | `number`｜`string` | Number value to format or string value to parse |
+| options | `Object` | Conversion options for `format` |
+
+**Returns**
+
+| Name    | Type             | Description                                     |
+|---------|------------------|-------------------------------------------------|
+| results | `string`｜`number`｜`null` | Return null upon error. Numeric value in bytes, or string value otherwise. |
+
+**Example**
+
+```js
+bytes(1024);
+// output: '1KB'
+
+bytes('1KB');
+// output: 1024
+```
+
+#### bytes.format(number value, [options]): string｜null
+
+Format the given value in bytes into a string. If the value is negative, it is kept as such. If it is a float, it is
+ rounded.
+
+**Arguments**
+
+| Name    | Type     | Description        |
+|---------|----------|--------------------|
+| value   | `number` | Value in bytes     |
+| options | `Object` | Conversion options |
+
+**Options**
+
+| Property          | Type   | Description                                                                             |
+|-------------------|--------|-----------------------------------------------------------------------------------------|
+| decimalPlaces | `number`｜`null` | Maximum number of decimal places to include in output. Default value to `2`. |
+| fixedDecimals | `boolean`｜`null` | Whether to always display the maximum number of decimal places. Default value to `false` |
+| thousandsSeparator | `string`｜`null` | Example of values: `' '`, `','` and `'.'`... Default value to `''`. |
+| unit | `string`｜`null` | The unit in which the result will be returned (B/KB/MB/GB/TB). Default value to `''` (which means auto detect). |
+| unitSeparator | `string`｜`null` | Separator to use between number and unit. Default value to `''`. |
+
+**Returns**
+
+| Name    | Type             | Description                                     |
+|---------|------------------|-------------------------------------------------|
+| results | `string`｜`null` | Return null upon error. String value otherwise. |
+
+**Example**
+
+```js
+bytes.format(1024);
+// output: '1KB'
+
+bytes.format(1000);
+// output: '1000B'
+
+bytes.format(1000, {thousandsSeparator: ' '});
+// output: '1 000B'
+
+bytes.format(1024 * 1.7, {decimalPlaces: 0});
+// output: '2KB'
+
+bytes.format(1024, {unitSeparator: ' '});
+// output: '1 KB'
+```
+
+#### bytes.parse(string｜number value): number｜null
+
+Parse the string value into an integer in bytes. If no unit is given, or `value`
+is a number, it is assumed the value is in bytes.
+
+Supported units and abbreviations are as follows and are case-insensitive:
+
+  * `b` for bytes
+  * `kb` for kilobytes
+  * `mb` for megabytes
+  * `gb` for gigabytes
+  * `tb` for terabytes
+  * `pb` for petabytes
+
+The units are in powers of two, not ten. This means 1kb = 1024b according to this parser.
+
+**Arguments**
+
+| Name          | Type   | Description        |
+|---------------|--------|--------------------|
+| value   | `string`｜`number` | String to parse, or number in bytes.   |
+
+**Returns**
+
+| Name    | Type        | Description             |
+|---------|-------------|-------------------------|
+| results | `number`｜`null` | Return null upon error. Value in bytes otherwise. |
+
+**Example**
+
+```js
+bytes.parse('1KB');
+// output: 1024
+
+bytes.parse('1024');
+// output: 1024
+
+bytes.parse(1024);
+// output: 1024
+```
+
+## License
+
+[MIT](LICENSE)
+
+[ci-image]: https://badgen.net/github/checks/visionmedia/bytes.js/master?label=ci
+[ci-url]: https://github.com/visionmedia/bytes.js/actions?query=workflow%3Aci
+[coveralls-image]: https://badgen.net/coveralls/c/github/visionmedia/bytes.js/master
+[coveralls-url]: https://coveralls.io/r/visionmedia/bytes.js?branch=master
+[downloads-image]: https://badgen.net/npm/dm/bytes
+[downloads-url]: https://npmjs.org/package/bytes
+[npm-image]: https://badgen.net/npm/v/bytes
+[npm-url]: https://npmjs.org/package/bytes
diff --git a/src/Servers/ExpressServer/node_modules/bytes/index.js b/src/Servers/ExpressServer/node_modules/bytes/index.js
new file mode 100644
index 0000000..6f2d0f8
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/bytes/index.js
@@ -0,0 +1,170 @@
+/*!
+ * bytes
+ * Copyright(c) 2012-2014 TJ Holowaychuk
+ * Copyright(c) 2015 Jed Watson
+ * MIT Licensed
+ */
+
+'use strict';
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = bytes;
+module.exports.format = format;
+module.exports.parse = parse;
+
+/**
+ * Module variables.
+ * @private
+ */
+
+var formatThousandsRegExp = /\B(?=(\d{3})+(?!\d))/g;
+
+var formatDecimalsRegExp = /(?:\.0*|(\.[^0]+)0+)$/;
+
+var map = {
+  b:  1,
+  kb: 1 << 10,
+  mb: 1 << 20,
+  gb: 1 << 30,
+  tb: Math.pow(1024, 4),
+  pb: Math.pow(1024, 5),
+};
+
+var parseRegExp = /^((-|\+)?(\d+(?:\.\d+)?)) *(kb|mb|gb|tb|pb)$/i;
+
+/**
+ * Convert the given value in bytes into a string or parse to string to an integer in bytes.
+ *
+ * @param {string|number} value
+ * @param {{
+ *  case: [string],
+ *  decimalPlaces: [number]
+ *  fixedDecimals: [boolean]
+ *  thousandsSeparator: [string]
+ *  unitSeparator: [string]
+ *  }} [options] bytes options.
+ *
+ * @returns {string|number|null}
+ */
+
+function bytes(value, options) {
+  if (typeof value === 'string') {
+    return parse(value);
+  }
+
+  if (typeof value === 'number') {
+    return format(value, options);
+  }
+
+  return null;
+}
+
+/**
+ * Format the given value in bytes into a string.
+ *
+ * If the value is negative, it is kept as such. If it is a float,
+ * it is rounded.
+ *
+ * @param {number} value
+ * @param {object} [options]
+ * @param {number} [options.decimalPlaces=2]
+ * @param {number} [options.fixedDecimals=false]
+ * @param {string} [options.thousandsSeparator=]
+ * @param {string} [options.unit=]
+ * @param {string} [options.unitSeparator=]
+ *
+ * @returns {string|null}
+ * @public
+ */
+
+function format(value, options) {
+  if (!Number.isFinite(value)) {
+    return null;
+  }
+
+  var mag = Math.abs(value);
+  var thousandsSeparator = (options && options.thousandsSeparator) || '';
+  var unitSeparator = (options && options.unitSeparator) || '';
+  var decimalPlaces = (options && options.decimalPlaces !== undefined) ? options.decimalPlaces : 2;
+  var fixedDecimals = Boolean(options && options.fixedDecimals);
+  var unit = (options && options.unit) || '';
+
+  if (!unit || !map[unit.toLowerCase()]) {
+    if (mag >= map.pb) {
+      unit = 'PB';
+    } else if (mag >= map.tb) {
+      unit = 'TB';
+    } else if (mag >= map.gb) {
+      unit = 'GB';
+    } else if (mag >= map.mb) {
+      unit = 'MB';
+    } else if (mag >= map.kb) {
+      unit = 'KB';
+    } else {
+      unit = 'B';
+    }
+  }
+
+  var val = value / map[unit.toLowerCase()];
+  var str = val.toFixed(decimalPlaces);
+
+  if (!fixedDecimals) {
+    str = str.replace(formatDecimalsRegExp, '$1');
+  }
+
+  if (thousandsSeparator) {
+    str = str.split('.').map(function (s, i) {
+      return i === 0
+        ? s.replace(formatThousandsRegExp, thousandsSeparator)
+        : s
+    }).join('.');
+  }
+
+  return str + unitSeparator + unit;
+}
+
+/**
+ * Parse the string value into an integer in bytes.
+ *
+ * If no unit is given, it is assumed the value is in bytes.
+ *
+ * @param {number|string} val
+ *
+ * @returns {number|null}
+ * @public
+ */
+
+function parse(val) {
+  if (typeof val === 'number' && !isNaN(val)) {
+    return val;
+  }
+
+  if (typeof val !== 'string') {
+    return null;
+  }
+
+  // Test if the string passed is valid
+  var results = parseRegExp.exec(val);
+  var floatValue;
+  var unit = 'b';
+
+  if (!results) {
+    // Nothing could be extracted from the given string
+    floatValue = parseInt(val, 10);
+    unit = 'b'
+  } else {
+    // Retrieve the value and the unit
+    floatValue = parseFloat(results[1]);
+    unit = results[4].toLowerCase();
+  }
+
+  if (isNaN(floatValue)) {
+    return null;
+  }
+
+  return Math.floor(map[unit] * floatValue);
+}
diff --git a/src/Servers/ExpressServer/node_modules/bytes/package.json b/src/Servers/ExpressServer/node_modules/bytes/package.json
new file mode 100644
index 0000000..f2b6a8b
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/bytes/package.json
@@ -0,0 +1,42 @@
+{
+  "name": "bytes",
+  "description": "Utility to parse a string bytes to bytes and vice-versa",
+  "version": "3.1.2",
+  "author": "TJ Holowaychuk <tj@vision-media.ca> (http://tjholowaychuk.com)",
+  "contributors": [
+    "Jed Watson <jed.watson@me.com>",
+    "Théo FIDRY <theo.fidry@gmail.com>"
+  ],
+  "license": "MIT",
+  "keywords": [
+    "byte",
+    "bytes",
+    "utility",
+    "parse",
+    "parser",
+    "convert",
+    "converter"
+  ],
+  "repository": "visionmedia/bytes.js",
+  "devDependencies": {
+    "eslint": "7.32.0",
+    "eslint-plugin-markdown": "2.2.1",
+    "mocha": "9.2.0",
+    "nyc": "15.1.0"
+  },
+  "files": [
+    "History.md",
+    "LICENSE",
+    "Readme.md",
+    "index.js"
+  ],
+  "engines": {
+    "node": ">= 0.8"
+  },
+  "scripts": {
+    "lint": "eslint .",
+    "test": "mocha --check-leaks --reporter spec",
+    "test-ci": "nyc --reporter=lcov --reporter=text npm test",
+    "test-cov": "nyc --reporter=html --reporter=text npm test"
+  }
+}
diff --git a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/.eslintrc b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/.eslintrc
new file mode 100644
index 0000000..201e859
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/.eslintrc
@@ -0,0 +1,17 @@
+{
+	"root": true,
+
+	"extends": "@ljharb",
+
+	"rules": {
+		"func-name-matching": 0,
+		"id-length": 0,
+		"new-cap": [2, {
+			"capIsNewExceptions": [
+				"GetIntrinsic",
+			],
+		}],
+		"no-extra-parens": 0,
+		"no-magic-numbers": 0,
+	},
+}
diff --git a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/.github/FUNDING.yml b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/.github/FUNDING.yml
new file mode 100644
index 0000000..0011e9d
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/.github/FUNDING.yml
@@ -0,0 +1,12 @@
+# These are supported funding model platforms
+
+github: [ljharb]
+patreon: # Replace with a single Patreon username
+open_collective: # Replace with a single Open Collective username
+ko_fi: # Replace with a single Ko-fi username
+tidelift: npm/call-bind-apply-helpers
+community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
+liberapay: # Replace with a single Liberapay username
+issuehunt: # Replace with a single IssueHunt username
+otechie: # Replace with a single Otechie username
+custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']
diff --git a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/.nycrc b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/.nycrc
new file mode 100644
index 0000000..bdd626c
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/.nycrc
@@ -0,0 +1,9 @@
+{
+	"all": true,
+	"check-coverage": false,
+	"reporter": ["text-summary", "text", "html", "json"],
+	"exclude": [
+		"coverage",
+		"test"
+	]
+}
diff --git a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/CHANGELOG.md b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/CHANGELOG.md
new file mode 100644
index 0000000..2484942
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/CHANGELOG.md
@@ -0,0 +1,30 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [v1.0.2](https://github.com/ljharb/call-bind-apply-helpers/compare/v1.0.1...v1.0.2) - 2025-02-12
+
+### Commits
+
+- [types] improve inferred types [`e6f9586`](https://github.com/ljharb/call-bind-apply-helpers/commit/e6f95860a3c72879cb861a858cdfb8138fbedec1)
+- [Dev Deps] update `@arethetypeswrong/cli`, `@ljharb/tsconfig`, `@types/tape`, `es-value-fixtures`, `for-each`, `has-strict-mode`, `object-inspect` [`e43d540`](https://github.com/ljharb/call-bind-apply-helpers/commit/e43d5409f97543bfbb11f345d47d8ce4e066d8c1)
+
+## [v1.0.1](https://github.com/ljharb/call-bind-apply-helpers/compare/v1.0.0...v1.0.1) - 2024-12-08
+
+### Commits
+
+- [types] `reflectApply`: fix types [`4efc396`](https://github.com/ljharb/call-bind-apply-helpers/commit/4efc3965351a4f02cc55e836fa391d3d11ef2ef8)
+- [Fix] `reflectApply`: oops, Reflect is not a function [`83cc739`](https://github.com/ljharb/call-bind-apply-helpers/commit/83cc7395de6b79b7730bdf092f1436f0b1263c75)
+- [Dev Deps] update `@arethetypeswrong/cli` [`80bd5d3`](https://github.com/ljharb/call-bind-apply-helpers/commit/80bd5d3ae58b4f6b6995ce439dd5a1bcb178a940)
+
+## v1.0.0 - 2024-12-05
+
+### Commits
+
+- Initial implementation, tests, readme [`7879629`](https://github.com/ljharb/call-bind-apply-helpers/commit/78796290f9b7430c9934d6f33d94ae9bc89fce04)
+- Initial commit [`3f1dc16`](https://github.com/ljharb/call-bind-apply-helpers/commit/3f1dc164afc43285631b114a5f9dd9137b2b952f)
+- npm init [`081df04`](https://github.com/ljharb/call-bind-apply-helpers/commit/081df048c312fcee400922026f6e97281200a603)
+- Only apps should have lockfiles [`5b9ca0f`](https://github.com/ljharb/call-bind-apply-helpers/commit/5b9ca0fe8101ebfaf309c549caac4e0a017ed930)
diff --git a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/LICENSE b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/LICENSE
new file mode 100644
index 0000000..f82f389
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 Jordan Harband
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/README.md b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/README.md
new file mode 100644
index 0000000..8fc0dae
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/README.md
@@ -0,0 +1,62 @@
+# call-bind-apply-helpers <sup>[![Version Badge][npm-version-svg]][package-url]</sup>
+
+[![github actions][actions-image]][actions-url]
+[![coverage][codecov-image]][codecov-url]
+[![dependency status][deps-svg]][deps-url]
+[![dev dependency status][dev-deps-svg]][dev-deps-url]
+[![License][license-image]][license-url]
+[![Downloads][downloads-image]][downloads-url]
+
+[![npm badge][npm-badge-png]][package-url]
+
+Helper functions around Function call/apply/bind, for use in `call-bind`.
+
+The only packages that should likely ever use this package directly are `call-bind` and `get-intrinsic`.
+Please use `call-bind` unless you have a very good reason not to.
+
+## Getting started
+
+```sh
+npm install --save call-bind-apply-helpers
+```
+
+## Usage/Examples
+
+```js
+const assert = require('assert');
+const callBindBasic = require('call-bind-apply-helpers');
+
+function f(a, b) {
+	assert.equal(this, 1);
+	assert.equal(a, 2);
+	assert.equal(b, 3);
+	assert.equal(arguments.length, 2);
+}
+
+const fBound = callBindBasic([f, 1]);
+
+delete Function.prototype.call;
+delete Function.prototype.bind;
+
+fBound(2, 3);
+```
+
+## Tests
+
+Clone the repo, `npm install`, and run `npm test`
+
+[package-url]: https://npmjs.org/package/call-bind-apply-helpers
+[npm-version-svg]: https://versionbadg.es/ljharb/call-bind-apply-helpers.svg
+[deps-svg]: https://david-dm.org/ljharb/call-bind-apply-helpers.svg
+[deps-url]: https://david-dm.org/ljharb/call-bind-apply-helpers
+[dev-deps-svg]: https://david-dm.org/ljharb/call-bind-apply-helpers/dev-status.svg
+[dev-deps-url]: https://david-dm.org/ljharb/call-bind-apply-helpers#info=devDependencies
+[npm-badge-png]: https://nodei.co/npm/call-bind-apply-helpers.png?downloads=true&stars=true
+[license-image]: https://img.shields.io/npm/l/call-bind-apply-helpers.svg
+[license-url]: LICENSE
+[downloads-image]: https://img.shields.io/npm/dm/call-bind-apply-helpers.svg
+[downloads-url]: https://npm-stat.com/charts.html?package=call-bind-apply-helpers
+[codecov-image]: https://codecov.io/gh/ljharb/call-bind-apply-helpers/branch/main/graphs/badge.svg
+[codecov-url]: https://app.codecov.io/gh/ljharb/call-bind-apply-helpers/
+[actions-image]: https://img.shields.io/endpoint?url=https://github-actions-badge-u3jn4tfpocch.runkit.sh/ljharb/call-bind-apply-helpers
+[actions-url]: https://github.com/ljharb/call-bind-apply-helpers/actions
diff --git a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/actualApply.d.ts b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/actualApply.d.ts
new file mode 100644
index 0000000..b87286a
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/actualApply.d.ts
@@ -0,0 +1 @@
+export = Reflect.apply;
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/actualApply.js b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/actualApply.js
new file mode 100644
index 0000000..ffa5135
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/actualApply.js
@@ -0,0 +1,10 @@
+'use strict';
+
+var bind = require('function-bind');
+
+var $apply = require('./functionApply');
+var $call = require('./functionCall');
+var $reflectApply = require('./reflectApply');
+
+/** @type {import('./actualApply')} */
+module.exports = $reflectApply || bind.call($call, $apply);
diff --git a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/applyBind.d.ts b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/applyBind.d.ts
new file mode 100644
index 0000000..d176c1a
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/applyBind.d.ts
@@ -0,0 +1,19 @@
+import actualApply from './actualApply';
+
+type TupleSplitHead<T extends any[], N extends number> = T['length'] extends N
+  ? T
+  : T extends [...infer R, any]
+  ? TupleSplitHead<R, N>
+  : never
+
+type TupleSplitTail<T, N extends number, O extends any[] = []> = O['length'] extends N
+  ? T
+  : T extends [infer F, ...infer R]
+  ? TupleSplitTail<[...R], N, [...O, F]>
+  : never
+
+type TupleSplit<T extends any[], N extends number> = [TupleSplitHead<T, N>, TupleSplitTail<T, N>]
+
+declare function applyBind(...args: TupleSplit<Parameters<typeof actualApply>, 2>[1]): ReturnType<typeof actualApply>;
+
+export = applyBind;
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/applyBind.js b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/applyBind.js
new file mode 100644
index 0000000..d2b7723
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/applyBind.js
@@ -0,0 +1,10 @@
+'use strict';
+
+var bind = require('function-bind');
+var $apply = require('./functionApply');
+var actualApply = require('./actualApply');
+
+/** @type {import('./applyBind')} */
+module.exports = function applyBind() {
+	return actualApply(bind, $apply, arguments);
+};
diff --git a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/functionApply.d.ts b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/functionApply.d.ts
new file mode 100644
index 0000000..1f6e11b
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/functionApply.d.ts
@@ -0,0 +1 @@
+export = Function.prototype.apply;
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/functionApply.js b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/functionApply.js
new file mode 100644
index 0000000..c71df9c
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/functionApply.js
@@ -0,0 +1,4 @@
+'use strict';
+
+/** @type {import('./functionApply')} */
+module.exports = Function.prototype.apply;
diff --git a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/functionCall.d.ts b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/functionCall.d.ts
new file mode 100644
index 0000000..15e93df
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/functionCall.d.ts
@@ -0,0 +1 @@
+export = Function.prototype.call;
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/functionCall.js b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/functionCall.js
new file mode 100644
index 0000000..7a8d873
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/functionCall.js
@@ -0,0 +1,4 @@
+'use strict';
+
+/** @type {import('./functionCall')} */
+module.exports = Function.prototype.call;
diff --git a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/index.d.ts b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/index.d.ts
new file mode 100644
index 0000000..541516b
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/index.d.ts
@@ -0,0 +1,64 @@
+type RemoveFromTuple<
+  Tuple extends readonly unknown[],
+  RemoveCount extends number,
+  Index extends 1[] = []
+> = Index["length"] extends RemoveCount
+  ? Tuple
+  : Tuple extends [infer First, ...infer Rest]
+  ? RemoveFromTuple<Rest, RemoveCount, [...Index, 1]>
+  : Tuple;
+
+type ConcatTuples<
+  Prefix extends readonly unknown[],
+  Suffix extends readonly unknown[]
+> = [...Prefix, ...Suffix];
+
+type ExtractFunctionParams<T> = T extends (this: infer TThis, ...args: infer P extends readonly unknown[]) => infer R
+  ? { thisArg: TThis; params: P; returnType: R }
+  : never;
+
+type BindFunction<
+  T extends (this: any, ...args: any[]) => any,
+  TThis,
+  TBoundArgs extends readonly unknown[],
+  ReceiverBound extends boolean
+> = ExtractFunctionParams<T> extends {
+  thisArg: infer OrigThis;
+  params: infer P extends readonly unknown[];
+  returnType: infer R;
+}
+  ? ReceiverBound extends true
+    ? (...args: RemoveFromTuple<P, Extract<TBoundArgs["length"], number>>) => R extends [OrigThis, ...infer Rest]
+      ? [TThis, ...Rest] // Replace `this` with `thisArg`
+      : R
+    : <U, RemainingArgs extends RemoveFromTuple<P, Extract<TBoundArgs["length"], number>>>(
+        thisArg: U,
+        ...args: RemainingArgs
+      ) => R extends [OrigThis, ...infer Rest]
+      ? [U, ...ConcatTuples<TBoundArgs, Rest>] // Preserve bound args in return type
+      : R
+  : never;
+
+declare function callBind<
+  const T extends (this: any, ...args: any[]) => any,
+  Extracted extends ExtractFunctionParams<T>,
+  const TBoundArgs extends Partial<Extracted["params"]> & readonly unknown[],
+  const TThis extends Extracted["thisArg"]
+>(
+  args: [fn: T, thisArg: TThis, ...boundArgs: TBoundArgs]
+): BindFunction<T, TThis, TBoundArgs, true>;
+
+declare function callBind<
+  const T extends (this: any, ...args: any[]) => any,
+  Extracted extends ExtractFunctionParams<T>,
+  const TBoundArgs extends Partial<Extracted["params"]> & readonly unknown[]
+>(
+  args: [fn: T, ...boundArgs: TBoundArgs]
+): BindFunction<T, Extracted["thisArg"], TBoundArgs, false>;
+
+declare function callBind<const TArgs extends readonly unknown[]>(
+  args: [fn: Exclude<TArgs[0], Function>, ...rest: TArgs]
+): never;
+
+// export as namespace callBind;
+export = callBind;
diff --git a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/index.js b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/index.js
new file mode 100644
index 0000000..2f6dab4
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/index.js
@@ -0,0 +1,15 @@
+'use strict';
+
+var bind = require('function-bind');
+var $TypeError = require('es-errors/type');
+
+var $call = require('./functionCall');
+var $actualApply = require('./actualApply');
+
+/** @type {(args: [Function, thisArg?: unknown, ...args: unknown[]]) => Function} TODO FIXME, find a way to use import('.') */
+module.exports = function callBindBasic(args) {
+	if (args.length < 1 || typeof args[0] !== 'function') {
+		throw new $TypeError('a function is required');
+	}
+	return $actualApply(bind, $call, args);
+};
diff --git a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/package.json b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/package.json
new file mode 100644
index 0000000..923b8be
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/package.json
@@ -0,0 +1,85 @@
+{
+	"name": "call-bind-apply-helpers",
+	"version": "1.0.2",
+	"description": "Helper functions around Function call/apply/bind, for use in `call-bind`",
+	"main": "index.js",
+	"exports": {
+		".": "./index.js",
+		"./actualApply": "./actualApply.js",
+		"./applyBind": "./applyBind.js",
+		"./functionApply": "./functionApply.js",
+		"./functionCall": "./functionCall.js",
+		"./reflectApply": "./reflectApply.js",
+		"./package.json": "./package.json"
+	},
+	"scripts": {
+		"prepack": "npmignore --auto --commentLines=auto",
+		"prepublish": "not-in-publish || npm run prepublishOnly",
+		"prepublishOnly": "safe-publish-latest",
+		"prelint": "evalmd README.md",
+		"lint": "eslint --ext=.js,.mjs .",
+		"postlint": "tsc -p . && attw -P",
+		"pretest": "npm run lint",
+		"tests-only": "nyc tape 'test/**/*.js'",
+		"test": "npm run tests-only",
+		"posttest": "npx npm@'>=10.2' audit --production",
+		"version": "auto-changelog && git add CHANGELOG.md",
+		"postversion": "auto-changelog && git add CHANGELOG.md && git commit --no-edit --amend && git tag -f \"v$(node -e \"console.log(require('./package.json').version)\")\""
+	},
+	"repository": {
+		"type": "git",
+		"url": "git+https://github.com/ljharb/call-bind-apply-helpers.git"
+	},
+	"author": "Jordan Harband <ljharb@gmail.com>",
+	"license": "MIT",
+	"bugs": {
+		"url": "https://github.com/ljharb/call-bind-apply-helpers/issues"
+	},
+	"homepage": "https://github.com/ljharb/call-bind-apply-helpers#readme",
+	"dependencies": {
+		"es-errors": "^1.3.0",
+		"function-bind": "^1.1.2"
+	},
+	"devDependencies": {
+		"@arethetypeswrong/cli": "^0.17.3",
+		"@ljharb/eslint-config": "^21.1.1",
+		"@ljharb/tsconfig": "^0.2.3",
+		"@types/for-each": "^0.3.3",
+		"@types/function-bind": "^1.1.10",
+		"@types/object-inspect": "^1.13.0",
+		"@types/tape": "^5.8.1",
+		"auto-changelog": "^2.5.0",
+		"encoding": "^0.1.13",
+		"es-value-fixtures": "^1.7.1",
+		"eslint": "=8.8.0",
+		"evalmd": "^0.0.19",
+		"for-each": "^0.3.5",
+		"has-strict-mode": "^1.1.0",
+		"in-publish": "^2.0.1",
+		"npmignore": "^0.3.1",
+		"nyc": "^10.3.2",
+		"object-inspect": "^1.13.4",
+		"safe-publish-latest": "^2.0.0",
+		"tape": "^5.9.0",
+		"typescript": "next"
+	},
+	"testling": {
+		"files": "test/index.js"
+	},
+	"auto-changelog": {
+		"output": "CHANGELOG.md",
+		"template": "keepachangelog",
+		"unreleased": false,
+		"commitLimit": false,
+		"backfillLimit": false,
+		"hideCredit": true
+	},
+	"publishConfig": {
+		"ignore": [
+			".github/workflows"
+		]
+	},
+	"engines": {
+		"node": ">= 0.4"
+	}
+}
diff --git a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/reflectApply.d.ts b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/reflectApply.d.ts
new file mode 100644
index 0000000..6b2ae76
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/reflectApply.d.ts
@@ -0,0 +1,3 @@
+declare const reflectApply: false | typeof Reflect.apply;
+
+export = reflectApply;
diff --git a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/reflectApply.js b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/reflectApply.js
new file mode 100644
index 0000000..3d03caa
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/reflectApply.js
@@ -0,0 +1,4 @@
+'use strict';
+
+/** @type {import('./reflectApply')} */
+module.exports = typeof Reflect !== 'undefined' && Reflect && Reflect.apply;
diff --git a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/test/index.js b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/test/index.js
new file mode 100644
index 0000000..1cdc89e
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/test/index.js
@@ -0,0 +1,63 @@
+'use strict';
+
+var callBind = require('../');
+var hasStrictMode = require('has-strict-mode')();
+var forEach = require('for-each');
+var inspect = require('object-inspect');
+var v = require('es-value-fixtures');
+
+var test = require('tape');
+
+test('callBindBasic', function (t) {
+	forEach(v.nonFunctions, function (nonFunction) {
+		t['throws'](
+			// @ts-expect-error
+			function () { callBind([nonFunction]); },
+			TypeError,
+			inspect(nonFunction) + ' is not a function'
+		);
+	});
+
+	var sentinel = { sentinel: true };
+	/** @type {<T, A extends number, B extends number>(this: T, a: A, b: B) => [T | undefined, A, B]} */
+	var func = function (a, b) {
+		// eslint-disable-next-line no-invalid-this
+		return [!hasStrictMode && this === global ? undefined : this, a, b];
+	};
+	t.equal(func.length, 2, 'original function length is 2');
+
+	/** type {(thisArg: unknown, a: number, b: number) => [unknown, number, number]} */
+	var bound = callBind([func]);
+	/** type {((a: number, b: number) => [typeof sentinel, typeof a, typeof b])} */
+	var boundR = callBind([func, sentinel]);
+	/** type {((b: number) => [typeof sentinel, number, typeof b])} */
+	var boundArg = callBind([func, sentinel, /** @type {const} */ (1)]);
+
+	// @ts-expect-error
+	t.deepEqual(bound(), [undefined, undefined, undefined], 'bound func with no args');
+
+	// @ts-expect-error
+	t.deepEqual(func(), [undefined, undefined, undefined], 'unbound func with too few args');
+	// @ts-expect-error
+	t.deepEqual(bound(1, 2), [hasStrictMode ? 1 : Object(1), 2, undefined], 'bound func too few args');
+	// @ts-expect-error
+	t.deepEqual(boundR(), [sentinel, undefined, undefined], 'bound func with receiver, with too few args');
+	// @ts-expect-error
+	t.deepEqual(boundArg(), [sentinel, 1, undefined], 'bound func with receiver and arg, with too few args');
+
+	t.deepEqual(func(1, 2), [undefined, 1, 2], 'unbound func with right args');
+	t.deepEqual(bound(1, 2, 3), [hasStrictMode ? 1 : Object(1), 2, 3], 'bound func with right args');
+	t.deepEqual(boundR(1, 2), [sentinel, 1, 2], 'bound func with receiver, with right args');
+	t.deepEqual(boundArg(2), [sentinel, 1, 2], 'bound func with receiver and arg, with right arg');
+
+	// @ts-expect-error
+	t.deepEqual(func(1, 2, 3), [undefined, 1, 2], 'unbound func with too many args');
+	// @ts-expect-error
+	t.deepEqual(bound(1, 2, 3, 4), [hasStrictMode ? 1 : Object(1), 2, 3], 'bound func with too many args');
+	// @ts-expect-error
+	t.deepEqual(boundR(1, 2, 3), [sentinel, 1, 2], 'bound func with receiver, with too many args');
+	// @ts-expect-error
+	t.deepEqual(boundArg(2, 3), [sentinel, 1, 2], 'bound func with receiver and arg, with too many args');
+
+	t.end();
+});
diff --git a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/tsconfig.json b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/tsconfig.json
new file mode 100644
index 0000000..aef9993
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/tsconfig.json
@@ -0,0 +1,9 @@
+{
+	"extends": "@ljharb/tsconfig",
+	"compilerOptions": {
+		"target": "es2021",
+	},
+	"exclude": [
+		"coverage",
+	],
+}
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/call-bound/.eslintrc b/src/Servers/ExpressServer/node_modules/call-bound/.eslintrc
new file mode 100644
index 0000000..2612ed8
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/call-bound/.eslintrc
@@ -0,0 +1,13 @@
+{
+	"root": true,
+
+	"extends": "@ljharb",
+
+	"rules": {
+		"new-cap": [2, {
+			"capIsNewExceptions": [
+				"GetIntrinsic",
+			],
+		}],
+	},
+}
diff --git a/src/Servers/ExpressServer/node_modules/call-bound/.github/FUNDING.yml b/src/Servers/ExpressServer/node_modules/call-bound/.github/FUNDING.yml
new file mode 100644
index 0000000..2a2a135
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/call-bound/.github/FUNDING.yml
@@ -0,0 +1,12 @@
+# These are supported funding model platforms
+
+github: [ljharb]
+patreon: # Replace with a single Patreon username
+open_collective: # Replace with a single Open Collective username
+ko_fi: # Replace with a single Ko-fi username
+tidelift: npm/call-bound
+community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
+liberapay: # Replace with a single Liberapay username
+issuehunt: # Replace with a single IssueHunt username
+otechie: # Replace with a single Otechie username
+custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']
diff --git a/src/Servers/ExpressServer/node_modules/call-bound/.nycrc b/src/Servers/ExpressServer/node_modules/call-bound/.nycrc
new file mode 100644
index 0000000..bdd626c
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/call-bound/.nycrc
@@ -0,0 +1,9 @@
+{
+	"all": true,
+	"check-coverage": false,
+	"reporter": ["text-summary", "text", "html", "json"],
+	"exclude": [
+		"coverage",
+		"test"
+	]
+}
diff --git a/src/Servers/ExpressServer/node_modules/call-bound/CHANGELOG.md b/src/Servers/ExpressServer/node_modules/call-bound/CHANGELOG.md
new file mode 100644
index 0000000..8bde4e9
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/call-bound/CHANGELOG.md
@@ -0,0 +1,42 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [v1.0.4](https://github.com/ljharb/call-bound/compare/v1.0.3...v1.0.4) - 2025-03-03
+
+### Commits
+
+- [types] improve types [`e648922`](https://github.com/ljharb/call-bound/commit/e6489222a9e54f350fbf952ceabe51fd8b6027ff)
+- [Dev Deps] update `@arethetypeswrong/cli`, `@ljharb/tsconfig`, `@types/tape`, `es-value-fixtures`, `for-each`, `has-strict-mode`, `object-inspect` [`a42a5eb`](https://github.com/ljharb/call-bound/commit/a42a5ebe6c1b54fcdc7997c7dc64fdca9e936719)
+- [Deps] update `call-bind-apply-helpers`, `get-intrinsic` [`f529eac`](https://github.com/ljharb/call-bound/commit/f529eac132404c17156bbc23ab2297a25d0f20b8)
+
+## [v1.0.3](https://github.com/ljharb/call-bound/compare/v1.0.2...v1.0.3) - 2024-12-15
+
+### Commits
+
+- [Refactor] use `call-bind-apply-helpers` instead of `call-bind` [`5e0b134`](https://github.com/ljharb/call-bound/commit/5e0b13496df14fb7d05dae9412f088da8d3f75be)
+- [Deps] update `get-intrinsic` [`41fc967`](https://github.com/ljharb/call-bound/commit/41fc96732a22c7b7e8f381f93ccc54bb6293be2e)
+- [readme] fix example [`79a0137`](https://github.com/ljharb/call-bound/commit/79a0137723f7c6d09c9c05452bbf8d5efb5d6e49)
+- [meta] add `sideEffects` flag [`08b07be`](https://github.com/ljharb/call-bound/commit/08b07be7f1c03f67dc6f3cdaf0906259771859f7)
+
+## [v1.0.2](https://github.com/ljharb/call-bound/compare/v1.0.1...v1.0.2) - 2024-12-10
+
+### Commits
+
+- [Dev Deps] update `@arethetypeswrong/cli`, `@ljharb/tsconfig`, `gopd` [`e6a5ffe`](https://github.com/ljharb/call-bound/commit/e6a5ffe849368fe4f74dfd6cdeca1b9baa39e8d5)
+- [Deps] update `call-bind`, `get-intrinsic` [`2aeb5b5`](https://github.com/ljharb/call-bound/commit/2aeb5b521dc2b2683d1345c753ea1161de2d1c14)
+- [types] improve return type [`1a0c9fe`](https://github.com/ljharb/call-bound/commit/1a0c9fe3114471e7ca1f57d104e2efe713bb4871)
+
+## v1.0.1 - 2024-12-05
+
+### Commits
+
+- Initial implementation, tests, readme, types [`6d94121`](https://github.com/ljharb/call-bound/commit/6d94121a9243602e506334069f7a03189fe3363d)
+- Initial commit [`0eae867`](https://github.com/ljharb/call-bound/commit/0eae867334ea025c33e6e91cdecfc9df96680cf9)
+- npm init [`71b2479`](https://github.com/ljharb/call-bound/commit/71b2479c6723e0b7d91a6b663613067e98b7b275)
+- Only apps should have lockfiles [`c3754a9`](https://github.com/ljharb/call-bound/commit/c3754a949b7f9132b47e2d18c1729889736741eb)
+- [actions] skip `npm ls` in node &lt; 10 [`74275a5`](https://github.com/ljharb/call-bound/commit/74275a5186b8caf6309b6b97472bdcb0df4683a8)
+- [Dev Deps] add missing peer dep [`1354de8`](https://github.com/ljharb/call-bound/commit/1354de8679413e4ae9c523d85f76fa7a5e032d97)
diff --git a/src/Servers/ExpressServer/node_modules/call-bound/LICENSE b/src/Servers/ExpressServer/node_modules/call-bound/LICENSE
new file mode 100644
index 0000000..f82f389
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/call-bound/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 Jordan Harband
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/call-bound/README.md b/src/Servers/ExpressServer/node_modules/call-bound/README.md
new file mode 100644
index 0000000..a44e43e
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/call-bound/README.md
@@ -0,0 +1,53 @@
+# call-bound <sup>[![Version Badge][npm-version-svg]][package-url]</sup>
+
+[![github actions][actions-image]][actions-url]
+[![coverage][codecov-image]][codecov-url]
+[![dependency status][deps-svg]][deps-url]
+[![dev dependency status][dev-deps-svg]][dev-deps-url]
+[![License][license-image]][license-url]
+[![Downloads][downloads-image]][downloads-url]
+
+[![npm badge][npm-badge-png]][package-url]
+
+Robust call-bound JavaScript intrinsics, using `call-bind` and `get-intrinsic`.
+
+## Getting started
+
+```sh
+npm install --save call-bound
+```
+
+## Usage/Examples
+
+```js
+const assert = require('assert');
+const callBound = require('call-bound');
+
+const slice = callBound('Array.prototype.slice');
+
+delete Function.prototype.call;
+delete Function.prototype.bind;
+delete Array.prototype.slice;
+
+assert.deepEqual(slice([1, 2, 3, 4], 1, -1), [2, 3]);
+```
+
+## Tests
+
+Clone the repo, `npm install`, and run `npm test`
+
+[package-url]: https://npmjs.org/package/call-bound
+[npm-version-svg]: https://versionbadg.es/ljharb/call-bound.svg
+[deps-svg]: https://david-dm.org/ljharb/call-bound.svg
+[deps-url]: https://david-dm.org/ljharb/call-bound
+[dev-deps-svg]: https://david-dm.org/ljharb/call-bound/dev-status.svg
+[dev-deps-url]: https://david-dm.org/ljharb/call-bound#info=devDependencies
+[npm-badge-png]: https://nodei.co/npm/call-bound.png?downloads=true&stars=true
+[license-image]: https://img.shields.io/npm/l/call-bound.svg
+[license-url]: LICENSE
+[downloads-image]: https://img.shields.io/npm/dm/call-bound.svg
+[downloads-url]: https://npm-stat.com/charts.html?package=call-bound
+[codecov-image]: https://codecov.io/gh/ljharb/call-bound/branch/main/graphs/badge.svg
+[codecov-url]: https://app.codecov.io/gh/ljharb/call-bound/
+[actions-image]: https://img.shields.io/endpoint?url=https://github-actions-badge-u3jn4tfpocch.runkit.sh/ljharb/call-bound
+[actions-url]: https://github.com/ljharb/call-bound/actions
diff --git a/src/Servers/ExpressServer/node_modules/call-bound/index.d.ts b/src/Servers/ExpressServer/node_modules/call-bound/index.d.ts
new file mode 100644
index 0000000..5562f00
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/call-bound/index.d.ts
@@ -0,0 +1,94 @@
+type Intrinsic = typeof globalThis;
+
+type IntrinsicName = keyof Intrinsic | `%${keyof Intrinsic}%`;
+
+type IntrinsicPath = IntrinsicName | `${StripPercents<IntrinsicName>}.${string}` | `%${StripPercents<IntrinsicName>}.${string}%`;
+
+type AllowMissing = boolean;
+
+type StripPercents<T extends string> = T extends `%${infer U}%` ? U : T;
+
+type BindMethodPrecise<F> =
+  F extends (this: infer This, ...args: infer Args) => infer R
+  ? (obj: This, ...args: Args) => R
+  : F extends {
+    (this: infer This1, ...args: infer Args1): infer R1;
+    (this: infer This2, ...args: infer Args2): infer R2
+  }
+  ? {
+    (obj: This1, ...args: Args1): R1;
+    (obj: This2, ...args: Args2): R2
+  }
+  : never
+
+// Extract method type from a prototype
+type GetPrototypeMethod<T extends keyof typeof globalThis, M extends string> =
+  (typeof globalThis)[T] extends { prototype: any }
+  ? M extends keyof (typeof globalThis)[T]['prototype']
+  ? (typeof globalThis)[T]['prototype'][M]
+  : never
+  : never
+
+// Get static property/method
+type GetStaticMember<T extends keyof typeof globalThis, P extends string> =
+  P extends keyof (typeof globalThis)[T] ? (typeof globalThis)[T][P] : never
+
+// Type that maps string path to actual bound function or value with better precision
+type BoundIntrinsic<S extends string> =
+  S extends `${infer Obj}.prototype.${infer Method}`
+  ? Obj extends keyof typeof globalThis
+  ? BindMethodPrecise<GetPrototypeMethod<Obj, Method & string>>
+  : unknown
+  : S extends `${infer Obj}.${infer Prop}`
+  ? Obj extends keyof typeof globalThis
+  ? GetStaticMember<Obj, Prop & string>
+  : unknown
+  : unknown
+
+declare function arraySlice<T>(array: readonly T[], start?: number, end?: number): T[];
+declare function arraySlice<T>(array: ArrayLike<T>, start?: number, end?: number): T[];
+declare function arraySlice<T>(array: IArguments, start?: number, end?: number): T[];
+
+// Special cases for methods that need explicit typing
+interface SpecialCases {
+  '%Object.prototype.isPrototypeOf%': (thisArg: {}, obj: unknown) => boolean;
+  '%String.prototype.replace%': {
+    (str: string, searchValue: string | RegExp, replaceValue: string): string;
+    (str: string, searchValue: string | RegExp, replacer: (substring: string, ...args: any[]) => string): string
+  };
+  '%Object.prototype.toString%': (obj: {}) => string;
+  '%Object.prototype.hasOwnProperty%': (obj: {}, v: PropertyKey) => boolean;
+  '%Array.prototype.slice%': typeof arraySlice;
+  '%Array.prototype.map%': <T, U>(array: readonly T[], callbackfn: (value: T, index: number, array: readonly T[]) => U, thisArg?: any) => U[];
+  '%Array.prototype.filter%': <T>(array: readonly T[], predicate: (value: T, index: number, array: readonly T[]) => unknown, thisArg?: any) => T[];
+  '%Array.prototype.indexOf%': <T>(array: readonly T[], searchElement: T, fromIndex?: number) => number;
+  '%Function.prototype.apply%': <T, A extends any[], R>(fn: (...args: A) => R, thisArg: any, args: A) => R;
+  '%Function.prototype.call%': <T, A extends any[], R>(fn: (...args: A) => R, thisArg: any, ...args: A) => R;
+  '%Function.prototype.bind%': <T, A extends any[], R>(fn: (...args: A) => R, thisArg: any, ...args: A) => (...remainingArgs: A) => R;
+  '%Promise.prototype.then%': {
+    <T, R>(promise: Promise<T>, onfulfilled: (value: T) => R | PromiseLike<R>): Promise<R>;
+    <T, R>(promise: Promise<T>, onfulfilled: ((value: T) => R | PromiseLike<R>) | undefined | null, onrejected: (reason: any) => R | PromiseLike<R>): Promise<R>;
+  };
+  '%RegExp.prototype.test%': (regexp: RegExp, str: string) => boolean;
+  '%RegExp.prototype.exec%': (regexp: RegExp, str: string) => RegExpExecArray | null;
+  '%Error.prototype.toString%': (error: Error) => string;
+  '%TypeError.prototype.toString%': (error: TypeError) => string;
+  '%String.prototype.split%': (
+        obj: unknown,
+        splitter: string | RegExp | {
+            [Symbol.split](string: string, limit?: number): string[];
+        },
+        limit?: number | undefined
+    ) => string[];
+}
+
+/**
+ * Returns a bound function for a prototype method, or a value for a static property.
+ *
+ * @param name - The name of the intrinsic (e.g. 'Array.prototype.slice')
+ * @param {AllowMissing} [allowMissing] - Whether to allow missing intrinsics (default: false)
+ */
+declare function callBound<K extends keyof SpecialCases | StripPercents<keyof SpecialCases>, S extends IntrinsicPath>(name: K, allowMissing?: AllowMissing): SpecialCases[`%${StripPercents<K>}%`];
+declare function callBound<K extends keyof SpecialCases | StripPercents<keyof SpecialCases>, S extends IntrinsicPath>(name: S, allowMissing?: AllowMissing): BoundIntrinsic<S>;
+
+export = callBound;
diff --git a/src/Servers/ExpressServer/node_modules/call-bound/index.js b/src/Servers/ExpressServer/node_modules/call-bound/index.js
new file mode 100644
index 0000000..e9ade74
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/call-bound/index.js
@@ -0,0 +1,19 @@
+'use strict';
+
+var GetIntrinsic = require('get-intrinsic');
+
+var callBindBasic = require('call-bind-apply-helpers');
+
+/** @type {(thisArg: string, searchString: string, position?: number) => number} */
+var $indexOf = callBindBasic([GetIntrinsic('%String.prototype.indexOf%')]);
+
+/** @type {import('.')} */
+module.exports = function callBoundIntrinsic(name, allowMissing) {
+	/* eslint no-extra-parens: 0 */
+
+	var intrinsic = /** @type {(this: unknown, ...args: unknown[]) => unknown} */ (GetIntrinsic(name, !!allowMissing));
+	if (typeof intrinsic === 'function' && $indexOf(name, '.prototype.') > -1) {
+		return callBindBasic(/** @type {const} */ ([intrinsic]));
+	}
+	return intrinsic;
+};
diff --git a/src/Servers/ExpressServer/node_modules/call-bound/package.json b/src/Servers/ExpressServer/node_modules/call-bound/package.json
new file mode 100644
index 0000000..d542db4
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/call-bound/package.json
@@ -0,0 +1,99 @@
+{
+	"name": "call-bound",
+	"version": "1.0.4",
+	"description": "Robust call-bound JavaScript intrinsics, using `call-bind` and `get-intrinsic`.",
+	"main": "index.js",
+	"exports": {
+		".": "./index.js",
+		"./package.json": "./package.json"
+	},
+	"sideEffects": false,
+	"scripts": {
+		"prepack": "npmignore --auto --commentLines=auto",
+		"prepublish": "not-in-publish || npm run prepublishOnly",
+		"prepublishOnly": "safe-publish-latest",
+		"prelint": "evalmd README.md",
+		"lint": "eslint --ext=.js,.mjs .",
+		"postlint": "tsc -p . && attw -P",
+		"pretest": "npm run lint",
+		"tests-only": "nyc tape 'test/**/*.js'",
+		"test": "npm run tests-only",
+		"posttest": "npx npm@'>=10.2' audit --production",
+		"version": "auto-changelog && git add CHANGELOG.md",
+		"postversion": "auto-changelog && git add CHANGELOG.md && git commit --no-edit --amend && git tag -f \"v$(node -e \"console.log(require('./package.json').version)\")\""
+	},
+	"repository": {
+		"type": "git",
+		"url": "git+https://github.com/ljharb/call-bound.git"
+	},
+	"keywords": [
+		"javascript",
+		"ecmascript",
+		"es",
+		"js",
+		"callbind",
+		"callbound",
+		"call",
+		"bind",
+		"bound",
+		"call-bind",
+		"call-bound",
+		"function",
+		"es-abstract"
+	],
+	"author": "Jordan Harband <ljharb@gmail.com>",
+	"funding": {
+		"url": "https://github.com/sponsors/ljharb"
+	},
+	"license": "MIT",
+	"bugs": {
+		"url": "https://github.com/ljharb/call-bound/issues"
+	},
+	"homepage": "https://github.com/ljharb/call-bound#readme",
+	"dependencies": {
+		"call-bind-apply-helpers": "^1.0.2",
+		"get-intrinsic": "^1.3.0"
+	},
+	"devDependencies": {
+		"@arethetypeswrong/cli": "^0.17.4",
+		"@ljharb/eslint-config": "^21.1.1",
+		"@ljharb/tsconfig": "^0.3.0",
+		"@types/call-bind": "^1.0.5",
+		"@types/get-intrinsic": "^1.2.3",
+		"@types/tape": "^5.8.1",
+		"auto-changelog": "^2.5.0",
+		"encoding": "^0.1.13",
+		"es-value-fixtures": "^1.7.1",
+		"eslint": "=8.8.0",
+		"evalmd": "^0.0.19",
+		"for-each": "^0.3.5",
+		"gopd": "^1.2.0",
+		"has-strict-mode": "^1.1.0",
+		"in-publish": "^2.0.1",
+		"npmignore": "^0.3.1",
+		"nyc": "^10.3.2",
+		"object-inspect": "^1.13.4",
+		"safe-publish-latest": "^2.0.0",
+		"tape": "^5.9.0",
+		"typescript": "next"
+	},
+	"testling": {
+		"files": "test/index.js"
+	},
+	"auto-changelog": {
+		"output": "CHANGELOG.md",
+		"template": "keepachangelog",
+		"unreleased": false,
+		"commitLimit": false,
+		"backfillLimit": false,
+		"hideCredit": true
+	},
+	"publishConfig": {
+		"ignore": [
+			".github/workflows"
+		]
+	},
+	"engines": {
+		"node": ">= 0.4"
+	}
+}
diff --git a/src/Servers/ExpressServer/node_modules/call-bound/test/index.js b/src/Servers/ExpressServer/node_modules/call-bound/test/index.js
new file mode 100644
index 0000000..a2fc9f0
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/call-bound/test/index.js
@@ -0,0 +1,61 @@
+'use strict';
+
+var test = require('tape');
+
+var callBound = require('../');
+
+/** @template {true} T @template U @typedef {T extends U ? T : never} AssertType */
+
+test('callBound', function (t) {
+	// static primitive
+	t.equal(callBound('Array.length'), Array.length, 'Array.length yields itself');
+	t.equal(callBound('%Array.length%'), Array.length, '%Array.length% yields itself');
+
+	// static non-function object
+	t.equal(callBound('Array.prototype'), Array.prototype, 'Array.prototype yields itself');
+	t.equal(callBound('%Array.prototype%'), Array.prototype, '%Array.prototype% yields itself');
+	t.equal(callBound('Array.constructor'), Array.constructor, 'Array.constructor yields itself');
+	t.equal(callBound('%Array.constructor%'), Array.constructor, '%Array.constructor% yields itself');
+
+	// static function
+	t.equal(callBound('Date.parse'), Date.parse, 'Date.parse yields itself');
+	t.equal(callBound('%Date.parse%'), Date.parse, '%Date.parse% yields itself');
+
+	// prototype primitive
+	t.equal(callBound('Error.prototype.message'), Error.prototype.message, 'Error.prototype.message yields itself');
+	t.equal(callBound('%Error.prototype.message%'), Error.prototype.message, '%Error.prototype.message% yields itself');
+
+	var x = callBound('Object.prototype.toString');
+	var y = callBound('%Object.prototype.toString%');
+
+	// prototype function
+	t.notEqual(x, Object.prototype.toString, 'Object.prototype.toString does not yield itself');
+	t.notEqual(y, Object.prototype.toString, '%Object.prototype.toString% does not yield itself');
+	t.equal(x(true), Object.prototype.toString.call(true), 'call-bound Object.prototype.toString calls into the original');
+	t.equal(y(true), Object.prototype.toString.call(true), 'call-bound %Object.prototype.toString% calls into the original');
+
+	t['throws'](
+		// @ts-expect-error
+		function () { callBound('does not exist'); },
+		SyntaxError,
+		'nonexistent intrinsic throws'
+	);
+	t['throws'](
+		// @ts-expect-error
+		function () { callBound('does not exist', true); },
+		SyntaxError,
+		'allowMissing arg still throws for unknown intrinsic'
+	);
+
+	t.test('real but absent intrinsic', { skip: typeof WeakRef !== 'undefined' }, function (st) {
+		st['throws'](
+			function () { callBound('WeakRef'); },
+			TypeError,
+			'real but absent intrinsic throws'
+		);
+		st.equal(callBound('WeakRef', true), undefined, 'allowMissing arg avoids exception');
+		st.end();
+	});
+
+	t.end();
+});
diff --git a/src/Servers/ExpressServer/node_modules/call-bound/tsconfig.json b/src/Servers/ExpressServer/node_modules/call-bound/tsconfig.json
new file mode 100644
index 0000000..8976d98
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/call-bound/tsconfig.json
@@ -0,0 +1,10 @@
+{
+	"extends": "@ljharb/tsconfig",
+	"compilerOptions": {
+		"target": "ESNext",
+		"lib": ["es2024"],
+	},
+	"exclude": [
+		"coverage",
+	],
+}
diff --git a/src/Servers/ExpressServer/node_modules/content-disposition/HISTORY.md b/src/Servers/ExpressServer/node_modules/content-disposition/HISTORY.md
new file mode 100644
index 0000000..488effa
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/content-disposition/HISTORY.md
@@ -0,0 +1,60 @@
+0.5.4 / 2021-12-10
+==================
+
+  * deps: safe-buffer@5.2.1
+
+0.5.3 / 2018-12-17
+==================
+
+  * Use `safe-buffer` for improved Buffer API
+
+0.5.2 / 2016-12-08
+==================
+
+  * Fix `parse` to accept any linear whitespace character
+
+0.5.1 / 2016-01-17
+==================
+
+  * perf: enable strict mode
+
+0.5.0 / 2014-10-11
+==================
+
+  * Add `parse` function
+
+0.4.0 / 2014-09-21
+==================
+
+  * Expand non-Unicode `filename` to the full ISO-8859-1 charset
+
+0.3.0 / 2014-09-20
+==================
+
+  * Add `fallback` option
+  * Add `type` option
+
+0.2.0 / 2014-09-19
+==================
+
+  * Reduce ambiguity of file names with hex escape in buggy browsers
+
+0.1.2 / 2014-09-19
+==================
+
+  * Fix periodic invalid Unicode filename header
+
+0.1.1 / 2014-09-19
+==================
+
+  * Fix invalid characters appearing in `filename*` parameter
+
+0.1.0 / 2014-09-18
+==================
+
+  * Make the `filename` argument optional
+
+0.0.0 / 2014-09-18
+==================
+
+  * Initial release
diff --git a/src/Servers/ExpressServer/node_modules/content-disposition/LICENSE b/src/Servers/ExpressServer/node_modules/content-disposition/LICENSE
new file mode 100644
index 0000000..84441fb
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/content-disposition/LICENSE
@@ -0,0 +1,22 @@
+(The MIT License)
+
+Copyright (c) 2014-2017 Douglas Christopher Wilson
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/content-disposition/README.md b/src/Servers/ExpressServer/node_modules/content-disposition/README.md
new file mode 100644
index 0000000..3a0bb05
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/content-disposition/README.md
@@ -0,0 +1,142 @@
+# content-disposition
+
+[![NPM Version][npm-image]][npm-url]
+[![NPM Downloads][downloads-image]][downloads-url]
+[![Node.js Version][node-version-image]][node-version-url]
+[![Build Status][github-actions-ci-image]][github-actions-ci-url]
+[![Test Coverage][coveralls-image]][coveralls-url]
+
+Create and parse HTTP `Content-Disposition` header
+
+## Installation
+
+```sh
+$ npm install content-disposition
+```
+
+## API
+
+```js
+var contentDisposition = require('content-disposition')
+```
+
+### contentDisposition(filename, options)
+
+Create an attachment `Content-Disposition` header value using the given file name,
+if supplied. The `filename` is optional and if no file name is desired, but you
+want to specify `options`, set `filename` to `undefined`.
+
+```js
+res.setHeader('Content-Disposition', contentDisposition('∫ maths.pdf'))
+```
+
+**note** HTTP headers are of the ISO-8859-1 character set. If you are writing this
+header through a means different from `setHeader` in Node.js, you'll want to specify
+the `'binary'` encoding in Node.js.
+
+#### Options
+
+`contentDisposition` accepts these properties in the options object.
+
+##### fallback
+
+If the `filename` option is outside ISO-8859-1, then the file name is actually
+stored in a supplemental field for clients that support Unicode file names and
+a ISO-8859-1 version of the file name is automatically generated.
+
+This specifies the ISO-8859-1 file name to override the automatic generation or
+disables the generation all together, defaults to `true`.
+
+  - A string will specify the ISO-8859-1 file name to use in place of automatic
+    generation.
+  - `false` will disable including a ISO-8859-1 file name and only include the
+    Unicode version (unless the file name is already ISO-8859-1).
+  - `true` will enable automatic generation if the file name is outside ISO-8859-1.
+
+If the `filename` option is ISO-8859-1 and this option is specified and has a
+different value, then the `filename` option is encoded in the extended field
+and this set as the fallback field, even though they are both ISO-8859-1.
+
+##### type
+
+Specifies the disposition type, defaults to `"attachment"`. This can also be
+`"inline"`, or any other value (all values except inline are treated like
+`attachment`, but can convey additional information if both parties agree to
+it). The type is normalized to lower-case.
+
+### contentDisposition.parse(string)
+
+```js
+var disposition = contentDisposition.parse('attachment; filename="EURO rates.txt"; filename*=UTF-8\'\'%e2%82%ac%20rates.txt')
+```
+
+Parse a `Content-Disposition` header string. This automatically handles extended
+("Unicode") parameters by decoding them and providing them under the standard
+parameter name. This will return an object with the following properties (examples
+are shown for the string `'attachment; filename="EURO rates.txt"; filename*=UTF-8\'\'%e2%82%ac%20rates.txt'`):
+
+ - `type`: The disposition type (always lower case). Example: `'attachment'`
+
+ - `parameters`: An object of the parameters in the disposition (name of parameter
+   always lower case and extended versions replace non-extended versions). Example:
+   `{filename: "€ rates.txt"}`
+
+## Examples
+
+### Send a file for download
+
+```js
+var contentDisposition = require('content-disposition')
+var destroy = require('destroy')
+var fs = require('fs')
+var http = require('http')
+var onFinished = require('on-finished')
+
+var filePath = '/path/to/public/plans.pdf'
+
+http.createServer(function onRequest (req, res) {
+  // set headers
+  res.setHeader('Content-Type', 'application/pdf')
+  res.setHeader('Content-Disposition', contentDisposition(filePath))
+
+  // send file
+  var stream = fs.createReadStream(filePath)
+  stream.pipe(res)
+  onFinished(res, function () {
+    destroy(stream)
+  })
+})
+```
+
+## Testing
+
+```sh
+$ npm test
+```
+
+## References
+
+- [RFC 2616: Hypertext Transfer Protocol -- HTTP/1.1][rfc-2616]
+- [RFC 5987: Character Set and Language Encoding for Hypertext Transfer Protocol (HTTP) Header Field Parameters][rfc-5987]
+- [RFC 6266: Use of the Content-Disposition Header Field in the Hypertext Transfer Protocol (HTTP)][rfc-6266]
+- [Test Cases for HTTP Content-Disposition header field (RFC 6266) and the Encodings defined in RFCs 2047, 2231 and 5987][tc-2231]
+
+[rfc-2616]: https://tools.ietf.org/html/rfc2616
+[rfc-5987]: https://tools.ietf.org/html/rfc5987
+[rfc-6266]: https://tools.ietf.org/html/rfc6266
+[tc-2231]: http://greenbytes.de/tech/tc2231/
+
+## License
+
+[MIT](LICENSE)
+
+[npm-image]: https://img.shields.io/npm/v/content-disposition.svg
+[npm-url]: https://npmjs.org/package/content-disposition
+[node-version-image]: https://img.shields.io/node/v/content-disposition.svg
+[node-version-url]: https://nodejs.org/en/download
+[coveralls-image]: https://img.shields.io/coveralls/jshttp/content-disposition.svg
+[coveralls-url]: https://coveralls.io/r/jshttp/content-disposition?branch=master
+[downloads-image]: https://img.shields.io/npm/dm/content-disposition.svg
+[downloads-url]: https://npmjs.org/package/content-disposition
+[github-actions-ci-image]: https://img.shields.io/github/workflow/status/jshttp/content-disposition/ci/master?label=ci
+[github-actions-ci-url]: https://github.com/jshttp/content-disposition?query=workflow%3Aci
diff --git a/src/Servers/ExpressServer/node_modules/content-disposition/index.js b/src/Servers/ExpressServer/node_modules/content-disposition/index.js
new file mode 100644
index 0000000..ecec899
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/content-disposition/index.js
@@ -0,0 +1,458 @@
+/*!
+ * content-disposition
+ * Copyright(c) 2014-2017 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict'
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = contentDisposition
+module.exports.parse = parse
+
+/**
+ * Module dependencies.
+ * @private
+ */
+
+var basename = require('path').basename
+var Buffer = require('safe-buffer').Buffer
+
+/**
+ * RegExp to match non attr-char, *after* encodeURIComponent (i.e. not including "%")
+ * @private
+ */
+
+var ENCODE_URL_ATTR_CHAR_REGEXP = /[\x00-\x20"'()*,/:;<=>?@[\\\]{}\x7f]/g // eslint-disable-line no-control-regex
+
+/**
+ * RegExp to match percent encoding escape.
+ * @private
+ */
+
+var HEX_ESCAPE_REGEXP = /%[0-9A-Fa-f]{2}/
+var HEX_ESCAPE_REPLACE_REGEXP = /%([0-9A-Fa-f]{2})/g
+
+/**
+ * RegExp to match non-latin1 characters.
+ * @private
+ */
+
+var NON_LATIN1_REGEXP = /[^\x20-\x7e\xa0-\xff]/g
+
+/**
+ * RegExp to match quoted-pair in RFC 2616
+ *
+ * quoted-pair = "\" CHAR
+ * CHAR        = <any US-ASCII character (octets 0 - 127)>
+ * @private
+ */
+
+var QESC_REGEXP = /\\([\u0000-\u007f])/g // eslint-disable-line no-control-regex
+
+/**
+ * RegExp to match chars that must be quoted-pair in RFC 2616
+ * @private
+ */
+
+var QUOTE_REGEXP = /([\\"])/g
+
+/**
+ * RegExp for various RFC 2616 grammar
+ *
+ * parameter     = token "=" ( token | quoted-string )
+ * token         = 1*<any CHAR except CTLs or separators>
+ * separators    = "(" | ")" | "<" | ">" | "@"
+ *               | "," | ";" | ":" | "\" | <">
+ *               | "/" | "[" | "]" | "?" | "="
+ *               | "{" | "}" | SP | HT
+ * quoted-string = ( <"> *(qdtext | quoted-pair ) <"> )
+ * qdtext        = <any TEXT except <">>
+ * quoted-pair   = "\" CHAR
+ * CHAR          = <any US-ASCII character (octets 0 - 127)>
+ * TEXT          = <any OCTET except CTLs, but including LWS>
+ * LWS           = [CRLF] 1*( SP | HT )
+ * CRLF          = CR LF
+ * CR            = <US-ASCII CR, carriage return (13)>
+ * LF            = <US-ASCII LF, linefeed (10)>
+ * SP            = <US-ASCII SP, space (32)>
+ * HT            = <US-ASCII HT, horizontal-tab (9)>
+ * CTL           = <any US-ASCII control character (octets 0 - 31) and DEL (127)>
+ * OCTET         = <any 8-bit sequence of data>
+ * @private
+ */
+
+var PARAM_REGEXP = /;[\x09\x20]*([!#$%&'*+.0-9A-Z^_`a-z|~-]+)[\x09\x20]*=[\x09\x20]*("(?:[\x20!\x23-\x5b\x5d-\x7e\x80-\xff]|\\[\x20-\x7e])*"|[!#$%&'*+.0-9A-Z^_`a-z|~-]+)[\x09\x20]*/g // eslint-disable-line no-control-regex
+var TEXT_REGEXP = /^[\x20-\x7e\x80-\xff]+$/
+var TOKEN_REGEXP = /^[!#$%&'*+.0-9A-Z^_`a-z|~-]+$/
+
+/**
+ * RegExp for various RFC 5987 grammar
+ *
+ * ext-value     = charset  "'" [ language ] "'" value-chars
+ * charset       = "UTF-8" / "ISO-8859-1" / mime-charset
+ * mime-charset  = 1*mime-charsetc
+ * mime-charsetc = ALPHA / DIGIT
+ *               / "!" / "#" / "$" / "%" / "&"
+ *               / "+" / "-" / "^" / "_" / "`"
+ *               / "{" / "}" / "~"
+ * language      = ( 2*3ALPHA [ extlang ] )
+ *               / 4ALPHA
+ *               / 5*8ALPHA
+ * extlang       = *3( "-" 3ALPHA )
+ * value-chars   = *( pct-encoded / attr-char )
+ * pct-encoded   = "%" HEXDIG HEXDIG
+ * attr-char     = ALPHA / DIGIT
+ *               / "!" / "#" / "$" / "&" / "+" / "-" / "."
+ *               / "^" / "_" / "`" / "|" / "~"
+ * @private
+ */
+
+var EXT_VALUE_REGEXP = /^([A-Za-z0-9!#$%&+\-^_`{}~]+)'(?:[A-Za-z]{2,3}(?:-[A-Za-z]{3}){0,3}|[A-Za-z]{4,8}|)'((?:%[0-9A-Fa-f]{2}|[A-Za-z0-9!#$&+.^_`|~-])+)$/
+
+/**
+ * RegExp for various RFC 6266 grammar
+ *
+ * disposition-type = "inline" | "attachment" | disp-ext-type
+ * disp-ext-type    = token
+ * disposition-parm = filename-parm | disp-ext-parm
+ * filename-parm    = "filename" "=" value
+ *                  | "filename*" "=" ext-value
+ * disp-ext-parm    = token "=" value
+ *                  | ext-token "=" ext-value
+ * ext-token        = <the characters in token, followed by "*">
+ * @private
+ */
+
+var DISPOSITION_TYPE_REGEXP = /^([!#$%&'*+.0-9A-Z^_`a-z|~-]+)[\x09\x20]*(?:$|;)/ // eslint-disable-line no-control-regex
+
+/**
+ * Create an attachment Content-Disposition header.
+ *
+ * @param {string} [filename]
+ * @param {object} [options]
+ * @param {string} [options.type=attachment]
+ * @param {string|boolean} [options.fallback=true]
+ * @return {string}
+ * @public
+ */
+
+function contentDisposition (filename, options) {
+  var opts = options || {}
+
+  // get type
+  var type = opts.type || 'attachment'
+
+  // get parameters
+  var params = createparams(filename, opts.fallback)
+
+  // format into string
+  return format(new ContentDisposition(type, params))
+}
+
+/**
+ * Create parameters object from filename and fallback.
+ *
+ * @param {string} [filename]
+ * @param {string|boolean} [fallback=true]
+ * @return {object}
+ * @private
+ */
+
+function createparams (filename, fallback) {
+  if (filename === undefined) {
+    return
+  }
+
+  var params = {}
+
+  if (typeof filename !== 'string') {
+    throw new TypeError('filename must be a string')
+  }
+
+  // fallback defaults to true
+  if (fallback === undefined) {
+    fallback = true
+  }
+
+  if (typeof fallback !== 'string' && typeof fallback !== 'boolean') {
+    throw new TypeError('fallback must be a string or boolean')
+  }
+
+  if (typeof fallback === 'string' && NON_LATIN1_REGEXP.test(fallback)) {
+    throw new TypeError('fallback must be ISO-8859-1 string')
+  }
+
+  // restrict to file base name
+  var name = basename(filename)
+
+  // determine if name is suitable for quoted string
+  var isQuotedString = TEXT_REGEXP.test(name)
+
+  // generate fallback name
+  var fallbackName = typeof fallback !== 'string'
+    ? fallback && getlatin1(name)
+    : basename(fallback)
+  var hasFallback = typeof fallbackName === 'string' && fallbackName !== name
+
+  // set extended filename parameter
+  if (hasFallback || !isQuotedString || HEX_ESCAPE_REGEXP.test(name)) {
+    params['filename*'] = name
+  }
+
+  // set filename parameter
+  if (isQuotedString || hasFallback) {
+    params.filename = hasFallback
+      ? fallbackName
+      : name
+  }
+
+  return params
+}
+
+/**
+ * Format object to Content-Disposition header.
+ *
+ * @param {object} obj
+ * @param {string} obj.type
+ * @param {object} [obj.parameters]
+ * @return {string}
+ * @private
+ */
+
+function format (obj) {
+  var parameters = obj.parameters
+  var type = obj.type
+
+  if (!type || typeof type !== 'string' || !TOKEN_REGEXP.test(type)) {
+    throw new TypeError('invalid type')
+  }
+
+  // start with normalized type
+  var string = String(type).toLowerCase()
+
+  // append parameters
+  if (parameters && typeof parameters === 'object') {
+    var param
+    var params = Object.keys(parameters).sort()
+
+    for (var i = 0; i < params.length; i++) {
+      param = params[i]
+
+      var val = param.substr(-1) === '*'
+        ? ustring(parameters[param])
+        : qstring(parameters[param])
+
+      string += '; ' + param + '=' + val
+    }
+  }
+
+  return string
+}
+
+/**
+ * Decode a RFC 5987 field value (gracefully).
+ *
+ * @param {string} str
+ * @return {string}
+ * @private
+ */
+
+function decodefield (str) {
+  var match = EXT_VALUE_REGEXP.exec(str)
+
+  if (!match) {
+    throw new TypeError('invalid extended field value')
+  }
+
+  var charset = match[1].toLowerCase()
+  var encoded = match[2]
+  var value
+
+  // to binary string
+  var binary = encoded.replace(HEX_ESCAPE_REPLACE_REGEXP, pdecode)
+
+  switch (charset) {
+    case 'iso-8859-1':
+      value = getlatin1(binary)
+      break
+    case 'utf-8':
+      value = Buffer.from(binary, 'binary').toString('utf8')
+      break
+    default:
+      throw new TypeError('unsupported charset in extended field')
+  }
+
+  return value
+}
+
+/**
+ * Get ISO-8859-1 version of string.
+ *
+ * @param {string} val
+ * @return {string}
+ * @private
+ */
+
+function getlatin1 (val) {
+  // simple Unicode -> ISO-8859-1 transformation
+  return String(val).replace(NON_LATIN1_REGEXP, '?')
+}
+
+/**
+ * Parse Content-Disposition header string.
+ *
+ * @param {string} string
+ * @return {object}
+ * @public
+ */
+
+function parse (string) {
+  if (!string || typeof string !== 'string') {
+    throw new TypeError('argument string is required')
+  }
+
+  var match = DISPOSITION_TYPE_REGEXP.exec(string)
+
+  if (!match) {
+    throw new TypeError('invalid type format')
+  }
+
+  // normalize type
+  var index = match[0].length
+  var type = match[1].toLowerCase()
+
+  var key
+  var names = []
+  var params = {}
+  var value
+
+  // calculate index to start at
+  index = PARAM_REGEXP.lastIndex = match[0].substr(-1) === ';'
+    ? index - 1
+    : index
+
+  // match parameters
+  while ((match = PARAM_REGEXP.exec(string))) {
+    if (match.index !== index) {
+      throw new TypeError('invalid parameter format')
+    }
+
+    index += match[0].length
+    key = match[1].toLowerCase()
+    value = match[2]
+
+    if (names.indexOf(key) !== -1) {
+      throw new TypeError('invalid duplicate parameter')
+    }
+
+    names.push(key)
+
+    if (key.indexOf('*') + 1 === key.length) {
+      // decode extended value
+      key = key.slice(0, -1)
+      value = decodefield(value)
+
+      // overwrite existing value
+      params[key] = value
+      continue
+    }
+
+    if (typeof params[key] === 'string') {
+      continue
+    }
+
+    if (value[0] === '"') {
+      // remove quotes and escapes
+      value = value
+        .substr(1, value.length - 2)
+        .replace(QESC_REGEXP, '$1')
+    }
+
+    params[key] = value
+  }
+
+  if (index !== -1 && index !== string.length) {
+    throw new TypeError('invalid parameter format')
+  }
+
+  return new ContentDisposition(type, params)
+}
+
+/**
+ * Percent decode a single character.
+ *
+ * @param {string} str
+ * @param {string} hex
+ * @return {string}
+ * @private
+ */
+
+function pdecode (str, hex) {
+  return String.fromCharCode(parseInt(hex, 16))
+}
+
+/**
+ * Percent encode a single character.
+ *
+ * @param {string} char
+ * @return {string}
+ * @private
+ */
+
+function pencode (char) {
+  return '%' + String(char)
+    .charCodeAt(0)
+    .toString(16)
+    .toUpperCase()
+}
+
+/**
+ * Quote a string for HTTP.
+ *
+ * @param {string} val
+ * @return {string}
+ * @private
+ */
+
+function qstring (val) {
+  var str = String(val)
+
+  return '"' + str.replace(QUOTE_REGEXP, '\\$1') + '"'
+}
+
+/**
+ * Encode a Unicode string for HTTP (RFC 5987).
+ *
+ * @param {string} val
+ * @return {string}
+ * @private
+ */
+
+function ustring (val) {
+  var str = String(val)
+
+  // percent encode as UTF-8
+  var encoded = encodeURIComponent(str)
+    .replace(ENCODE_URL_ATTR_CHAR_REGEXP, pencode)
+
+  return 'UTF-8\'\'' + encoded
+}
+
+/**
+ * Class for parsed Content-Disposition header for v8 optimization
+ *
+ * @public
+ * @param {string} type
+ * @param {object} parameters
+ * @constructor
+ */
+
+function ContentDisposition (type, parameters) {
+  this.type = type
+  this.parameters = parameters
+}
diff --git a/src/Servers/ExpressServer/node_modules/content-disposition/package.json b/src/Servers/ExpressServer/node_modules/content-disposition/package.json
new file mode 100644
index 0000000..43c70ce
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/content-disposition/package.json
@@ -0,0 +1,44 @@
+{
+  "name": "content-disposition",
+  "description": "Create and parse Content-Disposition header",
+  "version": "0.5.4",
+  "author": "Douglas Christopher Wilson <doug@somethingdoug.com>",
+  "license": "MIT",
+  "keywords": [
+    "content-disposition",
+    "http",
+    "rfc6266",
+    "res"
+  ],
+  "repository": "jshttp/content-disposition",
+  "dependencies": {
+    "safe-buffer": "5.2.1"
+  },
+  "devDependencies": {
+    "deep-equal": "1.0.1",
+    "eslint": "7.32.0",
+    "eslint-config-standard": "13.0.1",
+    "eslint-plugin-import": "2.25.3",
+    "eslint-plugin-markdown": "2.2.1",
+    "eslint-plugin-node": "11.1.0",
+    "eslint-plugin-promise": "5.2.0",
+    "eslint-plugin-standard": "4.1.0",
+    "istanbul": "0.4.5",
+    "mocha": "9.1.3"
+  },
+  "files": [
+    "LICENSE",
+    "HISTORY.md",
+    "README.md",
+    "index.js"
+  ],
+  "engines": {
+    "node": ">= 0.6"
+  },
+  "scripts": {
+    "lint": "eslint .",
+    "test": "mocha --reporter spec --bail --check-leaks test/",
+    "test-ci": "istanbul cover node_modules/mocha/bin/_mocha --report lcovonly -- --reporter spec --check-leaks test/",
+    "test-cov": "istanbul cover node_modules/mocha/bin/_mocha -- --reporter dot --check-leaks test/"
+  }
+}
diff --git a/src/Servers/ExpressServer/node_modules/content-type/HISTORY.md b/src/Servers/ExpressServer/node_modules/content-type/HISTORY.md
new file mode 100644
index 0000000..4583671
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/content-type/HISTORY.md
@@ -0,0 +1,29 @@
+1.0.5 / 2023-01-29
+==================
+
+  * perf: skip value escaping when unnecessary
+
+1.0.4 / 2017-09-11
+==================
+
+  * perf: skip parameter parsing when no parameters
+
+1.0.3 / 2017-09-10
+==================
+
+  * perf: remove argument reassignment
+
+1.0.2 / 2016-05-09
+==================
+
+  * perf: enable strict mode
+
+1.0.1 / 2015-02-13
+==================
+
+  * Improve missing `Content-Type` header error message
+
+1.0.0 / 2015-02-01
+==================
+
+  * Initial implementation, derived from `media-typer@0.3.0`
diff --git a/src/Servers/ExpressServer/node_modules/content-type/LICENSE b/src/Servers/ExpressServer/node_modules/content-type/LICENSE
new file mode 100644
index 0000000..34b1a2d
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/content-type/LICENSE
@@ -0,0 +1,22 @@
+(The MIT License)
+
+Copyright (c) 2015 Douglas Christopher Wilson
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/content-type/README.md b/src/Servers/ExpressServer/node_modules/content-type/README.md
new file mode 100644
index 0000000..c1a922a
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/content-type/README.md
@@ -0,0 +1,94 @@
+# content-type
+
+[![NPM Version][npm-version-image]][npm-url]
+[![NPM Downloads][npm-downloads-image]][npm-url]
+[![Node.js Version][node-image]][node-url]
+[![Build Status][ci-image]][ci-url]
+[![Coverage Status][coveralls-image]][coveralls-url]
+
+Create and parse HTTP Content-Type header according to RFC 7231
+
+## Installation
+
+```sh
+$ npm install content-type
+```
+
+## API
+
+```js
+var contentType = require('content-type')
+```
+
+### contentType.parse(string)
+
+```js
+var obj = contentType.parse('image/svg+xml; charset=utf-8')
+```
+
+Parse a `Content-Type` header. This will return an object with the following
+properties (examples are shown for the string `'image/svg+xml; charset=utf-8'`):
+
+ - `type`: The media type (the type and subtype, always lower case).
+   Example: `'image/svg+xml'`
+
+ - `parameters`: An object of the parameters in the media type (name of parameter
+   always lower case). Example: `{charset: 'utf-8'}`
+
+Throws a `TypeError` if the string is missing or invalid.
+
+### contentType.parse(req)
+
+```js
+var obj = contentType.parse(req)
+```
+
+Parse the `Content-Type` header from the given `req`. Short-cut for
+`contentType.parse(req.headers['content-type'])`.
+
+Throws a `TypeError` if the `Content-Type` header is missing or invalid.
+
+### contentType.parse(res)
+
+```js
+var obj = contentType.parse(res)
+```
+
+Parse the `Content-Type` header set on the given `res`. Short-cut for
+`contentType.parse(res.getHeader('content-type'))`.
+
+Throws a `TypeError` if the `Content-Type` header is missing or invalid.
+
+### contentType.format(obj)
+
+```js
+var str = contentType.format({
+  type: 'image/svg+xml',
+  parameters: { charset: 'utf-8' }
+})
+```
+
+Format an object into a `Content-Type` header. This will return a string of the
+content type for the given object with the following properties (examples are
+shown that produce the string `'image/svg+xml; charset=utf-8'`):
+
+ - `type`: The media type (will be lower-cased). Example: `'image/svg+xml'`
+
+ - `parameters`: An object of the parameters in the media type (name of the
+   parameter will be lower-cased). Example: `{charset: 'utf-8'}`
+
+Throws a `TypeError` if the object contains an invalid type or parameter names.
+
+## License
+
+[MIT](LICENSE)
+
+[ci-image]: https://badgen.net/github/checks/jshttp/content-type/master?label=ci
+[ci-url]: https://github.com/jshttp/content-type/actions/workflows/ci.yml
+[coveralls-image]: https://badgen.net/coveralls/c/github/jshttp/content-type/master
+[coveralls-url]: https://coveralls.io/r/jshttp/content-type?branch=master
+[node-image]: https://badgen.net/npm/node/content-type
+[node-url]: https://nodejs.org/en/download
+[npm-downloads-image]: https://badgen.net/npm/dm/content-type
+[npm-url]: https://npmjs.org/package/content-type
+[npm-version-image]: https://badgen.net/npm/v/content-type
diff --git a/src/Servers/ExpressServer/node_modules/content-type/index.js b/src/Servers/ExpressServer/node_modules/content-type/index.js
new file mode 100644
index 0000000..41840e7
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/content-type/index.js
@@ -0,0 +1,225 @@
+/*!
+ * content-type
+ * Copyright(c) 2015 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict'
+
+/**
+ * RegExp to match *( ";" parameter ) in RFC 7231 sec 3.1.1.1
+ *
+ * parameter     = token "=" ( token / quoted-string )
+ * token         = 1*tchar
+ * tchar         = "!" / "#" / "$" / "%" / "&" / "'" / "*"
+ *               / "+" / "-" / "." / "^" / "_" / "`" / "|" / "~"
+ *               / DIGIT / ALPHA
+ *               ; any VCHAR, except delimiters
+ * quoted-string = DQUOTE *( qdtext / quoted-pair ) DQUOTE
+ * qdtext        = HTAB / SP / %x21 / %x23-5B / %x5D-7E / obs-text
+ * obs-text      = %x80-FF
+ * quoted-pair   = "\" ( HTAB / SP / VCHAR / obs-text )
+ */
+var PARAM_REGEXP = /; *([!#$%&'*+.^_`|~0-9A-Za-z-]+) *= *("(?:[\u000b\u0020\u0021\u0023-\u005b\u005d-\u007e\u0080-\u00ff]|\\[\u000b\u0020-\u00ff])*"|[!#$%&'*+.^_`|~0-9A-Za-z-]+) */g // eslint-disable-line no-control-regex
+var TEXT_REGEXP = /^[\u000b\u0020-\u007e\u0080-\u00ff]+$/ // eslint-disable-line no-control-regex
+var TOKEN_REGEXP = /^[!#$%&'*+.^_`|~0-9A-Za-z-]+$/
+
+/**
+ * RegExp to match quoted-pair in RFC 7230 sec 3.2.6
+ *
+ * quoted-pair = "\" ( HTAB / SP / VCHAR / obs-text )
+ * obs-text    = %x80-FF
+ */
+var QESC_REGEXP = /\\([\u000b\u0020-\u00ff])/g // eslint-disable-line no-control-regex
+
+/**
+ * RegExp to match chars that must be quoted-pair in RFC 7230 sec 3.2.6
+ */
+var QUOTE_REGEXP = /([\\"])/g
+
+/**
+ * RegExp to match type in RFC 7231 sec 3.1.1.1
+ *
+ * media-type = type "/" subtype
+ * type       = token
+ * subtype    = token
+ */
+var TYPE_REGEXP = /^[!#$%&'*+.^_`|~0-9A-Za-z-]+\/[!#$%&'*+.^_`|~0-9A-Za-z-]+$/
+
+/**
+ * Module exports.
+ * @public
+ */
+
+exports.format = format
+exports.parse = parse
+
+/**
+ * Format object to media type.
+ *
+ * @param {object} obj
+ * @return {string}
+ * @public
+ */
+
+function format (obj) {
+  if (!obj || typeof obj !== 'object') {
+    throw new TypeError('argument obj is required')
+  }
+
+  var parameters = obj.parameters
+  var type = obj.type
+
+  if (!type || !TYPE_REGEXP.test(type)) {
+    throw new TypeError('invalid type')
+  }
+
+  var string = type
+
+  // append parameters
+  if (parameters && typeof parameters === 'object') {
+    var param
+    var params = Object.keys(parameters).sort()
+
+    for (var i = 0; i < params.length; i++) {
+      param = params[i]
+
+      if (!TOKEN_REGEXP.test(param)) {
+        throw new TypeError('invalid parameter name')
+      }
+
+      string += '; ' + param + '=' + qstring(parameters[param])
+    }
+  }
+
+  return string
+}
+
+/**
+ * Parse media type to object.
+ *
+ * @param {string|object} string
+ * @return {Object}
+ * @public
+ */
+
+function parse (string) {
+  if (!string) {
+    throw new TypeError('argument string is required')
+  }
+
+  // support req/res-like objects as argument
+  var header = typeof string === 'object'
+    ? getcontenttype(string)
+    : string
+
+  if (typeof header !== 'string') {
+    throw new TypeError('argument string is required to be a string')
+  }
+
+  var index = header.indexOf(';')
+  var type = index !== -1
+    ? header.slice(0, index).trim()
+    : header.trim()
+
+  if (!TYPE_REGEXP.test(type)) {
+    throw new TypeError('invalid media type')
+  }
+
+  var obj = new ContentType(type.toLowerCase())
+
+  // parse parameters
+  if (index !== -1) {
+    var key
+    var match
+    var value
+
+    PARAM_REGEXP.lastIndex = index
+
+    while ((match = PARAM_REGEXP.exec(header))) {
+      if (match.index !== index) {
+        throw new TypeError('invalid parameter format')
+      }
+
+      index += match[0].length
+      key = match[1].toLowerCase()
+      value = match[2]
+
+      if (value.charCodeAt(0) === 0x22 /* " */) {
+        // remove quotes
+        value = value.slice(1, -1)
+
+        // remove escapes
+        if (value.indexOf('\\') !== -1) {
+          value = value.replace(QESC_REGEXP, '$1')
+        }
+      }
+
+      obj.parameters[key] = value
+    }
+
+    if (index !== header.length) {
+      throw new TypeError('invalid parameter format')
+    }
+  }
+
+  return obj
+}
+
+/**
+ * Get content-type from req/res objects.
+ *
+ * @param {object}
+ * @return {Object}
+ * @private
+ */
+
+function getcontenttype (obj) {
+  var header
+
+  if (typeof obj.getHeader === 'function') {
+    // res-like
+    header = obj.getHeader('content-type')
+  } else if (typeof obj.headers === 'object') {
+    // req-like
+    header = obj.headers && obj.headers['content-type']
+  }
+
+  if (typeof header !== 'string') {
+    throw new TypeError('content-type header is missing from object')
+  }
+
+  return header
+}
+
+/**
+ * Quote a string if necessary.
+ *
+ * @param {string} val
+ * @return {string}
+ * @private
+ */
+
+function qstring (val) {
+  var str = String(val)
+
+  // no need to quote tokens
+  if (TOKEN_REGEXP.test(str)) {
+    return str
+  }
+
+  if (str.length > 0 && !TEXT_REGEXP.test(str)) {
+    throw new TypeError('invalid parameter value')
+  }
+
+  return '"' + str.replace(QUOTE_REGEXP, '\\$1') + '"'
+}
+
+/**
+ * Class to represent a content type.
+ * @private
+ */
+function ContentType (type) {
+  this.parameters = Object.create(null)
+  this.type = type
+}
diff --git a/src/Servers/ExpressServer/node_modules/content-type/package.json b/src/Servers/ExpressServer/node_modules/content-type/package.json
new file mode 100644
index 0000000..9db19f6
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/content-type/package.json
@@ -0,0 +1,42 @@
+{
+  "name": "content-type",
+  "description": "Create and parse HTTP Content-Type header",
+  "version": "1.0.5",
+  "author": "Douglas Christopher Wilson <doug@somethingdoug.com>",
+  "license": "MIT",
+  "keywords": [
+    "content-type",
+    "http",
+    "req",
+    "res",
+    "rfc7231"
+  ],
+  "repository": "jshttp/content-type",
+  "devDependencies": {
+    "deep-equal": "1.0.1",
+    "eslint": "8.32.0",
+    "eslint-config-standard": "15.0.1",
+    "eslint-plugin-import": "2.27.5",
+    "eslint-plugin-node": "11.1.0",
+    "eslint-plugin-promise": "6.1.1",
+    "eslint-plugin-standard": "4.1.0",
+    "mocha": "10.2.0",
+    "nyc": "15.1.0"
+  },
+  "files": [
+    "LICENSE",
+    "HISTORY.md",
+    "README.md",
+    "index.js"
+  ],
+  "engines": {
+    "node": ">= 0.6"
+  },
+  "scripts": {
+    "lint": "eslint .",
+    "test": "mocha --reporter spec --check-leaks --bail test/",
+    "test-ci": "nyc --reporter=lcovonly --reporter=text npm test",
+    "test-cov": "nyc --reporter=html --reporter=text npm test",
+    "version": "node scripts/version-history.js && git add HISTORY.md"
+  }
+}
diff --git a/src/Servers/ExpressServer/node_modules/cookie-signature/History.md b/src/Servers/ExpressServer/node_modules/cookie-signature/History.md
new file mode 100644
index 0000000..bcf8cc9
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/cookie-signature/History.md
@@ -0,0 +1,42 @@
+1.0.7 / 2023-04-12
+==================
+
+* backport the buffer support from the 1.2.x release branch (thanks @FadhiliNjagi!)
+
+1.0.6 / 2015-02-03
+==================
+
+* use `npm test` instead of `make test` to run tests
+* clearer assertion messages when checking input
+
+1.0.5 / 2014-09-05
+==================
+
+* add license to package.json
+
+1.0.4 / 2014-06-25
+==================
+
+ * corrected avoidance of timing attacks (thanks @tenbits!)
+
+1.0.3 / 2014-01-28
+==================
+
+ * [incorrect] fix for timing attacks
+
+1.0.2 / 2014-01-28
+==================
+
+ * fix missing repository warning
+ * fix typo in test
+
+1.0.1 / 2013-04-15
+==================
+
+  * Revert "Changed underlying HMAC algo. to sha512."
+  * Revert "Fix for timing attacks on MAC verification."
+
+0.0.1 / 2010-01-03
+==================
+
+  * Initial release
diff --git a/src/Servers/ExpressServer/node_modules/cookie-signature/Readme.md b/src/Servers/ExpressServer/node_modules/cookie-signature/Readme.md
new file mode 100644
index 0000000..2559e84
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/cookie-signature/Readme.md
@@ -0,0 +1,42 @@
+
+# cookie-signature
+
+  Sign and unsign cookies.
+
+## Example
+
+```js
+var cookie = require('cookie-signature');
+
+var val = cookie.sign('hello', 'tobiiscool');
+val.should.equal('hello.DGDUkGlIkCzPz+C0B064FNgHdEjox7ch8tOBGslZ5QI');
+
+var val = cookie.sign('hello', 'tobiiscool');
+cookie.unsign(val, 'tobiiscool').should.equal('hello');
+cookie.unsign(val, 'luna').should.be.false;
+```
+
+## License 
+
+(The MIT License)
+
+Copyright (c) 2012 LearnBoost &lt;tj@learnboost.com&gt;
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/cookie-signature/index.js b/src/Servers/ExpressServer/node_modules/cookie-signature/index.js
new file mode 100644
index 0000000..336d487
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/cookie-signature/index.js
@@ -0,0 +1,51 @@
+/**
+ * Module dependencies.
+ */
+
+var crypto = require('crypto');
+
+/**
+ * Sign the given `val` with `secret`.
+ *
+ * @param {String} val
+ * @param {String|NodeJS.ArrayBufferView|crypto.KeyObject} secret
+ * @return {String}
+ * @api private
+ */
+
+exports.sign = function(val, secret){
+  if ('string' !== typeof val) throw new TypeError("Cookie value must be provided as a string.");
+  if (null == secret) throw new TypeError("Secret key must be provided.");
+  return val + '.' + crypto
+    .createHmac('sha256', secret)
+    .update(val)
+    .digest('base64')
+    .replace(/\=+$/, '');
+};
+
+/**
+ * Unsign and decode the given `val` with `secret`,
+ * returning `false` if the signature is invalid.
+ *
+ * @param {String} val
+ * @param {String|NodeJS.ArrayBufferView|crypto.KeyObject} secret
+ * @return {String|Boolean}
+ * @api private
+ */
+
+exports.unsign = function(val, secret){
+  if ('string' !== typeof val) throw new TypeError("Signed cookie string must be provided.");
+  if (null == secret) throw new TypeError("Secret key must be provided.");
+  var str = val.slice(0, val.lastIndexOf('.'))
+    , mac = exports.sign(str, secret);
+  
+  return sha1(mac) == sha1(val) ? str : false;
+};
+
+/**
+ * Private
+ */
+
+function sha1(str){
+  return crypto.createHash('sha1').update(str).digest('hex');
+}
diff --git a/src/Servers/ExpressServer/node_modules/cookie-signature/package.json b/src/Servers/ExpressServer/node_modules/cookie-signature/package.json
new file mode 100644
index 0000000..738487b
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/cookie-signature/package.json
@@ -0,0 +1,18 @@
+{
+  "name": "cookie-signature",
+  "version": "1.0.7",
+  "description": "Sign and unsign cookies",
+  "keywords": ["cookie", "sign", "unsign"],
+  "author": "TJ Holowaychuk <tj@learnboost.com>",
+  "license": "MIT",
+  "repository": { "type": "git", "url": "https://github.com/visionmedia/node-cookie-signature.git"},
+  "dependencies": {},
+  "devDependencies": {
+    "mocha": "*",
+    "should": "*"
+  },
+  "scripts": {
+    "test": "mocha --require should --reporter spec"
+  },
+  "main": "index"
+}
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/cookie/LICENSE b/src/Servers/ExpressServer/node_modules/cookie/LICENSE
new file mode 100644
index 0000000..058b6b4
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/cookie/LICENSE
@@ -0,0 +1,24 @@
+(The MIT License)
+
+Copyright (c) 2012-2014 Roman Shtylman <shtylman@gmail.com>
+Copyright (c) 2015 Douglas Christopher Wilson <doug@somethingdoug.com>
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
diff --git a/src/Servers/ExpressServer/node_modules/cookie/README.md b/src/Servers/ExpressServer/node_modules/cookie/README.md
new file mode 100644
index 0000000..71fdac1
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/cookie/README.md
@@ -0,0 +1,317 @@
+# cookie
+
+[![NPM Version][npm-version-image]][npm-url]
+[![NPM Downloads][npm-downloads-image]][npm-url]
+[![Node.js Version][node-image]][node-url]
+[![Build Status][ci-image]][ci-url]
+[![Coverage Status][coveralls-image]][coveralls-url]
+
+Basic HTTP cookie parser and serializer for HTTP servers.
+
+## Installation
+
+This is a [Node.js](https://nodejs.org/en/) module available through the
+[npm registry](https://www.npmjs.com/). Installation is done using the
+[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
+
+```sh
+$ npm install cookie
+```
+
+## API
+
+```js
+var cookie = require('cookie');
+```
+
+### cookie.parse(str, options)
+
+Parse an HTTP `Cookie` header string and returning an object of all cookie name-value pairs.
+The `str` argument is the string representing a `Cookie` header value and `options` is an
+optional object containing additional parsing options.
+
+```js
+var cookies = cookie.parse('foo=bar; equation=E%3Dmc%5E2');
+// { foo: 'bar', equation: 'E=mc^2' }
+```
+
+#### Options
+
+`cookie.parse` accepts these properties in the options object.
+
+##### decode
+
+Specifies a function that will be used to decode a cookie's value. Since the value of a cookie
+has a limited character set (and must be a simple string), this function can be used to decode
+a previously-encoded cookie value into a JavaScript string or other object.
+
+The default function is the global `decodeURIComponent`, which will decode any URL-encoded
+sequences into their byte representations.
+
+**note** if an error is thrown from this function, the original, non-decoded cookie value will
+be returned as the cookie's value.
+
+### cookie.serialize(name, value, options)
+
+Serialize a cookie name-value pair into a `Set-Cookie` header string. The `name` argument is the
+name for the cookie, the `value` argument is the value to set the cookie to, and the `options`
+argument is an optional object containing additional serialization options.
+
+```js
+var setCookie = cookie.serialize('foo', 'bar');
+// foo=bar
+```
+
+#### Options
+
+`cookie.serialize` accepts these properties in the options object.
+
+##### domain
+
+Specifies the value for the [`Domain` `Set-Cookie` attribute][rfc-6265-5.2.3]. By default, no
+domain is set, and most clients will consider the cookie to apply to only the current domain.
+
+##### encode
+
+Specifies a function that will be used to encode a cookie's value. Since value of a cookie
+has a limited character set (and must be a simple string), this function can be used to encode
+a value into a string suited for a cookie's value.
+
+The default function is the global `encodeURIComponent`, which will encode a JavaScript string
+into UTF-8 byte sequences and then URL-encode any that fall outside of the cookie range.
+
+##### expires
+
+Specifies the `Date` object to be the value for the [`Expires` `Set-Cookie` attribute][rfc-6265-5.2.1].
+By default, no expiration is set, and most clients will consider this a "non-persistent cookie" and
+will delete it on a condition like exiting a web browser application.
+
+**note** the [cookie storage model specification][rfc-6265-5.3] states that if both `expires` and
+`maxAge` are set, then `maxAge` takes precedence, but it is possible not all clients by obey this,
+so if both are set, they should point to the same date and time.
+
+##### httpOnly
+
+Specifies the `boolean` value for the [`HttpOnly` `Set-Cookie` attribute][rfc-6265-5.2.6]. When truthy,
+the `HttpOnly` attribute is set, otherwise it is not. By default, the `HttpOnly` attribute is not set.
+
+**note** be careful when setting this to `true`, as compliant clients will not allow client-side
+JavaScript to see the cookie in `document.cookie`.
+
+##### maxAge
+
+Specifies the `number` (in seconds) to be the value for the [`Max-Age` `Set-Cookie` attribute][rfc-6265-5.2.2].
+The given number will be converted to an integer by rounding down. By default, no maximum age is set.
+
+**note** the [cookie storage model specification][rfc-6265-5.3] states that if both `expires` and
+`maxAge` are set, then `maxAge` takes precedence, but it is possible not all clients by obey this,
+so if both are set, they should point to the same date and time.
+
+##### partitioned
+
+Specifies the `boolean` value for the [`Partitioned` `Set-Cookie`](rfc-cutler-httpbis-partitioned-cookies)
+attribute. When truthy, the `Partitioned` attribute is set, otherwise it is not. By default, the
+`Partitioned` attribute is not set.
+
+**note** This is an attribute that has not yet been fully standardized, and may change in the future.
+This also means many clients may ignore this attribute until they understand it.
+
+More information about can be found in [the proposal](https://github.com/privacycg/CHIPS).
+
+##### path
+
+Specifies the value for the [`Path` `Set-Cookie` attribute][rfc-6265-5.2.4]. By default, the path
+is considered the ["default path"][rfc-6265-5.1.4].
+
+##### priority
+
+Specifies the `string` to be the value for the [`Priority` `Set-Cookie` attribute][rfc-west-cookie-priority-00-4.1].
+
+  - `'low'` will set the `Priority` attribute to `Low`.
+  - `'medium'` will set the `Priority` attribute to `Medium`, the default priority when not set.
+  - `'high'` will set the `Priority` attribute to `High`.
+
+More information about the different priority levels can be found in
+[the specification][rfc-west-cookie-priority-00-4.1].
+
+**note** This is an attribute that has not yet been fully standardized, and may change in the future.
+This also means many clients may ignore this attribute until they understand it.
+
+##### sameSite
+
+Specifies the `boolean` or `string` to be the value for the [`SameSite` `Set-Cookie` attribute][rfc-6265bis-09-5.4.7].
+
+  - `true` will set the `SameSite` attribute to `Strict` for strict same site enforcement.
+  - `false` will not set the `SameSite` attribute.
+  - `'lax'` will set the `SameSite` attribute to `Lax` for lax same site enforcement.
+  - `'none'` will set the `SameSite` attribute to `None` for an explicit cross-site cookie.
+  - `'strict'` will set the `SameSite` attribute to `Strict` for strict same site enforcement.
+
+More information about the different enforcement levels can be found in
+[the specification][rfc-6265bis-09-5.4.7].
+
+**note** This is an attribute that has not yet been fully standardized, and may change in the future.
+This also means many clients may ignore this attribute until they understand it.
+
+##### secure
+
+Specifies the `boolean` value for the [`Secure` `Set-Cookie` attribute][rfc-6265-5.2.5]. When truthy,
+the `Secure` attribute is set, otherwise it is not. By default, the `Secure` attribute is not set.
+
+**note** be careful when setting this to `true`, as compliant clients will not send the cookie back to
+the server in the future if the browser does not have an HTTPS connection.
+
+## Example
+
+The following example uses this module in conjunction with the Node.js core HTTP server
+to prompt a user for their name and display it back on future visits.
+
+```js
+var cookie = require('cookie');
+var escapeHtml = require('escape-html');
+var http = require('http');
+var url = require('url');
+
+function onRequest(req, res) {
+  // Parse the query string
+  var query = url.parse(req.url, true, true).query;
+
+  if (query && query.name) {
+    // Set a new cookie with the name
+    res.setHeader('Set-Cookie', cookie.serialize('name', String(query.name), {
+      httpOnly: true,
+      maxAge: 60 * 60 * 24 * 7 // 1 week
+    }));
+
+    // Redirect back after setting cookie
+    res.statusCode = 302;
+    res.setHeader('Location', req.headers.referer || '/');
+    res.end();
+    return;
+  }
+
+  // Parse the cookies on the request
+  var cookies = cookie.parse(req.headers.cookie || '');
+
+  // Get the visitor name set in the cookie
+  var name = cookies.name;
+
+  res.setHeader('Content-Type', 'text/html; charset=UTF-8');
+
+  if (name) {
+    res.write('<p>Welcome back, <b>' + escapeHtml(name) + '</b>!</p>');
+  } else {
+    res.write('<p>Hello, new visitor!</p>');
+  }
+
+  res.write('<form method="GET">');
+  res.write('<input placeholder="enter your name" name="name"> <input type="submit" value="Set Name">');
+  res.end('</form>');
+}
+
+http.createServer(onRequest).listen(3000);
+```
+
+## Testing
+
+```sh
+$ npm test
+```
+
+## Benchmark
+
+```
+$ npm run bench
+
+> cookie@0.5.0 bench
+> node benchmark/index.js
+
+  node@18.18.2
+  acorn@8.10.0
+  ada@2.6.0
+  ares@1.19.1
+  brotli@1.0.9
+  cldr@43.1
+  icu@73.2
+  llhttp@6.0.11
+  modules@108
+  napi@9
+  nghttp2@1.57.0
+  nghttp3@0.7.0
+  ngtcp2@0.8.1
+  openssl@3.0.10+quic
+  simdutf@3.2.14
+  tz@2023c
+  undici@5.26.3
+  unicode@15.0
+  uv@1.44.2
+  uvwasi@0.0.18
+  v8@10.2.154.26-node.26
+  zlib@1.2.13.1-motley
+
+> node benchmark/parse-top.js
+
+  cookie.parse - top sites
+
+  14 tests completed.
+
+  parse accounts.google.com x 2,588,913 ops/sec ±0.74% (186 runs sampled)
+  parse apple.com           x 2,370,002 ops/sec ±0.69% (186 runs sampled)
+  parse cloudflare.com      x 2,213,102 ops/sec ±0.88% (188 runs sampled)
+  parse docs.google.com     x 2,194,157 ops/sec ±1.03% (184 runs sampled)
+  parse drive.google.com    x 2,265,084 ops/sec ±0.79% (187 runs sampled)
+  parse en.wikipedia.org    x   457,099 ops/sec ±0.81% (186 runs sampled)
+  parse linkedin.com        x   504,407 ops/sec ±0.89% (186 runs sampled)
+  parse maps.google.com     x 1,230,959 ops/sec ±0.98% (186 runs sampled)
+  parse microsoft.com       x   926,294 ops/sec ±0.88% (184 runs sampled)
+  parse play.google.com     x 2,311,338 ops/sec ±0.83% (185 runs sampled)
+  parse support.google.com  x 1,508,850 ops/sec ±0.86% (186 runs sampled)
+  parse www.google.com      x 1,022,582 ops/sec ±1.32% (182 runs sampled)
+  parse youtu.be            x   332,136 ops/sec ±1.02% (185 runs sampled)
+  parse youtube.com         x   323,833 ops/sec ±0.77% (183 runs sampled)
+
+> node benchmark/parse.js
+
+  cookie.parse - generic
+
+  6 tests completed.
+
+  simple      x 3,214,032 ops/sec ±1.61% (183 runs sampled)
+  decode      x   587,237 ops/sec ±1.16% (187 runs sampled)
+  unquote     x 2,954,618 ops/sec ±1.35% (183 runs sampled)
+  duplicates  x   857,008 ops/sec ±0.89% (187 runs sampled)
+  10 cookies  x   292,133 ops/sec ±0.89% (187 runs sampled)
+  100 cookies x    22,610 ops/sec ±0.68% (187 runs sampled)
+```
+
+## References
+
+- [RFC 6265: HTTP State Management Mechanism][rfc-6265]
+- [Same-site Cookies][rfc-6265bis-09-5.4.7]
+
+[rfc-cutler-httpbis-partitioned-cookies]: https://tools.ietf.org/html/draft-cutler-httpbis-partitioned-cookies/
+[rfc-west-cookie-priority-00-4.1]: https://tools.ietf.org/html/draft-west-cookie-priority-00#section-4.1
+[rfc-6265bis-09-5.4.7]: https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-09#section-5.4.7
+[rfc-6265]: https://tools.ietf.org/html/rfc6265
+[rfc-6265-5.1.4]: https://tools.ietf.org/html/rfc6265#section-5.1.4
+[rfc-6265-5.2.1]: https://tools.ietf.org/html/rfc6265#section-5.2.1
+[rfc-6265-5.2.2]: https://tools.ietf.org/html/rfc6265#section-5.2.2
+[rfc-6265-5.2.3]: https://tools.ietf.org/html/rfc6265#section-5.2.3
+[rfc-6265-5.2.4]: https://tools.ietf.org/html/rfc6265#section-5.2.4
+[rfc-6265-5.2.5]: https://tools.ietf.org/html/rfc6265#section-5.2.5
+[rfc-6265-5.2.6]: https://tools.ietf.org/html/rfc6265#section-5.2.6
+[rfc-6265-5.3]: https://tools.ietf.org/html/rfc6265#section-5.3
+
+## License
+
+[MIT](LICENSE)
+
+[ci-image]: https://badgen.net/github/checks/jshttp/cookie/master?label=ci
+[ci-url]: https://github.com/jshttp/cookie/actions/workflows/ci.yml
+[coveralls-image]: https://badgen.net/coveralls/c/github/jshttp/cookie/master
+[coveralls-url]: https://coveralls.io/r/jshttp/cookie?branch=master
+[node-image]: https://badgen.net/npm/node/cookie
+[node-url]: https://nodejs.org/en/download
+[npm-downloads-image]: https://badgen.net/npm/dm/cookie
+[npm-url]: https://npmjs.org/package/cookie
+[npm-version-image]: https://badgen.net/npm/v/cookie
diff --git a/src/Servers/ExpressServer/node_modules/cookie/SECURITY.md b/src/Servers/ExpressServer/node_modules/cookie/SECURITY.md
new file mode 100644
index 0000000..fd4a6c5
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/cookie/SECURITY.md
@@ -0,0 +1,25 @@
+# Security Policies and Procedures
+
+## Reporting a Bug
+
+The `cookie` team and community take all security bugs seriously. Thank
+you for improving the security of the project. We appreciate your efforts and
+responsible disclosure and will make every effort to acknowledge your
+contributions.
+
+Report security bugs by emailing the current owner(s) of `cookie`. This
+information can be found in the npm registry using the command
+`npm owner ls cookie`.
+If unsure or unable to get the information from the above, open an issue
+in the [project issue tracker](https://github.com/jshttp/cookie/issues)
+asking for the current contact information.
+
+To ensure the timely response to your report, please ensure that the entirety
+of the report is contained within the email body and not solely behind a web
+link or an attachment.
+
+At least one owner will acknowledge your email within 48 hours, and will send a
+more detailed response within 48 hours indicating the next steps in handling
+your report. After the initial reply to your report, the owners will
+endeavor to keep you informed of the progress towards a fix and full
+announcement, and may ask for additional information or guidance.
diff --git a/src/Servers/ExpressServer/node_modules/cookie/index.js b/src/Servers/ExpressServer/node_modules/cookie/index.js
new file mode 100644
index 0000000..acd5acd
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/cookie/index.js
@@ -0,0 +1,335 @@
+/*!
+ * cookie
+ * Copyright(c) 2012-2014 Roman Shtylman
+ * Copyright(c) 2015 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict';
+
+/**
+ * Module exports.
+ * @public
+ */
+
+exports.parse = parse;
+exports.serialize = serialize;
+
+/**
+ * Module variables.
+ * @private
+ */
+
+var __toString = Object.prototype.toString
+var __hasOwnProperty = Object.prototype.hasOwnProperty
+
+/**
+ * RegExp to match cookie-name in RFC 6265 sec 4.1.1
+ * This refers out to the obsoleted definition of token in RFC 2616 sec 2.2
+ * which has been replaced by the token definition in RFC 7230 appendix B.
+ *
+ * cookie-name       = token
+ * token             = 1*tchar
+ * tchar             = "!" / "#" / "$" / "%" / "&" / "'" /
+ *                     "*" / "+" / "-" / "." / "^" / "_" /
+ *                     "`" / "|" / "~" / DIGIT / ALPHA
+ */
+
+var cookieNameRegExp = /^[!#$%&'*+\-.^_`|~0-9A-Za-z]+$/;
+
+/**
+ * RegExp to match cookie-value in RFC 6265 sec 4.1.1
+ *
+ * cookie-value      = *cookie-octet / ( DQUOTE *cookie-octet DQUOTE )
+ * cookie-octet      = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E
+ *                     ; US-ASCII characters excluding CTLs,
+ *                     ; whitespace DQUOTE, comma, semicolon,
+ *                     ; and backslash
+ */
+
+var cookieValueRegExp = /^("?)[\u0021\u0023-\u002B\u002D-\u003A\u003C-\u005B\u005D-\u007E]*\1$/;
+
+/**
+ * RegExp to match domain-value in RFC 6265 sec 4.1.1
+ *
+ * domain-value      = <subdomain>
+ *                     ; defined in [RFC1034], Section 3.5, as
+ *                     ; enhanced by [RFC1123], Section 2.1
+ * <subdomain>       = <label> | <subdomain> "." <label>
+ * <label>           = <let-dig> [ [ <ldh-str> ] <let-dig> ]
+ *                     Labels must be 63 characters or less.
+ *                     'let-dig' not 'letter' in the first char, per RFC1123
+ * <ldh-str>         = <let-dig-hyp> | <let-dig-hyp> <ldh-str>
+ * <let-dig-hyp>     = <let-dig> | "-"
+ * <let-dig>         = <letter> | <digit>
+ * <letter>          = any one of the 52 alphabetic characters A through Z in
+ *                     upper case and a through z in lower case
+ * <digit>           = any one of the ten digits 0 through 9
+ *
+ * Keep support for leading dot: https://github.com/jshttp/cookie/issues/173
+ *
+ * > (Note that a leading %x2E ("."), if present, is ignored even though that
+ * character is not permitted, but a trailing %x2E ("."), if present, will
+ * cause the user agent to ignore the attribute.)
+ */
+
+var domainValueRegExp = /^([.]?[a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?)([.][a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?)*$/i;
+
+/**
+ * RegExp to match path-value in RFC 6265 sec 4.1.1
+ *
+ * path-value        = <any CHAR except CTLs or ";">
+ * CHAR              = %x01-7F
+ *                     ; defined in RFC 5234 appendix B.1
+ */
+
+var pathValueRegExp = /^[\u0020-\u003A\u003D-\u007E]*$/;
+
+/**
+ * Parse a cookie header.
+ *
+ * Parse the given cookie header string into an object
+ * The object has the various cookies as keys(names) => values
+ *
+ * @param {string} str
+ * @param {object} [opt]
+ * @return {object}
+ * @public
+ */
+
+function parse(str, opt) {
+  if (typeof str !== 'string') {
+    throw new TypeError('argument str must be a string');
+  }
+
+  var obj = {};
+  var len = str.length;
+  // RFC 6265 sec 4.1.1, RFC 2616 2.2 defines a cookie name consists of one char minimum, plus '='.
+  if (len < 2) return obj;
+
+  var dec = (opt && opt.decode) || decode;
+  var index = 0;
+  var eqIdx = 0;
+  var endIdx = 0;
+
+  do {
+    eqIdx = str.indexOf('=', index);
+    if (eqIdx === -1) break; // No more cookie pairs.
+
+    endIdx = str.indexOf(';', index);
+
+    if (endIdx === -1) {
+      endIdx = len;
+    } else if (eqIdx > endIdx) {
+      // backtrack on prior semicolon
+      index = str.lastIndexOf(';', eqIdx - 1) + 1;
+      continue;
+    }
+
+    var keyStartIdx = startIndex(str, index, eqIdx);
+    var keyEndIdx = endIndex(str, eqIdx, keyStartIdx);
+    var key = str.slice(keyStartIdx, keyEndIdx);
+
+    // only assign once
+    if (!__hasOwnProperty.call(obj, key)) {
+      var valStartIdx = startIndex(str, eqIdx + 1, endIdx);
+      var valEndIdx = endIndex(str, endIdx, valStartIdx);
+
+      if (str.charCodeAt(valStartIdx) === 0x22 /* " */ && str.charCodeAt(valEndIdx - 1) === 0x22 /* " */) {
+        valStartIdx++;
+        valEndIdx--;
+      }
+
+      var val = str.slice(valStartIdx, valEndIdx);
+      obj[key] = tryDecode(val, dec);
+    }
+
+    index = endIdx + 1
+  } while (index < len);
+
+  return obj;
+}
+
+function startIndex(str, index, max) {
+  do {
+    var code = str.charCodeAt(index);
+    if (code !== 0x20 /*   */ && code !== 0x09 /* \t */) return index;
+  } while (++index < max);
+  return max;
+}
+
+function endIndex(str, index, min) {
+  while (index > min) {
+    var code = str.charCodeAt(--index);
+    if (code !== 0x20 /*   */ && code !== 0x09 /* \t */) return index + 1;
+  }
+  return min;
+}
+
+/**
+ * Serialize data into a cookie header.
+ *
+ * Serialize a name value pair into a cookie string suitable for
+ * http headers. An optional options object specifies cookie parameters.
+ *
+ * serialize('foo', 'bar', { httpOnly: true })
+ *   => "foo=bar; httpOnly"
+ *
+ * @param {string} name
+ * @param {string} val
+ * @param {object} [opt]
+ * @return {string}
+ * @public
+ */
+
+function serialize(name, val, opt) {
+  var enc = (opt && opt.encode) || encodeURIComponent;
+
+  if (typeof enc !== 'function') {
+    throw new TypeError('option encode is invalid');
+  }
+
+  if (!cookieNameRegExp.test(name)) {
+    throw new TypeError('argument name is invalid');
+  }
+
+  var value = enc(val);
+
+  if (!cookieValueRegExp.test(value)) {
+    throw new TypeError('argument val is invalid');
+  }
+
+  var str = name + '=' + value;
+  if (!opt) return str;
+
+  if (null != opt.maxAge) {
+    var maxAge = Math.floor(opt.maxAge);
+
+    if (!isFinite(maxAge)) {
+      throw new TypeError('option maxAge is invalid')
+    }
+
+    str += '; Max-Age=' + maxAge;
+  }
+
+  if (opt.domain) {
+    if (!domainValueRegExp.test(opt.domain)) {
+      throw new TypeError('option domain is invalid');
+    }
+
+    str += '; Domain=' + opt.domain;
+  }
+
+  if (opt.path) {
+    if (!pathValueRegExp.test(opt.path)) {
+      throw new TypeError('option path is invalid');
+    }
+
+    str += '; Path=' + opt.path;
+  }
+
+  if (opt.expires) {
+    var expires = opt.expires
+
+    if (!isDate(expires) || isNaN(expires.valueOf())) {
+      throw new TypeError('option expires is invalid');
+    }
+
+    str += '; Expires=' + expires.toUTCString()
+  }
+
+  if (opt.httpOnly) {
+    str += '; HttpOnly';
+  }
+
+  if (opt.secure) {
+    str += '; Secure';
+  }
+
+  if (opt.partitioned) {
+    str += '; Partitioned'
+  }
+
+  if (opt.priority) {
+    var priority = typeof opt.priority === 'string'
+      ? opt.priority.toLowerCase() : opt.priority;
+
+    switch (priority) {
+      case 'low':
+        str += '; Priority=Low'
+        break
+      case 'medium':
+        str += '; Priority=Medium'
+        break
+      case 'high':
+        str += '; Priority=High'
+        break
+      default:
+        throw new TypeError('option priority is invalid')
+    }
+  }
+
+  if (opt.sameSite) {
+    var sameSite = typeof opt.sameSite === 'string'
+      ? opt.sameSite.toLowerCase() : opt.sameSite;
+
+    switch (sameSite) {
+      case true:
+        str += '; SameSite=Strict';
+        break;
+      case 'lax':
+        str += '; SameSite=Lax';
+        break;
+      case 'strict':
+        str += '; SameSite=Strict';
+        break;
+      case 'none':
+        str += '; SameSite=None';
+        break;
+      default:
+        throw new TypeError('option sameSite is invalid');
+    }
+  }
+
+  return str;
+}
+
+/**
+ * URL-decode string value. Optimized to skip native call when no %.
+ *
+ * @param {string} str
+ * @returns {string}
+ */
+
+function decode (str) {
+  return str.indexOf('%') !== -1
+    ? decodeURIComponent(str)
+    : str
+}
+
+/**
+ * Determine if value is a Date.
+ *
+ * @param {*} val
+ * @private
+ */
+
+function isDate (val) {
+  return __toString.call(val) === '[object Date]';
+}
+
+/**
+ * Try decoding a string using a decoding function.
+ *
+ * @param {string} str
+ * @param {function} decode
+ * @private
+ */
+
+function tryDecode(str, decode) {
+  try {
+    return decode(str);
+  } catch (e) {
+    return str;
+  }
+}
diff --git a/src/Servers/ExpressServer/node_modules/cookie/package.json b/src/Servers/ExpressServer/node_modules/cookie/package.json
new file mode 100644
index 0000000..22e3f92
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/cookie/package.json
@@ -0,0 +1,44 @@
+{
+  "name": "cookie",
+  "description": "HTTP server cookie parsing and serialization",
+  "version": "0.7.2",
+  "author": "Roman Shtylman <shtylman@gmail.com>",
+  "contributors": [
+    "Douglas Christopher Wilson <doug@somethingdoug.com>"
+  ],
+  "license": "MIT",
+  "keywords": [
+    "cookie",
+    "cookies"
+  ],
+  "repository": "jshttp/cookie",
+  "devDependencies": {
+    "beautify-benchmark": "0.2.4",
+    "benchmark": "2.1.4",
+    "eslint": "8.53.0",
+    "eslint-plugin-markdown": "3.0.1",
+    "mocha": "10.2.0",
+    "nyc": "15.1.0",
+    "safe-buffer": "5.2.1",
+    "top-sites": "1.1.194"
+  },
+  "files": [
+    "HISTORY.md",
+    "LICENSE",
+    "README.md",
+    "SECURITY.md",
+    "index.js"
+  ],
+  "main": "index.js",
+  "engines": {
+    "node": ">= 0.6"
+  },
+  "scripts": {
+    "bench": "node benchmark/index.js",
+    "lint": "eslint .",
+    "test": "mocha --reporter spec --bail --check-leaks test/",
+    "test-ci": "nyc --reporter=lcov --reporter=text npm test",
+    "test-cov": "nyc --reporter=html --reporter=text npm test",
+    "update-bench": "node scripts/update-benchmark.js"
+  }
+}
diff --git a/src/Servers/ExpressServer/node_modules/depd/History.md b/src/Servers/ExpressServer/node_modules/depd/History.md
new file mode 100644
index 0000000..cd9ebaa
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/depd/History.md
@@ -0,0 +1,103 @@
+2.0.0 / 2018-10-26
+==================
+
+  * Drop support for Node.js 0.6
+  * Replace internal `eval` usage with `Function` constructor
+  * Use instance methods on `process` to check for listeners
+
+1.1.2 / 2018-01-11
+==================
+
+  * perf: remove argument reassignment
+  * Support Node.js 0.6 to 9.x
+
+1.1.1 / 2017-07-27
+==================
+
+  * Remove unnecessary `Buffer` loading
+  * Support Node.js 0.6 to 8.x
+
+1.1.0 / 2015-09-14
+==================
+
+  * Enable strict mode in more places
+  * Support io.js 3.x
+  * Support io.js 2.x
+  * Support web browser loading
+    - Requires bundler like Browserify or webpack
+
+1.0.1 / 2015-04-07
+==================
+
+  * Fix `TypeError`s when under `'use strict'` code
+  * Fix useless type name on auto-generated messages
+  * Support io.js 1.x
+  * Support Node.js 0.12
+
+1.0.0 / 2014-09-17
+==================
+
+  * No changes
+
+0.4.5 / 2014-09-09
+==================
+
+  * Improve call speed to functions using the function wrapper
+  * Support Node.js 0.6
+
+0.4.4 / 2014-07-27
+==================
+
+  * Work-around v8 generating empty stack traces
+
+0.4.3 / 2014-07-26
+==================
+
+  * Fix exception when global `Error.stackTraceLimit` is too low
+
+0.4.2 / 2014-07-19
+==================
+
+  * Correct call site for wrapped functions and properties
+
+0.4.1 / 2014-07-19
+==================
+
+  * Improve automatic message generation for function properties
+
+0.4.0 / 2014-07-19
+==================
+
+  * Add `TRACE_DEPRECATION` environment variable
+  * Remove non-standard grey color from color output
+  * Support `--no-deprecation` argument
+  * Support `--trace-deprecation` argument
+  * Support `deprecate.property(fn, prop, message)`
+
+0.3.0 / 2014-06-16
+==================
+
+  * Add `NO_DEPRECATION` environment variable
+
+0.2.0 / 2014-06-15
+==================
+
+  * Add `deprecate.property(obj, prop, message)`
+  * Remove `supports-color` dependency for node.js 0.8
+
+0.1.0 / 2014-06-15
+==================
+
+  * Add `deprecate.function(fn, message)`
+  * Add `process.on('deprecation', fn)` emitter
+  * Automatically generate message when omitted from `deprecate()`
+
+0.0.1 / 2014-06-15
+==================
+
+  * Fix warning for dynamic calls at singe call site
+
+0.0.0 / 2014-06-15
+==================
+
+  * Initial implementation
diff --git a/src/Servers/ExpressServer/node_modules/depd/LICENSE b/src/Servers/ExpressServer/node_modules/depd/LICENSE
new file mode 100644
index 0000000..248de7a
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/depd/LICENSE
@@ -0,0 +1,22 @@
+(The MIT License)
+
+Copyright (c) 2014-2018 Douglas Christopher Wilson
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/depd/Readme.md b/src/Servers/ExpressServer/node_modules/depd/Readme.md
new file mode 100644
index 0000000..043d1ca
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/depd/Readme.md
@@ -0,0 +1,280 @@
+# depd
+
+[![NPM Version][npm-version-image]][npm-url]
+[![NPM Downloads][npm-downloads-image]][npm-url]
+[![Node.js Version][node-image]][node-url]
+[![Linux Build][travis-image]][travis-url]
+[![Windows Build][appveyor-image]][appveyor-url]
+[![Coverage Status][coveralls-image]][coveralls-url]
+
+Deprecate all the things
+
+> With great modules comes great responsibility; mark things deprecated!
+
+## Install
+
+This module is installed directly using `npm`:
+
+```sh
+$ npm install depd
+```
+
+This module can also be bundled with systems like
+[Browserify](http://browserify.org/) or [webpack](https://webpack.github.io/),
+though by default this module will alter it's API to no longer display or
+track deprecations.
+
+## API
+
+<!-- eslint-disable no-unused-vars -->
+
+```js
+var deprecate = require('depd')('my-module')
+```
+
+This library allows you to display deprecation messages to your users.
+This library goes above and beyond with deprecation warnings by
+introspection of the call stack (but only the bits that it is interested
+in).
+
+Instead of just warning on the first invocation of a deprecated
+function and never again, this module will warn on the first invocation
+of a deprecated function per unique call site, making it ideal to alert
+users of all deprecated uses across the code base, rather than just
+whatever happens to execute first.
+
+The deprecation warnings from this module also include the file and line
+information for the call into the module that the deprecated function was
+in.
+
+**NOTE** this library has a similar interface to the `debug` module, and
+this module uses the calling file to get the boundary for the call stacks,
+so you should always create a new `deprecate` object in each file and not
+within some central file.
+
+### depd(namespace)
+
+Create a new deprecate function that uses the given namespace name in the
+messages and will display the call site prior to the stack entering the
+file this function was called from. It is highly suggested you use the
+name of your module as the namespace.
+
+### deprecate(message)
+
+Call this function from deprecated code to display a deprecation message.
+This message will appear once per unique caller site. Caller site is the
+first call site in the stack in a different file from the caller of this
+function.
+
+If the message is omitted, a message is generated for you based on the site
+of the `deprecate()` call and will display the name of the function called,
+similar to the name displayed in a stack trace.
+
+### deprecate.function(fn, message)
+
+Call this function to wrap a given function in a deprecation message on any
+call to the function. An optional message can be supplied to provide a custom
+message.
+
+### deprecate.property(obj, prop, message)
+
+Call this function to wrap a given property on object in a deprecation message
+on any accessing or setting of the property. An optional message can be supplied
+to provide a custom message.
+
+The method must be called on the object where the property belongs (not
+inherited from the prototype).
+
+If the property is a data descriptor, it will be converted to an accessor
+descriptor in order to display the deprecation message.
+
+### process.on('deprecation', fn)
+
+This module will allow easy capturing of deprecation errors by emitting the
+errors as the type "deprecation" on the global `process`. If there are no
+listeners for this type, the errors are written to STDERR as normal, but if
+there are any listeners, nothing will be written to STDERR and instead only
+emitted. From there, you can write the errors in a different format or to a
+logging source.
+
+The error represents the deprecation and is emitted only once with the same
+rules as writing to STDERR. The error has the following properties:
+
+  - `message` - This is the message given by the library
+  - `name` - This is always `'DeprecationError'`
+  - `namespace` - This is the namespace the deprecation came from
+  - `stack` - This is the stack of the call to the deprecated thing
+
+Example `error.stack` output:
+
+```
+DeprecationError: my-cool-module deprecated oldfunction
+    at Object.<anonymous> ([eval]-wrapper:6:22)
+    at Module._compile (module.js:456:26)
+    at evalScript (node.js:532:25)
+    at startup (node.js:80:7)
+    at node.js:902:3
+```
+
+### process.env.NO_DEPRECATION
+
+As a user of modules that are deprecated, the environment variable `NO_DEPRECATION`
+is provided as a quick solution to silencing deprecation warnings from being
+output. The format of this is similar to that of `DEBUG`:
+
+```sh
+$ NO_DEPRECATION=my-module,othermod node app.js
+```
+
+This will suppress deprecations from being output for "my-module" and "othermod".
+The value is a list of comma-separated namespaces. To suppress every warning
+across all namespaces, use the value `*` for a namespace.
+
+Providing the argument `--no-deprecation` to the `node` executable will suppress
+all deprecations (only available in Node.js 0.8 or higher).
+
+**NOTE** This will not suppress the deperecations given to any "deprecation"
+event listeners, just the output to STDERR.
+
+### process.env.TRACE_DEPRECATION
+
+As a user of modules that are deprecated, the environment variable `TRACE_DEPRECATION`
+is provided as a solution to getting more detailed location information in deprecation
+warnings by including the entire stack trace. The format of this is the same as
+`NO_DEPRECATION`:
+
+```sh
+$ TRACE_DEPRECATION=my-module,othermod node app.js
+```
+
+This will include stack traces for deprecations being output for "my-module" and
+"othermod". The value is a list of comma-separated namespaces. To trace every
+warning across all namespaces, use the value `*` for a namespace.
+
+Providing the argument `--trace-deprecation` to the `node` executable will trace
+all deprecations (only available in Node.js 0.8 or higher).
+
+**NOTE** This will not trace the deperecations silenced by `NO_DEPRECATION`.
+
+## Display
+
+![message](files/message.png)
+
+When a user calls a function in your library that you mark deprecated, they
+will see the following written to STDERR (in the given colors, similar colors
+and layout to the `debug` module):
+
+```
+bright cyan    bright yellow
+|              |          reset       cyan
+|              |          |           |
+▼              ▼          ▼           ▼
+my-cool-module deprecated oldfunction [eval]-wrapper:6:22
+▲              ▲          ▲           ▲
+|              |          |           |
+namespace      |          |           location of mycoolmod.oldfunction() call
+               |          deprecation message
+               the word "deprecated"
+```
+
+If the user redirects their STDERR to a file or somewhere that does not support
+colors, they see (similar layout to the `debug` module):
+
+```
+Sun, 15 Jun 2014 05:21:37 GMT my-cool-module deprecated oldfunction at [eval]-wrapper:6:22
+▲                             ▲              ▲          ▲              ▲
+|                             |              |          |              |
+timestamp of message          namespace      |          |             location of mycoolmod.oldfunction() call
+                                             |          deprecation message
+                                             the word "deprecated"
+```
+
+## Examples
+
+### Deprecating all calls to a function
+
+This will display a deprecated message about "oldfunction" being deprecated
+from "my-module" on STDERR.
+
+```js
+var deprecate = require('depd')('my-cool-module')
+
+// message automatically derived from function name
+// Object.oldfunction
+exports.oldfunction = deprecate.function(function oldfunction () {
+  // all calls to function are deprecated
+})
+
+// specific message
+exports.oldfunction = deprecate.function(function () {
+  // all calls to function are deprecated
+}, 'oldfunction')
+```
+
+### Conditionally deprecating a function call
+
+This will display a deprecated message about "weirdfunction" being deprecated
+from "my-module" on STDERR when called with less than 2 arguments.
+
+```js
+var deprecate = require('depd')('my-cool-module')
+
+exports.weirdfunction = function () {
+  if (arguments.length < 2) {
+    // calls with 0 or 1 args are deprecated
+    deprecate('weirdfunction args < 2')
+  }
+}
+```
+
+When calling `deprecate` as a function, the warning is counted per call site
+within your own module, so you can display different deprecations depending
+on different situations and the users will still get all the warnings:
+
+```js
+var deprecate = require('depd')('my-cool-module')
+
+exports.weirdfunction = function () {
+  if (arguments.length < 2) {
+    // calls with 0 or 1 args are deprecated
+    deprecate('weirdfunction args < 2')
+  } else if (typeof arguments[0] !== 'string') {
+    // calls with non-string first argument are deprecated
+    deprecate('weirdfunction non-string first arg')
+  }
+}
+```
+
+### Deprecating property access
+
+This will display a deprecated message about "oldprop" being deprecated
+from "my-module" on STDERR when accessed. A deprecation will be displayed
+when setting the value and when getting the value.
+
+```js
+var deprecate = require('depd')('my-cool-module')
+
+exports.oldprop = 'something'
+
+// message automatically derives from property name
+deprecate.property(exports, 'oldprop')
+
+// explicit message
+deprecate.property(exports, 'oldprop', 'oldprop >= 0.10')
+```
+
+## License
+
+[MIT](LICENSE)
+
+[appveyor-image]: https://badgen.net/appveyor/ci/dougwilson/nodejs-depd/master?label=windows
+[appveyor-url]: https://ci.appveyor.com/project/dougwilson/nodejs-depd
+[coveralls-image]: https://badgen.net/coveralls/c/github/dougwilson/nodejs-depd/master
+[coveralls-url]: https://coveralls.io/r/dougwilson/nodejs-depd?branch=master
+[node-image]: https://badgen.net/npm/node/depd
+[node-url]: https://nodejs.org/en/download/
+[npm-downloads-image]: https://badgen.net/npm/dm/depd
+[npm-url]: https://npmjs.org/package/depd
+[npm-version-image]: https://badgen.net/npm/v/depd
+[travis-image]: https://badgen.net/travis/dougwilson/nodejs-depd/master?label=linux
+[travis-url]: https://travis-ci.org/dougwilson/nodejs-depd
diff --git a/src/Servers/ExpressServer/node_modules/depd/index.js b/src/Servers/ExpressServer/node_modules/depd/index.js
new file mode 100644
index 0000000..1bf2fcf
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/depd/index.js
@@ -0,0 +1,538 @@
+/*!
+ * depd
+ * Copyright(c) 2014-2018 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+/**
+ * Module dependencies.
+ */
+
+var relative = require('path').relative
+
+/**
+ * Module exports.
+ */
+
+module.exports = depd
+
+/**
+ * Get the path to base files on.
+ */
+
+var basePath = process.cwd()
+
+/**
+ * Determine if namespace is contained in the string.
+ */
+
+function containsNamespace (str, namespace) {
+  var vals = str.split(/[ ,]+/)
+  var ns = String(namespace).toLowerCase()
+
+  for (var i = 0; i < vals.length; i++) {
+    var val = vals[i]
+
+    // namespace contained
+    if (val && (val === '*' || val.toLowerCase() === ns)) {
+      return true
+    }
+  }
+
+  return false
+}
+
+/**
+ * Convert a data descriptor to accessor descriptor.
+ */
+
+function convertDataDescriptorToAccessor (obj, prop, message) {
+  var descriptor = Object.getOwnPropertyDescriptor(obj, prop)
+  var value = descriptor.value
+
+  descriptor.get = function getter () { return value }
+
+  if (descriptor.writable) {
+    descriptor.set = function setter (val) { return (value = val) }
+  }
+
+  delete descriptor.value
+  delete descriptor.writable
+
+  Object.defineProperty(obj, prop, descriptor)
+
+  return descriptor
+}
+
+/**
+ * Create arguments string to keep arity.
+ */
+
+function createArgumentsString (arity) {
+  var str = ''
+
+  for (var i = 0; i < arity; i++) {
+    str += ', arg' + i
+  }
+
+  return str.substr(2)
+}
+
+/**
+ * Create stack string from stack.
+ */
+
+function createStackString (stack) {
+  var str = this.name + ': ' + this.namespace
+
+  if (this.message) {
+    str += ' deprecated ' + this.message
+  }
+
+  for (var i = 0; i < stack.length; i++) {
+    str += '\n    at ' + stack[i].toString()
+  }
+
+  return str
+}
+
+/**
+ * Create deprecate for namespace in caller.
+ */
+
+function depd (namespace) {
+  if (!namespace) {
+    throw new TypeError('argument namespace is required')
+  }
+
+  var stack = getStack()
+  var site = callSiteLocation(stack[1])
+  var file = site[0]
+
+  function deprecate (message) {
+    // call to self as log
+    log.call(deprecate, message)
+  }
+
+  deprecate._file = file
+  deprecate._ignored = isignored(namespace)
+  deprecate._namespace = namespace
+  deprecate._traced = istraced(namespace)
+  deprecate._warned = Object.create(null)
+
+  deprecate.function = wrapfunction
+  deprecate.property = wrapproperty
+
+  return deprecate
+}
+
+/**
+ * Determine if event emitter has listeners of a given type.
+ *
+ * The way to do this check is done three different ways in Node.js >= 0.8
+ * so this consolidates them into a minimal set using instance methods.
+ *
+ * @param {EventEmitter} emitter
+ * @param {string} type
+ * @returns {boolean}
+ * @private
+ */
+
+function eehaslisteners (emitter, type) {
+  var count = typeof emitter.listenerCount !== 'function'
+    ? emitter.listeners(type).length
+    : emitter.listenerCount(type)
+
+  return count > 0
+}
+
+/**
+ * Determine if namespace is ignored.
+ */
+
+function isignored (namespace) {
+  if (process.noDeprecation) {
+    // --no-deprecation support
+    return true
+  }
+
+  var str = process.env.NO_DEPRECATION || ''
+
+  // namespace ignored
+  return containsNamespace(str, namespace)
+}
+
+/**
+ * Determine if namespace is traced.
+ */
+
+function istraced (namespace) {
+  if (process.traceDeprecation) {
+    // --trace-deprecation support
+    return true
+  }
+
+  var str = process.env.TRACE_DEPRECATION || ''
+
+  // namespace traced
+  return containsNamespace(str, namespace)
+}
+
+/**
+ * Display deprecation message.
+ */
+
+function log (message, site) {
+  var haslisteners = eehaslisteners(process, 'deprecation')
+
+  // abort early if no destination
+  if (!haslisteners && this._ignored) {
+    return
+  }
+
+  var caller
+  var callFile
+  var callSite
+  var depSite
+  var i = 0
+  var seen = false
+  var stack = getStack()
+  var file = this._file
+
+  if (site) {
+    // provided site
+    depSite = site
+    callSite = callSiteLocation(stack[1])
+    callSite.name = depSite.name
+    file = callSite[0]
+  } else {
+    // get call site
+    i = 2
+    depSite = callSiteLocation(stack[i])
+    callSite = depSite
+  }
+
+  // get caller of deprecated thing in relation to file
+  for (; i < stack.length; i++) {
+    caller = callSiteLocation(stack[i])
+    callFile = caller[0]
+
+    if (callFile === file) {
+      seen = true
+    } else if (callFile === this._file) {
+      file = this._file
+    } else if (seen) {
+      break
+    }
+  }
+
+  var key = caller
+    ? depSite.join(':') + '__' + caller.join(':')
+    : undefined
+
+  if (key !== undefined && key in this._warned) {
+    // already warned
+    return
+  }
+
+  this._warned[key] = true
+
+  // generate automatic message from call site
+  var msg = message
+  if (!msg) {
+    msg = callSite === depSite || !callSite.name
+      ? defaultMessage(depSite)
+      : defaultMessage(callSite)
+  }
+
+  // emit deprecation if listeners exist
+  if (haslisteners) {
+    var err = DeprecationError(this._namespace, msg, stack.slice(i))
+    process.emit('deprecation', err)
+    return
+  }
+
+  // format and write message
+  var format = process.stderr.isTTY
+    ? formatColor
+    : formatPlain
+  var output = format.call(this, msg, caller, stack.slice(i))
+  process.stderr.write(output + '\n', 'utf8')
+}
+
+/**
+ * Get call site location as array.
+ */
+
+function callSiteLocation (callSite) {
+  var file = callSite.getFileName() || '<anonymous>'
+  var line = callSite.getLineNumber()
+  var colm = callSite.getColumnNumber()
+
+  if (callSite.isEval()) {
+    file = callSite.getEvalOrigin() + ', ' + file
+  }
+
+  var site = [file, line, colm]
+
+  site.callSite = callSite
+  site.name = callSite.getFunctionName()
+
+  return site
+}
+
+/**
+ * Generate a default message from the site.
+ */
+
+function defaultMessage (site) {
+  var callSite = site.callSite
+  var funcName = site.name
+
+  // make useful anonymous name
+  if (!funcName) {
+    funcName = '<anonymous@' + formatLocation(site) + '>'
+  }
+
+  var context = callSite.getThis()
+  var typeName = context && callSite.getTypeName()
+
+  // ignore useless type name
+  if (typeName === 'Object') {
+    typeName = undefined
+  }
+
+  // make useful type name
+  if (typeName === 'Function') {
+    typeName = context.name || typeName
+  }
+
+  return typeName && callSite.getMethodName()
+    ? typeName + '.' + funcName
+    : funcName
+}
+
+/**
+ * Format deprecation message without color.
+ */
+
+function formatPlain (msg, caller, stack) {
+  var timestamp = new Date().toUTCString()
+
+  var formatted = timestamp +
+    ' ' + this._namespace +
+    ' deprecated ' + msg
+
+  // add stack trace
+  if (this._traced) {
+    for (var i = 0; i < stack.length; i++) {
+      formatted += '\n    at ' + stack[i].toString()
+    }
+
+    return formatted
+  }
+
+  if (caller) {
+    formatted += ' at ' + formatLocation(caller)
+  }
+
+  return formatted
+}
+
+/**
+ * Format deprecation message with color.
+ */
+
+function formatColor (msg, caller, stack) {
+  var formatted = '\x1b[36;1m' + this._namespace + '\x1b[22;39m' + // bold cyan
+    ' \x1b[33;1mdeprecated\x1b[22;39m' + // bold yellow
+    ' \x1b[0m' + msg + '\x1b[39m' // reset
+
+  // add stack trace
+  if (this._traced) {
+    for (var i = 0; i < stack.length; i++) {
+      formatted += '\n    \x1b[36mat ' + stack[i].toString() + '\x1b[39m' // cyan
+    }
+
+    return formatted
+  }
+
+  if (caller) {
+    formatted += ' \x1b[36m' + formatLocation(caller) + '\x1b[39m' // cyan
+  }
+
+  return formatted
+}
+
+/**
+ * Format call site location.
+ */
+
+function formatLocation (callSite) {
+  return relative(basePath, callSite[0]) +
+    ':' + callSite[1] +
+    ':' + callSite[2]
+}
+
+/**
+ * Get the stack as array of call sites.
+ */
+
+function getStack () {
+  var limit = Error.stackTraceLimit
+  var obj = {}
+  var prep = Error.prepareStackTrace
+
+  Error.prepareStackTrace = prepareObjectStackTrace
+  Error.stackTraceLimit = Math.max(10, limit)
+
+  // capture the stack
+  Error.captureStackTrace(obj)
+
+  // slice this function off the top
+  var stack = obj.stack.slice(1)
+
+  Error.prepareStackTrace = prep
+  Error.stackTraceLimit = limit
+
+  return stack
+}
+
+/**
+ * Capture call site stack from v8.
+ */
+
+function prepareObjectStackTrace (obj, stack) {
+  return stack
+}
+
+/**
+ * Return a wrapped function in a deprecation message.
+ */
+
+function wrapfunction (fn, message) {
+  if (typeof fn !== 'function') {
+    throw new TypeError('argument fn must be a function')
+  }
+
+  var args = createArgumentsString(fn.length)
+  var stack = getStack()
+  var site = callSiteLocation(stack[1])
+
+  site.name = fn.name
+
+  // eslint-disable-next-line no-new-func
+  var deprecatedfn = new Function('fn', 'log', 'deprecate', 'message', 'site',
+    '"use strict"\n' +
+    'return function (' + args + ') {' +
+    'log.call(deprecate, message, site)\n' +
+    'return fn.apply(this, arguments)\n' +
+    '}')(fn, log, this, message, site)
+
+  return deprecatedfn
+}
+
+/**
+ * Wrap property in a deprecation message.
+ */
+
+function wrapproperty (obj, prop, message) {
+  if (!obj || (typeof obj !== 'object' && typeof obj !== 'function')) {
+    throw new TypeError('argument obj must be object')
+  }
+
+  var descriptor = Object.getOwnPropertyDescriptor(obj, prop)
+
+  if (!descriptor) {
+    throw new TypeError('must call property on owner object')
+  }
+
+  if (!descriptor.configurable) {
+    throw new TypeError('property must be configurable')
+  }
+
+  var deprecate = this
+  var stack = getStack()
+  var site = callSiteLocation(stack[1])
+
+  // set site name
+  site.name = prop
+
+  // convert data descriptor
+  if ('value' in descriptor) {
+    descriptor = convertDataDescriptorToAccessor(obj, prop, message)
+  }
+
+  var get = descriptor.get
+  var set = descriptor.set
+
+  // wrap getter
+  if (typeof get === 'function') {
+    descriptor.get = function getter () {
+      log.call(deprecate, message, site)
+      return get.apply(this, arguments)
+    }
+  }
+
+  // wrap setter
+  if (typeof set === 'function') {
+    descriptor.set = function setter () {
+      log.call(deprecate, message, site)
+      return set.apply(this, arguments)
+    }
+  }
+
+  Object.defineProperty(obj, prop, descriptor)
+}
+
+/**
+ * Create DeprecationError for deprecation
+ */
+
+function DeprecationError (namespace, message, stack) {
+  var error = new Error()
+  var stackString
+
+  Object.defineProperty(error, 'constructor', {
+    value: DeprecationError
+  })
+
+  Object.defineProperty(error, 'message', {
+    configurable: true,
+    enumerable: false,
+    value: message,
+    writable: true
+  })
+
+  Object.defineProperty(error, 'name', {
+    enumerable: false,
+    configurable: true,
+    value: 'DeprecationError',
+    writable: true
+  })
+
+  Object.defineProperty(error, 'namespace', {
+    configurable: true,
+    enumerable: false,
+    value: namespace,
+    writable: true
+  })
+
+  Object.defineProperty(error, 'stack', {
+    configurable: true,
+    enumerable: false,
+    get: function () {
+      if (stackString !== undefined) {
+        return stackString
+      }
+
+      // prepare stack trace
+      return (stackString = createStackString.call(this, stack))
+    },
+    set: function setter (val) {
+      stackString = val
+    }
+  })
+
+  return error
+}
diff --git a/src/Servers/ExpressServer/node_modules/depd/lib/browser/index.js b/src/Servers/ExpressServer/node_modules/depd/lib/browser/index.js
new file mode 100644
index 0000000..6be45cc
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/depd/lib/browser/index.js
@@ -0,0 +1,77 @@
+/*!
+ * depd
+ * Copyright(c) 2015 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict'
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = depd
+
+/**
+ * Create deprecate for namespace in caller.
+ */
+
+function depd (namespace) {
+  if (!namespace) {
+    throw new TypeError('argument namespace is required')
+  }
+
+  function deprecate (message) {
+    // no-op in browser
+  }
+
+  deprecate._file = undefined
+  deprecate._ignored = true
+  deprecate._namespace = namespace
+  deprecate._traced = false
+  deprecate._warned = Object.create(null)
+
+  deprecate.function = wrapfunction
+  deprecate.property = wrapproperty
+
+  return deprecate
+}
+
+/**
+ * Return a wrapped function in a deprecation message.
+ *
+ * This is a no-op version of the wrapper, which does nothing but call
+ * validation.
+ */
+
+function wrapfunction (fn, message) {
+  if (typeof fn !== 'function') {
+    throw new TypeError('argument fn must be a function')
+  }
+
+  return fn
+}
+
+/**
+ * Wrap property in a deprecation message.
+ *
+ * This is a no-op version of the wrapper, which does nothing but call
+ * validation.
+ */
+
+function wrapproperty (obj, prop, message) {
+  if (!obj || (typeof obj !== 'object' && typeof obj !== 'function')) {
+    throw new TypeError('argument obj must be object')
+  }
+
+  var descriptor = Object.getOwnPropertyDescriptor(obj, prop)
+
+  if (!descriptor) {
+    throw new TypeError('must call property on owner object')
+  }
+
+  if (!descriptor.configurable) {
+    throw new TypeError('property must be configurable')
+  }
+}
diff --git a/src/Servers/ExpressServer/node_modules/depd/package.json b/src/Servers/ExpressServer/node_modules/depd/package.json
new file mode 100644
index 0000000..3857e19
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/depd/package.json
@@ -0,0 +1,45 @@
+{
+  "name": "depd",
+  "description": "Deprecate all the things",
+  "version": "2.0.0",
+  "author": "Douglas Christopher Wilson <doug@somethingdoug.com>",
+  "license": "MIT",
+  "keywords": [
+    "deprecate",
+    "deprecated"
+  ],
+  "repository": "dougwilson/nodejs-depd",
+  "browser": "lib/browser/index.js",
+  "devDependencies": {
+    "benchmark": "2.1.4",
+    "beautify-benchmark": "0.2.4",
+    "eslint": "5.7.0",
+    "eslint-config-standard": "12.0.0",
+    "eslint-plugin-import": "2.14.0",
+    "eslint-plugin-markdown": "1.0.0-beta.7",
+    "eslint-plugin-node": "7.0.1",
+    "eslint-plugin-promise": "4.0.1",
+    "eslint-plugin-standard": "4.0.0",
+    "istanbul": "0.4.5",
+    "mocha": "5.2.0",
+    "safe-buffer": "5.1.2",
+    "uid-safe": "2.1.5"
+  },
+  "files": [
+    "lib/",
+    "History.md",
+    "LICENSE",
+    "index.js",
+    "Readme.md"
+  ],
+  "engines": {
+    "node": ">= 0.8"
+  },
+  "scripts": {
+    "bench": "node benchmark/index.js",
+    "lint": "eslint --plugin markdown --ext js,md .",
+    "test": "mocha --reporter spec --bail test/",
+    "test-ci": "istanbul cover --print=none node_modules/mocha/bin/_mocha -- --reporter spec test/ && istanbul report lcovonly text-summary",
+    "test-cov": "istanbul cover --print=none node_modules/mocha/bin/_mocha -- --reporter dot test/ && istanbul report lcov text-summary"
+  }
+}
diff --git a/src/Servers/ExpressServer/node_modules/destroy/LICENSE b/src/Servers/ExpressServer/node_modules/destroy/LICENSE
new file mode 100644
index 0000000..0e2c35f
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/destroy/LICENSE
@@ -0,0 +1,23 @@
+
+The MIT License (MIT)
+
+Copyright (c) 2014 Jonathan Ong me@jongleberry.com
+Copyright (c) 2015-2022 Douglas Christopher Wilson doug@somethingdoug.com
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/destroy/README.md b/src/Servers/ExpressServer/node_modules/destroy/README.md
new file mode 100644
index 0000000..e7701ae
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/destroy/README.md
@@ -0,0 +1,63 @@
+# destroy
+
+[![NPM version][npm-image]][npm-url]
+[![Build Status][github-actions-ci-image]][github-actions-ci-url]
+[![Test coverage][coveralls-image]][coveralls-url]
+[![License][license-image]][license-url]
+[![Downloads][downloads-image]][downloads-url]
+
+Destroy a stream.
+
+This module is meant to ensure a stream gets destroyed, handling different APIs
+and Node.js bugs.
+
+## API
+
+```js
+var destroy = require('destroy')
+```
+
+### destroy(stream [, suppress])
+
+Destroy the given stream, and optionally suppress any future `error` events.
+
+In most cases, this is identical to a simple `stream.destroy()` call. The rules
+are as follows for a given stream:
+
+  1. If the `stream` is an instance of `ReadStream`, then call `stream.destroy()`
+     and add a listener to the `open` event to call `stream.close()` if it is
+     fired. This is for a Node.js bug that will leak a file descriptor if
+     `.destroy()` is called before `open`.
+  2. If the `stream` is an instance of a zlib stream, then call `stream.destroy()`
+     and close the underlying zlib handle if open, otherwise call `stream.close()`.
+     This is for consistency across Node.js versions and a Node.js bug that will
+     leak a native zlib handle.
+  3. If the `stream` is not an instance of `Stream`, then nothing happens.
+  4. If the `stream` has a `.destroy()` method, then call it.
+
+The function returns the `stream` passed in as the argument.
+
+## Example
+
+```js
+var destroy = require('destroy')
+
+var fs = require('fs')
+var stream = fs.createReadStream('package.json')
+
+// ... and later
+destroy(stream)
+```
+
+[npm-image]: https://img.shields.io/npm/v/destroy.svg?style=flat-square
+[npm-url]: https://npmjs.org/package/destroy
+[github-tag]: http://img.shields.io/github/tag/stream-utils/destroy.svg?style=flat-square
+[github-url]: https://github.com/stream-utils/destroy/tags
+[coveralls-image]: https://img.shields.io/coveralls/stream-utils/destroy.svg?style=flat-square
+[coveralls-url]: https://coveralls.io/r/stream-utils/destroy?branch=master
+[license-image]: http://img.shields.io/npm/l/destroy.svg?style=flat-square
+[license-url]: LICENSE.md
+[downloads-image]: http://img.shields.io/npm/dm/destroy.svg?style=flat-square
+[downloads-url]: https://npmjs.org/package/destroy
+[github-actions-ci-image]: https://img.shields.io/github/workflow/status/stream-utils/destroy/ci/master?label=ci&style=flat-square
+[github-actions-ci-url]: https://github.com/stream-utils/destroy/actions/workflows/ci.yml
diff --git a/src/Servers/ExpressServer/node_modules/destroy/index.js b/src/Servers/ExpressServer/node_modules/destroy/index.js
new file mode 100644
index 0000000..7fd5c09
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/destroy/index.js
@@ -0,0 +1,209 @@
+/*!
+ * destroy
+ * Copyright(c) 2014 Jonathan Ong
+ * Copyright(c) 2015-2022 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict'
+
+/**
+ * Module dependencies.
+ * @private
+ */
+
+var EventEmitter = require('events').EventEmitter
+var ReadStream = require('fs').ReadStream
+var Stream = require('stream')
+var Zlib = require('zlib')
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = destroy
+
+/**
+ * Destroy the given stream, and optionally suppress any future `error` events.
+ *
+ * @param {object} stream
+ * @param {boolean} suppress
+ * @public
+ */
+
+function destroy (stream, suppress) {
+  if (isFsReadStream(stream)) {
+    destroyReadStream(stream)
+  } else if (isZlibStream(stream)) {
+    destroyZlibStream(stream)
+  } else if (hasDestroy(stream)) {
+    stream.destroy()
+  }
+
+  if (isEventEmitter(stream) && suppress) {
+    stream.removeAllListeners('error')
+    stream.addListener('error', noop)
+  }
+
+  return stream
+}
+
+/**
+ * Destroy a ReadStream.
+ *
+ * @param {object} stream
+ * @private
+ */
+
+function destroyReadStream (stream) {
+  stream.destroy()
+
+  if (typeof stream.close === 'function') {
+    // node.js core bug work-around
+    stream.on('open', onOpenClose)
+  }
+}
+
+/**
+ * Close a Zlib stream.
+ *
+ * Zlib streams below Node.js 4.5.5 have a buggy implementation
+ * of .close() when zlib encountered an error.
+ *
+ * @param {object} stream
+ * @private
+ */
+
+function closeZlibStream (stream) {
+  if (stream._hadError === true) {
+    var prop = stream._binding === null
+      ? '_binding'
+      : '_handle'
+
+    stream[prop] = {
+      close: function () { this[prop] = null }
+    }
+  }
+
+  stream.close()
+}
+
+/**
+ * Destroy a Zlib stream.
+ *
+ * Zlib streams don't have a destroy function in Node.js 6. On top of that
+ * simply calling destroy on a zlib stream in Node.js 8+ will result in a
+ * memory leak. So until that is fixed, we need to call both close AND destroy.
+ *
+ * PR to fix memory leak: https://github.com/nodejs/node/pull/23734
+ *
+ * In Node.js 6+8, it's important that destroy is called before close as the
+ * stream would otherwise emit the error 'zlib binding closed'.
+ *
+ * @param {object} stream
+ * @private
+ */
+
+function destroyZlibStream (stream) {
+  if (typeof stream.destroy === 'function') {
+    // node.js core bug work-around
+    // istanbul ignore if: node.js 0.8
+    if (stream._binding) {
+      // node.js < 0.10.0
+      stream.destroy()
+      if (stream._processing) {
+        stream._needDrain = true
+        stream.once('drain', onDrainClearBinding)
+      } else {
+        stream._binding.clear()
+      }
+    } else if (stream._destroy && stream._destroy !== Stream.Transform.prototype._destroy) {
+      // node.js >= 12, ^11.1.0, ^10.15.1
+      stream.destroy()
+    } else if (stream._destroy && typeof stream.close === 'function') {
+      // node.js 7, 8
+      stream.destroyed = true
+      stream.close()
+    } else {
+      // fallback
+      // istanbul ignore next
+      stream.destroy()
+    }
+  } else if (typeof stream.close === 'function') {
+    // node.js < 8 fallback
+    closeZlibStream(stream)
+  }
+}
+
+/**
+ * Determine if stream has destroy.
+ * @private
+ */
+
+function hasDestroy (stream) {
+  return stream instanceof Stream &&
+    typeof stream.destroy === 'function'
+}
+
+/**
+ * Determine if val is EventEmitter.
+ * @private
+ */
+
+function isEventEmitter (val) {
+  return val instanceof EventEmitter
+}
+
+/**
+ * Determine if stream is fs.ReadStream stream.
+ * @private
+ */
+
+function isFsReadStream (stream) {
+  return stream instanceof ReadStream
+}
+
+/**
+ * Determine if stream is Zlib stream.
+ * @private
+ */
+
+function isZlibStream (stream) {
+  return stream instanceof Zlib.Gzip ||
+    stream instanceof Zlib.Gunzip ||
+    stream instanceof Zlib.Deflate ||
+    stream instanceof Zlib.DeflateRaw ||
+    stream instanceof Zlib.Inflate ||
+    stream instanceof Zlib.InflateRaw ||
+    stream instanceof Zlib.Unzip
+}
+
+/**
+ * No-op function.
+ * @private
+ */
+
+function noop () {}
+
+/**
+ * On drain handler to clear binding.
+ * @private
+ */
+
+// istanbul ignore next: node.js 0.8
+function onDrainClearBinding () {
+  this._binding.clear()
+}
+
+/**
+ * On open handler to close stream.
+ * @private
+ */
+
+function onOpenClose () {
+  if (typeof this.fd === 'number') {
+    // actually close down the fd
+    this.close()
+  }
+}
diff --git a/src/Servers/ExpressServer/node_modules/destroy/package.json b/src/Servers/ExpressServer/node_modules/destroy/package.json
new file mode 100644
index 0000000..c85e438
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/destroy/package.json
@@ -0,0 +1,48 @@
+{
+  "name": "destroy",
+  "description": "destroy a stream if possible",
+  "version": "1.2.0",
+  "author": {
+    "name": "Jonathan Ong",
+    "email": "me@jongleberry.com",
+    "url": "http://jongleberry.com",
+    "twitter": "https://twitter.com/jongleberry"
+  },
+  "contributors": [
+    "Douglas Christopher Wilson <doug@somethingdoug.com>"
+  ],
+  "license": "MIT",
+  "repository": "stream-utils/destroy",
+  "devDependencies": {
+    "eslint": "7.32.0",
+    "eslint-config-standard": "14.1.1",
+    "eslint-plugin-import": "2.25.4",
+    "eslint-plugin-node": "11.1.0",
+    "eslint-plugin-promise": "5.2.0",
+    "eslint-plugin-standard": "4.1.0",
+    "mocha": "9.2.2",
+    "nyc": "15.1.0"
+  },
+  "engines": {
+    "node": ">= 0.8",
+    "npm": "1.2.8000 || >= 1.4.16"
+  },
+  "scripts": {
+    "lint": "eslint .",
+    "test": "mocha --reporter spec",
+    "test-ci": "nyc --reporter=lcovonly --reporter=text npm test",
+    "test-cov": "nyc --reporter=html --reporter=text npm test"
+  },
+  "files": [
+    "index.js",
+    "LICENSE"
+  ],
+  "keywords": [
+    "stream",
+    "streams",
+    "destroy",
+    "cleanup",
+    "leak",
+    "fd"
+  ]
+}
diff --git a/src/Servers/ExpressServer/node_modules/dunder-proto/.eslintrc b/src/Servers/ExpressServer/node_modules/dunder-proto/.eslintrc
new file mode 100644
index 0000000..3b5d9e9
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/dunder-proto/.eslintrc
@@ -0,0 +1,5 @@
+{
+	"root": true,
+
+	"extends": "@ljharb",
+}
diff --git a/src/Servers/ExpressServer/node_modules/dunder-proto/.github/FUNDING.yml b/src/Servers/ExpressServer/node_modules/dunder-proto/.github/FUNDING.yml
new file mode 100644
index 0000000..8a1d7b0
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/dunder-proto/.github/FUNDING.yml
@@ -0,0 +1,12 @@
+# These are supported funding model platforms
+
+github: [ljharb]
+patreon: # Replace with a single Patreon username
+open_collective: # Replace with a single Open Collective username
+ko_fi: # Replace with a single Ko-fi username
+tidelift: npm/dunder-proto
+community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
+liberapay: # Replace with a single Liberapay username
+issuehunt: # Replace with a single IssueHunt username
+otechie: # Replace with a single Otechie username
+custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']
diff --git a/src/Servers/ExpressServer/node_modules/dunder-proto/.nycrc b/src/Servers/ExpressServer/node_modules/dunder-proto/.nycrc
new file mode 100644
index 0000000..1826526
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/dunder-proto/.nycrc
@@ -0,0 +1,13 @@
+{
+	"all": true,
+	"check-coverage": false,
+	"reporter": ["text-summary", "text", "html", "json"],
+	"lines": 86,
+	"statements": 85.93,
+	"functions": 82.43,
+	"branches": 76.06,
+	"exclude": [
+		"coverage",
+		"test"
+	]
+}
diff --git a/src/Servers/ExpressServer/node_modules/dunder-proto/CHANGELOG.md b/src/Servers/ExpressServer/node_modules/dunder-proto/CHANGELOG.md
new file mode 100644
index 0000000..9b8b2f8
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/dunder-proto/CHANGELOG.md
@@ -0,0 +1,24 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [v1.0.1](https://github.com/es-shims/dunder-proto/compare/v1.0.0...v1.0.1) - 2024-12-16
+
+### Commits
+
+- [Fix] do not crash when `--disable-proto=throw` [`6c367d9`](https://github.com/es-shims/dunder-proto/commit/6c367d919bc1604778689a297bbdbfea65752847)
+- [Tests] ensure noproto tests only use the current version of dunder-proto [`b02365b`](https://github.com/es-shims/dunder-proto/commit/b02365b9cf889c4a2cac7be0c3cfc90a789af36c)
+- [Dev Deps] update `@arethetypeswrong/cli`, `@types/tape` [`e3c5c3b`](https://github.com/es-shims/dunder-proto/commit/e3c5c3bd81cf8cef7dff2eca19e558f0e307f666)
+- [Deps] update `call-bind-apply-helpers` [`19f1da0`](https://github.com/es-shims/dunder-proto/commit/19f1da028b8dd0d05c85bfd8f7eed2819b686450)
+
+## v1.0.0 - 2024-12-06
+
+### Commits
+
+- Initial implementation, tests, readme, types [`a5b74b0`](https://github.com/es-shims/dunder-proto/commit/a5b74b0082f5270cb0905cd9a2e533cee7498373)
+- Initial commit [`73fb5a3`](https://github.com/es-shims/dunder-proto/commit/73fb5a353b51ac2ab00c9fdeb0114daffd4c07a8)
+- npm init [`80152dc`](https://github.com/es-shims/dunder-proto/commit/80152dc98155da4eb046d9f67a87ed96e8280a1d)
+- Only apps should have lockfiles [`03e6660`](https://github.com/es-shims/dunder-proto/commit/03e6660a1d70dc401f3e217a031475ec537243dd)
diff --git a/src/Servers/ExpressServer/node_modules/dunder-proto/LICENSE b/src/Servers/ExpressServer/node_modules/dunder-proto/LICENSE
new file mode 100644
index 0000000..34995e7
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/dunder-proto/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 ECMAScript Shims
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/dunder-proto/README.md b/src/Servers/ExpressServer/node_modules/dunder-proto/README.md
new file mode 100644
index 0000000..44b80a2
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/dunder-proto/README.md
@@ -0,0 +1,54 @@
+# dunder-proto <sup>[![Version Badge][npm-version-svg]][package-url]</sup>
+
+[![github actions][actions-image]][actions-url]
+[![coverage][codecov-image]][codecov-url]
+[![License][license-image]][license-url]
+[![Downloads][downloads-image]][downloads-url]
+
+[![npm badge][npm-badge-png]][package-url]
+
+If available, the `Object.prototype.__proto__` accessor and mutator, call-bound.
+
+## Getting started
+
+```sh
+npm install --save dunder-proto
+```
+
+## Usage/Examples
+
+```js
+const assert = require('assert');
+const getDunder = require('dunder-proto/get');
+const setDunder = require('dunder-proto/set');
+
+const obj = {};
+
+assert.equal('toString' in obj, true);
+assert.equal(getDunder(obj), Object.prototype);
+
+setDunder(obj, null);
+
+assert.equal('toString' in obj, false);
+assert.equal(getDunder(obj), null);
+```
+
+## Tests
+
+Clone the repo, `npm install`, and run `npm test`
+
+[package-url]: https://npmjs.org/package/dunder-proto
+[npm-version-svg]: https://versionbadg.es/es-shims/dunder-proto.svg
+[deps-svg]: https://david-dm.org/es-shims/dunder-proto.svg
+[deps-url]: https://david-dm.org/es-shims/dunder-proto
+[dev-deps-svg]: https://david-dm.org/es-shims/dunder-proto/dev-status.svg
+[dev-deps-url]: https://david-dm.org/es-shims/dunder-proto#info=devDependencies
+[npm-badge-png]: https://nodei.co/npm/dunder-proto.png?downloads=true&stars=true
+[license-image]: https://img.shields.io/npm/l/dunder-proto.svg
+[license-url]: LICENSE
+[downloads-image]: https://img.shields.io/npm/dm/dunder-proto.svg
+[downloads-url]: https://npm-stat.com/charts.html?package=dunder-proto
+[codecov-image]: https://codecov.io/gh/es-shims/dunder-proto/branch/main/graphs/badge.svg
+[codecov-url]: https://app.codecov.io/gh/es-shims/dunder-proto/
+[actions-image]: https://img.shields.io/endpoint?url=https://github-actions-badge-u3jn4tfpocch.runkit.sh/es-shims/dunder-proto
+[actions-url]: https://github.com/es-shims/dunder-proto/actions
diff --git a/src/Servers/ExpressServer/node_modules/dunder-proto/get.d.ts b/src/Servers/ExpressServer/node_modules/dunder-proto/get.d.ts
new file mode 100644
index 0000000..c7e14d2
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/dunder-proto/get.d.ts
@@ -0,0 +1,5 @@
+declare function getDunderProto(target: {}): object | null;
+
+declare const x: false | typeof getDunderProto;
+
+export = x;
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/dunder-proto/get.js b/src/Servers/ExpressServer/node_modules/dunder-proto/get.js
new file mode 100644
index 0000000..45093df
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/dunder-proto/get.js
@@ -0,0 +1,30 @@
+'use strict';
+
+var callBind = require('call-bind-apply-helpers');
+var gOPD = require('gopd');
+
+var hasProtoAccessor;
+try {
+	// eslint-disable-next-line no-extra-parens, no-proto
+	hasProtoAccessor = /** @type {{ __proto__?: typeof Array.prototype }} */ ([]).__proto__ === Array.prototype;
+} catch (e) {
+	if (!e || typeof e !== 'object' || !('code' in e) || e.code !== 'ERR_PROTO_ACCESS') {
+		throw e;
+	}
+}
+
+// eslint-disable-next-line no-extra-parens
+var desc = !!hasProtoAccessor && gOPD && gOPD(Object.prototype, /** @type {keyof typeof Object.prototype} */ ('__proto__'));
+
+var $Object = Object;
+var $getPrototypeOf = $Object.getPrototypeOf;
+
+/** @type {import('./get')} */
+module.exports = desc && typeof desc.get === 'function'
+	? callBind([desc.get])
+	: typeof $getPrototypeOf === 'function'
+		? /** @type {import('./get')} */ function getDunder(value) {
+			// eslint-disable-next-line eqeqeq
+			return $getPrototypeOf(value == null ? value : $Object(value));
+		}
+		: false;
diff --git a/src/Servers/ExpressServer/node_modules/dunder-proto/package.json b/src/Servers/ExpressServer/node_modules/dunder-proto/package.json
new file mode 100644
index 0000000..04a4036
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/dunder-proto/package.json
@@ -0,0 +1,76 @@
+{
+	"name": "dunder-proto",
+	"version": "1.0.1",
+	"description": "If available, the `Object.prototype.__proto__` accessor and mutator, call-bound",
+	"main": false,
+	"exports": {
+		"./get": "./get.js",
+		"./set": "./set.js",
+		"./package.json": "./package.json"
+	},
+	"sideEffects": false,
+	"scripts": {
+		"prepack": "npmignore --auto --commentLines=autogenerated",
+		"prepublish": "not-in-publish || npm run prepublishOnly",
+		"prepublishOnly": "safe-publish-latest",
+		"prelint": "evalmd README.md",
+		"lint": "eslint --ext=.js,.mjs .",
+		"postlint": "tsc -p . && attw -P",
+		"pretest": "npm run lint",
+		"tests-only": "nyc tape 'test/**/*.js'",
+		"test": "npm run tests-only",
+		"posttest": "npx npm@'>= 10.2' audit --production",
+		"version": "auto-changelog && git add CHANGELOG.md",
+		"postversion": "auto-changelog && git add CHANGELOG.md && git commit --no-edit --amend && git tag -f \"v$(node -e \"console.log(require('./package.json').version)\")\""
+	},
+	"repository": {
+		"type": "git",
+		"url": "git+https://github.com/es-shims/dunder-proto.git"
+	},
+	"author": "Jordan Harband <ljharb@gmail.com>",
+	"license": "MIT",
+	"bugs": {
+		"url": "https://github.com/es-shims/dunder-proto/issues"
+	},
+	"homepage": "https://github.com/es-shims/dunder-proto#readme",
+	"dependencies": {
+		"call-bind-apply-helpers": "^1.0.1",
+		"es-errors": "^1.3.0",
+		"gopd": "^1.2.0"
+	},
+	"devDependencies": {
+		"@arethetypeswrong/cli": "^0.17.1",
+		"@ljharb/eslint-config": "^21.1.1",
+		"@ljharb/tsconfig": "^0.2.2",
+		"@types/tape": "^5.7.0",
+		"auto-changelog": "^2.5.0",
+		"encoding": "^0.1.13",
+		"eslint": "=8.8.0",
+		"evalmd": "^0.0.19",
+		"in-publish": "^2.0.1",
+		"npmignore": "^0.3.1",
+		"nyc": "^10.3.2",
+		"safe-publish-latest": "^2.0.0",
+		"tape": "^5.9.0",
+		"typescript": "next"
+	},
+	"auto-changelog": {
+		"output": "CHANGELOG.md",
+		"template": "keepachangelog",
+		"unreleased": false,
+		"commitLimit": false,
+		"backfillLimit": false,
+		"hideCredit": true
+	},
+	"testling": {
+		"files": "test/index.js"
+	},
+	"publishConfig": {
+		"ignore": [
+			".github/workflows"
+		]
+	},
+	"engines": {
+		"node": ">= 0.4"
+	}
+}
diff --git a/src/Servers/ExpressServer/node_modules/dunder-proto/set.d.ts b/src/Servers/ExpressServer/node_modules/dunder-proto/set.d.ts
new file mode 100644
index 0000000..16bfdfe
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/dunder-proto/set.d.ts
@@ -0,0 +1,5 @@
+declare function setDunderProto<P extends null | object>(target: {}, proto: P): P;
+
+declare const x: false | typeof setDunderProto;
+
+export = x;
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/dunder-proto/set.js b/src/Servers/ExpressServer/node_modules/dunder-proto/set.js
new file mode 100644
index 0000000..6085b6e
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/dunder-proto/set.js
@@ -0,0 +1,35 @@
+'use strict';
+
+var callBind = require('call-bind-apply-helpers');
+var gOPD = require('gopd');
+var $TypeError = require('es-errors/type');
+
+/** @type {{ __proto__?: object | null }} */
+var obj = {};
+try {
+	obj.__proto__ = null; // eslint-disable-line no-proto
+} catch (e) {
+	if (!e || typeof e !== 'object' || !('code' in e) || e.code !== 'ERR_PROTO_ACCESS') {
+		throw e;
+	}
+}
+
+var hasProtoMutator = !('toString' in obj);
+
+// eslint-disable-next-line no-extra-parens
+var desc = gOPD && gOPD(Object.prototype, /** @type {keyof typeof Object.prototype} */ ('__proto__'));
+
+/** @type {import('./set')} */
+module.exports = hasProtoMutator && (
+// eslint-disable-next-line no-extra-parens
+	(!!desc && typeof desc.set === 'function' && /** @type {import('./set')} */ (callBind([desc.set])))
+	|| /** @type {import('./set')} */ function setDunder(object, proto) {
+		// this is node v0.10 or older, which doesn't have Object.setPrototypeOf and has undeniable __proto__
+		if (object == null) { // eslint-disable-line eqeqeq
+			throw new $TypeError('set Object.prototype.__proto__ called on null or undefined');
+		}
+		// eslint-disable-next-line no-proto, no-param-reassign, no-extra-parens
+		/** @type {{ __proto__?: object | null }} */ (object).__proto__ = proto;
+		return proto;
+	}
+);
diff --git a/src/Servers/ExpressServer/node_modules/dunder-proto/test/get.js b/src/Servers/ExpressServer/node_modules/dunder-proto/test/get.js
new file mode 100644
index 0000000..253f183
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/dunder-proto/test/get.js
@@ -0,0 +1,34 @@
+'use strict';
+
+var test = require('tape');
+
+var getDunderProto = require('../get');
+
+test('getDunderProto', { skip: !getDunderProto }, function (t) {
+	if (!getDunderProto) {
+		throw 'should never happen; this is just for type narrowing'; // eslint-disable-line no-throw-literal
+	}
+
+	// @ts-expect-error
+	t['throws'](function () { getDunderProto(); }, TypeError, 'throws if no argument');
+	// @ts-expect-error
+	t['throws'](function () { getDunderProto(undefined); }, TypeError, 'throws with undefined');
+	// @ts-expect-error
+	t['throws'](function () { getDunderProto(null); }, TypeError, 'throws with null');
+
+	t.equal(getDunderProto({}), Object.prototype);
+	t.equal(getDunderProto([]), Array.prototype);
+	t.equal(getDunderProto(function () {}), Function.prototype);
+	t.equal(getDunderProto(/./g), RegExp.prototype);
+	t.equal(getDunderProto(42), Number.prototype);
+	t.equal(getDunderProto(true), Boolean.prototype);
+	t.equal(getDunderProto('foo'), String.prototype);
+
+	t.end();
+});
+
+test('no dunder proto', { skip: !!getDunderProto }, function (t) {
+	t.notOk('__proto__' in Object.prototype, 'no __proto__ in Object.prototype');
+
+	t.end();
+});
diff --git a/src/Servers/ExpressServer/node_modules/dunder-proto/test/index.js b/src/Servers/ExpressServer/node_modules/dunder-proto/test/index.js
new file mode 100644
index 0000000..08ff36f
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/dunder-proto/test/index.js
@@ -0,0 +1,4 @@
+'use strict';
+
+require('./get');
+require('./set');
diff --git a/src/Servers/ExpressServer/node_modules/dunder-proto/test/set.js b/src/Servers/ExpressServer/node_modules/dunder-proto/test/set.js
new file mode 100644
index 0000000..c3bfe4d
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/dunder-proto/test/set.js
@@ -0,0 +1,50 @@
+'use strict';
+
+var test = require('tape');
+
+var setDunderProto = require('../set');
+
+test('setDunderProto', { skip: !setDunderProto }, function (t) {
+	if (!setDunderProto) {
+		throw 'should never happen; this is just for type narrowing'; // eslint-disable-line no-throw-literal
+	}
+
+	// @ts-expect-error
+	t['throws'](function () { setDunderProto(); }, TypeError, 'throws if no arguments');
+	// @ts-expect-error
+	t['throws'](function () { setDunderProto(undefined); }, TypeError, 'throws with undefined and nothing');
+	// @ts-expect-error
+	t['throws'](function () { setDunderProto(undefined, undefined); }, TypeError, 'throws with undefined and undefined');
+	// @ts-expect-error
+	t['throws'](function () { setDunderProto(null); }, TypeError, 'throws with null and undefined');
+	// @ts-expect-error
+	t['throws'](function () { setDunderProto(null, undefined); }, TypeError, 'throws with null and undefined');
+
+	/** @type {{ inherited?: boolean }} */
+	var obj = {};
+	t.ok('toString' in obj, 'object initially has toString');
+
+	setDunderProto(obj, null);
+	t.notOk('toString' in obj, 'object no longer has toString');
+
+	t.notOk('inherited' in obj, 'object lacks inherited property');
+	setDunderProto(obj, { inherited: true });
+	t.equal(obj.inherited, true, 'object has inherited property');
+
+	t.end();
+});
+
+test('no dunder proto', { skip: !!setDunderProto }, function (t) {
+	if ('__proto__' in Object.prototype) {
+		t['throws'](
+			// @ts-expect-error
+			function () { ({}).__proto__ = null; }, // eslint-disable-line no-proto
+			Error,
+			'throws when setting Object.prototype.__proto__'
+		);
+	} else {
+		t.notOk('__proto__' in Object.prototype, 'no __proto__ in Object.prototype');
+	}
+
+	t.end();
+});
diff --git a/src/Servers/ExpressServer/node_modules/dunder-proto/tsconfig.json b/src/Servers/ExpressServer/node_modules/dunder-proto/tsconfig.json
new file mode 100644
index 0000000..dabbe23
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/dunder-proto/tsconfig.json
@@ -0,0 +1,9 @@
+{
+	"extends": "@ljharb/tsconfig",
+	"compilerOptions": {
+		"target": "ES2021",
+	},
+	"exclude": [
+		"coverage",
+	],
+}
diff --git a/src/Servers/ExpressServer/node_modules/ee-first/LICENSE b/src/Servers/ExpressServer/node_modules/ee-first/LICENSE
new file mode 100644
index 0000000..a7ae8ee
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/ee-first/LICENSE
@@ -0,0 +1,22 @@
+
+The MIT License (MIT)
+
+Copyright (c) 2014 Jonathan Ong me@jongleberry.com
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/ee-first/README.md b/src/Servers/ExpressServer/node_modules/ee-first/README.md
new file mode 100644
index 0000000..cbd2478
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/ee-first/README.md
@@ -0,0 +1,80 @@
+# EE First
+
+[![NPM version][npm-image]][npm-url]
+[![Build status][travis-image]][travis-url]
+[![Test coverage][coveralls-image]][coveralls-url]
+[![License][license-image]][license-url]
+[![Downloads][downloads-image]][downloads-url]
+[![Gittip][gittip-image]][gittip-url]
+
+Get the first event in a set of event emitters and event pairs,
+then clean up after itself.
+
+## Install
+
+```sh
+$ npm install ee-first
+```
+
+## API
+
+```js
+var first = require('ee-first')
+```
+
+### first(arr, listener)
+
+Invoke `listener` on the first event from the list specified in `arr`. `arr` is
+an array of arrays, with each array in the format `[ee, ...event]`. `listener`
+will be called only once, the first time any of the given events are emitted. If
+`error` is one of the listened events, then if that fires first, the `listener`
+will be given the `err` argument.
+
+The `listener` is invoked as `listener(err, ee, event, args)`, where `err` is the
+first argument emitted from an `error` event, if applicable; `ee` is the event
+emitter that fired; `event` is the string event name that fired; and `args` is an
+array of the arguments that were emitted on the event.
+
+```js
+var ee1 = new EventEmitter()
+var ee2 = new EventEmitter()
+
+first([
+  [ee1, 'close', 'end', 'error'],
+  [ee2, 'error']
+], function (err, ee, event, args) {
+  // listener invoked
+})
+```
+
+#### .cancel()
+
+The group of listeners can be cancelled before being invoked and have all the event
+listeners removed from the underlying event emitters.
+
+```js
+var thunk = first([
+  [ee1, 'close', 'end', 'error'],
+  [ee2, 'error']
+], function (err, ee, event, args) {
+  // listener invoked
+})
+
+// cancel and clean up
+thunk.cancel()
+```
+
+[npm-image]: https://img.shields.io/npm/v/ee-first.svg?style=flat-square
+[npm-url]: https://npmjs.org/package/ee-first
+[github-tag]: http://img.shields.io/github/tag/jonathanong/ee-first.svg?style=flat-square
+[github-url]: https://github.com/jonathanong/ee-first/tags
+[travis-image]: https://img.shields.io/travis/jonathanong/ee-first.svg?style=flat-square
+[travis-url]: https://travis-ci.org/jonathanong/ee-first
+[coveralls-image]: https://img.shields.io/coveralls/jonathanong/ee-first.svg?style=flat-square
+[coveralls-url]: https://coveralls.io/r/jonathanong/ee-first?branch=master
+[license-image]: http://img.shields.io/npm/l/ee-first.svg?style=flat-square
+[license-url]: LICENSE.md
+[downloads-image]: http://img.shields.io/npm/dm/ee-first.svg?style=flat-square
+[downloads-url]: https://npmjs.org/package/ee-first
+[gittip-image]: https://img.shields.io/gittip/jonathanong.svg?style=flat-square
+[gittip-url]: https://www.gittip.com/jonathanong/
diff --git a/src/Servers/ExpressServer/node_modules/ee-first/index.js b/src/Servers/ExpressServer/node_modules/ee-first/index.js
new file mode 100644
index 0000000..501287c
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/ee-first/index.js
@@ -0,0 +1,95 @@
+/*!
+ * ee-first
+ * Copyright(c) 2014 Jonathan Ong
+ * MIT Licensed
+ */
+
+'use strict'
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = first
+
+/**
+ * Get the first event in a set of event emitters and event pairs.
+ *
+ * @param {array} stuff
+ * @param {function} done
+ * @public
+ */
+
+function first(stuff, done) {
+  if (!Array.isArray(stuff))
+    throw new TypeError('arg must be an array of [ee, events...] arrays')
+
+  var cleanups = []
+
+  for (var i = 0; i < stuff.length; i++) {
+    var arr = stuff[i]
+
+    if (!Array.isArray(arr) || arr.length < 2)
+      throw new TypeError('each array member must be [ee, events...]')
+
+    var ee = arr[0]
+
+    for (var j = 1; j < arr.length; j++) {
+      var event = arr[j]
+      var fn = listener(event, callback)
+
+      // listen to the event
+      ee.on(event, fn)
+      // push this listener to the list of cleanups
+      cleanups.push({
+        ee: ee,
+        event: event,
+        fn: fn,
+      })
+    }
+  }
+
+  function callback() {
+    cleanup()
+    done.apply(null, arguments)
+  }
+
+  function cleanup() {
+    var x
+    for (var i = 0; i < cleanups.length; i++) {
+      x = cleanups[i]
+      x.ee.removeListener(x.event, x.fn)
+    }
+  }
+
+  function thunk(fn) {
+    done = fn
+  }
+
+  thunk.cancel = cleanup
+
+  return thunk
+}
+
+/**
+ * Create the event listener.
+ * @private
+ */
+
+function listener(event, done) {
+  return function onevent(arg1) {
+    var args = new Array(arguments.length)
+    var ee = this
+    var err = event === 'error'
+      ? arg1
+      : null
+
+    // copy args to prevent arguments escaping scope
+    for (var i = 0; i < args.length; i++) {
+      args[i] = arguments[i]
+    }
+
+    done(err, ee, event, args)
+  }
+}
diff --git a/src/Servers/ExpressServer/node_modules/ee-first/package.json b/src/Servers/ExpressServer/node_modules/ee-first/package.json
new file mode 100644
index 0000000..b6d0b7d
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/ee-first/package.json
@@ -0,0 +1,29 @@
+{
+  "name": "ee-first",
+  "description": "return the first event in a set of ee/event pairs",
+  "version": "1.1.1",
+  "author": {
+    "name": "Jonathan Ong",
+    "email": "me@jongleberry.com",
+    "url": "http://jongleberry.com",
+    "twitter": "https://twitter.com/jongleberry"
+  },
+  "contributors": [
+    "Douglas Christopher Wilson <doug@somethingdoug.com>"
+  ],
+  "license": "MIT",
+  "repository": "jonathanong/ee-first",
+  "devDependencies": {
+    "istanbul": "0.3.9",
+    "mocha": "2.2.5"
+  },
+  "files": [
+    "index.js",
+    "LICENSE"
+  ],
+  "scripts": {
+    "test": "mocha --reporter spec --bail --check-leaks test/",
+    "test-cov": "istanbul cover node_modules/mocha/bin/_mocha -- --reporter dot --check-leaks test/",
+    "test-travis": "istanbul cover node_modules/mocha/bin/_mocha --report lcovonly -- --reporter spec --check-leaks test/"
+  }
+}
diff --git a/src/Servers/ExpressServer/node_modules/encodeurl/LICENSE b/src/Servers/ExpressServer/node_modules/encodeurl/LICENSE
new file mode 100644
index 0000000..8812229
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/encodeurl/LICENSE
@@ -0,0 +1,22 @@
+(The MIT License)
+
+Copyright (c) 2016 Douglas Christopher Wilson
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/encodeurl/README.md b/src/Servers/ExpressServer/node_modules/encodeurl/README.md
new file mode 100644
index 0000000..3842493
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/encodeurl/README.md
@@ -0,0 +1,109 @@
+# Encode URL
+
+Encode a URL to a percent-encoded form, excluding already-encoded sequences.
+
+## Installation
+
+```sh
+npm install encodeurl
+```
+
+## API
+
+```js
+var encodeUrl = require('encodeurl')
+```
+
+### encodeUrl(url)
+
+Encode a URL to a percent-encoded form, excluding already-encoded sequences.
+
+This function accepts a URL and encodes all the non-URL code points (as UTF-8 byte sequences). It will not encode the "%" character unless it is not part of a valid sequence (`%20` will be left as-is, but `%foo` will be encoded as `%25foo`).
+
+This encode is meant to be "safe" and does not throw errors. It will try as hard as it can to properly encode the given URL, including replacing any raw, unpaired surrogate pairs with the Unicode replacement character prior to encoding.
+
+## Examples
+
+### Encode a URL containing user-controlled data
+
+```js
+var encodeUrl = require('encodeurl')
+var escapeHtml = require('escape-html')
+
+http.createServer(function onRequest (req, res) {
+  // get encoded form of inbound url
+  var url = encodeUrl(req.url)
+
+  // create html message
+  var body = '<p>Location ' + escapeHtml(url) + ' not found</p>'
+
+  // send a 404
+  res.statusCode = 404
+  res.setHeader('Content-Type', 'text/html; charset=UTF-8')
+  res.setHeader('Content-Length', String(Buffer.byteLength(body, 'utf-8')))
+  res.end(body, 'utf-8')
+})
+```
+
+### Encode a URL for use in a header field
+
+```js
+var encodeUrl = require('encodeurl')
+var escapeHtml = require('escape-html')
+var url = require('url')
+
+http.createServer(function onRequest (req, res) {
+  // parse inbound url
+  var href = url.parse(req)
+
+  // set new host for redirect
+  href.host = 'localhost'
+  href.protocol = 'https:'
+  href.slashes = true
+
+  // create location header
+  var location = encodeUrl(url.format(href))
+
+  // create html message
+  var body = '<p>Redirecting to new site: ' + escapeHtml(location) + '</p>'
+
+  // send a 301
+  res.statusCode = 301
+  res.setHeader('Content-Type', 'text/html; charset=UTF-8')
+  res.setHeader('Content-Length', String(Buffer.byteLength(body, 'utf-8')))
+  res.setHeader('Location', location)
+  res.end(body, 'utf-8')
+})
+```
+
+## Similarities
+
+This function is _similar_ to the intrinsic function `encodeURI`. However, it will not encode:
+
+* The `\`, `^`, or `|` characters
+* The `%` character when it's part of a valid sequence
+* `[` and `]` (for IPv6 hostnames)
+* Replaces raw, unpaired surrogate pairs with the Unicode replacement character
+
+As a result, the encoding aligns closely with the behavior in the [WHATWG URL specification][whatwg-url]. However, this package only encodes strings and does not do any URL parsing or formatting.
+
+It is expected that any output from `new URL(url)` will not change when used with this package, as the output has already been encoded. Additionally, if we were to encode before `new URL(url)`, we do not expect the before and after encoded formats to be parsed any differently.
+
+## Testing
+
+```sh
+$ npm test
+$ npm run lint
+```
+
+## References
+
+- [RFC 3986: Uniform Resource Identifier (URI): Generic Syntax][rfc-3986]
+- [WHATWG URL Living Standard][whatwg-url]
+
+[rfc-3986]: https://tools.ietf.org/html/rfc3986
+[whatwg-url]: https://url.spec.whatwg.org/
+
+## License
+
+[MIT](LICENSE)
diff --git a/src/Servers/ExpressServer/node_modules/encodeurl/index.js b/src/Servers/ExpressServer/node_modules/encodeurl/index.js
new file mode 100644
index 0000000..a49ee5a
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/encodeurl/index.js
@@ -0,0 +1,60 @@
+/*!
+ * encodeurl
+ * Copyright(c) 2016 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict'
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = encodeUrl
+
+/**
+ * RegExp to match non-URL code points, *after* encoding (i.e. not including "%")
+ * and including invalid escape sequences.
+ * @private
+ */
+
+var ENCODE_CHARS_REGEXP = /(?:[^\x21\x23-\x3B\x3D\x3F-\x5F\x61-\x7A\x7C\x7E]|%(?:[^0-9A-Fa-f]|[0-9A-Fa-f][^0-9A-Fa-f]|$))+/g
+
+/**
+ * RegExp to match unmatched surrogate pair.
+ * @private
+ */
+
+var UNMATCHED_SURROGATE_PAIR_REGEXP = /(^|[^\uD800-\uDBFF])[\uDC00-\uDFFF]|[\uD800-\uDBFF]([^\uDC00-\uDFFF]|$)/g
+
+/**
+ * String to replace unmatched surrogate pair with.
+ * @private
+ */
+
+var UNMATCHED_SURROGATE_PAIR_REPLACE = '$1\uFFFD$2'
+
+/**
+ * Encode a URL to a percent-encoded form, excluding already-encoded sequences.
+ *
+ * This function will take an already-encoded URL and encode all the non-URL
+ * code points. This function will not encode the "%" character unless it is
+ * not part of a valid sequence (`%20` will be left as-is, but `%foo` will
+ * be encoded as `%25foo`).
+ *
+ * This encode is meant to be "safe" and does not throw errors. It will try as
+ * hard as it can to properly encode the given URL, including replacing any raw,
+ * unpaired surrogate pairs with the Unicode replacement character prior to
+ * encoding.
+ *
+ * @param {string} url
+ * @return {string}
+ * @public
+ */
+
+function encodeUrl (url) {
+  return String(url)
+    .replace(UNMATCHED_SURROGATE_PAIR_REGEXP, UNMATCHED_SURROGATE_PAIR_REPLACE)
+    .replace(ENCODE_CHARS_REGEXP, encodeURI)
+}
diff --git a/src/Servers/ExpressServer/node_modules/encodeurl/package.json b/src/Servers/ExpressServer/node_modules/encodeurl/package.json
new file mode 100644
index 0000000..3133822
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/encodeurl/package.json
@@ -0,0 +1,40 @@
+{
+  "name": "encodeurl",
+  "description": "Encode a URL to a percent-encoded form, excluding already-encoded sequences",
+  "version": "2.0.0",
+  "contributors": [
+    "Douglas Christopher Wilson <doug@somethingdoug.com>"
+  ],
+  "license": "MIT",
+  "keywords": [
+    "encode",
+    "encodeurl",
+    "url"
+  ],
+  "repository": "pillarjs/encodeurl",
+  "devDependencies": {
+    "eslint": "5.11.1",
+    "eslint-config-standard": "12.0.0",
+    "eslint-plugin-import": "2.14.0",
+    "eslint-plugin-node": "7.0.1",
+    "eslint-plugin-promise": "4.0.1",
+    "eslint-plugin-standard": "4.0.0",
+    "istanbul": "0.4.5",
+    "mocha": "2.5.3"
+  },
+  "files": [
+    "LICENSE",
+    "HISTORY.md",
+    "README.md",
+    "index.js"
+  ],
+  "engines": {
+    "node": ">= 0.8"
+  },
+  "scripts": {
+    "lint": "eslint .",
+    "test": "mocha --reporter spec --bail --check-leaks test/",
+    "test-cov": "istanbul cover node_modules/mocha/bin/_mocha -- --reporter dot --check-leaks test/",
+    "test-travis": "istanbul cover node_modules/mocha/bin/_mocha --report lcovonly -- --reporter spec --check-leaks test/"
+  }
+}
diff --git a/src/Servers/ExpressServer/node_modules/es-define-property/.eslintrc b/src/Servers/ExpressServer/node_modules/es-define-property/.eslintrc
new file mode 100644
index 0000000..46f3b12
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/es-define-property/.eslintrc
@@ -0,0 +1,13 @@
+{
+	"root": true,
+
+	"extends": "@ljharb",
+
+	"rules": {
+		"new-cap": ["error", {
+			"capIsNewExceptions": [
+				"GetIntrinsic",
+			],
+		}],
+	},
+}
diff --git a/src/Servers/ExpressServer/node_modules/es-define-property/.github/FUNDING.yml b/src/Servers/ExpressServer/node_modules/es-define-property/.github/FUNDING.yml
new file mode 100644
index 0000000..4445451
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/es-define-property/.github/FUNDING.yml
@@ -0,0 +1,12 @@
+# These are supported funding model platforms
+
+github: [ljharb]
+patreon: # Replace with a single Patreon username
+open_collective: # Replace with a single Open Collective username
+ko_fi: # Replace with a single Ko-fi username
+tidelift: npm/es-define-property
+community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
+liberapay: # Replace with a single Liberapay username
+issuehunt: # Replace with a single IssueHunt username
+otechie: # Replace with a single Otechie username
+custom: # Replace with a single custom sponsorship URL
diff --git a/src/Servers/ExpressServer/node_modules/es-define-property/.nycrc b/src/Servers/ExpressServer/node_modules/es-define-property/.nycrc
new file mode 100644
index 0000000..bdd626c
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/es-define-property/.nycrc
@@ -0,0 +1,9 @@
+{
+	"all": true,
+	"check-coverage": false,
+	"reporter": ["text-summary", "text", "html", "json"],
+	"exclude": [
+		"coverage",
+		"test"
+	]
+}
diff --git a/src/Servers/ExpressServer/node_modules/es-define-property/CHANGELOG.md b/src/Servers/ExpressServer/node_modules/es-define-property/CHANGELOG.md
new file mode 100644
index 0000000..5f60cc0
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/es-define-property/CHANGELOG.md
@@ -0,0 +1,29 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [v1.0.1](https://github.com/ljharb/es-define-property/compare/v1.0.0...v1.0.1) - 2024-12-06
+
+### Commits
+
+- [types] use shared tsconfig [`954a663`](https://github.com/ljharb/es-define-property/commit/954a66360326e508a0e5daa4b07493d58f5e110e)
+- [actions] split out node 10-20, and 20+ [`3a8e84b`](https://github.com/ljharb/es-define-property/commit/3a8e84b23883f26ff37b3e82ff283834228e18c6)
+- [Dev Deps] update `@ljharb/eslint-config`, `@ljharb/tsconfig`, `@types/get-intrinsic`, `@types/tape`, `auto-changelog`, `gopd`, `tape` [`86ae27b`](https://github.com/ljharb/es-define-property/commit/86ae27bb8cc857b23885136fad9cbe965ae36612)
+- [Refactor] avoid using `get-intrinsic` [`02480c0`](https://github.com/ljharb/es-define-property/commit/02480c0353ef6118965282977c3864aff53d98b1)
+- [Tests] replace `aud` with `npm audit` [`f6093ff`](https://github.com/ljharb/es-define-property/commit/f6093ff74ab51c98015c2592cd393bd42478e773)
+- [Tests] configure testling [`7139e66`](https://github.com/ljharb/es-define-property/commit/7139e66959247a56086d9977359caef27c6849e7)
+- [Dev Deps] update `tape` [`b901b51`](https://github.com/ljharb/es-define-property/commit/b901b511a75e001a40ce1a59fef7d9ffcfc87482)
+- [Tests] fix types in tests [`469d269`](https://github.com/ljharb/es-define-property/commit/469d269fd141b1e773ec053a9fa35843493583e0)
+- [Dev Deps] add missing peer dep [`733acfb`](https://github.com/ljharb/es-define-property/commit/733acfb0c4c96edf337e470b89a25a5b3724c352)
+
+## v1.0.0 - 2024-02-12
+
+### Commits
+
+- Initial implementation, tests, readme, types [`3e154e1`](https://github.com/ljharb/es-define-property/commit/3e154e11a2fee09127220f5e503bf2c0a31dd480)
+- Initial commit [`07d98de`](https://github.com/ljharb/es-define-property/commit/07d98de34a4dc31ff5e83a37c0c3f49e0d85cd50)
+- npm init [`c4eb634`](https://github.com/ljharb/es-define-property/commit/c4eb6348b0d3886aac36cef34ad2ee0665ea6f3e)
+- Only apps should have lockfiles [`7af86ec`](https://github.com/ljharb/es-define-property/commit/7af86ec1d311ec0b17fdfe616a25f64276903856)
diff --git a/src/Servers/ExpressServer/node_modules/es-define-property/LICENSE b/src/Servers/ExpressServer/node_modules/es-define-property/LICENSE
new file mode 100644
index 0000000..f82f389
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/es-define-property/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 Jordan Harband
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/es-define-property/README.md b/src/Servers/ExpressServer/node_modules/es-define-property/README.md
new file mode 100644
index 0000000..9b291bd
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/es-define-property/README.md
@@ -0,0 +1,49 @@
+# es-define-property <sup>[![Version Badge][npm-version-svg]][package-url]</sup>
+
+[![github actions][actions-image]][actions-url]
+[![coverage][codecov-image]][codecov-url]
+[![License][license-image]][license-url]
+[![Downloads][downloads-image]][downloads-url]
+
+[![npm badge][npm-badge-png]][package-url]
+
+`Object.defineProperty`, but not IE 8's broken one.
+
+## Example
+
+```js
+const assert = require('assert');
+
+const $defineProperty = require('es-define-property');
+
+if ($defineProperty) {
+    assert.equal($defineProperty, Object.defineProperty);
+} else if (Object.defineProperty) {
+    assert.equal($defineProperty, false, 'this is IE 8');
+} else {
+    assert.equal($defineProperty, false, 'this is an ES3 engine');
+}
+```
+
+## Tests
+Simply clone the repo, `npm install`, and run `npm test`
+
+## Security
+
+Please email [@ljharb](https://github.com/ljharb) or see https://tidelift.com/security if you have a potential security vulnerability to report.
+
+[package-url]: https://npmjs.org/package/es-define-property
+[npm-version-svg]: https://versionbadg.es/ljharb/es-define-property.svg
+[deps-svg]: https://david-dm.org/ljharb/es-define-property.svg
+[deps-url]: https://david-dm.org/ljharb/es-define-property
+[dev-deps-svg]: https://david-dm.org/ljharb/es-define-property/dev-status.svg
+[dev-deps-url]: https://david-dm.org/ljharb/es-define-property#info=devDependencies
+[npm-badge-png]: https://nodei.co/npm/es-define-property.png?downloads=true&stars=true
+[license-image]: https://img.shields.io/npm/l/es-define-property.svg
+[license-url]: LICENSE
+[downloads-image]: https://img.shields.io/npm/dm/es-define-property.svg
+[downloads-url]: https://npm-stat.com/charts.html?package=es-define-property
+[codecov-image]: https://codecov.io/gh/ljharb/es-define-property/branch/main/graphs/badge.svg
+[codecov-url]: https://app.codecov.io/gh/ljharb/es-define-property/
+[actions-image]: https://img.shields.io/endpoint?url=https://github-actions-badge-u3jn4tfpocch.runkit.sh/ljharb/es-define-property
+[actions-url]: https://github.com/ljharb/es-define-property/actions
diff --git a/src/Servers/ExpressServer/node_modules/es-define-property/index.d.ts b/src/Servers/ExpressServer/node_modules/es-define-property/index.d.ts
new file mode 100644
index 0000000..6012247
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/es-define-property/index.d.ts
@@ -0,0 +1,3 @@
+declare const defineProperty: false | typeof Object.defineProperty;
+
+export = defineProperty;
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/es-define-property/index.js b/src/Servers/ExpressServer/node_modules/es-define-property/index.js
new file mode 100644
index 0000000..e0a2925
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/es-define-property/index.js
@@ -0,0 +1,14 @@
+'use strict';
+
+/** @type {import('.')} */
+var $defineProperty = Object.defineProperty || false;
+if ($defineProperty) {
+	try {
+		$defineProperty({}, 'a', { value: 1 });
+	} catch (e) {
+		// IE 8 has a broken defineProperty
+		$defineProperty = false;
+	}
+}
+
+module.exports = $defineProperty;
diff --git a/src/Servers/ExpressServer/node_modules/es-define-property/package.json b/src/Servers/ExpressServer/node_modules/es-define-property/package.json
new file mode 100644
index 0000000..fbed187
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/es-define-property/package.json
@@ -0,0 +1,81 @@
+{
+	"name": "es-define-property",
+	"version": "1.0.1",
+	"description": "`Object.defineProperty`, but not IE 8's broken one.",
+	"main": "index.js",
+	"types": "./index.d.ts",
+	"exports": {
+		".": "./index.js",
+		"./package.json": "./package.json"
+	},
+	"sideEffects": false,
+	"scripts": {
+		"prepack": "npmignore --auto --commentLines=autogenerated",
+		"prepublish": "not-in-publish || npm run prepublishOnly",
+		"prepublishOnly": "safe-publish-latest",
+		"prelint": "evalmd README.md",
+		"lint": "eslint --ext=js,mjs .",
+		"postlint": "tsc -p .",
+		"pretest": "npm run lint",
+		"tests-only": "nyc tape 'test/**/*.js'",
+		"test": "npm run tests-only",
+		"posttest": "npx npm@'>= 10.2' audit --production",
+		"version": "auto-changelog && git add CHANGELOG.md",
+		"postversion": "auto-changelog && git add CHANGELOG.md && git commit --no-edit --amend && git tag -f \"v$(node -e \"console.log(require('./package.json').version)\")\""
+	},
+	"repository": {
+		"type": "git",
+		"url": "git+https://github.com/ljharb/es-define-property.git"
+	},
+	"keywords": [
+		"javascript",
+		"ecmascript",
+		"object",
+		"define",
+		"property",
+		"defineProperty",
+		"Object.defineProperty"
+	],
+	"author": "Jordan Harband <ljharb@gmail.com>",
+	"license": "MIT",
+	"bugs": {
+		"url": "https://github.com/ljharb/es-define-property/issues"
+	},
+	"homepage": "https://github.com/ljharb/es-define-property#readme",
+	"devDependencies": {
+		"@ljharb/eslint-config": "^21.1.1",
+		"@ljharb/tsconfig": "^0.2.2",
+		"@types/gopd": "^1.0.3",
+		"@types/tape": "^5.6.5",
+		"auto-changelog": "^2.5.0",
+		"encoding": "^0.1.13",
+		"eslint": "^8.8.0",
+		"evalmd": "^0.0.19",
+		"gopd": "^1.2.0",
+		"in-publish": "^2.0.1",
+		"npmignore": "^0.3.1",
+		"nyc": "^10.3.2",
+		"safe-publish-latest": "^2.0.0",
+		"tape": "^5.9.0",
+		"typescript": "next"
+	},
+	"engines": {
+		"node": ">= 0.4"
+	},
+	"testling": {
+		"files": "test/index.js"
+	},
+	"auto-changelog": {
+		"output": "CHANGELOG.md",
+		"template": "keepachangelog",
+		"unreleased": false,
+		"commitLimit": false,
+		"backfillLimit": false,
+		"hideCredit": true
+	},
+	"publishConfig": {
+		"ignore": [
+			".github/workflows"
+		]
+	}
+}
diff --git a/src/Servers/ExpressServer/node_modules/es-define-property/test/index.js b/src/Servers/ExpressServer/node_modules/es-define-property/test/index.js
new file mode 100644
index 0000000..b4b4688
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/es-define-property/test/index.js
@@ -0,0 +1,56 @@
+'use strict';
+
+var $defineProperty = require('../');
+
+var test = require('tape');
+var gOPD = require('gopd');
+
+test('defineProperty: supported', { skip: !$defineProperty }, function (t) {
+	t.plan(4);
+
+	t.equal(typeof $defineProperty, 'function', 'defineProperty is supported');
+	if ($defineProperty && gOPD) { // this `if` check is just to shut TS up
+		/** @type {{ a: number, b?: number, c?: number }} */
+		var o = { a: 1 };
+
+		$defineProperty(o, 'b', { enumerable: true, value: 2 });
+		t.deepEqual(
+			gOPD(o, 'b'),
+			{
+				configurable: false,
+				enumerable: true,
+				value: 2,
+				writable: false
+			},
+			'property descriptor is as expected'
+		);
+
+		$defineProperty(o, 'c', { enumerable: false, value: 3, writable: true });
+		t.deepEqual(
+			gOPD(o, 'c'),
+			{
+				configurable: false,
+				enumerable: false,
+				value: 3,
+				writable: true
+			},
+			'property descriptor is as expected'
+		);
+	}
+
+	t.equal($defineProperty, Object.defineProperty, 'defineProperty is Object.defineProperty');
+
+	t.end();
+});
+
+test('defineProperty: not supported', { skip: !!$defineProperty }, function (t) {
+	t.notOk($defineProperty, 'defineProperty is not supported');
+
+	t.match(
+		typeof $defineProperty,
+		/^(?:undefined|boolean)$/,
+		'`typeof defineProperty` is `undefined` or `boolean`'
+	);
+
+	t.end();
+});
diff --git a/src/Servers/ExpressServer/node_modules/es-define-property/tsconfig.json b/src/Servers/ExpressServer/node_modules/es-define-property/tsconfig.json
new file mode 100644
index 0000000..5a49992
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/es-define-property/tsconfig.json
@@ -0,0 +1,10 @@
+{
+	"extends": "@ljharb/tsconfig",
+	"compilerOptions": {
+		"target": "es2022",
+	},
+	"exclude": [
+		"coverage",
+		"test/list-exports"
+	],
+}
diff --git a/src/Servers/ExpressServer/node_modules/es-errors/.eslintrc b/src/Servers/ExpressServer/node_modules/es-errors/.eslintrc
new file mode 100644
index 0000000..3b5d9e9
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/es-errors/.eslintrc
@@ -0,0 +1,5 @@
+{
+	"root": true,
+
+	"extends": "@ljharb",
+}
diff --git a/src/Servers/ExpressServer/node_modules/es-errors/.github/FUNDING.yml b/src/Servers/ExpressServer/node_modules/es-errors/.github/FUNDING.yml
new file mode 100644
index 0000000..f1b8805
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/es-errors/.github/FUNDING.yml
@@ -0,0 +1,12 @@
+# These are supported funding model platforms
+
+github: [ljharb]
+patreon: # Replace with a single Patreon username
+open_collective: # Replace with a single Open Collective username
+ko_fi: # Replace with a single Ko-fi username
+tidelift: npm/es-errors
+community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
+liberapay: # Replace with a single Liberapay username
+issuehunt: # Replace with a single IssueHunt username
+otechie: # Replace with a single Otechie username
+custom: # Replace with a single custom sponsorship URL
diff --git a/src/Servers/ExpressServer/node_modules/es-errors/CHANGELOG.md b/src/Servers/ExpressServer/node_modules/es-errors/CHANGELOG.md
new file mode 100644
index 0000000..204a9e9
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/es-errors/CHANGELOG.md
@@ -0,0 +1,40 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [v1.3.0](https://github.com/ljharb/es-errors/compare/v1.2.1...v1.3.0) - 2024-02-05
+
+### Commits
+
+- [New] add `EvalError` and `URIError` [`1927627`](https://github.com/ljharb/es-errors/commit/1927627ba68cb6c829d307231376c967db53acdf)
+
+## [v1.2.1](https://github.com/ljharb/es-errors/compare/v1.2.0...v1.2.1) - 2024-02-04
+
+### Commits
+
+- [Fix] add missing `exports` entry [`5bb5f28`](https://github.com/ljharb/es-errors/commit/5bb5f280f98922701109d6ebb82eea2257cecc7e)
+
+## [v1.2.0](https://github.com/ljharb/es-errors/compare/v1.1.0...v1.2.0) - 2024-02-04
+
+### Commits
+
+- [New] add `ReferenceError` [`6d8cf5b`](https://github.com/ljharb/es-errors/commit/6d8cf5bbb6f3f598d02cf6f30e468ba2caa8e143)
+
+## [v1.1.0](https://github.com/ljharb/es-errors/compare/v1.0.0...v1.1.0) - 2024-02-04
+
+### Commits
+
+- [New] add base Error [`2983ab6`](https://github.com/ljharb/es-errors/commit/2983ab65f7bc5441276cb021dc3aa03c78881698)
+
+## v1.0.0 - 2024-02-03
+
+### Commits
+
+- Initial implementation, tests, readme, type [`8f47631`](https://github.com/ljharb/es-errors/commit/8f476317e9ad76f40ad648081829b1a1a3a1288b)
+- Initial commit [`ea5d099`](https://github.com/ljharb/es-errors/commit/ea5d099ef18e550509ab9e2be000526afd81c385)
+- npm init [`6f5ebf9`](https://github.com/ljharb/es-errors/commit/6f5ebf9cead474dadd72b9e63dad315820a089ae)
+- Only apps should have lockfiles [`e1a0aeb`](https://github.com/ljharb/es-errors/commit/e1a0aeb7b80f5cfc56be54d6b2100e915d47def8)
+- [meta] add `sideEffects` flag [`a9c7d46`](https://github.com/ljharb/es-errors/commit/a9c7d460a492f1d8a241c836bc25a322a19cc043)
diff --git a/src/Servers/ExpressServer/node_modules/es-errors/LICENSE b/src/Servers/ExpressServer/node_modules/es-errors/LICENSE
new file mode 100644
index 0000000..f82f389
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/es-errors/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 Jordan Harband
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/es-errors/README.md b/src/Servers/ExpressServer/node_modules/es-errors/README.md
new file mode 100644
index 0000000..8dbfacf
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/es-errors/README.md
@@ -0,0 +1,55 @@
+# es-errors <sup>[![Version Badge][npm-version-svg]][package-url]</sup>
+
+[![github actions][actions-image]][actions-url]
+[![coverage][codecov-image]][codecov-url]
+[![License][license-image]][license-url]
+[![Downloads][downloads-image]][downloads-url]
+
+[![npm badge][npm-badge-png]][package-url]
+
+A simple cache for a few of the JS Error constructors.
+
+## Example
+
+```js
+const assert = require('assert');
+
+const Base = require('es-errors');
+const Eval = require('es-errors/eval');
+const Range = require('es-errors/range');
+const Ref = require('es-errors/ref');
+const Syntax = require('es-errors/syntax');
+const Type = require('es-errors/type');
+const URI = require('es-errors/uri');
+
+assert.equal(Base, Error);
+assert.equal(Eval, EvalError);
+assert.equal(Range, RangeError);
+assert.equal(Ref, ReferenceError);
+assert.equal(Syntax, SyntaxError);
+assert.equal(Type, TypeError);
+assert.equal(URI, URIError);
+```
+
+## Tests
+Simply clone the repo, `npm install`, and run `npm test`
+
+## Security
+
+Please email [@ljharb](https://github.com/ljharb) or see https://tidelift.com/security if you have a potential security vulnerability to report.
+
+[package-url]: https://npmjs.org/package/es-errors
+[npm-version-svg]: https://versionbadg.es/ljharb/es-errors.svg
+[deps-svg]: https://david-dm.org/ljharb/es-errors.svg
+[deps-url]: https://david-dm.org/ljharb/es-errors
+[dev-deps-svg]: https://david-dm.org/ljharb/es-errors/dev-status.svg
+[dev-deps-url]: https://david-dm.org/ljharb/es-errors#info=devDependencies
+[npm-badge-png]: https://nodei.co/npm/es-errors.png?downloads=true&stars=true
+[license-image]: https://img.shields.io/npm/l/es-errors.svg
+[license-url]: LICENSE
+[downloads-image]: https://img.shields.io/npm/dm/es-errors.svg
+[downloads-url]: https://npm-stat.com/charts.html?package=es-errors
+[codecov-image]: https://codecov.io/gh/ljharb/es-errors/branch/main/graphs/badge.svg
+[codecov-url]: https://app.codecov.io/gh/ljharb/es-errors/
+[actions-image]: https://img.shields.io/endpoint?url=https://github-actions-badge-u3jn4tfpocch.runkit.sh/ljharb/es-errors
+[actions-url]: https://github.com/ljharb/es-errors/actions
diff --git a/src/Servers/ExpressServer/node_modules/es-errors/eval.d.ts b/src/Servers/ExpressServer/node_modules/es-errors/eval.d.ts
new file mode 100644
index 0000000..e4210e0
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/es-errors/eval.d.ts
@@ -0,0 +1,3 @@
+declare const EvalError: EvalErrorConstructor;
+
+export = EvalError;
diff --git a/src/Servers/ExpressServer/node_modules/es-errors/eval.js b/src/Servers/ExpressServer/node_modules/es-errors/eval.js
new file mode 100644
index 0000000..725ccb6
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/es-errors/eval.js
@@ -0,0 +1,4 @@
+'use strict';
+
+/** @type {import('./eval')} */
+module.exports = EvalError;
diff --git a/src/Servers/ExpressServer/node_modules/es-errors/index.d.ts b/src/Servers/ExpressServer/node_modules/es-errors/index.d.ts
new file mode 100644
index 0000000..69bdbc9
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/es-errors/index.d.ts
@@ -0,0 +1,3 @@
+declare const Error: ErrorConstructor;
+
+export = Error;
diff --git a/src/Servers/ExpressServer/node_modules/es-errors/index.js b/src/Servers/ExpressServer/node_modules/es-errors/index.js
new file mode 100644
index 0000000..cc0c521
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/es-errors/index.js
@@ -0,0 +1,4 @@
+'use strict';
+
+/** @type {import('.')} */
+module.exports = Error;
diff --git a/src/Servers/ExpressServer/node_modules/es-errors/package.json b/src/Servers/ExpressServer/node_modules/es-errors/package.json
new file mode 100644
index 0000000..ff8c2a5
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/es-errors/package.json
@@ -0,0 +1,80 @@
+{
+	"name": "es-errors",
+	"version": "1.3.0",
+	"description": "A simple cache for a few of the JS Error constructors.",
+	"main": "index.js",
+	"exports": {
+		".": "./index.js",
+		"./eval": "./eval.js",
+		"./range": "./range.js",
+		"./ref": "./ref.js",
+		"./syntax": "./syntax.js",
+		"./type": "./type.js",
+		"./uri": "./uri.js",
+		"./package.json": "./package.json"
+	},
+	"sideEffects": false,
+	"scripts": {
+		"prepack": "npmignore --auto --commentLines=autogenerated",
+		"prepublishOnly": "safe-publish-latest",
+		"prepublish": "not-in-publish || npm run prepublishOnly",
+		"pretest": "npm run lint",
+		"test": "npm run tests-only",
+		"tests-only": "nyc tape 'test/**/*.js'",
+		"posttest": "aud --production",
+		"prelint": "evalmd README.md",
+		"lint": "eslint --ext=js,mjs .",
+		"postlint": "tsc -p . && eclint check $(git ls-files | xargs find 2> /dev/null | grep -vE 'node_modules|\\.git' | grep -v dist/)",
+		"version": "auto-changelog && git add CHANGELOG.md",
+		"postversion": "auto-changelog && git add CHANGELOG.md && git commit --no-edit --amend && git tag -f \"v$(node -e \"console.log(require('./package.json').version)\")\""
+	},
+	"repository": {
+		"type": "git",
+		"url": "git+https://github.com/ljharb/es-errors.git"
+	},
+	"keywords": [
+		"javascript",
+		"ecmascript",
+		"error",
+		"typeerror",
+		"syntaxerror",
+		"rangeerror"
+	],
+	"author": "Jordan Harband <ljharb@gmail.com>",
+	"license": "MIT",
+	"bugs": {
+		"url": "https://github.com/ljharb/es-errors/issues"
+	},
+	"homepage": "https://github.com/ljharb/es-errors#readme",
+	"devDependencies": {
+		"@ljharb/eslint-config": "^21.1.0",
+		"@types/tape": "^5.6.4",
+		"aud": "^2.0.4",
+		"auto-changelog": "^2.4.0",
+		"eclint": "^2.8.1",
+		"eslint": "^8.8.0",
+		"evalmd": "^0.0.19",
+		"in-publish": "^2.0.1",
+		"npmignore": "^0.3.1",
+		"nyc": "^10.3.2",
+		"safe-publish-latest": "^2.0.0",
+		"tape": "^5.7.4",
+		"typescript": "next"
+	},
+	"auto-changelog": {
+		"output": "CHANGELOG.md",
+		"template": "keepachangelog",
+		"unreleased": false,
+		"commitLimit": false,
+		"backfillLimit": false,
+		"hideCredit": true
+	},
+	"publishConfig": {
+		"ignore": [
+			".github/workflows"
+		]
+	},
+	"engines": {
+		"node": ">= 0.4"
+	}
+}
diff --git a/src/Servers/ExpressServer/node_modules/es-errors/range.d.ts b/src/Servers/ExpressServer/node_modules/es-errors/range.d.ts
new file mode 100644
index 0000000..3a12e86
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/es-errors/range.d.ts
@@ -0,0 +1,3 @@
+declare const RangeError: RangeErrorConstructor;
+
+export = RangeError;
diff --git a/src/Servers/ExpressServer/node_modules/es-errors/range.js b/src/Servers/ExpressServer/node_modules/es-errors/range.js
new file mode 100644
index 0000000..2044fe0
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/es-errors/range.js
@@ -0,0 +1,4 @@
+'use strict';
+
+/** @type {import('./range')} */
+module.exports = RangeError;
diff --git a/src/Servers/ExpressServer/node_modules/es-errors/ref.d.ts b/src/Servers/ExpressServer/node_modules/es-errors/ref.d.ts
new file mode 100644
index 0000000..a13107e
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/es-errors/ref.d.ts
@@ -0,0 +1,3 @@
+declare const ReferenceError: ReferenceErrorConstructor;
+
+export = ReferenceError;
diff --git a/src/Servers/ExpressServer/node_modules/es-errors/ref.js b/src/Servers/ExpressServer/node_modules/es-errors/ref.js
new file mode 100644
index 0000000..d7c430f
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/es-errors/ref.js
@@ -0,0 +1,4 @@
+'use strict';
+
+/** @type {import('./ref')} */
+module.exports = ReferenceError;
diff --git a/src/Servers/ExpressServer/node_modules/es-errors/syntax.d.ts b/src/Servers/ExpressServer/node_modules/es-errors/syntax.d.ts
new file mode 100644
index 0000000..6a0c53c
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/es-errors/syntax.d.ts
@@ -0,0 +1,3 @@
+declare const SyntaxError: SyntaxErrorConstructor;
+
+export = SyntaxError;
diff --git a/src/Servers/ExpressServer/node_modules/es-errors/syntax.js b/src/Servers/ExpressServer/node_modules/es-errors/syntax.js
new file mode 100644
index 0000000..5f5fdde
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/es-errors/syntax.js
@@ -0,0 +1,4 @@
+'use strict';
+
+/** @type {import('./syntax')} */
+module.exports = SyntaxError;
diff --git a/src/Servers/ExpressServer/node_modules/es-errors/test/index.js b/src/Servers/ExpressServer/node_modules/es-errors/test/index.js
new file mode 100644
index 0000000..1ff0277
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/es-errors/test/index.js
@@ -0,0 +1,19 @@
+'use strict';
+
+var test = require('tape');
+
+var E = require('../');
+var R = require('../range');
+var Ref = require('../ref');
+var S = require('../syntax');
+var T = require('../type');
+
+test('errors', function (t) {
+	t.equal(E, Error);
+	t.equal(R, RangeError);
+	t.equal(Ref, ReferenceError);
+	t.equal(S, SyntaxError);
+	t.equal(T, TypeError);
+
+	t.end();
+});
diff --git a/src/Servers/ExpressServer/node_modules/es-errors/tsconfig.json b/src/Servers/ExpressServer/node_modules/es-errors/tsconfig.json
new file mode 100644
index 0000000..99dfeb6
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/es-errors/tsconfig.json
@@ -0,0 +1,49 @@
+{
+	"compilerOptions": {
+		/* Visit https://aka.ms/tsconfig.json to read more about this file */
+
+		/* Projects */
+
+		/* Language and Environment */
+		"target": "es5",																	/* Set the JavaScript language version for emitted JavaScript and include compatible library declarations. */
+		// "lib": [],																				/* Specify a set of bundled library declaration files that describe the target runtime environment. */
+		// "noLib": true,																		/* Disable including any library files, including the default lib.d.ts. */
+		"useDefineForClassFields": true,										 /* Emit ECMAScript-standard-compliant class fields. */
+		// "moduleDetection": "auto",												/* Control what method is used to detect module-format JS files. */
+
+		/* Modules */
+		"module": "commonjs",																/* Specify what module code is generated. */
+		// "rootDir": "./",																	/* Specify the root folder within your source files. */
+		// "moduleResolution": "node",											 /* Specify how TypeScript looks up a file from a given module specifier. */
+		// "baseUrl": "./",																	/* Specify the base directory to resolve non-relative module names. */
+		// "paths": {},																			/* Specify a set of entries that re-map imports to additional lookup locations. */
+		// "rootDirs": [],																	 /* Allow multiple folders to be treated as one when resolving modules. */
+		// "typeRoots": ["types"],													 /* Specify multiple folders that act like `./node_modules/@types`. */
+		"resolveJsonModule": true,													 /* Enable importing .json files. */
+		// "allowArbitraryExtensions": true,								 /* Enable importing files with any extension, provided a declaration file is present. */
+
+		/* JavaScript Support */
+		"allowJs": true,																		 /* Allow JavaScript files to be a part of your program. Use the `checkJS` option to get errors from these files. */
+		"checkJs": true,																		 /* Enable error reporting in type-checked JavaScript files. */
+		"maxNodeModuleJsDepth": 1,													 /* Specify the maximum folder depth used for checking JavaScript files from `node_modules`. Only applicable with `allowJs`. */
+
+		/* Emit */
+		"declaration": true,																 /* Generate .d.ts files from TypeScript and JavaScript files in your project. */
+		"declarationMap": true,															/* Create sourcemaps for d.ts files. */
+		"noEmit": true,																			/* Disable emitting files from a compilation. */
+
+		/* Interop Constraints */
+		"allowSyntheticDefaultImports": true,								/* Allow `import x from y` when a module doesn't have a default export. */
+		"esModuleInterop": true,														 /* Emit additional JavaScript to ease support for importing CommonJS modules. This enables `allowSyntheticDefaultImports` for type compatibility. */
+		"forceConsistentCasingInFileNames": true,						/* Ensure that casing is correct in imports. */
+
+		/* Type Checking */
+		"strict": true,																			/* Enable all strict type-checking options. */
+
+		/* Completeness */
+		// "skipLibCheck": true															/* Skip type checking all .d.ts files. */
+	},
+	"exclude": [
+		"coverage",
+	],
+}
diff --git a/src/Servers/ExpressServer/node_modules/es-errors/type.d.ts b/src/Servers/ExpressServer/node_modules/es-errors/type.d.ts
new file mode 100644
index 0000000..576fb51
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/es-errors/type.d.ts
@@ -0,0 +1,3 @@
+declare const TypeError: TypeErrorConstructor
+
+export = TypeError;
diff --git a/src/Servers/ExpressServer/node_modules/es-errors/type.js b/src/Servers/ExpressServer/node_modules/es-errors/type.js
new file mode 100644
index 0000000..9769e44
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/es-errors/type.js
@@ -0,0 +1,4 @@
+'use strict';
+
+/** @type {import('./type')} */
+module.exports = TypeError;
diff --git a/src/Servers/ExpressServer/node_modules/es-errors/uri.d.ts b/src/Servers/ExpressServer/node_modules/es-errors/uri.d.ts
new file mode 100644
index 0000000..c3261c9
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/es-errors/uri.d.ts
@@ -0,0 +1,3 @@
+declare const URIError: URIErrorConstructor;
+
+export = URIError;
diff --git a/src/Servers/ExpressServer/node_modules/es-errors/uri.js b/src/Servers/ExpressServer/node_modules/es-errors/uri.js
new file mode 100644
index 0000000..e9cd1c7
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/es-errors/uri.js
@@ -0,0 +1,4 @@
+'use strict';
+
+/** @type {import('./uri')} */
+module.exports = URIError;
diff --git a/src/Servers/ExpressServer/node_modules/es-object-atoms/.eslintrc b/src/Servers/ExpressServer/node_modules/es-object-atoms/.eslintrc
new file mode 100644
index 0000000..d90a1bc
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/es-object-atoms/.eslintrc
@@ -0,0 +1,16 @@
+{
+	"root": true,
+
+	"extends": "@ljharb",
+
+	"rules": {
+		"eqeqeq": ["error", "allow-null"],
+		"id-length": "off",
+		"new-cap": ["error", {
+			"capIsNewExceptions": [
+				"RequireObjectCoercible",
+				"ToObject",
+			],
+		}],
+	},
+}
diff --git a/src/Servers/ExpressServer/node_modules/es-object-atoms/.github/FUNDING.yml b/src/Servers/ExpressServer/node_modules/es-object-atoms/.github/FUNDING.yml
new file mode 100644
index 0000000..352bfda
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/es-object-atoms/.github/FUNDING.yml
@@ -0,0 +1,12 @@
+# These are supported funding model platforms
+
+github: [ljharb]
+patreon: # Replace with a single Patreon username
+open_collective: # Replace with a single Open Collective username
+ko_fi: # Replace with a single Ko-fi username
+tidelift: npm/es-object
+community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
+liberapay: # Replace with a single Liberapay username
+issuehunt: # Replace with a single IssueHunt username
+otechie: # Replace with a single Otechie username
+custom: # Replace with a single custom sponsorship URL
diff --git a/src/Servers/ExpressServer/node_modules/es-object-atoms/CHANGELOG.md b/src/Servers/ExpressServer/node_modules/es-object-atoms/CHANGELOG.md
new file mode 100644
index 0000000..fdd2abe
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/es-object-atoms/CHANGELOG.md
@@ -0,0 +1,37 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [v1.1.1](https://github.com/ljharb/es-object-atoms/compare/v1.1.0...v1.1.1) - 2025-01-14
+
+### Commits
+
+- [types] `ToObject`: improve types [`cfe8c8a`](https://github.com/ljharb/es-object-atoms/commit/cfe8c8a105c44820cb22e26f62d12ef0ad9715c8)
+
+## [v1.1.0](https://github.com/ljharb/es-object-atoms/compare/v1.0.1...v1.1.0) - 2025-01-14
+
+### Commits
+
+- [New] add `isObject` [`51e4042`](https://github.com/ljharb/es-object-atoms/commit/51e4042df722eb3165f40dc5f4bf33d0197ecb07)
+
+## [v1.0.1](https://github.com/ljharb/es-object-atoms/compare/v1.0.0...v1.0.1) - 2025-01-13
+
+### Commits
+
+- [Dev Deps] update `@ljharb/eslint-config`, `@ljharb/tsconfig`, `@types/tape`, `auto-changelog`, `tape` [`38ab9eb`](https://github.com/ljharb/es-object-atoms/commit/38ab9eb00b62c2f4668644f5e513d9b414ebd595)
+- [types] improve types [`7d1beb8`](https://github.com/ljharb/es-object-atoms/commit/7d1beb887958b78b6a728a210a1c8370ab7e2aa1)
+- [Tests] replace `aud` with `npm audit` [`25863ba`](https://github.com/ljharb/es-object-atoms/commit/25863baf99178f1d1ad33d1120498db28631907e)
+- [Dev Deps] add missing peer dep [`c012309`](https://github.com/ljharb/es-object-atoms/commit/c0123091287e6132d6f4240496340c427433df28)
+
+## v1.0.0 - 2024-03-16
+
+### Commits
+
+- Initial implementation, tests, readme, types [`f1499db`](https://github.com/ljharb/es-object-atoms/commit/f1499db7d3e1741e64979c61d645ab3137705e82)
+- Initial commit [`99eedc7`](https://github.com/ljharb/es-object-atoms/commit/99eedc7b5fde38a50a28d3c8b724706e3e4c5f6a)
+- [meta] rename repo [`fc851fa`](https://github.com/ljharb/es-object-atoms/commit/fc851fa70616d2d182aaf0bd02c2ed7084dea8fa)
+- npm init [`b909377`](https://github.com/ljharb/es-object-atoms/commit/b909377c50049bd0ec575562d20b0f9ebae8947f)
+- Only apps should have lockfiles [`7249edd`](https://github.com/ljharb/es-object-atoms/commit/7249edd2178c1b9ddfc66ffcc6d07fdf0d28efc1)
diff --git a/src/Servers/ExpressServer/node_modules/es-object-atoms/LICENSE b/src/Servers/ExpressServer/node_modules/es-object-atoms/LICENSE
new file mode 100644
index 0000000..f82f389
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/es-object-atoms/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 Jordan Harband
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/es-object-atoms/README.md b/src/Servers/ExpressServer/node_modules/es-object-atoms/README.md
new file mode 100644
index 0000000..447695b
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/es-object-atoms/README.md
@@ -0,0 +1,63 @@
+# es-object-atoms <sup>[![Version Badge][npm-version-svg]][package-url]</sup>
+
+[![github actions][actions-image]][actions-url]
+[![coverage][codecov-image]][codecov-url]
+[![License][license-image]][license-url]
+[![Downloads][downloads-image]][downloads-url]
+
+[![npm badge][npm-badge-png]][package-url]
+
+ES Object-related atoms: Object, ToObject, RequireObjectCoercible.
+
+## Example
+
+```js
+const assert = require('assert');
+
+const $Object = require('es-object-atoms');
+const isObject = require('es-object-atoms/isObject');
+const ToObject = require('es-object-atoms/ToObject');
+const RequireObjectCoercible = require('es-object-atoms/RequireObjectCoercible');
+
+assert.equal($Object, Object);
+assert.throws(() => ToObject(null), TypeError);
+assert.throws(() => ToObject(undefined), TypeError);
+assert.throws(() => RequireObjectCoercible(null), TypeError);
+assert.throws(() => RequireObjectCoercible(undefined), TypeError);
+
+assert.equal(isObject(undefined), false);
+assert.equal(isObject(null), false);
+assert.equal(isObject({}), true);
+assert.equal(isObject([]), true);
+assert.equal(isObject(function () {}), true);
+
+assert.deepEqual(RequireObjectCoercible(true), true);
+assert.deepEqual(ToObject(true), Object(true));
+
+const obj = {};
+assert.equal(RequireObjectCoercible(obj), obj);
+assert.equal(ToObject(obj), obj);
+```
+
+## Tests
+Simply clone the repo, `npm install`, and run `npm test`
+
+## Security
+
+Please email [@ljharb](https://github.com/ljharb) or see https://tidelift.com/security if you have a potential security vulnerability to report.
+
+[package-url]: https://npmjs.org/package/es-object-atoms
+[npm-version-svg]: https://versionbadg.es/ljharb/es-object-atoms.svg
+[deps-svg]: https://david-dm.org/ljharb/es-object-atoms.svg
+[deps-url]: https://david-dm.org/ljharb/es-object-atoms
+[dev-deps-svg]: https://david-dm.org/ljharb/es-object-atoms/dev-status.svg
+[dev-deps-url]: https://david-dm.org/ljharb/es-object-atoms#info=devDependencies
+[npm-badge-png]: https://nodei.co/npm/es-object-atoms.png?downloads=true&stars=true
+[license-image]: https://img.shields.io/npm/l/es-object-atoms.svg
+[license-url]: LICENSE
+[downloads-image]: https://img.shields.io/npm/dm/es-object.svg
+[downloads-url]: https://npm-stat.com/charts.html?package=es-object-atoms
+[codecov-image]: https://codecov.io/gh/ljharb/es-object-atoms/branch/main/graphs/badge.svg
+[codecov-url]: https://app.codecov.io/gh/ljharb/es-object-atoms/
+[actions-image]: https://img.shields.io/endpoint?url=https://github-actions-badge-u3jn4tfpocch.runkit.sh/ljharb/es-object-atoms
+[actions-url]: https://github.com/ljharb/es-object-atoms/actions
diff --git a/src/Servers/ExpressServer/node_modules/es-object-atoms/RequireObjectCoercible.d.ts b/src/Servers/ExpressServer/node_modules/es-object-atoms/RequireObjectCoercible.d.ts
new file mode 100644
index 0000000..7e26c45
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/es-object-atoms/RequireObjectCoercible.d.ts
@@ -0,0 +1,3 @@
+declare function RequireObjectCoercible<T extends {}>(value: T, optMessage?: string): T;
+
+export = RequireObjectCoercible;
diff --git a/src/Servers/ExpressServer/node_modules/es-object-atoms/RequireObjectCoercible.js b/src/Servers/ExpressServer/node_modules/es-object-atoms/RequireObjectCoercible.js
new file mode 100644
index 0000000..8e191c6
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/es-object-atoms/RequireObjectCoercible.js
@@ -0,0 +1,11 @@
+'use strict';
+
+var $TypeError = require('es-errors/type');
+
+/** @type {import('./RequireObjectCoercible')} */
+module.exports = function RequireObjectCoercible(value) {
+	if (value == null) {
+		throw new $TypeError((arguments.length > 0 && arguments[1]) || ('Cannot call method on ' + value));
+	}
+	return value;
+};
diff --git a/src/Servers/ExpressServer/node_modules/es-object-atoms/ToObject.d.ts b/src/Servers/ExpressServer/node_modules/es-object-atoms/ToObject.d.ts
new file mode 100644
index 0000000..d6dd302
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/es-object-atoms/ToObject.d.ts
@@ -0,0 +1,7 @@
+declare function ToObject<T extends object>(value: number): Number;
+declare function ToObject<T extends object>(value: boolean): Boolean;
+declare function ToObject<T extends object>(value: string): String;
+declare function ToObject<T extends object>(value: bigint): BigInt;
+declare function ToObject<T extends object>(value: T): T;
+
+export = ToObject;
diff --git a/src/Servers/ExpressServer/node_modules/es-object-atoms/ToObject.js b/src/Servers/ExpressServer/node_modules/es-object-atoms/ToObject.js
new file mode 100644
index 0000000..2b99a7d
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/es-object-atoms/ToObject.js
@@ -0,0 +1,10 @@
+'use strict';
+
+var $Object = require('./');
+var RequireObjectCoercible = require('./RequireObjectCoercible');
+
+/** @type {import('./ToObject')} */
+module.exports = function ToObject(value) {
+	RequireObjectCoercible(value);
+	return $Object(value);
+};
diff --git a/src/Servers/ExpressServer/node_modules/es-object-atoms/index.d.ts b/src/Servers/ExpressServer/node_modules/es-object-atoms/index.d.ts
new file mode 100644
index 0000000..8bdbfc8
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/es-object-atoms/index.d.ts
@@ -0,0 +1,3 @@
+declare const Object: ObjectConstructor;
+
+export = Object;
diff --git a/src/Servers/ExpressServer/node_modules/es-object-atoms/index.js b/src/Servers/ExpressServer/node_modules/es-object-atoms/index.js
new file mode 100644
index 0000000..1d33cef
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/es-object-atoms/index.js
@@ -0,0 +1,4 @@
+'use strict';
+
+/** @type {import('.')} */
+module.exports = Object;
diff --git a/src/Servers/ExpressServer/node_modules/es-object-atoms/isObject.d.ts b/src/Servers/ExpressServer/node_modules/es-object-atoms/isObject.d.ts
new file mode 100644
index 0000000..43bee3b
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/es-object-atoms/isObject.d.ts
@@ -0,0 +1,3 @@
+declare function isObject(x: unknown): x is object;
+
+export = isObject;
diff --git a/src/Servers/ExpressServer/node_modules/es-object-atoms/isObject.js b/src/Servers/ExpressServer/node_modules/es-object-atoms/isObject.js
new file mode 100644
index 0000000..ec49bf1
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/es-object-atoms/isObject.js
@@ -0,0 +1,6 @@
+'use strict';
+
+/** @type {import('./isObject')} */
+module.exports = function isObject(x) {
+	return !!x && (typeof x === 'function' || typeof x === 'object');
+};
diff --git a/src/Servers/ExpressServer/node_modules/es-object-atoms/package.json b/src/Servers/ExpressServer/node_modules/es-object-atoms/package.json
new file mode 100644
index 0000000..f4cec71
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/es-object-atoms/package.json
@@ -0,0 +1,80 @@
+{
+	"name": "es-object-atoms",
+	"version": "1.1.1",
+	"description": "ES Object-related atoms: Object, ToObject, RequireObjectCoercible",
+	"main": "index.js",
+	"exports": {
+		".": "./index.js",
+		"./RequireObjectCoercible": "./RequireObjectCoercible.js",
+		"./isObject": "./isObject.js",
+		"./ToObject": "./ToObject.js",
+		"./package.json": "./package.json"
+	},
+	"sideEffects": false,
+	"scripts": {
+		"prepack": "npmignore --auto --commentLines=autogenerated",
+		"prepublishOnly": "safe-publish-latest",
+		"prepublish": "not-in-publish || npm run prepublishOnly",
+		"pretest": "npm run lint",
+		"test": "npm run tests-only",
+		"tests-only": "nyc tape 'test/**/*.js'",
+		"posttest": "npx npm@\">= 10.2\" audit --production",
+		"prelint": "evalmd README.md",
+		"lint": "eslint --ext=js,mjs .",
+		"postlint": "tsc -p . && eclint check $(git ls-files | xargs find 2> /dev/null | grep -vE 'node_modules|\\.git' | grep -v dist/)",
+		"version": "auto-changelog && git add CHANGELOG.md",
+		"postversion": "auto-changelog && git add CHANGELOG.md && git commit --no-edit --amend && git tag -f \"v$(node -e \"console.log(require('./package.json').version)\")\""
+	},
+	"repository": {
+		"type": "git",
+		"url": "git+https://github.com/ljharb/es-object-atoms.git"
+	},
+	"keywords": [
+		"javascript",
+		"ecmascript",
+		"object",
+		"toobject",
+		"coercible"
+	],
+	"author": "Jordan Harband <ljharb@gmail.com>",
+	"license": "MIT",
+	"bugs": {
+		"url": "https://github.com/ljharb/es-object-atoms/issues"
+	},
+	"homepage": "https://github.com/ljharb/es-object-atoms#readme",
+	"dependencies": {
+		"es-errors": "^1.3.0"
+	},
+	"devDependencies": {
+		"@ljharb/eslint-config": "^21.1.1",
+		"@ljharb/tsconfig": "^0.2.3",
+		"@types/tape": "^5.8.1",
+		"auto-changelog": "^2.5.0",
+		"eclint": "^2.8.1",
+		"encoding": "^0.1.13",
+		"eslint": "^8.8.0",
+		"evalmd": "^0.0.19",
+		"in-publish": "^2.0.1",
+		"npmignore": "^0.3.1",
+		"nyc": "^10.3.2",
+		"safe-publish-latest": "^2.0.0",
+		"tape": "^5.9.0",
+		"typescript": "next"
+	},
+	"auto-changelog": {
+		"output": "CHANGELOG.md",
+		"template": "keepachangelog",
+		"unreleased": false,
+		"commitLimit": false,
+		"backfillLimit": false,
+		"hideCredit": true
+	},
+	"publishConfig": {
+		"ignore": [
+			".github/workflows"
+		]
+	},
+	"engines": {
+		"node": ">= 0.4"
+	}
+}
diff --git a/src/Servers/ExpressServer/node_modules/es-object-atoms/test/index.js b/src/Servers/ExpressServer/node_modules/es-object-atoms/test/index.js
new file mode 100644
index 0000000..430b705
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/es-object-atoms/test/index.js
@@ -0,0 +1,38 @@
+'use strict';
+
+var test = require('tape');
+
+var $Object = require('../');
+var isObject = require('../isObject');
+var ToObject = require('../ToObject');
+var RequireObjectCoercible = require('..//RequireObjectCoercible');
+
+test('errors', function (t) {
+	t.equal($Object, Object);
+	// @ts-expect-error
+	t['throws'](function () { ToObject(null); }, TypeError);
+	// @ts-expect-error
+	t['throws'](function () { ToObject(undefined); }, TypeError);
+	// @ts-expect-error
+	t['throws'](function () { RequireObjectCoercible(null); }, TypeError);
+	// @ts-expect-error
+	t['throws'](function () { RequireObjectCoercible(undefined); }, TypeError);
+
+	t.deepEqual(RequireObjectCoercible(true), true);
+	t.deepEqual(ToObject(true), Object(true));
+	t.deepEqual(ToObject(42), Object(42));
+	var f = function () {};
+	t.equal(ToObject(f), f);
+
+	t.equal(isObject(undefined), false);
+	t.equal(isObject(null), false);
+	t.equal(isObject({}), true);
+	t.equal(isObject([]), true);
+	t.equal(isObject(function () {}), true);
+
+	var obj = {};
+	t.equal(RequireObjectCoercible(obj), obj);
+	t.equal(ToObject(obj), obj);
+
+	t.end();
+});
diff --git a/src/Servers/ExpressServer/node_modules/es-object-atoms/tsconfig.json b/src/Servers/ExpressServer/node_modules/es-object-atoms/tsconfig.json
new file mode 100644
index 0000000..1f73cb7
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/es-object-atoms/tsconfig.json
@@ -0,0 +1,6 @@
+{
+	"extends": "@ljharb/tsconfig",
+	"compilerOptions": {
+		"target": "es5",
+	},
+}
diff --git a/src/Servers/ExpressServer/node_modules/escape-html/LICENSE b/src/Servers/ExpressServer/node_modules/escape-html/LICENSE
new file mode 100644
index 0000000..2e70de9
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/escape-html/LICENSE
@@ -0,0 +1,24 @@
+(The MIT License)
+
+Copyright (c) 2012-2013 TJ Holowaychuk
+Copyright (c) 2015 Andreas Lubbe
+Copyright (c) 2015 Tiancheng "Timothy" Gu
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/escape-html/Readme.md b/src/Servers/ExpressServer/node_modules/escape-html/Readme.md
new file mode 100644
index 0000000..653d9ea
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/escape-html/Readme.md
@@ -0,0 +1,43 @@
+
+# escape-html
+
+  Escape string for use in HTML
+
+## Example
+
+```js
+var escape = require('escape-html');
+var html = escape('foo & bar');
+// -> foo &amp; bar
+```
+
+## Benchmark
+
+```
+$ npm run-script bench
+
+> escape-html@1.0.3 bench nodejs-escape-html
+> node benchmark/index.js
+
+
+  http_parser@1.0
+  node@0.10.33
+  v8@3.14.5.9
+  ares@1.9.0-DEV
+  uv@0.10.29
+  zlib@1.2.3
+  modules@11
+  openssl@1.0.1j
+
+  1 test completed.
+  2 tests completed.
+  3 tests completed.
+
+  no special characters    x 19,435,271 ops/sec ±0.85% (187 runs sampled)
+  single special character x  6,132,421 ops/sec ±0.67% (194 runs sampled)
+  many special characters  x  3,175,826 ops/sec ±0.65% (193 runs sampled)
+```
+
+## License
+
+  MIT
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/escape-html/index.js b/src/Servers/ExpressServer/node_modules/escape-html/index.js
new file mode 100644
index 0000000..bf9e226
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/escape-html/index.js
@@ -0,0 +1,78 @@
+/*!
+ * escape-html
+ * Copyright(c) 2012-2013 TJ Holowaychuk
+ * Copyright(c) 2015 Andreas Lubbe
+ * Copyright(c) 2015 Tiancheng "Timothy" Gu
+ * MIT Licensed
+ */
+
+'use strict';
+
+/**
+ * Module variables.
+ * @private
+ */
+
+var matchHtmlRegExp = /["'&<>]/;
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = escapeHtml;
+
+/**
+ * Escape special characters in the given string of html.
+ *
+ * @param  {string} string The string to escape for inserting into HTML
+ * @return {string}
+ * @public
+ */
+
+function escapeHtml(string) {
+  var str = '' + string;
+  var match = matchHtmlRegExp.exec(str);
+
+  if (!match) {
+    return str;
+  }
+
+  var escape;
+  var html = '';
+  var index = 0;
+  var lastIndex = 0;
+
+  for (index = match.index; index < str.length; index++) {
+    switch (str.charCodeAt(index)) {
+      case 34: // "
+        escape = '&quot;';
+        break;
+      case 38: // &
+        escape = '&amp;';
+        break;
+      case 39: // '
+        escape = '&#39;';
+        break;
+      case 60: // <
+        escape = '&lt;';
+        break;
+      case 62: // >
+        escape = '&gt;';
+        break;
+      default:
+        continue;
+    }
+
+    if (lastIndex !== index) {
+      html += str.substring(lastIndex, index);
+    }
+
+    lastIndex = index + 1;
+    html += escape;
+  }
+
+  return lastIndex !== index
+    ? html + str.substring(lastIndex, index)
+    : html;
+}
diff --git a/src/Servers/ExpressServer/node_modules/escape-html/package.json b/src/Servers/ExpressServer/node_modules/escape-html/package.json
new file mode 100644
index 0000000..57ec7bd
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/escape-html/package.json
@@ -0,0 +1,24 @@
+{
+  "name": "escape-html",
+  "description": "Escape string for use in HTML",
+  "version": "1.0.3",
+  "license": "MIT",
+  "keywords": [
+    "escape",
+    "html",
+    "utility"
+  ],
+  "repository": "component/escape-html",
+  "devDependencies": {
+    "benchmark": "1.0.0",
+    "beautify-benchmark": "0.2.4"
+  },
+  "files": [
+    "LICENSE",
+    "Readme.md",
+    "index.js"
+  ],
+  "scripts": {
+    "bench": "node benchmark/index.js"
+  }
+}
diff --git a/src/Servers/ExpressServer/node_modules/etag/HISTORY.md b/src/Servers/ExpressServer/node_modules/etag/HISTORY.md
new file mode 100644
index 0000000..222b293
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/etag/HISTORY.md
@@ -0,0 +1,83 @@
+1.8.1 / 2017-09-12
+==================
+
+  * perf: replace regular expression with substring
+
+1.8.0 / 2017-02-18
+==================
+
+  * Use SHA1 instead of MD5 for ETag hashing
+    - Improves performance for larger entities
+    - Works with FIPS 140-2 OpenSSL configuration
+
+1.7.0 / 2015-06-08
+==================
+
+  * Always include entity length in ETags for hash length extensions
+  * Generate non-Stats ETags using MD5 only (no longer CRC32)
+  * Improve stat performance by removing hashing
+  * Remove base64 padding in ETags to shorten
+  * Use MD5 instead of MD4 in weak ETags over 1KB
+
+1.6.0 / 2015-05-10
+==================
+
+  * Improve support for JXcore
+  * Remove requirement of `atime` in the stats object
+  * Support "fake" stats objects in environments without `fs`
+
+1.5.1 / 2014-11-19
+==================
+
+  * deps: crc@3.2.1
+    - Minor fixes
+
+1.5.0 / 2014-10-14
+==================
+
+  * Improve string performance
+  * Slightly improve speed for weak ETags over 1KB
+
+1.4.0 / 2014-09-21
+==================
+
+  * Support "fake" stats objects
+  * Support Node.js 0.6
+
+1.3.1 / 2014-09-14
+==================
+
+  * Use the (new and improved) `crc` for crc32
+
+1.3.0 / 2014-08-29
+==================
+
+  * Default strings to strong ETags
+  * Improve speed for weak ETags over 1KB
+
+1.2.1 / 2014-08-29
+==================
+
+  * Use the (much faster) `buffer-crc32` for crc32
+
+1.2.0 / 2014-08-24
+==================
+
+  * Add support for file stat objects
+
+1.1.0 / 2014-08-24
+==================
+
+  * Add fast-path for empty entity
+  * Add weak ETag generation
+  * Shrink size of generated ETags
+
+1.0.1 / 2014-08-24
+==================
+
+  * Fix behavior of string containing Unicode
+
+1.0.0 / 2014-05-18
+==================
+
+  * Initial release
diff --git a/src/Servers/ExpressServer/node_modules/etag/LICENSE b/src/Servers/ExpressServer/node_modules/etag/LICENSE
new file mode 100644
index 0000000..cab251c
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/etag/LICENSE
@@ -0,0 +1,22 @@
+(The MIT License)
+
+Copyright (c) 2014-2016 Douglas Christopher Wilson
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/etag/README.md b/src/Servers/ExpressServer/node_modules/etag/README.md
new file mode 100644
index 0000000..09c2169
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/etag/README.md
@@ -0,0 +1,159 @@
+# etag
+
+[![NPM Version][npm-image]][npm-url]
+[![NPM Downloads][downloads-image]][downloads-url]
+[![Node.js Version][node-version-image]][node-version-url]
+[![Build Status][travis-image]][travis-url]
+[![Test Coverage][coveralls-image]][coveralls-url]
+
+Create simple HTTP ETags
+
+This module generates HTTP ETags (as defined in RFC 7232) for use in
+HTTP responses.
+
+## Installation
+
+This is a [Node.js](https://nodejs.org/en/) module available through the
+[npm registry](https://www.npmjs.com/). Installation is done using the
+[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
+
+```sh
+$ npm install etag
+```
+
+## API
+
+<!-- eslint-disable no-unused-vars -->
+
+```js
+var etag = require('etag')
+```
+
+### etag(entity, [options])
+
+Generate a strong ETag for the given entity. This should be the complete
+body of the entity. Strings, `Buffer`s, and `fs.Stats` are accepted. By
+default, a strong ETag is generated except for `fs.Stats`, which will
+generate a weak ETag (this can be overwritten by `options.weak`).
+
+<!-- eslint-disable no-undef -->
+
+```js
+res.setHeader('ETag', etag(body))
+```
+
+#### Options
+
+`etag` accepts these properties in the options object.
+
+##### weak
+
+Specifies if the generated ETag will include the weak validator mark (that
+is, the leading `W/`). The actual entity tag is the same. The default value
+is `false`, unless the `entity` is `fs.Stats`, in which case it is `true`.
+
+## Testing
+
+```sh
+$ npm test
+```
+
+## Benchmark
+
+```bash
+$ npm run-script bench
+
+> etag@1.8.1 bench nodejs-etag
+> node benchmark/index.js
+
+  http_parser@2.7.0
+  node@6.11.1
+  v8@5.1.281.103
+  uv@1.11.0
+  zlib@1.2.11
+  ares@1.10.1-DEV
+  icu@58.2
+  modules@48
+  openssl@1.0.2k
+
+> node benchmark/body0-100b.js
+
+  100B body
+
+  4 tests completed.
+
+  buffer - strong x 258,647 ops/sec ±1.07% (180 runs sampled)
+  buffer - weak   x 263,812 ops/sec ±0.61% (184 runs sampled)
+  string - strong x 259,955 ops/sec ±1.19% (185 runs sampled)
+  string - weak   x 264,356 ops/sec ±1.09% (184 runs sampled)
+
+> node benchmark/body1-1kb.js
+
+  1KB body
+
+  4 tests completed.
+
+  buffer - strong x 189,018 ops/sec ±1.12% (182 runs sampled)
+  buffer - weak   x 190,586 ops/sec ±0.81% (186 runs sampled)
+  string - strong x 144,272 ops/sec ±0.96% (188 runs sampled)
+  string - weak   x 145,380 ops/sec ±1.43% (187 runs sampled)
+
+> node benchmark/body2-5kb.js
+
+  5KB body
+
+  4 tests completed.
+
+  buffer - strong x 92,435 ops/sec ±0.42% (188 runs sampled)
+  buffer - weak   x 92,373 ops/sec ±0.58% (189 runs sampled)
+  string - strong x 48,850 ops/sec ±0.56% (186 runs sampled)
+  string - weak   x 49,380 ops/sec ±0.56% (190 runs sampled)
+
+> node benchmark/body3-10kb.js
+
+  10KB body
+
+  4 tests completed.
+
+  buffer - strong x 55,989 ops/sec ±0.93% (188 runs sampled)
+  buffer - weak   x 56,148 ops/sec ±0.55% (190 runs sampled)
+  string - strong x 27,345 ops/sec ±0.43% (188 runs sampled)
+  string - weak   x 27,496 ops/sec ±0.45% (190 runs sampled)
+
+> node benchmark/body4-100kb.js
+
+  100KB body
+
+  4 tests completed.
+
+  buffer - strong x 7,083 ops/sec ±0.22% (190 runs sampled)
+  buffer - weak   x 7,115 ops/sec ±0.26% (191 runs sampled)
+  string - strong x 3,068 ops/sec ±0.34% (190 runs sampled)
+  string - weak   x 3,096 ops/sec ±0.35% (190 runs sampled)
+
+> node benchmark/stats.js
+
+  stat
+
+  4 tests completed.
+
+  real - strong x 871,642 ops/sec ±0.34% (189 runs sampled)
+  real - weak   x 867,613 ops/sec ±0.39% (190 runs sampled)
+  fake - strong x 401,051 ops/sec ±0.40% (189 runs sampled)
+  fake - weak   x 400,100 ops/sec ±0.47% (188 runs sampled)
+```
+
+## License
+
+[MIT](LICENSE)
+
+[npm-image]: https://img.shields.io/npm/v/etag.svg
+[npm-url]: https://npmjs.org/package/etag
+[node-version-image]: https://img.shields.io/node/v/etag.svg
+[node-version-url]: https://nodejs.org/en/download/
+[travis-image]: https://img.shields.io/travis/jshttp/etag/master.svg
+[travis-url]: https://travis-ci.org/jshttp/etag
+[coveralls-image]: https://img.shields.io/coveralls/jshttp/etag/master.svg
+[coveralls-url]: https://coveralls.io/r/jshttp/etag?branch=master
+[downloads-image]: https://img.shields.io/npm/dm/etag.svg
+[downloads-url]: https://npmjs.org/package/etag
diff --git a/src/Servers/ExpressServer/node_modules/etag/index.js b/src/Servers/ExpressServer/node_modules/etag/index.js
new file mode 100644
index 0000000..2a585c9
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/etag/index.js
@@ -0,0 +1,131 @@
+/*!
+ * etag
+ * Copyright(c) 2014-2016 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict'
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = etag
+
+/**
+ * Module dependencies.
+ * @private
+ */
+
+var crypto = require('crypto')
+var Stats = require('fs').Stats
+
+/**
+ * Module variables.
+ * @private
+ */
+
+var toString = Object.prototype.toString
+
+/**
+ * Generate an entity tag.
+ *
+ * @param {Buffer|string} entity
+ * @return {string}
+ * @private
+ */
+
+function entitytag (entity) {
+  if (entity.length === 0) {
+    // fast-path empty
+    return '"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"'
+  }
+
+  // compute hash of entity
+  var hash = crypto
+    .createHash('sha1')
+    .update(entity, 'utf8')
+    .digest('base64')
+    .substring(0, 27)
+
+  // compute length of entity
+  var len = typeof entity === 'string'
+    ? Buffer.byteLength(entity, 'utf8')
+    : entity.length
+
+  return '"' + len.toString(16) + '-' + hash + '"'
+}
+
+/**
+ * Create a simple ETag.
+ *
+ * @param {string|Buffer|Stats} entity
+ * @param {object} [options]
+ * @param {boolean} [options.weak]
+ * @return {String}
+ * @public
+ */
+
+function etag (entity, options) {
+  if (entity == null) {
+    throw new TypeError('argument entity is required')
+  }
+
+  // support fs.Stats object
+  var isStats = isstats(entity)
+  var weak = options && typeof options.weak === 'boolean'
+    ? options.weak
+    : isStats
+
+  // validate argument
+  if (!isStats && typeof entity !== 'string' && !Buffer.isBuffer(entity)) {
+    throw new TypeError('argument entity must be string, Buffer, or fs.Stats')
+  }
+
+  // generate entity tag
+  var tag = isStats
+    ? stattag(entity)
+    : entitytag(entity)
+
+  return weak
+    ? 'W/' + tag
+    : tag
+}
+
+/**
+ * Determine if object is a Stats object.
+ *
+ * @param {object} obj
+ * @return {boolean}
+ * @api private
+ */
+
+function isstats (obj) {
+  // genuine fs.Stats
+  if (typeof Stats === 'function' && obj instanceof Stats) {
+    return true
+  }
+
+  // quack quack
+  return obj && typeof obj === 'object' &&
+    'ctime' in obj && toString.call(obj.ctime) === '[object Date]' &&
+    'mtime' in obj && toString.call(obj.mtime) === '[object Date]' &&
+    'ino' in obj && typeof obj.ino === 'number' &&
+    'size' in obj && typeof obj.size === 'number'
+}
+
+/**
+ * Generate a tag for a stat.
+ *
+ * @param {object} stat
+ * @return {string}
+ * @private
+ */
+
+function stattag (stat) {
+  var mtime = stat.mtime.getTime().toString(16)
+  var size = stat.size.toString(16)
+
+  return '"' + size + '-' + mtime + '"'
+}
diff --git a/src/Servers/ExpressServer/node_modules/etag/package.json b/src/Servers/ExpressServer/node_modules/etag/package.json
new file mode 100644
index 0000000..b06ab80
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/etag/package.json
@@ -0,0 +1,47 @@
+{
+  "name": "etag",
+  "description": "Create simple HTTP ETags",
+  "version": "1.8.1",
+  "contributors": [
+    "Douglas Christopher Wilson <doug@somethingdoug.com>",
+    "David Björklund <david.bjorklund@gmail.com>"
+  ],
+  "license": "MIT",
+  "keywords": [
+    "etag",
+    "http",
+    "res"
+  ],
+  "repository": "jshttp/etag",
+  "devDependencies": {
+    "beautify-benchmark": "0.2.4",
+    "benchmark": "2.1.4",
+    "eslint": "3.19.0",
+    "eslint-config-standard": "10.2.1",
+    "eslint-plugin-import": "2.7.0",
+    "eslint-plugin-markdown": "1.0.0-beta.6",
+    "eslint-plugin-node": "5.1.1",
+    "eslint-plugin-promise": "3.5.0",
+    "eslint-plugin-standard": "3.0.1",
+    "istanbul": "0.4.5",
+    "mocha": "1.21.5",
+    "safe-buffer": "5.1.1",
+    "seedrandom": "2.4.3"
+  },
+  "files": [
+    "LICENSE",
+    "HISTORY.md",
+    "README.md",
+    "index.js"
+  ],
+  "engines": {
+    "node": ">= 0.6"
+  },
+  "scripts": {
+    "bench": "node benchmark/index.js",
+    "lint": "eslint --plugin markdown --ext js,md .",
+    "test": "mocha --reporter spec --bail --check-leaks test/",
+    "test-cov": "istanbul cover node_modules/mocha/bin/_mocha -- --reporter dot --check-leaks test/",
+    "test-travis": "istanbul cover node_modules/mocha/bin/_mocha --report lcovonly -- --reporter spec --check-leaks test/"
+  }
+}
diff --git a/src/Servers/ExpressServer/node_modules/express/History.md b/src/Servers/ExpressServer/node_modules/express/History.md
new file mode 100644
index 0000000..150c2ab
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/express/History.md
@@ -0,0 +1,3667 @@
+4.22.1 / 2025-12-01
+==========
+
+  * Revert security fix for [CVE-2024-51999](https://www.cve.org/CVERecord?id=CVE-2024-51999) ([GHSA-pj86-cfqh-vqx6](https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6))
+
+4.22.0 / 2025-12-01
+==========
+  * Security fix for [CVE-2024-51999](https://www.cve.org/CVERecord?id=CVE-2024-51999) ([GHSA-pj86-cfqh-vqx6](https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6))
+  * deps: use tilde notation for dependencies
+  * deps: qs@6.14.0
+
+4.21.2 / 2024-11-06
+==========
+
+  * deps: path-to-regexp@0.1.12
+    - Fix backtracking protection
+  * deps: path-to-regexp@0.1.11
+    - Throws an error on invalid path values
+
+4.21.1 / 2024-10-08
+==========
+
+  * Backported a fix for [CVE-2024-47764](https://nvd.nist.gov/vuln/detail/CVE-2024-47764)
+
+
+4.21.0 / 2024-09-11
+==========
+
+  * Deprecate `res.location("back")` and `res.redirect("back")` magic string
+  * deps: serve-static@1.16.2
+    * includes send@0.19.0
+  * deps: finalhandler@1.3.1
+  * deps: qs@6.13.0
+
+4.20.0 / 2024-09-10
+==========
+  * deps: serve-static@0.16.0
+    * Remove link renderization in html while redirecting
+  * deps: send@0.19.0
+    * Remove link renderization in html while redirecting
+  * deps: body-parser@0.6.0
+    * add `depth` option to customize the depth level in the parser
+    * IMPORTANT: The default `depth` level for parsing URL-encoded data is now `32` (previously was `Infinity`)
+  * Remove link renderization in html while using `res.redirect`
+  * deps: path-to-regexp@0.1.10
+    - Adds support for named matching groups in the routes using a regex
+    - Adds backtracking protection to parameters without regexes defined
+  * deps: encodeurl@~2.0.0
+    - Removes encoding of `\`, `|`, and `^` to align better with URL spec
+  * Deprecate passing `options.maxAge` and `options.expires` to `res.clearCookie`
+    - Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie
+
+4.19.2 / 2024-03-25
+==========
+
+  * Improved fix for open redirect allow list bypass
+
+4.19.1 / 2024-03-20
+==========
+
+  * Allow passing non-strings to res.location with new encoding handling checks
+
+4.19.0 / 2024-03-20
+==========
+
+  * Prevent open redirect allow list bypass due to encodeurl
+  * deps: cookie@0.6.0
+
+4.18.3 / 2024-02-29
+==========
+
+  * Fix routing requests without method
+  * deps: body-parser@1.20.2
+    - Fix strict json error message on Node.js 19+
+    - deps: content-type@~1.0.5
+    - deps: raw-body@2.5.2
+  * deps: cookie@0.6.0
+    - Add `partitioned` option
+
+4.18.2 / 2022-10-08
+===================
+
+  * Fix regression routing a large stack in a single route
+  * deps: body-parser@1.20.1
+    - deps: qs@6.11.0
+    - perf: remove unnecessary object clone
+  * deps: qs@6.11.0
+
+4.18.1 / 2022-04-29
+===================
+
+  * Fix hanging on large stack of sync routes
+
+4.18.0 / 2022-04-25
+===================
+
+  * Add "root" option to `res.download`
+  * Allow `options` without `filename` in `res.download`
+  * Deprecate string and non-integer arguments to `res.status`
+  * Fix behavior of `null`/`undefined` as `maxAge` in `res.cookie`
+  * Fix handling very large stacks of sync middleware
+  * Ignore `Object.prototype` values in settings through `app.set`/`app.get`
+  * Invoke `default` with same arguments as types in `res.format`
+  * Support proper 205 responses using `res.send`
+  * Use `http-errors` for `res.format` error
+  * deps: body-parser@1.20.0
+    - Fix error message for json parse whitespace in `strict`
+    - Fix internal error when inflated body exceeds limit
+    - Prevent loss of async hooks context
+    - Prevent hanging when request already read
+    - deps: depd@2.0.0
+    - deps: http-errors@2.0.0
+    - deps: on-finished@2.4.1
+    - deps: qs@6.10.3
+    - deps: raw-body@2.5.1
+  * deps: cookie@0.5.0
+    - Add `priority` option
+    - Fix `expires` option to reject invalid dates
+  * deps: depd@2.0.0
+    - Replace internal `eval` usage with `Function` constructor
+    - Use instance methods on `process` to check for listeners
+  * deps: finalhandler@1.2.0
+    - Remove set content headers that break response
+    - deps: on-finished@2.4.1
+    - deps: statuses@2.0.1
+  * deps: on-finished@2.4.1
+    - Prevent loss of async hooks context
+  * deps: qs@6.10.3
+  * deps: send@0.18.0
+    - Fix emitted 416 error missing headers property
+    - Limit the headers removed for 304 response
+    - deps: depd@2.0.0
+    - deps: destroy@1.2.0
+    - deps: http-errors@2.0.0
+    - deps: on-finished@2.4.1
+    - deps: statuses@2.0.1
+  * deps: serve-static@1.15.0
+    - deps: send@0.18.0
+  * deps: statuses@2.0.1
+    - Remove code 306
+    - Rename `425 Unordered Collection` to standard `425 Too Early`
+
+4.17.3 / 2022-02-16
+===================
+
+  * deps: accepts@~1.3.8
+    - deps: mime-types@~2.1.34
+    - deps: negotiator@0.6.3
+  * deps: body-parser@1.19.2
+    - deps: bytes@3.1.2
+    - deps: qs@6.9.7
+    - deps: raw-body@2.4.3
+  * deps: cookie@0.4.2
+  * deps: qs@6.9.7
+    * Fix handling of `__proto__` keys
+  * pref: remove unnecessary regexp for trust proxy
+
+4.17.2 / 2021-12-16
+===================
+
+  * Fix handling of `undefined` in `res.jsonp`
+  * Fix handling of `undefined` when `"json escape"` is enabled
+  * Fix incorrect middleware execution with unanchored `RegExp`s
+  * Fix `res.jsonp(obj, status)` deprecation message
+  * Fix typo in `res.is` JSDoc
+  * deps: body-parser@1.19.1
+    - deps: bytes@3.1.1
+    - deps: http-errors@1.8.1
+    - deps: qs@6.9.6
+    - deps: raw-body@2.4.2
+    - deps: safe-buffer@5.2.1
+    - deps: type-is@~1.6.18
+  * deps: content-disposition@0.5.4
+    - deps: safe-buffer@5.2.1
+  * deps: cookie@0.4.1
+    - Fix `maxAge` option to reject invalid values
+  * deps: proxy-addr@~2.0.7
+    - Use `req.socket` over deprecated `req.connection`
+    - deps: forwarded@0.2.0
+    - deps: ipaddr.js@1.9.1
+  * deps: qs@6.9.6
+  * deps: safe-buffer@5.2.1
+  * deps: send@0.17.2
+    - deps: http-errors@1.8.1
+    - deps: ms@2.1.3
+    - pref: ignore empty http tokens
+  * deps: serve-static@1.14.2
+    - deps: send@0.17.2
+  * deps: setprototypeof@1.2.0
+
+4.17.1 / 2019-05-25
+===================
+
+  * Revert "Improve error message for `null`/`undefined` to `res.status`"
+
+4.17.0 / 2019-05-16
+===================
+
+  * Add `express.raw` to parse bodies into `Buffer`
+  * Add `express.text` to parse bodies into string
+  * Improve error message for non-strings to `res.sendFile`
+  * Improve error message for `null`/`undefined` to `res.status`
+  * Support multiple hosts in `X-Forwarded-Host`
+  * deps: accepts@~1.3.7
+  * deps: body-parser@1.19.0
+    - Add encoding MIK
+    - Add petabyte (`pb`) support
+    - Fix parsing array brackets after index
+    - deps: bytes@3.1.0
+    - deps: http-errors@1.7.2
+    - deps: iconv-lite@0.4.24
+    - deps: qs@6.7.0
+    - deps: raw-body@2.4.0
+    - deps: type-is@~1.6.17
+  * deps: content-disposition@0.5.3
+  * deps: cookie@0.4.0
+    - Add `SameSite=None` support
+  * deps: finalhandler@~1.1.2
+    - Set stricter `Content-Security-Policy` header
+    - deps: parseurl@~1.3.3
+    - deps: statuses@~1.5.0
+  * deps: parseurl@~1.3.3
+  * deps: proxy-addr@~2.0.5
+    - deps: ipaddr.js@1.9.0
+  * deps: qs@6.7.0
+    - Fix parsing array brackets after index
+  * deps: range-parser@~1.2.1
+  * deps: send@0.17.1
+    - Set stricter CSP header in redirect & error responses
+    - deps: http-errors@~1.7.2
+    - deps: mime@1.6.0
+    - deps: ms@2.1.1
+    - deps: range-parser@~1.2.1
+    - deps: statuses@~1.5.0
+    - perf: remove redundant `path.normalize` call
+  * deps: serve-static@1.14.1
+    - Set stricter CSP header in redirect response
+    - deps: parseurl@~1.3.3
+    - deps: send@0.17.1
+  * deps: setprototypeof@1.1.1
+  * deps: statuses@~1.5.0
+    - Add `103 Early Hints`
+  * deps: type-is@~1.6.18
+    - deps: mime-types@~2.1.24
+    - perf: prevent internal `throw` on invalid type
+
+4.16.4 / 2018-10-10
+===================
+
+  * Fix issue where `"Request aborted"` may be logged in `res.sendfile`
+  * Fix JSDoc for `Router` constructor
+  * deps: body-parser@1.18.3
+    - Fix deprecation warnings on Node.js 10+
+    - Fix stack trace for strict json parse error
+    - deps: depd@~1.1.2
+    - deps: http-errors@~1.6.3
+    - deps: iconv-lite@0.4.23
+    - deps: qs@6.5.2
+    - deps: raw-body@2.3.3
+    - deps: type-is@~1.6.16
+  * deps: proxy-addr@~2.0.4
+    - deps: ipaddr.js@1.8.0
+  * deps: qs@6.5.2
+  * deps: safe-buffer@5.1.2
+
+4.16.3 / 2018-03-12
+===================
+
+  * deps: accepts@~1.3.5
+    - deps: mime-types@~2.1.18
+  * deps: depd@~1.1.2
+    - perf: remove argument reassignment
+  * deps: encodeurl@~1.0.2
+    - Fix encoding `%` as last character
+  * deps: finalhandler@1.1.1
+    - Fix 404 output for bad / missing pathnames
+    - deps: encodeurl@~1.0.2
+    - deps: statuses@~1.4.0
+  * deps: proxy-addr@~2.0.3
+    - deps: ipaddr.js@1.6.0
+  * deps: send@0.16.2
+    - Fix incorrect end tag in default error & redirects
+    - deps: depd@~1.1.2
+    - deps: encodeurl@~1.0.2
+    - deps: statuses@~1.4.0
+  * deps: serve-static@1.13.2
+    - Fix incorrect end tag in redirects
+    - deps: encodeurl@~1.0.2
+    - deps: send@0.16.2
+  * deps: statuses@~1.4.0
+  * deps: type-is@~1.6.16
+    - deps: mime-types@~2.1.18
+
+4.16.2 / 2017-10-09
+===================
+
+  * Fix `TypeError` in `res.send` when given `Buffer` and `ETag` header set
+  * perf: skip parsing of entire `X-Forwarded-Proto` header
+
+4.16.1 / 2017-09-29
+===================
+
+  * deps: send@0.16.1
+  * deps: serve-static@1.13.1
+    - Fix regression when `root` is incorrectly set to a file
+    - deps: send@0.16.1
+
+4.16.0 / 2017-09-28
+===================
+
+  * Add `"json escape"` setting for `res.json` and `res.jsonp`
+  * Add `express.json` and `express.urlencoded` to parse bodies
+  * Add `options` argument to `res.download`
+  * Improve error message when autoloading invalid view engine
+  * Improve error messages when non-function provided as middleware
+  * Skip `Buffer` encoding when not generating ETag for small response
+  * Use `safe-buffer` for improved Buffer API
+  * deps: accepts@~1.3.4
+    - deps: mime-types@~2.1.16
+  * deps: content-type@~1.0.4
+    - perf: remove argument reassignment
+    - perf: skip parameter parsing when no parameters
+  * deps: etag@~1.8.1
+    - perf: replace regular expression with substring
+  * deps: finalhandler@1.1.0
+    - Use `res.headersSent` when available
+  * deps: parseurl@~1.3.2
+    - perf: reduce overhead for full URLs
+    - perf: unroll the "fast-path" `RegExp`
+  * deps: proxy-addr@~2.0.2
+    - Fix trimming leading / trailing OWS in `X-Forwarded-For`
+    - deps: forwarded@~0.1.2
+    - deps: ipaddr.js@1.5.2
+    - perf: reduce overhead when no `X-Forwarded-For` header
+  * deps: qs@6.5.1
+    - Fix parsing & compacting very deep objects
+  * deps: send@0.16.0
+    - Add 70 new types for file extensions
+    - Add `immutable` option
+    - Fix missing `</html>` in default error & redirects
+    - Set charset as "UTF-8" for .js and .json
+    - Use instance methods on steam to check for listeners
+    - deps: mime@1.4.1
+    - perf: improve path validation speed
+  * deps: serve-static@1.13.0
+    - Add 70 new types for file extensions
+    - Add `immutable` option
+    - Set charset as "UTF-8" for .js and .json
+    - deps: send@0.16.0
+  * deps: setprototypeof@1.1.0
+  * deps: utils-merge@1.0.1
+  * deps: vary@~1.1.2
+    - perf: improve header token parsing speed
+  * perf: re-use options object when generating ETags
+  * perf: remove dead `.charset` set in `res.jsonp`
+
+4.15.5 / 2017-09-24
+===================
+
+  * deps: debug@2.6.9
+  * deps: finalhandler@~1.0.6
+    - deps: debug@2.6.9
+    - deps: parseurl@~1.3.2
+  * deps: fresh@0.5.2
+    - Fix handling of modified headers with invalid dates
+    - perf: improve ETag match loop
+    - perf: improve `If-None-Match` token parsing
+  * deps: send@0.15.6
+    - Fix handling of modified headers with invalid dates
+    - deps: debug@2.6.9
+    - deps: etag@~1.8.1
+    - deps: fresh@0.5.2
+    - perf: improve `If-Match` token parsing
+  * deps: serve-static@1.12.6
+    - deps: parseurl@~1.3.2
+    - deps: send@0.15.6
+    - perf: improve slash collapsing
+
+4.15.4 / 2017-08-06
+===================
+
+  * deps: debug@2.6.8
+  * deps: depd@~1.1.1
+    - Remove unnecessary `Buffer` loading
+  * deps: finalhandler@~1.0.4
+    - deps: debug@2.6.8
+  * deps: proxy-addr@~1.1.5
+    - Fix array argument being altered
+    - deps: ipaddr.js@1.4.0
+  * deps: qs@6.5.0
+  * deps: send@0.15.4
+    - deps: debug@2.6.8
+    - deps: depd@~1.1.1
+    - deps: http-errors@~1.6.2
+  * deps: serve-static@1.12.4
+    - deps: send@0.15.4
+
+4.15.3 / 2017-05-16
+===================
+
+  * Fix error when `res.set` cannot add charset to `Content-Type`
+  * deps: debug@2.6.7
+    - Fix `DEBUG_MAX_ARRAY_LENGTH`
+    - deps: ms@2.0.0
+  * deps: finalhandler@~1.0.3
+    - Fix missing `</html>` in HTML document
+    - deps: debug@2.6.7
+  * deps: proxy-addr@~1.1.4
+    - deps: ipaddr.js@1.3.0
+  * deps: send@0.15.3
+    - deps: debug@2.6.7
+    - deps: ms@2.0.0
+  * deps: serve-static@1.12.3
+    - deps: send@0.15.3
+  * deps: type-is@~1.6.15
+    - deps: mime-types@~2.1.15
+  * deps: vary@~1.1.1
+    - perf: hoist regular expression
+
+4.15.2 / 2017-03-06
+===================
+
+  * deps: qs@6.4.0
+    - Fix regression parsing keys starting with `[`
+
+4.15.1 / 2017-03-05
+===================
+
+  * deps: send@0.15.1
+    - Fix issue when `Date.parse` does not return `NaN` on invalid date
+    - Fix strict violation in broken environments
+  * deps: serve-static@1.12.1
+    - Fix issue when `Date.parse` does not return `NaN` on invalid date
+    - deps: send@0.15.1
+
+4.15.0 / 2017-03-01
+===================
+
+  * Add debug message when loading view engine
+  * Add `next("router")` to exit from router
+  * Fix case where `router.use` skipped requests routes did not
+  * Remove usage of `res._headers` private field
+    - Improves compatibility with Node.js 8 nightly
+  * Skip routing when `req.url` is not set
+  * Use `%o` in path debug to tell types apart
+  * Use `Object.create` to setup request & response prototypes
+  * Use `setprototypeof` module to replace `__proto__` setting
+  * Use `statuses` instead of `http` module for status messages
+  * deps: debug@2.6.1
+    - Allow colors in workers
+    - Deprecated `DEBUG_FD` environment variable set to `3` or higher
+    - Fix error when running under React Native
+    - Use same color for same namespace
+    - deps: ms@0.7.2
+  * deps: etag@~1.8.0
+    - Use SHA1 instead of MD5 for ETag hashing
+    - Works with FIPS 140-2 OpenSSL configuration
+  * deps: finalhandler@~1.0.0
+    - Fix exception when `err` cannot be converted to a string
+    - Fully URL-encode the pathname in the 404
+    - Only include the pathname in the 404 message
+    - Send complete HTML document
+    - Set `Content-Security-Policy: default-src 'self'` header
+    - deps: debug@2.6.1
+  * deps: fresh@0.5.0
+    - Fix false detection of `no-cache` request directive
+    - Fix incorrect result when `If-None-Match` has both `*` and ETags
+    - Fix weak `ETag` matching to match spec
+    - perf: delay reading header values until needed
+    - perf: enable strict mode
+    - perf: hoist regular expressions
+    - perf: remove duplicate conditional
+    - perf: remove unnecessary boolean coercions
+    - perf: skip checking modified time if ETag check failed
+    - perf: skip parsing `If-None-Match` when no `ETag` header
+    - perf: use `Date.parse` instead of `new Date`
+  * deps: qs@6.3.1
+    - Fix array parsing from skipping empty values
+    - Fix compacting nested arrays
+  * deps: send@0.15.0
+    - Fix false detection of `no-cache` request directive
+    - Fix incorrect result when `If-None-Match` has both `*` and ETags
+    - Fix weak `ETag` matching to match spec
+    - Remove usage of `res._headers` private field
+    - Support `If-Match` and `If-Unmodified-Since` headers
+    - Use `res.getHeaderNames()` when available
+    - Use `res.headersSent` when available
+    - deps: debug@2.6.1
+    - deps: etag@~1.8.0
+    - deps: fresh@0.5.0
+    - deps: http-errors@~1.6.1
+  * deps: serve-static@1.12.0
+    - Fix false detection of `no-cache` request directive
+    - Fix incorrect result when `If-None-Match` has both `*` and ETags
+    - Fix weak `ETag` matching to match spec
+    - Remove usage of `res._headers` private field
+    - Send complete HTML document in redirect response
+    - Set default CSP header in redirect response
+    - Support `If-Match` and `If-Unmodified-Since` headers
+    - Use `res.getHeaderNames()` when available
+    - Use `res.headersSent` when available
+    - deps: send@0.15.0
+  * perf: add fast match path for `*` route
+  * perf: improve `req.ips` performance
+
+4.14.1 / 2017-01-28
+===================
+
+  * deps: content-disposition@0.5.2
+  * deps: finalhandler@0.5.1
+    - Fix exception when `err.headers` is not an object
+    - deps: statuses@~1.3.1
+    - perf: hoist regular expressions
+    - perf: remove duplicate validation path
+  * deps: proxy-addr@~1.1.3
+    - deps: ipaddr.js@1.2.0
+  * deps: send@0.14.2
+    - deps: http-errors@~1.5.1
+    - deps: ms@0.7.2
+    - deps: statuses@~1.3.1
+  * deps: serve-static@~1.11.2
+    - deps: send@0.14.2
+  * deps: type-is@~1.6.14
+    - deps: mime-types@~2.1.13
+
+4.14.0 / 2016-06-16
+===================
+
+  * Add `acceptRanges` option to `res.sendFile`/`res.sendfile`
+  * Add `cacheControl` option to `res.sendFile`/`res.sendfile`
+  * Add `options` argument to `req.range`
+    - Includes the `combine` option
+  * Encode URL in `res.location`/`res.redirect` if not already encoded
+  * Fix some redirect handling in `res.sendFile`/`res.sendfile`
+  * Fix Windows absolute path check using forward slashes
+  * Improve error with invalid arguments to `req.get()`
+  * Improve performance for `res.json`/`res.jsonp` in most cases
+  * Improve `Range` header handling in `res.sendFile`/`res.sendfile`
+  * deps: accepts@~1.3.3
+    - Fix including type extensions in parameters in `Accept` parsing
+    - Fix parsing `Accept` parameters with quoted equals
+    - Fix parsing `Accept` parameters with quoted semicolons
+    - Many performance improvements
+    - deps: mime-types@~2.1.11
+    - deps: negotiator@0.6.1
+  * deps: content-type@~1.0.2
+    - perf: enable strict mode
+  * deps: cookie@0.3.1
+    - Add `sameSite` option
+    - Fix cookie `Max-Age` to never be a floating point number
+    - Improve error message when `encode` is not a function
+    - Improve error message when `expires` is not a `Date`
+    - Throw better error for invalid argument to parse
+    - Throw on invalid values provided to `serialize`
+    - perf: enable strict mode
+    - perf: hoist regular expression
+    - perf: use for loop in parse
+    - perf: use string concatenation for serialization
+  * deps: finalhandler@0.5.0
+    - Change invalid or non-numeric status code to 500
+    - Overwrite status message to match set status code
+    - Prefer `err.statusCode` if `err.status` is invalid
+    - Set response headers from `err.headers` object
+    - Use `statuses` instead of `http` module for status messages
+  * deps: proxy-addr@~1.1.2
+    - Fix accepting various invalid netmasks
+    - Fix IPv6-mapped IPv4 validation edge cases
+    - IPv4 netmasks must be contiguous
+    - IPv6 addresses cannot be used as a netmask
+    - deps: ipaddr.js@1.1.1
+  * deps: qs@6.2.0
+    - Add `decoder` option in `parse` function
+  * deps: range-parser@~1.2.0
+    - Add `combine` option to combine overlapping ranges
+    - Fix incorrectly returning -1 when there is at least one valid range
+    - perf: remove internal function
+  * deps: send@0.14.1
+    - Add `acceptRanges` option
+    - Add `cacheControl` option
+    - Attempt to combine multiple ranges into single range
+    - Correctly inherit from `Stream` class
+    - Fix `Content-Range` header in 416 responses when using `start`/`end` options
+    - Fix `Content-Range` header missing from default 416 responses
+    - Fix redirect error when `path` contains raw non-URL characters
+    - Fix redirect when `path` starts with multiple forward slashes
+    - Ignore non-byte `Range` headers
+    - deps: http-errors@~1.5.0
+    - deps: range-parser@~1.2.0
+    - deps: statuses@~1.3.0
+    - perf: remove argument reassignment
+  * deps: serve-static@~1.11.1
+    - Add `acceptRanges` option
+    - Add `cacheControl` option
+    - Attempt to combine multiple ranges into single range
+    - Fix redirect error when `req.url` contains raw non-URL characters
+    - Ignore non-byte `Range` headers
+    - Use status code 301 for redirects
+    - deps: send@0.14.1
+  * deps: type-is@~1.6.13
+    - Fix type error when given invalid type to match against
+    - deps: mime-types@~2.1.11
+  * deps: vary@~1.1.0
+    - Only accept valid field names in the `field` argument
+  * perf: use strict equality when possible
+
+4.13.4 / 2016-01-21
+===================
+
+  * deps: content-disposition@0.5.1
+    - perf: enable strict mode
+  * deps: cookie@0.1.5
+    - Throw on invalid values provided to `serialize`
+  * deps: depd@~1.1.0
+    - Support web browser loading
+    - perf: enable strict mode
+  * deps: escape-html@~1.0.3
+    - perf: enable strict mode
+    - perf: optimize string replacement
+    - perf: use faster string coercion
+  * deps: finalhandler@0.4.1
+    - deps: escape-html@~1.0.3
+  * deps: merge-descriptors@1.0.1
+    - perf: enable strict mode
+  * deps: methods@~1.1.2
+    - perf: enable strict mode
+  * deps: parseurl@~1.3.1
+    - perf: enable strict mode
+  * deps: proxy-addr@~1.0.10
+    - deps: ipaddr.js@1.0.5
+    - perf: enable strict mode
+  * deps: range-parser@~1.0.3
+    - perf: enable strict mode
+  * deps: send@0.13.1
+    - deps: depd@~1.1.0
+    - deps: destroy@~1.0.4
+    - deps: escape-html@~1.0.3
+    - deps: range-parser@~1.0.3
+  * deps: serve-static@~1.10.2
+    - deps: escape-html@~1.0.3
+    - deps: parseurl@~1.3.0
+    - deps: send@0.13.1
+
+4.13.3 / 2015-08-02
+===================
+
+  * Fix infinite loop condition using `mergeParams: true`
+  * Fix inner numeric indices incorrectly altering parent `req.params`
+
+4.13.2 / 2015-07-31
+===================
+
+  * deps: accepts@~1.2.12
+    - deps: mime-types@~2.1.4
+  * deps: array-flatten@1.1.1
+    - perf: enable strict mode
+  * deps: path-to-regexp@0.1.7
+    - Fix regression with escaped round brackets and matching groups
+  * deps: type-is@~1.6.6
+    - deps: mime-types@~2.1.4
+
+4.13.1 / 2015-07-05
+===================
+
+  * deps: accepts@~1.2.10
+    - deps: mime-types@~2.1.2
+  * deps: qs@4.0.0
+    - Fix dropping parameters like `hasOwnProperty`
+    - Fix various parsing edge cases
+  * deps: type-is@~1.6.4
+    - deps: mime-types@~2.1.2
+    - perf: enable strict mode
+    - perf: remove argument reassignment
+
+4.13.0 / 2015-06-20
+===================
+
+  * Add settings to debug output
+  * Fix `res.format` error when only `default` provided
+  * Fix issue where `next('route')` in `app.param` would incorrectly skip values
+  * Fix hiding platform issues with `decodeURIComponent`
+    - Only `URIError`s are a 400
+  * Fix using `*` before params in routes
+  * Fix using capture groups before params in routes
+  * Simplify `res.cookie` to call `res.append`
+  * Use `array-flatten` module for flattening arrays
+  * deps: accepts@~1.2.9
+    - deps: mime-types@~2.1.1
+    - perf: avoid argument reassignment & argument slice
+    - perf: avoid negotiator recursive construction
+    - perf: enable strict mode
+    - perf: remove unnecessary bitwise operator
+  * deps: cookie@0.1.3
+    - perf: deduce the scope of try-catch deopt
+    - perf: remove argument reassignments
+  * deps: escape-html@1.0.2
+  * deps: etag@~1.7.0
+    - Always include entity length in ETags for hash length extensions
+    - Generate non-Stats ETags using MD5 only (no longer CRC32)
+    - Improve stat performance by removing hashing
+    - Improve support for JXcore
+    - Remove base64 padding in ETags to shorten
+    - Support "fake" stats objects in environments without fs
+    - Use MD5 instead of MD4 in weak ETags over 1KB
+  * deps: finalhandler@0.4.0
+    - Fix a false-positive when unpiping in Node.js 0.8
+    - Support `statusCode` property on `Error` objects
+    - Use `unpipe` module for unpiping requests
+    - deps: escape-html@1.0.2
+    - deps: on-finished@~2.3.0
+    - perf: enable strict mode
+    - perf: remove argument reassignment
+  * deps: fresh@0.3.0
+    - Add weak `ETag` matching support
+  * deps: on-finished@~2.3.0
+    - Add defined behavior for HTTP `CONNECT` requests
+    - Add defined behavior for HTTP `Upgrade` requests
+    - deps: ee-first@1.1.1
+  * deps: path-to-regexp@0.1.6
+  * deps: send@0.13.0
+    - Allow Node.js HTTP server to set `Date` response header
+    - Fix incorrectly removing `Content-Location` on 304 response
+    - Improve the default redirect response headers
+    - Send appropriate headers on default error response
+    - Use `http-errors` for standard emitted errors
+    - Use `statuses` instead of `http` module for status messages
+    - deps: escape-html@1.0.2
+    - deps: etag@~1.7.0
+    - deps: fresh@0.3.0
+    - deps: on-finished@~2.3.0
+    - perf: enable strict mode
+    - perf: remove unnecessary array allocations
+  * deps: serve-static@~1.10.0
+    - Add `fallthrough` option
+    - Fix reading options from options prototype
+    - Improve the default redirect response headers
+    - Malformed URLs now `next()` instead of 400
+    - deps: escape-html@1.0.2
+    - deps: send@0.13.0
+    - perf: enable strict mode
+    - perf: remove argument reassignment
+  * deps: type-is@~1.6.3
+    - deps: mime-types@~2.1.1
+    - perf: reduce try block size
+    - perf: remove bitwise operations
+  * perf: enable strict mode
+  * perf: isolate `app.render` try block
+  * perf: remove argument reassignments in application
+  * perf: remove argument reassignments in request prototype
+  * perf: remove argument reassignments in response prototype
+  * perf: remove argument reassignments in routing
+  * perf: remove argument reassignments in `View`
+  * perf: skip attempting to decode zero length string
+  * perf: use saved reference to `http.STATUS_CODES`
+
+4.12.4 / 2015-05-17
+===================
+
+  * deps: accepts@~1.2.7
+    - deps: mime-types@~2.0.11
+    - deps: negotiator@0.5.3
+  * deps: debug@~2.2.0
+    - deps: ms@0.7.1
+  * deps: depd@~1.0.1
+  * deps: etag@~1.6.0
+    - Improve support for JXcore
+    - Support "fake" stats objects in environments without `fs`
+  * deps: finalhandler@0.3.6
+    - deps: debug@~2.2.0
+    - deps: on-finished@~2.2.1
+  * deps: on-finished@~2.2.1
+    - Fix `isFinished(req)` when data buffered
+  * deps: proxy-addr@~1.0.8
+    - deps: ipaddr.js@1.0.1
+  * deps: qs@2.4.2
+   - Fix allowing parameters like `constructor`
+  * deps: send@0.12.3
+    - deps: debug@~2.2.0
+    - deps: depd@~1.0.1
+    - deps: etag@~1.6.0
+    - deps: ms@0.7.1
+    - deps: on-finished@~2.2.1
+  * deps: serve-static@~1.9.3
+    - deps: send@0.12.3
+  * deps: type-is@~1.6.2
+    - deps: mime-types@~2.0.11
+
+4.12.3 / 2015-03-17
+===================
+
+  * deps: accepts@~1.2.5
+    - deps: mime-types@~2.0.10
+  * deps: debug@~2.1.3
+    - Fix high intensity foreground color for bold
+    - deps: ms@0.7.0
+  * deps: finalhandler@0.3.4
+    - deps: debug@~2.1.3
+  * deps: proxy-addr@~1.0.7
+    - deps: ipaddr.js@0.1.9
+  * deps: qs@2.4.1
+    - Fix error when parameter `hasOwnProperty` is present
+  * deps: send@0.12.2
+    - Throw errors early for invalid `extensions` or `index` options
+    - deps: debug@~2.1.3
+  * deps: serve-static@~1.9.2
+    - deps: send@0.12.2
+  * deps: type-is@~1.6.1
+    - deps: mime-types@~2.0.10
+
+4.12.2 / 2015-03-02
+===================
+
+  * Fix regression where `"Request aborted"` is logged using `res.sendFile`
+
+4.12.1 / 2015-03-01
+===================
+
+  * Fix constructing application with non-configurable prototype properties
+  * Fix `ECONNRESET` errors from `res.sendFile` usage
+  * Fix `req.host` when using "trust proxy" hops count
+  * Fix `req.protocol`/`req.secure` when using "trust proxy" hops count
+  * Fix wrong `code` on aborted connections from `res.sendFile`
+  * deps: merge-descriptors@1.0.0
+
+4.12.0 / 2015-02-23
+===================
+
+  * Fix `"trust proxy"` setting to inherit when app is mounted
+  * Generate `ETag`s for all request responses
+    - No longer restricted to only responses for `GET` and `HEAD` requests
+  * Use `content-type` to parse `Content-Type` headers
+  * deps: accepts@~1.2.4
+    - Fix preference sorting to be stable for long acceptable lists
+    - deps: mime-types@~2.0.9
+    - deps: negotiator@0.5.1
+  * deps: cookie-signature@1.0.6
+  * deps: send@0.12.1
+    - Always read the stat size from the file
+    - Fix mutating passed-in `options`
+    - deps: mime@1.3.4
+  * deps: serve-static@~1.9.1
+    - deps: send@0.12.1
+  * deps: type-is@~1.6.0
+    - fix argument reassignment
+    - fix false-positives in `hasBody` `Transfer-Encoding` check
+    - support wildcard for both type and subtype (`*/*`)
+    - deps: mime-types@~2.0.9
+
+4.11.2 / 2015-02-01
+===================
+
+  * Fix `res.redirect` double-calling `res.end` for `HEAD` requests
+  * deps: accepts@~1.2.3
+    - deps: mime-types@~2.0.8
+  * deps: proxy-addr@~1.0.6
+    - deps: ipaddr.js@0.1.8
+  * deps: type-is@~1.5.6
+    - deps: mime-types@~2.0.8
+
+4.11.1 / 2015-01-20
+===================
+
+  * deps: send@0.11.1
+    - Fix root path disclosure
+  * deps: serve-static@~1.8.1
+    - Fix redirect loop in Node.js 0.11.14
+    - Fix root path disclosure
+    - deps: send@0.11.1
+
+4.11.0 / 2015-01-13
+===================
+
+  * Add `res.append(field, val)` to append headers
+  * Deprecate leading `:` in `name` for `app.param(name, fn)`
+  * Deprecate `req.param()` -- use `req.params`, `req.body`, or `req.query` instead
+  * Deprecate `app.param(fn)`
+  * Fix `OPTIONS` responses to include the `HEAD` method properly
+  * Fix `res.sendFile` not always detecting aborted connection
+  * Match routes iteratively to prevent stack overflows
+  * deps: accepts@~1.2.2
+    - deps: mime-types@~2.0.7
+    - deps: negotiator@0.5.0
+  * deps: send@0.11.0
+    - deps: debug@~2.1.1
+    - deps: etag@~1.5.1
+    - deps: ms@0.7.0
+    - deps: on-finished@~2.2.0
+  * deps: serve-static@~1.8.0
+    - deps: send@0.11.0
+
+4.10.8 / 2015-01-13
+===================
+
+  * Fix crash from error within `OPTIONS` response handler
+  * deps: proxy-addr@~1.0.5
+    - deps: ipaddr.js@0.1.6
+
+4.10.7 / 2015-01-04
+===================
+
+  * Fix `Allow` header for `OPTIONS` to not contain duplicate methods
+  * Fix incorrect "Request aborted" for `res.sendFile` when `HEAD` or 304
+  * deps: debug@~2.1.1
+  * deps: finalhandler@0.3.3
+    - deps: debug@~2.1.1
+    - deps: on-finished@~2.2.0
+  * deps: methods@~1.1.1
+  * deps: on-finished@~2.2.0
+  * deps: serve-static@~1.7.2
+    - Fix potential open redirect when mounted at root
+  * deps: type-is@~1.5.5
+    - deps: mime-types@~2.0.7
+
+4.10.6 / 2014-12-12
+===================
+
+  * Fix exception in `req.fresh`/`req.stale` without response headers
+
+4.10.5 / 2014-12-10
+===================
+
+  * Fix `res.send` double-calling `res.end` for `HEAD` requests
+  * deps: accepts@~1.1.4
+    - deps: mime-types@~2.0.4
+  * deps: type-is@~1.5.4
+    - deps: mime-types@~2.0.4
+
+4.10.4 / 2014-11-24
+===================
+
+  * Fix `res.sendfile` logging standard write errors
+
+4.10.3 / 2014-11-23
+===================
+
+  * Fix `res.sendFile` logging standard write errors
+  * deps: etag@~1.5.1
+  * deps: proxy-addr@~1.0.4
+    - deps: ipaddr.js@0.1.5
+  * deps: qs@2.3.3
+    - Fix `arrayLimit` behavior
+
+4.10.2 / 2014-11-09
+===================
+
+  * Correctly invoke async router callback asynchronously
+  * deps: accepts@~1.1.3
+    - deps: mime-types@~2.0.3
+  * deps: type-is@~1.5.3
+    - deps: mime-types@~2.0.3
+
+4.10.1 / 2014-10-28
+===================
+
+  * Fix handling of URLs containing `://` in the path
+  * deps: qs@2.3.2
+    - Fix parsing of mixed objects and values
+
+4.10.0 / 2014-10-23
+===================
+
+  * Add support for `app.set('views', array)`
+    - Views are looked up in sequence in array of directories
+  * Fix `res.send(status)` to mention `res.sendStatus(status)`
+  * Fix handling of invalid empty URLs
+  * Use `content-disposition` module for `res.attachment`/`res.download`
+    - Sends standards-compliant `Content-Disposition` header
+    - Full Unicode support
+  * Use `path.resolve` in view lookup
+  * deps: debug@~2.1.0
+    - Implement `DEBUG_FD` env variable support
+  * deps: depd@~1.0.0
+  * deps: etag@~1.5.0
+    - Improve string performance
+    - Slightly improve speed for weak ETags over 1KB
+  * deps: finalhandler@0.3.2
+    - Terminate in progress response only on error
+    - Use `on-finished` to determine request status
+    - deps: debug@~2.1.0
+    - deps: on-finished@~2.1.1
+  * deps: on-finished@~2.1.1
+    - Fix handling of pipelined requests
+  * deps: qs@2.3.0
+    - Fix parsing of mixed implicit and explicit arrays
+  * deps: send@0.10.1
+    - deps: debug@~2.1.0
+    - deps: depd@~1.0.0
+    - deps: etag@~1.5.0
+    - deps: on-finished@~2.1.1
+  * deps: serve-static@~1.7.1
+    - deps: send@0.10.1
+
+4.9.8 / 2014-10-17
+==================
+
+  * Fix `res.redirect` body when redirect status specified
+  * deps: accepts@~1.1.2
+    - Fix error when media type has invalid parameter
+    - deps: negotiator@0.4.9
+
+4.9.7 / 2014-10-10
+==================
+
+  * Fix using same param name in array of paths
+
+4.9.6 / 2014-10-08
+==================
+
+  * deps: accepts@~1.1.1
+    - deps: mime-types@~2.0.2
+    - deps: negotiator@0.4.8
+  * deps: serve-static@~1.6.4
+    - Fix redirect loop when index file serving disabled
+  * deps: type-is@~1.5.2
+    - deps: mime-types@~2.0.2
+
+4.9.5 / 2014-09-24
+==================
+
+  * deps: etag@~1.4.0
+  * deps: proxy-addr@~1.0.3
+    - Use `forwarded` npm module
+  * deps: send@0.9.3
+    - deps: etag@~1.4.0
+  * deps: serve-static@~1.6.3
+    - deps: send@0.9.3
+
+4.9.4 / 2014-09-19
+==================
+
+  * deps: qs@2.2.4
+    - Fix issue with object keys starting with numbers truncated
+
+4.9.3 / 2014-09-18
+==================
+
+  * deps: proxy-addr@~1.0.2
+    - Fix a global leak when multiple subnets are trusted
+    - deps: ipaddr.js@0.1.3
+
+4.9.2 / 2014-09-17
+==================
+
+  * Fix regression for empty string `path` in `app.use`
+  * Fix `router.use` to accept array of middleware without path
+  * Improve error message for bad `app.use` arguments
+
+4.9.1 / 2014-09-16
+==================
+
+  * Fix `app.use` to accept array of middleware without path
+  * deps: depd@0.4.5
+  * deps: etag@~1.3.1
+  * deps: send@0.9.2
+    - deps: depd@0.4.5
+    - deps: etag@~1.3.1
+    - deps: range-parser@~1.0.2
+  * deps: serve-static@~1.6.2
+    - deps: send@0.9.2
+
+4.9.0 / 2014-09-08
+==================
+
+  * Add `res.sendStatus`
+  * Invoke callback for sendfile when client aborts
+    - Applies to `res.sendFile`, `res.sendfile`, and `res.download`
+    - `err` will be populated with request aborted error
+  * Support IP address host in `req.subdomains`
+  * Use `etag` to generate `ETag` headers
+  * deps: accepts@~1.1.0
+    - update `mime-types`
+  * deps: cookie-signature@1.0.5
+  * deps: debug@~2.0.0
+  * deps: finalhandler@0.2.0
+    - Set `X-Content-Type-Options: nosniff` header
+    - deps: debug@~2.0.0
+  * deps: fresh@0.2.4
+  * deps: media-typer@0.3.0
+    - Throw error when parameter format invalid on parse
+  * deps: qs@2.2.3
+    - Fix issue where first empty value in array is discarded
+  * deps: range-parser@~1.0.2
+  * deps: send@0.9.1
+    - Add `lastModified` option
+    - Use `etag` to generate `ETag` header
+    - deps: debug@~2.0.0
+    - deps: fresh@0.2.4
+  * deps: serve-static@~1.6.1
+    - Add `lastModified` option
+    - deps: send@0.9.1
+  * deps: type-is@~1.5.1
+    - fix `hasbody` to be true for `content-length: 0`
+    - deps: media-typer@0.3.0
+    - deps: mime-types@~2.0.1
+  * deps: vary@~1.0.0
+    - Accept valid `Vary` header string as `field`
+
+4.8.8 / 2014-09-04
+==================
+
+  * deps: send@0.8.5
+    - Fix a path traversal issue when using `root`
+    - Fix malicious path detection for empty string path
+  * deps: serve-static@~1.5.4
+    - deps: send@0.8.5
+
+4.8.7 / 2014-08-29
+==================
+
+  * deps: qs@2.2.2
+    - Remove unnecessary cloning
+
+4.8.6 / 2014-08-27
+==================
+
+  * deps: qs@2.2.0
+    - Array parsing fix
+    - Performance improvements
+
+4.8.5 / 2014-08-18
+==================
+
+  * deps: send@0.8.3
+    - deps: destroy@1.0.3
+    - deps: on-finished@2.1.0
+  * deps: serve-static@~1.5.3
+    - deps: send@0.8.3
+
+4.8.4 / 2014-08-14
+==================
+
+  * deps: qs@1.2.2
+  * deps: send@0.8.2
+    - Work around `fd` leak in Node.js 0.10 for `fs.ReadStream`
+  * deps: serve-static@~1.5.2
+    - deps: send@0.8.2
+
+4.8.3 / 2014-08-10
+==================
+
+  * deps: parseurl@~1.3.0
+  * deps: qs@1.2.1
+  * deps: serve-static@~1.5.1
+    - Fix parsing of weird `req.originalUrl` values
+    - deps: parseurl@~1.3.0
+    - deps: utils-merge@1.0.0
+
+4.8.2 / 2014-08-07
+==================
+
+  * deps: qs@1.2.0
+    - Fix parsing array of objects
+
+4.8.1 / 2014-08-06
+==================
+
+  * fix incorrect deprecation warnings on `res.download`
+  * deps: qs@1.1.0
+    - Accept urlencoded square brackets
+    - Accept empty values in implicit array notation
+
+4.8.0 / 2014-08-05
+==================
+
+  * add `res.sendFile`
+    - accepts a file system path instead of a URL
+    - requires an absolute path or `root` option specified
+  * deprecate `res.sendfile` -- use `res.sendFile` instead
+  * support mounted app as any argument to `app.use()`
+  * deps: qs@1.0.2
+    - Complete rewrite
+    - Limits array length to 20
+    - Limits object depth to 5
+    - Limits parameters to 1,000
+  * deps: send@0.8.1
+    - Add `extensions` option
+  * deps: serve-static@~1.5.0
+    - Add `extensions` option
+    - deps: send@0.8.1
+
+4.7.4 / 2014-08-04
+==================
+
+  * fix `res.sendfile` regression for serving directory index files
+  * deps: send@0.7.4
+    - Fix incorrect 403 on Windows and Node.js 0.11
+    - Fix serving index files without root dir
+  * deps: serve-static@~1.4.4
+    - deps: send@0.7.4
+
+4.7.3 / 2014-08-04
+==================
+
+  * deps: send@0.7.3
+    - Fix incorrect 403 on Windows and Node.js 0.11
+  * deps: serve-static@~1.4.3
+    - Fix incorrect 403 on Windows and Node.js 0.11
+    - deps: send@0.7.3
+
+4.7.2 / 2014-07-27
+==================
+
+  * deps: depd@0.4.4
+    - Work-around v8 generating empty stack traces
+  * deps: send@0.7.2
+    - deps: depd@0.4.4
+  * deps: serve-static@~1.4.2
+
+4.7.1 / 2014-07-26
+==================
+
+  * deps: depd@0.4.3
+    - Fix exception when global `Error.stackTraceLimit` is too low
+  * deps: send@0.7.1
+    - deps: depd@0.4.3
+  * deps: serve-static@~1.4.1
+
+4.7.0 / 2014-07-25
+==================
+
+  * fix `req.protocol` for proxy-direct connections
+  * configurable query parser with `app.set('query parser', parser)`
+    - `app.set('query parser', 'extended')` parse with "qs" module
+    - `app.set('query parser', 'simple')` parse with "querystring" core module
+    - `app.set('query parser', false)` disable query string parsing
+    - `app.set('query parser', true)` enable simple parsing
+  * deprecate `res.json(status, obj)` -- use `res.status(status).json(obj)` instead
+  * deprecate `res.jsonp(status, obj)` -- use `res.status(status).jsonp(obj)` instead
+  * deprecate `res.send(status, body)` -- use `res.status(status).send(body)` instead
+  * deps: debug@1.0.4
+  * deps: depd@0.4.2
+    - Add `TRACE_DEPRECATION` environment variable
+    - Remove non-standard grey color from color output
+    - Support `--no-deprecation` argument
+    - Support `--trace-deprecation` argument
+  * deps: finalhandler@0.1.0
+    - Respond after request fully read
+    - deps: debug@1.0.4
+  * deps: parseurl@~1.2.0
+    - Cache URLs based on original value
+    - Remove no-longer-needed URL mis-parse work-around
+    - Simplify the "fast-path" `RegExp`
+  * deps: send@0.7.0
+    - Add `dotfiles` option
+    - Cap `maxAge` value to 1 year
+    - deps: debug@1.0.4
+    - deps: depd@0.4.2
+  * deps: serve-static@~1.4.0
+    - deps: parseurl@~1.2.0
+    - deps: send@0.7.0
+  * perf: prevent multiple `Buffer` creation in `res.send`
+
+4.6.1 / 2014-07-12
+==================
+
+  * fix `subapp.mountpath` regression for `app.use(subapp)`
+
+4.6.0 / 2014-07-11
+==================
+
+  * accept multiple callbacks to `app.use()`
+  * add explicit "Rosetta Flash JSONP abuse" protection
+    - previous versions are not vulnerable; this is just explicit protection
+  * catch errors in multiple `req.param(name, fn)` handlers
+  * deprecate `res.redirect(url, status)` -- use `res.redirect(status, url)` instead
+  * fix `res.send(status, num)` to send `num` as json (not error)
+  * remove unnecessary escaping when `res.jsonp` returns JSON response
+  * support non-string `path` in `app.use(path, fn)`
+    - supports array of paths
+    - supports `RegExp`
+  * router: fix optimization on router exit
+  * router: refactor location of `try` blocks
+  * router: speed up standard `app.use(fn)`
+  * deps: debug@1.0.3
+    - Add support for multiple wildcards in namespaces
+  * deps: finalhandler@0.0.3
+    - deps: debug@1.0.3
+  * deps: methods@1.1.0
+    - add `CONNECT`
+  * deps: parseurl@~1.1.3
+    - faster parsing of href-only URLs
+  * deps: path-to-regexp@0.1.3
+  * deps: send@0.6.0
+    - deps: debug@1.0.3
+  * deps: serve-static@~1.3.2
+    - deps: parseurl@~1.1.3
+    - deps: send@0.6.0
+  * perf: fix arguments reassign deopt in some `res` methods
+
+4.5.1 / 2014-07-06
+==================
+
+ * fix routing regression when altering `req.method`
+
+4.5.0 / 2014-07-04
+==================
+
+ * add deprecation message to non-plural `req.accepts*`
+ * add deprecation message to `res.send(body, status)`
+ * add deprecation message to `res.vary()`
+ * add `headers` option to `res.sendfile`
+   - use to set headers on successful file transfer
+ * add `mergeParams` option to `Router`
+   - merges `req.params` from parent routes
+ * add `req.hostname` -- correct name for what `req.host` returns
+ * deprecate things with `depd` module
+ * deprecate `req.host` -- use `req.hostname` instead
+ * fix behavior when handling request without routes
+ * fix handling when `route.all` is only route
+ * invoke `router.param()` only when route matches
+ * restore `req.params` after invoking router
+ * use `finalhandler` for final response handling
+ * use `media-typer` to alter content-type charset
+ * deps: accepts@~1.0.7
+ * deps: send@0.5.0
+   - Accept string for `maxage` (converted by `ms`)
+   - Include link in default redirect response
+ * deps: serve-static@~1.3.0
+   - Accept string for `maxAge` (converted by `ms`)
+   - Add `setHeaders` option
+   - Include HTML link in redirect response
+   - deps: send@0.5.0
+ * deps: type-is@~1.3.2
+
+4.4.5 / 2014-06-26
+==================
+
+ * deps: cookie-signature@1.0.4
+   - fix for timing attacks
+
+4.4.4 / 2014-06-20
+==================
+
+ * fix `res.attachment` Unicode filenames in Safari
+ * fix "trim prefix" debug message in `express:router`
+ * deps: accepts@~1.0.5
+ * deps: buffer-crc32@0.2.3
+
+4.4.3 / 2014-06-11
+==================
+
+ * fix persistence of modified `req.params[name]` from `app.param()`
+ * deps: accepts@1.0.3
+   - deps: negotiator@0.4.6
+ * deps: debug@1.0.2
+ * deps: send@0.4.3
+   - Do not throw uncatchable error on file open race condition
+   - Use `escape-html` for HTML escaping
+   - deps: debug@1.0.2
+   - deps: finished@1.2.2
+   - deps: fresh@0.2.2
+ * deps: serve-static@1.2.3
+   - Do not throw uncatchable error on file open race condition
+   - deps: send@0.4.3
+
+4.4.2 / 2014-06-09
+==================
+
+ * fix catching errors from top-level handlers
+ * use `vary` module for `res.vary`
+ * deps: debug@1.0.1
+ * deps: proxy-addr@1.0.1
+ * deps: send@0.4.2
+   - fix "event emitter leak" warnings
+   - deps: debug@1.0.1
+   - deps: finished@1.2.1
+ * deps: serve-static@1.2.2
+   - fix "event emitter leak" warnings
+   - deps: send@0.4.2
+ * deps: type-is@1.2.1
+
+4.4.1 / 2014-06-02
+==================
+
+ * deps: methods@1.0.1
+ * deps: send@0.4.1
+   - Send `max-age` in `Cache-Control` in correct format
+ * deps: serve-static@1.2.1
+   - use `escape-html` for escaping
+   - deps: send@0.4.1
+
+4.4.0 / 2014-05-30
+==================
+
+ * custom etag control with `app.set('etag', val)`
+   - `app.set('etag', function(body, encoding){ return '"etag"' })` custom etag generation
+   - `app.set('etag', 'weak')` weak tag
+   - `app.set('etag', 'strong')` strong etag
+   - `app.set('etag', false)` turn off
+   - `app.set('etag', true)` standard etag
+ * mark `res.send` ETag as weak and reduce collisions
+ * update accepts to 1.0.2
+   - Fix interpretation when header not in request
+ * update send to 0.4.0
+   - Calculate ETag with md5 for reduced collisions
+   - Ignore stream errors after request ends
+   - deps: debug@0.8.1
+ * update serve-static to 1.2.0
+   - Calculate ETag with md5 for reduced collisions
+   - Ignore stream errors after request ends
+   - deps: send@0.4.0
+
+4.3.2 / 2014-05-28
+==================
+
+ * fix handling of errors from `router.param()` callbacks
+
+4.3.1 / 2014-05-23
+==================
+
+ * revert "fix behavior of multiple `app.VERB` for the same path"
+   - this caused a regression in the order of route execution
+
+4.3.0 / 2014-05-21
+==================
+
+ * add `req.baseUrl` to access the path stripped from `req.url` in routes
+ * fix behavior of multiple `app.VERB` for the same path
+ * fix issue routing requests among sub routers
+ * invoke `router.param()` only when necessary instead of every match
+ * proper proxy trust with `app.set('trust proxy', trust)`
+   - `app.set('trust proxy', 1)` trust first hop
+   - `app.set('trust proxy', 'loopback')` trust loopback addresses
+   - `app.set('trust proxy', '10.0.0.1')` trust single IP
+   - `app.set('trust proxy', '10.0.0.1/16')` trust subnet
+   - `app.set('trust proxy', '10.0.0.1, 10.0.0.2')` trust list
+   - `app.set('trust proxy', false)` turn off
+   - `app.set('trust proxy', true)` trust everything
+ * set proper `charset` in `Content-Type` for `res.send`
+ * update type-is to 1.2.0
+   - support suffix matching
+
+4.2.0 / 2014-05-11
+==================
+
+ * deprecate `app.del()` -- use `app.delete()` instead
+ * deprecate `res.json(obj, status)` -- use `res.json(status, obj)` instead
+   - the edge-case `res.json(status, num)` requires `res.status(status).json(num)`
+ * deprecate `res.jsonp(obj, status)` -- use `res.jsonp(status, obj)` instead
+   - the edge-case `res.jsonp(status, num)` requires `res.status(status).jsonp(num)`
+ * fix `req.next` when inside router instance
+ * include `ETag` header in `HEAD` requests
+ * keep previous `Content-Type` for `res.jsonp`
+ * support PURGE method
+   - add `app.purge`
+   - add `router.purge`
+   - include PURGE in `app.all`
+ * update debug to 0.8.0
+   - add `enable()` method
+   - change from stderr to stdout
+ * update methods to 1.0.0
+   - add PURGE
+
+4.1.2 / 2014-05-08
+==================
+
+ * fix `req.host` for IPv6 literals
+ * fix `res.jsonp` error if callback param is object
+
+4.1.1 / 2014-04-27
+==================
+
+ * fix package.json to reflect supported node version
+
+4.1.0 / 2014-04-24
+==================
+
+ * pass options from `res.sendfile` to `send`
+ * preserve casing of headers in `res.header` and `res.set`
+ * support unicode file names in `res.attachment` and `res.download`
+ * update accepts to 1.0.1
+   - deps: negotiator@0.4.0
+ * update cookie to 0.1.2
+   - Fix for maxAge == 0
+   - made compat with expires field
+ * update send to 0.3.0
+   - Accept API options in options object
+   - Coerce option types
+   - Control whether to generate etags
+   - Default directory access to 403 when index disabled
+   - Fix sending files with dots without root set
+   - Include file path in etag
+   - Make "Can't set headers after they are sent." catchable
+   - Send full entity-body for multi range requests
+   - Set etags to "weak"
+   - Support "If-Range" header
+   - Support multiple index paths
+   - deps: mime@1.2.11
+ * update serve-static to 1.1.0
+   - Accept options directly to `send` module
+   - Resolve relative paths at middleware setup
+   - Use parseurl to parse the URL from request
+   - deps: send@0.3.0
+ * update type-is to 1.1.0
+   - add non-array values support
+   - add `multipart` as a shorthand
+
+4.0.0 / 2014-04-09
+==================
+
+ * remove:
+   - node 0.8 support
+   - connect and connect's patches except for charset handling
+   - express(1) - moved to [express-generator](https://github.com/expressjs/generator)
+   - `express.createServer()` - it has been deprecated for a long time. Use `express()`
+   - `app.configure` - use logic in your own app code
+   - `app.router` - is removed
+   - `req.auth` - use `basic-auth` instead
+   - `req.accepted*` - use `req.accepts*()` instead
+   - `res.location` - relative URL resolution is removed
+   - `res.charset` - include the charset in the content type when using `res.set()`
+   - all bundled middleware except `static`
+ * change:
+   - `app.route` -> `app.mountpath` when mounting an express app in another express app
+   - `json spaces` no longer enabled by default in development
+   - `req.accepts*` -> `req.accepts*s` - i.e. `req.acceptsEncoding` -> `req.acceptsEncodings`
+   - `req.params` is now an object instead of an array
+   - `res.locals` is no longer a function. It is a plain js object. Treat it as such.
+   - `res.headerSent` -> `res.headersSent` to match node.js ServerResponse object
+ * refactor:
+   - `req.accepts*` with [accepts](https://github.com/expressjs/accepts)
+   - `req.is` with [type-is](https://github.com/expressjs/type-is)
+   - [path-to-regexp](https://github.com/component/path-to-regexp)
+ * add:
+   - `app.router()` - returns the app Router instance
+   - `app.route()` - Proxy to the app's `Router#route()` method to create a new route
+   - Router & Route - public API
+
+3.21.2 / 2015-07-31
+===================
+
+  * deps: connect@2.30.2
+    - deps: body-parser@~1.13.3
+    - deps: compression@~1.5.2
+    - deps: errorhandler@~1.4.2
+    - deps: method-override@~2.3.5
+    - deps: serve-index@~1.7.2
+    - deps: type-is@~1.6.6
+    - deps: vhost@~3.0.1
+  * deps: vary@~1.0.1
+    - Fix setting empty header from empty `field`
+    - perf: enable strict mode
+    - perf: remove argument reassignments
+
+3.21.1 / 2015-07-05
+===================
+
+  * deps: basic-auth@~1.0.3
+  * deps: connect@2.30.1
+    - deps: body-parser@~1.13.2
+    - deps: compression@~1.5.1
+    - deps: errorhandler@~1.4.1
+    - deps: morgan@~1.6.1
+    - deps: pause@0.1.0
+    - deps: qs@4.0.0
+    - deps: serve-index@~1.7.1
+    - deps: type-is@~1.6.4
+
+3.21.0 / 2015-06-18
+===================
+
+  * deps: basic-auth@1.0.2
+    - perf: enable strict mode
+    - perf: hoist regular expression
+    - perf: parse with regular expressions
+    - perf: remove argument reassignment
+  * deps: connect@2.30.0
+    - deps: body-parser@~1.13.1
+    - deps: bytes@2.1.0
+    - deps: compression@~1.5.0
+    - deps: cookie@0.1.3
+    - deps: cookie-parser@~1.3.5
+    - deps: csurf@~1.8.3
+    - deps: errorhandler@~1.4.0
+    - deps: express-session@~1.11.3
+    - deps: finalhandler@0.4.0
+    - deps: fresh@0.3.0
+    - deps: morgan@~1.6.0
+    - deps: serve-favicon@~2.3.0
+    - deps: serve-index@~1.7.0
+    - deps: serve-static@~1.10.0
+    - deps: type-is@~1.6.3
+  * deps: cookie@0.1.3
+    - perf: deduce the scope of try-catch deopt
+    - perf: remove argument reassignments
+  * deps: escape-html@1.0.2
+  * deps: etag@~1.7.0
+    - Always include entity length in ETags for hash length extensions
+    - Generate non-Stats ETags using MD5 only (no longer CRC32)
+    - Improve stat performance by removing hashing
+    - Improve support for JXcore
+    - Remove base64 padding in ETags to shorten
+    - Support "fake" stats objects in environments without fs
+    - Use MD5 instead of MD4 in weak ETags over 1KB
+  * deps: fresh@0.3.0
+    - Add weak `ETag` matching support
+  * deps: mkdirp@0.5.1
+    - Work in global strict mode
+  * deps: send@0.13.0
+    - Allow Node.js HTTP server to set `Date` response header
+    - Fix incorrectly removing `Content-Location` on 304 response
+    - Improve the default redirect response headers
+    - Send appropriate headers on default error response
+    - Use `http-errors` for standard emitted errors
+    - Use `statuses` instead of `http` module for status messages
+    - deps: escape-html@1.0.2
+    - deps: etag@~1.7.0
+    - deps: fresh@0.3.0
+    - deps: on-finished@~2.3.0
+    - perf: enable strict mode
+    - perf: remove unnecessary array allocations
+
+3.20.3 / 2015-05-17
+===================
+
+  * deps: connect@2.29.2
+    - deps: body-parser@~1.12.4
+    - deps: compression@~1.4.4
+    - deps: connect-timeout@~1.6.2
+    - deps: debug@~2.2.0
+    - deps: depd@~1.0.1
+    - deps: errorhandler@~1.3.6
+    - deps: finalhandler@0.3.6
+    - deps: method-override@~2.3.3
+    - deps: morgan@~1.5.3
+    - deps: qs@2.4.2
+    - deps: response-time@~2.3.1
+    - deps: serve-favicon@~2.2.1
+    - deps: serve-index@~1.6.4
+    - deps: serve-static@~1.9.3
+    - deps: type-is@~1.6.2
+  * deps: debug@~2.2.0
+    - deps: ms@0.7.1
+  * deps: depd@~1.0.1
+  * deps: proxy-addr@~1.0.8
+    - deps: ipaddr.js@1.0.1
+  * deps: send@0.12.3
+    - deps: debug@~2.2.0
+    - deps: depd@~1.0.1
+    - deps: etag@~1.6.0
+    - deps: ms@0.7.1
+    - deps: on-finished@~2.2.1
+
+3.20.2 / 2015-03-16
+===================
+
+  * deps: connect@2.29.1
+    - deps: body-parser@~1.12.2
+    - deps: compression@~1.4.3
+    - deps: connect-timeout@~1.6.1
+    - deps: debug@~2.1.3
+    - deps: errorhandler@~1.3.5
+    - deps: express-session@~1.10.4
+    - deps: finalhandler@0.3.4
+    - deps: method-override@~2.3.2
+    - deps: morgan@~1.5.2
+    - deps: qs@2.4.1
+    - deps: serve-index@~1.6.3
+    - deps: serve-static@~1.9.2
+    - deps: type-is@~1.6.1
+  * deps: debug@~2.1.3
+    - Fix high intensity foreground color for bold
+    - deps: ms@0.7.0
+  * deps: merge-descriptors@1.0.0
+  * deps: proxy-addr@~1.0.7
+    - deps: ipaddr.js@0.1.9
+  * deps: send@0.12.2
+    - Throw errors early for invalid `extensions` or `index` options
+    - deps: debug@~2.1.3
+
+3.20.1 / 2015-02-28
+===================
+
+  * Fix `req.host` when using "trust proxy" hops count
+  * Fix `req.protocol`/`req.secure` when using "trust proxy" hops count
+
+3.20.0 / 2015-02-18
+===================
+
+  * Fix `"trust proxy"` setting to inherit when app is mounted
+  * Generate `ETag`s for all request responses
+    - No longer restricted to only responses for `GET` and `HEAD` requests
+  * Use `content-type` to parse `Content-Type` headers
+  * deps: connect@2.29.0
+    - Use `content-type` to parse `Content-Type` headers
+    - deps: body-parser@~1.12.0
+    - deps: compression@~1.4.1
+    - deps: connect-timeout@~1.6.0
+    - deps: cookie-parser@~1.3.4
+    - deps: cookie-signature@1.0.6
+    - deps: csurf@~1.7.0
+    - deps: errorhandler@~1.3.4
+    - deps: express-session@~1.10.3
+    - deps: http-errors@~1.3.1
+    - deps: response-time@~2.3.0
+    - deps: serve-index@~1.6.2
+    - deps: serve-static@~1.9.1
+    - deps: type-is@~1.6.0
+  * deps: cookie-signature@1.0.6
+  * deps: send@0.12.1
+    - Always read the stat size from the file
+    - Fix mutating passed-in `options`
+    - deps: mime@1.3.4
+
+3.19.2 / 2015-02-01
+===================
+
+  * deps: connect@2.28.3
+    - deps: compression@~1.3.1
+    - deps: csurf@~1.6.6
+    - deps: errorhandler@~1.3.3
+    - deps: express-session@~1.10.2
+    - deps: serve-index@~1.6.1
+    - deps: type-is@~1.5.6
+  * deps: proxy-addr@~1.0.6
+    - deps: ipaddr.js@0.1.8
+
+3.19.1 / 2015-01-20
+===================
+
+  * deps: connect@2.28.2
+    - deps: body-parser@~1.10.2
+    - deps: serve-static@~1.8.1
+  * deps: send@0.11.1
+    - Fix root path disclosure
+
+3.19.0 / 2015-01-09
+===================
+
+  * Fix `OPTIONS` responses to include the `HEAD` method property
+  * Use `readline` for prompt in `express(1)`
+  * deps: commander@2.6.0
+  * deps: connect@2.28.1
+    - deps: body-parser@~1.10.1
+    - deps: compression@~1.3.0
+    - deps: connect-timeout@~1.5.0
+    - deps: csurf@~1.6.4
+    - deps: debug@~2.1.1
+    - deps: errorhandler@~1.3.2
+    - deps: express-session@~1.10.1
+    - deps: finalhandler@0.3.3
+    - deps: method-override@~2.3.1
+    - deps: morgan@~1.5.1
+    - deps: serve-favicon@~2.2.0
+    - deps: serve-index@~1.6.0
+    - deps: serve-static@~1.8.0
+    - deps: type-is@~1.5.5
+  * deps: debug@~2.1.1
+  * deps: methods@~1.1.1
+  * deps: proxy-addr@~1.0.5
+    - deps: ipaddr.js@0.1.6
+  * deps: send@0.11.0
+    - deps: debug@~2.1.1
+    - deps: etag@~1.5.1
+    - deps: ms@0.7.0
+    - deps: on-finished@~2.2.0
+
+3.18.6 / 2014-12-12
+===================
+
+  * Fix exception in `req.fresh`/`req.stale` without response headers
+
+3.18.5 / 2014-12-11
+===================
+
+  * deps: connect@2.27.6
+    - deps: compression@~1.2.2
+    - deps: express-session@~1.9.3
+    - deps: http-errors@~1.2.8
+    - deps: serve-index@~1.5.3
+    - deps: type-is@~1.5.4
+
+3.18.4 / 2014-11-23
+===================
+
+  * deps: connect@2.27.4
+    - deps: body-parser@~1.9.3
+    - deps: compression@~1.2.1
+    - deps: errorhandler@~1.2.3
+    - deps: express-session@~1.9.2
+    - deps: qs@2.3.3
+    - deps: serve-favicon@~2.1.7
+    - deps: serve-static@~1.5.1
+    - deps: type-is@~1.5.3
+  * deps: etag@~1.5.1
+  * deps: proxy-addr@~1.0.4
+    - deps: ipaddr.js@0.1.5
+
+3.18.3 / 2014-11-09
+===================
+
+  * deps: connect@2.27.3
+    - Correctly invoke async callback asynchronously
+    - deps: csurf@~1.6.3
+
+3.18.2 / 2014-10-28
+===================
+
+  * deps: connect@2.27.2
+    - Fix handling of URLs containing `://` in the path
+    - deps: body-parser@~1.9.2
+    - deps: qs@2.3.2
+
+3.18.1 / 2014-10-22
+===================
+
+  * Fix internal `utils.merge` deprecation warnings
+  * deps: connect@2.27.1
+    - deps: body-parser@~1.9.1
+    - deps: express-session@~1.9.1
+    - deps: finalhandler@0.3.2
+    - deps: morgan@~1.4.1
+    - deps: qs@2.3.0
+    - deps: serve-static@~1.7.1
+  * deps: send@0.10.1
+    - deps: on-finished@~2.1.1
+
+3.18.0 / 2014-10-17
+===================
+
+  * Use `content-disposition` module for `res.attachment`/`res.download`
+    - Sends standards-compliant `Content-Disposition` header
+    - Full Unicode support
+  * Use `etag` module to generate `ETag` headers
+  * deps: connect@2.27.0
+    - Use `http-errors` module for creating errors
+    - Use `utils-merge` module for merging objects
+    - deps: body-parser@~1.9.0
+    - deps: compression@~1.2.0
+    - deps: connect-timeout@~1.4.0
+    - deps: debug@~2.1.0
+    - deps: depd@~1.0.0
+    - deps: express-session@~1.9.0
+    - deps: finalhandler@0.3.1
+    - deps: method-override@~2.3.0
+    - deps: morgan@~1.4.0
+    - deps: response-time@~2.2.0
+    - deps: serve-favicon@~2.1.6
+    - deps: serve-index@~1.5.0
+    - deps: serve-static@~1.7.0
+  * deps: debug@~2.1.0
+    - Implement `DEBUG_FD` env variable support
+  * deps: depd@~1.0.0
+  * deps: send@0.10.0
+    - deps: debug@~2.1.0
+    - deps: depd@~1.0.0
+    - deps: etag@~1.5.0
+
+3.17.8 / 2014-10-15
+===================
+
+  * deps: connect@2.26.6
+    - deps: compression@~1.1.2
+    - deps: csurf@~1.6.2
+    - deps: errorhandler@~1.2.2
+
+3.17.7 / 2014-10-08
+===================
+
+  * deps: connect@2.26.5
+    - Fix accepting non-object arguments to `logger`
+    - deps: serve-static@~1.6.4
+
+3.17.6 / 2014-10-02
+===================
+
+  * deps: connect@2.26.4
+    - deps: morgan@~1.3.2
+    - deps: type-is@~1.5.2
+
+3.17.5 / 2014-09-24
+===================
+
+  * deps: connect@2.26.3
+    - deps: body-parser@~1.8.4
+    - deps: serve-favicon@~2.1.5
+    - deps: serve-static@~1.6.3
+  * deps: proxy-addr@~1.0.3
+    - Use `forwarded` npm module
+  * deps: send@0.9.3
+    - deps: etag@~1.4.0
+
+3.17.4 / 2014-09-19
+===================
+
+  * deps: connect@2.26.2
+    - deps: body-parser@~1.8.3
+    - deps: qs@2.2.4
+
+3.17.3 / 2014-09-18
+===================
+
+  * deps: proxy-addr@~1.0.2
+    - Fix a global leak when multiple subnets are trusted
+    - deps: ipaddr.js@0.1.3
+
+3.17.2 / 2014-09-15
+===================
+
+  * Use `crc` instead of `buffer-crc32` for speed
+  * deps: connect@2.26.1
+    - deps: body-parser@~1.8.2
+    - deps: depd@0.4.5
+    - deps: express-session@~1.8.2
+    - deps: morgan@~1.3.1
+    - deps: serve-favicon@~2.1.3
+    - deps: serve-static@~1.6.2
+  * deps: depd@0.4.5
+  * deps: send@0.9.2
+    - deps: depd@0.4.5
+    - deps: etag@~1.3.1
+    - deps: range-parser@~1.0.2
+
+3.17.1 / 2014-09-08
+===================
+
+  * Fix error in `req.subdomains` on empty host
+
+3.17.0 / 2014-09-08
+===================
+
+  * Support `X-Forwarded-Host` in `req.subdomains`
+  * Support IP address host in `req.subdomains`
+  * deps: connect@2.26.0
+    - deps: body-parser@~1.8.1
+    - deps: compression@~1.1.0
+    - deps: connect-timeout@~1.3.0
+    - deps: cookie-parser@~1.3.3
+    - deps: cookie-signature@1.0.5
+    - deps: csurf@~1.6.1
+    - deps: debug@~2.0.0
+    - deps: errorhandler@~1.2.0
+    - deps: express-session@~1.8.1
+    - deps: finalhandler@0.2.0
+    - deps: fresh@0.2.4
+    - deps: media-typer@0.3.0
+    - deps: method-override@~2.2.0
+    - deps: morgan@~1.3.0
+    - deps: qs@2.2.3
+    - deps: serve-favicon@~2.1.3
+    - deps: serve-index@~1.2.1
+    - deps: serve-static@~1.6.1
+    - deps: type-is@~1.5.1
+    - deps: vhost@~3.0.0
+  * deps: cookie-signature@1.0.5
+  * deps: debug@~2.0.0
+  * deps: fresh@0.2.4
+  * deps: media-typer@0.3.0
+    - Throw error when parameter format invalid on parse
+  * deps: range-parser@~1.0.2
+  * deps: send@0.9.1
+    - Add `lastModified` option
+    - Use `etag` to generate `ETag` header
+    - deps: debug@~2.0.0
+    - deps: fresh@0.2.4
+  * deps: vary@~1.0.0
+    - Accept valid `Vary` header string as `field`
+
+3.16.10 / 2014-09-04
+====================
+
+  * deps: connect@2.25.10
+    - deps: serve-static@~1.5.4
+  * deps: send@0.8.5
+    - Fix a path traversal issue when using `root`
+    - Fix malicious path detection for empty string path
+
+3.16.9 / 2014-08-29
+===================
+
+  * deps: connect@2.25.9
+    - deps: body-parser@~1.6.7
+    - deps: qs@2.2.2
+
+3.16.8 / 2014-08-27
+===================
+
+  * deps: connect@2.25.8
+    - deps: body-parser@~1.6.6
+    - deps: csurf@~1.4.1
+    - deps: qs@2.2.0
+
+3.16.7 / 2014-08-18
+===================
+
+  * deps: connect@2.25.7
+    - deps: body-parser@~1.6.5
+    - deps: express-session@~1.7.6
+    - deps: morgan@~1.2.3
+    - deps: serve-static@~1.5.3
+  * deps: send@0.8.3
+    - deps: destroy@1.0.3
+    - deps: on-finished@2.1.0
+
+3.16.6 / 2014-08-14
+===================
+
+  * deps: connect@2.25.6
+    - deps: body-parser@~1.6.4
+    - deps: qs@1.2.2
+    - deps: serve-static@~1.5.2
+  * deps: send@0.8.2
+    - Work around `fd` leak in Node.js 0.10 for `fs.ReadStream`
+
+3.16.5 / 2014-08-11
+===================
+
+  * deps: connect@2.25.5
+    - Fix backwards compatibility in `logger`
+
+3.16.4 / 2014-08-10
+===================
+
+  * Fix original URL parsing in `res.location`
+  * deps: connect@2.25.4
+    - Fix `query` middleware breaking with argument
+    - deps: body-parser@~1.6.3
+    - deps: compression@~1.0.11
+    - deps: connect-timeout@~1.2.2
+    - deps: express-session@~1.7.5
+    - deps: method-override@~2.1.3
+    - deps: on-headers@~1.0.0
+    - deps: parseurl@~1.3.0
+    - deps: qs@1.2.1
+    - deps: response-time@~2.0.1
+    - deps: serve-index@~1.1.6
+    - deps: serve-static@~1.5.1
+  * deps: parseurl@~1.3.0
+
+3.16.3 / 2014-08-07
+===================
+
+  * deps: connect@2.25.3
+    - deps: multiparty@3.3.2
+
+3.16.2 / 2014-08-07
+===================
+
+  * deps: connect@2.25.2
+    - deps: body-parser@~1.6.2
+    - deps: qs@1.2.0
+
+3.16.1 / 2014-08-06
+===================
+
+  * deps: connect@2.25.1
+    - deps: body-parser@~1.6.1
+    - deps: qs@1.1.0
+
+3.16.0 / 2014-08-05
+===================
+
+  * deps: connect@2.25.0
+    - deps: body-parser@~1.6.0
+    - deps: compression@~1.0.10
+    - deps: csurf@~1.4.0
+    - deps: express-session@~1.7.4
+    - deps: qs@1.0.2
+    - deps: serve-static@~1.5.0
+  * deps: send@0.8.1
+    - Add `extensions` option
+
+3.15.3 / 2014-08-04
+===================
+
+  * fix `res.sendfile` regression for serving directory index files
+  * deps: connect@2.24.3
+    - deps: serve-index@~1.1.5
+    - deps: serve-static@~1.4.4
+  * deps: send@0.7.4
+    - Fix incorrect 403 on Windows and Node.js 0.11
+    - Fix serving index files without root dir
+
+3.15.2 / 2014-07-27
+===================
+
+  * deps: connect@2.24.2
+    - deps: body-parser@~1.5.2
+    - deps: depd@0.4.4
+    - deps: express-session@~1.7.2
+    - deps: morgan@~1.2.2
+    - deps: serve-static@~1.4.2
+  * deps: depd@0.4.4
+    - Work-around v8 generating empty stack traces
+  * deps: send@0.7.2
+    - deps: depd@0.4.4
+
+3.15.1 / 2014-07-26
+===================
+
+  * deps: connect@2.24.1
+    - deps: body-parser@~1.5.1
+    - deps: depd@0.4.3
+    - deps: express-session@~1.7.1
+    - deps: morgan@~1.2.1
+    - deps: serve-index@~1.1.4
+    - deps: serve-static@~1.4.1
+  * deps: depd@0.4.3
+    - Fix exception when global `Error.stackTraceLimit` is too low
+  * deps: send@0.7.1
+    - deps: depd@0.4.3
+
+3.15.0 / 2014-07-22
+===================
+
+  * Fix `req.protocol` for proxy-direct connections
+  * Pass options from `res.sendfile` to `send`
+  * deps: connect@2.24.0
+    - deps: body-parser@~1.5.0
+    - deps: compression@~1.0.9
+    - deps: connect-timeout@~1.2.1
+    - deps: debug@1.0.4
+    - deps: depd@0.4.2
+    - deps: express-session@~1.7.0
+    - deps: finalhandler@0.1.0
+    - deps: method-override@~2.1.2
+    - deps: morgan@~1.2.0
+    - deps: multiparty@3.3.1
+    - deps: parseurl@~1.2.0
+    - deps: serve-static@~1.4.0
+  * deps: debug@1.0.4
+  * deps: depd@0.4.2
+    - Add `TRACE_DEPRECATION` environment variable
+    - Remove non-standard grey color from color output
+    - Support `--no-deprecation` argument
+    - Support `--trace-deprecation` argument
+  * deps: parseurl@~1.2.0
+    - Cache URLs based on original value
+    - Remove no-longer-needed URL mis-parse work-around
+    - Simplify the "fast-path" `RegExp`
+  * deps: send@0.7.0
+    - Add `dotfiles` option
+    - Cap `maxAge` value to 1 year
+    - deps: debug@1.0.4
+    - deps: depd@0.4.2
+
+3.14.0 / 2014-07-11
+===================
+
+ * add explicit "Rosetta Flash JSONP abuse" protection
+   - previous versions are not vulnerable; this is just explicit protection
+ * deprecate `res.redirect(url, status)` -- use `res.redirect(status, url)` instead
+ * fix `res.send(status, num)` to send `num` as json (not error)
+ * remove unnecessary escaping when `res.jsonp` returns JSON response
+ * deps: basic-auth@1.0.0
+   - support empty password
+   - support empty username
+ * deps: connect@2.23.0
+   - deps: debug@1.0.3
+   - deps: express-session@~1.6.4
+   - deps: method-override@~2.1.0
+   - deps: parseurl@~1.1.3
+   - deps: serve-static@~1.3.1
+  * deps: debug@1.0.3
+    - Add support for multiple wildcards in namespaces
+  * deps: methods@1.1.0
+    - add `CONNECT`
+  * deps: parseurl@~1.1.3
+    - faster parsing of href-only URLs
+
+3.13.0 / 2014-07-03
+===================
+
+ * add deprecation message to `app.configure`
+ * add deprecation message to `req.auth`
+ * use `basic-auth` to parse `Authorization` header
+ * deps: connect@2.22.0
+   - deps: csurf@~1.3.0
+   - deps: express-session@~1.6.1
+   - deps: multiparty@3.3.0
+   - deps: serve-static@~1.3.0
+ * deps: send@0.5.0
+   - Accept string for `maxage` (converted by `ms`)
+   - Include link in default redirect response
+
+3.12.1 / 2014-06-26
+===================
+
+ * deps: connect@2.21.1
+   - deps: cookie-parser@1.3.2
+   - deps: cookie-signature@1.0.4
+   - deps: express-session@~1.5.2
+   - deps: type-is@~1.3.2
+ * deps: cookie-signature@1.0.4
+   - fix for timing attacks
+
+3.12.0 / 2014-06-21
+===================
+
+ * use `media-typer` to alter content-type charset
+ * deps: connect@2.21.0
+   - deprecate `connect(middleware)` -- use `app.use(middleware)` instead
+   - deprecate `connect.createServer()` -- use `connect()` instead
+   - fix `res.setHeader()` patch to work with get -> append -> set pattern
+   - deps: compression@~1.0.8
+   - deps: errorhandler@~1.1.1
+   - deps: express-session@~1.5.0
+   - deps: serve-index@~1.1.3
+
+3.11.0 / 2014-06-19
+===================
+
+ * deprecate things with `depd` module
+ * deps: buffer-crc32@0.2.3
+ * deps: connect@2.20.2
+   - deprecate `verify` option to `json` -- use `body-parser` npm module instead
+   - deprecate `verify` option to `urlencoded` -- use `body-parser` npm module instead
+   - deprecate things with `depd` module
+   - use `finalhandler` for final response handling
+   - use `media-typer` to parse `content-type` for charset
+   - deps: body-parser@1.4.3
+   - deps: connect-timeout@1.1.1
+   - deps: cookie-parser@1.3.1
+   - deps: csurf@1.2.2
+   - deps: errorhandler@1.1.0
+   - deps: express-session@1.4.0
+   - deps: multiparty@3.2.9
+   - deps: serve-index@1.1.2
+   - deps: type-is@1.3.1
+   - deps: vhost@2.0.0
+
+3.10.5 / 2014-06-11
+===================
+
+ * deps: connect@2.19.6
+   - deps: body-parser@1.3.1
+   - deps: compression@1.0.7
+   - deps: debug@1.0.2
+   - deps: serve-index@1.1.1
+   - deps: serve-static@1.2.3
+ * deps: debug@1.0.2
+ * deps: send@0.4.3
+   - Do not throw uncatchable error on file open race condition
+   - Use `escape-html` for HTML escaping
+   - deps: debug@1.0.2
+   - deps: finished@1.2.2
+   - deps: fresh@0.2.2
+
+3.10.4 / 2014-06-09
+===================
+
+ * deps: connect@2.19.5
+   - fix "event emitter leak" warnings
+   - deps: csurf@1.2.1
+   - deps: debug@1.0.1
+   - deps: serve-static@1.2.2
+   - deps: type-is@1.2.1
+ * deps: debug@1.0.1
+ * deps: send@0.4.2
+   - fix "event emitter leak" warnings
+   - deps: finished@1.2.1
+   - deps: debug@1.0.1
+
+3.10.3 / 2014-06-05
+===================
+
+ * use `vary` module for `res.vary`
+ * deps: connect@2.19.4
+   - deps: errorhandler@1.0.2
+   - deps: method-override@2.0.2
+   - deps: serve-favicon@2.0.1
+ * deps: debug@1.0.0
+
+3.10.2 / 2014-06-03
+===================
+
+ * deps: connect@2.19.3
+   - deps: compression@1.0.6
+
+3.10.1 / 2014-06-03
+===================
+
+ * deps: connect@2.19.2
+   - deps: compression@1.0.4
+ * deps: proxy-addr@1.0.1
+
+3.10.0 / 2014-06-02
+===================
+
+ * deps: connect@2.19.1
+   - deprecate `methodOverride()` -- use `method-override` npm module instead
+   - deps: body-parser@1.3.0
+   - deps: method-override@2.0.1
+   - deps: multiparty@3.2.8
+   - deps: response-time@2.0.0
+   - deps: serve-static@1.2.1
+ * deps: methods@1.0.1
+ * deps: send@0.4.1
+   - Send `max-age` in `Cache-Control` in correct format
+
+3.9.0 / 2014-05-30
+==================
+
+ * custom etag control with `app.set('etag', val)`
+   - `app.set('etag', function(body, encoding){ return '"etag"' })` custom etag generation
+   - `app.set('etag', 'weak')` weak tag
+   - `app.set('etag', 'strong')` strong etag
+   - `app.set('etag', false)` turn off
+   - `app.set('etag', true)` standard etag
+ * Include ETag in HEAD requests
+ * mark `res.send` ETag as weak and reduce collisions
+ * update connect to 2.18.0
+   - deps: compression@1.0.3
+   - deps: serve-index@1.1.0
+   - deps: serve-static@1.2.0
+ * update send to 0.4.0
+   - Calculate ETag with md5 for reduced collisions
+   - Ignore stream errors after request ends
+   - deps: debug@0.8.1
+
+3.8.1 / 2014-05-27
+==================
+
+ * update connect to 2.17.3
+   - deps: body-parser@1.2.2
+   - deps: express-session@1.2.1
+   - deps: method-override@1.0.2
+
+3.8.0 / 2014-05-21
+==================
+
+ * keep previous `Content-Type` for `res.jsonp`
+ * set proper `charset` in `Content-Type` for `res.send`
+ * update connect to 2.17.1
+   - fix `res.charset` appending charset when `content-type` has one
+   - deps: express-session@1.2.0
+   - deps: morgan@1.1.1
+   - deps: serve-index@1.0.3
+
+3.7.0 / 2014-05-18
+==================
+
+ * proper proxy trust with `app.set('trust proxy', trust)`
+   - `app.set('trust proxy', 1)` trust first hop
+   - `app.set('trust proxy', 'loopback')` trust loopback addresses
+   - `app.set('trust proxy', '10.0.0.1')` trust single IP
+   - `app.set('trust proxy', '10.0.0.1/16')` trust subnet
+   - `app.set('trust proxy', '10.0.0.1, 10.0.0.2')` trust list
+   - `app.set('trust proxy', false)` turn off
+   - `app.set('trust proxy', true)` trust everything
+ * update connect to 2.16.2
+   - deprecate `res.headerSent` -- use `res.headersSent`
+   - deprecate `res.on("header")` -- use on-headers module instead
+   - fix edge-case in `res.appendHeader` that would append in wrong order
+   - json: use body-parser
+   - urlencoded: use body-parser
+   - dep: bytes@1.0.0
+   - dep: cookie-parser@1.1.0
+   - dep: csurf@1.2.0
+   - dep: express-session@1.1.0
+   - dep: method-override@1.0.1
+
+3.6.0 / 2014-05-09
+==================
+
+ * deprecate `app.del()` -- use `app.delete()` instead
+ * deprecate `res.json(obj, status)` -- use `res.json(status, obj)` instead
+   - the edge-case `res.json(status, num)` requires `res.status(status).json(num)`
+ * deprecate `res.jsonp(obj, status)` -- use `res.jsonp(status, obj)` instead
+   - the edge-case `res.jsonp(status, num)` requires `res.status(status).jsonp(num)`
+ * support PURGE method
+   - add `app.purge`
+   - add `router.purge`
+   - include PURGE in `app.all`
+ * update connect to 2.15.0
+   * Add `res.appendHeader`
+   * Call error stack even when response has been sent
+   * Patch `res.headerSent` to return Boolean
+   * Patch `res.headersSent` for node.js 0.8
+   * Prevent default 404 handler after response sent
+   * dep: compression@1.0.2
+   * dep: connect-timeout@1.1.0
+   * dep: debug@^0.8.0
+   * dep: errorhandler@1.0.1
+   * dep: express-session@1.0.4
+   * dep: morgan@1.0.1
+   * dep: serve-favicon@2.0.0
+   * dep: serve-index@1.0.2
+ * update debug to 0.8.0
+   * add `enable()` method
+   * change from stderr to stdout
+ * update methods to 1.0.0
+   - add PURGE
+ * update mkdirp to 0.5.0
+
+3.5.3 / 2014-05-08
+==================
+
+ * fix `req.host` for IPv6 literals
+ * fix `res.jsonp` error if callback param is object
+
+3.5.2 / 2014-04-24
+==================
+
+ * update connect to 2.14.5
+ * update cookie to 0.1.2
+ * update mkdirp to 0.4.0
+ * update send to 0.3.0
+
+3.5.1 / 2014-03-25
+==================
+
+ * pin less-middleware in generated app
+
+3.5.0 / 2014-03-06
+==================
+
+ * bump deps
+
+3.4.8 / 2014-01-13
+==================
+
+ * prevent incorrect automatic OPTIONS responses #1868 @dpatti
+ * update binary and examples for jade 1.0 #1876 @yossi, #1877 @reqshark, #1892 @matheusazzi
+ * throw 400 in case of malformed paths @rlidwka
+
+3.4.7 / 2013-12-10
+==================
+
+ * update connect
+
+3.4.6 / 2013-12-01
+==================
+
+ * update connect (raw-body)
+
+3.4.5 / 2013-11-27
+==================
+
+ * update connect
+ * res.location: remove leading ./ #1802 @kapouer
+ * res.redirect: fix `res.redirect('toString') #1829 @michaelficarra
+ * res.send: always send ETag when content-length > 0
+ * router: add Router.all() method
+
+3.4.4 / 2013-10-29
+==================
+
+ * update connect
+ * update supertest
+ * update methods
+ * express(1): replace bodyParser() with urlencoded() and json() #1795 @chirag04
+
+3.4.3 / 2013-10-23
+==================
+
+ * update connect
+
+3.4.2 / 2013-10-18
+==================
+
+ * update connect
+ * downgrade commander
+
+3.4.1 / 2013-10-15
+==================
+
+ * update connect
+ * update commander
+ * jsonp: check if callback is a function
+ * router: wrap encodeURIComponent in a try/catch #1735 (@lxe)
+ * res.format: now includes charset @1747 (@sorribas)
+ * res.links: allow multiple calls @1746 (@sorribas)
+
+3.4.0 / 2013-09-07
+==================
+
+ * add res.vary(). Closes #1682
+ * update connect
+
+3.3.8 / 2013-09-02
+==================
+
+ * update connect
+
+3.3.7 / 2013-08-28
+==================
+
+ * update connect
+
+3.3.6 / 2013-08-27
+==================
+
+ * Revert "remove charset from json responses. Closes #1631" (causes issues in some clients)
+ * add: req.accepts take an argument list
+
+3.3.4 / 2013-07-08
+==================
+
+ * update send and connect
+
+3.3.3 / 2013-07-04
+==================
+
+ * update connect
+
+3.3.2 / 2013-07-03
+==================
+
+ * update connect
+ * update send
+ * remove .version export
+
+3.3.1 / 2013-06-27
+==================
+
+ * update connect
+
+3.3.0 / 2013-06-26
+==================
+
+ * update connect
+ * add support for multiple X-Forwarded-Proto values. Closes #1646
+ * change: remove charset from json responses. Closes #1631
+ * change: return actual booleans from req.accept* functions
+ * fix jsonp callback array throw
+
+3.2.6 / 2013-06-02
+==================
+
+ * update connect
+
+3.2.5 / 2013-05-21
+==================
+
+ * update connect
+ * update node-cookie
+ * add: throw a meaningful error when there is no default engine
+ * change generation of ETags with res.send() to GET requests only. Closes #1619
+
+3.2.4 / 2013-05-09
+==================
+
+  * fix `req.subdomains` when no Host is present
+  * fix `req.host` when no Host is present, return undefined
+
+3.2.3 / 2013-05-07
+==================
+
+  * update connect / qs
+
+3.2.2 / 2013-05-03
+==================
+
+  * update qs
+
+3.2.1 / 2013-04-29
+==================
+
+  * add app.VERB() paths array deprecation warning
+  * update connect
+  * update qs and remove all ~ semver crap
+  * fix: accept number as value of Signed Cookie
+
+3.2.0 / 2013-04-15
+==================
+
+  * add "view" constructor setting to override view behaviour
+  * add req.acceptsEncoding(name)
+  * add req.acceptedEncodings
+  * revert cookie signature change causing session race conditions
+  * fix sorting of Accept values of the same quality
+
+3.1.2 / 2013-04-12
+==================
+
+  * add support for custom Accept parameters
+  * update cookie-signature
+
+3.1.1 / 2013-04-01
+==================
+
+  * add X-Forwarded-Host support to `req.host`
+  * fix relative redirects
+  * update mkdirp
+  * update buffer-crc32
+  * remove legacy app.configure() method from app template.
+
+3.1.0 / 2013-01-25
+==================
+
+  * add support for leading "." in "view engine" setting
+  * add array support to `res.set()`
+  * add node 0.8.x to travis.yml
+  * add "subdomain offset" setting for tweaking `req.subdomains`
+  * add `res.location(url)` implementing `res.redirect()`-like setting of Location
+  * use app.get() for x-powered-by setting for inheritance
+  * fix colons in passwords for `req.auth`
+
+3.0.6 / 2013-01-04
+==================
+
+  * add http verb methods to Router
+  * update connect
+  * fix mangling of the `res.cookie()` options object
+  * fix jsonp whitespace escape. Closes #1132
+
+3.0.5 / 2012-12-19
+==================
+
+  * add throwing when a non-function is passed to a route
+  * fix: explicitly remove Transfer-Encoding header from 204 and 304 responses
+  * revert "add 'etag' option"
+
+3.0.4 / 2012-12-05
+==================
+
+  * add 'etag' option to disable `res.send()` Etags
+  * add escaping of urls in text/plain in `res.redirect()`
+    for old browsers interpreting as html
+  * change crc32 module for a more liberal license
+  * update connect
+
+3.0.3 / 2012-11-13
+==================
+
+  * update connect
+  * update cookie module
+  * fix cookie max-age
+
+3.0.2 / 2012-11-08
+==================
+
+  * add OPTIONS to cors example. Closes #1398
+  * fix route chaining regression. Closes #1397
+
+3.0.1 / 2012-11-01
+==================
+
+  * update connect
+
+3.0.0 / 2012-10-23
+==================
+
+  * add `make clean`
+  * add "Basic" check to req.auth
+  * add `req.auth` test coverage
+  * add cb && cb(payload) to `res.jsonp()`. Closes #1374
+  * add backwards compat for `res.redirect()` status. Closes #1336
+  * add support for `res.json()` to retain previously defined Content-Types. Closes #1349
+  * update connect
+  * change `res.redirect()` to utilize a pathname-relative Location again. Closes #1382
+  * remove non-primitive string support for `res.send()`
+  * fix view-locals example. Closes #1370
+  * fix route-separation example
+
+3.0.0rc5 / 2012-09-18
+==================
+
+  * update connect
+  * add redis search example
+  * add static-files example
+  * add "x-powered-by" setting (`app.disable('x-powered-by')`)
+  * add "application/octet-stream" redirect Accept test case. Closes #1317
+
+3.0.0rc4 / 2012-08-30
+==================
+
+  * add `res.jsonp()`. Closes #1307
+  * add "verbose errors" option to error-pages example
+  * add another route example to express(1) so people are not so confused
+  * add redis online user activity tracking example
+  * update connect dep
+  * fix etag quoting. Closes #1310
+  * fix error-pages 404 status
+  * fix jsonp callback char restrictions
+  * remove old OPTIONS default response
+
+3.0.0rc3 / 2012-08-13
+==================
+
+  * update connect dep
+  * fix signed cookies to work with `connect.cookieParser()` ("s:" prefix was missing) [tnydwrds]
+  * fix `res.render()` clobbering of "locals"
+
+3.0.0rc2 / 2012-08-03
+==================
+
+  * add CORS example
+  * update connect dep
+  * deprecate `.createServer()` & remove old stale examples
+  * fix: escape `res.redirect()` link
+  * fix vhost example
+
+3.0.0rc1 / 2012-07-24
+==================
+
+  * add more examples to view-locals
+  * add scheme-relative redirects (`res.redirect("//foo.com")`) support
+  * update cookie dep
+  * update connect dep
+  * update send dep
+  * fix `express(1)` -h flag, use -H for hogan. Closes #1245
+  * fix `res.sendfile()` socket error handling regression
+
+3.0.0beta7 / 2012-07-16
+==================
+
+  * update connect dep for `send()` root normalization regression
+
+3.0.0beta6 / 2012-07-13
+==================
+
+  * add `err.view` property for view errors. Closes #1226
+  * add "jsonp callback name" setting
+  * add support for "/foo/:bar*" non-greedy matches
+  * change `res.sendfile()` to use `send()` module
+  * change `res.send` to use "response-send" module
+  * remove `app.locals.use` and `res.locals.use`, use regular middleware
+
+3.0.0beta5 / 2012-07-03
+==================
+
+  * add "make check" support
+  * add route-map example
+  * add `res.json(obj, status)` support back for BC
+  * add "methods" dep, remove internal methods module
+  * update connect dep
+  * update auth example to utilize cores pbkdf2
+  * updated tests to use "supertest"
+
+3.0.0beta4 / 2012-06-25
+==================
+
+  * Added `req.auth`
+  * Added `req.range(size)`
+  * Added `res.links(obj)`
+  * Added `res.send(body, status)` support back for backwards compat
+  * Added `.default()` support to `res.format()`
+  * Added 2xx / 304 check to `req.fresh`
+  * Revert "Added + support to the router"
+  * Fixed `res.send()` freshness check, respect res.statusCode
+
+3.0.0beta3 / 2012-06-15
+==================
+
+  * Added hogan `--hjs` to express(1) [nullfirm]
+  * Added another example to content-negotiation
+  * Added `fresh` dep
+  * Changed: `res.send()` always checks freshness
+  * Fixed: expose connects mime module. Closes #1165
+
+3.0.0beta2 / 2012-06-06
+==================
+
+  * Added `+` support to the router
+  * Added `req.host`
+  * Changed `req.param()` to check route first
+  * Update connect dep
+
+3.0.0beta1 / 2012-06-01
+==================
+
+  * Added `res.format()` callback to override default 406 behaviour
+  * Fixed `res.redirect()` 406. Closes #1154
+
+3.0.0alpha5 / 2012-05-30
+==================
+
+  * Added `req.ip`
+  * Added `{ signed: true }` option to `res.cookie()`
+  * Removed `res.signedCookie()`
+  * Changed: dont reverse `req.ips`
+  * Fixed "trust proxy" setting check for `req.ips`
+
+3.0.0alpha4 / 2012-05-09
+==================
+
+  * Added: allow `[]` in jsonp callback. Closes #1128
+  * Added `PORT` env var support in generated template. Closes #1118 [benatkin]
+  * Updated: connect 2.2.2
+
+3.0.0alpha3 / 2012-05-04
+==================
+
+  * Added public `app.routes`. Closes #887
+  * Added _view-locals_ example
+  * Added _mvc_ example
+  * Added `res.locals.use()`. Closes #1120
+  * Added conditional-GET support to `res.send()`
+  * Added: coerce `res.set()` values to strings
+  * Changed: moved `static()` in generated apps below router
+  * Changed: `res.send()` only set ETag when not previously set
+  * Changed connect 2.2.1 dep
+  * Changed: `make test` now runs unit / acceptance tests
+  * Fixed req/res proto inheritance
+
+3.0.0alpha2 / 2012-04-26
+==================
+
+  * Added `make benchmark` back
+  * Added `res.send()` support for `String` objects
+  * Added client-side data exposing example
+  * Added `res.header()` and `req.header()` aliases for BC
+  * Added `express.createServer()` for BC
+  * Perf: memoize parsed urls
+  * Perf: connect 2.2.0 dep
+  * Changed: make `expressInit()` middleware self-aware
+  * Fixed: use app.get() for all core settings
+  * Fixed redis session example
+  * Fixed session example. Closes #1105
+  * Fixed generated express dep. Closes #1078
+
+3.0.0alpha1 / 2012-04-15
+==================
+
+  * Added `app.locals.use(callback)`
+  * Added `app.locals` object
+  * Added `app.locals(obj)`
+  * Added `res.locals` object
+  * Added `res.locals(obj)`
+  * Added `res.format()` for content-negotiation
+  * Added `app.engine()`
+  * Added `res.cookie()` JSON cookie support
+  * Added "trust proxy" setting
+  * Added `req.subdomains`
+  * Added `req.protocol`
+  * Added `req.secure`
+  * Added `req.path`
+  * Added `req.ips`
+  * Added `req.fresh`
+  * Added `req.stale`
+  * Added comma-delimited / array support for `req.accepts()`
+  * Added debug instrumentation
+  * Added `res.set(obj)`
+  * Added `res.set(field, value)`
+  * Added `res.get(field)`
+  * Added `app.get(setting)`. Closes #842
+  * Added `req.acceptsLanguage()`
+  * Added `req.acceptsCharset()`
+  * Added `req.accepted`
+  * Added `req.acceptedLanguages`
+  * Added `req.acceptedCharsets`
+  * Added "json replacer" setting
+  * Added "json spaces" setting
+  * Added X-Forwarded-Proto support to `res.redirect()`. Closes #92
+  * Added `--less` support to express(1)
+  * Added `express.response` prototype
+  * Added `express.request` prototype
+  * Added `express.application` prototype
+  * Added `app.path()`
+  * Added `app.render()`
+  * Added `res.type()` to replace `res.contentType()`
+  * Changed: `res.redirect()` to add relative support
+  * Changed: enable "jsonp callback" by default
+  * Changed: renamed "case sensitive routes" to "case sensitive routing"
+  * Rewrite of all tests with mocha
+  * Removed "root" setting
+  * Removed `res.redirect('home')` support
+  * Removed `req.notify()`
+  * Removed `app.register()`
+  * Removed `app.redirect()`
+  * Removed `app.is()`
+  * Removed `app.helpers()`
+  * Removed `app.dynamicHelpers()`
+  * Fixed `res.sendfile()` with non-GET. Closes #723
+  * Fixed express(1) public dir for windows. Closes #866
+
+2.5.9/ 2012-04-02
+==================
+
+  * Added support for PURGE request method [pbuyle]
+  * Fixed `express(1)` generated app `app.address()` before `listening` [mmalecki]
+
+2.5.8 / 2012-02-08
+==================
+
+  * Update mkdirp dep. Closes #991
+
+2.5.7 / 2012-02-06
+==================
+
+  * Fixed `app.all` duplicate DELETE requests [mscdex]
+
+2.5.6 / 2012-01-13
+==================
+
+  * Updated hamljs dev dep. Closes #953
+
+2.5.5 / 2012-01-08
+==================
+
+  * Fixed: set `filename` on cached templates [matthewleon]
+
+2.5.4 / 2012-01-02
+==================
+
+  * Fixed `express(1)` eol on 0.4.x. Closes #947
+
+2.5.3 / 2011-12-30
+==================
+
+  * Fixed `req.is()` when a charset is present
+
+2.5.2 / 2011-12-10
+==================
+
+  * Fixed: express(1) LF -> CRLF for windows
+
+2.5.1 / 2011-11-17
+==================
+
+  * Changed: updated connect to 1.8.x
+  * Removed sass.js support from express(1)
+
+2.5.0 / 2011-10-24
+==================
+
+  * Added ./routes dir for generated app by default
+  * Added npm install reminder to express(1) app gen
+  * Added 0.5.x support
+  * Removed `make test-cov` since it wont work with node 0.5.x
+  * Fixed express(1) public dir for windows. Closes #866
+
+2.4.7 / 2011-10-05
+==================
+
+  * Added mkdirp to express(1). Closes #795
+  * Added simple _json-config_ example
+  * Added  shorthand for the parsed request's pathname via `req.path`
+  * Changed connect dep to 1.7.x to fix npm issue...
+  * Fixed `res.redirect()` __HEAD__ support. [reported by xerox]
+  * Fixed `req.flash()`, only escape args
+  * Fixed absolute path checking on windows. Closes #829 [reported by andrewpmckenzie]
+
+2.4.6 / 2011-08-22
+==================
+
+  * Fixed multiple param callback regression. Closes #824 [reported by TroyGoode]
+
+2.4.5 / 2011-08-19
+==================
+
+  * Added support for routes to handle errors. Closes #809
+  * Added `app.routes.all()`. Closes #803
+  * Added "basepath" setting to work in conjunction with reverse proxies etc.
+  * Refactored `Route` to use a single array of callbacks
+  * Added support for multiple callbacks for `app.param()`. Closes #801
+Closes #805
+  * Changed: removed .call(self) for route callbacks
+  * Dependency: `qs >= 0.3.1`
+  * Fixed `res.redirect()` on windows due to `join()` usage. Closes #808
+
+2.4.4 / 2011-08-05
+==================
+
+  * Fixed `res.header()` intention of a set, even when `undefined`
+  * Fixed `*`, value no longer required
+  * Fixed `res.send(204)` support. Closes #771
+
+2.4.3 / 2011-07-14
+==================
+
+  * Added docs for `status` option special-case. Closes #739
+  * Fixed `options.filename`, exposing the view path to template engines
+
+2.4.2. / 2011-07-06
+==================
+
+  * Revert "removed jsonp stripping" for XSS
+
+2.4.1 / 2011-07-06
+==================
+
+  * Added `res.json()` JSONP support. Closes #737
+  * Added _extending-templates_ example. Closes #730
+  * Added "strict routing" setting for trailing slashes
+  * Added support for multiple envs in `app.configure()` calls. Closes #735
+  * Changed: `res.send()` using `res.json()`
+  * Changed: when cookie `path === null` don't default it
+  * Changed; default cookie path to "home" setting. Closes #731
+  * Removed _pids/logs_ creation from express(1)
+
+2.4.0 / 2011-06-28
+==================
+
+  * Added chainable `res.status(code)`
+  * Added `res.json()`, an explicit version of `res.send(obj)`
+  * Added simple web-service example
+
+2.3.12 / 2011-06-22
+==================
+
+  * \#express is now on freenode! come join!
+  * Added `req.get(field, param)`
+  * Added links to Japanese documentation, thanks @hideyukisaito!
+  * Added; the `express(1)` generated app outputs the env
+  * Added `content-negotiation` example
+  * Dependency: connect >= 1.5.1 < 2.0.0
+  * Fixed view layout bug. Closes #720
+  * Fixed; ignore body on 304. Closes #701
+
+2.3.11 / 2011-06-04
+==================
+
+  * Added `npm test`
+  * Removed generation of dummy test file from `express(1)`
+  * Fixed; `express(1)` adds express as a dep
+  * Fixed; prune on `prepublish`
+
+2.3.10 / 2011-05-27
+==================
+
+  * Added `req.route`, exposing the current route
+  * Added _package.json_ generation support to `express(1)`
+  * Fixed call to `app.param()` function for optional params. Closes #682
+
+2.3.9 / 2011-05-25
+==================
+
+  * Fixed bug-ish with `../' in `res.partial()` calls
+
+2.3.8 / 2011-05-24
+==================
+
+  * Fixed `app.options()`
+
+2.3.7 / 2011-05-23
+==================
+
+  * Added route `Collection`, ex: `app.get('/user/:id').remove();`
+  * Added support for `app.param(fn)` to define param logic
+  * Removed `app.param()` support for callback with return value
+  * Removed module.parent check from express(1) generated app. Closes #670
+  * Refactored router. Closes #639
+
+2.3.6 / 2011-05-20
+==================
+
+  * Changed; using devDependencies instead of git submodules
+  * Fixed redis session example
+  * Fixed markdown example
+  * Fixed view caching, should not be enabled in development
+
+2.3.5 / 2011-05-20
+==================
+
+  * Added export `.view` as alias for `.View`
+
+2.3.4 / 2011-05-08
+==================
+
+  * Added `./examples/say`
+  * Fixed `res.sendfile()` bug preventing the transfer of files with spaces
+
+2.3.3 / 2011-05-03
+==================
+
+  * Added "case sensitive routes" option.
+  * Changed; split methods supported per rfc [slaskis]
+  * Fixed route-specific middleware when using the same callback function several times
+
+2.3.2 / 2011-04-27
+==================
+
+  * Fixed view hints
+
+2.3.1 / 2011-04-26
+==================
+
+  * Added `app.match()` as `app.match.all()`
+  * Added `app.lookup()` as `app.lookup.all()`
+  * Added `app.remove()` for `app.remove.all()`
+  * Added `app.remove.VERB()`
+  * Fixed template caching collision issue. Closes #644
+  * Moved router over from connect and started refactor
+
+2.3.0 / 2011-04-25
+==================
+
+  * Added options support to `res.clearCookie()`
+  * Added `res.helpers()` as alias of `res.locals()`
+  * Added; json defaults to UTF-8 with `res.send()`. Closes #632. [Daniel   * Dependency `connect >= 1.4.0`
+  * Changed; auto set Content-Type in res.attachement [Aaron Heckmann]
+  * Renamed "cache views" to "view cache". Closes #628
+  * Fixed caching of views when using several apps. Closes #637
+  * Fixed gotcha invoking `app.param()` callbacks once per route middleware.
+Closes #638
+  * Fixed partial lookup precedence. Closes #631
+Shaw]
+
+2.2.2 / 2011-04-12
+==================
+
+  * Added second callback support for `res.download()` connection errors
+  * Fixed `filename` option passing to template engine
+
+2.2.1 / 2011-04-04
+==================
+
+  * Added `layout(path)` helper to change the layout within a view. Closes #610
+  * Fixed `partial()` collection object support.
+    Previously only anything with `.length` would work.
+    When `.length` is present one must still be aware of holes,
+    however now `{ collection: {foo: 'bar'}}` is valid, exposes
+    `keyInCollection` and `keysInCollection`.
+
+  * Performance improved with better view caching
+  * Removed `request` and `response` locals
+  * Changed; errorHandler page title is now `Express` instead of `Connect`
+
+2.2.0 / 2011-03-30
+==================
+
+  * Added `app.lookup.VERB()`, ex `app.lookup.put('/user/:id')`. Closes #606
+  * Added `app.match.VERB()`, ex `app.match.put('/user/12')`. Closes #606
+  * Added `app.VERB(path)` as alias of `app.lookup.VERB()`.
+  * Dependency `connect >= 1.2.0`
+
+2.1.1 / 2011-03-29
+==================
+
+  * Added; expose `err.view` object when failing to locate a view
+  * Fixed `res.partial()` call `next(err)` when no callback is given [reported by aheckmann]
+  * Fixed; `res.send(undefined)` responds with 204 [aheckmann]
+
+2.1.0 / 2011-03-24
+==================
+
+  * Added `<root>/_?<name>` partial lookup support. Closes #447
+  * Added `request`, `response`, and `app` local variables
+  * Added `settings` local variable, containing the app's settings
+  * Added `req.flash()` exception if `req.session` is not available
+  * Added `res.send(bool)` support (json response)
+  * Fixed stylus example for latest version
+  * Fixed; wrap try/catch around `res.render()`
+
+2.0.0 / 2011-03-17
+==================
+
+  * Fixed up index view path alternative.
+  * Changed; `res.locals()` without object returns the locals
+
+2.0.0rc3 / 2011-03-17
+==================
+
+  * Added `res.locals(obj)` to compliment `res.local(key, val)`
+  * Added `res.partial()` callback support
+  * Fixed recursive error reporting issue in `res.render()`
+
+2.0.0rc2 / 2011-03-17
+==================
+
+  * Changed; `partial()` "locals" are now optional
+  * Fixed `SlowBuffer` support. Closes #584 [reported by tyrda01]
+  * Fixed .filename view engine option [reported by drudge]
+  * Fixed blog example
+  * Fixed `{req,res}.app` reference when mounting [Ben Weaver]
+
+2.0.0rc / 2011-03-14
+==================
+
+  * Fixed; expose `HTTPSServer` constructor
+  * Fixed express(1) default test charset. Closes #579 [reported by secoif]
+  * Fixed; default charset to utf-8 instead of utf8 for lame IE [reported by NickP]
+
+2.0.0beta3 / 2011-03-09
+==================
+
+  * Added support for `res.contentType()` literal
+    The original `res.contentType('.json')`,
+    `res.contentType('application/json')`, and `res.contentType('json')`
+    will work now.
+  * Added `res.render()` status option support back
+  * Added charset option for `res.render()`
+  * Added `.charset` support (via connect 1.0.4)
+  * Added view resolution hints when in development and a lookup fails
+  * Added layout lookup support relative to the page view.
+    For example while rendering `./views/user/index.jade` if you create
+    `./views/user/layout.jade` it will be used in favour of the root layout.
+  * Fixed `res.redirect()`. RFC states absolute url [reported by unlink]
+  * Fixed; default `res.send()` string charset to utf8
+  * Removed `Partial` constructor (not currently used)
+
+2.0.0beta2 / 2011-03-07
+==================
+
+  * Added res.render() `.locals` support back to aid in migration process
+  * Fixed flash example
+
+2.0.0beta / 2011-03-03
+==================
+
+  * Added HTTPS support
+  * Added `res.cookie()` maxAge support
+  * Added `req.header()` _Referrer_ / _Referer_ special-case, either works
+  * Added mount support for `res.redirect()`, now respects the mount-point
+  * Added `union()` util, taking place of `merge(clone())` combo
+  * Added stylus support to express(1) generated app
+  * Added secret to session middleware used in examples and generated app
+  * Added `res.local(name, val)` for progressive view locals
+  * Added default param support to `req.param(name, default)`
+  * Added `app.disabled()` and `app.enabled()`
+  * Added `app.register()` support for omitting leading ".", either works
+  * Added `res.partial()`, using the same interface as `partial()` within a view. Closes #539
+  * Added `app.param()` to map route params to async/sync logic
+  * Added; aliased `app.helpers()` as `app.locals()`. Closes #481
+  * Added extname with no leading "." support to `res.contentType()`
+  * Added `cache views` setting, defaulting to enabled in "production" env
+  * Added index file partial resolution, eg: partial('user') may try _views/user/index.jade_.
+  * Added `req.accepts()` support for extensions
+  * Changed; `res.download()` and `res.sendfile()` now utilize Connect's
+    static file server `connect.static.send()`.
+  * Changed; replaced `connect.utils.mime()` with npm _mime_ module
+  * Changed; allow `req.query` to be pre-defined (via middleware or other parent
+  * Changed view partial resolution, now relative to parent view
+  * Changed view engine signature. no longer `engine.render(str, options, callback)`, now `engine.compile(str, options) -> Function`, the returned function accepts `fn(locals)`.
+  * Fixed `req.param()` bug returning Array.prototype methods. Closes #552
+  * Fixed; using `Stream#pipe()` instead of `sys.pump()` in `res.sendfile()`
+  * Fixed; using _qs_ module instead of _querystring_
+  * Fixed; strip unsafe chars from jsonp callbacks
+  * Removed "stream threshold" setting
+
+1.0.8 / 2011-03-01
+==================
+
+  * Allow `req.query` to be pre-defined (via middleware or other parent app)
+  * "connect": ">= 0.5.0 < 1.0.0". Closes #547
+  * Removed the long deprecated __EXPRESS_ENV__ support
+
+1.0.7 / 2011-02-07
+==================
+
+  * Fixed `render()` setting inheritance.
+    Mounted apps would not inherit "view engine"
+
+1.0.6 / 2011-02-07
+==================
+
+  * Fixed `view engine` setting bug when period is in dirname
+
+1.0.5 / 2011-02-05
+==================
+
+  * Added secret to generated app `session()` call
+
+1.0.4 / 2011-02-05
+==================
+
+  * Added `qs` dependency to _package.json_
+  * Fixed namespaced `require()`s for latest connect support
+
+1.0.3 / 2011-01-13
+==================
+
+  * Remove unsafe characters from JSONP callback names [Ryan Grove]
+
+1.0.2 / 2011-01-10
+==================
+
+  * Removed nested require, using `connect.router`
+
+1.0.1 / 2010-12-29
+==================
+
+  * Fixed for middleware stacked via `createServer()`
+    previously the `foo` middleware passed to `createServer(foo)`
+    would not have access to Express methods such as `res.send()`
+    or props like `req.query` etc.
+
+1.0.0 / 2010-11-16
+==================
+
+  * Added; deduce partial object names from the last segment.
+    For example by default `partial('forum/post', postObject)` will
+    give you the _post_ object, providing a meaningful default.
+  * Added http status code string representation to `res.redirect()` body
+  * Added; `res.redirect()` supporting _text/plain_ and _text/html_ via __Accept__.
+  * Added `req.is()` to aid in content negotiation
+  * Added partial local inheritance [suggested by masylum]. Closes #102
+    providing access to parent template locals.
+  * Added _-s, --session[s]_ flag to express(1) to add session related middleware
+  * Added _--template_ flag to express(1) to specify the
+    template engine to use.
+  * Added _--css_ flag to express(1) to specify the
+    stylesheet engine to use (or just plain css by default).
+  * Added `app.all()` support [thanks aheckmann]
+  * Added partial direct object support.
+    You may now `partial('user', user)` providing the "user" local,
+    vs previously `partial('user', { object: user })`.
+  * Added _route-separation_ example since many people question ways
+    to do this with CommonJS modules. Also view the _blog_ example for
+    an alternative.
+  * Performance; caching view path derived partial object names
+  * Fixed partial local inheritance precedence. [reported by Nick Poulden] Closes #454
+  * Fixed jsonp support; _text/javascript_ as per mailinglist discussion
+
+1.0.0rc4 / 2010-10-14
+==================
+
+  * Added _NODE_ENV_ support, _EXPRESS_ENV_ is deprecated and will be removed in 1.0.0
+  * Added route-middleware support (very helpful, see the [docs](http://expressjs.com/guide.html#Route-Middleware))
+  * Added _jsonp callback_ setting to enable/disable jsonp autowrapping [Dav Glass]
+  * Added callback query check on response.send to autowrap JSON objects for simple webservice implementations [Dav Glass]
+  * Added `partial()` support for array-like collections. Closes #434
+  * Added support for swappable querystring parsers
+  * Added session usage docs. Closes #443
+  * Added dynamic helper caching. Closes #439 [suggested by maritz]
+  * Added authentication example
+  * Added basic Range support to `res.sendfile()` (and `res.download()` etc)
+  * Changed; `express(1)` generated app using 2 spaces instead of 4
+  * Default env to "development" again [aheckmann]
+  * Removed _context_ option is no more, use "scope"
+  * Fixed; exposing _./support_ libs to examples so they can run without installs
+  * Fixed mvc example
+
+1.0.0rc3 / 2010-09-20
+==================
+
+  * Added confirmation for `express(1)` app generation. Closes #391
+  * Added extending of flash formatters via `app.flashFormatters`
+  * Added flash formatter support. Closes #411
+  * Added streaming support to `res.sendfile()` using `sys.pump()` when >= "stream threshold"
+  * Added _stream threshold_ setting for `res.sendfile()`
+  * Added `res.send()` __HEAD__ support
+  * Added `res.clearCookie()`
+  * Added `res.cookie()`
+  * Added `res.render()` headers option
+  * Added `res.redirect()` response bodies
+  * Added `res.render()` status option support. Closes #425 [thanks aheckmann]
+  * Fixed `res.sendfile()` responding with 403 on malicious path
+  * Fixed `res.download()` bug; when an error occurs remove _Content-Disposition_
+  * Fixed; mounted apps settings now inherit from parent app [aheckmann]
+  * Fixed; stripping Content-Length / Content-Type when 204
+  * Fixed `res.send()` 204. Closes #419
+  * Fixed multiple _Set-Cookie_ headers via `res.header()`. Closes #402
+  * Fixed bug messing with error handlers when `listenFD()` is called instead of `listen()`. [thanks guillermo]
+
+
+1.0.0rc2 / 2010-08-17
+==================
+
+  * Added `app.register()` for template engine mapping. Closes #390
+  * Added `res.render()` callback support as second argument (no options)
+  * Added callback support to `res.download()`
+  * Added callback support for `res.sendfile()`
+  * Added support for middleware access via `express.middlewareName()` vs `connect.middlewareName()`
+  * Added "partials" setting to docs
+  * Added default expresso tests to `express(1)` generated app. Closes #384
+  * Fixed `res.sendfile()` error handling, defer via `next()`
+  * Fixed `res.render()` callback when a layout is used [thanks guillermo]
+  * Fixed; `make install` creating ~/.node_libraries when not present
+  * Fixed issue preventing error handlers from being defined anywhere. Closes #387
+
+1.0.0rc / 2010-07-28
+==================
+
+  * Added mounted hook. Closes #369
+  * Added connect dependency to _package.json_
+
+  * Removed "reload views" setting and support code
+    development env never caches, production always caches.
+
+  * Removed _param_ in route callbacks, signature is now
+    simply (req, res, next), previously (req, res, params, next).
+    Use _req.params_ for path captures, _req.query_ for GET params.
+
+  * Fixed "home" setting
+  * Fixed middleware/router precedence issue. Closes #366
+  * Fixed; _configure()_ callbacks called immediately. Closes #368
+
+1.0.0beta2 / 2010-07-23
+==================
+
+  * Added more examples
+  * Added; exporting `Server` constructor
+  * Added `Server#helpers()` for view locals
+  * Added `Server#dynamicHelpers()` for dynamic view locals. Closes #349
+  * Added support for absolute view paths
+  * Added; _home_ setting defaults to `Server#route` for mounted apps. Closes #363
+  * Added Guillermo Rauch to the contributor list
+  * Added support for "as" for non-collection partials. Closes #341
+  * Fixed _install.sh_, ensuring _~/.node_libraries_ exists. Closes #362 [thanks jf]
+  * Fixed `res.render()` exceptions, now passed to `next()` when no callback is given [thanks guillermo]
+  * Fixed instanceof `Array` checks, now `Array.isArray()`
+  * Fixed express(1) expansion of public dirs. Closes #348
+  * Fixed middleware precedence. Closes #345
+  * Fixed view watcher, now async [thanks aheckmann]
+
+1.0.0beta / 2010-07-15
+==================
+
+  * Re-write
+    - much faster
+    - much lighter
+    - Check [ExpressJS.com](http://expressjs.com) for migration guide and updated docs
+
+0.14.0 / 2010-06-15
+==================
+
+  * Utilize relative requires
+  * Added Static bufferSize option [aheckmann]
+  * Fixed caching of view and partial subdirectories [aheckmann]
+  * Fixed mime.type() comments now that ".ext" is not supported
+  * Updated haml submodule
+  * Updated class submodule
+  * Removed bin/express
+
+0.13.0 / 2010-06-01
+==================
+
+  * Added node v0.1.97 compatibility
+  * Added support for deleting cookies via Request#cookie('key', null)
+  * Updated haml submodule
+  * Fixed not-found page, now using charset utf-8
+  * Fixed show-exceptions page, now using charset utf-8
+  * Fixed view support due to fs.readFile Buffers
+  * Changed; mime.type() no longer accepts ".type" due to node extname() changes
+
+0.12.0 / 2010-05-22
+==================
+
+  * Added node v0.1.96 compatibility
+  * Added view `helpers` export which act as additional local variables
+  * Updated haml submodule
+  * Changed ETag; removed inode, modified time only
+  * Fixed LF to CRLF for setting multiple cookies
+  * Fixed cookie compilation; values are now urlencoded
+  * Fixed cookies parsing; accepts quoted values and url escaped cookies
+
+0.11.0 / 2010-05-06
+==================
+
+  * Added support for layouts using different engines
+    - this.render('page.html.haml', { layout: 'super-cool-layout.html.ejs' })
+    - this.render('page.html.haml', { layout: 'foo' }) // assumes 'foo.html.haml'
+    - this.render('page.html.haml', { layout: false }) // no layout
+  * Updated ext submodule
+  * Updated haml submodule
+  * Fixed EJS partial support by passing along the context. Issue #307
+
+0.10.1 / 2010-05-03
+==================
+
+  * Fixed binary uploads.
+
+0.10.0 / 2010-04-30
+==================
+
+  * Added charset support via Request#charset (automatically assigned to 'UTF-8' when respond()'s
+    encoding is set to 'utf8' or 'utf-8').
+  * Added "encoding" option to Request#render(). Closes #299
+  * Added "dump exceptions" setting, which is enabled by default.
+  * Added simple ejs template engine support
+  * Added error response support for text/plain, application/json. Closes #297
+  * Added callback function param to Request#error()
+  * Added Request#sendHead()
+  * Added Request#stream()
+  * Added support for Request#respond(304, null) for empty response bodies
+  * Added ETag support to Request#sendfile()
+  * Added options to Request#sendfile(), passed to fs.createReadStream()
+  * Added filename arg to Request#download()
+  * Performance enhanced due to pre-reversing plugins so that plugins.reverse() is not called on each request
+  * Performance enhanced by preventing several calls to toLowerCase() in Router#match()
+  * Changed; Request#sendfile() now streams
+  * Changed; Renamed Request#halt() to Request#respond(). Closes #289
+  * Changed; Using sys.inspect() instead of JSON.encode() for error output
+  * Changed; run() returns the http.Server instance. Closes #298
+  * Changed; Defaulting Server#host to null (INADDR_ANY)
+  * Changed; Logger "common" format scale of 0.4f
+  * Removed Logger "request" format
+  * Fixed; Catching ENOENT in view caching, preventing error when "views/partials" is not found
+  * Fixed several issues with http client
+  * Fixed Logger Content-Length output
+  * Fixed bug preventing Opera from retaining the generated session id. Closes #292
+
+0.9.0 / 2010-04-14
+==================
+
+  * Added DSL level error() route support
+  * Added DSL level notFound() route support
+  * Added Request#error()
+  * Added Request#notFound()
+  * Added Request#render() callback function. Closes #258
+  * Added "max upload size" setting
+  * Added "magic" variables to collection partials (\_\_index\_\_, \_\_length\_\_, \_\_isFirst\_\_, \_\_isLast\_\_). Closes #254
+  * Added [haml.js](http://github.com/visionmedia/haml.js) submodule; removed haml-js
+  * Added callback function support to Request#halt() as 3rd/4th arg
+  * Added preprocessing of route param wildcards using param(). Closes #251
+  * Added view partial support (with collections etc.)
+  * Fixed bug preventing falsey params (such as ?page=0). Closes #286
+  * Fixed setting of multiple cookies. Closes #199
+  * Changed; view naming convention is now NAME.TYPE.ENGINE (for example page.html.haml)
+  * Changed; session cookie is now httpOnly
+  * Changed; Request is no longer global
+  * Changed; Event is no longer global
+  * Changed; "sys" module is no longer global
+  * Changed; moved Request#download to Static plugin where it belongs
+  * Changed; Request instance created before body parsing. Closes #262
+  * Changed; Pre-caching views in memory when "cache view contents" is enabled. Closes #253
+  * Changed; Pre-caching view partials in memory when "cache view partials" is enabled
+  * Updated support to node --version 0.1.90
+  * Updated dependencies
+  * Removed set("session cookie") in favour of use(Session, { cookie: { ... }})
+  * Removed utils.mixin(); use Object#mergeDeep()
+
+0.8.0 / 2010-03-19
+==================
+
+  * Added coffeescript example app. Closes #242
+  * Changed; cache api now async friendly. Closes #240
+  * Removed deprecated 'express/static' support. Use 'express/plugins/static'
+
+0.7.6 / 2010-03-19
+==================
+
+  * Added Request#isXHR. Closes #229
+  * Added `make install` (for the executable)
+  * Added `express` executable for setting up simple app templates
+  * Added "GET /public/*" to Static plugin, defaulting to <root>/public
+  * Added Static plugin
+  * Fixed; Request#render() only calls cache.get() once
+  * Fixed; Namespacing View caches with "view:"
+  * Fixed; Namespacing Static caches with "static:"
+  * Fixed; Both example apps now use the Static plugin
+  * Fixed set("views"). Closes #239
+  * Fixed missing space for combined log format
+  * Deprecated Request#sendfile() and 'express/static'
+  * Removed Server#running
+
+0.7.5 / 2010-03-16
+==================
+
+  * Added Request#flash() support without args, now returns all flashes
+  * Updated ext submodule
+
+0.7.4 / 2010-03-16
+==================
+
+  * Fixed session reaper
+  * Changed; class.js replacing js-oo Class implementation (quite a bit faster, no browser cruft)
+
+0.7.3 / 2010-03-16
+==================
+
+  * Added package.json
+  * Fixed requiring of haml / sass due to kiwi removal
+
+0.7.2 / 2010-03-16
+==================
+
+  * Fixed GIT submodules (HAH!)
+
+0.7.1 / 2010-03-16
+==================
+
+  * Changed; Express now using submodules again until a PM is adopted
+  * Changed; chat example using millisecond conversions from ext
+
+0.7.0 / 2010-03-15
+==================
+
+  * Added Request#pass() support (finds the next matching route, or the given path)
+  * Added Logger plugin (default "common" format replaces CommonLogger)
+  * Removed Profiler plugin
+  * Removed CommonLogger plugin
+
+0.6.0 / 2010-03-11
+==================
+
+  * Added seed.yml for kiwi package management support
+  * Added HTTP client query string support when method is GET. Closes #205
+
+  * Added support for arbitrary view engines.
+    For example "foo.engine.html" will now require('engine'),
+    the exports from this module are cached after the first require().
+
+  * Added async plugin support
+
+  * Removed usage of RESTful route funcs as http client
+    get() etc, use http.get() and friends
+
+  * Removed custom exceptions
+
+0.5.0 / 2010-03-10
+==================
+
+  * Added ext dependency (library of js extensions)
+  * Removed extname() / basename() utils. Use path module
+  * Removed toArray() util. Use arguments.values
+  * Removed escapeRegexp() util. Use RegExp.escape()
+  * Removed process.mixin() dependency. Use utils.mixin()
+  * Removed Collection
+  * Removed ElementCollection
+  * Shameless self promotion of ebook "Advanced JavaScript" (http://dev-mag.com)  ;)
+
+0.4.0 / 2010-02-11
+==================
+
+  * Added flash() example to sample upload app
+  * Added high level restful http client module (express/http)
+  * Changed; RESTful route functions double as HTTP clients. Closes #69
+  * Changed; throwing error when routes are added at runtime
+  * Changed; defaulting render() context to the current Request. Closes #197
+  * Updated haml submodule
+
+0.3.0 / 2010-02-11
+==================
+
+  * Updated haml / sass submodules. Closes #200
+  * Added flash message support. Closes #64
+  * Added accepts() now allows multiple args. fixes #117
+  * Added support for plugins to halt. Closes #189
+  * Added alternate layout support. Closes #119
+  * Removed Route#run(). Closes #188
+  * Fixed broken specs due to use(Cookie) missing
+
+0.2.1 / 2010-02-05
+==================
+
+  * Added "plot" format option for Profiler (for gnuplot processing)
+  * Added request number to Profiler plugin
+  * Fixed binary encoding for multipart file uploads, was previously defaulting to UTF8
+  * Fixed issue with routes not firing when not files are present. Closes #184
+  * Fixed process.Promise -> events.Promise
+
+0.2.0 / 2010-02-03
+==================
+
+  * Added parseParam() support for name[] etc. (allows for file inputs with "multiple" attr) Closes #180
+  * Added Both Cache and Session option "reapInterval" may be "reapEvery". Closes #174
+  * Added expiration support to cache api with reaper. Closes #133
+  * Added cache Store.Memory#reap()
+  * Added Cache; cache api now uses first class Cache instances
+  * Added abstract session Store. Closes #172
+  * Changed; cache Memory.Store#get() utilizing Collection
+  * Renamed MemoryStore -> Store.Memory
+  * Fixed use() of the same plugin several time will always use latest options. Closes #176
+
+0.1.0 / 2010-02-03
+==================
+
+  * Changed; Hooks (before / after) pass request as arg as well as evaluated in their context
+  * Updated node support to 0.1.27 Closes #169
+  * Updated dirname(__filename) -> __dirname
+  * Updated libxmljs support to v0.2.0
+  * Added session support with memory store / reaping
+  * Added quick uid() helper
+  * Added multi-part upload support
+  * Added Sass.js support / submodule
+  * Added production env caching view contents and static files
+  * Added static file caching. Closes #136
+  * Added cache plugin with memory stores
+  * Added support to StaticFile so that it works with non-textual files.
+  * Removed dirname() helper
+  * Removed several globals (now their modules must be required)
+
+0.0.2 / 2010-01-10
+==================
+
+  * Added view benchmarks; currently haml vs ejs
+  * Added Request#attachment() specs. Closes #116
+  * Added use of node's parseQuery() util. Closes #123
+  * Added `make init` for submodules
+  * Updated Haml
+  * Updated sample chat app to show messages on load
+  * Updated libxmljs parseString -> parseHtmlString
+  * Fixed `make init` to work with older versions of git
+  * Fixed specs can now run independent specs for those who can't build deps. Closes #127
+  * Fixed issues introduced by the node url module changes. Closes 126.
+  * Fixed two assertions failing due to Collection#keys() returning strings
+  * Fixed faulty Collection#toArray() spec due to keys() returning strings
+  * Fixed `make test` now builds libxmljs.node before testing
+
+0.0.1 / 2010-01-03
+==================
+
+  * Initial release
diff --git a/src/Servers/ExpressServer/node_modules/express/LICENSE b/src/Servers/ExpressServer/node_modules/express/LICENSE
new file mode 100644
index 0000000..aa927e4
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/express/LICENSE
@@ -0,0 +1,24 @@
+(The MIT License)
+
+Copyright (c) 2009-2014 TJ Holowaychuk <tj@vision-media.ca>
+Copyright (c) 2013-2014 Roman Shtylman <shtylman+expressjs@gmail.com>
+Copyright (c) 2014-2015 Douglas Christopher Wilson <doug@somethingdoug.com>
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/express/Readme.md b/src/Servers/ExpressServer/node_modules/express/Readme.md
new file mode 100644
index 0000000..bc108d5
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/express/Readme.md
@@ -0,0 +1,260 @@
+[![Express Logo](https://i.cloudup.com/zfY6lL7eFa-3000x3000.png)](http://expressjs.com/)
+
+**Fast, unopinionated, minimalist web framework for [Node.js](http://nodejs.org).**
+
+**This project has a [Code of Conduct][].**
+
+## Table of contents
+
+* [Installation](#Installation)
+* [Features](#Features)
+* [Docs & Community](#docs--community)
+* [Quick Start](#Quick-Start)
+* [Running Tests](#Running-Tests)
+* [Philosophy](#Philosophy)
+* [Examples](#Examples)
+* [Contributing to Express](#Contributing)
+* [TC (Technical Committee)](#tc-technical-committee)
+* [Triagers](#triagers)
+* [License](#license)
+
+
+[![NPM Version][npm-version-image]][npm-url]
+[![NPM Install Size][npm-install-size-image]][npm-install-size-url]
+[![NPM Downloads][npm-downloads-image]][npm-downloads-url]
+[![OpenSSF Scorecard Badge][ossf-scorecard-badge]][ossf-scorecard-visualizer]
+
+
+```js
+const express = require('express')
+const app = express()
+
+app.get('/', function (req, res) {
+  res.send('Hello World')
+})
+
+app.listen(3000)
+```
+
+## Installation
+
+This is a [Node.js](https://nodejs.org/en/) module available through the
+[npm registry](https://www.npmjs.com/).
+
+Before installing, [download and install Node.js](https://nodejs.org/en/download/).
+Node.js 0.10 or higher is required.
+
+If this is a brand new project, make sure to create a `package.json` first with
+the [`npm init` command](https://docs.npmjs.com/creating-a-package-json-file).
+
+Installation is done using the
+[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
+
+```console
+$ npm install express
+```
+
+Follow [our installing guide](http://expressjs.com/en/starter/installing.html)
+for more information.
+
+## Features
+
+  * Robust routing
+  * Focus on high performance
+  * Super-high test coverage
+  * HTTP helpers (redirection, caching, etc)
+  * View system supporting 14+ template engines
+  * Content negotiation
+  * Executable for generating applications quickly
+
+## Docs & Community
+
+  * [Website and Documentation](http://expressjs.com/) - [[website repo](https://github.com/expressjs/expressjs.com)]
+  * [#express](https://web.libera.chat/#express) on [Libera Chat](https://libera.chat) IRC
+  * [GitHub Organization](https://github.com/expressjs) for Official Middleware & Modules
+  * Visit the [Wiki](https://github.com/expressjs/express/wiki)
+  * [Google Group](https://groups.google.com/group/express-js) for discussion
+  * [Gitter](https://gitter.im/expressjs/express) for support and discussion
+
+**PROTIP** Be sure to read [Migrating from 3.x to 4.x](https://github.com/expressjs/express/wiki/Migrating-from-3.x-to-4.x) as well as [New features in 4.x](https://github.com/expressjs/express/wiki/New-features-in-4.x).
+
+## Quick Start
+
+  The quickest way to get started with express is to utilize the executable [`express(1)`](https://github.com/expressjs/generator) to generate an application as shown below:
+
+  Install the executable. The executable's major version will match Express's:
+
+```console
+$ npm install -g express-generator@4
+```
+
+  Create the app:
+
+```console
+$ express /tmp/foo && cd /tmp/foo
+```
+
+  Install dependencies:
+
+```console
+$ npm install
+```
+
+  Start the server:
+
+```console
+$ npm start
+```
+
+  View the website at: http://localhost:3000
+
+## Philosophy
+
+  The Express philosophy is to provide small, robust tooling for HTTP servers, making
+  it a great solution for single page applications, websites, hybrids, or public
+  HTTP APIs.
+
+  Express does not force you to use any specific ORM or template engine. With support for over
+  14 template engines via [Consolidate.js](https://github.com/tj/consolidate.js),
+  you can quickly craft your perfect framework.
+
+## Examples
+
+  To view the examples, clone the Express repo and install the dependencies:
+
+```console
+$ git clone https://github.com/expressjs/express.git --depth 1
+$ cd express
+$ npm install
+```
+
+  Then run whichever example you want:
+
+```console
+$ node examples/content-negotiation
+```
+
+## Contributing
+
+  [![Linux Build][github-actions-ci-image]][github-actions-ci-url]
+  [![Windows Build][appveyor-image]][appveyor-url]
+  [![Test Coverage][coveralls-image]][coveralls-url]
+
+The Express.js project welcomes all constructive contributions. Contributions take many forms,
+from code for bug fixes and enhancements, to additions and fixes to documentation, additional
+tests, triaging incoming pull requests and issues, and more!
+
+See the [Contributing Guide](Contributing.md) for more technical details on contributing.
+
+### Security Issues
+
+If you discover a security vulnerability in Express, please see [Security Policies and Procedures](Security.md).
+
+### Running Tests
+
+To run the test suite, first install the dependencies, then run `npm test`:
+
+```console
+$ npm install
+$ npm test
+```
+
+## People
+
+The original author of Express is [TJ Holowaychuk](https://github.com/tj)
+
+[List of all contributors](https://github.com/expressjs/express/graphs/contributors)
+
+### TC (Technical Committee)
+
+* [UlisesGascon](https://github.com/UlisesGascon) - **Ulises Gascón** (he/him)
+* [jonchurch](https://github.com/jonchurch) - **Jon Church**
+* [wesleytodd](https://github.com/wesleytodd) - **Wes Todd**
+* [LinusU](https://github.com/LinusU) - **Linus Unnebäck**
+* [blakeembrey](https://github.com/blakeembrey) - **Blake Embrey**
+* [sheplu](https://github.com/sheplu) - **Jean Burellier**
+* [crandmck](https://github.com/crandmck) - **Rand McKinney**
+* [ctcpip](https://github.com/ctcpip) - **Chris de Almeida**
+
+<details>
+<summary>TC emeriti members</summary>
+
+#### TC emeriti members
+
+  * [dougwilson](https://github.com/dougwilson) - **Douglas Wilson**
+  * [hacksparrow](https://github.com/hacksparrow) - **Hage Yaapa**
+  * [jonathanong](https://github.com/jonathanong) - **jongleberry**
+  * [niftylettuce](https://github.com/niftylettuce) - **niftylettuce**
+  * [troygoode](https://github.com/troygoode) - **Troy Goode**
+</details>
+
+
+### Triagers
+
+* [aravindvnair99](https://github.com/aravindvnair99) - **Aravind Nair**
+* [carpasse](https://github.com/carpasse) - **Carlos Serrano**
+* [CBID2](https://github.com/CBID2) - **Christine Belzie**
+* [enyoghasim](https://github.com/enyoghasim) - **David Enyoghasim**
+* [UlisesGascon](https://github.com/UlisesGascon) - **Ulises Gascón** (he/him)
+* [mertcanaltin](https://github.com/mertcanaltin) - **Mert Can Altin**
+* [0ss](https://github.com/0ss) - **Salah**
+* [import-brain](https://github.com/import-brain) - **Eric Cheng** (he/him)
+* [3imed-jaberi](https://github.com/3imed-jaberi) - **Imed Jaberi**
+* [dakshkhetan](https://github.com/dakshkhetan) - **Daksh Khetan** (he/him)
+* [lucasraziel](https://github.com/lucasraziel) - **Lucas Soares Do Rego**
+* [IamLizu](https://github.com/IamLizu) - **S M Mahmudul Hasan** (he/him)
+* [Sushmeet](https://github.com/Sushmeet) - **Sushmeet Sunger**
+
+<details>
+<summary>Triagers emeriti members</summary>
+
+#### Emeritus Triagers
+
+  * [AuggieH](https://github.com/AuggieH) - **Auggie Hudak**
+  * [G-Rath](https://github.com/G-Rath) - **Gareth Jones**
+  * [MohammadXroid](https://github.com/MohammadXroid) - **Mohammad Ayashi**
+  * [NawafSwe](https://github.com/NawafSwe) - **Nawaf Alsharqi**
+  * [NotMoni](https://github.com/NotMoni) - **Moni**
+  * [VigneshMurugan](https://github.com/VigneshMurugan) - **Vignesh Murugan**
+  * [davidmashe](https://github.com/davidmashe) - **David Ashe**
+  * [digitaIfabric](https://github.com/digitaIfabric) - **David**
+  * [e-l-i-s-e](https://github.com/e-l-i-s-e) - **Elise Bonner**
+  * [fed135](https://github.com/fed135) - **Frederic Charette**
+  * [firmanJS](https://github.com/firmanJS) - **Firman Abdul Hakim**
+  * [getspooky](https://github.com/getspooky) - **Yasser Ameur**
+  * [ghinks](https://github.com/ghinks) - **Glenn**
+  * [ghousemohamed](https://github.com/ghousemohamed) - **Ghouse Mohamed**
+  * [gireeshpunathil](https://github.com/gireeshpunathil) - **Gireesh Punathil**
+  * [jake32321](https://github.com/jake32321) - **Jake Reed**
+  * [jonchurch](https://github.com/jonchurch) - **Jon Church**
+  * [lekanikotun](https://github.com/lekanikotun) - **Troy Goode**
+  * [marsonya](https://github.com/marsonya) - **Lekan Ikotun**
+  * [mastermatt](https://github.com/mastermatt) - **Matt R. Wilson**
+  * [maxakuru](https://github.com/maxakuru) - **Max Edell**
+  * [mlrawlings](https://github.com/mlrawlings) - **Michael Rawlings**
+  * [rodion-arr](https://github.com/rodion-arr) - **Rodion Abdurakhimov**
+  * [sheplu](https://github.com/sheplu) - **Jean Burellier**
+  * [tarunyadav1](https://github.com/tarunyadav1) - **Tarun yadav**
+  * [tunniclm](https://github.com/tunniclm) - **Mike Tunnicliffe**
+</details>
+
+
+## License
+
+  [MIT](LICENSE)
+
+[appveyor-image]: https://badgen.net/appveyor/ci/dougwilson/express/master?label=windows
+[appveyor-url]: https://ci.appveyor.com/project/dougwilson/express
+[coveralls-image]: https://badgen.net/coveralls/c/github/expressjs/express/master
+[coveralls-url]: https://coveralls.io/r/expressjs/express?branch=master
+[github-actions-ci-image]: https://badgen.net/github/checks/expressjs/express/master?label=linux
+[github-actions-ci-url]: https://github.com/expressjs/express/actions/workflows/ci.yml
+[npm-downloads-image]: https://badgen.net/npm/dm/express
+[npm-downloads-url]: https://npmcharts.com/compare/express?minimal=true
+[npm-install-size-image]: https://badgen.net/packagephobia/install/express
+[npm-install-size-url]: https://packagephobia.com/result?p=express
+[npm-url]: https://npmjs.org/package/express
+[npm-version-image]: https://badgen.net/npm/v/express
+[ossf-scorecard-badge]: https://api.scorecard.dev/projects/github.com/expressjs/express/badge
+[ossf-scorecard-visualizer]: https://ossf.github.io/scorecard-visualizer/#/projects/github.com/expressjs/express
+[Code of Conduct]: https://github.com/expressjs/express/blob/master/Code-Of-Conduct.md
diff --git a/src/Servers/ExpressServer/node_modules/express/index.js b/src/Servers/ExpressServer/node_modules/express/index.js
new file mode 100644
index 0000000..d219b0c
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/express/index.js
@@ -0,0 +1,11 @@
+/*!
+ * express
+ * Copyright(c) 2009-2013 TJ Holowaychuk
+ * Copyright(c) 2013 Roman Shtylman
+ * Copyright(c) 2014-2015 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict';
+
+module.exports = require('./lib/express');
diff --git a/src/Servers/ExpressServer/node_modules/express/lib/application.js b/src/Servers/ExpressServer/node_modules/express/lib/application.js
new file mode 100644
index 0000000..ebb30b5
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/express/lib/application.js
@@ -0,0 +1,661 @@
+/*!
+ * express
+ * Copyright(c) 2009-2013 TJ Holowaychuk
+ * Copyright(c) 2013 Roman Shtylman
+ * Copyright(c) 2014-2015 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict';
+
+/**
+ * Module dependencies.
+ * @private
+ */
+
+var finalhandler = require('finalhandler');
+var Router = require('./router');
+var methods = require('methods');
+var middleware = require('./middleware/init');
+var query = require('./middleware/query');
+var debug = require('debug')('express:application');
+var View = require('./view');
+var http = require('http');
+var compileETag = require('./utils').compileETag;
+var compileQueryParser = require('./utils').compileQueryParser;
+var compileTrust = require('./utils').compileTrust;
+var deprecate = require('depd')('express');
+var flatten = require('array-flatten');
+var merge = require('utils-merge');
+var resolve = require('path').resolve;
+var setPrototypeOf = require('setprototypeof')
+
+/**
+ * Module variables.
+ * @private
+ */
+
+var hasOwnProperty = Object.prototype.hasOwnProperty
+var slice = Array.prototype.slice;
+
+/**
+ * Application prototype.
+ */
+
+var app = exports = module.exports = {};
+
+/**
+ * Variable for trust proxy inheritance back-compat
+ * @private
+ */
+
+var trustProxyDefaultSymbol = '@@symbol:trust_proxy_default';
+
+/**
+ * Initialize the server.
+ *
+ *   - setup default configuration
+ *   - setup default middleware
+ *   - setup route reflection methods
+ *
+ * @private
+ */
+
+app.init = function init() {
+  this.cache = {};
+  this.engines = {};
+  this.settings = {};
+
+  this.defaultConfiguration();
+};
+
+/**
+ * Initialize application configuration.
+ * @private
+ */
+
+app.defaultConfiguration = function defaultConfiguration() {
+  var env = process.env.NODE_ENV || 'development';
+
+  // default settings
+  this.enable('x-powered-by');
+  this.set('etag', 'weak');
+  this.set('env', env);
+  this.set('query parser', 'extended');
+  this.set('subdomain offset', 2);
+  this.set('trust proxy', false);
+
+  // trust proxy inherit back-compat
+  Object.defineProperty(this.settings, trustProxyDefaultSymbol, {
+    configurable: true,
+    value: true
+  });
+
+  debug('booting in %s mode', env);
+
+  this.on('mount', function onmount(parent) {
+    // inherit trust proxy
+    if (this.settings[trustProxyDefaultSymbol] === true
+      && typeof parent.settings['trust proxy fn'] === 'function') {
+      delete this.settings['trust proxy'];
+      delete this.settings['trust proxy fn'];
+    }
+
+    // inherit protos
+    setPrototypeOf(this.request, parent.request)
+    setPrototypeOf(this.response, parent.response)
+    setPrototypeOf(this.engines, parent.engines)
+    setPrototypeOf(this.settings, parent.settings)
+  });
+
+  // setup locals
+  this.locals = Object.create(null);
+
+  // top-most app is mounted at /
+  this.mountpath = '/';
+
+  // default locals
+  this.locals.settings = this.settings;
+
+  // default configuration
+  this.set('view', View);
+  this.set('views', resolve('views'));
+  this.set('jsonp callback name', 'callback');
+
+  if (env === 'production') {
+    this.enable('view cache');
+  }
+
+  Object.defineProperty(this, 'router', {
+    get: function() {
+      throw new Error('\'app.router\' is deprecated!\nPlease see the 3.x to 4.x migration guide for details on how to update your app.');
+    }
+  });
+};
+
+/**
+ * lazily adds the base router if it has not yet been added.
+ *
+ * We cannot add the base router in the defaultConfiguration because
+ * it reads app settings which might be set after that has run.
+ *
+ * @private
+ */
+app.lazyrouter = function lazyrouter() {
+  if (!this._router) {
+    this._router = new Router({
+      caseSensitive: this.enabled('case sensitive routing'),
+      strict: this.enabled('strict routing')
+    });
+
+    this._router.use(query(this.get('query parser fn')));
+    this._router.use(middleware.init(this));
+  }
+};
+
+/**
+ * Dispatch a req, res pair into the application. Starts pipeline processing.
+ *
+ * If no callback is provided, then default error handlers will respond
+ * in the event of an error bubbling through the stack.
+ *
+ * @private
+ */
+
+app.handle = function handle(req, res, callback) {
+  var router = this._router;
+
+  // final handler
+  var done = callback || finalhandler(req, res, {
+    env: this.get('env'),
+    onerror: logerror.bind(this)
+  });
+
+  // no routes
+  if (!router) {
+    debug('no routes defined on app');
+    done();
+    return;
+  }
+
+  router.handle(req, res, done);
+};
+
+/**
+ * Proxy `Router#use()` to add middleware to the app router.
+ * See Router#use() documentation for details.
+ *
+ * If the _fn_ parameter is an express app, then it will be
+ * mounted at the _route_ specified.
+ *
+ * @public
+ */
+
+app.use = function use(fn) {
+  var offset = 0;
+  var path = '/';
+
+  // default path to '/'
+  // disambiguate app.use([fn])
+  if (typeof fn !== 'function') {
+    var arg = fn;
+
+    while (Array.isArray(arg) && arg.length !== 0) {
+      arg = arg[0];
+    }
+
+    // first arg is the path
+    if (typeof arg !== 'function') {
+      offset = 1;
+      path = fn;
+    }
+  }
+
+  var fns = flatten(slice.call(arguments, offset));
+
+  if (fns.length === 0) {
+    throw new TypeError('app.use() requires a middleware function')
+  }
+
+  // setup router
+  this.lazyrouter();
+  var router = this._router;
+
+  fns.forEach(function (fn) {
+    // non-express app
+    if (!fn || !fn.handle || !fn.set) {
+      return router.use(path, fn);
+    }
+
+    debug('.use app under %s', path);
+    fn.mountpath = path;
+    fn.parent = this;
+
+    // restore .app property on req and res
+    router.use(path, function mounted_app(req, res, next) {
+      var orig = req.app;
+      fn.handle(req, res, function (err) {
+        setPrototypeOf(req, orig.request)
+        setPrototypeOf(res, orig.response)
+        next(err);
+      });
+    });
+
+    // mounted an app
+    fn.emit('mount', this);
+  }, this);
+
+  return this;
+};
+
+/**
+ * Proxy to the app `Router#route()`
+ * Returns a new `Route` instance for the _path_.
+ *
+ * Routes are isolated middleware stacks for specific paths.
+ * See the Route api docs for details.
+ *
+ * @public
+ */
+
+app.route = function route(path) {
+  this.lazyrouter();
+  return this._router.route(path);
+};
+
+/**
+ * Register the given template engine callback `fn`
+ * as `ext`.
+ *
+ * By default will `require()` the engine based on the
+ * file extension. For example if you try to render
+ * a "foo.ejs" file Express will invoke the following internally:
+ *
+ *     app.engine('ejs', require('ejs').__express);
+ *
+ * For engines that do not provide `.__express` out of the box,
+ * or if you wish to "map" a different extension to the template engine
+ * you may use this method. For example mapping the EJS template engine to
+ * ".html" files:
+ *
+ *     app.engine('html', require('ejs').renderFile);
+ *
+ * In this case EJS provides a `.renderFile()` method with
+ * the same signature that Express expects: `(path, options, callback)`,
+ * though note that it aliases this method as `ejs.__express` internally
+ * so if you're using ".ejs" extensions you don't need to do anything.
+ *
+ * Some template engines do not follow this convention, the
+ * [Consolidate.js](https://github.com/tj/consolidate.js)
+ * library was created to map all of node's popular template
+ * engines to follow this convention, thus allowing them to
+ * work seamlessly within Express.
+ *
+ * @param {String} ext
+ * @param {Function} fn
+ * @return {app} for chaining
+ * @public
+ */
+
+app.engine = function engine(ext, fn) {
+  if (typeof fn !== 'function') {
+    throw new Error('callback function required');
+  }
+
+  // get file extension
+  var extension = ext[0] !== '.'
+    ? '.' + ext
+    : ext;
+
+  // store engine
+  this.engines[extension] = fn;
+
+  return this;
+};
+
+/**
+ * Proxy to `Router#param()` with one added api feature. The _name_ parameter
+ * can be an array of names.
+ *
+ * See the Router#param() docs for more details.
+ *
+ * @param {String|Array} name
+ * @param {Function} fn
+ * @return {app} for chaining
+ * @public
+ */
+
+app.param = function param(name, fn) {
+  this.lazyrouter();
+
+  if (Array.isArray(name)) {
+    for (var i = 0; i < name.length; i++) {
+      this.param(name[i], fn);
+    }
+
+    return this;
+  }
+
+  this._router.param(name, fn);
+
+  return this;
+};
+
+/**
+ * Assign `setting` to `val`, or return `setting`'s value.
+ *
+ *    app.set('foo', 'bar');
+ *    app.set('foo');
+ *    // => "bar"
+ *
+ * Mounted servers inherit their parent server's settings.
+ *
+ * @param {String} setting
+ * @param {*} [val]
+ * @return {Server} for chaining
+ * @public
+ */
+
+app.set = function set(setting, val) {
+  if (arguments.length === 1) {
+    // app.get(setting)
+    var settings = this.settings
+
+    while (settings && settings !== Object.prototype) {
+      if (hasOwnProperty.call(settings, setting)) {
+        return settings[setting]
+      }
+
+      settings = Object.getPrototypeOf(settings)
+    }
+
+    return undefined
+  }
+
+  debug('set "%s" to %o', setting, val);
+
+  // set value
+  this.settings[setting] = val;
+
+  // trigger matched settings
+  switch (setting) {
+    case 'etag':
+      this.set('etag fn', compileETag(val));
+      break;
+    case 'query parser':
+      this.set('query parser fn', compileQueryParser(val));
+      break;
+    case 'trust proxy':
+      this.set('trust proxy fn', compileTrust(val));
+
+      // trust proxy inherit back-compat
+      Object.defineProperty(this.settings, trustProxyDefaultSymbol, {
+        configurable: true,
+        value: false
+      });
+
+      break;
+  }
+
+  return this;
+};
+
+/**
+ * Return the app's absolute pathname
+ * based on the parent(s) that have
+ * mounted it.
+ *
+ * For example if the application was
+ * mounted as "/admin", which itself
+ * was mounted as "/blog" then the
+ * return value would be "/blog/admin".
+ *
+ * @return {String}
+ * @private
+ */
+
+app.path = function path() {
+  return this.parent
+    ? this.parent.path() + this.mountpath
+    : '';
+};
+
+/**
+ * Check if `setting` is enabled (truthy).
+ *
+ *    app.enabled('foo')
+ *    // => false
+ *
+ *    app.enable('foo')
+ *    app.enabled('foo')
+ *    // => true
+ *
+ * @param {String} setting
+ * @return {Boolean}
+ * @public
+ */
+
+app.enabled = function enabled(setting) {
+  return Boolean(this.set(setting));
+};
+
+/**
+ * Check if `setting` is disabled.
+ *
+ *    app.disabled('foo')
+ *    // => true
+ *
+ *    app.enable('foo')
+ *    app.disabled('foo')
+ *    // => false
+ *
+ * @param {String} setting
+ * @return {Boolean}
+ * @public
+ */
+
+app.disabled = function disabled(setting) {
+  return !this.set(setting);
+};
+
+/**
+ * Enable `setting`.
+ *
+ * @param {String} setting
+ * @return {app} for chaining
+ * @public
+ */
+
+app.enable = function enable(setting) {
+  return this.set(setting, true);
+};
+
+/**
+ * Disable `setting`.
+ *
+ * @param {String} setting
+ * @return {app} for chaining
+ * @public
+ */
+
+app.disable = function disable(setting) {
+  return this.set(setting, false);
+};
+
+/**
+ * Delegate `.VERB(...)` calls to `router.VERB(...)`.
+ */
+
+methods.forEach(function(method){
+  app[method] = function(path){
+    if (method === 'get' && arguments.length === 1) {
+      // app.get(setting)
+      return this.set(path);
+    }
+
+    this.lazyrouter();
+
+    var route = this._router.route(path);
+    route[method].apply(route, slice.call(arguments, 1));
+    return this;
+  };
+});
+
+/**
+ * Special-cased "all" method, applying the given route `path`,
+ * middleware, and callback to _every_ HTTP method.
+ *
+ * @param {String} path
+ * @param {Function} ...
+ * @return {app} for chaining
+ * @public
+ */
+
+app.all = function all(path) {
+  this.lazyrouter();
+
+  var route = this._router.route(path);
+  var args = slice.call(arguments, 1);
+
+  for (var i = 0; i < methods.length; i++) {
+    route[methods[i]].apply(route, args);
+  }
+
+  return this;
+};
+
+// del -> delete alias
+
+app.del = deprecate.function(app.delete, 'app.del: Use app.delete instead');
+
+/**
+ * Render the given view `name` name with `options`
+ * and a callback accepting an error and the
+ * rendered template string.
+ *
+ * Example:
+ *
+ *    app.render('email', { name: 'Tobi' }, function(err, html){
+ *      // ...
+ *    })
+ *
+ * @param {String} name
+ * @param {Object|Function} options or fn
+ * @param {Function} callback
+ * @public
+ */
+
+app.render = function render(name, options, callback) {
+  var cache = this.cache;
+  var done = callback;
+  var engines = this.engines;
+  var opts = options;
+  var renderOptions = {};
+  var view;
+
+  // support callback function as second arg
+  if (typeof options === 'function') {
+    done = options;
+    opts = {};
+  }
+
+  // merge app.locals
+  merge(renderOptions, this.locals);
+
+  // merge options._locals
+  if (opts._locals) {
+    merge(renderOptions, opts._locals);
+  }
+
+  // merge options
+  merge(renderOptions, opts);
+
+  // set .cache unless explicitly provided
+  if (renderOptions.cache == null) {
+    renderOptions.cache = this.enabled('view cache');
+  }
+
+  // primed cache
+  if (renderOptions.cache) {
+    view = cache[name];
+  }
+
+  // view
+  if (!view) {
+    var View = this.get('view');
+
+    view = new View(name, {
+      defaultEngine: this.get('view engine'),
+      root: this.get('views'),
+      engines: engines
+    });
+
+    if (!view.path) {
+      var dirs = Array.isArray(view.root) && view.root.length > 1
+        ? 'directories "' + view.root.slice(0, -1).join('", "') + '" or "' + view.root[view.root.length - 1] + '"'
+        : 'directory "' + view.root + '"'
+      var err = new Error('Failed to lookup view "' + name + '" in views ' + dirs);
+      err.view = view;
+      return done(err);
+    }
+
+    // prime the cache
+    if (renderOptions.cache) {
+      cache[name] = view;
+    }
+  }
+
+  // render
+  tryRender(view, renderOptions, done);
+};
+
+/**
+ * Listen for connections.
+ *
+ * A node `http.Server` is returned, with this
+ * application (which is a `Function`) as its
+ * callback. If you wish to create both an HTTP
+ * and HTTPS server you may do so with the "http"
+ * and "https" modules as shown here:
+ *
+ *    var http = require('http')
+ *      , https = require('https')
+ *      , express = require('express')
+ *      , app = express();
+ *
+ *    http.createServer(app).listen(80);
+ *    https.createServer({ ... }, app).listen(443);
+ *
+ * @return {http.Server}
+ * @public
+ */
+
+app.listen = function listen() {
+  var server = http.createServer(this);
+  return server.listen.apply(server, arguments);
+};
+
+/**
+ * Log error using console.error.
+ *
+ * @param {Error} err
+ * @private
+ */
+
+function logerror(err) {
+  /* istanbul ignore next */
+  if (this.get('env') !== 'test') console.error(err.stack || err.toString());
+}
+
+/**
+ * Try rendering a view.
+ * @private
+ */
+
+function tryRender(view, options, callback) {
+  try {
+    view.render(options, callback);
+  } catch (err) {
+    callback(err);
+  }
+}
diff --git a/src/Servers/ExpressServer/node_modules/express/lib/express.js b/src/Servers/ExpressServer/node_modules/express/lib/express.js
new file mode 100644
index 0000000..d188a16
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/express/lib/express.js
@@ -0,0 +1,116 @@
+/*!
+ * express
+ * Copyright(c) 2009-2013 TJ Holowaychuk
+ * Copyright(c) 2013 Roman Shtylman
+ * Copyright(c) 2014-2015 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict';
+
+/**
+ * Module dependencies.
+ */
+
+var bodyParser = require('body-parser')
+var EventEmitter = require('events').EventEmitter;
+var mixin = require('merge-descriptors');
+var proto = require('./application');
+var Route = require('./router/route');
+var Router = require('./router');
+var req = require('./request');
+var res = require('./response');
+
+/**
+ * Expose `createApplication()`.
+ */
+
+exports = module.exports = createApplication;
+
+/**
+ * Create an express application.
+ *
+ * @return {Function}
+ * @api public
+ */
+
+function createApplication() {
+  var app = function(req, res, next) {
+    app.handle(req, res, next);
+  };
+
+  mixin(app, EventEmitter.prototype, false);
+  mixin(app, proto, false);
+
+  // expose the prototype that will get set on requests
+  app.request = Object.create(req, {
+    app: { configurable: true, enumerable: true, writable: true, value: app }
+  })
+
+  // expose the prototype that will get set on responses
+  app.response = Object.create(res, {
+    app: { configurable: true, enumerable: true, writable: true, value: app }
+  })
+
+  app.init();
+  return app;
+}
+
+/**
+ * Expose the prototypes.
+ */
+
+exports.application = proto;
+exports.request = req;
+exports.response = res;
+
+/**
+ * Expose constructors.
+ */
+
+exports.Route = Route;
+exports.Router = Router;
+
+/**
+ * Expose middleware
+ */
+
+exports.json = bodyParser.json
+exports.query = require('./middleware/query');
+exports.raw = bodyParser.raw
+exports.static = require('serve-static');
+exports.text = bodyParser.text
+exports.urlencoded = bodyParser.urlencoded
+
+/**
+ * Replace removed middleware with an appropriate error message.
+ */
+
+var removedMiddlewares = [
+  'bodyParser',
+  'compress',
+  'cookieSession',
+  'session',
+  'logger',
+  'cookieParser',
+  'favicon',
+  'responseTime',
+  'errorHandler',
+  'timeout',
+  'methodOverride',
+  'vhost',
+  'csrf',
+  'directory',
+  'limit',
+  'multipart',
+  'staticCache'
+]
+
+removedMiddlewares.forEach(function (name) {
+  Object.defineProperty(exports, name, {
+    get: function () {
+      throw new Error('Most middleware (like ' + name + ') is no longer bundled with Express and must be installed separately. Please see https://github.com/senchalabs/connect#middleware.');
+    },
+    configurable: true
+  });
+});
diff --git a/src/Servers/ExpressServer/node_modules/express/lib/middleware/init.js b/src/Servers/ExpressServer/node_modules/express/lib/middleware/init.js
new file mode 100644
index 0000000..dfd0427
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/express/lib/middleware/init.js
@@ -0,0 +1,43 @@
+/*!
+ * express
+ * Copyright(c) 2009-2013 TJ Holowaychuk
+ * Copyright(c) 2013 Roman Shtylman
+ * Copyright(c) 2014-2015 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict';
+
+/**
+ * Module dependencies.
+ * @private
+ */
+
+var setPrototypeOf = require('setprototypeof')
+
+/**
+ * Initialization middleware, exposing the
+ * request and response to each other, as well
+ * as defaulting the X-Powered-By header field.
+ *
+ * @param {Function} app
+ * @return {Function}
+ * @api private
+ */
+
+exports.init = function(app){
+  return function expressInit(req, res, next){
+    if (app.enabled('x-powered-by')) res.setHeader('X-Powered-By', 'Express');
+    req.res = res;
+    res.req = req;
+    req.next = next;
+
+    setPrototypeOf(req, app.request)
+    setPrototypeOf(res, app.response)
+
+    res.locals = res.locals || Object.create(null);
+
+    next();
+  };
+};
+
diff --git a/src/Servers/ExpressServer/node_modules/express/lib/middleware/query.js b/src/Servers/ExpressServer/node_modules/express/lib/middleware/query.js
new file mode 100644
index 0000000..7e91669
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/express/lib/middleware/query.js
@@ -0,0 +1,47 @@
+/*!
+ * express
+ * Copyright(c) 2009-2013 TJ Holowaychuk
+ * Copyright(c) 2013 Roman Shtylman
+ * Copyright(c) 2014-2015 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict';
+
+/**
+ * Module dependencies.
+ */
+
+var merge = require('utils-merge')
+var parseUrl = require('parseurl');
+var qs = require('qs');
+
+/**
+ * @param {Object} options
+ * @return {Function}
+ * @api public
+ */
+
+module.exports = function query(options) {
+  var opts = merge({}, options)
+  var queryparse = qs.parse;
+
+  if (typeof options === 'function') {
+    queryparse = options;
+    opts = undefined;
+  }
+
+  if (opts !== undefined && opts.allowPrototypes === undefined) {
+    // back-compat for qs module
+    opts.allowPrototypes = true;
+  }
+
+  return function query(req, res, next){
+    if (!req.query) {
+      var val = parseUrl(req).query;
+      req.query = queryparse(val, opts);
+    }
+
+    next();
+  };
+};
diff --git a/src/Servers/ExpressServer/node_modules/express/lib/request.js b/src/Servers/ExpressServer/node_modules/express/lib/request.js
new file mode 100644
index 0000000..3f1eeca
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/express/lib/request.js
@@ -0,0 +1,525 @@
+/*!
+ * express
+ * Copyright(c) 2009-2013 TJ Holowaychuk
+ * Copyright(c) 2013 Roman Shtylman
+ * Copyright(c) 2014-2015 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict';
+
+/**
+ * Module dependencies.
+ * @private
+ */
+
+var accepts = require('accepts');
+var deprecate = require('depd')('express');
+var isIP = require('net').isIP;
+var typeis = require('type-is');
+var http = require('http');
+var fresh = require('fresh');
+var parseRange = require('range-parser');
+var parse = require('parseurl');
+var proxyaddr = require('proxy-addr');
+
+/**
+ * Request prototype.
+ * @public
+ */
+
+var req = Object.create(http.IncomingMessage.prototype)
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = req
+
+/**
+ * Return request header.
+ *
+ * The `Referrer` header field is special-cased,
+ * both `Referrer` and `Referer` are interchangeable.
+ *
+ * Examples:
+ *
+ *     req.get('Content-Type');
+ *     // => "text/plain"
+ *
+ *     req.get('content-type');
+ *     // => "text/plain"
+ *
+ *     req.get('Something');
+ *     // => undefined
+ *
+ * Aliased as `req.header()`.
+ *
+ * @param {String} name
+ * @return {String}
+ * @public
+ */
+
+req.get =
+req.header = function header(name) {
+  if (!name) {
+    throw new TypeError('name argument is required to req.get');
+  }
+
+  if (typeof name !== 'string') {
+    throw new TypeError('name must be a string to req.get');
+  }
+
+  var lc = name.toLowerCase();
+
+  switch (lc) {
+    case 'referer':
+    case 'referrer':
+      return this.headers.referrer
+        || this.headers.referer;
+    default:
+      return this.headers[lc];
+  }
+};
+
+/**
+ * To do: update docs.
+ *
+ * Check if the given `type(s)` is acceptable, returning
+ * the best match when true, otherwise `undefined`, in which
+ * case you should respond with 406 "Not Acceptable".
+ *
+ * The `type` value may be a single MIME type string
+ * such as "application/json", an extension name
+ * such as "json", a comma-delimited list such as "json, html, text/plain",
+ * an argument list such as `"json", "html", "text/plain"`,
+ * or an array `["json", "html", "text/plain"]`. When a list
+ * or array is given, the _best_ match, if any is returned.
+ *
+ * Examples:
+ *
+ *     // Accept: text/html
+ *     req.accepts('html');
+ *     // => "html"
+ *
+ *     // Accept: text/*, application/json
+ *     req.accepts('html');
+ *     // => "html"
+ *     req.accepts('text/html');
+ *     // => "text/html"
+ *     req.accepts('json, text');
+ *     // => "json"
+ *     req.accepts('application/json');
+ *     // => "application/json"
+ *
+ *     // Accept: text/*, application/json
+ *     req.accepts('image/png');
+ *     req.accepts('png');
+ *     // => undefined
+ *
+ *     // Accept: text/*;q=.5, application/json
+ *     req.accepts(['html', 'json']);
+ *     req.accepts('html', 'json');
+ *     req.accepts('html, json');
+ *     // => "json"
+ *
+ * @param {String|Array} type(s)
+ * @return {String|Array|Boolean}
+ * @public
+ */
+
+req.accepts = function(){
+  var accept = accepts(this);
+  return accept.types.apply(accept, arguments);
+};
+
+/**
+ * Check if the given `encoding`s are accepted.
+ *
+ * @param {String} ...encoding
+ * @return {String|Array}
+ * @public
+ */
+
+req.acceptsEncodings = function(){
+  var accept = accepts(this);
+  return accept.encodings.apply(accept, arguments);
+};
+
+req.acceptsEncoding = deprecate.function(req.acceptsEncodings,
+  'req.acceptsEncoding: Use acceptsEncodings instead');
+
+/**
+ * Check if the given `charset`s are acceptable,
+ * otherwise you should respond with 406 "Not Acceptable".
+ *
+ * @param {String} ...charset
+ * @return {String|Array}
+ * @public
+ */
+
+req.acceptsCharsets = function(){
+  var accept = accepts(this);
+  return accept.charsets.apply(accept, arguments);
+};
+
+req.acceptsCharset = deprecate.function(req.acceptsCharsets,
+  'req.acceptsCharset: Use acceptsCharsets instead');
+
+/**
+ * Check if the given `lang`s are acceptable,
+ * otherwise you should respond with 406 "Not Acceptable".
+ *
+ * @param {String} ...lang
+ * @return {String|Array}
+ * @public
+ */
+
+req.acceptsLanguages = function(){
+  var accept = accepts(this);
+  return accept.languages.apply(accept, arguments);
+};
+
+req.acceptsLanguage = deprecate.function(req.acceptsLanguages,
+  'req.acceptsLanguage: Use acceptsLanguages instead');
+
+/**
+ * Parse Range header field, capping to the given `size`.
+ *
+ * Unspecified ranges such as "0-" require knowledge of your resource length. In
+ * the case of a byte range this is of course the total number of bytes. If the
+ * Range header field is not given `undefined` is returned, `-1` when unsatisfiable,
+ * and `-2` when syntactically invalid.
+ *
+ * When ranges are returned, the array has a "type" property which is the type of
+ * range that is required (most commonly, "bytes"). Each array element is an object
+ * with a "start" and "end" property for the portion of the range.
+ *
+ * The "combine" option can be set to `true` and overlapping & adjacent ranges
+ * will be combined into a single range.
+ *
+ * NOTE: remember that ranges are inclusive, so for example "Range: users=0-3"
+ * should respond with 4 users when available, not 3.
+ *
+ * @param {number} size
+ * @param {object} [options]
+ * @param {boolean} [options.combine=false]
+ * @return {number|array}
+ * @public
+ */
+
+req.range = function range(size, options) {
+  var range = this.get('Range');
+  if (!range) return;
+  return parseRange(size, range, options);
+};
+
+/**
+ * Return the value of param `name` when present or `defaultValue`.
+ *
+ *  - Checks route placeholders, ex: _/user/:id_
+ *  - Checks body params, ex: id=12, {"id":12}
+ *  - Checks query string params, ex: ?id=12
+ *
+ * To utilize request bodies, `req.body`
+ * should be an object. This can be done by using
+ * the `bodyParser()` middleware.
+ *
+ * @param {String} name
+ * @param {Mixed} [defaultValue]
+ * @return {String}
+ * @public
+ */
+
+req.param = function param(name, defaultValue) {
+  var params = this.params || {};
+  var body = this.body || {};
+  var query = this.query || {};
+
+  var args = arguments.length === 1
+    ? 'name'
+    : 'name, default';
+  deprecate('req.param(' + args + '): Use req.params, req.body, or req.query instead');
+
+  if (null != params[name] && params.hasOwnProperty(name)) return params[name];
+  if (null != body[name]) return body[name];
+  if (null != query[name]) return query[name];
+
+  return defaultValue;
+};
+
+/**
+ * Check if the incoming request contains the "Content-Type"
+ * header field, and it contains the given mime `type`.
+ *
+ * Examples:
+ *
+ *      // With Content-Type: text/html; charset=utf-8
+ *      req.is('html');
+ *      req.is('text/html');
+ *      req.is('text/*');
+ *      // => true
+ *
+ *      // When Content-Type is application/json
+ *      req.is('json');
+ *      req.is('application/json');
+ *      req.is('application/*');
+ *      // => true
+ *
+ *      req.is('html');
+ *      // => false
+ *
+ * @param {String|Array} types...
+ * @return {String|false|null}
+ * @public
+ */
+
+req.is = function is(types) {
+  var arr = types;
+
+  // support flattened arguments
+  if (!Array.isArray(types)) {
+    arr = new Array(arguments.length);
+    for (var i = 0; i < arr.length; i++) {
+      arr[i] = arguments[i];
+    }
+  }
+
+  return typeis(this, arr);
+};
+
+/**
+ * Return the protocol string "http" or "https"
+ * when requested with TLS. When the "trust proxy"
+ * setting trusts the socket address, the
+ * "X-Forwarded-Proto" header field will be trusted
+ * and used if present.
+ *
+ * If you're running behind a reverse proxy that
+ * supplies https for you this may be enabled.
+ *
+ * @return {String}
+ * @public
+ */
+
+defineGetter(req, 'protocol', function protocol(){
+  var proto = this.connection.encrypted
+    ? 'https'
+    : 'http';
+  var trust = this.app.get('trust proxy fn');
+
+  if (!trust(this.connection.remoteAddress, 0)) {
+    return proto;
+  }
+
+  // Note: X-Forwarded-Proto is normally only ever a
+  //       single value, but this is to be safe.
+  var header = this.get('X-Forwarded-Proto') || proto
+  var index = header.indexOf(',')
+
+  return index !== -1
+    ? header.substring(0, index).trim()
+    : header.trim()
+});
+
+/**
+ * Short-hand for:
+ *
+ *    req.protocol === 'https'
+ *
+ * @return {Boolean}
+ * @public
+ */
+
+defineGetter(req, 'secure', function secure(){
+  return this.protocol === 'https';
+});
+
+/**
+ * Return the remote address from the trusted proxy.
+ *
+ * The is the remote address on the socket unless
+ * "trust proxy" is set.
+ *
+ * @return {String}
+ * @public
+ */
+
+defineGetter(req, 'ip', function ip(){
+  var trust = this.app.get('trust proxy fn');
+  return proxyaddr(this, trust);
+});
+
+/**
+ * When "trust proxy" is set, trusted proxy addresses + client.
+ *
+ * For example if the value were "client, proxy1, proxy2"
+ * you would receive the array `["client", "proxy1", "proxy2"]`
+ * where "proxy2" is the furthest down-stream and "proxy1" and
+ * "proxy2" were trusted.
+ *
+ * @return {Array}
+ * @public
+ */
+
+defineGetter(req, 'ips', function ips() {
+  var trust = this.app.get('trust proxy fn');
+  var addrs = proxyaddr.all(this, trust);
+
+  // reverse the order (to farthest -> closest)
+  // and remove socket address
+  addrs.reverse().pop()
+
+  return addrs
+});
+
+/**
+ * Return subdomains as an array.
+ *
+ * Subdomains are the dot-separated parts of the host before the main domain of
+ * the app. By default, the domain of the app is assumed to be the last two
+ * parts of the host. This can be changed by setting "subdomain offset".
+ *
+ * For example, if the domain is "tobi.ferrets.example.com":
+ * If "subdomain offset" is not set, req.subdomains is `["ferrets", "tobi"]`.
+ * If "subdomain offset" is 3, req.subdomains is `["tobi"]`.
+ *
+ * @return {Array}
+ * @public
+ */
+
+defineGetter(req, 'subdomains', function subdomains() {
+  var hostname = this.hostname;
+
+  if (!hostname) return [];
+
+  var offset = this.app.get('subdomain offset');
+  var subdomains = !isIP(hostname)
+    ? hostname.split('.').reverse()
+    : [hostname];
+
+  return subdomains.slice(offset);
+});
+
+/**
+ * Short-hand for `url.parse(req.url).pathname`.
+ *
+ * @return {String}
+ * @public
+ */
+
+defineGetter(req, 'path', function path() {
+  return parse(this).pathname;
+});
+
+/**
+ * Parse the "Host" header field to a hostname.
+ *
+ * When the "trust proxy" setting trusts the socket
+ * address, the "X-Forwarded-Host" header field will
+ * be trusted.
+ *
+ * @return {String}
+ * @public
+ */
+
+defineGetter(req, 'hostname', function hostname(){
+  var trust = this.app.get('trust proxy fn');
+  var host = this.get('X-Forwarded-Host');
+
+  if (!host || !trust(this.connection.remoteAddress, 0)) {
+    host = this.get('Host');
+  } else if (host.indexOf(',') !== -1) {
+    // Note: X-Forwarded-Host is normally only ever a
+    //       single value, but this is to be safe.
+    host = host.substring(0, host.indexOf(',')).trimRight()
+  }
+
+  if (!host) return;
+
+  // IPv6 literal support
+  var offset = host[0] === '['
+    ? host.indexOf(']') + 1
+    : 0;
+  var index = host.indexOf(':', offset);
+
+  return index !== -1
+    ? host.substring(0, index)
+    : host;
+});
+
+// TODO: change req.host to return host in next major
+
+defineGetter(req, 'host', deprecate.function(function host(){
+  return this.hostname;
+}, 'req.host: Use req.hostname instead'));
+
+/**
+ * Check if the request is fresh, aka
+ * Last-Modified and/or the ETag
+ * still match.
+ *
+ * @return {Boolean}
+ * @public
+ */
+
+defineGetter(req, 'fresh', function(){
+  var method = this.method;
+  var res = this.res
+  var status = res.statusCode
+
+  // GET or HEAD for weak freshness validation only
+  if ('GET' !== method && 'HEAD' !== method) return false;
+
+  // 2xx or 304 as per rfc2616 14.26
+  if ((status >= 200 && status < 300) || 304 === status) {
+    return fresh(this.headers, {
+      'etag': res.get('ETag'),
+      'last-modified': res.get('Last-Modified')
+    })
+  }
+
+  return false;
+});
+
+/**
+ * Check if the request is stale, aka
+ * "Last-Modified" and / or the "ETag" for the
+ * resource has changed.
+ *
+ * @return {Boolean}
+ * @public
+ */
+
+defineGetter(req, 'stale', function stale(){
+  return !this.fresh;
+});
+
+/**
+ * Check if the request was an _XMLHttpRequest_.
+ *
+ * @return {Boolean}
+ * @public
+ */
+
+defineGetter(req, 'xhr', function xhr(){
+  var val = this.get('X-Requested-With') || '';
+  return val.toLowerCase() === 'xmlhttprequest';
+});
+
+/**
+ * Helper function for creating a getter on an object.
+ *
+ * @param {Object} obj
+ * @param {String} name
+ * @param {Function} getter
+ * @private
+ */
+function defineGetter(obj, name, getter) {
+  Object.defineProperty(obj, name, {
+    configurable: true,
+    enumerable: true,
+    get: getter
+  });
+}
diff --git a/src/Servers/ExpressServer/node_modules/express/lib/response.js b/src/Servers/ExpressServer/node_modules/express/lib/response.js
new file mode 100644
index 0000000..2b654f4
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/express/lib/response.js
@@ -0,0 +1,1179 @@
+/*!
+ * express
+ * Copyright(c) 2009-2013 TJ Holowaychuk
+ * Copyright(c) 2014-2015 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict';
+
+/**
+ * Module dependencies.
+ * @private
+ */
+
+var Buffer = require('safe-buffer').Buffer
+var contentDisposition = require('content-disposition');
+var createError = require('http-errors')
+var deprecate = require('depd')('express');
+var encodeUrl = require('encodeurl');
+var escapeHtml = require('escape-html');
+var http = require('http');
+var isAbsolute = require('./utils').isAbsolute;
+var onFinished = require('on-finished');
+var path = require('path');
+var statuses = require('statuses')
+var merge = require('utils-merge');
+var sign = require('cookie-signature').sign;
+var normalizeType = require('./utils').normalizeType;
+var normalizeTypes = require('./utils').normalizeTypes;
+var setCharset = require('./utils').setCharset;
+var cookie = require('cookie');
+var send = require('send');
+var extname = path.extname;
+var mime = send.mime;
+var resolve = path.resolve;
+var vary = require('vary');
+
+/**
+ * Response prototype.
+ * @public
+ */
+
+var res = Object.create(http.ServerResponse.prototype)
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = res
+
+/**
+ * Module variables.
+ * @private
+ */
+
+var charsetRegExp = /;\s*charset\s*=/;
+
+/**
+ * Set status `code`.
+ *
+ * @param {Number} code
+ * @return {ServerResponse}
+ * @public
+ */
+
+res.status = function status(code) {
+  if ((typeof code === 'string' || Math.floor(code) !== code) && code > 99 && code < 1000) {
+    deprecate('res.status(' + JSON.stringify(code) + '): use res.status(' + Math.floor(code) + ') instead')
+  }
+  this.statusCode = code;
+  return this;
+};
+
+/**
+ * Set Link header field with the given `links`.
+ *
+ * Examples:
+ *
+ *    res.links({
+ *      next: 'http://api.example.com/users?page=2',
+ *      last: 'http://api.example.com/users?page=5'
+ *    });
+ *
+ * @param {Object} links
+ * @return {ServerResponse}
+ * @public
+ */
+
+res.links = function(links){
+  var link = this.get('Link') || '';
+  if (link) link += ', ';
+  return this.set('Link', link + Object.keys(links).map(function(rel){
+    return '<' + links[rel] + '>; rel="' + rel + '"';
+  }).join(', '));
+};
+
+/**
+ * Send a response.
+ *
+ * Examples:
+ *
+ *     res.send(Buffer.from('wahoo'));
+ *     res.send({ some: 'json' });
+ *     res.send('<p>some html</p>');
+ *
+ * @param {string|number|boolean|object|Buffer} body
+ * @public
+ */
+
+res.send = function send(body) {
+  var chunk = body;
+  var encoding;
+  var req = this.req;
+  var type;
+
+  // settings
+  var app = this.app;
+
+  // allow status / body
+  if (arguments.length === 2) {
+    // res.send(body, status) backwards compat
+    if (typeof arguments[0] !== 'number' && typeof arguments[1] === 'number') {
+      deprecate('res.send(body, status): Use res.status(status).send(body) instead');
+      this.statusCode = arguments[1];
+    } else {
+      deprecate('res.send(status, body): Use res.status(status).send(body) instead');
+      this.statusCode = arguments[0];
+      chunk = arguments[1];
+    }
+  }
+
+  // disambiguate res.send(status) and res.send(status, num)
+  if (typeof chunk === 'number' && arguments.length === 1) {
+    // res.send(status) will set status message as text string
+    if (!this.get('Content-Type')) {
+      this.type('txt');
+    }
+
+    deprecate('res.send(status): Use res.sendStatus(status) instead');
+    this.statusCode = chunk;
+    chunk = statuses.message[chunk]
+  }
+
+  switch (typeof chunk) {
+    // string defaulting to html
+    case 'string':
+      if (!this.get('Content-Type')) {
+        this.type('html');
+      }
+      break;
+    case 'boolean':
+    case 'number':
+    case 'object':
+      if (chunk === null) {
+        chunk = '';
+      } else if (Buffer.isBuffer(chunk)) {
+        if (!this.get('Content-Type')) {
+          this.type('bin');
+        }
+      } else {
+        return this.json(chunk);
+      }
+      break;
+  }
+
+  // write strings in utf-8
+  if (typeof chunk === 'string') {
+    encoding = 'utf8';
+    type = this.get('Content-Type');
+
+    // reflect this in content-type
+    if (typeof type === 'string') {
+      this.set('Content-Type', setCharset(type, 'utf-8'));
+    }
+  }
+
+  // determine if ETag should be generated
+  var etagFn = app.get('etag fn')
+  var generateETag = !this.get('ETag') && typeof etagFn === 'function'
+
+  // populate Content-Length
+  var len
+  if (chunk !== undefined) {
+    if (Buffer.isBuffer(chunk)) {
+      // get length of Buffer
+      len = chunk.length
+    } else if (!generateETag && chunk.length < 1000) {
+      // just calculate length when no ETag + small chunk
+      len = Buffer.byteLength(chunk, encoding)
+    } else {
+      // convert chunk to Buffer and calculate
+      chunk = Buffer.from(chunk, encoding)
+      encoding = undefined;
+      len = chunk.length
+    }
+
+    this.set('Content-Length', len);
+  }
+
+  // populate ETag
+  var etag;
+  if (generateETag && len !== undefined) {
+    if ((etag = etagFn(chunk, encoding))) {
+      this.set('ETag', etag);
+    }
+  }
+
+  // freshness
+  if (req.fresh) this.statusCode = 304;
+
+  // strip irrelevant headers
+  if (204 === this.statusCode || 304 === this.statusCode) {
+    this.removeHeader('Content-Type');
+    this.removeHeader('Content-Length');
+    this.removeHeader('Transfer-Encoding');
+    chunk = '';
+  }
+
+  // alter headers for 205
+  if (this.statusCode === 205) {
+    this.set('Content-Length', '0')
+    this.removeHeader('Transfer-Encoding')
+    chunk = ''
+  }
+
+  if (req.method === 'HEAD') {
+    // skip body for HEAD
+    this.end();
+  } else {
+    // respond
+    this.end(chunk, encoding);
+  }
+
+  return this;
+};
+
+/**
+ * Send JSON response.
+ *
+ * Examples:
+ *
+ *     res.json(null);
+ *     res.json({ user: 'tj' });
+ *
+ * @param {string|number|boolean|object} obj
+ * @public
+ */
+
+res.json = function json(obj) {
+  var val = obj;
+
+  // allow status / body
+  if (arguments.length === 2) {
+    // res.json(body, status) backwards compat
+    if (typeof arguments[1] === 'number') {
+      deprecate('res.json(obj, status): Use res.status(status).json(obj) instead');
+      this.statusCode = arguments[1];
+    } else {
+      deprecate('res.json(status, obj): Use res.status(status).json(obj) instead');
+      this.statusCode = arguments[0];
+      val = arguments[1];
+    }
+  }
+
+  // settings
+  var app = this.app;
+  var escape = app.get('json escape')
+  var replacer = app.get('json replacer');
+  var spaces = app.get('json spaces');
+  var body = stringify(val, replacer, spaces, escape)
+
+  // content-type
+  if (!this.get('Content-Type')) {
+    this.set('Content-Type', 'application/json');
+  }
+
+  return this.send(body);
+};
+
+/**
+ * Send JSON response with JSONP callback support.
+ *
+ * Examples:
+ *
+ *     res.jsonp(null);
+ *     res.jsonp({ user: 'tj' });
+ *
+ * @param {string|number|boolean|object} obj
+ * @public
+ */
+
+res.jsonp = function jsonp(obj) {
+  var val = obj;
+
+  // allow status / body
+  if (arguments.length === 2) {
+    // res.jsonp(body, status) backwards compat
+    if (typeof arguments[1] === 'number') {
+      deprecate('res.jsonp(obj, status): Use res.status(status).jsonp(obj) instead');
+      this.statusCode = arguments[1];
+    } else {
+      deprecate('res.jsonp(status, obj): Use res.status(status).jsonp(obj) instead');
+      this.statusCode = arguments[0];
+      val = arguments[1];
+    }
+  }
+
+  // settings
+  var app = this.app;
+  var escape = app.get('json escape')
+  var replacer = app.get('json replacer');
+  var spaces = app.get('json spaces');
+  var body = stringify(val, replacer, spaces, escape)
+  var callback = this.req.query[app.get('jsonp callback name')];
+
+  // content-type
+  if (!this.get('Content-Type')) {
+    this.set('X-Content-Type-Options', 'nosniff');
+    this.set('Content-Type', 'application/json');
+  }
+
+  // fixup callback
+  if (Array.isArray(callback)) {
+    callback = callback[0];
+  }
+
+  // jsonp
+  if (typeof callback === 'string' && callback.length !== 0) {
+    this.set('X-Content-Type-Options', 'nosniff');
+    this.set('Content-Type', 'text/javascript');
+
+    // restrict callback charset
+    callback = callback.replace(/[^\[\]\w$.]/g, '');
+
+    if (body === undefined) {
+      // empty argument
+      body = ''
+    } else if (typeof body === 'string') {
+      // replace chars not allowed in JavaScript that are in JSON
+      body = body
+        .replace(/\u2028/g, '\\u2028')
+        .replace(/\u2029/g, '\\u2029')
+    }
+
+    // the /**/ is a specific security mitigation for "Rosetta Flash JSONP abuse"
+    // the typeof check is just to reduce client error noise
+    body = '/**/ typeof ' + callback + ' === \'function\' && ' + callback + '(' + body + ');';
+  }
+
+  return this.send(body);
+};
+
+/**
+ * Send given HTTP status code.
+ *
+ * Sets the response status to `statusCode` and the body of the
+ * response to the standard description from node's http.STATUS_CODES
+ * or the statusCode number if no description.
+ *
+ * Examples:
+ *
+ *     res.sendStatus(200);
+ *
+ * @param {number} statusCode
+ * @public
+ */
+
+res.sendStatus = function sendStatus(statusCode) {
+  var body = statuses.message[statusCode] || String(statusCode)
+
+  this.statusCode = statusCode;
+  this.type('txt');
+
+  return this.send(body);
+};
+
+/**
+ * Transfer the file at the given `path`.
+ *
+ * Automatically sets the _Content-Type_ response header field.
+ * The callback `callback(err)` is invoked when the transfer is complete
+ * or when an error occurs. Be sure to check `res.headersSent`
+ * if you wish to attempt responding, as the header and some data
+ * may have already been transferred.
+ *
+ * Options:
+ *
+ *   - `maxAge`   defaulting to 0 (can be string converted by `ms`)
+ *   - `root`     root directory for relative filenames
+ *   - `headers`  object of headers to serve with file
+ *   - `dotfiles` serve dotfiles, defaulting to false; can be `"allow"` to send them
+ *
+ * Other options are passed along to `send`.
+ *
+ * Examples:
+ *
+ *  The following example illustrates how `res.sendFile()` may
+ *  be used as an alternative for the `static()` middleware for
+ *  dynamic situations. The code backing `res.sendFile()` is actually
+ *  the same code, so HTTP cache support etc is identical.
+ *
+ *     app.get('/user/:uid/photos/:file', function(req, res){
+ *       var uid = req.params.uid
+ *         , file = req.params.file;
+ *
+ *       req.user.mayViewFilesFrom(uid, function(yes){
+ *         if (yes) {
+ *           res.sendFile('/uploads/' + uid + '/' + file);
+ *         } else {
+ *           res.send(403, 'Sorry! you cant see that.');
+ *         }
+ *       });
+ *     });
+ *
+ * @public
+ */
+
+res.sendFile = function sendFile(path, options, callback) {
+  var done = callback;
+  var req = this.req;
+  var res = this;
+  var next = req.next;
+  var opts = options || {};
+
+  if (!path) {
+    throw new TypeError('path argument is required to res.sendFile');
+  }
+
+  if (typeof path !== 'string') {
+    throw new TypeError('path must be a string to res.sendFile')
+  }
+
+  // support function as second arg
+  if (typeof options === 'function') {
+    done = options;
+    opts = {};
+  }
+
+  if (!opts.root && !isAbsolute(path)) {
+    throw new TypeError('path must be absolute or specify root to res.sendFile');
+  }
+
+  // create file stream
+  var pathname = encodeURI(path);
+  var file = send(req, pathname, opts);
+
+  // transfer
+  sendfile(res, file, opts, function (err) {
+    if (done) return done(err);
+    if (err && err.code === 'EISDIR') return next();
+
+    // next() all but write errors
+    if (err && err.code !== 'ECONNABORTED' && err.syscall !== 'write') {
+      next(err);
+    }
+  });
+};
+
+/**
+ * Transfer the file at the given `path`.
+ *
+ * Automatically sets the _Content-Type_ response header field.
+ * The callback `callback(err)` is invoked when the transfer is complete
+ * or when an error occurs. Be sure to check `res.headersSent`
+ * if you wish to attempt responding, as the header and some data
+ * may have already been transferred.
+ *
+ * Options:
+ *
+ *   - `maxAge`   defaulting to 0 (can be string converted by `ms`)
+ *   - `root`     root directory for relative filenames
+ *   - `headers`  object of headers to serve with file
+ *   - `dotfiles` serve dotfiles, defaulting to false; can be `"allow"` to send them
+ *
+ * Other options are passed along to `send`.
+ *
+ * Examples:
+ *
+ *  The following example illustrates how `res.sendfile()` may
+ *  be used as an alternative for the `static()` middleware for
+ *  dynamic situations. The code backing `res.sendfile()` is actually
+ *  the same code, so HTTP cache support etc is identical.
+ *
+ *     app.get('/user/:uid/photos/:file', function(req, res){
+ *       var uid = req.params.uid
+ *         , file = req.params.file;
+ *
+ *       req.user.mayViewFilesFrom(uid, function(yes){
+ *         if (yes) {
+ *           res.sendfile('/uploads/' + uid + '/' + file);
+ *         } else {
+ *           res.send(403, 'Sorry! you cant see that.');
+ *         }
+ *       });
+ *     });
+ *
+ * @public
+ */
+
+res.sendfile = function (path, options, callback) {
+  var done = callback;
+  var req = this.req;
+  var res = this;
+  var next = req.next;
+  var opts = options || {};
+
+  // support function as second arg
+  if (typeof options === 'function') {
+    done = options;
+    opts = {};
+  }
+
+  // create file stream
+  var file = send(req, path, opts);
+
+  // transfer
+  sendfile(res, file, opts, function (err) {
+    if (done) return done(err);
+    if (err && err.code === 'EISDIR') return next();
+
+    // next() all but write errors
+    if (err && err.code !== 'ECONNABORTED' && err.syscall !== 'write') {
+      next(err);
+    }
+  });
+};
+
+res.sendfile = deprecate.function(res.sendfile,
+  'res.sendfile: Use res.sendFile instead');
+
+/**
+ * Transfer the file at the given `path` as an attachment.
+ *
+ * Optionally providing an alternate attachment `filename`,
+ * and optional callback `callback(err)`. The callback is invoked
+ * when the data transfer is complete, or when an error has
+ * occurred. Be sure to check `res.headersSent` if you plan to respond.
+ *
+ * Optionally providing an `options` object to use with `res.sendFile()`.
+ * This function will set the `Content-Disposition` header, overriding
+ * any `Content-Disposition` header passed as header options in order
+ * to set the attachment and filename.
+ *
+ * This method uses `res.sendFile()`.
+ *
+ * @public
+ */
+
+res.download = function download (path, filename, options, callback) {
+  var done = callback;
+  var name = filename;
+  var opts = options || null
+
+  // support function as second or third arg
+  if (typeof filename === 'function') {
+    done = filename;
+    name = null;
+    opts = null
+  } else if (typeof options === 'function') {
+    done = options
+    opts = null
+  }
+
+  // support optional filename, where options may be in it's place
+  if (typeof filename === 'object' &&
+    (typeof options === 'function' || options === undefined)) {
+    name = null
+    opts = filename
+  }
+
+  // set Content-Disposition when file is sent
+  var headers = {
+    'Content-Disposition': contentDisposition(name || path)
+  };
+
+  // merge user-provided headers
+  if (opts && opts.headers) {
+    var keys = Object.keys(opts.headers)
+    for (var i = 0; i < keys.length; i++) {
+      var key = keys[i]
+      if (key.toLowerCase() !== 'content-disposition') {
+        headers[key] = opts.headers[key]
+      }
+    }
+  }
+
+  // merge user-provided options
+  opts = Object.create(opts)
+  opts.headers = headers
+
+  // Resolve the full path for sendFile
+  var fullPath = !opts.root
+    ? resolve(path)
+    : path
+
+  // send file
+  return this.sendFile(fullPath, opts, done)
+};
+
+/**
+ * Set _Content-Type_ response header with `type` through `mime.lookup()`
+ * when it does not contain "/", or set the Content-Type to `type` otherwise.
+ *
+ * Examples:
+ *
+ *     res.type('.html');
+ *     res.type('html');
+ *     res.type('json');
+ *     res.type('application/json');
+ *     res.type('png');
+ *
+ * @param {String} type
+ * @return {ServerResponse} for chaining
+ * @public
+ */
+
+res.contentType =
+res.type = function contentType(type) {
+  var ct = type.indexOf('/') === -1
+    ? mime.lookup(type)
+    : type;
+
+  return this.set('Content-Type', ct);
+};
+
+/**
+ * Respond to the Acceptable formats using an `obj`
+ * of mime-type callbacks.
+ *
+ * This method uses `req.accepted`, an array of
+ * acceptable types ordered by their quality values.
+ * When "Accept" is not present the _first_ callback
+ * is invoked, otherwise the first match is used. When
+ * no match is performed the server responds with
+ * 406 "Not Acceptable".
+ *
+ * Content-Type is set for you, however if you choose
+ * you may alter this within the callback using `res.type()`
+ * or `res.set('Content-Type', ...)`.
+ *
+ *    res.format({
+ *      'text/plain': function(){
+ *        res.send('hey');
+ *      },
+ *
+ *      'text/html': function(){
+ *        res.send('<p>hey</p>');
+ *      },
+ *
+ *      'application/json': function () {
+ *        res.send({ message: 'hey' });
+ *      }
+ *    });
+ *
+ * In addition to canonicalized MIME types you may
+ * also use extnames mapped to these types:
+ *
+ *    res.format({
+ *      text: function(){
+ *        res.send('hey');
+ *      },
+ *
+ *      html: function(){
+ *        res.send('<p>hey</p>');
+ *      },
+ *
+ *      json: function(){
+ *        res.send({ message: 'hey' });
+ *      }
+ *    });
+ *
+ * By default Express passes an `Error`
+ * with a `.status` of 406 to `next(err)`
+ * if a match is not made. If you provide
+ * a `.default` callback it will be invoked
+ * instead.
+ *
+ * @param {Object} obj
+ * @return {ServerResponse} for chaining
+ * @public
+ */
+
+res.format = function(obj){
+  var req = this.req;
+  var next = req.next;
+
+  var keys = Object.keys(obj)
+    .filter(function (v) { return v !== 'default' })
+
+  var key = keys.length > 0
+    ? req.accepts(keys)
+    : false;
+
+  this.vary("Accept");
+
+  if (key) {
+    this.set('Content-Type', normalizeType(key).value);
+    obj[key](req, this, next);
+  } else if (obj.default) {
+    obj.default(req, this, next)
+  } else {
+    next(createError(406, {
+      types: normalizeTypes(keys).map(function (o) { return o.value })
+    }))
+  }
+
+  return this;
+};
+
+/**
+ * Set _Content-Disposition_ header to _attachment_ with optional `filename`.
+ *
+ * @param {String} filename
+ * @return {ServerResponse}
+ * @public
+ */
+
+res.attachment = function attachment(filename) {
+  if (filename) {
+    this.type(extname(filename));
+  }
+
+  this.set('Content-Disposition', contentDisposition(filename));
+
+  return this;
+};
+
+/**
+ * Append additional header `field` with value `val`.
+ *
+ * Example:
+ *
+ *    res.append('Link', ['<http://localhost/>', '<http://localhost:3000/>']);
+ *    res.append('Set-Cookie', 'foo=bar; Path=/; HttpOnly');
+ *    res.append('Warning', '199 Miscellaneous warning');
+ *
+ * @param {String} field
+ * @param {String|Array} val
+ * @return {ServerResponse} for chaining
+ * @public
+ */
+
+res.append = function append(field, val) {
+  var prev = this.get(field);
+  var value = val;
+
+  if (prev) {
+    // concat the new and prev vals
+    value = Array.isArray(prev) ? prev.concat(val)
+      : Array.isArray(val) ? [prev].concat(val)
+        : [prev, val]
+  }
+
+  return this.set(field, value);
+};
+
+/**
+ * Set header `field` to `val`, or pass
+ * an object of header fields.
+ *
+ * Examples:
+ *
+ *    res.set('Foo', ['bar', 'baz']);
+ *    res.set('Accept', 'application/json');
+ *    res.set({ Accept: 'text/plain', 'X-API-Key': 'tobi' });
+ *
+ * Aliased as `res.header()`.
+ *
+ * @param {String|Object} field
+ * @param {String|Array} val
+ * @return {ServerResponse} for chaining
+ * @public
+ */
+
+res.set =
+res.header = function header(field, val) {
+  if (arguments.length === 2) {
+    var value = Array.isArray(val)
+      ? val.map(String)
+      : String(val);
+
+    // add charset to content-type
+    if (field.toLowerCase() === 'content-type') {
+      if (Array.isArray(value)) {
+        throw new TypeError('Content-Type cannot be set to an Array');
+      }
+      if (!charsetRegExp.test(value)) {
+        var charset = mime.charsets.lookup(value.split(';')[0]);
+        if (charset) value += '; charset=' + charset.toLowerCase();
+      }
+    }
+
+    this.setHeader(field, value);
+  } else {
+    for (var key in field) {
+      this.set(key, field[key]);
+    }
+  }
+  return this;
+};
+
+/**
+ * Get value for header `field`.
+ *
+ * @param {String} field
+ * @return {String}
+ * @public
+ */
+
+res.get = function(field){
+  return this.getHeader(field);
+};
+
+/**
+ * Clear cookie `name`.
+ *
+ * @param {String} name
+ * @param {Object} [options]
+ * @return {ServerResponse} for chaining
+ * @public
+ */
+
+res.clearCookie = function clearCookie(name, options) {
+  if (options) {
+    if (options.maxAge) {
+      deprecate('res.clearCookie: Passing "options.maxAge" is deprecated. In v5.0.0 of Express, this option will be ignored, as res.clearCookie will automatically set cookies to expire immediately. Please update your code to omit this option.');
+    }
+    if (options.expires) {
+      deprecate('res.clearCookie: Passing "options.expires" is deprecated. In v5.0.0 of Express, this option will be ignored, as res.clearCookie will automatically set cookies to expire immediately. Please update your code to omit this option.');
+    }
+  }
+  var opts = merge({ expires: new Date(1), path: '/' }, options);
+
+  return this.cookie(name, '', opts);
+};
+
+/**
+ * Set cookie `name` to `value`, with the given `options`.
+ *
+ * Options:
+ *
+ *    - `maxAge`   max-age in milliseconds, converted to `expires`
+ *    - `signed`   sign the cookie
+ *    - `path`     defaults to "/"
+ *
+ * Examples:
+ *
+ *    // "Remember Me" for 15 minutes
+ *    res.cookie('rememberme', '1', { expires: new Date(Date.now() + 900000), httpOnly: true });
+ *
+ *    // same as above
+ *    res.cookie('rememberme', '1', { maxAge: 900000, httpOnly: true })
+ *
+ * @param {String} name
+ * @param {String|Object} value
+ * @param {Object} [options]
+ * @return {ServerResponse} for chaining
+ * @public
+ */
+
+res.cookie = function (name, value, options) {
+  var opts = merge({}, options);
+  var secret = this.req.secret;
+  var signed = opts.signed;
+
+  if (signed && !secret) {
+    throw new Error('cookieParser("secret") required for signed cookies');
+  }
+
+  var val = typeof value === 'object'
+    ? 'j:' + JSON.stringify(value)
+    : String(value);
+
+  if (signed) {
+    val = 's:' + sign(val, secret);
+  }
+
+  if (opts.maxAge != null) {
+    var maxAge = opts.maxAge - 0
+
+    if (!isNaN(maxAge)) {
+      opts.expires = new Date(Date.now() + maxAge)
+      opts.maxAge = Math.floor(maxAge / 1000)
+    }
+  }
+
+  if (opts.path == null) {
+    opts.path = '/';
+  }
+
+  this.append('Set-Cookie', cookie.serialize(name, String(val), opts));
+
+  return this;
+};
+
+/**
+ * Set the location header to `url`.
+ *
+ * The given `url` can also be "back", which redirects
+ * to the _Referrer_ or _Referer_ headers or "/".
+ *
+ * Examples:
+ *
+ *    res.location('/foo/bar').;
+ *    res.location('http://example.com');
+ *    res.location('../login');
+ *
+ * @param {String} url
+ * @return {ServerResponse} for chaining
+ * @public
+ */
+
+res.location = function location(url) {
+  var loc;
+
+  // "back" is an alias for the referrer
+  if (url === 'back') {
+    deprecate('res.location("back"): use res.location(req.get("Referrer") || "/") and refer to https://dub.sh/security-redirect for best practices');
+    loc = this.req.get('Referrer') || '/';
+  } else {
+    loc = String(url);
+  }
+
+  return this.set('Location', encodeUrl(loc));
+};
+
+/**
+ * Redirect to the given `url` with optional response `status`
+ * defaulting to 302.
+ *
+ * The resulting `url` is determined by `res.location()`, so
+ * it will play nicely with mounted apps, relative paths,
+ * `"back"` etc.
+ *
+ * Examples:
+ *
+ *    res.redirect('/foo/bar');
+ *    res.redirect('http://example.com');
+ *    res.redirect(301, 'http://example.com');
+ *    res.redirect('../login'); // /blog/post/1 -> /blog/login
+ *
+ * @public
+ */
+
+res.redirect = function redirect(url) {
+  var address = url;
+  var body;
+  var status = 302;
+
+  // allow status / url
+  if (arguments.length === 2) {
+    if (typeof arguments[0] === 'number') {
+      status = arguments[0];
+      address = arguments[1];
+    } else {
+      deprecate('res.redirect(url, status): Use res.redirect(status, url) instead');
+      status = arguments[1];
+    }
+  }
+
+  // Set location header
+  address = this.location(address).get('Location');
+
+  // Support text/{plain,html} by default
+  this.format({
+    text: function(){
+      body = statuses.message[status] + '. Redirecting to ' + address
+    },
+
+    html: function(){
+      var u = escapeHtml(address);
+      body = '<p>' + statuses.message[status] + '. Redirecting to ' + u + '</p>'
+    },
+
+    default: function(){
+      body = '';
+    }
+  });
+
+  // Respond
+  this.statusCode = status;
+  this.set('Content-Length', Buffer.byteLength(body));
+
+  if (this.req.method === 'HEAD') {
+    this.end();
+  } else {
+    this.end(body);
+  }
+};
+
+/**
+ * Add `field` to Vary. If already present in the Vary set, then
+ * this call is simply ignored.
+ *
+ * @param {Array|String} field
+ * @return {ServerResponse} for chaining
+ * @public
+ */
+
+res.vary = function(field){
+  // checks for back-compat
+  if (!field || (Array.isArray(field) && !field.length)) {
+    deprecate('res.vary(): Provide a field name');
+    return this;
+  }
+
+  vary(this, field);
+
+  return this;
+};
+
+/**
+ * Render `view` with the given `options` and optional callback `fn`.
+ * When a callback function is given a response will _not_ be made
+ * automatically, otherwise a response of _200_ and _text/html_ is given.
+ *
+ * Options:
+ *
+ *  - `cache`     boolean hinting to the engine it should cache
+ *  - `filename`  filename of the view being rendered
+ *
+ * @public
+ */
+
+res.render = function render(view, options, callback) {
+  var app = this.req.app;
+  var done = callback;
+  var opts = options || {};
+  var req = this.req;
+  var self = this;
+
+  // support callback function as second arg
+  if (typeof options === 'function') {
+    done = options;
+    opts = {};
+  }
+
+  // merge res.locals
+  opts._locals = self.locals;
+
+  // default callback to respond
+  done = done || function (err, str) {
+    if (err) return req.next(err);
+    self.send(str);
+  };
+
+  // render
+  app.render(view, opts, done);
+};
+
+// pipe the send file stream
+function sendfile(res, file, options, callback) {
+  var done = false;
+  var streaming;
+
+  // request aborted
+  function onaborted() {
+    if (done) return;
+    done = true;
+
+    var err = new Error('Request aborted');
+    err.code = 'ECONNABORTED';
+    callback(err);
+  }
+
+  // directory
+  function ondirectory() {
+    if (done) return;
+    done = true;
+
+    var err = new Error('EISDIR, read');
+    err.code = 'EISDIR';
+    callback(err);
+  }
+
+  // errors
+  function onerror(err) {
+    if (done) return;
+    done = true;
+    callback(err);
+  }
+
+  // ended
+  function onend() {
+    if (done) return;
+    done = true;
+    callback();
+  }
+
+  // file
+  function onfile() {
+    streaming = false;
+  }
+
+  // finished
+  function onfinish(err) {
+    if (err && err.code === 'ECONNRESET') return onaborted();
+    if (err) return onerror(err);
+    if (done) return;
+
+    setImmediate(function () {
+      if (streaming !== false && !done) {
+        onaborted();
+        return;
+      }
+
+      if (done) return;
+      done = true;
+      callback();
+    });
+  }
+
+  // streaming
+  function onstream() {
+    streaming = true;
+  }
+
+  file.on('directory', ondirectory);
+  file.on('end', onend);
+  file.on('error', onerror);
+  file.on('file', onfile);
+  file.on('stream', onstream);
+  onFinished(res, onfinish);
+
+  if (options.headers) {
+    // set headers on successful transfer
+    file.on('headers', function headers(res) {
+      var obj = options.headers;
+      var keys = Object.keys(obj);
+
+      for (var i = 0; i < keys.length; i++) {
+        var k = keys[i];
+        res.setHeader(k, obj[k]);
+      }
+    });
+  }
+
+  // pipe
+  file.pipe(res);
+}
+
+/**
+ * Stringify JSON, like JSON.stringify, but v8 optimized, with the
+ * ability to escape characters that can trigger HTML sniffing.
+ *
+ * @param {*} value
+ * @param {function} replacer
+ * @param {number} spaces
+ * @param {boolean} escape
+ * @returns {string}
+ * @private
+ */
+
+function stringify (value, replacer, spaces, escape) {
+  // v8 checks arguments.length for optimizing simple call
+  // https://bugs.chromium.org/p/v8/issues/detail?id=4730
+  var json = replacer || spaces
+    ? JSON.stringify(value, replacer, spaces)
+    : JSON.stringify(value);
+
+  if (escape && typeof json === 'string') {
+    json = json.replace(/[<>&]/g, function (c) {
+      switch (c.charCodeAt(0)) {
+        case 0x3c:
+          return '\\u003c'
+        case 0x3e:
+          return '\\u003e'
+        case 0x26:
+          return '\\u0026'
+        /* istanbul ignore next: unreachable default */
+        default:
+          return c
+      }
+    })
+  }
+
+  return json
+}
diff --git a/src/Servers/ExpressServer/node_modules/express/lib/router/index.js b/src/Servers/ExpressServer/node_modules/express/lib/router/index.js
new file mode 100644
index 0000000..abb3a6f
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/express/lib/router/index.js
@@ -0,0 +1,673 @@
+/*!
+ * express
+ * Copyright(c) 2009-2013 TJ Holowaychuk
+ * Copyright(c) 2013 Roman Shtylman
+ * Copyright(c) 2014-2015 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict';
+
+/**
+ * Module dependencies.
+ * @private
+ */
+
+var Route = require('./route');
+var Layer = require('./layer');
+var methods = require('methods');
+var mixin = require('utils-merge');
+var debug = require('debug')('express:router');
+var deprecate = require('depd')('express');
+var flatten = require('array-flatten');
+var parseUrl = require('parseurl');
+var setPrototypeOf = require('setprototypeof')
+
+/**
+ * Module variables.
+ * @private
+ */
+
+var objectRegExp = /^\[object (\S+)\]$/;
+var slice = Array.prototype.slice;
+var toString = Object.prototype.toString;
+
+/**
+ * Initialize a new `Router` with the given `options`.
+ *
+ * @param {Object} [options]
+ * @return {Router} which is a callable function
+ * @public
+ */
+
+var proto = module.exports = function(options) {
+  var opts = options || {};
+
+  function router(req, res, next) {
+    router.handle(req, res, next);
+  }
+
+  // mixin Router class functions
+  setPrototypeOf(router, proto)
+
+  router.params = {};
+  router._params = [];
+  router.caseSensitive = opts.caseSensitive;
+  router.mergeParams = opts.mergeParams;
+  router.strict = opts.strict;
+  router.stack = [];
+
+  return router;
+};
+
+/**
+ * Map the given param placeholder `name`(s) to the given callback.
+ *
+ * Parameter mapping is used to provide pre-conditions to routes
+ * which use normalized placeholders. For example a _:user_id_ parameter
+ * could automatically load a user's information from the database without
+ * any additional code,
+ *
+ * The callback uses the same signature as middleware, the only difference
+ * being that the value of the placeholder is passed, in this case the _id_
+ * of the user. Once the `next()` function is invoked, just like middleware
+ * it will continue on to execute the route, or subsequent parameter functions.
+ *
+ * Just like in middleware, you must either respond to the request or call next
+ * to avoid stalling the request.
+ *
+ *  app.param('user_id', function(req, res, next, id){
+ *    User.find(id, function(err, user){
+ *      if (err) {
+ *        return next(err);
+ *      } else if (!user) {
+ *        return next(new Error('failed to load user'));
+ *      }
+ *      req.user = user;
+ *      next();
+ *    });
+ *  });
+ *
+ * @param {String} name
+ * @param {Function} fn
+ * @return {app} for chaining
+ * @public
+ */
+
+proto.param = function param(name, fn) {
+  // param logic
+  if (typeof name === 'function') {
+    deprecate('router.param(fn): Refactor to use path params');
+    this._params.push(name);
+    return;
+  }
+
+  // apply param functions
+  var params = this._params;
+  var len = params.length;
+  var ret;
+
+  if (name[0] === ':') {
+    deprecate('router.param(' + JSON.stringify(name) + ', fn): Use router.param(' + JSON.stringify(name.slice(1)) + ', fn) instead')
+    name = name.slice(1)
+  }
+
+  for (var i = 0; i < len; ++i) {
+    if (ret = params[i](name, fn)) {
+      fn = ret;
+    }
+  }
+
+  // ensure we end up with a
+  // middleware function
+  if ('function' !== typeof fn) {
+    throw new Error('invalid param() call for ' + name + ', got ' + fn);
+  }
+
+  (this.params[name] = this.params[name] || []).push(fn);
+  return this;
+};
+
+/**
+ * Dispatch a req, res into the router.
+ * @private
+ */
+
+proto.handle = function handle(req, res, out) {
+  var self = this;
+
+  debug('dispatching %s %s', req.method, req.url);
+
+  var idx = 0;
+  var protohost = getProtohost(req.url) || ''
+  var removed = '';
+  var slashAdded = false;
+  var sync = 0
+  var paramcalled = {};
+
+  // store options for OPTIONS request
+  // only used if OPTIONS request
+  var options = [];
+
+  // middleware and routes
+  var stack = self.stack;
+
+  // manage inter-router variables
+  var parentParams = req.params;
+  var parentUrl = req.baseUrl || '';
+  var done = restore(out, req, 'baseUrl', 'next', 'params');
+
+  // setup next layer
+  req.next = next;
+
+  // for options requests, respond with a default if nothing else responds
+  if (req.method === 'OPTIONS') {
+    done = wrap(done, function(old, err) {
+      if (err || options.length === 0) return old(err);
+      sendOptionsResponse(res, options, old);
+    });
+  }
+
+  // setup basic req values
+  req.baseUrl = parentUrl;
+  req.originalUrl = req.originalUrl || req.url;
+
+  next();
+
+  function next(err) {
+    var layerError = err === 'route'
+      ? null
+      : err;
+
+    // remove added slash
+    if (slashAdded) {
+      req.url = req.url.slice(1)
+      slashAdded = false;
+    }
+
+    // restore altered req.url
+    if (removed.length !== 0) {
+      req.baseUrl = parentUrl;
+      req.url = protohost + removed + req.url.slice(protohost.length)
+      removed = '';
+    }
+
+    // signal to exit router
+    if (layerError === 'router') {
+      setImmediate(done, null)
+      return
+    }
+
+    // no more matching layers
+    if (idx >= stack.length) {
+      setImmediate(done, layerError);
+      return;
+    }
+
+    // max sync stack
+    if (++sync > 100) {
+      return setImmediate(next, err)
+    }
+
+    // get pathname of request
+    var path = getPathname(req);
+
+    if (path == null) {
+      return done(layerError);
+    }
+
+    // find next matching layer
+    var layer;
+    var match;
+    var route;
+
+    while (match !== true && idx < stack.length) {
+      layer = stack[idx++];
+      match = matchLayer(layer, path);
+      route = layer.route;
+
+      if (typeof match !== 'boolean') {
+        // hold on to layerError
+        layerError = layerError || match;
+      }
+
+      if (match !== true) {
+        continue;
+      }
+
+      if (!route) {
+        // process non-route handlers normally
+        continue;
+      }
+
+      if (layerError) {
+        // routes do not match with a pending error
+        match = false;
+        continue;
+      }
+
+      var method = req.method;
+      var has_method = route._handles_method(method);
+
+      // build up automatic options response
+      if (!has_method && method === 'OPTIONS') {
+        appendMethods(options, route._options());
+      }
+
+      // don't even bother matching route
+      if (!has_method && method !== 'HEAD') {
+        match = false;
+      }
+    }
+
+    // no match
+    if (match !== true) {
+      return done(layerError);
+    }
+
+    // store route for dispatch on change
+    if (route) {
+      req.route = route;
+    }
+
+    // Capture one-time layer values
+    req.params = self.mergeParams
+      ? mergeParams(layer.params, parentParams)
+      : layer.params;
+    var layerPath = layer.path;
+
+    // this should be done for the layer
+    self.process_params(layer, paramcalled, req, res, function (err) {
+      if (err) {
+        next(layerError || err)
+      } else if (route) {
+        layer.handle_request(req, res, next)
+      } else {
+        trim_prefix(layer, layerError, layerPath, path)
+      }
+
+      sync = 0
+    });
+  }
+
+  function trim_prefix(layer, layerError, layerPath, path) {
+    if (layerPath.length !== 0) {
+      // Validate path is a prefix match
+      if (layerPath !== path.slice(0, layerPath.length)) {
+        next(layerError)
+        return
+      }
+
+      // Validate path breaks on a path separator
+      var c = path[layerPath.length]
+      if (c && c !== '/' && c !== '.') return next(layerError)
+
+      // Trim off the part of the url that matches the route
+      // middleware (.use stuff) needs to have the path stripped
+      debug('trim prefix (%s) from url %s', layerPath, req.url);
+      removed = layerPath;
+      req.url = protohost + req.url.slice(protohost.length + removed.length)
+
+      // Ensure leading slash
+      if (!protohost && req.url[0] !== '/') {
+        req.url = '/' + req.url;
+        slashAdded = true;
+      }
+
+      // Setup base URL (no trailing slash)
+      req.baseUrl = parentUrl + (removed[removed.length - 1] === '/'
+        ? removed.substring(0, removed.length - 1)
+        : removed);
+    }
+
+    debug('%s %s : %s', layer.name, layerPath, req.originalUrl);
+
+    if (layerError) {
+      layer.handle_error(layerError, req, res, next);
+    } else {
+      layer.handle_request(req, res, next);
+    }
+  }
+};
+
+/**
+ * Process any parameters for the layer.
+ * @private
+ */
+
+proto.process_params = function process_params(layer, called, req, res, done) {
+  var params = this.params;
+
+  // captured parameters from the layer, keys and values
+  var keys = layer.keys;
+
+  // fast track
+  if (!keys || keys.length === 0) {
+    return done();
+  }
+
+  var i = 0;
+  var name;
+  var paramIndex = 0;
+  var key;
+  var paramVal;
+  var paramCallbacks;
+  var paramCalled;
+
+  // process params in order
+  // param callbacks can be async
+  function param(err) {
+    if (err) {
+      return done(err);
+    }
+
+    if (i >= keys.length ) {
+      return done();
+    }
+
+    paramIndex = 0;
+    key = keys[i++];
+    name = key.name;
+    paramVal = req.params[name];
+    paramCallbacks = params[name];
+    paramCalled = called[name];
+
+    if (paramVal === undefined || !paramCallbacks) {
+      return param();
+    }
+
+    // param previously called with same value or error occurred
+    if (paramCalled && (paramCalled.match === paramVal
+      || (paramCalled.error && paramCalled.error !== 'route'))) {
+      // restore value
+      req.params[name] = paramCalled.value;
+
+      // next param
+      return param(paramCalled.error);
+    }
+
+    called[name] = paramCalled = {
+      error: null,
+      match: paramVal,
+      value: paramVal
+    };
+
+    paramCallback();
+  }
+
+  // single param callbacks
+  function paramCallback(err) {
+    var fn = paramCallbacks[paramIndex++];
+
+    // store updated value
+    paramCalled.value = req.params[key.name];
+
+    if (err) {
+      // store error
+      paramCalled.error = err;
+      param(err);
+      return;
+    }
+
+    if (!fn) return param();
+
+    try {
+      fn(req, res, paramCallback, paramVal, key.name);
+    } catch (e) {
+      paramCallback(e);
+    }
+  }
+
+  param();
+};
+
+/**
+ * Use the given middleware function, with optional path, defaulting to "/".
+ *
+ * Use (like `.all`) will run for any http METHOD, but it will not add
+ * handlers for those methods so OPTIONS requests will not consider `.use`
+ * functions even if they could respond.
+ *
+ * The other difference is that _route_ path is stripped and not visible
+ * to the handler function. The main effect of this feature is that mounted
+ * handlers can operate without any code changes regardless of the "prefix"
+ * pathname.
+ *
+ * @public
+ */
+
+proto.use = function use(fn) {
+  var offset = 0;
+  var path = '/';
+
+  // default path to '/'
+  // disambiguate router.use([fn])
+  if (typeof fn !== 'function') {
+    var arg = fn;
+
+    while (Array.isArray(arg) && arg.length !== 0) {
+      arg = arg[0];
+    }
+
+    // first arg is the path
+    if (typeof arg !== 'function') {
+      offset = 1;
+      path = fn;
+    }
+  }
+
+  var callbacks = flatten(slice.call(arguments, offset));
+
+  if (callbacks.length === 0) {
+    throw new TypeError('Router.use() requires a middleware function')
+  }
+
+  for (var i = 0; i < callbacks.length; i++) {
+    var fn = callbacks[i];
+
+    if (typeof fn !== 'function') {
+      throw new TypeError('Router.use() requires a middleware function but got a ' + gettype(fn))
+    }
+
+    // add the middleware
+    debug('use %o %s', path, fn.name || '<anonymous>')
+
+    var layer = new Layer(path, {
+      sensitive: this.caseSensitive,
+      strict: false,
+      end: false
+    }, fn);
+
+    layer.route = undefined;
+
+    this.stack.push(layer);
+  }
+
+  return this;
+};
+
+/**
+ * Create a new Route for the given path.
+ *
+ * Each route contains a separate middleware stack and VERB handlers.
+ *
+ * See the Route api documentation for details on adding handlers
+ * and middleware to routes.
+ *
+ * @param {String} path
+ * @return {Route}
+ * @public
+ */
+
+proto.route = function route(path) {
+  var route = new Route(path);
+
+  var layer = new Layer(path, {
+    sensitive: this.caseSensitive,
+    strict: this.strict,
+    end: true
+  }, route.dispatch.bind(route));
+
+  layer.route = route;
+
+  this.stack.push(layer);
+  return route;
+};
+
+// create Router#VERB functions
+methods.concat('all').forEach(function(method){
+  proto[method] = function(path){
+    var route = this.route(path)
+    route[method].apply(route, slice.call(arguments, 1));
+    return this;
+  };
+});
+
+// append methods to a list of methods
+function appendMethods(list, addition) {
+  for (var i = 0; i < addition.length; i++) {
+    var method = addition[i];
+    if (list.indexOf(method) === -1) {
+      list.push(method);
+    }
+  }
+}
+
+// get pathname of request
+function getPathname(req) {
+  try {
+    return parseUrl(req).pathname;
+  } catch (err) {
+    return undefined;
+  }
+}
+
+// Get get protocol + host for a URL
+function getProtohost(url) {
+  if (typeof url !== 'string' || url.length === 0 || url[0] === '/') {
+    return undefined
+  }
+
+  var searchIndex = url.indexOf('?')
+  var pathLength = searchIndex !== -1
+    ? searchIndex
+    : url.length
+  var fqdnIndex = url.slice(0, pathLength).indexOf('://')
+
+  return fqdnIndex !== -1
+    ? url.substring(0, url.indexOf('/', 3 + fqdnIndex))
+    : undefined
+}
+
+// get type for error message
+function gettype(obj) {
+  var type = typeof obj;
+
+  if (type !== 'object') {
+    return type;
+  }
+
+  // inspect [[Class]] for objects
+  return toString.call(obj)
+    .replace(objectRegExp, '$1');
+}
+
+/**
+ * Match path to a layer.
+ *
+ * @param {Layer} layer
+ * @param {string} path
+ * @private
+ */
+
+function matchLayer(layer, path) {
+  try {
+    return layer.match(path);
+  } catch (err) {
+    return err;
+  }
+}
+
+// merge params with parent params
+function mergeParams(params, parent) {
+  if (typeof parent !== 'object' || !parent) {
+    return params;
+  }
+
+  // make copy of parent for base
+  var obj = mixin({}, parent);
+
+  // simple non-numeric merging
+  if (!(0 in params) || !(0 in parent)) {
+    return mixin(obj, params);
+  }
+
+  var i = 0;
+  var o = 0;
+
+  // determine numeric gaps
+  while (i in params) {
+    i++;
+  }
+
+  while (o in parent) {
+    o++;
+  }
+
+  // offset numeric indices in params before merge
+  for (i--; i >= 0; i--) {
+    params[i + o] = params[i];
+
+    // create holes for the merge when necessary
+    if (i < o) {
+      delete params[i];
+    }
+  }
+
+  return mixin(obj, params);
+}
+
+// restore obj props after function
+function restore(fn, obj) {
+  var props = new Array(arguments.length - 2);
+  var vals = new Array(arguments.length - 2);
+
+  for (var i = 0; i < props.length; i++) {
+    props[i] = arguments[i + 2];
+    vals[i] = obj[props[i]];
+  }
+
+  return function () {
+    // restore vals
+    for (var i = 0; i < props.length; i++) {
+      obj[props[i]] = vals[i];
+    }
+
+    return fn.apply(this, arguments);
+  };
+}
+
+// send an OPTIONS response
+function sendOptionsResponse(res, options, next) {
+  try {
+    var body = options.join(',');
+    res.set('Allow', body);
+    res.send(body);
+  } catch (err) {
+    next(err);
+  }
+}
+
+// wrap a function
+function wrap(old, fn) {
+  return function proxy() {
+    var args = new Array(arguments.length + 1);
+
+    args[0] = old;
+    for (var i = 0, len = arguments.length; i < len; i++) {
+      args[i + 1] = arguments[i];
+    }
+
+    fn.apply(this, args);
+  };
+}
diff --git a/src/Servers/ExpressServer/node_modules/express/lib/router/layer.js b/src/Servers/ExpressServer/node_modules/express/lib/router/layer.js
new file mode 100644
index 0000000..4dc8e86
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/express/lib/router/layer.js
@@ -0,0 +1,181 @@
+/*!
+ * express
+ * Copyright(c) 2009-2013 TJ Holowaychuk
+ * Copyright(c) 2013 Roman Shtylman
+ * Copyright(c) 2014-2015 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict';
+
+/**
+ * Module dependencies.
+ * @private
+ */
+
+var pathRegexp = require('path-to-regexp');
+var debug = require('debug')('express:router:layer');
+
+/**
+ * Module variables.
+ * @private
+ */
+
+var hasOwnProperty = Object.prototype.hasOwnProperty;
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = Layer;
+
+function Layer(path, options, fn) {
+  if (!(this instanceof Layer)) {
+    return new Layer(path, options, fn);
+  }
+
+  debug('new %o', path)
+  var opts = options || {};
+
+  this.handle = fn;
+  this.name = fn.name || '<anonymous>';
+  this.params = undefined;
+  this.path = undefined;
+  this.regexp = pathRegexp(path, this.keys = [], opts);
+
+  // set fast path flags
+  this.regexp.fast_star = path === '*'
+  this.regexp.fast_slash = path === '/' && opts.end === false
+}
+
+/**
+ * Handle the error for the layer.
+ *
+ * @param {Error} error
+ * @param {Request} req
+ * @param {Response} res
+ * @param {function} next
+ * @api private
+ */
+
+Layer.prototype.handle_error = function handle_error(error, req, res, next) {
+  var fn = this.handle;
+
+  if (fn.length !== 4) {
+    // not a standard error handler
+    return next(error);
+  }
+
+  try {
+    fn(error, req, res, next);
+  } catch (err) {
+    next(err);
+  }
+};
+
+/**
+ * Handle the request for the layer.
+ *
+ * @param {Request} req
+ * @param {Response} res
+ * @param {function} next
+ * @api private
+ */
+
+Layer.prototype.handle_request = function handle(req, res, next) {
+  var fn = this.handle;
+
+  if (fn.length > 3) {
+    // not a standard request handler
+    return next();
+  }
+
+  try {
+    fn(req, res, next);
+  } catch (err) {
+    next(err);
+  }
+};
+
+/**
+ * Check if this route matches `path`, if so
+ * populate `.params`.
+ *
+ * @param {String} path
+ * @return {Boolean}
+ * @api private
+ */
+
+Layer.prototype.match = function match(path) {
+  var match
+
+  if (path != null) {
+    // fast path non-ending match for / (any path matches)
+    if (this.regexp.fast_slash) {
+      this.params = {}
+      this.path = ''
+      return true
+    }
+
+    // fast path for * (everything matched in a param)
+    if (this.regexp.fast_star) {
+      this.params = {'0': decode_param(path)}
+      this.path = path
+      return true
+    }
+
+    // match the path
+    match = this.regexp.exec(path)
+  }
+
+  if (!match) {
+    this.params = undefined;
+    this.path = undefined;
+    return false;
+  }
+
+  // store values
+  this.params = {};
+  this.path = match[0]
+
+  var keys = this.keys;
+  var params = this.params;
+
+  for (var i = 1; i < match.length; i++) {
+    var key = keys[i - 1];
+    var prop = key.name;
+    var val = decode_param(match[i])
+
+    if (val !== undefined || !(hasOwnProperty.call(params, prop))) {
+      params[prop] = val;
+    }
+  }
+
+  return true;
+};
+
+/**
+ * Decode param value.
+ *
+ * @param {string} val
+ * @return {string}
+ * @private
+ */
+
+function decode_param(val) {
+  if (typeof val !== 'string' || val.length === 0) {
+    return val;
+  }
+
+  try {
+    return decodeURIComponent(val);
+  } catch (err) {
+    if (err instanceof URIError) {
+      err.message = 'Failed to decode param \'' + val + '\'';
+      err.status = err.statusCode = 400;
+    }
+
+    throw err;
+  }
+}
diff --git a/src/Servers/ExpressServer/node_modules/express/lib/router/route.js b/src/Servers/ExpressServer/node_modules/express/lib/router/route.js
new file mode 100644
index 0000000..a65756d
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/express/lib/router/route.js
@@ -0,0 +1,230 @@
+/*!
+ * express
+ * Copyright(c) 2009-2013 TJ Holowaychuk
+ * Copyright(c) 2013 Roman Shtylman
+ * Copyright(c) 2014-2015 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict';
+
+/**
+ * Module dependencies.
+ * @private
+ */
+
+var debug = require('debug')('express:router:route');
+var flatten = require('array-flatten');
+var Layer = require('./layer');
+var methods = require('methods');
+
+/**
+ * Module variables.
+ * @private
+ */
+
+var slice = Array.prototype.slice;
+var toString = Object.prototype.toString;
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = Route;
+
+/**
+ * Initialize `Route` with the given `path`,
+ *
+ * @param {String} path
+ * @public
+ */
+
+function Route(path) {
+  this.path = path;
+  this.stack = [];
+
+  debug('new %o', path)
+
+  // route handlers for various http methods
+  this.methods = {};
+}
+
+/**
+ * Determine if the route handles a given method.
+ * @private
+ */
+
+Route.prototype._handles_method = function _handles_method(method) {
+  if (this.methods._all) {
+    return true;
+  }
+
+  // normalize name
+  var name = typeof method === 'string'
+    ? method.toLowerCase()
+    : method
+
+  if (name === 'head' && !this.methods['head']) {
+    name = 'get';
+  }
+
+  return Boolean(this.methods[name]);
+};
+
+/**
+ * @return {Array} supported HTTP methods
+ * @private
+ */
+
+Route.prototype._options = function _options() {
+  var methods = Object.keys(this.methods);
+
+  // append automatic head
+  if (this.methods.get && !this.methods.head) {
+    methods.push('head');
+  }
+
+  for (var i = 0; i < methods.length; i++) {
+    // make upper case
+    methods[i] = methods[i].toUpperCase();
+  }
+
+  return methods;
+};
+
+/**
+ * dispatch req, res into this route
+ * @private
+ */
+
+Route.prototype.dispatch = function dispatch(req, res, done) {
+  var idx = 0;
+  var stack = this.stack;
+  var sync = 0
+
+  if (stack.length === 0) {
+    return done();
+  }
+  var method = typeof req.method === 'string'
+    ? req.method.toLowerCase()
+    : req.method
+
+  if (method === 'head' && !this.methods['head']) {
+    method = 'get';
+  }
+
+  req.route = this;
+
+  next();
+
+  function next(err) {
+    // signal to exit route
+    if (err && err === 'route') {
+      return done();
+    }
+
+    // signal to exit router
+    if (err && err === 'router') {
+      return done(err)
+    }
+
+    // max sync stack
+    if (++sync > 100) {
+      return setImmediate(next, err)
+    }
+
+    var layer = stack[idx++]
+
+    // end of layers
+    if (!layer) {
+      return done(err)
+    }
+
+    if (layer.method && layer.method !== method) {
+      next(err)
+    } else if (err) {
+      layer.handle_error(err, req, res, next);
+    } else {
+      layer.handle_request(req, res, next);
+    }
+
+    sync = 0
+  }
+};
+
+/**
+ * Add a handler for all HTTP verbs to this route.
+ *
+ * Behaves just like middleware and can respond or call `next`
+ * to continue processing.
+ *
+ * You can use multiple `.all` call to add multiple handlers.
+ *
+ *   function check_something(req, res, next){
+ *     next();
+ *   };
+ *
+ *   function validate_user(req, res, next){
+ *     next();
+ *   };
+ *
+ *   route
+ *   .all(validate_user)
+ *   .all(check_something)
+ *   .get(function(req, res, next){
+ *     res.send('hello world');
+ *   });
+ *
+ * @param {function} handler
+ * @return {Route} for chaining
+ * @api public
+ */
+
+Route.prototype.all = function all() {
+  var handles = flatten(slice.call(arguments));
+
+  for (var i = 0; i < handles.length; i++) {
+    var handle = handles[i];
+
+    if (typeof handle !== 'function') {
+      var type = toString.call(handle);
+      var msg = 'Route.all() requires a callback function but got a ' + type
+      throw new TypeError(msg);
+    }
+
+    var layer = Layer('/', {}, handle);
+    layer.method = undefined;
+
+    this.methods._all = true;
+    this.stack.push(layer);
+  }
+
+  return this;
+};
+
+methods.forEach(function(method){
+  Route.prototype[method] = function(){
+    var handles = flatten(slice.call(arguments));
+
+    for (var i = 0; i < handles.length; i++) {
+      var handle = handles[i];
+
+      if (typeof handle !== 'function') {
+        var type = toString.call(handle);
+        var msg = 'Route.' + method + '() requires a callback function but got a ' + type
+        throw new Error(msg);
+      }
+
+      debug('%s %o', method, this.path)
+
+      var layer = Layer('/', {}, handle);
+      layer.method = method;
+
+      this.methods[method] = true;
+      this.stack.push(layer);
+    }
+
+    return this;
+  };
+});
diff --git a/src/Servers/ExpressServer/node_modules/express/lib/utils.js b/src/Servers/ExpressServer/node_modules/express/lib/utils.js
new file mode 100644
index 0000000..56e12b9
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/express/lib/utils.js
@@ -0,0 +1,303 @@
+/*!
+ * express
+ * Copyright(c) 2009-2013 TJ Holowaychuk
+ * Copyright(c) 2014-2015 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict';
+
+/**
+ * Module dependencies.
+ * @api private
+ */
+
+var Buffer = require('safe-buffer').Buffer
+var contentDisposition = require('content-disposition');
+var contentType = require('content-type');
+var deprecate = require('depd')('express');
+var flatten = require('array-flatten');
+var mime = require('send').mime;
+var etag = require('etag');
+var proxyaddr = require('proxy-addr');
+var qs = require('qs');
+var querystring = require('querystring');
+
+/**
+ * Return strong ETag for `body`.
+ *
+ * @param {String|Buffer} body
+ * @param {String} [encoding]
+ * @return {String}
+ * @api private
+ */
+
+exports.etag = createETagGenerator({ weak: false })
+
+/**
+ * Return weak ETag for `body`.
+ *
+ * @param {String|Buffer} body
+ * @param {String} [encoding]
+ * @return {String}
+ * @api private
+ */
+
+exports.wetag = createETagGenerator({ weak: true })
+
+/**
+ * Check if `path` looks absolute.
+ *
+ * @param {String} path
+ * @return {Boolean}
+ * @api private
+ */
+
+exports.isAbsolute = function(path){
+  if ('/' === path[0]) return true;
+  if (':' === path[1] && ('\\' === path[2] || '/' === path[2])) return true; // Windows device path
+  if ('\\\\' === path.substring(0, 2)) return true; // Microsoft Azure absolute path
+};
+
+/**
+ * Flatten the given `arr`.
+ *
+ * @param {Array} arr
+ * @return {Array}
+ * @api private
+ */
+
+exports.flatten = deprecate.function(flatten,
+  'utils.flatten: use array-flatten npm module instead');
+
+/**
+ * Normalize the given `type`, for example "html" becomes "text/html".
+ *
+ * @param {String} type
+ * @return {Object}
+ * @api private
+ */
+
+exports.normalizeType = function(type){
+  return ~type.indexOf('/')
+    ? acceptParams(type)
+    : { value: mime.lookup(type), params: {} };
+};
+
+/**
+ * Normalize `types`, for example "html" becomes "text/html".
+ *
+ * @param {Array} types
+ * @return {Array}
+ * @api private
+ */
+
+exports.normalizeTypes = function(types){
+  var ret = [];
+
+  for (var i = 0; i < types.length; ++i) {
+    ret.push(exports.normalizeType(types[i]));
+  }
+
+  return ret;
+};
+
+/**
+ * Generate Content-Disposition header appropriate for the filename.
+ * non-ascii filenames are urlencoded and a filename* parameter is added
+ *
+ * @param {String} filename
+ * @return {String}
+ * @api private
+ */
+
+exports.contentDisposition = deprecate.function(contentDisposition,
+  'utils.contentDisposition: use content-disposition npm module instead');
+
+/**
+ * Parse accept params `str` returning an
+ * object with `.value`, `.quality` and `.params`.
+ *
+ * @param {String} str
+ * @return {Object}
+ * @api private
+ */
+
+function acceptParams (str) {
+  var parts = str.split(/ *; */);
+  var ret = { value: parts[0], quality: 1, params: {} }
+
+  for (var i = 1; i < parts.length; ++i) {
+    var pms = parts[i].split(/ *= */);
+    if ('q' === pms[0]) {
+      ret.quality = parseFloat(pms[1]);
+    } else {
+      ret.params[pms[0]] = pms[1];
+    }
+  }
+
+  return ret;
+}
+
+/**
+ * Compile "etag" value to function.
+ *
+ * @param  {Boolean|String|Function} val
+ * @return {Function}
+ * @api private
+ */
+
+exports.compileETag = function(val) {
+  var fn;
+
+  if (typeof val === 'function') {
+    return val;
+  }
+
+  switch (val) {
+    case true:
+    case 'weak':
+      fn = exports.wetag;
+      break;
+    case false:
+      break;
+    case 'strong':
+      fn = exports.etag;
+      break;
+    default:
+      throw new TypeError('unknown value for etag function: ' + val);
+  }
+
+  return fn;
+}
+
+/**
+ * Compile "query parser" value to function.
+ *
+ * @param  {String|Function} val
+ * @return {Function}
+ * @api private
+ */
+
+exports.compileQueryParser = function compileQueryParser(val) {
+  var fn;
+
+  if (typeof val === 'function') {
+    return val;
+  }
+
+  switch (val) {
+    case true:
+    case 'simple':
+      fn = querystring.parse;
+      break;
+    case false:
+      fn = newObject;
+      break;
+    case 'extended':
+      fn = parseExtendedQueryString;
+      break;
+    default:
+      throw new TypeError('unknown value for query parser function: ' + val);
+  }
+
+  return fn;
+}
+
+/**
+ * Compile "proxy trust" value to function.
+ *
+ * @param  {Boolean|String|Number|Array|Function} val
+ * @return {Function}
+ * @api private
+ */
+
+exports.compileTrust = function(val) {
+  if (typeof val === 'function') return val;
+
+  if (val === true) {
+    // Support plain true/false
+    return function(){ return true };
+  }
+
+  if (typeof val === 'number') {
+    // Support trusting hop count
+    return function(a, i){ return i < val };
+  }
+
+  if (typeof val === 'string') {
+    // Support comma-separated values
+    val = val.split(',')
+      .map(function (v) { return v.trim() })
+  }
+
+  return proxyaddr.compile(val || []);
+}
+
+/**
+ * Set the charset in a given Content-Type string.
+ *
+ * @param {String} type
+ * @param {String} charset
+ * @return {String}
+ * @api private
+ */
+
+exports.setCharset = function setCharset(type, charset) {
+  if (!type || !charset) {
+    return type;
+  }
+
+  // parse type
+  var parsed = contentType.parse(type);
+
+  // set charset
+  parsed.parameters.charset = charset;
+
+  // format type
+  return contentType.format(parsed);
+};
+
+/**
+ * Create an ETag generator function, generating ETags with
+ * the given options.
+ *
+ * @param {object} options
+ * @return {function}
+ * @private
+ */
+
+function createETagGenerator (options) {
+  return function generateETag (body, encoding) {
+    var buf = !Buffer.isBuffer(body)
+      ? Buffer.from(body, encoding)
+      : body
+
+    return etag(buf, options)
+  }
+}
+
+/**
+ * Parse an extended query string with qs.
+ *
+ * @param {String} str
+ * @return {Object}
+ * @private
+ */
+
+function parseExtendedQueryString(str) {
+  return qs.parse(str, {
+    allowPrototypes: true
+  });
+}
+
+/**
+ * Return new empty object.
+ *
+ * @return {Object}
+ * @api private
+ */
+
+function newObject() {
+  return {};
+}
diff --git a/src/Servers/ExpressServer/node_modules/express/lib/view.js b/src/Servers/ExpressServer/node_modules/express/lib/view.js
new file mode 100644
index 0000000..c08ab4d
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/express/lib/view.js
@@ -0,0 +1,182 @@
+/*!
+ * express
+ * Copyright(c) 2009-2013 TJ Holowaychuk
+ * Copyright(c) 2013 Roman Shtylman
+ * Copyright(c) 2014-2015 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict';
+
+/**
+ * Module dependencies.
+ * @private
+ */
+
+var debug = require('debug')('express:view');
+var path = require('path');
+var fs = require('fs');
+
+/**
+ * Module variables.
+ * @private
+ */
+
+var dirname = path.dirname;
+var basename = path.basename;
+var extname = path.extname;
+var join = path.join;
+var resolve = path.resolve;
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = View;
+
+/**
+ * Initialize a new `View` with the given `name`.
+ *
+ * Options:
+ *
+ *   - `defaultEngine` the default template engine name
+ *   - `engines` template engine require() cache
+ *   - `root` root path for view lookup
+ *
+ * @param {string} name
+ * @param {object} options
+ * @public
+ */
+
+function View(name, options) {
+  var opts = options || {};
+
+  this.defaultEngine = opts.defaultEngine;
+  this.ext = extname(name);
+  this.name = name;
+  this.root = opts.root;
+
+  if (!this.ext && !this.defaultEngine) {
+    throw new Error('No default engine was specified and no extension was provided.');
+  }
+
+  var fileName = name;
+
+  if (!this.ext) {
+    // get extension from default engine name
+    this.ext = this.defaultEngine[0] !== '.'
+      ? '.' + this.defaultEngine
+      : this.defaultEngine;
+
+    fileName += this.ext;
+  }
+
+  if (!opts.engines[this.ext]) {
+    // load engine
+    var mod = this.ext.slice(1)
+    debug('require "%s"', mod)
+
+    // default engine export
+    var fn = require(mod).__express
+
+    if (typeof fn !== 'function') {
+      throw new Error('Module "' + mod + '" does not provide a view engine.')
+    }
+
+    opts.engines[this.ext] = fn
+  }
+
+  // store loaded engine
+  this.engine = opts.engines[this.ext];
+
+  // lookup path
+  this.path = this.lookup(fileName);
+}
+
+/**
+ * Lookup view by the given `name`
+ *
+ * @param {string} name
+ * @private
+ */
+
+View.prototype.lookup = function lookup(name) {
+  var path;
+  var roots = [].concat(this.root);
+
+  debug('lookup "%s"', name);
+
+  for (var i = 0; i < roots.length && !path; i++) {
+    var root = roots[i];
+
+    // resolve the path
+    var loc = resolve(root, name);
+    var dir = dirname(loc);
+    var file = basename(loc);
+
+    // resolve the file
+    path = this.resolve(dir, file);
+  }
+
+  return path;
+};
+
+/**
+ * Render with the given options.
+ *
+ * @param {object} options
+ * @param {function} callback
+ * @private
+ */
+
+View.prototype.render = function render(options, callback) {
+  debug('render "%s"', this.path);
+  this.engine(this.path, options, callback);
+};
+
+/**
+ * Resolve the file within the given directory.
+ *
+ * @param {string} dir
+ * @param {string} file
+ * @private
+ */
+
+View.prototype.resolve = function resolve(dir, file) {
+  var ext = this.ext;
+
+  // <path>.<ext>
+  var path = join(dir, file);
+  var stat = tryStat(path);
+
+  if (stat && stat.isFile()) {
+    return path;
+  }
+
+  // <path>/index.<ext>
+  path = join(dir, basename(file, ext), 'index' + ext);
+  stat = tryStat(path);
+
+  if (stat && stat.isFile()) {
+    return path;
+  }
+};
+
+/**
+ * Return a stat, maybe.
+ *
+ * @param {string} path
+ * @return {fs.Stats}
+ * @private
+ */
+
+function tryStat(path) {
+  debug('stat "%s"', path);
+
+  try {
+    return fs.statSync(path);
+  } catch (e) {
+    return undefined;
+  }
+}
diff --git a/src/Servers/ExpressServer/node_modules/express/package.json b/src/Servers/ExpressServer/node_modules/express/package.json
new file mode 100644
index 0000000..4322f1a
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/express/package.json
@@ -0,0 +1,102 @@
+{
+  "name": "express",
+  "description": "Fast, unopinionated, minimalist web framework",
+  "version": "4.22.1",
+  "author": "TJ Holowaychuk <tj@vision-media.ca>",
+  "contributors": [
+    "Aaron Heckmann <aaron.heckmann+github@gmail.com>",
+    "Ciaran Jessup <ciaranj@gmail.com>",
+    "Douglas Christopher Wilson <doug@somethingdoug.com>",
+    "Guillermo Rauch <rauchg@gmail.com>",
+    "Jonathan Ong <me@jongleberry.com>",
+    "Roman Shtylman <shtylman+expressjs@gmail.com>",
+    "Young Jae Sim <hanul@hanul.me>"
+  ],
+  "license": "MIT",
+  "repository": "expressjs/express",
+  "homepage": "http://expressjs.com/",
+  "funding": {
+    "type": "opencollective",
+    "url": "https://opencollective.com/express"
+  },
+  "keywords": [
+    "express",
+    "framework",
+    "sinatra",
+    "web",
+    "http",
+    "rest",
+    "restful",
+    "router",
+    "app",
+    "api"
+  ],
+  "dependencies": {
+    "accepts": "~1.3.8",
+    "array-flatten": "1.1.1",
+    "body-parser": "~1.20.3",
+    "content-disposition": "~0.5.4",
+    "content-type": "~1.0.4",
+    "cookie": "~0.7.1",
+    "cookie-signature": "~1.0.6",
+    "debug": "2.6.9",
+    "depd": "2.0.0",
+    "encodeurl": "~2.0.0",
+    "escape-html": "~1.0.3",
+    "etag": "~1.8.1",
+    "finalhandler": "~1.3.1",
+    "fresh": "~0.5.2",
+    "http-errors": "~2.0.0",
+    "merge-descriptors": "1.0.3",
+    "methods": "~1.1.2",
+    "on-finished": "~2.4.1",
+    "parseurl": "~1.3.3",
+    "path-to-regexp": "~0.1.12",
+    "proxy-addr": "~2.0.7",
+    "qs": "~6.14.0",
+    "range-parser": "~1.2.1",
+    "safe-buffer": "5.2.1",
+    "send": "~0.19.0",
+    "serve-static": "~1.16.2",
+    "setprototypeof": "1.2.0",
+    "statuses": "~2.0.1",
+    "type-is": "~1.6.18",
+    "utils-merge": "1.0.1",
+    "vary": "~1.1.2"
+  },
+  "devDependencies": {
+    "after": "0.8.2",
+    "connect-redis": "3.4.2",
+    "cookie-parser": "1.4.6",
+    "cookie-session": "2.0.0",
+    "ejs": "3.1.9",
+    "eslint": "8.47.0",
+    "express-session": "1.17.2",
+    "hbs": "4.2.0",
+    "marked": "0.7.0",
+    "method-override": "3.0.0",
+    "mocha": "^6.2.2",
+    "morgan": "1.10.0",
+    "nyc": "^14.1.1",
+    "pbkdf2-password": "1.2.1",
+    "supertest": "^6.1.6",
+    "vhost": "~3.0.2"
+  },
+  "engines": {
+    "node": ">= 0.10.0"
+  },
+  "files": [
+    "LICENSE",
+    "History.md",
+    "Readme.md",
+    "index.js",
+    "lib/"
+  ],
+  "scripts": {
+    "lint": "eslint .",
+    "test": "mocha --require test/support/env --reporter spec --bail --check-leaks test/ test/acceptance/",
+    "test-ci": "nyc --exclude examples --exclude test --exclude benchmarks --reporter=lcovonly --reporter=text npm test",
+    "test-cov": "nyc --exclude examples --exclude test --exclude benchmarks --reporter=html --reporter=text npm test",
+    "test-tap": "mocha --require test/support/env --reporter tap --check-leaks test/ test/acceptance/"
+  }
+}
diff --git a/src/Servers/ExpressServer/node_modules/finalhandler/HISTORY.md b/src/Servers/ExpressServer/node_modules/finalhandler/HISTORY.md
new file mode 100644
index 0000000..77ce54d
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/finalhandler/HISTORY.md
@@ -0,0 +1,216 @@
+v1.3.2 / 2025-12-01
+==================
+
+  * deps: use tilde notation for dependencies
+  * deps: statuses@~2.0.2
+
+v1.3.1 / 2024-09-11
+==================
+
+  * deps: encodeurl@~2.0.0
+
+v1.3.0 / 2024-09-03
+==================
+
+  * ignore status message for HTTP/2 (#53)
+
+v1.2.1 / 2024-09-02
+==================
+
+  * Gracefully handle when handling an error and socket is null
+
+1.2.0 / 2022-03-22
+==================
+
+  * Remove set content headers that break response
+  * deps: on-finished@2.4.1
+  * deps: statuses@2.0.1
+    - Rename `425 Unordered Collection` to standard `425 Too Early`
+
+1.1.2 / 2019-05-09
+==================
+
+  * Set stricter `Content-Security-Policy` header
+  * deps: parseurl@~1.3.3
+  * deps: statuses@~1.5.0
+
+1.1.1 / 2018-03-06
+==================
+
+  * Fix 404 output for bad / missing pathnames
+  * deps: encodeurl@~1.0.2
+    - Fix encoding `%` as last character
+  * deps: statuses@~1.4.0
+
+1.1.0 / 2017-09-24
+==================
+
+  * Use `res.headersSent` when available
+
+1.0.6 / 2017-09-22
+==================
+
+  * deps: debug@2.6.9
+
+1.0.5 / 2017-09-15
+==================
+
+  * deps: parseurl@~1.3.2
+    - perf: reduce overhead for full URLs
+    - perf: unroll the "fast-path" `RegExp`
+
+1.0.4 / 2017-08-03
+==================
+
+  * deps: debug@2.6.8
+
+1.0.3 / 2017-05-16
+==================
+
+  * deps: debug@2.6.7
+    - deps: ms@2.0.0
+
+1.0.2 / 2017-04-22
+==================
+
+  * deps: debug@2.6.4
+    - deps: ms@0.7.3
+
+1.0.1 / 2017-03-21
+==================
+
+  * Fix missing `</html>` in HTML document
+  * deps: debug@2.6.3
+    - Fix: `DEBUG_MAX_ARRAY_LENGTH`
+
+1.0.0 / 2017-02-15
+==================
+
+  * Fix exception when `err` cannot be converted to a string
+  * Fully URL-encode the pathname in the 404 message
+  * Only include the pathname in the 404 message
+  * Send complete HTML document
+  * Set `Content-Security-Policy: default-src 'self'` header
+  * deps: debug@2.6.1
+    - Allow colors in workers
+    - Deprecated `DEBUG_FD` environment variable set to `3` or higher
+    - Fix error when running under React Native
+    - Use same color for same namespace
+    - deps: ms@0.7.2
+
+0.5.1 / 2016-11-12
+==================
+
+  * Fix exception when `err.headers` is not an object
+  * deps: statuses@~1.3.1
+  * perf: hoist regular expressions
+  * perf: remove duplicate validation path
+
+0.5.0 / 2016-06-15
+==================
+
+  * Change invalid or non-numeric status code to 500
+  * Overwrite status message to match set status code
+  * Prefer `err.statusCode` if `err.status` is invalid
+  * Set response headers from `err.headers` object
+  * Use `statuses` instead of `http` module for status messages
+    - Includes all defined status messages
+
+0.4.1 / 2015-12-02
+==================
+
+  * deps: escape-html@~1.0.3
+    - perf: enable strict mode
+    - perf: optimize string replacement
+    - perf: use faster string coercion
+
+0.4.0 / 2015-06-14
+==================
+
+  * Fix a false-positive when unpiping in Node.js 0.8
+  * Support `statusCode` property on `Error` objects
+  * Use `unpipe` module for unpiping requests
+  * deps: escape-html@1.0.2
+  * deps: on-finished@~2.3.0
+    - Add defined behavior for HTTP `CONNECT` requests
+    - Add defined behavior for HTTP `Upgrade` requests
+    - deps: ee-first@1.1.1
+  * perf: enable strict mode
+  * perf: remove argument reassignment
+
+0.3.6 / 2015-05-11
+==================
+
+  * deps: debug@~2.2.0
+    - deps: ms@0.7.1
+
+0.3.5 / 2015-04-22
+==================
+
+  * deps: on-finished@~2.2.1
+    - Fix `isFinished(req)` when data buffered
+
+0.3.4 / 2015-03-15
+==================
+
+  * deps: debug@~2.1.3
+    - Fix high intensity foreground color for bold
+    - deps: ms@0.7.0
+
+0.3.3 / 2015-01-01
+==================
+
+  * deps: debug@~2.1.1
+  * deps: on-finished@~2.2.0
+
+0.3.2 / 2014-10-22
+==================
+
+  * deps: on-finished@~2.1.1
+    - Fix handling of pipelined requests
+
+0.3.1 / 2014-10-16
+==================
+
+  * deps: debug@~2.1.0
+    - Implement `DEBUG_FD` env variable support
+
+0.3.0 / 2014-09-17
+==================
+
+  * Terminate in progress response only on error
+  * Use `on-finished` to determine request status
+
+0.2.0 / 2014-09-03
+==================
+
+  * Set `X-Content-Type-Options: nosniff` header
+  * deps: debug@~2.0.0
+
+0.1.0 / 2014-07-16
+==================
+
+  * Respond after request fully read
+    - prevents hung responses and socket hang ups
+  * deps: debug@1.0.4
+
+0.0.3 / 2014-07-11
+==================
+
+  * deps: debug@1.0.3
+    - Add support for multiple wildcards in namespaces
+
+0.0.2 / 2014-06-19
+==================
+
+  * Handle invalid status codes
+
+0.0.1 / 2014-06-05
+==================
+
+  * deps: debug@1.0.2
+
+0.0.0 / 2014-06-05
+==================
+
+  * Extracted from connect/express
diff --git a/src/Servers/ExpressServer/node_modules/finalhandler/LICENSE b/src/Servers/ExpressServer/node_modules/finalhandler/LICENSE
new file mode 100644
index 0000000..6022106
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/finalhandler/LICENSE
@@ -0,0 +1,22 @@
+(The MIT License)
+
+Copyright (c) 2014-2022 Douglas Christopher Wilson <doug@somethingdoug.com>
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/finalhandler/README.md b/src/Servers/ExpressServer/node_modules/finalhandler/README.md
new file mode 100644
index 0000000..6244a13
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/finalhandler/README.md
@@ -0,0 +1,147 @@
+# finalhandler
+
+[![NPM Version][npm-image]][npm-url]
+[![NPM Downloads][downloads-image]][downloads-url]
+[![Node.js Version][node-image]][node-url]
+[![Build Status][github-actions-ci-image]][github-actions-ci-url]
+[![Test Coverage][coveralls-image]][coveralls-url]
+
+Node.js function to invoke as the final step to respond to HTTP request.
+
+## Installation
+
+This is a [Node.js](https://nodejs.org/en/) module available through the
+[npm registry](https://www.npmjs.com/). Installation is done using the
+[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
+
+```sh
+$ npm install finalhandler
+```
+
+## API
+
+```js
+var finalhandler = require('finalhandler')
+```
+
+### finalhandler(req, res, [options])
+
+Returns function to be invoked as the final step for the given `req` and `res`.
+This function is to be invoked as `fn(err)`. If `err` is falsy, the handler will
+write out a 404 response to the `res`. If it is truthy, an error response will
+be written out to the `res` or `res` will be terminated if a response has already
+started.
+
+When an error is written, the following information is added to the response:
+
+  * The `res.statusCode` is set from `err.status` (or `err.statusCode`). If
+    this value is outside the 4xx or 5xx range, it will be set to 500.
+  * The `res.statusMessage` is set according to the status code.
+  * The body will be the HTML of the status code message if `env` is
+    `'production'`, otherwise will be `err.stack`.
+  * Any headers specified in an `err.headers` object.
+
+The final handler will also unpipe anything from `req` when it is invoked.
+
+#### options.env
+
+By default, the environment is determined by `NODE_ENV` variable, but it can be
+overridden by this option.
+
+#### options.onerror
+
+Provide a function to be called with the `err` when it exists. Can be used for
+writing errors to a central location without excessive function generation. Called
+as `onerror(err, req, res)`.
+
+## Examples
+
+### always 404
+
+```js
+var finalhandler = require('finalhandler')
+var http = require('http')
+
+var server = http.createServer(function (req, res) {
+  var done = finalhandler(req, res)
+  done()
+})
+
+server.listen(3000)
+```
+
+### perform simple action
+
+```js
+var finalhandler = require('finalhandler')
+var fs = require('fs')
+var http = require('http')
+
+var server = http.createServer(function (req, res) {
+  var done = finalhandler(req, res)
+
+  fs.readFile('index.html', function (err, buf) {
+    if (err) return done(err)
+    res.setHeader('Content-Type', 'text/html')
+    res.end(buf)
+  })
+})
+
+server.listen(3000)
+```
+
+### use with middleware-style functions
+
+```js
+var finalhandler = require('finalhandler')
+var http = require('http')
+var serveStatic = require('serve-static')
+
+var serve = serveStatic('public')
+
+var server = http.createServer(function (req, res) {
+  var done = finalhandler(req, res)
+  serve(req, res, done)
+})
+
+server.listen(3000)
+```
+
+### keep log of all errors
+
+```js
+var finalhandler = require('finalhandler')
+var fs = require('fs')
+var http = require('http')
+
+var server = http.createServer(function (req, res) {
+  var done = finalhandler(req, res, { onerror: logerror })
+
+  fs.readFile('index.html', function (err, buf) {
+    if (err) return done(err)
+    res.setHeader('Content-Type', 'text/html')
+    res.end(buf)
+  })
+})
+
+server.listen(3000)
+
+function logerror (err) {
+  console.error(err.stack || err.toString())
+}
+```
+
+## License
+
+[MIT](LICENSE)
+
+[npm-image]: https://img.shields.io/npm/v/finalhandler.svg
+[npm-url]: https://npmjs.org/package/finalhandler
+[node-image]: https://img.shields.io/node/v/finalhandler.svg
+[node-url]: https://nodejs.org/en/download
+[coveralls-image]: https://img.shields.io/coveralls/pillarjs/finalhandler.svg
+[coveralls-url]: https://coveralls.io/r/pillarjs/finalhandler?branch=master
+[downloads-image]: https://img.shields.io/npm/dm/finalhandler.svg
+[downloads-url]: https://npmjs.org/package/finalhandler
+[github-actions-ci-image]: https://github.com/pillarjs/finalhandler/actions/workflows/ci.yml/badge.svg
+[github-actions-ci-url]: https://github.com/pillarjs/finalhandler/actions/workflows/ci.yml
diff --git a/src/Servers/ExpressServer/node_modules/finalhandler/SECURITY.md b/src/Servers/ExpressServer/node_modules/finalhandler/SECURITY.md
new file mode 100644
index 0000000..6e23249
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/finalhandler/SECURITY.md
@@ -0,0 +1,25 @@
+# Security Policies and Procedures
+
+## Reporting a Bug
+
+The `finalhandler` team and community take all security bugs seriously. Thank
+you for improving the security of Express. We appreciate your efforts and
+responsible disclosure and will make every effort to acknowledge your
+contributions.
+
+Report security bugs by emailing the current owner(s) of `finalhandler`. This
+information can be found in the npm registry using the command
+`npm owner ls finalhandler`.
+If unsure or unable to get the information from the above, open an issue
+in the [project issue tracker](https://github.com/pillarjs/finalhandler/issues)
+asking for the current contact information.
+
+To ensure the timely response to your report, please ensure that the entirety
+of the report is contained within the email body and not solely behind a web
+link or an attachment.
+
+At least one owner will acknowledge your email within 48 hours, and will send a
+more detailed response within 48 hours indicating the next steps in handling
+your report. After the initial reply to your report, the owners will
+endeavor to keep you informed of the progress towards a fix and full
+announcement, and may ask for additional information or guidance.
diff --git a/src/Servers/ExpressServer/node_modules/finalhandler/index.js b/src/Servers/ExpressServer/node_modules/finalhandler/index.js
new file mode 100644
index 0000000..ec34be9
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/finalhandler/index.js
@@ -0,0 +1,341 @@
+/*!
+ * finalhandler
+ * Copyright(c) 2014-2022 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict'
+
+/**
+ * Module dependencies.
+ * @private
+ */
+
+var debug = require('debug')('finalhandler')
+var encodeUrl = require('encodeurl')
+var escapeHtml = require('escape-html')
+var onFinished = require('on-finished')
+var parseUrl = require('parseurl')
+var statuses = require('statuses')
+var unpipe = require('unpipe')
+
+/**
+ * Module variables.
+ * @private
+ */
+
+var DOUBLE_SPACE_REGEXP = /\x20{2}/g
+var NEWLINE_REGEXP = /\n/g
+
+/* istanbul ignore next */
+var defer = typeof setImmediate === 'function'
+  ? setImmediate
+  : function (fn) { process.nextTick(fn.bind.apply(fn, arguments)) }
+var isFinished = onFinished.isFinished
+
+/**
+ * Create a minimal HTML document.
+ *
+ * @param {string} message
+ * @private
+ */
+
+function createHtmlDocument (message) {
+  var body = escapeHtml(message)
+    .replace(NEWLINE_REGEXP, '<br>')
+    .replace(DOUBLE_SPACE_REGEXP, ' &nbsp;')
+
+  return '<!DOCTYPE html>\n' +
+    '<html lang="en">\n' +
+    '<head>\n' +
+    '<meta charset="utf-8">\n' +
+    '<title>Error</title>\n' +
+    '</head>\n' +
+    '<body>\n' +
+    '<pre>' + body + '</pre>\n' +
+    '</body>\n' +
+    '</html>\n'
+}
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = finalhandler
+
+/**
+ * Create a function to handle the final response.
+ *
+ * @param {Request} req
+ * @param {Response} res
+ * @param {Object} [options]
+ * @return {Function}
+ * @public
+ */
+
+function finalhandler (req, res, options) {
+  var opts = options || {}
+
+  // get environment
+  var env = opts.env || process.env.NODE_ENV || 'development'
+
+  // get error callback
+  var onerror = opts.onerror
+
+  return function (err) {
+    var headers
+    var msg
+    var status
+
+    // ignore 404 on in-flight response
+    if (!err && headersSent(res)) {
+      debug('cannot 404 after headers sent')
+      return
+    }
+
+    // unhandled error
+    if (err) {
+      // respect status code from error
+      status = getErrorStatusCode(err)
+
+      if (status === undefined) {
+        // fallback to status code on response
+        status = getResponseStatusCode(res)
+      } else {
+        // respect headers from error
+        headers = getErrorHeaders(err)
+      }
+
+      // get error message
+      msg = getErrorMessage(err, status, env)
+    } else {
+      // not found
+      status = 404
+      msg = 'Cannot ' + req.method + ' ' + encodeUrl(getResourceName(req))
+    }
+
+    debug('default %s', status)
+
+    // schedule onerror callback
+    if (err && onerror) {
+      defer(onerror, err, req, res)
+    }
+
+    // cannot actually respond
+    if (headersSent(res)) {
+      debug('cannot %d after headers sent', status)
+      if (req.socket) {
+        req.socket.destroy()
+      }
+      return
+    }
+
+    // send response
+    send(req, res, status, headers, msg)
+  }
+}
+
+/**
+ * Get headers from Error object.
+ *
+ * @param {Error} err
+ * @return {object}
+ * @private
+ */
+
+function getErrorHeaders (err) {
+  if (!err.headers || typeof err.headers !== 'object') {
+    return undefined
+  }
+
+  var headers = Object.create(null)
+  var keys = Object.keys(err.headers)
+
+  for (var i = 0; i < keys.length; i++) {
+    var key = keys[i]
+    headers[key] = err.headers[key]
+  }
+
+  return headers
+}
+
+/**
+ * Get message from Error object, fallback to status message.
+ *
+ * @param {Error} err
+ * @param {number} status
+ * @param {string} env
+ * @return {string}
+ * @private
+ */
+
+function getErrorMessage (err, status, env) {
+  var msg
+
+  if (env !== 'production') {
+    // use err.stack, which typically includes err.message
+    msg = err.stack
+
+    // fallback to err.toString() when possible
+    if (!msg && typeof err.toString === 'function') {
+      msg = err.toString()
+    }
+  }
+
+  return msg || statuses.message[status]
+}
+
+/**
+ * Get status code from Error object.
+ *
+ * @param {Error} err
+ * @return {number}
+ * @private
+ */
+
+function getErrorStatusCode (err) {
+  // check err.status
+  if (typeof err.status === 'number' && err.status >= 400 && err.status < 600) {
+    return err.status
+  }
+
+  // check err.statusCode
+  if (typeof err.statusCode === 'number' && err.statusCode >= 400 && err.statusCode < 600) {
+    return err.statusCode
+  }
+
+  return undefined
+}
+
+/**
+ * Get resource name for the request.
+ *
+ * This is typically just the original pathname of the request
+ * but will fallback to "resource" is that cannot be determined.
+ *
+ * @param {IncomingMessage} req
+ * @return {string}
+ * @private
+ */
+
+function getResourceName (req) {
+  try {
+    return parseUrl.original(req).pathname
+  } catch (e) {
+    return 'resource'
+  }
+}
+
+/**
+ * Get status code from response.
+ *
+ * @param {OutgoingMessage} res
+ * @return {number}
+ * @private
+ */
+
+function getResponseStatusCode (res) {
+  var status = res.statusCode
+
+  // default status code to 500 if outside valid range
+  if (typeof status !== 'number' || status < 400 || status > 599) {
+    status = 500
+  }
+
+  return status
+}
+
+/**
+ * Determine if the response headers have been sent.
+ *
+ * @param {object} res
+ * @returns {boolean}
+ * @private
+ */
+
+function headersSent (res) {
+  return typeof res.headersSent !== 'boolean'
+    ? Boolean(res._header)
+    : res.headersSent
+}
+
+/**
+ * Send response.
+ *
+ * @param {IncomingMessage} req
+ * @param {OutgoingMessage} res
+ * @param {number} status
+ * @param {object} headers
+ * @param {string} message
+ * @private
+ */
+
+function send (req, res, status, headers, message) {
+  function write () {
+    // response body
+    var body = createHtmlDocument(message)
+
+    // response status
+    res.statusCode = status
+
+    if (req.httpVersionMajor < 2) {
+      res.statusMessage = statuses.message[status]
+    }
+
+    // remove any content headers
+    res.removeHeader('Content-Encoding')
+    res.removeHeader('Content-Language')
+    res.removeHeader('Content-Range')
+
+    // response headers
+    setHeaders(res, headers)
+
+    // security headers
+    res.setHeader('Content-Security-Policy', "default-src 'none'")
+    res.setHeader('X-Content-Type-Options', 'nosniff')
+
+    // standard headers
+    res.setHeader('Content-Type', 'text/html; charset=utf-8')
+    res.setHeader('Content-Length', Buffer.byteLength(body, 'utf8'))
+
+    if (req.method === 'HEAD') {
+      res.end()
+      return
+    }
+
+    res.end(body, 'utf8')
+  }
+
+  if (isFinished(req)) {
+    write()
+    return
+  }
+
+  // unpipe everything from the request
+  unpipe(req)
+
+  // flush the request
+  onFinished(req, write)
+  req.resume()
+}
+
+/**
+ * Set response headers from an object.
+ *
+ * @param {OutgoingMessage} res
+ * @param {object} headers
+ * @private
+ */
+
+function setHeaders (res, headers) {
+  if (!headers) {
+    return
+  }
+
+  var keys = Object.keys(headers)
+  for (var i = 0; i < keys.length; i++) {
+    var key = keys[i]
+    res.setHeader(key, headers[key])
+  }
+}
diff --git a/src/Servers/ExpressServer/node_modules/finalhandler/package.json b/src/Servers/ExpressServer/node_modules/finalhandler/package.json
new file mode 100644
index 0000000..ce618dc
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/finalhandler/package.json
@@ -0,0 +1,47 @@
+{
+  "name": "finalhandler",
+  "description": "Node.js final http responder",
+  "version": "1.3.2",
+  "author": "Douglas Christopher Wilson <doug@somethingdoug.com>",
+  "license": "MIT",
+  "repository": "pillarjs/finalhandler",
+  "dependencies": {
+    "debug": "2.6.9",
+    "encodeurl": "~2.0.0",
+    "escape-html": "~1.0.3",
+    "on-finished": "~2.4.1",
+    "parseurl": "~1.3.3",
+    "statuses": "~2.0.2",
+    "unpipe": "~1.0.0"
+  },
+  "devDependencies": {
+    "eslint": "7.32.0",
+    "eslint-config-standard": "14.1.1",
+    "eslint-plugin-import": "2.26.0",
+    "eslint-plugin-markdown": "2.2.1",
+    "eslint-plugin-node": "11.1.0",
+    "eslint-plugin-promise": "5.2.0",
+    "eslint-plugin-standard": "4.1.0",
+    "mocha": "10.0.0",
+    "nyc": "15.1.0",
+    "readable-stream": "2.3.6",
+    "safe-buffer": "5.2.1",
+    "supertest": "6.2.4"
+  },
+  "files": [
+    "LICENSE",
+    "HISTORY.md",
+    "SECURITY.md",
+    "index.js"
+  ],
+  "engines": {
+    "node": ">= 0.8"
+  },
+  "scripts": {
+    "lint": "eslint .",
+    "test": "mocha --reporter spec --check-leaks test/",
+    "test-ci": "nyc --reporter=lcovonly --reporter=text npm test",
+    "test-cov": "nyc --reporter=html --reporter=text npm test",
+    "test-inspect": "mocha --reporter spec --inspect --inspect-brk test/"
+  }
+}
diff --git a/src/Servers/ExpressServer/node_modules/forwarded/HISTORY.md b/src/Servers/ExpressServer/node_modules/forwarded/HISTORY.md
new file mode 100644
index 0000000..381e6aa
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/forwarded/HISTORY.md
@@ -0,0 +1,21 @@
+0.2.0 / 2021-05-31
+==================
+
+  * Use `req.socket` over deprecated `req.connection`
+
+0.1.2 / 2017-09-14
+==================
+
+  * perf: improve header parsing
+  * perf: reduce overhead when no `X-Forwarded-For` header
+
+0.1.1 / 2017-09-10
+==================
+
+  * Fix trimming leading / trailing OWS
+  * perf: hoist regular expression
+
+0.1.0 / 2014-09-21
+==================
+
+  * Initial release
diff --git a/src/Servers/ExpressServer/node_modules/forwarded/LICENSE b/src/Servers/ExpressServer/node_modules/forwarded/LICENSE
new file mode 100644
index 0000000..84441fb
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/forwarded/LICENSE
@@ -0,0 +1,22 @@
+(The MIT License)
+
+Copyright (c) 2014-2017 Douglas Christopher Wilson
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/forwarded/README.md b/src/Servers/ExpressServer/node_modules/forwarded/README.md
new file mode 100644
index 0000000..fdd220b
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/forwarded/README.md
@@ -0,0 +1,57 @@
+# forwarded
+
+[![NPM Version][npm-image]][npm-url]
+[![NPM Downloads][downloads-image]][downloads-url]
+[![Node.js Version][node-version-image]][node-version-url]
+[![Build Status][ci-image]][ci-url]
+[![Test Coverage][coveralls-image]][coveralls-url]
+
+Parse HTTP X-Forwarded-For header
+
+## Installation
+
+This is a [Node.js](https://nodejs.org/en/) module available through the
+[npm registry](https://www.npmjs.com/). Installation is done using the
+[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
+
+```sh
+$ npm install forwarded
+```
+
+## API
+
+```js
+var forwarded = require('forwarded')
+```
+
+### forwarded(req)
+
+```js
+var addresses = forwarded(req)
+```
+
+Parse the `X-Forwarded-For` header from the request. Returns an array
+of the addresses, including the socket address for the `req`, in reverse
+order (i.e. index `0` is the socket address and the last index is the
+furthest address, typically the end-user).
+
+## Testing
+
+```sh
+$ npm test
+```
+
+## License
+
+[MIT](LICENSE)
+
+[ci-image]: https://badgen.net/github/checks/jshttp/forwarded/master?label=ci
+[ci-url]: https://github.com/jshttp/forwarded/actions?query=workflow%3Aci
+[npm-image]: https://img.shields.io/npm/v/forwarded.svg
+[npm-url]: https://npmjs.org/package/forwarded
+[node-version-image]: https://img.shields.io/node/v/forwarded.svg
+[node-version-url]: https://nodejs.org/en/download/
+[coveralls-image]: https://img.shields.io/coveralls/jshttp/forwarded/master.svg
+[coveralls-url]: https://coveralls.io/r/jshttp/forwarded?branch=master
+[downloads-image]: https://img.shields.io/npm/dm/forwarded.svg
+[downloads-url]: https://npmjs.org/package/forwarded
diff --git a/src/Servers/ExpressServer/node_modules/forwarded/index.js b/src/Servers/ExpressServer/node_modules/forwarded/index.js
new file mode 100644
index 0000000..b2b6bdd
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/forwarded/index.js
@@ -0,0 +1,90 @@
+/*!
+ * forwarded
+ * Copyright(c) 2014-2017 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict'
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = forwarded
+
+/**
+ * Get all addresses in the request, using the `X-Forwarded-For` header.
+ *
+ * @param {object} req
+ * @return {array}
+ * @public
+ */
+
+function forwarded (req) {
+  if (!req) {
+    throw new TypeError('argument req is required')
+  }
+
+  // simple header parsing
+  var proxyAddrs = parse(req.headers['x-forwarded-for'] || '')
+  var socketAddr = getSocketAddr(req)
+  var addrs = [socketAddr].concat(proxyAddrs)
+
+  // return all addresses
+  return addrs
+}
+
+/**
+ * Get the socket address for a request.
+ *
+ * @param {object} req
+ * @return {string}
+ * @private
+ */
+
+function getSocketAddr (req) {
+  return req.socket
+    ? req.socket.remoteAddress
+    : req.connection.remoteAddress
+}
+
+/**
+ * Parse the X-Forwarded-For header.
+ *
+ * @param {string} header
+ * @private
+ */
+
+function parse (header) {
+  var end = header.length
+  var list = []
+  var start = header.length
+
+  // gather addresses, backwards
+  for (var i = header.length - 1; i >= 0; i--) {
+    switch (header.charCodeAt(i)) {
+      case 0x20: /*   */
+        if (start === end) {
+          start = end = i
+        }
+        break
+      case 0x2c: /* , */
+        if (start !== end) {
+          list.push(header.substring(start, end))
+        }
+        start = end = i
+        break
+      default:
+        start = i
+        break
+    }
+  }
+
+  // final address
+  if (start !== end) {
+    list.push(header.substring(start, end))
+  }
+
+  return list
+}
diff --git a/src/Servers/ExpressServer/node_modules/forwarded/package.json b/src/Servers/ExpressServer/node_modules/forwarded/package.json
new file mode 100644
index 0000000..bf9c7d6
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/forwarded/package.json
@@ -0,0 +1,45 @@
+{
+  "name": "forwarded",
+  "description": "Parse HTTP X-Forwarded-For header",
+  "version": "0.2.0",
+  "contributors": [
+    "Douglas Christopher Wilson <doug@somethingdoug.com>"
+  ],
+  "license": "MIT",
+  "keywords": [
+    "x-forwarded-for",
+    "http",
+    "req"
+  ],
+  "repository": "jshttp/forwarded",
+  "devDependencies": {
+    "beautify-benchmark": "0.2.4",
+    "benchmark": "2.1.4",
+    "deep-equal": "1.0.1",
+    "eslint": "7.27.0",
+    "eslint-config-standard": "14.1.1",
+    "eslint-plugin-import": "2.23.4",
+    "eslint-plugin-node": "11.1.0",
+    "eslint-plugin-promise": "4.3.1",
+    "eslint-plugin-standard": "4.1.0",
+    "mocha": "8.4.0",
+    "nyc": "15.1.0"
+  },
+  "files": [
+    "LICENSE",
+    "HISTORY.md",
+    "README.md",
+    "index.js"
+  ],
+  "engines": {
+    "node": ">= 0.6"
+  },
+  "scripts": {
+    "bench": "node benchmark/index.js",
+    "lint": "eslint .",
+    "test": "mocha --reporter spec --bail --check-leaks test/",
+    "test-ci": "nyc --reporter=lcov --reporter=text npm test",
+    "test-cov": "nyc --reporter=html --reporter=text npm test",
+    "version": "node scripts/version-history.js && git add HISTORY.md"
+  }
+}
diff --git a/src/Servers/ExpressServer/node_modules/fresh/HISTORY.md b/src/Servers/ExpressServer/node_modules/fresh/HISTORY.md
new file mode 100644
index 0000000..4586996
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/fresh/HISTORY.md
@@ -0,0 +1,70 @@
+0.5.2 / 2017-09-13
+==================
+
+  * Fix regression matching multiple ETags in `If-None-Match`
+  * perf: improve `If-None-Match` token parsing
+
+0.5.1 / 2017-09-11
+==================
+
+  * Fix handling of modified headers with invalid dates
+  * perf: improve ETag match loop
+
+0.5.0 / 2017-02-21
+==================
+
+  * Fix incorrect result when `If-None-Match` has both `*` and ETags
+  * Fix weak `ETag` matching to match spec
+  * perf: delay reading header values until needed
+  * perf: skip checking modified time if ETag check failed
+  * perf: skip parsing `If-None-Match` when no `ETag` header
+  * perf: use `Date.parse` instead of `new Date`
+
+0.4.0 / 2017-02-05
+==================
+
+  * Fix false detection of `no-cache` request directive
+  * perf: enable strict mode
+  * perf: hoist regular expressions
+  * perf: remove duplicate conditional
+  * perf: remove unnecessary boolean coercions
+
+0.3.0 / 2015-05-12
+==================
+
+  * Add weak `ETag` matching support
+
+0.2.4 / 2014-09-07
+==================
+
+  * Support Node.js 0.6
+
+0.2.3 / 2014-09-07
+==================
+
+  * Move repository to jshttp
+
+0.2.2 / 2014-02-19
+==================
+
+  * Revert "Fix for blank page on Safari reload"
+
+0.2.1 / 2014-01-29
+==================
+
+  * Fix for blank page on Safari reload
+
+0.2.0 / 2013-08-11
+==================
+
+  * Return stale for `Cache-Control: no-cache`
+
+0.1.0 / 2012-06-15
+==================
+
+  * Add `If-None-Match: *` support
+
+0.0.1 / 2012-06-10
+==================
+
+  * Initial release
diff --git a/src/Servers/ExpressServer/node_modules/fresh/LICENSE b/src/Servers/ExpressServer/node_modules/fresh/LICENSE
new file mode 100644
index 0000000..1434ade
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/fresh/LICENSE
@@ -0,0 +1,23 @@
+(The MIT License)
+
+Copyright (c) 2012 TJ Holowaychuk <tj@vision-media.ca>
+Copyright (c) 2016-2017 Douglas Christopher Wilson <doug@somethingdoug.com>
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/fresh/README.md b/src/Servers/ExpressServer/node_modules/fresh/README.md
new file mode 100644
index 0000000..1c1c680
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/fresh/README.md
@@ -0,0 +1,119 @@
+# fresh
+
+[![NPM Version][npm-image]][npm-url]
+[![NPM Downloads][downloads-image]][downloads-url]
+[![Node.js Version][node-version-image]][node-version-url]
+[![Build Status][travis-image]][travis-url]
+[![Test Coverage][coveralls-image]][coveralls-url]
+
+HTTP response freshness testing
+
+## Installation
+
+This is a [Node.js](https://nodejs.org/en/) module available through the
+[npm registry](https://www.npmjs.com/). Installation is done using the
+[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
+
+```
+$ npm install fresh
+```
+
+## API
+
+<!-- eslint-disable no-unused-vars -->
+
+```js
+var fresh = require('fresh')
+```
+
+### fresh(reqHeaders, resHeaders)
+
+Check freshness of the response using request and response headers.
+
+When the response is still "fresh" in the client's cache `true` is
+returned, otherwise `false` is returned to indicate that the client
+cache is now stale and the full response should be sent.
+
+When a client sends the `Cache-Control: no-cache` request header to
+indicate an end-to-end reload request, this module will return `false`
+to make handling these requests transparent.
+
+## Known Issues
+
+This module is designed to only follow the HTTP specifications, not
+to work-around all kinda of client bugs (especially since this module
+typically does not recieve enough information to understand what the
+client actually is).
+
+There is a known issue that in certain versions of Safari, Safari
+will incorrectly make a request that allows this module to validate
+freshness of the resource even when Safari does not have a
+representation of the resource in the cache. The module
+[jumanji](https://www.npmjs.com/package/jumanji) can be used in
+an Express application to work-around this issue and also provides
+links to further reading on this Safari bug.
+
+## Example
+
+### API usage
+
+<!-- eslint-disable no-redeclare, no-undef -->
+
+```js
+var reqHeaders = { 'if-none-match': '"foo"' }
+var resHeaders = { 'etag': '"bar"' }
+fresh(reqHeaders, resHeaders)
+// => false
+
+var reqHeaders = { 'if-none-match': '"foo"' }
+var resHeaders = { 'etag': '"foo"' }
+fresh(reqHeaders, resHeaders)
+// => true
+```
+
+### Using with Node.js http server
+
+```js
+var fresh = require('fresh')
+var http = require('http')
+
+var server = http.createServer(function (req, res) {
+  // perform server logic
+  // ... including adding ETag / Last-Modified response headers
+
+  if (isFresh(req, res)) {
+    // client has a fresh copy of resource
+    res.statusCode = 304
+    res.end()
+    return
+  }
+
+  // send the resource
+  res.statusCode = 200
+  res.end('hello, world!')
+})
+
+function isFresh (req, res) {
+  return fresh(req.headers, {
+    'etag': res.getHeader('ETag'),
+    'last-modified': res.getHeader('Last-Modified')
+  })
+}
+
+server.listen(3000)
+```
+
+## License
+
+[MIT](LICENSE)
+
+[npm-image]: https://img.shields.io/npm/v/fresh.svg
+[npm-url]: https://npmjs.org/package/fresh
+[node-version-image]: https://img.shields.io/node/v/fresh.svg
+[node-version-url]: https://nodejs.org/en/
+[travis-image]: https://img.shields.io/travis/jshttp/fresh/master.svg
+[travis-url]: https://travis-ci.org/jshttp/fresh
+[coveralls-image]: https://img.shields.io/coveralls/jshttp/fresh/master.svg
+[coveralls-url]: https://coveralls.io/r/jshttp/fresh?branch=master
+[downloads-image]: https://img.shields.io/npm/dm/fresh.svg
+[downloads-url]: https://npmjs.org/package/fresh
diff --git a/src/Servers/ExpressServer/node_modules/fresh/index.js b/src/Servers/ExpressServer/node_modules/fresh/index.js
new file mode 100644
index 0000000..d154f5a
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/fresh/index.js
@@ -0,0 +1,137 @@
+/*!
+ * fresh
+ * Copyright(c) 2012 TJ Holowaychuk
+ * Copyright(c) 2016-2017 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict'
+
+/**
+ * RegExp to check for no-cache token in Cache-Control.
+ * @private
+ */
+
+var CACHE_CONTROL_NO_CACHE_REGEXP = /(?:^|,)\s*?no-cache\s*?(?:,|$)/
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = fresh
+
+/**
+ * Check freshness of the response using request and response headers.
+ *
+ * @param {Object} reqHeaders
+ * @param {Object} resHeaders
+ * @return {Boolean}
+ * @public
+ */
+
+function fresh (reqHeaders, resHeaders) {
+  // fields
+  var modifiedSince = reqHeaders['if-modified-since']
+  var noneMatch = reqHeaders['if-none-match']
+
+  // unconditional request
+  if (!modifiedSince && !noneMatch) {
+    return false
+  }
+
+  // Always return stale when Cache-Control: no-cache
+  // to support end-to-end reload requests
+  // https://tools.ietf.org/html/rfc2616#section-14.9.4
+  var cacheControl = reqHeaders['cache-control']
+  if (cacheControl && CACHE_CONTROL_NO_CACHE_REGEXP.test(cacheControl)) {
+    return false
+  }
+
+  // if-none-match
+  if (noneMatch && noneMatch !== '*') {
+    var etag = resHeaders['etag']
+
+    if (!etag) {
+      return false
+    }
+
+    var etagStale = true
+    var matches = parseTokenList(noneMatch)
+    for (var i = 0; i < matches.length; i++) {
+      var match = matches[i]
+      if (match === etag || match === 'W/' + etag || 'W/' + match === etag) {
+        etagStale = false
+        break
+      }
+    }
+
+    if (etagStale) {
+      return false
+    }
+  }
+
+  // if-modified-since
+  if (modifiedSince) {
+    var lastModified = resHeaders['last-modified']
+    var modifiedStale = !lastModified || !(parseHttpDate(lastModified) <= parseHttpDate(modifiedSince))
+
+    if (modifiedStale) {
+      return false
+    }
+  }
+
+  return true
+}
+
+/**
+ * Parse an HTTP Date into a number.
+ *
+ * @param {string} date
+ * @private
+ */
+
+function parseHttpDate (date) {
+  var timestamp = date && Date.parse(date)
+
+  // istanbul ignore next: guard against date.js Date.parse patching
+  return typeof timestamp === 'number'
+    ? timestamp
+    : NaN
+}
+
+/**
+ * Parse a HTTP token list.
+ *
+ * @param {string} str
+ * @private
+ */
+
+function parseTokenList (str) {
+  var end = 0
+  var list = []
+  var start = 0
+
+  // gather tokens
+  for (var i = 0, len = str.length; i < len; i++) {
+    switch (str.charCodeAt(i)) {
+      case 0x20: /*   */
+        if (start === end) {
+          start = end = i + 1
+        }
+        break
+      case 0x2c: /* , */
+        list.push(str.substring(start, end))
+        start = end = i + 1
+        break
+      default:
+        end = i + 1
+        break
+    }
+  }
+
+  // final token
+  list.push(str.substring(start, end))
+
+  return list
+}
diff --git a/src/Servers/ExpressServer/node_modules/fresh/package.json b/src/Servers/ExpressServer/node_modules/fresh/package.json
new file mode 100644
index 0000000..c2fa0f4
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/fresh/package.json
@@ -0,0 +1,46 @@
+{
+  "name": "fresh",
+  "description": "HTTP response freshness testing",
+  "version": "0.5.2",
+  "author": "TJ Holowaychuk <tj@vision-media.ca> (http://tjholowaychuk.com)",
+  "contributors": [
+    "Douglas Christopher Wilson <doug@somethingdoug.com>",
+    "Jonathan Ong <me@jongleberry.com> (http://jongleberry.com)"
+  ],
+  "license": "MIT",
+  "keywords": [
+    "fresh",
+    "http",
+    "conditional",
+    "cache"
+  ],
+  "repository": "jshttp/fresh",
+  "devDependencies": {
+    "beautify-benchmark": "0.2.4",
+    "benchmark": "2.1.4",
+    "eslint": "3.19.0",
+    "eslint-config-standard": "10.2.1",
+    "eslint-plugin-import": "2.7.0",
+    "eslint-plugin-markdown": "1.0.0-beta.6",
+    "eslint-plugin-node": "5.1.1",
+    "eslint-plugin-promise": "3.5.0",
+    "eslint-plugin-standard": "3.0.1",
+    "istanbul": "0.4.5",
+    "mocha": "1.21.5"
+  },
+  "files": [
+    "HISTORY.md",
+    "LICENSE",
+    "index.js"
+  ],
+  "engines": {
+    "node": ">= 0.6"
+  },
+  "scripts": {
+    "bench": "node benchmark/index.js",
+    "lint": "eslint --plugin markdown --ext js,md .",
+    "test": "mocha --reporter spec --bail --check-leaks test/",
+    "test-cov": "istanbul cover node_modules/mocha/bin/_mocha -- --reporter dot --check-leaks test/",
+    "test-travis": "istanbul cover node_modules/mocha/bin/_mocha --report lcovonly -- --reporter spec --check-leaks test/"
+  }
+}
diff --git a/src/Servers/ExpressServer/node_modules/function-bind/.eslintrc b/src/Servers/ExpressServer/node_modules/function-bind/.eslintrc
new file mode 100644
index 0000000..71a054f
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/function-bind/.eslintrc
@@ -0,0 +1,21 @@
+{
+	"root": true,
+
+	"extends": "@ljharb",
+
+	"rules": {
+		"func-name-matching": 0,
+		"indent": [2, 4],
+		"no-new-func": [1],
+	},
+
+	"overrides": [
+		{
+			"files": "test/**",
+			"rules": {
+				"max-lines-per-function": 0,
+				"strict": [0]
+			},
+		},
+	],
+}
diff --git a/src/Servers/ExpressServer/node_modules/function-bind/.github/FUNDING.yml b/src/Servers/ExpressServer/node_modules/function-bind/.github/FUNDING.yml
new file mode 100644
index 0000000..7448219
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/function-bind/.github/FUNDING.yml
@@ -0,0 +1,12 @@
+# These are supported funding model platforms
+
+github: [ljharb]
+patreon: # Replace with a single Patreon username
+open_collective: # Replace with a single Open Collective username
+ko_fi: # Replace with a single Ko-fi username
+tidelift: npm/function-bind
+community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
+liberapay: # Replace with a single Liberapay username
+issuehunt: # Replace with a single IssueHunt username
+otechie: # Replace with a single Otechie username
+custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']
diff --git a/src/Servers/ExpressServer/node_modules/function-bind/.github/SECURITY.md b/src/Servers/ExpressServer/node_modules/function-bind/.github/SECURITY.md
new file mode 100644
index 0000000..82e4285
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/function-bind/.github/SECURITY.md
@@ -0,0 +1,3 @@
+# Security
+
+Please email [@ljharb](https://github.com/ljharb) or see https://tidelift.com/security if you have a potential security vulnerability to report.
diff --git a/src/Servers/ExpressServer/node_modules/function-bind/.nycrc b/src/Servers/ExpressServer/node_modules/function-bind/.nycrc
new file mode 100644
index 0000000..1826526
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/function-bind/.nycrc
@@ -0,0 +1,13 @@
+{
+	"all": true,
+	"check-coverage": false,
+	"reporter": ["text-summary", "text", "html", "json"],
+	"lines": 86,
+	"statements": 85.93,
+	"functions": 82.43,
+	"branches": 76.06,
+	"exclude": [
+		"coverage",
+		"test"
+	]
+}
diff --git a/src/Servers/ExpressServer/node_modules/function-bind/CHANGELOG.md b/src/Servers/ExpressServer/node_modules/function-bind/CHANGELOG.md
new file mode 100644
index 0000000..f9e6cc0
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/function-bind/CHANGELOG.md
@@ -0,0 +1,136 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [v1.1.2](https://github.com/ljharb/function-bind/compare/v1.1.1...v1.1.2) - 2023-10-12
+
+### Merged
+
+- Point to the correct file [`#16`](https://github.com/ljharb/function-bind/pull/16)
+
+### Commits
+
+- [Tests] migrate tests to Github Actions [`4f8b57c`](https://github.com/ljharb/function-bind/commit/4f8b57c02f2011fe9ae353d5e74e8745f0988af8)
+- [Tests] remove `jscs` [`90eb2ed`](https://github.com/ljharb/function-bind/commit/90eb2edbeefd5b76cd6c3a482ea3454db169b31f)
+- [meta] update `.gitignore` [`53fcdc3`](https://github.com/ljharb/function-bind/commit/53fcdc371cd66634d6e9b71c836a50f437e89fed)
+- [Tests] up to `node` `v11.10`, `v10.15`, `v9.11`, `v8.15`, `v6.16`, `v4.9`; use `nvm install-latest-npm`; run audit script in tests [`1fe8f6e`](https://github.com/ljharb/function-bind/commit/1fe8f6e9aed0dfa8d8b3cdbd00c7f5ea0cd2b36e)
+- [meta] add `auto-changelog` [`1921fcb`](https://github.com/ljharb/function-bind/commit/1921fcb5b416b63ffc4acad051b6aad5722f777d)
+- [Robustness] remove runtime dependency on all builtins except `.apply` [`f743e61`](https://github.com/ljharb/function-bind/commit/f743e61aa6bb2360358c04d4884c9db853d118b7)
+- Docs: enable badges; update wording [`503cb12`](https://github.com/ljharb/function-bind/commit/503cb12d998b5f91822776c73332c7adcd6355dd)
+- [readme] update badges [`290c5db`](https://github.com/ljharb/function-bind/commit/290c5dbbbda7264efaeb886552a374b869a4bb48)
+- [Tests] switch to nyc for coverage [`ea360ba`](https://github.com/ljharb/function-bind/commit/ea360ba907fc2601ed18d01a3827fa2d3533cdf8)
+- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `tape` [`cae5e9e`](https://github.com/ljharb/function-bind/commit/cae5e9e07a5578dc6df26c03ee22851ce05b943c)
+- [meta] add `funding` field; create FUNDING.yml [`c9f4274`](https://github.com/ljharb/function-bind/commit/c9f4274aa80ea3aae9657a3938fdba41a3b04ca6)
+- [Tests] fix eslint errors from #15 [`f69aaa2`](https://github.com/ljharb/function-bind/commit/f69aaa2beb2fdab4415bfb885760a699d0b9c964)
+- [actions] fix permissions [`99a0cd9`](https://github.com/ljharb/function-bind/commit/99a0cd9f3b5bac223a0d572f081834cd73314be7)
+- [meta] use `npmignore` to autogenerate an npmignore file [`f03b524`](https://github.com/ljharb/function-bind/commit/f03b524ca91f75a109a5d062f029122c86ecd1ae)
+- [Dev Deps] update `@ljharb/eslint‑config`, `eslint`, `tape` [`7af9300`](https://github.com/ljharb/function-bind/commit/7af930023ae2ce7645489532821e4fbbcd7a2280)
+- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `covert`, `tape` [`64a9127`](https://github.com/ljharb/function-bind/commit/64a9127ab0bd331b93d6572eaf6e9971967fc08c)
+- [Tests] use `aud` instead of `npm audit` [`e75069c`](https://github.com/ljharb/function-bind/commit/e75069c50010a8fcce2a9ce2324934c35fdb4386)
+- [Dev Deps] update `@ljharb/eslint-config`, `aud`, `tape` [`d03555c`](https://github.com/ljharb/function-bind/commit/d03555ca59dea3b71ce710045e4303b9e2619e28)
+- [meta] add `safe-publish-latest` [`9c8f809`](https://github.com/ljharb/function-bind/commit/9c8f8092aed027d7e80c94f517aa892385b64f09)
+- [Dev Deps] update `@ljharb/eslint-config`, `tape` [`baf6893`](https://github.com/ljharb/function-bind/commit/baf6893e27f5b59abe88bc1995e6f6ed1e527397)
+- [meta] create SECURITY.md [`4db1779`](https://github.com/ljharb/function-bind/commit/4db17799f1f28ae294cb95e0081ca2b591c3911b)
+- [Tests] add `npm run audit` [`c8b38ec`](https://github.com/ljharb/function-bind/commit/c8b38ec40ed3f85dabdee40ed4148f1748375bc2)
+- Revert "Point to the correct file" [`05cdf0f`](https://github.com/ljharb/function-bind/commit/05cdf0fa205c6a3c5ba40bbedd1dfa9874f915c9)
+
+## [v1.1.1](https://github.com/ljharb/function-bind/compare/v1.1.0...v1.1.1) - 2017-08-28
+
+### Commits
+
+- [Tests] up to `node` `v8`; newer npm breaks on older node; fix scripts [`817f7d2`](https://github.com/ljharb/function-bind/commit/817f7d28470fdbff8ef608d4d565dd4d1430bc5e)
+- [Dev Deps] update `eslint`, `jscs`, `tape`, `@ljharb/eslint-config` [`854288b`](https://github.com/ljharb/function-bind/commit/854288b1b6f5c555f89aceb9eff1152510262084)
+- [Dev Deps] update `tape`, `jscs`, `eslint`, `@ljharb/eslint-config` [`83e639f`](https://github.com/ljharb/function-bind/commit/83e639ff74e6cd6921285bccec22c1bcf72311bd)
+- Only apps should have lockfiles [`5ed97f5`](https://github.com/ljharb/function-bind/commit/5ed97f51235c17774e0832e122abda0f3229c908)
+- Use a SPDX-compliant “license” field. [`5feefea`](https://github.com/ljharb/function-bind/commit/5feefea0dc0193993e83e5df01ded424403a5381)
+
+## [v1.1.0](https://github.com/ljharb/function-bind/compare/v1.0.2...v1.1.0) - 2016-02-14
+
+### Commits
+
+- Update `eslint`, `tape`; use my personal shared `eslint` config [`9c9062a`](https://github.com/ljharb/function-bind/commit/9c9062abbe9dd70b59ea2c3a3c3a81f29b457097)
+- Add `npm run eslint` [`dd96c56`](https://github.com/ljharb/function-bind/commit/dd96c56720034a3c1ffee10b8a59a6f7c53e24ad)
+- [New] return the native `bind` when available. [`82186e0`](https://github.com/ljharb/function-bind/commit/82186e03d73e580f95ff167e03f3582bed90ed72)
+- [Dev Deps] update `tape`, `jscs`, `eslint`, `@ljharb/eslint-config` [`a3dd767`](https://github.com/ljharb/function-bind/commit/a3dd76720c795cb7f4586b0544efabf8aa107b8b)
+- Update `eslint` [`3dae2f7`](https://github.com/ljharb/function-bind/commit/3dae2f7423de30a2d20313ddb1edc19660142fe9)
+- Update `tape`, `covert`, `jscs` [`a181eee`](https://github.com/ljharb/function-bind/commit/a181eee0cfa24eb229c6e843a971f36e060a2f6a)
+- [Tests] up to `node` `v5.6`, `v4.3` [`964929a`](https://github.com/ljharb/function-bind/commit/964929a6a4ddb36fb128de2bcc20af5e4f22e1ed)
+- Test up to `io.js` `v2.1` [`2be7310`](https://github.com/ljharb/function-bind/commit/2be7310f2f74886a7124ca925be411117d41d5ea)
+- Update `tape`, `jscs`, `eslint`, `@ljharb/eslint-config` [`45f3d68`](https://github.com/ljharb/function-bind/commit/45f3d6865c6ca93726abcef54febe009087af101)
+- [Dev Deps] update `tape`, `jscs` [`6e1340d`](https://github.com/ljharb/function-bind/commit/6e1340d94642deaecad3e717825db641af4f8b1f)
+- [Tests] up to `io.js` `v3.3`, `node` `v4.1` [`d9bad2b`](https://github.com/ljharb/function-bind/commit/d9bad2b778b1b3a6dd2876087b88b3acf319f8cc)
+- Update `eslint` [`935590c`](https://github.com/ljharb/function-bind/commit/935590caa024ab356102e4858e8fc315b2ccc446)
+- [Dev Deps] update `jscs`, `eslint`, `@ljharb/eslint-config` [`8c9a1ef`](https://github.com/ljharb/function-bind/commit/8c9a1efd848e5167887aa8501857a0940a480c57)
+- Test on `io.js` `v2.2` [`9a3a38c`](https://github.com/ljharb/function-bind/commit/9a3a38c92013aed6e108666e7bd40969b84ac86e)
+- Run `travis-ci` tests on `iojs` and `node` v0.12; speed up builds; allow 0.8 failures. [`69afc26`](https://github.com/ljharb/function-bind/commit/69afc2617405b147dd2a8d8ae73ca9e9283f18b4)
+- [Dev Deps] Update `tape`, `eslint` [`36c1be0`](https://github.com/ljharb/function-bind/commit/36c1be0ab12b45fe5df6b0fdb01a5d5137fd0115)
+- Update `tape`, `jscs` [`98d8303`](https://github.com/ljharb/function-bind/commit/98d8303cd5ca1c6b8f985469f86b0d44d7d45f6e)
+- Update `jscs` [`9633a4e`](https://github.com/ljharb/function-bind/commit/9633a4e9fbf82051c240855166e468ba8ba0846f)
+- Update `tape`, `jscs` [`c80ef0f`](https://github.com/ljharb/function-bind/commit/c80ef0f46efc9791e76fa50de4414092ac147831)
+- Test up to `io.js` `v3.0` [`7e2c853`](https://github.com/ljharb/function-bind/commit/7e2c8537d52ab9cf5a655755561d8917684c0df4)
+- Test on `io.js` `v2.4` [`5a199a2`](https://github.com/ljharb/function-bind/commit/5a199a27ba46795ba5eaf0845d07d4b8232895c9)
+- Test on `io.js` `v2.3` [`a511b88`](https://github.com/ljharb/function-bind/commit/a511b8896de0bddf3b56862daa416c701f4d0453)
+- Fixing a typo from 822b4e1938db02dc9584aa434fd3a45cb20caf43 [`732d6b6`](https://github.com/ljharb/function-bind/commit/732d6b63a9b33b45230e630dbcac7a10855d3266)
+- Update `jscs` [`da52a48`](https://github.com/ljharb/function-bind/commit/da52a4886c06d6490f46ae30b15e4163ba08905d)
+- Lock covert to v1.0.0. [`d6150fd`](https://github.com/ljharb/function-bind/commit/d6150fda1e6f486718ebdeff823333d9e48e7430)
+
+## [v1.0.2](https://github.com/ljharb/function-bind/compare/v1.0.1...v1.0.2) - 2014-10-04
+
+## [v1.0.1](https://github.com/ljharb/function-bind/compare/v1.0.0...v1.0.1) - 2014-10-03
+
+### Merged
+
+- make CI build faster [`#3`](https://github.com/ljharb/function-bind/pull/3)
+
+### Commits
+
+- Using my standard jscs.json [`d8ee94c`](https://github.com/ljharb/function-bind/commit/d8ee94c993eff0a84cf5744fe6a29627f5cffa1a)
+- Adding `npm run lint` [`7571ab7`](https://github.com/ljharb/function-bind/commit/7571ab7dfdbd99b25a1dbb2d232622bd6f4f9c10)
+- Using consistent indentation [`e91a1b1`](https://github.com/ljharb/function-bind/commit/e91a1b13a61e99ec1e530e299b55508f74218a95)
+- Updating jscs [`7e17892`](https://github.com/ljharb/function-bind/commit/7e1789284bc629bc9c1547a61c9b227bbd8c7a65)
+- Using consistent quotes [`c50b57f`](https://github.com/ljharb/function-bind/commit/c50b57fcd1c5ec38320979c837006069ebe02b77)
+- Adding keywords [`cb94631`](https://github.com/ljharb/function-bind/commit/cb946314eed35f21186a25fb42fc118772f9ee00)
+- Directly export a function expression instead of using a declaration, and relying on hoisting. [`5a33c5f`](https://github.com/ljharb/function-bind/commit/5a33c5f45642de180e0d207110bf7d1843ceb87c)
+- Naming npm URL and badge in README; use SVG [`2aef8fc`](https://github.com/ljharb/function-bind/commit/2aef8fcb79d54e63a58ae557c4e60949e05d5e16)
+- Naming deps URLs in README [`04228d7`](https://github.com/ljharb/function-bind/commit/04228d766670ee45ca24e98345c1f6a7621065b5)
+- Naming travis-ci URLs in README; using SVG [`62c810c`](https://github.com/ljharb/function-bind/commit/62c810c2f54ced956cd4d4ab7b793055addfe36e)
+- Make sure functions are invoked correctly (also passing coverage tests) [`2b289b4`](https://github.com/ljharb/function-bind/commit/2b289b4dfbf037ffcfa4dc95eb540f6165e9e43a)
+- Removing the strict mode pragmas; they make tests fail. [`1aa701d`](https://github.com/ljharb/function-bind/commit/1aa701d199ddc3782476e8f7eef82679be97b845)
+- Adding myself as a contributor [`85fd57b`](https://github.com/ljharb/function-bind/commit/85fd57b0860e5a7af42de9a287f3f265fc6d72fc)
+- Adding strict mode pragmas [`915b08e`](https://github.com/ljharb/function-bind/commit/915b08e084c86a722eafe7245e21db74aa21ca4c)
+- Adding devDeps URLs to README [`4ccc731`](https://github.com/ljharb/function-bind/commit/4ccc73112c1769859e4ca3076caf4086b3cba2cd)
+- Fixing the description. [`a7a472c`](https://github.com/ljharb/function-bind/commit/a7a472cf649af515c635cf560fc478fbe48999c8)
+- Using a function expression instead of a function declaration. [`b5d3e4e`](https://github.com/ljharb/function-bind/commit/b5d3e4ea6aaffc63888953eeb1fbc7ff45f1fa14)
+- Updating tape [`f086be6`](https://github.com/ljharb/function-bind/commit/f086be6029fb56dde61a258c1340600fa174d1e0)
+- Updating jscs [`5f9bdb3`](https://github.com/ljharb/function-bind/commit/5f9bdb375ab13ba48f30852aab94029520c54d71)
+- Updating jscs [`9b409ba`](https://github.com/ljharb/function-bind/commit/9b409ba6118e23395a4e5d83ef39152aab9d3bfc)
+- Run coverage as part of tests. [`8e1b6d4`](https://github.com/ljharb/function-bind/commit/8e1b6d459f047d1bd4fee814e01247c984c80bd0)
+- Run linter as part of tests [`c1ca83f`](https://github.com/ljharb/function-bind/commit/c1ca83f832df94587d09e621beba682fabfaa987)
+- Updating covert [`701e837`](https://github.com/ljharb/function-bind/commit/701e83774b57b4d3ef631e1948143f43a72f4bb9)
+
+## [v1.0.0](https://github.com/ljharb/function-bind/compare/v0.2.0...v1.0.0) - 2014-08-09
+
+### Commits
+
+- Make sure old and unstable nodes don't fail Travis [`27adca3`](https://github.com/ljharb/function-bind/commit/27adca34a4ab6ad67b6dfde43942a1b103ce4d75)
+- Fixing an issue when the bound function is called as a constructor in ES3. [`e20122d`](https://github.com/ljharb/function-bind/commit/e20122d267d92ce553859b280cbbea5d27c07731)
+- Adding `npm run coverage` [`a2e29c4`](https://github.com/ljharb/function-bind/commit/a2e29c4ecaef9e2f6cd1603e868c139073375502)
+- Updating tape [`b741168`](https://github.com/ljharb/function-bind/commit/b741168b12b235b1717ff696087645526b69213c)
+- Upgrading tape [`63631a0`](https://github.com/ljharb/function-bind/commit/63631a04c7fbe97cc2fa61829cc27246d6986f74)
+- Updating tape [`363cb46`](https://github.com/ljharb/function-bind/commit/363cb46dafb23cb3e347729a22f9448051d78464)
+
+## v0.2.0 - 2014-03-23
+
+### Commits
+
+- Updating test coverage to match es5-shim. [`aa94d44`](https://github.com/ljharb/function-bind/commit/aa94d44b8f9d7f69f10e060db7709aa7a694e5d4)
+- initial [`942ee07`](https://github.com/ljharb/function-bind/commit/942ee07e94e542d91798137bc4b80b926137e066)
+- Setting the bound function's length properly. [`079f46a`](https://github.com/ljharb/function-bind/commit/079f46a2d3515b7c0b308c2c13fceb641f97ca25)
+- Ensuring that some older browsers will throw when given a regex. [`36ac55b`](https://github.com/ljharb/function-bind/commit/36ac55b87f460d4330253c92870aa26fbfe8227f)
+- Removing npm scripts that don't have dependencies [`9d2be60`](https://github.com/ljharb/function-bind/commit/9d2be600002cb8bc8606f8f3585ad3e05868c750)
+- Updating tape [`297a4ac`](https://github.com/ljharb/function-bind/commit/297a4acc5464db381940aafb194d1c88f4e678f3)
+- Skipping length tests for now. [`d9891ea`](https://github.com/ljharb/function-bind/commit/d9891ea4d2aaffa69f408339cdd61ff740f70565)
+- don't take my tea [`dccd930`](https://github.com/ljharb/function-bind/commit/dccd930bfd60ea10cb178d28c97550c3bc8c1e07)
diff --git a/src/Servers/ExpressServer/node_modules/function-bind/LICENSE b/src/Servers/ExpressServer/node_modules/function-bind/LICENSE
new file mode 100644
index 0000000..62d6d23
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/function-bind/LICENSE
@@ -0,0 +1,20 @@
+Copyright (c) 2013 Raynos.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
+
diff --git a/src/Servers/ExpressServer/node_modules/function-bind/README.md b/src/Servers/ExpressServer/node_modules/function-bind/README.md
new file mode 100644
index 0000000..814c20b
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/function-bind/README.md
@@ -0,0 +1,46 @@
+# function-bind <sup>[![Version Badge][npm-version-svg]][package-url]</sup>
+
+[![github actions][actions-image]][actions-url]
+<!--[![coverage][codecov-image]][codecov-url]-->
+[![dependency status][deps-svg]][deps-url]
+[![dev dependency status][dev-deps-svg]][dev-deps-url]
+[![License][license-image]][license-url]
+[![Downloads][downloads-image]][downloads-url]
+
+[![npm badge][npm-badge-png]][package-url]
+
+Implementation of function.prototype.bind
+
+Old versions of phantomjs, Internet Explorer < 9, and node < 0.6 don't support `Function.prototype.bind`.
+
+## Example
+
+```js
+Function.prototype.bind = require("function-bind")
+```
+
+## Installation
+
+`npm install function-bind`
+
+## Contributors
+
+ - Raynos
+
+## MIT Licenced
+
+[package-url]: https://npmjs.org/package/function-bind
+[npm-version-svg]: https://versionbadg.es/Raynos/function-bind.svg
+[deps-svg]: https://david-dm.org/Raynos/function-bind.svg
+[deps-url]: https://david-dm.org/Raynos/function-bind
+[dev-deps-svg]: https://david-dm.org/Raynos/function-bind/dev-status.svg
+[dev-deps-url]: https://david-dm.org/Raynos/function-bind#info=devDependencies
+[npm-badge-png]: https://nodei.co/npm/function-bind.png?downloads=true&stars=true
+[license-image]: https://img.shields.io/npm/l/function-bind.svg
+[license-url]: LICENSE
+[downloads-image]: https://img.shields.io/npm/dm/function-bind.svg
+[downloads-url]: https://npm-stat.com/charts.html?package=function-bind
+[codecov-image]: https://codecov.io/gh/Raynos/function-bind/branch/main/graphs/badge.svg
+[codecov-url]: https://app.codecov.io/gh/Raynos/function-bind/
+[actions-image]: https://img.shields.io/endpoint?url=https://github-actions-badge-u3jn4tfpocch.runkit.sh/Raynos/function-bind
+[actions-url]: https://github.com/Raynos/function-bind/actions
diff --git a/src/Servers/ExpressServer/node_modules/function-bind/implementation.js b/src/Servers/ExpressServer/node_modules/function-bind/implementation.js
new file mode 100644
index 0000000..fd4384c
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/function-bind/implementation.js
@@ -0,0 +1,84 @@
+'use strict';
+
+/* eslint no-invalid-this: 1 */
+
+var ERROR_MESSAGE = 'Function.prototype.bind called on incompatible ';
+var toStr = Object.prototype.toString;
+var max = Math.max;
+var funcType = '[object Function]';
+
+var concatty = function concatty(a, b) {
+    var arr = [];
+
+    for (var i = 0; i < a.length; i += 1) {
+        arr[i] = a[i];
+    }
+    for (var j = 0; j < b.length; j += 1) {
+        arr[j + a.length] = b[j];
+    }
+
+    return arr;
+};
+
+var slicy = function slicy(arrLike, offset) {
+    var arr = [];
+    for (var i = offset || 0, j = 0; i < arrLike.length; i += 1, j += 1) {
+        arr[j] = arrLike[i];
+    }
+    return arr;
+};
+
+var joiny = function (arr, joiner) {
+    var str = '';
+    for (var i = 0; i < arr.length; i += 1) {
+        str += arr[i];
+        if (i + 1 < arr.length) {
+            str += joiner;
+        }
+    }
+    return str;
+};
+
+module.exports = function bind(that) {
+    var target = this;
+    if (typeof target !== 'function' || toStr.apply(target) !== funcType) {
+        throw new TypeError(ERROR_MESSAGE + target);
+    }
+    var args = slicy(arguments, 1);
+
+    var bound;
+    var binder = function () {
+        if (this instanceof bound) {
+            var result = target.apply(
+                this,
+                concatty(args, arguments)
+            );
+            if (Object(result) === result) {
+                return result;
+            }
+            return this;
+        }
+        return target.apply(
+            that,
+            concatty(args, arguments)
+        );
+
+    };
+
+    var boundLength = max(0, target.length - args.length);
+    var boundArgs = [];
+    for (var i = 0; i < boundLength; i++) {
+        boundArgs[i] = '$' + i;
+    }
+
+    bound = Function('binder', 'return function (' + joiny(boundArgs, ',') + '){ return binder.apply(this,arguments); }')(binder);
+
+    if (target.prototype) {
+        var Empty = function Empty() {};
+        Empty.prototype = target.prototype;
+        bound.prototype = new Empty();
+        Empty.prototype = null;
+    }
+
+    return bound;
+};
diff --git a/src/Servers/ExpressServer/node_modules/function-bind/index.js b/src/Servers/ExpressServer/node_modules/function-bind/index.js
new file mode 100644
index 0000000..3bb6b96
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/function-bind/index.js
@@ -0,0 +1,5 @@
+'use strict';
+
+var implementation = require('./implementation');
+
+module.exports = Function.prototype.bind || implementation;
diff --git a/src/Servers/ExpressServer/node_modules/function-bind/package.json b/src/Servers/ExpressServer/node_modules/function-bind/package.json
new file mode 100644
index 0000000..6185963
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/function-bind/package.json
@@ -0,0 +1,87 @@
+{
+  "name": "function-bind",
+  "version": "1.1.2",
+  "description": "Implementation of Function.prototype.bind",
+  "keywords": [
+    "function",
+    "bind",
+    "shim",
+    "es5"
+  ],
+  "author": "Raynos <raynos2@gmail.com>",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/Raynos/function-bind.git"
+  },
+  "funding": {
+    "url": "https://github.com/sponsors/ljharb"
+  },
+  "main": "index",
+  "homepage": "https://github.com/Raynos/function-bind",
+  "contributors": [
+    {
+      "name": "Raynos"
+    },
+    {
+      "name": "Jordan Harband",
+      "url": "https://github.com/ljharb"
+    }
+  ],
+  "bugs": {
+    "url": "https://github.com/Raynos/function-bind/issues",
+    "email": "raynos2@gmail.com"
+  },
+  "devDependencies": {
+    "@ljharb/eslint-config": "^21.1.0",
+    "aud": "^2.0.3",
+    "auto-changelog": "^2.4.0",
+    "eslint": "=8.8.0",
+    "in-publish": "^2.0.1",
+    "npmignore": "^0.3.0",
+    "nyc": "^10.3.2",
+    "safe-publish-latest": "^2.0.0",
+    "tape": "^5.7.1"
+  },
+  "license": "MIT",
+  "scripts": {
+    "prepublishOnly": "safe-publish-latest",
+    "prepublish": "not-in-publish || npm run prepublishOnly",
+    "prepack": "npmignore --auto --commentLines=autogenerated",
+    "pretest": "npm run lint",
+    "test": "npm run tests-only",
+    "posttest": "aud --production",
+    "tests-only": "nyc tape 'test/**/*.js'",
+    "lint": "eslint --ext=js,mjs .",
+    "version": "auto-changelog && git add CHANGELOG.md",
+    "postversion": "auto-changelog && git add CHANGELOG.md && git commit --no-edit --amend && git tag -f \"v$(node -e \"console.log(require('./package.json').version)\")\""
+  },
+  "testling": {
+    "files": "test/index.js",
+    "browsers": [
+      "ie/8..latest",
+      "firefox/16..latest",
+      "firefox/nightly",
+      "chrome/22..latest",
+      "chrome/canary",
+      "opera/12..latest",
+      "opera/next",
+      "safari/5.1..latest",
+      "ipad/6.0..latest",
+      "iphone/6.0..latest",
+      "android-browser/4.2..latest"
+    ]
+  },
+  "auto-changelog": {
+    "output": "CHANGELOG.md",
+    "template": "keepachangelog",
+    "unreleased": false,
+    "commitLimit": false,
+    "backfillLimit": false,
+    "hideCredit": true
+  },
+  "publishConfig": {
+    "ignore": [
+      ".github/workflows"
+    ]
+  }
+}
diff --git a/src/Servers/ExpressServer/node_modules/function-bind/test/.eslintrc b/src/Servers/ExpressServer/node_modules/function-bind/test/.eslintrc
new file mode 100644
index 0000000..8a56d5b
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/function-bind/test/.eslintrc
@@ -0,0 +1,9 @@
+{
+	"rules": {
+		"array-bracket-newline": 0,
+		"array-element-newline": 0,
+		"max-statements-per-line": [2, { "max": 2 }],
+		"no-invalid-this": 0,
+		"no-magic-numbers": 0,
+	}
+}
diff --git a/src/Servers/ExpressServer/node_modules/function-bind/test/index.js b/src/Servers/ExpressServer/node_modules/function-bind/test/index.js
new file mode 100644
index 0000000..2edecce
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/function-bind/test/index.js
@@ -0,0 +1,252 @@
+// jscs:disable requireUseStrict
+
+var test = require('tape');
+
+var functionBind = require('../implementation');
+var getCurrentContext = function () { return this; };
+
+test('functionBind is a function', function (t) {
+    t.equal(typeof functionBind, 'function');
+    t.end();
+});
+
+test('non-functions', function (t) {
+    var nonFunctions = [true, false, [], {}, 42, 'foo', NaN, /a/g];
+    t.plan(nonFunctions.length);
+    for (var i = 0; i < nonFunctions.length; ++i) {
+        try { functionBind.call(nonFunctions[i]); } catch (ex) {
+            t.ok(ex instanceof TypeError, 'throws when given ' + String(nonFunctions[i]));
+        }
+    }
+    t.end();
+});
+
+test('without a context', function (t) {
+    t.test('binds properly', function (st) {
+        var args, context;
+        var namespace = {
+            func: functionBind.call(function () {
+                args = Array.prototype.slice.call(arguments);
+                context = this;
+            })
+        };
+        namespace.func(1, 2, 3);
+        st.deepEqual(args, [1, 2, 3]);
+        st.equal(context, getCurrentContext.call());
+        st.end();
+    });
+
+    t.test('binds properly, and still supplies bound arguments', function (st) {
+        var args, context;
+        var namespace = {
+            func: functionBind.call(function () {
+                args = Array.prototype.slice.call(arguments);
+                context = this;
+            }, undefined, 1, 2, 3)
+        };
+        namespace.func(4, 5, 6);
+        st.deepEqual(args, [1, 2, 3, 4, 5, 6]);
+        st.equal(context, getCurrentContext.call());
+        st.end();
+    });
+
+    t.test('returns properly', function (st) {
+        var args;
+        var namespace = {
+            func: functionBind.call(function () {
+                args = Array.prototype.slice.call(arguments);
+                return this;
+            }, null)
+        };
+        var context = namespace.func(1, 2, 3);
+        st.equal(context, getCurrentContext.call(), 'returned context is namespaced context');
+        st.deepEqual(args, [1, 2, 3], 'passed arguments are correct');
+        st.end();
+    });
+
+    t.test('returns properly with bound arguments', function (st) {
+        var args;
+        var namespace = {
+            func: functionBind.call(function () {
+                args = Array.prototype.slice.call(arguments);
+                return this;
+            }, null, 1, 2, 3)
+        };
+        var context = namespace.func(4, 5, 6);
+        st.equal(context, getCurrentContext.call(), 'returned context is namespaced context');
+        st.deepEqual(args, [1, 2, 3, 4, 5, 6], 'passed arguments are correct');
+        st.end();
+    });
+
+    t.test('called as a constructor', function (st) {
+        var thunkify = function (value) {
+            return function () { return value; };
+        };
+        st.test('returns object value', function (sst) {
+            var expectedReturnValue = [1, 2, 3];
+            var Constructor = functionBind.call(thunkify(expectedReturnValue), null);
+            var result = new Constructor();
+            sst.equal(result, expectedReturnValue);
+            sst.end();
+        });
+
+        st.test('does not return primitive value', function (sst) {
+            var Constructor = functionBind.call(thunkify(42), null);
+            var result = new Constructor();
+            sst.notEqual(result, 42);
+            sst.end();
+        });
+
+        st.test('object from bound constructor is instance of original and bound constructor', function (sst) {
+            var A = function (x) {
+                this.name = x || 'A';
+            };
+            var B = functionBind.call(A, null, 'B');
+
+            var result = new B();
+            sst.ok(result instanceof B, 'result is instance of bound constructor');
+            sst.ok(result instanceof A, 'result is instance of original constructor');
+            sst.end();
+        });
+
+        st.end();
+    });
+
+    t.end();
+});
+
+test('with a context', function (t) {
+    t.test('with no bound arguments', function (st) {
+        var args, context;
+        var boundContext = {};
+        var namespace = {
+            func: functionBind.call(function () {
+                args = Array.prototype.slice.call(arguments);
+                context = this;
+            }, boundContext)
+        };
+        namespace.func(1, 2, 3);
+        st.equal(context, boundContext, 'binds a context properly');
+        st.deepEqual(args, [1, 2, 3], 'supplies passed arguments');
+        st.end();
+    });
+
+    t.test('with bound arguments', function (st) {
+        var args, context;
+        var boundContext = {};
+        var namespace = {
+            func: functionBind.call(function () {
+                args = Array.prototype.slice.call(arguments);
+                context = this;
+            }, boundContext, 1, 2, 3)
+        };
+        namespace.func(4, 5, 6);
+        st.equal(context, boundContext, 'binds a context properly');
+        st.deepEqual(args, [1, 2, 3, 4, 5, 6], 'supplies bound and passed arguments');
+        st.end();
+    });
+
+    t.test('returns properly', function (st) {
+        var boundContext = {};
+        var args;
+        var namespace = {
+            func: functionBind.call(function () {
+                args = Array.prototype.slice.call(arguments);
+                return this;
+            }, boundContext)
+        };
+        var context = namespace.func(1, 2, 3);
+        st.equal(context, boundContext, 'returned context is bound context');
+        st.notEqual(context, getCurrentContext.call(), 'returned context is not lexical context');
+        st.deepEqual(args, [1, 2, 3], 'passed arguments are correct');
+        st.end();
+    });
+
+    t.test('returns properly with bound arguments', function (st) {
+        var boundContext = {};
+        var args;
+        var namespace = {
+            func: functionBind.call(function () {
+                args = Array.prototype.slice.call(arguments);
+                return this;
+            }, boundContext, 1, 2, 3)
+        };
+        var context = namespace.func(4, 5, 6);
+        st.equal(context, boundContext, 'returned context is bound context');
+        st.notEqual(context, getCurrentContext.call(), 'returned context is not lexical context');
+        st.deepEqual(args, [1, 2, 3, 4, 5, 6], 'passed arguments are correct');
+        st.end();
+    });
+
+    t.test('passes the correct arguments when called as a constructor', function (st) {
+        var expected = { name: 'Correct' };
+        var namespace = {
+            Func: functionBind.call(function (arg) {
+                return arg;
+            }, { name: 'Incorrect' })
+        };
+        var returned = new namespace.Func(expected);
+        st.equal(returned, expected, 'returns the right arg when called as a constructor');
+        st.end();
+    });
+
+    t.test('has the new instance\'s context when called as a constructor', function (st) {
+        var actualContext;
+        var expectedContext = { foo: 'bar' };
+        var namespace = {
+            Func: functionBind.call(function () {
+                actualContext = this;
+            }, expectedContext)
+        };
+        var result = new namespace.Func();
+        st.equal(result instanceof namespace.Func, true);
+        st.notEqual(actualContext, expectedContext);
+        st.end();
+    });
+
+    t.end();
+});
+
+test('bound function length', function (t) {
+    t.test('sets a correct length without thisArg', function (st) {
+        var subject = functionBind.call(function (a, b, c) { return a + b + c; });
+        st.equal(subject.length, 3);
+        st.equal(subject(1, 2, 3), 6);
+        st.end();
+    });
+
+    t.test('sets a correct length with thisArg', function (st) {
+        var subject = functionBind.call(function (a, b, c) { return a + b + c; }, {});
+        st.equal(subject.length, 3);
+        st.equal(subject(1, 2, 3), 6);
+        st.end();
+    });
+
+    t.test('sets a correct length without thisArg and first argument', function (st) {
+        var subject = functionBind.call(function (a, b, c) { return a + b + c; }, undefined, 1);
+        st.equal(subject.length, 2);
+        st.equal(subject(2, 3), 6);
+        st.end();
+    });
+
+    t.test('sets a correct length with thisArg and first argument', function (st) {
+        var subject = functionBind.call(function (a, b, c) { return a + b + c; }, {}, 1);
+        st.equal(subject.length, 2);
+        st.equal(subject(2, 3), 6);
+        st.end();
+    });
+
+    t.test('sets a correct length without thisArg and too many arguments', function (st) {
+        var subject = functionBind.call(function (a, b, c) { return a + b + c; }, undefined, 1, 2, 3, 4);
+        st.equal(subject.length, 0);
+        st.equal(subject(), 6);
+        st.end();
+    });
+
+    t.test('sets a correct length with thisArg and too many arguments', function (st) {
+        var subject = functionBind.call(function (a, b, c) { return a + b + c; }, {}, 1, 2, 3, 4);
+        st.equal(subject.length, 0);
+        st.equal(subject(), 6);
+        st.end();
+    });
+});
diff --git a/src/Servers/ExpressServer/node_modules/get-intrinsic/.eslintrc b/src/Servers/ExpressServer/node_modules/get-intrinsic/.eslintrc
new file mode 100644
index 0000000..235fb79
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/get-intrinsic/.eslintrc
@@ -0,0 +1,42 @@
+{
+	"root": true,
+
+	"extends": "@ljharb",
+
+	"env": {
+		"es6": true,
+		"es2017": true,
+		"es2020": true,
+		"es2021": true,
+		"es2022": true,
+	},
+
+	"globals": {
+		"Float16Array": false,
+	},
+
+	"rules": {
+		"array-bracket-newline": 0,
+		"complexity": 0,
+		"eqeqeq": [2, "allow-null"],
+		"func-name-matching": 0,
+		"id-length": 0,
+		"max-lines": 0,
+		"max-lines-per-function": [2, 90],
+		"max-params": [2, 4],
+		"max-statements": 0,
+		"max-statements-per-line": [2, { "max": 2 }],
+		"multiline-comment-style": 0,
+		"no-magic-numbers": 0,
+		"sort-keys": 0,
+	},
+
+	"overrides": [
+		{
+			"files": "test/**",
+			"rules": {
+				"new-cap": 0,
+			},
+		},
+	],
+}
diff --git a/src/Servers/ExpressServer/node_modules/get-intrinsic/.github/FUNDING.yml b/src/Servers/ExpressServer/node_modules/get-intrinsic/.github/FUNDING.yml
new file mode 100644
index 0000000..8e8da0d
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/get-intrinsic/.github/FUNDING.yml
@@ -0,0 +1,12 @@
+# These are supported funding model platforms
+
+github: [ljharb]
+patreon: # Replace with a single Patreon username
+open_collective: # Replace with a single Open Collective username
+ko_fi: # Replace with a single Ko-fi username
+tidelift: npm/get-intrinsic
+community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
+liberapay: # Replace with a single Liberapay username
+issuehunt: # Replace with a single IssueHunt username
+otechie: # Replace with a single Otechie username
+custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']
diff --git a/src/Servers/ExpressServer/node_modules/get-intrinsic/.nycrc b/src/Servers/ExpressServer/node_modules/get-intrinsic/.nycrc
new file mode 100644
index 0000000..bdd626c
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/get-intrinsic/.nycrc
@@ -0,0 +1,9 @@
+{
+	"all": true,
+	"check-coverage": false,
+	"reporter": ["text-summary", "text", "html", "json"],
+	"exclude": [
+		"coverage",
+		"test"
+	]
+}
diff --git a/src/Servers/ExpressServer/node_modules/get-intrinsic/CHANGELOG.md b/src/Servers/ExpressServer/node_modules/get-intrinsic/CHANGELOG.md
new file mode 100644
index 0000000..ce1dd98
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/get-intrinsic/CHANGELOG.md
@@ -0,0 +1,186 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [v1.3.0](https://github.com/ljharb/get-intrinsic/compare/v1.2.7...v1.3.0) - 2025-02-22
+
+### Commits
+
+- [Dev Deps] update `es-abstract`, `es-value-fixtures`, `for-each`, `object-inspect` [`9b61553`](https://github.com/ljharb/get-intrinsic/commit/9b61553c587f1c1edbd435597e88c7d387da97dd)
+- [Deps] update `call-bind-apply-helpers`, `es-object-atoms`, `get-proto` [`a341fee`](https://github.com/ljharb/get-intrinsic/commit/a341fee0f39a403b0f0069e82c97642d5eb11043)
+- [New] add `Float16Array` [`de22116`](https://github.com/ljharb/get-intrinsic/commit/de22116b492fb989a0341bceb6e573abfaed73dc)
+
+## [v1.2.7](https://github.com/ljharb/get-intrinsic/compare/v1.2.6...v1.2.7) - 2025-01-02
+
+### Commits
+
+- [Refactor] use `get-proto` directly [`00ab955`](https://github.com/ljharb/get-intrinsic/commit/00ab95546a0980c8ad42a84253daaa8d2adcedf9)
+- [Deps] update `math-intrinsics` [`c716cdd`](https://github.com/ljharb/get-intrinsic/commit/c716cdd6bbe36b438057025561b8bb5a879ac8a0)
+- [Dev Deps] update `call-bound`, `es-abstract` [`dc648a6`](https://github.com/ljharb/get-intrinsic/commit/dc648a67eb359037dff8d8619bfa71d86debccb1)
+
+## [v1.2.6](https://github.com/ljharb/get-intrinsic/compare/v1.2.5...v1.2.6) - 2024-12-11
+
+### Commits
+
+- [Refactor] use `math-intrinsics` [`841be86`](https://github.com/ljharb/get-intrinsic/commit/841be8641a9254c4c75483b30c8871b5d5065926)
+- [Refactor] use `es-object-atoms` [`42057df`](https://github.com/ljharb/get-intrinsic/commit/42057dfa16f66f64787e66482af381cc6f31d2c1)
+- [Deps] update `call-bind-apply-helpers` [`45afa24`](https://github.com/ljharb/get-intrinsic/commit/45afa24a9ee4d6d3c172db1f555b16cb27843ef4)
+- [Dev Deps] update `call-bound` [`9cba9c6`](https://github.com/ljharb/get-intrinsic/commit/9cba9c6e70212bc163b7a5529cb25df46071646f)
+
+## [v1.2.5](https://github.com/ljharb/get-intrinsic/compare/v1.2.4...v1.2.5) - 2024-12-06
+
+### Commits
+
+- [actions] split out node 10-20, and 20+ [`6e2b9dd`](https://github.com/ljharb/get-intrinsic/commit/6e2b9dd23902665681ebe453256ccfe21d7966f0)
+- [Refactor] use `dunder-proto` and `call-bind-apply-helpers` instead of `has-proto` [`c095d17`](https://github.com/ljharb/get-intrinsic/commit/c095d179ad0f4fbfff20c8a3e0cb4fe668018998)
+- [Refactor] use `gopd` [`9841d5b`](https://github.com/ljharb/get-intrinsic/commit/9841d5b35f7ab4fd2d193f0c741a50a077920e90)
+- [Dev Deps] update `@ljharb/eslint-config`, `auto-changelog`, `es-abstract`, `es-value-fixtures`, `gopd`, `mock-property`, `object-inspect`, `tape` [`2d07e01`](https://github.com/ljharb/get-intrinsic/commit/2d07e01310cee2cbaedfead6903df128b1f5d425)
+- [Deps] update `gopd`, `has-proto`, `has-symbols`, `hasown` [`974d8bf`](https://github.com/ljharb/get-intrinsic/commit/974d8bf5baad7939eef35c25cc1dd88c10a30fa6)
+- [Dev Deps] update `call-bind`, `es-abstract`, `tape` [`df9dde1`](https://github.com/ljharb/get-intrinsic/commit/df9dde178186631ab8a3165ede056549918ce4bc)
+- [Refactor] cache `es-define-property` as well [`43ef543`](https://github.com/ljharb/get-intrinsic/commit/43ef543cb02194401420e3a914a4ca9168691926)
+- [Deps] update `has-proto`, `has-symbols`, `hasown` [`ad4949d`](https://github.com/ljharb/get-intrinsic/commit/ad4949d5467316505aad89bf75f9417ed782f7af)
+- [Tests] use `call-bound` directly [`ad5c406`](https://github.com/ljharb/get-intrinsic/commit/ad5c4069774bfe90e520a35eead5fe5ca9d69e80)
+- [Deps] update `has-proto`, `hasown` [`45414ca`](https://github.com/ljharb/get-intrinsic/commit/45414caa312333a2798953682c68f85c550627dd)
+- [Tests] replace `aud` with `npm audit` [`18d3509`](https://github.com/ljharb/get-intrinsic/commit/18d3509f79460e7924da70409ee81e5053087523)
+- [Deps] update `es-define-property` [`aadaa3b`](https://github.com/ljharb/get-intrinsic/commit/aadaa3b2188d77ad9bff394ce5d4249c49eb21f5)
+- [Dev Deps] add missing peer dep [`c296a16`](https://github.com/ljharb/get-intrinsic/commit/c296a16246d0c9a5981944f4cc5cf61fbda0cf6a)
+
+## [v1.2.4](https://github.com/ljharb/get-intrinsic/compare/v1.2.3...v1.2.4) - 2024-02-05
+
+### Commits
+
+- [Refactor] use all 7 &lt;+ ES6 Errors from `es-errors` [`bcac811`](https://github.com/ljharb/get-intrinsic/commit/bcac811abdc1c982e12abf848a410d6aae148d14)
+
+## [v1.2.3](https://github.com/ljharb/get-intrinsic/compare/v1.2.2...v1.2.3) - 2024-02-03
+
+### Commits
+
+- [Refactor] use `es-errors`, so things that only need those do not need `get-intrinsic` [`f11db9c`](https://github.com/ljharb/get-intrinsic/commit/f11db9c4fb97d87bbd53d3c73ac6b3db3613ad3b)
+- [Dev Deps] update `aud`, `es-abstract`, `mock-property`, `npmignore` [`b7ac7d1`](https://github.com/ljharb/get-intrinsic/commit/b7ac7d1616fefb03877b1aed0c8f8d61aad32b6c)
+- [meta] simplify `exports` [`faa0cc6`](https://github.com/ljharb/get-intrinsic/commit/faa0cc618e2830ffb51a8202490b0c215d965cbc)
+- [meta] add missing `engines.node` [`774dd0b`](https://github.com/ljharb/get-intrinsic/commit/774dd0b3e8f741c3f05a6322d124d6087f146af1)
+- [Dev Deps] update `tape` [`5828e8e`](https://github.com/ljharb/get-intrinsic/commit/5828e8e4a04e69312e87a36c0ea39428a7a4c3d8)
+- [Robustness] use null objects for lookups [`eb9a11f`](https://github.com/ljharb/get-intrinsic/commit/eb9a11fa9eb3e13b193fcc05a7fb814341b1a7b7)
+- [meta] add `sideEffects` flag [`89bcc7a`](https://github.com/ljharb/get-intrinsic/commit/89bcc7a42e19bf07b7c21e3094d5ab177109e6d2)
+
+## [v1.2.2](https://github.com/ljharb/get-intrinsic/compare/v1.2.1...v1.2.2) - 2023-10-20
+
+### Commits
+
+- [Dev Deps] update `@ljharb/eslint-config`, `aud`, `call-bind`, `es-abstract`, `mock-property`, `object-inspect`, `tape` [`f51bcf2`](https://github.com/ljharb/get-intrinsic/commit/f51bcf26412d58d17ce17c91c9afd0ad271f0762)
+- [Refactor] use `hasown` instead of `has` [`18d14b7`](https://github.com/ljharb/get-intrinsic/commit/18d14b799bea6b5765e1cec91890830cbcdb0587)
+- [Deps] update `function-bind` [`6e109c8`](https://github.com/ljharb/get-intrinsic/commit/6e109c81e03804cc5e7824fb64353cdc3d8ee2c7)
+
+## [v1.2.1](https://github.com/ljharb/get-intrinsic/compare/v1.2.0...v1.2.1) - 2023-05-13
+
+### Commits
+
+- [Fix] avoid a crash in envs without `__proto__` [`7bad8d0`](https://github.com/ljharb/get-intrinsic/commit/7bad8d061bf8721733b58b73a2565af2b6756b64)
+- [Dev Deps] update `es-abstract` [`c60e6b7`](https://github.com/ljharb/get-intrinsic/commit/c60e6b7b4cf9660c7f27ed970970fd55fac48dc5)
+
+## [v1.2.0](https://github.com/ljharb/get-intrinsic/compare/v1.1.3...v1.2.0) - 2023-01-19
+
+### Commits
+
+- [actions] update checkout action [`ca6b12f`](https://github.com/ljharb/get-intrinsic/commit/ca6b12f31eaacea4ea3b055e744cd61623385ffb)
+- [Dev Deps] update `@ljharb/eslint-config`, `es-abstract`, `object-inspect`, `tape` [`41a3727`](https://github.com/ljharb/get-intrinsic/commit/41a3727d0026fa04273ae216a5f8e12eefd72da8)
+- [Fix] ensure `Error.prototype` is undeniable [`c511e97`](https://github.com/ljharb/get-intrinsic/commit/c511e97ae99c764c4524b540dee7a70757af8da3)
+- [Dev Deps] update `aud`, `es-abstract`, `tape` [`1bef8a8`](https://github.com/ljharb/get-intrinsic/commit/1bef8a8fd439ebb80863199b6189199e0851ac67)
+- [Dev Deps] update `aud`, `es-abstract` [`0d41f16`](https://github.com/ljharb/get-intrinsic/commit/0d41f16bcd500bc28b7bfc98043ebf61ea081c26)
+- [New] add `BigInt64Array` and `BigUint64Array` [`a6cca25`](https://github.com/ljharb/get-intrinsic/commit/a6cca25f29635889b7e9bd669baf9e04be90e48c)
+- [Tests] use `gopd` [`ecf7722`](https://github.com/ljharb/get-intrinsic/commit/ecf7722240d15cfd16edda06acf63359c10fb9bd)
+
+## [v1.1.3](https://github.com/ljharb/get-intrinsic/compare/v1.1.2...v1.1.3) - 2022-09-12
+
+### Commits
+
+- [Dev Deps] update `es-abstract`, `es-value-fixtures`, `tape` [`07ff291`](https://github.com/ljharb/get-intrinsic/commit/07ff291816406ebe5a12d7f16965bde0942dd688)
+- [Fix] properly check for % signs [`50ac176`](https://github.com/ljharb/get-intrinsic/commit/50ac1760fe99c227e64eabde76e9c0e44cd881b5)
+
+## [v1.1.2](https://github.com/ljharb/get-intrinsic/compare/v1.1.1...v1.1.2) - 2022-06-08
+
+### Fixed
+
+- [Fix] properly validate against extra % signs [`#16`](https://github.com/ljharb/get-intrinsic/issues/16)
+
+### Commits
+
+- [actions] reuse common workflows [`0972547`](https://github.com/ljharb/get-intrinsic/commit/0972547efd0abc863fe4c445a6ca7eb4f8c6901d)
+- [meta] use `npmignore` to autogenerate an npmignore file [`5ba0b51`](https://github.com/ljharb/get-intrinsic/commit/5ba0b51d8d8d4f1c31d426d74abc0770fd106bad)
+- [actions] use `node/install` instead of `node/run`; use `codecov` action [`c364492`](https://github.com/ljharb/get-intrinsic/commit/c364492af4af51333e6f81c0bf21fd3d602c3661)
+- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `aud`, `auto-changelog`, `es-abstract`, `object-inspect`, `tape` [`dc04dad`](https://github.com/ljharb/get-intrinsic/commit/dc04dad86f6e5608775a2640cb0db5927ae29ed9)
+- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `es-abstract`, `object-inspect`, `safe-publish-latest`, `tape` [`1c14059`](https://github.com/ljharb/get-intrinsic/commit/1c1405984e86dd2dc9366c15d8a0294a96a146a5)
+- [Tests] use `mock-property` [`b396ef0`](https://github.com/ljharb/get-intrinsic/commit/b396ef05bb73b1d699811abd64b0d9b97997fdda)
+- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `aud`, `auto-changelog`, `object-inspect`, `tape` [`c2c758d`](https://github.com/ljharb/get-intrinsic/commit/c2c758d3b90af4fef0a76910d8d3c292ec8d1d3e)
+- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `aud`, `es-abstract`, `es-value-fixtures`, `object-inspect`, `tape` [`29e3c09`](https://github.com/ljharb/get-intrinsic/commit/29e3c091c2bf3e17099969847e8729d0e46896de)
+- [actions] update codecov uploader [`8cbc141`](https://github.com/ljharb/get-intrinsic/commit/8cbc1418940d7a8941f3a7985cbc4ac095c5e13d)
+- [Dev Deps] update `@ljharb/eslint-config`, `es-abstract`, `es-value-fixtures`, `object-inspect`, `tape` [`10b6f5c`](https://github.com/ljharb/get-intrinsic/commit/10b6f5c02593fb3680c581d696ac124e30652932)
+- [readme] add github actions/codecov badges [`4e25400`](https://github.com/ljharb/get-intrinsic/commit/4e25400d9f51ae9eb059cbe22d9144e70ea214e8)
+- [Tests] use `for-each` instead of `foreach` [`c05b957`](https://github.com/ljharb/get-intrinsic/commit/c05b957ad9a7bc7721af7cc9e9be1edbfe057496)
+- [Dev Deps] update `es-abstract` [`29b05ae`](https://github.com/ljharb/get-intrinsic/commit/29b05aec3e7330e9ad0b8e0f685a9112c20cdd97)
+- [meta] use `prepublishOnly` script for npm 7+ [`95c285d`](https://github.com/ljharb/get-intrinsic/commit/95c285da810516057d3bbfa871176031af38f05d)
+- [Deps] update `has-symbols` [`593cb4f`](https://github.com/ljharb/get-intrinsic/commit/593cb4fb38e7922e40e42c183f45274b636424cd)
+- [readme] fix repo URLs [`1c8305b`](https://github.com/ljharb/get-intrinsic/commit/1c8305b5365827c9b6fc785434aac0e1328ff2f5)
+- [Deps] update `has-symbols` [`c7138b6`](https://github.com/ljharb/get-intrinsic/commit/c7138b6c6d73132d859471fb8c13304e1e7c8b20)
+- [Dev Deps] remove unused `has-bigints` [`bd63aff`](https://github.com/ljharb/get-intrinsic/commit/bd63aff6ad8f3a986c557fcda2914187bdaab359)
+
+## [v1.1.1](https://github.com/ljharb/get-intrinsic/compare/v1.1.0...v1.1.1) - 2021-02-03
+
+### Fixed
+
+- [meta] export `./package.json` [`#9`](https://github.com/ljharb/get-intrinsic/issues/9)
+
+### Commits
+
+- [readme] flesh out the readme; use `evalmd` [`d12f12c`](https://github.com/ljharb/get-intrinsic/commit/d12f12c15345a0a0772cc65a7c64369529abd614)
+- [eslint] set up proper globals config [`5a8c098`](https://github.com/ljharb/get-intrinsic/commit/5a8c0984e3319d1ac0e64b102f8ec18b64e79f36)
+- [Dev Deps] update `eslint` [`7b9a5c0`](https://github.com/ljharb/get-intrinsic/commit/7b9a5c0d31a90ca1a1234181c74988fb046701cd)
+
+## [v1.1.0](https://github.com/ljharb/get-intrinsic/compare/v1.0.2...v1.1.0) - 2021-01-25
+
+### Fixed
+
+- [Refactor] delay `Function` eval until syntax-derived values are requested [`#3`](https://github.com/ljharb/get-intrinsic/issues/3)
+
+### Commits
+
+- [Tests] migrate tests to Github Actions [`2ab762b`](https://github.com/ljharb/get-intrinsic/commit/2ab762b48164aea8af37a40ba105bbc8246ab8c4)
+- [meta] do not publish github action workflow files [`5e7108e`](https://github.com/ljharb/get-intrinsic/commit/5e7108e4768b244d48d9567ba4f8a6cab9c65b8e)
+- [Tests] add some coverage [`01ac7a8`](https://github.com/ljharb/get-intrinsic/commit/01ac7a87ac29738567e8524cd8c9e026b1fa8cb3)
+- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `call-bind`, `es-abstract`, `tape`; add `call-bind` [`911b672`](https://github.com/ljharb/get-intrinsic/commit/911b672fbffae433a96924c6ce013585e425f4b7)
+- [Refactor] rearrange evalled constructors a bit [`7e7e4bf`](https://github.com/ljharb/get-intrinsic/commit/7e7e4bf583f3799c8ac1c6c5e10d2cb553957347)
+- [meta] add Automatic Rebase and Require Allow Edits workflows [`0199968`](https://github.com/ljharb/get-intrinsic/commit/01999687a263ffce0a3cb011dfbcb761754aedbc)
+
+## [v1.0.2](https://github.com/ljharb/get-intrinsic/compare/v1.0.1...v1.0.2) - 2020-12-17
+
+### Commits
+
+- [Fix] Throw for non‑existent intrinsics [`68f873b`](https://github.com/ljharb/get-intrinsic/commit/68f873b013c732a05ad6f5fc54f697e55515461b)
+- [Fix] Throw for non‑existent segments in the intrinsic path [`8325dee`](https://github.com/ljharb/get-intrinsic/commit/8325deee43128f3654d3399aa9591741ebe17b21)
+- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `aud`, `has-bigints`, `object-inspect` [`0c227a7`](https://github.com/ljharb/get-intrinsic/commit/0c227a7d8b629166f25715fd242553892e458525)
+- [meta] do not lint coverage output [`70d2419`](https://github.com/ljharb/get-intrinsic/commit/70d24199b620043cd9110fc5f426d214ebe21dc9)
+
+## [v1.0.1](https://github.com/ljharb/get-intrinsic/compare/v1.0.0...v1.0.1) - 2020-10-30
+
+### Commits
+
+- [Tests] gather coverage data on every job [`d1d280d`](https://github.com/ljharb/get-intrinsic/commit/d1d280dec714e3f0519cc877dbcb193057d9cac6)
+- [Fix] add missing dependencies [`5031771`](https://github.com/ljharb/get-intrinsic/commit/5031771bb1095b38be88ce7c41d5de88718e432e)
+- [Tests] use `es-value-fixtures` [`af48765`](https://github.com/ljharb/get-intrinsic/commit/af48765a23c5323fb0b6b38dbf00eb5099c7bebc)
+
+## v1.0.0 - 2020-10-29
+
+### Commits
+
+- Implementation [`bbce57c`](https://github.com/ljharb/get-intrinsic/commit/bbce57c6f33d05b2d8d3efa273ceeb3ee01127bb)
+- Tests [`17b4f0d`](https://github.com/ljharb/get-intrinsic/commit/17b4f0d56dea6b4059b56fc30ef3ee4d9500ebc2)
+- Initial commit [`3153294`](https://github.com/ljharb/get-intrinsic/commit/31532948de363b0a27dd9fd4649e7b7028ec4b44)
+- npm init [`fb326c4`](https://github.com/ljharb/get-intrinsic/commit/fb326c4d2817c8419ec31de1295f06bb268a7902)
+- [meta] add Automatic Rebase and Require Allow Edits workflows [`48862fb`](https://github.com/ljharb/get-intrinsic/commit/48862fb2508c8f6a57968e6d08b7c883afc9d550)
+- [meta] add `auto-changelog` [`5f28ad0`](https://github.com/ljharb/get-intrinsic/commit/5f28ad019e060a353d8028f9f2591a9cc93074a1)
+- [meta] add "funding"; create `FUNDING.yml` [`c2bbdde`](https://github.com/ljharb/get-intrinsic/commit/c2bbddeba73a875be61484ee4680b129a6d4e0a1)
+- [Tests] add `npm run lint` [`0a84b98`](https://github.com/ljharb/get-intrinsic/commit/0a84b98b22b7cf7a748666f705b0003a493c35fd)
+- Only apps should have lockfiles [`9586c75`](https://github.com/ljharb/get-intrinsic/commit/9586c75866c1ee678e4d5d4dbbdef6997e511b05)
diff --git a/src/Servers/ExpressServer/node_modules/get-intrinsic/LICENSE b/src/Servers/ExpressServer/node_modules/get-intrinsic/LICENSE
new file mode 100644
index 0000000..48f05d0
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/get-intrinsic/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2020 Jordan Harband
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/get-intrinsic/README.md b/src/Servers/ExpressServer/node_modules/get-intrinsic/README.md
new file mode 100644
index 0000000..3aa0bba
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/get-intrinsic/README.md
@@ -0,0 +1,71 @@
+# get-intrinsic <sup>[![Version Badge][npm-version-svg]][package-url]</sup>
+
+[![github actions][actions-image]][actions-url]
+[![coverage][codecov-image]][codecov-url]
+[![dependency status][deps-svg]][deps-url]
+[![dev dependency status][dev-deps-svg]][dev-deps-url]
+[![License][license-image]][license-url]
+[![Downloads][downloads-image]][downloads-url]
+
+[![npm badge][npm-badge-png]][package-url]
+
+Get and robustly cache all JS language-level intrinsics at first require time.
+
+See the syntax described [in the JS spec](https://tc39.es/ecma262/#sec-well-known-intrinsic-objects) for reference.
+
+## Example
+
+```js
+var GetIntrinsic = require('get-intrinsic');
+var assert = require('assert');
+
+// static methods
+assert.equal(GetIntrinsic('%Math.pow%'), Math.pow);
+assert.equal(Math.pow(2, 3), 8);
+assert.equal(GetIntrinsic('%Math.pow%')(2, 3), 8);
+delete Math.pow;
+assert.equal(GetIntrinsic('%Math.pow%')(2, 3), 8);
+
+// instance methods
+var arr = [1];
+assert.equal(GetIntrinsic('%Array.prototype.push%'), Array.prototype.push);
+assert.deepEqual(arr, [1]);
+
+arr.push(2);
+assert.deepEqual(arr, [1, 2]);
+
+GetIntrinsic('%Array.prototype.push%').call(arr, 3);
+assert.deepEqual(arr, [1, 2, 3]);
+
+delete Array.prototype.push;
+GetIntrinsic('%Array.prototype.push%').call(arr, 4);
+assert.deepEqual(arr, [1, 2, 3, 4]);
+
+// missing features
+delete JSON.parse; // to simulate a real intrinsic that is missing in the environment
+assert.throws(() => GetIntrinsic('%JSON.parse%'));
+assert.equal(undefined, GetIntrinsic('%JSON.parse%', true));
+```
+
+## Tests
+Simply clone the repo, `npm install`, and run `npm test`
+
+## Security
+
+Please email [@ljharb](https://github.com/ljharb) or see https://tidelift.com/security if you have a potential security vulnerability to report.
+
+[package-url]: https://npmjs.org/package/get-intrinsic
+[npm-version-svg]: https://versionbadg.es/ljharb/get-intrinsic.svg
+[deps-svg]: https://david-dm.org/ljharb/get-intrinsic.svg
+[deps-url]: https://david-dm.org/ljharb/get-intrinsic
+[dev-deps-svg]: https://david-dm.org/ljharb/get-intrinsic/dev-status.svg
+[dev-deps-url]: https://david-dm.org/ljharb/get-intrinsic#info=devDependencies
+[npm-badge-png]: https://nodei.co/npm/get-intrinsic.png?downloads=true&stars=true
+[license-image]: https://img.shields.io/npm/l/get-intrinsic.svg
+[license-url]: LICENSE
+[downloads-image]: https://img.shields.io/npm/dm/get-intrinsic.svg
+[downloads-url]: https://npm-stat.com/charts.html?package=get-intrinsic
+[codecov-image]: https://codecov.io/gh/ljharb/get-intrinsic/branch/main/graphs/badge.svg
+[codecov-url]: https://app.codecov.io/gh/ljharb/get-intrinsic/
+[actions-image]: https://img.shields.io/endpoint?url=https://github-actions-badge-u3jn4tfpocch.runkit.sh/ljharb/get-intrinsic
+[actions-url]: https://github.com/ljharb/get-intrinsic/actions
diff --git a/src/Servers/ExpressServer/node_modules/get-intrinsic/index.js b/src/Servers/ExpressServer/node_modules/get-intrinsic/index.js
new file mode 100644
index 0000000..bd1d94b
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/get-intrinsic/index.js
@@ -0,0 +1,378 @@
+'use strict';
+
+var undefined;
+
+var $Object = require('es-object-atoms');
+
+var $Error = require('es-errors');
+var $EvalError = require('es-errors/eval');
+var $RangeError = require('es-errors/range');
+var $ReferenceError = require('es-errors/ref');
+var $SyntaxError = require('es-errors/syntax');
+var $TypeError = require('es-errors/type');
+var $URIError = require('es-errors/uri');
+
+var abs = require('math-intrinsics/abs');
+var floor = require('math-intrinsics/floor');
+var max = require('math-intrinsics/max');
+var min = require('math-intrinsics/min');
+var pow = require('math-intrinsics/pow');
+var round = require('math-intrinsics/round');
+var sign = require('math-intrinsics/sign');
+
+var $Function = Function;
+
+// eslint-disable-next-line consistent-return
+var getEvalledConstructor = function (expressionSyntax) {
+	try {
+		return $Function('"use strict"; return (' + expressionSyntax + ').constructor;')();
+	} catch (e) {}
+};
+
+var $gOPD = require('gopd');
+var $defineProperty = require('es-define-property');
+
+var throwTypeError = function () {
+	throw new $TypeError();
+};
+var ThrowTypeError = $gOPD
+	? (function () {
+		try {
+			// eslint-disable-next-line no-unused-expressions, no-caller, no-restricted-properties
+			arguments.callee; // IE 8 does not throw here
+			return throwTypeError;
+		} catch (calleeThrows) {
+			try {
+				// IE 8 throws on Object.getOwnPropertyDescriptor(arguments, '')
+				return $gOPD(arguments, 'callee').get;
+			} catch (gOPDthrows) {
+				return throwTypeError;
+			}
+		}
+	}())
+	: throwTypeError;
+
+var hasSymbols = require('has-symbols')();
+
+var getProto = require('get-proto');
+var $ObjectGPO = require('get-proto/Object.getPrototypeOf');
+var $ReflectGPO = require('get-proto/Reflect.getPrototypeOf');
+
+var $apply = require('call-bind-apply-helpers/functionApply');
+var $call = require('call-bind-apply-helpers/functionCall');
+
+var needsEval = {};
+
+var TypedArray = typeof Uint8Array === 'undefined' || !getProto ? undefined : getProto(Uint8Array);
+
+var INTRINSICS = {
+	__proto__: null,
+	'%AggregateError%': typeof AggregateError === 'undefined' ? undefined : AggregateError,
+	'%Array%': Array,
+	'%ArrayBuffer%': typeof ArrayBuffer === 'undefined' ? undefined : ArrayBuffer,
+	'%ArrayIteratorPrototype%': hasSymbols && getProto ? getProto([][Symbol.iterator]()) : undefined,
+	'%AsyncFromSyncIteratorPrototype%': undefined,
+	'%AsyncFunction%': needsEval,
+	'%AsyncGenerator%': needsEval,
+	'%AsyncGeneratorFunction%': needsEval,
+	'%AsyncIteratorPrototype%': needsEval,
+	'%Atomics%': typeof Atomics === 'undefined' ? undefined : Atomics,
+	'%BigInt%': typeof BigInt === 'undefined' ? undefined : BigInt,
+	'%BigInt64Array%': typeof BigInt64Array === 'undefined' ? undefined : BigInt64Array,
+	'%BigUint64Array%': typeof BigUint64Array === 'undefined' ? undefined : BigUint64Array,
+	'%Boolean%': Boolean,
+	'%DataView%': typeof DataView === 'undefined' ? undefined : DataView,
+	'%Date%': Date,
+	'%decodeURI%': decodeURI,
+	'%decodeURIComponent%': decodeURIComponent,
+	'%encodeURI%': encodeURI,
+	'%encodeURIComponent%': encodeURIComponent,
+	'%Error%': $Error,
+	'%eval%': eval, // eslint-disable-line no-eval
+	'%EvalError%': $EvalError,
+	'%Float16Array%': typeof Float16Array === 'undefined' ? undefined : Float16Array,
+	'%Float32Array%': typeof Float32Array === 'undefined' ? undefined : Float32Array,
+	'%Float64Array%': typeof Float64Array === 'undefined' ? undefined : Float64Array,
+	'%FinalizationRegistry%': typeof FinalizationRegistry === 'undefined' ? undefined : FinalizationRegistry,
+	'%Function%': $Function,
+	'%GeneratorFunction%': needsEval,
+	'%Int8Array%': typeof Int8Array === 'undefined' ? undefined : Int8Array,
+	'%Int16Array%': typeof Int16Array === 'undefined' ? undefined : Int16Array,
+	'%Int32Array%': typeof Int32Array === 'undefined' ? undefined : Int32Array,
+	'%isFinite%': isFinite,
+	'%isNaN%': isNaN,
+	'%IteratorPrototype%': hasSymbols && getProto ? getProto(getProto([][Symbol.iterator]())) : undefined,
+	'%JSON%': typeof JSON === 'object' ? JSON : undefined,
+	'%Map%': typeof Map === 'undefined' ? undefined : Map,
+	'%MapIteratorPrototype%': typeof Map === 'undefined' || !hasSymbols || !getProto ? undefined : getProto(new Map()[Symbol.iterator]()),
+	'%Math%': Math,
+	'%Number%': Number,
+	'%Object%': $Object,
+	'%Object.getOwnPropertyDescriptor%': $gOPD,
+	'%parseFloat%': parseFloat,
+	'%parseInt%': parseInt,
+	'%Promise%': typeof Promise === 'undefined' ? undefined : Promise,
+	'%Proxy%': typeof Proxy === 'undefined' ? undefined : Proxy,
+	'%RangeError%': $RangeError,
+	'%ReferenceError%': $ReferenceError,
+	'%Reflect%': typeof Reflect === 'undefined' ? undefined : Reflect,
+	'%RegExp%': RegExp,
+	'%Set%': typeof Set === 'undefined' ? undefined : Set,
+	'%SetIteratorPrototype%': typeof Set === 'undefined' || !hasSymbols || !getProto ? undefined : getProto(new Set()[Symbol.iterator]()),
+	'%SharedArrayBuffer%': typeof SharedArrayBuffer === 'undefined' ? undefined : SharedArrayBuffer,
+	'%String%': String,
+	'%StringIteratorPrototype%': hasSymbols && getProto ? getProto(''[Symbol.iterator]()) : undefined,
+	'%Symbol%': hasSymbols ? Symbol : undefined,
+	'%SyntaxError%': $SyntaxError,
+	'%ThrowTypeError%': ThrowTypeError,
+	'%TypedArray%': TypedArray,
+	'%TypeError%': $TypeError,
+	'%Uint8Array%': typeof Uint8Array === 'undefined' ? undefined : Uint8Array,
+	'%Uint8ClampedArray%': typeof Uint8ClampedArray === 'undefined' ? undefined : Uint8ClampedArray,
+	'%Uint16Array%': typeof Uint16Array === 'undefined' ? undefined : Uint16Array,
+	'%Uint32Array%': typeof Uint32Array === 'undefined' ? undefined : Uint32Array,
+	'%URIError%': $URIError,
+	'%WeakMap%': typeof WeakMap === 'undefined' ? undefined : WeakMap,
+	'%WeakRef%': typeof WeakRef === 'undefined' ? undefined : WeakRef,
+	'%WeakSet%': typeof WeakSet === 'undefined' ? undefined : WeakSet,
+
+	'%Function.prototype.call%': $call,
+	'%Function.prototype.apply%': $apply,
+	'%Object.defineProperty%': $defineProperty,
+	'%Object.getPrototypeOf%': $ObjectGPO,
+	'%Math.abs%': abs,
+	'%Math.floor%': floor,
+	'%Math.max%': max,
+	'%Math.min%': min,
+	'%Math.pow%': pow,
+	'%Math.round%': round,
+	'%Math.sign%': sign,
+	'%Reflect.getPrototypeOf%': $ReflectGPO
+};
+
+if (getProto) {
+	try {
+		null.error; // eslint-disable-line no-unused-expressions
+	} catch (e) {
+		// https://github.com/tc39/proposal-shadowrealm/pull/384#issuecomment-1364264229
+		var errorProto = getProto(getProto(e));
+		INTRINSICS['%Error.prototype%'] = errorProto;
+	}
+}
+
+var doEval = function doEval(name) {
+	var value;
+	if (name === '%AsyncFunction%') {
+		value = getEvalledConstructor('async function () {}');
+	} else if (name === '%GeneratorFunction%') {
+		value = getEvalledConstructor('function* () {}');
+	} else if (name === '%AsyncGeneratorFunction%') {
+		value = getEvalledConstructor('async function* () {}');
+	} else if (name === '%AsyncGenerator%') {
+		var fn = doEval('%AsyncGeneratorFunction%');
+		if (fn) {
+			value = fn.prototype;
+		}
+	} else if (name === '%AsyncIteratorPrototype%') {
+		var gen = doEval('%AsyncGenerator%');
+		if (gen && getProto) {
+			value = getProto(gen.prototype);
+		}
+	}
+
+	INTRINSICS[name] = value;
+
+	return value;
+};
+
+var LEGACY_ALIASES = {
+	__proto__: null,
+	'%ArrayBufferPrototype%': ['ArrayBuffer', 'prototype'],
+	'%ArrayPrototype%': ['Array', 'prototype'],
+	'%ArrayProto_entries%': ['Array', 'prototype', 'entries'],
+	'%ArrayProto_forEach%': ['Array', 'prototype', 'forEach'],
+	'%ArrayProto_keys%': ['Array', 'prototype', 'keys'],
+	'%ArrayProto_values%': ['Array', 'prototype', 'values'],
+	'%AsyncFunctionPrototype%': ['AsyncFunction', 'prototype'],
+	'%AsyncGenerator%': ['AsyncGeneratorFunction', 'prototype'],
+	'%AsyncGeneratorPrototype%': ['AsyncGeneratorFunction', 'prototype', 'prototype'],
+	'%BooleanPrototype%': ['Boolean', 'prototype'],
+	'%DataViewPrototype%': ['DataView', 'prototype'],
+	'%DatePrototype%': ['Date', 'prototype'],
+	'%ErrorPrototype%': ['Error', 'prototype'],
+	'%EvalErrorPrototype%': ['EvalError', 'prototype'],
+	'%Float32ArrayPrototype%': ['Float32Array', 'prototype'],
+	'%Float64ArrayPrototype%': ['Float64Array', 'prototype'],
+	'%FunctionPrototype%': ['Function', 'prototype'],
+	'%Generator%': ['GeneratorFunction', 'prototype'],
+	'%GeneratorPrototype%': ['GeneratorFunction', 'prototype', 'prototype'],
+	'%Int8ArrayPrototype%': ['Int8Array', 'prototype'],
+	'%Int16ArrayPrototype%': ['Int16Array', 'prototype'],
+	'%Int32ArrayPrototype%': ['Int32Array', 'prototype'],
+	'%JSONParse%': ['JSON', 'parse'],
+	'%JSONStringify%': ['JSON', 'stringify'],
+	'%MapPrototype%': ['Map', 'prototype'],
+	'%NumberPrototype%': ['Number', 'prototype'],
+	'%ObjectPrototype%': ['Object', 'prototype'],
+	'%ObjProto_toString%': ['Object', 'prototype', 'toString'],
+	'%ObjProto_valueOf%': ['Object', 'prototype', 'valueOf'],
+	'%PromisePrototype%': ['Promise', 'prototype'],
+	'%PromiseProto_then%': ['Promise', 'prototype', 'then'],
+	'%Promise_all%': ['Promise', 'all'],
+	'%Promise_reject%': ['Promise', 'reject'],
+	'%Promise_resolve%': ['Promise', 'resolve'],
+	'%RangeErrorPrototype%': ['RangeError', 'prototype'],
+	'%ReferenceErrorPrototype%': ['ReferenceError', 'prototype'],
+	'%RegExpPrototype%': ['RegExp', 'prototype'],
+	'%SetPrototype%': ['Set', 'prototype'],
+	'%SharedArrayBufferPrototype%': ['SharedArrayBuffer', 'prototype'],
+	'%StringPrototype%': ['String', 'prototype'],
+	'%SymbolPrototype%': ['Symbol', 'prototype'],
+	'%SyntaxErrorPrototype%': ['SyntaxError', 'prototype'],
+	'%TypedArrayPrototype%': ['TypedArray', 'prototype'],
+	'%TypeErrorPrototype%': ['TypeError', 'prototype'],
+	'%Uint8ArrayPrototype%': ['Uint8Array', 'prototype'],
+	'%Uint8ClampedArrayPrototype%': ['Uint8ClampedArray', 'prototype'],
+	'%Uint16ArrayPrototype%': ['Uint16Array', 'prototype'],
+	'%Uint32ArrayPrototype%': ['Uint32Array', 'prototype'],
+	'%URIErrorPrototype%': ['URIError', 'prototype'],
+	'%WeakMapPrototype%': ['WeakMap', 'prototype'],
+	'%WeakSetPrototype%': ['WeakSet', 'prototype']
+};
+
+var bind = require('function-bind');
+var hasOwn = require('hasown');
+var $concat = bind.call($call, Array.prototype.concat);
+var $spliceApply = bind.call($apply, Array.prototype.splice);
+var $replace = bind.call($call, String.prototype.replace);
+var $strSlice = bind.call($call, String.prototype.slice);
+var $exec = bind.call($call, RegExp.prototype.exec);
+
+/* adapted from https://github.com/lodash/lodash/blob/4.17.15/dist/lodash.js#L6735-L6744 */
+var rePropName = /[^%.[\]]+|\[(?:(-?\d+(?:\.\d+)?)|(["'])((?:(?!\2)[^\\]|\\.)*?)\2)\]|(?=(?:\.|\[\])(?:\.|\[\]|%$))/g;
+var reEscapeChar = /\\(\\)?/g; /** Used to match backslashes in property paths. */
+var stringToPath = function stringToPath(string) {
+	var first = $strSlice(string, 0, 1);
+	var last = $strSlice(string, -1);
+	if (first === '%' && last !== '%') {
+		throw new $SyntaxError('invalid intrinsic syntax, expected closing `%`');
+	} else if (last === '%' && first !== '%') {
+		throw new $SyntaxError('invalid intrinsic syntax, expected opening `%`');
+	}
+	var result = [];
+	$replace(string, rePropName, function (match, number, quote, subString) {
+		result[result.length] = quote ? $replace(subString, reEscapeChar, '$1') : number || match;
+	});
+	return result;
+};
+/* end adaptation */
+
+var getBaseIntrinsic = function getBaseIntrinsic(name, allowMissing) {
+	var intrinsicName = name;
+	var alias;
+	if (hasOwn(LEGACY_ALIASES, intrinsicName)) {
+		alias = LEGACY_ALIASES[intrinsicName];
+		intrinsicName = '%' + alias[0] + '%';
+	}
+
+	if (hasOwn(INTRINSICS, intrinsicName)) {
+		var value = INTRINSICS[intrinsicName];
+		if (value === needsEval) {
+			value = doEval(intrinsicName);
+		}
+		if (typeof value === 'undefined' && !allowMissing) {
+			throw new $TypeError('intrinsic ' + name + ' exists, but is not available. Please file an issue!');
+		}
+
+		return {
+			alias: alias,
+			name: intrinsicName,
+			value: value
+		};
+	}
+
+	throw new $SyntaxError('intrinsic ' + name + ' does not exist!');
+};
+
+module.exports = function GetIntrinsic(name, allowMissing) {
+	if (typeof name !== 'string' || name.length === 0) {
+		throw new $TypeError('intrinsic name must be a non-empty string');
+	}
+	if (arguments.length > 1 && typeof allowMissing !== 'boolean') {
+		throw new $TypeError('"allowMissing" argument must be a boolean');
+	}
+
+	if ($exec(/^%?[^%]*%?$/, name) === null) {
+		throw new $SyntaxError('`%` may not be present anywhere but at the beginning and end of the intrinsic name');
+	}
+	var parts = stringToPath(name);
+	var intrinsicBaseName = parts.length > 0 ? parts[0] : '';
+
+	var intrinsic = getBaseIntrinsic('%' + intrinsicBaseName + '%', allowMissing);
+	var intrinsicRealName = intrinsic.name;
+	var value = intrinsic.value;
+	var skipFurtherCaching = false;
+
+	var alias = intrinsic.alias;
+	if (alias) {
+		intrinsicBaseName = alias[0];
+		$spliceApply(parts, $concat([0, 1], alias));
+	}
+
+	for (var i = 1, isOwn = true; i < parts.length; i += 1) {
+		var part = parts[i];
+		var first = $strSlice(part, 0, 1);
+		var last = $strSlice(part, -1);
+		if (
+			(
+				(first === '"' || first === "'" || first === '`')
+				|| (last === '"' || last === "'" || last === '`')
+			)
+			&& first !== last
+		) {
+			throw new $SyntaxError('property names with quotes must have matching quotes');
+		}
+		if (part === 'constructor' || !isOwn) {
+			skipFurtherCaching = true;
+		}
+
+		intrinsicBaseName += '.' + part;
+		intrinsicRealName = '%' + intrinsicBaseName + '%';
+
+		if (hasOwn(INTRINSICS, intrinsicRealName)) {
+			value = INTRINSICS[intrinsicRealName];
+		} else if (value != null) {
+			if (!(part in value)) {
+				if (!allowMissing) {
+					throw new $TypeError('base intrinsic for ' + name + ' exists, but the property is not available.');
+				}
+				return void undefined;
+			}
+			if ($gOPD && (i + 1) >= parts.length) {
+				var desc = $gOPD(value, part);
+				isOwn = !!desc;
+
+				// By convention, when a data property is converted to an accessor
+				// property to emulate a data property that does not suffer from
+				// the override mistake, that accessor's getter is marked with
+				// an `originalValue` property. Here, when we detect this, we
+				// uphold the illusion by pretending to see that original data
+				// property, i.e., returning the value rather than the getter
+				// itself.
+				if (isOwn && 'get' in desc && !('originalValue' in desc.get)) {
+					value = desc.get;
+				} else {
+					value = value[part];
+				}
+			} else {
+				isOwn = hasOwn(value, part);
+				value = value[part];
+			}
+
+			if (isOwn && !skipFurtherCaching) {
+				INTRINSICS[intrinsicRealName] = value;
+			}
+		}
+	}
+	return value;
+};
diff --git a/src/Servers/ExpressServer/node_modules/get-intrinsic/package.json b/src/Servers/ExpressServer/node_modules/get-intrinsic/package.json
new file mode 100644
index 0000000..2828e73
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/get-intrinsic/package.json
@@ -0,0 +1,97 @@
+{
+	"name": "get-intrinsic",
+	"version": "1.3.0",
+	"description": "Get and robustly cache all JS language-level intrinsics at first require time",
+	"main": "index.js",
+	"exports": {
+		".": "./index.js",
+		"./package.json": "./package.json"
+	},
+	"sideEffects": false,
+	"scripts": {
+		"prepack": "npmignore --auto --commentLines=autogenerated",
+		"prepublish": "not-in-publish || npm run prepublishOnly",
+		"prepublishOnly": "safe-publish-latest",
+		"prelint": "evalmd README.md",
+		"lint": "eslint --ext=.js,.mjs .",
+		"pretest": "npm run lint",
+		"tests-only": "nyc tape 'test/**/*.js'",
+		"test": "npm run tests-only",
+		"posttest": "npx npm@'>= 10.2' audit --production",
+		"version": "auto-changelog && git add CHANGELOG.md",
+		"postversion": "auto-changelog && git add CHANGELOG.md && git commit --no-edit --amend && git tag -f \"v$(node -e \"console.log(require('./package.json').version)\")\""
+	},
+	"repository": {
+		"type": "git",
+		"url": "git+https://github.com/ljharb/get-intrinsic.git"
+	},
+	"keywords": [
+		"javascript",
+		"ecmascript",
+		"es",
+		"js",
+		"intrinsic",
+		"getintrinsic",
+		"es-abstract"
+	],
+	"author": "Jordan Harband <ljharb@gmail.com>",
+	"funding": {
+		"url": "https://github.com/sponsors/ljharb"
+	},
+	"license": "MIT",
+	"bugs": {
+		"url": "https://github.com/ljharb/get-intrinsic/issues"
+	},
+	"homepage": "https://github.com/ljharb/get-intrinsic#readme",
+	"dependencies": {
+		"call-bind-apply-helpers": "^1.0.2",
+		"es-define-property": "^1.0.1",
+		"es-errors": "^1.3.0",
+		"es-object-atoms": "^1.1.1",
+		"function-bind": "^1.1.2",
+		"get-proto": "^1.0.1",
+		"gopd": "^1.2.0",
+		"has-symbols": "^1.1.0",
+		"hasown": "^2.0.2",
+		"math-intrinsics": "^1.1.0"
+	},
+	"devDependencies": {
+		"@ljharb/eslint-config": "^21.1.1",
+		"auto-changelog": "^2.5.0",
+		"call-bound": "^1.0.3",
+		"encoding": "^0.1.13",
+		"es-abstract": "^1.23.9",
+		"es-value-fixtures": "^1.7.1",
+		"eslint": "=8.8.0",
+		"evalmd": "^0.0.19",
+		"for-each": "^0.3.5",
+		"make-async-function": "^1.0.0",
+		"make-async-generator-function": "^1.0.0",
+		"make-generator-function": "^2.0.0",
+		"mock-property": "^1.1.0",
+		"npmignore": "^0.3.1",
+		"nyc": "^10.3.2",
+		"object-inspect": "^1.13.4",
+		"safe-publish-latest": "^2.0.0",
+		"tape": "^5.9.0"
+	},
+	"auto-changelog": {
+		"output": "CHANGELOG.md",
+		"template": "keepachangelog",
+		"unreleased": false,
+		"commitLimit": false,
+		"backfillLimit": false,
+		"hideCredit": true
+	},
+	"testling": {
+		"files": "test/GetIntrinsic.js"
+	},
+	"publishConfig": {
+		"ignore": [
+			".github/workflows"
+		]
+	},
+	"engines": {
+		"node": ">= 0.4"
+	}
+}
diff --git a/src/Servers/ExpressServer/node_modules/get-intrinsic/test/GetIntrinsic.js b/src/Servers/ExpressServer/node_modules/get-intrinsic/test/GetIntrinsic.js
new file mode 100644
index 0000000..d9c0f30
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/get-intrinsic/test/GetIntrinsic.js
@@ -0,0 +1,274 @@
+'use strict';
+
+var GetIntrinsic = require('../');
+
+var test = require('tape');
+var forEach = require('for-each');
+var debug = require('object-inspect');
+var generatorFns = require('make-generator-function')();
+var asyncFns = require('make-async-function').list();
+var asyncGenFns = require('make-async-generator-function')();
+var mockProperty = require('mock-property');
+
+var callBound = require('call-bound');
+var v = require('es-value-fixtures');
+var $gOPD = require('gopd');
+var DefinePropertyOrThrow = require('es-abstract/2023/DefinePropertyOrThrow');
+
+var $isProto = callBound('%Object.prototype.isPrototypeOf%');
+
+test('export', function (t) {
+	t.equal(typeof GetIntrinsic, 'function', 'it is a function');
+	t.equal(GetIntrinsic.length, 2, 'function has length of 2');
+
+	t.end();
+});
+
+test('throws', function (t) {
+	t['throws'](
+		function () { GetIntrinsic('not an intrinsic'); },
+		SyntaxError,
+		'nonexistent intrinsic throws a syntax error'
+	);
+
+	t['throws'](
+		function () { GetIntrinsic(''); },
+		TypeError,
+		'empty string intrinsic throws a type error'
+	);
+
+	t['throws'](
+		function () { GetIntrinsic('.'); },
+		SyntaxError,
+		'"just a dot" intrinsic throws a syntax error'
+	);
+
+	t['throws'](
+		function () { GetIntrinsic('%String'); },
+		SyntaxError,
+		'Leading % without trailing % throws a syntax error'
+	);
+
+	t['throws'](
+		function () { GetIntrinsic('String%'); },
+		SyntaxError,
+		'Trailing % without leading % throws a syntax error'
+	);
+
+	t['throws'](
+		function () { GetIntrinsic("String['prototype]"); },
+		SyntaxError,
+		'Dynamic property access is disallowed for intrinsics (unterminated string)'
+	);
+
+	t['throws'](
+		function () { GetIntrinsic('%Proxy.prototype.undefined%'); },
+		TypeError,
+		"Throws when middle part doesn't exist (%Proxy.prototype.undefined%)"
+	);
+
+	t['throws'](
+		function () { GetIntrinsic('%Array.prototype%garbage%'); },
+		SyntaxError,
+		'Throws with extra percent signs'
+	);
+
+	t['throws'](
+		function () { GetIntrinsic('%Array.prototype%push%'); },
+		SyntaxError,
+		'Throws with extra percent signs, even on an existing intrinsic'
+	);
+
+	forEach(v.nonStrings, function (nonString) {
+		t['throws'](
+			function () { GetIntrinsic(nonString); },
+			TypeError,
+			debug(nonString) + ' is not a String'
+		);
+	});
+
+	forEach(v.nonBooleans, function (nonBoolean) {
+		t['throws'](
+			function () { GetIntrinsic('%', nonBoolean); },
+			TypeError,
+			debug(nonBoolean) + ' is not a Boolean'
+		);
+	});
+
+	forEach([
+		'toString',
+		'propertyIsEnumerable',
+		'hasOwnProperty'
+	], function (objectProtoMember) {
+		t['throws'](
+			function () { GetIntrinsic(objectProtoMember); },
+			SyntaxError,
+			debug(objectProtoMember) + ' is not an intrinsic'
+		);
+	});
+
+	t.end();
+});
+
+test('base intrinsics', function (t) {
+	t.equal(GetIntrinsic('%Object%'), Object, '%Object% yields Object');
+	t.equal(GetIntrinsic('Object'), Object, 'Object yields Object');
+	t.equal(GetIntrinsic('%Array%'), Array, '%Array% yields Array');
+	t.equal(GetIntrinsic('Array'), Array, 'Array yields Array');
+
+	t.end();
+});
+
+test('dotted paths', function (t) {
+	t.equal(GetIntrinsic('%Object.prototype.toString%'), Object.prototype.toString, '%Object.prototype.toString% yields Object.prototype.toString');
+	t.equal(GetIntrinsic('Object.prototype.toString'), Object.prototype.toString, 'Object.prototype.toString yields Object.prototype.toString');
+	t.equal(GetIntrinsic('%Array.prototype.push%'), Array.prototype.push, '%Array.prototype.push% yields Array.prototype.push');
+	t.equal(GetIntrinsic('Array.prototype.push'), Array.prototype.push, 'Array.prototype.push yields Array.prototype.push');
+
+	test('underscore paths are aliases for dotted paths', { skip: !Object.isFrozen || Object.isFrozen(Object.prototype) }, function (st) {
+		var original = GetIntrinsic('%ObjProto_toString%');
+
+		forEach([
+			'%Object.prototype.toString%',
+			'Object.prototype.toString',
+			'%ObjectPrototype.toString%',
+			'ObjectPrototype.toString',
+			'%ObjProto_toString%',
+			'ObjProto_toString'
+		], function (name) {
+			DefinePropertyOrThrow(Object.prototype, 'toString', {
+				'[[Value]]': function toString() {
+					return original.apply(this, arguments);
+				}
+			});
+			st.equal(GetIntrinsic(name), original, name + ' yields original Object.prototype.toString');
+		});
+
+		DefinePropertyOrThrow(Object.prototype, 'toString', { '[[Value]]': original });
+		st.end();
+	});
+
+	test('dotted paths cache', { skip: !Object.isFrozen || Object.isFrozen(Object.prototype) }, function (st) {
+		var original = GetIntrinsic('%Object.prototype.propertyIsEnumerable%');
+
+		forEach([
+			'%Object.prototype.propertyIsEnumerable%',
+			'Object.prototype.propertyIsEnumerable',
+			'%ObjectPrototype.propertyIsEnumerable%',
+			'ObjectPrototype.propertyIsEnumerable'
+		], function (name) {
+			var restore = mockProperty(Object.prototype, 'propertyIsEnumerable', {
+				value: function propertyIsEnumerable() {
+					return original.apply(this, arguments);
+				}
+			});
+			st.equal(GetIntrinsic(name), original, name + ' yields cached Object.prototype.propertyIsEnumerable');
+
+			restore();
+		});
+
+		st.end();
+	});
+
+	test('dotted path reports correct error', function (st) {
+		st['throws'](function () {
+			GetIntrinsic('%NonExistentIntrinsic.prototype.property%');
+		}, /%NonExistentIntrinsic%/, 'The base intrinsic of %NonExistentIntrinsic.prototype.property% is %NonExistentIntrinsic%');
+
+		st['throws'](function () {
+			GetIntrinsic('%NonExistentIntrinsicPrototype.property%');
+		}, /%NonExistentIntrinsicPrototype%/, 'The base intrinsic of %NonExistentIntrinsicPrototype.property% is %NonExistentIntrinsicPrototype%');
+
+		st.end();
+	});
+
+	t.end();
+});
+
+test('accessors', { skip: !$gOPD || typeof Map !== 'function' }, function (t) {
+	var actual = $gOPD(Map.prototype, 'size');
+	t.ok(actual, 'Map.prototype.size has a descriptor');
+	t.equal(typeof actual.get, 'function', 'Map.prototype.size has a getter function');
+	t.equal(GetIntrinsic('%Map.prototype.size%'), actual.get, '%Map.prototype.size% yields the getter for it');
+	t.equal(GetIntrinsic('Map.prototype.size'), actual.get, 'Map.prototype.size yields the getter for it');
+
+	t.end();
+});
+
+test('generator functions', { skip: !generatorFns.length }, function (t) {
+	var $GeneratorFunction = GetIntrinsic('%GeneratorFunction%');
+	var $GeneratorFunctionPrototype = GetIntrinsic('%Generator%');
+	var $GeneratorPrototype = GetIntrinsic('%GeneratorPrototype%');
+
+	forEach(generatorFns, function (genFn) {
+		var fnName = genFn.name;
+		fnName = fnName ? "'" + fnName + "'" : 'genFn';
+
+		t.ok(genFn instanceof $GeneratorFunction, fnName + ' instanceof %GeneratorFunction%');
+		t.ok($isProto($GeneratorFunctionPrototype, genFn), '%Generator% is prototype of ' + fnName);
+		t.ok($isProto($GeneratorPrototype, genFn.prototype), '%GeneratorPrototype% is prototype of ' + fnName + '.prototype');
+	});
+
+	t.end();
+});
+
+test('async functions', { skip: !asyncFns.length }, function (t) {
+	var $AsyncFunction = GetIntrinsic('%AsyncFunction%');
+	var $AsyncFunctionPrototype = GetIntrinsic('%AsyncFunctionPrototype%');
+
+	forEach(asyncFns, function (asyncFn) {
+		var fnName = asyncFn.name;
+		fnName = fnName ? "'" + fnName + "'" : 'asyncFn';
+
+		t.ok(asyncFn instanceof $AsyncFunction, fnName + ' instanceof %AsyncFunction%');
+		t.ok($isProto($AsyncFunctionPrototype, asyncFn), '%AsyncFunctionPrototype% is prototype of ' + fnName);
+	});
+
+	t.end();
+});
+
+test('async generator functions', { skip: asyncGenFns.length === 0 }, function (t) {
+	var $AsyncGeneratorFunction = GetIntrinsic('%AsyncGeneratorFunction%');
+	var $AsyncGeneratorFunctionPrototype = GetIntrinsic('%AsyncGenerator%');
+	var $AsyncGeneratorPrototype = GetIntrinsic('%AsyncGeneratorPrototype%');
+
+	forEach(asyncGenFns, function (asyncGenFn) {
+		var fnName = asyncGenFn.name;
+		fnName = fnName ? "'" + fnName + "'" : 'asyncGenFn';
+
+		t.ok(asyncGenFn instanceof $AsyncGeneratorFunction, fnName + ' instanceof %AsyncGeneratorFunction%');
+		t.ok($isProto($AsyncGeneratorFunctionPrototype, asyncGenFn), '%AsyncGenerator% is prototype of ' + fnName);
+		t.ok($isProto($AsyncGeneratorPrototype, asyncGenFn.prototype), '%AsyncGeneratorPrototype% is prototype of ' + fnName + '.prototype');
+	});
+
+	t.end();
+});
+
+test('%ThrowTypeError%', function (t) {
+	var $ThrowTypeError = GetIntrinsic('%ThrowTypeError%');
+
+	t.equal(typeof $ThrowTypeError, 'function', 'is a function');
+	t['throws'](
+		$ThrowTypeError,
+		TypeError,
+		'%ThrowTypeError% throws a TypeError'
+	);
+
+	t.end();
+});
+
+test('allowMissing', { skip: asyncGenFns.length > 0 }, function (t) {
+	t['throws'](
+		function () { GetIntrinsic('%AsyncGeneratorPrototype%'); },
+		TypeError,
+		'throws when missing'
+	);
+
+	t.equal(
+		GetIntrinsic('%AsyncGeneratorPrototype%', true),
+		undefined,
+		'does not throw when allowMissing'
+	);
+
+	t.end();
+});
diff --git a/src/Servers/ExpressServer/node_modules/get-proto/.eslintrc b/src/Servers/ExpressServer/node_modules/get-proto/.eslintrc
new file mode 100644
index 0000000..1d21a8a
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/get-proto/.eslintrc
@@ -0,0 +1,10 @@
+{
+	"root": true,
+
+	"extends": "@ljharb",
+
+	"rules": {
+		"id-length": "off",
+		"sort-keys": "off",
+	},
+}
diff --git a/src/Servers/ExpressServer/node_modules/get-proto/.github/FUNDING.yml b/src/Servers/ExpressServer/node_modules/get-proto/.github/FUNDING.yml
new file mode 100644
index 0000000..93183ef
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/get-proto/.github/FUNDING.yml
@@ -0,0 +1,12 @@
+# These are supported funding model platforms
+
+github: [ljharb]
+patreon: # Replace with a single Patreon username
+open_collective: # Replace with a single Open Collective username
+ko_fi: # Replace with a single Ko-fi username
+tidelift: npm/get-proto
+community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
+liberapay: # Replace with a single Liberapay username
+issuehunt: # Replace with a single IssueHunt username
+otechie: # Replace with a single Otechie username
+custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']
diff --git a/src/Servers/ExpressServer/node_modules/get-proto/.nycrc b/src/Servers/ExpressServer/node_modules/get-proto/.nycrc
new file mode 100644
index 0000000..bdd626c
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/get-proto/.nycrc
@@ -0,0 +1,9 @@
+{
+	"all": true,
+	"check-coverage": false,
+	"reporter": ["text-summary", "text", "html", "json"],
+	"exclude": [
+		"coverage",
+		"test"
+	]
+}
diff --git a/src/Servers/ExpressServer/node_modules/get-proto/CHANGELOG.md b/src/Servers/ExpressServer/node_modules/get-proto/CHANGELOG.md
new file mode 100644
index 0000000..5860229
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/get-proto/CHANGELOG.md
@@ -0,0 +1,21 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [v1.0.1](https://github.com/ljharb/get-proto/compare/v1.0.0...v1.0.1) - 2025-01-02
+
+### Commits
+
+- [Fix] for the `Object.getPrototypeOf` window, throw for non-objects [`7fe6508`](https://github.com/ljharb/get-proto/commit/7fe6508b71419ebe1976bedb86001d1feaeaa49a)
+
+## v1.0.0 - 2025-01-01
+
+### Commits
+
+- Initial implementation, tests, readme, types [`5c70775`](https://github.com/ljharb/get-proto/commit/5c707751e81c3deeb2cf980d185fc7fd43611415)
+- Initial commit [`7c65c2a`](https://github.com/ljharb/get-proto/commit/7c65c2ad4e33d5dae2f219ebe1a046ae2256972c)
+- npm init [`0b8cf82`](https://github.com/ljharb/get-proto/commit/0b8cf824c9634e4a34ef7dd2a2cdc5be6ac79518)
+- Only apps should have lockfiles [`a6d1bff`](https://github.com/ljharb/get-proto/commit/a6d1bffc364f5828377cea7194558b2dbef7aea2)
diff --git a/src/Servers/ExpressServer/node_modules/get-proto/LICENSE b/src/Servers/ExpressServer/node_modules/get-proto/LICENSE
new file mode 100644
index 0000000..eeabd1c
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/get-proto/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Jordan Harband
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/get-proto/Object.getPrototypeOf.d.ts b/src/Servers/ExpressServer/node_modules/get-proto/Object.getPrototypeOf.d.ts
new file mode 100644
index 0000000..028b3ff
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/get-proto/Object.getPrototypeOf.d.ts
@@ -0,0 +1,5 @@
+declare function getProto<O extends object>(object: O): object | null;
+
+declare const x: typeof getProto | null;
+
+export = x;
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/get-proto/Object.getPrototypeOf.js b/src/Servers/ExpressServer/node_modules/get-proto/Object.getPrototypeOf.js
new file mode 100644
index 0000000..c2cbbdf
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/get-proto/Object.getPrototypeOf.js
@@ -0,0 +1,6 @@
+'use strict';
+
+var $Object = require('es-object-atoms');
+
+/** @type {import('./Object.getPrototypeOf')} */
+module.exports = $Object.getPrototypeOf || null;
diff --git a/src/Servers/ExpressServer/node_modules/get-proto/README.md b/src/Servers/ExpressServer/node_modules/get-proto/README.md
new file mode 100644
index 0000000..f8b4cce
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/get-proto/README.md
@@ -0,0 +1,50 @@
+# get-proto <sup>[![Version Badge][npm-version-svg]][package-url]</sup>
+
+[![github actions][actions-image]][actions-url]
+[![coverage][codecov-image]][codecov-url]
+[![License][license-image]][license-url]
+[![Downloads][downloads-image]][downloads-url]
+
+[![npm badge][npm-badge-png]][package-url]
+
+Robustly get the [[Prototype]] of an object. Uses the best available method.
+
+## Getting started
+
+```sh
+npm install --save get-proto
+```
+
+## Usage/Examples
+
+```js
+const assert = require('assert');
+const getProto = require('get-proto');
+
+const a = { a: 1, b: 2, [Symbol.toStringTag]: 'foo' };
+const b = { c: 3, __proto__: a };
+
+assert.equal(getProto(b), a);
+assert.equal(getProto(a), Object.prototype);
+assert.equal(getProto({ __proto__: null }), null);
+```
+
+## Tests
+
+Clone the repo, `npm install`, and run `npm test`
+
+[package-url]: https://npmjs.org/package/get-proto
+[npm-version-svg]: https://versionbadg.es/ljharb/get-proto.svg
+[deps-svg]: https://david-dm.org/ljharb/get-proto.svg
+[deps-url]: https://david-dm.org/ljharb/get-proto
+[dev-deps-svg]: https://david-dm.org/ljharb/get-proto/dev-status.svg
+[dev-deps-url]: https://david-dm.org/ljharb/get-proto#info=devDependencies
+[npm-badge-png]: https://nodei.co/npm/get-proto.png?downloads=true&stars=true
+[license-image]: https://img.shields.io/npm/l/get-proto.svg
+[license-url]: LICENSE
+[downloads-image]: https://img.shields.io/npm/dm/get-proto.svg
+[downloads-url]: https://npm-stat.com/charts.html?package=get-proto
+[codecov-image]: https://codecov.io/gh/ljharb/get-proto/branch/main/graphs/badge.svg
+[codecov-url]: https://app.codecov.io/gh/ljharb/get-proto/
+[actions-image]: https://img.shields.io/endpoint?url=https://github-actions-badge-u3jn4tfpocch.runkit.sh/ljharb/get-proto
+[actions-url]: https://github.com/ljharb/get-proto/actions
diff --git a/src/Servers/ExpressServer/node_modules/get-proto/Reflect.getPrototypeOf.d.ts b/src/Servers/ExpressServer/node_modules/get-proto/Reflect.getPrototypeOf.d.ts
new file mode 100644
index 0000000..2388fe0
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/get-proto/Reflect.getPrototypeOf.d.ts
@@ -0,0 +1,3 @@
+declare const x: typeof Reflect.getPrototypeOf | null;
+
+export = x;
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/get-proto/Reflect.getPrototypeOf.js b/src/Servers/ExpressServer/node_modules/get-proto/Reflect.getPrototypeOf.js
new file mode 100644
index 0000000..e6c51be
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/get-proto/Reflect.getPrototypeOf.js
@@ -0,0 +1,4 @@
+'use strict';
+
+/** @type {import('./Reflect.getPrototypeOf')} */
+module.exports = (typeof Reflect !== 'undefined' && Reflect.getPrototypeOf) || null;
diff --git a/src/Servers/ExpressServer/node_modules/get-proto/index.d.ts b/src/Servers/ExpressServer/node_modules/get-proto/index.d.ts
new file mode 100644
index 0000000..2c021f3
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/get-proto/index.d.ts
@@ -0,0 +1,5 @@
+declare function getProto<O extends object>(object: O): object | null;
+
+declare const x: typeof getProto | null;
+
+export = x;
diff --git a/src/Servers/ExpressServer/node_modules/get-proto/index.js b/src/Servers/ExpressServer/node_modules/get-proto/index.js
new file mode 100644
index 0000000..7e5747b
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/get-proto/index.js
@@ -0,0 +1,27 @@
+'use strict';
+
+var reflectGetProto = require('./Reflect.getPrototypeOf');
+var originalGetProto = require('./Object.getPrototypeOf');
+
+var getDunderProto = require('dunder-proto/get');
+
+/** @type {import('.')} */
+module.exports = reflectGetProto
+	? function getProto(O) {
+		// @ts-expect-error TS can't narrow inside a closure, for some reason
+		return reflectGetProto(O);
+	}
+	: originalGetProto
+		? function getProto(O) {
+			if (!O || (typeof O !== 'object' && typeof O !== 'function')) {
+				throw new TypeError('getProto: not an object');
+			}
+			// @ts-expect-error TS can't narrow inside a closure, for some reason
+			return originalGetProto(O);
+		}
+		: getDunderProto
+			? function getProto(O) {
+				// @ts-expect-error TS can't narrow inside a closure, for some reason
+				return getDunderProto(O);
+			}
+			: null;
diff --git a/src/Servers/ExpressServer/node_modules/get-proto/package.json b/src/Servers/ExpressServer/node_modules/get-proto/package.json
new file mode 100644
index 0000000..9c35cec
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/get-proto/package.json
@@ -0,0 +1,81 @@
+{
+	"name": "get-proto",
+	"version": "1.0.1",
+	"description": "Robustly get the [[Prototype]] of an object",
+	"main": "index.js",
+	"exports": {
+		".": "./index.js",
+		"./Reflect.getPrototypeOf": "./Reflect.getPrototypeOf.js",
+		"./Object.getPrototypeOf": "./Object.getPrototypeOf.js",
+		"./package.json": "./package.json"
+	},
+	"scripts": {
+		"prepack": "npmignore --auto --commentLines=autogenerated",
+		"prepublish": "not-in-publish || npm run prepublishOnly",
+		"prepublishOnly": "safe-publish-latest",
+		"pretest": "npm run --silent lint",
+		"test": "npm run tests-only",
+		"posttest": "npx npm@\">=10.2\" audit --production",
+		"tests-only": "nyc tape 'test/**/*.js'",
+		"prelint": "evalmd README.md",
+		"lint": "eslint --ext=js,mjs .",
+		"postlint": "tsc && attw -P",
+		"version": "auto-changelog && git add CHANGELOG.md",
+		"postversion": "auto-changelog && git add CHANGELOG.md && git commit --no-edit --amend && git tag -f \"v$(node -e \"console.log(require('./package.json').version)\")\""
+	},
+	"repository": {
+		"type": "git",
+		"url": "git+https://github.com/ljharb/get-proto.git"
+	},
+	"keywords": [
+		"get",
+		"proto",
+		"prototype",
+		"getPrototypeOf",
+		"[[Prototype]]"
+	],
+	"author": "Jordan Harband <ljharb@gmail.com>",
+	"license": "MIT",
+	"bugs": {
+		"url": "https://github.com/ljharb/get-proto/issues"
+	},
+	"homepage": "https://github.com/ljharb/get-proto#readme",
+	"dependencies": {
+		"dunder-proto": "^1.0.1",
+		"es-object-atoms": "^1.0.0"
+	},
+	"devDependencies": {
+		"@arethetypeswrong/cli": "^0.17.2",
+		"@ljharb/eslint-config": "^21.1.1",
+		"@ljharb/tsconfig": "^0.2.3",
+		"@types/tape": "^5.8.0",
+		"auto-changelog": "^2.5.0",
+		"eslint": "=8.8.0",
+		"evalmd": "^0.0.19",
+		"in-publish": "^2.0.1",
+		"npmignore": "^0.3.1",
+		"nyc": "^10.3.2",
+		"safe-publish-latest": "^2.0.0",
+		"tape": "^5.9.0",
+		"typescript": "next"
+	},
+	"engines": {
+		"node": ">= 0.4"
+	},
+	"auto-changelog": {
+		"output": "CHANGELOG.md",
+		"template": "keepachangelog",
+		"unreleased": false,
+		"commitLimit": false,
+		"backfillLimit": false,
+		"hideCredit": true
+	},
+	"publishConfig": {
+		"ignore": [
+			".github/workflows"
+		]
+	},
+	"testling": {
+		"files": "test/index.js"
+	}
+}
diff --git a/src/Servers/ExpressServer/node_modules/get-proto/test/index.js b/src/Servers/ExpressServer/node_modules/get-proto/test/index.js
new file mode 100644
index 0000000..5a2ece2
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/get-proto/test/index.js
@@ -0,0 +1,68 @@
+'use strict';
+
+var test = require('tape');
+
+var getProto = require('../');
+
+test('getProto', function (t) {
+	t.equal(typeof getProto, 'function', 'is a function');
+
+	t.test('can get', { skip: !getProto }, function (st) {
+		if (getProto) { // TS doesn't understand tape's skip
+			var proto = { b: 2 };
+			st.equal(getProto(proto), Object.prototype, 'proto: returns the [[Prototype]]');
+
+			st.test('nullish value', function (s2t) {
+			// @ts-expect-error
+				s2t['throws'](function () { return getProto(undefined); }, TypeError, 'undefined is not an object');
+				// @ts-expect-error
+				s2t['throws'](function () { return getProto(null); }, TypeError, 'null is not an object');
+				s2t.end();
+			});
+
+			// @ts-expect-error
+			st['throws'](function () { getProto(true); }, 'throws for true');
+			// @ts-expect-error
+			st['throws'](function () { getProto(false); }, 'throws for false');
+			// @ts-expect-error
+			st['throws'](function () { getProto(42); }, 'throws for 42');
+			// @ts-expect-error
+			st['throws'](function () { getProto(NaN); }, 'throws for NaN');
+			// @ts-expect-error
+			st['throws'](function () { getProto(0); }, 'throws for +0');
+			// @ts-expect-error
+			st['throws'](function () { getProto(-0); }, 'throws for -0');
+			// @ts-expect-error
+			st['throws'](function () { getProto(Infinity); }, 'throws for ∞');
+			// @ts-expect-error
+			st['throws'](function () { getProto(-Infinity); }, 'throws for -∞');
+			// @ts-expect-error
+			st['throws'](function () { getProto(''); }, 'throws for empty string');
+			// @ts-expect-error
+			st['throws'](function () { getProto('foo'); }, 'throws for non-empty string');
+			st.equal(getProto(/a/g), RegExp.prototype);
+			st.equal(getProto(new Date()), Date.prototype);
+			st.equal(getProto(function () {}), Function.prototype);
+			st.equal(getProto([]), Array.prototype);
+			st.equal(getProto({}), Object.prototype);
+
+			var nullObject = { __proto__: null };
+			if ('toString' in nullObject) {
+				st.comment('no null objects in this engine');
+				st.equal(getProto(nullObject), Object.prototype, '"null" object has Object.prototype as [[Prototype]]');
+			} else {
+				st.equal(getProto(nullObject), null, 'null object has null [[Prototype]]');
+			}
+		}
+
+		st.end();
+	});
+
+	t.test('can not get', { skip: !!getProto }, function (st) {
+		st.equal(getProto, null);
+
+		st.end();
+	});
+
+	t.end();
+});
diff --git a/src/Servers/ExpressServer/node_modules/get-proto/tsconfig.json b/src/Servers/ExpressServer/node_modules/get-proto/tsconfig.json
new file mode 100644
index 0000000..60fb90e
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/get-proto/tsconfig.json
@@ -0,0 +1,9 @@
+{
+	"extends": "@ljharb/tsconfig",
+	"compilerOptions": {
+		//"target": "es2021",
+	},
+	"exclude": [
+		"coverage",
+	],
+}
diff --git a/src/Servers/ExpressServer/node_modules/gopd/.eslintrc b/src/Servers/ExpressServer/node_modules/gopd/.eslintrc
new file mode 100644
index 0000000..e2550c0
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/gopd/.eslintrc
@@ -0,0 +1,16 @@
+{
+	"root": true,
+
+	"extends": "@ljharb",
+
+	"rules": {
+		"func-style": [2, "declaration"],
+		"id-length": 0,
+		"multiline-comment-style": 0,
+		"new-cap": [2, {
+			"capIsNewExceptions": [
+				"GetIntrinsic",
+			],
+		}],
+	},
+}
diff --git a/src/Servers/ExpressServer/node_modules/gopd/.github/FUNDING.yml b/src/Servers/ExpressServer/node_modules/gopd/.github/FUNDING.yml
new file mode 100644
index 0000000..94a44a8
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/gopd/.github/FUNDING.yml
@@ -0,0 +1,12 @@
+# These are supported funding model platforms
+
+github: [ljharb]
+patreon: # Replace with a single Patreon username
+open_collective: # Replace with a single Open Collective username
+ko_fi: # Replace with a single Ko-fi username
+tidelift: npm/gopd
+community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
+liberapay: # Replace with a single Liberapay username
+issuehunt: # Replace with a single IssueHunt username
+otechie: # Replace with a single Otechie username
+custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']
diff --git a/src/Servers/ExpressServer/node_modules/gopd/CHANGELOG.md b/src/Servers/ExpressServer/node_modules/gopd/CHANGELOG.md
new file mode 100644
index 0000000..87f5727
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/gopd/CHANGELOG.md
@@ -0,0 +1,45 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [v1.2.0](https://github.com/ljharb/gopd/compare/v1.1.0...v1.2.0) - 2024-12-03
+
+### Commits
+
+- [New] add `gOPD` entry point; remove `get-intrinsic` [`5b61232`](https://github.com/ljharb/gopd/commit/5b61232dedea4591a314bcf16101b1961cee024e)
+
+## [v1.1.0](https://github.com/ljharb/gopd/compare/v1.0.1...v1.1.0) - 2024-11-29
+
+### Commits
+
+- [New] add types [`f585e39`](https://github.com/ljharb/gopd/commit/f585e397886d270e4ba84e53d226e4f9ca2eb0e6)
+- [Dev Deps] update `@ljharb/eslint-config`, `auto-changelog`, `tape` [`0b8e4fd`](https://github.com/ljharb/gopd/commit/0b8e4fded64397a7726a9daa144a6cc9a5e2edfa)
+- [Dev Deps] update `aud`, `npmignore`, `tape` [`48378b2`](https://github.com/ljharb/gopd/commit/48378b2443f09a4f7efbd0fb6c3ee845a6cabcf3)
+- [Dev Deps] update `@ljharb/eslint-config`, `aud`, `tape` [`78099ee`](https://github.com/ljharb/gopd/commit/78099eeed41bfdc134c912280483689cc8861c31)
+- [Tests] replace `aud` with `npm audit` [`4e0d0ac`](https://github.com/ljharb/gopd/commit/4e0d0ac47619d24a75318a8e1f543ee04b2a2632)
+- [meta] add missing `engines.node` [`1443316`](https://github.com/ljharb/gopd/commit/14433165d07835c680155b3dfd62d9217d735eca)
+- [Deps] update `get-intrinsic` [`eee5f51`](https://github.com/ljharb/gopd/commit/eee5f51769f3dbaf578b70e2a3199116b01aa670)
+- [Deps] update `get-intrinsic` [`550c378`](https://github.com/ljharb/gopd/commit/550c3780e3a9c77b62565712a001b4ed64ea61f5)
+- [Dev Deps] add missing peer dep [`8c2ecf8`](https://github.com/ljharb/gopd/commit/8c2ecf848122e4e30abfc5b5086fb48b390dce75)
+
+## [v1.0.1](https://github.com/ljharb/gopd/compare/v1.0.0...v1.0.1) - 2022-11-01
+
+### Commits
+
+- [Fix] actually export gOPD instead of dP [`4b624bf`](https://github.com/ljharb/gopd/commit/4b624bfbeff788c5e3ff16d9443a83627847234f)
+
+## v1.0.0 - 2022-11-01
+
+### Commits
+
+- Initial implementation, tests, readme [`0911e01`](https://github.com/ljharb/gopd/commit/0911e012cd642092bd88b732c161c58bf4f20bea)
+- Initial commit [`b84e33f`](https://github.com/ljharb/gopd/commit/b84e33f5808a805ac57ff88d4247ad935569acbe)
+- [actions] add reusable workflows [`12ae28a`](https://github.com/ljharb/gopd/commit/12ae28ae5f50f86e750215b6e2188901646d0119)
+- npm init [`280118b`](https://github.com/ljharb/gopd/commit/280118badb45c80b4483836b5cb5315bddf6e582)
+- [meta] add `auto-changelog` [`bb78de5`](https://github.com/ljharb/gopd/commit/bb78de5639a180747fb290c28912beaaf1615709)
+- [meta] create FUNDING.yml; add `funding` in package.json [`11c22e6`](https://github.com/ljharb/gopd/commit/11c22e6355bb01f24e7fac4c9bb3055eb5b25002)
+- [meta] use `npmignore` to autogenerate an npmignore file [`4f4537a`](https://github.com/ljharb/gopd/commit/4f4537a843b39f698c52f072845092e6fca345bb)
+- Only apps should have lockfiles [`c567022`](https://github.com/ljharb/gopd/commit/c567022a18573aa7951cf5399445d9840e23e98b)
diff --git a/src/Servers/ExpressServer/node_modules/gopd/LICENSE b/src/Servers/ExpressServer/node_modules/gopd/LICENSE
new file mode 100644
index 0000000..6abfe14
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/gopd/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2022 Jordan Harband
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/gopd/README.md b/src/Servers/ExpressServer/node_modules/gopd/README.md
new file mode 100644
index 0000000..784e56a
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/gopd/README.md
@@ -0,0 +1,40 @@
+# gopd <sup>[![Version Badge][npm-version-svg]][package-url]</sup>
+
+[![github actions][actions-image]][actions-url]
+[![coverage][codecov-image]][codecov-url]
+[![License][license-image]][license-url]
+[![Downloads][downloads-image]][downloads-url]
+
+[![npm badge][npm-badge-png]][package-url]
+
+`Object.getOwnPropertyDescriptor`, but accounts for IE's broken implementation.
+
+## Usage
+
+```javascript
+var gOPD = require('gopd');
+var assert = require('assert');
+
+if (gOPD) {
+	assert.equal(typeof gOPD, 'function', 'descriptors supported');
+	// use gOPD like Object.getOwnPropertyDescriptor here
+} else {
+	assert.ok(!gOPD, 'descriptors not supported');
+}
+```
+
+[package-url]: https://npmjs.org/package/gopd
+[npm-version-svg]: https://versionbadg.es/ljharb/gopd.svg
+[deps-svg]: https://david-dm.org/ljharb/gopd.svg
+[deps-url]: https://david-dm.org/ljharb/gopd
+[dev-deps-svg]: https://david-dm.org/ljharb/gopd/dev-status.svg
+[dev-deps-url]: https://david-dm.org/ljharb/gopd#info=devDependencies
+[npm-badge-png]: https://nodei.co/npm/gopd.png?downloads=true&stars=true
+[license-image]: https://img.shields.io/npm/l/gopd.svg
+[license-url]: LICENSE
+[downloads-image]: https://img.shields.io/npm/dm/gopd.svg
+[downloads-url]: https://npm-stat.com/charts.html?package=gopd
+[codecov-image]: https://codecov.io/gh/ljharb/gopd/branch/main/graphs/badge.svg
+[codecov-url]: https://app.codecov.io/gh/ljharb/gopd/
+[actions-image]: https://img.shields.io/endpoint?url=https://github-actions-badge-u3jn4tfpocch.runkit.sh/ljharb/gopd
+[actions-url]: https://github.com/ljharb/gopd/actions
diff --git a/src/Servers/ExpressServer/node_modules/gopd/gOPD.d.ts b/src/Servers/ExpressServer/node_modules/gopd/gOPD.d.ts
new file mode 100644
index 0000000..def48a3
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/gopd/gOPD.d.ts
@@ -0,0 +1 @@
+export = Object.getOwnPropertyDescriptor;
diff --git a/src/Servers/ExpressServer/node_modules/gopd/gOPD.js b/src/Servers/ExpressServer/node_modules/gopd/gOPD.js
new file mode 100644
index 0000000..cf9616c
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/gopd/gOPD.js
@@ -0,0 +1,4 @@
+'use strict';
+
+/** @type {import('./gOPD')} */
+module.exports = Object.getOwnPropertyDescriptor;
diff --git a/src/Servers/ExpressServer/node_modules/gopd/index.d.ts b/src/Servers/ExpressServer/node_modules/gopd/index.d.ts
new file mode 100644
index 0000000..e228065
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/gopd/index.d.ts
@@ -0,0 +1,5 @@
+declare function gOPD<O extends object, K extends keyof O>(obj: O, prop: K): PropertyDescriptor | undefined;
+
+declare const fn: typeof gOPD | undefined | null;
+
+export = fn;
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/gopd/index.js b/src/Servers/ExpressServer/node_modules/gopd/index.js
new file mode 100644
index 0000000..a4081b0
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/gopd/index.js
@@ -0,0 +1,15 @@
+'use strict';
+
+/** @type {import('.')} */
+var $gOPD = require('./gOPD');
+
+if ($gOPD) {
+	try {
+		$gOPD([], 'length');
+	} catch (e) {
+		// IE 8 has a broken gOPD
+		$gOPD = null;
+	}
+}
+
+module.exports = $gOPD;
diff --git a/src/Servers/ExpressServer/node_modules/gopd/package.json b/src/Servers/ExpressServer/node_modules/gopd/package.json
new file mode 100644
index 0000000..01c5ffa
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/gopd/package.json
@@ -0,0 +1,77 @@
+{
+	"name": "gopd",
+	"version": "1.2.0",
+	"description": "`Object.getOwnPropertyDescriptor`, but accounts for IE's broken implementation.",
+	"main": "index.js",
+	"exports": {
+		".": "./index.js",
+		"./gOPD": "./gOPD.js",
+		"./package.json": "./package.json"
+	},
+	"sideEffects": false,
+	"scripts": {
+		"prepack": "npmignore --auto --commentLines=autogenerated",
+		"prepublishOnly": "safe-publish-latest",
+		"prepublish": "not-in-publish || npm run prepublishOnly",
+		"prelint": "tsc -p . && attw -P",
+		"lint": "eslint --ext=js,mjs .",
+		"postlint": "evalmd README.md",
+		"pretest": "npm run lint",
+		"tests-only": "tape 'test/**/*.js'",
+		"test": "npm run tests-only",
+		"posttest": "npx npm@'>=10.2' audit --production",
+		"version": "auto-changelog && git add CHANGELOG.md",
+		"postversion": "auto-changelog && git add CHANGELOG.md && git commit --no-edit --amend && git tag -f \"v$(node -e \"console.log(require('./package.json').version)\")\""
+	},
+	"repository": {
+		"type": "git",
+		"url": "git+https://github.com/ljharb/gopd.git"
+	},
+	"keywords": [
+		"ecmascript",
+		"javascript",
+		"getownpropertydescriptor",
+		"property",
+		"descriptor"
+	],
+	"author": "Jordan Harband <ljharb@gmail.com>",
+	"funding": {
+		"url": "https://github.com/sponsors/ljharb"
+	},
+	"license": "MIT",
+	"bugs": {
+		"url": "https://github.com/ljharb/gopd/issues"
+	},
+	"homepage": "https://github.com/ljharb/gopd#readme",
+	"devDependencies": {
+		"@arethetypeswrong/cli": "^0.17.0",
+		"@ljharb/eslint-config": "^21.1.1",
+		"@ljharb/tsconfig": "^0.2.0",
+		"@types/tape": "^5.6.5",
+		"auto-changelog": "^2.5.0",
+		"encoding": "^0.1.13",
+		"eslint": "=8.8.0",
+		"evalmd": "^0.0.19",
+		"in-publish": "^2.0.1",
+		"npmignore": "^0.3.1",
+		"safe-publish-latest": "^2.0.0",
+		"tape": "^5.9.0",
+		"typescript": "next"
+	},
+	"auto-changelog": {
+		"output": "CHANGELOG.md",
+		"template": "keepachangelog",
+		"unreleased": false,
+		"commitLimit": false,
+		"backfillLimit": false,
+		"hideCredit": true
+	},
+	"publishConfig": {
+		"ignore": [
+			".github/workflows"
+		]
+	},
+	"engines": {
+		"node": ">= 0.4"
+	}
+}
diff --git a/src/Servers/ExpressServer/node_modules/gopd/test/index.js b/src/Servers/ExpressServer/node_modules/gopd/test/index.js
new file mode 100644
index 0000000..6f43453
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/gopd/test/index.js
@@ -0,0 +1,36 @@
+'use strict';
+
+var test = require('tape');
+var gOPD = require('../');
+
+test('gOPD', function (t) {
+	t.test('supported', { skip: !gOPD }, function (st) {
+		st.equal(typeof gOPD, 'function', 'is a function');
+
+		var obj = { x: 1 };
+		st.ok('x' in obj, 'property exists');
+
+		// @ts-expect-error TS can't figure out narrowing from `skip`
+		var desc = gOPD(obj, 'x');
+		st.deepEqual(
+			desc,
+			{
+				configurable: true,
+				enumerable: true,
+				value: 1,
+				writable: true
+			},
+			'descriptor is as expected'
+		);
+
+		st.end();
+	});
+
+	t.test('not supported', { skip: !!gOPD }, function (st) {
+		st.notOk(gOPD, 'is falsy');
+
+		st.end();
+	});
+
+	t.end();
+});
diff --git a/src/Servers/ExpressServer/node_modules/gopd/tsconfig.json b/src/Servers/ExpressServer/node_modules/gopd/tsconfig.json
new file mode 100644
index 0000000..d9a6668
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/gopd/tsconfig.json
@@ -0,0 +1,9 @@
+{
+	"extends": "@ljharb/tsconfig",
+	"compilerOptions": {
+		"target": "es2021",
+	},
+	"exclude": [
+		"coverage",
+	],
+}
diff --git a/src/Servers/ExpressServer/node_modules/has-symbols/.eslintrc b/src/Servers/ExpressServer/node_modules/has-symbols/.eslintrc
new file mode 100644
index 0000000..2d9a66a
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/has-symbols/.eslintrc
@@ -0,0 +1,11 @@
+{
+	"root": true,
+
+	"extends": "@ljharb",
+
+	"rules": {
+		"max-statements-per-line": [2, { "max": 2 }],
+		"no-magic-numbers": 0,
+		"multiline-comment-style": 0,
+	}
+}
diff --git a/src/Servers/ExpressServer/node_modules/has-symbols/.github/FUNDING.yml b/src/Servers/ExpressServer/node_modules/has-symbols/.github/FUNDING.yml
new file mode 100644
index 0000000..04cf87e
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/has-symbols/.github/FUNDING.yml
@@ -0,0 +1,12 @@
+# These are supported funding model platforms
+
+github: [ljharb]
+patreon: # Replace with a single Patreon username
+open_collective: # Replace with a single Open Collective username
+ko_fi: # Replace with a single Ko-fi username
+tidelift: npm/has-symbols
+community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
+liberapay: # Replace with a single Liberapay username
+issuehunt: # Replace with a single IssueHunt username
+otechie: # Replace with a single Otechie username
+custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']
diff --git a/src/Servers/ExpressServer/node_modules/has-symbols/.nycrc b/src/Servers/ExpressServer/node_modules/has-symbols/.nycrc
new file mode 100644
index 0000000..bdd626c
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/has-symbols/.nycrc
@@ -0,0 +1,9 @@
+{
+	"all": true,
+	"check-coverage": false,
+	"reporter": ["text-summary", "text", "html", "json"],
+	"exclude": [
+		"coverage",
+		"test"
+	]
+}
diff --git a/src/Servers/ExpressServer/node_modules/has-symbols/CHANGELOG.md b/src/Servers/ExpressServer/node_modules/has-symbols/CHANGELOG.md
new file mode 100644
index 0000000..cc3cf83
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/has-symbols/CHANGELOG.md
@@ -0,0 +1,91 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [v1.1.0](https://github.com/inspect-js/has-symbols/compare/v1.0.3...v1.1.0) - 2024-12-02
+
+### Commits
+
+- [actions] update workflows [`548c0bf`](https://github.com/inspect-js/has-symbols/commit/548c0bf8c9b1235458df7a1c0490b0064647a282)
+- [actions] further shard; update action deps [`bec56bb`](https://github.com/inspect-js/has-symbols/commit/bec56bb0fb44b43a786686b944875a3175cf3ff3)
+- [meta] use `npmignore` to autogenerate an npmignore file [`ac81032`](https://github.com/inspect-js/has-symbols/commit/ac81032809157e0a079e5264e9ce9b6f1275777e)
+- [New] add types [`6469cbf`](https://github.com/inspect-js/has-symbols/commit/6469cbff1866cfe367b2b3d181d9296ec14b2a3d)
+- [actions] update rebase action to use reusable workflow [`9c9d4d0`](https://github.com/inspect-js/has-symbols/commit/9c9d4d0d8938e4b267acdf8e421f4e92d1716d72)
+- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `aud`, `tape` [`adb5887`](https://github.com/inspect-js/has-symbols/commit/adb5887ca9444849b08beb5caaa9e1d42320cdfb)
+- [Dev Deps] update `@ljharb/eslint-config`, `aud`, `tape` [`13ec198`](https://github.com/inspect-js/has-symbols/commit/13ec198ec80f1993a87710af1606a1970b22c7cb)
+- [Dev Deps] update `auto-changelog`, `core-js`, `tape` [`941be52`](https://github.com/inspect-js/has-symbols/commit/941be5248387cab1da72509b22acf3fdb223f057)
+- [Tests] replace `aud` with `npm audit` [`74f49e9`](https://github.com/inspect-js/has-symbols/commit/74f49e9a9d17a443020784234a1c53ce765b3559)
+- [Dev Deps] update `npmignore` [`9c0ac04`](https://github.com/inspect-js/has-symbols/commit/9c0ac0452a834f4c2a4b54044f2d6a89f17e9a70)
+- [Dev Deps] add missing peer dep [`52337a5`](https://github.com/inspect-js/has-symbols/commit/52337a5621cced61f846f2afdab7707a8132cc12)
+
+## [v1.0.3](https://github.com/inspect-js/has-symbols/compare/v1.0.2...v1.0.3) - 2022-03-01
+
+### Commits
+
+- [actions] use `node/install` instead of `node/run`; use `codecov` action [`518b28f`](https://github.com/inspect-js/has-symbols/commit/518b28f6c5a516cbccae30794e40aa9f738b1693)
+- [meta] add `bugs` and `homepage` fields; reorder package.json [`c480b13`](https://github.com/inspect-js/has-symbols/commit/c480b13fd6802b557e1cef9749872cb5fdeef744)
+- [actions] reuse common workflows [`01d0ee0`](https://github.com/inspect-js/has-symbols/commit/01d0ee0a8d97c0947f5edb73eb722027a77b2b07)
+- [actions] update codecov uploader [`6424ebe`](https://github.com/inspect-js/has-symbols/commit/6424ebe86b2c9c7c3d2e9bd4413a4e4f168cb275)
+- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `aud`, `auto-changelog`, `tape` [`dfa7e7f`](https://github.com/inspect-js/has-symbols/commit/dfa7e7ff38b594645d8c8222aab895157fa7e282)
+- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `safe-publish-latest`, `tape` [`0c8d436`](https://github.com/inspect-js/has-symbols/commit/0c8d43685c45189cea9018191d4fd7eca91c9d02)
+- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `aud`, `tape` [`9026554`](https://github.com/inspect-js/has-symbols/commit/902655442a1bf88e72b42345494ef0c60f5d36ab)
+- [readme] add actions and codecov badges [`eaa9682`](https://github.com/inspect-js/has-symbols/commit/eaa9682f990f481d3acf7a1c7600bec36f7b3adc)
+- [Dev Deps] update `eslint`, `tape` [`bc7a3ba`](https://github.com/inspect-js/has-symbols/commit/bc7a3ba46f27b7743f8a2579732d59d1b9ac791e)
+- [Dev Deps] update `eslint`, `auto-changelog` [`0ace00a`](https://github.com/inspect-js/has-symbols/commit/0ace00af08a88cdd1e6ce0d60357d941c60c2d9f)
+- [meta] use `prepublishOnly` script for npm 7+ [`093f72b`](https://github.com/inspect-js/has-symbols/commit/093f72bc2b0ed00c781f444922a5034257bf561d)
+- [Tests] test on all 16 minors [`9b80d3d`](https://github.com/inspect-js/has-symbols/commit/9b80d3d9102529f04c20ec5b1fcc6e38426c6b03)
+
+## [v1.0.2](https://github.com/inspect-js/has-symbols/compare/v1.0.1...v1.0.2) - 2021-02-27
+
+### Fixed
+
+- [Fix] use a universal way to get the original Symbol [`#11`](https://github.com/inspect-js/has-symbols/issues/11)
+
+### Commits
+
+- [Tests] migrate tests to Github Actions [`90ae798`](https://github.com/inspect-js/has-symbols/commit/90ae79820bdfe7bc703d67f5f3c5e205f98556d3)
+- [meta] do not publish github action workflow files [`29e60a1`](https://github.com/inspect-js/has-symbols/commit/29e60a1b7c25c7f1acf7acff4a9320d0d10c49b4)
+- [Tests] run `nyc` on all tests [`8476b91`](https://github.com/inspect-js/has-symbols/commit/8476b915650d360915abe2522505abf4b0e8f0ae)
+- [readme] fix repo URLs, remove defunct badges [`126288e`](https://github.com/inspect-js/has-symbols/commit/126288ecc1797c0a40247a6b78bcb2e0bc5d7036)
+- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `aud`, `auto-changelog`, `core-js`, `get-own-property-symbols` [`d84bdfa`](https://github.com/inspect-js/has-symbols/commit/d84bdfa48ac5188abbb4904b42614cd6c030940a)
+- [Tests] fix linting errors [`0df3070`](https://github.com/inspect-js/has-symbols/commit/0df3070b981b6c9f2ee530c09189a7f5c6def839)
+- [actions] add "Allow Edits" workflow [`1e6bc29`](https://github.com/inspect-js/has-symbols/commit/1e6bc29b188f32b9648657b07eda08504be5aa9c)
+- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `tape` [`36cea2a`](https://github.com/inspect-js/has-symbols/commit/36cea2addd4e6ec435f35a2656b4e9ef82498e9b)
+- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `aud`, `tape` [`1278338`](https://github.com/inspect-js/has-symbols/commit/127833801865fbc2cc8979beb9ca869c7bfe8222)
+- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `aud`, `tape` [`1493254`](https://github.com/inspect-js/has-symbols/commit/1493254eda13db5fb8fc5e4a3e8324b3d196029d)
+- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `core-js` [`b090bf2`](https://github.com/inspect-js/has-symbols/commit/b090bf214d3679a30edc1e2d729d466ab5183e1d)
+- [actions] switch Automatic Rebase workflow to `pull_request_target` event [`4addb7a`](https://github.com/inspect-js/has-symbols/commit/4addb7ab4dc73f927ae99928d68817554fc21dc0)
+- [Dev Deps] update `auto-changelog`, `tape` [`81d0baf`](https://github.com/inspect-js/has-symbols/commit/81d0baf3816096a89a8558e8043895f7a7d10d8b)
+- [Dev Deps] update `auto-changelog`; add `aud` [`1a4e561`](https://github.com/inspect-js/has-symbols/commit/1a4e5612c25d91c3a03d509721d02630bc4fe3da)
+- [readme] remove unused testling URLs [`3000941`](https://github.com/inspect-js/has-symbols/commit/3000941f958046e923ed8152edb1ef4a599e6fcc)
+- [Tests] only audit prod deps [`692e974`](https://github.com/inspect-js/has-symbols/commit/692e9743c912410e9440207631a643a34b4741a1)
+- [Dev Deps] update `@ljharb/eslint-config` [`51c946c`](https://github.com/inspect-js/has-symbols/commit/51c946c7f6baa793ec5390bb5a45cdce16b4ba76)
+
+## [v1.0.1](https://github.com/inspect-js/has-symbols/compare/v1.0.0...v1.0.1) - 2019-11-16
+
+### Commits
+
+- [Tests] use shared travis-ci configs [`ce396c9`](https://github.com/inspect-js/has-symbols/commit/ce396c9419ff11c43d0da5d05cdbb79f7fb42229)
+- [Tests] up to `node` `v12.4`, `v11.15`, `v10.15`, `v9.11`, `v8.15`, `v7.10`, `v6.17`, `v4.9`; use `nvm install-latest-npm` [`0690732`](https://github.com/inspect-js/has-symbols/commit/0690732801f47ab429f39ba1962f522d5c462d6b)
+- [meta] add `auto-changelog` [`2163d0b`](https://github.com/inspect-js/has-symbols/commit/2163d0b7f36343076b8f947cd1667dd1750f26fc)
+- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `core-js`, `safe-publish-latest`, `tape` [`8e0951f`](https://github.com/inspect-js/has-symbols/commit/8e0951f1a7a2e52068222b7bb73511761e6e4d9c)
+- [actions] add automatic rebasing / merge commit blocking [`b09cdb7`](https://github.com/inspect-js/has-symbols/commit/b09cdb7cd7ee39e7a769878f56e2d6066f5ccd1d)
+- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `safe-publish-latest`, `core-js`, `get-own-property-symbols`, `tape` [`1dd42cd`](https://github.com/inspect-js/has-symbols/commit/1dd42cd86183ed0c50f99b1062345c458babca91)
+- [meta] create FUNDING.yml [`aa57a17`](https://github.com/inspect-js/has-symbols/commit/aa57a17b19708906d1927f821ea8e73394d84ca4)
+- Only apps should have lockfiles [`a2d8bea`](https://github.com/inspect-js/has-symbols/commit/a2d8bea23a97d15c09eaf60f5b107fcf9a4d57aa)
+- [Tests] use `npx aud` instead of `nsp` or `npm audit` with hoops [`9e96cb7`](https://github.com/inspect-js/has-symbols/commit/9e96cb783746cbed0c10ef78e599a8eaa7ebe193)
+- [meta] add `funding` field [`a0b32cf`](https://github.com/inspect-js/has-symbols/commit/a0b32cf68e803f963c1639b6d47b0a9d6440bab0)
+- [Dev Deps] update `safe-publish-latest` [`cb9f0a5`](https://github.com/inspect-js/has-symbols/commit/cb9f0a521a3a1790f1064d437edd33bb6c3d6af0)
+
+## v1.0.0 - 2016-09-19
+
+### Commits
+
+- Tests. [`ecb6eb9`](https://github.com/inspect-js/has-symbols/commit/ecb6eb934e4883137f3f93b965ba5e0a98df430d)
+- package.json [`88a337c`](https://github.com/inspect-js/has-symbols/commit/88a337cee0864a0da35f5d19e69ff0ef0150e46a)
+- Initial commit [`42e1e55`](https://github.com/inspect-js/has-symbols/commit/42e1e5502536a2b8ac529c9443984acd14836b1c)
+- Initial implementation. [`33f5cc6`](https://github.com/inspect-js/has-symbols/commit/33f5cc6cdff86e2194b081ee842bfdc63caf43fb)
+- read me [`01f1170`](https://github.com/inspect-js/has-symbols/commit/01f1170188ff7cb1558aa297f6ba5b516c6d7b0c)
diff --git a/src/Servers/ExpressServer/node_modules/has-symbols/LICENSE b/src/Servers/ExpressServer/node_modules/has-symbols/LICENSE
new file mode 100644
index 0000000..df31cbf
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/has-symbols/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2016 Jordan Harband
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/has-symbols/README.md b/src/Servers/ExpressServer/node_modules/has-symbols/README.md
new file mode 100644
index 0000000..33905f0
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/has-symbols/README.md
@@ -0,0 +1,46 @@
+# has-symbols <sup>[![Version Badge][2]][1]</sup>
+
+[![github actions][actions-image]][actions-url]
+[![coverage][codecov-image]][codecov-url]
+[![dependency status][5]][6]
+[![dev dependency status][7]][8]
+[![License][license-image]][license-url]
+[![Downloads][downloads-image]][downloads-url]
+
+[![npm badge][11]][1]
+
+Determine if the JS environment has Symbol support. Supports spec, or shams.
+
+## Example
+
+```js
+var hasSymbols = require('has-symbols');
+
+hasSymbols() === true; // if the environment has native Symbol support. Not polyfillable, not forgeable.
+
+var hasSymbolsKinda = require('has-symbols/shams');
+hasSymbolsKinda() === true; // if the environment has a Symbol sham that mostly follows the spec.
+```
+
+## Supported Symbol shams
+ - get-own-property-symbols [npm](https://www.npmjs.com/package/get-own-property-symbols) | [github](https://github.com/WebReflection/get-own-property-symbols)
+ - core-js [npm](https://www.npmjs.com/package/core-js) | [github](https://github.com/zloirock/core-js)
+
+## Tests
+Simply clone the repo, `npm install`, and run `npm test`
+
+[1]: https://npmjs.org/package/has-symbols
+[2]: https://versionbadg.es/inspect-js/has-symbols.svg
+[5]: https://david-dm.org/inspect-js/has-symbols.svg
+[6]: https://david-dm.org/inspect-js/has-symbols
+[7]: https://david-dm.org/inspect-js/has-symbols/dev-status.svg
+[8]: https://david-dm.org/inspect-js/has-symbols#info=devDependencies
+[11]: https://nodei.co/npm/has-symbols.png?downloads=true&stars=true
+[license-image]: https://img.shields.io/npm/l/has-symbols.svg
+[license-url]: LICENSE
+[downloads-image]: https://img.shields.io/npm/dm/has-symbols.svg
+[downloads-url]: https://npm-stat.com/charts.html?package=has-symbols
+[codecov-image]: https://codecov.io/gh/inspect-js/has-symbols/branch/main/graphs/badge.svg
+[codecov-url]: https://app.codecov.io/gh/inspect-js/has-symbols/
+[actions-image]: https://img.shields.io/endpoint?url=https://github-actions-badge-u3jn4tfpocch.runkit.sh/inspect-js/has-symbols
+[actions-url]: https://github.com/inspect-js/has-symbols/actions
diff --git a/src/Servers/ExpressServer/node_modules/has-symbols/index.d.ts b/src/Servers/ExpressServer/node_modules/has-symbols/index.d.ts
new file mode 100644
index 0000000..9b98595
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/has-symbols/index.d.ts
@@ -0,0 +1,3 @@
+declare function hasNativeSymbols(): boolean;
+
+export = hasNativeSymbols;
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/has-symbols/index.js b/src/Servers/ExpressServer/node_modules/has-symbols/index.js
new file mode 100644
index 0000000..fa65265
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/has-symbols/index.js
@@ -0,0 +1,14 @@
+'use strict';
+
+var origSymbol = typeof Symbol !== 'undefined' && Symbol;
+var hasSymbolSham = require('./shams');
+
+/** @type {import('.')} */
+module.exports = function hasNativeSymbols() {
+	if (typeof origSymbol !== 'function') { return false; }
+	if (typeof Symbol !== 'function') { return false; }
+	if (typeof origSymbol('foo') !== 'symbol') { return false; }
+	if (typeof Symbol('bar') !== 'symbol') { return false; }
+
+	return hasSymbolSham();
+};
diff --git a/src/Servers/ExpressServer/node_modules/has-symbols/package.json b/src/Servers/ExpressServer/node_modules/has-symbols/package.json
new file mode 100644
index 0000000..d835e20
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/has-symbols/package.json
@@ -0,0 +1,111 @@
+{
+	"name": "has-symbols",
+	"version": "1.1.0",
+	"description": "Determine if the JS environment has Symbol support. Supports spec, or shams.",
+	"main": "index.js",
+	"scripts": {
+		"prepack": "npmignore --auto --commentLines=autogenerated",
+		"prepublishOnly": "safe-publish-latest",
+		"prepublish": "not-in-publish || npm run prepublishOnly",
+		"pretest": "npm run --silent lint",
+		"test": "npm run tests-only",
+		"posttest": "npx npm@'>=10.2' audit --production",
+		"tests-only": "npm run test:stock && npm run test:shams",
+		"test:stock": "nyc node test",
+		"test:staging": "nyc node --harmony --es-staging test",
+		"test:shams": "npm run --silent test:shams:getownpropertysymbols && npm run --silent test:shams:corejs",
+		"test:shams:corejs": "nyc node test/shams/core-js.js",
+		"test:shams:getownpropertysymbols": "nyc node test/shams/get-own-property-symbols.js",
+		"lint": "eslint --ext=js,mjs .",
+		"postlint": "tsc -p . && attw -P",
+		"version": "auto-changelog && git add CHANGELOG.md",
+		"postversion": "auto-changelog && git add CHANGELOG.md && git commit --no-edit --amend && git tag -f \"v$(node -e \"console.log(require('./package.json').version)\")\""
+	},
+	"repository": {
+		"type": "git",
+		"url": "git://github.com/inspect-js/has-symbols.git"
+	},
+	"keywords": [
+		"Symbol",
+		"symbols",
+		"typeof",
+		"sham",
+		"polyfill",
+		"native",
+		"core-js",
+		"ES6"
+	],
+	"author": {
+		"name": "Jordan Harband",
+		"email": "ljharb@gmail.com",
+		"url": "http://ljharb.codes"
+	},
+	"contributors": [
+		{
+			"name": "Jordan Harband",
+			"email": "ljharb@gmail.com",
+			"url": "http://ljharb.codes"
+		}
+	],
+	"funding": {
+		"url": "https://github.com/sponsors/ljharb"
+	},
+	"license": "MIT",
+	"bugs": {
+		"url": "https://github.com/ljharb/has-symbols/issues"
+	},
+	"homepage": "https://github.com/ljharb/has-symbols#readme",
+	"devDependencies": {
+		"@arethetypeswrong/cli": "^0.17.0",
+		"@ljharb/eslint-config": "^21.1.1",
+		"@ljharb/tsconfig": "^0.2.0",
+		"@types/core-js": "^2.5.8",
+		"@types/tape": "^5.6.5",
+		"auto-changelog": "^2.5.0",
+		"core-js": "^2.6.12",
+		"encoding": "^0.1.13",
+		"eslint": "=8.8.0",
+		"get-own-property-symbols": "^0.9.5",
+		"in-publish": "^2.0.1",
+		"npmignore": "^0.3.1",
+		"nyc": "^10.3.2",
+		"safe-publish-latest": "^2.0.0",
+		"tape": "^5.9.0",
+		"typescript": "next"
+	},
+	"testling": {
+		"files": "test/index.js",
+		"browsers": [
+			"iexplore/6.0..latest",
+			"firefox/3.0..6.0",
+			"firefox/15.0..latest",
+			"firefox/nightly",
+			"chrome/4.0..10.0",
+			"chrome/20.0..latest",
+			"chrome/canary",
+			"opera/10.0..latest",
+			"opera/next",
+			"safari/4.0..latest",
+			"ipad/6.0..latest",
+			"iphone/6.0..latest",
+			"android-browser/4.2"
+		]
+	},
+	"engines": {
+		"node": ">= 0.4"
+	},
+	"auto-changelog": {
+		"output": "CHANGELOG.md",
+		"template": "keepachangelog",
+		"unreleased": false,
+		"commitLimit": false,
+		"backfillLimit": false,
+		"hideCredit": true
+	},
+	"publishConfig": {
+		"ignore": [
+			".github/workflows",
+			"types"
+		]
+	}
+}
diff --git a/src/Servers/ExpressServer/node_modules/has-symbols/shams.d.ts b/src/Servers/ExpressServer/node_modules/has-symbols/shams.d.ts
new file mode 100644
index 0000000..8d0bf24
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/has-symbols/shams.d.ts
@@ -0,0 +1,3 @@
+declare function hasSymbolShams(): boolean;
+
+export = hasSymbolShams;
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/has-symbols/shams.js b/src/Servers/ExpressServer/node_modules/has-symbols/shams.js
new file mode 100644
index 0000000..f97b474
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/has-symbols/shams.js
@@ -0,0 +1,45 @@
+'use strict';
+
+/** @type {import('./shams')} */
+/* eslint complexity: [2, 18], max-statements: [2, 33] */
+module.exports = function hasSymbols() {
+	if (typeof Symbol !== 'function' || typeof Object.getOwnPropertySymbols !== 'function') { return false; }
+	if (typeof Symbol.iterator === 'symbol') { return true; }
+
+	/** @type {{ [k in symbol]?: unknown }} */
+	var obj = {};
+	var sym = Symbol('test');
+	var symObj = Object(sym);
+	if (typeof sym === 'string') { return false; }
+
+	if (Object.prototype.toString.call(sym) !== '[object Symbol]') { return false; }
+	if (Object.prototype.toString.call(symObj) !== '[object Symbol]') { return false; }
+
+	// temp disabled per https://github.com/ljharb/object.assign/issues/17
+	// if (sym instanceof Symbol) { return false; }
+	// temp disabled per https://github.com/WebReflection/get-own-property-symbols/issues/4
+	// if (!(symObj instanceof Symbol)) { return false; }
+
+	// if (typeof Symbol.prototype.toString !== 'function') { return false; }
+	// if (String(sym) !== Symbol.prototype.toString.call(sym)) { return false; }
+
+	var symVal = 42;
+	obj[sym] = symVal;
+	for (var _ in obj) { return false; } // eslint-disable-line no-restricted-syntax, no-unreachable-loop
+	if (typeof Object.keys === 'function' && Object.keys(obj).length !== 0) { return false; }
+
+	if (typeof Object.getOwnPropertyNames === 'function' && Object.getOwnPropertyNames(obj).length !== 0) { return false; }
+
+	var syms = Object.getOwnPropertySymbols(obj);
+	if (syms.length !== 1 || syms[0] !== sym) { return false; }
+
+	if (!Object.prototype.propertyIsEnumerable.call(obj, sym)) { return false; }
+
+	if (typeof Object.getOwnPropertyDescriptor === 'function') {
+		// eslint-disable-next-line no-extra-parens
+		var descriptor = /** @type {PropertyDescriptor} */ (Object.getOwnPropertyDescriptor(obj, sym));
+		if (descriptor.value !== symVal || descriptor.enumerable !== true) { return false; }
+	}
+
+	return true;
+};
diff --git a/src/Servers/ExpressServer/node_modules/has-symbols/test/index.js b/src/Servers/ExpressServer/node_modules/has-symbols/test/index.js
new file mode 100644
index 0000000..352129c
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/has-symbols/test/index.js
@@ -0,0 +1,22 @@
+'use strict';
+
+var test = require('tape');
+var hasSymbols = require('../');
+var runSymbolTests = require('./tests');
+
+test('interface', function (t) {
+	t.equal(typeof hasSymbols, 'function', 'is a function');
+	t.equal(typeof hasSymbols(), 'boolean', 'returns a boolean');
+	t.end();
+});
+
+test('Symbols are supported', { skip: !hasSymbols() }, function (t) {
+	runSymbolTests(t);
+	t.end();
+});
+
+test('Symbols are not supported', { skip: hasSymbols() }, function (t) {
+	t.equal(typeof Symbol, 'undefined', 'global Symbol is undefined');
+	t.equal(typeof Object.getOwnPropertySymbols, 'undefined', 'Object.getOwnPropertySymbols does not exist');
+	t.end();
+});
diff --git a/src/Servers/ExpressServer/node_modules/has-symbols/test/shams/core-js.js b/src/Servers/ExpressServer/node_modules/has-symbols/test/shams/core-js.js
new file mode 100644
index 0000000..1a29024
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/has-symbols/test/shams/core-js.js
@@ -0,0 +1,29 @@
+'use strict';
+
+var test = require('tape');
+
+if (typeof Symbol === 'function' && typeof Symbol() === 'symbol') {
+	test('has native Symbol support', function (t) {
+		t.equal(typeof Symbol, 'function');
+		t.equal(typeof Symbol(), 'symbol');
+		t.end();
+	});
+	// @ts-expect-error TS is stupid and doesn't know about top level return
+	return;
+}
+
+var hasSymbols = require('../../shams');
+
+test('polyfilled Symbols', function (t) {
+	/* eslint-disable global-require */
+	t.equal(hasSymbols(), false, 'hasSymbols is false before polyfilling');
+	require('core-js/fn/symbol');
+	require('core-js/fn/symbol/to-string-tag');
+
+	require('../tests')(t);
+
+	var hasSymbolsAfter = hasSymbols();
+	t.equal(hasSymbolsAfter, true, 'hasSymbols is true after polyfilling');
+	/* eslint-enable global-require */
+	t.end();
+});
diff --git a/src/Servers/ExpressServer/node_modules/has-symbols/test/shams/get-own-property-symbols.js b/src/Servers/ExpressServer/node_modules/has-symbols/test/shams/get-own-property-symbols.js
new file mode 100644
index 0000000..e0296f8
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/has-symbols/test/shams/get-own-property-symbols.js
@@ -0,0 +1,29 @@
+'use strict';
+
+var test = require('tape');
+
+if (typeof Symbol === 'function' && typeof Symbol() === 'symbol') {
+	test('has native Symbol support', function (t) {
+		t.equal(typeof Symbol, 'function');
+		t.equal(typeof Symbol(), 'symbol');
+		t.end();
+	});
+	// @ts-expect-error TS is stupid and doesn't know about top level return
+	return;
+}
+
+var hasSymbols = require('../../shams');
+
+test('polyfilled Symbols', function (t) {
+	/* eslint-disable global-require */
+	t.equal(hasSymbols(), false, 'hasSymbols is false before polyfilling');
+
+	require('get-own-property-symbols');
+
+	require('../tests')(t);
+
+	var hasSymbolsAfter = hasSymbols();
+	t.equal(hasSymbolsAfter, true, 'hasSymbols is true after polyfilling');
+	/* eslint-enable global-require */
+	t.end();
+});
diff --git a/src/Servers/ExpressServer/node_modules/has-symbols/test/tests.js b/src/Servers/ExpressServer/node_modules/has-symbols/test/tests.js
new file mode 100644
index 0000000..66a2cb8
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/has-symbols/test/tests.js
@@ -0,0 +1,58 @@
+'use strict';
+
+/** @type {(t: import('tape').Test) => false | void} */
+// eslint-disable-next-line consistent-return
+module.exports = function runSymbolTests(t) {
+	t.equal(typeof Symbol, 'function', 'global Symbol is a function');
+
+	if (typeof Symbol !== 'function') { return false; }
+
+	t.notEqual(Symbol(), Symbol(), 'two symbols are not equal');
+
+	/*
+	t.equal(
+		Symbol.prototype.toString.call(Symbol('foo')),
+		Symbol.prototype.toString.call(Symbol('foo')),
+		'two symbols with the same description stringify the same'
+	);
+	*/
+
+	/*
+	var foo = Symbol('foo');
+
+	t.notEqual(
+		String(foo),
+		String(Symbol('bar')),
+		'two symbols with different descriptions do not stringify the same'
+	);
+	*/
+
+	t.equal(typeof Symbol.prototype.toString, 'function', 'Symbol#toString is a function');
+	// t.equal(String(foo), Symbol.prototype.toString.call(foo), 'Symbol#toString equals String of the same symbol');
+
+	t.equal(typeof Object.getOwnPropertySymbols, 'function', 'Object.getOwnPropertySymbols is a function');
+
+	/** @type {{ [k in symbol]?: unknown }} */
+	var obj = {};
+	var sym = Symbol('test');
+	var symObj = Object(sym);
+	t.notEqual(typeof sym, 'string', 'Symbol is not a string');
+	t.equal(Object.prototype.toString.call(sym), '[object Symbol]', 'symbol primitive Object#toStrings properly');
+	t.equal(Object.prototype.toString.call(symObj), '[object Symbol]', 'symbol primitive Object#toStrings properly');
+
+	var symVal = 42;
+	obj[sym] = symVal;
+	// eslint-disable-next-line no-restricted-syntax, no-unused-vars
+	for (var _ in obj) { t.fail('symbol property key was found in for..in of object'); }
+
+	t.deepEqual(Object.keys(obj), [], 'no enumerable own keys on symbol-valued object');
+	t.deepEqual(Object.getOwnPropertyNames(obj), [], 'no own names on symbol-valued object');
+	t.deepEqual(Object.getOwnPropertySymbols(obj), [sym], 'one own symbol on symbol-valued object');
+	t.equal(Object.prototype.propertyIsEnumerable.call(obj, sym), true, 'symbol is enumerable');
+	t.deepEqual(Object.getOwnPropertyDescriptor(obj, sym), {
+		configurable: true,
+		enumerable: true,
+		value: 42,
+		writable: true
+	}, 'property descriptor is correct');
+};
diff --git a/src/Servers/ExpressServer/node_modules/has-symbols/tsconfig.json b/src/Servers/ExpressServer/node_modules/has-symbols/tsconfig.json
new file mode 100644
index 0000000..ba99af4
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/has-symbols/tsconfig.json
@@ -0,0 +1,10 @@
+{
+	"extends": "@ljharb/tsconfig",
+	"compilerOptions": {
+		"target": "ES2021",
+		"maxNodeModuleJsDepth": 0,
+	},
+	"exclude": [
+		"coverage"
+	]
+}
diff --git a/src/Servers/ExpressServer/node_modules/hasown/.eslintrc b/src/Servers/ExpressServer/node_modules/hasown/.eslintrc
new file mode 100644
index 0000000..3b5d9e9
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/hasown/.eslintrc
@@ -0,0 +1,5 @@
+{
+	"root": true,
+
+	"extends": "@ljharb",
+}
diff --git a/src/Servers/ExpressServer/node_modules/hasown/.github/FUNDING.yml b/src/Servers/ExpressServer/node_modules/hasown/.github/FUNDING.yml
new file mode 100644
index 0000000..d68c8b7
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/hasown/.github/FUNDING.yml
@@ -0,0 +1,12 @@
+# These are supported funding model platforms
+
+github: [ljharb]
+patreon: # Replace with a single Patreon username
+open_collective: # Replace with a single Open Collective username
+ko_fi: # Replace with a single Ko-fi username
+tidelift: npm/hasown
+community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
+liberapay: # Replace with a single Liberapay username
+issuehunt: # Replace with a single IssueHunt username
+otechie: # Replace with a single Otechie username
+custom: # Replace with a single custom sponsorship URL
diff --git a/src/Servers/ExpressServer/node_modules/hasown/.nycrc b/src/Servers/ExpressServer/node_modules/hasown/.nycrc
new file mode 100644
index 0000000..1826526
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/hasown/.nycrc
@@ -0,0 +1,13 @@
+{
+	"all": true,
+	"check-coverage": false,
+	"reporter": ["text-summary", "text", "html", "json"],
+	"lines": 86,
+	"statements": 85.93,
+	"functions": 82.43,
+	"branches": 76.06,
+	"exclude": [
+		"coverage",
+		"test"
+	]
+}
diff --git a/src/Servers/ExpressServer/node_modules/hasown/CHANGELOG.md b/src/Servers/ExpressServer/node_modules/hasown/CHANGELOG.md
new file mode 100644
index 0000000..2b0a980
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/hasown/CHANGELOG.md
@@ -0,0 +1,40 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [v2.0.2](https://github.com/inspect-js/hasOwn/compare/v2.0.1...v2.0.2) - 2024-03-10
+
+### Commits
+
+- [types] use shared config [`68e9d4d`](https://github.com/inspect-js/hasOwn/commit/68e9d4dab6facb4f05f02c6baea94a3f2a4e44b2)
+- [actions] remove redundant finisher; use reusable workflow [`241a68e`](https://github.com/inspect-js/hasOwn/commit/241a68e13ea1fe52bec5ba7f74144befc31fae7b)
+- [Tests] increase coverage [`4125c0d`](https://github.com/inspect-js/hasOwn/commit/4125c0d6121db56ae30e38346dfb0c000b04f0a7)
+- [Tests] skip `npm ls` in old node due to TS [`01b9282`](https://github.com/inspect-js/hasOwn/commit/01b92822f9971dea031eafdd14767df41d61c202)
+- [types] improve predicate type [`d340f85`](https://github.com/inspect-js/hasOwn/commit/d340f85ce02e286ef61096cbbb6697081d40a12b)
+- [Dev Deps] update `tape` [`70089fc`](https://github.com/inspect-js/hasOwn/commit/70089fcf544e64acc024cbe60f5a9b00acad86de)
+- [Tests] use `@arethetypeswrong/cli` [`50b272c`](https://github.com/inspect-js/hasOwn/commit/50b272c829f40d053a3dd91c9796e0ac0b2af084)
+
+## [v2.0.1](https://github.com/inspect-js/hasOwn/compare/v2.0.0...v2.0.1) - 2024-02-10
+
+### Commits
+
+- [types] use a handwritten d.ts file; fix exported type [`012b989`](https://github.com/inspect-js/hasOwn/commit/012b9898ccf91dc441e2ebf594ff70270a5fda58)
+- [Dev Deps] update `@types/function-bind`, `@types/mock-property`, `@types/tape`, `aud`, `mock-property`, `npmignore`, `tape`, `typescript` [`977a56f`](https://github.com/inspect-js/hasOwn/commit/977a56f51a1f8b20566f3c471612137894644025)
+- [meta] add `sideEffects` flag [`3a60b7b`](https://github.com/inspect-js/hasOwn/commit/3a60b7bf42fccd8c605e5f145a6fcc83b13cb46f)
+
+## [v2.0.0](https://github.com/inspect-js/hasOwn/compare/v1.0.1...v2.0.0) - 2023-10-19
+
+### Commits
+
+- revamped implementation, tests, readme [`72bf8b3`](https://github.com/inspect-js/hasOwn/commit/72bf8b338e77a638f0a290c63ffaed18339c36b4)
+- [meta] revamp package.json [`079775f`](https://github.com/inspect-js/hasOwn/commit/079775fb1ec72c1c6334069593617a0be3847458)
+- Only apps should have lockfiles [`6640e23`](https://github.com/inspect-js/hasOwn/commit/6640e233d1bb8b65260880f90787637db157d215)
+
+## v1.0.1 - 2023-10-10
+
+### Commits
+
+- Initial commit [`8dbfde6`](https://github.com/inspect-js/hasOwn/commit/8dbfde6e8fb0ebb076fab38d138f2984eb340a62)
diff --git a/src/Servers/ExpressServer/node_modules/hasown/LICENSE b/src/Servers/ExpressServer/node_modules/hasown/LICENSE
new file mode 100644
index 0000000..0314929
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/hasown/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) Jordan Harband and contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/hasown/README.md b/src/Servers/ExpressServer/node_modules/hasown/README.md
new file mode 100644
index 0000000..f759b8a
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/hasown/README.md
@@ -0,0 +1,40 @@
+# hasown <sup>[![Version Badge][npm-version-svg]][package-url]</sup>
+
+[![github actions][actions-image]][actions-url]
+[![coverage][codecov-image]][codecov-url]
+[![License][license-image]][license-url]
+[![Downloads][downloads-image]][downloads-url]
+
+[![npm badge][npm-badge-png]][package-url]
+
+A robust, ES3 compatible, "has own property" predicate.
+
+## Example
+
+```js
+const assert = require('assert');
+const hasOwn = require('hasown');
+
+assert.equal(hasOwn({}, 'toString'), false);
+assert.equal(hasOwn([], 'length'), true);
+assert.equal(hasOwn({ a: 42 }, 'a'), true);
+```
+
+## Tests
+Simply clone the repo, `npm install`, and run `npm test`
+
+[package-url]: https://npmjs.org/package/hasown
+[npm-version-svg]: https://versionbadg.es/inspect-js/hasown.svg
+[deps-svg]: https://david-dm.org/inspect-js/hasOwn.svg
+[deps-url]: https://david-dm.org/inspect-js/hasOwn
+[dev-deps-svg]: https://david-dm.org/inspect-js/hasOwn/dev-status.svg
+[dev-deps-url]: https://david-dm.org/inspect-js/hasOwn#info=devDependencies
+[npm-badge-png]: https://nodei.co/npm/hasown.png?downloads=true&stars=true
+[license-image]: https://img.shields.io/npm/l/hasown.svg
+[license-url]: LICENSE
+[downloads-image]: https://img.shields.io/npm/dm/hasown.svg
+[downloads-url]: https://npm-stat.com/charts.html?package=hasown
+[codecov-image]: https://codecov.io/gh/inspect-js/hasOwn/branch/main/graphs/badge.svg
+[codecov-url]: https://app.codecov.io/gh/inspect-js/hasOwn/
+[actions-image]: https://img.shields.io/endpoint?url=https://github-actions-badge-u3jn4tfpocch.runkit.sh/inspect-js/hasOwn
+[actions-url]: https://github.com/inspect-js/hasOwn/actions
diff --git a/src/Servers/ExpressServer/node_modules/hasown/index.d.ts b/src/Servers/ExpressServer/node_modules/hasown/index.d.ts
new file mode 100644
index 0000000..aafdf3b
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/hasown/index.d.ts
@@ -0,0 +1,3 @@
+declare function hasOwn<O, K extends PropertyKey, V = unknown>(o: O, p: K): o is O & Record<K, V>;
+
+export = hasOwn;
diff --git a/src/Servers/ExpressServer/node_modules/hasown/index.js b/src/Servers/ExpressServer/node_modules/hasown/index.js
new file mode 100644
index 0000000..34e6059
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/hasown/index.js
@@ -0,0 +1,8 @@
+'use strict';
+
+var call = Function.prototype.call;
+var $hasOwn = Object.prototype.hasOwnProperty;
+var bind = require('function-bind');
+
+/** @type {import('.')} */
+module.exports = bind.call(call, $hasOwn);
diff --git a/src/Servers/ExpressServer/node_modules/hasown/package.json b/src/Servers/ExpressServer/node_modules/hasown/package.json
new file mode 100644
index 0000000..8502e13
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/hasown/package.json
@@ -0,0 +1,92 @@
+{
+	"name": "hasown",
+	"version": "2.0.2",
+	"description": "A robust, ES3 compatible, \"has own property\" predicate.",
+	"main": "index.js",
+	"exports": {
+		".": "./index.js",
+		"./package.json": "./package.json"
+	},
+	"types": "index.d.ts",
+	"sideEffects": false,
+	"scripts": {
+		"prepack": "npmignore --auto --commentLines=autogenerated",
+		"prepublish": "not-in-publish || npm run prepublishOnly",
+		"prepublishOnly": "safe-publish-latest",
+		"prelint": "evalmd README.md",
+		"lint": "eslint --ext=js,mjs .",
+		"postlint": "npm run tsc",
+		"pretest": "npm run lint",
+		"tsc": "tsc -p .",
+		"posttsc": "attw -P",
+		"tests-only": "nyc tape 'test/**/*.js'",
+		"test": "npm run tests-only",
+		"posttest": "aud --production",
+		"version": "auto-changelog && git add CHANGELOG.md",
+		"postversion": "auto-changelog && git add CHANGELOG.md && git commit --no-edit --amend && git tag -f \"v$(node -e \"console.log(require('./package.json').version)\")\""
+	},
+	"repository": {
+		"type": "git",
+		"url": "git+https://github.com/inspect-js/hasOwn.git"
+	},
+	"keywords": [
+		"has",
+		"hasOwnProperty",
+		"hasOwn",
+		"has-own",
+		"own",
+		"has",
+		"property",
+		"in",
+		"javascript",
+		"ecmascript"
+	],
+	"author": "Jordan Harband <ljharb@gmail.com>",
+	"license": "MIT",
+	"bugs": {
+		"url": "https://github.com/inspect-js/hasOwn/issues"
+	},
+	"homepage": "https://github.com/inspect-js/hasOwn#readme",
+	"dependencies": {
+		"function-bind": "^1.1.2"
+	},
+	"devDependencies": {
+		"@arethetypeswrong/cli": "^0.15.1",
+		"@ljharb/eslint-config": "^21.1.0",
+		"@ljharb/tsconfig": "^0.2.0",
+		"@types/function-bind": "^1.1.10",
+		"@types/mock-property": "^1.0.2",
+		"@types/tape": "^5.6.4",
+		"aud": "^2.0.4",
+		"auto-changelog": "^2.4.0",
+		"eslint": "=8.8.0",
+		"evalmd": "^0.0.19",
+		"in-publish": "^2.0.1",
+		"mock-property": "^1.0.3",
+		"npmignore": "^0.3.1",
+		"nyc": "^10.3.2",
+		"safe-publish-latest": "^2.0.0",
+		"tape": "^5.7.5",
+		"typescript": "next"
+	},
+	"engines": {
+		"node": ">= 0.4"
+	},
+	"testling": {
+		"files": "test/index.js"
+	},
+	"auto-changelog": {
+		"output": "CHANGELOG.md",
+		"template": "keepachangelog",
+		"unreleased": false,
+		"commitLimit": false,
+		"backfillLimit": false,
+		"hideCredit": true
+	},
+	"publishConfig": {
+		"ignore": [
+			".github/workflows",
+			"test"
+		]
+	}
+}
diff --git a/src/Servers/ExpressServer/node_modules/hasown/tsconfig.json b/src/Servers/ExpressServer/node_modules/hasown/tsconfig.json
new file mode 100644
index 0000000..0930c56
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/hasown/tsconfig.json
@@ -0,0 +1,6 @@
+{
+  "extends": "@ljharb/tsconfig",
+  "exclude": [
+    "coverage",
+  ],
+}
diff --git a/src/Servers/ExpressServer/node_modules/http-errors/HISTORY.md b/src/Servers/ExpressServer/node_modules/http-errors/HISTORY.md
new file mode 100644
index 0000000..3d81d26
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/http-errors/HISTORY.md
@@ -0,0 +1,186 @@
+2.0.1 / 2025-11-20
+==================
+
+  * deps: use tilde notation for dependencies
+  * deps: update statuses to 2.0.2
+
+2.0.0 / 2021-12-17
+==================
+
+  * Drop support for Node.js 0.6
+  * Remove `I'mateapot` export; use `ImATeapot` instead
+  * Remove support for status being non-first argument
+  * Rename `UnorderedCollection` constructor to `TooEarly`
+  * deps: depd@2.0.0
+    - Replace internal `eval` usage with `Function` constructor
+    - Use instance methods on `process` to check for listeners
+  * deps: statuses@2.0.1
+    - Fix messaging casing of `418 I'm a Teapot`
+    - Remove code 306
+    - Rename `425 Unordered Collection` to standard `425 Too Early`
+
+2021-11-14 / 1.8.1
+==================
+
+  * deps: toidentifier@1.0.1
+
+2020-06-29 / 1.8.0
+==================
+
+  * Add `isHttpError` export to determine if value is an HTTP error
+  * deps: setprototypeof@1.2.0
+
+2019-06-24 / 1.7.3
+==================
+
+  * deps: inherits@2.0.4
+
+2019-02-18 / 1.7.2
+==================
+
+  * deps: setprototypeof@1.1.1
+
+2018-09-08 / 1.7.1
+==================
+
+  * Fix error creating objects in some environments
+
+2018-07-30 / 1.7.0
+==================
+
+  * Set constructor name when possible
+  * Use `toidentifier` module to make class names
+  * deps: statuses@'>= 1.5.0 < 2'
+
+2018-03-29 / 1.6.3
+==================
+
+  * deps: depd@~1.1.2
+    - perf: remove argument reassignment
+  * deps: setprototypeof@1.1.0
+  * deps: statuses@'>= 1.4.0 < 2'
+
+2017-08-04 / 1.6.2
+==================
+
+  * deps: depd@1.1.1
+    - Remove unnecessary `Buffer` loading
+
+2017-02-20 / 1.6.1
+==================
+
+  * deps: setprototypeof@1.0.3
+    - Fix shim for old browsers
+
+2017-02-14 / 1.6.0
+==================
+
+  * Accept custom 4xx and 5xx status codes in factory
+  * Add deprecation message to `"I'mateapot"` export
+  * Deprecate passing status code as anything except first argument in factory
+  * Deprecate using non-error status codes
+  * Make `message` property enumerable for `HttpError`s
+
+2016-11-16 / 1.5.1
+==================
+
+  * deps: inherits@2.0.3
+    - Fix issue loading in browser
+  * deps: setprototypeof@1.0.2
+  * deps: statuses@'>= 1.3.1 < 2'
+
+2016-05-18 / 1.5.0
+==================
+
+  * Support new code `421 Misdirected Request`
+  * Use `setprototypeof` module to replace `__proto__` setting
+  * deps: statuses@'>= 1.3.0 < 2'
+    - Add `421 Misdirected Request`
+    - perf: enable strict mode
+  * perf: enable strict mode
+
+2016-01-28 / 1.4.0
+==================
+
+  * Add `HttpError` export, for `err instanceof createError.HttpError`
+  * deps: inherits@2.0.1
+  * deps: statuses@'>= 1.2.1 < 2'
+    - Fix message for status 451
+    - Remove incorrect nginx status code
+
+2015-02-02 / 1.3.1
+==================
+
+  * Fix regression where status can be overwritten in `createError` `props`
+
+2015-02-01 / 1.3.0
+==================
+
+  * Construct errors using defined constructors from `createError`
+  * Fix error names that are not identifiers
+    - `createError["I'mateapot"]` is now `createError.ImATeapot`
+  * Set a meaningful `name` property on constructed errors
+
+2014-12-09 / 1.2.8
+==================
+
+  * Fix stack trace from exported function
+  * Remove `arguments.callee` usage
+
+2014-10-14 / 1.2.7
+==================
+
+  * Remove duplicate line
+
+2014-10-02 / 1.2.6
+==================
+
+  * Fix `expose` to be `true` for `ClientError` constructor
+
+2014-09-28 / 1.2.5
+==================
+
+  * deps: statuses@1
+
+2014-09-21 / 1.2.4
+==================
+
+  * Fix dependency version to work with old `npm`s
+
+2014-09-21 / 1.2.3
+==================
+
+  * deps: statuses@~1.1.0
+
+2014-09-21 / 1.2.2
+==================
+
+  * Fix publish error
+
+2014-09-21 / 1.2.1
+==================
+
+  * Support Node.js 0.6
+  * Use `inherits` instead of `util`
+
+2014-09-09 / 1.2.0
+==================
+
+  * Fix the way inheriting functions
+  * Support `expose` being provided in properties argument
+
+2014-09-08 / 1.1.0
+==================
+
+  * Default status to 500
+  * Support provided `error` to extend
+
+2014-09-08 / 1.0.1
+==================
+
+  * Fix accepting string message
+
+2014-09-08 / 1.0.0
+==================
+
+  * Initial release
diff --git a/src/Servers/ExpressServer/node_modules/http-errors/LICENSE b/src/Servers/ExpressServer/node_modules/http-errors/LICENSE
new file mode 100644
index 0000000..82af4df
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/http-errors/LICENSE
@@ -0,0 +1,23 @@
+
+The MIT License (MIT)
+
+Copyright (c) 2014 Jonathan Ong me@jongleberry.com
+Copyright (c) 2016 Douglas Christopher Wilson doug@somethingdoug.com
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/http-errors/README.md b/src/Servers/ExpressServer/node_modules/http-errors/README.md
new file mode 100644
index 0000000..a8b7330
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/http-errors/README.md
@@ -0,0 +1,169 @@
+# http-errors
+
+[![NPM Version][npm-version-image]][npm-url]
+[![NPM Downloads][npm-downloads-image]][node-url]
+[![Node.js Version][node-image]][node-url]
+[![Build Status][ci-image]][ci-url]
+[![Test Coverage][coveralls-image]][coveralls-url]
+
+Create HTTP errors for Express, Koa, Connect, etc. with ease.
+
+## Install
+
+This is a [Node.js](https://nodejs.org/en/) module available through the
+[npm registry](https://www.npmjs.com/). Installation is done using the
+[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
+
+```console
+$ npm install http-errors
+```
+
+## Example
+
+```js
+var createError = require('http-errors')
+var express = require('express')
+var app = express()
+
+app.use(function (req, res, next) {
+  if (!req.user) return next(createError(401, 'Please login to view this page.'))
+  next()
+})
+```
+
+## API
+
+This is the current API, currently extracted from Koa and subject to change.
+
+### Error Properties
+
+- `expose` - can be used to signal if `message` should be sent to the client,
+  defaulting to `false` when `status` >= 500
+- `headers` - can be an object of header names to values to be sent to the
+  client, defaulting to `undefined`. When defined, the key names should all
+  be lower-cased
+- `message` - the traditional error message, which should be kept short and all
+  single line
+- `status` - the status code of the error, mirroring `statusCode` for general
+  compatibility
+- `statusCode` - the status code of the error, defaulting to `500`
+
+### createError([status], [message], [properties])
+
+Create a new error object with the given message `msg`.
+The error object inherits from `createError.HttpError`.
+
+```js
+var err = createError(404, 'This video does not exist!')
+```
+
+- `status: 500` - the status code as a number
+- `message` - the message of the error, defaulting to node's text for that status code.
+- `properties` - custom properties to attach to the object
+
+### createError([status], [error], [properties])
+
+Extend the given `error` object with `createError.HttpError`
+properties. This will not alter the inheritance of the given
+`error` object, and the modified `error` object is the
+return value.
+
+<!-- eslint-disable no-redeclare -->
+
+```js
+fs.readFile('foo.txt', function (err, buf) {
+  if (err) {
+    if (err.code === 'ENOENT') {
+      var httpError = createError(404, err, { expose: false })
+    } else {
+      var httpError = createError(500, err)
+    }
+  }
+})
+```
+
+- `status` - the status code as a number
+- `error` - the error object to extend
+- `properties` - custom properties to attach to the object
+
+### createError.isHttpError(val)
+
+Determine if the provided `val` is an `HttpError`. This will return `true`
+if the error inherits from the `HttpError` constructor of this module or
+matches the "duck type" for an error this module creates. All outputs from
+the `createError` factory will return `true` for this function, including
+if an non-`HttpError` was passed into the factory.
+
+### new createError\[code || name\](\[msg]\))
+
+Create a new error object with the given message `msg`.
+The error object inherits from `createError.HttpError`.
+
+```js
+var err = new createError.NotFound()
+```
+
+- `code` - the status code as a number
+- `name` - the name of the error as a "bumpy case", i.e. `NotFound` or `InternalServerError`.
+
+#### List of all constructors
+
+|Status Code|Constructor Name             |
+|-----------|-----------------------------|
+|400        |BadRequest                   |
+|401        |Unauthorized                 |
+|402        |PaymentRequired              |
+|403        |Forbidden                    |
+|404        |NotFound                     |
+|405        |MethodNotAllowed             |
+|406        |NotAcceptable                |
+|407        |ProxyAuthenticationRequired  |
+|408        |RequestTimeout               |
+|409        |Conflict                     |
+|410        |Gone                         |
+|411        |LengthRequired               |
+|412        |PreconditionFailed           |
+|413        |PayloadTooLarge              |
+|414        |URITooLong                   |
+|415        |UnsupportedMediaType         |
+|416        |RangeNotSatisfiable          |
+|417        |ExpectationFailed            |
+|418        |ImATeapot                    |
+|421        |MisdirectedRequest           |
+|422        |UnprocessableEntity          |
+|423        |Locked                       |
+|424        |FailedDependency             |
+|425        |TooEarly                     |
+|426        |UpgradeRequired              |
+|428        |PreconditionRequired         |
+|429        |TooManyRequests              |
+|431        |RequestHeaderFieldsTooLarge  |
+|451        |UnavailableForLegalReasons   |
+|500        |InternalServerError          |
+|501        |NotImplemented               |
+|502        |BadGateway                   |
+|503        |ServiceUnavailable           |
+|504        |GatewayTimeout               |
+|505        |HTTPVersionNotSupported      |
+|506        |VariantAlsoNegotiates        |
+|507        |InsufficientStorage          |
+|508        |LoopDetected                 |
+|509        |BandwidthLimitExceeded       |
+|510        |NotExtended                  |
+|511        |NetworkAuthenticationRequired|
+
+## License
+
+[MIT](LICENSE)
+
+[ci-image]: https://badgen.net/github/checks/jshttp/http-errors/master?label=ci
+[ci-url]: https://github.com/jshttp/http-errors/actions?query=workflow%3Aci
+[coveralls-image]: https://badgen.net/coveralls/c/github/jshttp/http-errors/master
+[coveralls-url]: https://coveralls.io/r/jshttp/http-errors?branch=master
+[node-image]: https://badgen.net/npm/node/http-errors
+[node-url]: https://nodejs.org/en/download
+[npm-downloads-image]: https://badgen.net/npm/dm/http-errors
+[npm-url]: https://npmjs.org/package/http-errors
+[npm-version-image]: https://badgen.net/npm/v/http-errors
+[travis-image]: https://badgen.net/travis/jshttp/http-errors/master
+[travis-url]: https://travis-ci.org/jshttp/http-errors
diff --git a/src/Servers/ExpressServer/node_modules/http-errors/index.js b/src/Servers/ExpressServer/node_modules/http-errors/index.js
new file mode 100644
index 0000000..82271f6
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/http-errors/index.js
@@ -0,0 +1,290 @@
+/*!
+ * http-errors
+ * Copyright(c) 2014 Jonathan Ong
+ * Copyright(c) 2016 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict'
+
+/**
+ * Module dependencies.
+ * @private
+ */
+
+var deprecate = require('depd')('http-errors')
+var setPrototypeOf = require('setprototypeof')
+var statuses = require('statuses')
+var inherits = require('inherits')
+var toIdentifier = require('toidentifier')
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = createError
+module.exports.HttpError = createHttpErrorConstructor()
+module.exports.isHttpError = createIsHttpErrorFunction(module.exports.HttpError)
+
+// Populate exports for all constructors
+populateConstructorExports(module.exports, statuses.codes, module.exports.HttpError)
+
+/**
+ * Get the code class of a status code.
+ * @private
+ */
+
+function codeClass (status) {
+  return Number(String(status).charAt(0) + '00')
+}
+
+/**
+ * Create a new HTTP Error.
+ *
+ * @returns {Error}
+ * @public
+ */
+
+function createError () {
+  // so much arity going on ~_~
+  var err
+  var msg
+  var status = 500
+  var props = {}
+  for (var i = 0; i < arguments.length; i++) {
+    var arg = arguments[i]
+    var type = typeof arg
+    if (type === 'object' && arg instanceof Error) {
+      err = arg
+      status = err.status || err.statusCode || status
+    } else if (type === 'number' && i === 0) {
+      status = arg
+    } else if (type === 'string') {
+      msg = arg
+    } else if (type === 'object') {
+      props = arg
+    } else {
+      throw new TypeError('argument #' + (i + 1) + ' unsupported type ' + type)
+    }
+  }
+
+  if (typeof status === 'number' && (status < 400 || status >= 600)) {
+    deprecate('non-error status code; use only 4xx or 5xx status codes')
+  }
+
+  if (typeof status !== 'number' ||
+    (!statuses.message[status] && (status < 400 || status >= 600))) {
+    status = 500
+  }
+
+  // constructor
+  var HttpError = createError[status] || createError[codeClass(status)]
+
+  if (!err) {
+    // create error
+    err = HttpError
+      ? new HttpError(msg)
+      : new Error(msg || statuses.message[status])
+    Error.captureStackTrace(err, createError)
+  }
+
+  if (!HttpError || !(err instanceof HttpError) || err.status !== status) {
+    // add properties to generic error
+    err.expose = status < 500
+    err.status = err.statusCode = status
+  }
+
+  for (var key in props) {
+    if (key !== 'status' && key !== 'statusCode') {
+      err[key] = props[key]
+    }
+  }
+
+  return err
+}
+
+/**
+ * Create HTTP error abstract base class.
+ * @private
+ */
+
+function createHttpErrorConstructor () {
+  function HttpError () {
+    throw new TypeError('cannot construct abstract class')
+  }
+
+  inherits(HttpError, Error)
+
+  return HttpError
+}
+
+/**
+ * Create a constructor for a client error.
+ * @private
+ */
+
+function createClientErrorConstructor (HttpError, name, code) {
+  var className = toClassName(name)
+
+  function ClientError (message) {
+    // create the error object
+    var msg = message != null ? message : statuses.message[code]
+    var err = new Error(msg)
+
+    // capture a stack trace to the construction point
+    Error.captureStackTrace(err, ClientError)
+
+    // adjust the [[Prototype]]
+    setPrototypeOf(err, ClientError.prototype)
+
+    // redefine the error message
+    Object.defineProperty(err, 'message', {
+      enumerable: true,
+      configurable: true,
+      value: msg,
+      writable: true
+    })
+
+    // redefine the error name
+    Object.defineProperty(err, 'name', {
+      enumerable: false,
+      configurable: true,
+      value: className,
+      writable: true
+    })
+
+    return err
+  }
+
+  inherits(ClientError, HttpError)
+  nameFunc(ClientError, className)
+
+  ClientError.prototype.status = code
+  ClientError.prototype.statusCode = code
+  ClientError.prototype.expose = true
+
+  return ClientError
+}
+
+/**
+ * Create function to test is a value is a HttpError.
+ * @private
+ */
+
+function createIsHttpErrorFunction (HttpError) {
+  return function isHttpError (val) {
+    if (!val || typeof val !== 'object') {
+      return false
+    }
+
+    if (val instanceof HttpError) {
+      return true
+    }
+
+    return val instanceof Error &&
+      typeof val.expose === 'boolean' &&
+      typeof val.statusCode === 'number' && val.status === val.statusCode
+  }
+}
+
+/**
+ * Create a constructor for a server error.
+ * @private
+ */
+
+function createServerErrorConstructor (HttpError, name, code) {
+  var className = toClassName(name)
+
+  function ServerError (message) {
+    // create the error object
+    var msg = message != null ? message : statuses.message[code]
+    var err = new Error(msg)
+
+    // capture a stack trace to the construction point
+    Error.captureStackTrace(err, ServerError)
+
+    // adjust the [[Prototype]]
+    setPrototypeOf(err, ServerError.prototype)
+
+    // redefine the error message
+    Object.defineProperty(err, 'message', {
+      enumerable: true,
+      configurable: true,
+      value: msg,
+      writable: true
+    })
+
+    // redefine the error name
+    Object.defineProperty(err, 'name', {
+      enumerable: false,
+      configurable: true,
+      value: className,
+      writable: true
+    })
+
+    return err
+  }
+
+  inherits(ServerError, HttpError)
+  nameFunc(ServerError, className)
+
+  ServerError.prototype.status = code
+  ServerError.prototype.statusCode = code
+  ServerError.prototype.expose = false
+
+  return ServerError
+}
+
+/**
+ * Set the name of a function, if possible.
+ * @private
+ */
+
+function nameFunc (func, name) {
+  var desc = Object.getOwnPropertyDescriptor(func, 'name')
+
+  if (desc && desc.configurable) {
+    desc.value = name
+    Object.defineProperty(func, 'name', desc)
+  }
+}
+
+/**
+ * Populate the exports object with constructors for every error class.
+ * @private
+ */
+
+function populateConstructorExports (exports, codes, HttpError) {
+  codes.forEach(function forEachCode (code) {
+    var CodeError
+    var name = toIdentifier(statuses.message[code])
+
+    switch (codeClass(code)) {
+      case 400:
+        CodeError = createClientErrorConstructor(HttpError, name, code)
+        break
+      case 500:
+        CodeError = createServerErrorConstructor(HttpError, name, code)
+        break
+    }
+
+    if (CodeError) {
+      // export the constructor
+      exports[code] = CodeError
+      exports[name] = CodeError
+    }
+  })
+}
+
+/**
+ * Get a class name from a name identifier.
+ *
+ * @param {string} name
+ * @returns {string}
+ * @private
+ */
+
+function toClassName (name) {
+  return name.slice(-5) === 'Error' ? name : name + 'Error'
+}
diff --git a/src/Servers/ExpressServer/node_modules/http-errors/package.json b/src/Servers/ExpressServer/node_modules/http-errors/package.json
new file mode 100644
index 0000000..4b46d62
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/http-errors/package.json
@@ -0,0 +1,54 @@
+{
+  "name": "http-errors",
+  "description": "Create HTTP error objects",
+  "version": "2.0.1",
+  "author": "Jonathan Ong <me@jongleberry.com> (http://jongleberry.com)",
+  "contributors": [
+    "Alan Plum <me@pluma.io>",
+    "Douglas Christopher Wilson <doug@somethingdoug.com>"
+  ],
+  "license": "MIT",
+  "repository": "jshttp/http-errors",
+  "funding": {
+    "type": "opencollective",
+    "url": "https://opencollective.com/express"
+  },
+  "dependencies": {
+    "depd": "~2.0.0",
+    "inherits": "~2.0.4",
+    "setprototypeof": "~1.2.0",
+    "statuses": "~2.0.2",
+    "toidentifier": "~1.0.1"
+  },
+  "devDependencies": {
+    "eslint": "7.32.0",
+    "eslint-config-standard": "14.1.1",
+    "eslint-plugin-import": "2.32.0",
+    "eslint-plugin-markdown": "2.2.1",
+    "eslint-plugin-node": "11.1.0",
+    "eslint-plugin-promise": "5.2.0",
+    "eslint-plugin-standard": "4.1.0",
+    "mocha": "9.1.3",
+    "nyc": "15.1.0"
+  },
+  "engines": {
+    "node": ">= 0.8"
+  },
+  "scripts": {
+    "lint": "eslint . && node ./scripts/lint-readme-list.js",
+    "test": "mocha --reporter spec",
+    "test-ci": "nyc --reporter=lcov --reporter=text npm test",
+    "test-cov": "nyc --reporter=html --reporter=text npm test",
+    "version": "node scripts/version-history.js && git add HISTORY.md"
+  },
+  "keywords": [
+    "http",
+    "error"
+  ],
+  "files": [
+    "index.js",
+    "HISTORY.md",
+    "LICENSE",
+    "README.md"
+  ]
+}
diff --git a/src/Servers/ExpressServer/node_modules/iconv-lite/Changelog.md b/src/Servers/ExpressServer/node_modules/iconv-lite/Changelog.md
new file mode 100644
index 0000000..f252313
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/iconv-lite/Changelog.md
@@ -0,0 +1,162 @@
+# 0.4.24 / 2018-08-22
+
+  * Added MIK encoding (#196, by @Ivan-Kalatchev)
+
+
+# 0.4.23 / 2018-05-07
+
+  * Fix deprecation warning in Node v10 due to the last usage of `new Buffer` (#185, by @felixbuenemann)
+  * Switched from NodeBuffer to Buffer in typings (#155 by @felixfbecker, #186 by @larssn)
+
+
+# 0.4.22 / 2018-05-05
+
+  * Use older semver style for dependencies to be compatible with Node version 0.10 (#182, by @dougwilson)
+  * Fix tests to accomodate fixes in Node v10 (#182, by @dougwilson)
+
+
+# 0.4.21 / 2018-04-06
+
+  * Fix encoding canonicalization (#156)
+  * Fix the paths in the "browser" field in package.json (#174 by @LMLB)
+  * Removed "contributors" section in package.json - see Git history instead.
+
+
+# 0.4.20 / 2018-04-06
+
+  * Updated `new Buffer()` usages with recommended replacements as it's being deprecated in Node v10 (#176, #178 by @ChALkeR)
+
+
+# 0.4.19 / 2017-09-09
+
+  * Fixed iso8859-1 codec regression in handling untranslatable characters (#162, caused by #147)
+  * Re-generated windows1255 codec, because it was updated in iconv project
+  * Fixed grammar in error message when iconv-lite is loaded with encoding other than utf8
+
+
+# 0.4.18 / 2017-06-13
+
+  * Fixed CESU-8 regression in Node v8.
+
+
+# 0.4.17 / 2017-04-22
+
+ * Updated typescript definition file to support Angular 2 AoT mode (#153 by @larssn)
+
+
+# 0.4.16 / 2017-04-22
+
+ * Added support for React Native (#150)
+ * Changed iso8859-1 encoding to usine internal 'binary' encoding, as it's the same thing (#147 by @mscdex)
+ * Fixed typo in Readme (#138 by @jiangzhuo)
+ * Fixed build for Node v6.10+ by making correct version comparison
+ * Added a warning if iconv-lite is loaded not as utf-8 (see #142)
+
+
+# 0.4.15 / 2016-11-21
+
+ * Fixed typescript type definition (#137)
+
+
+# 0.4.14 / 2016-11-20
+
+ * Preparation for v1.0
+ * Added Node v6 and latest Node versions to Travis CI test rig
+ * Deprecated Node v0.8 support
+ * Typescript typings (@larssn)
+ * Fix encoding of Euro character in GB 18030 (inspired by @lygstate)
+ * Add ms prefix to dbcs windows encodings (@rokoroku)
+
+
+# 0.4.13 / 2015-10-01
+
+ * Fix silly mistake in deprecation notice.
+
+
+# 0.4.12 / 2015-09-26
+
+ * Node v4 support:
+   * Added CESU-8 decoding (#106)
+   * Added deprecation notice for `extendNodeEncodings`
+   * Added Travis tests for Node v4 and io.js latest (#105 by @Mithgol)
+
+
+# 0.4.11 / 2015-07-03
+
+ * Added CESU-8 encoding.
+
+
+# 0.4.10 / 2015-05-26
+
+ * Changed UTF-16 endianness heuristic to take into account any ASCII chars, not
+   just spaces. This should minimize the importance of "default" endianness.
+
+
+# 0.4.9 / 2015-05-24
+
+ * Streamlined BOM handling: strip BOM by default, add BOM when encoding if 
+   addBOM: true. Added docs to Readme.
+ * UTF16 now uses UTF16-LE by default.
+ * Fixed minor issue with big5 encoding.
+ * Added io.js testing on Travis; updated node-iconv version to test against.
+   Now we just skip testing SBCS encodings that node-iconv doesn't support.
+ * (internal refactoring) Updated codec interface to use classes.
+ * Use strict mode in all files.
+
+
+# 0.4.8 / 2015-04-14
+ 
+ * added alias UNICODE-1-1-UTF-7 for UTF-7 encoding (#94)
+
+
+# 0.4.7 / 2015-02-05
+
+ * stop official support of Node.js v0.8. Should still work, but no guarantees.
+   reason: Packages needed for testing are hard to get on Travis CI.
+ * work in environment where Object.prototype is monkey patched with enumerable 
+   props (#89).
+
+
+# 0.4.6 / 2015-01-12
+ 
+ * fix rare aliases of single-byte encodings (thanks @mscdex)
+ * double the timeout for dbcs tests to make them less flaky on travis
+
+
+# 0.4.5 / 2014-11-20
+
+ * fix windows-31j and x-sjis encoding support (@nleush)
+ * minor fix: undefined variable reference when internal error happens
+
+
+# 0.4.4 / 2014-07-16
+
+ * added encodings UTF-7 (RFC2152) and UTF-7-IMAP (RFC3501 Section 5.1.3)
+ * fixed streaming base64 encoding
+
+
+# 0.4.3 / 2014-06-14
+
+ * added encodings UTF-16BE and UTF-16 with BOM
+
+
+# 0.4.2 / 2014-06-12
+
+ * don't throw exception if `extendNodeEncodings()` is called more than once
+
+
+# 0.4.1 / 2014-06-11
+
+ * codepage 808 added
+
+
+# 0.4.0 / 2014-06-10
+
+ * code is rewritten from scratch
+ * all widespread encodings are supported
+ * streaming interface added
+ * browserify compatibility added
+ * (optional) extend core primitive encodings to make usage even simpler
+ * moved from vows to mocha as the testing framework
+
+
diff --git a/src/Servers/ExpressServer/node_modules/iconv-lite/LICENSE b/src/Servers/ExpressServer/node_modules/iconv-lite/LICENSE
new file mode 100644
index 0000000..d518d83
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/iconv-lite/LICENSE
@@ -0,0 +1,21 @@
+Copyright (c) 2011 Alexander Shtuchkin
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
diff --git a/src/Servers/ExpressServer/node_modules/iconv-lite/README.md b/src/Servers/ExpressServer/node_modules/iconv-lite/README.md
new file mode 100644
index 0000000..c981c37
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/iconv-lite/README.md
@@ -0,0 +1,156 @@
+## Pure JS character encoding conversion [![Build Status](https://travis-ci.org/ashtuchkin/iconv-lite.svg?branch=master)](https://travis-ci.org/ashtuchkin/iconv-lite)
+
+ * Doesn't need native code compilation. Works on Windows and in sandboxed environments like [Cloud9](http://c9.io).
+ * Used in popular projects like [Express.js (body_parser)](https://github.com/expressjs/body-parser), 
+   [Grunt](http://gruntjs.com/), [Nodemailer](http://www.nodemailer.com/), [Yeoman](http://yeoman.io/) and others.
+ * Faster than [node-iconv](https://github.com/bnoordhuis/node-iconv) (see below for performance comparison).
+ * Intuitive encode/decode API
+ * Streaming support for Node v0.10+
+ * [Deprecated] Can extend Node.js primitives (buffers, streams) to support all iconv-lite encodings.
+ * In-browser usage via [Browserify](https://github.com/substack/node-browserify) (~180k gzip compressed with Buffer shim included).
+ * Typescript [type definition file](https://github.com/ashtuchkin/iconv-lite/blob/master/lib/index.d.ts) included.
+ * React Native is supported (need to explicitly `npm install` two more modules: `buffer` and `stream`).
+ * License: MIT.
+
+[![NPM Stats](https://nodei.co/npm/iconv-lite.png?downloads=true&downloadRank=true)](https://npmjs.org/packages/iconv-lite/)
+
+## Usage
+### Basic API
+```javascript
+var iconv = require('iconv-lite');
+
+// Convert from an encoded buffer to js string.
+str = iconv.decode(Buffer.from([0x68, 0x65, 0x6c, 0x6c, 0x6f]), 'win1251');
+
+// Convert from js string to an encoded buffer.
+buf = iconv.encode("Sample input string", 'win1251');
+
+// Check if encoding is supported
+iconv.encodingExists("us-ascii")
+```
+
+### Streaming API (Node v0.10+)
+```javascript
+
+// Decode stream (from binary stream to js strings)
+http.createServer(function(req, res) {
+    var converterStream = iconv.decodeStream('win1251');
+    req.pipe(converterStream);
+
+    converterStream.on('data', function(str) {
+        console.log(str); // Do something with decoded strings, chunk-by-chunk.
+    });
+});
+
+// Convert encoding streaming example
+fs.createReadStream('file-in-win1251.txt')
+    .pipe(iconv.decodeStream('win1251'))
+    .pipe(iconv.encodeStream('ucs2'))
+    .pipe(fs.createWriteStream('file-in-ucs2.txt'));
+
+// Sugar: all encode/decode streams have .collect(cb) method to accumulate data.
+http.createServer(function(req, res) {
+    req.pipe(iconv.decodeStream('win1251')).collect(function(err, body) {
+        assert(typeof body == 'string');
+        console.log(body); // full request body string
+    });
+});
+```
+
+### [Deprecated] Extend Node.js own encodings
+> NOTE: This doesn't work on latest Node versions. See [details](https://github.com/ashtuchkin/iconv-lite/wiki/Node-v4-compatibility).
+
+```javascript
+// After this call all Node basic primitives will understand iconv-lite encodings.
+iconv.extendNodeEncodings();
+
+// Examples:
+buf = new Buffer(str, 'win1251');
+buf.write(str, 'gbk');
+str = buf.toString('latin1');
+assert(Buffer.isEncoding('iso-8859-15'));
+Buffer.byteLength(str, 'us-ascii');
+
+http.createServer(function(req, res) {
+    req.setEncoding('big5');
+    req.collect(function(err, body) {
+        console.log(body);
+    });
+});
+
+fs.createReadStream("file.txt", "shift_jis");
+
+// External modules are also supported (if they use Node primitives, which they probably do).
+request = require('request');
+request({
+    url: "http://github.com/", 
+    encoding: "cp932"
+});
+
+// To remove extensions
+iconv.undoExtendNodeEncodings();
+```
+
+## Supported encodings
+
+ *  All node.js native encodings: utf8, ucs2 / utf16-le, ascii, binary, base64, hex.
+ *  Additional unicode encodings: utf16, utf16-be, utf-7, utf-7-imap.
+ *  All widespread singlebyte encodings: Windows 125x family, ISO-8859 family, 
+    IBM/DOS codepages, Macintosh family, KOI8 family, all others supported by iconv library. 
+    Aliases like 'latin1', 'us-ascii' also supported.
+ *  All widespread multibyte encodings: CP932, CP936, CP949, CP950, GB2312, GBK, GB18030, Big5, Shift_JIS, EUC-JP.
+
+See [all supported encodings on wiki](https://github.com/ashtuchkin/iconv-lite/wiki/Supported-Encodings).
+
+Most singlebyte encodings are generated automatically from [node-iconv](https://github.com/bnoordhuis/node-iconv). Thank you Ben Noordhuis and libiconv authors!
+
+Multibyte encodings are generated from [Unicode.org mappings](http://www.unicode.org/Public/MAPPINGS/) and [WHATWG Encoding Standard mappings](http://encoding.spec.whatwg.org/). Thank you, respective authors!
+
+
+## Encoding/decoding speed
+
+Comparison with node-iconv module (1000x256kb, on MacBook Pro, Core i5/2.6 GHz, Node v0.12.0). 
+Note: your results may vary, so please always check on your hardware.
+
+    operation             iconv@2.1.4   iconv-lite@0.4.7
+    ----------------------------------------------------------
+    encode('win1251')     ~96 Mb/s      ~320 Mb/s
+    decode('win1251')     ~95 Mb/s      ~246 Mb/s
+
+## BOM handling
+
+ * Decoding: BOM is stripped by default, unless overridden by passing `stripBOM: false` in options
+   (f.ex. `iconv.decode(buf, enc, {stripBOM: false})`).
+   A callback might also be given as a `stripBOM` parameter - it'll be called if BOM character was actually found.
+ * If you want to detect UTF-8 BOM when decoding other encodings, use [node-autodetect-decoder-stream](https://github.com/danielgindi/node-autodetect-decoder-stream) module.
+ * Encoding: No BOM added, unless overridden by `addBOM: true` option.
+
+## UTF-16 Encodings
+
+This library supports UTF-16LE, UTF-16BE and UTF-16 encodings. First two are straightforward, but UTF-16 is trying to be
+smart about endianness in the following ways:
+ * Decoding: uses BOM and 'spaces heuristic' to determine input endianness. Default is UTF-16LE, but can be 
+   overridden with `defaultEncoding: 'utf-16be'` option. Strips BOM unless `stripBOM: false`.
+ * Encoding: uses UTF-16LE and writes BOM by default. Use `addBOM: false` to override.
+
+## Other notes
+
+When decoding, be sure to supply a Buffer to decode() method, otherwise [bad things usually happen](https://github.com/ashtuchkin/iconv-lite/wiki/Use-Buffers-when-decoding).  
+Untranslatable characters are set to � or ?. No transliteration is currently supported.  
+Node versions 0.10.31 and 0.11.13 are buggy, don't use them (see #65, #77).  
+
+## Testing
+
+```bash
+$ git clone git@github.com:ashtuchkin/iconv-lite.git
+$ cd iconv-lite
+$ npm install
+$ npm test
+    
+$ # To view performance:
+$ node test/performance.js
+
+$ # To view test coverage:
+$ npm run coverage
+$ open coverage/lcov-report/index.html
+```
diff --git a/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/dbcs-codec.js b/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/dbcs-codec.js
new file mode 100644
index 0000000..1fe3e16
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/dbcs-codec.js
@@ -0,0 +1,555 @@
+"use strict";
+var Buffer = require("safer-buffer").Buffer;
+
+// Multibyte codec. In this scheme, a character is represented by 1 or more bytes.
+// Our codec supports UTF-16 surrogates, extensions for GB18030 and unicode sequences.
+// To save memory and loading time, we read table files only when requested.
+
+exports._dbcs = DBCSCodec;
+
+var UNASSIGNED = -1,
+    GB18030_CODE = -2,
+    SEQ_START  = -10,
+    NODE_START = -1000,
+    UNASSIGNED_NODE = new Array(0x100),
+    DEF_CHAR = -1;
+
+for (var i = 0; i < 0x100; i++)
+    UNASSIGNED_NODE[i] = UNASSIGNED;
+
+
+// Class DBCSCodec reads and initializes mapping tables.
+function DBCSCodec(codecOptions, iconv) {
+    this.encodingName = codecOptions.encodingName;
+    if (!codecOptions)
+        throw new Error("DBCS codec is called without the data.")
+    if (!codecOptions.table)
+        throw new Error("Encoding '" + this.encodingName + "' has no data.");
+
+    // Load tables.
+    var mappingTable = codecOptions.table();
+
+
+    // Decode tables: MBCS -> Unicode.
+
+    // decodeTables is a trie, encoded as an array of arrays of integers. Internal arrays are trie nodes and all have len = 256.
+    // Trie root is decodeTables[0].
+    // Values: >=  0 -> unicode character code. can be > 0xFFFF
+    //         == UNASSIGNED -> unknown/unassigned sequence.
+    //         == GB18030_CODE -> this is the end of a GB18030 4-byte sequence.
+    //         <= NODE_START -> index of the next node in our trie to process next byte.
+    //         <= SEQ_START  -> index of the start of a character code sequence, in decodeTableSeq.
+    this.decodeTables = [];
+    this.decodeTables[0] = UNASSIGNED_NODE.slice(0); // Create root node.
+
+    // Sometimes a MBCS char corresponds to a sequence of unicode chars. We store them as arrays of integers here. 
+    this.decodeTableSeq = [];
+
+    // Actual mapping tables consist of chunks. Use them to fill up decode tables.
+    for (var i = 0; i < mappingTable.length; i++)
+        this._addDecodeChunk(mappingTable[i]);
+
+    this.defaultCharUnicode = iconv.defaultCharUnicode;
+
+    
+    // Encode tables: Unicode -> DBCS.
+
+    // `encodeTable` is array mapping from unicode char to encoded char. All its values are integers for performance.
+    // Because it can be sparse, it is represented as array of buckets by 256 chars each. Bucket can be null.
+    // Values: >=  0 -> it is a normal char. Write the value (if <=256 then 1 byte, if <=65536 then 2 bytes, etc.).
+    //         == UNASSIGNED -> no conversion found. Output a default char.
+    //         <= SEQ_START  -> it's an index in encodeTableSeq, see below. The character starts a sequence.
+    this.encodeTable = [];
+    
+    // `encodeTableSeq` is used when a sequence of unicode characters is encoded as a single code. We use a tree of
+    // objects where keys correspond to characters in sequence and leafs are the encoded dbcs values. A special DEF_CHAR key
+    // means end of sequence (needed when one sequence is a strict subsequence of another).
+    // Objects are kept separately from encodeTable to increase performance.
+    this.encodeTableSeq = [];
+
+    // Some chars can be decoded, but need not be encoded.
+    var skipEncodeChars = {};
+    if (codecOptions.encodeSkipVals)
+        for (var i = 0; i < codecOptions.encodeSkipVals.length; i++) {
+            var val = codecOptions.encodeSkipVals[i];
+            if (typeof val === 'number')
+                skipEncodeChars[val] = true;
+            else
+                for (var j = val.from; j <= val.to; j++)
+                    skipEncodeChars[j] = true;
+        }
+        
+    // Use decode trie to recursively fill out encode tables.
+    this._fillEncodeTable(0, 0, skipEncodeChars);
+
+    // Add more encoding pairs when needed.
+    if (codecOptions.encodeAdd) {
+        for (var uChar in codecOptions.encodeAdd)
+            if (Object.prototype.hasOwnProperty.call(codecOptions.encodeAdd, uChar))
+                this._setEncodeChar(uChar.charCodeAt(0), codecOptions.encodeAdd[uChar]);
+    }
+
+    this.defCharSB  = this.encodeTable[0][iconv.defaultCharSingleByte.charCodeAt(0)];
+    if (this.defCharSB === UNASSIGNED) this.defCharSB = this.encodeTable[0]['?'];
+    if (this.defCharSB === UNASSIGNED) this.defCharSB = "?".charCodeAt(0);
+
+
+    // Load & create GB18030 tables when needed.
+    if (typeof codecOptions.gb18030 === 'function') {
+        this.gb18030 = codecOptions.gb18030(); // Load GB18030 ranges.
+
+        // Add GB18030 decode tables.
+        var thirdByteNodeIdx = this.decodeTables.length;
+        var thirdByteNode = this.decodeTables[thirdByteNodeIdx] = UNASSIGNED_NODE.slice(0);
+
+        var fourthByteNodeIdx = this.decodeTables.length;
+        var fourthByteNode = this.decodeTables[fourthByteNodeIdx] = UNASSIGNED_NODE.slice(0);
+
+        for (var i = 0x81; i <= 0xFE; i++) {
+            var secondByteNodeIdx = NODE_START - this.decodeTables[0][i];
+            var secondByteNode = this.decodeTables[secondByteNodeIdx];
+            for (var j = 0x30; j <= 0x39; j++)
+                secondByteNode[j] = NODE_START - thirdByteNodeIdx;
+        }
+        for (var i = 0x81; i <= 0xFE; i++)
+            thirdByteNode[i] = NODE_START - fourthByteNodeIdx;
+        for (var i = 0x30; i <= 0x39; i++)
+            fourthByteNode[i] = GB18030_CODE
+    }        
+}
+
+DBCSCodec.prototype.encoder = DBCSEncoder;
+DBCSCodec.prototype.decoder = DBCSDecoder;
+
+// Decoder helpers
+DBCSCodec.prototype._getDecodeTrieNode = function(addr) {
+    var bytes = [];
+    for (; addr > 0; addr >>= 8)
+        bytes.push(addr & 0xFF);
+    if (bytes.length == 0)
+        bytes.push(0);
+
+    var node = this.decodeTables[0];
+    for (var i = bytes.length-1; i > 0; i--) { // Traverse nodes deeper into the trie.
+        var val = node[bytes[i]];
+
+        if (val == UNASSIGNED) { // Create new node.
+            node[bytes[i]] = NODE_START - this.decodeTables.length;
+            this.decodeTables.push(node = UNASSIGNED_NODE.slice(0));
+        }
+        else if (val <= NODE_START) { // Existing node.
+            node = this.decodeTables[NODE_START - val];
+        }
+        else
+            throw new Error("Overwrite byte in " + this.encodingName + ", addr: " + addr.toString(16));
+    }
+    return node;
+}
+
+
+DBCSCodec.prototype._addDecodeChunk = function(chunk) {
+    // First element of chunk is the hex mbcs code where we start.
+    var curAddr = parseInt(chunk[0], 16);
+
+    // Choose the decoding node where we'll write our chars.
+    var writeTable = this._getDecodeTrieNode(curAddr);
+    curAddr = curAddr & 0xFF;
+
+    // Write all other elements of the chunk to the table.
+    for (var k = 1; k < chunk.length; k++) {
+        var part = chunk[k];
+        if (typeof part === "string") { // String, write as-is.
+            for (var l = 0; l < part.length;) {
+                var code = part.charCodeAt(l++);
+                if (0xD800 <= code && code < 0xDC00) { // Decode surrogate
+                    var codeTrail = part.charCodeAt(l++);
+                    if (0xDC00 <= codeTrail && codeTrail < 0xE000)
+                        writeTable[curAddr++] = 0x10000 + (code - 0xD800) * 0x400 + (codeTrail - 0xDC00);
+                    else
+                        throw new Error("Incorrect surrogate pair in "  + this.encodingName + " at chunk " + chunk[0]);
+                }
+                else if (0x0FF0 < code && code <= 0x0FFF) { // Character sequence (our own encoding used)
+                    var len = 0xFFF - code + 2;
+                    var seq = [];
+                    for (var m = 0; m < len; m++)
+                        seq.push(part.charCodeAt(l++)); // Simple variation: don't support surrogates or subsequences in seq.
+
+                    writeTable[curAddr++] = SEQ_START - this.decodeTableSeq.length;
+                    this.decodeTableSeq.push(seq);
+                }
+                else
+                    writeTable[curAddr++] = code; // Basic char
+            }
+        } 
+        else if (typeof part === "number") { // Integer, meaning increasing sequence starting with prev character.
+            var charCode = writeTable[curAddr - 1] + 1;
+            for (var l = 0; l < part; l++)
+                writeTable[curAddr++] = charCode++;
+        }
+        else
+            throw new Error("Incorrect type '" + typeof part + "' given in "  + this.encodingName + " at chunk " + chunk[0]);
+    }
+    if (curAddr > 0xFF)
+        throw new Error("Incorrect chunk in "  + this.encodingName + " at addr " + chunk[0] + ": too long" + curAddr);
+}
+
+// Encoder helpers
+DBCSCodec.prototype._getEncodeBucket = function(uCode) {
+    var high = uCode >> 8; // This could be > 0xFF because of astral characters.
+    if (this.encodeTable[high] === undefined)
+        this.encodeTable[high] = UNASSIGNED_NODE.slice(0); // Create bucket on demand.
+    return this.encodeTable[high];
+}
+
+DBCSCodec.prototype._setEncodeChar = function(uCode, dbcsCode) {
+    var bucket = this._getEncodeBucket(uCode);
+    var low = uCode & 0xFF;
+    if (bucket[low] <= SEQ_START)
+        this.encodeTableSeq[SEQ_START-bucket[low]][DEF_CHAR] = dbcsCode; // There's already a sequence, set a single-char subsequence of it.
+    else if (bucket[low] == UNASSIGNED)
+        bucket[low] = dbcsCode;
+}
+
+DBCSCodec.prototype._setEncodeSequence = function(seq, dbcsCode) {
+    
+    // Get the root of character tree according to first character of the sequence.
+    var uCode = seq[0];
+    var bucket = this._getEncodeBucket(uCode);
+    var low = uCode & 0xFF;
+
+    var node;
+    if (bucket[low] <= SEQ_START) {
+        // There's already a sequence with  - use it.
+        node = this.encodeTableSeq[SEQ_START-bucket[low]];
+    }
+    else {
+        // There was no sequence object - allocate a new one.
+        node = {};
+        if (bucket[low] !== UNASSIGNED) node[DEF_CHAR] = bucket[low]; // If a char was set before - make it a single-char subsequence.
+        bucket[low] = SEQ_START - this.encodeTableSeq.length;
+        this.encodeTableSeq.push(node);
+    }
+
+    // Traverse the character tree, allocating new nodes as needed.
+    for (var j = 1; j < seq.length-1; j++) {
+        var oldVal = node[uCode];
+        if (typeof oldVal === 'object')
+            node = oldVal;
+        else {
+            node = node[uCode] = {}
+            if (oldVal !== undefined)
+                node[DEF_CHAR] = oldVal
+        }
+    }
+
+    // Set the leaf to given dbcsCode.
+    uCode = seq[seq.length-1];
+    node[uCode] = dbcsCode;
+}
+
+DBCSCodec.prototype._fillEncodeTable = function(nodeIdx, prefix, skipEncodeChars) {
+    var node = this.decodeTables[nodeIdx];
+    for (var i = 0; i < 0x100; i++) {
+        var uCode = node[i];
+        var mbCode = prefix + i;
+        if (skipEncodeChars[mbCode])
+            continue;
+
+        if (uCode >= 0)
+            this._setEncodeChar(uCode, mbCode);
+        else if (uCode <= NODE_START)
+            this._fillEncodeTable(NODE_START - uCode, mbCode << 8, skipEncodeChars);
+        else if (uCode <= SEQ_START)
+            this._setEncodeSequence(this.decodeTableSeq[SEQ_START - uCode], mbCode);
+    }
+}
+
+
+
+// == Encoder ==================================================================
+
+function DBCSEncoder(options, codec) {
+    // Encoder state
+    this.leadSurrogate = -1;
+    this.seqObj = undefined;
+    
+    // Static data
+    this.encodeTable = codec.encodeTable;
+    this.encodeTableSeq = codec.encodeTableSeq;
+    this.defaultCharSingleByte = codec.defCharSB;
+    this.gb18030 = codec.gb18030;
+}
+
+DBCSEncoder.prototype.write = function(str) {
+    var newBuf = Buffer.alloc(str.length * (this.gb18030 ? 4 : 3)),
+        leadSurrogate = this.leadSurrogate,
+        seqObj = this.seqObj, nextChar = -1,
+        i = 0, j = 0;
+
+    while (true) {
+        // 0. Get next character.
+        if (nextChar === -1) {
+            if (i == str.length) break;
+            var uCode = str.charCodeAt(i++);
+        }
+        else {
+            var uCode = nextChar;
+            nextChar = -1;    
+        }
+
+        // 1. Handle surrogates.
+        if (0xD800 <= uCode && uCode < 0xE000) { // Char is one of surrogates.
+            if (uCode < 0xDC00) { // We've got lead surrogate.
+                if (leadSurrogate === -1) {
+                    leadSurrogate = uCode;
+                    continue;
+                } else {
+                    leadSurrogate = uCode;
+                    // Double lead surrogate found.
+                    uCode = UNASSIGNED;
+                }
+            } else { // We've got trail surrogate.
+                if (leadSurrogate !== -1) {
+                    uCode = 0x10000 + (leadSurrogate - 0xD800) * 0x400 + (uCode - 0xDC00);
+                    leadSurrogate = -1;
+                } else {
+                    // Incomplete surrogate pair - only trail surrogate found.
+                    uCode = UNASSIGNED;
+                }
+                
+            }
+        }
+        else if (leadSurrogate !== -1) {
+            // Incomplete surrogate pair - only lead surrogate found.
+            nextChar = uCode; uCode = UNASSIGNED; // Write an error, then current char.
+            leadSurrogate = -1;
+        }
+
+        // 2. Convert uCode character.
+        var dbcsCode = UNASSIGNED;
+        if (seqObj !== undefined && uCode != UNASSIGNED) { // We are in the middle of the sequence
+            var resCode = seqObj[uCode];
+            if (typeof resCode === 'object') { // Sequence continues.
+                seqObj = resCode;
+                continue;
+
+            } else if (typeof resCode == 'number') { // Sequence finished. Write it.
+                dbcsCode = resCode;
+
+            } else if (resCode == undefined) { // Current character is not part of the sequence.
+
+                // Try default character for this sequence
+                resCode = seqObj[DEF_CHAR];
+                if (resCode !== undefined) {
+                    dbcsCode = resCode; // Found. Write it.
+                    nextChar = uCode; // Current character will be written too in the next iteration.
+
+                } else {
+                    // TODO: What if we have no default? (resCode == undefined)
+                    // Then, we should write first char of the sequence as-is and try the rest recursively.
+                    // Didn't do it for now because no encoding has this situation yet.
+                    // Currently, just skip the sequence and write current char.
+                }
+            }
+            seqObj = undefined;
+        }
+        else if (uCode >= 0) {  // Regular character
+            var subtable = this.encodeTable[uCode >> 8];
+            if (subtable !== undefined)
+                dbcsCode = subtable[uCode & 0xFF];
+            
+            if (dbcsCode <= SEQ_START) { // Sequence start
+                seqObj = this.encodeTableSeq[SEQ_START-dbcsCode];
+                continue;
+            }
+
+            if (dbcsCode == UNASSIGNED && this.gb18030) {
+                // Use GB18030 algorithm to find character(s) to write.
+                var idx = findIdx(this.gb18030.uChars, uCode);
+                if (idx != -1) {
+                    var dbcsCode = this.gb18030.gbChars[idx] + (uCode - this.gb18030.uChars[idx]);
+                    newBuf[j++] = 0x81 + Math.floor(dbcsCode / 12600); dbcsCode = dbcsCode % 12600;
+                    newBuf[j++] = 0x30 + Math.floor(dbcsCode / 1260); dbcsCode = dbcsCode % 1260;
+                    newBuf[j++] = 0x81 + Math.floor(dbcsCode / 10); dbcsCode = dbcsCode % 10;
+                    newBuf[j++] = 0x30 + dbcsCode;
+                    continue;
+                }
+            }
+        }
+
+        // 3. Write dbcsCode character.
+        if (dbcsCode === UNASSIGNED)
+            dbcsCode = this.defaultCharSingleByte;
+        
+        if (dbcsCode < 0x100) {
+            newBuf[j++] = dbcsCode;
+        }
+        else if (dbcsCode < 0x10000) {
+            newBuf[j++] = dbcsCode >> 8;   // high byte
+            newBuf[j++] = dbcsCode & 0xFF; // low byte
+        }
+        else {
+            newBuf[j++] = dbcsCode >> 16;
+            newBuf[j++] = (dbcsCode >> 8) & 0xFF;
+            newBuf[j++] = dbcsCode & 0xFF;
+        }
+    }
+
+    this.seqObj = seqObj;
+    this.leadSurrogate = leadSurrogate;
+    return newBuf.slice(0, j);
+}
+
+DBCSEncoder.prototype.end = function() {
+    if (this.leadSurrogate === -1 && this.seqObj === undefined)
+        return; // All clean. Most often case.
+
+    var newBuf = Buffer.alloc(10), j = 0;
+
+    if (this.seqObj) { // We're in the sequence.
+        var dbcsCode = this.seqObj[DEF_CHAR];
+        if (dbcsCode !== undefined) { // Write beginning of the sequence.
+            if (dbcsCode < 0x100) {
+                newBuf[j++] = dbcsCode;
+            }
+            else {
+                newBuf[j++] = dbcsCode >> 8;   // high byte
+                newBuf[j++] = dbcsCode & 0xFF; // low byte
+            }
+        } else {
+            // See todo above.
+        }
+        this.seqObj = undefined;
+    }
+
+    if (this.leadSurrogate !== -1) {
+        // Incomplete surrogate pair - only lead surrogate found.
+        newBuf[j++] = this.defaultCharSingleByte;
+        this.leadSurrogate = -1;
+    }
+    
+    return newBuf.slice(0, j);
+}
+
+// Export for testing
+DBCSEncoder.prototype.findIdx = findIdx;
+
+
+// == Decoder ==================================================================
+
+function DBCSDecoder(options, codec) {
+    // Decoder state
+    this.nodeIdx = 0;
+    this.prevBuf = Buffer.alloc(0);
+
+    // Static data
+    this.decodeTables = codec.decodeTables;
+    this.decodeTableSeq = codec.decodeTableSeq;
+    this.defaultCharUnicode = codec.defaultCharUnicode;
+    this.gb18030 = codec.gb18030;
+}
+
+DBCSDecoder.prototype.write = function(buf) {
+    var newBuf = Buffer.alloc(buf.length*2),
+        nodeIdx = this.nodeIdx, 
+        prevBuf = this.prevBuf, prevBufOffset = this.prevBuf.length,
+        seqStart = -this.prevBuf.length, // idx of the start of current parsed sequence.
+        uCode;
+
+    if (prevBufOffset > 0) // Make prev buf overlap a little to make it easier to slice later.
+        prevBuf = Buffer.concat([prevBuf, buf.slice(0, 10)]);
+    
+    for (var i = 0, j = 0; i < buf.length; i++) {
+        var curByte = (i >= 0) ? buf[i] : prevBuf[i + prevBufOffset];
+
+        // Lookup in current trie node.
+        var uCode = this.decodeTables[nodeIdx][curByte];
+
+        if (uCode >= 0) { 
+            // Normal character, just use it.
+        }
+        else if (uCode === UNASSIGNED) { // Unknown char.
+            // TODO: Callback with seq.
+            //var curSeq = (seqStart >= 0) ? buf.slice(seqStart, i+1) : prevBuf.slice(seqStart + prevBufOffset, i+1 + prevBufOffset);
+            i = seqStart; // Try to parse again, after skipping first byte of the sequence ('i' will be incremented by 'for' cycle).
+            uCode = this.defaultCharUnicode.charCodeAt(0);
+        }
+        else if (uCode === GB18030_CODE) {
+            var curSeq = (seqStart >= 0) ? buf.slice(seqStart, i+1) : prevBuf.slice(seqStart + prevBufOffset, i+1 + prevBufOffset);
+            var ptr = (curSeq[0]-0x81)*12600 + (curSeq[1]-0x30)*1260 + (curSeq[2]-0x81)*10 + (curSeq[3]-0x30);
+            var idx = findIdx(this.gb18030.gbChars, ptr);
+            uCode = this.gb18030.uChars[idx] + ptr - this.gb18030.gbChars[idx];
+        }
+        else if (uCode <= NODE_START) { // Go to next trie node.
+            nodeIdx = NODE_START - uCode;
+            continue;
+        }
+        else if (uCode <= SEQ_START) { // Output a sequence of chars.
+            var seq = this.decodeTableSeq[SEQ_START - uCode];
+            for (var k = 0; k < seq.length - 1; k++) {
+                uCode = seq[k];
+                newBuf[j++] = uCode & 0xFF;
+                newBuf[j++] = uCode >> 8;
+            }
+            uCode = seq[seq.length-1];
+        }
+        else
+            throw new Error("iconv-lite internal error: invalid decoding table value " + uCode + " at " + nodeIdx + "/" + curByte);
+
+        // Write the character to buffer, handling higher planes using surrogate pair.
+        if (uCode > 0xFFFF) { 
+            uCode -= 0x10000;
+            var uCodeLead = 0xD800 + Math.floor(uCode / 0x400);
+            newBuf[j++] = uCodeLead & 0xFF;
+            newBuf[j++] = uCodeLead >> 8;
+
+            uCode = 0xDC00 + uCode % 0x400;
+        }
+        newBuf[j++] = uCode & 0xFF;
+        newBuf[j++] = uCode >> 8;
+
+        // Reset trie node.
+        nodeIdx = 0; seqStart = i+1;
+    }
+
+    this.nodeIdx = nodeIdx;
+    this.prevBuf = (seqStart >= 0) ? buf.slice(seqStart) : prevBuf.slice(seqStart + prevBufOffset);
+    return newBuf.slice(0, j).toString('ucs2');
+}
+
+DBCSDecoder.prototype.end = function() {
+    var ret = '';
+
+    // Try to parse all remaining chars.
+    while (this.prevBuf.length > 0) {
+        // Skip 1 character in the buffer.
+        ret += this.defaultCharUnicode;
+        var buf = this.prevBuf.slice(1);
+
+        // Parse remaining as usual.
+        this.prevBuf = Buffer.alloc(0);
+        this.nodeIdx = 0;
+        if (buf.length > 0)
+            ret += this.write(buf);
+    }
+
+    this.nodeIdx = 0;
+    return ret;
+}
+
+// Binary search for GB18030. Returns largest i such that table[i] <= val.
+function findIdx(table, val) {
+    if (table[0] > val)
+        return -1;
+
+    var l = 0, r = table.length;
+    while (l < r-1) { // always table[l] <= val < table[r]
+        var mid = l + Math.floor((r-l+1)/2);
+        if (table[mid] <= val)
+            l = mid;
+        else
+            r = mid;
+    }
+    return l;
+}
+
diff --git a/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/dbcs-data.js b/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/dbcs-data.js
new file mode 100644
index 0000000..4b61914
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/dbcs-data.js
@@ -0,0 +1,176 @@
+"use strict";
+
+// Description of supported double byte encodings and aliases.
+// Tables are not require()-d until they are needed to speed up library load.
+// require()-s are direct to support Browserify.
+
+module.exports = {
+    
+    // == Japanese/ShiftJIS ====================================================
+    // All japanese encodings are based on JIS X set of standards:
+    // JIS X 0201 - Single-byte encoding of ASCII + ¥ + Kana chars at 0xA1-0xDF.
+    // JIS X 0208 - Main set of 6879 characters, placed in 94x94 plane, to be encoded by 2 bytes. 
+    //              Has several variations in 1978, 1983, 1990 and 1997.
+    // JIS X 0212 - Supplementary plane of 6067 chars in 94x94 plane. 1990. Effectively dead.
+    // JIS X 0213 - Extension and modern replacement of 0208 and 0212. Total chars: 11233.
+    //              2 planes, first is superset of 0208, second - revised 0212.
+    //              Introduced in 2000, revised 2004. Some characters are in Unicode Plane 2 (0x2xxxx)
+
+    // Byte encodings are:
+    //  * Shift_JIS: Compatible with 0201, uses not defined chars in top half as lead bytes for double-byte
+    //               encoding of 0208. Lead byte ranges: 0x81-0x9F, 0xE0-0xEF; Trail byte ranges: 0x40-0x7E, 0x80-0x9E, 0x9F-0xFC.
+    //               Windows CP932 is a superset of Shift_JIS. Some companies added more chars, notably KDDI.
+    //  * EUC-JP:    Up to 3 bytes per character. Used mostly on *nixes.
+    //               0x00-0x7F       - lower part of 0201
+    //               0x8E, 0xA1-0xDF - upper part of 0201
+    //               (0xA1-0xFE)x2   - 0208 plane (94x94).
+    //               0x8F, (0xA1-0xFE)x2 - 0212 plane (94x94).
+    //  * JIS X 208: 7-bit, direct encoding of 0208. Byte ranges: 0x21-0x7E (94 values). Uncommon.
+    //               Used as-is in ISO2022 family.
+    //  * ISO2022-JP: Stateful encoding, with escape sequences to switch between ASCII, 
+    //                0201-1976 Roman, 0208-1978, 0208-1983.
+    //  * ISO2022-JP-1: Adds esc seq for 0212-1990.
+    //  * ISO2022-JP-2: Adds esc seq for GB2313-1980, KSX1001-1992, ISO8859-1, ISO8859-7.
+    //  * ISO2022-JP-3: Adds esc seq for 0201-1976 Kana set, 0213-2000 Planes 1, 2.
+    //  * ISO2022-JP-2004: Adds 0213-2004 Plane 1.
+    //
+    // After JIS X 0213 appeared, Shift_JIS-2004, EUC-JISX0213 and ISO2022-JP-2004 followed, with just changing the planes.
+    //
+    // Overall, it seems that it's a mess :( http://www8.plala.or.jp/tkubota1/unicode-symbols-map2.html
+
+    'shiftjis': {
+        type: '_dbcs',
+        table: function() { return require('./tables/shiftjis.json') },
+        encodeAdd: {'\u00a5': 0x5C, '\u203E': 0x7E},
+        encodeSkipVals: [{from: 0xED40, to: 0xF940}],
+    },
+    'csshiftjis': 'shiftjis',
+    'mskanji': 'shiftjis',
+    'sjis': 'shiftjis',
+    'windows31j': 'shiftjis',
+    'ms31j': 'shiftjis',
+    'xsjis': 'shiftjis',
+    'windows932': 'shiftjis',
+    'ms932': 'shiftjis',
+    '932': 'shiftjis',
+    'cp932': 'shiftjis',
+
+    'eucjp': {
+        type: '_dbcs',
+        table: function() { return require('./tables/eucjp.json') },
+        encodeAdd: {'\u00a5': 0x5C, '\u203E': 0x7E},
+    },
+
+    // TODO: KDDI extension to Shift_JIS
+    // TODO: IBM CCSID 942 = CP932, but F0-F9 custom chars and other char changes.
+    // TODO: IBM CCSID 943 = Shift_JIS = CP932 with original Shift_JIS lower 128 chars.
+
+
+    // == Chinese/GBK ==========================================================
+    // http://en.wikipedia.org/wiki/GBK
+    // We mostly implement W3C recommendation: https://www.w3.org/TR/encoding/#gbk-encoder
+
+    // Oldest GB2312 (1981, ~7600 chars) is a subset of CP936
+    'gb2312': 'cp936',
+    'gb231280': 'cp936',
+    'gb23121980': 'cp936',
+    'csgb2312': 'cp936',
+    'csiso58gb231280': 'cp936',
+    'euccn': 'cp936',
+
+    // Microsoft's CP936 is a subset and approximation of GBK.
+    'windows936': 'cp936',
+    'ms936': 'cp936',
+    '936': 'cp936',
+    'cp936': {
+        type: '_dbcs',
+        table: function() { return require('./tables/cp936.json') },
+    },
+
+    // GBK (~22000 chars) is an extension of CP936 that added user-mapped chars and some other.
+    'gbk': {
+        type: '_dbcs',
+        table: function() { return require('./tables/cp936.json').concat(require('./tables/gbk-added.json')) },
+    },
+    'xgbk': 'gbk',
+    'isoir58': 'gbk',
+
+    // GB18030 is an algorithmic extension of GBK.
+    // Main source: https://www.w3.org/TR/encoding/#gbk-encoder
+    // http://icu-project.org/docs/papers/gb18030.html
+    // http://source.icu-project.org/repos/icu/data/trunk/charset/data/xml/gb-18030-2000.xml
+    // http://www.khngai.com/chinese/charmap/tblgbk.php?page=0
+    'gb18030': {
+        type: '_dbcs',
+        table: function() { return require('./tables/cp936.json').concat(require('./tables/gbk-added.json')) },
+        gb18030: function() { return require('./tables/gb18030-ranges.json') },
+        encodeSkipVals: [0x80],
+        encodeAdd: {'€': 0xA2E3},
+    },
+
+    'chinese': 'gb18030',
+
+
+    // == Korean ===============================================================
+    // EUC-KR, KS_C_5601 and KS X 1001 are exactly the same.
+    'windows949': 'cp949',
+    'ms949': 'cp949',
+    '949': 'cp949',
+    'cp949': {
+        type: '_dbcs',
+        table: function() { return require('./tables/cp949.json') },
+    },
+
+    'cseuckr': 'cp949',
+    'csksc56011987': 'cp949',
+    'euckr': 'cp949',
+    'isoir149': 'cp949',
+    'korean': 'cp949',
+    'ksc56011987': 'cp949',
+    'ksc56011989': 'cp949',
+    'ksc5601': 'cp949',
+
+
+    // == Big5/Taiwan/Hong Kong ================================================
+    // There are lots of tables for Big5 and cp950. Please see the following links for history:
+    // http://moztw.org/docs/big5/  http://www.haible.de/bruno/charsets/conversion-tables/Big5.html
+    // Variations, in roughly number of defined chars:
+    //  * Windows CP 950: Microsoft variant of Big5. Canonical: http://www.unicode.org/Public/MAPPINGS/VENDORS/MICSFT/WINDOWS/CP950.TXT
+    //  * Windows CP 951: Microsoft variant of Big5-HKSCS-2001. Seems to be never public. http://me.abelcheung.org/articles/research/what-is-cp951/
+    //  * Big5-2003 (Taiwan standard) almost superset of cp950.
+    //  * Unicode-at-on (UAO) / Mozilla 1.8. Falling out of use on the Web. Not supported by other browsers.
+    //  * Big5-HKSCS (-2001, -2004, -2008). Hong Kong standard. 
+    //    many unicode code points moved from PUA to Supplementary plane (U+2XXXX) over the years.
+    //    Plus, it has 4 combining sequences.
+    //    Seems that Mozilla refused to support it for 10 yrs. https://bugzilla.mozilla.org/show_bug.cgi?id=162431 https://bugzilla.mozilla.org/show_bug.cgi?id=310299
+    //    because big5-hkscs is the only encoding to include astral characters in non-algorithmic way.
+    //    Implementations are not consistent within browsers; sometimes labeled as just big5.
+    //    MS Internet Explorer switches from big5 to big5-hkscs when a patch applied.
+    //    Great discussion & recap of what's going on https://bugzilla.mozilla.org/show_bug.cgi?id=912470#c31
+    //    In the encoder, it might make sense to support encoding old PUA mappings to Big5 bytes seq-s.
+    //    Official spec: http://www.ogcio.gov.hk/en/business/tech_promotion/ccli/terms/doc/2003cmp_2008.txt
+    //                   http://www.ogcio.gov.hk/tc/business/tech_promotion/ccli/terms/doc/hkscs-2008-big5-iso.txt
+    // 
+    // Current understanding of how to deal with Big5(-HKSCS) is in the Encoding Standard, http://encoding.spec.whatwg.org/#big5-encoder
+    // Unicode mapping (http://www.unicode.org/Public/MAPPINGS/OBSOLETE/EASTASIA/OTHER/BIG5.TXT) is said to be wrong.
+
+    'windows950': 'cp950',
+    'ms950': 'cp950',
+    '950': 'cp950',
+    'cp950': {
+        type: '_dbcs',
+        table: function() { return require('./tables/cp950.json') },
+    },
+
+    // Big5 has many variations and is an extension of cp950. We use Encoding Standard's as a consensus.
+    'big5': 'big5hkscs',
+    'big5hkscs': {
+        type: '_dbcs',
+        table: function() { return require('./tables/cp950.json').concat(require('./tables/big5-added.json')) },
+        encodeSkipVals: [0xa2cc],
+    },
+
+    'cnbig5': 'big5hkscs',
+    'csbig5': 'big5hkscs',
+    'xxbig5': 'big5hkscs',
+};
diff --git a/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/index.js b/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/index.js
new file mode 100644
index 0000000..e304003
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/index.js
@@ -0,0 +1,22 @@
+"use strict";
+
+// Update this array if you add/rename/remove files in this directory.
+// We support Browserify by skipping automatic module discovery and requiring modules directly.
+var modules = [
+    require("./internal"),
+    require("./utf16"),
+    require("./utf7"),
+    require("./sbcs-codec"),
+    require("./sbcs-data"),
+    require("./sbcs-data-generated"),
+    require("./dbcs-codec"),
+    require("./dbcs-data"),
+];
+
+// Put all encoding/alias/codec definitions to single object and export it. 
+for (var i = 0; i < modules.length; i++) {
+    var module = modules[i];
+    for (var enc in module)
+        if (Object.prototype.hasOwnProperty.call(module, enc))
+            exports[enc] = module[enc];
+}
diff --git a/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/internal.js b/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/internal.js
new file mode 100644
index 0000000..05ce38b
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/internal.js
@@ -0,0 +1,188 @@
+"use strict";
+var Buffer = require("safer-buffer").Buffer;
+
+// Export Node.js internal encodings.
+
+module.exports = {
+    // Encodings
+    utf8:   { type: "_internal", bomAware: true},
+    cesu8:  { type: "_internal", bomAware: true},
+    unicode11utf8: "utf8",
+
+    ucs2:   { type: "_internal", bomAware: true},
+    utf16le: "ucs2",
+
+    binary: { type: "_internal" },
+    base64: { type: "_internal" },
+    hex:    { type: "_internal" },
+
+    // Codec.
+    _internal: InternalCodec,
+};
+
+//------------------------------------------------------------------------------
+
+function InternalCodec(codecOptions, iconv) {
+    this.enc = codecOptions.encodingName;
+    this.bomAware = codecOptions.bomAware;
+
+    if (this.enc === "base64")
+        this.encoder = InternalEncoderBase64;
+    else if (this.enc === "cesu8") {
+        this.enc = "utf8"; // Use utf8 for decoding.
+        this.encoder = InternalEncoderCesu8;
+
+        // Add decoder for versions of Node not supporting CESU-8
+        if (Buffer.from('eda0bdedb2a9', 'hex').toString() !== '💩') {
+            this.decoder = InternalDecoderCesu8;
+            this.defaultCharUnicode = iconv.defaultCharUnicode;
+        }
+    }
+}
+
+InternalCodec.prototype.encoder = InternalEncoder;
+InternalCodec.prototype.decoder = InternalDecoder;
+
+//------------------------------------------------------------------------------
+
+// We use node.js internal decoder. Its signature is the same as ours.
+var StringDecoder = require('string_decoder').StringDecoder;
+
+if (!StringDecoder.prototype.end) // Node v0.8 doesn't have this method.
+    StringDecoder.prototype.end = function() {};
+
+
+function InternalDecoder(options, codec) {
+    StringDecoder.call(this, codec.enc);
+}
+
+InternalDecoder.prototype = StringDecoder.prototype;
+
+
+//------------------------------------------------------------------------------
+// Encoder is mostly trivial
+
+function InternalEncoder(options, codec) {
+    this.enc = codec.enc;
+}
+
+InternalEncoder.prototype.write = function(str) {
+    return Buffer.from(str, this.enc);
+}
+
+InternalEncoder.prototype.end = function() {
+}
+
+
+//------------------------------------------------------------------------------
+// Except base64 encoder, which must keep its state.
+
+function InternalEncoderBase64(options, codec) {
+    this.prevStr = '';
+}
+
+InternalEncoderBase64.prototype.write = function(str) {
+    str = this.prevStr + str;
+    var completeQuads = str.length - (str.length % 4);
+    this.prevStr = str.slice(completeQuads);
+    str = str.slice(0, completeQuads);
+
+    return Buffer.from(str, "base64");
+}
+
+InternalEncoderBase64.prototype.end = function() {
+    return Buffer.from(this.prevStr, "base64");
+}
+
+
+//------------------------------------------------------------------------------
+// CESU-8 encoder is also special.
+
+function InternalEncoderCesu8(options, codec) {
+}
+
+InternalEncoderCesu8.prototype.write = function(str) {
+    var buf = Buffer.alloc(str.length * 3), bufIdx = 0;
+    for (var i = 0; i < str.length; i++) {
+        var charCode = str.charCodeAt(i);
+        // Naive implementation, but it works because CESU-8 is especially easy
+        // to convert from UTF-16 (which all JS strings are encoded in).
+        if (charCode < 0x80)
+            buf[bufIdx++] = charCode;
+        else if (charCode < 0x800) {
+            buf[bufIdx++] = 0xC0 + (charCode >>> 6);
+            buf[bufIdx++] = 0x80 + (charCode & 0x3f);
+        }
+        else { // charCode will always be < 0x10000 in javascript.
+            buf[bufIdx++] = 0xE0 + (charCode >>> 12);
+            buf[bufIdx++] = 0x80 + ((charCode >>> 6) & 0x3f);
+            buf[bufIdx++] = 0x80 + (charCode & 0x3f);
+        }
+    }
+    return buf.slice(0, bufIdx);
+}
+
+InternalEncoderCesu8.prototype.end = function() {
+}
+
+//------------------------------------------------------------------------------
+// CESU-8 decoder is not implemented in Node v4.0+
+
+function InternalDecoderCesu8(options, codec) {
+    this.acc = 0;
+    this.contBytes = 0;
+    this.accBytes = 0;
+    this.defaultCharUnicode = codec.defaultCharUnicode;
+}
+
+InternalDecoderCesu8.prototype.write = function(buf) {
+    var acc = this.acc, contBytes = this.contBytes, accBytes = this.accBytes, 
+        res = '';
+    for (var i = 0; i < buf.length; i++) {
+        var curByte = buf[i];
+        if ((curByte & 0xC0) !== 0x80) { // Leading byte
+            if (contBytes > 0) { // Previous code is invalid
+                res += this.defaultCharUnicode;
+                contBytes = 0;
+            }
+
+            if (curByte < 0x80) { // Single-byte code
+                res += String.fromCharCode(curByte);
+            } else if (curByte < 0xE0) { // Two-byte code
+                acc = curByte & 0x1F;
+                contBytes = 1; accBytes = 1;
+            } else if (curByte < 0xF0) { // Three-byte code
+                acc = curByte & 0x0F;
+                contBytes = 2; accBytes = 1;
+            } else { // Four or more are not supported for CESU-8.
+                res += this.defaultCharUnicode;
+            }
+        } else { // Continuation byte
+            if (contBytes > 0) { // We're waiting for it.
+                acc = (acc << 6) | (curByte & 0x3f);
+                contBytes--; accBytes++;
+                if (contBytes === 0) {
+                    // Check for overlong encoding, but support Modified UTF-8 (encoding NULL as C0 80)
+                    if (accBytes === 2 && acc < 0x80 && acc > 0)
+                        res += this.defaultCharUnicode;
+                    else if (accBytes === 3 && acc < 0x800)
+                        res += this.defaultCharUnicode;
+                    else
+                        // Actually add character.
+                        res += String.fromCharCode(acc);
+                }
+            } else { // Unexpected continuation byte
+                res += this.defaultCharUnicode;
+            }
+        }
+    }
+    this.acc = acc; this.contBytes = contBytes; this.accBytes = accBytes;
+    return res;
+}
+
+InternalDecoderCesu8.prototype.end = function() {
+    var res = 0;
+    if (this.contBytes > 0)
+        res += this.defaultCharUnicode;
+    return res;
+}
diff --git a/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/sbcs-codec.js b/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/sbcs-codec.js
new file mode 100644
index 0000000..abac5ff
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/sbcs-codec.js
@@ -0,0 +1,72 @@
+"use strict";
+var Buffer = require("safer-buffer").Buffer;
+
+// Single-byte codec. Needs a 'chars' string parameter that contains 256 or 128 chars that
+// correspond to encoded bytes (if 128 - then lower half is ASCII). 
+
+exports._sbcs = SBCSCodec;
+function SBCSCodec(codecOptions, iconv) {
+    if (!codecOptions)
+        throw new Error("SBCS codec is called without the data.")
+    
+    // Prepare char buffer for decoding.
+    if (!codecOptions.chars || (codecOptions.chars.length !== 128 && codecOptions.chars.length !== 256))
+        throw new Error("Encoding '"+codecOptions.type+"' has incorrect 'chars' (must be of len 128 or 256)");
+    
+    if (codecOptions.chars.length === 128) {
+        var asciiString = "";
+        for (var i = 0; i < 128; i++)
+            asciiString += String.fromCharCode(i);
+        codecOptions.chars = asciiString + codecOptions.chars;
+    }
+
+    this.decodeBuf = Buffer.from(codecOptions.chars, 'ucs2');
+    
+    // Encoding buffer.
+    var encodeBuf = Buffer.alloc(65536, iconv.defaultCharSingleByte.charCodeAt(0));
+
+    for (var i = 0; i < codecOptions.chars.length; i++)
+        encodeBuf[codecOptions.chars.charCodeAt(i)] = i;
+
+    this.encodeBuf = encodeBuf;
+}
+
+SBCSCodec.prototype.encoder = SBCSEncoder;
+SBCSCodec.prototype.decoder = SBCSDecoder;
+
+
+function SBCSEncoder(options, codec) {
+    this.encodeBuf = codec.encodeBuf;
+}
+
+SBCSEncoder.prototype.write = function(str) {
+    var buf = Buffer.alloc(str.length);
+    for (var i = 0; i < str.length; i++)
+        buf[i] = this.encodeBuf[str.charCodeAt(i)];
+    
+    return buf;
+}
+
+SBCSEncoder.prototype.end = function() {
+}
+
+
+function SBCSDecoder(options, codec) {
+    this.decodeBuf = codec.decodeBuf;
+}
+
+SBCSDecoder.prototype.write = function(buf) {
+    // Strings are immutable in JS -> we use ucs2 buffer to speed up computations.
+    var decodeBuf = this.decodeBuf;
+    var newBuf = Buffer.alloc(buf.length*2);
+    var idx1 = 0, idx2 = 0;
+    for (var i = 0; i < buf.length; i++) {
+        idx1 = buf[i]*2; idx2 = i*2;
+        newBuf[idx2] = decodeBuf[idx1];
+        newBuf[idx2+1] = decodeBuf[idx1+1];
+    }
+    return newBuf.toString('ucs2');
+}
+
+SBCSDecoder.prototype.end = function() {
+}
diff --git a/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/sbcs-data-generated.js b/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/sbcs-data-generated.js
new file mode 100644
index 0000000..9b48236
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/sbcs-data-generated.js
@@ -0,0 +1,451 @@
+"use strict";
+
+// Generated data for sbcs codec. Don't edit manually. Regenerate using generation/gen-sbcs.js script.
+module.exports = {
+  "437": "cp437",
+  "737": "cp737",
+  "775": "cp775",
+  "850": "cp850",
+  "852": "cp852",
+  "855": "cp855",
+  "856": "cp856",
+  "857": "cp857",
+  "858": "cp858",
+  "860": "cp860",
+  "861": "cp861",
+  "862": "cp862",
+  "863": "cp863",
+  "864": "cp864",
+  "865": "cp865",
+  "866": "cp866",
+  "869": "cp869",
+  "874": "windows874",
+  "922": "cp922",
+  "1046": "cp1046",
+  "1124": "cp1124",
+  "1125": "cp1125",
+  "1129": "cp1129",
+  "1133": "cp1133",
+  "1161": "cp1161",
+  "1162": "cp1162",
+  "1163": "cp1163",
+  "1250": "windows1250",
+  "1251": "windows1251",
+  "1252": "windows1252",
+  "1253": "windows1253",
+  "1254": "windows1254",
+  "1255": "windows1255",
+  "1256": "windows1256",
+  "1257": "windows1257",
+  "1258": "windows1258",
+  "28591": "iso88591",
+  "28592": "iso88592",
+  "28593": "iso88593",
+  "28594": "iso88594",
+  "28595": "iso88595",
+  "28596": "iso88596",
+  "28597": "iso88597",
+  "28598": "iso88598",
+  "28599": "iso88599",
+  "28600": "iso885910",
+  "28601": "iso885911",
+  "28603": "iso885913",
+  "28604": "iso885914",
+  "28605": "iso885915",
+  "28606": "iso885916",
+  "windows874": {
+    "type": "_sbcs",
+    "chars": "€����…�����������‘’“”•–—�������� กขฃคฅฆงจฉชซฌญฎฏฐฑฒณดตถทธนบปผฝพฟภมยรฤลฦวศษสหฬอฮฯะัาำิีึืฺุู����฿เแโใไๅๆ็่้๊๋์ํ๎๏๐๑๒๓๔๕๖๗๘๙๚๛����"
+  },
+  "win874": "windows874",
+  "cp874": "windows874",
+  "windows1250": {
+    "type": "_sbcs",
+    "chars": "€�‚�„…†‡�‰Š‹ŚŤŽŹ�‘’“”•–—�™š›śťžź ˇ˘Ł¤Ą¦§¨©Ş«¬­®Ż°±˛ł´µ¶·¸ąş»Ľ˝ľżŔÁÂĂÄĹĆÇČÉĘËĚÍÎĎĐŃŇÓÔŐÖ×ŘŮÚŰÜÝŢßŕáâăäĺćçčéęëěíîďđńňóôőö÷řůúűüýţ˙"
+  },
+  "win1250": "windows1250",
+  "cp1250": "windows1250",
+  "windows1251": {
+    "type": "_sbcs",
+    "chars": "ЂЃ‚ѓ„…†‡€‰Љ‹ЊЌЋЏђ‘’“”•–—�™љ›њќћџ ЎўЈ¤Ґ¦§Ё©Є«¬­®Ї°±Ііґµ¶·ё№є»јЅѕїАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯабвгдежзийклмнопрстуфхцчшщъыьэюя"
+  },
+  "win1251": "windows1251",
+  "cp1251": "windows1251",
+  "windows1252": {
+    "type": "_sbcs",
+    "chars": "€�‚ƒ„…†‡ˆ‰Š‹Œ�Ž��‘’“”•–—˜™š›œ�žŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ"
+  },
+  "win1252": "windows1252",
+  "cp1252": "windows1252",
+  "windows1253": {
+    "type": "_sbcs",
+    "chars": "€�‚ƒ„…†‡�‰�‹�����‘’“”•–—�™�›���� ΅Ά£¤¥¦§¨©�«¬­®―°±²³΄µ¶·ΈΉΊ»Ό½ΎΏΐΑΒΓΔΕΖΗΘΙΚΛΜΝΞΟΠΡ�ΣΤΥΦΧΨΩΪΫάέήίΰαβγδεζηθικλμνξοπρςστυφχψωϊϋόύώ�"
+  },
+  "win1253": "windows1253",
+  "cp1253": "windows1253",
+  "windows1254": {
+    "type": "_sbcs",
+    "chars": "€�‚ƒ„…†‡ˆ‰Š‹Œ����‘’“”•–—˜™š›œ��Ÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏĞÑÒÓÔÕÖ×ØÙÚÛÜİŞßàáâãäåæçèéêëìíîïğñòóôõö÷øùúûüışÿ"
+  },
+  "win1254": "windows1254",
+  "cp1254": "windows1254",
+  "windows1255": {
+    "type": "_sbcs",
+    "chars": "€�‚ƒ„…†‡ˆ‰�‹�����‘’“”•–—˜™�›���� ¡¢£₪¥¦§¨©×«¬­®¯°±²³´µ¶·¸¹÷»¼½¾¿ְֱֲֳִֵֶַָֹֺֻּֽ־ֿ׀ׁׂ׃װױײ׳״�������אבגדהוזחטיךכלםמןנסעףפץצקרשת��‎‏�"
+  },
+  "win1255": "windows1255",
+  "cp1255": "windows1255",
+  "windows1256": {
+    "type": "_sbcs",
+    "chars": "€پ‚ƒ„…†‡ˆ‰ٹ‹Œچژڈگ‘’“”•–—ک™ڑ›œ‌‍ں ،¢£¤¥¦§¨©ھ«¬­®¯°±²³´µ¶·¸¹؛»¼½¾؟ہءآأؤإئابةتثجحخدذرزسشصض×طظعغـفقكàلâمنهوçèéêëىيîïًٌٍَôُِ÷ّùْûü‎‏ے"
+  },
+  "win1256": "windows1256",
+  "cp1256": "windows1256",
+  "windows1257": {
+    "type": "_sbcs",
+    "chars": "€�‚�„…†‡�‰�‹�¨ˇ¸�‘’“”•–—�™�›�¯˛� �¢£¤�¦§Ø©Ŗ«¬­®Æ°±²³´µ¶·ø¹ŗ»¼½¾æĄĮĀĆÄÅĘĒČÉŹĖĢĶĪĻŠŃŅÓŌÕÖ×ŲŁŚŪÜŻŽßąįāćäåęēčéźėģķīļšńņóōõö÷ųłśūüżž˙"
+  },
+  "win1257": "windows1257",
+  "cp1257": "windows1257",
+  "windows1258": {
+    "type": "_sbcs",
+    "chars": "€�‚ƒ„…†‡ˆ‰�‹Œ����‘’“”•–—˜™�›œ��Ÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂĂÄÅÆÇÈÉÊË̀ÍÎÏĐÑ̉ÓÔƠÖ×ØÙÚÛÜỮßàáâăäåæçèéêë́íîïđṇ̃óôơö÷øùúûüư₫ÿ"
+  },
+  "win1258": "windows1258",
+  "cp1258": "windows1258",
+  "iso88591": {
+    "type": "_sbcs",
+    "chars": "€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ"
+  },
+  "cp28591": "iso88591",
+  "iso88592": {
+    "type": "_sbcs",
+    "chars": "€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ Ą˘Ł¤ĽŚ§¨ŠŞŤŹ­ŽŻ°ą˛ł´ľśˇ¸šşťź˝žżŔÁÂĂÄĹĆÇČÉĘËĚÍÎĎĐŃŇÓÔŐÖ×ŘŮÚŰÜÝŢßŕáâăäĺćçčéęëěíîďđńňóôőö÷řůúűüýţ˙"
+  },
+  "cp28592": "iso88592",
+  "iso88593": {
+    "type": "_sbcs",
+    "chars": "€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ Ħ˘£¤�Ĥ§¨İŞĞĴ­�Ż°ħ²³´µĥ·¸ışğĵ½�żÀÁÂ�ÄĊĈÇÈÉÊËÌÍÎÏ�ÑÒÓÔĠÖ×ĜÙÚÛÜŬŜßàáâ�äċĉçèéêëìíîï�ñòóôġö÷ĝùúûüŭŝ˙"
+  },
+  "cp28593": "iso88593",
+  "iso88594": {
+    "type": "_sbcs",
+    "chars": "€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ĄĸŖ¤ĨĻ§¨ŠĒĢŦ­Ž¯°ą˛ŗ´ĩļˇ¸šēģŧŊžŋĀÁÂÃÄÅÆĮČÉĘËĖÍÎĪĐŅŌĶÔÕÖ×ØŲÚÛÜŨŪßāáâãäåæįčéęëėíîīđņōķôõö÷øųúûüũū˙"
+  },
+  "cp28594": "iso88594",
+  "iso88595": {
+    "type": "_sbcs",
+    "chars": "€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ЁЂЃЄЅІЇЈЉЊЋЌ­ЎЏАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯабвгдежзийклмнопрстуфхцчшщъыьэюя№ёђѓєѕіїјљњћќ§ўџ"
+  },
+  "cp28595": "iso88595",
+  "iso88596": {
+    "type": "_sbcs",
+    "chars": "€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ���¤�������،­�������������؛���؟�ءآأؤإئابةتثجحخدذرزسشصضطظعغ�����ـفقكلمنهوىيًٌٍَُِّْ�������������"
+  },
+  "cp28596": "iso88596",
+  "iso88597": {
+    "type": "_sbcs",
+    "chars": "€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ‘’£€₯¦§¨©ͺ«¬­�―°±²³΄΅Ά·ΈΉΊ»Ό½ΎΏΐΑΒΓΔΕΖΗΘΙΚΛΜΝΞΟΠΡ�ΣΤΥΦΧΨΩΪΫάέήίΰαβγδεζηθικλμνξοπρςστυφχψωϊϋόύώ�"
+  },
+  "cp28597": "iso88597",
+  "iso88598": {
+    "type": "_sbcs",
+    "chars": "€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ �¢£¤¥¦§¨©×«¬­®¯°±²³´µ¶·¸¹÷»¼½¾��������������������������������‗אבגדהוזחטיךכלםמןנסעףפץצקרשת��‎‏�"
+  },
+  "cp28598": "iso88598",
+  "iso88599": {
+    "type": "_sbcs",
+    "chars": "€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏĞÑÒÓÔÕÖ×ØÙÚÛÜİŞßàáâãäåæçèéêëìíîïğñòóôõö÷øùúûüışÿ"
+  },
+  "cp28599": "iso88599",
+  "iso885910": {
+    "type": "_sbcs",
+    "chars": "€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ĄĒĢĪĨĶ§ĻĐŠŦŽ­ŪŊ°ąēģīĩķ·ļđšŧž―ūŋĀÁÂÃÄÅÆĮČÉĘËĖÍÎÏÐŅŌÓÔÕÖŨØŲÚÛÜÝÞßāáâãäåæįčéęëėíîïðņōóôõöũøųúûüýþĸ"
+  },
+  "cp28600": "iso885910",
+  "iso885911": {
+    "type": "_sbcs",
+    "chars": "€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ กขฃคฅฆงจฉชซฌญฎฏฐฑฒณดตถทธนบปผฝพฟภมยรฤลฦวศษสหฬอฮฯะัาำิีึืฺุู����฿เแโใไๅๆ็่้๊๋์ํ๎๏๐๑๒๓๔๕๖๗๘๙๚๛����"
+  },
+  "cp28601": "iso885911",
+  "iso885913": {
+    "type": "_sbcs",
+    "chars": "€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ”¢£¤„¦§Ø©Ŗ«¬­®Æ°±²³“µ¶·ø¹ŗ»¼½¾æĄĮĀĆÄÅĘĒČÉŹĖĢĶĪĻŠŃŅÓŌÕÖ×ŲŁŚŪÜŻŽßąįāćäåęēčéźėģķīļšńņóōõö÷ųłśūüżž’"
+  },
+  "cp28603": "iso885913",
+  "iso885914": {
+    "type": "_sbcs",
+    "chars": "€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ Ḃḃ£ĊċḊ§Ẁ©ẂḋỲ­®ŸḞḟĠġṀṁ¶ṖẁṗẃṠỳẄẅṡÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏŴÑÒÓÔÕÖṪØÙÚÛÜÝŶßàáâãäåæçèéêëìíîïŵñòóôõöṫøùúûüýŷÿ"
+  },
+  "cp28604": "iso885914",
+  "iso885915": {
+    "type": "_sbcs",
+    "chars": "€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ¡¢£€¥Š§š©ª«¬­®¯°±²³Žµ¶·ž¹º»ŒœŸ¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ"
+  },
+  "cp28605": "iso885915",
+  "iso885916": {
+    "type": "_sbcs",
+    "chars": "€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ĄąŁ€„Š§š©Ș«Ź­źŻ°±ČłŽ”¶·žčș»ŒœŸżÀÁÂĂÄĆÆÇÈÉÊËÌÍÎÏĐŃÒÓÔŐÖŚŰÙÚÛÜĘȚßàáâăäćæçèéêëìíîïđńòóôőöśűùúûüęțÿ"
+  },
+  "cp28606": "iso885916",
+  "cp437": {
+    "type": "_sbcs",
+    "chars": "ÇüéâäàåçêëèïîìÄÅÉæÆôöòûùÿÖÜ¢£¥₧ƒáíóúñѪº¿⌐¬½¼¡«»░▒▓│┤╡╢╖╕╣║╗╝╜╛┐└┴┬├─┼╞╟╚╔╩╦╠═╬╧╨╤╥╙╘╒╓╫╪┘┌█▄▌▐▀αßΓπΣσµτΦΘΩδ∞φε∩≡±≥≤⌠⌡÷≈°∙·√ⁿ²■ "
+  },
+  "ibm437": "cp437",
+  "csibm437": "cp437",
+  "cp737": {
+    "type": "_sbcs",
+    "chars": "ΑΒΓΔΕΖΗΘΙΚΛΜΝΞΟΠΡΣΤΥΦΧΨΩαβγδεζηθικλμνξοπρσςτυφχψ░▒▓│┤╡╢╖╕╣║╗╝╜╛┐└┴┬├─┼╞╟╚╔╩╦╠═╬╧╨╤╥╙╘╒╓╫╪┘┌█▄▌▐▀ωάέήϊίόύϋώΆΈΉΊΌΎΏ±≥≤ΪΫ÷≈°∙·√ⁿ²■ "
+  },
+  "ibm737": "cp737",
+  "csibm737": "cp737",
+  "cp775": {
+    "type": "_sbcs",
+    "chars": "ĆüéāäģåćłēŖŗīŹÄÅÉæÆōöĢ¢ŚśÖÜø£ØפĀĪóŻżź”¦©®¬½¼Ł«»░▒▓│┤ĄČĘĖ╣║╗╝ĮŠ┐└┴┬├─┼ŲŪ╚╔╩╦╠═╬Žąčęėįšųūž┘┌█▄▌▐▀ÓßŌŃõÕµńĶķĻļņĒŅ’­±“¾¶§÷„°∙·¹³²■ "
+  },
+  "ibm775": "cp775",
+  "csibm775": "cp775",
+  "cp850": {
+    "type": "_sbcs",
+    "chars": "ÇüéâäàåçêëèïîìÄÅÉæÆôöòûùÿÖÜø£Ø׃áíóúñѪº¿®¬½¼¡«»░▒▓│┤ÁÂÀ©╣║╗╝¢¥┐└┴┬├─┼ãÃ╚╔╩╦╠═╬¤ðÐÊËÈıÍÎÏ┘┌█▄¦Ì▀ÓßÔÒõÕµþÞÚÛÙýݯ´­±‗¾¶§÷¸°¨·¹³²■ "
+  },
+  "ibm850": "cp850",
+  "csibm850": "cp850",
+  "cp852": {
+    "type": "_sbcs",
+    "chars": "ÇüéâäůćçłëŐőîŹÄĆÉĹĺôöĽľŚśÖÜŤťŁ×čáíóúĄąŽžĘ꬟Ⱥ«»░▒▓│┤ÁÂĚŞ╣║╗╝Żż┐└┴┬├─┼Ăă╚╔╩╦╠═╬¤đĐĎËďŇÍÎě┘┌█▄ŢŮ▀ÓßÔŃńňŠšŔÚŕŰýÝţ´­˝˛ˇ˘§÷¸°¨˙űŘř■ "
+  },
+  "ibm852": "cp852",
+  "csibm852": "cp852",
+  "cp855": {
+    "type": "_sbcs",
+    "chars": "ђЂѓЃёЁєЄѕЅіІїЇјЈљЉњЊћЋќЌўЎџЏюЮъЪаАбБцЦдДеЕфФгГ«»░▒▓│┤хХиИ╣║╗╝йЙ┐└┴┬├─┼кК╚╔╩╦╠═╬¤лЛмМнНоОп┘┌█▄Пя▀ЯрРсСтТуУжЖвВьЬ№­ыЫзЗшШэЭщЩчЧ§■ "
+  },
+  "ibm855": "cp855",
+  "csibm855": "cp855",
+  "cp856": {
+    "type": "_sbcs",
+    "chars": "אבגדהוזחטיךכלםמןנסעףפץצקרשת�£�×����������®¬½¼�«»░▒▓│┤���©╣║╗╝¢¥┐└┴┬├─┼��╚╔╩╦╠═╬¤���������┘┌█▄¦�▀������µ�������¯´­±‗¾¶§÷¸°¨·¹³²■ "
+  },
+  "ibm856": "cp856",
+  "csibm856": "cp856",
+  "cp857": {
+    "type": "_sbcs",
+    "chars": "ÇüéâäàåçêëèïîıÄÅÉæÆôöòûùİÖÜø£ØŞşáíóúñÑĞ𿮬½¼¡«»░▒▓│┤ÁÂÀ©╣║╗╝¢¥┐└┴┬├─┼ãÃ╚╔╩╦╠═╬¤ºªÊËÈ�ÍÎÏ┘┌█▄¦Ì▀ÓßÔÒõÕµ�×ÚÛÙìÿ¯´­±�¾¶§÷¸°¨·¹³²■ "
+  },
+  "ibm857": "cp857",
+  "csibm857": "cp857",
+  "cp858": {
+    "type": "_sbcs",
+    "chars": "ÇüéâäàåçêëèïîìÄÅÉæÆôöòûùÿÖÜø£Ø׃áíóúñѪº¿®¬½¼¡«»░▒▓│┤ÁÂÀ©╣║╗╝¢¥┐└┴┬├─┼ãÃ╚╔╩╦╠═╬¤ðÐÊËÈ€ÍÎÏ┘┌█▄¦Ì▀ÓßÔÒõÕµþÞÚÛÙýݯ´­±‗¾¶§÷¸°¨·¹³²■ "
+  },
+  "ibm858": "cp858",
+  "csibm858": "cp858",
+  "cp860": {
+    "type": "_sbcs",
+    "chars": "ÇüéâãàÁçêÊèÍÔìÃÂÉÀÈôõòÚùÌÕÜ¢£Ù₧ÓáíóúñѪº¿Ò¬½¼¡«»░▒▓│┤╡╢╖╕╣║╗╝╜╛┐└┴┬├─┼╞╟╚╔╩╦╠═╬╧╨╤╥╙╘╒╓╫╪┘┌█▄▌▐▀αßΓπΣσµτΦΘΩδ∞φε∩≡±≥≤⌠⌡÷≈°∙·√ⁿ²■ "
+  },
+  "ibm860": "cp860",
+  "csibm860": "cp860",
+  "cp861": {
+    "type": "_sbcs",
+    "chars": "ÇüéâäàåçêëèÐðÞÄÅÉæÆôöþûÝýÖÜø£Ø₧ƒáíóúÁÍÓÚ¿⌐¬½¼¡«»░▒▓│┤╡╢╖╕╣║╗╝╜╛┐└┴┬├─┼╞╟╚╔╩╦╠═╬╧╨╤╥╙╘╒╓╫╪┘┌█▄▌▐▀αßΓπΣσµτΦΘΩδ∞φε∩≡±≥≤⌠⌡÷≈°∙·√ⁿ²■ "
+  },
+  "ibm861": "cp861",
+  "csibm861": "cp861",
+  "cp862": {
+    "type": "_sbcs",
+    "chars": "אבגדהוזחטיךכלםמןנסעףפץצקרשת¢£¥₧ƒáíóúñѪº¿⌐¬½¼¡«»░▒▓│┤╡╢╖╕╣║╗╝╜╛┐└┴┬├─┼╞╟╚╔╩╦╠═╬╧╨╤╥╙╘╒╓╫╪┘┌█▄▌▐▀αßΓπΣσµτΦΘΩδ∞φε∩≡±≥≤⌠⌡÷≈°∙·√ⁿ²■ "
+  },
+  "ibm862": "cp862",
+  "csibm862": "cp862",
+  "cp863": {
+    "type": "_sbcs",
+    "chars": "ÇüéâÂà¶çêëèïî‗À§ÉÈÊôËÏûù¤ÔÜ¢£ÙÛƒ¦´óú¨¸³¯Î⌐¬½¼¾«»░▒▓│┤╡╢╖╕╣║╗╝╜╛┐└┴┬├─┼╞╟╚╔╩╦╠═╬╧╨╤╥╙╘╒╓╫╪┘┌█▄▌▐▀αßΓπΣσµτΦΘΩδ∞φε∩≡±≥≤⌠⌡÷≈°∙·√ⁿ²■ "
+  },
+  "ibm863": "cp863",
+  "csibm863": "cp863",
+  "cp864": {
+    "type": "_sbcs",
+    "chars": "\u0000\u0001\u0002\u0003\u0004\u0005\u0006\u0007\b\t\n\u000b\f\r\u000e\u000f\u0010\u0011\u0012\u0013\u0014\u0015\u0016\u0017\u0018\u0019\u001a\u001b\u001c\u001d\u001e\u001f !\"#$٪&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~°·∙√▒─│┼┤┬├┴┐┌└┘β∞φ±½¼≈«»ﻷﻸ��ﻻﻼ� ­ﺂ£¤ﺄ��ﺎﺏﺕﺙ،ﺝﺡﺥ٠١٢٣٤٥٦٧٨٩ﻑ؛ﺱﺵﺹ؟¢ﺀﺁﺃﺅﻊﺋﺍﺑﺓﺗﺛﺟﺣﺧﺩﺫﺭﺯﺳﺷﺻﺿﻁﻅﻋﻏ¦¬÷×ﻉـﻓﻗﻛﻟﻣﻧﻫﻭﻯﻳﺽﻌﻎﻍﻡﹽّﻥﻩﻬﻰﻲﻐﻕﻵﻶﻝﻙﻱ■�"
+  },
+  "ibm864": "cp864",
+  "csibm864": "cp864",
+  "cp865": {
+    "type": "_sbcs",
+    "chars": "ÇüéâäàåçêëèïîìÄÅÉæÆôöòûùÿÖÜø£Ø₧ƒáíóúñѪº¿⌐¬½¼¡«¤░▒▓│┤╡╢╖╕╣║╗╝╜╛┐└┴┬├─┼╞╟╚╔╩╦╠═╬╧╨╤╥╙╘╒╓╫╪┘┌█▄▌▐▀αßΓπΣσµτΦΘΩδ∞φε∩≡±≥≤⌠⌡÷≈°∙·√ⁿ²■ "
+  },
+  "ibm865": "cp865",
+  "csibm865": "cp865",
+  "cp866": {
+    "type": "_sbcs",
+    "chars": "АБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯабвгдежзийклмноп░▒▓│┤╡╢╖╕╣║╗╝╜╛┐└┴┬├─┼╞╟╚╔╩╦╠═╬╧╨╤╥╙╘╒╓╫╪┘┌█▄▌▐▀рстуфхцчшщъыьэюяЁёЄєЇїЎў°∙·√№¤■ "
+  },
+  "ibm866": "cp866",
+  "csibm866": "cp866",
+  "cp869": {
+    "type": "_sbcs",
+    "chars": "������Ά�·¬¦‘’Έ―ΉΊΪΌ��ΎΫ©Ώ²³ά£έήίϊΐόύΑΒΓΔΕΖΗ½ΘΙ«»░▒▓│┤ΚΛΜΝ╣║╗╝ΞΟ┐└┴┬├─┼ΠΡ╚╔╩╦╠═╬ΣΤΥΦΧΨΩαβγ┘┌█▄δε▀ζηθικλμνξοπρσςτ΄­±υφχ§ψ΅°¨ωϋΰώ■ "
+  },
+  "ibm869": "cp869",
+  "csibm869": "cp869",
+  "cp922": {
+    "type": "_sbcs",
+    "chars": "€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ¡¢£¤¥¦§¨©ª«¬­®‾°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏŠÑÒÓÔÕÖ×ØÙÚÛÜÝŽßàáâãäåæçèéêëìíîïšñòóôõö÷øùúûüýžÿ"
+  },
+  "ibm922": "cp922",
+  "csibm922": "cp922",
+  "cp1046": {
+    "type": "_sbcs",
+    "chars": "ﺈ×÷ﹱˆ■│─┐┌└┘ﹹﹻﹽﹿﹷﺊﻰﻳﻲﻎﻏﻐﻶﻸﻺﻼ ¤ﺋﺑﺗﺛﺟﺣ،­ﺧﺳ٠١٢٣٤٥٦٧٨٩ﺷ؛ﺻﺿﻊ؟ﻋءآأؤإئابةتثجحخدذرزسشصضطﻇعغﻌﺂﺄﺎﻓـفقكلمنهوىيًٌٍَُِّْﻗﻛﻟﻵﻷﻹﻻﻣﻧﻬﻩ�"
+  },
+  "ibm1046": "cp1046",
+  "csibm1046": "cp1046",
+  "cp1124": {
+    "type": "_sbcs",
+    "chars": "€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ЁЂҐЄЅІЇЈЉЊЋЌ­ЎЏАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯабвгдежзийклмнопрстуфхцчшщъыьэюя№ёђґєѕіїјљњћќ§ўџ"
+  },
+  "ibm1124": "cp1124",
+  "csibm1124": "cp1124",
+  "cp1125": {
+    "type": "_sbcs",
+    "chars": "АБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯабвгдежзийклмноп░▒▓│┤╡╢╖╕╣║╗╝╜╛┐└┴┬├─┼╞╟╚╔╩╦╠═╬╧╨╤╥╙╘╒╓╫╪┘┌█▄▌▐▀рстуфхцчшщъыьэюяЁёҐґЄєІіЇї·√№¤■ "
+  },
+  "ibm1125": "cp1125",
+  "csibm1125": "cp1125",
+  "cp1129": {
+    "type": "_sbcs",
+    "chars": "€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ¡¢£¤¥¦§œ©ª«¬­®¯°±²³Ÿµ¶·Œ¹º»¼½¾¿ÀÁÂĂÄÅÆÇÈÉÊË̀ÍÎÏĐÑ̉ÓÔƠÖ×ØÙÚÛÜỮßàáâăäåæçèéêë́íîïđṇ̃óôơö÷øùúûüư₫ÿ"
+  },
+  "ibm1129": "cp1129",
+  "csibm1129": "cp1129",
+  "cp1133": {
+    "type": "_sbcs",
+    "chars": "€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ກຂຄງຈສຊຍດຕຖທນບປຜຝພຟມຢຣລວຫອຮ���ຯະາຳິີຶືຸູຼັົຽ���ເແໂໃໄ່້໊໋໌ໍໆ�ໜໝ₭����������������໐໑໒໓໔໕໖໗໘໙��¢¬¦�"
+  },
+  "ibm1133": "cp1133",
+  "csibm1133": "cp1133",
+  "cp1161": {
+    "type": "_sbcs",
+    "chars": "��������������������������������่กขฃคฅฆงจฉชซฌญฎฏฐฑฒณดตถทธนบปผฝพฟภมยรฤลฦวศษสหฬอฮฯะัาำิีึืฺุู้๊๋€฿เแโใไๅๆ็่้๊๋์ํ๎๏๐๑๒๓๔๕๖๗๘๙๚๛¢¬¦ "
+  },
+  "ibm1161": "cp1161",
+  "csibm1161": "cp1161",
+  "cp1162": {
+    "type": "_sbcs",
+    "chars": "€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ กขฃคฅฆงจฉชซฌญฎฏฐฑฒณดตถทธนบปผฝพฟภมยรฤลฦวศษสหฬอฮฯะัาำิีึืฺุู����฿เแโใไๅๆ็่้๊๋์ํ๎๏๐๑๒๓๔๕๖๗๘๙๚๛����"
+  },
+  "ibm1162": "cp1162",
+  "csibm1162": "cp1162",
+  "cp1163": {
+    "type": "_sbcs",
+    "chars": "€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ¡¢£€¥¦§œ©ª«¬­®¯°±²³Ÿµ¶·Œ¹º»¼½¾¿ÀÁÂĂÄÅÆÇÈÉÊË̀ÍÎÏĐÑ̉ÓÔƠÖ×ØÙÚÛÜỮßàáâăäåæçèéêë́íîïđṇ̃óôơö÷øùúûüư₫ÿ"
+  },
+  "ibm1163": "cp1163",
+  "csibm1163": "cp1163",
+  "maccroatian": {
+    "type": "_sbcs",
+    "chars": "ÄÅÇÉÑÖÜáàâäãåçéèêëíìîïñóòôöõúùûü†°¢£§•¶ß®Š™´¨≠ŽØ∞±≤≥∆µ∂∑∏š∫ªºΩžø¿¡¬√ƒ≈Ć«Č… ÀÃÕŒœĐ—“”‘’÷◊�©⁄¤‹›Æ»–·‚„‰ÂćÁčÈÍÎÏÌÓÔđÒÚÛÙıˆ˜¯πË˚¸Êæˇ"
+  },
+  "maccyrillic": {
+    "type": "_sbcs",
+    "chars": "АБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯ†°¢£§•¶І®©™Ђђ≠Ѓѓ∞±≤≥іµ∂ЈЄєЇїЉљЊњјЅ¬√ƒ≈∆«»… ЋћЌќѕ–—“”‘’÷„ЎўЏџ№Ёёяабвгдежзийклмнопрстуфхцчшщъыьэю¤"
+  },
+  "macgreek": {
+    "type": "_sbcs",
+    "chars": "Ĺ²É³ÖÜ΅àâä΄¨çéèê룙î‰ôö¦­ùûü†ΓΔΘΛΞΠß®©ΣΪ§≠°·Α±≤≥¥ΒΕΖΗΙΚΜΦΫΨΩάΝ¬ΟΡ≈Τ«»… ΥΧΆΈœ–―“”‘’÷ΉΊΌΎέήίόΏύαβψδεφγηιξκλμνοπώρστθωςχυζϊϋΐΰ�"
+  },
+  "maciceland": {
+    "type": "_sbcs",
+    "chars": "ÄÅÇÉÑÖÜáàâäãåçéèêëíìîïñóòôöõúùûüÝ°¢£§•¶ß®©™´¨≠ÆØ∞±≤≥¥µ∂∑∏π∫ªºΩæø¿¡¬√ƒ≈∆«»… ÀÃÕŒœ–—“”‘’÷◊ÿŸ⁄¤ÐðÞþý·‚„‰ÂÊÁËÈÍÎÏÌÓÔ�ÒÚÛÙıˆ˜¯˘˙˚¸˝˛ˇ"
+  },
+  "macroman": {
+    "type": "_sbcs",
+    "chars": "ÄÅÇÉÑÖÜáàâäãåçéèêëíìîïñóòôöõúùûü†°¢£§•¶ß®©™´¨≠ÆØ∞±≤≥¥µ∂∑∏π∫ªºΩæø¿¡¬√ƒ≈∆«»… ÀÃÕŒœ–—“”‘’÷◊ÿŸ⁄¤‹›fifl‡·‚„‰ÂÊÁËÈÍÎÏÌÓÔ�ÒÚÛÙıˆ˜¯˘˙˚¸˝˛ˇ"
+  },
+  "macromania": {
+    "type": "_sbcs",
+    "chars": "ÄÅÇÉÑÖÜáàâäãåçéèêëíìîïñóòôöõúùûü†°¢£§•¶ß®©™´¨≠ĂŞ∞±≤≥¥µ∂∑∏π∫ªºΩăş¿¡¬√ƒ≈∆«»… ÀÃÕŒœ–—“”‘’÷◊ÿŸ⁄¤‹›Ţţ‡·‚„‰ÂÊÁËÈÍÎÏÌÓÔ�ÒÚÛÙıˆ˜¯˘˙˚¸˝˛ˇ"
+  },
+  "macthai": {
+    "type": "_sbcs",
+    "chars": "«»…“”�•‘’� กขฃคฅฆงจฉชซฌญฎฏฐฑฒณดตถทธนบปผฝพฟภมยรฤลฦวศษสหฬอฮฯะัาำิีึืฺุู​–—฿เแโใไๅๆ็่้๊๋์ํ™๏๐๑๒๓๔๕๖๗๘๙®©����"
+  },
+  "macturkish": {
+    "type": "_sbcs",
+    "chars": "ÄÅÇÉÑÖÜáàâäãåçéèêëíìîïñóòôöõúùûü†°¢£§•¶ß®©™´¨≠ÆØ∞±≤≥¥µ∂∑∏π∫ªºΩæø¿¡¬√ƒ≈∆«»… ÀÃÕŒœ–—“”‘’÷◊ÿŸĞğİıŞş‡·‚„‰ÂÊÁËÈÍÎÏÌÓÔ�ÒÚÛÙ�ˆ˜¯˘˙˚¸˝˛ˇ"
+  },
+  "macukraine": {
+    "type": "_sbcs",
+    "chars": "АБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯ†°Ґ£§•¶І®©™Ђђ≠Ѓѓ∞±≤≥іµґЈЄєЇїЉљЊњјЅ¬√ƒ≈∆«»… ЋћЌќѕ–—“”‘’÷„ЎўЏџ№Ёёяабвгдежзийклмнопрстуфхцчшщъыьэю¤"
+  },
+  "koi8r": {
+    "type": "_sbcs",
+    "chars": "─│┌┐└┘├┤┬┴┼▀▄█▌▐░▒▓⌠■∙√≈≤≥ ⌡°²·÷═║╒ё╓╔╕╖╗╘╙╚╛╜╝╞╟╠╡Ё╢╣╤╥╦╧╨╩╪╫╬©юабцдефгхийклмнопярстужвьызшэщчъЮАБЦДЕФГХИЙКЛМНОПЯРСТУЖВЬЫЗШЭЩЧЪ"
+  },
+  "koi8u": {
+    "type": "_sbcs",
+    "chars": "─│┌┐└┘├┤┬┴┼▀▄█▌▐░▒▓⌠■∙√≈≤≥ ⌡°²·÷═║╒ёє╔ії╗╘╙╚╛ґ╝╞╟╠╡ЁЄ╣ІЇ╦╧╨╩╪Ґ╬©юабцдефгхийклмнопярстужвьызшэщчъЮАБЦДЕФГХИЙКЛМНОПЯРСТУЖВЬЫЗШЭЩЧЪ"
+  },
+  "koi8ru": {
+    "type": "_sbcs",
+    "chars": "─│┌┐└┘├┤┬┴┼▀▄█▌▐░▒▓⌠■∙√≈≤≥ ⌡°²·÷═║╒ёє╔ії╗╘╙╚╛ґў╞╟╠╡ЁЄ╣ІЇ╦╧╨╩╪ҐЎ©юабцдефгхийклмнопярстужвьызшэщчъЮАБЦДЕФГХИЙКЛМНОПЯРСТУЖВЬЫЗШЭЩЧЪ"
+  },
+  "koi8t": {
+    "type": "_sbcs",
+    "chars": "қғ‚Ғ„…†‡�‰ҳ‹ҲҷҶ�Қ‘’“”•–—�™�›�����ӯӮё¤ӣ¦§���«¬­®�°±²Ё�Ӣ¶·�№�»���©юабцдефгхийклмнопярстужвьызшэщчъЮАБЦДЕФГХИЙКЛМНОПЯРСТУЖВЬЫЗШЭЩЧЪ"
+  },
+  "armscii8": {
+    "type": "_sbcs",
+    "chars": "€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ �և։)(»«—.՝,-֊…՜՛՞ԱաԲբԳգԴդԵեԶզԷէԸըԹթԺժԻիԼլԽխԾծԿկՀհՁձՂղՃճՄմՅյՆնՇշՈոՉչՊպՋջՌռՍսՎվՏտՐրՑցՒւՓփՔքՕօՖֆ՚�"
+  },
+  "rk1048": {
+    "type": "_sbcs",
+    "chars": "ЂЃ‚ѓ„…†‡€‰Љ‹ЊҚҺЏђ‘’“”•–—�™љ›њқһџ ҰұӘ¤Ө¦§Ё©Ғ«¬­®Ү°±Ііөµ¶·ё№ғ»әҢңүАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯабвгдежзийклмнопрстуфхцчшщъыьэюя"
+  },
+  "tcvn": {
+    "type": "_sbcs",
+    "chars": "\u0000ÚỤ\u0003ỪỬỮ\u0007\b\t\n\u000b\f\r\u000e\u000f\u0010ỨỰỲỶỸÝỴ\u0018\u0019\u001a\u001b\u001c\u001d\u001e\u001f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~ÀẢÃÁẠẶẬÈẺẼÉẸỆÌỈĨÍỊÒỎÕÓỌỘỜỞỠỚỢÙỦŨ ĂÂÊÔƠƯĐăâêôơưđẶ̀̀̉̃́àảãáạẲằẳẵắẴẮẦẨẪẤỀặầẩẫấậèỂẻẽéẹềểễếệìỉỄẾỒĩíịòỔỏõóọồổỗốộờởỡớợùỖủũúụừửữứựỳỷỹýỵỐ"
+  },
+  "georgianacademy": {
+    "type": "_sbcs",
+    "chars": "€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿აბგდევზთიკლმნოპჟრსტუფქღყშჩცძწჭხჯჰჱჲჳჴჵჶçèéêëìíîïðñòóôõö÷øùúûüýþÿ"
+  },
+  "georgianps": {
+    "type": "_sbcs",
+    "chars": "€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿აბგდევზჱთიკლმნჲოპჟრსტჳუფქღყშჩცძწჭხჴჯჰჵæçèéêëìíîïðñòóôõö÷øùúûüýþÿ"
+  },
+  "pt154": {
+    "type": "_sbcs",
+    "chars": "ҖҒӮғ„…ҶҮҲүҠӢҢҚҺҸҗ‘’“”•–—ҳҷҡӣңқһҹ ЎўЈӨҘҰ§Ё©Ә«¬ӯ®Ҝ°ұІіҙө¶·ё№ә»јҪҫҝАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯабвгдежзийклмнопрстуфхцчшщъыьэюя"
+  },
+  "viscii": {
+    "type": "_sbcs",
+    "chars": "\u0000\u0001Ẳ\u0003\u0004ẴẪ\u0007\b\t\n\u000b\f\r\u000e\u000f\u0010\u0011\u0012\u0013Ỷ\u0015\u0016\u0017\u0018Ỹ\u001a\u001b\u001c\u001dỴ\u001f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~ẠẮẰẶẤẦẨẬẼẸẾỀỂỄỆỐỒỔỖỘỢỚỜỞỊỎỌỈỦŨỤỲÕắằặấầẩậẽẹếềểễệốồổỗỠƠộờởịỰỨỪỬơớƯÀÁÂÃẢĂẳẵÈÉÊẺÌÍĨỳĐứÒÓÔạỷừửÙÚỹỵÝỡưàáâãảăữẫèéêẻìíĩỉđựòóôõỏọụùúũủýợỮ"
+  },
+  "iso646cn": {
+    "type": "_sbcs",
+    "chars": "\u0000\u0001\u0002\u0003\u0004\u0005\u0006\u0007\b\t\n\u000b\f\r\u000e\u000f\u0010\u0011\u0012\u0013\u0014\u0015\u0016\u0017\u0018\u0019\u001a\u001b\u001c\u001d\u001e\u001f !\"#¥%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}‾��������������������������������������������������������������������������������������������������������������������������������"
+  },
+  "iso646jp": {
+    "type": "_sbcs",
+    "chars": "\u0000\u0001\u0002\u0003\u0004\u0005\u0006\u0007\b\t\n\u000b\f\r\u000e\u000f\u0010\u0011\u0012\u0013\u0014\u0015\u0016\u0017\u0018\u0019\u001a\u001b\u001c\u001d\u001e\u001f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[¥]^_`abcdefghijklmnopqrstuvwxyz{|}‾��������������������������������������������������������������������������������������������������������������������������������"
+  },
+  "hproman8": {
+    "type": "_sbcs",
+    "chars": "€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ÀÂÈÊËÎÏ´ˋˆ¨˜ÙÛ₤¯Ýý°ÇçÑñ¡¿¤£¥§ƒ¢âêôûáéóúàèòùäëöüÅîØÆåíøæÄìÖÜÉïßÔÁÃãÐðÍÌÓÒÕõŠšÚŸÿÞþ·µ¶¾—¼½ªº«■»±�"
+  },
+  "macintosh": {
+    "type": "_sbcs",
+    "chars": "ÄÅÇÉÑÖÜáàâäãåçéèêëíìîïñóòôöõúùûü†°¢£§•¶ß®©™´¨≠ÆØ∞±≤≥¥µ∂∑∏π∫ªºΩæø¿¡¬√ƒ≈∆«»… ÀÃÕŒœ–—“”‘’÷◊ÿŸ⁄¤‹›fifl‡·‚„‰ÂÊÁËÈÍÎÏÌÓÔ�ÒÚÛÙıˆ˜¯˘˙˚¸˝˛ˇ"
+  },
+  "ascii": {
+    "type": "_sbcs",
+    "chars": "��������������������������������������������������������������������������������������������������������������������������������"
+  },
+  "tis620": {
+    "type": "_sbcs",
+    "chars": "���������������������������������กขฃคฅฆงจฉชซฌญฎฏฐฑฒณดตถทธนบปผฝพฟภมยรฤลฦวศษสหฬอฮฯะัาำิีึืฺุู����฿เแโใไๅๆ็่้๊๋์ํ๎๏๐๑๒๓๔๕๖๗๘๙๚๛����"
+  }
+}
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/sbcs-data.js b/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/sbcs-data.js
new file mode 100644
index 0000000..fdb81a3
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/sbcs-data.js
@@ -0,0 +1,174 @@
+"use strict";
+
+// Manually added data to be used by sbcs codec in addition to generated one.
+
+module.exports = {
+    // Not supported by iconv, not sure why.
+    "10029": "maccenteuro",
+    "maccenteuro": {
+        "type": "_sbcs",
+        "chars": "ÄĀāÉĄÖÜáąČäčĆć鏟ĎíďĒēĖóėôöõúĚěü†°Ę£§•¶ß®©™ę¨≠ģĮįĪ≤≥īĶ∂∑łĻļĽľĹĺŅņѬ√ńŇ∆«»… ňŐÕőŌ–—“”‘’÷◊ōŔŕŘ‹›řŖŗŠ‚„šŚśÁŤťÍŽžŪÓÔūŮÚůŰűŲųÝýķŻŁżĢˇ"
+    },
+
+    "808": "cp808",
+    "ibm808": "cp808",
+    "cp808": {
+        "type": "_sbcs",
+        "chars": "АБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯабвгдежзийклмноп░▒▓│┤╡╢╖╕╣║╗╝╜╛┐└┴┬├─┼╞╟╚╔╩╦╠═╬╧╨╤╥╙╘╒╓╫╪┘┌█▄▌▐▀рстуфхцчшщъыьэюяЁёЄєЇїЎў°∙·√№€■ "
+    },
+
+    "mik": {
+        "type": "_sbcs",
+        "chars": "АБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯабвгдежзийклмнопрстуфхцчшщъыьэюя└┴┬├─┼╣║╚╔╩╦╠═╬┐░▒▓│┤№§╗╝┘┌█▄▌▐▀αßΓπΣσµτΦΘΩδ∞φε∩≡±≥≤⌠⌡÷≈°∙·√ⁿ²■ "
+    },
+
+    // Aliases of generated encodings.
+    "ascii8bit": "ascii",
+    "usascii": "ascii",
+    "ansix34": "ascii",
+    "ansix341968": "ascii",
+    "ansix341986": "ascii",
+    "csascii": "ascii",
+    "cp367": "ascii",
+    "ibm367": "ascii",
+    "isoir6": "ascii",
+    "iso646us": "ascii",
+    "iso646irv": "ascii",
+    "us": "ascii",
+
+    "latin1": "iso88591",
+    "latin2": "iso88592",
+    "latin3": "iso88593",
+    "latin4": "iso88594",
+    "latin5": "iso88599",
+    "latin6": "iso885910",
+    "latin7": "iso885913",
+    "latin8": "iso885914",
+    "latin9": "iso885915",
+    "latin10": "iso885916",
+
+    "csisolatin1": "iso88591",
+    "csisolatin2": "iso88592",
+    "csisolatin3": "iso88593",
+    "csisolatin4": "iso88594",
+    "csisolatincyrillic": "iso88595",
+    "csisolatinarabic": "iso88596",
+    "csisolatingreek" : "iso88597",
+    "csisolatinhebrew": "iso88598",
+    "csisolatin5": "iso88599",
+    "csisolatin6": "iso885910",
+
+    "l1": "iso88591",
+    "l2": "iso88592",
+    "l3": "iso88593",
+    "l4": "iso88594",
+    "l5": "iso88599",
+    "l6": "iso885910",
+    "l7": "iso885913",
+    "l8": "iso885914",
+    "l9": "iso885915",
+    "l10": "iso885916",
+
+    "isoir14": "iso646jp",
+    "isoir57": "iso646cn",
+    "isoir100": "iso88591",
+    "isoir101": "iso88592",
+    "isoir109": "iso88593",
+    "isoir110": "iso88594",
+    "isoir144": "iso88595",
+    "isoir127": "iso88596",
+    "isoir126": "iso88597",
+    "isoir138": "iso88598",
+    "isoir148": "iso88599",
+    "isoir157": "iso885910",
+    "isoir166": "tis620",
+    "isoir179": "iso885913",
+    "isoir199": "iso885914",
+    "isoir203": "iso885915",
+    "isoir226": "iso885916",
+
+    "cp819": "iso88591",
+    "ibm819": "iso88591",
+
+    "cyrillic": "iso88595",
+
+    "arabic": "iso88596",
+    "arabic8": "iso88596",
+    "ecma114": "iso88596",
+    "asmo708": "iso88596",
+
+    "greek" : "iso88597",
+    "greek8" : "iso88597",
+    "ecma118" : "iso88597",
+    "elot928" : "iso88597",
+
+    "hebrew": "iso88598",
+    "hebrew8": "iso88598",
+
+    "turkish": "iso88599",
+    "turkish8": "iso88599",
+
+    "thai": "iso885911",
+    "thai8": "iso885911",
+
+    "celtic": "iso885914",
+    "celtic8": "iso885914",
+    "isoceltic": "iso885914",
+
+    "tis6200": "tis620",
+    "tis62025291": "tis620",
+    "tis62025330": "tis620",
+
+    "10000": "macroman",
+    "10006": "macgreek",
+    "10007": "maccyrillic",
+    "10079": "maciceland",
+    "10081": "macturkish",
+
+    "cspc8codepage437": "cp437",
+    "cspc775baltic": "cp775",
+    "cspc850multilingual": "cp850",
+    "cspcp852": "cp852",
+    "cspc862latinhebrew": "cp862",
+    "cpgr": "cp869",
+
+    "msee": "cp1250",
+    "mscyrl": "cp1251",
+    "msansi": "cp1252",
+    "msgreek": "cp1253",
+    "msturk": "cp1254",
+    "mshebr": "cp1255",
+    "msarab": "cp1256",
+    "winbaltrim": "cp1257",
+
+    "cp20866": "koi8r",
+    "20866": "koi8r",
+    "ibm878": "koi8r",
+    "cskoi8r": "koi8r",
+
+    "cp21866": "koi8u",
+    "21866": "koi8u",
+    "ibm1168": "koi8u",
+
+    "strk10482002": "rk1048",
+
+    "tcvn5712": "tcvn",
+    "tcvn57121": "tcvn",
+
+    "gb198880": "iso646cn",
+    "cn": "iso646cn",
+
+    "csiso14jisc6220ro": "iso646jp",
+    "jisc62201969ro": "iso646jp",
+    "jp": "iso646jp",
+
+    "cshproman8": "hproman8",
+    "r8": "hproman8",
+    "roman8": "hproman8",
+    "xroman8": "hproman8",
+    "ibm1051": "hproman8",
+
+    "mac": "macintosh",
+    "csmacintosh": "macintosh",
+};
+
diff --git a/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/big5-added.json b/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/big5-added.json
new file mode 100644
index 0000000..3c3d3c2
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/big5-added.json
@@ -0,0 +1,122 @@
+[
+["8740","䏰䰲䘃䖦䕸𧉧䵷䖳𧲱䳢𧳅㮕䜶䝄䱇䱀𤊿𣘗𧍒𦺋𧃒䱗𪍑䝏䗚䲅𧱬䴇䪤䚡𦬣爥𥩔𡩣𣸆𣽡晍囻"],
+["8767","綕夝𨮹㷴霴𧯯寛𡵞媤㘥𩺰嫑宷峼杮薓𩥅瑡璝㡵𡵓𣚞𦀡㻬"],
+["87a1","𥣞㫵竼龗𤅡𨤍𣇪𠪊𣉞䌊蒄龖鐯䤰蘓墖靊鈘秐稲晠権袝瑌篅枂稬剏遆㓦珄𥶹瓆鿇垳䤯呌䄱𣚎堘穲𧭥讏䚮𦺈䆁𥶙箮𢒼鿈𢓁𢓉𢓌鿉蔄𣖻䂴鿊䓡𪷿拁灮鿋"],
+["8840","㇀",4,"𠄌㇅𠃑𠃍㇆㇇𠃋𡿨㇈𠃊㇉㇊㇋㇌𠄎㇍㇎ĀÁǍÀĒÉĚÈŌÓǑÒ࿿Ê̄Ế࿿Ê̌ỀÊāáǎàɑēéěèīíǐìōóǒòūúǔùǖǘǚ"],
+["88a1","ǜü࿿ê̄ế࿿ê̌ềêɡ⏚⏛"],
+["8940","𪎩𡅅"],
+["8943","攊"],
+["8946","丽滝鵎釟"],
+["894c","𧜵撑会伨侨兖兴农凤务动医华发变团声处备夲头学实実岚庆总斉柾栄桥济炼电纤纬纺织经统缆缷艺苏药视设询车轧轮"],
+["89a1","琑糼緍楆竉刧"],
+["89ab","醌碸酞肼"],
+["89b0","贋胶𠧧"],
+["89b5","肟黇䳍鷉鸌䰾𩷶𧀎鸊𪄳㗁"],
+["89c1","溚舾甙"],
+["89c5","䤑马骏龙禇𨑬𡷊𠗐𢫦两亁亀亇亿仫伷㑌侽㹈倃傈㑽㒓㒥円夅凛凼刅争剹劐匧㗇厩㕑厰㕓参吣㕭㕲㚁咓咣咴咹哐哯唘唣唨㖘唿㖥㖿嗗㗅"],
+["8a40","𧶄唥"],
+["8a43","𠱂𠴕𥄫喐𢳆㧬𠍁蹆𤶸𩓥䁓𨂾睺𢰸㨴䟕𨅝𦧲𤷪擝𠵼𠾴𠳕𡃴撍蹾𠺖𠰋𠽤𢲩𨉖𤓓"],
+["8a64","𠵆𩩍𨃩䟴𤺧𢳂骲㩧𩗴㿭㔆𥋇𩟔𧣈𢵄鵮頕"],
+["8a76","䏙𦂥撴哣𢵌𢯊𡁷㧻𡁯"],
+["8aa1","𦛚𦜖𧦠擪𥁒𠱃蹨𢆡𨭌𠜱"],
+["8aac","䠋𠆩㿺塳𢶍"],
+["8ab2","𤗈𠓼𦂗𠽌𠶖啹䂻䎺"],
+["8abb","䪴𢩦𡂝膪飵𠶜捹㧾𢝵跀嚡摼㹃"],
+["8ac9","𪘁𠸉𢫏𢳉"],
+["8ace","𡃈𣧂㦒㨆𨊛㕸𥹉𢃇噒𠼱𢲲𩜠㒼氽𤸻"],
+["8adf","𧕴𢺋𢈈𪙛𨳍𠹺𠰴𦠜羓𡃏𢠃𢤹㗻𥇣𠺌𠾍𠺪㾓𠼰𠵇𡅏𠹌"],
+["8af6","𠺫𠮩𠵈𡃀𡄽㿹𢚖搲𠾭"],
+["8b40","𣏴𧘹𢯎𠵾𠵿𢱑𢱕㨘𠺘𡃇𠼮𪘲𦭐𨳒𨶙𨳊閪哌苄喹"],
+["8b55","𩻃鰦骶𧝞𢷮煀腭胬尜𦕲脴㞗卟𨂽醶𠻺𠸏𠹷𠻻㗝𤷫㘉𠳖嚯𢞵𡃉𠸐𠹸𡁸𡅈𨈇𡑕𠹹𤹐𢶤婔𡀝𡀞𡃵𡃶垜𠸑"],
+["8ba1","𧚔𨋍𠾵𠹻𥅾㜃𠾶𡆀𥋘𪊽𤧚𡠺𤅷𨉼墙剨㘚𥜽箲孨䠀䬬鼧䧧鰟鮍𥭴𣄽嗻㗲嚉丨夂𡯁屮靑𠂆乛亻㔾尣彑忄㣺扌攵歺氵氺灬爫丬犭𤣩罒礻糹罓𦉪㓁"],
+["8bde","𦍋耂肀𦘒𦥑卝衤见𧢲讠贝钅镸长门𨸏韦页风飞饣𩠐鱼鸟黄歯龜丷𠂇阝户钢"],
+["8c40","倻淾𩱳龦㷉袏𤅎灷峵䬠𥇍㕙𥴰愢𨨲辧釶熑朙玺𣊁𪄇㲋𡦀䬐磤琂冮𨜏䀉橣𪊺䈣蘏𠩯稪𩥇𨫪靕灍匤𢁾鏴盙𨧣龧矝亣俰傼丯众龨吴綋墒壐𡶶庒庙忂𢜒斋"],
+["8ca1","𣏹椙橃𣱣泿"],
+["8ca7","爀𤔅玌㻛𤨓嬕璹讃𥲤𥚕窓篬糃繬苸薗龩袐龪躹龫迏蕟駠鈡龬𨶹𡐿䁱䊢娚"],
+["8cc9","顨杫䉶圽"],
+["8cce","藖𤥻芿𧄍䲁𦵴嵻𦬕𦾾龭龮宖龯曧繛湗秊㶈䓃𣉖𢞖䎚䔶"],
+["8ce6","峕𣬚諹屸㴒𣕑嵸龲煗䕘𤃬𡸣䱷㥸㑊𠆤𦱁諌侴𠈹妿腬顖𩣺弻"],
+["8d40","𠮟"],
+["8d42","𢇁𨥭䄂䚻𩁹㼇龳𪆵䃸㟖䛷𦱆䅼𨚲𧏿䕭㣔𥒚䕡䔛䶉䱻䵶䗪㿈𤬏㙡䓞䒽䇭崾嵈嵖㷼㠏嶤嶹㠠㠸幂庽弥徃㤈㤔㤿㥍惗愽峥㦉憷憹懏㦸戬抐拥挘㧸嚱"],
+["8da1","㨃揢揻搇摚㩋擀崕嘡龟㪗斆㪽旿晓㫲暒㬢朖㭂枤栀㭘桊梄㭲㭱㭻椉楃牜楤榟榅㮼槖㯝橥橴橱檂㯬檙㯲檫檵櫔櫶殁毁毪汵沪㳋洂洆洦涁㳯涤涱渕渘温溆𨧀溻滢滚齿滨滩漤漴㵆𣽁澁澾㵪㵵熷岙㶊瀬㶑灐灔灯灿炉𠌥䏁㗱𠻘"],
+["8e40","𣻗垾𦻓焾𥟠㙎榢𨯩孴穉𥣡𩓙穥穽𥦬窻窰竂竃燑𦒍䇊竚竝竪䇯咲𥰁笋筕笩𥌎𥳾箢筯莜𥮴𦱿篐萡箒箸𥴠㶭𥱥蒒篺簆簵𥳁籄粃𤢂粦晽𤕸糉糇糦籴糳糵糎"],
+["8ea1","繧䔝𦹄絝𦻖璍綉綫焵綳緒𤁗𦀩緤㴓緵𡟹緥𨍭縝𦄡𦅚繮纒䌫鑬縧罀罁罇礶𦋐駡羗𦍑羣𡙡𠁨䕜𣝦䔃𨌺翺𦒉者耈耝耨耯𪂇𦳃耻耼聡𢜔䦉𦘦𣷣𦛨朥肧𨩈脇脚墰𢛶汿𦒘𤾸擧𡒊舘𡡞橓𤩥𤪕䑺舩𠬍𦩒𣵾俹𡓽蓢荢𦬊𤦧𣔰𡝳𣷸芪椛芳䇛"],
+["8f40","蕋苐茚𠸖𡞴㛁𣅽𣕚艻苢茘𣺋𦶣𦬅𦮗𣗎㶿茝嗬莅䔋𦶥莬菁菓㑾𦻔橗蕚㒖𦹂𢻯葘𥯤葱㷓䓤檧葊𣲵祘蒨𦮖𦹷𦹃蓞萏莑䒠蒓蓤𥲑䉀𥳀䕃蔴嫲𦺙䔧蕳䔖枿蘖"],
+["8fa1","𨘥𨘻藁𧂈蘂𡖂𧃍䕫䕪蘨㙈𡢢号𧎚虾蝱𪃸蟮𢰧螱蟚蠏噡虬桖䘏衅衆𧗠𣶹𧗤衞袜䙛袴袵揁装睷𧜏覇覊覦覩覧覼𨨥觧𧤤𧪽誜瞓釾誐𧩙竩𧬺𣾏䜓𧬸煼謌謟𥐰𥕥謿譌譍誩𤩺讐讛誯𡛟䘕衏貛𧵔𧶏貫㜥𧵓賖𧶘𧶽贒贃𡤐賛灜贑𤳉㻐起"],
+["9040","趩𨀂𡀔𤦊㭼𨆼𧄌竧躭躶軃鋔輙輭𨍥𨐒辥錃𪊟𠩐辳䤪𨧞𨔽𣶻廸𣉢迹𪀔𨚼𨔁𢌥㦀𦻗逷𨔼𧪾遡𨕬𨘋邨𨜓郄𨛦邮都酧㫰醩釄粬𨤳𡺉鈎沟鉁鉢𥖹銹𨫆𣲛𨬌𥗛"],
+["90a1","𠴱錬鍫𨫡𨯫炏嫃𨫢𨫥䥥鉄𨯬𨰹𨯿鍳鑛躼閅閦鐦閠濶䊹𢙺𨛘𡉼𣸮䧟氜陻隖䅬隣𦻕懚隶磵𨫠隽双䦡𦲸𠉴𦐐𩂯𩃥𤫑𡤕𣌊霱虂霶䨏䔽䖅𤫩灵孁霛靜𩇕靗孊𩇫靟鐥僐𣂷𣂼鞉鞟鞱鞾韀韒韠𥑬韮琜𩐳響韵𩐝𧥺䫑頴頳顋顦㬎𧅵㵑𠘰𤅜"],
+["9140","𥜆飊颷飈飇䫿𦴧𡛓喰飡飦飬鍸餹𤨩䭲𩡗𩤅駵騌騻騐驘𥜥㛄𩂱𩯕髠髢𩬅髴䰎鬔鬭𨘀倴鬴𦦨㣃𣁽魐魀𩴾婅𡡣鮎𤉋鰂鯿鰌𩹨鷔𩾷𪆒𪆫𪃡𪄣𪇟鵾鶃𪄴鸎梈"],
+["91a1","鷄𢅛𪆓𪈠𡤻𪈳鴹𪂹𪊴麐麕麞麢䴴麪麯𤍤黁㭠㧥㴝伲㞾𨰫鼂鼈䮖鐤𦶢鼗鼖鼹嚟嚊齅馸𩂋韲葿齢齩竜龎爖䮾𤥵𤦻煷𤧸𤍈𤩑玞𨯚𡣺禟𨥾𨸶鍩鏳𨩄鋬鎁鏋𨥬𤒹爗㻫睲穃烐𤑳𤏸煾𡟯炣𡢾𣖙㻇𡢅𥐯𡟸㜢𡛻𡠹㛡𡝴𡣑𥽋㜣𡛀坛𤨥𡏾𡊨"],
+["9240","𡏆𡒶蔃𣚦蔃葕𤦔𧅥𣸱𥕜𣻻𧁒䓴𣛮𩦝𦼦柹㜳㰕㷧塬𡤢栐䁗𣜿𤃡𤂋𤄏𦰡哋嚞𦚱嚒𠿟𠮨𠸍鏆𨬓鎜仸儫㠙𤐶亼𠑥𠍿佋侊𥙑婨𠆫𠏋㦙𠌊𠐔㐵伩𠋀𨺳𠉵諚𠈌亘"],
+["92a1","働儍侢伃𤨎𣺊佂倮偬傁俌俥偘僼兙兛兝兞湶𣖕𣸹𣺿浲𡢄𣺉冨凃𠗠䓝𠒣𠒒𠒑赺𨪜𠜎剙劤𠡳勡鍮䙺熌𤎌𠰠𤦬𡃤槑𠸝瑹㻞璙琔瑖玘䮎𤪼𤂍叐㖄爏𤃉喴𠍅响𠯆圝鉝雴鍦埝垍坿㘾壋媙𨩆𡛺𡝯𡜐娬妸銏婾嫏娒𥥆𡧳𡡡𤊕㛵洅瑃娡𥺃"],
+["9340","媁𨯗𠐓鏠璌𡌃焅䥲鐈𨧻鎽㞠尞岞幞幈𡦖𡥼𣫮廍孏𡤃𡤄㜁𡢠㛝𡛾㛓脪𨩇𡶺𣑲𨦨弌弎𡤧𡞫婫𡜻孄蘔𧗽衠恾𢡠𢘫忛㺸𢖯𢖾𩂈𦽳懀𠀾𠁆𢘛憙憘恵𢲛𢴇𤛔𩅍"],
+["93a1","摱𤙥𢭪㨩𢬢𣑐𩣪𢹸挷𪑛撶挱揑𤧣𢵧护𢲡搻敫楲㯴𣂎𣊭𤦉𣊫唍𣋠𡣙𩐿曎𣊉𣆳㫠䆐𥖄𨬢𥖏𡛼𥕛𥐥磮𣄃𡠪𣈴㑤𣈏𣆂𤋉暎𦴤晫䮓昰𧡰𡷫晣𣋒𣋡昞𥡲㣑𣠺𣞼㮙𣞢𣏾瓐㮖枏𤘪梶栞㯄檾㡣𣟕𤒇樳橒櫉欅𡤒攑梘橌㯗橺歗𣿀𣲚鎠鋲𨯪𨫋"],
+["9440","銉𨀞𨧜鑧涥漋𤧬浧𣽿㶏渄𤀼娽渊塇洤硂焻𤌚𤉶烱牐犇犔𤞏𤜥兹𤪤𠗫瑺𣻸𣙟𤩊𤤗𥿡㼆㺱𤫟𨰣𣼵悧㻳瓌琼鎇琷䒟𦷪䕑疃㽣𤳙𤴆㽘畕癳𪗆㬙瑨𨫌𤦫𤦎㫻"],
+["94a1","㷍𤩎㻿𤧅𤣳釺圲鍂𨫣𡡤僟𥈡𥇧睸𣈲眎眏睻𤚗𣞁㩞𤣰琸璛㺿𤪺𤫇䃈𤪖𦆮錇𥖁砞碍碈磒珐祙𧝁𥛣䄎禛蒖禥樭𣻺稺秴䅮𡛦䄲鈵秱𠵌𤦌𠊙𣶺𡝮㖗啫㕰㚪𠇔𠰍竢婙𢛵𥪯𥪜娍𠉛磰娪𥯆竾䇹籝籭䈑𥮳𥺼𥺦糍𤧹𡞰粎籼粮檲緜縇緓罎𦉡"],
+["9540","𦅜𧭈綗𥺂䉪𦭵𠤖柖𠁎𣗏埄𦐒𦏸𤥢翝笧𠠬𥫩𥵃笌𥸎駦虅驣樜𣐿㧢𤧷𦖭騟𦖠蒀𧄧𦳑䓪脷䐂胆脉腂𦞴飃𦩂艢艥𦩑葓𦶧蘐𧈛媆䅿𡡀嬫𡢡嫤𡣘蚠蜨𣶏蠭𧐢娂"],
+["95a1","衮佅袇袿裦襥襍𥚃襔𧞅𧞄𨯵𨯙𨮜𨧹㺭蒣䛵䛏㟲訽訜𩑈彍鈫𤊄旔焩烄𡡅鵭貟賩𧷜妚矃姰䍮㛔踪躧𤰉輰轊䋴汘澻𢌡䢛潹溋𡟚鯩㚵𤤯邻邗啱䤆醻鐄𨩋䁢𨫼鐧𨰝𨰻蓥訫閙閧閗閖𨴴瑅㻂𤣿𤩂𤏪㻧𣈥随𨻧𨹦𨹥㻌𤧭𤩸𣿮琒瑫㻼靁𩂰"],
+["9640","桇䨝𩂓𥟟靝鍨𨦉𨰦𨬯𦎾銺嬑譩䤼珹𤈛鞛靱餸𠼦巁𨯅𤪲頟𩓚鋶𩗗釥䓀𨭐𤩧𨭤飜𨩅㼀鈪䤥萔餻饍𧬆㷽馛䭯馪驜𨭥𥣈檏騡嫾騯𩣱䮐𩥈馼䮽䮗鍽塲𡌂堢𤦸"],
+["96a1","𡓨硄𢜟𣶸棅㵽鑘㤧慐𢞁𢥫愇鱏鱓鱻鰵鰐魿鯏𩸭鮟𪇵𪃾鴡䲮𤄄鸘䲰鴌𪆴𪃭𪃳𩤯鶥蒽𦸒𦿟𦮂藼䔳𦶤𦺄𦷰萠藮𦸀𣟗𦁤秢𣖜𣙀䤭𤧞㵢鏛銾鍈𠊿碹鉷鑍俤㑀遤𥕝砽硔碶硋𡝗𣇉𤥁㚚佲濚濙瀞瀞吔𤆵垻壳垊鴖埗焴㒯𤆬燫𦱀𤾗嬨𡞵𨩉"],
+["9740","愌嫎娋䊼𤒈㜬䭻𨧼鎻鎸𡣖𠼝葲𦳀𡐓𤋺𢰦𤏁妔𣶷𦝁綨𦅛𦂤𤦹𤦋𨧺鋥珢㻩璴𨭣𡢟㻡𤪳櫘珳珻㻖𤨾𤪔𡟙𤩦𠎧𡐤𤧥瑈𤤖炥𤥶銄珦鍟𠓾錱𨫎𨨖鎆𨯧𥗕䤵𨪂煫"],
+["97a1","𤥃𠳿嚤𠘚𠯫𠲸唂秄𡟺緾𡛂𤩐𡡒䔮鐁㜊𨫀𤦭妰𡢿𡢃𧒄媡㛢𣵛㚰鉟婹𨪁𡡢鍴㳍𠪴䪖㦊僴㵩㵌𡎜煵䋻𨈘渏𩃤䓫浗𧹏灧沯㳖𣿭𣸭渂漌㵯𠏵畑㚼㓈䚀㻚䡱姄鉮䤾轁𨰜𦯀堒埈㛖𡑒烾𤍢𤩱𢿣𡊰𢎽梹楧𡎘𣓥𧯴𣛟𨪃𣟖𣏺𤲟樚𣚭𦲷萾䓟䓎"],
+["9840","𦴦𦵑𦲂𦿞漗𧄉茽𡜺菭𦲀𧁓𡟛妉媂𡞳婡婱𡤅𤇼㜭姯𡜼㛇熎鎐暚𤊥婮娫𤊓樫𣻹𧜶𤑛𤋊焝𤉙𨧡侰𦴨峂𤓎𧹍𤎽樌𤉖𡌄炦焳𤏩㶥泟勇𤩏繥姫崯㷳彜𤩝𡟟綤萦"],
+["98a1","咅𣫺𣌀𠈔坾𠣕𠘙㿥𡾞𪊶瀃𩅛嵰玏糓𨩙𩐠俈翧狍猐𧫴猸猹𥛶獁獈㺩𧬘遬燵𤣲珡臶㻊県㻑沢国琙琞琟㻢㻰㻴㻺瓓㼎㽓畂畭畲疍㽼痈痜㿀癍㿗癴㿜発𤽜熈嘣覀塩䀝睃䀹条䁅㗛瞘䁪䁯属瞾矋売砘点砜䂨砹硇硑硦葈𥔵礳栃礲䄃"],
+["9940","䄉禑禙辻稆込䅧窑䆲窼艹䇄竏竛䇏両筢筬筻簒簛䉠䉺类粜䊌粸䊔糭输烀𠳏総緔緐緽羮羴犟䎗耠耥笹耮耱联㷌垴炠肷胩䏭脌猪脎脒畠脔䐁㬹腖腙腚"],
+["99a1","䐓堺腼膄䐥膓䐭膥埯臁臤艔䒏芦艶苊苘苿䒰荗险榊萅烵葤惣蒈䔄蒾蓡蓸蔐蔸蕒䔻蕯蕰藠䕷虲蚒蚲蛯际螋䘆䘗袮裿褤襇覑𧥧訩訸誔誴豑賔賲贜䞘塟跃䟭仮踺嗘坔蹱嗵躰䠷軎転軤軭軲辷迁迊迌逳駄䢭飠鈓䤞鈨鉘鉫銱銮銿"],
+["9a40","鋣鋫鋳鋴鋽鍃鎄鎭䥅䥑麿鐗匁鐝鐭鐾䥪鑔鑹锭関䦧间阳䧥枠䨤靀䨵鞲韂噔䫤惨颹䬙飱塄餎餙冴餜餷饂饝饢䭰駅䮝騼鬏窃魩鮁鯝鯱鯴䱭鰠㝯𡯂鵉鰺"],
+["9aa1","黾噐鶓鶽鷀鷼银辶鹻麬麱麽黆铜黢黱黸竈齄𠂔𠊷𠎠椚铃妬𠓗塀铁㞹𠗕𠘕𠙶𡚺块煳𠫂𠫍𠮿呪吆𠯋咞𠯻𠰻𠱓𠱥𠱼惧𠲍噺𠲵𠳝𠳭𠵯𠶲𠷈楕鰯螥𠸄𠸎𠻗𠾐𠼭𠹳尠𠾼帋𡁜𡁏𡁶朞𡁻𡂈𡂖㙇𡂿𡃓𡄯𡄻卤蒭𡋣𡍵𡌶讁𡕷𡘙𡟃𡟇乸炻𡠭𡥪"],
+["9b40","𡨭𡩅𡰪𡱰𡲬𡻈拃𡻕𡼕熘桕𢁅槩㛈𢉼𢏗𢏺𢜪𢡱𢥏苽𢥧𢦓𢫕覥𢫨辠𢬎鞸𢬿顇骽𢱌"],
+["9b62","𢲈𢲷𥯨𢴈𢴒𢶷𢶕𢹂𢽴𢿌𣀳𣁦𣌟𣏞徱晈暿𧩹𣕧𣗳爁𤦺矗𣘚𣜖纇𠍆墵朎"],
+["9ba1","椘𣪧𧙗𥿢𣸑𣺹𧗾𢂚䣐䪸𤄙𨪚𤋮𤌍𤀻𤌴𤎖𤩅𠗊凒𠘑妟𡺨㮾𣳿𤐄𤓖垈𤙴㦛𤜯𨗨𩧉㝢𢇃譞𨭎駖𤠒𤣻𤨕爉𤫀𠱸奥𤺥𤾆𠝹軚𥀬劏圿煱𥊙𥐙𣽊𤪧喼𥑆𥑮𦭒釔㑳𥔿𧘲𥕞䜘𥕢𥕦𥟇𤤿𥡝偦㓻𣏌惞𥤃䝼𨥈𥪮𥮉𥰆𡶐垡煑澶𦄂𧰒遖𦆲𤾚譢𦐂𦑊"],
+["9c40","嵛𦯷輶𦒄𡤜諪𤧶𦒈𣿯𦔒䯀𦖿𦚵𢜛鑥𥟡憕娧晉侻嚹𤔡𦛼乪𤤴陖涏𦲽㘘襷𦞙𦡮𦐑𦡞營𦣇筂𩃀𠨑𦤦鄄𦤹穅鷰𦧺騦𦨭㙟𦑩𠀡禃𦨴𦭛崬𣔙菏𦮝䛐𦲤画补𦶮墶"],
+["9ca1","㜜𢖍𧁋𧇍㱔𧊀𧊅銁𢅺𧊋錰𧋦𤧐氹钟𧑐𠻸蠧裵𢤦𨑳𡞱溸𤨪𡠠㦤㚹尐秣䔿暶𩲭𩢤襃𧟌𧡘囖䃟𡘊㦡𣜯𨃨𡏅熭荦𧧝𩆨婧䲷𧂯𨦫𧧽𧨊𧬋𧵦𤅺筃祾𨀉澵𪋟樃𨌘厢𦸇鎿栶靝𨅯𨀣𦦵𡏭𣈯𨁈嶅𨰰𨂃圕頣𨥉嶫𤦈斾槕叒𤪥𣾁㰑朶𨂐𨃴𨄮𡾡𨅏"],
+["9d40","𨆉𨆯𨈚𨌆𨌯𨎊㗊𨑨𨚪䣺揦𨥖砈鉕𨦸䏲𨧧䏟𨧨𨭆𨯔姸𨰉輋𨿅𩃬筑𩄐𩄼㷷𩅞𤫊运犏嚋𩓧𩗩𩖰𩖸𩜲𩣑𩥉𩥪𩧃𩨨𩬎𩵚𩶛纟𩻸𩼣䲤镇𪊓熢𪋿䶑递𪗋䶜𠲜达嗁"],
+["9da1","辺𢒰边𤪓䔉繿潖檱仪㓤𨬬𧢝㜺躀𡟵𨀤𨭬𨮙𧨾𦚯㷫𧙕𣲷𥘵𥥖亚𥺁𦉘嚿𠹭踎孭𣺈𤲞揞拐𡟶𡡻攰嘭𥱊吚𥌑㷆𩶘䱽嘢嘞罉𥻘奵𣵀蝰东𠿪𠵉𣚺脗鵞贘瘻鱅癎瞹鍅吲腈苷嘥脲萘肽嗪祢噃吖𠺝㗎嘅嗱曱𨋢㘭甴嗰喺咗啲𠱁𠲖廐𥅈𠹶𢱢"],
+["9e40","𠺢麫絚嗞𡁵抝靭咔賍燶酶揼掹揾啩𢭃鱲𢺳冚㓟𠶧冧呍唞唓癦踭𦢊疱肶蠄螆裇膶萜𡃁䓬猄𤜆宐茋𦢓噻𢛴𧴯𤆣𧵳𦻐𧊶酰𡇙鈈𣳼𪚩𠺬𠻹牦𡲢䝎𤿂𧿹𠿫䃺"],
+["9ea1","鱝攟𢶠䣳𤟠𩵼𠿬𠸊恢𧖣𠿭"],
+["9ead","𦁈𡆇熣纎鵐业丄㕷嬍沲卧㚬㧜卽㚥𤘘墚𤭮舭呋垪𥪕𠥹"],
+["9ec5","㩒𢑥獴𩺬䴉鯭𣳾𩼰䱛𤾩𩖞𩿞葜𣶶𧊲𦞳𣜠挮紥𣻷𣸬㨪逈勌㹴㙺䗩𠒎癀嫰𠺶硺𧼮墧䂿噼鮋嵴癔𪐴麅䳡痹㟻愙𣃚𤏲"],
+["9ef5","噝𡊩垧𤥣𩸆刴𧂮㖭汊鵼"],
+["9f40","籖鬹埞𡝬屓擓𩓐𦌵𧅤蚭𠴨𦴢𤫢𠵱"],
+["9f4f","凾𡼏嶎霃𡷑麁遌笟鬂峑箣扨挵髿篏鬪籾鬮籂粆鰕篼鬉鼗鰛𤤾齚啳寃俽麘俲剠㸆勑坧偖妷帒韈鶫轜呩鞴饀鞺匬愰"],
+["9fa1","椬叚鰊鴂䰻陁榀傦畆𡝭駚剳"],
+["9fae","酙隁酜"],
+["9fb2","酑𨺗捿𦴣櫊嘑醎畺抅𠏼獏籰𥰡𣳽"],
+["9fc1","𤤙盖鮝个𠳔莾衂"],
+["9fc9","届槀僭坺刟巵从氱𠇲伹咜哚劚趂㗾弌㗳"],
+["9fdb","歒酼龥鮗頮颴骺麨麄煺笔"],
+["9fe7","毺蠘罸"],
+["9feb","嘠𪙊蹷齓"],
+["9ff0","跔蹏鸜踁抂𨍽踨蹵竓𤩷稾磘泪詧瘇"],
+["a040","𨩚鼦泎蟖痃𪊲硓咢贌狢獱謭猂瓱賫𤪻蘯徺袠䒷"],
+["a055","𡠻𦸅"],
+["a058","詾𢔛"],
+["a05b","惽癧髗鵄鍮鮏蟵"],
+["a063","蠏賷猬霡鮰㗖犲䰇籑饊𦅙慙䰄麖慽"],
+["a073","坟慯抦戹拎㩜懢厪𣏵捤栂㗒"],
+["a0a1","嵗𨯂迚𨸹"],
+["a0a6","僙𡵆礆匲阸𠼻䁥"],
+["a0ae","矾"],
+["a0b0","糂𥼚糚稭聦聣絍甅瓲覔舚朌聢𧒆聛瓰脃眤覉𦟌畓𦻑螩蟎臈螌詉貭譃眫瓸蓚㘵榲趦"],
+["a0d4","覩瑨涹蟁𤀑瓧㷛煶悤憜㳑煢恷"],
+["a0e2","罱𨬭牐惩䭾删㰘𣳇𥻗𧙖𥔱𡥄𡋾𩤃𦷜𧂭峁𦆭𨨏𣙷𠃮𦡆𤼎䕢嬟𦍌齐麦𦉫"],
+["a3c0","␀",31,"␡"],
+["c6a1","①",9,"⑴",9,"ⅰ",9,"丶丿亅亠冂冖冫勹匸卩厶夊宀巛⼳广廴彐彡攴无疒癶辵隶¨ˆヽヾゝゞ〃仝々〆〇ー［］✽ぁ",23],
+["c740","す",58,"ァアィイ"],
+["c7a1","ゥ",81,"А",5,"ЁЖ",4],
+["c840","Л",26,"ёж",25,"⇧↸↹㇏𠃌乚𠂊刂䒑"],
+["c8a1","龰冈龱𧘇"],
+["c8cd","￢￤＇＂㈱№℡゛゜⺀⺄⺆⺇⺈⺊⺌⺍⺕⺜⺝⺥⺧⺪⺬⺮⺶⺼⺾⻆⻊⻌⻍⻏⻖⻗⻞⻣"],
+["c8f5","ʃɐɛɔɵœøŋʊɪ"],
+["f9fe","￭"],
+["fa40","𠕇鋛𠗟𣿅蕌䊵珯况㙉𤥂𨧤鍄𡧛苮𣳈砼杄拟𤤳𨦪𠊠𦮳𡌅侫𢓭倈𦴩𧪄𣘀𤪱𢔓倩𠍾徤𠎀𠍇滛𠐟偽儁㑺儎顬㝃萖𤦤𠒇兠𣎴兪𠯿𢃼𠋥𢔰𠖎𣈳𡦃宂蝽𠖳𣲙冲冸"],
+["faa1","鴴凉减凑㳜凓𤪦决凢卂凭菍椾𣜭彻刋刦刼劵剗劔効勅簕蕂勠蘍𦬓包𨫞啉滙𣾀𠥔𣿬匳卄𠯢泋𡜦栛珕恊㺪㣌𡛨燝䒢卭却𨚫卾卿𡖖𡘓矦厓𨪛厠厫厮玧𥝲㽙玜叁叅汉义埾叙㪫𠮏叠𣿫𢶣叶𠱷吓灹唫晗浛呭𦭓𠵴啝咏咤䞦𡜍𠻝㶴𠵍"],
+["fb40","𨦼𢚘啇䳭启琗喆喩嘅𡣗𤀺䕒𤐵暳𡂴嘷曍𣊊暤暭噍噏磱囱鞇叾圀囯园𨭦㘣𡉏坆𤆥汮炋坂㚱𦱾埦𡐖堃𡑔𤍣堦𤯵塜墪㕡壠壜𡈼壻寿坃𪅐𤉸鏓㖡够梦㛃湙"],
+["fba1","𡘾娤啓𡚒蔅姉𠵎𦲁𦴪𡟜姙𡟻𡞲𦶦浱𡠨𡛕姹𦹅媫婣㛦𤦩婷㜈媖瑥嫓𦾡𢕔㶅𡤑㜲𡚸広勐孶斈孼𧨎䀄䡝𠈄寕慠𡨴𥧌𠖥寳宝䴐尅𡭄尓珎尔𡲥𦬨屉䣝岅峩峯嶋𡷹𡸷崐崘嵆𡺤岺巗苼㠭𤤁𢁉𢅳芇㠶㯂帮檊幵幺𤒼𠳓厦亷廐厨𡝱帉廴𨒂"],
+["fc40","廹廻㢠廼栾鐛弍𠇁弢㫞䢮𡌺强𦢈𢏐彘𢑱彣鞽𦹮彲鍀𨨶徧嶶㵟𥉐𡽪𧃸𢙨釖𠊞𨨩怱暅𡡷㥣㷇㘹垐𢞴祱㹀悞悤悳𤦂𤦏𧩓璤僡媠慤萤慂慈𦻒憁凴𠙖憇宪𣾷"],
+["fca1","𢡟懓𨮝𩥝懐㤲𢦀𢣁怣慜攞掋𠄘担𡝰拕𢸍捬𤧟㨗搸揸𡎎𡟼撐澊𢸶頔𤂌𥜝擡擥鑻㩦携㩗敍漖𤨨𤨣斅敭敟𣁾斵𤥀䬷旑䃘𡠩无旣忟𣐀昘𣇷𣇸晄𣆤𣆥晋𠹵晧𥇦晳晴𡸽𣈱𨗴𣇈𥌓矅𢣷馤朂𤎜𤨡㬫槺𣟂杞杧杢𤇍𩃭柗䓩栢湐鈼栁𣏦𦶠桝"],
+["fd40","𣑯槡樋𨫟楳棃𣗍椁椀㴲㨁𣘼㮀枬楡𨩊䋼椶榘㮡𠏉荣傐槹𣙙𢄪橅𣜃檝㯳枱櫈𩆜㰍欝𠤣惞欵歴𢟍溵𣫛𠎵𡥘㝀吡𣭚毡𣻼毜氷𢒋𤣱𦭑汚舦汹𣶼䓅𣶽𤆤𤤌𤤀"],
+["fda1","𣳉㛥㳫𠴲鮃𣇹𢒑羏样𦴥𦶡𦷫涖浜湼漄𤥿𤂅𦹲蔳𦽴凇沜渝萮𨬡港𣸯瑓𣾂秌湏媑𣁋濸㜍澝𣸰滺𡒗𤀽䕕鏰潄潜㵎潴𩅰㴻澟𤅄濓𤂑𤅕𤀹𣿰𣾴𤄿凟𤅖𤅗𤅀𦇝灋灾炧炁烌烕烖烟䄄㷨熴熖𤉷焫煅媈煊煮岜𤍥煏鍢𤋁焬𤑚𤨧𤨢熺𨯨炽爎"],
+["fe40","鑂爕夑鑃爤鍁𥘅爮牀𤥴梽牕牗㹕𣁄栍漽犂猪猫𤠣𨠫䣭𨠄猨献珏玪𠰺𦨮珉瑉𤇢𡛧𤨤昣㛅𤦷𤦍𤧻珷琕椃𤨦琹𠗃㻗瑜𢢭瑠𨺲瑇珤瑶莹瑬㜰瑴鏱樬璂䥓𤪌"],
+["fea1","𤅟𤩹𨮏孆𨰃𡢞瓈𡦈甎瓩甞𨻙𡩋寗𨺬鎅畍畊畧畮𤾂㼄𤴓疎瑝疞疴瘂瘬癑癏癯癶𦏵皐臯㟸𦤑𦤎皡皥皷盌𦾟葢𥂝𥅽𡸜眞眦着撯𥈠睘𣊬瞯𨥤𨥨𡛁矴砉𡍶𤨒棊碯磇磓隥礮𥗠磗礴碱𧘌辸袄𨬫𦂃𢘜禆褀椂禀𥡗禝𧬹礼禩渪𧄦㺨秆𩄍秔"]
+]
diff --git a/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/cp936.json b/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/cp936.json
new file mode 100644
index 0000000..49ddb9a
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/cp936.json
@@ -0,0 +1,264 @@
+[
+["0","\u0000",127,"€"],
+["8140","丂丄丅丆丏丒丗丟丠両丣並丩丮丯丱丳丵丷丼乀乁乂乄乆乊乑乕乗乚乛乢乣乤乥乧乨乪",5,"乲乴",9,"乿",6,"亇亊"],
+["8180","亐亖亗亙亜亝亞亣亪亯亰亱亴亶亷亸亹亼亽亾仈仌仏仐仒仚仛仜仠仢仦仧仩仭仮仯仱仴仸仹仺仼仾伀伂",6,"伋伌伒",4,"伜伝伡伣伨伩伬伭伮伱伳伵伷伹伻伾",4,"佄佅佇",5,"佒佔佖佡佢佦佨佪佫佭佮佱佲併佷佸佹佺佽侀侁侂侅來侇侊侌侎侐侒侓侕侖侘侙侚侜侞侟価侢"],
+["8240","侤侫侭侰",4,"侶",8,"俀俁係俆俇俈俉俋俌俍俒",4,"俙俛俠俢俤俥俧俫俬俰俲俴俵俶俷俹俻俼俽俿",11],
+["8280","個倎倐們倓倕倖倗倛倝倞倠倢倣値倧倫倯",10,"倻倽倿偀偁偂偄偅偆偉偊偋偍偐",4,"偖偗偘偙偛偝",7,"偦",5,"偭",8,"偸偹偺偼偽傁傂傃傄傆傇傉傊傋傌傎",20,"傤傦傪傫傭",4,"傳",6,"傼"],
+["8340","傽",17,"僐",5,"僗僘僙僛",10,"僨僩僪僫僯僰僱僲僴僶",4,"僼",9,"儈"],
+["8380","儉儊儌",5,"儓",13,"儢",28,"兂兇兊兌兎兏児兒兓兗兘兙兛兝",4,"兣兤兦內兩兪兯兲兺兾兿冃冄円冇冊冋冎冏冐冑冓冔冘冚冝冞冟冡冣冦",4,"冭冮冴冸冹冺冾冿凁凂凃凅凈凊凍凎凐凒",5],
+["8440","凘凙凚凜凞凟凢凣凥",5,"凬凮凱凲凴凷凾刄刅刉刋刌刏刐刓刔刕刜刞刟刡刢刣別刦刧刪刬刯刱刲刴刵刼刾剄",5,"剋剎剏剒剓剕剗剘"],
+["8480","剙剚剛剝剟剠剢剣剤剦剨剫剬剭剮剰剱剳",9,"剾劀劃",4,"劉",6,"劑劒劔",6,"劜劤劥劦劧劮劯劰労",9,"勀勁勂勄勅勆勈勊勌勍勎勏勑勓勔動勗務",5,"勠勡勢勣勥",10,"勱",7,"勻勼勽匁匂匃匄匇匉匊匋匌匎"],
+["8540","匑匒匓匔匘匛匜匞匟匢匤匥匧匨匩匫匬匭匯",9,"匼匽區卂卄卆卋卌卍卐協単卙卛卝卥卨卪卬卭卲卶卹卻卼卽卾厀厁厃厇厈厊厎厏"],
+["8580","厐",4,"厖厗厙厛厜厞厠厡厤厧厪厫厬厭厯",6,"厷厸厹厺厼厽厾叀參",4,"収叏叐叒叓叕叚叜叝叞叡叢叧叴叺叾叿吀吂吅吇吋吔吘吙吚吜吢吤吥吪吰吳吶吷吺吽吿呁呂呄呅呇呉呌呍呎呏呑呚呝",4,"呣呥呧呩",7,"呴呹呺呾呿咁咃咅咇咈咉咊咍咑咓咗咘咜咞咟咠咡"],
+["8640","咢咥咮咰咲咵咶咷咹咺咼咾哃哅哊哋哖哘哛哠",4,"哫哬哯哰哱哴",5,"哻哾唀唂唃唄唅唈唊",4,"唒唓唕",5,"唜唝唞唟唡唥唦"],
+["8680","唨唩唫唭唲唴唵唶唸唹唺唻唽啀啂啅啇啈啋",4,"啑啒啓啔啗",4,"啝啞啟啠啢啣啨啩啫啯",5,"啹啺啽啿喅喆喌喍喎喐喒喓喕喖喗喚喛喞喠",6,"喨",8,"喲喴営喸喺喼喿",4,"嗆嗇嗈嗊嗋嗎嗏嗐嗕嗗",4,"嗞嗠嗢嗧嗩嗭嗮嗰嗱嗴嗶嗸",4,"嗿嘂嘃嘄嘅"],
+["8740","嘆嘇嘊嘋嘍嘐",7,"嘙嘚嘜嘝嘠嘡嘢嘥嘦嘨嘩嘪嘫嘮嘯嘰嘳嘵嘷嘸嘺嘼嘽嘾噀",11,"噏",4,"噕噖噚噛噝",4],
+["8780","噣噥噦噧噭噮噯噰噲噳噴噵噷噸噹噺噽",7,"嚇",6,"嚐嚑嚒嚔",14,"嚤",10,"嚰",6,"嚸嚹嚺嚻嚽",12,"囋",8,"囕囖囘囙囜団囥",5,"囬囮囯囲図囶囷囸囻囼圀圁圂圅圇國",6],
+["8840","園",9,"圝圞圠圡圢圤圥圦圧圫圱圲圴",4,"圼圽圿坁坃坄坅坆坈坉坋坒",4,"坘坙坢坣坥坧坬坮坰坱坲坴坵坸坹坺坽坾坿垀"],
+["8880","垁垇垈垉垊垍",4,"垔",6,"垜垝垞垟垥垨垪垬垯垰垱垳垵垶垷垹",8,"埄",6,"埌埍埐埑埓埖埗埛埜埞埡埢埣埥",7,"埮埰埱埲埳埵埶執埻埼埾埿堁堃堄堅堈堉堊堌堎堏堐堒堓堔堖堗堘堚堛堜堝堟堢堣堥",4,"堫",4,"報堲堳場堶",7],
+["8940","堾",5,"塅",6,"塎塏塐塒塓塕塖塗塙",4,"塟",5,"塦",4,"塭",16,"塿墂墄墆墇墈墊墋墌"],
+["8980","墍",4,"墔",4,"墛墜墝墠",7,"墪",17,"墽墾墿壀壂壃壄壆",10,"壒壓壔壖",13,"壥",5,"壭壯壱売壴壵壷壸壺",7,"夃夅夆夈",4,"夎夐夑夒夓夗夘夛夝夞夠夡夢夣夦夨夬夰夲夳夵夶夻"],
+["8a40","夽夾夿奀奃奅奆奊奌奍奐奒奓奙奛",4,"奡奣奤奦",12,"奵奷奺奻奼奾奿妀妅妉妋妌妎妏妐妑妔妕妘妚妛妜妝妟妠妡妢妦"],
+["8a80","妧妬妭妰妱妳",5,"妺妼妽妿",6,"姇姈姉姌姍姎姏姕姖姙姛姞",4,"姤姦姧姩姪姫姭",11,"姺姼姽姾娀娂娊娋娍娎娏娐娒娔娕娖娗娙娚娛娝娞娡娢娤娦娧娨娪",6,"娳娵娷",4,"娽娾娿婁",4,"婇婈婋",9,"婖婗婘婙婛",5],
+["8b40","婡婣婤婥婦婨婩婫",8,"婸婹婻婼婽婾媀",17,"媓",6,"媜",13,"媫媬"],
+["8b80","媭",4,"媴媶媷媹",4,"媿嫀嫃",5,"嫊嫋嫍",4,"嫓嫕嫗嫙嫚嫛嫝嫞嫟嫢嫤嫥嫧嫨嫪嫬",4,"嫲",22,"嬊",11,"嬘",25,"嬳嬵嬶嬸",7,"孁",6],
+["8c40","孈",7,"孒孖孞孠孡孧孨孫孭孮孯孲孴孶孷學孹孻孼孾孿宂宆宊宍宎宐宑宒宔宖実宧宨宩宬宭宮宯宱宲宷宺宻宼寀寁寃寈寉寊寋寍寎寏"],
+["8c80","寑寔",8,"寠寢寣實寧審",4,"寯寱",6,"寽対尀専尃尅將專尋尌對導尐尒尓尗尙尛尞尟尠尡尣尦尨尩尪尫尭尮尯尰尲尳尵尶尷屃屄屆屇屌屍屒屓屔屖屗屘屚屛屜屝屟屢層屧",6,"屰屲",6,"屻屼屽屾岀岃",4,"岉岊岋岎岏岒岓岕岝",4,"岤",4],
+["8d40","岪岮岯岰岲岴岶岹岺岻岼岾峀峂峃峅",5,"峌",5,"峓",5,"峚",6,"峢峣峧峩峫峬峮峯峱",9,"峼",4],
+["8d80","崁崄崅崈",5,"崏",4,"崕崗崘崙崚崜崝崟",4,"崥崨崪崫崬崯",4,"崵",7,"崿",7,"嵈嵉嵍",10,"嵙嵚嵜嵞",10,"嵪嵭嵮嵰嵱嵲嵳嵵",12,"嶃",21,"嶚嶛嶜嶞嶟嶠"],
+["8e40","嶡",21,"嶸",12,"巆",6,"巎",12,"巜巟巠巣巤巪巬巭"],
+["8e80","巰巵巶巸",4,"巿帀帄帇帉帊帋帍帎帒帓帗帞",7,"帨",4,"帯帰帲",4,"帹帺帾帿幀幁幃幆",5,"幍",6,"幖",4,"幜幝幟幠幣",14,"幵幷幹幾庁庂広庅庈庉庌庍庎庒庘庛庝庡庢庣庤庨",4,"庮",4,"庴庺庻庼庽庿",6],
+["8f40","廆廇廈廋",5,"廔廕廗廘廙廚廜",11,"廩廫",8,"廵廸廹廻廼廽弅弆弇弉弌弍弎弐弒弔弖弙弚弜弝弞弡弢弣弤"],
+["8f80","弨弫弬弮弰弲",6,"弻弽弾弿彁",14,"彑彔彙彚彛彜彞彟彠彣彥彧彨彫彮彯彲彴彵彶彸彺彽彾彿徃徆徍徎徏徑従徔徖徚徛徝從徟徠徢",5,"復徫徬徯",5,"徶徸徹徺徻徾",4,"忇忈忊忋忎忓忔忕忚忛応忞忟忢忣忥忦忨忩忬忯忰忲忳忴忶忷忹忺忼怇"],
+["9040","怈怉怋怌怐怑怓怗怘怚怞怟怢怣怤怬怭怮怰",4,"怶",4,"怽怾恀恄",6,"恌恎恏恑恓恔恖恗恘恛恜恞恟恠恡恥恦恮恱恲恴恵恷恾悀"],
+["9080","悁悂悅悆悇悈悊悋悎悏悐悑悓悕悗悘悙悜悞悡悢悤悥悧悩悪悮悰悳悵悶悷悹悺悽",7,"惇惈惉惌",4,"惒惓惔惖惗惙惛惞惡",4,"惪惱惲惵惷惸惻",4,"愂愃愄愅愇愊愋愌愐",4,"愖愗愘愙愛愜愝愞愡愢愥愨愩愪愬",18,"慀",6],
+["9140","慇慉態慍慏慐慒慓慔慖",6,"慞慟慠慡慣慤慥慦慩",6,"慱慲慳慴慶慸",18,"憌憍憏",4,"憕"],
+["9180","憖",6,"憞",8,"憪憫憭",9,"憸",5,"憿懀懁懃",4,"應懌",4,"懓懕",16,"懧",13,"懶",8,"戀",5,"戇戉戓戔戙戜戝戞戠戣戦戧戨戩戫戭戯戰戱戲戵戶戸",4,"扂扄扅扆扊"],
+["9240","扏扐払扖扗扙扚扜",6,"扤扥扨扱扲扴扵扷扸扺扻扽抁抂抃抅抆抇抈抋",5,"抔抙抜抝択抣抦抧抩抪抭抮抯抰抲抳抴抶抷抸抺抾拀拁"],
+["9280","拃拋拏拑拕拝拞拠拡拤拪拫拰拲拵拸拹拺拻挀挃挄挅挆挊挋挌挍挏挐挒挓挔挕挗挘挙挜挦挧挩挬挭挮挰挱挳",5,"挻挼挾挿捀捁捄捇捈捊捑捒捓捔捖",7,"捠捤捥捦捨捪捫捬捯捰捲捳捴捵捸捹捼捽捾捿掁掃掄掅掆掋掍掑掓掔掕掗掙",6,"採掤掦掫掯掱掲掵掶掹掻掽掿揀"],
+["9340","揁揂揃揅揇揈揊揋揌揑揓揔揕揗",6,"揟揢揤",4,"揫揬揮揯揰揱揳揵揷揹揺揻揼揾搃搄搆",4,"損搎搑搒搕",5,"搝搟搢搣搤"],
+["9380","搥搧搨搩搫搮",5,"搵",4,"搻搼搾摀摂摃摉摋",6,"摓摕摖摗摙",4,"摟",7,"摨摪摫摬摮",9,"摻",6,"撃撆撈",8,"撓撔撗撘撚撛撜撝撟",4,"撥撦撧撨撪撫撯撱撲撳撴撶撹撻撽撾撿擁擃擄擆",6,"擏擑擓擔擕擖擙據"],
+["9440","擛擜擝擟擠擡擣擥擧",24,"攁",7,"攊",7,"攓",4,"攙",8],
+["9480","攢攣攤攦",4,"攬攭攰攱攲攳攷攺攼攽敀",4,"敆敇敊敋敍敎敐敒敓敔敗敘敚敜敟敠敡敤敥敧敨敩敪敭敮敯敱敳敵敶數",14,"斈斉斊斍斎斏斒斔斕斖斘斚斝斞斠斢斣斦斨斪斬斮斱",7,"斺斻斾斿旀旂旇旈旉旊旍旐旑旓旔旕旘",7,"旡旣旤旪旫"],
+["9540","旲旳旴旵旸旹旻",4,"昁昄昅昇昈昉昋昍昐昑昒昖昗昘昚昛昜昞昡昢昣昤昦昩昪昫昬昮昰昲昳昷",4,"昽昿晀時晄",6,"晍晎晐晑晘"],
+["9580","晙晛晜晝晞晠晢晣晥晧晩",4,"晱晲晳晵晸晹晻晼晽晿暀暁暃暅暆暈暉暊暋暍暎暏暐暒暓暔暕暘",4,"暞",8,"暩",4,"暯",4,"暵暶暷暸暺暻暼暽暿",25,"曚曞",7,"曧曨曪",5,"曱曵曶書曺曻曽朁朂會"],
+["9640","朄朅朆朇朌朎朏朑朒朓朖朘朙朚朜朞朠",5,"朧朩朮朰朲朳朶朷朸朹朻朼朾朿杁杄杅杇杊杋杍杒杔杕杗",4,"杝杢杣杤杦杧杫杬杮東杴杶"],
+["9680","杸杹杺杻杽枀枂枃枅枆枈枊枌枍枎枏枑枒枓枔枖枙枛枟枠枡枤枦枩枬枮枱枲枴枹",7,"柂柅",9,"柕柖柗柛柟柡柣柤柦柧柨柪柫柭柮柲柵",7,"柾栁栂栃栄栆栍栐栒栔栕栘",4,"栞栟栠栢",6,"栫",6,"栴栵栶栺栻栿桇桋桍桏桒桖",5],
+["9740","桜桝桞桟桪桬",7,"桵桸",8,"梂梄梇",7,"梐梑梒梔梕梖梘",9,"梣梤梥梩梪梫梬梮梱梲梴梶梷梸"],
+["9780","梹",6,"棁棃",5,"棊棌棎棏棐棑棓棔棖棗棙棛",4,"棡棢棤",9,"棯棲棳棴棶棷棸棻棽棾棿椀椂椃椄椆",4,"椌椏椑椓",11,"椡椢椣椥",7,"椮椯椱椲椳椵椶椷椸椺椻椼椾楀楁楃",16,"楕楖楘楙楛楜楟"],
+["9840","楡楢楤楥楧楨楩楪楬業楯楰楲",4,"楺楻楽楾楿榁榃榅榊榋榌榎",5,"榖榗榙榚榝",9,"榩榪榬榮榯榰榲榳榵榶榸榹榺榼榽"],
+["9880","榾榿槀槂",7,"構槍槏槑槒槓槕",5,"槜槝槞槡",11,"槮槯槰槱槳",9,"槾樀",9,"樋",11,"標",5,"樠樢",5,"権樫樬樭樮樰樲樳樴樶",6,"樿",4,"橅橆橈",7,"橑",6,"橚"],
+["9940","橜",4,"橢橣橤橦",10,"橲",6,"橺橻橽橾橿檁檂檃檅",8,"檏檒",4,"檘",7,"檡",5],
+["9980","檧檨檪檭",114,"欥欦欨",6],
+["9a40","欯欰欱欳欴欵欶欸欻欼欽欿歀歁歂歄歅歈歊歋歍",11,"歚",7,"歨歩歫",13,"歺歽歾歿殀殅殈"],
+["9a80","殌殎殏殐殑殔殕殗殘殙殜",4,"殢",7,"殫",7,"殶殸",6,"毀毃毄毆",4,"毌毎毐毑毘毚毜",4,"毢",7,"毬毭毮毰毱毲毴毶毷毸毺毻毼毾",6,"氈",4,"氎氒気氜氝氞氠氣氥氫氬氭氱氳氶氷氹氺氻氼氾氿汃汄汅汈汋",4,"汑汒汓汖汘"],
+["9b40","汙汚汢汣汥汦汧汫",4,"汱汳汵汷汸決汻汼汿沀沄沇沊沋沍沎沑沒沕沖沗沘沚沜沝沞沠沢沨沬沯沰沴沵沶沷沺泀況泂泃泆泇泈泋泍泎泏泑泒泘"],
+["9b80","泙泚泜泝泟泤泦泧泩泬泭泲泴泹泿洀洂洃洅洆洈洉洊洍洏洐洑洓洔洕洖洘洜洝洟",5,"洦洨洩洬洭洯洰洴洶洷洸洺洿浀浂浄浉浌浐浕浖浗浘浛浝浟浡浢浤浥浧浨浫浬浭浰浱浲浳浵浶浹浺浻浽",4,"涃涄涆涇涊涋涍涏涐涒涖",4,"涜涢涥涬涭涰涱涳涴涶涷涹",5,"淁淂淃淈淉淊"],
+["9c40","淍淎淏淐淒淓淔淕淗淚淛淜淟淢淣淥淧淨淩淪淭淯淰淲淴淵淶淸淺淽",7,"渆渇済渉渋渏渒渓渕渘渙減渜渞渟渢渦渧渨渪測渮渰渱渳渵"],
+["9c80","渶渷渹渻",7,"湅",7,"湏湐湑湒湕湗湙湚湜湝湞湠",10,"湬湭湯",14,"満溁溂溄溇溈溊",4,"溑",6,"溙溚溛溝溞溠溡溣溤溦溨溩溫溬溭溮溰溳溵溸溹溼溾溿滀滃滄滅滆滈滉滊滌滍滎滐滒滖滘滙滛滜滝滣滧滪",5],
+["9d40","滰滱滲滳滵滶滷滸滺",7,"漃漄漅漇漈漊",4,"漐漑漒漖",9,"漡漢漣漥漦漧漨漬漮漰漲漴漵漷",6,"漿潀潁潂"],
+["9d80","潃潄潅潈潉潊潌潎",9,"潙潚潛潝潟潠潡潣潤潥潧",5,"潯潰潱潳潵潶潷潹潻潽",6,"澅澆澇澊澋澏",12,"澝澞澟澠澢",4,"澨",10,"澴澵澷澸澺",5,"濁濃",5,"濊",6,"濓",10,"濟濢濣濤濥"],
+["9e40","濦",7,"濰",32,"瀒",7,"瀜",6,"瀤",6],
+["9e80","瀫",9,"瀶瀷瀸瀺",17,"灍灎灐",13,"灟",11,"灮灱灲灳灴灷灹灺灻災炁炂炃炄炆炇炈炋炌炍炏炐炑炓炗炘炚炛炞",12,"炰炲炴炵炶為炾炿烄烅烆烇烉烋",12,"烚"],
+["9f40","烜烝烞烠烡烢烣烥烪烮烰",6,"烸烺烻烼烾",10,"焋",4,"焑焒焔焗焛",10,"焧",7,"焲焳焴"],
+["9f80","焵焷",13,"煆煇煈煉煋煍煏",12,"煝煟",4,"煥煩",4,"煯煰煱煴煵煶煷煹煻煼煾",5,"熅",4,"熋熌熍熎熐熑熒熓熕熖熗熚",4,"熡",6,"熩熪熫熭",5,"熴熶熷熸熺",8,"燄",9,"燏",4],
+["a040","燖",9,"燡燢燣燤燦燨",5,"燯",9,"燺",11,"爇",19],
+["a080","爛爜爞",9,"爩爫爭爮爯爲爳爴爺爼爾牀",6,"牉牊牋牎牏牐牑牓牔牕牗牘牚牜牞牠牣牤牥牨牪牫牬牭牰牱牳牴牶牷牸牻牼牽犂犃犅",4,"犌犎犐犑犓",11,"犠",11,"犮犱犲犳犵犺",6,"狅狆狇狉狊狋狌狏狑狓狔狕狖狘狚狛"],
+["a1a1","　、。·ˉˇ¨〃々—～‖…‘’“”〔〕〈",7,"〖〗【】±×÷∶∧∨∑∏∪∩∈∷√⊥∥∠⌒⊙∫∮≡≌≈∽∝≠≮≯≤≥∞∵∴♂♀°′″℃＄¤￠￡‰§№☆★○●◎◇◆□■△▲※→←↑↓〓"],
+["a2a1","ⅰ",9],
+["a2b1","⒈",19,"⑴",19,"①",9],
+["a2e5","㈠",9],
+["a2f1","Ⅰ",11],
+["a3a1","！＂＃￥％",88,"￣"],
+["a4a1","ぁ",82],
+["a5a1","ァ",85],
+["a6a1","Α",16,"Σ",6],
+["a6c1","α",16,"σ",6],
+["a6e0","︵︶︹︺︿﹀︽︾﹁﹂﹃﹄"],
+["a6ee","︻︼︷︸︱"],
+["a6f4","︳︴"],
+["a7a1","А",5,"ЁЖ",25],
+["a7d1","а",5,"ёж",25],
+["a840","ˊˋ˙–―‥‵℅℉↖↗↘↙∕∟∣≒≦≧⊿═",35,"▁",6],
+["a880","█",7,"▓▔▕▼▽◢◣◤◥☉⊕〒〝〞"],
+["a8a1","āáǎàēéěèīíǐìōóǒòūúǔùǖǘǚǜüêɑ"],
+["a8bd","ńň"],
+["a8c0","ɡ"],
+["a8c5","ㄅ",36],
+["a940","〡",8,"㊣㎎㎏㎜㎝㎞㎡㏄㏎㏑㏒㏕︰￢￤"],
+["a959","℡㈱"],
+["a95c","‐"],
+["a960","ー゛゜ヽヾ〆ゝゞ﹉",9,"﹔﹕﹖﹗﹙",8],
+["a980","﹢",4,"﹨﹩﹪﹫"],
+["a996","〇"],
+["a9a4","─",75],
+["aa40","狜狝狟狢",5,"狪狫狵狶狹狽狾狿猀猂猄",5,"猋猌猍猏猐猑猒猔猘猙猚猟猠猣猤猦猧猨猭猯猰猲猳猵猶猺猻猼猽獀",8],
+["aa80","獉獊獋獌獎獏獑獓獔獕獖獘",7,"獡",10,"獮獰獱"],
+["ab40","獲",11,"獿",4,"玅玆玈玊玌玍玏玐玒玓玔玕玗玘玙玚玜玝玞玠玡玣",5,"玪玬玭玱玴玵玶玸玹玼玽玾玿珁珃",4],
+["ab80","珋珌珎珒",6,"珚珛珜珝珟珡珢珣珤珦珨珪珫珬珮珯珰珱珳",4],
+["ac40","珸",10,"琄琇琈琋琌琍琎琑",8,"琜",5,"琣琤琧琩琫琭琯琱琲琷",4,"琽琾琿瑀瑂",11],
+["ac80","瑎",6,"瑖瑘瑝瑠",12,"瑮瑯瑱",4,"瑸瑹瑺"],
+["ad40","瑻瑼瑽瑿璂璄璅璆璈璉璊璌璍璏璑",10,"璝璟",7,"璪",15,"璻",12],
+["ad80","瓈",9,"瓓",8,"瓝瓟瓡瓥瓧",6,"瓰瓱瓲"],
+["ae40","瓳瓵瓸",6,"甀甁甂甃甅",7,"甎甐甒甔甕甖甗甛甝甞甠",4,"甦甧甪甮甴甶甹甼甽甿畁畂畃畄畆畇畉畊畍畐畑畒畓畕畖畗畘"],
+["ae80","畝",7,"畧畨畩畫",6,"畳畵當畷畺",4,"疀疁疂疄疅疇"],
+["af40","疈疉疊疌疍疎疐疓疕疘疛疜疞疢疦",4,"疭疶疷疺疻疿痀痁痆痋痌痎痏痐痑痓痗痙痚痜痝痟痠痡痥痩痬痭痮痯痲痳痵痶痷痸痺痻痽痾瘂瘄瘆瘇"],
+["af80","瘈瘉瘋瘍瘎瘏瘑瘒瘓瘔瘖瘚瘜瘝瘞瘡瘣瘧瘨瘬瘮瘯瘱瘲瘶瘷瘹瘺瘻瘽癁療癄"],
+["b040","癅",6,"癎",5,"癕癗",4,"癝癟癠癡癢癤",6,"癬癭癮癰",7,"癹発發癿皀皁皃皅皉皊皌皍皏皐皒皔皕皗皘皚皛"],
+["b080","皜",7,"皥",8,"皯皰皳皵",9,"盀盁盃啊阿埃挨哎唉哀皑癌蔼矮艾碍爱隘鞍氨安俺按暗岸胺案肮昂盎凹敖熬翱袄傲奥懊澳芭捌扒叭吧笆八疤巴拔跋靶把耙坝霸罢爸白柏百摆佰败拜稗斑班搬扳般颁板版扮拌伴瓣半办绊邦帮梆榜膀绑棒磅蚌镑傍谤苞胞包褒剥"],
+["b140","盄盇盉盋盌盓盕盙盚盜盝盞盠",4,"盦",7,"盰盳盵盶盷盺盻盽盿眀眂眃眅眆眊県眎",10,"眛眜眝眞眡眣眤眥眧眪眫"],
+["b180","眬眮眰",4,"眹眻眽眾眿睂睄睅睆睈",7,"睒",7,"睜薄雹保堡饱宝抱报暴豹鲍爆杯碑悲卑北辈背贝钡倍狈备惫焙被奔苯本笨崩绷甭泵蹦迸逼鼻比鄙笔彼碧蓖蔽毕毙毖币庇痹闭敝弊必辟壁臂避陛鞭边编贬扁便变卞辨辩辫遍标彪膘表鳖憋别瘪彬斌濒滨宾摈兵冰柄丙秉饼炳"],
+["b240","睝睞睟睠睤睧睩睪睭",11,"睺睻睼瞁瞂瞃瞆",5,"瞏瞐瞓",11,"瞡瞣瞤瞦瞨瞫瞭瞮瞯瞱瞲瞴瞶",4],
+["b280","瞼瞾矀",12,"矎",8,"矘矙矚矝",4,"矤病并玻菠播拨钵波博勃搏铂箔伯帛舶脖膊渤泊驳捕卜哺补埠不布步簿部怖擦猜裁材才财睬踩采彩菜蔡餐参蚕残惭惨灿苍舱仓沧藏操糙槽曹草厕策侧册测层蹭插叉茬茶查碴搽察岔差诧拆柴豺搀掺蝉馋谗缠铲产阐颤昌猖"],
+["b340","矦矨矪矯矰矱矲矴矵矷矹矺矻矼砃",5,"砊砋砎砏砐砓砕砙砛砞砠砡砢砤砨砪砫砮砯砱砲砳砵砶砽砿硁硂硃硄硆硈硉硊硋硍硏硑硓硔硘硙硚"],
+["b380","硛硜硞",11,"硯",7,"硸硹硺硻硽",6,"场尝常长偿肠厂敞畅唱倡超抄钞朝嘲潮巢吵炒车扯撤掣彻澈郴臣辰尘晨忱沉陈趁衬撑称城橙成呈乘程惩澄诚承逞骋秤吃痴持匙池迟弛驰耻齿侈尺赤翅斥炽充冲虫崇宠抽酬畴踌稠愁筹仇绸瞅丑臭初出橱厨躇锄雏滁除楚"],
+["b440","碄碅碆碈碊碋碏碐碒碔碕碖碙碝碞碠碢碤碦碨",7,"碵碶碷碸確碻碼碽碿磀磂磃磄磆磇磈磌磍磎磏磑磒磓磖磗磘磚",9],
+["b480","磤磥磦磧磩磪磫磭",4,"磳磵磶磸磹磻",5,"礂礃礄礆",6,"础储矗搐触处揣川穿椽传船喘串疮窗幢床闯创吹炊捶锤垂春椿醇唇淳纯蠢戳绰疵茨磁雌辞慈瓷词此刺赐次聪葱囱匆从丛凑粗醋簇促蹿篡窜摧崔催脆瘁粹淬翠村存寸磋撮搓措挫错搭达答瘩打大呆歹傣戴带殆代贷袋待逮"],
+["b540","礍",5,"礔",9,"礟",4,"礥",14,"礵",4,"礽礿祂祃祄祅祇祊",8,"祔祕祘祙祡祣"],
+["b580","祤祦祩祪祫祬祮祰",6,"祹祻",4,"禂禃禆禇禈禉禋禌禍禎禐禑禒怠耽担丹单郸掸胆旦氮但惮淡诞弹蛋当挡党荡档刀捣蹈倒岛祷导到稻悼道盗德得的蹬灯登等瞪凳邓堤低滴迪敌笛狄涤翟嫡抵底地蒂第帝弟递缔颠掂滇碘点典靛垫电佃甸店惦奠淀殿碉叼雕凋刁掉吊钓调跌爹碟蝶迭谍叠"],
+["b640","禓",6,"禛",11,"禨",10,"禴",4,"禼禿秂秄秅秇秈秊秌秎秏秐秓秔秖秗秙",5,"秠秡秢秥秨秪"],
+["b680","秬秮秱",6,"秹秺秼秾秿稁稄稅稇稈稉稊稌稏",4,"稕稖稘稙稛稜丁盯叮钉顶鼎锭定订丢东冬董懂动栋侗恫冻洞兜抖斗陡豆逗痘都督毒犊独读堵睹赌杜镀肚度渡妒端短锻段断缎堆兑队对墩吨蹲敦顿囤钝盾遁掇哆多夺垛躲朵跺舵剁惰堕蛾峨鹅俄额讹娥恶厄扼遏鄂饿恩而儿耳尔饵洱二"],
+["b740","稝稟稡稢稤",14,"稴稵稶稸稺稾穀",5,"穇",9,"穒",4,"穘",16],
+["b780","穩",6,"穱穲穳穵穻穼穽穾窂窅窇窉窊窋窌窎窏窐窓窔窙窚窛窞窡窢贰发罚筏伐乏阀法珐藩帆番翻樊矾钒繁凡烦反返范贩犯饭泛坊芳方肪房防妨仿访纺放菲非啡飞肥匪诽吠肺废沸费芬酚吩氛分纷坟焚汾粉奋份忿愤粪丰封枫蜂峰锋风疯烽逢冯缝讽奉凤佛否夫敷肤孵扶拂辐幅氟符伏俘服"],
+["b840","窣窤窧窩窪窫窮",4,"窴",10,"竀",10,"竌",9,"竗竘竚竛竜竝竡竢竤竧",5,"竮竰竱竲竳"],
+["b880","竴",4,"竻竼竾笀笁笂笅笇笉笌笍笎笐笒笓笖笗笘笚笜笝笟笡笢笣笧笩笭浮涪福袱弗甫抚辅俯釜斧脯腑府腐赴副覆赋复傅付阜父腹负富讣附妇缚咐噶嘎该改概钙盖溉干甘杆柑竿肝赶感秆敢赣冈刚钢缸肛纲岗港杠篙皋高膏羔糕搞镐稿告哥歌搁戈鸽胳疙割革葛格蛤阁隔铬个各给根跟耕更庚羹"],
+["b940","笯笰笲笴笵笶笷笹笻笽笿",5,"筆筈筊筍筎筓筕筗筙筜筞筟筡筣",10,"筯筰筳筴筶筸筺筼筽筿箁箂箃箄箆",6,"箎箏"],
+["b980","箑箒箓箖箘箙箚箛箞箟箠箣箤箥箮箯箰箲箳箵箶箷箹",7,"篂篃範埂耿梗工攻功恭龚供躬公宫弓巩汞拱贡共钩勾沟苟狗垢构购够辜菇咕箍估沽孤姑鼓古蛊骨谷股故顾固雇刮瓜剐寡挂褂乖拐怪棺关官冠观管馆罐惯灌贯光广逛瑰规圭硅归龟闺轨鬼诡癸桂柜跪贵刽辊滚棍锅郭国果裹过哈"],
+["ba40","篅篈築篊篋篍篎篏篐篒篔",4,"篛篜篞篟篠篢篣篤篧篨篩篫篬篭篯篰篲",4,"篸篹篺篻篽篿",7,"簈簉簊簍簎簐",5,"簗簘簙"],
+["ba80","簚",4,"簠",5,"簨簩簫",12,"簹",5,"籂骸孩海氦亥害骇酣憨邯韩含涵寒函喊罕翰撼捍旱憾悍焊汗汉夯杭航壕嚎豪毫郝好耗号浩呵喝荷菏核禾和何合盒貉阂河涸赫褐鹤贺嘿黑痕很狠恨哼亨横衡恒轰哄烘虹鸿洪宏弘红喉侯猴吼厚候后呼乎忽瑚壶葫胡蝴狐糊湖"],
+["bb40","籃",9,"籎",36,"籵",5,"籾",9],
+["bb80","粈粊",6,"粓粔粖粙粚粛粠粡粣粦粧粨粩粫粬粭粯粰粴",4,"粺粻弧虎唬护互沪户花哗华猾滑画划化话槐徊怀淮坏欢环桓还缓换患唤痪豢焕涣宦幻荒慌黄磺蝗簧皇凰惶煌晃幌恍谎灰挥辉徽恢蛔回毁悔慧卉惠晦贿秽会烩汇讳诲绘荤昏婚魂浑混豁活伙火获或惑霍货祸击圾基机畸稽积箕"],
+["bc40","粿糀糂糃糄糆糉糋糎",6,"糘糚糛糝糞糡",6,"糩",5,"糰",7,"糹糺糼",13,"紋",5],
+["bc80","紑",14,"紡紣紤紥紦紨紩紪紬紭紮細",6,"肌饥迹激讥鸡姬绩缉吉极棘辑籍集及急疾汲即嫉级挤几脊己蓟技冀季伎祭剂悸济寄寂计记既忌际妓继纪嘉枷夹佳家加荚颊贾甲钾假稼价架驾嫁歼监坚尖笺间煎兼肩艰奸缄茧检柬碱硷拣捡简俭剪减荐槛鉴践贱见键箭件"],
+["bd40","紷",54,"絯",7],
+["bd80","絸",32,"健舰剑饯渐溅涧建僵姜将浆江疆蒋桨奖讲匠酱降蕉椒礁焦胶交郊浇骄娇嚼搅铰矫侥脚狡角饺缴绞剿教酵轿较叫窖揭接皆秸街阶截劫节桔杰捷睫竭洁结解姐戒藉芥界借介疥诫届巾筋斤金今津襟紧锦仅谨进靳晋禁近烬浸"],
+["be40","継",12,"綧",6,"綯",42],
+["be80","線",32,"尽劲荆兢茎睛晶鲸京惊精粳经井警景颈静境敬镜径痉靖竟竞净炯窘揪究纠玖韭久灸九酒厩救旧臼舅咎就疚鞠拘狙疽居驹菊局咀矩举沮聚拒据巨具距踞锯俱句惧炬剧捐鹃娟倦眷卷绢撅攫抉掘倔爵觉决诀绝均菌钧军君峻"],
+["bf40","緻",62],
+["bf80","縺縼",4,"繂",4,"繈",21,"俊竣浚郡骏喀咖卡咯开揩楷凯慨刊堪勘坎砍看康慷糠扛抗亢炕考拷烤靠坷苛柯棵磕颗科壳咳可渴克刻客课肯啃垦恳坑吭空恐孔控抠口扣寇枯哭窟苦酷库裤夸垮挎跨胯块筷侩快宽款匡筐狂框矿眶旷况亏盔岿窥葵奎魁傀"],
+["c040","繞",35,"纃",23,"纜纝纞"],
+["c080","纮纴纻纼绖绤绬绹缊缐缞缷缹缻",6,"罃罆",9,"罒罓馈愧溃坤昆捆困括扩廓阔垃拉喇蜡腊辣啦莱来赖蓝婪栏拦篮阑兰澜谰揽览懒缆烂滥琅榔狼廊郎朗浪捞劳牢老佬姥酪烙涝勒乐雷镭蕾磊累儡垒擂肋类泪棱楞冷厘梨犁黎篱狸离漓理李里鲤礼莉荔吏栗丽厉励砾历利傈例俐"],
+["c140","罖罙罛罜罝罞罠罣",4,"罫罬罭罯罰罳罵罶罷罸罺罻罼罽罿羀羂",7,"羋羍羏",4,"羕",4,"羛羜羠羢羣羥羦羨",6,"羱"],
+["c180","羳",4,"羺羻羾翀翂翃翄翆翇翈翉翋翍翏",4,"翖翗翙",5,"翢翣痢立粒沥隶力璃哩俩联莲连镰廉怜涟帘敛脸链恋炼练粮凉梁粱良两辆量晾亮谅撩聊僚疗燎寥辽潦了撂镣廖料列裂烈劣猎琳林磷霖临邻鳞淋凛赁吝拎玲菱零龄铃伶羚凌灵陵岭领另令溜琉榴硫馏留刘瘤流柳六龙聋咙笼窿"],
+["c240","翤翧翨翪翫翬翭翯翲翴",6,"翽翾翿耂耇耈耉耊耎耏耑耓耚耛耝耞耟耡耣耤耫",5,"耲耴耹耺耼耾聀聁聄聅聇聈聉聎聏聐聑聓聕聖聗"],
+["c280","聙聛",13,"聫",5,"聲",11,"隆垄拢陇楼娄搂篓漏陋芦卢颅庐炉掳卤虏鲁麓碌露路赂鹿潞禄录陆戮驴吕铝侣旅履屡缕虑氯律率滤绿峦挛孪滦卵乱掠略抡轮伦仑沦纶论萝螺罗逻锣箩骡裸落洛骆络妈麻玛码蚂马骂嘛吗埋买麦卖迈脉瞒馒蛮满蔓曼慢漫"],
+["c340","聾肁肂肅肈肊肍",5,"肔肕肗肙肞肣肦肧肨肬肰肳肵肶肸肹肻胅胇",4,"胏",6,"胘胟胠胢胣胦胮胵胷胹胻胾胿脀脁脃脄脅脇脈脋"],
+["c380","脌脕脗脙脛脜脝脟",12,"脭脮脰脳脴脵脷脹",4,"脿谩芒茫盲氓忙莽猫茅锚毛矛铆卯茂冒帽貌贸么玫枚梅酶霉煤没眉媒镁每美昧寐妹媚门闷们萌蒙檬盟锰猛梦孟眯醚靡糜迷谜弥米秘觅泌蜜密幂棉眠绵冕免勉娩缅面苗描瞄藐秒渺庙妙蔑灭民抿皿敏悯闽明螟鸣铭名命谬摸"],
+["c440","腀",5,"腇腉腍腎腏腒腖腗腘腛",4,"腡腢腣腤腦腨腪腫腬腯腲腳腵腶腷腸膁膃",4,"膉膋膌膍膎膐膒",5,"膙膚膞",4,"膤膥"],
+["c480","膧膩膫",7,"膴",5,"膼膽膾膿臄臅臇臈臉臋臍",6,"摹蘑模膜磨摩魔抹末莫墨默沫漠寞陌谋牟某拇牡亩姆母墓暮幕募慕木目睦牧穆拿哪呐钠那娜纳氖乃奶耐奈南男难囊挠脑恼闹淖呢馁内嫩能妮霓倪泥尼拟你匿腻逆溺蔫拈年碾撵捻念娘酿鸟尿捏聂孽啮镊镍涅您柠狞凝宁"],
+["c540","臔",14,"臤臥臦臨臩臫臮",4,"臵",5,"臽臿舃與",4,"舎舏舑舓舕",5,"舝舠舤舥舦舧舩舮舲舺舼舽舿"],
+["c580","艀艁艂艃艅艆艈艊艌艍艎艐",7,"艙艛艜艝艞艠",7,"艩拧泞牛扭钮纽脓浓农弄奴努怒女暖虐疟挪懦糯诺哦欧鸥殴藕呕偶沤啪趴爬帕怕琶拍排牌徘湃派攀潘盘磐盼畔判叛乓庞旁耪胖抛咆刨炮袍跑泡呸胚培裴赔陪配佩沛喷盆砰抨烹澎彭蓬棚硼篷膨朋鹏捧碰坯砒霹批披劈琵毗"],
+["c640","艪艫艬艭艱艵艶艷艸艻艼芀芁芃芅芆芇芉芌芐芓芔芕芖芚芛芞芠芢芣芧芲芵芶芺芻芼芿苀苂苃苅苆苉苐苖苙苚苝苢苧苨苩苪苬苭苮苰苲苳苵苶苸"],
+["c680","苺苼",4,"茊茋茍茐茒茓茖茘茙茝",9,"茩茪茮茰茲茷茻茽啤脾疲皮匹痞僻屁譬篇偏片骗飘漂瓢票撇瞥拼频贫品聘乒坪苹萍平凭瓶评屏坡泼颇婆破魄迫粕剖扑铺仆莆葡菩蒲埔朴圃普浦谱曝瀑期欺栖戚妻七凄漆柒沏其棋奇歧畦崎脐齐旗祈祁骑起岂乞企启契砌器气迄弃汽泣讫掐"],
+["c740","茾茿荁荂荄荅荈荊",4,"荓荕",4,"荝荢荰",6,"荹荺荾",6,"莇莈莊莋莌莍莏莐莑莔莕莖莗莙莚莝莟莡",6,"莬莭莮"],
+["c780","莯莵莻莾莿菂菃菄菆菈菉菋菍菎菐菑菒菓菕菗菙菚菛菞菢菣菤菦菧菨菫菬菭恰洽牵扦钎铅千迁签仟谦乾黔钱钳前潜遣浅谴堑嵌欠歉枪呛腔羌墙蔷强抢橇锹敲悄桥瞧乔侨巧鞘撬翘峭俏窍切茄且怯窃钦侵亲秦琴勤芹擒禽寝沁青轻氢倾卿清擎晴氰情顷请庆琼穷秋丘邱球求囚酋泅趋区蛆曲躯屈驱渠"],
+["c840","菮華菳",4,"菺菻菼菾菿萀萂萅萇萈萉萊萐萒",5,"萙萚萛萞",5,"萩",7,"萲",5,"萹萺萻萾",7,"葇葈葉"],
+["c880","葊",6,"葒",4,"葘葝葞葟葠葢葤",4,"葪葮葯葰葲葴葷葹葻葼取娶龋趣去圈颧权醛泉全痊拳犬券劝缺炔瘸却鹊榷确雀裙群然燃冉染瓤壤攘嚷让饶扰绕惹热壬仁人忍韧任认刃妊纫扔仍日戎茸蓉荣融熔溶容绒冗揉柔肉茹蠕儒孺如辱乳汝入褥软阮蕊瑞锐闰润若弱撒洒萨腮鳃塞赛三叁"],
+["c940","葽",4,"蒃蒄蒅蒆蒊蒍蒏",7,"蒘蒚蒛蒝蒞蒟蒠蒢",12,"蒰蒱蒳蒵蒶蒷蒻蒼蒾蓀蓂蓃蓅蓆蓇蓈蓋蓌蓎蓏蓒蓔蓕蓗"],
+["c980","蓘",4,"蓞蓡蓢蓤蓧",4,"蓭蓮蓯蓱",10,"蓽蓾蔀蔁蔂伞散桑嗓丧搔骚扫嫂瑟色涩森僧莎砂杀刹沙纱傻啥煞筛晒珊苫杉山删煽衫闪陕擅赡膳善汕扇缮墒伤商赏晌上尚裳梢捎稍烧芍勺韶少哨邵绍奢赊蛇舌舍赦摄射慑涉社设砷申呻伸身深娠绅神沈审婶甚肾慎渗声生甥牲升绳"],
+["ca40","蔃",8,"蔍蔎蔏蔐蔒蔔蔕蔖蔘蔙蔛蔜蔝蔞蔠蔢",8,"蔭",9,"蔾",4,"蕄蕅蕆蕇蕋",10],
+["ca80","蕗蕘蕚蕛蕜蕝蕟",4,"蕥蕦蕧蕩",8,"蕳蕵蕶蕷蕸蕼蕽蕿薀薁省盛剩胜圣师失狮施湿诗尸虱十石拾时什食蚀实识史矢使屎驶始式示士世柿事拭誓逝势是嗜噬适仕侍释饰氏市恃室视试收手首守寿授售受瘦兽蔬枢梳殊抒输叔舒淑疏书赎孰熟薯暑曙署蜀黍鼠属术述树束戍竖墅庶数漱"],
+["cb40","薂薃薆薈",6,"薐",10,"薝",6,"薥薦薧薩薫薬薭薱",5,"薸薺",6,"藂",6,"藊",4,"藑藒"],
+["cb80","藔藖",5,"藝",6,"藥藦藧藨藪",14,"恕刷耍摔衰甩帅栓拴霜双爽谁水睡税吮瞬顺舜说硕朔烁斯撕嘶思私司丝死肆寺嗣四伺似饲巳松耸怂颂送宋讼诵搜艘擞嗽苏酥俗素速粟僳塑溯宿诉肃酸蒜算虽隋随绥髓碎岁穗遂隧祟孙损笋蓑梭唆缩琐索锁所塌他它她塔"],
+["cc40","藹藺藼藽藾蘀",4,"蘆",10,"蘒蘓蘔蘕蘗",15,"蘨蘪",13,"蘹蘺蘻蘽蘾蘿虀"],
+["cc80","虁",11,"虒虓處",4,"虛虜虝號虠虡虣",7,"獭挞蹋踏胎苔抬台泰酞太态汰坍摊贪瘫滩坛檀痰潭谭谈坦毯袒碳探叹炭汤塘搪堂棠膛唐糖倘躺淌趟烫掏涛滔绦萄桃逃淘陶讨套特藤腾疼誊梯剔踢锑提题蹄啼体替嚏惕涕剃屉天添填田甜恬舔腆挑条迢眺跳贴铁帖厅听烃"],
+["cd40","虭虯虰虲",6,"蚃",6,"蚎",4,"蚔蚖",5,"蚞",4,"蚥蚦蚫蚭蚮蚲蚳蚷蚸蚹蚻",4,"蛁蛂蛃蛅蛈蛌蛍蛒蛓蛕蛖蛗蛚蛜"],
+["cd80","蛝蛠蛡蛢蛣蛥蛦蛧蛨蛪蛫蛬蛯蛵蛶蛷蛺蛻蛼蛽蛿蜁蜄蜅蜆蜋蜌蜎蜏蜐蜑蜔蜖汀廷停亭庭挺艇通桐酮瞳同铜彤童桶捅筒统痛偷投头透凸秃突图徒途涂屠土吐兔湍团推颓腿蜕褪退吞屯臀拖托脱鸵陀驮驼椭妥拓唾挖哇蛙洼娃瓦袜歪外豌弯湾玩顽丸烷完碗挽晚皖惋宛婉万腕汪王亡枉网往旺望忘妄威"],
+["ce40","蜙蜛蜝蜟蜠蜤蜦蜧蜨蜪蜫蜬蜭蜯蜰蜲蜳蜵蜶蜸蜹蜺蜼蜽蝀",6,"蝊蝋蝍蝏蝐蝑蝒蝔蝕蝖蝘蝚",5,"蝡蝢蝦",7,"蝯蝱蝲蝳蝵"],
+["ce80","蝷蝸蝹蝺蝿螀螁螄螆螇螉螊螌螎",4,"螔螕螖螘",6,"螠",4,"巍微危韦违桅围唯惟为潍维苇萎委伟伪尾纬未蔚味畏胃喂魏位渭谓尉慰卫瘟温蚊文闻纹吻稳紊问嗡翁瓮挝蜗涡窝我斡卧握沃巫呜钨乌污诬屋无芜梧吾吴毋武五捂午舞伍侮坞戊雾晤物勿务悟误昔熙析西硒矽晰嘻吸锡牺"],
+["cf40","螥螦螧螩螪螮螰螱螲螴螶螷螸螹螻螼螾螿蟁",4,"蟇蟈蟉蟌",4,"蟔",6,"蟜蟝蟞蟟蟡蟢蟣蟤蟦蟧蟨蟩蟫蟬蟭蟯",9],
+["cf80","蟺蟻蟼蟽蟿蠀蠁蠂蠄",5,"蠋",7,"蠔蠗蠘蠙蠚蠜",4,"蠣稀息希悉膝夕惜熄烯溪汐犀檄袭席习媳喜铣洗系隙戏细瞎虾匣霞辖暇峡侠狭下厦夏吓掀锨先仙鲜纤咸贤衔舷闲涎弦嫌显险现献县腺馅羡宪陷限线相厢镶香箱襄湘乡翔祥详想响享项巷橡像向象萧硝霄削哮嚣销消宵淆晓"],
+["d040","蠤",13,"蠳",5,"蠺蠻蠽蠾蠿衁衂衃衆",5,"衎",5,"衕衖衘衚",6,"衦衧衪衭衯衱衳衴衵衶衸衹衺"],
+["d080","衻衼袀袃袆袇袉袊袌袎袏袐袑袓袔袕袗",4,"袝",4,"袣袥",5,"小孝校肖啸笑效楔些歇蝎鞋协挟携邪斜胁谐写械卸蟹懈泄泻谢屑薪芯锌欣辛新忻心信衅星腥猩惺兴刑型形邢行醒幸杏性姓兄凶胸匈汹雄熊休修羞朽嗅锈秀袖绣墟戌需虚嘘须徐许蓄酗叙旭序畜恤絮婿绪续轩喧宣悬旋玄"],
+["d140","袬袮袯袰袲",4,"袸袹袺袻袽袾袿裀裃裄裇裈裊裋裌裍裏裐裑裓裖裗裚",4,"裠裡裦裧裩",6,"裲裵裶裷裺裻製裿褀褁褃",5],
+["d180","褉褋",4,"褑褔",4,"褜",4,"褢褣褤褦褧褨褩褬褭褮褯褱褲褳褵褷选癣眩绚靴薛学穴雪血勋熏循旬询寻驯巡殉汛训讯逊迅压押鸦鸭呀丫芽牙蚜崖衙涯雅哑亚讶焉咽阉烟淹盐严研蜒岩延言颜阎炎沿奄掩眼衍演艳堰燕厌砚雁唁彦焰宴谚验殃央鸯秧杨扬佯疡羊洋阳氧仰痒养样漾邀腰妖瑶"],
+["d240","褸",8,"襂襃襅",24,"襠",5,"襧",19,"襼"],
+["d280","襽襾覀覂覄覅覇",26,"摇尧遥窑谣姚咬舀药要耀椰噎耶爷野冶也页掖业叶曳腋夜液一壹医揖铱依伊衣颐夷遗移仪胰疑沂宜姨彝椅蚁倚已乙矣以艺抑易邑屹亿役臆逸肄疫亦裔意毅忆义益溢诣议谊译异翼翌绎茵荫因殷音阴姻吟银淫寅饮尹引隐"],
+["d340","覢",30,"觃觍觓觔觕觗觘觙觛觝觟觠觡觢觤觧觨觩觪觬觭觮觰觱觲觴",6],
+["d380","觻",4,"訁",5,"計",21,"印英樱婴鹰应缨莹萤营荧蝇迎赢盈影颖硬映哟拥佣臃痈庸雍踊蛹咏泳涌永恿勇用幽优悠忧尤由邮铀犹油游酉有友右佑釉诱又幼迂淤于盂榆虞愚舆余俞逾鱼愉渝渔隅予娱雨与屿禹宇语羽玉域芋郁吁遇喻峪御愈欲狱育誉"],
+["d440","訞",31,"訿",8,"詉",21],
+["d480","詟",25,"詺",6,"浴寓裕预豫驭鸳渊冤元垣袁原援辕园员圆猿源缘远苑愿怨院曰约越跃钥岳粤月悦阅耘云郧匀陨允运蕴酝晕韵孕匝砸杂栽哉灾宰载再在咱攒暂赞赃脏葬遭糟凿藻枣早澡蚤躁噪造皂灶燥责择则泽贼怎增憎曾赠扎喳渣札轧"],
+["d540","誁",7,"誋",7,"誔",46],
+["d580","諃",32,"铡闸眨栅榨咋乍炸诈摘斋宅窄债寨瞻毡詹粘沾盏斩辗崭展蘸栈占战站湛绽樟章彰漳张掌涨杖丈帐账仗胀瘴障招昭找沼赵照罩兆肇召遮折哲蛰辙者锗蔗这浙珍斟真甄砧臻贞针侦枕疹诊震振镇阵蒸挣睁征狰争怔整拯正政"],
+["d640","諤",34,"謈",27],
+["d680","謤謥謧",30,"帧症郑证芝枝支吱蜘知肢脂汁之织职直植殖执值侄址指止趾只旨纸志挚掷至致置帜峙制智秩稚质炙痔滞治窒中盅忠钟衷终种肿重仲众舟周州洲诌粥轴肘帚咒皱宙昼骤珠株蛛朱猪诸诛逐竹烛煮拄瞩嘱主著柱助蛀贮铸筑"],
+["d740","譆",31,"譧",4,"譭",25],
+["d780","讇",24,"讬讱讻诇诐诪谉谞住注祝驻抓爪拽专砖转撰赚篆桩庄装妆撞壮状椎锥追赘坠缀谆准捉拙卓桌琢茁酌啄着灼浊兹咨资姿滋淄孜紫仔籽滓子自渍字鬃棕踪宗综总纵邹走奏揍租足卒族祖诅阻组钻纂嘴醉最罪尊遵昨左佐柞做作坐座"],
+["d840","谸",8,"豂豃豄豅豈豊豋豍",7,"豖豗豘豙豛",5,"豣",6,"豬",6,"豴豵豶豷豻",6,"貃貄貆貇"],
+["d880","貈貋貍",6,"貕貖貗貙",20,"亍丌兀丐廿卅丕亘丞鬲孬噩丨禺丿匕乇夭爻卮氐囟胤馗毓睾鼗丶亟鼐乜乩亓芈孛啬嘏仄厍厝厣厥厮靥赝匚叵匦匮匾赜卦卣刂刈刎刭刳刿剀剌剞剡剜蒯剽劂劁劐劓冂罔亻仃仉仂仨仡仫仞伛仳伢佤仵伥伧伉伫佞佧攸佚佝"],
+["d940","貮",62],
+["d980","賭",32,"佟佗伲伽佶佴侑侉侃侏佾佻侪佼侬侔俦俨俪俅俚俣俜俑俟俸倩偌俳倬倏倮倭俾倜倌倥倨偾偃偕偈偎偬偻傥傧傩傺僖儆僭僬僦僮儇儋仝氽佘佥俎龠汆籴兮巽黉馘冁夔勹匍訇匐凫夙兕亠兖亳衮袤亵脔裒禀嬴蠃羸冫冱冽冼"],
+["da40","贎",14,"贠赑赒赗赟赥赨赩赪赬赮赯赱赲赸",8,"趂趃趆趇趈趉趌",4,"趒趓趕",9,"趠趡"],
+["da80","趢趤",12,"趲趶趷趹趻趽跀跁跂跅跇跈跉跊跍跐跒跓跔凇冖冢冥讠讦讧讪讴讵讷诂诃诋诏诎诒诓诔诖诘诙诜诟诠诤诨诩诮诰诳诶诹诼诿谀谂谄谇谌谏谑谒谔谕谖谙谛谘谝谟谠谡谥谧谪谫谮谯谲谳谵谶卩卺阝阢阡阱阪阽阼陂陉陔陟陧陬陲陴隈隍隗隰邗邛邝邙邬邡邴邳邶邺"],
+["db40","跕跘跙跜跠跡跢跥跦跧跩跭跮跰跱跲跴跶跼跾",6,"踆踇踈踋踍踎踐踑踒踓踕",7,"踠踡踤",4,"踫踭踰踲踳踴踶踷踸踻踼踾"],
+["db80","踿蹃蹅蹆蹌",4,"蹓",5,"蹚",11,"蹧蹨蹪蹫蹮蹱邸邰郏郅邾郐郄郇郓郦郢郜郗郛郫郯郾鄄鄢鄞鄣鄱鄯鄹酃酆刍奂劢劬劭劾哿勐勖勰叟燮矍廴凵凼鬯厶弁畚巯坌垩垡塾墼壅壑圩圬圪圳圹圮圯坜圻坂坩垅坫垆坼坻坨坭坶坳垭垤垌垲埏垧垴垓垠埕埘埚埙埒垸埴埯埸埤埝"],
+["dc40","蹳蹵蹷",4,"蹽蹾躀躂躃躄躆躈",6,"躑躒躓躕",6,"躝躟",11,"躭躮躰躱躳",6,"躻",7],
+["dc80","軃",10,"軏",21,"堋堍埽埭堀堞堙塄堠塥塬墁墉墚墀馨鼙懿艹艽艿芏芊芨芄芎芑芗芙芫芸芾芰苈苊苣芘芷芮苋苌苁芩芴芡芪芟苄苎芤苡茉苷苤茏茇苜苴苒苘茌苻苓茑茚茆茔茕苠苕茜荑荛荜茈莒茼茴茱莛荞茯荏荇荃荟荀茗荠茭茺茳荦荥"],
+["dd40","軥",62],
+["dd80","輤",32,"荨茛荩荬荪荭荮莰荸莳莴莠莪莓莜莅荼莶莩荽莸荻莘莞莨莺莼菁萁菥菘堇萘萋菝菽菖萜萸萑萆菔菟萏萃菸菹菪菅菀萦菰菡葜葑葚葙葳蒇蒈葺蒉葸萼葆葩葶蒌蒎萱葭蓁蓍蓐蓦蒽蓓蓊蒿蒺蓠蒡蒹蒴蒗蓥蓣蔌甍蔸蓰蔹蔟蔺"],
+["de40","轅",32,"轪辀辌辒辝辠辡辢辤辥辦辧辪辬辭辮辯農辳辴辵辷辸辺辻込辿迀迃迆"],
+["de80","迉",4,"迏迒迖迗迚迠迡迣迧迬迯迱迲迴迵迶迺迻迼迾迿逇逈逌逎逓逕逘蕖蔻蓿蓼蕙蕈蕨蕤蕞蕺瞢蕃蕲蕻薤薨薇薏蕹薮薜薅薹薷薰藓藁藜藿蘧蘅蘩蘖蘼廾弈夼奁耷奕奚奘匏尢尥尬尴扌扪抟抻拊拚拗拮挢拶挹捋捃掭揶捱捺掎掴捭掬掊捩掮掼揲揸揠揿揄揞揎摒揆掾摅摁搋搛搠搌搦搡摞撄摭撖"],
+["df40","這逜連逤逥逧",5,"逰",4,"逷逹逺逽逿遀遃遅遆遈",4,"過達違遖遙遚遜",5,"遤遦遧適遪遫遬遯",4,"遶",6,"遾邁"],
+["df80","還邅邆邇邉邊邌",4,"邒邔邖邘邚邜邞邟邠邤邥邧邨邩邫邭邲邷邼邽邿郀摺撷撸撙撺擀擐擗擤擢攉攥攮弋忒甙弑卟叱叽叩叨叻吒吖吆呋呒呓呔呖呃吡呗呙吣吲咂咔呷呱呤咚咛咄呶呦咝哐咭哂咴哒咧咦哓哔呲咣哕咻咿哌哙哚哜咩咪咤哝哏哞唛哧唠哽唔哳唢唣唏唑唧唪啧喏喵啉啭啁啕唿啐唼"],
+["e040","郂郃郆郈郉郋郌郍郒郔郕郖郘郙郚郞郟郠郣郤郥郩郪郬郮郰郱郲郳郵郶郷郹郺郻郼郿鄀鄁鄃鄅",19,"鄚鄛鄜"],
+["e080","鄝鄟鄠鄡鄤",10,"鄰鄲",6,"鄺",8,"酄唷啖啵啶啷唳唰啜喋嗒喃喱喹喈喁喟啾嗖喑啻嗟喽喾喔喙嗪嗷嗉嘟嗑嗫嗬嗔嗦嗝嗄嗯嗥嗲嗳嗌嗍嗨嗵嗤辔嘞嘈嘌嘁嘤嘣嗾嘀嘧嘭噘嘹噗嘬噍噢噙噜噌噔嚆噤噱噫噻噼嚅嚓嚯囔囗囝囡囵囫囹囿圄圊圉圜帏帙帔帑帱帻帼"],
+["e140","酅酇酈酑酓酔酕酖酘酙酛酜酟酠酦酧酨酫酭酳酺酻酼醀",4,"醆醈醊醎醏醓",6,"醜",5,"醤",5,"醫醬醰醱醲醳醶醷醸醹醻"],
+["e180","醼",10,"釈釋釐釒",9,"針",8,"帷幄幔幛幞幡岌屺岍岐岖岈岘岙岑岚岜岵岢岽岬岫岱岣峁岷峄峒峤峋峥崂崃崧崦崮崤崞崆崛嵘崾崴崽嵬嵛嵯嵝嵫嵋嵊嵩嵴嶂嶙嶝豳嶷巅彳彷徂徇徉後徕徙徜徨徭徵徼衢彡犭犰犴犷犸狃狁狎狍狒狨狯狩狲狴狷猁狳猃狺"],
+["e240","釦",62],
+["e280","鈥",32,"狻猗猓猡猊猞猝猕猢猹猥猬猸猱獐獍獗獠獬獯獾舛夥飧夤夂饣饧",5,"饴饷饽馀馄馇馊馍馐馑馓馔馕庀庑庋庖庥庠庹庵庾庳赓廒廑廛廨廪膺忄忉忖忏怃忮怄忡忤忾怅怆忪忭忸怙怵怦怛怏怍怩怫怊怿怡恸恹恻恺恂"],
+["e340","鉆",45,"鉵",16],
+["e380","銆",7,"銏",24,"恪恽悖悚悭悝悃悒悌悛惬悻悱惝惘惆惚悴愠愦愕愣惴愀愎愫慊慵憬憔憧憷懔懵忝隳闩闫闱闳闵闶闼闾阃阄阆阈阊阋阌阍阏阒阕阖阗阙阚丬爿戕氵汔汜汊沣沅沐沔沌汨汩汴汶沆沩泐泔沭泷泸泱泗沲泠泖泺泫泮沱泓泯泾"],
+["e440","銨",5,"銯",24,"鋉",31],
+["e480","鋩",32,"洹洧洌浃浈洇洄洙洎洫浍洮洵洚浏浒浔洳涑浯涞涠浞涓涔浜浠浼浣渚淇淅淞渎涿淠渑淦淝淙渖涫渌涮渫湮湎湫溲湟溆湓湔渲渥湄滟溱溘滠漭滢溥溧溽溻溷滗溴滏溏滂溟潢潆潇漤漕滹漯漶潋潴漪漉漩澉澍澌潸潲潼潺濑"],
+["e540","錊",51,"錿",10],
+["e580","鍊",31,"鍫濉澧澹澶濂濡濮濞濠濯瀚瀣瀛瀹瀵灏灞宀宄宕宓宥宸甯骞搴寤寮褰寰蹇謇辶迓迕迥迮迤迩迦迳迨逅逄逋逦逑逍逖逡逵逶逭逯遄遑遒遐遨遘遢遛暹遴遽邂邈邃邋彐彗彖彘尻咫屐屙孱屣屦羼弪弩弭艴弼鬻屮妁妃妍妩妪妣"],
+["e640","鍬",34,"鎐",27],
+["e680","鎬",29,"鏋鏌鏍妗姊妫妞妤姒妲妯姗妾娅娆姝娈姣姘姹娌娉娲娴娑娣娓婀婧婊婕娼婢婵胬媪媛婷婺媾嫫媲嫒嫔媸嫠嫣嫱嫖嫦嫘嫜嬉嬗嬖嬲嬷孀尕尜孚孥孳孑孓孢驵驷驸驺驿驽骀骁骅骈骊骐骒骓骖骘骛骜骝骟骠骢骣骥骧纟纡纣纥纨纩"],
+["e740","鏎",7,"鏗",54],
+["e780","鐎",32,"纭纰纾绀绁绂绉绋绌绐绔绗绛绠绡绨绫绮绯绱绲缍绶绺绻绾缁缂缃缇缈缋缌缏缑缒缗缙缜缛缟缡",6,"缪缫缬缭缯",4,"缵幺畿巛甾邕玎玑玮玢玟珏珂珑玷玳珀珉珈珥珙顼琊珩珧珞玺珲琏琪瑛琦琥琨琰琮琬"],
+["e840","鐯",14,"鐿",43,"鑬鑭鑮鑯"],
+["e880","鑰",20,"钑钖钘铇铏铓铔铚铦铻锜锠琛琚瑁瑜瑗瑕瑙瑷瑭瑾璜璎璀璁璇璋璞璨璩璐璧瓒璺韪韫韬杌杓杞杈杩枥枇杪杳枘枧杵枨枞枭枋杷杼柰栉柘栊柩枰栌柙枵柚枳柝栀柃枸柢栎柁柽栲栳桠桡桎桢桄桤梃栝桕桦桁桧桀栾桊桉栩梵梏桴桷梓桫棂楮棼椟椠棹"],
+["e940","锧锳锽镃镈镋镕镚镠镮镴镵長",7,"門",42],
+["e980","閫",32,"椤棰椋椁楗棣椐楱椹楠楂楝榄楫榀榘楸椴槌榇榈槎榉楦楣楹榛榧榻榫榭槔榱槁槊槟榕槠榍槿樯槭樗樘橥槲橄樾檠橐橛樵檎橹樽樨橘橼檑檐檩檗檫猷獒殁殂殇殄殒殓殍殚殛殡殪轫轭轱轲轳轵轶轸轷轹轺轼轾辁辂辄辇辋"],
+["ea40","闌",27,"闬闿阇阓阘阛阞阠阣",6,"阫阬阭阯阰阷阸阹阺阾陁陃陊陎陏陑陒陓陖陗"],
+["ea80","陘陙陚陜陝陞陠陣陥陦陫陭",4,"陳陸",12,"隇隉隊辍辎辏辘辚軎戋戗戛戟戢戡戥戤戬臧瓯瓴瓿甏甑甓攴旮旯旰昊昙杲昃昕昀炅曷昝昴昱昶昵耆晟晔晁晏晖晡晗晷暄暌暧暝暾曛曜曦曩贲贳贶贻贽赀赅赆赈赉赇赍赕赙觇觊觋觌觎觏觐觑牮犟牝牦牯牾牿犄犋犍犏犒挈挲掰"],
+["eb40","隌階隑隒隓隕隖隚際隝",9,"隨",7,"隱隲隴隵隷隸隺隻隿雂雃雈雊雋雐雑雓雔雖",9,"雡",6,"雫"],
+["eb80","雬雭雮雰雱雲雴雵雸雺電雼雽雿霂霃霅霊霋霌霐霑霒霔霕霗",4,"霝霟霠搿擘耄毪毳毽毵毹氅氇氆氍氕氘氙氚氡氩氤氪氲攵敕敫牍牒牖爰虢刖肟肜肓肼朊肽肱肫肭肴肷胧胨胩胪胛胂胄胙胍胗朐胝胫胱胴胭脍脎胲胼朕脒豚脶脞脬脘脲腈腌腓腴腙腚腱腠腩腼腽腭腧塍媵膈膂膑滕膣膪臌朦臊膻"],
+["ec40","霡",8,"霫霬霮霯霱霳",4,"霺霻霼霽霿",18,"靔靕靗靘靚靜靝靟靣靤靦靧靨靪",7],
+["ec80","靲靵靷",4,"靽",7,"鞆",4,"鞌鞎鞏鞐鞓鞕鞖鞗鞙",4,"臁膦欤欷欹歃歆歙飑飒飓飕飙飚殳彀毂觳斐齑斓於旆旄旃旌旎旒旖炀炜炖炝炻烀炷炫炱烨烊焐焓焖焯焱煳煜煨煅煲煊煸煺熘熳熵熨熠燠燔燧燹爝爨灬焘煦熹戾戽扃扈扉礻祀祆祉祛祜祓祚祢祗祠祯祧祺禅禊禚禧禳忑忐"],
+["ed40","鞞鞟鞡鞢鞤",6,"鞬鞮鞰鞱鞳鞵",46],
+["ed80","韤韥韨韮",4,"韴韷",23,"怼恝恚恧恁恙恣悫愆愍慝憩憝懋懑戆肀聿沓泶淼矶矸砀砉砗砘砑斫砭砜砝砹砺砻砟砼砥砬砣砩硎硭硖硗砦硐硇硌硪碛碓碚碇碜碡碣碲碹碥磔磙磉磬磲礅磴礓礤礞礴龛黹黻黼盱眄眍盹眇眈眚眢眙眭眦眵眸睐睑睇睃睚睨"],
+["ee40","頏",62],
+["ee80","顎",32,"睢睥睿瞍睽瞀瞌瞑瞟瞠瞰瞵瞽町畀畎畋畈畛畲畹疃罘罡罟詈罨罴罱罹羁罾盍盥蠲钅钆钇钋钊钌钍钏钐钔钗钕钚钛钜钣钤钫钪钭钬钯钰钲钴钶",4,"钼钽钿铄铈",6,"铐铑铒铕铖铗铙铘铛铞铟铠铢铤铥铧铨铪"],
+["ef40","顯",5,"颋颎颒颕颙颣風",37,"飏飐飔飖飗飛飜飝飠",4],
+["ef80","飥飦飩",30,"铩铫铮铯铳铴铵铷铹铼铽铿锃锂锆锇锉锊锍锎锏锒",4,"锘锛锝锞锟锢锪锫锩锬锱锲锴锶锷锸锼锾锿镂锵镄镅镆镉镌镎镏镒镓镔镖镗镘镙镛镞镟镝镡镢镤",8,"镯镱镲镳锺矧矬雉秕秭秣秫稆嵇稃稂稞稔"],
+["f040","餈",4,"餎餏餑",28,"餯",26],
+["f080","饊",9,"饖",12,"饤饦饳饸饹饻饾馂馃馉稹稷穑黏馥穰皈皎皓皙皤瓞瓠甬鸠鸢鸨",4,"鸲鸱鸶鸸鸷鸹鸺鸾鹁鹂鹄鹆鹇鹈鹉鹋鹌鹎鹑鹕鹗鹚鹛鹜鹞鹣鹦",6,"鹱鹭鹳疒疔疖疠疝疬疣疳疴疸痄疱疰痃痂痖痍痣痨痦痤痫痧瘃痱痼痿瘐瘀瘅瘌瘗瘊瘥瘘瘕瘙"],
+["f140","馌馎馚",10,"馦馧馩",47],
+["f180","駙",32,"瘛瘼瘢瘠癀瘭瘰瘿瘵癃瘾瘳癍癞癔癜癖癫癯翊竦穸穹窀窆窈窕窦窠窬窨窭窳衤衩衲衽衿袂袢裆袷袼裉裢裎裣裥裱褚裼裨裾裰褡褙褓褛褊褴褫褶襁襦襻疋胥皲皴矜耒耔耖耜耠耢耥耦耧耩耨耱耋耵聃聆聍聒聩聱覃顸颀颃"],
+["f240","駺",62],
+["f280","騹",32,"颉颌颍颏颔颚颛颞颟颡颢颥颦虍虔虬虮虿虺虼虻蚨蚍蚋蚬蚝蚧蚣蚪蚓蚩蚶蛄蚵蛎蚰蚺蚱蚯蛉蛏蚴蛩蛱蛲蛭蛳蛐蜓蛞蛴蛟蛘蛑蜃蜇蛸蜈蜊蜍蜉蜣蜻蜞蜥蜮蜚蜾蝈蜴蜱蜩蜷蜿螂蜢蝽蝾蝻蝠蝰蝌蝮螋蝓蝣蝼蝤蝙蝥螓螯螨蟒"],
+["f340","驚",17,"驲骃骉骍骎骔骕骙骦骩",6,"骲骳骴骵骹骻骽骾骿髃髄髆",4,"髍髎髏髐髒體髕髖髗髙髚髛髜"],
+["f380","髝髞髠髢髣髤髥髧髨髩髪髬髮髰",8,"髺髼",6,"鬄鬅鬆蟆螈螅螭螗螃螫蟥螬螵螳蟋蟓螽蟑蟀蟊蟛蟪蟠蟮蠖蠓蟾蠊蠛蠡蠹蠼缶罂罄罅舐竺竽笈笃笄笕笊笫笏筇笸笪笙笮笱笠笥笤笳笾笞筘筚筅筵筌筝筠筮筻筢筲筱箐箦箧箸箬箝箨箅箪箜箢箫箴篑篁篌篝篚篥篦篪簌篾篼簏簖簋"],
+["f440","鬇鬉",5,"鬐鬑鬒鬔",10,"鬠鬡鬢鬤",10,"鬰鬱鬳",7,"鬽鬾鬿魀魆魊魋魌魎魐魒魓魕",5],
+["f480","魛",32,"簟簪簦簸籁籀臾舁舂舄臬衄舡舢舣舭舯舨舫舸舻舳舴舾艄艉艋艏艚艟艨衾袅袈裘裟襞羝羟羧羯羰羲籼敉粑粝粜粞粢粲粼粽糁糇糌糍糈糅糗糨艮暨羿翎翕翥翡翦翩翮翳糸絷綦綮繇纛麸麴赳趄趔趑趱赧赭豇豉酊酐酎酏酤"],
+["f540","魼",62],
+["f580","鮻",32,"酢酡酰酩酯酽酾酲酴酹醌醅醐醍醑醢醣醪醭醮醯醵醴醺豕鹾趸跫踅蹙蹩趵趿趼趺跄跖跗跚跞跎跏跛跆跬跷跸跣跹跻跤踉跽踔踝踟踬踮踣踯踺蹀踹踵踽踱蹉蹁蹂蹑蹒蹊蹰蹶蹼蹯蹴躅躏躔躐躜躞豸貂貊貅貘貔斛觖觞觚觜"],
+["f640","鯜",62],
+["f680","鰛",32,"觥觫觯訾謦靓雩雳雯霆霁霈霏霎霪霭霰霾龀龃龅",5,"龌黾鼋鼍隹隼隽雎雒瞿雠銎銮鋈錾鍪鏊鎏鐾鑫鱿鲂鲅鲆鲇鲈稣鲋鲎鲐鲑鲒鲔鲕鲚鲛鲞",5,"鲥",4,"鲫鲭鲮鲰",7,"鲺鲻鲼鲽鳄鳅鳆鳇鳊鳋"],
+["f740","鰼",62],
+["f780","鱻鱽鱾鲀鲃鲄鲉鲊鲌鲏鲓鲖鲗鲘鲙鲝鲪鲬鲯鲹鲾",4,"鳈鳉鳑鳒鳚鳛鳠鳡鳌",4,"鳓鳔鳕鳗鳘鳙鳜鳝鳟鳢靼鞅鞑鞒鞔鞯鞫鞣鞲鞴骱骰骷鹘骶骺骼髁髀髅髂髋髌髑魅魃魇魉魈魍魑飨餍餮饕饔髟髡髦髯髫髻髭髹鬈鬏鬓鬟鬣麽麾縻麂麇麈麋麒鏖麝麟黛黜黝黠黟黢黩黧黥黪黯鼢鼬鼯鼹鼷鼽鼾齄"],
+["f840","鳣",62],
+["f880","鴢",32],
+["f940","鵃",62],
+["f980","鶂",32],
+["fa40","鶣",62],
+["fa80","鷢",32],
+["fb40","鸃",27,"鸤鸧鸮鸰鸴鸻鸼鹀鹍鹐鹒鹓鹔鹖鹙鹝鹟鹠鹡鹢鹥鹮鹯鹲鹴",9,"麀"],
+["fb80","麁麃麄麅麆麉麊麌",5,"麔",8,"麞麠",5,"麧麨麩麪"],
+["fc40","麫",8,"麵麶麷麹麺麼麿",4,"黅黆黇黈黊黋黌黐黒黓黕黖黗黙黚點黡黣黤黦黨黫黬黭黮黰",8,"黺黽黿",6],
+["fc80","鼆",4,"鼌鼏鼑鼒鼔鼕鼖鼘鼚",5,"鼡鼣",8,"鼭鼮鼰鼱"],
+["fd40","鼲",4,"鼸鼺鼼鼿",4,"齅",10,"齒",38],
+["fd80","齹",5,"龁龂龍",11,"龜龝龞龡",4,"郎凉秊裏隣"],
+["fe40","兀嗀﨎﨏﨑﨓﨔礼﨟蘒﨡﨣﨤﨧﨨﨩"]
+]
diff --git a/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/cp949.json b/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/cp949.json
new file mode 100644
index 0000000..2022a00
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/cp949.json
@@ -0,0 +1,273 @@
+[
+["0","\u0000",127],
+["8141","갂갃갅갆갋",4,"갘갞갟갡갢갣갥",6,"갮갲갳갴"],
+["8161","갵갶갷갺갻갽갾갿걁",9,"걌걎",5,"걕"],
+["8181","걖걗걙걚걛걝",18,"걲걳걵걶걹걻",4,"겂겇겈겍겎겏겑겒겓겕",6,"겞겢",5,"겫겭겮겱",6,"겺겾겿곀곂곃곅곆곇곉곊곋곍",7,"곖곘",7,"곢곣곥곦곩곫곭곮곲곴곷",4,"곾곿괁괂괃괅괇",4,"괎괐괒괓"],
+["8241","괔괕괖괗괙괚괛괝괞괟괡",7,"괪괫괮",5],
+["8261","괶괷괹괺괻괽",6,"굆굈굊",5,"굑굒굓굕굖굗"],
+["8281","굙",7,"굢굤",7,"굮굯굱굲굷굸굹굺굾궀궃",4,"궊궋궍궎궏궑",10,"궞",5,"궥",17,"궸",7,"귂귃귅귆귇귉",6,"귒귔",7,"귝귞귟귡귢귣귥",18],
+["8341","귺귻귽귾긂",5,"긊긌긎",5,"긕",7],
+["8361","긝",18,"긲긳긵긶긹긻긼"],
+["8381","긽긾긿깂깄깇깈깉깋깏깑깒깓깕깗",4,"깞깢깣깤깦깧깪깫깭깮깯깱",6,"깺깾",5,"꺆",5,"꺍",46,"꺿껁껂껃껅",6,"껎껒",5,"껚껛껝",8],
+["8441","껦껧껩껪껬껮",5,"껵껶껷껹껺껻껽",8],
+["8461","꼆꼉꼊꼋꼌꼎꼏꼑",18],
+["8481","꼤",7,"꼮꼯꼱꼳꼵",6,"꼾꽀꽄꽅꽆꽇꽊",5,"꽑",10,"꽞",5,"꽦",18,"꽺",5,"꾁꾂꾃꾅꾆꾇꾉",6,"꾒꾓꾔꾖",5,"꾝",26,"꾺꾻꾽꾾"],
+["8541","꾿꿁",5,"꿊꿌꿏",4,"꿕",6,"꿝",4],
+["8561","꿢",5,"꿪",5,"꿲꿳꿵꿶꿷꿹",6,"뀂뀃"],
+["8581","뀅",6,"뀍뀎뀏뀑뀒뀓뀕",6,"뀞",9,"뀩",26,"끆끇끉끋끍끏끐끑끒끖끘끚끛끜끞",29,"끾끿낁낂낃낅",6,"낎낐낒",5,"낛낝낞낣낤"],
+["8641","낥낦낧낪낰낲낶낷낹낺낻낽",6,"냆냊",5,"냒"],
+["8661","냓냕냖냗냙",6,"냡냢냣냤냦",10],
+["8681","냱",22,"넊넍넎넏넑넔넕넖넗넚넞",4,"넦넧넩넪넫넭",6,"넶넺",5,"녂녃녅녆녇녉",6,"녒녓녖녗녙녚녛녝녞녟녡",22,"녺녻녽녾녿놁놃",4,"놊놌놎놏놐놑놕놖놗놙놚놛놝"],
+["8741","놞",9,"놩",15],
+["8761","놹",18,"뇍뇎뇏뇑뇒뇓뇕"],
+["8781","뇖",5,"뇞뇠",7,"뇪뇫뇭뇮뇯뇱",7,"뇺뇼뇾",5,"눆눇눉눊눍",6,"눖눘눚",5,"눡",18,"눵",6,"눽",26,"뉙뉚뉛뉝뉞뉟뉡",6,"뉪",4],
+["8841","뉯",4,"뉶",5,"뉽",6,"늆늇늈늊",4],
+["8861","늏늒늓늕늖늗늛",4,"늢늤늧늨늩늫늭늮늯늱늲늳늵늶늷"],
+["8881","늸",15,"닊닋닍닎닏닑닓",4,"닚닜닞닟닠닡닣닧닩닪닰닱닲닶닼닽닾댂댃댅댆댇댉",6,"댒댖",5,"댝",54,"덗덙덚덝덠덡덢덣"],
+["8941","덦덨덪덬덭덯덲덳덵덶덷덹",6,"뎂뎆",5,"뎍"],
+["8961","뎎뎏뎑뎒뎓뎕",10,"뎢",5,"뎩뎪뎫뎭"],
+["8981","뎮",21,"돆돇돉돊돍돏돑돒돓돖돘돚돜돞돟돡돢돣돥돦돧돩",18,"돽",18,"됑",6,"됙됚됛됝됞됟됡",6,"됪됬",7,"됵",15],
+["8a41","둅",10,"둒둓둕둖둗둙",6,"둢둤둦"],
+["8a61","둧",4,"둭",18,"뒁뒂"],
+["8a81","뒃",4,"뒉",19,"뒞",5,"뒥뒦뒧뒩뒪뒫뒭",7,"뒶뒸뒺",5,"듁듂듃듅듆듇듉",6,"듑듒듓듔듖",5,"듞듟듡듢듥듧",4,"듮듰듲",5,"듹",26,"딖딗딙딚딝"],
+["8b41","딞",5,"딦딫",4,"딲딳딵딶딷딹",6,"땂땆"],
+["8b61","땇땈땉땊땎땏땑땒땓땕",6,"땞땢",8],
+["8b81","땫",52,"떢떣떥떦떧떩떬떭떮떯떲떶",4,"떾떿뗁뗂뗃뗅",6,"뗎뗒",5,"뗙",18,"뗭",18],
+["8c41","똀",15,"똒똓똕똖똗똙",4],
+["8c61","똞",6,"똦",5,"똭",6,"똵",5],
+["8c81","똻",12,"뙉",26,"뙥뙦뙧뙩",50,"뚞뚟뚡뚢뚣뚥",5,"뚭뚮뚯뚰뚲",16],
+["8d41","뛃",16,"뛕",8],
+["8d61","뛞",17,"뛱뛲뛳뛵뛶뛷뛹뛺"],
+["8d81","뛻",4,"뜂뜃뜄뜆",33,"뜪뜫뜭뜮뜱",6,"뜺뜼",7,"띅띆띇띉띊띋띍",6,"띖",9,"띡띢띣띥띦띧띩",6,"띲띴띶",5,"띾띿랁랂랃랅",6,"랎랓랔랕랚랛랝랞"],
+["8e41","랟랡",6,"랪랮",5,"랶랷랹",8],
+["8e61","럂",4,"럈럊",19],
+["8e81","럞",13,"럮럯럱럲럳럵",6,"럾렂",4,"렊렋렍렎렏렑",6,"렚렜렞",5,"렦렧렩렪렫렭",6,"렶렺",5,"롁롂롃롅",11,"롒롔",7,"롞롟롡롢롣롥",6,"롮롰롲",5,"롹롺롻롽",7],
+["8f41","뢅",7,"뢎",17],
+["8f61","뢠",7,"뢩",6,"뢱뢲뢳뢵뢶뢷뢹",4],
+["8f81","뢾뢿룂룄룆",5,"룍룎룏룑룒룓룕",7,"룞룠룢",5,"룪룫룭룮룯룱",6,"룺룼룾",5,"뤅",18,"뤙",6,"뤡",26,"뤾뤿륁륂륃륅",6,"륍륎륐륒",5],
+["9041","륚륛륝륞륟륡",6,"륪륬륮",5,"륶륷륹륺륻륽"],
+["9061","륾",5,"릆릈릋릌릏",15],
+["9081","릟",12,"릮릯릱릲릳릵",6,"릾맀맂",5,"맊맋맍맓",4,"맚맜맟맠맢맦맧맩맪맫맭",6,"맶맻",4,"먂",5,"먉",11,"먖",33,"먺먻먽먾먿멁멃멄멅멆"],
+["9141","멇멊멌멏멐멑멒멖멗멙멚멛멝",6,"멦멪",5],
+["9161","멲멳멵멶멷멹",9,"몆몈몉몊몋몍",5],
+["9181","몓",20,"몪몭몮몯몱몳",4,"몺몼몾",5,"뫅뫆뫇뫉",14,"뫚",33,"뫽뫾뫿묁묂묃묅",7,"묎묐묒",5,"묙묚묛묝묞묟묡",6],
+["9241","묨묪묬",7,"묷묹묺묿",4,"뭆뭈뭊뭋뭌뭎뭑뭒"],
+["9261","뭓뭕뭖뭗뭙",7,"뭢뭤",7,"뭭",4],
+["9281","뭲",21,"뮉뮊뮋뮍뮎뮏뮑",18,"뮥뮦뮧뮩뮪뮫뮭",6,"뮵뮶뮸",7,"믁믂믃믅믆믇믉",6,"믑믒믔",35,"믺믻믽믾밁"],
+["9341","밃",4,"밊밎밐밒밓밙밚밠밡밢밣밦밨밪밫밬밮밯밲밳밵"],
+["9361","밶밷밹",6,"뱂뱆뱇뱈뱊뱋뱎뱏뱑",8],
+["9381","뱚뱛뱜뱞",37,"벆벇벉벊벍벏",4,"벖벘벛",4,"벢벣벥벦벩",6,"벲벶",5,"벾벿볁볂볃볅",7,"볎볒볓볔볖볗볙볚볛볝",22,"볷볹볺볻볽"],
+["9441","볾",5,"봆봈봊",5,"봑봒봓봕",8],
+["9461","봞",5,"봥",6,"봭",12],
+["9481","봺",5,"뵁",6,"뵊뵋뵍뵎뵏뵑",6,"뵚",9,"뵥뵦뵧뵩",22,"붂붃붅붆붋",4,"붒붔붖붗붘붛붝",6,"붥",10,"붱",6,"붹",24],
+["9541","뷒뷓뷖뷗뷙뷚뷛뷝",11,"뷪",5,"뷱"],
+["9561","뷲뷳뷵뷶뷷뷹",6,"븁븂븄븆",5,"븎븏븑븒븓"],
+["9581","븕",6,"븞븠",35,"빆빇빉빊빋빍빏",4,"빖빘빜빝빞빟빢빣빥빦빧빩빫",4,"빲빶",4,"빾빿뺁뺂뺃뺅",6,"뺎뺒",5,"뺚",13,"뺩",14],
+["9641","뺸",23,"뻒뻓"],
+["9661","뻕뻖뻙",6,"뻡뻢뻦",5,"뻭",8],
+["9681","뻶",10,"뼂",5,"뼊",13,"뼚뼞",33,"뽂뽃뽅뽆뽇뽉",6,"뽒뽓뽔뽖",44],
+["9741","뾃",16,"뾕",8],
+["9761","뾞",17,"뾱",7],
+["9781","뾹",11,"뿆",5,"뿎뿏뿑뿒뿓뿕",6,"뿝뿞뿠뿢",89,"쀽쀾쀿"],
+["9841","쁀",16,"쁒",5,"쁙쁚쁛"],
+["9861","쁝쁞쁟쁡",6,"쁪",15],
+["9881","쁺",21,"삒삓삕삖삗삙",6,"삢삤삦",5,"삮삱삲삷",4,"삾샂샃샄샆샇샊샋샍샎샏샑",6,"샚샞",5,"샦샧샩샪샫샭",6,"샶샸샺",5,"섁섂섃섅섆섇섉",6,"섑섒섓섔섖",5,"섡섢섥섨섩섪섫섮"],
+["9941","섲섳섴섵섷섺섻섽섾섿셁",6,"셊셎",5,"셖셗"],
+["9961","셙셚셛셝",6,"셦셪",5,"셱셲셳셵셶셷셹셺셻"],
+["9981","셼",8,"솆",5,"솏솑솒솓솕솗",4,"솞솠솢솣솤솦솧솪솫솭솮솯솱",11,"솾",5,"쇅쇆쇇쇉쇊쇋쇍",6,"쇕쇖쇙",6,"쇡쇢쇣쇥쇦쇧쇩",6,"쇲쇴",7,"쇾쇿숁숂숃숅",6,"숎숐숒",5,"숚숛숝숞숡숢숣"],
+["9a41","숤숥숦숧숪숬숮숰숳숵",16],
+["9a61","쉆쉇쉉",6,"쉒쉓쉕쉖쉗쉙",6,"쉡쉢쉣쉤쉦"],
+["9a81","쉧",4,"쉮쉯쉱쉲쉳쉵",6,"쉾슀슂",5,"슊",5,"슑",6,"슙슚슜슞",5,"슦슧슩슪슫슮",5,"슶슸슺",33,"싞싟싡싢싥",5,"싮싰싲싳싴싵싷싺싽싾싿쌁",6,"쌊쌋쌎쌏"],
+["9b41","쌐쌑쌒쌖쌗쌙쌚쌛쌝",6,"쌦쌧쌪",8],
+["9b61","쌳",17,"썆",7],
+["9b81","썎",25,"썪썫썭썮썯썱썳",4,"썺썻썾",5,"쎅쎆쎇쎉쎊쎋쎍",50,"쏁",22,"쏚"],
+["9c41","쏛쏝쏞쏡쏣",4,"쏪쏫쏬쏮",5,"쏶쏷쏹",5],
+["9c61","쏿",8,"쐉",6,"쐑",9],
+["9c81","쐛",8,"쐥",6,"쐭쐮쐯쐱쐲쐳쐵",6,"쐾",9,"쑉",26,"쑦쑧쑩쑪쑫쑭",6,"쑶쑷쑸쑺",5,"쒁",18,"쒕",6,"쒝",12],
+["9d41","쒪",13,"쒹쒺쒻쒽",8],
+["9d61","쓆",25],
+["9d81","쓠",8,"쓪",5,"쓲쓳쓵쓶쓷쓹쓻쓼쓽쓾씂",9,"씍씎씏씑씒씓씕",6,"씝",10,"씪씫씭씮씯씱",6,"씺씼씾",5,"앆앇앋앏앐앑앒앖앚앛앜앟앢앣앥앦앧앩",6,"앲앶",5,"앾앿얁얂얃얅얆얈얉얊얋얎얐얒얓얔"],
+["9e41","얖얙얚얛얝얞얟얡",7,"얪",9,"얶"],
+["9e61","얷얺얿",4,"엋엍엏엒엓엕엖엗엙",6,"엢엤엦엧"],
+["9e81","엨엩엪엫엯엱엲엳엵엸엹엺엻옂옃옄옉옊옋옍옎옏옑",6,"옚옝",6,"옦옧옩옪옫옯옱옲옶옸옺옼옽옾옿왂왃왅왆왇왉",6,"왒왖",5,"왞왟왡",10,"왭왮왰왲",5,"왺왻왽왾왿욁",6,"욊욌욎",5,"욖욗욙욚욛욝",6,"욦"],
+["9f41","욨욪",5,"욲욳욵욶욷욻",4,"웂웄웆",5,"웎"],
+["9f61","웏웑웒웓웕",6,"웞웟웢",5,"웪웫웭웮웯웱웲"],
+["9f81","웳",4,"웺웻웼웾",5,"윆윇윉윊윋윍",6,"윖윘윚",5,"윢윣윥윦윧윩",6,"윲윴윶윸윹윺윻윾윿읁읂읃읅",4,"읋읎읐읙읚읛읝읞읟읡",6,"읩읪읬",7,"읶읷읹읺읻읿잀잁잂잆잋잌잍잏잒잓잕잙잛",4,"잢잧",4,"잮잯잱잲잳잵잶잷"],
+["a041","잸잹잺잻잾쟂",5,"쟊쟋쟍쟏쟑",6,"쟙쟚쟛쟜"],
+["a061","쟞",5,"쟥쟦쟧쟩쟪쟫쟭",13],
+["a081","쟻",4,"젂젃젅젆젇젉젋",4,"젒젔젗",4,"젞젟젡젢젣젥",6,"젮젰젲",5,"젹젺젻젽젾젿졁",6,"졊졋졎",5,"졕",26,"졲졳졵졶졷졹졻",4,"좂좄좈좉좊좎",5,"좕",7,"좞좠좢좣좤"],
+["a141","좥좦좧좩",18,"좾좿죀죁"],
+["a161","죂죃죅죆죇죉죊죋죍",6,"죖죘죚",5,"죢죣죥"],
+["a181","죦",14,"죶",5,"죾죿줁줂줃줇",4,"줎　、。·‥…¨〃­―∥＼∼‘’“”〔〕〈",9,"±×÷≠≤≥∞∴°′″℃Å￠￡￥♂♀∠⊥⌒∂∇≡≒§※☆★○●◎◇◆□■△▲▽▼→←↑↓↔〓≪≫√∽∝∵∫∬∈∋⊆⊇⊂⊃∪∩∧∨￢"],
+["a241","줐줒",5,"줙",18],
+["a261","줭",6,"줵",18],
+["a281","쥈",7,"쥒쥓쥕쥖쥗쥙",6,"쥢쥤",7,"쥭쥮쥯⇒⇔∀∃´～ˇ˘˝˚˙¸˛¡¿ː∮∑∏¤℉‰◁◀▷▶♤♠♡♥♧♣⊙◈▣◐◑▒▤▥▨▧▦▩♨☏☎☜☞¶†‡↕↗↙↖↘♭♩♪♬㉿㈜№㏇™㏂㏘℡€®"],
+["a341","쥱쥲쥳쥵",6,"쥽",10,"즊즋즍즎즏"],
+["a361","즑",6,"즚즜즞",16],
+["a381","즯",16,"짂짃짅짆짉짋",4,"짒짔짗짘짛！",58,"￦］",32,"￣"],
+["a441","짞짟짡짣짥짦짨짩짪짫짮짲",5,"짺짻짽짾짿쨁쨂쨃쨄"],
+["a461","쨅쨆쨇쨊쨎",5,"쨕쨖쨗쨙",12],
+["a481","쨦쨧쨨쨪",28,"ㄱ",93],
+["a541","쩇",4,"쩎쩏쩑쩒쩓쩕",6,"쩞쩢",5,"쩩쩪"],
+["a561","쩫",17,"쩾",5,"쪅쪆"],
+["a581","쪇",16,"쪙",14,"ⅰ",9],
+["a5b0","Ⅰ",9],
+["a5c1","Α",16,"Σ",6],
+["a5e1","α",16,"σ",6],
+["a641","쪨",19,"쪾쪿쫁쫂쫃쫅"],
+["a661","쫆",5,"쫎쫐쫒쫔쫕쫖쫗쫚",5,"쫡",6],
+["a681","쫨쫩쫪쫫쫭",6,"쫵",18,"쬉쬊─│┌┐┘└├┬┤┴┼━┃┏┓┛┗┣┳┫┻╋┠┯┨┷┿┝┰┥┸╂┒┑┚┙┖┕┎┍┞┟┡┢┦┧┩┪┭┮┱┲┵┶┹┺┽┾╀╁╃",7],
+["a741","쬋",4,"쬑쬒쬓쬕쬖쬗쬙",6,"쬢",7],
+["a761","쬪",22,"쭂쭃쭄"],
+["a781","쭅쭆쭇쭊쭋쭍쭎쭏쭑",6,"쭚쭛쭜쭞",5,"쭥",7,"㎕㎖㎗ℓ㎘㏄㎣㎤㎥㎦㎙",9,"㏊㎍㎎㎏㏏㎈㎉㏈㎧㎨㎰",9,"㎀",4,"㎺",5,"㎐",4,"Ω㏀㏁㎊㎋㎌㏖㏅㎭㎮㎯㏛㎩㎪㎫㎬㏝㏐㏓㏃㏉㏜㏆"],
+["a841","쭭",10,"쭺",14],
+["a861","쮉",18,"쮝",6],
+["a881","쮤",19,"쮹",11,"ÆЪĦ"],
+["a8a6","IJ"],
+["a8a8","ĿŁØŒºÞŦŊ"],
+["a8b1","㉠",27,"ⓐ",25,"①",14,"½⅓⅔¼¾⅛⅜⅝⅞"],
+["a941","쯅",14,"쯕",10],
+["a961","쯠쯡쯢쯣쯥쯦쯨쯪",18],
+["a981","쯽",14,"찎찏찑찒찓찕",6,"찞찟찠찣찤æđðħıijĸŀłøœßþŧŋʼn㈀",27,"⒜",25,"⑴",14,"¹²³⁴ⁿ₁₂₃₄"],
+["aa41","찥찦찪찫찭찯찱",6,"찺찿",4,"챆챇챉챊챋챍챎"],
+["aa61","챏",4,"챖챚",5,"챡챢챣챥챧챩",6,"챱챲"],
+["aa81","챳챴챶",29,"ぁ",82],
+["ab41","첔첕첖첗첚첛첝첞첟첡",6,"첪첮",5,"첶첷첹"],
+["ab61","첺첻첽",6,"쳆쳈쳊",5,"쳑쳒쳓쳕",5],
+["ab81","쳛",8,"쳥",6,"쳭쳮쳯쳱",12,"ァ",85],
+["ac41","쳾쳿촀촂",5,"촊촋촍촎촏촑",6,"촚촜촞촟촠"],
+["ac61","촡촢촣촥촦촧촩촪촫촭",11,"촺",4],
+["ac81","촿",28,"쵝쵞쵟А",5,"ЁЖ",25],
+["acd1","а",5,"ёж",25],
+["ad41","쵡쵢쵣쵥",6,"쵮쵰쵲",5,"쵹",7],
+["ad61","춁",6,"춉",10,"춖춗춙춚춛춝춞춟"],
+["ad81","춠춡춢춣춦춨춪",5,"춱",18,"췅"],
+["ae41","췆",5,"췍췎췏췑",16],
+["ae61","췢",5,"췩췪췫췭췮췯췱",6,"췺췼췾",4],
+["ae81","츃츅츆츇츉츊츋츍",6,"츕츖츗츘츚",5,"츢츣츥츦츧츩츪츫"],
+["af41","츬츭츮츯츲츴츶",19],
+["af61","칊",13,"칚칛칝칞칢",5,"칪칬"],
+["af81","칮",5,"칶칷칹칺칻칽",6,"캆캈캊",5,"캒캓캕캖캗캙"],
+["b041","캚",5,"캢캦",5,"캮",12],
+["b061","캻",5,"컂",19],
+["b081","컖",13,"컦컧컩컪컭",6,"컶컺",5,"가각간갇갈갉갊감",7,"같",4,"갠갤갬갭갯갰갱갸갹갼걀걋걍걔걘걜거걱건걷걸걺검겁것겄겅겆겉겊겋게겐겔겜겝겟겠겡겨격겪견겯결겸겹겻겼경곁계곈곌곕곗고곡곤곧골곪곬곯곰곱곳공곶과곽관괄괆"],
+["b141","켂켃켅켆켇켉",6,"켒켔켖",5,"켝켞켟켡켢켣"],
+["b161","켥",6,"켮켲",5,"켹",11],
+["b181","콅",14,"콖콗콙콚콛콝",6,"콦콨콪콫콬괌괍괏광괘괜괠괩괬괭괴괵괸괼굄굅굇굉교굔굘굡굣구국군굳굴굵굶굻굼굽굿궁궂궈궉권궐궜궝궤궷귀귁귄귈귐귑귓규균귤그극근귿글긁금급긋긍긔기긱긴긷길긺김깁깃깅깆깊까깍깎깐깔깖깜깝깟깠깡깥깨깩깬깰깸"],
+["b241","콭콮콯콲콳콵콶콷콹",6,"쾁쾂쾃쾄쾆",5,"쾍"],
+["b261","쾎",18,"쾢",5,"쾩"],
+["b281","쾪",5,"쾱",18,"쿅",6,"깹깻깼깽꺄꺅꺌꺼꺽꺾껀껄껌껍껏껐껑께껙껜껨껫껭껴껸껼꼇꼈꼍꼐꼬꼭꼰꼲꼴꼼꼽꼿꽁꽂꽃꽈꽉꽐꽜꽝꽤꽥꽹꾀꾄꾈꾐꾑꾕꾜꾸꾹꾼꿀꿇꿈꿉꿋꿍꿎꿔꿜꿨꿩꿰꿱꿴꿸뀀뀁뀄뀌뀐뀔뀜뀝뀨끄끅끈끊끌끎끓끔끕끗끙"],
+["b341","쿌",19,"쿢쿣쿥쿦쿧쿩"],
+["b361","쿪",5,"쿲쿴쿶",5,"쿽쿾쿿퀁퀂퀃퀅",5],
+["b381","퀋",5,"퀒",5,"퀙",19,"끝끼끽낀낄낌낍낏낑나낙낚난낟날낡낢남납낫",4,"낱낳내낵낸낼냄냅냇냈냉냐냑냔냘냠냥너넉넋넌널넒넓넘넙넛넜넝넣네넥넨넬넴넵넷넸넹녀녁년녈념녑녔녕녘녜녠노녹논놀놂놈놉놋농높놓놔놘놜놨뇌뇐뇔뇜뇝"],
+["b441","퀮",5,"퀶퀷퀹퀺퀻퀽",6,"큆큈큊",5],
+["b461","큑큒큓큕큖큗큙",6,"큡",10,"큮큯"],
+["b481","큱큲큳큵",6,"큾큿킀킂",18,"뇟뇨뇩뇬뇰뇹뇻뇽누눅눈눋눌눔눕눗눙눠눴눼뉘뉜뉠뉨뉩뉴뉵뉼늄늅늉느늑는늘늙늚늠늡늣능늦늪늬늰늴니닉닌닐닒님닙닛닝닢다닥닦단닫",4,"닳담답닷",4,"닿대댁댄댈댐댑댓댔댕댜더덕덖던덛덜덞덟덤덥"],
+["b541","킕",14,"킦킧킩킪킫킭",5],
+["b561","킳킶킸킺",5,"탂탃탅탆탇탊",5,"탒탖",4],
+["b581","탛탞탟탡탢탣탥",6,"탮탲",5,"탹",11,"덧덩덫덮데덱덴델뎀뎁뎃뎄뎅뎌뎐뎔뎠뎡뎨뎬도독돈돋돌돎돐돔돕돗동돛돝돠돤돨돼됐되된될됨됩됫됴두둑둔둘둠둡둣둥둬뒀뒈뒝뒤뒨뒬뒵뒷뒹듀듄듈듐듕드득든듣들듦듬듭듯등듸디딕딘딛딜딤딥딧딨딩딪따딱딴딸"],
+["b641","턅",7,"턎",17],
+["b661","턠",15,"턲턳턵턶턷턹턻턼턽턾"],
+["b681","턿텂텆",5,"텎텏텑텒텓텕",6,"텞텠텢",5,"텩텪텫텭땀땁땃땄땅땋때땍땐땔땜땝땟땠땡떠떡떤떨떪떫떰떱떳떴떵떻떼떽뗀뗄뗌뗍뗏뗐뗑뗘뗬또똑똔똘똥똬똴뙈뙤뙨뚜뚝뚠뚤뚫뚬뚱뛔뛰뛴뛸뜀뜁뜅뜨뜩뜬뜯뜰뜸뜹뜻띄띈띌띔띕띠띤띨띰띱띳띵라락란랄람랍랏랐랑랒랖랗"],
+["b741","텮",13,"텽",6,"톅톆톇톉톊"],
+["b761","톋",20,"톢톣톥톦톧"],
+["b781","톩",6,"톲톴톶톷톸톹톻톽톾톿퇁",14,"래랙랜랠램랩랫랬랭랴략랸럇량러럭런럴럼럽럿렀렁렇레렉렌렐렘렙렛렝려력련렬렴렵렷렸령례롄롑롓로록론롤롬롭롯롱롸롼뢍뢨뢰뢴뢸룀룁룃룅료룐룔룝룟룡루룩룬룰룸룹룻룽뤄뤘뤠뤼뤽륀륄륌륏륑류륙륜률륨륩"],
+["b841","퇐",7,"퇙",17],
+["b861","퇫",8,"퇵퇶퇷퇹",13],
+["b881","툈툊",5,"툑",24,"륫륭르륵른를름릅릇릉릊릍릎리릭린릴림립릿링마막만많",4,"맘맙맛망맞맡맣매맥맨맬맴맵맷맸맹맺먀먁먈먕머먹먼멀멂멈멉멋멍멎멓메멕멘멜멤멥멧멨멩며멱면멸몃몄명몇몌모목몫몬몰몲몸몹못몽뫄뫈뫘뫙뫼"],
+["b941","툪툫툮툯툱툲툳툵",6,"툾퉀퉂",5,"퉉퉊퉋퉌"],
+["b961","퉍",14,"퉝",6,"퉥퉦퉧퉨"],
+["b981","퉩",22,"튂튃튅튆튇튉튊튋튌묀묄묍묏묑묘묜묠묩묫무묵묶문묻물묽묾뭄뭅뭇뭉뭍뭏뭐뭔뭘뭡뭣뭬뮈뮌뮐뮤뮨뮬뮴뮷므믄믈믐믓미믹민믿밀밂밈밉밋밌밍및밑바",4,"받",4,"밤밥밧방밭배백밴밸뱀뱁뱃뱄뱅뱉뱌뱍뱐뱝버벅번벋벌벎범법벗"],
+["ba41","튍튎튏튒튓튔튖",5,"튝튞튟튡튢튣튥",6,"튭"],
+["ba61","튮튯튰튲",5,"튺튻튽튾틁틃",4,"틊틌",5],
+["ba81","틒틓틕틖틗틙틚틛틝",6,"틦",9,"틲틳틵틶틷틹틺벙벚베벡벤벧벨벰벱벳벴벵벼벽변별볍볏볐병볕볘볜보복볶본볼봄봅봇봉봐봔봤봬뵀뵈뵉뵌뵐뵘뵙뵤뵨부북분붇불붉붊붐붑붓붕붙붚붜붤붰붸뷔뷕뷘뷜뷩뷰뷴뷸븀븃븅브븍븐블븜븝븟비빅빈빌빎빔빕빗빙빚빛빠빡빤"],
+["bb41","틻",4,"팂팄팆",5,"팏팑팒팓팕팗",4,"팞팢팣"],
+["bb61","팤팦팧팪팫팭팮팯팱",6,"팺팾",5,"퍆퍇퍈퍉"],
+["bb81","퍊",31,"빨빪빰빱빳빴빵빻빼빽뺀뺄뺌뺍뺏뺐뺑뺘뺙뺨뻐뻑뻔뻗뻘뻠뻣뻤뻥뻬뼁뼈뼉뼘뼙뼛뼜뼝뽀뽁뽄뽈뽐뽑뽕뾔뾰뿅뿌뿍뿐뿔뿜뿟뿡쀼쁑쁘쁜쁠쁨쁩삐삑삔삘삠삡삣삥사삭삯산삳살삵삶삼삽삿샀상샅새색샌샐샘샙샛샜생샤"],
+["bc41","퍪",17,"퍾퍿펁펂펃펅펆펇"],
+["bc61","펈펉펊펋펎펒",5,"펚펛펝펞펟펡",6,"펪펬펮"],
+["bc81","펯",4,"펵펶펷펹펺펻펽",6,"폆폇폊",5,"폑",5,"샥샨샬샴샵샷샹섀섄섈섐섕서",4,"섣설섦섧섬섭섯섰성섶세섹센셀셈셉셋셌셍셔셕션셜셤셥셧셨셩셰셴셸솅소속솎손솔솖솜솝솟송솥솨솩솬솰솽쇄쇈쇌쇔쇗쇘쇠쇤쇨쇰쇱쇳쇼쇽숀숄숌숍숏숑수숙순숟술숨숩숫숭"],
+["bd41","폗폙",7,"폢폤",7,"폮폯폱폲폳폵폶폷"],
+["bd61","폸폹폺폻폾퐀퐂",5,"퐉",13],
+["bd81","퐗",5,"퐞",25,"숯숱숲숴쉈쉐쉑쉔쉘쉠쉥쉬쉭쉰쉴쉼쉽쉿슁슈슉슐슘슛슝스슥슨슬슭슴습슷승시식신싣실싫심십싯싱싶싸싹싻싼쌀쌈쌉쌌쌍쌓쌔쌕쌘쌜쌤쌥쌨쌩썅써썩썬썰썲썸썹썼썽쎄쎈쎌쏀쏘쏙쏜쏟쏠쏢쏨쏩쏭쏴쏵쏸쐈쐐쐤쐬쐰"],
+["be41","퐸",7,"푁푂푃푅",14],
+["be61","푔",7,"푝푞푟푡푢푣푥",7,"푮푰푱푲"],
+["be81","푳",4,"푺푻푽푾풁풃",4,"풊풌풎",5,"풕",8,"쐴쐼쐽쑈쑤쑥쑨쑬쑴쑵쑹쒀쒔쒜쒸쒼쓩쓰쓱쓴쓸쓺쓿씀씁씌씐씔씜씨씩씬씰씸씹씻씽아악안앉않알앍앎앓암압앗았앙앝앞애액앤앨앰앱앳앴앵야약얀얄얇얌얍얏양얕얗얘얜얠얩어억언얹얻얼얽얾엄",6,"엌엎"],
+["bf41","풞",10,"풪",14],
+["bf61","풹",18,"퓍퓎퓏퓑퓒퓓퓕"],
+["bf81","퓖",5,"퓝퓞퓠",7,"퓩퓪퓫퓭퓮퓯퓱",6,"퓹퓺퓼에엑엔엘엠엡엣엥여역엮연열엶엷염",5,"옅옆옇예옌옐옘옙옛옜오옥온올옭옮옰옳옴옵옷옹옻와왁완왈왐왑왓왔왕왜왝왠왬왯왱외왹왼욀욈욉욋욍요욕욘욜욤욥욧용우욱운울욹욺움웁웃웅워웍원월웜웝웠웡웨"],
+["c041","퓾",5,"픅픆픇픉픊픋픍",6,"픖픘",5],
+["c061","픞",25],
+["c081","픸픹픺픻픾픿핁핂핃핅",6,"핎핐핒",5,"핚핛핝핞핟핡핢핣웩웬웰웸웹웽위윅윈윌윔윕윗윙유육윤율윰윱윳융윷으윽은을읊음읍읏응",7,"읜읠읨읫이익인일읽읾잃임입잇있잉잊잎자작잔잖잗잘잚잠잡잣잤장잦재잭잰잴잼잽잿쟀쟁쟈쟉쟌쟎쟐쟘쟝쟤쟨쟬저적전절젊"],
+["c141","핤핦핧핪핬핮",5,"핶핷핹핺핻핽",6,"햆햊햋"],
+["c161","햌햍햎햏햑",19,"햦햧"],
+["c181","햨",31,"점접젓정젖제젝젠젤젬젭젯젱져젼졀졈졉졌졍졔조족존졸졺좀좁좃종좆좇좋좌좍좔좝좟좡좨좼좽죄죈죌죔죕죗죙죠죡죤죵주죽준줄줅줆줌줍줏중줘줬줴쥐쥑쥔쥘쥠쥡쥣쥬쥰쥴쥼즈즉즌즐즘즙즛증지직진짇질짊짐집짓"],
+["c241","헊헋헍헎헏헑헓",4,"헚헜헞",5,"헦헧헩헪헫헭헮"],
+["c261","헯",4,"헶헸헺",5,"혂혃혅혆혇혉",6,"혒"],
+["c281","혖",5,"혝혞혟혡혢혣혥",7,"혮",9,"혺혻징짖짙짚짜짝짠짢짤짧짬짭짯짰짱째짹짼쨀쨈쨉쨋쨌쨍쨔쨘쨩쩌쩍쩐쩔쩜쩝쩟쩠쩡쩨쩽쪄쪘쪼쪽쫀쫄쫌쫍쫏쫑쫓쫘쫙쫠쫬쫴쬈쬐쬔쬘쬠쬡쭁쭈쭉쭌쭐쭘쭙쭝쭤쭸쭹쮜쮸쯔쯤쯧쯩찌찍찐찔찜찝찡찢찧차착찬찮찰참찹찻"],
+["c341","혽혾혿홁홂홃홄홆홇홊홌홎홏홐홒홓홖홗홙홚홛홝",4],
+["c361","홢",4,"홨홪",5,"홲홳홵",11],
+["c381","횁횂횄횆",5,"횎횏횑횒횓횕",7,"횞횠횢",5,"횩횪찼창찾채책챈챌챔챕챗챘챙챠챤챦챨챰챵처척천철첨첩첫첬청체첵첸첼쳄쳅쳇쳉쳐쳔쳤쳬쳰촁초촉촌촐촘촙촛총촤촨촬촹최쵠쵤쵬쵭쵯쵱쵸춈추축춘출춤춥춧충춰췄췌췐취췬췰췸췹췻췽츄츈츌츔츙츠측츤츨츰츱츳층"],
+["c441","횫횭횮횯횱",7,"횺횼",7,"훆훇훉훊훋"],
+["c461","훍훎훏훐훒훓훕훖훘훚",5,"훡훢훣훥훦훧훩",4],
+["c481","훮훯훱훲훳훴훶",5,"훾훿휁휂휃휅",11,"휒휓휔치칙친칟칠칡침칩칫칭카칵칸칼캄캅캇캉캐캑캔캘캠캡캣캤캥캬캭컁커컥컨컫컬컴컵컷컸컹케켁켄켈켐켑켓켕켜켠켤켬켭켯켰켱켸코콕콘콜콤콥콧콩콰콱콴콸쾀쾅쾌쾡쾨쾰쿄쿠쿡쿤쿨쿰쿱쿳쿵쿼퀀퀄퀑퀘퀭퀴퀵퀸퀼"],
+["c541","휕휖휗휚휛휝휞휟휡",6,"휪휬휮",5,"휶휷휹"],
+["c561","휺휻휽",6,"흅흆흈흊",5,"흒흓흕흚",4],
+["c581","흟흢흤흦흧흨흪흫흭흮흯흱흲흳흵",6,"흾흿힀힂",5,"힊힋큄큅큇큉큐큔큘큠크큭큰클큼큽킁키킥킨킬킴킵킷킹타탁탄탈탉탐탑탓탔탕태택탠탤탬탭탯탰탱탸턍터턱턴털턺텀텁텃텄텅테텍텐텔템텝텟텡텨텬텼톄톈토톡톤톨톰톱톳통톺톼퇀퇘퇴퇸툇툉툐투툭툰툴툼툽툿퉁퉈퉜"],
+["c641","힍힎힏힑",6,"힚힜힞",5],
+["c6a1","퉤튀튁튄튈튐튑튕튜튠튤튬튱트특튼튿틀틂틈틉틋틔틘틜틤틥티틱틴틸팀팁팃팅파팍팎판팔팖팜팝팟팠팡팥패팩팬팰팸팹팻팼팽퍄퍅퍼퍽펀펄펌펍펏펐펑페펙펜펠펨펩펫펭펴편펼폄폅폈평폐폘폡폣포폭폰폴폼폽폿퐁"],
+["c7a1","퐈퐝푀푄표푠푤푭푯푸푹푼푿풀풂품풉풋풍풔풩퓌퓐퓔퓜퓟퓨퓬퓰퓸퓻퓽프픈플픔픕픗피픽핀필핌핍핏핑하학한할핥함합핫항해핵핸핼햄햅햇했행햐향허헉헌헐헒험헙헛헝헤헥헨헬헴헵헷헹혀혁현혈혐협혓혔형혜혠"],
+["c8a1","혤혭호혹혼홀홅홈홉홋홍홑화확환활홧황홰홱홴횃횅회획횐횔횝횟횡효횬횰횹횻후훅훈훌훑훔훗훙훠훤훨훰훵훼훽휀휄휑휘휙휜휠휨휩휫휭휴휵휸휼흄흇흉흐흑흔흖흗흘흙흠흡흣흥흩희흰흴흼흽힁히힉힌힐힘힙힛힝"],
+["caa1","伽佳假價加可呵哥嘉嫁家暇架枷柯歌珂痂稼苛茄街袈訶賈跏軻迦駕刻却各恪慤殼珏脚覺角閣侃刊墾奸姦干幹懇揀杆柬桿澗癎看磵稈竿簡肝艮艱諫間乫喝曷渴碣竭葛褐蝎鞨勘坎堪嵌感憾戡敢柑橄減甘疳監瞰紺邯鑑鑒龕"],
+["cba1","匣岬甲胛鉀閘剛堈姜岡崗康强彊慷江畺疆糠絳綱羌腔舡薑襁講鋼降鱇介价個凱塏愷愾慨改槪漑疥皆盖箇芥蓋豈鎧開喀客坑更粳羹醵倨去居巨拒据據擧渠炬祛距踞車遽鉅鋸乾件健巾建愆楗腱虔蹇鍵騫乞傑杰桀儉劍劒檢"],
+["cca1","瞼鈐黔劫怯迲偈憩揭擊格檄激膈覡隔堅牽犬甄絹繭肩見譴遣鵑抉決潔結缺訣兼慊箝謙鉗鎌京俓倞傾儆勁勍卿坰境庚徑慶憬擎敬景暻更梗涇炅烱璟璥瓊痙硬磬竟競絅經耕耿脛莖警輕逕鏡頃頸驚鯨係啓堺契季屆悸戒桂械"],
+["cda1","棨溪界癸磎稽系繫繼計誡谿階鷄古叩告呱固姑孤尻庫拷攷故敲暠枯槁沽痼皐睾稿羔考股膏苦苽菰藁蠱袴誥賈辜錮雇顧高鼓哭斛曲梏穀谷鵠困坤崑昆梱棍滾琨袞鯤汨滑骨供公共功孔工恐恭拱控攻珙空蚣貢鞏串寡戈果瓜"],
+["cea1","科菓誇課跨過鍋顆廓槨藿郭串冠官寬慣棺款灌琯瓘管罐菅觀貫關館刮恝括适侊光匡壙廣曠洸炚狂珖筐胱鑛卦掛罫乖傀塊壞怪愧拐槐魁宏紘肱轟交僑咬喬嬌嶠巧攪敎校橋狡皎矯絞翹膠蕎蛟較轎郊餃驕鮫丘久九仇俱具勾"],
+["cfa1","區口句咎嘔坵垢寇嶇廐懼拘救枸柩構歐毆毬求溝灸狗玖球瞿矩究絿耉臼舅舊苟衢謳購軀逑邱鉤銶駒驅鳩鷗龜國局菊鞠鞫麴君窘群裙軍郡堀屈掘窟宮弓穹窮芎躬倦券勸卷圈拳捲權淃眷厥獗蕨蹶闕机櫃潰詭軌饋句晷歸貴"],
+["d0a1","鬼龜叫圭奎揆槻珪硅窺竅糾葵規赳逵閨勻均畇筠菌鈞龜橘克剋劇戟棘極隙僅劤勤懃斤根槿瑾筋芹菫覲謹近饉契今妗擒昑檎琴禁禽芩衾衿襟金錦伋及急扱汲級給亘兢矜肯企伎其冀嗜器圻基埼夔奇妓寄岐崎己幾忌技旗旣"],
+["d1a1","朞期杞棋棄機欺氣汽沂淇玘琦琪璂璣畸畿碁磯祁祇祈祺箕紀綺羈耆耭肌記譏豈起錡錤飢饑騎騏驥麒緊佶吉拮桔金喫儺喇奈娜懦懶拏拿癩",5,"那樂",4,"諾酪駱亂卵暖欄煖爛蘭難鸞捏捺南嵐枏楠湳濫男藍襤拉"],
+["d2a1","納臘蠟衲囊娘廊",4,"乃來內奈柰耐冷女年撚秊念恬拈捻寧寗努勞奴弩怒擄櫓爐瑙盧",5,"駑魯",10,"濃籠聾膿農惱牢磊腦賂雷尿壘",7,"嫩訥杻紐勒",5,"能菱陵尼泥匿溺多茶"],
+["d3a1","丹亶但單團壇彖斷旦檀段湍短端簞緞蛋袒鄲鍛撻澾獺疸達啖坍憺擔曇淡湛潭澹痰聃膽蕁覃談譚錟沓畓答踏遝唐堂塘幢戇撞棠當糖螳黨代垈坮大對岱帶待戴擡玳臺袋貸隊黛宅德悳倒刀到圖堵塗導屠島嶋度徒悼挑掉搗桃"],
+["d4a1","棹櫂淘渡滔濤燾盜睹禱稻萄覩賭跳蹈逃途道都鍍陶韜毒瀆牘犢獨督禿篤纛讀墩惇敦旽暾沌焞燉豚頓乭突仝冬凍動同憧東桐棟洞潼疼瞳童胴董銅兜斗杜枓痘竇荳讀豆逗頭屯臀芚遁遯鈍得嶝橙燈登等藤謄鄧騰喇懶拏癩羅"],
+["d5a1","蘿螺裸邏樂洛烙珞絡落諾酪駱丹亂卵欄欒瀾爛蘭鸞剌辣嵐擥攬欖濫籃纜藍襤覽拉臘蠟廊朗浪狼琅瑯螂郞來崍徠萊冷掠略亮倆兩凉梁樑粮粱糧良諒輛量侶儷勵呂廬慮戾旅櫚濾礪藜蠣閭驢驪麗黎力曆歷瀝礫轢靂憐戀攣漣"],
+["d6a1","煉璉練聯蓮輦連鍊冽列劣洌烈裂廉斂殮濂簾獵令伶囹寧岺嶺怜玲笭羚翎聆逞鈴零靈領齡例澧禮醴隷勞怒撈擄櫓潞瀘爐盧老蘆虜路輅露魯鷺鹵碌祿綠菉錄鹿麓論壟弄朧瀧瓏籠聾儡瀨牢磊賂賚賴雷了僚寮廖料燎療瞭聊蓼"],
+["d7a1","遼鬧龍壘婁屢樓淚漏瘻累縷蔞褸鏤陋劉旒柳榴流溜瀏琉瑠留瘤硫謬類六戮陸侖倫崙淪綸輪律慄栗率隆勒肋凜凌楞稜綾菱陵俚利厘吏唎履悧李梨浬犁狸理璃異痢籬罹羸莉裏裡里釐離鯉吝潾燐璘藺躪隣鱗麟林淋琳臨霖砬"],
+["d8a1","立笠粒摩瑪痲碼磨馬魔麻寞幕漠膜莫邈万卍娩巒彎慢挽晩曼滿漫灣瞞萬蔓蠻輓饅鰻唜抹末沫茉襪靺亡妄忘忙望網罔芒茫莽輞邙埋妹媒寐昧枚梅每煤罵買賣邁魅脈貊陌驀麥孟氓猛盲盟萌冪覓免冕勉棉沔眄眠綿緬面麵滅"],
+["d9a1","蔑冥名命明暝椧溟皿瞑茗蓂螟酩銘鳴袂侮冒募姆帽慕摸摹暮某模母毛牟牡瑁眸矛耗芼茅謀謨貌木沐牧目睦穆鶩歿沒夢朦蒙卯墓妙廟描昴杳渺猫竗苗錨務巫憮懋戊拇撫无楙武毋無珷畝繆舞茂蕪誣貿霧鵡墨默們刎吻問文"],
+["daa1","汶紊紋聞蚊門雯勿沕物味媚尾嵋彌微未梶楣渼湄眉米美薇謎迷靡黴岷悶愍憫敏旻旼民泯玟珉緡閔密蜜謐剝博拍搏撲朴樸泊珀璞箔粕縛膊舶薄迫雹駁伴半反叛拌搬攀斑槃泮潘班畔瘢盤盼磐磻礬絆般蟠返頒飯勃拔撥渤潑"],
+["dba1","發跋醱鉢髮魃倣傍坊妨尨幇彷房放方旁昉枋榜滂磅紡肪膀舫芳蒡蚌訪謗邦防龐倍俳北培徘拜排杯湃焙盃背胚裴裵褙賠輩配陪伯佰帛柏栢白百魄幡樊煩燔番磻繁蕃藩飜伐筏罰閥凡帆梵氾汎泛犯範范法琺僻劈壁擘檗璧癖"],
+["dca1","碧蘗闢霹便卞弁變辨辯邊別瞥鱉鼈丙倂兵屛幷昞昺柄棅炳甁病秉竝輧餠騈保堡報寶普步洑湺潽珤甫菩補褓譜輔伏僕匐卜宓復服福腹茯蔔複覆輹輻馥鰒本乶俸奉封峯峰捧棒烽熢琫縫蓬蜂逢鋒鳳不付俯傅剖副否咐埠夫婦"],
+["dda1","孚孵富府復扶敷斧浮溥父符簿缶腐腑膚艀芙莩訃負賦賻赴趺部釜阜附駙鳧北分吩噴墳奔奮忿憤扮昐汾焚盆粉糞紛芬賁雰不佛弗彿拂崩朋棚硼繃鵬丕備匕匪卑妃婢庇悲憊扉批斐枇榧比毖毗毘沸泌琵痺砒碑秕秘粃緋翡肥"],
+["dea1","脾臂菲蜚裨誹譬費鄙非飛鼻嚬嬪彬斌檳殯浜濱瀕牝玭貧賓頻憑氷聘騁乍事些仕伺似使俟僿史司唆嗣四士奢娑寫寺射巳師徙思捨斜斯柶査梭死沙泗渣瀉獅砂社祀祠私篩紗絲肆舍莎蓑蛇裟詐詞謝賜赦辭邪飼駟麝削數朔索"],
+["dfa1","傘刪山散汕珊産疝算蒜酸霰乷撒殺煞薩三參杉森渗芟蔘衫揷澁鈒颯上傷像償商喪嘗孀尙峠常床庠廂想桑橡湘爽牀狀相祥箱翔裳觴詳象賞霜塞璽賽嗇塞穡索色牲生甥省笙墅壻嶼序庶徐恕抒捿敍暑曙書栖棲犀瑞筮絮緖署"],
+["e0a1","胥舒薯西誓逝鋤黍鼠夕奭席惜昔晳析汐淅潟石碩蓆釋錫仙僊先善嬋宣扇敾旋渲煽琁瑄璇璿癬禪線繕羨腺膳船蘚蟬詵跣選銑鐥饍鮮卨屑楔泄洩渫舌薛褻設說雪齧剡暹殲纖蟾贍閃陝攝涉燮葉城姓宬性惺成星晟猩珹盛省筬"],
+["e1a1","聖聲腥誠醒世勢歲洗稅笹細說貰召嘯塑宵小少巢所掃搔昭梳沼消溯瀟炤燒甦疏疎瘙笑篠簫素紹蔬蕭蘇訴逍遡邵銷韶騷俗屬束涑粟續謖贖速孫巽損蓀遜飡率宋悚松淞訟誦送頌刷殺灑碎鎖衰釗修受嗽囚垂壽嫂守岫峀帥愁"],
+["e2a1","戍手授搜收數樹殊水洙漱燧狩獸琇璲瘦睡秀穗竪粹綏綬繡羞脩茱蒐蓚藪袖誰讐輸遂邃酬銖銹隋隧隨雖需須首髓鬚叔塾夙孰宿淑潚熟琡璹肅菽巡徇循恂旬栒楯橓殉洵淳珣盾瞬筍純脣舜荀蓴蕣詢諄醇錞順馴戌術述鉥崇崧"],
+["e3a1","嵩瑟膝蝨濕拾習褶襲丞乘僧勝升承昇繩蠅陞侍匙嘶始媤尸屎屍市弑恃施是時枾柴猜矢示翅蒔蓍視試詩諡豕豺埴寔式息拭植殖湜熄篒蝕識軾食飾伸侁信呻娠宸愼新晨燼申神紳腎臣莘薪藎蜃訊身辛辰迅失室實悉審尋心沁"],
+["e4a1","沈深瀋甚芯諶什十拾雙氏亞俄兒啞娥峨我牙芽莪蛾衙訝阿雅餓鴉鵝堊岳嶽幄惡愕握樂渥鄂鍔顎鰐齷安岸按晏案眼雁鞍顔鮟斡謁軋閼唵岩巖庵暗癌菴闇壓押狎鴨仰央怏昻殃秧鴦厓哀埃崖愛曖涯碍艾隘靄厄扼掖液縊腋額"],
+["e5a1","櫻罌鶯鸚也倻冶夜惹揶椰爺耶若野弱掠略約若葯蒻藥躍亮佯兩凉壤孃恙揚攘敭暘梁楊樣洋瀁煬痒瘍禳穰糧羊良襄諒讓釀陽量養圄御於漁瘀禦語馭魚齬億憶抑檍臆偃堰彦焉言諺孼蘖俺儼嚴奄掩淹嶪業円予余勵呂女如廬"],
+["e6a1","旅歟汝濾璵礖礪與艅茹輿轝閭餘驪麗黎亦力域役易曆歷疫繹譯轢逆驛嚥堧姸娟宴年延憐戀捐挻撚椽沇沿涎涓淵演漣烟然煙煉燃燕璉硏硯秊筵緣練縯聯衍軟輦蓮連鉛鍊鳶列劣咽悅涅烈熱裂說閱厭廉念捻染殮炎焰琰艶苒"],
+["e7a1","簾閻髥鹽曄獵燁葉令囹塋寧嶺嶸影怜映暎楹榮永泳渶潁濚瀛瀯煐營獰玲瑛瑩瓔盈穎纓羚聆英詠迎鈴鍈零霙靈領乂倪例刈叡曳汭濊猊睿穢芮藝蘂禮裔詣譽豫醴銳隸霓預五伍俉傲午吾吳嗚塢墺奧娛寤悟惡懊敖旿晤梧汚澳"],
+["e8a1","烏熬獒筽蜈誤鰲鼇屋沃獄玉鈺溫瑥瘟穩縕蘊兀壅擁瓮甕癰翁邕雍饔渦瓦窩窪臥蛙蝸訛婉完宛梡椀浣玩琓琬碗緩翫脘腕莞豌阮頑曰往旺枉汪王倭娃歪矮外嵬巍猥畏了僚僥凹堯夭妖姚寥寮尿嶢拗搖撓擾料曜樂橈燎燿瑤療"],
+["e9a1","窈窯繇繞耀腰蓼蟯要謠遙遼邀饒慾欲浴縟褥辱俑傭冗勇埇墉容庸慂榕涌湧溶熔瑢用甬聳茸蓉踊鎔鏞龍于佑偶優又友右宇寓尤愚憂旴牛玗瑀盂祐禑禹紆羽芋藕虞迂遇郵釪隅雨雩勖彧旭昱栯煜稶郁頊云暈橒殞澐熉耘芸蕓"],
+["eaa1","運隕雲韻蔚鬱亐熊雄元原員圓園垣媛嫄寃怨愿援沅洹湲源爰猿瑗苑袁轅遠阮院願鴛月越鉞位偉僞危圍委威尉慰暐渭爲瑋緯胃萎葦蔿蝟衛褘謂違韋魏乳侑儒兪劉唯喩孺宥幼幽庾悠惟愈愉揄攸有杻柔柚柳楡楢油洧流游溜"],
+["eba1","濡猶猷琉瑜由留癒硫紐維臾萸裕誘諛諭踰蹂遊逾遺酉釉鍮類六堉戮毓肉育陸倫允奫尹崙淪潤玧胤贇輪鈗閏律慄栗率聿戎瀜絨融隆垠恩慇殷誾銀隱乙吟淫蔭陰音飮揖泣邑凝應膺鷹依倚儀宜意懿擬椅毅疑矣義艤薏蟻衣誼"],
+["eca1","議醫二以伊利吏夷姨履已弛彛怡易李梨泥爾珥理異痍痢移罹而耳肄苡荑裏裡貽貳邇里離飴餌匿溺瀷益翊翌翼謚人仁刃印吝咽因姻寅引忍湮燐璘絪茵藺蚓認隣靭靷鱗麟一佚佾壹日溢逸鎰馹任壬妊姙恁林淋稔臨荏賃入卄"],
+["eda1","立笠粒仍剩孕芿仔刺咨姉姿子字孜恣慈滋炙煮玆瓷疵磁紫者自茨蔗藉諮資雌作勺嚼斫昨灼炸爵綽芍酌雀鵲孱棧殘潺盞岑暫潛箴簪蠶雜丈仗匠場墻壯奬將帳庄張掌暲杖樟檣欌漿牆狀獐璋章粧腸臟臧莊葬蔣薔藏裝贓醬長"],
+["eea1","障再哉在宰才材栽梓渽滓災縡裁財載齋齎爭箏諍錚佇低儲咀姐底抵杵楮樗沮渚狙猪疽箸紵苧菹著藷詛貯躇這邸雎齟勣吊嫡寂摘敵滴狄炙的積笛籍績翟荻謫賊赤跡蹟迪迹適鏑佃佺傳全典前剪塡塼奠專展廛悛戰栓殿氈澱"],
+["efa1","煎琠田甸畑癲筌箋箭篆纏詮輾轉鈿銓錢鐫電顚顫餞切截折浙癤竊節絶占岾店漸点粘霑鮎點接摺蝶丁井亭停偵呈姃定幀庭廷征情挺政整旌晶晸柾楨檉正汀淀淨渟湞瀞炡玎珽町睛碇禎程穽精綎艇訂諪貞鄭酊釘鉦鋌錠霆靖"],
+["f0a1","靜頂鼎制劑啼堤帝弟悌提梯濟祭第臍薺製諸蹄醍除際霽題齊俎兆凋助嘲弔彫措操早晁曺曹朝條棗槽漕潮照燥爪璪眺祖祚租稠窕粗糟組繰肇藻蚤詔調趙躁造遭釣阻雕鳥族簇足鏃存尊卒拙猝倧宗從悰慫棕淙琮種終綜縱腫"],
+["f1a1","踪踵鍾鐘佐坐左座挫罪主住侏做姝胄呪周嗾奏宙州廚晝朱柱株注洲湊澍炷珠疇籌紂紬綢舟蛛註誅走躊輳週酎酒鑄駐竹粥俊儁准埈寯峻晙樽浚準濬焌畯竣蠢逡遵雋駿茁中仲衆重卽櫛楫汁葺增憎曾拯烝甑症繒蒸證贈之只"],
+["f2a1","咫地址志持指摯支旨智枝枳止池沚漬知砥祉祗紙肢脂至芝芷蜘誌識贄趾遲直稙稷織職唇嗔塵振搢晉晋桭榛殄津溱珍瑨璡畛疹盡眞瞋秦縉縝臻蔯袗診賑軫辰進鎭陣陳震侄叱姪嫉帙桎瓆疾秩窒膣蛭質跌迭斟朕什執潗緝輯"],
+["f3a1","鏶集徵懲澄且侘借叉嗟嵯差次此磋箚茶蹉車遮捉搾着窄錯鑿齪撰澯燦璨瓚竄簒纂粲纘讚贊鑽餐饌刹察擦札紮僭參塹慘慙懺斬站讒讖倉倡創唱娼廠彰愴敞昌昶暢槍滄漲猖瘡窓脹艙菖蒼債埰寀寨彩採砦綵菜蔡采釵冊柵策"],
+["f4a1","責凄妻悽處倜刺剔尺慽戚拓擲斥滌瘠脊蹠陟隻仟千喘天川擅泉淺玔穿舛薦賤踐遷釧闡阡韆凸哲喆徹撤澈綴輟轍鐵僉尖沾添甛瞻簽籤詹諂堞妾帖捷牒疊睫諜貼輒廳晴淸聽菁請靑鯖切剃替涕滯締諦逮遞體初剿哨憔抄招梢"],
+["f5a1","椒楚樵炒焦硝礁礎秒稍肖艸苕草蕉貂超酢醋醮促囑燭矗蜀觸寸忖村邨叢塚寵悤憁摠總聰蔥銃撮催崔最墜抽推椎楸樞湫皺秋芻萩諏趨追鄒酋醜錐錘鎚雛騶鰍丑畜祝竺筑築縮蓄蹙蹴軸逐春椿瑃出朮黜充忠沖蟲衝衷悴膵萃"],
+["f6a1","贅取吹嘴娶就炊翠聚脆臭趣醉驟鷲側仄厠惻測層侈値嗤峙幟恥梔治淄熾痔痴癡稚穉緇緻置致蚩輜雉馳齒則勅飭親七柒漆侵寢枕沈浸琛砧針鍼蟄秤稱快他咤唾墮妥惰打拖朶楕舵陀馱駝倬卓啄坼度托拓擢晫柝濁濯琢琸託"],
+["f7a1","鐸呑嘆坦彈憚歎灘炭綻誕奪脫探眈耽貪塔搭榻宕帑湯糖蕩兌台太怠態殆汰泰笞胎苔跆邰颱宅擇澤撑攄兎吐土討慟桶洞痛筒統通堆槌腿褪退頹偸套妬投透鬪慝特闖坡婆巴把播擺杷波派爬琶破罷芭跛頗判坂板版瓣販辦鈑"],
+["f8a1","阪八叭捌佩唄悖敗沛浿牌狽稗覇貝彭澎烹膨愎便偏扁片篇編翩遍鞭騙貶坪平枰萍評吠嬖幣廢弊斃肺蔽閉陛佈包匍匏咆哺圃布怖抛抱捕暴泡浦疱砲胞脯苞葡蒲袍褒逋鋪飽鮑幅暴曝瀑爆輻俵剽彪慓杓標漂瓢票表豹飇飄驃"],
+["f9a1","品稟楓諷豊風馮彼披疲皮被避陂匹弼必泌珌畢疋筆苾馝乏逼下何厦夏廈昰河瑕荷蝦賀遐霞鰕壑學虐謔鶴寒恨悍旱汗漢澣瀚罕翰閑閒限韓割轄函含咸啣喊檻涵緘艦銜陷鹹合哈盒蛤閤闔陜亢伉姮嫦巷恒抗杭桁沆港缸肛航"],
+["faa1","行降項亥偕咳垓奚孩害懈楷海瀣蟹解該諧邂駭骸劾核倖幸杏荇行享向嚮珦鄕響餉饗香噓墟虛許憲櫶獻軒歇險驗奕爀赫革俔峴弦懸晛泫炫玄玹現眩睍絃絢縣舷衒見賢鉉顯孑穴血頁嫌俠協夾峽挾浹狹脅脇莢鋏頰亨兄刑型"],
+["fba1","形泂滎瀅灐炯熒珩瑩荊螢衡逈邢鎣馨兮彗惠慧暳蕙蹊醯鞋乎互呼壕壺好岵弧戶扈昊晧毫浩淏湖滸澔濠濩灝狐琥瑚瓠皓祜糊縞胡芦葫蒿虎號蝴護豪鎬頀顥惑或酷婚昏混渾琿魂忽惚笏哄弘汞泓洪烘紅虹訌鴻化和嬅樺火畵"],
+["fca1","禍禾花華話譁貨靴廓擴攫確碻穫丸喚奐宦幻患換歡晥桓渙煥環紈還驩鰥活滑猾豁闊凰幌徨恍惶愰慌晃晄榥況湟滉潢煌璜皇篁簧荒蝗遑隍黃匯回廻徊恢悔懷晦會檜淮澮灰獪繪膾茴蛔誨賄劃獲宖橫鐄哮嚆孝效斅曉梟涍淆"],
+["fda1","爻肴酵驍侯候厚后吼喉嗅帿後朽煦珝逅勛勳塤壎焄熏燻薰訓暈薨喧暄煊萱卉喙毁彙徽揮暉煇諱輝麾休携烋畦虧恤譎鷸兇凶匈洶胸黑昕欣炘痕吃屹紇訖欠欽歆吸恰洽翕興僖凞喜噫囍姬嬉希憙憘戱晞曦熙熹熺犧禧稀羲詰"]
+]
diff --git a/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/cp950.json b/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/cp950.json
new file mode 100644
index 0000000..d8bc871
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/cp950.json
@@ -0,0 +1,177 @@
+[
+["0","\u0000",127],
+["a140","　，、。．‧；：？！︰…‥﹐﹑﹒·﹔﹕﹖﹗｜–︱—︳╴︴﹏（）︵︶｛｝︷︸〔〕︹︺【】︻︼《》︽︾〈〉︿﹀「」﹁﹂『』﹃﹄﹙﹚"],
+["a1a1","﹛﹜﹝﹞‘’“”〝〞‵′＃＆＊※§〃○●△▲◎☆★◇◆□■▽▼㊣℅¯￣＿ˍ﹉﹊﹍﹎﹋﹌﹟﹠﹡＋－×÷±√＜＞＝≦≧≠∞≒≡﹢",4,"～∩∪⊥∠∟⊿㏒㏑∫∮∵∴♀♂⊕⊙↑↓←→↖↗↙↘∥∣／"],
+["a240","＼∕﹨＄￥〒￠￡％＠℃℉﹩﹪﹫㏕㎜㎝㎞㏎㎡㎎㎏㏄°兙兛兞兝兡兣嗧瓩糎▁",7,"▏▎▍▌▋▊▉┼┴┬┤├▔─│▕┌┐└┘╭"],
+["a2a1","╮╰╯═╞╪╡◢◣◥◤╱╲╳０",9,"Ⅰ",9,"〡",8,"十卄卅Ａ",25,"ａ",21],
+["a340","ｗｘｙｚΑ",16,"Σ",6,"α",16,"σ",6,"ㄅ",10],
+["a3a1","ㄐ",25,"˙ˉˊˇˋ"],
+["a3e1","€"],
+["a440","一乙丁七乃九了二人儿入八几刀刁力匕十卜又三下丈上丫丸凡久么也乞于亡兀刃勺千叉口土士夕大女子孑孓寸小尢尸山川工己已巳巾干廾弋弓才"],
+["a4a1","丑丐不中丰丹之尹予云井互五亢仁什仃仆仇仍今介仄元允內六兮公冗凶分切刈勻勾勿化匹午升卅卞厄友及反壬天夫太夭孔少尤尺屯巴幻廿弔引心戈戶手扎支文斗斤方日曰月木欠止歹毋比毛氏水火爪父爻片牙牛犬王丙"],
+["a540","世丕且丘主乍乏乎以付仔仕他仗代令仙仞充兄冉冊冬凹出凸刊加功包匆北匝仟半卉卡占卯卮去可古右召叮叩叨叼司叵叫另只史叱台句叭叻四囚外"],
+["a5a1","央失奴奶孕它尼巨巧左市布平幼弁弘弗必戊打扔扒扑斥旦朮本未末札正母民氐永汁汀氾犯玄玉瓜瓦甘生用甩田由甲申疋白皮皿目矛矢石示禾穴立丞丟乒乓乩亙交亦亥仿伉伙伊伕伍伐休伏仲件任仰仳份企伋光兇兆先全"],
+["a640","共再冰列刑划刎刖劣匈匡匠印危吉吏同吊吐吁吋各向名合吃后吆吒因回囝圳地在圭圬圯圩夙多夷夸妄奸妃好她如妁字存宇守宅安寺尖屹州帆并年"],
+["a6a1","式弛忙忖戎戌戍成扣扛托收早旨旬旭曲曳有朽朴朱朵次此死氖汝汗汙江池汐汕污汛汍汎灰牟牝百竹米糸缶羊羽老考而耒耳聿肉肋肌臣自至臼舌舛舟艮色艾虫血行衣西阡串亨位住佇佗佞伴佛何估佐佑伽伺伸佃佔似但佣"],
+["a740","作你伯低伶余佝佈佚兌克免兵冶冷別判利刪刨劫助努劬匣即卵吝吭吞吾否呎吧呆呃吳呈呂君吩告吹吻吸吮吵吶吠吼呀吱含吟听囪困囤囫坊坑址坍"],
+["a7a1","均坎圾坐坏圻壯夾妝妒妨妞妣妙妖妍妤妓妊妥孝孜孚孛完宋宏尬局屁尿尾岐岑岔岌巫希序庇床廷弄弟彤形彷役忘忌志忍忱快忸忪戒我抄抗抖技扶抉扭把扼找批扳抒扯折扮投抓抑抆改攻攸旱更束李杏材村杜杖杞杉杆杠"],
+["a840","杓杗步每求汞沙沁沈沉沅沛汪決沐汰沌汨沖沒汽沃汲汾汴沆汶沍沔沘沂灶灼災灸牢牡牠狄狂玖甬甫男甸皂盯矣私秀禿究系罕肖肓肝肘肛肚育良芒"],
+["a8a1","芋芍見角言谷豆豕貝赤走足身車辛辰迂迆迅迄巡邑邢邪邦那酉釆里防阮阱阪阬並乖乳事些亞享京佯依侍佳使佬供例來侃佰併侈佩佻侖佾侏侑佺兔兒兕兩具其典冽函刻券刷刺到刮制剁劾劻卒協卓卑卦卷卸卹取叔受味呵"],
+["a940","咖呸咕咀呻呷咄咒咆呼咐呱呶和咚呢周咋命咎固垃坷坪坩坡坦坤坼夜奉奇奈奄奔妾妻委妹妮姑姆姐姍始姓姊妯妳姒姅孟孤季宗定官宜宙宛尚屈居"],
+["a9a1","屆岷岡岸岩岫岱岳帘帚帖帕帛帑幸庚店府底庖延弦弧弩往征彿彼忝忠忽念忿怏怔怯怵怖怪怕怡性怩怫怛或戕房戾所承拉拌拄抿拂抹拒招披拓拔拋拈抨抽押拐拙拇拍抵拚抱拘拖拗拆抬拎放斧於旺昔易昌昆昂明昀昏昕昊"],
+["aa40","昇服朋杭枋枕東果杳杷枇枝林杯杰板枉松析杵枚枓杼杪杲欣武歧歿氓氛泣注泳沱泌泥河沽沾沼波沫法泓沸泄油況沮泗泅泱沿治泡泛泊沬泯泜泖泠"],
+["aaa1","炕炎炒炊炙爬爭爸版牧物狀狎狙狗狐玩玨玟玫玥甽疝疙疚的盂盲直知矽社祀祁秉秈空穹竺糾罔羌羋者肺肥肢肱股肫肩肴肪肯臥臾舍芳芝芙芭芽芟芹花芬芥芯芸芣芰芾芷虎虱初表軋迎返近邵邸邱邶采金長門阜陀阿阻附"],
+["ab40","陂隹雨青非亟亭亮信侵侯便俠俑俏保促侶俘俟俊俗侮俐俄係俚俎俞侷兗冒冑冠剎剃削前剌剋則勇勉勃勁匍南卻厚叛咬哀咨哎哉咸咦咳哇哂咽咪品"],
+["aba1","哄哈咯咫咱咻咩咧咿囿垂型垠垣垢城垮垓奕契奏奎奐姜姘姿姣姨娃姥姪姚姦威姻孩宣宦室客宥封屎屏屍屋峙峒巷帝帥帟幽庠度建弈弭彥很待徊律徇後徉怒思怠急怎怨恍恰恨恢恆恃恬恫恪恤扁拜挖按拼拭持拮拽指拱拷"],
+["ac40","拯括拾拴挑挂政故斫施既春昭映昧是星昨昱昤曷柿染柱柔某柬架枯柵柩柯柄柑枴柚查枸柏柞柳枰柙柢柝柒歪殃殆段毒毗氟泉洋洲洪流津洌洱洞洗"],
+["aca1","活洽派洶洛泵洹洧洸洩洮洵洎洫炫為炳炬炯炭炸炮炤爰牲牯牴狩狠狡玷珊玻玲珍珀玳甚甭畏界畎畋疫疤疥疢疣癸皆皇皈盈盆盃盅省盹相眉看盾盼眇矜砂研砌砍祆祉祈祇禹禺科秒秋穿突竿竽籽紂紅紀紉紇約紆缸美羿耄"],
+["ad40","耐耍耑耶胖胥胚胃胄背胡胛胎胞胤胝致舢苧范茅苣苛苦茄若茂茉苒苗英茁苜苔苑苞苓苟苯茆虐虹虻虺衍衫要觔計訂訃貞負赴赳趴軍軌述迦迢迪迥"],
+["ada1","迭迫迤迨郊郎郁郃酋酊重閂限陋陌降面革韋韭音頁風飛食首香乘亳倌倍倣俯倦倥俸倩倖倆值借倚倒們俺倀倔倨俱倡個候倘俳修倭倪俾倫倉兼冤冥冢凍凌准凋剖剜剔剛剝匪卿原厝叟哨唐唁唷哼哥哲唆哺唔哩哭員唉哮哪"],
+["ae40","哦唧唇哽唏圃圄埂埔埋埃堉夏套奘奚娑娘娜娟娛娓姬娠娣娩娥娌娉孫屘宰害家宴宮宵容宸射屑展屐峭峽峻峪峨峰島崁峴差席師庫庭座弱徒徑徐恙"],
+["aea1","恣恥恐恕恭恩息悄悟悚悍悔悌悅悖扇拳挈拿捎挾振捕捂捆捏捉挺捐挽挪挫挨捍捌效敉料旁旅時晉晏晃晒晌晅晁書朔朕朗校核案框桓根桂桔栩梳栗桌桑栽柴桐桀格桃株桅栓栘桁殊殉殷氣氧氨氦氤泰浪涕消涇浦浸海浙涓"],
+["af40","浬涉浮浚浴浩涌涊浹涅浥涔烊烘烤烙烈烏爹特狼狹狽狸狷玆班琉珮珠珪珞畔畝畜畚留疾病症疲疳疽疼疹痂疸皋皰益盍盎眩真眠眨矩砰砧砸砝破砷"],
+["afa1","砥砭砠砟砲祕祐祠祟祖神祝祗祚秤秣秧租秦秩秘窄窈站笆笑粉紡紗紋紊素索純紐紕級紜納紙紛缺罟羔翅翁耆耘耕耙耗耽耿胱脂胰脅胭胴脆胸胳脈能脊胼胯臭臬舀舐航舫舨般芻茫荒荔荊茸荐草茵茴荏茲茹茶茗荀茱茨荃"],
+["b040","虔蚊蚪蚓蚤蚩蚌蚣蚜衰衷袁袂衽衹記訐討訌訕訊託訓訖訏訑豈豺豹財貢起躬軒軔軏辱送逆迷退迺迴逃追逅迸邕郡郝郢酒配酌釘針釗釜釙閃院陣陡"],
+["b0a1","陛陝除陘陞隻飢馬骨高鬥鬲鬼乾偺偽停假偃偌做偉健偶偎偕偵側偷偏倏偯偭兜冕凰剪副勒務勘動匐匏匙匿區匾參曼商啪啦啄啞啡啃啊唱啖問啕唯啤唸售啜唬啣唳啁啗圈國圉域堅堊堆埠埤基堂堵執培夠奢娶婁婉婦婪婀"],
+["b140","娼婢婚婆婊孰寇寅寄寂宿密尉專將屠屜屝崇崆崎崛崖崢崑崩崔崙崤崧崗巢常帶帳帷康庸庶庵庾張強彗彬彩彫得徙從徘御徠徜恿患悉悠您惋悴惦悽"],
+["b1a1","情悻悵惜悼惘惕惆惟悸惚惇戚戛扈掠控捲掖探接捷捧掘措捱掩掉掃掛捫推掄授掙採掬排掏掀捻捩捨捺敝敖救教敗啟敏敘敕敔斜斛斬族旋旌旎晝晚晤晨晦晞曹勗望梁梯梢梓梵桿桶梱梧梗械梃棄梭梆梅梔條梨梟梡梂欲殺"],
+["b240","毫毬氫涎涼淳淙液淡淌淤添淺清淇淋涯淑涮淞淹涸混淵淅淒渚涵淚淫淘淪深淮淨淆淄涪淬涿淦烹焉焊烽烯爽牽犁猜猛猖猓猙率琅琊球理現琍瓠瓶"],
+["b2a1","瓷甜產略畦畢異疏痔痕疵痊痍皎盔盒盛眷眾眼眶眸眺硫硃硎祥票祭移窒窕笠笨笛第符笙笞笮粒粗粕絆絃統紮紹紼絀細紳組累終紲紱缽羞羚翌翎習耜聊聆脯脖脣脫脩脰脤舂舵舷舶船莎莞莘荸莢莖莽莫莒莊莓莉莠荷荻荼"],
+["b340","莆莧處彪蛇蛀蚶蛄蚵蛆蛋蚱蚯蛉術袞袈被袒袖袍袋覓規訪訝訣訥許設訟訛訢豉豚販責貫貨貪貧赧赦趾趺軛軟這逍通逗連速逝逐逕逞造透逢逖逛途"],
+["b3a1","部郭都酗野釵釦釣釧釭釩閉陪陵陳陸陰陴陶陷陬雀雪雩章竟頂頃魚鳥鹵鹿麥麻傢傍傅備傑傀傖傘傚最凱割剴創剩勞勝勛博厥啻喀喧啼喊喝喘喂喜喪喔喇喋喃喳單喟唾喲喚喻喬喱啾喉喫喙圍堯堪場堤堰報堡堝堠壹壺奠"],
+["b440","婷媚婿媒媛媧孳孱寒富寓寐尊尋就嵌嵐崴嵇巽幅帽幀幃幾廊廁廂廄弼彭復循徨惑惡悲悶惠愜愣惺愕惰惻惴慨惱愎惶愉愀愒戟扉掣掌描揀揩揉揆揍"],
+["b4a1","插揣提握揖揭揮捶援揪換摒揚揹敞敦敢散斑斐斯普晰晴晶景暑智晾晷曾替期朝棺棕棠棘棗椅棟棵森棧棹棒棲棣棋棍植椒椎棉棚楮棻款欺欽殘殖殼毯氮氯氬港游湔渡渲湧湊渠渥渣減湛湘渤湖湮渭渦湯渴湍渺測湃渝渾滋"],
+["b540","溉渙湎湣湄湲湩湟焙焚焦焰無然煮焜牌犄犀猶猥猴猩琺琪琳琢琥琵琶琴琯琛琦琨甥甦畫番痢痛痣痙痘痞痠登發皖皓皴盜睏短硝硬硯稍稈程稅稀窘"],
+["b5a1","窗窖童竣等策筆筐筒答筍筋筏筑粟粥絞結絨絕紫絮絲絡給絢絰絳善翔翕耋聒肅腕腔腋腑腎脹腆脾腌腓腴舒舜菩萃菸萍菠菅萋菁華菱菴著萊菰萌菌菽菲菊萸萎萄菜萇菔菟虛蛟蛙蛭蛔蛛蛤蛐蛞街裁裂袱覃視註詠評詞証詁"],
+["b640","詔詛詐詆訴診訶詖象貂貯貼貳貽賁費賀貴買貶貿貸越超趁跎距跋跚跑跌跛跆軻軸軼辜逮逵週逸進逶鄂郵鄉郾酣酥量鈔鈕鈣鈉鈞鈍鈐鈇鈑閔閏開閑"],
+["b6a1","間閒閎隊階隋陽隅隆隍陲隄雁雅雄集雇雯雲韌項順須飧飪飯飩飲飭馮馭黃黍黑亂傭債傲傳僅傾催傷傻傯僇剿剷剽募勦勤勢勣匯嗟嗨嗓嗦嗎嗜嗇嗑嗣嗤嗯嗚嗡嗅嗆嗥嗉園圓塞塑塘塗塚塔填塌塭塊塢塒塋奧嫁嫉嫌媾媽媼"],
+["b740","媳嫂媲嵩嵯幌幹廉廈弒彙徬微愚意慈感想愛惹愁愈慎慌慄慍愾愴愧愍愆愷戡戢搓搾搞搪搭搽搬搏搜搔損搶搖搗搆敬斟新暗暉暇暈暖暄暘暍會榔業"],
+["b7a1","楚楷楠楔極椰概楊楨楫楞楓楹榆楝楣楛歇歲毀殿毓毽溢溯滓溶滂源溝滇滅溥溘溼溺溫滑準溜滄滔溪溧溴煎煙煩煤煉照煜煬煦煌煥煞煆煨煖爺牒猷獅猿猾瑯瑚瑕瑟瑞瑁琿瑙瑛瑜當畸瘀痰瘁痲痱痺痿痴痳盞盟睛睫睦睞督"],
+["b840","睹睪睬睜睥睨睢矮碎碰碗碘碌碉硼碑碓硿祺祿禁萬禽稜稚稠稔稟稞窟窠筷節筠筮筧粱粳粵經絹綑綁綏絛置罩罪署義羨群聖聘肆肄腱腰腸腥腮腳腫"],
+["b8a1","腹腺腦舅艇蒂葷落萱葵葦葫葉葬葛萼萵葡董葩葭葆虞虜號蛹蜓蜈蜇蜀蛾蛻蜂蜃蜆蜊衙裟裔裙補裘裝裡裊裕裒覜解詫該詳試詩詰誇詼詣誠話誅詭詢詮詬詹詻訾詨豢貊貉賊資賈賄貲賃賂賅跡跟跨路跳跺跪跤跦躲較載軾輊"],
+["b940","辟農運遊道遂達逼違遐遇遏過遍遑逾遁鄒鄗酬酪酩釉鈷鉗鈸鈽鉀鈾鉛鉋鉤鉑鈴鉉鉍鉅鈹鈿鉚閘隘隔隕雍雋雉雊雷電雹零靖靴靶預頑頓頊頒頌飼飴"],
+["b9a1","飽飾馳馱馴髡鳩麂鼎鼓鼠僧僮僥僖僭僚僕像僑僱僎僩兢凳劃劂匱厭嗾嘀嘛嘗嗽嘔嘆嘉嘍嘎嗷嘖嘟嘈嘐嗶團圖塵塾境墓墊塹墅塽壽夥夢夤奪奩嫡嫦嫩嫗嫖嫘嫣孵寞寧寡寥實寨寢寤察對屢嶄嶇幛幣幕幗幔廓廖弊彆彰徹慇"],
+["ba40","愿態慷慢慣慟慚慘慵截撇摘摔撤摸摟摺摑摧搴摭摻敲斡旗旖暢暨暝榜榨榕槁榮槓構榛榷榻榫榴槐槍榭槌榦槃榣歉歌氳漳演滾漓滴漩漾漠漬漏漂漢"],
+["baa1","滿滯漆漱漸漲漣漕漫漯澈漪滬漁滲滌滷熔熙煽熊熄熒爾犒犖獄獐瑤瑣瑪瑰瑭甄疑瘧瘍瘋瘉瘓盡監瞄睽睿睡磁碟碧碳碩碣禎福禍種稱窪窩竭端管箕箋筵算箝箔箏箸箇箄粹粽精綻綰綜綽綾綠緊綴網綱綺綢綿綵綸維緒緇綬"],
+["bb40","罰翠翡翟聞聚肇腐膀膏膈膊腿膂臧臺與舔舞艋蓉蒿蓆蓄蒙蒞蒲蒜蓋蒸蓀蓓蒐蒼蓑蓊蜿蜜蜻蜢蜥蜴蜘蝕蜷蜩裳褂裴裹裸製裨褚裯誦誌語誣認誡誓誤"],
+["bba1","說誥誨誘誑誚誧豪貍貌賓賑賒赫趙趕跼輔輒輕輓辣遠遘遜遣遙遞遢遝遛鄙鄘鄞酵酸酷酴鉸銀銅銘銖鉻銓銜銨鉼銑閡閨閩閣閥閤隙障際雌雒需靼鞅韶頗領颯颱餃餅餌餉駁骯骰髦魁魂鳴鳶鳳麼鼻齊億儀僻僵價儂儈儉儅凜"],
+["bc40","劇劈劉劍劊勰厲嘮嘻嘹嘲嘿嘴嘩噓噎噗噴嘶嘯嘰墀墟增墳墜墮墩墦奭嬉嫻嬋嫵嬌嬈寮寬審寫層履嶝嶔幢幟幡廢廚廟廝廣廠彈影德徵慶慧慮慝慕憂"],
+["bca1","慼慰慫慾憧憐憫憎憬憚憤憔憮戮摩摯摹撞撲撈撐撰撥撓撕撩撒撮播撫撚撬撙撢撳敵敷數暮暫暴暱樣樟槨樁樞標槽模樓樊槳樂樅槭樑歐歎殤毅毆漿潼澄潑潦潔澆潭潛潸潮澎潺潰潤澗潘滕潯潠潟熟熬熱熨牖犛獎獗瑩璋璃"],
+["bd40","瑾璀畿瘠瘩瘟瘤瘦瘡瘢皚皺盤瞎瞇瞌瞑瞋磋磅確磊碾磕碼磐稿稼穀稽稷稻窯窮箭箱範箴篆篇篁箠篌糊締練緯緻緘緬緝編緣線緞緩綞緙緲緹罵罷羯"],
+["bda1","翩耦膛膜膝膠膚膘蔗蔽蔚蓮蔬蔭蔓蔑蔣蔡蔔蓬蔥蓿蔆螂蝴蝶蝠蝦蝸蝨蝙蝗蝌蝓衛衝褐複褒褓褕褊誼諒談諄誕請諸課諉諂調誰論諍誶誹諛豌豎豬賠賞賦賤賬賭賢賣賜質賡赭趟趣踫踐踝踢踏踩踟踡踞躺輝輛輟輩輦輪輜輞"],
+["be40","輥適遮遨遭遷鄰鄭鄧鄱醇醉醋醃鋅銻銷鋪銬鋤鋁銳銼鋒鋇鋰銲閭閱霄霆震霉靠鞍鞋鞏頡頫頜颳養餓餒餘駝駐駟駛駑駕駒駙骷髮髯鬧魅魄魷魯鴆鴉"],
+["bea1","鴃麩麾黎墨齒儒儘儔儐儕冀冪凝劑劓勳噙噫噹噩噤噸噪器噥噱噯噬噢噶壁墾壇壅奮嬝嬴學寰導彊憲憑憩憊懍憶憾懊懈戰擅擁擋撻撼據擄擇擂操撿擒擔撾整曆曉暹曄曇暸樽樸樺橙橫橘樹橄橢橡橋橇樵機橈歙歷氅濂澱澡"],
+["bf40","濃澤濁澧澳激澹澶澦澠澴熾燉燐燒燈燕熹燎燙燜燃燄獨璜璣璘璟璞瓢甌甍瘴瘸瘺盧盥瞠瞞瞟瞥磨磚磬磧禦積穎穆穌穋窺篙簑築篤篛篡篩篦糕糖縊"],
+["bfa1","縑縈縛縣縞縝縉縐罹羲翰翱翮耨膳膩膨臻興艘艙蕊蕙蕈蕨蕩蕃蕉蕭蕪蕞螃螟螞螢融衡褪褲褥褫褡親覦諦諺諫諱謀諜諧諮諾謁謂諷諭諳諶諼豫豭貓賴蹄踱踴蹂踹踵輻輯輸輳辨辦遵遴選遲遼遺鄴醒錠錶鋸錳錯錢鋼錫錄錚"],
+["c040","錐錦錡錕錮錙閻隧隨險雕霎霑霖霍霓霏靛靜靦鞘頰頸頻頷頭頹頤餐館餞餛餡餚駭駢駱骸骼髻髭鬨鮑鴕鴣鴦鴨鴒鴛默黔龍龜優償儡儲勵嚎嚀嚐嚅嚇"],
+["c0a1","嚏壕壓壑壎嬰嬪嬤孺尷屨嶼嶺嶽嶸幫彌徽應懂懇懦懋戲戴擎擊擘擠擰擦擬擱擢擭斂斃曙曖檀檔檄檢檜櫛檣橾檗檐檠歜殮毚氈濘濱濟濠濛濤濫濯澀濬濡濩濕濮濰燧營燮燦燥燭燬燴燠爵牆獰獲璩環璦璨癆療癌盪瞳瞪瞰瞬"],
+["c140","瞧瞭矯磷磺磴磯礁禧禪穗窿簇簍篾篷簌篠糠糜糞糢糟糙糝縮績繆縷縲繃縫總縱繅繁縴縹繈縵縿縯罄翳翼聱聲聰聯聳臆臃膺臂臀膿膽臉膾臨舉艱薪"],
+["c1a1","薄蕾薜薑薔薯薛薇薨薊虧蟀蟑螳蟒蟆螫螻螺蟈蟋褻褶襄褸褽覬謎謗謙講謊謠謝謄謐豁谿豳賺賽購賸賻趨蹉蹋蹈蹊轄輾轂轅輿避遽還邁邂邀鄹醣醞醜鍍鎂錨鍵鍊鍥鍋錘鍾鍬鍛鍰鍚鍔闊闋闌闈闆隱隸雖霜霞鞠韓顆颶餵騁"],
+["c240","駿鮮鮫鮪鮭鴻鴿麋黏點黜黝黛鼾齋叢嚕嚮壙壘嬸彝懣戳擴擲擾攆擺擻擷斷曜朦檳檬櫃檻檸櫂檮檯歟歸殯瀉瀋濾瀆濺瀑瀏燻燼燾燸獷獵璧璿甕癖癘"],
+["c2a1","癒瞽瞿瞻瞼礎禮穡穢穠竄竅簫簧簪簞簣簡糧織繕繞繚繡繒繙罈翹翻職聶臍臏舊藏薩藍藐藉薰薺薹薦蟯蟬蟲蟠覆覲觴謨謹謬謫豐贅蹙蹣蹦蹤蹟蹕軀轉轍邇邃邈醫醬釐鎔鎊鎖鎢鎳鎮鎬鎰鎘鎚鎗闔闖闐闕離雜雙雛雞霤鞣鞦"],
+["c340","鞭韹額顏題顎顓颺餾餿餽餮馥騎髁鬃鬆魏魎魍鯊鯉鯽鯈鯀鵑鵝鵠黠鼕鼬儳嚥壞壟壢寵龐廬懲懷懶懵攀攏曠曝櫥櫝櫚櫓瀛瀟瀨瀚瀝瀕瀘爆爍牘犢獸"],
+["c3a1","獺璽瓊瓣疇疆癟癡矇礙禱穫穩簾簿簸簽簷籀繫繭繹繩繪羅繳羶羹羸臘藩藝藪藕藤藥藷蟻蠅蠍蟹蟾襠襟襖襞譁譜識證譚譎譏譆譙贈贊蹼蹲躇蹶蹬蹺蹴轔轎辭邊邋醱醮鏡鏑鏟鏃鏈鏜鏝鏖鏢鏍鏘鏤鏗鏨關隴難霪霧靡韜韻類"],
+["c440","願顛颼饅饉騖騙鬍鯨鯧鯖鯛鶉鵡鵲鵪鵬麒麗麓麴勸嚨嚷嚶嚴嚼壤孀孃孽寶巉懸懺攘攔攙曦朧櫬瀾瀰瀲爐獻瓏癢癥礦礪礬礫竇競籌籃籍糯糰辮繽繼"],
+["c4a1","纂罌耀臚艦藻藹蘑藺蘆蘋蘇蘊蠔蠕襤覺觸議譬警譯譟譫贏贍躉躁躅躂醴釋鐘鐃鏽闡霰飄饒饑馨騫騰騷騵鰓鰍鹹麵黨鼯齟齣齡儷儸囁囀囂夔屬巍懼懾攝攜斕曩櫻欄櫺殲灌爛犧瓖瓔癩矓籐纏續羼蘗蘭蘚蠣蠢蠡蠟襪襬覽譴"],
+["c540","護譽贓躊躍躋轟辯醺鐮鐳鐵鐺鐸鐲鐫闢霸霹露響顧顥饗驅驃驀騾髏魔魑鰭鰥鶯鶴鷂鶸麝黯鼙齜齦齧儼儻囈囊囉孿巔巒彎懿攤權歡灑灘玀瓤疊癮癬"],
+["c5a1","禳籠籟聾聽臟襲襯觼讀贖贗躑躓轡酈鑄鑑鑒霽霾韃韁顫饕驕驍髒鬚鱉鰱鰾鰻鷓鷗鼴齬齪龔囌巖戀攣攫攪曬欐瓚竊籤籣籥纓纖纔臢蘸蘿蠱變邐邏鑣鑠鑤靨顯饜驚驛驗髓體髑鱔鱗鱖鷥麟黴囑壩攬灞癱癲矗罐羈蠶蠹衢讓讒"],
+["c640","讖艷贛釀鑪靂靈靄韆顰驟鬢魘鱟鷹鷺鹼鹽鼇齷齲廳欖灣籬籮蠻觀躡釁鑲鑰顱饞髖鬣黌灤矚讚鑷韉驢驥纜讜躪釅鑽鑾鑼鱷鱸黷豔鑿鸚爨驪鬱鸛鸞籲"],
+["c940","乂乜凵匚厂万丌乇亍囗兀屮彳丏冇与丮亓仂仉仈冘勼卬厹圠夃夬尐巿旡殳毌气爿丱丼仨仜仩仡仝仚刌匜卌圢圣夗夯宁宄尒尻屴屳帄庀庂忉戉扐氕"],
+["c9a1","氶汃氿氻犮犰玊禸肊阞伎优伬仵伔仱伀价伈伝伂伅伢伓伄仴伒冱刓刉刐劦匢匟卍厊吇囡囟圮圪圴夼妀奼妅奻奾奷奿孖尕尥屼屺屻屾巟幵庄异弚彴忕忔忏扜扞扤扡扦扢扙扠扚扥旯旮朾朹朸朻机朿朼朳氘汆汒汜汏汊汔汋"],
+["ca40","汌灱牞犴犵玎甪癿穵网艸艼芀艽艿虍襾邙邗邘邛邔阢阤阠阣佖伻佢佉体佤伾佧佒佟佁佘伭伳伿佡冏冹刜刞刡劭劮匉卣卲厎厏吰吷吪呔呅吙吜吥吘"],
+["caa1","吽呏呁吨吤呇囮囧囥坁坅坌坉坋坒夆奀妦妘妠妗妎妢妐妏妧妡宎宒尨尪岍岏岈岋岉岒岊岆岓岕巠帊帎庋庉庌庈庍弅弝彸彶忒忑忐忭忨忮忳忡忤忣忺忯忷忻怀忴戺抃抌抎抏抔抇扱扻扺扰抁抈扷扽扲扴攷旰旴旳旲旵杅杇"],
+["cb40","杙杕杌杈杝杍杚杋毐氙氚汸汧汫沄沋沏汱汯汩沚汭沇沕沜汦汳汥汻沎灴灺牣犿犽狃狆狁犺狅玕玗玓玔玒町甹疔疕皁礽耴肕肙肐肒肜芐芏芅芎芑芓"],
+["cba1","芊芃芄豸迉辿邟邡邥邞邧邠阰阨阯阭丳侘佼侅佽侀侇佶佴侉侄佷佌侗佪侚佹侁佸侐侜侔侞侒侂侕佫佮冞冼冾刵刲刳剆刱劼匊匋匼厒厔咇呿咁咑咂咈呫呺呾呥呬呴呦咍呯呡呠咘呣呧呤囷囹坯坲坭坫坱坰坶垀坵坻坳坴坢"],
+["cc40","坨坽夌奅妵妺姏姎妲姌姁妶妼姃姖妱妽姀姈妴姇孢孥宓宕屄屇岮岤岠岵岯岨岬岟岣岭岢岪岧岝岥岶岰岦帗帔帙弨弢弣弤彔徂彾彽忞忥怭怦怙怲怋"],
+["cca1","怴怊怗怳怚怞怬怢怍怐怮怓怑怌怉怜戔戽抭抴拑抾抪抶拊抮抳抯抻抩抰抸攽斨斻昉旼昄昒昈旻昃昋昍昅旽昑昐曶朊枅杬枎枒杶杻枘枆构杴枍枌杺枟枑枙枃杽极杸杹枔欥殀歾毞氝沓泬泫泮泙沶泔沭泧沷泐泂沺泃泆泭泲"],
+["cd40","泒泝沴沊沝沀泞泀洰泍泇沰泹泏泩泑炔炘炅炓炆炄炑炖炂炚炃牪狖狋狘狉狜狒狔狚狌狑玤玡玭玦玢玠玬玝瓝瓨甿畀甾疌疘皯盳盱盰盵矸矼矹矻矺"],
+["cda1","矷祂礿秅穸穻竻籵糽耵肏肮肣肸肵肭舠芠苀芫芚芘芛芵芧芮芼芞芺芴芨芡芩苂芤苃芶芢虰虯虭虮豖迒迋迓迍迖迕迗邲邴邯邳邰阹阽阼阺陃俍俅俓侲俉俋俁俔俜俙侻侳俛俇俖侺俀侹俬剄剉勀勂匽卼厗厖厙厘咺咡咭咥哏"],
+["ce40","哃茍咷咮哖咶哅哆咠呰咼咢咾呲哞咰垵垞垟垤垌垗垝垛垔垘垏垙垥垚垕壴复奓姡姞姮娀姱姝姺姽姼姶姤姲姷姛姩姳姵姠姾姴姭宨屌峐峘峌峗峋峛"],
+["cea1","峞峚峉峇峊峖峓峔峏峈峆峎峟峸巹帡帢帣帠帤庰庤庢庛庣庥弇弮彖徆怷怹恔恲恞恅恓恇恉恛恌恀恂恟怤恄恘恦恮扂扃拏挍挋拵挎挃拫拹挏挌拸拶挀挓挔拺挕拻拰敁敃斪斿昶昡昲昵昜昦昢昳昫昺昝昴昹昮朏朐柁柲柈枺"],
+["cf40","柜枻柸柘柀枷柅柫柤柟枵柍枳柷柶柮柣柂枹柎柧柰枲柼柆柭柌枮柦柛柺柉柊柃柪柋欨殂殄殶毖毘毠氠氡洨洴洭洟洼洿洒洊泚洳洄洙洺洚洑洀洝浂"],
+["cfa1","洁洘洷洃洏浀洇洠洬洈洢洉洐炷炟炾炱炰炡炴炵炩牁牉牊牬牰牳牮狊狤狨狫狟狪狦狣玅珌珂珈珅玹玶玵玴珫玿珇玾珃珆玸珋瓬瓮甮畇畈疧疪癹盄眈眃眄眅眊盷盻盺矧矨砆砑砒砅砐砏砎砉砃砓祊祌祋祅祄秕种秏秖秎窀"],
+["d040","穾竑笀笁籺籸籹籿粀粁紃紈紁罘羑羍羾耇耎耏耔耷胘胇胠胑胈胂胐胅胣胙胜胊胕胉胏胗胦胍臿舡芔苙苾苹茇苨茀苕茺苫苖苴苬苡苲苵茌苻苶苰苪"],
+["d0a1","苤苠苺苳苭虷虴虼虳衁衎衧衪衩觓訄訇赲迣迡迮迠郱邽邿郕郅邾郇郋郈釔釓陔陏陑陓陊陎倞倅倇倓倢倰倛俵俴倳倷倬俶俷倗倜倠倧倵倯倱倎党冔冓凊凄凅凈凎剡剚剒剞剟剕剢勍匎厞唦哢唗唒哧哳哤唚哿唄唈哫唑唅哱"],
+["d140","唊哻哷哸哠唎唃唋圁圂埌堲埕埒垺埆垽垼垸垶垿埇埐垹埁夎奊娙娖娭娮娕娏娗娊娞娳孬宧宭宬尃屖屔峬峿峮峱峷崀峹帩帨庨庮庪庬弳弰彧恝恚恧"],
+["d1a1","恁悢悈悀悒悁悝悃悕悛悗悇悜悎戙扆拲挐捖挬捄捅挶捃揤挹捋捊挼挩捁挴捘捔捙挭捇挳捚捑挸捗捀捈敊敆旆旃旄旂晊晟晇晑朒朓栟栚桉栲栳栻桋桏栖栱栜栵栫栭栯桎桄栴栝栒栔栦栨栮桍栺栥栠欬欯欭欱欴歭肂殈毦毤"],
+["d240","毨毣毢毧氥浺浣浤浶洍浡涒浘浢浭浯涑涍淯浿涆浞浧浠涗浰浼浟涂涘洯浨涋浾涀涄洖涃浻浽浵涐烜烓烑烝烋缹烢烗烒烞烠烔烍烅烆烇烚烎烡牂牸"],
+["d2a1","牷牶猀狺狴狾狶狳狻猁珓珙珥珖玼珧珣珩珜珒珛珔珝珚珗珘珨瓞瓟瓴瓵甡畛畟疰痁疻痄痀疿疶疺皊盉眝眛眐眓眒眣眑眕眙眚眢眧砣砬砢砵砯砨砮砫砡砩砳砪砱祔祛祏祜祓祒祑秫秬秠秮秭秪秜秞秝窆窉窅窋窌窊窇竘笐"],
+["d340","笄笓笅笏笈笊笎笉笒粄粑粊粌粈粍粅紞紝紑紎紘紖紓紟紒紏紌罜罡罞罠罝罛羖羒翃翂翀耖耾耹胺胲胹胵脁胻脀舁舯舥茳茭荄茙荑茥荖茿荁茦茜茢"],
+["d3a1","荂荎茛茪茈茼荍茖茤茠茷茯茩荇荅荌荓茞茬荋茧荈虓虒蚢蚨蚖蚍蚑蚞蚇蚗蚆蚋蚚蚅蚥蚙蚡蚧蚕蚘蚎蚝蚐蚔衃衄衭衵衶衲袀衱衿衯袃衾衴衼訒豇豗豻貤貣赶赸趵趷趶軑軓迾迵适迿迻逄迼迶郖郠郙郚郣郟郥郘郛郗郜郤酐"],
+["d440","酎酏釕釢釚陜陟隼飣髟鬯乿偰偪偡偞偠偓偋偝偲偈偍偁偛偊偢倕偅偟偩偫偣偤偆偀偮偳偗偑凐剫剭剬剮勖勓匭厜啵啶唼啍啐唴唪啑啢唶唵唰啒啅"],
+["d4a1","唌唲啥啎唹啈唭唻啀啋圊圇埻堔埢埶埜埴堀埭埽堈埸堋埳埏堇埮埣埲埥埬埡堎埼堐埧堁堌埱埩埰堍堄奜婠婘婕婧婞娸娵婭婐婟婥婬婓婤婗婃婝婒婄婛婈媎娾婍娹婌婰婩婇婑婖婂婜孲孮寁寀屙崞崋崝崚崠崌崨崍崦崥崏"],
+["d540","崰崒崣崟崮帾帴庱庴庹庲庳弶弸徛徖徟悊悐悆悾悰悺惓惔惏惤惙惝惈悱惛悷惊悿惃惍惀挲捥掊掂捽掽掞掭掝掗掫掎捯掇掐据掯捵掜捭掮捼掤挻掟"],
+["d5a1","捸掅掁掑掍捰敓旍晥晡晛晙晜晢朘桹梇梐梜桭桮梮梫楖桯梣梬梩桵桴梲梏桷梒桼桫桲梪梀桱桾梛梖梋梠梉梤桸桻梑梌梊桽欶欳欷欸殑殏殍殎殌氪淀涫涴涳湴涬淩淢涷淶淔渀淈淠淟淖涾淥淜淝淛淴淊涽淭淰涺淕淂淏淉"],
+["d640","淐淲淓淽淗淍淣涻烺焍烷焗烴焌烰焄烳焐烼烿焆焓焀烸烶焋焂焎牾牻牼牿猝猗猇猑猘猊猈狿猏猞玈珶珸珵琄琁珽琇琀珺珼珿琌琋珴琈畤畣痎痒痏"],
+["d6a1","痋痌痑痐皏皉盓眹眯眭眱眲眴眳眽眥眻眵硈硒硉硍硊硌砦硅硐祤祧祩祪祣祫祡离秺秸秶秷窏窔窐笵筇笴笥笰笢笤笳笘笪笝笱笫笭笯笲笸笚笣粔粘粖粣紵紽紸紶紺絅紬紩絁絇紾紿絊紻紨罣羕羜羝羛翊翋翍翐翑翇翏翉耟"],
+["d740","耞耛聇聃聈脘脥脙脛脭脟脬脞脡脕脧脝脢舑舸舳舺舴舲艴莐莣莨莍荺荳莤荴莏莁莕莙荵莔莩荽莃莌莝莛莪莋荾莥莯莈莗莰荿莦莇莮荶莚虙虖蚿蚷"],
+["d7a1","蛂蛁蛅蚺蚰蛈蚹蚳蚸蛌蚴蚻蚼蛃蚽蚾衒袉袕袨袢袪袚袑袡袟袘袧袙袛袗袤袬袌袓袎覂觖觙觕訰訧訬訞谹谻豜豝豽貥赽赻赹趼跂趹趿跁軘軞軝軜軗軠軡逤逋逑逜逌逡郯郪郰郴郲郳郔郫郬郩酖酘酚酓酕釬釴釱釳釸釤釹釪"],
+["d840","釫釷釨釮镺閆閈陼陭陫陱陯隿靪頄飥馗傛傕傔傞傋傣傃傌傎傝偨傜傒傂傇兟凔匒匑厤厧喑喨喥喭啷噅喢喓喈喏喵喁喣喒喤啽喌喦啿喕喡喎圌堩堷"],
+["d8a1","堙堞堧堣堨埵塈堥堜堛堳堿堶堮堹堸堭堬堻奡媯媔媟婺媢媞婸媦婼媥媬媕媮娷媄媊媗媃媋媩婻婽媌媜媏媓媝寪寍寋寔寑寊寎尌尰崷嵃嵫嵁嵋崿崵嵑嵎嵕崳崺嵒崽崱嵙嵂崹嵉崸崼崲崶嵀嵅幄幁彘徦徥徫惉悹惌惢惎惄愔"],
+["d940","惲愊愖愅惵愓惸惼惾惁愃愘愝愐惿愄愋扊掔掱掰揎揥揨揯揃撝揳揊揠揶揕揲揵摡揟掾揝揜揄揘揓揂揇揌揋揈揰揗揙攲敧敪敤敜敨敥斌斝斞斮旐旒"],
+["d9a1","晼晬晻暀晱晹晪晲朁椌棓椄棜椪棬棪棱椏棖棷棫棤棶椓椐棳棡椇棌椈楰梴椑棯棆椔棸棐棽棼棨椋椊椗棎棈棝棞棦棴棑椆棔棩椕椥棇欹欻欿欼殔殗殙殕殽毰毲毳氰淼湆湇渟湉溈渼渽湅湢渫渿湁湝湳渜渳湋湀湑渻渃渮湞"],
+["da40","湨湜湡渱渨湠湱湫渹渢渰湓湥渧湸湤湷湕湹湒湦渵渶湚焠焞焯烻焮焱焣焥焢焲焟焨焺焛牋牚犈犉犆犅犋猒猋猰猢猱猳猧猲猭猦猣猵猌琮琬琰琫琖"],
+["daa1","琚琡琭琱琤琣琝琩琠琲瓻甯畯畬痧痚痡痦痝痟痤痗皕皒盚睆睇睄睍睅睊睎睋睌矞矬硠硤硥硜硭硱硪确硰硩硨硞硢祴祳祲祰稂稊稃稌稄窙竦竤筊笻筄筈筌筎筀筘筅粢粞粨粡絘絯絣絓絖絧絪絏絭絜絫絒絔絩絑絟絎缾缿罥"],
+["db40","罦羢羠羡翗聑聏聐胾胔腃腊腒腏腇脽腍脺臦臮臷臸臹舄舼舽舿艵茻菏菹萣菀菨萒菧菤菼菶萐菆菈菫菣莿萁菝菥菘菿菡菋菎菖菵菉萉萏菞萑萆菂菳"],
+["dba1","菕菺菇菑菪萓菃菬菮菄菻菗菢萛菛菾蛘蛢蛦蛓蛣蛚蛪蛝蛫蛜蛬蛩蛗蛨蛑衈衖衕袺裗袹袸裀袾袶袼袷袽袲褁裉覕覘覗觝觚觛詎詍訹詙詀詗詘詄詅詒詈詑詊詌詏豟貁貀貺貾貰貹貵趄趀趉跘跓跍跇跖跜跏跕跙跈跗跅軯軷軺"],
+["dc40","軹軦軮軥軵軧軨軶軫軱軬軴軩逭逴逯鄆鄬鄄郿郼鄈郹郻鄁鄀鄇鄅鄃酡酤酟酢酠鈁鈊鈥鈃鈚鈦鈏鈌鈀鈒釿釽鈆鈄鈧鈂鈜鈤鈙鈗鈅鈖镻閍閌閐隇陾隈"],
+["dca1","隉隃隀雂雈雃雱雰靬靰靮頇颩飫鳦黹亃亄亶傽傿僆傮僄僊傴僈僂傰僁傺傱僋僉傶傸凗剺剸剻剼嗃嗛嗌嗐嗋嗊嗝嗀嗔嗄嗩喿嗒喍嗏嗕嗢嗖嗈嗲嗍嗙嗂圔塓塨塤塏塍塉塯塕塎塝塙塥塛堽塣塱壼嫇嫄嫋媺媸媱媵媰媿嫈媻嫆"],
+["dd40","媷嫀嫊媴媶嫍媹媐寖寘寙尟尳嵱嵣嵊嵥嵲嵬嵞嵨嵧嵢巰幏幎幊幍幋廅廌廆廋廇彀徯徭惷慉慊愫慅愶愲愮慆愯慏愩慀戠酨戣戥戤揅揱揫搐搒搉搠搤"],
+["dda1","搳摃搟搕搘搹搷搢搣搌搦搰搨摁搵搯搊搚摀搥搧搋揧搛搮搡搎敯斒旓暆暌暕暐暋暊暙暔晸朠楦楟椸楎楢楱椿楅楪椹楂楗楙楺楈楉椵楬椳椽楥棰楸椴楩楀楯楄楶楘楁楴楌椻楋椷楜楏楑椲楒椯楻椼歆歅歃歂歈歁殛嗀毻毼"],
+["de40","毹毷毸溛滖滈溏滀溟溓溔溠溱溹滆滒溽滁溞滉溷溰滍溦滏溲溾滃滜滘溙溒溎溍溤溡溿溳滐滊溗溮溣煇煔煒煣煠煁煝煢煲煸煪煡煂煘煃煋煰煟煐煓"],
+["dea1","煄煍煚牏犍犌犑犐犎猼獂猻猺獀獊獉瑄瑊瑋瑒瑑瑗瑀瑏瑐瑎瑂瑆瑍瑔瓡瓿瓾瓽甝畹畷榃痯瘏瘃痷痾痼痹痸瘐痻痶痭痵痽皙皵盝睕睟睠睒睖睚睩睧睔睙睭矠碇碚碔碏碄碕碅碆碡碃硹碙碀碖硻祼禂祽祹稑稘稙稒稗稕稢稓"],
+["df40","稛稐窣窢窞竫筦筤筭筴筩筲筥筳筱筰筡筸筶筣粲粴粯綈綆綀綍絿綅絺綎絻綃絼綌綔綄絽綒罭罫罧罨罬羦羥羧翛翜耡腤腠腷腜腩腛腢腲朡腞腶腧腯"],
+["dfa1","腄腡舝艉艄艀艂艅蓱萿葖葶葹蒏蒍葥葑葀蒆葧萰葍葽葚葙葴葳葝蔇葞萷萺萴葺葃葸萲葅萩菙葋萯葂萭葟葰萹葎葌葒葯蓅蒎萻葇萶萳葨葾葄萫葠葔葮葐蜋蜄蛷蜌蛺蛖蛵蝍蛸蜎蜉蜁蛶蜍蜅裖裋裍裎裞裛裚裌裐覅覛觟觥觤"],
+["e040","觡觠觢觜触詶誆詿詡訿詷誂誄詵誃誁詴詺谼豋豊豥豤豦貆貄貅賌赨赩趑趌趎趏趍趓趔趐趒跰跠跬跱跮跐跩跣跢跧跲跫跴輆軿輁輀輅輇輈輂輋遒逿"],
+["e0a1","遄遉逽鄐鄍鄏鄑鄖鄔鄋鄎酮酯鉈鉒鈰鈺鉦鈳鉥鉞銃鈮鉊鉆鉭鉬鉏鉠鉧鉯鈶鉡鉰鈱鉔鉣鉐鉲鉎鉓鉌鉖鈲閟閜閞閛隒隓隑隗雎雺雽雸雵靳靷靸靲頏頍頎颬飶飹馯馲馰馵骭骫魛鳪鳭鳧麀黽僦僔僗僨僳僛僪僝僤僓僬僰僯僣僠"],
+["e140","凘劀劁勩勫匰厬嘧嘕嘌嘒嗼嘏嘜嘁嘓嘂嗺嘝嘄嗿嗹墉塼墐墘墆墁塿塴墋塺墇墑墎塶墂墈塻墔墏壾奫嫜嫮嫥嫕嫪嫚嫭嫫嫳嫢嫠嫛嫬嫞嫝嫙嫨嫟孷寠"],
+["e1a1","寣屣嶂嶀嵽嶆嵺嶁嵷嶊嶉嶈嵾嵼嶍嵹嵿幘幙幓廘廑廗廎廜廕廙廒廔彄彃彯徶愬愨慁慞慱慳慒慓慲慬憀慴慔慺慛慥愻慪慡慖戩戧戫搫摍摛摝摴摶摲摳摽摵摦撦摎撂摞摜摋摓摠摐摿搿摬摫摙摥摷敳斠暡暠暟朅朄朢榱榶槉"],
+["e240","榠槎榖榰榬榼榑榙榎榧榍榩榾榯榿槄榽榤槔榹槊榚槏榳榓榪榡榞槙榗榐槂榵榥槆歊歍歋殞殟殠毃毄毾滎滵滱漃漥滸漷滻漮漉潎漙漚漧漘漻漒滭漊"],
+["e2a1","漶潳滹滮漭潀漰漼漵滫漇漎潃漅滽滶漹漜滼漺漟漍漞漈漡熇熐熉熀熅熂熏煻熆熁熗牄牓犗犕犓獃獍獑獌瑢瑳瑱瑵瑲瑧瑮甀甂甃畽疐瘖瘈瘌瘕瘑瘊瘔皸瞁睼瞅瞂睮瞀睯睾瞃碲碪碴碭碨硾碫碞碥碠碬碢碤禘禊禋禖禕禔禓"],
+["e340","禗禈禒禐稫穊稰稯稨稦窨窫窬竮箈箜箊箑箐箖箍箌箛箎箅箘劄箙箤箂粻粿粼粺綧綷緂綣綪緁緀緅綝緎緄緆緋緌綯綹綖綼綟綦綮綩綡緉罳翢翣翥翞"],
+["e3a1","耤聝聜膉膆膃膇膍膌膋舕蒗蒤蒡蒟蒺蓎蓂蒬蒮蒫蒹蒴蓁蓍蒪蒚蒱蓐蒝蒧蒻蒢蒔蓇蓌蒛蒩蒯蒨蓖蒘蒶蓏蒠蓗蓔蓒蓛蒰蒑虡蜳蜣蜨蝫蝀蜮蜞蜡蜙蜛蝃蜬蝁蜾蝆蜠蜲蜪蜭蜼蜒蜺蜱蜵蝂蜦蜧蜸蜤蜚蜰蜑裷裧裱裲裺裾裮裼裶裻"],
+["e440","裰裬裫覝覡覟覞觩觫觨誫誙誋誒誏誖谽豨豩賕賏賗趖踉踂跿踍跽踊踃踇踆踅跾踀踄輐輑輎輍鄣鄜鄠鄢鄟鄝鄚鄤鄡鄛酺酲酹酳銥銤鉶銛鉺銠銔銪銍"],
+["e4a1","銦銚銫鉹銗鉿銣鋮銎銂銕銢鉽銈銡銊銆銌銙銧鉾銇銩銝銋鈭隞隡雿靘靽靺靾鞃鞀鞂靻鞄鞁靿韎韍頖颭颮餂餀餇馝馜駃馹馻馺駂馽駇骱髣髧鬾鬿魠魡魟鳱鳲鳵麧僿儃儰僸儆儇僶僾儋儌僽儊劋劌勱勯噈噂噌嘵噁噊噉噆噘"],
+["e540","噚噀嘳嘽嘬嘾嘸嘪嘺圚墫墝墱墠墣墯墬墥墡壿嫿嫴嫽嫷嫶嬃嫸嬂嫹嬁嬇嬅嬏屧嶙嶗嶟嶒嶢嶓嶕嶠嶜嶡嶚嶞幩幝幠幜緳廛廞廡彉徲憋憃慹憱憰憢憉"],
+["e5a1","憛憓憯憭憟憒憪憡憍慦憳戭摮摰撖撠撅撗撜撏撋撊撌撣撟摨撱撘敶敺敹敻斲斳暵暰暩暲暷暪暯樀樆樗槥槸樕槱槤樠槿槬槢樛樝槾樧槲槮樔槷槧橀樈槦槻樍槼槫樉樄樘樥樏槶樦樇槴樖歑殥殣殢殦氁氀毿氂潁漦潾澇濆澒"],
+["e640","澍澉澌潢潏澅潚澖潶潬澂潕潲潒潐潗澔澓潝漀潡潫潽潧澐潓澋潩潿澕潣潷潪潻熲熯熛熰熠熚熩熵熝熥熞熤熡熪熜熧熳犘犚獘獒獞獟獠獝獛獡獚獙"],
+["e6a1","獢璇璉璊璆璁瑽璅璈瑼瑹甈甇畾瘥瘞瘙瘝瘜瘣瘚瘨瘛皜皝皞皛瞍瞏瞉瞈磍碻磏磌磑磎磔磈磃磄磉禚禡禠禜禢禛歶稹窲窴窳箷篋箾箬篎箯箹篊箵糅糈糌糋緷緛緪緧緗緡縃緺緦緶緱緰緮緟罶羬羰羭翭翫翪翬翦翨聤聧膣膟"],
+["e740","膞膕膢膙膗舖艏艓艒艐艎艑蔤蔻蔏蔀蔩蔎蔉蔍蔟蔊蔧蔜蓻蔫蓺蔈蔌蓴蔪蓲蔕蓷蓫蓳蓼蔒蓪蓩蔖蓾蔨蔝蔮蔂蓽蔞蓶蔱蔦蓧蓨蓰蓯蓹蔘蔠蔰蔋蔙蔯虢"],
+["e7a1","蝖蝣蝤蝷蟡蝳蝘蝔蝛蝒蝡蝚蝑蝞蝭蝪蝐蝎蝟蝝蝯蝬蝺蝮蝜蝥蝏蝻蝵蝢蝧蝩衚褅褌褔褋褗褘褙褆褖褑褎褉覢覤覣觭觰觬諏諆誸諓諑諔諕誻諗誾諀諅諘諃誺誽諙谾豍貏賥賟賙賨賚賝賧趠趜趡趛踠踣踥踤踮踕踛踖踑踙踦踧"],
+["e840","踔踒踘踓踜踗踚輬輤輘輚輠輣輖輗遳遰遯遧遫鄯鄫鄩鄪鄲鄦鄮醅醆醊醁醂醄醀鋐鋃鋄鋀鋙銶鋏鋱鋟鋘鋩鋗鋝鋌鋯鋂鋨鋊鋈鋎鋦鋍鋕鋉鋠鋞鋧鋑鋓"],
+["e8a1","銵鋡鋆銴镼閬閫閮閰隤隢雓霅霈霂靚鞊鞎鞈韐韏頞頝頦頩頨頠頛頧颲餈飺餑餔餖餗餕駜駍駏駓駔駎駉駖駘駋駗駌骳髬髫髳髲髱魆魃魧魴魱魦魶魵魰魨魤魬鳼鳺鳽鳿鳷鴇鴀鳹鳻鴈鴅鴄麃黓鼏鼐儜儓儗儚儑凞匴叡噰噠噮"],
+["e940","噳噦噣噭噲噞噷圜圛壈墽壉墿墺壂墼壆嬗嬙嬛嬡嬔嬓嬐嬖嬨嬚嬠嬞寯嶬嶱嶩嶧嶵嶰嶮嶪嶨嶲嶭嶯嶴幧幨幦幯廩廧廦廨廥彋徼憝憨憖懅憴懆懁懌憺"],
+["e9a1","憿憸憌擗擖擐擏擉撽撉擃擛擳擙攳敿敼斢曈暾曀曊曋曏暽暻暺曌朣樴橦橉橧樲橨樾橝橭橶橛橑樨橚樻樿橁橪橤橐橏橔橯橩橠樼橞橖橕橍橎橆歕歔歖殧殪殫毈毇氄氃氆澭濋澣濇澼濎濈潞濄澽澞濊澨瀄澥澮澺澬澪濏澿澸"],
+["ea40","澢濉澫濍澯澲澰燅燂熿熸燖燀燁燋燔燊燇燏熽燘熼燆燚燛犝犞獩獦獧獬獥獫獪瑿璚璠璔璒璕璡甋疀瘯瘭瘱瘽瘳瘼瘵瘲瘰皻盦瞚瞝瞡瞜瞛瞢瞣瞕瞙"],
+["eaa1","瞗磝磩磥磪磞磣磛磡磢磭磟磠禤穄穈穇窶窸窵窱窷篞篣篧篝篕篥篚篨篹篔篪篢篜篫篘篟糒糔糗糐糑縒縡縗縌縟縠縓縎縜縕縚縢縋縏縖縍縔縥縤罃罻罼罺羱翯耪耩聬膱膦膮膹膵膫膰膬膴膲膷膧臲艕艖艗蕖蕅蕫蕍蕓蕡蕘"],
+["eb40","蕀蕆蕤蕁蕢蕄蕑蕇蕣蔾蕛蕱蕎蕮蕵蕕蕧蕠薌蕦蕝蕔蕥蕬虣虥虤螛螏螗螓螒螈螁螖螘蝹螇螣螅螐螑螝螄螔螜螚螉褞褦褰褭褮褧褱褢褩褣褯褬褟觱諠"],
+["eba1","諢諲諴諵諝謔諤諟諰諈諞諡諨諿諯諻貑貒貐賵賮賱賰賳赬赮趥趧踳踾踸蹀蹅踶踼踽蹁踰踿躽輶輮輵輲輹輷輴遶遹遻邆郺鄳鄵鄶醓醐醑醍醏錧錞錈錟錆錏鍺錸錼錛錣錒錁鍆錭錎錍鋋錝鋺錥錓鋹鋷錴錂錤鋿錩錹錵錪錔錌"],
+["ec40","錋鋾錉錀鋻錖閼闍閾閹閺閶閿閵閽隩雔霋霒霐鞙鞗鞔韰韸頵頯頲餤餟餧餩馞駮駬駥駤駰駣駪駩駧骹骿骴骻髶髺髹髷鬳鮀鮅鮇魼魾魻鮂鮓鮒鮐魺鮕"],
+["eca1","魽鮈鴥鴗鴠鴞鴔鴩鴝鴘鴢鴐鴙鴟麈麆麇麮麭黕黖黺鼒鼽儦儥儢儤儠儩勴嚓嚌嚍嚆嚄嚃噾嚂噿嚁壖壔壏壒嬭嬥嬲嬣嬬嬧嬦嬯嬮孻寱寲嶷幬幪徾徻懃憵憼懧懠懥懤懨懞擯擩擣擫擤擨斁斀斶旚曒檍檖檁檥檉檟檛檡檞檇檓檎"],
+["ed40","檕檃檨檤檑橿檦檚檅檌檒歛殭氉濌澩濴濔濣濜濭濧濦濞濲濝濢濨燡燱燨燲燤燰燢獳獮獯璗璲璫璐璪璭璱璥璯甐甑甒甏疄癃癈癉癇皤盩瞵瞫瞲瞷瞶"],
+["eda1","瞴瞱瞨矰磳磽礂磻磼磲礅磹磾礄禫禨穜穛穖穘穔穚窾竀竁簅簏篲簀篿篻簎篴簋篳簂簉簃簁篸篽簆篰篱簐簊糨縭縼繂縳顈縸縪繉繀繇縩繌縰縻縶繄縺罅罿罾罽翴翲耬膻臄臌臊臅臇膼臩艛艚艜薃薀薏薧薕薠薋薣蕻薤薚薞"],
+["ee40","蕷蕼薉薡蕺蕸蕗薎薖薆薍薙薝薁薢薂薈薅蕹蕶薘薐薟虨螾螪螭蟅螰螬螹螵螼螮蟉蟃蟂蟌螷螯蟄蟊螴螶螿螸螽蟞螲褵褳褼褾襁襒褷襂覭覯覮觲觳謞"],
+["eea1","謘謖謑謅謋謢謏謒謕謇謍謈謆謜謓謚豏豰豲豱豯貕貔賹赯蹎蹍蹓蹐蹌蹇轃轀邅遾鄸醚醢醛醙醟醡醝醠鎡鎃鎯鍤鍖鍇鍼鍘鍜鍶鍉鍐鍑鍠鍭鎏鍌鍪鍹鍗鍕鍒鍏鍱鍷鍻鍡鍞鍣鍧鎀鍎鍙闇闀闉闃闅閷隮隰隬霠霟霘霝霙鞚鞡鞜"],
+["ef40","鞞鞝韕韔韱顁顄顊顉顅顃餥餫餬餪餳餲餯餭餱餰馘馣馡騂駺駴駷駹駸駶駻駽駾駼騃骾髾髽鬁髼魈鮚鮨鮞鮛鮦鮡鮥鮤鮆鮢鮠鮯鴳鵁鵧鴶鴮鴯鴱鴸鴰"],
+["efa1","鵅鵂鵃鴾鴷鵀鴽翵鴭麊麉麍麰黈黚黻黿鼤鼣鼢齔龠儱儭儮嚘嚜嚗嚚嚝嚙奰嬼屩屪巀幭幮懘懟懭懮懱懪懰懫懖懩擿攄擽擸攁攃擼斔旛曚曛曘櫅檹檽櫡櫆檺檶檷櫇檴檭歞毉氋瀇瀌瀍瀁瀅瀔瀎濿瀀濻瀦濼濷瀊爁燿燹爃燽獶"],
+["f040","璸瓀璵瓁璾璶璻瓂甔甓癜癤癙癐癓癗癚皦皽盬矂瞺磿礌礓礔礉礐礒礑禭禬穟簜簩簙簠簟簭簝簦簨簢簥簰繜繐繖繣繘繢繟繑繠繗繓羵羳翷翸聵臑臒"],
+["f0a1","臐艟艞薴藆藀藃藂薳薵薽藇藄薿藋藎藈藅薱薶藒蘤薸薷薾虩蟧蟦蟢蟛蟫蟪蟥蟟蟳蟤蟔蟜蟓蟭蟘蟣螤蟗蟙蠁蟴蟨蟝襓襋襏襌襆襐襑襉謪謧謣謳謰謵譇謯謼謾謱謥謷謦謶謮謤謻謽謺豂豵貙貘貗賾贄贂贀蹜蹢蹠蹗蹖蹞蹥蹧"],
+["f140","蹛蹚蹡蹝蹩蹔轆轇轈轋鄨鄺鄻鄾醨醥醧醯醪鎵鎌鎒鎷鎛鎝鎉鎧鎎鎪鎞鎦鎕鎈鎙鎟鎍鎱鎑鎲鎤鎨鎴鎣鎥闒闓闑隳雗雚巂雟雘雝霣霢霥鞬鞮鞨鞫鞤鞪"],
+["f1a1","鞢鞥韗韙韖韘韺顐顑顒颸饁餼餺騏騋騉騍騄騑騊騅騇騆髀髜鬈鬄鬅鬩鬵魊魌魋鯇鯆鯃鮿鯁鮵鮸鯓鮶鯄鮹鮽鵜鵓鵏鵊鵛鵋鵙鵖鵌鵗鵒鵔鵟鵘鵚麎麌黟鼁鼀鼖鼥鼫鼪鼩鼨齌齕儴儵劖勷厴嚫嚭嚦嚧嚪嚬壚壝壛夒嬽嬾嬿巃幰"],
+["f240","徿懻攇攐攍攉攌攎斄旞旝曞櫧櫠櫌櫑櫙櫋櫟櫜櫐櫫櫏櫍櫞歠殰氌瀙瀧瀠瀖瀫瀡瀢瀣瀩瀗瀤瀜瀪爌爊爇爂爅犥犦犤犣犡瓋瓅璷瓃甖癠矉矊矄矱礝礛"],
+["f2a1","礡礜礗礞禰穧穨簳簼簹簬簻糬糪繶繵繸繰繷繯繺繲繴繨罋罊羃羆羷翽翾聸臗臕艤艡艣藫藱藭藙藡藨藚藗藬藲藸藘藟藣藜藑藰藦藯藞藢蠀蟺蠃蟶蟷蠉蠌蠋蠆蟼蠈蟿蠊蠂襢襚襛襗襡襜襘襝襙覈覷覶觶譐譈譊譀譓譖譔譋譕"],
+["f340","譑譂譒譗豃豷豶貚贆贇贉趬趪趭趫蹭蹸蹳蹪蹯蹻軂轒轑轏轐轓辴酀鄿醰醭鏞鏇鏏鏂鏚鏐鏹鏬鏌鏙鎩鏦鏊鏔鏮鏣鏕鏄鏎鏀鏒鏧镽闚闛雡霩霫霬霨霦"],
+["f3a1","鞳鞷鞶韝韞韟顜顙顝顗颿颽颻颾饈饇饃馦馧騚騕騥騝騤騛騢騠騧騣騞騜騔髂鬋鬊鬎鬌鬷鯪鯫鯠鯞鯤鯦鯢鯰鯔鯗鯬鯜鯙鯥鯕鯡鯚鵷鶁鶊鶄鶈鵱鶀鵸鶆鶋鶌鵽鵫鵴鵵鵰鵩鶅鵳鵻鶂鵯鵹鵿鶇鵨麔麑黀黼鼭齀齁齍齖齗齘匷嚲"],
+["f440","嚵嚳壣孅巆巇廮廯忀忁懹攗攖攕攓旟曨曣曤櫳櫰櫪櫨櫹櫱櫮櫯瀼瀵瀯瀷瀴瀱灂瀸瀿瀺瀹灀瀻瀳灁爓爔犨獽獼璺皫皪皾盭矌矎矏矍矲礥礣礧礨礤礩"],
+["f4a1","禲穮穬穭竷籉籈籊籇籅糮繻繾纁纀羺翿聹臛臙舋艨艩蘢藿蘁藾蘛蘀藶蘄蘉蘅蘌藽蠙蠐蠑蠗蠓蠖襣襦覹觷譠譪譝譨譣譥譧譭趮躆躈躄轙轖轗轕轘轚邍酃酁醷醵醲醳鐋鐓鏻鐠鐏鐔鏾鐕鐐鐨鐙鐍鏵鐀鏷鐇鐎鐖鐒鏺鐉鏸鐊鏿"],
+["f540","鏼鐌鏶鐑鐆闞闠闟霮霯鞹鞻韽韾顠顢顣顟飁飂饐饎饙饌饋饓騲騴騱騬騪騶騩騮騸騭髇髊髆鬐鬒鬑鰋鰈鯷鰅鰒鯸鱀鰇鰎鰆鰗鰔鰉鶟鶙鶤鶝鶒鶘鶐鶛"],
+["f5a1","鶠鶔鶜鶪鶗鶡鶚鶢鶨鶞鶣鶿鶩鶖鶦鶧麙麛麚黥黤黧黦鼰鼮齛齠齞齝齙龑儺儹劘劗囃嚽嚾孈孇巋巏廱懽攛欂櫼欃櫸欀灃灄灊灈灉灅灆爝爚爙獾甗癪矐礭礱礯籔籓糲纊纇纈纋纆纍罍羻耰臝蘘蘪蘦蘟蘣蘜蘙蘧蘮蘡蘠蘩蘞蘥"],
+["f640","蠩蠝蠛蠠蠤蠜蠫衊襭襩襮襫觺譹譸譅譺譻贐贔趯躎躌轞轛轝酆酄酅醹鐿鐻鐶鐩鐽鐼鐰鐹鐪鐷鐬鑀鐱闥闤闣霵霺鞿韡顤飉飆飀饘饖騹騽驆驄驂驁騺"],
+["f6a1","騿髍鬕鬗鬘鬖鬺魒鰫鰝鰜鰬鰣鰨鰩鰤鰡鶷鶶鶼鷁鷇鷊鷏鶾鷅鷃鶻鶵鷎鶹鶺鶬鷈鶱鶭鷌鶳鷍鶲鹺麜黫黮黭鼛鼘鼚鼱齎齥齤龒亹囆囅囋奱孋孌巕巑廲攡攠攦攢欋欈欉氍灕灖灗灒爞爟犩獿瓘瓕瓙瓗癭皭礵禴穰穱籗籜籙籛籚"],
+["f740","糴糱纑罏羇臞艫蘴蘵蘳蘬蘲蘶蠬蠨蠦蠪蠥襱覿覾觻譾讄讂讆讅譿贕躕躔躚躒躐躖躗轠轢酇鑌鑐鑊鑋鑏鑇鑅鑈鑉鑆霿韣顪顩飋饔饛驎驓驔驌驏驈驊"],
+["f7a1","驉驒驐髐鬙鬫鬻魖魕鱆鱈鰿鱄鰹鰳鱁鰼鰷鰴鰲鰽鰶鷛鷒鷞鷚鷋鷐鷜鷑鷟鷩鷙鷘鷖鷵鷕鷝麶黰鼵鼳鼲齂齫龕龢儽劙壨壧奲孍巘蠯彏戁戃戄攩攥斖曫欑欒欏毊灛灚爢玂玁玃癰矔籧籦纕艬蘺虀蘹蘼蘱蘻蘾蠰蠲蠮蠳襶襴襳觾"],
+["f840","讌讎讋讈豅贙躘轤轣醼鑢鑕鑝鑗鑞韄韅頀驖驙鬞鬟鬠鱒鱘鱐鱊鱍鱋鱕鱙鱌鱎鷻鷷鷯鷣鷫鷸鷤鷶鷡鷮鷦鷲鷰鷢鷬鷴鷳鷨鷭黂黐黲黳鼆鼜鼸鼷鼶齃齏"],
+["f8a1","齱齰齮齯囓囍孎屭攭曭曮欓灟灡灝灠爣瓛瓥矕礸禷禶籪纗羉艭虃蠸蠷蠵衋讔讕躞躟躠躝醾醽釂鑫鑨鑩雥靆靃靇韇韥驞髕魙鱣鱧鱦鱢鱞鱠鸂鷾鸇鸃鸆鸅鸀鸁鸉鷿鷽鸄麠鼞齆齴齵齶囔攮斸欘欙欗欚灢爦犪矘矙礹籩籫糶纚"],
+["f940","纘纛纙臠臡虆虇虈襹襺襼襻觿讘讙躥躤躣鑮鑭鑯鑱鑳靉顲饟鱨鱮鱭鸋鸍鸐鸏鸒鸑麡黵鼉齇齸齻齺齹圞灦籯蠼趲躦釃鑴鑸鑶鑵驠鱴鱳鱱鱵鸔鸓黶鼊"],
+["f9a1","龤灨灥糷虪蠾蠽蠿讞貜躩軉靋顳顴飌饡馫驤驦驧鬤鸕鸗齈戇欞爧虌躨钂钀钁驩驨鬮鸙爩虋讟钃鱹麷癵驫鱺鸝灩灪麤齾齉龘碁銹裏墻恒粧嫺╔╦╗╠╬╣╚╩╝╒╤╕╞╪╡╘╧╛╓╥╖╟╫╢╙╨╜║═╭╮╰╯▓"]
+]
diff --git a/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/eucjp.json b/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/eucjp.json
new file mode 100644
index 0000000..4fa61ca
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/eucjp.json
@@ -0,0 +1,182 @@
+[
+["0","\u0000",127],
+["8ea1","｡",62],
+["a1a1","　、。，．・：；？！゛゜´｀¨＾￣＿ヽヾゝゞ〃仝々〆〇ー―‐／＼～∥｜…‥‘’“”（）〔〕［］｛｝〈",9,"＋－±×÷＝≠＜＞≦≧∞∴♂♀°′″℃￥＄￠￡％＃＆＊＠§☆★○●◎◇"],
+["a2a1","◆□■△▲▽▼※〒→←↑↓〓"],
+["a2ba","∈∋⊆⊇⊂⊃∪∩"],
+["a2ca","∧∨￢⇒⇔∀∃"],
+["a2dc","∠⊥⌒∂∇≡≒≪≫√∽∝∵∫∬"],
+["a2f2","ʼn♯♭♪†‡¶"],
+["a2fe","◯"],
+["a3b0","０",9],
+["a3c1","Ａ",25],
+["a3e1","ａ",25],
+["a4a1","ぁ",82],
+["a5a1","ァ",85],
+["a6a1","Α",16,"Σ",6],
+["a6c1","α",16,"σ",6],
+["a7a1","А",5,"ЁЖ",25],
+["a7d1","а",5,"ёж",25],
+["a8a1","─│┌┐┘└├┬┤┴┼━┃┏┓┛┗┣┳┫┻╋┠┯┨┷┿┝┰┥┸╂"],
+["ada1","①",19,"Ⅰ",9],
+["adc0","㍉㌔㌢㍍㌘㌧㌃㌶㍑㍗㌍㌦㌣㌫㍊㌻㎜㎝㎞㎎㎏㏄㎡"],
+["addf","㍻〝〟№㏍℡㊤",4,"㈱㈲㈹㍾㍽㍼≒≡∫∮∑√⊥∠∟⊿∵∩∪"],
+["b0a1","亜唖娃阿哀愛挨姶逢葵茜穐悪握渥旭葦芦鯵梓圧斡扱宛姐虻飴絢綾鮎或粟袷安庵按暗案闇鞍杏以伊位依偉囲夷委威尉惟意慰易椅為畏異移維緯胃萎衣謂違遺医井亥域育郁磯一壱溢逸稲茨芋鰯允印咽員因姻引飲淫胤蔭"],
+["b1a1","院陰隠韻吋右宇烏羽迂雨卯鵜窺丑碓臼渦嘘唄欝蔚鰻姥厩浦瓜閏噂云運雲荏餌叡営嬰影映曳栄永泳洩瑛盈穎頴英衛詠鋭液疫益駅悦謁越閲榎厭円園堰奄宴延怨掩援沿演炎焔煙燕猿縁艶苑薗遠鉛鴛塩於汚甥凹央奥往応"],
+["b2a1","押旺横欧殴王翁襖鴬鴎黄岡沖荻億屋憶臆桶牡乙俺卸恩温穏音下化仮何伽価佳加可嘉夏嫁家寡科暇果架歌河火珂禍禾稼箇花苛茄荷華菓蝦課嘩貨迦過霞蚊俄峨我牙画臥芽蛾賀雅餓駕介会解回塊壊廻快怪悔恢懐戒拐改"],
+["b3a1","魁晦械海灰界皆絵芥蟹開階貝凱劾外咳害崖慨概涯碍蓋街該鎧骸浬馨蛙垣柿蛎鈎劃嚇各廓拡撹格核殻獲確穫覚角赫較郭閣隔革学岳楽額顎掛笠樫橿梶鰍潟割喝恰括活渇滑葛褐轄且鰹叶椛樺鞄株兜竃蒲釜鎌噛鴨栢茅萱"],
+["b4a1","粥刈苅瓦乾侃冠寒刊勘勧巻喚堪姦完官寛干幹患感慣憾換敢柑桓棺款歓汗漢澗潅環甘監看竿管簡緩缶翰肝艦莞観諌貫還鑑間閑関陥韓館舘丸含岸巌玩癌眼岩翫贋雁頑顔願企伎危喜器基奇嬉寄岐希幾忌揮机旗既期棋棄"],
+["b5a1","機帰毅気汽畿祈季稀紀徽規記貴起軌輝飢騎鬼亀偽儀妓宜戯技擬欺犠疑祇義蟻誼議掬菊鞠吉吃喫桔橘詰砧杵黍却客脚虐逆丘久仇休及吸宮弓急救朽求汲泣灸球究窮笈級糾給旧牛去居巨拒拠挙渠虚許距鋸漁禦魚亨享京"],
+["b6a1","供侠僑兇競共凶協匡卿叫喬境峡強彊怯恐恭挟教橋況狂狭矯胸脅興蕎郷鏡響饗驚仰凝尭暁業局曲極玉桐粁僅勤均巾錦斤欣欽琴禁禽筋緊芹菌衿襟謹近金吟銀九倶句区狗玖矩苦躯駆駈駒具愚虞喰空偶寓遇隅串櫛釧屑屈"],
+["b7a1","掘窟沓靴轡窪熊隈粂栗繰桑鍬勲君薫訓群軍郡卦袈祁係傾刑兄啓圭珪型契形径恵慶慧憩掲携敬景桂渓畦稽系経継繋罫茎荊蛍計詣警軽頚鶏芸迎鯨劇戟撃激隙桁傑欠決潔穴結血訣月件倹倦健兼券剣喧圏堅嫌建憲懸拳捲"],
+["b8a1","検権牽犬献研硯絹県肩見謙賢軒遣鍵険顕験鹸元原厳幻弦減源玄現絃舷言諺限乎個古呼固姑孤己庫弧戸故枯湖狐糊袴股胡菰虎誇跨鈷雇顧鼓五互伍午呉吾娯後御悟梧檎瑚碁語誤護醐乞鯉交佼侯候倖光公功効勾厚口向"],
+["b9a1","后喉坑垢好孔孝宏工巧巷幸広庚康弘恒慌抗拘控攻昂晃更杭校梗構江洪浩港溝甲皇硬稿糠紅紘絞綱耕考肯肱腔膏航荒行衡講貢購郊酵鉱砿鋼閤降項香高鴻剛劫号合壕拷濠豪轟麹克刻告国穀酷鵠黒獄漉腰甑忽惚骨狛込"],
+["baa1","此頃今困坤墾婚恨懇昏昆根梱混痕紺艮魂些佐叉唆嵯左差査沙瑳砂詐鎖裟坐座挫債催再最哉塞妻宰彩才採栽歳済災采犀砕砦祭斎細菜裁載際剤在材罪財冴坂阪堺榊肴咲崎埼碕鷺作削咋搾昨朔柵窄策索錯桜鮭笹匙冊刷"],
+["bba1","察拶撮擦札殺薩雑皐鯖捌錆鮫皿晒三傘参山惨撒散桟燦珊産算纂蚕讃賛酸餐斬暫残仕仔伺使刺司史嗣四士始姉姿子屍市師志思指支孜斯施旨枝止死氏獅祉私糸紙紫肢脂至視詞詩試誌諮資賜雌飼歯事似侍児字寺慈持時"],
+["bca1","次滋治爾璽痔磁示而耳自蒔辞汐鹿式識鴫竺軸宍雫七叱執失嫉室悉湿漆疾質実蔀篠偲柴芝屡蕊縞舎写射捨赦斜煮社紗者謝車遮蛇邪借勺尺杓灼爵酌釈錫若寂弱惹主取守手朱殊狩珠種腫趣酒首儒受呪寿授樹綬需囚収周"],
+["bda1","宗就州修愁拾洲秀秋終繍習臭舟蒐衆襲讐蹴輯週酋酬集醜什住充十従戎柔汁渋獣縦重銃叔夙宿淑祝縮粛塾熟出術述俊峻春瞬竣舜駿准循旬楯殉淳準潤盾純巡遵醇順処初所暑曙渚庶緒署書薯藷諸助叙女序徐恕鋤除傷償"],
+["bea1","勝匠升召哨商唱嘗奨妾娼宵将小少尚庄床廠彰承抄招掌捷昇昌昭晶松梢樟樵沼消渉湘焼焦照症省硝礁祥称章笑粧紹肖菖蒋蕉衝裳訟証詔詳象賞醤鉦鍾鐘障鞘上丈丞乗冗剰城場壌嬢常情擾条杖浄状畳穣蒸譲醸錠嘱埴飾"],
+["bfa1","拭植殖燭織職色触食蝕辱尻伸信侵唇娠寝審心慎振新晋森榛浸深申疹真神秦紳臣芯薪親診身辛進針震人仁刃塵壬尋甚尽腎訊迅陣靭笥諏須酢図厨逗吹垂帥推水炊睡粋翠衰遂酔錐錘随瑞髄崇嵩数枢趨雛据杉椙菅頗雀裾"],
+["c0a1","澄摺寸世瀬畝是凄制勢姓征性成政整星晴棲栖正清牲生盛精聖声製西誠誓請逝醒青静斉税脆隻席惜戚斥昔析石積籍績脊責赤跡蹟碩切拙接摂折設窃節説雪絶舌蝉仙先千占宣専尖川戦扇撰栓栴泉浅洗染潜煎煽旋穿箭線"],
+["c1a1","繊羨腺舛船薦詮賎践選遷銭銑閃鮮前善漸然全禅繕膳糎噌塑岨措曾曽楚狙疏疎礎祖租粗素組蘇訴阻遡鼠僧創双叢倉喪壮奏爽宋層匝惣想捜掃挿掻操早曹巣槍槽漕燥争痩相窓糟総綜聡草荘葬蒼藻装走送遭鎗霜騒像増憎"],
+["c2a1","臓蔵贈造促側則即息捉束測足速俗属賊族続卒袖其揃存孫尊損村遜他多太汰詑唾堕妥惰打柁舵楕陀駄騨体堆対耐岱帯待怠態戴替泰滞胎腿苔袋貸退逮隊黛鯛代台大第醍題鷹滝瀧卓啄宅托択拓沢濯琢託鐸濁諾茸凧蛸只"],
+["c3a1","叩但達辰奪脱巽竪辿棚谷狸鱈樽誰丹単嘆坦担探旦歎淡湛炭短端箪綻耽胆蛋誕鍛団壇弾断暖檀段男談値知地弛恥智池痴稚置致蜘遅馳築畜竹筑蓄逐秩窒茶嫡着中仲宙忠抽昼柱注虫衷註酎鋳駐樗瀦猪苧著貯丁兆凋喋寵"],
+["c4a1","帖帳庁弔張彫徴懲挑暢朝潮牒町眺聴脹腸蝶調諜超跳銚長頂鳥勅捗直朕沈珍賃鎮陳津墜椎槌追鎚痛通塚栂掴槻佃漬柘辻蔦綴鍔椿潰坪壷嬬紬爪吊釣鶴亭低停偵剃貞呈堤定帝底庭廷弟悌抵挺提梯汀碇禎程締艇訂諦蹄逓"],
+["c5a1","邸鄭釘鼎泥摘擢敵滴的笛適鏑溺哲徹撤轍迭鉄典填天展店添纏甜貼転顛点伝殿澱田電兎吐堵塗妬屠徒斗杜渡登菟賭途都鍍砥砺努度土奴怒倒党冬凍刀唐塔塘套宕島嶋悼投搭東桃梼棟盗淘湯涛灯燈当痘祷等答筒糖統到"],
+["c6a1","董蕩藤討謄豆踏逃透鐙陶頭騰闘働動同堂導憧撞洞瞳童胴萄道銅峠鴇匿得徳涜特督禿篤毒独読栃橡凸突椴届鳶苫寅酉瀞噸屯惇敦沌豚遁頓呑曇鈍奈那内乍凪薙謎灘捺鍋楢馴縄畷南楠軟難汝二尼弐迩匂賑肉虹廿日乳入"],
+["c7a1","如尿韮任妊忍認濡禰祢寧葱猫熱年念捻撚燃粘乃廼之埜嚢悩濃納能脳膿農覗蚤巴把播覇杷波派琶破婆罵芭馬俳廃拝排敗杯盃牌背肺輩配倍培媒梅楳煤狽買売賠陪這蝿秤矧萩伯剥博拍柏泊白箔粕舶薄迫曝漠爆縛莫駁麦"],
+["c8a1","函箱硲箸肇筈櫨幡肌畑畠八鉢溌発醗髪伐罰抜筏閥鳩噺塙蛤隼伴判半反叛帆搬斑板氾汎版犯班畔繁般藩販範釆煩頒飯挽晩番盤磐蕃蛮匪卑否妃庇彼悲扉批披斐比泌疲皮碑秘緋罷肥被誹費避非飛樋簸備尾微枇毘琵眉美"],
+["c9a1","鼻柊稗匹疋髭彦膝菱肘弼必畢筆逼桧姫媛紐百謬俵彪標氷漂瓢票表評豹廟描病秒苗錨鋲蒜蛭鰭品彬斌浜瀕貧賓頻敏瓶不付埠夫婦富冨布府怖扶敷斧普浮父符腐膚芙譜負賦赴阜附侮撫武舞葡蕪部封楓風葺蕗伏副復幅服"],
+["caa1","福腹複覆淵弗払沸仏物鮒分吻噴墳憤扮焚奮粉糞紛雰文聞丙併兵塀幣平弊柄並蔽閉陛米頁僻壁癖碧別瞥蔑箆偏変片篇編辺返遍便勉娩弁鞭保舗鋪圃捕歩甫補輔穂募墓慕戊暮母簿菩倣俸包呆報奉宝峰峯崩庖抱捧放方朋"],
+["cba1","法泡烹砲縫胞芳萌蓬蜂褒訪豊邦鋒飽鳳鵬乏亡傍剖坊妨帽忘忙房暴望某棒冒紡肪膨謀貌貿鉾防吠頬北僕卜墨撲朴牧睦穆釦勃没殆堀幌奔本翻凡盆摩磨魔麻埋妹昧枚毎哩槙幕膜枕鮪柾鱒桝亦俣又抹末沫迄侭繭麿万慢満"],
+["cca1","漫蔓味未魅巳箕岬密蜜湊蓑稔脈妙粍民眠務夢無牟矛霧鵡椋婿娘冥名命明盟迷銘鳴姪牝滅免棉綿緬面麺摸模茂妄孟毛猛盲網耗蒙儲木黙目杢勿餅尤戻籾貰問悶紋門匁也冶夜爺耶野弥矢厄役約薬訳躍靖柳薮鑓愉愈油癒"],
+["cda1","諭輸唯佑優勇友宥幽悠憂揖有柚湧涌猶猷由祐裕誘遊邑郵雄融夕予余与誉輿預傭幼妖容庸揚揺擁曜楊様洋溶熔用窯羊耀葉蓉要謡踊遥陽養慾抑欲沃浴翌翼淀羅螺裸来莱頼雷洛絡落酪乱卵嵐欄濫藍蘭覧利吏履李梨理璃"],
+["cea1","痢裏裡里離陸律率立葎掠略劉流溜琉留硫粒隆竜龍侶慮旅虜了亮僚両凌寮料梁涼猟療瞭稜糧良諒遼量陵領力緑倫厘林淋燐琳臨輪隣鱗麟瑠塁涙累類令伶例冷励嶺怜玲礼苓鈴隷零霊麗齢暦歴列劣烈裂廉恋憐漣煉簾練聯"],
+["cfa1","蓮連錬呂魯櫓炉賂路露労婁廊弄朗楼榔浪漏牢狼篭老聾蝋郎六麓禄肋録論倭和話歪賄脇惑枠鷲亙亘鰐詫藁蕨椀湾碗腕"],
+["d0a1","弌丐丕个丱丶丼丿乂乖乘亂亅豫亊舒弍于亞亟亠亢亰亳亶从仍仄仆仂仗仞仭仟价伉佚估佛佝佗佇佶侈侏侘佻佩佰侑佯來侖儘俔俟俎俘俛俑俚俐俤俥倚倨倔倪倥倅伜俶倡倩倬俾俯們倆偃假會偕偐偈做偖偬偸傀傚傅傴傲"],
+["d1a1","僉僊傳僂僖僞僥僭僣僮價僵儉儁儂儖儕儔儚儡儺儷儼儻儿兀兒兌兔兢竸兩兪兮冀冂囘册冉冏冑冓冕冖冤冦冢冩冪冫决冱冲冰况冽凅凉凛几處凩凭凰凵凾刄刋刔刎刧刪刮刳刹剏剄剋剌剞剔剪剴剩剳剿剽劍劔劒剱劈劑辨"],
+["d2a1","辧劬劭劼劵勁勍勗勞勣勦飭勠勳勵勸勹匆匈甸匍匐匏匕匚匣匯匱匳匸區卆卅丗卉卍凖卞卩卮夘卻卷厂厖厠厦厥厮厰厶參簒雙叟曼燮叮叨叭叺吁吽呀听吭吼吮吶吩吝呎咏呵咎呟呱呷呰咒呻咀呶咄咐咆哇咢咸咥咬哄哈咨"],
+["d3a1","咫哂咤咾咼哘哥哦唏唔哽哮哭哺哢唹啀啣啌售啜啅啖啗唸唳啝喙喀咯喊喟啻啾喘喞單啼喃喩喇喨嗚嗅嗟嗄嗜嗤嗔嘔嗷嘖嗾嗽嘛嗹噎噐營嘴嘶嘲嘸噫噤嘯噬噪嚆嚀嚊嚠嚔嚏嚥嚮嚶嚴囂嚼囁囃囀囈囎囑囓囗囮囹圀囿圄圉"],
+["d4a1","圈國圍圓團圖嗇圜圦圷圸坎圻址坏坩埀垈坡坿垉垓垠垳垤垪垰埃埆埔埒埓堊埖埣堋堙堝塲堡塢塋塰毀塒堽塹墅墹墟墫墺壞墻墸墮壅壓壑壗壙壘壥壜壤壟壯壺壹壻壼壽夂夊夐夛梦夥夬夭夲夸夾竒奕奐奎奚奘奢奠奧奬奩"],
+["d5a1","奸妁妝佞侫妣妲姆姨姜妍姙姚娥娟娑娜娉娚婀婬婉娵娶婢婪媚媼媾嫋嫂媽嫣嫗嫦嫩嫖嫺嫻嬌嬋嬖嬲嫐嬪嬶嬾孃孅孀孑孕孚孛孥孩孰孳孵學斈孺宀它宦宸寃寇寉寔寐寤實寢寞寥寫寰寶寳尅將專對尓尠尢尨尸尹屁屆屎屓"],
+["d6a1","屐屏孱屬屮乢屶屹岌岑岔妛岫岻岶岼岷峅岾峇峙峩峽峺峭嶌峪崋崕崗嵜崟崛崑崔崢崚崙崘嵌嵒嵎嵋嵬嵳嵶嶇嶄嶂嶢嶝嶬嶮嶽嶐嶷嶼巉巍巓巒巖巛巫已巵帋帚帙帑帛帶帷幄幃幀幎幗幔幟幢幤幇幵并幺麼广庠廁廂廈廐廏"],
+["d7a1","廖廣廝廚廛廢廡廨廩廬廱廳廰廴廸廾弃弉彝彜弋弑弖弩弭弸彁彈彌彎弯彑彖彗彙彡彭彳彷徃徂彿徊很徑徇從徙徘徠徨徭徼忖忻忤忸忱忝悳忿怡恠怙怐怩怎怱怛怕怫怦怏怺恚恁恪恷恟恊恆恍恣恃恤恂恬恫恙悁悍惧悃悚"],
+["d8a1","悄悛悖悗悒悧悋惡悸惠惓悴忰悽惆悵惘慍愕愆惶惷愀惴惺愃愡惻惱愍愎慇愾愨愧慊愿愼愬愴愽慂慄慳慷慘慙慚慫慴慯慥慱慟慝慓慵憙憖憇憬憔憚憊憑憫憮懌懊應懷懈懃懆憺懋罹懍懦懣懶懺懴懿懽懼懾戀戈戉戍戌戔戛"],
+["d9a1","戞戡截戮戰戲戳扁扎扞扣扛扠扨扼抂抉找抒抓抖拔抃抔拗拑抻拏拿拆擔拈拜拌拊拂拇抛拉挌拮拱挧挂挈拯拵捐挾捍搜捏掖掎掀掫捶掣掏掉掟掵捫捩掾揩揀揆揣揉插揶揄搖搴搆搓搦搶攝搗搨搏摧摯摶摎攪撕撓撥撩撈撼"],
+["daa1","據擒擅擇撻擘擂擱擧舉擠擡抬擣擯攬擶擴擲擺攀擽攘攜攅攤攣攫攴攵攷收攸畋效敖敕敍敘敞敝敲數斂斃變斛斟斫斷旃旆旁旄旌旒旛旙无旡旱杲昊昃旻杳昵昶昴昜晏晄晉晁晞晝晤晧晨晟晢晰暃暈暎暉暄暘暝曁暹曉暾暼"],
+["dba1","曄暸曖曚曠昿曦曩曰曵曷朏朖朞朦朧霸朮朿朶杁朸朷杆杞杠杙杣杤枉杰枩杼杪枌枋枦枡枅枷柯枴柬枳柩枸柤柞柝柢柮枹柎柆柧檜栞框栩桀桍栲桎梳栫桙档桷桿梟梏梭梔條梛梃檮梹桴梵梠梺椏梍桾椁棊椈棘椢椦棡椌棍"],
+["dca1","棔棧棕椶椒椄棗棣椥棹棠棯椨椪椚椣椡棆楹楷楜楸楫楔楾楮椹楴椽楙椰楡楞楝榁楪榲榮槐榿槁槓榾槎寨槊槝榻槃榧樮榑榠榜榕榴槞槨樂樛槿權槹槲槧樅榱樞槭樔槫樊樒櫁樣樓橄樌橲樶橸橇橢橙橦橈樸樢檐檍檠檄檢檣"],
+["dda1","檗蘗檻櫃櫂檸檳檬櫞櫑櫟檪櫚櫪櫻欅蘖櫺欒欖鬱欟欸欷盜欹飮歇歃歉歐歙歔歛歟歡歸歹歿殀殄殃殍殘殕殞殤殪殫殯殲殱殳殷殼毆毋毓毟毬毫毳毯麾氈氓气氛氤氣汞汕汢汪沂沍沚沁沛汾汨汳沒沐泄泱泓沽泗泅泝沮沱沾"],
+["dea1","沺泛泯泙泪洟衍洶洫洽洸洙洵洳洒洌浣涓浤浚浹浙涎涕濤涅淹渕渊涵淇淦涸淆淬淞淌淨淒淅淺淙淤淕淪淮渭湮渮渙湲湟渾渣湫渫湶湍渟湃渺湎渤滿渝游溂溪溘滉溷滓溽溯滄溲滔滕溏溥滂溟潁漑灌滬滸滾漿滲漱滯漲滌"],
+["dfa1","漾漓滷澆潺潸澁澀潯潛濳潭澂潼潘澎澑濂潦澳澣澡澤澹濆澪濟濕濬濔濘濱濮濛瀉瀋濺瀑瀁瀏濾瀛瀚潴瀝瀘瀟瀰瀾瀲灑灣炙炒炯烱炬炸炳炮烟烋烝烙焉烽焜焙煥煕熈煦煢煌煖煬熏燻熄熕熨熬燗熹熾燒燉燔燎燠燬燧燵燼"],
+["e0a1","燹燿爍爐爛爨爭爬爰爲爻爼爿牀牆牋牘牴牾犂犁犇犒犖犢犧犹犲狃狆狄狎狒狢狠狡狹狷倏猗猊猜猖猝猴猯猩猥猾獎獏默獗獪獨獰獸獵獻獺珈玳珎玻珀珥珮珞璢琅瑯琥珸琲琺瑕琿瑟瑙瑁瑜瑩瑰瑣瑪瑶瑾璋璞璧瓊瓏瓔珱"],
+["e1a1","瓠瓣瓧瓩瓮瓲瓰瓱瓸瓷甄甃甅甌甎甍甕甓甞甦甬甼畄畍畊畉畛畆畚畩畤畧畫畭畸當疆疇畴疊疉疂疔疚疝疥疣痂疳痃疵疽疸疼疱痍痊痒痙痣痞痾痿痼瘁痰痺痲痳瘋瘍瘉瘟瘧瘠瘡瘢瘤瘴瘰瘻癇癈癆癜癘癡癢癨癩癪癧癬癰"],
+["e2a1","癲癶癸發皀皃皈皋皎皖皓皙皚皰皴皸皹皺盂盍盖盒盞盡盥盧盪蘯盻眈眇眄眩眤眞眥眦眛眷眸睇睚睨睫睛睥睿睾睹瞎瞋瞑瞠瞞瞰瞶瞹瞿瞼瞽瞻矇矍矗矚矜矣矮矼砌砒礦砠礪硅碎硴碆硼碚碌碣碵碪碯磑磆磋磔碾碼磅磊磬"],
+["e3a1","磧磚磽磴礇礒礑礙礬礫祀祠祗祟祚祕祓祺祿禊禝禧齋禪禮禳禹禺秉秕秧秬秡秣稈稍稘稙稠稟禀稱稻稾稷穃穗穉穡穢穩龝穰穹穽窈窗窕窘窖窩竈窰窶竅竄窿邃竇竊竍竏竕竓站竚竝竡竢竦竭竰笂笏笊笆笳笘笙笞笵笨笶筐"],
+["e4a1","筺笄筍笋筌筅筵筥筴筧筰筱筬筮箝箘箟箍箜箚箋箒箏筝箙篋篁篌篏箴篆篝篩簑簔篦篥籠簀簇簓篳篷簗簍篶簣簧簪簟簷簫簽籌籃籔籏籀籐籘籟籤籖籥籬籵粃粐粤粭粢粫粡粨粳粲粱粮粹粽糀糅糂糘糒糜糢鬻糯糲糴糶糺紆"],
+["e5a1","紂紜紕紊絅絋紮紲紿紵絆絳絖絎絲絨絮絏絣經綉絛綏絽綛綺綮綣綵緇綽綫總綢綯緜綸綟綰緘緝緤緞緻緲緡縅縊縣縡縒縱縟縉縋縢繆繦縻縵縹繃縷縲縺繧繝繖繞繙繚繹繪繩繼繻纃緕繽辮繿纈纉續纒纐纓纔纖纎纛纜缸缺"],
+["e6a1","罅罌罍罎罐网罕罔罘罟罠罨罩罧罸羂羆羃羈羇羌羔羞羝羚羣羯羲羹羮羶羸譱翅翆翊翕翔翡翦翩翳翹飜耆耄耋耒耘耙耜耡耨耿耻聊聆聒聘聚聟聢聨聳聲聰聶聹聽聿肄肆肅肛肓肚肭冐肬胛胥胙胝胄胚胖脉胯胱脛脩脣脯腋"],
+["e7a1","隋腆脾腓腑胼腱腮腥腦腴膃膈膊膀膂膠膕膤膣腟膓膩膰膵膾膸膽臀臂膺臉臍臑臙臘臈臚臟臠臧臺臻臾舁舂舅與舊舍舐舖舩舫舸舳艀艙艘艝艚艟艤艢艨艪艫舮艱艷艸艾芍芒芫芟芻芬苡苣苟苒苴苳苺莓范苻苹苞茆苜茉苙"],
+["e8a1","茵茴茖茲茱荀茹荐荅茯茫茗茘莅莚莪莟莢莖茣莎莇莊荼莵荳荵莠莉莨菴萓菫菎菽萃菘萋菁菷萇菠菲萍萢萠莽萸蔆菻葭萪萼蕚蒄葷葫蒭葮蒂葩葆萬葯葹萵蓊葢蒹蒿蒟蓙蓍蒻蓚蓐蓁蓆蓖蒡蔡蓿蓴蔗蔘蔬蔟蔕蔔蓼蕀蕣蕘蕈"],
+["e9a1","蕁蘂蕋蕕薀薤薈薑薊薨蕭薔薛藪薇薜蕷蕾薐藉薺藏薹藐藕藝藥藜藹蘊蘓蘋藾藺蘆蘢蘚蘰蘿虍乕虔號虧虱蚓蚣蚩蚪蚋蚌蚶蚯蛄蛆蚰蛉蠣蚫蛔蛞蛩蛬蛟蛛蛯蜒蜆蜈蜀蜃蛻蜑蜉蜍蛹蜊蜴蜿蜷蜻蜥蜩蜚蝠蝟蝸蝌蝎蝴蝗蝨蝮蝙"],
+["eaa1","蝓蝣蝪蠅螢螟螂螯蟋螽蟀蟐雖螫蟄螳蟇蟆螻蟯蟲蟠蠏蠍蟾蟶蟷蠎蟒蠑蠖蠕蠢蠡蠱蠶蠹蠧蠻衄衂衒衙衞衢衫袁衾袞衵衽袵衲袂袗袒袮袙袢袍袤袰袿袱裃裄裔裘裙裝裹褂裼裴裨裲褄褌褊褓襃褞褥褪褫襁襄褻褶褸襌褝襠襞"],
+["eba1","襦襤襭襪襯襴襷襾覃覈覊覓覘覡覩覦覬覯覲覺覽覿觀觚觜觝觧觴觸訃訖訐訌訛訝訥訶詁詛詒詆詈詼詭詬詢誅誂誄誨誡誑誥誦誚誣諄諍諂諚諫諳諧諤諱謔諠諢諷諞諛謌謇謚諡謖謐謗謠謳鞫謦謫謾謨譁譌譏譎證譖譛譚譫"],
+["eca1","譟譬譯譴譽讀讌讎讒讓讖讙讚谺豁谿豈豌豎豐豕豢豬豸豺貂貉貅貊貍貎貔豼貘戝貭貪貽貲貳貮貶賈賁賤賣賚賽賺賻贄贅贊贇贏贍贐齎贓賍贔贖赧赭赱赳趁趙跂趾趺跏跚跖跌跛跋跪跫跟跣跼踈踉跿踝踞踐踟蹂踵踰踴蹊"],
+["eda1","蹇蹉蹌蹐蹈蹙蹤蹠踪蹣蹕蹶蹲蹼躁躇躅躄躋躊躓躑躔躙躪躡躬躰軆躱躾軅軈軋軛軣軼軻軫軾輊輅輕輒輙輓輜輟輛輌輦輳輻輹轅轂輾轌轉轆轎轗轜轢轣轤辜辟辣辭辯辷迚迥迢迪迯邇迴逅迹迺逑逕逡逍逞逖逋逧逶逵逹迸"],
+["eea1","遏遐遑遒逎遉逾遖遘遞遨遯遶隨遲邂遽邁邀邊邉邏邨邯邱邵郢郤扈郛鄂鄒鄙鄲鄰酊酖酘酣酥酩酳酲醋醉醂醢醫醯醪醵醴醺釀釁釉釋釐釖釟釡釛釼釵釶鈞釿鈔鈬鈕鈑鉞鉗鉅鉉鉤鉈銕鈿鉋鉐銜銖銓銛鉚鋏銹銷鋩錏鋺鍄錮"],
+["efa1","錙錢錚錣錺錵錻鍜鍠鍼鍮鍖鎰鎬鎭鎔鎹鏖鏗鏨鏥鏘鏃鏝鏐鏈鏤鐚鐔鐓鐃鐇鐐鐶鐫鐵鐡鐺鑁鑒鑄鑛鑠鑢鑞鑪鈩鑰鑵鑷鑽鑚鑼鑾钁鑿閂閇閊閔閖閘閙閠閨閧閭閼閻閹閾闊濶闃闍闌闕闔闖關闡闥闢阡阨阮阯陂陌陏陋陷陜陞"],
+["f0a1","陝陟陦陲陬隍隘隕隗險隧隱隲隰隴隶隸隹雎雋雉雍襍雜霍雕雹霄霆霈霓霎霑霏霖霙霤霪霰霹霽霾靄靆靈靂靉靜靠靤靦靨勒靫靱靹鞅靼鞁靺鞆鞋鞏鞐鞜鞨鞦鞣鞳鞴韃韆韈韋韜韭齏韲竟韶韵頏頌頸頤頡頷頽顆顏顋顫顯顰"],
+["f1a1","顱顴顳颪颯颱颶飄飃飆飩飫餃餉餒餔餘餡餝餞餤餠餬餮餽餾饂饉饅饐饋饑饒饌饕馗馘馥馭馮馼駟駛駝駘駑駭駮駱駲駻駸騁騏騅駢騙騫騷驅驂驀驃騾驕驍驛驗驟驢驥驤驩驫驪骭骰骼髀髏髑髓體髞髟髢髣髦髯髫髮髴髱髷"],
+["f2a1","髻鬆鬘鬚鬟鬢鬣鬥鬧鬨鬩鬪鬮鬯鬲魄魃魏魍魎魑魘魴鮓鮃鮑鮖鮗鮟鮠鮨鮴鯀鯊鮹鯆鯏鯑鯒鯣鯢鯤鯔鯡鰺鯲鯱鯰鰕鰔鰉鰓鰌鰆鰈鰒鰊鰄鰮鰛鰥鰤鰡鰰鱇鰲鱆鰾鱚鱠鱧鱶鱸鳧鳬鳰鴉鴈鳫鴃鴆鴪鴦鶯鴣鴟鵄鴕鴒鵁鴿鴾鵆鵈"],
+["f3a1","鵝鵞鵤鵑鵐鵙鵲鶉鶇鶫鵯鵺鶚鶤鶩鶲鷄鷁鶻鶸鶺鷆鷏鷂鷙鷓鷸鷦鷭鷯鷽鸚鸛鸞鹵鹹鹽麁麈麋麌麒麕麑麝麥麩麸麪麭靡黌黎黏黐黔黜點黝黠黥黨黯黴黶黷黹黻黼黽鼇鼈皷鼕鼡鼬鼾齊齒齔齣齟齠齡齦齧齬齪齷齲齶龕龜龠"],
+["f4a1","堯槇遙瑤凜熙"],
+["f9a1","纊褜鍈銈蓜俉炻昱棈鋹曻彅丨仡仼伀伃伹佖侒侊侚侔俍偀倢俿倞偆偰偂傔僴僘兊兤冝冾凬刕劜劦勀勛匀匇匤卲厓厲叝﨎咜咊咩哿喆坙坥垬埈埇﨏塚增墲夋奓奛奝奣妤妺孖寀甯寘寬尞岦岺峵崧嵓﨑嵂嵭嶸嶹巐弡弴彧德"],
+["faa1","忞恝悅悊惞惕愠惲愑愷愰憘戓抦揵摠撝擎敎昀昕昻昉昮昞昤晥晗晙晴晳暙暠暲暿曺朎朗杦枻桒柀栁桄棏﨓楨﨔榘槢樰橫橆橳橾櫢櫤毖氿汜沆汯泚洄涇浯涖涬淏淸淲淼渹湜渧渼溿澈澵濵瀅瀇瀨炅炫焏焄煜煆煇凞燁燾犱"],
+["fba1","犾猤猪獷玽珉珖珣珒琇珵琦琪琩琮瑢璉璟甁畯皂皜皞皛皦益睆劯砡硎硤硺礰礼神祥禔福禛竑竧靖竫箞精絈絜綷綠緖繒罇羡羽茁荢荿菇菶葈蒴蕓蕙蕫﨟薰蘒﨡蠇裵訒訷詹誧誾諟諸諶譓譿賰賴贒赶﨣軏﨤逸遧郞都鄕鄧釚"],
+["fca1","釗釞釭釮釤釥鈆鈐鈊鈺鉀鈼鉎鉙鉑鈹鉧銧鉷鉸鋧鋗鋙鋐﨧鋕鋠鋓錥錡鋻﨨錞鋿錝錂鍰鍗鎤鏆鏞鏸鐱鑅鑈閒隆﨩隝隯霳霻靃靍靏靑靕顗顥飯飼餧館馞驎髙髜魵魲鮏鮱鮻鰀鵰鵫鶴鸙黑"],
+["fcf1","ⅰ",9,"￢￤＇＂"],
+["8fa2af","˘ˇ¸˙˝¯˛˚～΄΅"],
+["8fa2c2","¡¦¿"],
+["8fa2eb","ºª©®™¤№"],
+["8fa6e1","ΆΈΉΊΪ"],
+["8fa6e7","Ό"],
+["8fa6e9","ΎΫ"],
+["8fa6ec","Ώ"],
+["8fa6f1","άέήίϊΐόςύϋΰώ"],
+["8fa7c2","Ђ",10,"ЎЏ"],
+["8fa7f2","ђ",10,"ўџ"],
+["8fa9a1","ÆĐ"],
+["8fa9a4","Ħ"],
+["8fa9a6","IJ"],
+["8fa9a8","ŁĿ"],
+["8fa9ab","ŊØŒ"],
+["8fa9af","ŦÞ"],
+["8fa9c1","æđðħıijĸłŀʼnŋøœßŧþ"],
+["8faaa1","ÁÀÄÂĂǍĀĄÅÃĆĈČÇĊĎÉÈËÊĚĖĒĘ"],
+["8faaba","ĜĞĢĠĤÍÌÏÎǏİĪĮĨĴĶĹĽĻŃŇŅÑÓÒÖÔǑŐŌÕŔŘŖŚŜŠŞŤŢÚÙÜÛŬǓŰŪŲŮŨǗǛǙǕŴÝŸŶŹŽŻ"],
+["8faba1","áàäâăǎāąåãćĉčçċďéèëêěėēęǵĝğ"],
+["8fabbd","ġĥíìïîǐ"],
+["8fabc5","īįĩĵķĺľļńňņñóòöôǒőōõŕřŗśŝšşťţúùüûŭǔűūųůũǘǜǚǖŵýÿŷźžż"],
+["8fb0a1","丂丄丅丌丒丟丣两丨丫丮丯丰丵乀乁乄乇乑乚乜乣乨乩乴乵乹乿亍亖亗亝亯亹仃仐仚仛仠仡仢仨仯仱仳仵份仾仿伀伂伃伈伋伌伒伕伖众伙伮伱你伳伵伷伹伻伾佀佂佈佉佋佌佒佔佖佘佟佣佪佬佮佱佷佸佹佺佽佾侁侂侄"],
+["8fb1a1","侅侉侊侌侎侐侒侓侔侗侙侚侞侟侲侷侹侻侼侽侾俀俁俅俆俈俉俋俌俍俏俒俜俠俢俰俲俼俽俿倀倁倄倇倊倌倎倐倓倗倘倛倜倝倞倢倧倮倰倲倳倵偀偁偂偅偆偊偌偎偑偒偓偗偙偟偠偢偣偦偧偪偭偰偱倻傁傃傄傆傊傎傏傐"],
+["8fb2a1","傒傓傔傖傛傜傞",4,"傪傯傰傹傺傽僀僃僄僇僌僎僐僓僔僘僜僝僟僢僤僦僨僩僯僱僶僺僾儃儆儇儈儋儌儍儎僲儐儗儙儛儜儝儞儣儧儨儬儭儯儱儳儴儵儸儹兂兊兏兓兕兗兘兟兤兦兾冃冄冋冎冘冝冡冣冭冸冺冼冾冿凂"],
+["8fb3a1","凈减凑凒凓凕凘凞凢凥凮凲凳凴凷刁刂刅划刓刕刖刘刢刨刱刲刵刼剅剉剕剗剘剚剜剟剠剡剦剮剷剸剹劀劂劅劊劌劓劕劖劗劘劚劜劤劥劦劧劯劰劶劷劸劺劻劽勀勄勆勈勌勏勑勔勖勛勜勡勥勨勩勪勬勰勱勴勶勷匀匃匊匋"],
+["8fb4a1","匌匑匓匘匛匜匞匟匥匧匨匩匫匬匭匰匲匵匼匽匾卂卌卋卙卛卡卣卥卬卭卲卹卾厃厇厈厎厓厔厙厝厡厤厪厫厯厲厴厵厷厸厺厽叀叅叏叒叓叕叚叝叞叠另叧叵吂吓吚吡吧吨吪启吱吴吵呃呄呇呍呏呞呢呤呦呧呩呫呭呮呴呿"],
+["8fb5a1","咁咃咅咈咉咍咑咕咖咜咟咡咦咧咩咪咭咮咱咷咹咺咻咿哆哊响哎哠哪哬哯哶哼哾哿唀唁唅唈唉唌唍唎唕唪唫唲唵唶唻唼唽啁啇啉啊啍啐啑啘啚啛啞啠啡啤啦啿喁喂喆喈喎喏喑喒喓喔喗喣喤喭喲喿嗁嗃嗆嗉嗋嗌嗎嗑嗒"],
+["8fb6a1","嗓嗗嗘嗛嗞嗢嗩嗶嗿嘅嘈嘊嘍",5,"嘙嘬嘰嘳嘵嘷嘹嘻嘼嘽嘿噀噁噃噄噆噉噋噍噏噔噞噠噡噢噣噦噩噭噯噱噲噵嚄嚅嚈嚋嚌嚕嚙嚚嚝嚞嚟嚦嚧嚨嚩嚫嚬嚭嚱嚳嚷嚾囅囉囊囋囏囐囌囍囙囜囝囟囡囤",4,"囱囫园"],
+["8fb7a1","囶囷圁圂圇圊圌圑圕圚圛圝圠圢圣圤圥圩圪圬圮圯圳圴圽圾圿坅坆坌坍坒坢坥坧坨坫坭",4,"坳坴坵坷坹坺坻坼坾垁垃垌垔垗垙垚垜垝垞垟垡垕垧垨垩垬垸垽埇埈埌埏埕埝埞埤埦埧埩埭埰埵埶埸埽埾埿堃堄堈堉埡"],
+["8fb8a1","堌堍堛堞堟堠堦堧堭堲堹堿塉塌塍塏塐塕塟塡塤塧塨塸塼塿墀墁墇墈墉墊墌墍墏墐墔墖墝墠墡墢墦墩墱墲壄墼壂壈壍壎壐壒壔壖壚壝壡壢壩壳夅夆夋夌夒夓夔虁夝夡夣夤夨夯夰夳夵夶夿奃奆奒奓奙奛奝奞奟奡奣奫奭"],
+["8fb9a1","奯奲奵奶她奻奼妋妌妎妒妕妗妟妤妧妭妮妯妰妳妷妺妼姁姃姄姈姊姍姒姝姞姟姣姤姧姮姯姱姲姴姷娀娄娌娍娎娒娓娞娣娤娧娨娪娭娰婄婅婇婈婌婐婕婞婣婥婧婭婷婺婻婾媋媐媓媖媙媜媞媟媠媢媧媬媱媲媳媵媸媺媻媿"],
+["8fbaa1","嫄嫆嫈嫏嫚嫜嫠嫥嫪嫮嫵嫶嫽嬀嬁嬈嬗嬴嬙嬛嬝嬡嬥嬭嬸孁孋孌孒孖孞孨孮孯孼孽孾孿宁宄宆宊宎宐宑宓宔宖宨宩宬宭宯宱宲宷宺宼寀寁寍寏寖",4,"寠寯寱寴寽尌尗尞尟尣尦尩尫尬尮尰尲尵尶屙屚屜屢屣屧屨屩"],
+["8fbba1","屭屰屴屵屺屻屼屽岇岈岊岏岒岝岟岠岢岣岦岪岲岴岵岺峉峋峒峝峗峮峱峲峴崁崆崍崒崫崣崤崦崧崱崴崹崽崿嵂嵃嵆嵈嵕嵑嵙嵊嵟嵠嵡嵢嵤嵪嵭嵰嵹嵺嵾嵿嶁嶃嶈嶊嶒嶓嶔嶕嶙嶛嶟嶠嶧嶫嶰嶴嶸嶹巃巇巋巐巎巘巙巠巤"],
+["8fbca1","巩巸巹帀帇帍帒帔帕帘帟帠帮帨帲帵帾幋幐幉幑幖幘幛幜幞幨幪",4,"幰庀庋庎庢庤庥庨庪庬庱庳庽庾庿廆廌廋廎廑廒廔廕廜廞廥廫异弆弇弈弎弙弜弝弡弢弣弤弨弫弬弮弰弴弶弻弽弿彀彄彅彇彍彐彔彘彛彠彣彤彧"],
+["8fbda1","彯彲彴彵彸彺彽彾徉徍徏徖徜徝徢徧徫徤徬徯徰徱徸忄忇忈忉忋忐",4,"忞忡忢忨忩忪忬忭忮忯忲忳忶忺忼怇怊怍怓怔怗怘怚怟怤怭怳怵恀恇恈恉恌恑恔恖恗恝恡恧恱恾恿悂悆悈悊悎悑悓悕悘悝悞悢悤悥您悰悱悷"],
+["8fbea1","悻悾惂惄惈惉惊惋惎惏惔惕惙惛惝惞惢惥惲惵惸惼惽愂愇愊愌愐",4,"愖愗愙愜愞愢愪愫愰愱愵愶愷愹慁慅慆慉慞慠慬慲慸慻慼慿憀憁憃憄憋憍憒憓憗憘憜憝憟憠憥憨憪憭憸憹憼懀懁懂懎懏懕懜懝懞懟懡懢懧懩懥"],
+["8fbfa1","懬懭懯戁戃戄戇戓戕戜戠戢戣戧戩戫戹戽扂扃扄扆扌扐扑扒扔扖扚扜扤扭扯扳扺扽抍抎抏抐抦抨抳抶抷抺抾抿拄拎拕拖拚拪拲拴拼拽挃挄挊挋挍挐挓挖挘挩挪挭挵挶挹挼捁捂捃捄捆捊捋捎捒捓捔捘捛捥捦捬捭捱捴捵"],
+["8fc0a1","捸捼捽捿掂掄掇掊掐掔掕掙掚掞掤掦掭掮掯掽揁揅揈揎揑揓揔揕揜揠揥揪揬揲揳揵揸揹搉搊搐搒搔搘搞搠搢搤搥搩搪搯搰搵搽搿摋摏摑摒摓摔摚摛摜摝摟摠摡摣摭摳摴摻摽撅撇撏撐撑撘撙撛撝撟撡撣撦撨撬撳撽撾撿"],
+["8fc1a1","擄擉擊擋擌擎擐擑擕擗擤擥擩擪擭擰擵擷擻擿攁攄攈攉攊攏攓攔攖攙攛攞攟攢攦攩攮攱攺攼攽敃敇敉敐敒敔敟敠敧敫敺敽斁斅斊斒斕斘斝斠斣斦斮斲斳斴斿旂旈旉旎旐旔旖旘旟旰旲旴旵旹旾旿昀昄昈昉昍昑昒昕昖昝"],
+["8fc2a1","昞昡昢昣昤昦昩昪昫昬昮昰昱昳昹昷晀晅晆晊晌晑晎晗晘晙晛晜晠晡曻晪晫晬晾晳晵晿晷晸晹晻暀晼暋暌暍暐暒暙暚暛暜暟暠暤暭暱暲暵暻暿曀曂曃曈曌曎曏曔曛曟曨曫曬曮曺朅朇朎朓朙朜朠朢朳朾杅杇杈杌杔杕杝"],
+["8fc3a1","杦杬杮杴杶杻极构枎枏枑枓枖枘枙枛枰枱枲枵枻枼枽柹柀柂柃柅柈柉柒柗柙柜柡柦柰柲柶柷桒栔栙栝栟栨栧栬栭栯栰栱栳栻栿桄桅桊桌桕桗桘桛桫桮",4,"桵桹桺桻桼梂梄梆梈梖梘梚梜梡梣梥梩梪梮梲梻棅棈棌棏"],
+["8fc4a1","棐棑棓棖棙棜棝棥棨棪棫棬棭棰棱棵棶棻棼棽椆椉椊椐椑椓椖椗椱椳椵椸椻楂楅楉楎楗楛楣楤楥楦楨楩楬楰楱楲楺楻楿榀榍榒榖榘榡榥榦榨榫榭榯榷榸榺榼槅槈槑槖槗槢槥槮槯槱槳槵槾樀樁樃樏樑樕樚樝樠樤樨樰樲"],
+["8fc5a1","樴樷樻樾樿橅橆橉橊橎橐橑橒橕橖橛橤橧橪橱橳橾檁檃檆檇檉檋檑檛檝檞檟檥檫檯檰檱檴檽檾檿櫆櫉櫈櫌櫐櫔櫕櫖櫜櫝櫤櫧櫬櫰櫱櫲櫼櫽欂欃欆欇欉欏欐欑欗欛欞欤欨欫欬欯欵欶欻欿歆歊歍歒歖歘歝歠歧歫歮歰歵歽"],
+["8fc6a1","歾殂殅殗殛殟殠殢殣殨殩殬殭殮殰殸殹殽殾毃毄毉毌毖毚毡毣毦毧毮毱毷毹毿氂氄氅氉氍氎氐氒氙氟氦氧氨氬氮氳氵氶氺氻氿汊汋汍汏汒汔汙汛汜汫汭汯汴汶汸汹汻沅沆沇沉沔沕沗沘沜沟沰沲沴泂泆泍泏泐泑泒泔泖"],
+["8fc7a1","泚泜泠泧泩泫泬泮泲泴洄洇洊洎洏洑洓洚洦洧洨汧洮洯洱洹洼洿浗浞浟浡浥浧浯浰浼涂涇涑涒涔涖涗涘涪涬涴涷涹涽涿淄淈淊淎淏淖淛淝淟淠淢淥淩淯淰淴淶淼渀渄渞渢渧渲渶渹渻渼湄湅湈湉湋湏湑湒湓湔湗湜湝湞"],
+["8fc8a1","湢湣湨湳湻湽溍溓溙溠溧溭溮溱溳溻溿滀滁滃滇滈滊滍滎滏滫滭滮滹滻滽漄漈漊漌漍漖漘漚漛漦漩漪漯漰漳漶漻漼漭潏潑潒潓潗潙潚潝潞潡潢潨潬潽潾澃澇澈澋澌澍澐澒澓澔澖澚澟澠澥澦澧澨澮澯澰澵澶澼濅濇濈濊"],
+["8fc9a1","濚濞濨濩濰濵濹濼濽瀀瀅瀆瀇瀍瀗瀠瀣瀯瀴瀷瀹瀼灃灄灈灉灊灋灔灕灝灞灎灤灥灬灮灵灶灾炁炅炆炔",4,"炛炤炫炰炱炴炷烊烑烓烔烕烖烘烜烤烺焃",4,"焋焌焏焞焠焫焭焯焰焱焸煁煅煆煇煊煋煐煒煗煚煜煞煠"],
+["8fcaa1","煨煹熀熅熇熌熒熚熛熠熢熯熰熲熳熺熿燀燁燄燋燌燓燖燙燚燜燸燾爀爇爈爉爓爗爚爝爟爤爫爯爴爸爹牁牂牃牅牎牏牐牓牕牖牚牜牞牠牣牨牫牮牯牱牷牸牻牼牿犄犉犍犎犓犛犨犭犮犱犴犾狁狇狉狌狕狖狘狟狥狳狴狺狻"],
+["8fcba1","狾猂猄猅猇猋猍猒猓猘猙猞猢猤猧猨猬猱猲猵猺猻猽獃獍獐獒獖獘獝獞獟獠獦獧獩獫獬獮獯獱獷獹獼玀玁玃玅玆玎玐玓玕玗玘玜玞玟玠玢玥玦玪玫玭玵玷玹玼玽玿珅珆珉珋珌珏珒珓珖珙珝珡珣珦珧珩珴珵珷珹珺珻珽"],
+["8fcca1","珿琀琁琄琇琊琑琚琛琤琦琨",9,"琹瑀瑃瑄瑆瑇瑋瑍瑑瑒瑗瑝瑢瑦瑧瑨瑫瑭瑮瑱瑲璀璁璅璆璇璉璏璐璑璒璘璙璚璜璟璠璡璣璦璨璩璪璫璮璯璱璲璵璹璻璿瓈瓉瓌瓐瓓瓘瓚瓛瓞瓟瓤瓨瓪瓫瓯瓴瓺瓻瓼瓿甆"],
+["8fcda1","甒甖甗甠甡甤甧甩甪甯甶甹甽甾甿畀畃畇畈畎畐畒畗畞畟畡畯畱畹",5,"疁疅疐疒疓疕疙疜疢疤疴疺疿痀痁痄痆痌痎痏痗痜痟痠痡痤痧痬痮痯痱痹瘀瘂瘃瘄瘇瘈瘊瘌瘏瘒瘓瘕瘖瘙瘛瘜瘝瘞瘣瘥瘦瘩瘭瘲瘳瘵瘸瘹"],
+["8fcea1","瘺瘼癊癀癁癃癄癅癉癋癕癙癟癤癥癭癮癯癱癴皁皅皌皍皕皛皜皝皟皠皢",6,"皪皭皽盁盅盉盋盌盎盔盙盠盦盨盬盰盱盶盹盼眀眆眊眎眒眔眕眗眙眚眜眢眨眭眮眯眴眵眶眹眽眾睂睅睆睊睍睎睏睒睖睗睜睞睟睠睢"],
+["8fcfa1","睤睧睪睬睰睲睳睴睺睽瞀瞄瞌瞍瞔瞕瞖瞚瞟瞢瞧瞪瞮瞯瞱瞵瞾矃矉矑矒矕矙矞矟矠矤矦矪矬矰矱矴矸矻砅砆砉砍砎砑砝砡砢砣砭砮砰砵砷硃硄硇硈硌硎硒硜硞硠硡硣硤硨硪确硺硾碊碏碔碘碡碝碞碟碤碨碬碭碰碱碲碳"],
+["8fd0a1","碻碽碿磇磈磉磌磎磒磓磕磖磤磛磟磠磡磦磪磲磳礀磶磷磺磻磿礆礌礐礚礜礞礟礠礥礧礩礭礱礴礵礻礽礿祄祅祆祊祋祏祑祔祘祛祜祧祩祫祲祹祻祼祾禋禌禑禓禔禕禖禘禛禜禡禨禩禫禯禱禴禸离秂秄秇秈秊秏秔秖秚秝秞"],
+["8fd1a1","秠秢秥秪秫秭秱秸秼稂稃稇稉稊稌稑稕稛稞稡稧稫稭稯稰稴稵稸稹稺穄穅穇穈穌穕穖穙穜穝穟穠穥穧穪穭穵穸穾窀窂窅窆窊窋窐窑窔窞窠窣窬窳窵窹窻窼竆竉竌竎竑竛竨竩竫竬竱竴竻竽竾笇笔笟笣笧笩笪笫笭笮笯笰"],
+["8fd2a1","笱笴笽笿筀筁筇筎筕筠筤筦筩筪筭筯筲筳筷箄箉箎箐箑箖箛箞箠箥箬箯箰箲箵箶箺箻箼箽篂篅篈篊篔篖篗篙篚篛篨篪篲篴篵篸篹篺篼篾簁簂簃簄簆簉簋簌簎簏簙簛簠簥簦簨簬簱簳簴簶簹簺籆籊籕籑籒籓籙",5],
+["8fd3a1","籡籣籧籩籭籮籰籲籹籼籽粆粇粏粔粞粠粦粰粶粷粺粻粼粿糄糇糈糉糍糏糓糔糕糗糙糚糝糦糩糫糵紃紇紈紉紏紑紒紓紖紝紞紣紦紪紭紱紼紽紾絀絁絇絈絍絑絓絗絙絚絜絝絥絧絪絰絸絺絻絿綁綂綃綅綆綈綋綌綍綑綖綗綝"],
+["8fd4a1","綞綦綧綪綳綶綷綹緂",4,"緌緍緎緗緙縀緢緥緦緪緫緭緱緵緶緹緺縈縐縑縕縗縜縝縠縧縨縬縭縯縳縶縿繄繅繇繎繐繒繘繟繡繢繥繫繮繯繳繸繾纁纆纇纊纍纑纕纘纚纝纞缼缻缽缾缿罃罄罇罏罒罓罛罜罝罡罣罤罥罦罭"],
+["8fd5a1","罱罽罾罿羀羋羍羏羐羑羖羗羜羡羢羦羪羭羴羼羿翀翃翈翎翏翛翟翣翥翨翬翮翯翲翺翽翾翿耇耈耊耍耎耏耑耓耔耖耝耞耟耠耤耦耬耮耰耴耵耷耹耺耼耾聀聄聠聤聦聭聱聵肁肈肎肜肞肦肧肫肸肹胈胍胏胒胔胕胗胘胠胭胮"],
+["8fd6a1","胰胲胳胶胹胺胾脃脋脖脗脘脜脞脠脤脧脬脰脵脺脼腅腇腊腌腒腗腠腡腧腨腩腭腯腷膁膐膄膅膆膋膎膖膘膛膞膢膮膲膴膻臋臃臅臊臎臏臕臗臛臝臞臡臤臫臬臰臱臲臵臶臸臹臽臿舀舃舏舓舔舙舚舝舡舢舨舲舴舺艃艄艅艆"],
+["8fd7a1","艋艎艏艑艖艜艠艣艧艭艴艻艽艿芀芁芃芄芇芉芊芎芑芔芖芘芚芛芠芡芣芤芧芨芩芪芮芰芲芴芷芺芼芾芿苆苐苕苚苠苢苤苨苪苭苯苶苷苽苾茀茁茇茈茊茋荔茛茝茞茟茡茢茬茭茮茰茳茷茺茼茽荂荃荄荇荍荎荑荕荖荗荰荸"],
+["8fd8a1","荽荿莀莂莄莆莍莒莔莕莘莙莛莜莝莦莧莩莬莾莿菀菇菉菏菐菑菔菝荓菨菪菶菸菹菼萁萆萊萏萑萕萙莭萯萹葅葇葈葊葍葏葑葒葖葘葙葚葜葠葤葥葧葪葰葳葴葶葸葼葽蒁蒅蒒蒓蒕蒞蒦蒨蒩蒪蒯蒱蒴蒺蒽蒾蓀蓂蓇蓈蓌蓏蓓"],
+["8fd9a1","蓜蓧蓪蓯蓰蓱蓲蓷蔲蓺蓻蓽蔂蔃蔇蔌蔎蔐蔜蔞蔢蔣蔤蔥蔧蔪蔫蔯蔳蔴蔶蔿蕆蕏",4,"蕖蕙蕜",6,"蕤蕫蕯蕹蕺蕻蕽蕿薁薅薆薉薋薌薏薓薘薝薟薠薢薥薧薴薶薷薸薼薽薾薿藂藇藊藋藎薭藘藚藟藠藦藨藭藳藶藼"],
+["8fdaa1","藿蘀蘄蘅蘍蘎蘐蘑蘒蘘蘙蘛蘞蘡蘧蘩蘶蘸蘺蘼蘽虀虂虆虒虓虖虗虘虙虝虠",4,"虩虬虯虵虶虷虺蚍蚑蚖蚘蚚蚜蚡蚦蚧蚨蚭蚱蚳蚴蚵蚷蚸蚹蚿蛀蛁蛃蛅蛑蛒蛕蛗蛚蛜蛠蛣蛥蛧蚈蛺蛼蛽蜄蜅蜇蜋蜎蜏蜐蜓蜔蜙蜞蜟蜡蜣"],
+["8fdba1","蜨蜮蜯蜱蜲蜹蜺蜼蜽蜾蝀蝃蝅蝍蝘蝝蝡蝤蝥蝯蝱蝲蝻螃",6,"螋螌螐螓螕螗螘螙螞螠螣螧螬螭螮螱螵螾螿蟁蟈蟉蟊蟎蟕蟖蟙蟚蟜蟟蟢蟣蟤蟪蟫蟭蟱蟳蟸蟺蟿蠁蠃蠆蠉蠊蠋蠐蠙蠒蠓蠔蠘蠚蠛蠜蠞蠟蠨蠭蠮蠰蠲蠵"],
+["8fdca1","蠺蠼衁衃衅衈衉衊衋衎衑衕衖衘衚衜衟衠衤衩衱衹衻袀袘袚袛袜袟袠袨袪袺袽袾裀裊",4,"裑裒裓裛裞裧裯裰裱裵裷褁褆褍褎褏褕褖褘褙褚褜褠褦褧褨褰褱褲褵褹褺褾襀襂襅襆襉襏襒襗襚襛襜襡襢襣襫襮襰襳襵襺"],
+["8fdda1","襻襼襽覉覍覐覔覕覛覜覟覠覥覰覴覵覶覷覼觔",4,"觥觩觫觭觱觳觶觹觽觿訄訅訇訏訑訒訔訕訞訠訢訤訦訫訬訯訵訷訽訾詀詃詅詇詉詍詎詓詖詗詘詜詝詡詥詧詵詶詷詹詺詻詾詿誀誃誆誋誏誐誒誖誗誙誟誧誩誮誯誳"],
+["8fdea1","誶誷誻誾諃諆諈諉諊諑諓諔諕諗諝諟諬諰諴諵諶諼諿謅謆謋謑謜謞謟謊謭謰謷謼譂",4,"譈譒譓譔譙譍譞譣譭譶譸譹譼譾讁讄讅讋讍讏讔讕讜讞讟谸谹谽谾豅豇豉豋豏豑豓豔豗豘豛豝豙豣豤豦豨豩豭豳豵豶豻豾貆"],
+["8fdfa1","貇貋貐貒貓貙貛貜貤貹貺賅賆賉賋賏賖賕賙賝賡賨賬賯賰賲賵賷賸賾賿贁贃贉贒贗贛赥赩赬赮赿趂趄趈趍趐趑趕趞趟趠趦趫趬趯趲趵趷趹趻跀跅跆跇跈跊跎跑跔跕跗跙跤跥跧跬跰趼跱跲跴跽踁踄踅踆踋踑踔踖踠踡踢"],
+["8fe0a1","踣踦踧踱踳踶踷踸踹踽蹀蹁蹋蹍蹎蹏蹔蹛蹜蹝蹞蹡蹢蹩蹬蹭蹯蹰蹱蹹蹺蹻躂躃躉躐躒躕躚躛躝躞躢躧躩躭躮躳躵躺躻軀軁軃軄軇軏軑軔軜軨軮軰軱軷軹軺軭輀輂輇輈輏輐輖輗輘輞輠輡輣輥輧輨輬輭輮輴輵輶輷輺轀轁"],
+["8fe1a1","轃轇轏轑",4,"轘轝轞轥辝辠辡辤辥辦辵辶辸达迀迁迆迊迋迍运迒迓迕迠迣迤迨迮迱迵迶迻迾适逄逈逌逘逛逨逩逯逪逬逭逳逴逷逿遃遄遌遛遝遢遦遧遬遰遴遹邅邈邋邌邎邐邕邗邘邙邛邠邡邢邥邰邲邳邴邶邽郌邾郃"],
+["8fe2a1","郄郅郇郈郕郗郘郙郜郝郟郥郒郶郫郯郰郴郾郿鄀鄄鄅鄆鄈鄍鄐鄔鄖鄗鄘鄚鄜鄞鄠鄥鄢鄣鄧鄩鄮鄯鄱鄴鄶鄷鄹鄺鄼鄽酃酇酈酏酓酗酙酚酛酡酤酧酭酴酹酺酻醁醃醅醆醊醎醑醓醔醕醘醞醡醦醨醬醭醮醰醱醲醳醶醻醼醽醿"],
+["8fe3a1","釂釃釅釓釔釗釙釚釞釤釥釩釪釬",5,"釷釹釻釽鈀鈁鈄鈅鈆鈇鈉鈊鈌鈐鈒鈓鈖鈘鈜鈝鈣鈤鈥鈦鈨鈮鈯鈰鈳鈵鈶鈸鈹鈺鈼鈾鉀鉂鉃鉆鉇鉊鉍鉎鉏鉑鉘鉙鉜鉝鉠鉡鉥鉧鉨鉩鉮鉯鉰鉵",4,"鉻鉼鉽鉿銈銉銊銍銎銒銗"],
+["8fe4a1","銙銟銠銤銥銧銨銫銯銲銶銸銺銻銼銽銿",4,"鋅鋆鋇鋈鋋鋌鋍鋎鋐鋓鋕鋗鋘鋙鋜鋝鋟鋠鋡鋣鋥鋧鋨鋬鋮鋰鋹鋻鋿錀錂錈錍錑錔錕錜錝錞錟錡錤錥錧錩錪錳錴錶錷鍇鍈鍉鍐鍑鍒鍕鍗鍘鍚鍞鍤鍥鍧鍩鍪鍭鍯鍰鍱鍳鍴鍶"],
+["8fe5a1","鍺鍽鍿鎀鎁鎂鎈鎊鎋鎍鎏鎒鎕鎘鎛鎞鎡鎣鎤鎦鎨鎫鎴鎵鎶鎺鎩鏁鏄鏅鏆鏇鏉",4,"鏓鏙鏜鏞鏟鏢鏦鏧鏹鏷鏸鏺鏻鏽鐁鐂鐄鐈鐉鐍鐎鐏鐕鐖鐗鐟鐮鐯鐱鐲鐳鐴鐻鐿鐽鑃鑅鑈鑊鑌鑕鑙鑜鑟鑡鑣鑨鑫鑭鑮鑯鑱鑲钄钃镸镹"],
+["8fe6a1","镾閄閈閌閍閎閝閞閟閡閦閩閫閬閴閶閺閽閿闆闈闉闋闐闑闒闓闙闚闝闞闟闠闤闦阝阞阢阤阥阦阬阱阳阷阸阹阺阼阽陁陒陔陖陗陘陡陮陴陻陼陾陿隁隂隃隄隉隑隖隚隝隟隤隥隦隩隮隯隳隺雊雒嶲雘雚雝雞雟雩雯雱雺霂"],
+["8fe7a1","霃霅霉霚霛霝霡霢霣霨霱霳靁靃靊靎靏靕靗靘靚靛靣靧靪靮靳靶靷靸靻靽靿鞀鞉鞕鞖鞗鞙鞚鞞鞟鞢鞬鞮鞱鞲鞵鞶鞸鞹鞺鞼鞾鞿韁韄韅韇韉韊韌韍韎韐韑韔韗韘韙韝韞韠韛韡韤韯韱韴韷韸韺頇頊頙頍頎頔頖頜頞頠頣頦"],
+["8fe8a1","頫頮頯頰頲頳頵頥頾顄顇顊顑顒顓顖顗顙顚顢顣顥顦顪顬颫颭颮颰颴颷颸颺颻颿飂飅飈飌飡飣飥飦飧飪飳飶餂餇餈餑餕餖餗餚餛餜餟餢餦餧餫餱",4,"餹餺餻餼饀饁饆饇饈饍饎饔饘饙饛饜饞饟饠馛馝馟馦馰馱馲馵"],
+["8fe9a1","馹馺馽馿駃駉駓駔駙駚駜駞駧駪駫駬駰駴駵駹駽駾騂騃騄騋騌騐騑騖騞騠騢騣騤騧騭騮騳騵騶騸驇驁驄驊驋驌驎驑驔驖驝骪骬骮骯骲骴骵骶骹骻骾骿髁髃髆髈髎髐髒髕髖髗髛髜髠髤髥髧髩髬髲髳髵髹髺髽髿",4],
+["8feaa1","鬄鬅鬈鬉鬋鬌鬍鬎鬐鬒鬖鬙鬛鬜鬠鬦鬫鬭鬳鬴鬵鬷鬹鬺鬽魈魋魌魕魖魗魛魞魡魣魥魦魨魪",4,"魳魵魷魸魹魿鮀鮄鮅鮆鮇鮉鮊鮋鮍鮏鮐鮔鮚鮝鮞鮦鮧鮩鮬鮰鮱鮲鮷鮸鮻鮼鮾鮿鯁鯇鯈鯎鯐鯗鯘鯝鯟鯥鯧鯪鯫鯯鯳鯷鯸"],
+["8feba1","鯹鯺鯽鯿鰀鰂鰋鰏鰑鰖鰘鰙鰚鰜鰞鰢鰣鰦",4,"鰱鰵鰶鰷鰽鱁鱃鱄鱅鱉鱊鱎鱏鱐鱓鱔鱖鱘鱛鱝鱞鱟鱣鱩鱪鱜鱫鱨鱮鱰鱲鱵鱷鱻鳦鳲鳷鳹鴋鴂鴑鴗鴘鴜鴝鴞鴯鴰鴲鴳鴴鴺鴼鵅鴽鵂鵃鵇鵊鵓鵔鵟鵣鵢鵥鵩鵪鵫鵰鵶鵷鵻"],
+["8feca1","鵼鵾鶃鶄鶆鶊鶍鶎鶒鶓鶕鶖鶗鶘鶡鶪鶬鶮鶱鶵鶹鶼鶿鷃鷇鷉鷊鷔鷕鷖鷗鷚鷞鷟鷠鷥鷧鷩鷫鷮鷰鷳鷴鷾鸊鸂鸇鸎鸐鸑鸒鸕鸖鸙鸜鸝鹺鹻鹼麀麂麃麄麅麇麎麏麖麘麛麞麤麨麬麮麯麰麳麴麵黆黈黋黕黟黤黧黬黭黮黰黱黲黵"],
+["8feda1","黸黿鼂鼃鼉鼏鼐鼑鼒鼔鼖鼗鼙鼚鼛鼟鼢鼦鼪鼫鼯鼱鼲鼴鼷鼹鼺鼼鼽鼿齁齃",4,"齓齕齖齗齘齚齝齞齨齩齭",4,"齳齵齺齽龏龐龑龒龔龖龗龞龡龢龣龥"]
+]
diff --git a/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/gb18030-ranges.json b/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/gb18030-ranges.json
new file mode 100644
index 0000000..85c6934
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/gb18030-ranges.json
@@ -0,0 +1 @@
+{"uChars":[128,165,169,178,184,216,226,235,238,244,248,251,253,258,276,284,300,325,329,334,364,463,465,467,469,471,473,475,477,506,594,610,712,716,730,930,938,962,970,1026,1104,1106,8209,8215,8218,8222,8231,8241,8244,8246,8252,8365,8452,8454,8458,8471,8482,8556,8570,8596,8602,8713,8720,8722,8726,8731,8737,8740,8742,8748,8751,8760,8766,8777,8781,8787,8802,8808,8816,8854,8858,8870,8896,8979,9322,9372,9548,9588,9616,9622,9634,9652,9662,9672,9676,9680,9702,9735,9738,9793,9795,11906,11909,11913,11917,11928,11944,11947,11951,11956,11960,11964,11979,12284,12292,12312,12319,12330,12351,12436,12447,12535,12543,12586,12842,12850,12964,13200,13215,13218,13253,13263,13267,13270,13384,13428,13727,13839,13851,14617,14703,14801,14816,14964,15183,15471,15585,16471,16736,17208,17325,17330,17374,17623,17997,18018,18212,18218,18301,18318,18760,18811,18814,18820,18823,18844,18848,18872,19576,19620,19738,19887,40870,59244,59336,59367,59413,59417,59423,59431,59437,59443,59452,59460,59478,59493,63789,63866,63894,63976,63986,64016,64018,64021,64025,64034,64037,64042,65074,65093,65107,65112,65127,65132,65375,65510,65536],"gbChars":[0,36,38,45,50,81,89,95,96,100,103,104,105,109,126,133,148,172,175,179,208,306,307,308,309,310,311,312,313,341,428,443,544,545,558,741,742,749,750,805,819,820,7922,7924,7925,7927,7934,7943,7944,7945,7950,8062,8148,8149,8152,8164,8174,8236,8240,8262,8264,8374,8380,8381,8384,8388,8390,8392,8393,8394,8396,8401,8406,8416,8419,8424,8437,8439,8445,8482,8485,8496,8521,8603,8936,8946,9046,9050,9063,9066,9076,9092,9100,9108,9111,9113,9131,9162,9164,9218,9219,11329,11331,11334,11336,11346,11361,11363,11366,11370,11372,11375,11389,11682,11686,11687,11692,11694,11714,11716,11723,11725,11730,11736,11982,11989,12102,12336,12348,12350,12384,12393,12395,12397,12510,12553,12851,12962,12973,13738,13823,13919,13933,14080,14298,14585,14698,15583,15847,16318,16434,16438,16481,16729,17102,17122,17315,17320,17402,17418,17859,17909,17911,17915,17916,17936,17939,17961,18664,18703,18814,18962,19043,33469,33470,33471,33484,33485,33490,33497,33501,33505,33513,33520,33536,33550,37845,37921,37948,38029,38038,38064,38065,38066,38069,38075,38076,38078,39108,39109,39113,39114,39115,39116,39265,39394,189000]}
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/gbk-added.json b/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/gbk-added.json
new file mode 100644
index 0000000..8abfa9f
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/gbk-added.json
@@ -0,0 +1,55 @@
+[
+["a140","",62],
+["a180","",32],
+["a240","",62],
+["a280","",32],
+["a2ab","",5],
+["a2e3","€"],
+["a2ef",""],
+["a2fd",""],
+["a340","",62],
+["a380","",31,"　"],
+["a440","",62],
+["a480","",32],
+["a4f4","",10],
+["a540","",62],
+["a580","",32],
+["a5f7","",7],
+["a640","",62],
+["a680","",32],
+["a6b9","",7],
+["a6d9","",6],
+["a6ec",""],
+["a6f3",""],
+["a6f6","",8],
+["a740","",62],
+["a780","",32],
+["a7c2","",14],
+["a7f2","",12],
+["a896","",10],
+["a8bc",""],
+["a8bf","ǹ"],
+["a8c1",""],
+["a8ea","",20],
+["a958",""],
+["a95b",""],
+["a95d",""],
+["a989","〾⿰",11],
+["a997","",12],
+["a9f0","",14],
+["aaa1","",93],
+["aba1","",93],
+["aca1","",93],
+["ada1","",93],
+["aea1","",93],
+["afa1","",93],
+["d7fa","",4],
+["f8a1","",93],
+["f9a1","",93],
+["faa1","",93],
+["fba1","",93],
+["fca1","",93],
+["fda1","",93],
+["fe50","⺁⺄㑳㑇⺈⺋㖞㘚㘎⺌⺗㥮㤘㧏㧟㩳㧐㭎㱮㳠⺧⺪䁖䅟⺮䌷⺳⺶⺷䎱䎬⺻䏝䓖䙡䙌"],
+["fe80","䜣䜩䝼䞍⻊䥇䥺䥽䦂䦃䦅䦆䦟䦛䦷䦶䲣䲟䲠䲡䱷䲢䴓",6,"䶮",93]
+]
diff --git a/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/shiftjis.json b/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/shiftjis.json
new file mode 100644
index 0000000..5a3a43c
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/shiftjis.json
@@ -0,0 +1,125 @@
+[
+["0","\u0000",128],
+["a1","｡",62],
+["8140","　、。，．・：；？！゛゜´｀¨＾￣＿ヽヾゝゞ〃仝々〆〇ー―‐／＼～∥｜…‥‘’“”（）〔〕［］｛｝〈",9,"＋－±×"],
+["8180","÷＝≠＜＞≦≧∞∴♂♀°′″℃￥＄￠￡％＃＆＊＠§☆★○●◎◇◆□■△▲▽▼※〒→←↑↓〓"],
+["81b8","∈∋⊆⊇⊂⊃∪∩"],
+["81c8","∧∨￢⇒⇔∀∃"],
+["81da","∠⊥⌒∂∇≡≒≪≫√∽∝∵∫∬"],
+["81f0","ʼn♯♭♪†‡¶"],
+["81fc","◯"],
+["824f","０",9],
+["8260","Ａ",25],
+["8281","ａ",25],
+["829f","ぁ",82],
+["8340","ァ",62],
+["8380","ム",22],
+["839f","Α",16,"Σ",6],
+["83bf","α",16,"σ",6],
+["8440","А",5,"ЁЖ",25],
+["8470","а",5,"ёж",7],
+["8480","о",17],
+["849f","─│┌┐┘└├┬┤┴┼━┃┏┓┛┗┣┳┫┻╋┠┯┨┷┿┝┰┥┸╂"],
+["8740","①",19,"Ⅰ",9],
+["875f","㍉㌔㌢㍍㌘㌧㌃㌶㍑㍗㌍㌦㌣㌫㍊㌻㎜㎝㎞㎎㎏㏄㎡"],
+["877e","㍻"],
+["8780","〝〟№㏍℡㊤",4,"㈱㈲㈹㍾㍽㍼≒≡∫∮∑√⊥∠∟⊿∵∩∪"],
+["889f","亜唖娃阿哀愛挨姶逢葵茜穐悪握渥旭葦芦鯵梓圧斡扱宛姐虻飴絢綾鮎或粟袷安庵按暗案闇鞍杏以伊位依偉囲夷委威尉惟意慰易椅為畏異移維緯胃萎衣謂違遺医井亥域育郁磯一壱溢逸稲茨芋鰯允印咽員因姻引飲淫胤蔭"],
+["8940","院陰隠韻吋右宇烏羽迂雨卯鵜窺丑碓臼渦嘘唄欝蔚鰻姥厩浦瓜閏噂云運雲荏餌叡営嬰影映曳栄永泳洩瑛盈穎頴英衛詠鋭液疫益駅悦謁越閲榎厭円"],
+["8980","園堰奄宴延怨掩援沿演炎焔煙燕猿縁艶苑薗遠鉛鴛塩於汚甥凹央奥往応押旺横欧殴王翁襖鴬鴎黄岡沖荻億屋憶臆桶牡乙俺卸恩温穏音下化仮何伽価佳加可嘉夏嫁家寡科暇果架歌河火珂禍禾稼箇花苛茄荷華菓蝦課嘩貨迦過霞蚊俄峨我牙画臥芽蛾賀雅餓駕介会解回塊壊廻快怪悔恢懐戒拐改"],
+["8a40","魁晦械海灰界皆絵芥蟹開階貝凱劾外咳害崖慨概涯碍蓋街該鎧骸浬馨蛙垣柿蛎鈎劃嚇各廓拡撹格核殻獲確穫覚角赫較郭閣隔革学岳楽額顎掛笠樫"],
+["8a80","橿梶鰍潟割喝恰括活渇滑葛褐轄且鰹叶椛樺鞄株兜竃蒲釜鎌噛鴨栢茅萱粥刈苅瓦乾侃冠寒刊勘勧巻喚堪姦完官寛干幹患感慣憾換敢柑桓棺款歓汗漢澗潅環甘監看竿管簡緩缶翰肝艦莞観諌貫還鑑間閑関陥韓館舘丸含岸巌玩癌眼岩翫贋雁頑顔願企伎危喜器基奇嬉寄岐希幾忌揮机旗既期棋棄"],
+["8b40","機帰毅気汽畿祈季稀紀徽規記貴起軌輝飢騎鬼亀偽儀妓宜戯技擬欺犠疑祇義蟻誼議掬菊鞠吉吃喫桔橘詰砧杵黍却客脚虐逆丘久仇休及吸宮弓急救"],
+["8b80","朽求汲泣灸球究窮笈級糾給旧牛去居巨拒拠挙渠虚許距鋸漁禦魚亨享京供侠僑兇競共凶協匡卿叫喬境峡強彊怯恐恭挟教橋況狂狭矯胸脅興蕎郷鏡響饗驚仰凝尭暁業局曲極玉桐粁僅勤均巾錦斤欣欽琴禁禽筋緊芹菌衿襟謹近金吟銀九倶句区狗玖矩苦躯駆駈駒具愚虞喰空偶寓遇隅串櫛釧屑屈"],
+["8c40","掘窟沓靴轡窪熊隈粂栗繰桑鍬勲君薫訓群軍郡卦袈祁係傾刑兄啓圭珪型契形径恵慶慧憩掲携敬景桂渓畦稽系経継繋罫茎荊蛍計詣警軽頚鶏芸迎鯨"],
+["8c80","劇戟撃激隙桁傑欠決潔穴結血訣月件倹倦健兼券剣喧圏堅嫌建憲懸拳捲検権牽犬献研硯絹県肩見謙賢軒遣鍵険顕験鹸元原厳幻弦減源玄現絃舷言諺限乎個古呼固姑孤己庫弧戸故枯湖狐糊袴股胡菰虎誇跨鈷雇顧鼓五互伍午呉吾娯後御悟梧檎瑚碁語誤護醐乞鯉交佼侯候倖光公功効勾厚口向"],
+["8d40","后喉坑垢好孔孝宏工巧巷幸広庚康弘恒慌抗拘控攻昂晃更杭校梗構江洪浩港溝甲皇硬稿糠紅紘絞綱耕考肯肱腔膏航荒行衡講貢購郊酵鉱砿鋼閤降"],
+["8d80","項香高鴻剛劫号合壕拷濠豪轟麹克刻告国穀酷鵠黒獄漉腰甑忽惚骨狛込此頃今困坤墾婚恨懇昏昆根梱混痕紺艮魂些佐叉唆嵯左差査沙瑳砂詐鎖裟坐座挫債催再最哉塞妻宰彩才採栽歳済災采犀砕砦祭斎細菜裁載際剤在材罪財冴坂阪堺榊肴咲崎埼碕鷺作削咋搾昨朔柵窄策索錯桜鮭笹匙冊刷"],
+["8e40","察拶撮擦札殺薩雑皐鯖捌錆鮫皿晒三傘参山惨撒散桟燦珊産算纂蚕讃賛酸餐斬暫残仕仔伺使刺司史嗣四士始姉姿子屍市師志思指支孜斯施旨枝止"],
+["8e80","死氏獅祉私糸紙紫肢脂至視詞詩試誌諮資賜雌飼歯事似侍児字寺慈持時次滋治爾璽痔磁示而耳自蒔辞汐鹿式識鴫竺軸宍雫七叱執失嫉室悉湿漆疾質実蔀篠偲柴芝屡蕊縞舎写射捨赦斜煮社紗者謝車遮蛇邪借勺尺杓灼爵酌釈錫若寂弱惹主取守手朱殊狩珠種腫趣酒首儒受呪寿授樹綬需囚収周"],
+["8f40","宗就州修愁拾洲秀秋終繍習臭舟蒐衆襲讐蹴輯週酋酬集醜什住充十従戎柔汁渋獣縦重銃叔夙宿淑祝縮粛塾熟出術述俊峻春瞬竣舜駿准循旬楯殉淳"],
+["8f80","準潤盾純巡遵醇順処初所暑曙渚庶緒署書薯藷諸助叙女序徐恕鋤除傷償勝匠升召哨商唱嘗奨妾娼宵将小少尚庄床廠彰承抄招掌捷昇昌昭晶松梢樟樵沼消渉湘焼焦照症省硝礁祥称章笑粧紹肖菖蒋蕉衝裳訟証詔詳象賞醤鉦鍾鐘障鞘上丈丞乗冗剰城場壌嬢常情擾条杖浄状畳穣蒸譲醸錠嘱埴飾"],
+["9040","拭植殖燭織職色触食蝕辱尻伸信侵唇娠寝審心慎振新晋森榛浸深申疹真神秦紳臣芯薪親診身辛進針震人仁刃塵壬尋甚尽腎訊迅陣靭笥諏須酢図厨"],
+["9080","逗吹垂帥推水炊睡粋翠衰遂酔錐錘随瑞髄崇嵩数枢趨雛据杉椙菅頗雀裾澄摺寸世瀬畝是凄制勢姓征性成政整星晴棲栖正清牲生盛精聖声製西誠誓請逝醒青静斉税脆隻席惜戚斥昔析石積籍績脊責赤跡蹟碩切拙接摂折設窃節説雪絶舌蝉仙先千占宣専尖川戦扇撰栓栴泉浅洗染潜煎煽旋穿箭線"],
+["9140","繊羨腺舛船薦詮賎践選遷銭銑閃鮮前善漸然全禅繕膳糎噌塑岨措曾曽楚狙疏疎礎祖租粗素組蘇訴阻遡鼠僧創双叢倉喪壮奏爽宋層匝惣想捜掃挿掻"],
+["9180","操早曹巣槍槽漕燥争痩相窓糟総綜聡草荘葬蒼藻装走送遭鎗霜騒像増憎臓蔵贈造促側則即息捉束測足速俗属賊族続卒袖其揃存孫尊損村遜他多太汰詑唾堕妥惰打柁舵楕陀駄騨体堆対耐岱帯待怠態戴替泰滞胎腿苔袋貸退逮隊黛鯛代台大第醍題鷹滝瀧卓啄宅托択拓沢濯琢託鐸濁諾茸凧蛸只"],
+["9240","叩但達辰奪脱巽竪辿棚谷狸鱈樽誰丹単嘆坦担探旦歎淡湛炭短端箪綻耽胆蛋誕鍛団壇弾断暖檀段男談値知地弛恥智池痴稚置致蜘遅馳築畜竹筑蓄"],
+["9280","逐秩窒茶嫡着中仲宙忠抽昼柱注虫衷註酎鋳駐樗瀦猪苧著貯丁兆凋喋寵帖帳庁弔張彫徴懲挑暢朝潮牒町眺聴脹腸蝶調諜超跳銚長頂鳥勅捗直朕沈珍賃鎮陳津墜椎槌追鎚痛通塚栂掴槻佃漬柘辻蔦綴鍔椿潰坪壷嬬紬爪吊釣鶴亭低停偵剃貞呈堤定帝底庭廷弟悌抵挺提梯汀碇禎程締艇訂諦蹄逓"],
+["9340","邸鄭釘鼎泥摘擢敵滴的笛適鏑溺哲徹撤轍迭鉄典填天展店添纏甜貼転顛点伝殿澱田電兎吐堵塗妬屠徒斗杜渡登菟賭途都鍍砥砺努度土奴怒倒党冬"],
+["9380","凍刀唐塔塘套宕島嶋悼投搭東桃梼棟盗淘湯涛灯燈当痘祷等答筒糖統到董蕩藤討謄豆踏逃透鐙陶頭騰闘働動同堂導憧撞洞瞳童胴萄道銅峠鴇匿得徳涜特督禿篤毒独読栃橡凸突椴届鳶苫寅酉瀞噸屯惇敦沌豚遁頓呑曇鈍奈那内乍凪薙謎灘捺鍋楢馴縄畷南楠軟難汝二尼弐迩匂賑肉虹廿日乳入"],
+["9440","如尿韮任妊忍認濡禰祢寧葱猫熱年念捻撚燃粘乃廼之埜嚢悩濃納能脳膿農覗蚤巴把播覇杷波派琶破婆罵芭馬俳廃拝排敗杯盃牌背肺輩配倍培媒梅"],
+["9480","楳煤狽買売賠陪這蝿秤矧萩伯剥博拍柏泊白箔粕舶薄迫曝漠爆縛莫駁麦函箱硲箸肇筈櫨幡肌畑畠八鉢溌発醗髪伐罰抜筏閥鳩噺塙蛤隼伴判半反叛帆搬斑板氾汎版犯班畔繁般藩販範釆煩頒飯挽晩番盤磐蕃蛮匪卑否妃庇彼悲扉批披斐比泌疲皮碑秘緋罷肥被誹費避非飛樋簸備尾微枇毘琵眉美"],
+["9540","鼻柊稗匹疋髭彦膝菱肘弼必畢筆逼桧姫媛紐百謬俵彪標氷漂瓢票表評豹廟描病秒苗錨鋲蒜蛭鰭品彬斌浜瀕貧賓頻敏瓶不付埠夫婦富冨布府怖扶敷"],
+["9580","斧普浮父符腐膚芙譜負賦赴阜附侮撫武舞葡蕪部封楓風葺蕗伏副復幅服福腹複覆淵弗払沸仏物鮒分吻噴墳憤扮焚奮粉糞紛雰文聞丙併兵塀幣平弊柄並蔽閉陛米頁僻壁癖碧別瞥蔑箆偏変片篇編辺返遍便勉娩弁鞭保舗鋪圃捕歩甫補輔穂募墓慕戊暮母簿菩倣俸包呆報奉宝峰峯崩庖抱捧放方朋"],
+["9640","法泡烹砲縫胞芳萌蓬蜂褒訪豊邦鋒飽鳳鵬乏亡傍剖坊妨帽忘忙房暴望某棒冒紡肪膨謀貌貿鉾防吠頬北僕卜墨撲朴牧睦穆釦勃没殆堀幌奔本翻凡盆"],
+["9680","摩磨魔麻埋妹昧枚毎哩槙幕膜枕鮪柾鱒桝亦俣又抹末沫迄侭繭麿万慢満漫蔓味未魅巳箕岬密蜜湊蓑稔脈妙粍民眠務夢無牟矛霧鵡椋婿娘冥名命明盟迷銘鳴姪牝滅免棉綿緬面麺摸模茂妄孟毛猛盲網耗蒙儲木黙目杢勿餅尤戻籾貰問悶紋門匁也冶夜爺耶野弥矢厄役約薬訳躍靖柳薮鑓愉愈油癒"],
+["9740","諭輸唯佑優勇友宥幽悠憂揖有柚湧涌猶猷由祐裕誘遊邑郵雄融夕予余与誉輿預傭幼妖容庸揚揺擁曜楊様洋溶熔用窯羊耀葉蓉要謡踊遥陽養慾抑欲"],
+["9780","沃浴翌翼淀羅螺裸来莱頼雷洛絡落酪乱卵嵐欄濫藍蘭覧利吏履李梨理璃痢裏裡里離陸律率立葎掠略劉流溜琉留硫粒隆竜龍侶慮旅虜了亮僚両凌寮料梁涼猟療瞭稜糧良諒遼量陵領力緑倫厘林淋燐琳臨輪隣鱗麟瑠塁涙累類令伶例冷励嶺怜玲礼苓鈴隷零霊麗齢暦歴列劣烈裂廉恋憐漣煉簾練聯"],
+["9840","蓮連錬呂魯櫓炉賂路露労婁廊弄朗楼榔浪漏牢狼篭老聾蝋郎六麓禄肋録論倭和話歪賄脇惑枠鷲亙亘鰐詫藁蕨椀湾碗腕"],
+["989f","弌丐丕个丱丶丼丿乂乖乘亂亅豫亊舒弍于亞亟亠亢亰亳亶从仍仄仆仂仗仞仭仟价伉佚估佛佝佗佇佶侈侏侘佻佩佰侑佯來侖儘俔俟俎俘俛俑俚俐俤俥倚倨倔倪倥倅伜俶倡倩倬俾俯們倆偃假會偕偐偈做偖偬偸傀傚傅傴傲"],
+["9940","僉僊傳僂僖僞僥僭僣僮價僵儉儁儂儖儕儔儚儡儺儷儼儻儿兀兒兌兔兢竸兩兪兮冀冂囘册冉冏冑冓冕冖冤冦冢冩冪冫决冱冲冰况冽凅凉凛几處凩凭"],
+["9980","凰凵凾刄刋刔刎刧刪刮刳刹剏剄剋剌剞剔剪剴剩剳剿剽劍劔劒剱劈劑辨辧劬劭劼劵勁勍勗勞勣勦飭勠勳勵勸勹匆匈甸匍匐匏匕匚匣匯匱匳匸區卆卅丗卉卍凖卞卩卮夘卻卷厂厖厠厦厥厮厰厶參簒雙叟曼燮叮叨叭叺吁吽呀听吭吼吮吶吩吝呎咏呵咎呟呱呷呰咒呻咀呶咄咐咆哇咢咸咥咬哄哈咨"],
+["9a40","咫哂咤咾咼哘哥哦唏唔哽哮哭哺哢唹啀啣啌售啜啅啖啗唸唳啝喙喀咯喊喟啻啾喘喞單啼喃喩喇喨嗚嗅嗟嗄嗜嗤嗔嘔嗷嘖嗾嗽嘛嗹噎噐營嘴嘶嘲嘸"],
+["9a80","噫噤嘯噬噪嚆嚀嚊嚠嚔嚏嚥嚮嚶嚴囂嚼囁囃囀囈囎囑囓囗囮囹圀囿圄圉圈國圍圓團圖嗇圜圦圷圸坎圻址坏坩埀垈坡坿垉垓垠垳垤垪垰埃埆埔埒埓堊埖埣堋堙堝塲堡塢塋塰毀塒堽塹墅墹墟墫墺壞墻墸墮壅壓壑壗壙壘壥壜壤壟壯壺壹壻壼壽夂夊夐夛梦夥夬夭夲夸夾竒奕奐奎奚奘奢奠奧奬奩"],
+["9b40","奸妁妝佞侫妣妲姆姨姜妍姙姚娥娟娑娜娉娚婀婬婉娵娶婢婪媚媼媾嫋嫂媽嫣嫗嫦嫩嫖嫺嫻嬌嬋嬖嬲嫐嬪嬶嬾孃孅孀孑孕孚孛孥孩孰孳孵學斈孺宀"],
+["9b80","它宦宸寃寇寉寔寐寤實寢寞寥寫寰寶寳尅將專對尓尠尢尨尸尹屁屆屎屓屐屏孱屬屮乢屶屹岌岑岔妛岫岻岶岼岷峅岾峇峙峩峽峺峭嶌峪崋崕崗嵜崟崛崑崔崢崚崙崘嵌嵒嵎嵋嵬嵳嵶嶇嶄嶂嶢嶝嶬嶮嶽嶐嶷嶼巉巍巓巒巖巛巫已巵帋帚帙帑帛帶帷幄幃幀幎幗幔幟幢幤幇幵并幺麼广庠廁廂廈廐廏"],
+["9c40","廖廣廝廚廛廢廡廨廩廬廱廳廰廴廸廾弃弉彝彜弋弑弖弩弭弸彁彈彌彎弯彑彖彗彙彡彭彳彷徃徂彿徊很徑徇從徙徘徠徨徭徼忖忻忤忸忱忝悳忿怡恠"],
+["9c80","怙怐怩怎怱怛怕怫怦怏怺恚恁恪恷恟恊恆恍恣恃恤恂恬恫恙悁悍惧悃悚悄悛悖悗悒悧悋惡悸惠惓悴忰悽惆悵惘慍愕愆惶惷愀惴惺愃愡惻惱愍愎慇愾愨愧慊愿愼愬愴愽慂慄慳慷慘慙慚慫慴慯慥慱慟慝慓慵憙憖憇憬憔憚憊憑憫憮懌懊應懷懈懃懆憺懋罹懍懦懣懶懺懴懿懽懼懾戀戈戉戍戌戔戛"],
+["9d40","戞戡截戮戰戲戳扁扎扞扣扛扠扨扼抂抉找抒抓抖拔抃抔拗拑抻拏拿拆擔拈拜拌拊拂拇抛拉挌拮拱挧挂挈拯拵捐挾捍搜捏掖掎掀掫捶掣掏掉掟掵捫"],
+["9d80","捩掾揩揀揆揣揉插揶揄搖搴搆搓搦搶攝搗搨搏摧摯摶摎攪撕撓撥撩撈撼據擒擅擇撻擘擂擱擧舉擠擡抬擣擯攬擶擴擲擺攀擽攘攜攅攤攣攫攴攵攷收攸畋效敖敕敍敘敞敝敲數斂斃變斛斟斫斷旃旆旁旄旌旒旛旙无旡旱杲昊昃旻杳昵昶昴昜晏晄晉晁晞晝晤晧晨晟晢晰暃暈暎暉暄暘暝曁暹曉暾暼"],
+["9e40","曄暸曖曚曠昿曦曩曰曵曷朏朖朞朦朧霸朮朿朶杁朸朷杆杞杠杙杣杤枉杰枩杼杪枌枋枦枡枅枷柯枴柬枳柩枸柤柞柝柢柮枹柎柆柧檜栞框栩桀桍栲桎"],
+["9e80","梳栫桙档桷桿梟梏梭梔條梛梃檮梹桴梵梠梺椏梍桾椁棊椈棘椢椦棡椌棍棔棧棕椶椒椄棗棣椥棹棠棯椨椪椚椣椡棆楹楷楜楸楫楔楾楮椹楴椽楙椰楡楞楝榁楪榲榮槐榿槁槓榾槎寨槊槝榻槃榧樮榑榠榜榕榴槞槨樂樛槿權槹槲槧樅榱樞槭樔槫樊樒櫁樣樓橄樌橲樶橸橇橢橙橦橈樸樢檐檍檠檄檢檣"],
+["9f40","檗蘗檻櫃櫂檸檳檬櫞櫑櫟檪櫚櫪櫻欅蘖櫺欒欖鬱欟欸欷盜欹飮歇歃歉歐歙歔歛歟歡歸歹歿殀殄殃殍殘殕殞殤殪殫殯殲殱殳殷殼毆毋毓毟毬毫毳毯"],
+["9f80","麾氈氓气氛氤氣汞汕汢汪沂沍沚沁沛汾汨汳沒沐泄泱泓沽泗泅泝沮沱沾沺泛泯泙泪洟衍洶洫洽洸洙洵洳洒洌浣涓浤浚浹浙涎涕濤涅淹渕渊涵淇淦涸淆淬淞淌淨淒淅淺淙淤淕淪淮渭湮渮渙湲湟渾渣湫渫湶湍渟湃渺湎渤滿渝游溂溪溘滉溷滓溽溯滄溲滔滕溏溥滂溟潁漑灌滬滸滾漿滲漱滯漲滌"],
+["e040","漾漓滷澆潺潸澁澀潯潛濳潭澂潼潘澎澑濂潦澳澣澡澤澹濆澪濟濕濬濔濘濱濮濛瀉瀋濺瀑瀁瀏濾瀛瀚潴瀝瀘瀟瀰瀾瀲灑灣炙炒炯烱炬炸炳炮烟烋烝"],
+["e080","烙焉烽焜焙煥煕熈煦煢煌煖煬熏燻熄熕熨熬燗熹熾燒燉燔燎燠燬燧燵燼燹燿爍爐爛爨爭爬爰爲爻爼爿牀牆牋牘牴牾犂犁犇犒犖犢犧犹犲狃狆狄狎狒狢狠狡狹狷倏猗猊猜猖猝猴猯猩猥猾獎獏默獗獪獨獰獸獵獻獺珈玳珎玻珀珥珮珞璢琅瑯琥珸琲琺瑕琿瑟瑙瑁瑜瑩瑰瑣瑪瑶瑾璋璞璧瓊瓏瓔珱"],
+["e140","瓠瓣瓧瓩瓮瓲瓰瓱瓸瓷甄甃甅甌甎甍甕甓甞甦甬甼畄畍畊畉畛畆畚畩畤畧畫畭畸當疆疇畴疊疉疂疔疚疝疥疣痂疳痃疵疽疸疼疱痍痊痒痙痣痞痾痿"],
+["e180","痼瘁痰痺痲痳瘋瘍瘉瘟瘧瘠瘡瘢瘤瘴瘰瘻癇癈癆癜癘癡癢癨癩癪癧癬癰癲癶癸發皀皃皈皋皎皖皓皙皚皰皴皸皹皺盂盍盖盒盞盡盥盧盪蘯盻眈眇眄眩眤眞眥眦眛眷眸睇睚睨睫睛睥睿睾睹瞎瞋瞑瞠瞞瞰瞶瞹瞿瞼瞽瞻矇矍矗矚矜矣矮矼砌砒礦砠礪硅碎硴碆硼碚碌碣碵碪碯磑磆磋磔碾碼磅磊磬"],
+["e240","磧磚磽磴礇礒礑礙礬礫祀祠祗祟祚祕祓祺祿禊禝禧齋禪禮禳禹禺秉秕秧秬秡秣稈稍稘稙稠稟禀稱稻稾稷穃穗穉穡穢穩龝穰穹穽窈窗窕窘窖窩竈窰"],
+["e280","窶竅竄窿邃竇竊竍竏竕竓站竚竝竡竢竦竭竰笂笏笊笆笳笘笙笞笵笨笶筐筺笄筍笋筌筅筵筥筴筧筰筱筬筮箝箘箟箍箜箚箋箒箏筝箙篋篁篌篏箴篆篝篩簑簔篦篥籠簀簇簓篳篷簗簍篶簣簧簪簟簷簫簽籌籃籔籏籀籐籘籟籤籖籥籬籵粃粐粤粭粢粫粡粨粳粲粱粮粹粽糀糅糂糘糒糜糢鬻糯糲糴糶糺紆"],
+["e340","紂紜紕紊絅絋紮紲紿紵絆絳絖絎絲絨絮絏絣經綉絛綏絽綛綺綮綣綵緇綽綫總綢綯緜綸綟綰緘緝緤緞緻緲緡縅縊縣縡縒縱縟縉縋縢繆繦縻縵縹繃縷"],
+["e380","縲縺繧繝繖繞繙繚繹繪繩繼繻纃緕繽辮繿纈纉續纒纐纓纔纖纎纛纜缸缺罅罌罍罎罐网罕罔罘罟罠罨罩罧罸羂羆羃羈羇羌羔羞羝羚羣羯羲羹羮羶羸譱翅翆翊翕翔翡翦翩翳翹飜耆耄耋耒耘耙耜耡耨耿耻聊聆聒聘聚聟聢聨聳聲聰聶聹聽聿肄肆肅肛肓肚肭冐肬胛胥胙胝胄胚胖脉胯胱脛脩脣脯腋"],
+["e440","隋腆脾腓腑胼腱腮腥腦腴膃膈膊膀膂膠膕膤膣腟膓膩膰膵膾膸膽臀臂膺臉臍臑臙臘臈臚臟臠臧臺臻臾舁舂舅與舊舍舐舖舩舫舸舳艀艙艘艝艚艟艤"],
+["e480","艢艨艪艫舮艱艷艸艾芍芒芫芟芻芬苡苣苟苒苴苳苺莓范苻苹苞茆苜茉苙茵茴茖茲茱荀茹荐荅茯茫茗茘莅莚莪莟莢莖茣莎莇莊荼莵荳荵莠莉莨菴萓菫菎菽萃菘萋菁菷萇菠菲萍萢萠莽萸蔆菻葭萪萼蕚蒄葷葫蒭葮蒂葩葆萬葯葹萵蓊葢蒹蒿蒟蓙蓍蒻蓚蓐蓁蓆蓖蒡蔡蓿蓴蔗蔘蔬蔟蔕蔔蓼蕀蕣蕘蕈"],
+["e540","蕁蘂蕋蕕薀薤薈薑薊薨蕭薔薛藪薇薜蕷蕾薐藉薺藏薹藐藕藝藥藜藹蘊蘓蘋藾藺蘆蘢蘚蘰蘿虍乕虔號虧虱蚓蚣蚩蚪蚋蚌蚶蚯蛄蛆蚰蛉蠣蚫蛔蛞蛩蛬"],
+["e580","蛟蛛蛯蜒蜆蜈蜀蜃蛻蜑蜉蜍蛹蜊蜴蜿蜷蜻蜥蜩蜚蝠蝟蝸蝌蝎蝴蝗蝨蝮蝙蝓蝣蝪蠅螢螟螂螯蟋螽蟀蟐雖螫蟄螳蟇蟆螻蟯蟲蟠蠏蠍蟾蟶蟷蠎蟒蠑蠖蠕蠢蠡蠱蠶蠹蠧蠻衄衂衒衙衞衢衫袁衾袞衵衽袵衲袂袗袒袮袙袢袍袤袰袿袱裃裄裔裘裙裝裹褂裼裴裨裲褄褌褊褓襃褞褥褪褫襁襄褻褶褸襌褝襠襞"],
+["e640","襦襤襭襪襯襴襷襾覃覈覊覓覘覡覩覦覬覯覲覺覽覿觀觚觜觝觧觴觸訃訖訐訌訛訝訥訶詁詛詒詆詈詼詭詬詢誅誂誄誨誡誑誥誦誚誣諄諍諂諚諫諳諧"],
+["e680","諤諱謔諠諢諷諞諛謌謇謚諡謖謐謗謠謳鞫謦謫謾謨譁譌譏譎證譖譛譚譫譟譬譯譴譽讀讌讎讒讓讖讙讚谺豁谿豈豌豎豐豕豢豬豸豺貂貉貅貊貍貎貔豼貘戝貭貪貽貲貳貮貶賈賁賤賣賚賽賺賻贄贅贊贇贏贍贐齎贓賍贔贖赧赭赱赳趁趙跂趾趺跏跚跖跌跛跋跪跫跟跣跼踈踉跿踝踞踐踟蹂踵踰踴蹊"],
+["e740","蹇蹉蹌蹐蹈蹙蹤蹠踪蹣蹕蹶蹲蹼躁躇躅躄躋躊躓躑躔躙躪躡躬躰軆躱躾軅軈軋軛軣軼軻軫軾輊輅輕輒輙輓輜輟輛輌輦輳輻輹轅轂輾轌轉轆轎轗轜"],
+["e780","轢轣轤辜辟辣辭辯辷迚迥迢迪迯邇迴逅迹迺逑逕逡逍逞逖逋逧逶逵逹迸遏遐遑遒逎遉逾遖遘遞遨遯遶隨遲邂遽邁邀邊邉邏邨邯邱邵郢郤扈郛鄂鄒鄙鄲鄰酊酖酘酣酥酩酳酲醋醉醂醢醫醯醪醵醴醺釀釁釉釋釐釖釟釡釛釼釵釶鈞釿鈔鈬鈕鈑鉞鉗鉅鉉鉤鉈銕鈿鉋鉐銜銖銓銛鉚鋏銹銷鋩錏鋺鍄錮"],
+["e840","錙錢錚錣錺錵錻鍜鍠鍼鍮鍖鎰鎬鎭鎔鎹鏖鏗鏨鏥鏘鏃鏝鏐鏈鏤鐚鐔鐓鐃鐇鐐鐶鐫鐵鐡鐺鑁鑒鑄鑛鑠鑢鑞鑪鈩鑰鑵鑷鑽鑚鑼鑾钁鑿閂閇閊閔閖閘閙"],
+["e880","閠閨閧閭閼閻閹閾闊濶闃闍闌闕闔闖關闡闥闢阡阨阮阯陂陌陏陋陷陜陞陝陟陦陲陬隍隘隕隗險隧隱隲隰隴隶隸隹雎雋雉雍襍雜霍雕雹霄霆霈霓霎霑霏霖霙霤霪霰霹霽霾靄靆靈靂靉靜靠靤靦靨勒靫靱靹鞅靼鞁靺鞆鞋鞏鞐鞜鞨鞦鞣鞳鞴韃韆韈韋韜韭齏韲竟韶韵頏頌頸頤頡頷頽顆顏顋顫顯顰"],
+["e940","顱顴顳颪颯颱颶飄飃飆飩飫餃餉餒餔餘餡餝餞餤餠餬餮餽餾饂饉饅饐饋饑饒饌饕馗馘馥馭馮馼駟駛駝駘駑駭駮駱駲駻駸騁騏騅駢騙騫騷驅驂驀驃"],
+["e980","騾驕驍驛驗驟驢驥驤驩驫驪骭骰骼髀髏髑髓體髞髟髢髣髦髯髫髮髴髱髷髻鬆鬘鬚鬟鬢鬣鬥鬧鬨鬩鬪鬮鬯鬲魄魃魏魍魎魑魘魴鮓鮃鮑鮖鮗鮟鮠鮨鮴鯀鯊鮹鯆鯏鯑鯒鯣鯢鯤鯔鯡鰺鯲鯱鯰鰕鰔鰉鰓鰌鰆鰈鰒鰊鰄鰮鰛鰥鰤鰡鰰鱇鰲鱆鰾鱚鱠鱧鱶鱸鳧鳬鳰鴉鴈鳫鴃鴆鴪鴦鶯鴣鴟鵄鴕鴒鵁鴿鴾鵆鵈"],
+["ea40","鵝鵞鵤鵑鵐鵙鵲鶉鶇鶫鵯鵺鶚鶤鶩鶲鷄鷁鶻鶸鶺鷆鷏鷂鷙鷓鷸鷦鷭鷯鷽鸚鸛鸞鹵鹹鹽麁麈麋麌麒麕麑麝麥麩麸麪麭靡黌黎黏黐黔黜點黝黠黥黨黯"],
+["ea80","黴黶黷黹黻黼黽鼇鼈皷鼕鼡鼬鼾齊齒齔齣齟齠齡齦齧齬齪齷齲齶龕龜龠堯槇遙瑤凜熙"],
+["ed40","纊褜鍈銈蓜俉炻昱棈鋹曻彅丨仡仼伀伃伹佖侒侊侚侔俍偀倢俿倞偆偰偂傔僴僘兊兤冝冾凬刕劜劦勀勛匀匇匤卲厓厲叝﨎咜咊咩哿喆坙坥垬埈埇﨏"],
+["ed80","塚增墲夋奓奛奝奣妤妺孖寀甯寘寬尞岦岺峵崧嵓﨑嵂嵭嶸嶹巐弡弴彧德忞恝悅悊惞惕愠惲愑愷愰憘戓抦揵摠撝擎敎昀昕昻昉昮昞昤晥晗晙晴晳暙暠暲暿曺朎朗杦枻桒柀栁桄棏﨓楨﨔榘槢樰橫橆橳橾櫢櫤毖氿汜沆汯泚洄涇浯涖涬淏淸淲淼渹湜渧渼溿澈澵濵瀅瀇瀨炅炫焏焄煜煆煇凞燁燾犱"],
+["ee40","犾猤猪獷玽珉珖珣珒琇珵琦琪琩琮瑢璉璟甁畯皂皜皞皛皦益睆劯砡硎硤硺礰礼神祥禔福禛竑竧靖竫箞精絈絜綷綠緖繒罇羡羽茁荢荿菇菶葈蒴蕓蕙"],
+["ee80","蕫﨟薰蘒﨡蠇裵訒訷詹誧誾諟諸諶譓譿賰賴贒赶﨣軏﨤逸遧郞都鄕鄧釚釗釞釭釮釤釥鈆鈐鈊鈺鉀鈼鉎鉙鉑鈹鉧銧鉷鉸鋧鋗鋙鋐﨧鋕鋠鋓錥錡鋻﨨錞鋿錝錂鍰鍗鎤鏆鏞鏸鐱鑅鑈閒隆﨩隝隯霳霻靃靍靏靑靕顗顥飯飼餧館馞驎髙髜魵魲鮏鮱鮻鰀鵰鵫鶴鸙黑"],
+["eeef","ⅰ",9,"￢￤＇＂"],
+["f040","",62],
+["f080","",124],
+["f140","",62],
+["f180","",124],
+["f240","",62],
+["f280","",124],
+["f340","",62],
+["f380","",124],
+["f440","",62],
+["f480","",124],
+["f540","",62],
+["f580","",124],
+["f640","",62],
+["f680","",124],
+["f740","",62],
+["f780","",124],
+["f840","",62],
+["f880","",124],
+["f940",""],
+["fa40","ⅰ",9,"Ⅰ",9,"￢￤＇＂㈱№℡∵纊褜鍈銈蓜俉炻昱棈鋹曻彅丨仡仼伀伃伹佖侒侊侚侔俍偀倢俿倞偆偰偂傔僴僘兊"],
+["fa80","兤冝冾凬刕劜劦勀勛匀匇匤卲厓厲叝﨎咜咊咩哿喆坙坥垬埈埇﨏塚增墲夋奓奛奝奣妤妺孖寀甯寘寬尞岦岺峵崧嵓﨑嵂嵭嶸嶹巐弡弴彧德忞恝悅悊惞惕愠惲愑愷愰憘戓抦揵摠撝擎敎昀昕昻昉昮昞昤晥晗晙晴晳暙暠暲暿曺朎朗杦枻桒柀栁桄棏﨓楨﨔榘槢樰橫橆橳橾櫢櫤毖氿汜沆汯泚洄涇浯"],
+["fb40","涖涬淏淸淲淼渹湜渧渼溿澈澵濵瀅瀇瀨炅炫焏焄煜煆煇凞燁燾犱犾猤猪獷玽珉珖珣珒琇珵琦琪琩琮瑢璉璟甁畯皂皜皞皛皦益睆劯砡硎硤硺礰礼神"],
+["fb80","祥禔福禛竑竧靖竫箞精絈絜綷綠緖繒罇羡羽茁荢荿菇菶葈蒴蕓蕙蕫﨟薰蘒﨡蠇裵訒訷詹誧誾諟諸諶譓譿賰賴贒赶﨣軏﨤逸遧郞都鄕鄧釚釗釞釭釮釤釥鈆鈐鈊鈺鉀鈼鉎鉙鉑鈹鉧銧鉷鉸鋧鋗鋙鋐﨧鋕鋠鋓錥錡鋻﨨錞鋿錝錂鍰鍗鎤鏆鏞鏸鐱鑅鑈閒隆﨩隝隯霳霻靃靍靏靑靕顗顥飯飼餧館馞驎髙"],
+["fc40","髜魵魲鮏鮱鮻鰀鵰鵫鶴鸙黑"]
+]
diff --git a/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/utf16.js b/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/utf16.js
new file mode 100644
index 0000000..54765ae
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/utf16.js
@@ -0,0 +1,177 @@
+"use strict";
+var Buffer = require("safer-buffer").Buffer;
+
+// Note: UTF16-LE (or UCS2) codec is Node.js native. See encodings/internal.js
+
+// == UTF16-BE codec. ==========================================================
+
+exports.utf16be = Utf16BECodec;
+function Utf16BECodec() {
+}
+
+Utf16BECodec.prototype.encoder = Utf16BEEncoder;
+Utf16BECodec.prototype.decoder = Utf16BEDecoder;
+Utf16BECodec.prototype.bomAware = true;
+
+
+// -- Encoding
+
+function Utf16BEEncoder() {
+}
+
+Utf16BEEncoder.prototype.write = function(str) {
+    var buf = Buffer.from(str, 'ucs2');
+    for (var i = 0; i < buf.length; i += 2) {
+        var tmp = buf[i]; buf[i] = buf[i+1]; buf[i+1] = tmp;
+    }
+    return buf;
+}
+
+Utf16BEEncoder.prototype.end = function() {
+}
+
+
+// -- Decoding
+
+function Utf16BEDecoder() {
+    this.overflowByte = -1;
+}
+
+Utf16BEDecoder.prototype.write = function(buf) {
+    if (buf.length == 0)
+        return '';
+
+    var buf2 = Buffer.alloc(buf.length + 1),
+        i = 0, j = 0;
+
+    if (this.overflowByte !== -1) {
+        buf2[0] = buf[0];
+        buf2[1] = this.overflowByte;
+        i = 1; j = 2;
+    }
+
+    for (; i < buf.length-1; i += 2, j+= 2) {
+        buf2[j] = buf[i+1];
+        buf2[j+1] = buf[i];
+    }
+
+    this.overflowByte = (i == buf.length-1) ? buf[buf.length-1] : -1;
+
+    return buf2.slice(0, j).toString('ucs2');
+}
+
+Utf16BEDecoder.prototype.end = function() {
+}
+
+
+// == UTF-16 codec =============================================================
+// Decoder chooses automatically from UTF-16LE and UTF-16BE using BOM and space-based heuristic.
+// Defaults to UTF-16LE, as it's prevalent and default in Node.
+// http://en.wikipedia.org/wiki/UTF-16 and http://encoding.spec.whatwg.org/#utf-16le
+// Decoder default can be changed: iconv.decode(buf, 'utf16', {defaultEncoding: 'utf-16be'});
+
+// Encoder uses UTF-16LE and prepends BOM (which can be overridden with addBOM: false).
+
+exports.utf16 = Utf16Codec;
+function Utf16Codec(codecOptions, iconv) {
+    this.iconv = iconv;
+}
+
+Utf16Codec.prototype.encoder = Utf16Encoder;
+Utf16Codec.prototype.decoder = Utf16Decoder;
+
+
+// -- Encoding (pass-through)
+
+function Utf16Encoder(options, codec) {
+    options = options || {};
+    if (options.addBOM === undefined)
+        options.addBOM = true;
+    this.encoder = codec.iconv.getEncoder('utf-16le', options);
+}
+
+Utf16Encoder.prototype.write = function(str) {
+    return this.encoder.write(str);
+}
+
+Utf16Encoder.prototype.end = function() {
+    return this.encoder.end();
+}
+
+
+// -- Decoding
+
+function Utf16Decoder(options, codec) {
+    this.decoder = null;
+    this.initialBytes = [];
+    this.initialBytesLen = 0;
+
+    this.options = options || {};
+    this.iconv = codec.iconv;
+}
+
+Utf16Decoder.prototype.write = function(buf) {
+    if (!this.decoder) {
+        // Codec is not chosen yet. Accumulate initial bytes.
+        this.initialBytes.push(buf);
+        this.initialBytesLen += buf.length;
+        
+        if (this.initialBytesLen < 16) // We need more bytes to use space heuristic (see below)
+            return '';
+
+        // We have enough bytes -> detect endianness.
+        var buf = Buffer.concat(this.initialBytes),
+            encoding = detectEncoding(buf, this.options.defaultEncoding);
+        this.decoder = this.iconv.getDecoder(encoding, this.options);
+        this.initialBytes.length = this.initialBytesLen = 0;
+    }
+
+    return this.decoder.write(buf);
+}
+
+Utf16Decoder.prototype.end = function() {
+    if (!this.decoder) {
+        var buf = Buffer.concat(this.initialBytes),
+            encoding = detectEncoding(buf, this.options.defaultEncoding);
+        this.decoder = this.iconv.getDecoder(encoding, this.options);
+
+        var res = this.decoder.write(buf),
+            trail = this.decoder.end();
+
+        return trail ? (res + trail) : res;
+    }
+    return this.decoder.end();
+}
+
+function detectEncoding(buf, defaultEncoding) {
+    var enc = defaultEncoding || 'utf-16le';
+
+    if (buf.length >= 2) {
+        // Check BOM.
+        if (buf[0] == 0xFE && buf[1] == 0xFF) // UTF-16BE BOM
+            enc = 'utf-16be';
+        else if (buf[0] == 0xFF && buf[1] == 0xFE) // UTF-16LE BOM
+            enc = 'utf-16le';
+        else {
+            // No BOM found. Try to deduce encoding from initial content.
+            // Most of the time, the content has ASCII chars (U+00**), but the opposite (U+**00) is uncommon.
+            // So, we count ASCII as if it was LE or BE, and decide from that.
+            var asciiCharsLE = 0, asciiCharsBE = 0, // Counts of chars in both positions
+                _len = Math.min(buf.length - (buf.length % 2), 64); // Len is always even.
+
+            for (var i = 0; i < _len; i += 2) {
+                if (buf[i] === 0 && buf[i+1] !== 0) asciiCharsBE++;
+                if (buf[i] !== 0 && buf[i+1] === 0) asciiCharsLE++;
+            }
+
+            if (asciiCharsBE > asciiCharsLE)
+                enc = 'utf-16be';
+            else if (asciiCharsBE < asciiCharsLE)
+                enc = 'utf-16le';
+        }
+    }
+
+    return enc;
+}
+
+
diff --git a/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/utf7.js b/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/utf7.js
new file mode 100644
index 0000000..b7631c2
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/utf7.js
@@ -0,0 +1,290 @@
+"use strict";
+var Buffer = require("safer-buffer").Buffer;
+
+// UTF-7 codec, according to https://tools.ietf.org/html/rfc2152
+// See also below a UTF-7-IMAP codec, according to http://tools.ietf.org/html/rfc3501#section-5.1.3
+
+exports.utf7 = Utf7Codec;
+exports.unicode11utf7 = 'utf7'; // Alias UNICODE-1-1-UTF-7
+function Utf7Codec(codecOptions, iconv) {
+    this.iconv = iconv;
+};
+
+Utf7Codec.prototype.encoder = Utf7Encoder;
+Utf7Codec.prototype.decoder = Utf7Decoder;
+Utf7Codec.prototype.bomAware = true;
+
+
+// -- Encoding
+
+var nonDirectChars = /[^A-Za-z0-9'\(\),-\.\/:\? \n\r\t]+/g;
+
+function Utf7Encoder(options, codec) {
+    this.iconv = codec.iconv;
+}
+
+Utf7Encoder.prototype.write = function(str) {
+    // Naive implementation.
+    // Non-direct chars are encoded as "+<base64>-"; single "+" char is encoded as "+-".
+    return Buffer.from(str.replace(nonDirectChars, function(chunk) {
+        return "+" + (chunk === '+' ? '' : 
+            this.iconv.encode(chunk, 'utf16-be').toString('base64').replace(/=+$/, '')) 
+            + "-";
+    }.bind(this)));
+}
+
+Utf7Encoder.prototype.end = function() {
+}
+
+
+// -- Decoding
+
+function Utf7Decoder(options, codec) {
+    this.iconv = codec.iconv;
+    this.inBase64 = false;
+    this.base64Accum = '';
+}
+
+var base64Regex = /[A-Za-z0-9\/+]/;
+var base64Chars = [];
+for (var i = 0; i < 256; i++)
+    base64Chars[i] = base64Regex.test(String.fromCharCode(i));
+
+var plusChar = '+'.charCodeAt(0), 
+    minusChar = '-'.charCodeAt(0),
+    andChar = '&'.charCodeAt(0);
+
+Utf7Decoder.prototype.write = function(buf) {
+    var res = "", lastI = 0,
+        inBase64 = this.inBase64,
+        base64Accum = this.base64Accum;
+
+    // The decoder is more involved as we must handle chunks in stream.
+
+    for (var i = 0; i < buf.length; i++) {
+        if (!inBase64) { // We're in direct mode.
+            // Write direct chars until '+'
+            if (buf[i] == plusChar) {
+                res += this.iconv.decode(buf.slice(lastI, i), "ascii"); // Write direct chars.
+                lastI = i+1;
+                inBase64 = true;
+            }
+        } else { // We decode base64.
+            if (!base64Chars[buf[i]]) { // Base64 ended.
+                if (i == lastI && buf[i] == minusChar) {// "+-" -> "+"
+                    res += "+";
+                } else {
+                    var b64str = base64Accum + buf.slice(lastI, i).toString();
+                    res += this.iconv.decode(Buffer.from(b64str, 'base64'), "utf16-be");
+                }
+
+                if (buf[i] != minusChar) // Minus is absorbed after base64.
+                    i--;
+
+                lastI = i+1;
+                inBase64 = false;
+                base64Accum = '';
+            }
+        }
+    }
+
+    if (!inBase64) {
+        res += this.iconv.decode(buf.slice(lastI), "ascii"); // Write direct chars.
+    } else {
+        var b64str = base64Accum + buf.slice(lastI).toString();
+
+        var canBeDecoded = b64str.length - (b64str.length % 8); // Minimal chunk: 2 quads -> 2x3 bytes -> 3 chars.
+        base64Accum = b64str.slice(canBeDecoded); // The rest will be decoded in future.
+        b64str = b64str.slice(0, canBeDecoded);
+
+        res += this.iconv.decode(Buffer.from(b64str, 'base64'), "utf16-be");
+    }
+
+    this.inBase64 = inBase64;
+    this.base64Accum = base64Accum;
+
+    return res;
+}
+
+Utf7Decoder.prototype.end = function() {
+    var res = "";
+    if (this.inBase64 && this.base64Accum.length > 0)
+        res = this.iconv.decode(Buffer.from(this.base64Accum, 'base64'), "utf16-be");
+
+    this.inBase64 = false;
+    this.base64Accum = '';
+    return res;
+}
+
+
+// UTF-7-IMAP codec.
+// RFC3501 Sec. 5.1.3 Modified UTF-7 (http://tools.ietf.org/html/rfc3501#section-5.1.3)
+// Differences:
+//  * Base64 part is started by "&" instead of "+"
+//  * Direct characters are 0x20-0x7E, except "&" (0x26)
+//  * In Base64, "," is used instead of "/"
+//  * Base64 must not be used to represent direct characters.
+//  * No implicit shift back from Base64 (should always end with '-')
+//  * String must end in non-shifted position.
+//  * "-&" while in base64 is not allowed.
+
+
+exports.utf7imap = Utf7IMAPCodec;
+function Utf7IMAPCodec(codecOptions, iconv) {
+    this.iconv = iconv;
+};
+
+Utf7IMAPCodec.prototype.encoder = Utf7IMAPEncoder;
+Utf7IMAPCodec.prototype.decoder = Utf7IMAPDecoder;
+Utf7IMAPCodec.prototype.bomAware = true;
+
+
+// -- Encoding
+
+function Utf7IMAPEncoder(options, codec) {
+    this.iconv = codec.iconv;
+    this.inBase64 = false;
+    this.base64Accum = Buffer.alloc(6);
+    this.base64AccumIdx = 0;
+}
+
+Utf7IMAPEncoder.prototype.write = function(str) {
+    var inBase64 = this.inBase64,
+        base64Accum = this.base64Accum,
+        base64AccumIdx = this.base64AccumIdx,
+        buf = Buffer.alloc(str.length*5 + 10), bufIdx = 0;
+
+    for (var i = 0; i < str.length; i++) {
+        var uChar = str.charCodeAt(i);
+        if (0x20 <= uChar && uChar <= 0x7E) { // Direct character or '&'.
+            if (inBase64) {
+                if (base64AccumIdx > 0) {
+                    bufIdx += buf.write(base64Accum.slice(0, base64AccumIdx).toString('base64').replace(/\//g, ',').replace(/=+$/, ''), bufIdx);
+                    base64AccumIdx = 0;
+                }
+
+                buf[bufIdx++] = minusChar; // Write '-', then go to direct mode.
+                inBase64 = false;
+            }
+
+            if (!inBase64) {
+                buf[bufIdx++] = uChar; // Write direct character
+
+                if (uChar === andChar)  // Ampersand -> '&-'
+                    buf[bufIdx++] = minusChar;
+            }
+
+        } else { // Non-direct character
+            if (!inBase64) {
+                buf[bufIdx++] = andChar; // Write '&', then go to base64 mode.
+                inBase64 = true;
+            }
+            if (inBase64) {
+                base64Accum[base64AccumIdx++] = uChar >> 8;
+                base64Accum[base64AccumIdx++] = uChar & 0xFF;
+
+                if (base64AccumIdx == base64Accum.length) {
+                    bufIdx += buf.write(base64Accum.toString('base64').replace(/\//g, ','), bufIdx);
+                    base64AccumIdx = 0;
+                }
+            }
+        }
+    }
+
+    this.inBase64 = inBase64;
+    this.base64AccumIdx = base64AccumIdx;
+
+    return buf.slice(0, bufIdx);
+}
+
+Utf7IMAPEncoder.prototype.end = function() {
+    var buf = Buffer.alloc(10), bufIdx = 0;
+    if (this.inBase64) {
+        if (this.base64AccumIdx > 0) {
+            bufIdx += buf.write(this.base64Accum.slice(0, this.base64AccumIdx).toString('base64').replace(/\//g, ',').replace(/=+$/, ''), bufIdx);
+            this.base64AccumIdx = 0;
+        }
+
+        buf[bufIdx++] = minusChar; // Write '-', then go to direct mode.
+        this.inBase64 = false;
+    }
+
+    return buf.slice(0, bufIdx);
+}
+
+
+// -- Decoding
+
+function Utf7IMAPDecoder(options, codec) {
+    this.iconv = codec.iconv;
+    this.inBase64 = false;
+    this.base64Accum = '';
+}
+
+var base64IMAPChars = base64Chars.slice();
+base64IMAPChars[','.charCodeAt(0)] = true;
+
+Utf7IMAPDecoder.prototype.write = function(buf) {
+    var res = "", lastI = 0,
+        inBase64 = this.inBase64,
+        base64Accum = this.base64Accum;
+
+    // The decoder is more involved as we must handle chunks in stream.
+    // It is forgiving, closer to standard UTF-7 (for example, '-' is optional at the end).
+
+    for (var i = 0; i < buf.length; i++) {
+        if (!inBase64) { // We're in direct mode.
+            // Write direct chars until '&'
+            if (buf[i] == andChar) {
+                res += this.iconv.decode(buf.slice(lastI, i), "ascii"); // Write direct chars.
+                lastI = i+1;
+                inBase64 = true;
+            }
+        } else { // We decode base64.
+            if (!base64IMAPChars[buf[i]]) { // Base64 ended.
+                if (i == lastI && buf[i] == minusChar) { // "&-" -> "&"
+                    res += "&";
+                } else {
+                    var b64str = base64Accum + buf.slice(lastI, i).toString().replace(/,/g, '/');
+                    res += this.iconv.decode(Buffer.from(b64str, 'base64'), "utf16-be");
+                }
+
+                if (buf[i] != minusChar) // Minus may be absorbed after base64.
+                    i--;
+
+                lastI = i+1;
+                inBase64 = false;
+                base64Accum = '';
+            }
+        }
+    }
+
+    if (!inBase64) {
+        res += this.iconv.decode(buf.slice(lastI), "ascii"); // Write direct chars.
+    } else {
+        var b64str = base64Accum + buf.slice(lastI).toString().replace(/,/g, '/');
+
+        var canBeDecoded = b64str.length - (b64str.length % 8); // Minimal chunk: 2 quads -> 2x3 bytes -> 3 chars.
+        base64Accum = b64str.slice(canBeDecoded); // The rest will be decoded in future.
+        b64str = b64str.slice(0, canBeDecoded);
+
+        res += this.iconv.decode(Buffer.from(b64str, 'base64'), "utf16-be");
+    }
+
+    this.inBase64 = inBase64;
+    this.base64Accum = base64Accum;
+
+    return res;
+}
+
+Utf7IMAPDecoder.prototype.end = function() {
+    var res = "";
+    if (this.inBase64 && this.base64Accum.length > 0)
+        res = this.iconv.decode(Buffer.from(this.base64Accum, 'base64'), "utf16-be");
+
+    this.inBase64 = false;
+    this.base64Accum = '';
+    return res;
+}
+
+
diff --git a/src/Servers/ExpressServer/node_modules/iconv-lite/lib/bom-handling.js b/src/Servers/ExpressServer/node_modules/iconv-lite/lib/bom-handling.js
new file mode 100644
index 0000000..1050872
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/iconv-lite/lib/bom-handling.js
@@ -0,0 +1,52 @@
+"use strict";
+
+var BOMChar = '\uFEFF';
+
+exports.PrependBOM = PrependBOMWrapper
+function PrependBOMWrapper(encoder, options) {
+    this.encoder = encoder;
+    this.addBOM = true;
+}
+
+PrependBOMWrapper.prototype.write = function(str) {
+    if (this.addBOM) {
+        str = BOMChar + str;
+        this.addBOM = false;
+    }
+
+    return this.encoder.write(str);
+}
+
+PrependBOMWrapper.prototype.end = function() {
+    return this.encoder.end();
+}
+
+
+//------------------------------------------------------------------------------
+
+exports.StripBOM = StripBOMWrapper;
+function StripBOMWrapper(decoder, options) {
+    this.decoder = decoder;
+    this.pass = false;
+    this.options = options || {};
+}
+
+StripBOMWrapper.prototype.write = function(buf) {
+    var res = this.decoder.write(buf);
+    if (this.pass || !res)
+        return res;
+
+    if (res[0] === BOMChar) {
+        res = res.slice(1);
+        if (typeof this.options.stripBOM === 'function')
+            this.options.stripBOM();
+    }
+
+    this.pass = true;
+    return res;
+}
+
+StripBOMWrapper.prototype.end = function() {
+    return this.decoder.end();
+}
+
diff --git a/src/Servers/ExpressServer/node_modules/iconv-lite/lib/extend-node.js b/src/Servers/ExpressServer/node_modules/iconv-lite/lib/extend-node.js
new file mode 100644
index 0000000..87f5394
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/iconv-lite/lib/extend-node.js
@@ -0,0 +1,217 @@
+"use strict";
+var Buffer = require("buffer").Buffer;
+// Note: not polyfilled with safer-buffer on a purpose, as overrides Buffer
+
+// == Extend Node primitives to use iconv-lite =================================
+
+module.exports = function (iconv) {
+    var original = undefined; // Place to keep original methods.
+
+    // Node authors rewrote Buffer internals to make it compatible with
+    // Uint8Array and we cannot patch key functions since then.
+    // Note: this does use older Buffer API on a purpose
+    iconv.supportsNodeEncodingsExtension = !(Buffer.from || new Buffer(0) instanceof Uint8Array);
+
+    iconv.extendNodeEncodings = function extendNodeEncodings() {
+        if (original) return;
+        original = {};
+
+        if (!iconv.supportsNodeEncodingsExtension) {
+            console.error("ACTION NEEDED: require('iconv-lite').extendNodeEncodings() is not supported in your version of Node");
+            console.error("See more info at https://github.com/ashtuchkin/iconv-lite/wiki/Node-v4-compatibility");
+            return;
+        }
+
+        var nodeNativeEncodings = {
+            'hex': true, 'utf8': true, 'utf-8': true, 'ascii': true, 'binary': true, 
+            'base64': true, 'ucs2': true, 'ucs-2': true, 'utf16le': true, 'utf-16le': true,
+        };
+
+        Buffer.isNativeEncoding = function(enc) {
+            return enc && nodeNativeEncodings[enc.toLowerCase()];
+        }
+
+        // -- SlowBuffer -----------------------------------------------------------
+        var SlowBuffer = require('buffer').SlowBuffer;
+
+        original.SlowBufferToString = SlowBuffer.prototype.toString;
+        SlowBuffer.prototype.toString = function(encoding, start, end) {
+            encoding = String(encoding || 'utf8').toLowerCase();
+
+            // Use native conversion when possible
+            if (Buffer.isNativeEncoding(encoding))
+                return original.SlowBufferToString.call(this, encoding, start, end);
+
+            // Otherwise, use our decoding method.
+            if (typeof start == 'undefined') start = 0;
+            if (typeof end == 'undefined') end = this.length;
+            return iconv.decode(this.slice(start, end), encoding);
+        }
+
+        original.SlowBufferWrite = SlowBuffer.prototype.write;
+        SlowBuffer.prototype.write = function(string, offset, length, encoding) {
+            // Support both (string, offset, length, encoding)
+            // and the legacy (string, encoding, offset, length)
+            if (isFinite(offset)) {
+                if (!isFinite(length)) {
+                    encoding = length;
+                    length = undefined;
+                }
+            } else {  // legacy
+                var swap = encoding;
+                encoding = offset;
+                offset = length;
+                length = swap;
+            }
+
+            offset = +offset || 0;
+            var remaining = this.length - offset;
+            if (!length) {
+                length = remaining;
+            } else {
+                length = +length;
+                if (length > remaining) {
+                    length = remaining;
+                }
+            }
+            encoding = String(encoding || 'utf8').toLowerCase();
+
+            // Use native conversion when possible
+            if (Buffer.isNativeEncoding(encoding))
+                return original.SlowBufferWrite.call(this, string, offset, length, encoding);
+
+            if (string.length > 0 && (length < 0 || offset < 0))
+                throw new RangeError('attempt to write beyond buffer bounds');
+
+            // Otherwise, use our encoding method.
+            var buf = iconv.encode(string, encoding);
+            if (buf.length < length) length = buf.length;
+            buf.copy(this, offset, 0, length);
+            return length;
+        }
+
+        // -- Buffer ---------------------------------------------------------------
+
+        original.BufferIsEncoding = Buffer.isEncoding;
+        Buffer.isEncoding = function(encoding) {
+            return Buffer.isNativeEncoding(encoding) || iconv.encodingExists(encoding);
+        }
+
+        original.BufferByteLength = Buffer.byteLength;
+        Buffer.byteLength = SlowBuffer.byteLength = function(str, encoding) {
+            encoding = String(encoding || 'utf8').toLowerCase();
+
+            // Use native conversion when possible
+            if (Buffer.isNativeEncoding(encoding))
+                return original.BufferByteLength.call(this, str, encoding);
+
+            // Slow, I know, but we don't have a better way yet.
+            return iconv.encode(str, encoding).length;
+        }
+
+        original.BufferToString = Buffer.prototype.toString;
+        Buffer.prototype.toString = function(encoding, start, end) {
+            encoding = String(encoding || 'utf8').toLowerCase();
+
+            // Use native conversion when possible
+            if (Buffer.isNativeEncoding(encoding))
+                return original.BufferToString.call(this, encoding, start, end);
+
+            // Otherwise, use our decoding method.
+            if (typeof start == 'undefined') start = 0;
+            if (typeof end == 'undefined') end = this.length;
+            return iconv.decode(this.slice(start, end), encoding);
+        }
+
+        original.BufferWrite = Buffer.prototype.write;
+        Buffer.prototype.write = function(string, offset, length, encoding) {
+            var _offset = offset, _length = length, _encoding = encoding;
+            // Support both (string, offset, length, encoding)
+            // and the legacy (string, encoding, offset, length)
+            if (isFinite(offset)) {
+                if (!isFinite(length)) {
+                    encoding = length;
+                    length = undefined;
+                }
+            } else {  // legacy
+                var swap = encoding;
+                encoding = offset;
+                offset = length;
+                length = swap;
+            }
+
+            encoding = String(encoding || 'utf8').toLowerCase();
+
+            // Use native conversion when possible
+            if (Buffer.isNativeEncoding(encoding))
+                return original.BufferWrite.call(this, string, _offset, _length, _encoding);
+
+            offset = +offset || 0;
+            var remaining = this.length - offset;
+            if (!length) {
+                length = remaining;
+            } else {
+                length = +length;
+                if (length > remaining) {
+                    length = remaining;
+                }
+            }
+
+            if (string.length > 0 && (length < 0 || offset < 0))
+                throw new RangeError('attempt to write beyond buffer bounds');
+
+            // Otherwise, use our encoding method.
+            var buf = iconv.encode(string, encoding);
+            if (buf.length < length) length = buf.length;
+            buf.copy(this, offset, 0, length);
+            return length;
+
+            // TODO: Set _charsWritten.
+        }
+
+
+        // -- Readable -------------------------------------------------------------
+        if (iconv.supportsStreams) {
+            var Readable = require('stream').Readable;
+
+            original.ReadableSetEncoding = Readable.prototype.setEncoding;
+            Readable.prototype.setEncoding = function setEncoding(enc, options) {
+                // Use our own decoder, it has the same interface.
+                // We cannot use original function as it doesn't handle BOM-s.
+                this._readableState.decoder = iconv.getDecoder(enc, options);
+                this._readableState.encoding = enc;
+            }
+
+            Readable.prototype.collect = iconv._collect;
+        }
+    }
+
+    // Remove iconv-lite Node primitive extensions.
+    iconv.undoExtendNodeEncodings = function undoExtendNodeEncodings() {
+        if (!iconv.supportsNodeEncodingsExtension)
+            return;
+        if (!original)
+            throw new Error("require('iconv-lite').undoExtendNodeEncodings(): Nothing to undo; extendNodeEncodings() is not called.")
+
+        delete Buffer.isNativeEncoding;
+
+        var SlowBuffer = require('buffer').SlowBuffer;
+
+        SlowBuffer.prototype.toString = original.SlowBufferToString;
+        SlowBuffer.prototype.write = original.SlowBufferWrite;
+
+        Buffer.isEncoding = original.BufferIsEncoding;
+        Buffer.byteLength = original.BufferByteLength;
+        Buffer.prototype.toString = original.BufferToString;
+        Buffer.prototype.write = original.BufferWrite;
+
+        if (iconv.supportsStreams) {
+            var Readable = require('stream').Readable;
+
+            Readable.prototype.setEncoding = original.ReadableSetEncoding;
+            delete Readable.prototype.collect;
+        }
+
+        original = undefined;
+    }
+}
diff --git a/src/Servers/ExpressServer/node_modules/iconv-lite/lib/index.d.ts b/src/Servers/ExpressServer/node_modules/iconv-lite/lib/index.d.ts
new file mode 100644
index 0000000..0547eb3
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/iconv-lite/lib/index.d.ts
@@ -0,0 +1,24 @@
+/*---------------------------------------------------------------------------------------------
+ *  Copyright (c) Microsoft Corporation. All rights reserved.
+ *  Licensed under the MIT License.
+ *  REQUIREMENT: This definition is dependent on the @types/node definition.
+ *  Install with `npm install @types/node --save-dev`
+ *--------------------------------------------------------------------------------------------*/
+
+declare module 'iconv-lite' {
+	export function decode(buffer: Buffer, encoding: string, options?: Options): string;
+
+	export function encode(content: string, encoding: string, options?: Options): Buffer;
+
+	export function encodingExists(encoding: string): boolean;
+
+	export function decodeStream(encoding: string, options?: Options): NodeJS.ReadWriteStream;
+
+	export function encodeStream(encoding: string, options?: Options): NodeJS.ReadWriteStream;
+}
+
+export interface Options {
+    stripBOM?: boolean;
+    addBOM?: boolean;
+    defaultEncoding?: string;
+}
diff --git a/src/Servers/ExpressServer/node_modules/iconv-lite/lib/index.js b/src/Servers/ExpressServer/node_modules/iconv-lite/lib/index.js
new file mode 100644
index 0000000..5391919
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/iconv-lite/lib/index.js
@@ -0,0 +1,153 @@
+"use strict";
+
+// Some environments don't have global Buffer (e.g. React Native).
+// Solution would be installing npm modules "buffer" and "stream" explicitly.
+var Buffer = require("safer-buffer").Buffer;
+
+var bomHandling = require("./bom-handling"),
+    iconv = module.exports;
+
+// All codecs and aliases are kept here, keyed by encoding name/alias.
+// They are lazy loaded in `iconv.getCodec` from `encodings/index.js`.
+iconv.encodings = null;
+
+// Characters emitted in case of error.
+iconv.defaultCharUnicode = '�';
+iconv.defaultCharSingleByte = '?';
+
+// Public API.
+iconv.encode = function encode(str, encoding, options) {
+    str = "" + (str || ""); // Ensure string.
+
+    var encoder = iconv.getEncoder(encoding, options);
+
+    var res = encoder.write(str);
+    var trail = encoder.end();
+    
+    return (trail && trail.length > 0) ? Buffer.concat([res, trail]) : res;
+}
+
+iconv.decode = function decode(buf, encoding, options) {
+    if (typeof buf === 'string') {
+        if (!iconv.skipDecodeWarning) {
+            console.error('Iconv-lite warning: decode()-ing strings is deprecated. Refer to https://github.com/ashtuchkin/iconv-lite/wiki/Use-Buffers-when-decoding');
+            iconv.skipDecodeWarning = true;
+        }
+
+        buf = Buffer.from("" + (buf || ""), "binary"); // Ensure buffer.
+    }
+
+    var decoder = iconv.getDecoder(encoding, options);
+
+    var res = decoder.write(buf);
+    var trail = decoder.end();
+
+    return trail ? (res + trail) : res;
+}
+
+iconv.encodingExists = function encodingExists(enc) {
+    try {
+        iconv.getCodec(enc);
+        return true;
+    } catch (e) {
+        return false;
+    }
+}
+
+// Legacy aliases to convert functions
+iconv.toEncoding = iconv.encode;
+iconv.fromEncoding = iconv.decode;
+
+// Search for a codec in iconv.encodings. Cache codec data in iconv._codecDataCache.
+iconv._codecDataCache = {};
+iconv.getCodec = function getCodec(encoding) {
+    if (!iconv.encodings)
+        iconv.encodings = require("../encodings"); // Lazy load all encoding definitions.
+    
+    // Canonicalize encoding name: strip all non-alphanumeric chars and appended year.
+    var enc = iconv._canonicalizeEncoding(encoding);
+
+    // Traverse iconv.encodings to find actual codec.
+    var codecOptions = {};
+    while (true) {
+        var codec = iconv._codecDataCache[enc];
+        if (codec)
+            return codec;
+
+        var codecDef = iconv.encodings[enc];
+
+        switch (typeof codecDef) {
+            case "string": // Direct alias to other encoding.
+                enc = codecDef;
+                break;
+
+            case "object": // Alias with options. Can be layered.
+                for (var key in codecDef)
+                    codecOptions[key] = codecDef[key];
+
+                if (!codecOptions.encodingName)
+                    codecOptions.encodingName = enc;
+                
+                enc = codecDef.type;
+                break;
+
+            case "function": // Codec itself.
+                if (!codecOptions.encodingName)
+                    codecOptions.encodingName = enc;
+
+                // The codec function must load all tables and return object with .encoder and .decoder methods.
+                // It'll be called only once (for each different options object).
+                codec = new codecDef(codecOptions, iconv);
+
+                iconv._codecDataCache[codecOptions.encodingName] = codec; // Save it to be reused later.
+                return codec;
+
+            default:
+                throw new Error("Encoding not recognized: '" + encoding + "' (searched as: '"+enc+"')");
+        }
+    }
+}
+
+iconv._canonicalizeEncoding = function(encoding) {
+    // Canonicalize encoding name: strip all non-alphanumeric chars and appended year.
+    return (''+encoding).toLowerCase().replace(/:\d{4}$|[^0-9a-z]/g, "");
+}
+
+iconv.getEncoder = function getEncoder(encoding, options) {
+    var codec = iconv.getCodec(encoding),
+        encoder = new codec.encoder(options, codec);
+
+    if (codec.bomAware && options && options.addBOM)
+        encoder = new bomHandling.PrependBOM(encoder, options);
+
+    return encoder;
+}
+
+iconv.getDecoder = function getDecoder(encoding, options) {
+    var codec = iconv.getCodec(encoding),
+        decoder = new codec.decoder(options, codec);
+
+    if (codec.bomAware && !(options && options.stripBOM === false))
+        decoder = new bomHandling.StripBOM(decoder, options);
+
+    return decoder;
+}
+
+
+// Load extensions in Node. All of them are omitted in Browserify build via 'browser' field in package.json.
+var nodeVer = typeof process !== 'undefined' && process.versions && process.versions.node;
+if (nodeVer) {
+
+    // Load streaming support in Node v0.10+
+    var nodeVerArr = nodeVer.split(".").map(Number);
+    if (nodeVerArr[0] > 0 || nodeVerArr[1] >= 10) {
+        require("./streams")(iconv);
+    }
+
+    // Load Node primitive extensions.
+    require("./extend-node")(iconv);
+}
+
+if ("Ā" != "\u0100") {
+    console.error("iconv-lite warning: javascript files use encoding different from utf-8. See https://github.com/ashtuchkin/iconv-lite/wiki/Javascript-source-file-encodings for more info.");
+}
diff --git a/src/Servers/ExpressServer/node_modules/iconv-lite/lib/streams.js b/src/Servers/ExpressServer/node_modules/iconv-lite/lib/streams.js
new file mode 100644
index 0000000..4409552
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/iconv-lite/lib/streams.js
@@ -0,0 +1,121 @@
+"use strict";
+
+var Buffer = require("buffer").Buffer,
+    Transform = require("stream").Transform;
+
+
+// == Exports ==================================================================
+module.exports = function(iconv) {
+    
+    // Additional Public API.
+    iconv.encodeStream = function encodeStream(encoding, options) {
+        return new IconvLiteEncoderStream(iconv.getEncoder(encoding, options), options);
+    }
+
+    iconv.decodeStream = function decodeStream(encoding, options) {
+        return new IconvLiteDecoderStream(iconv.getDecoder(encoding, options), options);
+    }
+
+    iconv.supportsStreams = true;
+
+
+    // Not published yet.
+    iconv.IconvLiteEncoderStream = IconvLiteEncoderStream;
+    iconv.IconvLiteDecoderStream = IconvLiteDecoderStream;
+    iconv._collect = IconvLiteDecoderStream.prototype.collect;
+};
+
+
+// == Encoder stream =======================================================
+function IconvLiteEncoderStream(conv, options) {
+    this.conv = conv;
+    options = options || {};
+    options.decodeStrings = false; // We accept only strings, so we don't need to decode them.
+    Transform.call(this, options);
+}
+
+IconvLiteEncoderStream.prototype = Object.create(Transform.prototype, {
+    constructor: { value: IconvLiteEncoderStream }
+});
+
+IconvLiteEncoderStream.prototype._transform = function(chunk, encoding, done) {
+    if (typeof chunk != 'string')
+        return done(new Error("Iconv encoding stream needs strings as its input."));
+    try {
+        var res = this.conv.write(chunk);
+        if (res && res.length) this.push(res);
+        done();
+    }
+    catch (e) {
+        done(e);
+    }
+}
+
+IconvLiteEncoderStream.prototype._flush = function(done) {
+    try {
+        var res = this.conv.end();
+        if (res && res.length) this.push(res);
+        done();
+    }
+    catch (e) {
+        done(e);
+    }
+}
+
+IconvLiteEncoderStream.prototype.collect = function(cb) {
+    var chunks = [];
+    this.on('error', cb);
+    this.on('data', function(chunk) { chunks.push(chunk); });
+    this.on('end', function() {
+        cb(null, Buffer.concat(chunks));
+    });
+    return this;
+}
+
+
+// == Decoder stream =======================================================
+function IconvLiteDecoderStream(conv, options) {
+    this.conv = conv;
+    options = options || {};
+    options.encoding = this.encoding = 'utf8'; // We output strings.
+    Transform.call(this, options);
+}
+
+IconvLiteDecoderStream.prototype = Object.create(Transform.prototype, {
+    constructor: { value: IconvLiteDecoderStream }
+});
+
+IconvLiteDecoderStream.prototype._transform = function(chunk, encoding, done) {
+    if (!Buffer.isBuffer(chunk))
+        return done(new Error("Iconv decoding stream needs buffers as its input."));
+    try {
+        var res = this.conv.write(chunk);
+        if (res && res.length) this.push(res, this.encoding);
+        done();
+    }
+    catch (e) {
+        done(e);
+    }
+}
+
+IconvLiteDecoderStream.prototype._flush = function(done) {
+    try {
+        var res = this.conv.end();
+        if (res && res.length) this.push(res, this.encoding);                
+        done();
+    }
+    catch (e) {
+        done(e);
+    }
+}
+
+IconvLiteDecoderStream.prototype.collect = function(cb) {
+    var res = '';
+    this.on('error', cb);
+    this.on('data', function(chunk) { res += chunk; });
+    this.on('end', function() {
+        cb(null, res);
+    });
+    return this;
+}
+
diff --git a/src/Servers/ExpressServer/node_modules/iconv-lite/package.json b/src/Servers/ExpressServer/node_modules/iconv-lite/package.json
new file mode 100644
index 0000000..a7c74fc
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/iconv-lite/package.json
@@ -0,0 +1,46 @@
+{
+    "name": "iconv-lite",
+    "description": "Convert character encodings in pure javascript.",
+    "version": "0.4.24",
+    "license": "MIT",
+    "keywords": [
+        "iconv",
+        "convert",
+        "charset",
+        "icu"
+    ],
+    "author": "Alexander Shtuchkin <ashtuchkin@gmail.com>",
+    "main": "./lib/index.js",
+    "typings": "./lib/index.d.ts",
+    "homepage": "https://github.com/ashtuchkin/iconv-lite",
+    "bugs": "https://github.com/ashtuchkin/iconv-lite/issues",
+    "repository": {
+        "type": "git",
+        "url": "git://github.com/ashtuchkin/iconv-lite.git"
+    },
+    "engines": {
+        "node": ">=0.10.0"
+    },
+    "scripts": {
+        "coverage": "istanbul cover _mocha -- --grep .",
+        "coverage-open": "open coverage/lcov-report/index.html",
+        "test": "mocha --reporter spec --grep ."
+    },
+    "browser": {
+        "./lib/extend-node": false,
+        "./lib/streams": false
+    },
+    "devDependencies": {
+        "mocha": "^3.1.0",
+        "request": "~2.87.0",
+        "unorm": "*",
+        "errto": "*",
+        "async": "*",
+        "istanbul": "*",
+        "semver": "*",
+        "iconv": "*"
+    },
+    "dependencies": {
+        "safer-buffer": ">= 2.1.2 < 3"
+    }
+}
diff --git a/src/Servers/ExpressServer/node_modules/inherits/LICENSE b/src/Servers/ExpressServer/node_modules/inherits/LICENSE
new file mode 100644
index 0000000..dea3013
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/inherits/LICENSE
@@ -0,0 +1,16 @@
+The ISC License
+
+Copyright (c) Isaac Z. Schlueter
+
+Permission to use, copy, modify, and/or distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
+REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
+FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
+INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+PERFORMANCE OF THIS SOFTWARE.
+
diff --git a/src/Servers/ExpressServer/node_modules/inherits/README.md b/src/Servers/ExpressServer/node_modules/inherits/README.md
new file mode 100644
index 0000000..b1c5665
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/inherits/README.md
@@ -0,0 +1,42 @@
+Browser-friendly inheritance fully compatible with standard node.js
+[inherits](http://nodejs.org/api/util.html#util_util_inherits_constructor_superconstructor).
+
+This package exports standard `inherits` from node.js `util` module in
+node environment, but also provides alternative browser-friendly
+implementation through [browser
+field](https://gist.github.com/shtylman/4339901). Alternative
+implementation is a literal copy of standard one located in standalone
+module to avoid requiring of `util`. It also has a shim for old
+browsers with no `Object.create` support.
+
+While keeping you sure you are using standard `inherits`
+implementation in node.js environment, it allows bundlers such as
+[browserify](https://github.com/substack/node-browserify) to not
+include full `util` package to your client code if all you need is
+just `inherits` function. It worth, because browser shim for `util`
+package is large and `inherits` is often the single function you need
+from it.
+
+It's recommended to use this package instead of
+`require('util').inherits` for any code that has chances to be used
+not only in node.js but in browser too.
+
+## usage
+
+```js
+var inherits = require('inherits');
+// then use exactly as the standard one
+```
+
+## note on version ~1.0
+
+Version ~1.0 had completely different motivation and is not compatible
+neither with 2.0 nor with standard node.js `inherits`.
+
+If you are using version ~1.0 and planning to switch to ~2.0, be
+careful:
+
+* new version uses `super_` instead of `super` for referencing
+  superclass
+* new version overwrites current prototype while old one preserves any
+  existing fields on it
diff --git a/src/Servers/ExpressServer/node_modules/inherits/inherits.js b/src/Servers/ExpressServer/node_modules/inherits/inherits.js
new file mode 100644
index 0000000..f71f2d9
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/inherits/inherits.js
@@ -0,0 +1,9 @@
+try {
+  var util = require('util');
+  /* istanbul ignore next */
+  if (typeof util.inherits !== 'function') throw '';
+  module.exports = util.inherits;
+} catch (e) {
+  /* istanbul ignore next */
+  module.exports = require('./inherits_browser.js');
+}
diff --git a/src/Servers/ExpressServer/node_modules/inherits/inherits_browser.js b/src/Servers/ExpressServer/node_modules/inherits/inherits_browser.js
new file mode 100644
index 0000000..86bbb3d
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/inherits/inherits_browser.js
@@ -0,0 +1,27 @@
+if (typeof Object.create === 'function') {
+  // implementation from standard node.js 'util' module
+  module.exports = function inherits(ctor, superCtor) {
+    if (superCtor) {
+      ctor.super_ = superCtor
+      ctor.prototype = Object.create(superCtor.prototype, {
+        constructor: {
+          value: ctor,
+          enumerable: false,
+          writable: true,
+          configurable: true
+        }
+      })
+    }
+  };
+} else {
+  // old school shim for old browsers
+  module.exports = function inherits(ctor, superCtor) {
+    if (superCtor) {
+      ctor.super_ = superCtor
+      var TempCtor = function () {}
+      TempCtor.prototype = superCtor.prototype
+      ctor.prototype = new TempCtor()
+      ctor.prototype.constructor = ctor
+    }
+  }
+}
diff --git a/src/Servers/ExpressServer/node_modules/inherits/package.json b/src/Servers/ExpressServer/node_modules/inherits/package.json
new file mode 100644
index 0000000..37b4366
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/inherits/package.json
@@ -0,0 +1,29 @@
+{
+  "name": "inherits",
+  "description": "Browser-friendly inheritance fully compatible with standard node.js inherits()",
+  "version": "2.0.4",
+  "keywords": [
+    "inheritance",
+    "class",
+    "klass",
+    "oop",
+    "object-oriented",
+    "inherits",
+    "browser",
+    "browserify"
+  ],
+  "main": "./inherits.js",
+  "browser": "./inherits_browser.js",
+  "repository": "git://github.com/isaacs/inherits",
+  "license": "ISC",
+  "scripts": {
+    "test": "tap"
+  },
+  "devDependencies": {
+    "tap": "^14.2.4"
+  },
+  "files": [
+    "inherits.js",
+    "inherits_browser.js"
+  ]
+}
diff --git a/src/Servers/ExpressServer/node_modules/ipaddr.js/LICENSE b/src/Servers/ExpressServer/node_modules/ipaddr.js/LICENSE
new file mode 100644
index 0000000..f6b37b5
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/ipaddr.js/LICENSE
@@ -0,0 +1,19 @@
+Copyright (C) 2011-2017 whitequark <whitequark@whitequark.org>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/ipaddr.js/README.md b/src/Servers/ExpressServer/node_modules/ipaddr.js/README.md
new file mode 100644
index 0000000..f57725b
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/ipaddr.js/README.md
@@ -0,0 +1,233 @@
+# ipaddr.js — an IPv6 and IPv4 address manipulation library [![Build Status](https://travis-ci.org/whitequark/ipaddr.js.svg)](https://travis-ci.org/whitequark/ipaddr.js)
+
+ipaddr.js is a small (1.9K minified and gzipped) library for manipulating
+IP addresses in JavaScript environments. It runs on both CommonJS runtimes
+(e.g. [nodejs]) and in a web browser.
+
+ipaddr.js allows you to verify and parse string representation of an IP
+address, match it against a CIDR range or range list, determine if it falls
+into some reserved ranges (examples include loopback and private ranges),
+and convert between IPv4 and IPv4-mapped IPv6 addresses.
+
+[nodejs]: http://nodejs.org
+
+## Installation
+
+`npm install ipaddr.js`
+
+or
+
+`bower install ipaddr.js`
+
+## API
+
+ipaddr.js defines one object in the global scope: `ipaddr`. In CommonJS,
+it is exported from the module:
+
+```js
+var ipaddr = require('ipaddr.js');
+```
+
+The API consists of several global methods and two classes: ipaddr.IPv6 and ipaddr.IPv4.
+
+### Global methods
+
+There are three global methods defined: `ipaddr.isValid`, `ipaddr.parse` and
+`ipaddr.process`. All of them receive a string as a single parameter.
+
+The `ipaddr.isValid` method returns `true` if the address is a valid IPv4 or
+IPv6 address, and `false` otherwise. It does not throw any exceptions.
+
+The `ipaddr.parse` method returns an object representing the IP address,
+or throws an `Error` if the passed string is not a valid representation of an
+IP address.
+
+The `ipaddr.process` method works just like the `ipaddr.parse` one, but it
+automatically converts IPv4-mapped IPv6 addresses to their IPv4 counterparts
+before returning. It is useful when you have a Node.js instance listening
+on an IPv6 socket, and the `net.ivp6.bindv6only` sysctl parameter (or its
+equivalent on non-Linux OS) is set to 0. In this case, you can accept IPv4
+connections on your IPv6-only socket, but the remote address will be mangled.
+Use `ipaddr.process` method to automatically demangle it.
+
+### Object representation
+
+Parsing methods return an object which descends from `ipaddr.IPv6` or
+`ipaddr.IPv4`. These objects share some properties, but most of them differ.
+
+#### Shared properties
+
+One can determine the type of address by calling `addr.kind()`. It will return
+either `"ipv6"` or `"ipv4"`.
+
+An address can be converted back to its string representation with `addr.toString()`.
+Note that this method:
+ * does not return the original string used to create the object (in fact, there is
+   no way of getting that string)
+ * returns a compact representation (when it is applicable)
+
+A `match(range, bits)` method can be used to check if the address falls into a
+certain CIDR range.
+Note that an address can be (obviously) matched only against an address of the same type.
+
+For example:
+
+```js
+var addr = ipaddr.parse("2001:db8:1234::1");
+var range = ipaddr.parse("2001:db8::");
+
+addr.match(range, 32); // => true
+```
+
+Alternatively, `match` can also be called as `match([range, bits])`. In this way,
+it can be used together with the `parseCIDR(string)` method, which parses an IP
+address together with a CIDR range.
+
+For example:
+
+```js
+var addr = ipaddr.parse("2001:db8:1234::1");
+
+addr.match(ipaddr.parseCIDR("2001:db8::/32")); // => true
+```
+
+A `range()` method returns one of predefined names for several special ranges defined
+by IP protocols. The exact names (and their respective CIDR ranges) can be looked up
+in the source: [IPv6 ranges] and [IPv4 ranges]. Some common ones include `"unicast"`
+(the default one) and `"reserved"`.
+
+You can match against your own range list by using
+`ipaddr.subnetMatch(address, rangeList, defaultName)` method. It can work with a mix of IPv6 or IPv4 addresses, and accepts a name-to-subnet map as the range list. For example:
+
+```js
+var rangeList = {
+  documentationOnly: [ ipaddr.parse('2001:db8::'), 32 ],
+  tunnelProviders: [
+    [ ipaddr.parse('2001:470::'), 32 ], // he.net
+    [ ipaddr.parse('2001:5c0::'), 32 ]  // freenet6
+  ]
+};
+ipaddr.subnetMatch(ipaddr.parse('2001:470:8:66::1'), rangeList, 'unknown'); // => "tunnelProviders"
+```
+
+The addresses can be converted to their byte representation with `toByteArray()`.
+(Actually, JavaScript mostly does not know about byte buffers. They are emulated with
+arrays of numbers, each in range of 0..255.)
+
+```js
+var bytes = ipaddr.parse('2a00:1450:8007::68').toByteArray(); // ipv6.google.com
+bytes // => [42, 0x00, 0x14, 0x50, 0x80, 0x07, 0x00, <zeroes...>, 0x00, 0x68 ]
+```
+
+The `ipaddr.IPv4` and `ipaddr.IPv6` objects have some methods defined, too. All of them
+have the same interface for both protocols, and are similar to global methods.
+
+`ipaddr.IPvX.isValid(string)` can be used to check if the string is a valid address
+for particular protocol, and `ipaddr.IPvX.parse(string)` is the error-throwing parser.
+
+`ipaddr.IPvX.isValid(string)` uses the same format for parsing as the POSIX `inet_ntoa` function, which accepts unusual formats like `0xc0.168.1.1` or `0x10000000`. The function `ipaddr.IPv4.isValidFourPartDecimal(string)` validates the IPv4 address and also ensures that it is written in four-part decimal format.
+
+[IPv6 ranges]: https://github.com/whitequark/ipaddr.js/blob/master/src/ipaddr.coffee#L186
+[IPv4 ranges]: https://github.com/whitequark/ipaddr.js/blob/master/src/ipaddr.coffee#L71
+
+#### IPv6 properties
+
+Sometimes you will want to convert IPv6 not to a compact string representation (with
+the `::` substitution); the `toNormalizedString()` method will return an address where
+all zeroes are explicit.
+
+For example:
+
+```js
+var addr = ipaddr.parse("2001:0db8::0001");
+addr.toString(); // => "2001:db8::1"
+addr.toNormalizedString(); // => "2001:db8:0:0:0:0:0:1"
+```
+
+The `isIPv4MappedAddress()` method will return `true` if this address is an IPv4-mapped
+one, and `toIPv4Address()` will return an IPv4 object address.
+
+To access the underlying binary representation of the address, use `addr.parts`.
+
+```js
+var addr = ipaddr.parse("2001:db8:10::1234:DEAD");
+addr.parts // => [0x2001, 0xdb8, 0x10, 0, 0, 0, 0x1234, 0xdead]
+```
+
+A IPv6 zone index can be accessed via `addr.zoneId`:
+
+```js
+var addr = ipaddr.parse("2001:db8::%eth0");
+addr.zoneId // => 'eth0'
+```
+
+#### IPv4 properties
+
+`toIPv4MappedAddress()` will return a corresponding IPv4-mapped IPv6 address.
+
+To access the underlying representation of the address, use `addr.octets`.
+
+```js
+var addr = ipaddr.parse("192.168.1.1");
+addr.octets // => [192, 168, 1, 1]
+```
+
+`prefixLengthFromSubnetMask()` will return a CIDR prefix length for a valid IPv4 netmask or
+null if the netmask is not valid.
+
+```js
+ipaddr.IPv4.parse('255.255.255.240').prefixLengthFromSubnetMask() == 28
+ipaddr.IPv4.parse('255.192.164.0').prefixLengthFromSubnetMask()  == null
+```
+
+`subnetMaskFromPrefixLength()` will return an IPv4 netmask for a valid CIDR prefix length.
+
+```js
+ipaddr.IPv4.subnetMaskFromPrefixLength(24) == "255.255.255.0"
+ipaddr.IPv4.subnetMaskFromPrefixLength(29) == "255.255.255.248"
+```
+
+`broadcastAddressFromCIDR()` will return the broadcast address for a given IPv4 interface and netmask in CIDR notation.
+```js
+ipaddr.IPv4.broadcastAddressFromCIDR("172.0.0.1/24") == "172.0.0.255"
+```
+`networkAddressFromCIDR()` will return the network address for a given IPv4 interface and netmask in CIDR notation.
+```js
+ipaddr.IPv4.networkAddressFromCIDR("172.0.0.1/24") == "172.0.0.0"
+```
+
+#### Conversion
+
+IPv4 and IPv6 can be converted bidirectionally to and from network byte order (MSB) byte arrays.
+
+The `fromByteArray()` method will take an array and create an appropriate IPv4 or IPv6 object
+if the input satisfies the requirements. For IPv4 it has to be an array of four 8-bit values,
+while for IPv6 it has to be an array of sixteen 8-bit values.
+
+For example:
+```js
+var addr = ipaddr.fromByteArray([0x7f, 0, 0, 1]);
+addr.toString(); // => "127.0.0.1"
+```
+
+or
+
+```js
+var addr = ipaddr.fromByteArray([0x20, 1, 0xd, 0xb8, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1])
+addr.toString(); // => "2001:db8::1"
+```
+
+Both objects also offer a `toByteArray()` method, which returns an array in network byte order (MSB).
+
+For example:
+```js
+var addr = ipaddr.parse("127.0.0.1");
+addr.toByteArray(); // => [0x7f, 0, 0, 1]
+```
+
+or
+
+```js
+var addr = ipaddr.parse("2001:db8::1");
+addr.toByteArray(); // => [0x20, 1, 0xd, 0xb8, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1]
+```
diff --git a/src/Servers/ExpressServer/node_modules/ipaddr.js/ipaddr.min.js b/src/Servers/ExpressServer/node_modules/ipaddr.js/ipaddr.min.js
new file mode 100644
index 0000000..b54a7cc
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/ipaddr.js/ipaddr.min.js
@@ -0,0 +1 @@
+(function(){var r,t,n,e,i,o,a,s;t={},s=this,"undefined"!=typeof module&&null!==module&&module.exports?module.exports=t:s.ipaddr=t,a=function(r,t,n,e){var i,o;if(r.length!==t.length)throw new Error("ipaddr: cannot match CIDR for objects with different lengths");for(i=0;e>0;){if((o=n-e)<0&&(o=0),r[i]>>o!=t[i]>>o)return!1;e-=n,i+=1}return!0},t.subnetMatch=function(r,t,n){var e,i,o,a,s;null==n&&(n="unicast");for(o in t)for(!(a=t[o])[0]||a[0]instanceof Array||(a=[a]),e=0,i=a.length;e<i;e++)if(s=a[e],r.kind()===s[0].kind()&&r.match.apply(r,s))return o;return n},t.IPv4=function(){function r(r){var t,n,e;if(4!==r.length)throw new Error("ipaddr: ipv4 octet count should be 4");for(t=0,n=r.length;t<n;t++)if(!(0<=(e=r[t])&&e<=255))throw new Error("ipaddr: ipv4 octet should fit in 8 bits");this.octets=r}return r.prototype.kind=function(){return"ipv4"},r.prototype.toString=function(){return this.octets.join(".")},r.prototype.toNormalizedString=function(){return this.toString()},r.prototype.toByteArray=function(){return this.octets.slice(0)},r.prototype.match=function(r,t){var n;if(void 0===t&&(r=(n=r)[0],t=n[1]),"ipv4"!==r.kind())throw new Error("ipaddr: cannot match ipv4 address with non-ipv4 one");return a(this.octets,r.octets,8,t)},r.prototype.SpecialRanges={unspecified:[[new r([0,0,0,0]),8]],broadcast:[[new r([255,255,255,255]),32]],multicast:[[new r([224,0,0,0]),4]],linkLocal:[[new r([169,254,0,0]),16]],loopback:[[new r([127,0,0,0]),8]],carrierGradeNat:[[new r([100,64,0,0]),10]],private:[[new r([10,0,0,0]),8],[new r([172,16,0,0]),12],[new r([192,168,0,0]),16]],reserved:[[new r([192,0,0,0]),24],[new r([192,0,2,0]),24],[new r([192,88,99,0]),24],[new r([198,51,100,0]),24],[new r([203,0,113,0]),24],[new r([240,0,0,0]),4]]},r.prototype.range=function(){return t.subnetMatch(this,this.SpecialRanges)},r.prototype.toIPv4MappedAddress=function(){return t.IPv6.parse("::ffff:"+this.toString())},r.prototype.prefixLengthFromSubnetMask=function(){var r,t,n,e,i,o,a;for(a={0:8,128:7,192:6,224:5,240:4,248:3,252:2,254:1,255:0},r=0,i=!1,t=n=3;n>=0;t=n+=-1){if(!((e=this.octets[t])in a))return null;if(o=a[e],i&&0!==o)return null;8!==o&&(i=!0),r+=o}return 32-r},r}(),n="(0?\\d+|0x[a-f0-9]+)",e={fourOctet:new RegExp("^"+n+"\\."+n+"\\."+n+"\\."+n+"$","i"),longValue:new RegExp("^"+n+"$","i")},t.IPv4.parser=function(r){var t,n,i,o,a;if(n=function(r){return"0"===r[0]&&"x"!==r[1]?parseInt(r,8):parseInt(r)},t=r.match(e.fourOctet))return function(){var r,e,o,a;for(a=[],r=0,e=(o=t.slice(1,6)).length;r<e;r++)i=o[r],a.push(n(i));return a}();if(t=r.match(e.longValue)){if((a=n(t[1]))>4294967295||a<0)throw new Error("ipaddr: address outside defined range");return function(){var r,t;for(t=[],o=r=0;r<=24;o=r+=8)t.push(a>>o&255);return t}().reverse()}return null},t.IPv6=function(){function r(r,t){var n,e,i,o,a,s;if(16===r.length)for(this.parts=[],n=e=0;e<=14;n=e+=2)this.parts.push(r[n]<<8|r[n+1]);else{if(8!==r.length)throw new Error("ipaddr: ipv6 part count should be 8 or 16");this.parts=r}for(i=0,o=(s=this.parts).length;i<o;i++)if(!(0<=(a=s[i])&&a<=65535))throw new Error("ipaddr: ipv6 part should fit in 16 bits");t&&(this.zoneId=t)}return r.prototype.kind=function(){return"ipv6"},r.prototype.toString=function(){return this.toNormalizedString().replace(/((^|:)(0(:|$))+)/,"::")},r.prototype.toRFC5952String=function(){var r,t,n,e,i;for(e=/((^|:)(0(:|$)){2,})/g,i=this.toNormalizedString(),r=0,t=-1;n=e.exec(i);)n[0].length>t&&(r=n.index,t=n[0].length);return t<0?i:i.substring(0,r)+"::"+i.substring(r+t)},r.prototype.toByteArray=function(){var r,t,n,e,i;for(r=[],t=0,n=(i=this.parts).length;t<n;t++)e=i[t],r.push(e>>8),r.push(255&e);return r},r.prototype.toNormalizedString=function(){var r,t,n;return r=function(){var r,n,e,i;for(i=[],r=0,n=(e=this.parts).length;r<n;r++)t=e[r],i.push(t.toString(16));return i}.call(this).join(":"),n="",this.zoneId&&(n="%"+this.zoneId),r+n},r.prototype.toFixedLengthString=function(){var r,t,n;return r=function(){var r,n,e,i;for(i=[],r=0,n=(e=this.parts).length;r<n;r++)t=e[r],i.push(t.toString(16).padStart(4,"0"));return i}.call(this).join(":"),n="",this.zoneId&&(n="%"+this.zoneId),r+n},r.prototype.match=function(r,t){var n;if(void 0===t&&(r=(n=r)[0],t=n[1]),"ipv6"!==r.kind())throw new Error("ipaddr: cannot match ipv6 address with non-ipv6 one");return a(this.parts,r.parts,16,t)},r.prototype.SpecialRanges={unspecified:[new r([0,0,0,0,0,0,0,0]),128],linkLocal:[new r([65152,0,0,0,0,0,0,0]),10],multicast:[new r([65280,0,0,0,0,0,0,0]),8],loopback:[new r([0,0,0,0,0,0,0,1]),128],uniqueLocal:[new r([64512,0,0,0,0,0,0,0]),7],ipv4Mapped:[new r([0,0,0,0,0,65535,0,0]),96],rfc6145:[new r([0,0,0,0,65535,0,0,0]),96],rfc6052:[new r([100,65435,0,0,0,0,0,0]),96],"6to4":[new r([8194,0,0,0,0,0,0,0]),16],teredo:[new r([8193,0,0,0,0,0,0,0]),32],reserved:[[new r([8193,3512,0,0,0,0,0,0]),32]]},r.prototype.range=function(){return t.subnetMatch(this,this.SpecialRanges)},r.prototype.isIPv4MappedAddress=function(){return"ipv4Mapped"===this.range()},r.prototype.toIPv4Address=function(){var r,n,e;if(!this.isIPv4MappedAddress())throw new Error("ipaddr: trying to convert a generic ipv6 address to ipv4");return e=this.parts.slice(-2),r=e[0],n=e[1],new t.IPv4([r>>8,255&r,n>>8,255&n])},r.prototype.prefixLengthFromSubnetMask=function(){var r,t,n,e,i,o,a;for(a={0:16,32768:15,49152:14,57344:13,61440:12,63488:11,64512:10,65024:9,65280:8,65408:7,65472:6,65504:5,65520:4,65528:3,65532:2,65534:1,65535:0},r=0,i=!1,t=n=7;n>=0;t=n+=-1){if(!((e=this.parts[t])in a))return null;if(o=a[e],i&&0!==o)return null;16!==o&&(i=!0),r+=o}return 128-r},r}(),i="(?:[0-9a-f]+::?)+",o={zoneIndex:new RegExp("%[0-9a-z]{1,}","i"),native:new RegExp("^(::)?("+i+")?([0-9a-f]+)?(::)?(%[0-9a-z]{1,})?$","i"),transitional:new RegExp("^((?:"+i+")|(?:::)(?:"+i+")?)"+n+"\\."+n+"\\."+n+"\\."+n+"(%[0-9a-z]{1,})?$","i")},r=function(r,t){var n,e,i,a,s,p;if(r.indexOf("::")!==r.lastIndexOf("::"))return null;for((p=(r.match(o.zoneIndex)||[])[0])&&(p=p.substring(1),r=r.replace(/%.+$/,"")),n=0,e=-1;(e=r.indexOf(":",e+1))>=0;)n++;if("::"===r.substr(0,2)&&n--,"::"===r.substr(-2,2)&&n--,n>t)return null;for(s=t-n,a=":";s--;)a+="0:";return":"===(r=r.replace("::",a))[0]&&(r=r.slice(1)),":"===r[r.length-1]&&(r=r.slice(0,-1)),t=function(){var t,n,e,o;for(o=[],t=0,n=(e=r.split(":")).length;t<n;t++)i=e[t],o.push(parseInt(i,16));return o}(),{parts:t,zoneId:p}},t.IPv6.parser=function(t){var n,e,i,a,s,p,u;if(o.native.test(t))return r(t,8);if((a=t.match(o.transitional))&&(u=a[6]||"",(n=r(a[1].slice(0,-1)+u,6)).parts)){for(e=0,i=(p=[parseInt(a[2]),parseInt(a[3]),parseInt(a[4]),parseInt(a[5])]).length;e<i;e++)if(!(0<=(s=p[e])&&s<=255))return null;return n.parts.push(p[0]<<8|p[1]),n.parts.push(p[2]<<8|p[3]),{parts:n.parts,zoneId:n.zoneId}}return null},t.IPv4.isIPv4=t.IPv6.isIPv6=function(r){return null!==this.parser(r)},t.IPv4.isValid=function(r){try{return new this(this.parser(r)),!0}catch(r){return r,!1}},t.IPv4.isValidFourPartDecimal=function(r){return!(!t.IPv4.isValid(r)||!r.match(/^(0|[1-9]\d*)(\.(0|[1-9]\d*)){3}$/))},t.IPv6.isValid=function(r){var t;if("string"==typeof r&&-1===r.indexOf(":"))return!1;try{return t=this.parser(r),new this(t.parts,t.zoneId),!0}catch(r){return r,!1}},t.IPv4.parse=function(r){var t;if(null===(t=this.parser(r)))throw new Error("ipaddr: string is not formatted like ip address");return new this(t)},t.IPv6.parse=function(r){var t;if(null===(t=this.parser(r)).parts)throw new Error("ipaddr: string is not formatted like ip address");return new this(t.parts,t.zoneId)},t.IPv4.parseCIDR=function(r){var t,n,e;if((n=r.match(/^(.+)\/(\d+)$/))&&(t=parseInt(n[2]))>=0&&t<=32)return e=[this.parse(n[1]),t],Object.defineProperty(e,"toString",{value:function(){return this.join("/")}}),e;throw new Error("ipaddr: string is not formatted like an IPv4 CIDR range")},t.IPv4.subnetMaskFromPrefixLength=function(r){var t,n,e;if((r=parseInt(r))<0||r>32)throw new Error("ipaddr: invalid IPv4 prefix length");for(e=[0,0,0,0],n=0,t=Math.floor(r/8);n<t;)e[n]=255,n++;return t<4&&(e[t]=Math.pow(2,r%8)-1<<8-r%8),new this(e)},t.IPv4.broadcastAddressFromCIDR=function(r){var t,n,e,i,o;try{for(e=(t=this.parseCIDR(r))[0].toByteArray(),o=this.subnetMaskFromPrefixLength(t[1]).toByteArray(),i=[],n=0;n<4;)i.push(parseInt(e[n],10)|255^parseInt(o[n],10)),n++;return new this(i)}catch(r){throw r,new Error("ipaddr: the address does not have IPv4 CIDR format")}},t.IPv4.networkAddressFromCIDR=function(r){var t,n,e,i,o;try{for(e=(t=this.parseCIDR(r))[0].toByteArray(),o=this.subnetMaskFromPrefixLength(t[1]).toByteArray(),i=[],n=0;n<4;)i.push(parseInt(e[n],10)&parseInt(o[n],10)),n++;return new this(i)}catch(r){throw r,new Error("ipaddr: the address does not have IPv4 CIDR format")}},t.IPv6.parseCIDR=function(r){var t,n,e;if((n=r.match(/^(.+)\/(\d+)$/))&&(t=parseInt(n[2]))>=0&&t<=128)return e=[this.parse(n[1]),t],Object.defineProperty(e,"toString",{value:function(){return this.join("/")}}),e;throw new Error("ipaddr: string is not formatted like an IPv6 CIDR range")},t.isValid=function(r){return t.IPv6.isValid(r)||t.IPv4.isValid(r)},t.parse=function(r){if(t.IPv6.isValid(r))return t.IPv6.parse(r);if(t.IPv4.isValid(r))return t.IPv4.parse(r);throw new Error("ipaddr: the address has neither IPv6 nor IPv4 format")},t.parseCIDR=function(r){try{return t.IPv6.parseCIDR(r)}catch(n){n;try{return t.IPv4.parseCIDR(r)}catch(r){throw r,new Error("ipaddr: the address has neither IPv6 nor IPv4 CIDR format")}}},t.fromByteArray=function(r){var n;if(4===(n=r.length))return new t.IPv4(r);if(16===n)return new t.IPv6(r);throw new Error("ipaddr: the binary input is neither an IPv6 nor IPv4 address")},t.process=function(r){var t;return t=this.parse(r),"ipv6"===t.kind()&&t.isIPv4MappedAddress()?t.toIPv4Address():t}}).call(this);
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/ipaddr.js/lib/ipaddr.js b/src/Servers/ExpressServer/node_modules/ipaddr.js/lib/ipaddr.js
new file mode 100644
index 0000000..18bd93b
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/ipaddr.js/lib/ipaddr.js
@@ -0,0 +1,673 @@
+(function() {
+  var expandIPv6, ipaddr, ipv4Part, ipv4Regexes, ipv6Part, ipv6Regexes, matchCIDR, root, zoneIndex;
+
+  ipaddr = {};
+
+  root = this;
+
+  if ((typeof module !== "undefined" && module !== null) && module.exports) {
+    module.exports = ipaddr;
+  } else {
+    root['ipaddr'] = ipaddr;
+  }
+
+  matchCIDR = function(first, second, partSize, cidrBits) {
+    var part, shift;
+    if (first.length !== second.length) {
+      throw new Error("ipaddr: cannot match CIDR for objects with different lengths");
+    }
+    part = 0;
+    while (cidrBits > 0) {
+      shift = partSize - cidrBits;
+      if (shift < 0) {
+        shift = 0;
+      }
+      if (first[part] >> shift !== second[part] >> shift) {
+        return false;
+      }
+      cidrBits -= partSize;
+      part += 1;
+    }
+    return true;
+  };
+
+  ipaddr.subnetMatch = function(address, rangeList, defaultName) {
+    var k, len, rangeName, rangeSubnets, subnet;
+    if (defaultName == null) {
+      defaultName = 'unicast';
+    }
+    for (rangeName in rangeList) {
+      rangeSubnets = rangeList[rangeName];
+      if (rangeSubnets[0] && !(rangeSubnets[0] instanceof Array)) {
+        rangeSubnets = [rangeSubnets];
+      }
+      for (k = 0, len = rangeSubnets.length; k < len; k++) {
+        subnet = rangeSubnets[k];
+        if (address.kind() === subnet[0].kind()) {
+          if (address.match.apply(address, subnet)) {
+            return rangeName;
+          }
+        }
+      }
+    }
+    return defaultName;
+  };
+
+  ipaddr.IPv4 = (function() {
+    function IPv4(octets) {
+      var k, len, octet;
+      if (octets.length !== 4) {
+        throw new Error("ipaddr: ipv4 octet count should be 4");
+      }
+      for (k = 0, len = octets.length; k < len; k++) {
+        octet = octets[k];
+        if (!((0 <= octet && octet <= 255))) {
+          throw new Error("ipaddr: ipv4 octet should fit in 8 bits");
+        }
+      }
+      this.octets = octets;
+    }
+
+    IPv4.prototype.kind = function() {
+      return 'ipv4';
+    };
+
+    IPv4.prototype.toString = function() {
+      return this.octets.join(".");
+    };
+
+    IPv4.prototype.toNormalizedString = function() {
+      return this.toString();
+    };
+
+    IPv4.prototype.toByteArray = function() {
+      return this.octets.slice(0);
+    };
+
+    IPv4.prototype.match = function(other, cidrRange) {
+      var ref;
+      if (cidrRange === void 0) {
+        ref = other, other = ref[0], cidrRange = ref[1];
+      }
+      if (other.kind() !== 'ipv4') {
+        throw new Error("ipaddr: cannot match ipv4 address with non-ipv4 one");
+      }
+      return matchCIDR(this.octets, other.octets, 8, cidrRange);
+    };
+
+    IPv4.prototype.SpecialRanges = {
+      unspecified: [[new IPv4([0, 0, 0, 0]), 8]],
+      broadcast: [[new IPv4([255, 255, 255, 255]), 32]],
+      multicast: [[new IPv4([224, 0, 0, 0]), 4]],
+      linkLocal: [[new IPv4([169, 254, 0, 0]), 16]],
+      loopback: [[new IPv4([127, 0, 0, 0]), 8]],
+      carrierGradeNat: [[new IPv4([100, 64, 0, 0]), 10]],
+      "private": [[new IPv4([10, 0, 0, 0]), 8], [new IPv4([172, 16, 0, 0]), 12], [new IPv4([192, 168, 0, 0]), 16]],
+      reserved: [[new IPv4([192, 0, 0, 0]), 24], [new IPv4([192, 0, 2, 0]), 24], [new IPv4([192, 88, 99, 0]), 24], [new IPv4([198, 51, 100, 0]), 24], [new IPv4([203, 0, 113, 0]), 24], [new IPv4([240, 0, 0, 0]), 4]]
+    };
+
+    IPv4.prototype.range = function() {
+      return ipaddr.subnetMatch(this, this.SpecialRanges);
+    };
+
+    IPv4.prototype.toIPv4MappedAddress = function() {
+      return ipaddr.IPv6.parse("::ffff:" + (this.toString()));
+    };
+
+    IPv4.prototype.prefixLengthFromSubnetMask = function() {
+      var cidr, i, k, octet, stop, zeros, zerotable;
+      zerotable = {
+        0: 8,
+        128: 7,
+        192: 6,
+        224: 5,
+        240: 4,
+        248: 3,
+        252: 2,
+        254: 1,
+        255: 0
+      };
+      cidr = 0;
+      stop = false;
+      for (i = k = 3; k >= 0; i = k += -1) {
+        octet = this.octets[i];
+        if (octet in zerotable) {
+          zeros = zerotable[octet];
+          if (stop && zeros !== 0) {
+            return null;
+          }
+          if (zeros !== 8) {
+            stop = true;
+          }
+          cidr += zeros;
+        } else {
+          return null;
+        }
+      }
+      return 32 - cidr;
+    };
+
+    return IPv4;
+
+  })();
+
+  ipv4Part = "(0?\\d+|0x[a-f0-9]+)";
+
+  ipv4Regexes = {
+    fourOctet: new RegExp("^" + ipv4Part + "\\." + ipv4Part + "\\." + ipv4Part + "\\." + ipv4Part + "$", 'i'),
+    longValue: new RegExp("^" + ipv4Part + "$", 'i')
+  };
+
+  ipaddr.IPv4.parser = function(string) {
+    var match, parseIntAuto, part, shift, value;
+    parseIntAuto = function(string) {
+      if (string[0] === "0" && string[1] !== "x") {
+        return parseInt(string, 8);
+      } else {
+        return parseInt(string);
+      }
+    };
+    if (match = string.match(ipv4Regexes.fourOctet)) {
+      return (function() {
+        var k, len, ref, results;
+        ref = match.slice(1, 6);
+        results = [];
+        for (k = 0, len = ref.length; k < len; k++) {
+          part = ref[k];
+          results.push(parseIntAuto(part));
+        }
+        return results;
+      })();
+    } else if (match = string.match(ipv4Regexes.longValue)) {
+      value = parseIntAuto(match[1]);
+      if (value > 0xffffffff || value < 0) {
+        throw new Error("ipaddr: address outside defined range");
+      }
+      return ((function() {
+        var k, results;
+        results = [];
+        for (shift = k = 0; k <= 24; shift = k += 8) {
+          results.push((value >> shift) & 0xff);
+        }
+        return results;
+      })()).reverse();
+    } else {
+      return null;
+    }
+  };
+
+  ipaddr.IPv6 = (function() {
+    function IPv6(parts, zoneId) {
+      var i, k, l, len, part, ref;
+      if (parts.length === 16) {
+        this.parts = [];
+        for (i = k = 0; k <= 14; i = k += 2) {
+          this.parts.push((parts[i] << 8) | parts[i + 1]);
+        }
+      } else if (parts.length === 8) {
+        this.parts = parts;
+      } else {
+        throw new Error("ipaddr: ipv6 part count should be 8 or 16");
+      }
+      ref = this.parts;
+      for (l = 0, len = ref.length; l < len; l++) {
+        part = ref[l];
+        if (!((0 <= part && part <= 0xffff))) {
+          throw new Error("ipaddr: ipv6 part should fit in 16 bits");
+        }
+      }
+      if (zoneId) {
+        this.zoneId = zoneId;
+      }
+    }
+
+    IPv6.prototype.kind = function() {
+      return 'ipv6';
+    };
+
+    IPv6.prototype.toString = function() {
+      return this.toNormalizedString().replace(/((^|:)(0(:|$))+)/, '::');
+    };
+
+    IPv6.prototype.toRFC5952String = function() {
+      var bestMatchIndex, bestMatchLength, match, regex, string;
+      regex = /((^|:)(0(:|$)){2,})/g;
+      string = this.toNormalizedString();
+      bestMatchIndex = 0;
+      bestMatchLength = -1;
+      while ((match = regex.exec(string))) {
+        if (match[0].length > bestMatchLength) {
+          bestMatchIndex = match.index;
+          bestMatchLength = match[0].length;
+        }
+      }
+      if (bestMatchLength < 0) {
+        return string;
+      }
+      return string.substring(0, bestMatchIndex) + '::' + string.substring(bestMatchIndex + bestMatchLength);
+    };
+
+    IPv6.prototype.toByteArray = function() {
+      var bytes, k, len, part, ref;
+      bytes = [];
+      ref = this.parts;
+      for (k = 0, len = ref.length; k < len; k++) {
+        part = ref[k];
+        bytes.push(part >> 8);
+        bytes.push(part & 0xff);
+      }
+      return bytes;
+    };
+
+    IPv6.prototype.toNormalizedString = function() {
+      var addr, part, suffix;
+      addr = ((function() {
+        var k, len, ref, results;
+        ref = this.parts;
+        results = [];
+        for (k = 0, len = ref.length; k < len; k++) {
+          part = ref[k];
+          results.push(part.toString(16));
+        }
+        return results;
+      }).call(this)).join(":");
+      suffix = '';
+      if (this.zoneId) {
+        suffix = '%' + this.zoneId;
+      }
+      return addr + suffix;
+    };
+
+    IPv6.prototype.toFixedLengthString = function() {
+      var addr, part, suffix;
+      addr = ((function() {
+        var k, len, ref, results;
+        ref = this.parts;
+        results = [];
+        for (k = 0, len = ref.length; k < len; k++) {
+          part = ref[k];
+          results.push(part.toString(16).padStart(4, '0'));
+        }
+        return results;
+      }).call(this)).join(":");
+      suffix = '';
+      if (this.zoneId) {
+        suffix = '%' + this.zoneId;
+      }
+      return addr + suffix;
+    };
+
+    IPv6.prototype.match = function(other, cidrRange) {
+      var ref;
+      if (cidrRange === void 0) {
+        ref = other, other = ref[0], cidrRange = ref[1];
+      }
+      if (other.kind() !== 'ipv6') {
+        throw new Error("ipaddr: cannot match ipv6 address with non-ipv6 one");
+      }
+      return matchCIDR(this.parts, other.parts, 16, cidrRange);
+    };
+
+    IPv6.prototype.SpecialRanges = {
+      unspecified: [new IPv6([0, 0, 0, 0, 0, 0, 0, 0]), 128],
+      linkLocal: [new IPv6([0xfe80, 0, 0, 0, 0, 0, 0, 0]), 10],
+      multicast: [new IPv6([0xff00, 0, 0, 0, 0, 0, 0, 0]), 8],
+      loopback: [new IPv6([0, 0, 0, 0, 0, 0, 0, 1]), 128],
+      uniqueLocal: [new IPv6([0xfc00, 0, 0, 0, 0, 0, 0, 0]), 7],
+      ipv4Mapped: [new IPv6([0, 0, 0, 0, 0, 0xffff, 0, 0]), 96],
+      rfc6145: [new IPv6([0, 0, 0, 0, 0xffff, 0, 0, 0]), 96],
+      rfc6052: [new IPv6([0x64, 0xff9b, 0, 0, 0, 0, 0, 0]), 96],
+      '6to4': [new IPv6([0x2002, 0, 0, 0, 0, 0, 0, 0]), 16],
+      teredo: [new IPv6([0x2001, 0, 0, 0, 0, 0, 0, 0]), 32],
+      reserved: [[new IPv6([0x2001, 0xdb8, 0, 0, 0, 0, 0, 0]), 32]]
+    };
+
+    IPv6.prototype.range = function() {
+      return ipaddr.subnetMatch(this, this.SpecialRanges);
+    };
+
+    IPv6.prototype.isIPv4MappedAddress = function() {
+      return this.range() === 'ipv4Mapped';
+    };
+
+    IPv6.prototype.toIPv4Address = function() {
+      var high, low, ref;
+      if (!this.isIPv4MappedAddress()) {
+        throw new Error("ipaddr: trying to convert a generic ipv6 address to ipv4");
+      }
+      ref = this.parts.slice(-2), high = ref[0], low = ref[1];
+      return new ipaddr.IPv4([high >> 8, high & 0xff, low >> 8, low & 0xff]);
+    };
+
+    IPv6.prototype.prefixLengthFromSubnetMask = function() {
+      var cidr, i, k, part, stop, zeros, zerotable;
+      zerotable = {
+        0: 16,
+        32768: 15,
+        49152: 14,
+        57344: 13,
+        61440: 12,
+        63488: 11,
+        64512: 10,
+        65024: 9,
+        65280: 8,
+        65408: 7,
+        65472: 6,
+        65504: 5,
+        65520: 4,
+        65528: 3,
+        65532: 2,
+        65534: 1,
+        65535: 0
+      };
+      cidr = 0;
+      stop = false;
+      for (i = k = 7; k >= 0; i = k += -1) {
+        part = this.parts[i];
+        if (part in zerotable) {
+          zeros = zerotable[part];
+          if (stop && zeros !== 0) {
+            return null;
+          }
+          if (zeros !== 16) {
+            stop = true;
+          }
+          cidr += zeros;
+        } else {
+          return null;
+        }
+      }
+      return 128 - cidr;
+    };
+
+    return IPv6;
+
+  })();
+
+  ipv6Part = "(?:[0-9a-f]+::?)+";
+
+  zoneIndex = "%[0-9a-z]{1,}";
+
+  ipv6Regexes = {
+    zoneIndex: new RegExp(zoneIndex, 'i'),
+    "native": new RegExp("^(::)?(" + ipv6Part + ")?([0-9a-f]+)?(::)?(" + zoneIndex + ")?$", 'i'),
+    transitional: new RegExp(("^((?:" + ipv6Part + ")|(?:::)(?:" + ipv6Part + ")?)") + (ipv4Part + "\\." + ipv4Part + "\\." + ipv4Part + "\\." + ipv4Part) + ("(" + zoneIndex + ")?$"), 'i')
+  };
+
+  expandIPv6 = function(string, parts) {
+    var colonCount, lastColon, part, replacement, replacementCount, zoneId;
+    if (string.indexOf('::') !== string.lastIndexOf('::')) {
+      return null;
+    }
+    zoneId = (string.match(ipv6Regexes['zoneIndex']) || [])[0];
+    if (zoneId) {
+      zoneId = zoneId.substring(1);
+      string = string.replace(/%.+$/, '');
+    }
+    colonCount = 0;
+    lastColon = -1;
+    while ((lastColon = string.indexOf(':', lastColon + 1)) >= 0) {
+      colonCount++;
+    }
+    if (string.substr(0, 2) === '::') {
+      colonCount--;
+    }
+    if (string.substr(-2, 2) === '::') {
+      colonCount--;
+    }
+    if (colonCount > parts) {
+      return null;
+    }
+    replacementCount = parts - colonCount;
+    replacement = ':';
+    while (replacementCount--) {
+      replacement += '0:';
+    }
+    string = string.replace('::', replacement);
+    if (string[0] === ':') {
+      string = string.slice(1);
+    }
+    if (string[string.length - 1] === ':') {
+      string = string.slice(0, -1);
+    }
+    parts = (function() {
+      var k, len, ref, results;
+      ref = string.split(":");
+      results = [];
+      for (k = 0, len = ref.length; k < len; k++) {
+        part = ref[k];
+        results.push(parseInt(part, 16));
+      }
+      return results;
+    })();
+    return {
+      parts: parts,
+      zoneId: zoneId
+    };
+  };
+
+  ipaddr.IPv6.parser = function(string) {
+    var addr, k, len, match, octet, octets, zoneId;
+    if (ipv6Regexes['native'].test(string)) {
+      return expandIPv6(string, 8);
+    } else if (match = string.match(ipv6Regexes['transitional'])) {
+      zoneId = match[6] || '';
+      addr = expandIPv6(match[1].slice(0, -1) + zoneId, 6);
+      if (addr.parts) {
+        octets = [parseInt(match[2]), parseInt(match[3]), parseInt(match[4]), parseInt(match[5])];
+        for (k = 0, len = octets.length; k < len; k++) {
+          octet = octets[k];
+          if (!((0 <= octet && octet <= 255))) {
+            return null;
+          }
+        }
+        addr.parts.push(octets[0] << 8 | octets[1]);
+        addr.parts.push(octets[2] << 8 | octets[3]);
+        return {
+          parts: addr.parts,
+          zoneId: addr.zoneId
+        };
+      }
+    }
+    return null;
+  };
+
+  ipaddr.IPv4.isIPv4 = ipaddr.IPv6.isIPv6 = function(string) {
+    return this.parser(string) !== null;
+  };
+
+  ipaddr.IPv4.isValid = function(string) {
+    var e;
+    try {
+      new this(this.parser(string));
+      return true;
+    } catch (error1) {
+      e = error1;
+      return false;
+    }
+  };
+
+  ipaddr.IPv4.isValidFourPartDecimal = function(string) {
+    if (ipaddr.IPv4.isValid(string) && string.match(/^(0|[1-9]\d*)(\.(0|[1-9]\d*)){3}$/)) {
+      return true;
+    } else {
+      return false;
+    }
+  };
+
+  ipaddr.IPv6.isValid = function(string) {
+    var addr, e;
+    if (typeof string === "string" && string.indexOf(":") === -1) {
+      return false;
+    }
+    try {
+      addr = this.parser(string);
+      new this(addr.parts, addr.zoneId);
+      return true;
+    } catch (error1) {
+      e = error1;
+      return false;
+    }
+  };
+
+  ipaddr.IPv4.parse = function(string) {
+    var parts;
+    parts = this.parser(string);
+    if (parts === null) {
+      throw new Error("ipaddr: string is not formatted like ip address");
+    }
+    return new this(parts);
+  };
+
+  ipaddr.IPv6.parse = function(string) {
+    var addr;
+    addr = this.parser(string);
+    if (addr.parts === null) {
+      throw new Error("ipaddr: string is not formatted like ip address");
+    }
+    return new this(addr.parts, addr.zoneId);
+  };
+
+  ipaddr.IPv4.parseCIDR = function(string) {
+    var maskLength, match, parsed;
+    if (match = string.match(/^(.+)\/(\d+)$/)) {
+      maskLength = parseInt(match[2]);
+      if (maskLength >= 0 && maskLength <= 32) {
+        parsed = [this.parse(match[1]), maskLength];
+        Object.defineProperty(parsed, 'toString', {
+          value: function() {
+            return this.join('/');
+          }
+        });
+        return parsed;
+      }
+    }
+    throw new Error("ipaddr: string is not formatted like an IPv4 CIDR range");
+  };
+
+  ipaddr.IPv4.subnetMaskFromPrefixLength = function(prefix) {
+    var filledOctetCount, j, octets;
+    prefix = parseInt(prefix);
+    if (prefix < 0 || prefix > 32) {
+      throw new Error('ipaddr: invalid IPv4 prefix length');
+    }
+    octets = [0, 0, 0, 0];
+    j = 0;
+    filledOctetCount = Math.floor(prefix / 8);
+    while (j < filledOctetCount) {
+      octets[j] = 255;
+      j++;
+    }
+    if (filledOctetCount < 4) {
+      octets[filledOctetCount] = Math.pow(2, prefix % 8) - 1 << 8 - (prefix % 8);
+    }
+    return new this(octets);
+  };
+
+  ipaddr.IPv4.broadcastAddressFromCIDR = function(string) {
+    var cidr, error, i, ipInterfaceOctets, octets, subnetMaskOctets;
+    try {
+      cidr = this.parseCIDR(string);
+      ipInterfaceOctets = cidr[0].toByteArray();
+      subnetMaskOctets = this.subnetMaskFromPrefixLength(cidr[1]).toByteArray();
+      octets = [];
+      i = 0;
+      while (i < 4) {
+        octets.push(parseInt(ipInterfaceOctets[i], 10) | parseInt(subnetMaskOctets[i], 10) ^ 255);
+        i++;
+      }
+      return new this(octets);
+    } catch (error1) {
+      error = error1;
+      throw new Error('ipaddr: the address does not have IPv4 CIDR format');
+    }
+  };
+
+  ipaddr.IPv4.networkAddressFromCIDR = function(string) {
+    var cidr, error, i, ipInterfaceOctets, octets, subnetMaskOctets;
+    try {
+      cidr = this.parseCIDR(string);
+      ipInterfaceOctets = cidr[0].toByteArray();
+      subnetMaskOctets = this.subnetMaskFromPrefixLength(cidr[1]).toByteArray();
+      octets = [];
+      i = 0;
+      while (i < 4) {
+        octets.push(parseInt(ipInterfaceOctets[i], 10) & parseInt(subnetMaskOctets[i], 10));
+        i++;
+      }
+      return new this(octets);
+    } catch (error1) {
+      error = error1;
+      throw new Error('ipaddr: the address does not have IPv4 CIDR format');
+    }
+  };
+
+  ipaddr.IPv6.parseCIDR = function(string) {
+    var maskLength, match, parsed;
+    if (match = string.match(/^(.+)\/(\d+)$/)) {
+      maskLength = parseInt(match[2]);
+      if (maskLength >= 0 && maskLength <= 128) {
+        parsed = [this.parse(match[1]), maskLength];
+        Object.defineProperty(parsed, 'toString', {
+          value: function() {
+            return this.join('/');
+          }
+        });
+        return parsed;
+      }
+    }
+    throw new Error("ipaddr: string is not formatted like an IPv6 CIDR range");
+  };
+
+  ipaddr.isValid = function(string) {
+    return ipaddr.IPv6.isValid(string) || ipaddr.IPv4.isValid(string);
+  };
+
+  ipaddr.parse = function(string) {
+    if (ipaddr.IPv6.isValid(string)) {
+      return ipaddr.IPv6.parse(string);
+    } else if (ipaddr.IPv4.isValid(string)) {
+      return ipaddr.IPv4.parse(string);
+    } else {
+      throw new Error("ipaddr: the address has neither IPv6 nor IPv4 format");
+    }
+  };
+
+  ipaddr.parseCIDR = function(string) {
+    var e;
+    try {
+      return ipaddr.IPv6.parseCIDR(string);
+    } catch (error1) {
+      e = error1;
+      try {
+        return ipaddr.IPv4.parseCIDR(string);
+      } catch (error1) {
+        e = error1;
+        throw new Error("ipaddr: the address has neither IPv6 nor IPv4 CIDR format");
+      }
+    }
+  };
+
+  ipaddr.fromByteArray = function(bytes) {
+    var length;
+    length = bytes.length;
+    if (length === 4) {
+      return new ipaddr.IPv4(bytes);
+    } else if (length === 16) {
+      return new ipaddr.IPv6(bytes);
+    } else {
+      throw new Error("ipaddr: the binary input is neither an IPv6 nor IPv4 address");
+    }
+  };
+
+  ipaddr.process = function(string) {
+    var addr;
+    addr = this.parse(string);
+    if (addr.kind() === 'ipv6' && addr.isIPv4MappedAddress()) {
+      return addr.toIPv4Address();
+    } else {
+      return addr;
+    }
+  };
+
+}).call(this);
diff --git a/src/Servers/ExpressServer/node_modules/ipaddr.js/lib/ipaddr.js.d.ts b/src/Servers/ExpressServer/node_modules/ipaddr.js/lib/ipaddr.js.d.ts
new file mode 100644
index 0000000..52174b6
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/ipaddr.js/lib/ipaddr.js.d.ts
@@ -0,0 +1,68 @@
+declare module "ipaddr.js" {
+    type IPv4Range = 'unicast' | 'unspecified' | 'broadcast' | 'multicast' | 'linkLocal' | 'loopback' | 'carrierGradeNat' | 'private' | 'reserved';
+    type IPv6Range = 'unicast' | 'unspecified' | 'linkLocal' | 'multicast' | 'loopback' | 'uniqueLocal' | 'ipv4Mapped' | 'rfc6145' | 'rfc6052' | '6to4' | 'teredo' | 'reserved';
+
+    interface RangeList<T> {
+        [name: string]: [T, number] | [T, number][];
+    }
+
+    // Common methods/properties for IPv4 and IPv6 classes.
+    class IP {
+        prefixLengthFromSubnetMask(): number | null;
+        toByteArray(): number[];
+        toNormalizedString(): string;
+        toString(): string;
+    }
+
+    namespace Address {
+        export function isValid(addr: string): boolean;
+        export function fromByteArray(bytes: number[]): IPv4 | IPv6;
+        export function parse(addr: string): IPv4 | IPv6;
+        export function parseCIDR(mask: string): [IPv4 | IPv6, number];
+        export function process(addr: string): IPv4 | IPv6;
+        export function subnetMatch(addr: IPv4, rangeList: RangeList<IPv4>, defaultName?: string): string;
+        export function subnetMatch(addr: IPv6, rangeList: RangeList<IPv6>, defaultName?: string): string;
+
+        export class IPv4 extends IP {
+            static broadcastAddressFromCIDR(addr: string): IPv4;
+            static isIPv4(addr: string): boolean;
+            static isValidFourPartDecimal(addr: string): boolean;
+            static isValid(addr: string): boolean;
+            static networkAddressFromCIDR(addr: string): IPv4;
+            static parse(addr: string): IPv4;
+            static parseCIDR(addr: string): [IPv4, number];
+            static subnetMaskFromPrefixLength(prefix: number): IPv4;
+            constructor(octets: number[]);
+            octets: number[]
+
+            kind(): 'ipv4';
+            match(addr: IPv4, bits: number): boolean;
+            match(mask: [IPv4, number]): boolean;
+            range(): IPv4Range;
+            subnetMatch(rangeList: RangeList<IPv4>, defaultName?: string): string;
+            toIPv4MappedAddress(): IPv6;
+        }
+
+        export class IPv6 extends IP {
+            static broadcastAddressFromCIDR(addr: string): IPv6;
+            static isIPv6(addr: string): boolean;
+            static isValid(addr: string): boolean;
+            static parse(addr: string): IPv6;
+            static parseCIDR(addr: string): [IPv6, number];
+            static subnetMaskFromPrefixLength(prefix: number): IPv6;
+            constructor(parts: number[]);
+            parts: number[]
+            zoneId?: string
+
+            isIPv4MappedAddress(): boolean;
+            kind(): 'ipv6';
+            match(addr: IPv6, bits: number): boolean;
+            match(mask: [IPv6, number]): boolean;
+            range(): IPv6Range;
+            subnetMatch(rangeList: RangeList<IPv6>, defaultName?: string): string;
+            toIPv4Address(): IPv4;
+        }
+    }
+
+    export = Address;
+}
diff --git a/src/Servers/ExpressServer/node_modules/ipaddr.js/package.json b/src/Servers/ExpressServer/node_modules/ipaddr.js/package.json
new file mode 100644
index 0000000..f4d3547
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/ipaddr.js/package.json
@@ -0,0 +1,35 @@
+{
+  "name": "ipaddr.js",
+  "description": "A library for manipulating IPv4 and IPv6 addresses in JavaScript.",
+  "version": "1.9.1",
+  "author": "whitequark <whitequark@whitequark.org>",
+  "directories": {
+    "lib": "./lib"
+  },
+  "dependencies": {},
+  "devDependencies": {
+    "coffee-script": "~1.12.6",
+    "nodeunit": "^0.11.3",
+    "uglify-js": "~3.0.19"
+  },
+  "scripts": {
+    "test": "cake build test"
+  },
+  "files": [
+    "lib/",
+    "LICENSE",
+    "ipaddr.min.js"
+  ],
+  "keywords": [
+    "ip",
+    "ipv4",
+    "ipv6"
+  ],
+  "repository": "git://github.com/whitequark/ipaddr.js",
+  "main": "./lib/ipaddr.js",
+  "engines": {
+    "node": ">= 0.10"
+  },
+  "license": "MIT",
+  "types": "./lib/ipaddr.js.d.ts"
+}
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/.eslintrc b/src/Servers/ExpressServer/node_modules/math-intrinsics/.eslintrc
new file mode 100644
index 0000000..d90a1bc
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/math-intrinsics/.eslintrc
@@ -0,0 +1,16 @@
+{
+	"root": true,
+
+	"extends": "@ljharb",
+
+	"rules": {
+		"eqeqeq": ["error", "allow-null"],
+		"id-length": "off",
+		"new-cap": ["error", {
+			"capIsNewExceptions": [
+				"RequireObjectCoercible",
+				"ToObject",
+			],
+		}],
+	},
+}
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/.github/FUNDING.yml b/src/Servers/ExpressServer/node_modules/math-intrinsics/.github/FUNDING.yml
new file mode 100644
index 0000000..868f4ff
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/math-intrinsics/.github/FUNDING.yml
@@ -0,0 +1,12 @@
+# These are supported funding model platforms
+
+github: [ljharb]
+patreon: # Replace with a single Patreon username
+open_collective: # Replace with a single Open Collective username
+ko_fi: # Replace with a single Ko-fi username
+tidelift: npm/math-intrinsics
+community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
+liberapay: # Replace with a single Liberapay username
+issuehunt: # Replace with a single IssueHunt username
+otechie: # Replace with a single Otechie username
+custom: # Replace with a single custom sponsorship URL
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/CHANGELOG.md b/src/Servers/ExpressServer/node_modules/math-intrinsics/CHANGELOG.md
new file mode 100644
index 0000000..9cf48f5
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/math-intrinsics/CHANGELOG.md
@@ -0,0 +1,24 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [v1.1.0](https://github.com/es-shims/math-intrinsics/compare/v1.0.0...v1.1.0) - 2024-12-18
+
+### Commits
+
+- [New] add `round` [`7cfb044`](https://github.com/es-shims/math-intrinsics/commit/7cfb04460c0fbdf1ca101eecbac3f59d11994130)
+- [Tests] add attw [`e96be8f`](https://github.com/es-shims/math-intrinsics/commit/e96be8fbf58449eafe976446a0470e6ea561ad8d)
+- [Dev Deps] update `@types/tape` [`30d0023`](https://github.com/es-shims/math-intrinsics/commit/30d00234ce8a3fa0094a61cd55d6686eb91e36ec)
+
+## v1.0.0 - 2024-12-11
+
+### Commits
+
+- Initial implementation, tests, readme, types [`b898caa`](https://github.com/es-shims/math-intrinsics/commit/b898caae94e9994a94a42b8740f7bbcfd0a868fe)
+- Initial commit [`02745b0`](https://github.com/es-shims/math-intrinsics/commit/02745b03a62255af8a332771987b55d127538d9c)
+- [New] add `constants/maxArrayLength`, `mod` [`b978178`](https://github.com/es-shims/math-intrinsics/commit/b978178a57685bd23ed1c7efe2137f3784f5fcc5)
+- npm init [`a39fc57`](https://github.com/es-shims/math-intrinsics/commit/a39fc57e5639a645d0bd52a0dc56202480223be2)
+- Only apps should have lockfiles [`9451580`](https://github.com/es-shims/math-intrinsics/commit/94515800fb34db4f3cc7e99290042d45609ac7bd)
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/LICENSE b/src/Servers/ExpressServer/node_modules/math-intrinsics/LICENSE
new file mode 100644
index 0000000..34995e7
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/math-intrinsics/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 ECMAScript Shims
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/README.md b/src/Servers/ExpressServer/node_modules/math-intrinsics/README.md
new file mode 100644
index 0000000..4a66dcf
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/math-intrinsics/README.md
@@ -0,0 +1,50 @@
+# math-intrinsics <sup>[![Version Badge][npm-version-svg]][package-url]</sup>
+
+[![github actions][actions-image]][actions-url]
+[![coverage][codecov-image]][codecov-url]
+[![License][license-image]][license-url]
+[![Downloads][downloads-image]][downloads-url]
+
+[![npm badge][npm-badge-png]][package-url]
+
+ES Math-related intrinsics and helpers, robustly cached.
+
+ - `abs`
+ - `floor`
+ - `isFinite`
+ - `isInteger`
+ - `isNaN`
+ - `isNegativeZero`
+ - `max`
+ - `min`
+ - `mod`
+ - `pow`
+ - `round`
+ - `sign`
+ - `constants/maxArrayLength`
+ - `constants/maxSafeInteger`
+ - `constants/maxValue`
+
+
+## Tests
+Simply clone the repo, `npm install`, and run `npm test`
+
+## Security
+
+Please email [@ljharb](https://github.com/ljharb) or see https://tidelift.com/security if you have a potential security vulnerability to report.
+
+[package-url]: https://npmjs.org/package/math-intrinsics
+[npm-version-svg]: https://versionbadg.es/es-shims/math-intrinsics.svg
+[deps-svg]: https://david-dm.org/es-shims/math-intrinsics.svg
+[deps-url]: https://david-dm.org/es-shims/math-intrinsics
+[dev-deps-svg]: https://david-dm.org/es-shims/math-intrinsics/dev-status.svg
+[dev-deps-url]: https://david-dm.org/es-shims/math-intrinsics#info=devDependencies
+[npm-badge-png]: https://nodei.co/npm/math-intrinsics.png?downloads=true&stars=true
+[license-image]: https://img.shields.io/npm/l/math-intrinsics.svg
+[license-url]: LICENSE
+[downloads-image]: https://img.shields.io/npm/dm/es-object.svg
+[downloads-url]: https://npm-stat.com/charts.html?package=math-intrinsics
+[codecov-image]: https://codecov.io/gh/es-shims/math-intrinsics/branch/main/graphs/badge.svg
+[codecov-url]: https://app.codecov.io/gh/es-shims/math-intrinsics/
+[actions-image]: https://img.shields.io/endpoint?url=https://github-actions-badge-u3jn4tfpocch.runkit.sh/es-shims/math-intrinsics
+[actions-url]: https://github.com/es-shims/math-intrinsics/actions
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/abs.d.ts b/src/Servers/ExpressServer/node_modules/math-intrinsics/abs.d.ts
new file mode 100644
index 0000000..14ad9c6
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/math-intrinsics/abs.d.ts
@@ -0,0 +1 @@
+export = Math.abs;
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/abs.js b/src/Servers/ExpressServer/node_modules/math-intrinsics/abs.js
new file mode 100644
index 0000000..a751424
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/math-intrinsics/abs.js
@@ -0,0 +1,4 @@
+'use strict';
+
+/** @type {import('./abs')} */
+module.exports = Math.abs;
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/constants/maxArrayLength.d.ts b/src/Servers/ExpressServer/node_modules/math-intrinsics/constants/maxArrayLength.d.ts
new file mode 100644
index 0000000..b92d46b
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/math-intrinsics/constants/maxArrayLength.d.ts
@@ -0,0 +1,3 @@
+declare const MAX_ARRAY_LENGTH: 4294967295;
+
+export = MAX_ARRAY_LENGTH;
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/constants/maxArrayLength.js b/src/Servers/ExpressServer/node_modules/math-intrinsics/constants/maxArrayLength.js
new file mode 100644
index 0000000..cfc6aff
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/math-intrinsics/constants/maxArrayLength.js
@@ -0,0 +1,4 @@
+'use strict';
+
+/** @type {import('./maxArrayLength')} */
+module.exports = 4294967295; // Math.pow(2, 32) - 1;
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/constants/maxSafeInteger.d.ts b/src/Servers/ExpressServer/node_modules/math-intrinsics/constants/maxSafeInteger.d.ts
new file mode 100644
index 0000000..fee3f62
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/math-intrinsics/constants/maxSafeInteger.d.ts
@@ -0,0 +1,3 @@
+declare const MAX_SAFE_INTEGER: 9007199254740991;
+
+export = MAX_SAFE_INTEGER;
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/constants/maxSafeInteger.js b/src/Servers/ExpressServer/node_modules/math-intrinsics/constants/maxSafeInteger.js
new file mode 100644
index 0000000..b568ad3
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/math-intrinsics/constants/maxSafeInteger.js
@@ -0,0 +1,5 @@
+'use strict';
+
+/** @type {import('./maxSafeInteger')} */
+// eslint-disable-next-line no-extra-parens
+module.exports = /** @type {import('./maxSafeInteger')} */ (Number.MAX_SAFE_INTEGER) || 9007199254740991; // Math.pow(2, 53) - 1;
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/constants/maxValue.d.ts b/src/Servers/ExpressServer/node_modules/math-intrinsics/constants/maxValue.d.ts
new file mode 100644
index 0000000..292cb82
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/math-intrinsics/constants/maxValue.d.ts
@@ -0,0 +1,3 @@
+declare const MAX_VALUE: 1.7976931348623157e+308;
+
+export = MAX_VALUE;
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/constants/maxValue.js b/src/Servers/ExpressServer/node_modules/math-intrinsics/constants/maxValue.js
new file mode 100644
index 0000000..a2202dc
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/math-intrinsics/constants/maxValue.js
@@ -0,0 +1,5 @@
+'use strict';
+
+/** @type {import('./maxValue')}  */
+// eslint-disable-next-line no-extra-parens
+module.exports = /** @type {import('./maxValue')}  */ (Number.MAX_VALUE) || 1.7976931348623157e+308;
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/floor.d.ts b/src/Servers/ExpressServer/node_modules/math-intrinsics/floor.d.ts
new file mode 100644
index 0000000..9265236
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/math-intrinsics/floor.d.ts
@@ -0,0 +1 @@
+export = Math.floor;
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/floor.js b/src/Servers/ExpressServer/node_modules/math-intrinsics/floor.js
new file mode 100644
index 0000000..ab0e5d7
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/math-intrinsics/floor.js
@@ -0,0 +1,4 @@
+'use strict';
+
+/** @type {import('./floor')} */
+module.exports = Math.floor;
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/isFinite.d.ts b/src/Servers/ExpressServer/node_modules/math-intrinsics/isFinite.d.ts
new file mode 100644
index 0000000..6daae33
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/math-intrinsics/isFinite.d.ts
@@ -0,0 +1,3 @@
+declare function isFinite(x: unknown): x is number | bigint;
+
+export = isFinite;
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/isFinite.js b/src/Servers/ExpressServer/node_modules/math-intrinsics/isFinite.js
new file mode 100644
index 0000000..b201a5a
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/math-intrinsics/isFinite.js
@@ -0,0 +1,12 @@
+'use strict';
+
+var $isNaN = require('./isNaN');
+
+/** @type {import('./isFinite')} */
+module.exports = function isFinite(x) {
+	return (typeof x === 'number' || typeof x === 'bigint')
+        && !$isNaN(x)
+        && x !== Infinity
+        && x !== -Infinity;
+};
+
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/isInteger.d.ts b/src/Servers/ExpressServer/node_modules/math-intrinsics/isInteger.d.ts
new file mode 100644
index 0000000..13935a8
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/math-intrinsics/isInteger.d.ts
@@ -0,0 +1,3 @@
+declare function isInteger(argument: unknown): argument is number;
+
+export = isInteger;
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/isInteger.js b/src/Servers/ExpressServer/node_modules/math-intrinsics/isInteger.js
new file mode 100644
index 0000000..4b1b9a5
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/math-intrinsics/isInteger.js
@@ -0,0 +1,16 @@
+'use strict';
+
+var $abs = require('./abs');
+var $floor = require('./floor');
+
+var $isNaN = require('./isNaN');
+var $isFinite = require('./isFinite');
+
+/** @type {import('./isInteger')} */
+module.exports = function isInteger(argument) {
+	if (typeof argument !== 'number' || $isNaN(argument) || !$isFinite(argument)) {
+		return false;
+	}
+	var absValue = $abs(argument);
+	return $floor(absValue) === absValue;
+};
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/isNaN.d.ts b/src/Servers/ExpressServer/node_modules/math-intrinsics/isNaN.d.ts
new file mode 100644
index 0000000..c1d4c55
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/math-intrinsics/isNaN.d.ts
@@ -0,0 +1 @@
+export = Number.isNaN;
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/isNaN.js b/src/Servers/ExpressServer/node_modules/math-intrinsics/isNaN.js
new file mode 100644
index 0000000..e36475c
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/math-intrinsics/isNaN.js
@@ -0,0 +1,6 @@
+'use strict';
+
+/** @type {import('./isNaN')} */
+module.exports = Number.isNaN || function isNaN(a) {
+	return a !== a;
+};
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/isNegativeZero.d.ts b/src/Servers/ExpressServer/node_modules/math-intrinsics/isNegativeZero.d.ts
new file mode 100644
index 0000000..7ad8819
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/math-intrinsics/isNegativeZero.d.ts
@@ -0,0 +1,3 @@
+declare function isNegativeZero(x: unknown): boolean;
+
+export = isNegativeZero;
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/isNegativeZero.js b/src/Servers/ExpressServer/node_modules/math-intrinsics/isNegativeZero.js
new file mode 100644
index 0000000..b69adcc
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/math-intrinsics/isNegativeZero.js
@@ -0,0 +1,6 @@
+'use strict';
+
+/** @type {import('./isNegativeZero')} */
+module.exports = function isNegativeZero(x) {
+	return x === 0 && 1 / x === 1 / -0;
+};
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/max.d.ts b/src/Servers/ExpressServer/node_modules/math-intrinsics/max.d.ts
new file mode 100644
index 0000000..ad6f43e
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/math-intrinsics/max.d.ts
@@ -0,0 +1 @@
+export = Math.max;
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/max.js b/src/Servers/ExpressServer/node_modules/math-intrinsics/max.js
new file mode 100644
index 0000000..edb55df
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/math-intrinsics/max.js
@@ -0,0 +1,4 @@
+'use strict';
+
+/** @type {import('./max')} */
+module.exports = Math.max;
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/min.d.ts b/src/Servers/ExpressServer/node_modules/math-intrinsics/min.d.ts
new file mode 100644
index 0000000..fd90f2d
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/math-intrinsics/min.d.ts
@@ -0,0 +1 @@
+export = Math.min;
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/min.js b/src/Servers/ExpressServer/node_modules/math-intrinsics/min.js
new file mode 100644
index 0000000..5a4a7c7
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/math-intrinsics/min.js
@@ -0,0 +1,4 @@
+'use strict';
+
+/** @type {import('./min')} */
+module.exports = Math.min;
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/mod.d.ts b/src/Servers/ExpressServer/node_modules/math-intrinsics/mod.d.ts
new file mode 100644
index 0000000..549dbd4
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/math-intrinsics/mod.d.ts
@@ -0,0 +1,3 @@
+declare function mod(number: number, modulo: number): number;
+
+export = mod;
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/mod.js b/src/Servers/ExpressServer/node_modules/math-intrinsics/mod.js
new file mode 100644
index 0000000..4a98362
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/math-intrinsics/mod.js
@@ -0,0 +1,9 @@
+'use strict';
+
+var $floor = require('./floor');
+
+/** @type {import('./mod')} */
+module.exports = function mod(number, modulo) {
+	var remain = number % modulo;
+	return $floor(remain >= 0 ? remain : remain + modulo);
+};
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/package.json b/src/Servers/ExpressServer/node_modules/math-intrinsics/package.json
new file mode 100644
index 0000000..0676273
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/math-intrinsics/package.json
@@ -0,0 +1,86 @@
+{
+	"name": "math-intrinsics",
+	"version": "1.1.0",
+	"description": "ES Math-related intrinsics and helpers, robustly cached.",
+	"main": false,
+	"exports": {
+		"./abs": "./abs.js",
+		"./floor": "./floor.js",
+		"./isFinite": "./isFinite.js",
+		"./isInteger": "./isInteger.js",
+		"./isNaN": "./isNaN.js",
+		"./isNegativeZero": "./isNegativeZero.js",
+		"./max": "./max.js",
+		"./min": "./min.js",
+		"./mod": "./mod.js",
+		"./pow": "./pow.js",
+		"./sign": "./sign.js",
+		"./round": "./round.js",
+		"./constants/maxArrayLength": "./constants/maxArrayLength.js",
+		"./constants/maxSafeInteger": "./constants/maxSafeInteger.js",
+		"./constants/maxValue": "./constants/maxValue.js",
+		"./package.json": "./package.json"
+	},
+	"sideEffects": false,
+	"scripts": {
+		"prepack": "npmignore --auto --commentLines=autogenerated",
+		"prepublishOnly": "safe-publish-latest",
+		"prepublish": "not-in-publish || npm run prepublishOnly",
+		"pretest": "npm run lint",
+		"test": "npm run tests-only",
+		"tests-only": "nyc tape 'test/**/*.js'",
+		"posttest": "npx npm@'>= 10.2' audit --production",
+		"prelint": "evalmd README.md && eclint check $(git ls-files | xargs find 2> /dev/null | grep -vE 'node_modules|\\.git' | grep -v dist/)",
+		"lint": "eslint --ext=js,mjs .",
+		"postlint": "tsc && attw -P",
+		"version": "auto-changelog && git add CHANGELOG.md",
+		"postversion": "auto-changelog && git add CHANGELOG.md && git commit --no-edit --amend && git tag -f \"v$(node -e \"console.log(require('./package.json').version)\")\""
+	},
+	"repository": {
+		"type": "git",
+		"url": "git+https://github.com/es-shims/math-intrinsics.git"
+	},
+	"author": "Jordan Harband <ljharb@gmail.com>",
+	"license": "MIT",
+	"bugs": {
+		"url": "https://github.com/es-shims/math-intrinsics/issues"
+	},
+	"homepage": "https://github.com/es-shims/math-intrinsics#readme",
+	"devDependencies": {
+		"@arethetypeswrong/cli": "^0.17.1",
+		"@ljharb/eslint-config": "^21.1.1",
+		"@ljharb/tsconfig": "^0.2.2",
+		"@types/for-each": "^0.3.3",
+		"@types/object-inspect": "^1.13.0",
+		"@types/tape": "^5.8.0",
+		"auto-changelog": "^2.5.0",
+		"eclint": "^2.8.1",
+		"es-value-fixtures": "^1.5.0",
+		"eslint": "^8.8.0",
+		"evalmd": "^0.0.19",
+		"for-each": "^0.3.3",
+		"in-publish": "^2.0.1",
+		"npmignore": "^0.3.1",
+		"nyc": "^10.3.2",
+		"object-inspect": "^1.13.3",
+		"safe-publish-latest": "^2.0.0",
+		"tape": "^5.9.0",
+		"typescript": "next"
+	},
+	"auto-changelog": {
+		"output": "CHANGELOG.md",
+		"template": "keepachangelog",
+		"unreleased": false,
+		"commitLimit": false,
+		"backfillLimit": false,
+		"hideCredit": true
+	},
+	"publishConfig": {
+		"ignore": [
+			".github/workflows"
+		]
+	},
+	"engines": {
+		"node": ">= 0.4"
+	}
+}
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/pow.d.ts b/src/Servers/ExpressServer/node_modules/math-intrinsics/pow.d.ts
new file mode 100644
index 0000000..5873c44
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/math-intrinsics/pow.d.ts
@@ -0,0 +1 @@
+export = Math.pow;
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/pow.js b/src/Servers/ExpressServer/node_modules/math-intrinsics/pow.js
new file mode 100644
index 0000000..c0a4103
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/math-intrinsics/pow.js
@@ -0,0 +1,4 @@
+'use strict';
+
+/** @type {import('./pow')} */
+module.exports = Math.pow;
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/round.d.ts b/src/Servers/ExpressServer/node_modules/math-intrinsics/round.d.ts
new file mode 100644
index 0000000..da1fde3
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/math-intrinsics/round.d.ts
@@ -0,0 +1 @@
+export = Math.round;
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/round.js b/src/Servers/ExpressServer/node_modules/math-intrinsics/round.js
new file mode 100644
index 0000000..b792156
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/math-intrinsics/round.js
@@ -0,0 +1,4 @@
+'use strict';
+
+/** @type {import('./round')} */
+module.exports = Math.round;
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/sign.d.ts b/src/Servers/ExpressServer/node_modules/math-intrinsics/sign.d.ts
new file mode 100644
index 0000000..c49ceca
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/math-intrinsics/sign.d.ts
@@ -0,0 +1,3 @@
+declare function sign(x: number): number;
+
+export = sign;
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/sign.js b/src/Servers/ExpressServer/node_modules/math-intrinsics/sign.js
new file mode 100644
index 0000000..9e5173c
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/math-intrinsics/sign.js
@@ -0,0 +1,11 @@
+'use strict';
+
+var $isNaN = require('./isNaN');
+
+/** @type {import('./sign')} */
+module.exports = function sign(number) {
+	if ($isNaN(number) || number === 0) {
+		return number;
+	}
+	return number < 0 ? -1 : +1;
+};
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/test/index.js b/src/Servers/ExpressServer/node_modules/math-intrinsics/test/index.js
new file mode 100644
index 0000000..0f90a5d
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/math-intrinsics/test/index.js
@@ -0,0 +1,192 @@
+'use strict';
+
+var test = require('tape');
+var v = require('es-value-fixtures');
+var forEach = require('for-each');
+var inspect = require('object-inspect');
+
+var abs = require('../abs');
+var floor = require('../floor');
+var isFinite = require('../isFinite');
+var isInteger = require('../isInteger');
+var isNaN = require('../isNaN');
+var isNegativeZero = require('../isNegativeZero');
+var max = require('../max');
+var min = require('../min');
+var mod = require('../mod');
+var pow = require('../pow');
+var round = require('../round');
+var sign = require('../sign');
+
+var maxArrayLength = require('../constants/maxArrayLength');
+var maxSafeInteger = require('../constants/maxSafeInteger');
+var maxValue = require('../constants/maxValue');
+
+test('abs', function (t) {
+	t.equal(abs(-1), 1, 'abs(-1) === 1');
+	t.equal(abs(+1), 1, 'abs(+1) === 1');
+	t.equal(abs(+0), +0, 'abs(+0) === +0');
+	t.equal(abs(-0), +0, 'abs(-0) === +0');
+
+	t.end();
+});
+
+test('floor', function (t) {
+	t.equal(floor(-1.1), -2, 'floor(-1.1) === -2');
+	t.equal(floor(+1.1), 1, 'floor(+1.1) === 1');
+	t.equal(floor(+0), +0, 'floor(+0) === +0');
+	t.equal(floor(-0), -0, 'floor(-0) === -0');
+	t.equal(floor(-Infinity), -Infinity, 'floor(-Infinity) === -Infinity');
+	t.equal(floor(Number(Infinity)), Number(Infinity), 'floor(+Infinity) === +Infinity');
+	t.equal(floor(NaN), NaN, 'floor(NaN) === NaN');
+	t.equal(floor(0), +0, 'floor(0) === +0');
+	t.equal(floor(-0), -0, 'floor(-0) === -0');
+	t.equal(floor(1), 1, 'floor(1) === 1');
+	t.equal(floor(-1), -1, 'floor(-1) === -1');
+	t.equal(floor(1.1), 1, 'floor(1.1) === 1');
+	t.equal(floor(-1.1), -2, 'floor(-1.1) === -2');
+	t.equal(floor(maxValue), maxValue, 'floor(maxValue) === maxValue');
+	t.equal(floor(maxSafeInteger), maxSafeInteger, 'floor(maxSafeInteger) === maxSafeInteger');
+
+	t.end();
+});
+
+test('isFinite', function (t) {
+	t.equal(isFinite(0), true, 'isFinite(+0) === true');
+	t.equal(isFinite(-0), true, 'isFinite(-0) === true');
+	t.equal(isFinite(1), true, 'isFinite(1) === true');
+	t.equal(isFinite(Infinity), false, 'isFinite(Infinity) === false');
+	t.equal(isFinite(-Infinity), false, 'isFinite(-Infinity) === false');
+	t.equal(isFinite(NaN), false, 'isFinite(NaN) === false');
+
+	forEach(v.nonNumbers, function (nonNumber) {
+		t.equal(isFinite(nonNumber), false, 'isFinite(' + inspect(nonNumber) + ') === false');
+	});
+
+	t.end();
+});
+
+test('isInteger', function (t) {
+	forEach([].concat(
+		// @ts-expect-error TS sucks with concat
+		v.nonNumbers,
+		v.nonIntegerNumbers
+	), function (nonInteger) {
+		t.equal(isInteger(nonInteger), false, 'isInteger(' + inspect(nonInteger) + ') === false');
+	});
+
+	t.end();
+});
+
+test('isNaN', function (t) {
+	forEach([].concat(
+		// @ts-expect-error TS sucks with concat
+		v.nonNumbers,
+		v.infinities,
+		v.zeroes,
+		v.integerNumbers
+	), function (nonNaN) {
+		t.equal(isNaN(nonNaN), false, 'isNaN(' + inspect(nonNaN) + ') === false');
+	});
+
+	t.equal(isNaN(NaN), true, 'isNaN(NaN) === true');
+
+	t.end();
+});
+
+test('isNegativeZero', function (t) {
+	t.equal(isNegativeZero(-0), true, 'isNegativeZero(-0) === true');
+	t.equal(isNegativeZero(+0), false, 'isNegativeZero(+0) === false');
+	t.equal(isNegativeZero(1), false, 'isNegativeZero(1) === false');
+	t.equal(isNegativeZero(-1), false, 'isNegativeZero(-1) === false');
+	t.equal(isNegativeZero(NaN), false, 'isNegativeZero(NaN) === false');
+	t.equal(isNegativeZero(Infinity), false, 'isNegativeZero(Infinity) === false');
+	t.equal(isNegativeZero(-Infinity), false, 'isNegativeZero(-Infinity) === false');
+
+	forEach(v.nonNumbers, function (nonNumber) {
+		t.equal(isNegativeZero(nonNumber), false, 'isNegativeZero(' + inspect(nonNumber) + ') === false');
+	});
+
+	t.end();
+});
+
+test('max', function (t) {
+	t.equal(max(1, 2), 2, 'max(1, 2) === 2');
+	t.equal(max(1, 2, 3), 3, 'max(1, 2, 3) === 3');
+	t.equal(max(1, 2, 3, 4), 4, 'max(1, 2, 3, 4) === 4');
+	t.equal(max(1, 2, 3, 4, 5), 5, 'max(1, 2, 3, 4, 5) === 5');
+	t.equal(max(1, 2, 3, 4, 5, 6), 6, 'max(1, 2, 3, 4, 5, 6) === 6');
+	t.equal(max(1, 2, 3, 4, 5, 6, 7), 7, 'max(1, 2, 3, 4, 5, 6, 7) === 7');
+
+	t.end();
+});
+
+test('min', function (t) {
+	t.equal(min(1, 2), 1, 'min(1, 2) === 1');
+	t.equal(min(1, 2, 3), 1, 'min(1, 2, 3) === 1');
+	t.equal(min(1, 2, 3, 4), 1, 'min(1, 2, 3, 4) === 1');
+	t.equal(min(1, 2, 3, 4, 5), 1, 'min(1, 2, 3, 4, 5) === 1');
+	t.equal(min(1, 2, 3, 4, 5, 6), 1, 'min(1, 2, 3, 4, 5, 6) === 1');
+
+	t.end();
+});
+
+test('mod', function (t) {
+	t.equal(mod(1, 2), 1, 'mod(1, 2) === 1');
+	t.equal(mod(2, 2), 0, 'mod(2, 2) === 0');
+	t.equal(mod(3, 2), 1, 'mod(3, 2) === 1');
+	t.equal(mod(4, 2), 0, 'mod(4, 2) === 0');
+	t.equal(mod(5, 2), 1, 'mod(5, 2) === 1');
+	t.equal(mod(6, 2), 0, 'mod(6, 2) === 0');
+	t.equal(mod(7, 2), 1, 'mod(7, 2) === 1');
+	t.equal(mod(8, 2), 0, 'mod(8, 2) === 0');
+	t.equal(mod(9, 2), 1, 'mod(9, 2) === 1');
+	t.equal(mod(10, 2), 0, 'mod(10, 2) === 0');
+	t.equal(mod(11, 2), 1, 'mod(11, 2) === 1');
+
+	t.end();
+});
+
+test('pow', function (t) {
+	t.equal(pow(2, 2), 4, 'pow(2, 2) === 4');
+	t.equal(pow(2, 3), 8, 'pow(2, 3) === 8');
+	t.equal(pow(2, 4), 16, 'pow(2, 4) === 16');
+	t.equal(pow(2, 5), 32, 'pow(2, 5) === 32');
+	t.equal(pow(2, 6), 64, 'pow(2, 6) === 64');
+	t.equal(pow(2, 7), 128, 'pow(2, 7) === 128');
+	t.equal(pow(2, 8), 256, 'pow(2, 8) === 256');
+	t.equal(pow(2, 9), 512, 'pow(2, 9) === 512');
+	t.equal(pow(2, 10), 1024, 'pow(2, 10) === 1024');
+
+	t.end();
+});
+
+test('round', function (t) {
+	t.equal(round(1.1), 1, 'round(1.1) === 1');
+	t.equal(round(1.5), 2, 'round(1.5) === 2');
+	t.equal(round(1.9), 2, 'round(1.9) === 2');
+
+	t.end();
+});
+
+test('sign', function (t) {
+	t.equal(sign(-1), -1, 'sign(-1) === -1');
+	t.equal(sign(+1), +1, 'sign(+1) === +1');
+	t.equal(sign(+0), +0, 'sign(+0) === +0');
+	t.equal(sign(-0), -0, 'sign(-0) === -0');
+	t.equal(sign(NaN), NaN, 'sign(NaN) === NaN');
+	t.equal(sign(Infinity), +1, 'sign(Infinity) === +1');
+	t.equal(sign(-Infinity), -1, 'sign(-Infinity) === -1');
+	t.equal(sign(maxValue), +1, 'sign(maxValue) === +1');
+	t.equal(sign(maxSafeInteger), +1, 'sign(maxSafeInteger) === +1');
+
+	t.end();
+});
+
+test('constants', function (t) {
+	t.equal(typeof maxArrayLength, 'number', 'typeof maxArrayLength === "number"');
+	t.equal(typeof maxSafeInteger, 'number', 'typeof maxSafeInteger === "number"');
+	t.equal(typeof maxValue, 'number', 'typeof maxValue === "number"');
+
+	t.end();
+});
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/tsconfig.json b/src/Servers/ExpressServer/node_modules/math-intrinsics/tsconfig.json
new file mode 100644
index 0000000..b131000
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/math-intrinsics/tsconfig.json
@@ -0,0 +1,3 @@
+{
+	"extends": "@ljharb/tsconfig",
+}
diff --git a/src/Servers/ExpressServer/node_modules/media-typer/HISTORY.md b/src/Servers/ExpressServer/node_modules/media-typer/HISTORY.md
new file mode 100644
index 0000000..62c2003
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/media-typer/HISTORY.md
@@ -0,0 +1,22 @@
+0.3.0 / 2014-09-07
+==================
+
+  * Support Node.js 0.6
+  * Throw error when parameter format invalid on parse
+
+0.2.0 / 2014-06-18
+==================
+
+  * Add `typer.format()` to format media types
+
+0.1.0 / 2014-06-17
+==================
+
+  * Accept `req` as argument to `parse`
+  * Accept `res` as argument to `parse`
+  * Parse media type with extra LWS between type and first parameter
+
+0.0.0 / 2014-06-13
+==================
+
+  * Initial implementation
diff --git a/src/Servers/ExpressServer/node_modules/media-typer/LICENSE b/src/Servers/ExpressServer/node_modules/media-typer/LICENSE
new file mode 100644
index 0000000..b7dce6c
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/media-typer/LICENSE
@@ -0,0 +1,22 @@
+(The MIT License)
+
+Copyright (c) 2014 Douglas Christopher Wilson
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/media-typer/README.md b/src/Servers/ExpressServer/node_modules/media-typer/README.md
new file mode 100644
index 0000000..d8df623
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/media-typer/README.md
@@ -0,0 +1,81 @@
+# media-typer
+
+[![NPM Version][npm-image]][npm-url]
+[![NPM Downloads][downloads-image]][downloads-url]
+[![Node.js Version][node-version-image]][node-version-url]
+[![Build Status][travis-image]][travis-url]
+[![Test Coverage][coveralls-image]][coveralls-url]
+
+Simple RFC 6838 media type parser
+
+## Installation
+
+```sh
+$ npm install media-typer
+```
+
+## API
+
+```js
+var typer = require('media-typer')
+```
+
+### typer.parse(string)
+
+```js
+var obj = typer.parse('image/svg+xml; charset=utf-8')
+```
+
+Parse a media type string. This will return an object with the following
+properties (examples are shown for the string `'image/svg+xml; charset=utf-8'`):
+
+ - `type`: The type of the media type (always lower case). Example: `'image'`
+
+ - `subtype`: The subtype of the media type (always lower case). Example: `'svg'`
+
+ - `suffix`: The suffix of the media type (always lower case). Example: `'xml'`
+
+ - `parameters`: An object of the parameters in the media type (name of parameter always lower case). Example: `{charset: 'utf-8'}`
+
+### typer.parse(req)
+
+```js
+var obj = typer.parse(req)
+```
+
+Parse the `content-type` header from the given `req`. Short-cut for
+`typer.parse(req.headers['content-type'])`.
+
+### typer.parse(res)
+
+```js
+var obj = typer.parse(res)
+```
+
+Parse the `content-type` header set on the given `res`. Short-cut for
+`typer.parse(res.getHeader('content-type'))`.
+
+### typer.format(obj)
+
+```js
+var obj = typer.format({type: 'image', subtype: 'svg', suffix: 'xml'})
+```
+
+Format an object into a media type string. This will return a string of the
+mime type for the given object. For the properties of the object, see the
+documentation for `typer.parse(string)`.
+
+## License
+
+[MIT](LICENSE)
+
+[npm-image]: https://img.shields.io/npm/v/media-typer.svg?style=flat
+[npm-url]: https://npmjs.org/package/media-typer
+[node-version-image]: https://img.shields.io/badge/node.js-%3E%3D_0.6-brightgreen.svg?style=flat
+[node-version-url]: http://nodejs.org/download/
+[travis-image]: https://img.shields.io/travis/jshttp/media-typer.svg?style=flat
+[travis-url]: https://travis-ci.org/jshttp/media-typer
+[coveralls-image]: https://img.shields.io/coveralls/jshttp/media-typer.svg?style=flat
+[coveralls-url]: https://coveralls.io/r/jshttp/media-typer
+[downloads-image]: https://img.shields.io/npm/dm/media-typer.svg?style=flat
+[downloads-url]: https://npmjs.org/package/media-typer
diff --git a/src/Servers/ExpressServer/node_modules/media-typer/index.js b/src/Servers/ExpressServer/node_modules/media-typer/index.js
new file mode 100644
index 0000000..07f7295
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/media-typer/index.js
@@ -0,0 +1,270 @@
+/*!
+ * media-typer
+ * Copyright(c) 2014 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+/**
+ * RegExp to match *( ";" parameter ) in RFC 2616 sec 3.7
+ *
+ * parameter     = token "=" ( token | quoted-string )
+ * token         = 1*<any CHAR except CTLs or separators>
+ * separators    = "(" | ")" | "<" | ">" | "@"
+ *               | "," | ";" | ":" | "\" | <">
+ *               | "/" | "[" | "]" | "?" | "="
+ *               | "{" | "}" | SP | HT
+ * quoted-string = ( <"> *(qdtext | quoted-pair ) <"> )
+ * qdtext        = <any TEXT except <">>
+ * quoted-pair   = "\" CHAR
+ * CHAR          = <any US-ASCII character (octets 0 - 127)>
+ * TEXT          = <any OCTET except CTLs, but including LWS>
+ * LWS           = [CRLF] 1*( SP | HT )
+ * CRLF          = CR LF
+ * CR            = <US-ASCII CR, carriage return (13)>
+ * LF            = <US-ASCII LF, linefeed (10)>
+ * SP            = <US-ASCII SP, space (32)>
+ * SHT           = <US-ASCII HT, horizontal-tab (9)>
+ * CTL           = <any US-ASCII control character (octets 0 - 31) and DEL (127)>
+ * OCTET         = <any 8-bit sequence of data>
+ */
+var paramRegExp = /; *([!#$%&'\*\+\-\.0-9A-Z\^_`a-z\|~]+) *= *("(?:[ !\u0023-\u005b\u005d-\u007e\u0080-\u00ff]|\\[\u0020-\u007e])*"|[!#$%&'\*\+\-\.0-9A-Z\^_`a-z\|~]+) */g;
+var textRegExp = /^[\u0020-\u007e\u0080-\u00ff]+$/
+var tokenRegExp = /^[!#$%&'\*\+\-\.0-9A-Z\^_`a-z\|~]+$/
+
+/**
+ * RegExp to match quoted-pair in RFC 2616
+ *
+ * quoted-pair = "\" CHAR
+ * CHAR        = <any US-ASCII character (octets 0 - 127)>
+ */
+var qescRegExp = /\\([\u0000-\u007f])/g;
+
+/**
+ * RegExp to match chars that must be quoted-pair in RFC 2616
+ */
+var quoteRegExp = /([\\"])/g;
+
+/**
+ * RegExp to match type in RFC 6838
+ *
+ * type-name = restricted-name
+ * subtype-name = restricted-name
+ * restricted-name = restricted-name-first *126restricted-name-chars
+ * restricted-name-first  = ALPHA / DIGIT
+ * restricted-name-chars  = ALPHA / DIGIT / "!" / "#" /
+ *                          "$" / "&" / "-" / "^" / "_"
+ * restricted-name-chars =/ "." ; Characters before first dot always
+ *                              ; specify a facet name
+ * restricted-name-chars =/ "+" ; Characters after last plus always
+ *                              ; specify a structured syntax suffix
+ * ALPHA =  %x41-5A / %x61-7A   ; A-Z / a-z
+ * DIGIT =  %x30-39             ; 0-9
+ */
+var subtypeNameRegExp = /^[A-Za-z0-9][A-Za-z0-9!#$&^_.-]{0,126}$/
+var typeNameRegExp = /^[A-Za-z0-9][A-Za-z0-9!#$&^_-]{0,126}$/
+var typeRegExp = /^ *([A-Za-z0-9][A-Za-z0-9!#$&^_-]{0,126})\/([A-Za-z0-9][A-Za-z0-9!#$&^_.+-]{0,126}) *$/;
+
+/**
+ * Module exports.
+ */
+
+exports.format = format
+exports.parse = parse
+
+/**
+ * Format object to media type.
+ *
+ * @param {object} obj
+ * @return {string}
+ * @api public
+ */
+
+function format(obj) {
+  if (!obj || typeof obj !== 'object') {
+    throw new TypeError('argument obj is required')
+  }
+
+  var parameters = obj.parameters
+  var subtype = obj.subtype
+  var suffix = obj.suffix
+  var type = obj.type
+
+  if (!type || !typeNameRegExp.test(type)) {
+    throw new TypeError('invalid type')
+  }
+
+  if (!subtype || !subtypeNameRegExp.test(subtype)) {
+    throw new TypeError('invalid subtype')
+  }
+
+  // format as type/subtype
+  var string = type + '/' + subtype
+
+  // append +suffix
+  if (suffix) {
+    if (!typeNameRegExp.test(suffix)) {
+      throw new TypeError('invalid suffix')
+    }
+
+    string += '+' + suffix
+  }
+
+  // append parameters
+  if (parameters && typeof parameters === 'object') {
+    var param
+    var params = Object.keys(parameters).sort()
+
+    for (var i = 0; i < params.length; i++) {
+      param = params[i]
+
+      if (!tokenRegExp.test(param)) {
+        throw new TypeError('invalid parameter name')
+      }
+
+      string += '; ' + param + '=' + qstring(parameters[param])
+    }
+  }
+
+  return string
+}
+
+/**
+ * Parse media type to object.
+ *
+ * @param {string|object} string
+ * @return {Object}
+ * @api public
+ */
+
+function parse(string) {
+  if (!string) {
+    throw new TypeError('argument string is required')
+  }
+
+  // support req/res-like objects as argument
+  if (typeof string === 'object') {
+    string = getcontenttype(string)
+  }
+
+  if (typeof string !== 'string') {
+    throw new TypeError('argument string is required to be a string')
+  }
+
+  var index = string.indexOf(';')
+  var type = index !== -1
+    ? string.substr(0, index)
+    : string
+
+  var key
+  var match
+  var obj = splitType(type)
+  var params = {}
+  var value
+
+  paramRegExp.lastIndex = index
+
+  while (match = paramRegExp.exec(string)) {
+    if (match.index !== index) {
+      throw new TypeError('invalid parameter format')
+    }
+
+    index += match[0].length
+    key = match[1].toLowerCase()
+    value = match[2]
+
+    if (value[0] === '"') {
+      // remove quotes and escapes
+      value = value
+        .substr(1, value.length - 2)
+        .replace(qescRegExp, '$1')
+    }
+
+    params[key] = value
+  }
+
+  if (index !== -1 && index !== string.length) {
+    throw new TypeError('invalid parameter format')
+  }
+
+  obj.parameters = params
+
+  return obj
+}
+
+/**
+ * Get content-type from req/res objects.
+ *
+ * @param {object}
+ * @return {Object}
+ * @api private
+ */
+
+function getcontenttype(obj) {
+  if (typeof obj.getHeader === 'function') {
+    // res-like
+    return obj.getHeader('content-type')
+  }
+
+  if (typeof obj.headers === 'object') {
+    // req-like
+    return obj.headers && obj.headers['content-type']
+  }
+}
+
+/**
+ * Quote a string if necessary.
+ *
+ * @param {string} val
+ * @return {string}
+ * @api private
+ */
+
+function qstring(val) {
+  var str = String(val)
+
+  // no need to quote tokens
+  if (tokenRegExp.test(str)) {
+    return str
+  }
+
+  if (str.length > 0 && !textRegExp.test(str)) {
+    throw new TypeError('invalid parameter value')
+  }
+
+  return '"' + str.replace(quoteRegExp, '\\$1') + '"'
+}
+
+/**
+ * Simply "type/subtype+siffx" into parts.
+ *
+ * @param {string} string
+ * @return {Object}
+ * @api private
+ */
+
+function splitType(string) {
+  var match = typeRegExp.exec(string.toLowerCase())
+
+  if (!match) {
+    throw new TypeError('invalid media type')
+  }
+
+  var type = match[1]
+  var subtype = match[2]
+  var suffix
+
+  // suffix after last +
+  var index = subtype.lastIndexOf('+')
+  if (index !== -1) {
+    suffix = subtype.substr(index + 1)
+    subtype = subtype.substr(0, index)
+  }
+
+  var obj = {
+    type: type,
+    subtype: subtype,
+    suffix: suffix
+  }
+
+  return obj
+}
diff --git a/src/Servers/ExpressServer/node_modules/media-typer/package.json b/src/Servers/ExpressServer/node_modules/media-typer/package.json
new file mode 100644
index 0000000..8cf3ebc
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/media-typer/package.json
@@ -0,0 +1,26 @@
+{
+  "name": "media-typer",
+  "description": "Simple RFC 6838 media type parser and formatter",
+  "version": "0.3.0",
+  "author": "Douglas Christopher Wilson <doug@somethingdoug.com>",
+  "license": "MIT",
+  "repository": "jshttp/media-typer",
+  "devDependencies": {
+    "istanbul": "0.3.2",
+    "mocha": "~1.21.4",
+    "should": "~4.0.4"
+  },
+  "files": [
+    "LICENSE",
+    "HISTORY.md",
+    "index.js"
+  ],
+  "engines": {
+    "node": ">= 0.6"
+  },
+  "scripts": {
+    "test": "mocha --reporter spec --check-leaks --bail test/",
+    "test-cov": "istanbul cover node_modules/mocha/bin/_mocha -- --reporter dot --check-leaks test/",
+    "test-travis": "istanbul cover node_modules/mocha/bin/_mocha --report lcovonly -- --reporter spec --check-leaks test/"
+  }
+}
diff --git a/src/Servers/ExpressServer/node_modules/merge-descriptors/HISTORY.md b/src/Servers/ExpressServer/node_modules/merge-descriptors/HISTORY.md
new file mode 100644
index 0000000..486771f
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/merge-descriptors/HISTORY.md
@@ -0,0 +1,21 @@
+1.0.1 / 2016-01-17
+==================
+
+  * perf: enable strict mode
+
+1.0.0 / 2015-03-01
+==================
+
+  * Add option to only add new descriptors
+  * Add simple argument validation
+  * Add jsdoc to source file
+
+0.0.2 / 2013-12-14
+==================
+
+  * Move repository to `component` organization
+
+0.0.1 / 2013-10-29
+==================
+
+  * Initial release
diff --git a/src/Servers/ExpressServer/node_modules/merge-descriptors/LICENSE b/src/Servers/ExpressServer/node_modules/merge-descriptors/LICENSE
new file mode 100644
index 0000000..274bfd8
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/merge-descriptors/LICENSE
@@ -0,0 +1,23 @@
+(The MIT License)
+
+Copyright (c) 2013 Jonathan Ong <me@jongleberry.com>
+Copyright (c) 2015 Douglas Christopher Wilson <doug@somethingdoug.com>
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/merge-descriptors/README.md b/src/Servers/ExpressServer/node_modules/merge-descriptors/README.md
new file mode 100644
index 0000000..3403f4a
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/merge-descriptors/README.md
@@ -0,0 +1,49 @@
+# merge-descriptors
+
+[![NPM Version][npm-image]][npm-url]
+[![NPM Downloads][downloads-image]][downloads-url]
+[![Build Status][travis-image]][travis-url]
+[![Test Coverage][coveralls-image]][coveralls-url]
+
+Merge objects using descriptors.
+
+```js
+var thing = {
+  get name() {
+    return 'jon'
+  }
+}
+
+var animal = {
+
+}
+
+merge(animal, thing)
+
+animal.name === 'jon'
+```
+
+## API
+
+### merge(destination, source)
+
+Redefines `destination`'s descriptors with `source`'s. The return value is the
+`destination` object.
+
+### merge(destination, source, false)
+
+Defines `source`'s descriptors on `destination` if `destination` does not have
+a descriptor by the same name. The return value is the `destination` object.
+
+## License
+
+[MIT](LICENSE)
+
+[npm-image]: https://img.shields.io/npm/v/merge-descriptors.svg
+[npm-url]: https://npmjs.org/package/merge-descriptors
+[travis-image]: https://img.shields.io/travis/component/merge-descriptors/master.svg
+[travis-url]: https://travis-ci.org/component/merge-descriptors
+[coveralls-image]: https://img.shields.io/coveralls/component/merge-descriptors/master.svg
+[coveralls-url]: https://coveralls.io/r/component/merge-descriptors?branch=master
+[downloads-image]: https://img.shields.io/npm/dm/merge-descriptors.svg
+[downloads-url]: https://npmjs.org/package/merge-descriptors
diff --git a/src/Servers/ExpressServer/node_modules/merge-descriptors/index.js b/src/Servers/ExpressServer/node_modules/merge-descriptors/index.js
new file mode 100644
index 0000000..f22ebab
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/merge-descriptors/index.js
@@ -0,0 +1,60 @@
+/*!
+ * merge-descriptors
+ * Copyright(c) 2014 Jonathan Ong
+ * Copyright(c) 2015 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict'
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = merge
+
+/**
+ * Module variables.
+ * @private
+ */
+
+var hasOwnProperty = Object.prototype.hasOwnProperty
+
+/**
+ * Merge the property descriptors of `src` into `dest`
+ *
+ * @param {object} dest Object to add descriptors to
+ * @param {object} src Object to clone descriptors from
+ * @param {boolean} [redefine=true] Redefine `dest` properties with `src` properties
+ * @returns {object} Reference to dest
+ * @public
+ */
+
+function merge (dest, src, redefine) {
+  if (!dest) {
+    throw new TypeError('argument dest is required')
+  }
+
+  if (!src) {
+    throw new TypeError('argument src is required')
+  }
+
+  if (redefine === undefined) {
+    // Default to true
+    redefine = true
+  }
+
+  Object.getOwnPropertyNames(src).forEach(function forEachOwnPropertyName (name) {
+    if (!redefine && hasOwnProperty.call(dest, name)) {
+      // Skip descriptor
+      return
+    }
+
+    // Copy descriptor
+    var descriptor = Object.getOwnPropertyDescriptor(src, name)
+    Object.defineProperty(dest, name, descriptor)
+  })
+
+  return dest
+}
diff --git a/src/Servers/ExpressServer/node_modules/merge-descriptors/package.json b/src/Servers/ExpressServer/node_modules/merge-descriptors/package.json
new file mode 100644
index 0000000..aa9af0a
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/merge-descriptors/package.json
@@ -0,0 +1,39 @@
+{
+  "name": "merge-descriptors",
+  "description": "Merge objects using descriptors",
+  "version": "1.0.3",
+  "author": {
+    "name": "Jonathan Ong",
+    "email": "me@jongleberry.com",
+    "url": "http://jongleberry.com",
+    "twitter": "https://twitter.com/jongleberry"
+  },
+  "contributors": [
+    "Douglas Christopher Wilson <doug@somethingdoug.com>",
+    "Mike Grabowski <grabbou@gmail.com>"
+  ],
+  "license": "MIT",
+  "repository": "sindresorhus/merge-descriptors",
+  "funding": "https://github.com/sponsors/sindresorhus",
+  "devDependencies": {
+    "eslint": "5.9.0",
+    "eslint-config-standard": "12.0.0",
+    "eslint-plugin-import": "2.14.0",
+    "eslint-plugin-node": "7.0.1",
+    "eslint-plugin-promise": "4.0.1",
+    "eslint-plugin-standard": "4.0.0",
+    "mocha": "5.2.0",
+    "nyc": "13.1.0"
+  },
+  "files": [
+    "HISTORY.md",
+    "LICENSE",
+    "README.md",
+    "index.js"
+  ],
+  "scripts": {
+    "lint": "eslint .",
+    "test": "mocha test/",
+    "test-cov": "nyc --reporter=html --reporter=text npm test"
+  }
+}
diff --git a/src/Servers/ExpressServer/node_modules/methods/HISTORY.md b/src/Servers/ExpressServer/node_modules/methods/HISTORY.md
new file mode 100644
index 0000000..c0ecf07
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/methods/HISTORY.md
@@ -0,0 +1,29 @@
+1.1.2 / 2016-01-17
+==================
+
+  * perf: enable strict mode
+
+1.1.1 / 2014-12-30
+==================
+
+  * Improve `browserify` support
+
+1.1.0 / 2014-07-05
+==================
+
+  * Add `CONNECT` method
+ 
+1.0.1 / 2014-06-02
+==================
+
+  * Fix module to work with harmony transform
+
+1.0.0 / 2014-05-08
+==================
+
+  * Add `PURGE` method
+
+0.1.0 / 2013-10-28
+==================
+
+  * Add `http.METHODS` support
diff --git a/src/Servers/ExpressServer/node_modules/methods/LICENSE b/src/Servers/ExpressServer/node_modules/methods/LICENSE
new file mode 100644
index 0000000..220dc1a
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/methods/LICENSE
@@ -0,0 +1,24 @@
+(The MIT License)
+
+Copyright (c) 2013-2014 TJ Holowaychuk <tj@vision-media.ca>
+Copyright (c) 2015-2016 Douglas Christopher Wilson <doug@somethingdoug.com>
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
diff --git a/src/Servers/ExpressServer/node_modules/methods/README.md b/src/Servers/ExpressServer/node_modules/methods/README.md
new file mode 100644
index 0000000..672a32b
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/methods/README.md
@@ -0,0 +1,51 @@
+# Methods
+
+[![NPM Version][npm-image]][npm-url]
+[![NPM Downloads][downloads-image]][downloads-url]
+[![Node.js Version][node-version-image]][node-version-url]
+[![Build Status][travis-image]][travis-url]
+[![Test Coverage][coveralls-image]][coveralls-url]
+
+HTTP verbs that Node.js core's HTTP parser supports.
+
+This module provides an export that is just like `http.METHODS` from Node.js core,
+with the following differences:
+
+  * All method names are lower-cased.
+  * Contains a fallback list of methods for Node.js versions that do not have a
+    `http.METHODS` export (0.10 and lower).
+  * Provides the fallback list when using tools like `browserify` without pulling
+    in the `http` shim module.
+
+## Install
+
+```bash
+$ npm install methods
+```
+
+## API
+
+```js
+var methods = require('methods')
+```
+
+### methods
+
+This is an array of lower-cased method names that Node.js supports. If Node.js
+provides the `http.METHODS` export, then this is the same array lower-cased,
+otherwise it is a snapshot of the verbs from Node.js 0.10.
+
+## License
+
+[MIT](LICENSE)
+
+[npm-image]: https://img.shields.io/npm/v/methods.svg?style=flat
+[npm-url]: https://npmjs.org/package/methods
+[node-version-image]: https://img.shields.io/node/v/methods.svg?style=flat
+[node-version-url]: https://nodejs.org/en/download/
+[travis-image]: https://img.shields.io/travis/jshttp/methods.svg?style=flat
+[travis-url]: https://travis-ci.org/jshttp/methods
+[coveralls-image]: https://img.shields.io/coveralls/jshttp/methods.svg?style=flat
+[coveralls-url]: https://coveralls.io/r/jshttp/methods?branch=master
+[downloads-image]: https://img.shields.io/npm/dm/methods.svg?style=flat
+[downloads-url]: https://npmjs.org/package/methods
diff --git a/src/Servers/ExpressServer/node_modules/methods/index.js b/src/Servers/ExpressServer/node_modules/methods/index.js
new file mode 100644
index 0000000..667a50b
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/methods/index.js
@@ -0,0 +1,69 @@
+/*!
+ * methods
+ * Copyright(c) 2013-2014 TJ Holowaychuk
+ * Copyright(c) 2015-2016 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict';
+
+/**
+ * Module dependencies.
+ * @private
+ */
+
+var http = require('http');
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = getCurrentNodeMethods() || getBasicNodeMethods();
+
+/**
+ * Get the current Node.js methods.
+ * @private
+ */
+
+function getCurrentNodeMethods() {
+  return http.METHODS && http.METHODS.map(function lowerCaseMethod(method) {
+    return method.toLowerCase();
+  });
+}
+
+/**
+ * Get the "basic" Node.js methods, a snapshot from Node.js 0.10.
+ * @private
+ */
+
+function getBasicNodeMethods() {
+  return [
+    'get',
+    'post',
+    'put',
+    'head',
+    'delete',
+    'options',
+    'trace',
+    'copy',
+    'lock',
+    'mkcol',
+    'move',
+    'purge',
+    'propfind',
+    'proppatch',
+    'unlock',
+    'report',
+    'mkactivity',
+    'checkout',
+    'merge',
+    'm-search',
+    'notify',
+    'subscribe',
+    'unsubscribe',
+    'patch',
+    'search',
+    'connect'
+  ];
+}
diff --git a/src/Servers/ExpressServer/node_modules/methods/package.json b/src/Servers/ExpressServer/node_modules/methods/package.json
new file mode 100644
index 0000000..c4ce6f0
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/methods/package.json
@@ -0,0 +1,36 @@
+{
+  "name": "methods",
+  "description": "HTTP methods that node supports",
+  "version": "1.1.2",
+  "contributors": [
+    "Douglas Christopher Wilson <doug@somethingdoug.com>",
+    "Jonathan Ong <me@jongleberry.com> (http://jongleberry.com)",
+    "TJ Holowaychuk <tj@vision-media.ca> (http://tjholowaychuk.com)"
+  ],
+  "license": "MIT",
+  "repository": "jshttp/methods",
+  "devDependencies": {
+    "istanbul": "0.4.1",
+    "mocha": "1.21.5"
+  },
+  "files": [
+    "index.js",
+    "HISTORY.md",
+    "LICENSE"
+  ],
+  "engines": {
+    "node": ">= 0.6"
+  },
+  "scripts": {
+    "test": "mocha --reporter spec --bail --check-leaks test/",
+    "test-cov": "istanbul cover node_modules/mocha/bin/_mocha -- --reporter dot --check-leaks test/",
+    "test-travis": "istanbul cover node_modules/mocha/bin/_mocha --report lcovonly -- --reporter spec --check-leaks test/"
+  },
+  "browser": {
+    "http": false
+  },
+  "keywords": [
+    "http",
+    "methods"
+  ]
+}
diff --git a/src/Servers/ExpressServer/node_modules/mime-db/HISTORY.md b/src/Servers/ExpressServer/node_modules/mime-db/HISTORY.md
new file mode 100644
index 0000000..7436f64
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/mime-db/HISTORY.md
@@ -0,0 +1,507 @@
+1.52.0 / 2022-02-21
+===================
+
+  * Add extensions from IANA for more `image/*` types
+  * Add extension `.asc` to `application/pgp-keys`
+  * Add extensions to various XML types
+  * Add new upstream MIME types
+
+1.51.0 / 2021-11-08
+===================
+
+  * Add new upstream MIME types
+  * Mark `image/vnd.microsoft.icon` as compressible
+  * Mark `image/vnd.ms-dds` as compressible
+
+1.50.0 / 2021-09-15
+===================
+
+  * Add deprecated iWorks mime types and extensions
+  * Add new upstream MIME types
+
+1.49.0 / 2021-07-26
+===================
+
+  * Add extension `.trig` to `application/trig`
+  * Add new upstream MIME types
+
+1.48.0 / 2021-05-30
+===================
+
+  * Add extension `.mvt` to `application/vnd.mapbox-vector-tile`
+  * Add new upstream MIME types
+  * Mark `text/yaml` as compressible
+
+1.47.0 / 2021-04-01
+===================
+
+  * Add new upstream MIME types
+  * Remove ambigious extensions from IANA for `application/*+xml` types
+  * Update primary extension to `.es` for `application/ecmascript`
+
+1.46.0 / 2021-02-13
+===================
+
+  * Add extension `.amr` to `audio/amr`
+  * Add extension `.m4s` to `video/iso.segment`
+  * Add extension `.opus` to `audio/ogg`
+  * Add new upstream MIME types
+
+1.45.0 / 2020-09-22
+===================
+
+  * Add `application/ubjson` with extension `.ubj`
+  * Add `image/avif` with extension `.avif`
+  * Add `image/ktx2` with extension `.ktx2`
+  * Add extension `.dbf` to `application/vnd.dbf`
+  * Add extension `.rar` to `application/vnd.rar`
+  * Add extension `.td` to `application/urc-targetdesc+xml`
+  * Add new upstream MIME types
+  * Fix extension of `application/vnd.apple.keynote` to be `.key`
+
+1.44.0 / 2020-04-22
+===================
+
+  * Add charsets from IANA
+  * Add extension `.cjs` to `application/node`
+  * Add new upstream MIME types
+
+1.43.0 / 2020-01-05
+===================
+
+  * Add `application/x-keepass2` with extension `.kdbx`
+  * Add extension `.mxmf` to `audio/mobile-xmf`
+  * Add extensions from IANA for `application/*+xml` types
+  * Add new upstream MIME types
+
+1.42.0 / 2019-09-25
+===================
+
+  * Add `image/vnd.ms-dds` with extension `.dds`
+  * Add new upstream MIME types
+  * Remove compressible from `multipart/mixed`
+
+1.41.0 / 2019-08-30
+===================
+
+  * Add new upstream MIME types
+  * Add `application/toml` with extension `.toml`
+  * Mark `font/ttf` as compressible
+
+1.40.0 / 2019-04-20
+===================
+
+  * Add extensions from IANA for `model/*` types
+  * Add `text/mdx` with extension `.mdx`
+
+1.39.0 / 2019-04-04
+===================
+
+  * Add extensions `.siv` and `.sieve` to `application/sieve`
+  * Add new upstream MIME types
+
+1.38.0 / 2019-02-04
+===================
+
+  * Add extension `.nq` to `application/n-quads`
+  * Add extension `.nt` to `application/n-triples`
+  * Add new upstream MIME types
+  * Mark `text/less` as compressible
+
+1.37.0 / 2018-10-19
+===================
+
+  * Add extensions to HEIC image types
+  * Add new upstream MIME types
+
+1.36.0 / 2018-08-20
+===================
+
+  * Add Apple file extensions from IANA
+  * Add extensions from IANA for `image/*` types
+  * Add new upstream MIME types
+
+1.35.0 / 2018-07-15
+===================
+
+  * Add extension `.owl` to `application/rdf+xml`
+  * Add new upstream MIME types
+    - Removes extension `.woff` from `application/font-woff`
+
+1.34.0 / 2018-06-03
+===================
+
+  * Add extension `.csl` to `application/vnd.citationstyles.style+xml`
+  * Add extension `.es` to `application/ecmascript`
+  * Add new upstream MIME types
+  * Add `UTF-8` as default charset for `text/turtle`
+  * Mark all XML-derived types as compressible
+
+1.33.0 / 2018-02-15
+===================
+
+  * Add extensions from IANA for `message/*` types
+  * Add new upstream MIME types
+  * Fix some incorrect OOXML types
+  * Remove `application/font-woff2`
+
+1.32.0 / 2017-11-29
+===================
+
+  * Add new upstream MIME types
+  * Update `text/hjson` to registered `application/hjson`
+  * Add `text/shex` with extension `.shex`
+
+1.31.0 / 2017-10-25
+===================
+
+  * Add `application/raml+yaml` with extension `.raml`
+  * Add `application/wasm` with extension `.wasm`
+  * Add new `font` type from IANA
+  * Add new upstream font extensions
+  * Add new upstream MIME types
+  * Add extensions for JPEG-2000 images
+
+1.30.0 / 2017-08-27
+===================
+
+  * Add `application/vnd.ms-outlook`
+  * Add `application/x-arj`
+  * Add extension `.mjs` to `application/javascript`
+  * Add glTF types and extensions
+  * Add new upstream MIME types
+  * Add `text/x-org`
+  * Add VirtualBox MIME types
+  * Fix `source` records for `video/*` types that are IANA
+  * Update `font/opentype` to registered `font/otf`
+
+1.29.0 / 2017-07-10
+===================
+
+  * Add `application/fido.trusted-apps+json`
+  * Add extension `.wadl` to `application/vnd.sun.wadl+xml`
+  * Add new upstream MIME types
+  * Add `UTF-8` as default charset for `text/css`
+
+1.28.0 / 2017-05-14
+===================
+
+  * Add new upstream MIME types
+  * Add extension `.gz` to `application/gzip`
+  * Update extensions `.md` and `.markdown` to be `text/markdown`
+
+1.27.0 / 2017-03-16
+===================
+
+  * Add new upstream MIME types
+  * Add `image/apng` with extension `.apng`
+
+1.26.0 / 2017-01-14
+===================
+
+  * Add new upstream MIME types
+  * Add extension `.geojson` to `application/geo+json`
+
+1.25.0 / 2016-11-11
+===================
+
+  * Add new upstream MIME types
+
+1.24.0 / 2016-09-18
+===================
+
+  * Add `audio/mp3`
+  * Add new upstream MIME types
+
+1.23.0 / 2016-05-01
+===================
+
+  * Add new upstream MIME types
+  * Add extension `.3gpp` to `audio/3gpp`
+
+1.22.0 / 2016-02-15
+===================
+
+  * Add `text/slim`
+  * Add extension `.rng` to `application/xml`
+  * Add new upstream MIME types
+  * Fix extension of `application/dash+xml` to be `.mpd`
+  * Update primary extension to `.m4a` for `audio/mp4`
+
+1.21.0 / 2016-01-06
+===================
+
+  * Add Google document types
+  * Add new upstream MIME types
+
+1.20.0 / 2015-11-10
+===================
+
+  * Add `text/x-suse-ymp`
+  * Add new upstream MIME types
+
+1.19.0 / 2015-09-17
+===================
+
+  * Add `application/vnd.apple.pkpass`
+  * Add new upstream MIME types
+
+1.18.0 / 2015-09-03
+===================
+
+  * Add new upstream MIME types
+
+1.17.0 / 2015-08-13
+===================
+
+  * Add `application/x-msdos-program`
+  * Add `audio/g711-0`
+  * Add `image/vnd.mozilla.apng`
+  * Add extension `.exe` to `application/x-msdos-program`
+
+1.16.0 / 2015-07-29
+===================
+
+  * Add `application/vnd.uri-map`
+
+1.15.0 / 2015-07-13
+===================
+
+  * Add `application/x-httpd-php`
+
+1.14.0 / 2015-06-25
+===================
+
+  * Add `application/scim+json`
+  * Add `application/vnd.3gpp.ussd+xml`
+  * Add `application/vnd.biopax.rdf+xml`
+  * Add `text/x-processing`
+
+1.13.0 / 2015-06-07
+===================
+
+  * Add nginx as a source
+  * Add `application/x-cocoa`
+  * Add `application/x-java-archive-diff`
+  * Add `application/x-makeself`
+  * Add `application/x-perl`
+  * Add `application/x-pilot`
+  * Add `application/x-redhat-package-manager`
+  * Add `application/x-sea`
+  * Add `audio/x-m4a`
+  * Add `audio/x-realaudio`
+  * Add `image/x-jng`
+  * Add `text/mathml`
+
+1.12.0 / 2015-06-05
+===================
+
+  * Add `application/bdoc`
+  * Add `application/vnd.hyperdrive+json`
+  * Add `application/x-bdoc`
+  * Add extension `.rtf` to `text/rtf`
+
+1.11.0 / 2015-05-31
+===================
+
+  * Add `audio/wav`
+  * Add `audio/wave`
+  * Add extension `.litcoffee` to `text/coffeescript`
+  * Add extension `.sfd-hdstx` to `application/vnd.hydrostatix.sof-data`
+  * Add extension `.n-gage` to `application/vnd.nokia.n-gage.symbian.install`
+
+1.10.0 / 2015-05-19
+===================
+
+  * Add `application/vnd.balsamiq.bmpr`
+  * Add `application/vnd.microsoft.portable-executable`
+  * Add `application/x-ns-proxy-autoconfig`
+
+1.9.1 / 2015-04-19
+==================
+
+  * Remove `.json` extension from `application/manifest+json`
+    - This is causing bugs downstream
+
+1.9.0 / 2015-04-19
+==================
+
+  * Add `application/manifest+json`
+  * Add `application/vnd.micro+json`
+  * Add `image/vnd.zbrush.pcx`
+  * Add `image/x-ms-bmp`
+
+1.8.0 / 2015-03-13
+==================
+
+  * Add `application/vnd.citationstyles.style+xml`
+  * Add `application/vnd.fastcopy-disk-image`
+  * Add `application/vnd.gov.sk.xmldatacontainer+xml`
+  * Add extension `.jsonld` to `application/ld+json`
+
+1.7.0 / 2015-02-08
+==================
+
+  * Add `application/vnd.gerber`
+  * Add `application/vnd.msa-disk-image`
+
+1.6.1 / 2015-02-05
+==================
+
+  * Community extensions ownership transferred from `node-mime`
+
+1.6.0 / 2015-01-29
+==================
+
+  * Add `application/jose`
+  * Add `application/jose+json`
+  * Add `application/json-seq`
+  * Add `application/jwk+json`
+  * Add `application/jwk-set+json`
+  * Add `application/jwt`
+  * Add `application/rdap+json`
+  * Add `application/vnd.gov.sk.e-form+xml`
+  * Add `application/vnd.ims.imsccv1p3`
+
+1.5.0 / 2014-12-30
+==================
+
+  * Add `application/vnd.oracle.resource+json`
+  * Fix various invalid MIME type entries
+    - `application/mbox+xml`
+    - `application/oscp-response`
+    - `application/vwg-multiplexed`
+    - `audio/g721`
+
+1.4.0 / 2014-12-21
+==================
+
+  * Add `application/vnd.ims.imsccv1p2`
+  * Fix various invalid MIME type entries
+    - `application/vnd-acucobol`
+    - `application/vnd-curl`
+    - `application/vnd-dart`
+    - `application/vnd-dxr`
+    - `application/vnd-fdf`
+    - `application/vnd-mif`
+    - `application/vnd-sema`
+    - `application/vnd-wap-wmlc`
+    - `application/vnd.adobe.flash-movie`
+    - `application/vnd.dece-zip`
+    - `application/vnd.dvb_service`
+    - `application/vnd.micrografx-igx`
+    - `application/vnd.sealed-doc`
+    - `application/vnd.sealed-eml`
+    - `application/vnd.sealed-mht`
+    - `application/vnd.sealed-ppt`
+    - `application/vnd.sealed-tiff`
+    - `application/vnd.sealed-xls`
+    - `application/vnd.sealedmedia.softseal-html`
+    - `application/vnd.sealedmedia.softseal-pdf`
+    - `application/vnd.wap-slc`
+    - `application/vnd.wap-wbxml`
+    - `audio/vnd.sealedmedia.softseal-mpeg`
+    - `image/vnd-djvu`
+    - `image/vnd-svf`
+    - `image/vnd-wap-wbmp`
+    - `image/vnd.sealed-png`
+    - `image/vnd.sealedmedia.softseal-gif`
+    - `image/vnd.sealedmedia.softseal-jpg`
+    - `model/vnd-dwf`
+    - `model/vnd.parasolid.transmit-binary`
+    - `model/vnd.parasolid.transmit-text`
+    - `text/vnd-a`
+    - `text/vnd-curl`
+    - `text/vnd.wap-wml`
+  * Remove example template MIME types
+    - `application/example`
+    - `audio/example`
+    - `image/example`
+    - `message/example`
+    - `model/example`
+    - `multipart/example`
+    - `text/example`
+    - `video/example`
+
+1.3.1 / 2014-12-16
+==================
+
+  * Fix missing extensions
+    - `application/json5`
+    - `text/hjson`
+
+1.3.0 / 2014-12-07
+==================
+
+  * Add `application/a2l`
+  * Add `application/aml`
+  * Add `application/atfx`
+  * Add `application/atxml`
+  * Add `application/cdfx+xml`
+  * Add `application/dii`
+  * Add `application/json5`
+  * Add `application/lxf`
+  * Add `application/mf4`
+  * Add `application/vnd.apache.thrift.compact`
+  * Add `application/vnd.apache.thrift.json`
+  * Add `application/vnd.coffeescript`
+  * Add `application/vnd.enphase.envoy`
+  * Add `application/vnd.ims.imsccv1p1`
+  * Add `text/csv-schema`
+  * Add `text/hjson`
+  * Add `text/markdown`
+  * Add `text/yaml`
+
+1.2.0 / 2014-11-09
+==================
+
+  * Add `application/cea`
+  * Add `application/dit`
+  * Add `application/vnd.gov.sk.e-form+zip`
+  * Add `application/vnd.tmd.mediaflex.api+xml`
+  * Type `application/epub+zip` is now IANA-registered
+
+1.1.2 / 2014-10-23
+==================
+
+  * Rebuild database for `application/x-www-form-urlencoded` change
+
+1.1.1 / 2014-10-20
+==================
+
+  * Mark `application/x-www-form-urlencoded` as compressible.
+
+1.1.0 / 2014-09-28
+==================
+
+  * Add `application/font-woff2`
+
+1.0.3 / 2014-09-25
+==================
+
+  * Fix engine requirement in package
+
+1.0.2 / 2014-09-25
+==================
+
+  * Add `application/coap-group+json`
+  * Add `application/dcd`
+  * Add `application/vnd.apache.thrift.binary`
+  * Add `image/vnd.tencent.tap`
+  * Mark all JSON-derived types as compressible
+  * Update `text/vtt` data
+
+1.0.1 / 2014-08-30
+==================
+
+  * Fix extension ordering
+
+1.0.0 / 2014-08-30
+==================
+
+  * Add `application/atf`
+  * Add `application/merge-patch+json`
+  * Add `multipart/x-mixed-replace`
+  * Add `source: 'apache'` metadata
+  * Add `source: 'iana'` metadata
+  * Remove badly-assumed charset data
diff --git a/src/Servers/ExpressServer/node_modules/mime-db/LICENSE b/src/Servers/ExpressServer/node_modules/mime-db/LICENSE
new file mode 100644
index 0000000..0751cb1
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/mime-db/LICENSE
@@ -0,0 +1,23 @@
+(The MIT License)
+
+Copyright (c) 2014 Jonathan Ong <me@jongleberry.com>
+Copyright (c) 2015-2022 Douglas Christopher Wilson <doug@somethingdoug.com>
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/mime-db/README.md b/src/Servers/ExpressServer/node_modules/mime-db/README.md
new file mode 100644
index 0000000..5a8fcfe
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/mime-db/README.md
@@ -0,0 +1,100 @@
+# mime-db
+
+[![NPM Version][npm-version-image]][npm-url]
+[![NPM Downloads][npm-downloads-image]][npm-url]
+[![Node.js Version][node-image]][node-url]
+[![Build Status][ci-image]][ci-url]
+[![Coverage Status][coveralls-image]][coveralls-url]
+
+This is a large database of mime types and information about them.
+It consists of a single, public JSON file and does not include any logic,
+allowing it to remain as un-opinionated as possible with an API.
+It aggregates data from the following sources:
+
+- http://www.iana.org/assignments/media-types/media-types.xhtml
+- http://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types
+- http://hg.nginx.org/nginx/raw-file/default/conf/mime.types
+
+## Installation
+
+```bash
+npm install mime-db
+```
+
+### Database Download
+
+If you're crazy enough to use this in the browser, you can just grab the
+JSON file using [jsDelivr](https://www.jsdelivr.com/). It is recommended to
+replace `master` with [a release tag](https://github.com/jshttp/mime-db/tags)
+as the JSON format may change in the future.
+
+```
+https://cdn.jsdelivr.net/gh/jshttp/mime-db@master/db.json
+```
+
+## Usage
+
+```js
+var db = require('mime-db')
+
+// grab data on .js files
+var data = db['application/javascript']
+```
+
+## Data Structure
+
+The JSON file is a map lookup for lowercased mime types.
+Each mime type has the following properties:
+
+- `.source` - where the mime type is defined.
+    If not set, it's probably a custom media type.
+    - `apache` - [Apache common media types](http://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types)
+    - `iana` - [IANA-defined media types](http://www.iana.org/assignments/media-types/media-types.xhtml)
+    - `nginx` - [nginx media types](http://hg.nginx.org/nginx/raw-file/default/conf/mime.types)
+- `.extensions[]` - known extensions associated with this mime type.
+- `.compressible` - whether a file of this type can be gzipped.
+- `.charset` - the default charset associated with this type, if any.
+
+If unknown, every property could be `undefined`.
+
+## Contributing
+
+To edit the database, only make PRs against `src/custom-types.json` or
+`src/custom-suffix.json`.
+
+The `src/custom-types.json` file is a JSON object with the MIME type as the
+keys and the values being an object with the following keys:
+
+- `compressible` - leave out if you don't know, otherwise `true`/`false` to
+  indicate whether the data represented by the type is typically compressible.
+- `extensions` - include an array of file extensions that are associated with
+  the type.
+- `notes` - human-readable notes about the type, typically what the type is.
+- `sources` - include an array of URLs of where the MIME type and the associated
+  extensions are sourced from. This needs to be a [primary source](https://en.wikipedia.org/wiki/Primary_source);
+  links to type aggregating sites and Wikipedia are _not acceptable_.
+
+To update the build, run `npm run build`.
+
+### Adding Custom Media Types
+
+The best way to get new media types included in this library is to register
+them with the IANA. The community registration procedure is outlined in
+[RFC 6838 section 5](http://tools.ietf.org/html/rfc6838#section-5). Types
+registered with the IANA are automatically pulled into this library.
+
+If that is not possible / feasible, they can be added directly here as a
+"custom" type. To do this, it is required to have a primary source that
+definitively lists the media type. If an extension is going to be listed as
+associateed with this media type, the source must definitively link the
+media type and extension as well.
+
+[ci-image]: https://badgen.net/github/checks/jshttp/mime-db/master?label=ci
+[ci-url]: https://github.com/jshttp/mime-db/actions?query=workflow%3Aci
+[coveralls-image]: https://badgen.net/coveralls/c/github/jshttp/mime-db/master
+[coveralls-url]: https://coveralls.io/r/jshttp/mime-db?branch=master
+[node-image]: https://badgen.net/npm/node/mime-db
+[node-url]: https://nodejs.org/en/download
+[npm-downloads-image]: https://badgen.net/npm/dm/mime-db
+[npm-url]: https://npmjs.org/package/mime-db
+[npm-version-image]: https://badgen.net/npm/v/mime-db
diff --git a/src/Servers/ExpressServer/node_modules/mime-db/db.json b/src/Servers/ExpressServer/node_modules/mime-db/db.json
new file mode 100644
index 0000000..eb9c42c
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/mime-db/db.json
@@ -0,0 +1,8519 @@
+{
+  "application/1d-interleaved-parityfec": {
+    "source": "iana"
+  },
+  "application/3gpdash-qoe-report+xml": {
+    "source": "iana",
+    "charset": "UTF-8",
+    "compressible": true
+  },
+  "application/3gpp-ims+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/3gpphal+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/3gpphalforms+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/a2l": {
+    "source": "iana"
+  },
+  "application/ace+cbor": {
+    "source": "iana"
+  },
+  "application/activemessage": {
+    "source": "iana"
+  },
+  "application/activity+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/alto-costmap+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/alto-costmapfilter+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/alto-directory+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/alto-endpointcost+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/alto-endpointcostparams+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/alto-endpointprop+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/alto-endpointpropparams+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/alto-error+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/alto-networkmap+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/alto-networkmapfilter+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/alto-updatestreamcontrol+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/alto-updatestreamparams+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/aml": {
+    "source": "iana"
+  },
+  "application/andrew-inset": {
+    "source": "iana",
+    "extensions": ["ez"]
+  },
+  "application/applefile": {
+    "source": "iana"
+  },
+  "application/applixware": {
+    "source": "apache",
+    "extensions": ["aw"]
+  },
+  "application/at+jwt": {
+    "source": "iana"
+  },
+  "application/atf": {
+    "source": "iana"
+  },
+  "application/atfx": {
+    "source": "iana"
+  },
+  "application/atom+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["atom"]
+  },
+  "application/atomcat+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["atomcat"]
+  },
+  "application/atomdeleted+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["atomdeleted"]
+  },
+  "application/atomicmail": {
+    "source": "iana"
+  },
+  "application/atomsvc+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["atomsvc"]
+  },
+  "application/atsc-dwd+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["dwd"]
+  },
+  "application/atsc-dynamic-event-message": {
+    "source": "iana"
+  },
+  "application/atsc-held+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["held"]
+  },
+  "application/atsc-rdt+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/atsc-rsat+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["rsat"]
+  },
+  "application/atxml": {
+    "source": "iana"
+  },
+  "application/auth-policy+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/bacnet-xdd+zip": {
+    "source": "iana",
+    "compressible": false
+  },
+  "application/batch-smtp": {
+    "source": "iana"
+  },
+  "application/bdoc": {
+    "compressible": false,
+    "extensions": ["bdoc"]
+  },
+  "application/beep+xml": {
+    "source": "iana",
+    "charset": "UTF-8",
+    "compressible": true
+  },
+  "application/calendar+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/calendar+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["xcs"]
+  },
+  "application/call-completion": {
+    "source": "iana"
+  },
+  "application/cals-1840": {
+    "source": "iana"
+  },
+  "application/captive+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/cbor": {
+    "source": "iana"
+  },
+  "application/cbor-seq": {
+    "source": "iana"
+  },
+  "application/cccex": {
+    "source": "iana"
+  },
+  "application/ccmp+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/ccxml+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["ccxml"]
+  },
+  "application/cdfx+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["cdfx"]
+  },
+  "application/cdmi-capability": {
+    "source": "iana",
+    "extensions": ["cdmia"]
+  },
+  "application/cdmi-container": {
+    "source": "iana",
+    "extensions": ["cdmic"]
+  },
+  "application/cdmi-domain": {
+    "source": "iana",
+    "extensions": ["cdmid"]
+  },
+  "application/cdmi-object": {
+    "source": "iana",
+    "extensions": ["cdmio"]
+  },
+  "application/cdmi-queue": {
+    "source": "iana",
+    "extensions": ["cdmiq"]
+  },
+  "application/cdni": {
+    "source": "iana"
+  },
+  "application/cea": {
+    "source": "iana"
+  },
+  "application/cea-2018+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/cellml+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/cfw": {
+    "source": "iana"
+  },
+  "application/city+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/clr": {
+    "source": "iana"
+  },
+  "application/clue+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/clue_info+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/cms": {
+    "source": "iana"
+  },
+  "application/cnrp+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/coap-group+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/coap-payload": {
+    "source": "iana"
+  },
+  "application/commonground": {
+    "source": "iana"
+  },
+  "application/conference-info+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/cose": {
+    "source": "iana"
+  },
+  "application/cose-key": {
+    "source": "iana"
+  },
+  "application/cose-key-set": {
+    "source": "iana"
+  },
+  "application/cpl+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["cpl"]
+  },
+  "application/csrattrs": {
+    "source": "iana"
+  },
+  "application/csta+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/cstadata+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/csvm+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/cu-seeme": {
+    "source": "apache",
+    "extensions": ["cu"]
+  },
+  "application/cwt": {
+    "source": "iana"
+  },
+  "application/cybercash": {
+    "source": "iana"
+  },
+  "application/dart": {
+    "compressible": true
+  },
+  "application/dash+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["mpd"]
+  },
+  "application/dash-patch+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["mpp"]
+  },
+  "application/dashdelta": {
+    "source": "iana"
+  },
+  "application/davmount+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["davmount"]
+  },
+  "application/dca-rft": {
+    "source": "iana"
+  },
+  "application/dcd": {
+    "source": "iana"
+  },
+  "application/dec-dx": {
+    "source": "iana"
+  },
+  "application/dialog-info+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/dicom": {
+    "source": "iana"
+  },
+  "application/dicom+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/dicom+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/dii": {
+    "source": "iana"
+  },
+  "application/dit": {
+    "source": "iana"
+  },
+  "application/dns": {
+    "source": "iana"
+  },
+  "application/dns+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/dns-message": {
+    "source": "iana"
+  },
+  "application/docbook+xml": {
+    "source": "apache",
+    "compressible": true,
+    "extensions": ["dbk"]
+  },
+  "application/dots+cbor": {
+    "source": "iana"
+  },
+  "application/dskpp+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/dssc+der": {
+    "source": "iana",
+    "extensions": ["dssc"]
+  },
+  "application/dssc+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["xdssc"]
+  },
+  "application/dvcs": {
+    "source": "iana"
+  },
+  "application/ecmascript": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["es","ecma"]
+  },
+  "application/edi-consent": {
+    "source": "iana"
+  },
+  "application/edi-x12": {
+    "source": "iana",
+    "compressible": false
+  },
+  "application/edifact": {
+    "source": "iana",
+    "compressible": false
+  },
+  "application/efi": {
+    "source": "iana"
+  },
+  "application/elm+json": {
+    "source": "iana",
+    "charset": "UTF-8",
+    "compressible": true
+  },
+  "application/elm+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/emergencycalldata.cap+xml": {
+    "source": "iana",
+    "charset": "UTF-8",
+    "compressible": true
+  },
+  "application/emergencycalldata.comment+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/emergencycalldata.control+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/emergencycalldata.deviceinfo+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/emergencycalldata.ecall.msd": {
+    "source": "iana"
+  },
+  "application/emergencycalldata.providerinfo+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/emergencycalldata.serviceinfo+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/emergencycalldata.subscriberinfo+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/emergencycalldata.veds+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/emma+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["emma"]
+  },
+  "application/emotionml+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["emotionml"]
+  },
+  "application/encaprtp": {
+    "source": "iana"
+  },
+  "application/epp+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/epub+zip": {
+    "source": "iana",
+    "compressible": false,
+    "extensions": ["epub"]
+  },
+  "application/eshop": {
+    "source": "iana"
+  },
+  "application/exi": {
+    "source": "iana",
+    "extensions": ["exi"]
+  },
+  "application/expect-ct-report+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/express": {
+    "source": "iana",
+    "extensions": ["exp"]
+  },
+  "application/fastinfoset": {
+    "source": "iana"
+  },
+  "application/fastsoap": {
+    "source": "iana"
+  },
+  "application/fdt+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["fdt"]
+  },
+  "application/fhir+json": {
+    "source": "iana",
+    "charset": "UTF-8",
+    "compressible": true
+  },
+  "application/fhir+xml": {
+    "source": "iana",
+    "charset": "UTF-8",
+    "compressible": true
+  },
+  "application/fido.trusted-apps+json": {
+    "compressible": true
+  },
+  "application/fits": {
+    "source": "iana"
+  },
+  "application/flexfec": {
+    "source": "iana"
+  },
+  "application/font-sfnt": {
+    "source": "iana"
+  },
+  "application/font-tdpfr": {
+    "source": "iana",
+    "extensions": ["pfr"]
+  },
+  "application/font-woff": {
+    "source": "iana",
+    "compressible": false
+  },
+  "application/framework-attributes+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/geo+json": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["geojson"]
+  },
+  "application/geo+json-seq": {
+    "source": "iana"
+  },
+  "application/geopackage+sqlite3": {
+    "source": "iana"
+  },
+  "application/geoxacml+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/gltf-buffer": {
+    "source": "iana"
+  },
+  "application/gml+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["gml"]
+  },
+  "application/gpx+xml": {
+    "source": "apache",
+    "compressible": true,
+    "extensions": ["gpx"]
+  },
+  "application/gxf": {
+    "source": "apache",
+    "extensions": ["gxf"]
+  },
+  "application/gzip": {
+    "source": "iana",
+    "compressible": false,
+    "extensions": ["gz"]
+  },
+  "application/h224": {
+    "source": "iana"
+  },
+  "application/held+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/hjson": {
+    "extensions": ["hjson"]
+  },
+  "application/http": {
+    "source": "iana"
+  },
+  "application/hyperstudio": {
+    "source": "iana",
+    "extensions": ["stk"]
+  },
+  "application/ibe-key-request+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/ibe-pkg-reply+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/ibe-pp-data": {
+    "source": "iana"
+  },
+  "application/iges": {
+    "source": "iana"
+  },
+  "application/im-iscomposing+xml": {
+    "source": "iana",
+    "charset": "UTF-8",
+    "compressible": true
+  },
+  "application/index": {
+    "source": "iana"
+  },
+  "application/index.cmd": {
+    "source": "iana"
+  },
+  "application/index.obj": {
+    "source": "iana"
+  },
+  "application/index.response": {
+    "source": "iana"
+  },
+  "application/index.vnd": {
+    "source": "iana"
+  },
+  "application/inkml+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["ink","inkml"]
+  },
+  "application/iotp": {
+    "source": "iana"
+  },
+  "application/ipfix": {
+    "source": "iana",
+    "extensions": ["ipfix"]
+  },
+  "application/ipp": {
+    "source": "iana"
+  },
+  "application/isup": {
+    "source": "iana"
+  },
+  "application/its+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["its"]
+  },
+  "application/java-archive": {
+    "source": "apache",
+    "compressible": false,
+    "extensions": ["jar","war","ear"]
+  },
+  "application/java-serialized-object": {
+    "source": "apache",
+    "compressible": false,
+    "extensions": ["ser"]
+  },
+  "application/java-vm": {
+    "source": "apache",
+    "compressible": false,
+    "extensions": ["class"]
+  },
+  "application/javascript": {
+    "source": "iana",
+    "charset": "UTF-8",
+    "compressible": true,
+    "extensions": ["js","mjs"]
+  },
+  "application/jf2feed+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/jose": {
+    "source": "iana"
+  },
+  "application/jose+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/jrd+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/jscalendar+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/json": {
+    "source": "iana",
+    "charset": "UTF-8",
+    "compressible": true,
+    "extensions": ["json","map"]
+  },
+  "application/json-patch+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/json-seq": {
+    "source": "iana"
+  },
+  "application/json5": {
+    "extensions": ["json5"]
+  },
+  "application/jsonml+json": {
+    "source": "apache",
+    "compressible": true,
+    "extensions": ["jsonml"]
+  },
+  "application/jwk+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/jwk-set+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/jwt": {
+    "source": "iana"
+  },
+  "application/kpml-request+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/kpml-response+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/ld+json": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["jsonld"]
+  },
+  "application/lgr+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["lgr"]
+  },
+  "application/link-format": {
+    "source": "iana"
+  },
+  "application/load-control+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/lost+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["lostxml"]
+  },
+  "application/lostsync+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/lpf+zip": {
+    "source": "iana",
+    "compressible": false
+  },
+  "application/lxf": {
+    "source": "iana"
+  },
+  "application/mac-binhex40": {
+    "source": "iana",
+    "extensions": ["hqx"]
+  },
+  "application/mac-compactpro": {
+    "source": "apache",
+    "extensions": ["cpt"]
+  },
+  "application/macwriteii": {
+    "source": "iana"
+  },
+  "application/mads+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["mads"]
+  },
+  "application/manifest+json": {
+    "source": "iana",
+    "charset": "UTF-8",
+    "compressible": true,
+    "extensions": ["webmanifest"]
+  },
+  "application/marc": {
+    "source": "iana",
+    "extensions": ["mrc"]
+  },
+  "application/marcxml+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["mrcx"]
+  },
+  "application/mathematica": {
+    "source": "iana",
+    "extensions": ["ma","nb","mb"]
+  },
+  "application/mathml+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["mathml"]
+  },
+  "application/mathml-content+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/mathml-presentation+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/mbms-associated-procedure-description+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/mbms-deregister+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/mbms-envelope+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/mbms-msk+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/mbms-msk-response+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/mbms-protection-description+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/mbms-reception-report+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/mbms-register+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/mbms-register-response+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/mbms-schedule+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/mbms-user-service-description+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/mbox": {
+    "source": "iana",
+    "extensions": ["mbox"]
+  },
+  "application/media-policy-dataset+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["mpf"]
+  },
+  "application/media_control+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/mediaservercontrol+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["mscml"]
+  },
+  "application/merge-patch+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/metalink+xml": {
+    "source": "apache",
+    "compressible": true,
+    "extensions": ["metalink"]
+  },
+  "application/metalink4+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["meta4"]
+  },
+  "application/mets+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["mets"]
+  },
+  "application/mf4": {
+    "source": "iana"
+  },
+  "application/mikey": {
+    "source": "iana"
+  },
+  "application/mipc": {
+    "source": "iana"
+  },
+  "application/missing-blocks+cbor-seq": {
+    "source": "iana"
+  },
+  "application/mmt-aei+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["maei"]
+  },
+  "application/mmt-usd+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["musd"]
+  },
+  "application/mods+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["mods"]
+  },
+  "application/moss-keys": {
+    "source": "iana"
+  },
+  "application/moss-signature": {
+    "source": "iana"
+  },
+  "application/mosskey-data": {
+    "source": "iana"
+  },
+  "application/mosskey-request": {
+    "source": "iana"
+  },
+  "application/mp21": {
+    "source": "iana",
+    "extensions": ["m21","mp21"]
+  },
+  "application/mp4": {
+    "source": "iana",
+    "extensions": ["mp4s","m4p"]
+  },
+  "application/mpeg4-generic": {
+    "source": "iana"
+  },
+  "application/mpeg4-iod": {
+    "source": "iana"
+  },
+  "application/mpeg4-iod-xmt": {
+    "source": "iana"
+  },
+  "application/mrb-consumer+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/mrb-publish+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/msc-ivr+xml": {
+    "source": "iana",
+    "charset": "UTF-8",
+    "compressible": true
+  },
+  "application/msc-mixer+xml": {
+    "source": "iana",
+    "charset": "UTF-8",
+    "compressible": true
+  },
+  "application/msword": {
+    "source": "iana",
+    "compressible": false,
+    "extensions": ["doc","dot"]
+  },
+  "application/mud+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/multipart-core": {
+    "source": "iana"
+  },
+  "application/mxf": {
+    "source": "iana",
+    "extensions": ["mxf"]
+  },
+  "application/n-quads": {
+    "source": "iana",
+    "extensions": ["nq"]
+  },
+  "application/n-triples": {
+    "source": "iana",
+    "extensions": ["nt"]
+  },
+  "application/nasdata": {
+    "source": "iana"
+  },
+  "application/news-checkgroups": {
+    "source": "iana",
+    "charset": "US-ASCII"
+  },
+  "application/news-groupinfo": {
+    "source": "iana",
+    "charset": "US-ASCII"
+  },
+  "application/news-transmission": {
+    "source": "iana"
+  },
+  "application/nlsml+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/node": {
+    "source": "iana",
+    "extensions": ["cjs"]
+  },
+  "application/nss": {
+    "source": "iana"
+  },
+  "application/oauth-authz-req+jwt": {
+    "source": "iana"
+  },
+  "application/oblivious-dns-message": {
+    "source": "iana"
+  },
+  "application/ocsp-request": {
+    "source": "iana"
+  },
+  "application/ocsp-response": {
+    "source": "iana"
+  },
+  "application/octet-stream": {
+    "source": "iana",
+    "compressible": false,
+    "extensions": ["bin","dms","lrf","mar","so","dist","distz","pkg","bpk","dump","elc","deploy","exe","dll","deb","dmg","iso","img","msi","msp","msm","buffer"]
+  },
+  "application/oda": {
+    "source": "iana",
+    "extensions": ["oda"]
+  },
+  "application/odm+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/odx": {
+    "source": "iana"
+  },
+  "application/oebps-package+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["opf"]
+  },
+  "application/ogg": {
+    "source": "iana",
+    "compressible": false,
+    "extensions": ["ogx"]
+  },
+  "application/omdoc+xml": {
+    "source": "apache",
+    "compressible": true,
+    "extensions": ["omdoc"]
+  },
+  "application/onenote": {
+    "source": "apache",
+    "extensions": ["onetoc","onetoc2","onetmp","onepkg"]
+  },
+  "application/opc-nodeset+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/oscore": {
+    "source": "iana"
+  },
+  "application/oxps": {
+    "source": "iana",
+    "extensions": ["oxps"]
+  },
+  "application/p21": {
+    "source": "iana"
+  },
+  "application/p21+zip": {
+    "source": "iana",
+    "compressible": false
+  },
+  "application/p2p-overlay+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["relo"]
+  },
+  "application/parityfec": {
+    "source": "iana"
+  },
+  "application/passport": {
+    "source": "iana"
+  },
+  "application/patch-ops-error+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["xer"]
+  },
+  "application/pdf": {
+    "source": "iana",
+    "compressible": false,
+    "extensions": ["pdf"]
+  },
+  "application/pdx": {
+    "source": "iana"
+  },
+  "application/pem-certificate-chain": {
+    "source": "iana"
+  },
+  "application/pgp-encrypted": {
+    "source": "iana",
+    "compressible": false,
+    "extensions": ["pgp"]
+  },
+  "application/pgp-keys": {
+    "source": "iana",
+    "extensions": ["asc"]
+  },
+  "application/pgp-signature": {
+    "source": "iana",
+    "extensions": ["asc","sig"]
+  },
+  "application/pics-rules": {
+    "source": "apache",
+    "extensions": ["prf"]
+  },
+  "application/pidf+xml": {
+    "source": "iana",
+    "charset": "UTF-8",
+    "compressible": true
+  },
+  "application/pidf-diff+xml": {
+    "source": "iana",
+    "charset": "UTF-8",
+    "compressible": true
+  },
+  "application/pkcs10": {
+    "source": "iana",
+    "extensions": ["p10"]
+  },
+  "application/pkcs12": {
+    "source": "iana"
+  },
+  "application/pkcs7-mime": {
+    "source": "iana",
+    "extensions": ["p7m","p7c"]
+  },
+  "application/pkcs7-signature": {
+    "source": "iana",
+    "extensions": ["p7s"]
+  },
+  "application/pkcs8": {
+    "source": "iana",
+    "extensions": ["p8"]
+  },
+  "application/pkcs8-encrypted": {
+    "source": "iana"
+  },
+  "application/pkix-attr-cert": {
+    "source": "iana",
+    "extensions": ["ac"]
+  },
+  "application/pkix-cert": {
+    "source": "iana",
+    "extensions": ["cer"]
+  },
+  "application/pkix-crl": {
+    "source": "iana",
+    "extensions": ["crl"]
+  },
+  "application/pkix-pkipath": {
+    "source": "iana",
+    "extensions": ["pkipath"]
+  },
+  "application/pkixcmp": {
+    "source": "iana",
+    "extensions": ["pki"]
+  },
+  "application/pls+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["pls"]
+  },
+  "application/poc-settings+xml": {
+    "source": "iana",
+    "charset": "UTF-8",
+    "compressible": true
+  },
+  "application/postscript": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["ai","eps","ps"]
+  },
+  "application/ppsp-tracker+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/problem+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/problem+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/provenance+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["provx"]
+  },
+  "application/prs.alvestrand.titrax-sheet": {
+    "source": "iana"
+  },
+  "application/prs.cww": {
+    "source": "iana",
+    "extensions": ["cww"]
+  },
+  "application/prs.cyn": {
+    "source": "iana",
+    "charset": "7-BIT"
+  },
+  "application/prs.hpub+zip": {
+    "source": "iana",
+    "compressible": false
+  },
+  "application/prs.nprend": {
+    "source": "iana"
+  },
+  "application/prs.plucker": {
+    "source": "iana"
+  },
+  "application/prs.rdf-xml-crypt": {
+    "source": "iana"
+  },
+  "application/prs.xsf+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/pskc+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["pskcxml"]
+  },
+  "application/pvd+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/qsig": {
+    "source": "iana"
+  },
+  "application/raml+yaml": {
+    "compressible": true,
+    "extensions": ["raml"]
+  },
+  "application/raptorfec": {
+    "source": "iana"
+  },
+  "application/rdap+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/rdf+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["rdf","owl"]
+  },
+  "application/reginfo+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["rif"]
+  },
+  "application/relax-ng-compact-syntax": {
+    "source": "iana",
+    "extensions": ["rnc"]
+  },
+  "application/remote-printing": {
+    "source": "iana"
+  },
+  "application/reputon+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/resource-lists+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["rl"]
+  },
+  "application/resource-lists-diff+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["rld"]
+  },
+  "application/rfc+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/riscos": {
+    "source": "iana"
+  },
+  "application/rlmi+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/rls-services+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["rs"]
+  },
+  "application/route-apd+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["rapd"]
+  },
+  "application/route-s-tsid+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["sls"]
+  },
+  "application/route-usd+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["rusd"]
+  },
+  "application/rpki-ghostbusters": {
+    "source": "iana",
+    "extensions": ["gbr"]
+  },
+  "application/rpki-manifest": {
+    "source": "iana",
+    "extensions": ["mft"]
+  },
+  "application/rpki-publication": {
+    "source": "iana"
+  },
+  "application/rpki-roa": {
+    "source": "iana",
+    "extensions": ["roa"]
+  },
+  "application/rpki-updown": {
+    "source": "iana"
+  },
+  "application/rsd+xml": {
+    "source": "apache",
+    "compressible": true,
+    "extensions": ["rsd"]
+  },
+  "application/rss+xml": {
+    "source": "apache",
+    "compressible": true,
+    "extensions": ["rss"]
+  },
+  "application/rtf": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["rtf"]
+  },
+  "application/rtploopback": {
+    "source": "iana"
+  },
+  "application/rtx": {
+    "source": "iana"
+  },
+  "application/samlassertion+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/samlmetadata+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/sarif+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/sarif-external-properties+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/sbe": {
+    "source": "iana"
+  },
+  "application/sbml+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["sbml"]
+  },
+  "application/scaip+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/scim+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/scvp-cv-request": {
+    "source": "iana",
+    "extensions": ["scq"]
+  },
+  "application/scvp-cv-response": {
+    "source": "iana",
+    "extensions": ["scs"]
+  },
+  "application/scvp-vp-request": {
+    "source": "iana",
+    "extensions": ["spq"]
+  },
+  "application/scvp-vp-response": {
+    "source": "iana",
+    "extensions": ["spp"]
+  },
+  "application/sdp": {
+    "source": "iana",
+    "extensions": ["sdp"]
+  },
+  "application/secevent+jwt": {
+    "source": "iana"
+  },
+  "application/senml+cbor": {
+    "source": "iana"
+  },
+  "application/senml+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/senml+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["senmlx"]
+  },
+  "application/senml-etch+cbor": {
+    "source": "iana"
+  },
+  "application/senml-etch+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/senml-exi": {
+    "source": "iana"
+  },
+  "application/sensml+cbor": {
+    "source": "iana"
+  },
+  "application/sensml+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/sensml+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["sensmlx"]
+  },
+  "application/sensml-exi": {
+    "source": "iana"
+  },
+  "application/sep+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/sep-exi": {
+    "source": "iana"
+  },
+  "application/session-info": {
+    "source": "iana"
+  },
+  "application/set-payment": {
+    "source": "iana"
+  },
+  "application/set-payment-initiation": {
+    "source": "iana",
+    "extensions": ["setpay"]
+  },
+  "application/set-registration": {
+    "source": "iana"
+  },
+  "application/set-registration-initiation": {
+    "source": "iana",
+    "extensions": ["setreg"]
+  },
+  "application/sgml": {
+    "source": "iana"
+  },
+  "application/sgml-open-catalog": {
+    "source": "iana"
+  },
+  "application/shf+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["shf"]
+  },
+  "application/sieve": {
+    "source": "iana",
+    "extensions": ["siv","sieve"]
+  },
+  "application/simple-filter+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/simple-message-summary": {
+    "source": "iana"
+  },
+  "application/simplesymbolcontainer": {
+    "source": "iana"
+  },
+  "application/sipc": {
+    "source": "iana"
+  },
+  "application/slate": {
+    "source": "iana"
+  },
+  "application/smil": {
+    "source": "iana"
+  },
+  "application/smil+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["smi","smil"]
+  },
+  "application/smpte336m": {
+    "source": "iana"
+  },
+  "application/soap+fastinfoset": {
+    "source": "iana"
+  },
+  "application/soap+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/sparql-query": {
+    "source": "iana",
+    "extensions": ["rq"]
+  },
+  "application/sparql-results+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["srx"]
+  },
+  "application/spdx+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/spirits-event+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/sql": {
+    "source": "iana"
+  },
+  "application/srgs": {
+    "source": "iana",
+    "extensions": ["gram"]
+  },
+  "application/srgs+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["grxml"]
+  },
+  "application/sru+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["sru"]
+  },
+  "application/ssdl+xml": {
+    "source": "apache",
+    "compressible": true,
+    "extensions": ["ssdl"]
+  },
+  "application/ssml+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["ssml"]
+  },
+  "application/stix+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/swid+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["swidtag"]
+  },
+  "application/tamp-apex-update": {
+    "source": "iana"
+  },
+  "application/tamp-apex-update-confirm": {
+    "source": "iana"
+  },
+  "application/tamp-community-update": {
+    "source": "iana"
+  },
+  "application/tamp-community-update-confirm": {
+    "source": "iana"
+  },
+  "application/tamp-error": {
+    "source": "iana"
+  },
+  "application/tamp-sequence-adjust": {
+    "source": "iana"
+  },
+  "application/tamp-sequence-adjust-confirm": {
+    "source": "iana"
+  },
+  "application/tamp-status-query": {
+    "source": "iana"
+  },
+  "application/tamp-status-response": {
+    "source": "iana"
+  },
+  "application/tamp-update": {
+    "source": "iana"
+  },
+  "application/tamp-update-confirm": {
+    "source": "iana"
+  },
+  "application/tar": {
+    "compressible": true
+  },
+  "application/taxii+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/td+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/tei+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["tei","teicorpus"]
+  },
+  "application/tetra_isi": {
+    "source": "iana"
+  },
+  "application/thraud+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["tfi"]
+  },
+  "application/timestamp-query": {
+    "source": "iana"
+  },
+  "application/timestamp-reply": {
+    "source": "iana"
+  },
+  "application/timestamped-data": {
+    "source": "iana",
+    "extensions": ["tsd"]
+  },
+  "application/tlsrpt+gzip": {
+    "source": "iana"
+  },
+  "application/tlsrpt+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/tnauthlist": {
+    "source": "iana"
+  },
+  "application/token-introspection+jwt": {
+    "source": "iana"
+  },
+  "application/toml": {
+    "compressible": true,
+    "extensions": ["toml"]
+  },
+  "application/trickle-ice-sdpfrag": {
+    "source": "iana"
+  },
+  "application/trig": {
+    "source": "iana",
+    "extensions": ["trig"]
+  },
+  "application/ttml+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["ttml"]
+  },
+  "application/tve-trigger": {
+    "source": "iana"
+  },
+  "application/tzif": {
+    "source": "iana"
+  },
+  "application/tzif-leap": {
+    "source": "iana"
+  },
+  "application/ubjson": {
+    "compressible": false,
+    "extensions": ["ubj"]
+  },
+  "application/ulpfec": {
+    "source": "iana"
+  },
+  "application/urc-grpsheet+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/urc-ressheet+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["rsheet"]
+  },
+  "application/urc-targetdesc+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["td"]
+  },
+  "application/urc-uisocketdesc+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vcard+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vcard+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vemmi": {
+    "source": "iana"
+  },
+  "application/vividence.scriptfile": {
+    "source": "apache"
+  },
+  "application/vnd.1000minds.decision-model+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["1km"]
+  },
+  "application/vnd.3gpp-prose+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.3gpp-prose-pc3ch+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.3gpp-v2x-local-service-information": {
+    "source": "iana"
+  },
+  "application/vnd.3gpp.5gnas": {
+    "source": "iana"
+  },
+  "application/vnd.3gpp.access-transfer-events+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.3gpp.bsf+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.3gpp.gmop+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.3gpp.gtpc": {
+    "source": "iana"
+  },
+  "application/vnd.3gpp.interworking-data": {
+    "source": "iana"
+  },
+  "application/vnd.3gpp.lpp": {
+    "source": "iana"
+  },
+  "application/vnd.3gpp.mc-signalling-ear": {
+    "source": "iana"
+  },
+  "application/vnd.3gpp.mcdata-affiliation-command+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.3gpp.mcdata-info+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.3gpp.mcdata-payload": {
+    "source": "iana"
+  },
+  "application/vnd.3gpp.mcdata-service-config+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.3gpp.mcdata-signalling": {
+    "source": "iana"
+  },
+  "application/vnd.3gpp.mcdata-ue-config+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.3gpp.mcdata-user-profile+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.3gpp.mcptt-affiliation-command+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.3gpp.mcptt-floor-request+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.3gpp.mcptt-info+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.3gpp.mcptt-location-info+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.3gpp.mcptt-mbms-usage-info+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.3gpp.mcptt-service-config+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.3gpp.mcptt-signed+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.3gpp.mcptt-ue-config+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.3gpp.mcptt-ue-init-config+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.3gpp.mcptt-user-profile+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.3gpp.mcvideo-affiliation-command+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.3gpp.mcvideo-affiliation-info+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.3gpp.mcvideo-info+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.3gpp.mcvideo-location-info+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.3gpp.mcvideo-mbms-usage-info+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.3gpp.mcvideo-service-config+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.3gpp.mcvideo-transmission-request+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.3gpp.mcvideo-ue-config+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.3gpp.mcvideo-user-profile+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.3gpp.mid-call+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.3gpp.ngap": {
+    "source": "iana"
+  },
+  "application/vnd.3gpp.pfcp": {
+    "source": "iana"
+  },
+  "application/vnd.3gpp.pic-bw-large": {
+    "source": "iana",
+    "extensions": ["plb"]
+  },
+  "application/vnd.3gpp.pic-bw-small": {
+    "source": "iana",
+    "extensions": ["psb"]
+  },
+  "application/vnd.3gpp.pic-bw-var": {
+    "source": "iana",
+    "extensions": ["pvb"]
+  },
+  "application/vnd.3gpp.s1ap": {
+    "source": "iana"
+  },
+  "application/vnd.3gpp.sms": {
+    "source": "iana"
+  },
+  "application/vnd.3gpp.sms+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.3gpp.srvcc-ext+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.3gpp.srvcc-info+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.3gpp.state-and-event-info+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.3gpp.ussd+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.3gpp2.bcmcsinfo+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.3gpp2.sms": {
+    "source": "iana"
+  },
+  "application/vnd.3gpp2.tcap": {
+    "source": "iana",
+    "extensions": ["tcap"]
+  },
+  "application/vnd.3lightssoftware.imagescal": {
+    "source": "iana"
+  },
+  "application/vnd.3m.post-it-notes": {
+    "source": "iana",
+    "extensions": ["pwn"]
+  },
+  "application/vnd.accpac.simply.aso": {
+    "source": "iana",
+    "extensions": ["aso"]
+  },
+  "application/vnd.accpac.simply.imp": {
+    "source": "iana",
+    "extensions": ["imp"]
+  },
+  "application/vnd.acucobol": {
+    "source": "iana",
+    "extensions": ["acu"]
+  },
+  "application/vnd.acucorp": {
+    "source": "iana",
+    "extensions": ["atc","acutc"]
+  },
+  "application/vnd.adobe.air-application-installer-package+zip": {
+    "source": "apache",
+    "compressible": false,
+    "extensions": ["air"]
+  },
+  "application/vnd.adobe.flash.movie": {
+    "source": "iana"
+  },
+  "application/vnd.adobe.formscentral.fcdt": {
+    "source": "iana",
+    "extensions": ["fcdt"]
+  },
+  "application/vnd.adobe.fxp": {
+    "source": "iana",
+    "extensions": ["fxp","fxpl"]
+  },
+  "application/vnd.adobe.partial-upload": {
+    "source": "iana"
+  },
+  "application/vnd.adobe.xdp+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["xdp"]
+  },
+  "application/vnd.adobe.xfdf": {
+    "source": "iana",
+    "extensions": ["xfdf"]
+  },
+  "application/vnd.aether.imp": {
+    "source": "iana"
+  },
+  "application/vnd.afpc.afplinedata": {
+    "source": "iana"
+  },
+  "application/vnd.afpc.afplinedata-pagedef": {
+    "source": "iana"
+  },
+  "application/vnd.afpc.cmoca-cmresource": {
+    "source": "iana"
+  },
+  "application/vnd.afpc.foca-charset": {
+    "source": "iana"
+  },
+  "application/vnd.afpc.foca-codedfont": {
+    "source": "iana"
+  },
+  "application/vnd.afpc.foca-codepage": {
+    "source": "iana"
+  },
+  "application/vnd.afpc.modca": {
+    "source": "iana"
+  },
+  "application/vnd.afpc.modca-cmtable": {
+    "source": "iana"
+  },
+  "application/vnd.afpc.modca-formdef": {
+    "source": "iana"
+  },
+  "application/vnd.afpc.modca-mediummap": {
+    "source": "iana"
+  },
+  "application/vnd.afpc.modca-objectcontainer": {
+    "source": "iana"
+  },
+  "application/vnd.afpc.modca-overlay": {
+    "source": "iana"
+  },
+  "application/vnd.afpc.modca-pagesegment": {
+    "source": "iana"
+  },
+  "application/vnd.age": {
+    "source": "iana",
+    "extensions": ["age"]
+  },
+  "application/vnd.ah-barcode": {
+    "source": "iana"
+  },
+  "application/vnd.ahead.space": {
+    "source": "iana",
+    "extensions": ["ahead"]
+  },
+  "application/vnd.airzip.filesecure.azf": {
+    "source": "iana",
+    "extensions": ["azf"]
+  },
+  "application/vnd.airzip.filesecure.azs": {
+    "source": "iana",
+    "extensions": ["azs"]
+  },
+  "application/vnd.amadeus+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.amazon.ebook": {
+    "source": "apache",
+    "extensions": ["azw"]
+  },
+  "application/vnd.amazon.mobi8-ebook": {
+    "source": "iana"
+  },
+  "application/vnd.americandynamics.acc": {
+    "source": "iana",
+    "extensions": ["acc"]
+  },
+  "application/vnd.amiga.ami": {
+    "source": "iana",
+    "extensions": ["ami"]
+  },
+  "application/vnd.amundsen.maze+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.android.ota": {
+    "source": "iana"
+  },
+  "application/vnd.android.package-archive": {
+    "source": "apache",
+    "compressible": false,
+    "extensions": ["apk"]
+  },
+  "application/vnd.anki": {
+    "source": "iana"
+  },
+  "application/vnd.anser-web-certificate-issue-initiation": {
+    "source": "iana",
+    "extensions": ["cii"]
+  },
+  "application/vnd.anser-web-funds-transfer-initiation": {
+    "source": "apache",
+    "extensions": ["fti"]
+  },
+  "application/vnd.antix.game-component": {
+    "source": "iana",
+    "extensions": ["atx"]
+  },
+  "application/vnd.apache.arrow.file": {
+    "source": "iana"
+  },
+  "application/vnd.apache.arrow.stream": {
+    "source": "iana"
+  },
+  "application/vnd.apache.thrift.binary": {
+    "source": "iana"
+  },
+  "application/vnd.apache.thrift.compact": {
+    "source": "iana"
+  },
+  "application/vnd.apache.thrift.json": {
+    "source": "iana"
+  },
+  "application/vnd.api+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.aplextor.warrp+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.apothekende.reservation+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.apple.installer+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["mpkg"]
+  },
+  "application/vnd.apple.keynote": {
+    "source": "iana",
+    "extensions": ["key"]
+  },
+  "application/vnd.apple.mpegurl": {
+    "source": "iana",
+    "extensions": ["m3u8"]
+  },
+  "application/vnd.apple.numbers": {
+    "source": "iana",
+    "extensions": ["numbers"]
+  },
+  "application/vnd.apple.pages": {
+    "source": "iana",
+    "extensions": ["pages"]
+  },
+  "application/vnd.apple.pkpass": {
+    "compressible": false,
+    "extensions": ["pkpass"]
+  },
+  "application/vnd.arastra.swi": {
+    "source": "iana"
+  },
+  "application/vnd.aristanetworks.swi": {
+    "source": "iana",
+    "extensions": ["swi"]
+  },
+  "application/vnd.artisan+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.artsquare": {
+    "source": "iana"
+  },
+  "application/vnd.astraea-software.iota": {
+    "source": "iana",
+    "extensions": ["iota"]
+  },
+  "application/vnd.audiograph": {
+    "source": "iana",
+    "extensions": ["aep"]
+  },
+  "application/vnd.autopackage": {
+    "source": "iana"
+  },
+  "application/vnd.avalon+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.avistar+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.balsamiq.bmml+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["bmml"]
+  },
+  "application/vnd.balsamiq.bmpr": {
+    "source": "iana"
+  },
+  "application/vnd.banana-accounting": {
+    "source": "iana"
+  },
+  "application/vnd.bbf.usp.error": {
+    "source": "iana"
+  },
+  "application/vnd.bbf.usp.msg": {
+    "source": "iana"
+  },
+  "application/vnd.bbf.usp.msg+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.bekitzur-stech+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.bint.med-content": {
+    "source": "iana"
+  },
+  "application/vnd.biopax.rdf+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.blink-idb-value-wrapper": {
+    "source": "iana"
+  },
+  "application/vnd.blueice.multipass": {
+    "source": "iana",
+    "extensions": ["mpm"]
+  },
+  "application/vnd.bluetooth.ep.oob": {
+    "source": "iana"
+  },
+  "application/vnd.bluetooth.le.oob": {
+    "source": "iana"
+  },
+  "application/vnd.bmi": {
+    "source": "iana",
+    "extensions": ["bmi"]
+  },
+  "application/vnd.bpf": {
+    "source": "iana"
+  },
+  "application/vnd.bpf3": {
+    "source": "iana"
+  },
+  "application/vnd.businessobjects": {
+    "source": "iana",
+    "extensions": ["rep"]
+  },
+  "application/vnd.byu.uapi+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.cab-jscript": {
+    "source": "iana"
+  },
+  "application/vnd.canon-cpdl": {
+    "source": "iana"
+  },
+  "application/vnd.canon-lips": {
+    "source": "iana"
+  },
+  "application/vnd.capasystems-pg+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.cendio.thinlinc.clientconf": {
+    "source": "iana"
+  },
+  "application/vnd.century-systems.tcp_stream": {
+    "source": "iana"
+  },
+  "application/vnd.chemdraw+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["cdxml"]
+  },
+  "application/vnd.chess-pgn": {
+    "source": "iana"
+  },
+  "application/vnd.chipnuts.karaoke-mmd": {
+    "source": "iana",
+    "extensions": ["mmd"]
+  },
+  "application/vnd.ciedi": {
+    "source": "iana"
+  },
+  "application/vnd.cinderella": {
+    "source": "iana",
+    "extensions": ["cdy"]
+  },
+  "application/vnd.cirpack.isdn-ext": {
+    "source": "iana"
+  },
+  "application/vnd.citationstyles.style+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["csl"]
+  },
+  "application/vnd.claymore": {
+    "source": "iana",
+    "extensions": ["cla"]
+  },
+  "application/vnd.cloanto.rp9": {
+    "source": "iana",
+    "extensions": ["rp9"]
+  },
+  "application/vnd.clonk.c4group": {
+    "source": "iana",
+    "extensions": ["c4g","c4d","c4f","c4p","c4u"]
+  },
+  "application/vnd.cluetrust.cartomobile-config": {
+    "source": "iana",
+    "extensions": ["c11amc"]
+  },
+  "application/vnd.cluetrust.cartomobile-config-pkg": {
+    "source": "iana",
+    "extensions": ["c11amz"]
+  },
+  "application/vnd.coffeescript": {
+    "source": "iana"
+  },
+  "application/vnd.collabio.xodocuments.document": {
+    "source": "iana"
+  },
+  "application/vnd.collabio.xodocuments.document-template": {
+    "source": "iana"
+  },
+  "application/vnd.collabio.xodocuments.presentation": {
+    "source": "iana"
+  },
+  "application/vnd.collabio.xodocuments.presentation-template": {
+    "source": "iana"
+  },
+  "application/vnd.collabio.xodocuments.spreadsheet": {
+    "source": "iana"
+  },
+  "application/vnd.collabio.xodocuments.spreadsheet-template": {
+    "source": "iana"
+  },
+  "application/vnd.collection+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.collection.doc+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.collection.next+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.comicbook+zip": {
+    "source": "iana",
+    "compressible": false
+  },
+  "application/vnd.comicbook-rar": {
+    "source": "iana"
+  },
+  "application/vnd.commerce-battelle": {
+    "source": "iana"
+  },
+  "application/vnd.commonspace": {
+    "source": "iana",
+    "extensions": ["csp"]
+  },
+  "application/vnd.contact.cmsg": {
+    "source": "iana",
+    "extensions": ["cdbcmsg"]
+  },
+  "application/vnd.coreos.ignition+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.cosmocaller": {
+    "source": "iana",
+    "extensions": ["cmc"]
+  },
+  "application/vnd.crick.clicker": {
+    "source": "iana",
+    "extensions": ["clkx"]
+  },
+  "application/vnd.crick.clicker.keyboard": {
+    "source": "iana",
+    "extensions": ["clkk"]
+  },
+  "application/vnd.crick.clicker.palette": {
+    "source": "iana",
+    "extensions": ["clkp"]
+  },
+  "application/vnd.crick.clicker.template": {
+    "source": "iana",
+    "extensions": ["clkt"]
+  },
+  "application/vnd.crick.clicker.wordbank": {
+    "source": "iana",
+    "extensions": ["clkw"]
+  },
+  "application/vnd.criticaltools.wbs+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["wbs"]
+  },
+  "application/vnd.cryptii.pipe+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.crypto-shade-file": {
+    "source": "iana"
+  },
+  "application/vnd.cryptomator.encrypted": {
+    "source": "iana"
+  },
+  "application/vnd.cryptomator.vault": {
+    "source": "iana"
+  },
+  "application/vnd.ctc-posml": {
+    "source": "iana",
+    "extensions": ["pml"]
+  },
+  "application/vnd.ctct.ws+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.cups-pdf": {
+    "source": "iana"
+  },
+  "application/vnd.cups-postscript": {
+    "source": "iana"
+  },
+  "application/vnd.cups-ppd": {
+    "source": "iana",
+    "extensions": ["ppd"]
+  },
+  "application/vnd.cups-raster": {
+    "source": "iana"
+  },
+  "application/vnd.cups-raw": {
+    "source": "iana"
+  },
+  "application/vnd.curl": {
+    "source": "iana"
+  },
+  "application/vnd.curl.car": {
+    "source": "apache",
+    "extensions": ["car"]
+  },
+  "application/vnd.curl.pcurl": {
+    "source": "apache",
+    "extensions": ["pcurl"]
+  },
+  "application/vnd.cyan.dean.root+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.cybank": {
+    "source": "iana"
+  },
+  "application/vnd.cyclonedx+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.cyclonedx+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.d2l.coursepackage1p0+zip": {
+    "source": "iana",
+    "compressible": false
+  },
+  "application/vnd.d3m-dataset": {
+    "source": "iana"
+  },
+  "application/vnd.d3m-problem": {
+    "source": "iana"
+  },
+  "application/vnd.dart": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["dart"]
+  },
+  "application/vnd.data-vision.rdz": {
+    "source": "iana",
+    "extensions": ["rdz"]
+  },
+  "application/vnd.datapackage+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.dataresource+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.dbf": {
+    "source": "iana",
+    "extensions": ["dbf"]
+  },
+  "application/vnd.debian.binary-package": {
+    "source": "iana"
+  },
+  "application/vnd.dece.data": {
+    "source": "iana",
+    "extensions": ["uvf","uvvf","uvd","uvvd"]
+  },
+  "application/vnd.dece.ttml+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["uvt","uvvt"]
+  },
+  "application/vnd.dece.unspecified": {
+    "source": "iana",
+    "extensions": ["uvx","uvvx"]
+  },
+  "application/vnd.dece.zip": {
+    "source": "iana",
+    "extensions": ["uvz","uvvz"]
+  },
+  "application/vnd.denovo.fcselayout-link": {
+    "source": "iana",
+    "extensions": ["fe_launch"]
+  },
+  "application/vnd.desmume.movie": {
+    "source": "iana"
+  },
+  "application/vnd.dir-bi.plate-dl-nosuffix": {
+    "source": "iana"
+  },
+  "application/vnd.dm.delegation+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.dna": {
+    "source": "iana",
+    "extensions": ["dna"]
+  },
+  "application/vnd.document+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.dolby.mlp": {
+    "source": "apache",
+    "extensions": ["mlp"]
+  },
+  "application/vnd.dolby.mobile.1": {
+    "source": "iana"
+  },
+  "application/vnd.dolby.mobile.2": {
+    "source": "iana"
+  },
+  "application/vnd.doremir.scorecloud-binary-document": {
+    "source": "iana"
+  },
+  "application/vnd.dpgraph": {
+    "source": "iana",
+    "extensions": ["dpg"]
+  },
+  "application/vnd.dreamfactory": {
+    "source": "iana",
+    "extensions": ["dfac"]
+  },
+  "application/vnd.drive+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.ds-keypoint": {
+    "source": "apache",
+    "extensions": ["kpxx"]
+  },
+  "application/vnd.dtg.local": {
+    "source": "iana"
+  },
+  "application/vnd.dtg.local.flash": {
+    "source": "iana"
+  },
+  "application/vnd.dtg.local.html": {
+    "source": "iana"
+  },
+  "application/vnd.dvb.ait": {
+    "source": "iana",
+    "extensions": ["ait"]
+  },
+  "application/vnd.dvb.dvbisl+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.dvb.dvbj": {
+    "source": "iana"
+  },
+  "application/vnd.dvb.esgcontainer": {
+    "source": "iana"
+  },
+  "application/vnd.dvb.ipdcdftnotifaccess": {
+    "source": "iana"
+  },
+  "application/vnd.dvb.ipdcesgaccess": {
+    "source": "iana"
+  },
+  "application/vnd.dvb.ipdcesgaccess2": {
+    "source": "iana"
+  },
+  "application/vnd.dvb.ipdcesgpdd": {
+    "source": "iana"
+  },
+  "application/vnd.dvb.ipdcroaming": {
+    "source": "iana"
+  },
+  "application/vnd.dvb.iptv.alfec-base": {
+    "source": "iana"
+  },
+  "application/vnd.dvb.iptv.alfec-enhancement": {
+    "source": "iana"
+  },
+  "application/vnd.dvb.notif-aggregate-root+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.dvb.notif-container+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.dvb.notif-generic+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.dvb.notif-ia-msglist+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.dvb.notif-ia-registration-request+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.dvb.notif-ia-registration-response+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.dvb.notif-init+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.dvb.pfr": {
+    "source": "iana"
+  },
+  "application/vnd.dvb.service": {
+    "source": "iana",
+    "extensions": ["svc"]
+  },
+  "application/vnd.dxr": {
+    "source": "iana"
+  },
+  "application/vnd.dynageo": {
+    "source": "iana",
+    "extensions": ["geo"]
+  },
+  "application/vnd.dzr": {
+    "source": "iana"
+  },
+  "application/vnd.easykaraoke.cdgdownload": {
+    "source": "iana"
+  },
+  "application/vnd.ecdis-update": {
+    "source": "iana"
+  },
+  "application/vnd.ecip.rlp": {
+    "source": "iana"
+  },
+  "application/vnd.eclipse.ditto+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.ecowin.chart": {
+    "source": "iana",
+    "extensions": ["mag"]
+  },
+  "application/vnd.ecowin.filerequest": {
+    "source": "iana"
+  },
+  "application/vnd.ecowin.fileupdate": {
+    "source": "iana"
+  },
+  "application/vnd.ecowin.series": {
+    "source": "iana"
+  },
+  "application/vnd.ecowin.seriesrequest": {
+    "source": "iana"
+  },
+  "application/vnd.ecowin.seriesupdate": {
+    "source": "iana"
+  },
+  "application/vnd.efi.img": {
+    "source": "iana"
+  },
+  "application/vnd.efi.iso": {
+    "source": "iana"
+  },
+  "application/vnd.emclient.accessrequest+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.enliven": {
+    "source": "iana",
+    "extensions": ["nml"]
+  },
+  "application/vnd.enphase.envoy": {
+    "source": "iana"
+  },
+  "application/vnd.eprints.data+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.epson.esf": {
+    "source": "iana",
+    "extensions": ["esf"]
+  },
+  "application/vnd.epson.msf": {
+    "source": "iana",
+    "extensions": ["msf"]
+  },
+  "application/vnd.epson.quickanime": {
+    "source": "iana",
+    "extensions": ["qam"]
+  },
+  "application/vnd.epson.salt": {
+    "source": "iana",
+    "extensions": ["slt"]
+  },
+  "application/vnd.epson.ssf": {
+    "source": "iana",
+    "extensions": ["ssf"]
+  },
+  "application/vnd.ericsson.quickcall": {
+    "source": "iana"
+  },
+  "application/vnd.espass-espass+zip": {
+    "source": "iana",
+    "compressible": false
+  },
+  "application/vnd.eszigno3+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["es3","et3"]
+  },
+  "application/vnd.etsi.aoc+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.etsi.asic-e+zip": {
+    "source": "iana",
+    "compressible": false
+  },
+  "application/vnd.etsi.asic-s+zip": {
+    "source": "iana",
+    "compressible": false
+  },
+  "application/vnd.etsi.cug+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.etsi.iptvcommand+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.etsi.iptvdiscovery+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.etsi.iptvprofile+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.etsi.iptvsad-bc+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.etsi.iptvsad-cod+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.etsi.iptvsad-npvr+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.etsi.iptvservice+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.etsi.iptvsync+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.etsi.iptvueprofile+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.etsi.mcid+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.etsi.mheg5": {
+    "source": "iana"
+  },
+  "application/vnd.etsi.overload-control-policy-dataset+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.etsi.pstn+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.etsi.sci+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.etsi.simservs+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.etsi.timestamp-token": {
+    "source": "iana"
+  },
+  "application/vnd.etsi.tsl+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.etsi.tsl.der": {
+    "source": "iana"
+  },
+  "application/vnd.eu.kasparian.car+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.eudora.data": {
+    "source": "iana"
+  },
+  "application/vnd.evolv.ecig.profile": {
+    "source": "iana"
+  },
+  "application/vnd.evolv.ecig.settings": {
+    "source": "iana"
+  },
+  "application/vnd.evolv.ecig.theme": {
+    "source": "iana"
+  },
+  "application/vnd.exstream-empower+zip": {
+    "source": "iana",
+    "compressible": false
+  },
+  "application/vnd.exstream-package": {
+    "source": "iana"
+  },
+  "application/vnd.ezpix-album": {
+    "source": "iana",
+    "extensions": ["ez2"]
+  },
+  "application/vnd.ezpix-package": {
+    "source": "iana",
+    "extensions": ["ez3"]
+  },
+  "application/vnd.f-secure.mobile": {
+    "source": "iana"
+  },
+  "application/vnd.familysearch.gedcom+zip": {
+    "source": "iana",
+    "compressible": false
+  },
+  "application/vnd.fastcopy-disk-image": {
+    "source": "iana"
+  },
+  "application/vnd.fdf": {
+    "source": "iana",
+    "extensions": ["fdf"]
+  },
+  "application/vnd.fdsn.mseed": {
+    "source": "iana",
+    "extensions": ["mseed"]
+  },
+  "application/vnd.fdsn.seed": {
+    "source": "iana",
+    "extensions": ["seed","dataless"]
+  },
+  "application/vnd.ffsns": {
+    "source": "iana"
+  },
+  "application/vnd.ficlab.flb+zip": {
+    "source": "iana",
+    "compressible": false
+  },
+  "application/vnd.filmit.zfc": {
+    "source": "iana"
+  },
+  "application/vnd.fints": {
+    "source": "iana"
+  },
+  "application/vnd.firemonkeys.cloudcell": {
+    "source": "iana"
+  },
+  "application/vnd.flographit": {
+    "source": "iana",
+    "extensions": ["gph"]
+  },
+  "application/vnd.fluxtime.clip": {
+    "source": "iana",
+    "extensions": ["ftc"]
+  },
+  "application/vnd.font-fontforge-sfd": {
+    "source": "iana"
+  },
+  "application/vnd.framemaker": {
+    "source": "iana",
+    "extensions": ["fm","frame","maker","book"]
+  },
+  "application/vnd.frogans.fnc": {
+    "source": "iana",
+    "extensions": ["fnc"]
+  },
+  "application/vnd.frogans.ltf": {
+    "source": "iana",
+    "extensions": ["ltf"]
+  },
+  "application/vnd.fsc.weblaunch": {
+    "source": "iana",
+    "extensions": ["fsc"]
+  },
+  "application/vnd.fujifilm.fb.docuworks": {
+    "source": "iana"
+  },
+  "application/vnd.fujifilm.fb.docuworks.binder": {
+    "source": "iana"
+  },
+  "application/vnd.fujifilm.fb.docuworks.container": {
+    "source": "iana"
+  },
+  "application/vnd.fujifilm.fb.jfi+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.fujitsu.oasys": {
+    "source": "iana",
+    "extensions": ["oas"]
+  },
+  "application/vnd.fujitsu.oasys2": {
+    "source": "iana",
+    "extensions": ["oa2"]
+  },
+  "application/vnd.fujitsu.oasys3": {
+    "source": "iana",
+    "extensions": ["oa3"]
+  },
+  "application/vnd.fujitsu.oasysgp": {
+    "source": "iana",
+    "extensions": ["fg5"]
+  },
+  "application/vnd.fujitsu.oasysprs": {
+    "source": "iana",
+    "extensions": ["bh2"]
+  },
+  "application/vnd.fujixerox.art-ex": {
+    "source": "iana"
+  },
+  "application/vnd.fujixerox.art4": {
+    "source": "iana"
+  },
+  "application/vnd.fujixerox.ddd": {
+    "source": "iana",
+    "extensions": ["ddd"]
+  },
+  "application/vnd.fujixerox.docuworks": {
+    "source": "iana",
+    "extensions": ["xdw"]
+  },
+  "application/vnd.fujixerox.docuworks.binder": {
+    "source": "iana",
+    "extensions": ["xbd"]
+  },
+  "application/vnd.fujixerox.docuworks.container": {
+    "source": "iana"
+  },
+  "application/vnd.fujixerox.hbpl": {
+    "source": "iana"
+  },
+  "application/vnd.fut-misnet": {
+    "source": "iana"
+  },
+  "application/vnd.futoin+cbor": {
+    "source": "iana"
+  },
+  "application/vnd.futoin+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.fuzzysheet": {
+    "source": "iana",
+    "extensions": ["fzs"]
+  },
+  "application/vnd.genomatix.tuxedo": {
+    "source": "iana",
+    "extensions": ["txd"]
+  },
+  "application/vnd.gentics.grd+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.geo+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.geocube+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.geogebra.file": {
+    "source": "iana",
+    "extensions": ["ggb"]
+  },
+  "application/vnd.geogebra.slides": {
+    "source": "iana"
+  },
+  "application/vnd.geogebra.tool": {
+    "source": "iana",
+    "extensions": ["ggt"]
+  },
+  "application/vnd.geometry-explorer": {
+    "source": "iana",
+    "extensions": ["gex","gre"]
+  },
+  "application/vnd.geonext": {
+    "source": "iana",
+    "extensions": ["gxt"]
+  },
+  "application/vnd.geoplan": {
+    "source": "iana",
+    "extensions": ["g2w"]
+  },
+  "application/vnd.geospace": {
+    "source": "iana",
+    "extensions": ["g3w"]
+  },
+  "application/vnd.gerber": {
+    "source": "iana"
+  },
+  "application/vnd.globalplatform.card-content-mgt": {
+    "source": "iana"
+  },
+  "application/vnd.globalplatform.card-content-mgt-response": {
+    "source": "iana"
+  },
+  "application/vnd.gmx": {
+    "source": "iana",
+    "extensions": ["gmx"]
+  },
+  "application/vnd.google-apps.document": {
+    "compressible": false,
+    "extensions": ["gdoc"]
+  },
+  "application/vnd.google-apps.presentation": {
+    "compressible": false,
+    "extensions": ["gslides"]
+  },
+  "application/vnd.google-apps.spreadsheet": {
+    "compressible": false,
+    "extensions": ["gsheet"]
+  },
+  "application/vnd.google-earth.kml+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["kml"]
+  },
+  "application/vnd.google-earth.kmz": {
+    "source": "iana",
+    "compressible": false,
+    "extensions": ["kmz"]
+  },
+  "application/vnd.gov.sk.e-form+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.gov.sk.e-form+zip": {
+    "source": "iana",
+    "compressible": false
+  },
+  "application/vnd.gov.sk.xmldatacontainer+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.grafeq": {
+    "source": "iana",
+    "extensions": ["gqf","gqs"]
+  },
+  "application/vnd.gridmp": {
+    "source": "iana"
+  },
+  "application/vnd.groove-account": {
+    "source": "iana",
+    "extensions": ["gac"]
+  },
+  "application/vnd.groove-help": {
+    "source": "iana",
+    "extensions": ["ghf"]
+  },
+  "application/vnd.groove-identity-message": {
+    "source": "iana",
+    "extensions": ["gim"]
+  },
+  "application/vnd.groove-injector": {
+    "source": "iana",
+    "extensions": ["grv"]
+  },
+  "application/vnd.groove-tool-message": {
+    "source": "iana",
+    "extensions": ["gtm"]
+  },
+  "application/vnd.groove-tool-template": {
+    "source": "iana",
+    "extensions": ["tpl"]
+  },
+  "application/vnd.groove-vcard": {
+    "source": "iana",
+    "extensions": ["vcg"]
+  },
+  "application/vnd.hal+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.hal+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["hal"]
+  },
+  "application/vnd.handheld-entertainment+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["zmm"]
+  },
+  "application/vnd.hbci": {
+    "source": "iana",
+    "extensions": ["hbci"]
+  },
+  "application/vnd.hc+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.hcl-bireports": {
+    "source": "iana"
+  },
+  "application/vnd.hdt": {
+    "source": "iana"
+  },
+  "application/vnd.heroku+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.hhe.lesson-player": {
+    "source": "iana",
+    "extensions": ["les"]
+  },
+  "application/vnd.hl7cda+xml": {
+    "source": "iana",
+    "charset": "UTF-8",
+    "compressible": true
+  },
+  "application/vnd.hl7v2+xml": {
+    "source": "iana",
+    "charset": "UTF-8",
+    "compressible": true
+  },
+  "application/vnd.hp-hpgl": {
+    "source": "iana",
+    "extensions": ["hpgl"]
+  },
+  "application/vnd.hp-hpid": {
+    "source": "iana",
+    "extensions": ["hpid"]
+  },
+  "application/vnd.hp-hps": {
+    "source": "iana",
+    "extensions": ["hps"]
+  },
+  "application/vnd.hp-jlyt": {
+    "source": "iana",
+    "extensions": ["jlt"]
+  },
+  "application/vnd.hp-pcl": {
+    "source": "iana",
+    "extensions": ["pcl"]
+  },
+  "application/vnd.hp-pclxl": {
+    "source": "iana",
+    "extensions": ["pclxl"]
+  },
+  "application/vnd.httphone": {
+    "source": "iana"
+  },
+  "application/vnd.hydrostatix.sof-data": {
+    "source": "iana",
+    "extensions": ["sfd-hdstx"]
+  },
+  "application/vnd.hyper+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.hyper-item+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.hyperdrive+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.hzn-3d-crossword": {
+    "source": "iana"
+  },
+  "application/vnd.ibm.afplinedata": {
+    "source": "iana"
+  },
+  "application/vnd.ibm.electronic-media": {
+    "source": "iana"
+  },
+  "application/vnd.ibm.minipay": {
+    "source": "iana",
+    "extensions": ["mpy"]
+  },
+  "application/vnd.ibm.modcap": {
+    "source": "iana",
+    "extensions": ["afp","listafp","list3820"]
+  },
+  "application/vnd.ibm.rights-management": {
+    "source": "iana",
+    "extensions": ["irm"]
+  },
+  "application/vnd.ibm.secure-container": {
+    "source": "iana",
+    "extensions": ["sc"]
+  },
+  "application/vnd.iccprofile": {
+    "source": "iana",
+    "extensions": ["icc","icm"]
+  },
+  "application/vnd.ieee.1905": {
+    "source": "iana"
+  },
+  "application/vnd.igloader": {
+    "source": "iana",
+    "extensions": ["igl"]
+  },
+  "application/vnd.imagemeter.folder+zip": {
+    "source": "iana",
+    "compressible": false
+  },
+  "application/vnd.imagemeter.image+zip": {
+    "source": "iana",
+    "compressible": false
+  },
+  "application/vnd.immervision-ivp": {
+    "source": "iana",
+    "extensions": ["ivp"]
+  },
+  "application/vnd.immervision-ivu": {
+    "source": "iana",
+    "extensions": ["ivu"]
+  },
+  "application/vnd.ims.imsccv1p1": {
+    "source": "iana"
+  },
+  "application/vnd.ims.imsccv1p2": {
+    "source": "iana"
+  },
+  "application/vnd.ims.imsccv1p3": {
+    "source": "iana"
+  },
+  "application/vnd.ims.lis.v2.result+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.ims.lti.v2.toolconsumerprofile+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.ims.lti.v2.toolproxy+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.ims.lti.v2.toolproxy.id+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.ims.lti.v2.toolsettings+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.ims.lti.v2.toolsettings.simple+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.informedcontrol.rms+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.informix-visionary": {
+    "source": "iana"
+  },
+  "application/vnd.infotech.project": {
+    "source": "iana"
+  },
+  "application/vnd.infotech.project+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.innopath.wamp.notification": {
+    "source": "iana"
+  },
+  "application/vnd.insors.igm": {
+    "source": "iana",
+    "extensions": ["igm"]
+  },
+  "application/vnd.intercon.formnet": {
+    "source": "iana",
+    "extensions": ["xpw","xpx"]
+  },
+  "application/vnd.intergeo": {
+    "source": "iana",
+    "extensions": ["i2g"]
+  },
+  "application/vnd.intertrust.digibox": {
+    "source": "iana"
+  },
+  "application/vnd.intertrust.nncp": {
+    "source": "iana"
+  },
+  "application/vnd.intu.qbo": {
+    "source": "iana",
+    "extensions": ["qbo"]
+  },
+  "application/vnd.intu.qfx": {
+    "source": "iana",
+    "extensions": ["qfx"]
+  },
+  "application/vnd.iptc.g2.catalogitem+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.iptc.g2.conceptitem+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.iptc.g2.knowledgeitem+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.iptc.g2.newsitem+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.iptc.g2.newsmessage+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.iptc.g2.packageitem+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.iptc.g2.planningitem+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.ipunplugged.rcprofile": {
+    "source": "iana",
+    "extensions": ["rcprofile"]
+  },
+  "application/vnd.irepository.package+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["irp"]
+  },
+  "application/vnd.is-xpr": {
+    "source": "iana",
+    "extensions": ["xpr"]
+  },
+  "application/vnd.isac.fcs": {
+    "source": "iana",
+    "extensions": ["fcs"]
+  },
+  "application/vnd.iso11783-10+zip": {
+    "source": "iana",
+    "compressible": false
+  },
+  "application/vnd.jam": {
+    "source": "iana",
+    "extensions": ["jam"]
+  },
+  "application/vnd.japannet-directory-service": {
+    "source": "iana"
+  },
+  "application/vnd.japannet-jpnstore-wakeup": {
+    "source": "iana"
+  },
+  "application/vnd.japannet-payment-wakeup": {
+    "source": "iana"
+  },
+  "application/vnd.japannet-registration": {
+    "source": "iana"
+  },
+  "application/vnd.japannet-registration-wakeup": {
+    "source": "iana"
+  },
+  "application/vnd.japannet-setstore-wakeup": {
+    "source": "iana"
+  },
+  "application/vnd.japannet-verification": {
+    "source": "iana"
+  },
+  "application/vnd.japannet-verification-wakeup": {
+    "source": "iana"
+  },
+  "application/vnd.jcp.javame.midlet-rms": {
+    "source": "iana",
+    "extensions": ["rms"]
+  },
+  "application/vnd.jisp": {
+    "source": "iana",
+    "extensions": ["jisp"]
+  },
+  "application/vnd.joost.joda-archive": {
+    "source": "iana",
+    "extensions": ["joda"]
+  },
+  "application/vnd.jsk.isdn-ngn": {
+    "source": "iana"
+  },
+  "application/vnd.kahootz": {
+    "source": "iana",
+    "extensions": ["ktz","ktr"]
+  },
+  "application/vnd.kde.karbon": {
+    "source": "iana",
+    "extensions": ["karbon"]
+  },
+  "application/vnd.kde.kchart": {
+    "source": "iana",
+    "extensions": ["chrt"]
+  },
+  "application/vnd.kde.kformula": {
+    "source": "iana",
+    "extensions": ["kfo"]
+  },
+  "application/vnd.kde.kivio": {
+    "source": "iana",
+    "extensions": ["flw"]
+  },
+  "application/vnd.kde.kontour": {
+    "source": "iana",
+    "extensions": ["kon"]
+  },
+  "application/vnd.kde.kpresenter": {
+    "source": "iana",
+    "extensions": ["kpr","kpt"]
+  },
+  "application/vnd.kde.kspread": {
+    "source": "iana",
+    "extensions": ["ksp"]
+  },
+  "application/vnd.kde.kword": {
+    "source": "iana",
+    "extensions": ["kwd","kwt"]
+  },
+  "application/vnd.kenameaapp": {
+    "source": "iana",
+    "extensions": ["htke"]
+  },
+  "application/vnd.kidspiration": {
+    "source": "iana",
+    "extensions": ["kia"]
+  },
+  "application/vnd.kinar": {
+    "source": "iana",
+    "extensions": ["kne","knp"]
+  },
+  "application/vnd.koan": {
+    "source": "iana",
+    "extensions": ["skp","skd","skt","skm"]
+  },
+  "application/vnd.kodak-descriptor": {
+    "source": "iana",
+    "extensions": ["sse"]
+  },
+  "application/vnd.las": {
+    "source": "iana"
+  },
+  "application/vnd.las.las+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.las.las+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["lasxml"]
+  },
+  "application/vnd.laszip": {
+    "source": "iana"
+  },
+  "application/vnd.leap+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.liberty-request+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.llamagraphics.life-balance.desktop": {
+    "source": "iana",
+    "extensions": ["lbd"]
+  },
+  "application/vnd.llamagraphics.life-balance.exchange+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["lbe"]
+  },
+  "application/vnd.logipipe.circuit+zip": {
+    "source": "iana",
+    "compressible": false
+  },
+  "application/vnd.loom": {
+    "source": "iana"
+  },
+  "application/vnd.lotus-1-2-3": {
+    "source": "iana",
+    "extensions": ["123"]
+  },
+  "application/vnd.lotus-approach": {
+    "source": "iana",
+    "extensions": ["apr"]
+  },
+  "application/vnd.lotus-freelance": {
+    "source": "iana",
+    "extensions": ["pre"]
+  },
+  "application/vnd.lotus-notes": {
+    "source": "iana",
+    "extensions": ["nsf"]
+  },
+  "application/vnd.lotus-organizer": {
+    "source": "iana",
+    "extensions": ["org"]
+  },
+  "application/vnd.lotus-screencam": {
+    "source": "iana",
+    "extensions": ["scm"]
+  },
+  "application/vnd.lotus-wordpro": {
+    "source": "iana",
+    "extensions": ["lwp"]
+  },
+  "application/vnd.macports.portpkg": {
+    "source": "iana",
+    "extensions": ["portpkg"]
+  },
+  "application/vnd.mapbox-vector-tile": {
+    "source": "iana",
+    "extensions": ["mvt"]
+  },
+  "application/vnd.marlin.drm.actiontoken+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.marlin.drm.conftoken+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.marlin.drm.license+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.marlin.drm.mdcf": {
+    "source": "iana"
+  },
+  "application/vnd.mason+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.maxar.archive.3tz+zip": {
+    "source": "iana",
+    "compressible": false
+  },
+  "application/vnd.maxmind.maxmind-db": {
+    "source": "iana"
+  },
+  "application/vnd.mcd": {
+    "source": "iana",
+    "extensions": ["mcd"]
+  },
+  "application/vnd.medcalcdata": {
+    "source": "iana",
+    "extensions": ["mc1"]
+  },
+  "application/vnd.mediastation.cdkey": {
+    "source": "iana",
+    "extensions": ["cdkey"]
+  },
+  "application/vnd.meridian-slingshot": {
+    "source": "iana"
+  },
+  "application/vnd.mfer": {
+    "source": "iana",
+    "extensions": ["mwf"]
+  },
+  "application/vnd.mfmp": {
+    "source": "iana",
+    "extensions": ["mfm"]
+  },
+  "application/vnd.micro+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.micrografx.flo": {
+    "source": "iana",
+    "extensions": ["flo"]
+  },
+  "application/vnd.micrografx.igx": {
+    "source": "iana",
+    "extensions": ["igx"]
+  },
+  "application/vnd.microsoft.portable-executable": {
+    "source": "iana"
+  },
+  "application/vnd.microsoft.windows.thumbnail-cache": {
+    "source": "iana"
+  },
+  "application/vnd.miele+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.mif": {
+    "source": "iana",
+    "extensions": ["mif"]
+  },
+  "application/vnd.minisoft-hp3000-save": {
+    "source": "iana"
+  },
+  "application/vnd.mitsubishi.misty-guard.trustweb": {
+    "source": "iana"
+  },
+  "application/vnd.mobius.daf": {
+    "source": "iana",
+    "extensions": ["daf"]
+  },
+  "application/vnd.mobius.dis": {
+    "source": "iana",
+    "extensions": ["dis"]
+  },
+  "application/vnd.mobius.mbk": {
+    "source": "iana",
+    "extensions": ["mbk"]
+  },
+  "application/vnd.mobius.mqy": {
+    "source": "iana",
+    "extensions": ["mqy"]
+  },
+  "application/vnd.mobius.msl": {
+    "source": "iana",
+    "extensions": ["msl"]
+  },
+  "application/vnd.mobius.plc": {
+    "source": "iana",
+    "extensions": ["plc"]
+  },
+  "application/vnd.mobius.txf": {
+    "source": "iana",
+    "extensions": ["txf"]
+  },
+  "application/vnd.mophun.application": {
+    "source": "iana",
+    "extensions": ["mpn"]
+  },
+  "application/vnd.mophun.certificate": {
+    "source": "iana",
+    "extensions": ["mpc"]
+  },
+  "application/vnd.motorola.flexsuite": {
+    "source": "iana"
+  },
+  "application/vnd.motorola.flexsuite.adsi": {
+    "source": "iana"
+  },
+  "application/vnd.motorola.flexsuite.fis": {
+    "source": "iana"
+  },
+  "application/vnd.motorola.flexsuite.gotap": {
+    "source": "iana"
+  },
+  "application/vnd.motorola.flexsuite.kmr": {
+    "source": "iana"
+  },
+  "application/vnd.motorola.flexsuite.ttc": {
+    "source": "iana"
+  },
+  "application/vnd.motorola.flexsuite.wem": {
+    "source": "iana"
+  },
+  "application/vnd.motorola.iprm": {
+    "source": "iana"
+  },
+  "application/vnd.mozilla.xul+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["xul"]
+  },
+  "application/vnd.ms-3mfdocument": {
+    "source": "iana"
+  },
+  "application/vnd.ms-artgalry": {
+    "source": "iana",
+    "extensions": ["cil"]
+  },
+  "application/vnd.ms-asf": {
+    "source": "iana"
+  },
+  "application/vnd.ms-cab-compressed": {
+    "source": "iana",
+    "extensions": ["cab"]
+  },
+  "application/vnd.ms-color.iccprofile": {
+    "source": "apache"
+  },
+  "application/vnd.ms-excel": {
+    "source": "iana",
+    "compressible": false,
+    "extensions": ["xls","xlm","xla","xlc","xlt","xlw"]
+  },
+  "application/vnd.ms-excel.addin.macroenabled.12": {
+    "source": "iana",
+    "extensions": ["xlam"]
+  },
+  "application/vnd.ms-excel.sheet.binary.macroenabled.12": {
+    "source": "iana",
+    "extensions": ["xlsb"]
+  },
+  "application/vnd.ms-excel.sheet.macroenabled.12": {
+    "source": "iana",
+    "extensions": ["xlsm"]
+  },
+  "application/vnd.ms-excel.template.macroenabled.12": {
+    "source": "iana",
+    "extensions": ["xltm"]
+  },
+  "application/vnd.ms-fontobject": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["eot"]
+  },
+  "application/vnd.ms-htmlhelp": {
+    "source": "iana",
+    "extensions": ["chm"]
+  },
+  "application/vnd.ms-ims": {
+    "source": "iana",
+    "extensions": ["ims"]
+  },
+  "application/vnd.ms-lrm": {
+    "source": "iana",
+    "extensions": ["lrm"]
+  },
+  "application/vnd.ms-office.activex+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.ms-officetheme": {
+    "source": "iana",
+    "extensions": ["thmx"]
+  },
+  "application/vnd.ms-opentype": {
+    "source": "apache",
+    "compressible": true
+  },
+  "application/vnd.ms-outlook": {
+    "compressible": false,
+    "extensions": ["msg"]
+  },
+  "application/vnd.ms-package.obfuscated-opentype": {
+    "source": "apache"
+  },
+  "application/vnd.ms-pki.seccat": {
+    "source": "apache",
+    "extensions": ["cat"]
+  },
+  "application/vnd.ms-pki.stl": {
+    "source": "apache",
+    "extensions": ["stl"]
+  },
+  "application/vnd.ms-playready.initiator+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.ms-powerpoint": {
+    "source": "iana",
+    "compressible": false,
+    "extensions": ["ppt","pps","pot"]
+  },
+  "application/vnd.ms-powerpoint.addin.macroenabled.12": {
+    "source": "iana",
+    "extensions": ["ppam"]
+  },
+  "application/vnd.ms-powerpoint.presentation.macroenabled.12": {
+    "source": "iana",
+    "extensions": ["pptm"]
+  },
+  "application/vnd.ms-powerpoint.slide.macroenabled.12": {
+    "source": "iana",
+    "extensions": ["sldm"]
+  },
+  "application/vnd.ms-powerpoint.slideshow.macroenabled.12": {
+    "source": "iana",
+    "extensions": ["ppsm"]
+  },
+  "application/vnd.ms-powerpoint.template.macroenabled.12": {
+    "source": "iana",
+    "extensions": ["potm"]
+  },
+  "application/vnd.ms-printdevicecapabilities+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.ms-printing.printticket+xml": {
+    "source": "apache",
+    "compressible": true
+  },
+  "application/vnd.ms-printschematicket+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.ms-project": {
+    "source": "iana",
+    "extensions": ["mpp","mpt"]
+  },
+  "application/vnd.ms-tnef": {
+    "source": "iana"
+  },
+  "application/vnd.ms-windows.devicepairing": {
+    "source": "iana"
+  },
+  "application/vnd.ms-windows.nwprinting.oob": {
+    "source": "iana"
+  },
+  "application/vnd.ms-windows.printerpairing": {
+    "source": "iana"
+  },
+  "application/vnd.ms-windows.wsd.oob": {
+    "source": "iana"
+  },
+  "application/vnd.ms-wmdrm.lic-chlg-req": {
+    "source": "iana"
+  },
+  "application/vnd.ms-wmdrm.lic-resp": {
+    "source": "iana"
+  },
+  "application/vnd.ms-wmdrm.meter-chlg-req": {
+    "source": "iana"
+  },
+  "application/vnd.ms-wmdrm.meter-resp": {
+    "source": "iana"
+  },
+  "application/vnd.ms-word.document.macroenabled.12": {
+    "source": "iana",
+    "extensions": ["docm"]
+  },
+  "application/vnd.ms-word.template.macroenabled.12": {
+    "source": "iana",
+    "extensions": ["dotm"]
+  },
+  "application/vnd.ms-works": {
+    "source": "iana",
+    "extensions": ["wps","wks","wcm","wdb"]
+  },
+  "application/vnd.ms-wpl": {
+    "source": "iana",
+    "extensions": ["wpl"]
+  },
+  "application/vnd.ms-xpsdocument": {
+    "source": "iana",
+    "compressible": false,
+    "extensions": ["xps"]
+  },
+  "application/vnd.msa-disk-image": {
+    "source": "iana"
+  },
+  "application/vnd.mseq": {
+    "source": "iana",
+    "extensions": ["mseq"]
+  },
+  "application/vnd.msign": {
+    "source": "iana"
+  },
+  "application/vnd.multiad.creator": {
+    "source": "iana"
+  },
+  "application/vnd.multiad.creator.cif": {
+    "source": "iana"
+  },
+  "application/vnd.music-niff": {
+    "source": "iana"
+  },
+  "application/vnd.musician": {
+    "source": "iana",
+    "extensions": ["mus"]
+  },
+  "application/vnd.muvee.style": {
+    "source": "iana",
+    "extensions": ["msty"]
+  },
+  "application/vnd.mynfc": {
+    "source": "iana",
+    "extensions": ["taglet"]
+  },
+  "application/vnd.nacamar.ybrid+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.ncd.control": {
+    "source": "iana"
+  },
+  "application/vnd.ncd.reference": {
+    "source": "iana"
+  },
+  "application/vnd.nearst.inv+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.nebumind.line": {
+    "source": "iana"
+  },
+  "application/vnd.nervana": {
+    "source": "iana"
+  },
+  "application/vnd.netfpx": {
+    "source": "iana"
+  },
+  "application/vnd.neurolanguage.nlu": {
+    "source": "iana",
+    "extensions": ["nlu"]
+  },
+  "application/vnd.nimn": {
+    "source": "iana"
+  },
+  "application/vnd.nintendo.nitro.rom": {
+    "source": "iana"
+  },
+  "application/vnd.nintendo.snes.rom": {
+    "source": "iana"
+  },
+  "application/vnd.nitf": {
+    "source": "iana",
+    "extensions": ["ntf","nitf"]
+  },
+  "application/vnd.noblenet-directory": {
+    "source": "iana",
+    "extensions": ["nnd"]
+  },
+  "application/vnd.noblenet-sealer": {
+    "source": "iana",
+    "extensions": ["nns"]
+  },
+  "application/vnd.noblenet-web": {
+    "source": "iana",
+    "extensions": ["nnw"]
+  },
+  "application/vnd.nokia.catalogs": {
+    "source": "iana"
+  },
+  "application/vnd.nokia.conml+wbxml": {
+    "source": "iana"
+  },
+  "application/vnd.nokia.conml+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.nokia.iptv.config+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.nokia.isds-radio-presets": {
+    "source": "iana"
+  },
+  "application/vnd.nokia.landmark+wbxml": {
+    "source": "iana"
+  },
+  "application/vnd.nokia.landmark+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.nokia.landmarkcollection+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.nokia.n-gage.ac+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["ac"]
+  },
+  "application/vnd.nokia.n-gage.data": {
+    "source": "iana",
+    "extensions": ["ngdat"]
+  },
+  "application/vnd.nokia.n-gage.symbian.install": {
+    "source": "iana",
+    "extensions": ["n-gage"]
+  },
+  "application/vnd.nokia.ncd": {
+    "source": "iana"
+  },
+  "application/vnd.nokia.pcd+wbxml": {
+    "source": "iana"
+  },
+  "application/vnd.nokia.pcd+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.nokia.radio-preset": {
+    "source": "iana",
+    "extensions": ["rpst"]
+  },
+  "application/vnd.nokia.radio-presets": {
+    "source": "iana",
+    "extensions": ["rpss"]
+  },
+  "application/vnd.novadigm.edm": {
+    "source": "iana",
+    "extensions": ["edm"]
+  },
+  "application/vnd.novadigm.edx": {
+    "source": "iana",
+    "extensions": ["edx"]
+  },
+  "application/vnd.novadigm.ext": {
+    "source": "iana",
+    "extensions": ["ext"]
+  },
+  "application/vnd.ntt-local.content-share": {
+    "source": "iana"
+  },
+  "application/vnd.ntt-local.file-transfer": {
+    "source": "iana"
+  },
+  "application/vnd.ntt-local.ogw_remote-access": {
+    "source": "iana"
+  },
+  "application/vnd.ntt-local.sip-ta_remote": {
+    "source": "iana"
+  },
+  "application/vnd.ntt-local.sip-ta_tcp_stream": {
+    "source": "iana"
+  },
+  "application/vnd.oasis.opendocument.chart": {
+    "source": "iana",
+    "extensions": ["odc"]
+  },
+  "application/vnd.oasis.opendocument.chart-template": {
+    "source": "iana",
+    "extensions": ["otc"]
+  },
+  "application/vnd.oasis.opendocument.database": {
+    "source": "iana",
+    "extensions": ["odb"]
+  },
+  "application/vnd.oasis.opendocument.formula": {
+    "source": "iana",
+    "extensions": ["odf"]
+  },
+  "application/vnd.oasis.opendocument.formula-template": {
+    "source": "iana",
+    "extensions": ["odft"]
+  },
+  "application/vnd.oasis.opendocument.graphics": {
+    "source": "iana",
+    "compressible": false,
+    "extensions": ["odg"]
+  },
+  "application/vnd.oasis.opendocument.graphics-template": {
+    "source": "iana",
+    "extensions": ["otg"]
+  },
+  "application/vnd.oasis.opendocument.image": {
+    "source": "iana",
+    "extensions": ["odi"]
+  },
+  "application/vnd.oasis.opendocument.image-template": {
+    "source": "iana",
+    "extensions": ["oti"]
+  },
+  "application/vnd.oasis.opendocument.presentation": {
+    "source": "iana",
+    "compressible": false,
+    "extensions": ["odp"]
+  },
+  "application/vnd.oasis.opendocument.presentation-template": {
+    "source": "iana",
+    "extensions": ["otp"]
+  },
+  "application/vnd.oasis.opendocument.spreadsheet": {
+    "source": "iana",
+    "compressible": false,
+    "extensions": ["ods"]
+  },
+  "application/vnd.oasis.opendocument.spreadsheet-template": {
+    "source": "iana",
+    "extensions": ["ots"]
+  },
+  "application/vnd.oasis.opendocument.text": {
+    "source": "iana",
+    "compressible": false,
+    "extensions": ["odt"]
+  },
+  "application/vnd.oasis.opendocument.text-master": {
+    "source": "iana",
+    "extensions": ["odm"]
+  },
+  "application/vnd.oasis.opendocument.text-template": {
+    "source": "iana",
+    "extensions": ["ott"]
+  },
+  "application/vnd.oasis.opendocument.text-web": {
+    "source": "iana",
+    "extensions": ["oth"]
+  },
+  "application/vnd.obn": {
+    "source": "iana"
+  },
+  "application/vnd.ocf+cbor": {
+    "source": "iana"
+  },
+  "application/vnd.oci.image.manifest.v1+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.oftn.l10n+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.oipf.contentaccessdownload+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.oipf.contentaccessstreaming+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.oipf.cspg-hexbinary": {
+    "source": "iana"
+  },
+  "application/vnd.oipf.dae.svg+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.oipf.dae.xhtml+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.oipf.mippvcontrolmessage+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.oipf.pae.gem": {
+    "source": "iana"
+  },
+  "application/vnd.oipf.spdiscovery+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.oipf.spdlist+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.oipf.ueprofile+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.oipf.userprofile+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.olpc-sugar": {
+    "source": "iana",
+    "extensions": ["xo"]
+  },
+  "application/vnd.oma-scws-config": {
+    "source": "iana"
+  },
+  "application/vnd.oma-scws-http-request": {
+    "source": "iana"
+  },
+  "application/vnd.oma-scws-http-response": {
+    "source": "iana"
+  },
+  "application/vnd.oma.bcast.associated-procedure-parameter+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.oma.bcast.drm-trigger+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.oma.bcast.imd+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.oma.bcast.ltkm": {
+    "source": "iana"
+  },
+  "application/vnd.oma.bcast.notification+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.oma.bcast.provisioningtrigger": {
+    "source": "iana"
+  },
+  "application/vnd.oma.bcast.sgboot": {
+    "source": "iana"
+  },
+  "application/vnd.oma.bcast.sgdd+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.oma.bcast.sgdu": {
+    "source": "iana"
+  },
+  "application/vnd.oma.bcast.simple-symbol-container": {
+    "source": "iana"
+  },
+  "application/vnd.oma.bcast.smartcard-trigger+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.oma.bcast.sprov+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.oma.bcast.stkm": {
+    "source": "iana"
+  },
+  "application/vnd.oma.cab-address-book+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.oma.cab-feature-handler+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.oma.cab-pcc+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.oma.cab-subs-invite+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.oma.cab-user-prefs+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.oma.dcd": {
+    "source": "iana"
+  },
+  "application/vnd.oma.dcdc": {
+    "source": "iana"
+  },
+  "application/vnd.oma.dd2+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["dd2"]
+  },
+  "application/vnd.oma.drm.risd+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.oma.group-usage-list+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.oma.lwm2m+cbor": {
+    "source": "iana"
+  },
+  "application/vnd.oma.lwm2m+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.oma.lwm2m+tlv": {
+    "source": "iana"
+  },
+  "application/vnd.oma.pal+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.oma.poc.detailed-progress-report+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.oma.poc.final-report+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.oma.poc.groups+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.oma.poc.invocation-descriptor+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.oma.poc.optimized-progress-report+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.oma.push": {
+    "source": "iana"
+  },
+  "application/vnd.oma.scidm.messages+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.oma.xcap-directory+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.omads-email+xml": {
+    "source": "iana",
+    "charset": "UTF-8",
+    "compressible": true
+  },
+  "application/vnd.omads-file+xml": {
+    "source": "iana",
+    "charset": "UTF-8",
+    "compressible": true
+  },
+  "application/vnd.omads-folder+xml": {
+    "source": "iana",
+    "charset": "UTF-8",
+    "compressible": true
+  },
+  "application/vnd.omaloc-supl-init": {
+    "source": "iana"
+  },
+  "application/vnd.onepager": {
+    "source": "iana"
+  },
+  "application/vnd.onepagertamp": {
+    "source": "iana"
+  },
+  "application/vnd.onepagertamx": {
+    "source": "iana"
+  },
+  "application/vnd.onepagertat": {
+    "source": "iana"
+  },
+  "application/vnd.onepagertatp": {
+    "source": "iana"
+  },
+  "application/vnd.onepagertatx": {
+    "source": "iana"
+  },
+  "application/vnd.openblox.game+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["obgx"]
+  },
+  "application/vnd.openblox.game-binary": {
+    "source": "iana"
+  },
+  "application/vnd.openeye.oeb": {
+    "source": "iana"
+  },
+  "application/vnd.openofficeorg.extension": {
+    "source": "apache",
+    "extensions": ["oxt"]
+  },
+  "application/vnd.openstreetmap.data+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["osm"]
+  },
+  "application/vnd.opentimestamps.ots": {
+    "source": "iana"
+  },
+  "application/vnd.openxmlformats-officedocument.custom-properties+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.customxmlproperties+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.drawing+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.drawingml.chart+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.drawingml.chartshapes+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.drawingml.diagramcolors+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.drawingml.diagramdata+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.drawingml.diagramlayout+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.drawingml.diagramstyle+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.extended-properties+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.presentationml.commentauthors+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.presentationml.comments+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.presentationml.handoutmaster+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.presentationml.notesmaster+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.presentationml.notesslide+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.presentationml.presentation": {
+    "source": "iana",
+    "compressible": false,
+    "extensions": ["pptx"]
+  },
+  "application/vnd.openxmlformats-officedocument.presentationml.presentation.main+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.presentationml.presprops+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.presentationml.slide": {
+    "source": "iana",
+    "extensions": ["sldx"]
+  },
+  "application/vnd.openxmlformats-officedocument.presentationml.slide+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.presentationml.slidelayout+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.presentationml.slidemaster+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.presentationml.slideshow": {
+    "source": "iana",
+    "extensions": ["ppsx"]
+  },
+  "application/vnd.openxmlformats-officedocument.presentationml.slideshow.main+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.presentationml.slideupdateinfo+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.presentationml.tablestyles+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.presentationml.tags+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.presentationml.template": {
+    "source": "iana",
+    "extensions": ["potx"]
+  },
+  "application/vnd.openxmlformats-officedocument.presentationml.template.main+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.presentationml.viewprops+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.spreadsheetml.calcchain+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.spreadsheetml.chartsheet+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.spreadsheetml.comments+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.spreadsheetml.connections+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.spreadsheetml.dialogsheet+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.spreadsheetml.externallink+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.spreadsheetml.pivotcachedefinition+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.spreadsheetml.pivotcacherecords+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.spreadsheetml.pivottable+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.spreadsheetml.querytable+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.spreadsheetml.revisionheaders+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.spreadsheetml.revisionlog+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.spreadsheetml.sharedstrings+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet": {
+    "source": "iana",
+    "compressible": false,
+    "extensions": ["xlsx"]
+  },
+  "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet.main+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.spreadsheetml.sheetmetadata+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.spreadsheetml.styles+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.spreadsheetml.table+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.spreadsheetml.tablesinglecells+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.spreadsheetml.template": {
+    "source": "iana",
+    "extensions": ["xltx"]
+  },
+  "application/vnd.openxmlformats-officedocument.spreadsheetml.template.main+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.spreadsheetml.usernames+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.spreadsheetml.volatiledependencies+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.spreadsheetml.worksheet+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.theme+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.themeoverride+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.vmldrawing": {
+    "source": "iana"
+  },
+  "application/vnd.openxmlformats-officedocument.wordprocessingml.comments+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.wordprocessingml.document": {
+    "source": "iana",
+    "compressible": false,
+    "extensions": ["docx"]
+  },
+  "application/vnd.openxmlformats-officedocument.wordprocessingml.document.glossary+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.wordprocessingml.document.main+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.wordprocessingml.endnotes+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.wordprocessingml.fonttable+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.wordprocessingml.footer+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.wordprocessingml.footnotes+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.wordprocessingml.numbering+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.wordprocessingml.settings+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.wordprocessingml.styles+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.wordprocessingml.template": {
+    "source": "iana",
+    "extensions": ["dotx"]
+  },
+  "application/vnd.openxmlformats-officedocument.wordprocessingml.template.main+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-officedocument.wordprocessingml.websettings+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-package.core-properties+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-package.digital-signature-xmlsignature+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.openxmlformats-package.relationships+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.oracle.resource+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.orange.indata": {
+    "source": "iana"
+  },
+  "application/vnd.osa.netdeploy": {
+    "source": "iana"
+  },
+  "application/vnd.osgeo.mapguide.package": {
+    "source": "iana",
+    "extensions": ["mgp"]
+  },
+  "application/vnd.osgi.bundle": {
+    "source": "iana"
+  },
+  "application/vnd.osgi.dp": {
+    "source": "iana",
+    "extensions": ["dp"]
+  },
+  "application/vnd.osgi.subsystem": {
+    "source": "iana",
+    "extensions": ["esa"]
+  },
+  "application/vnd.otps.ct-kip+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.oxli.countgraph": {
+    "source": "iana"
+  },
+  "application/vnd.pagerduty+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.palm": {
+    "source": "iana",
+    "extensions": ["pdb","pqa","oprc"]
+  },
+  "application/vnd.panoply": {
+    "source": "iana"
+  },
+  "application/vnd.paos.xml": {
+    "source": "iana"
+  },
+  "application/vnd.patentdive": {
+    "source": "iana"
+  },
+  "application/vnd.patientecommsdoc": {
+    "source": "iana"
+  },
+  "application/vnd.pawaafile": {
+    "source": "iana",
+    "extensions": ["paw"]
+  },
+  "application/vnd.pcos": {
+    "source": "iana"
+  },
+  "application/vnd.pg.format": {
+    "source": "iana",
+    "extensions": ["str"]
+  },
+  "application/vnd.pg.osasli": {
+    "source": "iana",
+    "extensions": ["ei6"]
+  },
+  "application/vnd.piaccess.application-licence": {
+    "source": "iana"
+  },
+  "application/vnd.picsel": {
+    "source": "iana",
+    "extensions": ["efif"]
+  },
+  "application/vnd.pmi.widget": {
+    "source": "iana",
+    "extensions": ["wg"]
+  },
+  "application/vnd.poc.group-advertisement+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.pocketlearn": {
+    "source": "iana",
+    "extensions": ["plf"]
+  },
+  "application/vnd.powerbuilder6": {
+    "source": "iana",
+    "extensions": ["pbd"]
+  },
+  "application/vnd.powerbuilder6-s": {
+    "source": "iana"
+  },
+  "application/vnd.powerbuilder7": {
+    "source": "iana"
+  },
+  "application/vnd.powerbuilder7-s": {
+    "source": "iana"
+  },
+  "application/vnd.powerbuilder75": {
+    "source": "iana"
+  },
+  "application/vnd.powerbuilder75-s": {
+    "source": "iana"
+  },
+  "application/vnd.preminet": {
+    "source": "iana"
+  },
+  "application/vnd.previewsystems.box": {
+    "source": "iana",
+    "extensions": ["box"]
+  },
+  "application/vnd.proteus.magazine": {
+    "source": "iana",
+    "extensions": ["mgz"]
+  },
+  "application/vnd.psfs": {
+    "source": "iana"
+  },
+  "application/vnd.publishare-delta-tree": {
+    "source": "iana",
+    "extensions": ["qps"]
+  },
+  "application/vnd.pvi.ptid1": {
+    "source": "iana",
+    "extensions": ["ptid"]
+  },
+  "application/vnd.pwg-multiplexed": {
+    "source": "iana"
+  },
+  "application/vnd.pwg-xhtml-print+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.qualcomm.brew-app-res": {
+    "source": "iana"
+  },
+  "application/vnd.quarantainenet": {
+    "source": "iana"
+  },
+  "application/vnd.quark.quarkxpress": {
+    "source": "iana",
+    "extensions": ["qxd","qxt","qwd","qwt","qxl","qxb"]
+  },
+  "application/vnd.quobject-quoxdocument": {
+    "source": "iana"
+  },
+  "application/vnd.radisys.moml+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.radisys.msml+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.radisys.msml-audit+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.radisys.msml-audit-conf+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.radisys.msml-audit-conn+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.radisys.msml-audit-dialog+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.radisys.msml-audit-stream+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.radisys.msml-conf+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.radisys.msml-dialog+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.radisys.msml-dialog-base+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.radisys.msml-dialog-fax-detect+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.radisys.msml-dialog-fax-sendrecv+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.radisys.msml-dialog-group+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.radisys.msml-dialog-speech+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.radisys.msml-dialog-transform+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.rainstor.data": {
+    "source": "iana"
+  },
+  "application/vnd.rapid": {
+    "source": "iana"
+  },
+  "application/vnd.rar": {
+    "source": "iana",
+    "extensions": ["rar"]
+  },
+  "application/vnd.realvnc.bed": {
+    "source": "iana",
+    "extensions": ["bed"]
+  },
+  "application/vnd.recordare.musicxml": {
+    "source": "iana",
+    "extensions": ["mxl"]
+  },
+  "application/vnd.recordare.musicxml+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["musicxml"]
+  },
+  "application/vnd.renlearn.rlprint": {
+    "source": "iana"
+  },
+  "application/vnd.resilient.logic": {
+    "source": "iana"
+  },
+  "application/vnd.restful+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.rig.cryptonote": {
+    "source": "iana",
+    "extensions": ["cryptonote"]
+  },
+  "application/vnd.rim.cod": {
+    "source": "apache",
+    "extensions": ["cod"]
+  },
+  "application/vnd.rn-realmedia": {
+    "source": "apache",
+    "extensions": ["rm"]
+  },
+  "application/vnd.rn-realmedia-vbr": {
+    "source": "apache",
+    "extensions": ["rmvb"]
+  },
+  "application/vnd.route66.link66+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["link66"]
+  },
+  "application/vnd.rs-274x": {
+    "source": "iana"
+  },
+  "application/vnd.ruckus.download": {
+    "source": "iana"
+  },
+  "application/vnd.s3sms": {
+    "source": "iana"
+  },
+  "application/vnd.sailingtracker.track": {
+    "source": "iana",
+    "extensions": ["st"]
+  },
+  "application/vnd.sar": {
+    "source": "iana"
+  },
+  "application/vnd.sbm.cid": {
+    "source": "iana"
+  },
+  "application/vnd.sbm.mid2": {
+    "source": "iana"
+  },
+  "application/vnd.scribus": {
+    "source": "iana"
+  },
+  "application/vnd.sealed.3df": {
+    "source": "iana"
+  },
+  "application/vnd.sealed.csf": {
+    "source": "iana"
+  },
+  "application/vnd.sealed.doc": {
+    "source": "iana"
+  },
+  "application/vnd.sealed.eml": {
+    "source": "iana"
+  },
+  "application/vnd.sealed.mht": {
+    "source": "iana"
+  },
+  "application/vnd.sealed.net": {
+    "source": "iana"
+  },
+  "application/vnd.sealed.ppt": {
+    "source": "iana"
+  },
+  "application/vnd.sealed.tiff": {
+    "source": "iana"
+  },
+  "application/vnd.sealed.xls": {
+    "source": "iana"
+  },
+  "application/vnd.sealedmedia.softseal.html": {
+    "source": "iana"
+  },
+  "application/vnd.sealedmedia.softseal.pdf": {
+    "source": "iana"
+  },
+  "application/vnd.seemail": {
+    "source": "iana",
+    "extensions": ["see"]
+  },
+  "application/vnd.seis+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.sema": {
+    "source": "iana",
+    "extensions": ["sema"]
+  },
+  "application/vnd.semd": {
+    "source": "iana",
+    "extensions": ["semd"]
+  },
+  "application/vnd.semf": {
+    "source": "iana",
+    "extensions": ["semf"]
+  },
+  "application/vnd.shade-save-file": {
+    "source": "iana"
+  },
+  "application/vnd.shana.informed.formdata": {
+    "source": "iana",
+    "extensions": ["ifm"]
+  },
+  "application/vnd.shana.informed.formtemplate": {
+    "source": "iana",
+    "extensions": ["itp"]
+  },
+  "application/vnd.shana.informed.interchange": {
+    "source": "iana",
+    "extensions": ["iif"]
+  },
+  "application/vnd.shana.informed.package": {
+    "source": "iana",
+    "extensions": ["ipk"]
+  },
+  "application/vnd.shootproof+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.shopkick+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.shp": {
+    "source": "iana"
+  },
+  "application/vnd.shx": {
+    "source": "iana"
+  },
+  "application/vnd.sigrok.session": {
+    "source": "iana"
+  },
+  "application/vnd.simtech-mindmapper": {
+    "source": "iana",
+    "extensions": ["twd","twds"]
+  },
+  "application/vnd.siren+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.smaf": {
+    "source": "iana",
+    "extensions": ["mmf"]
+  },
+  "application/vnd.smart.notebook": {
+    "source": "iana"
+  },
+  "application/vnd.smart.teacher": {
+    "source": "iana",
+    "extensions": ["teacher"]
+  },
+  "application/vnd.snesdev-page-table": {
+    "source": "iana"
+  },
+  "application/vnd.software602.filler.form+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["fo"]
+  },
+  "application/vnd.software602.filler.form-xml-zip": {
+    "source": "iana"
+  },
+  "application/vnd.solent.sdkm+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["sdkm","sdkd"]
+  },
+  "application/vnd.spotfire.dxp": {
+    "source": "iana",
+    "extensions": ["dxp"]
+  },
+  "application/vnd.spotfire.sfs": {
+    "source": "iana",
+    "extensions": ["sfs"]
+  },
+  "application/vnd.sqlite3": {
+    "source": "iana"
+  },
+  "application/vnd.sss-cod": {
+    "source": "iana"
+  },
+  "application/vnd.sss-dtf": {
+    "source": "iana"
+  },
+  "application/vnd.sss-ntf": {
+    "source": "iana"
+  },
+  "application/vnd.stardivision.calc": {
+    "source": "apache",
+    "extensions": ["sdc"]
+  },
+  "application/vnd.stardivision.draw": {
+    "source": "apache",
+    "extensions": ["sda"]
+  },
+  "application/vnd.stardivision.impress": {
+    "source": "apache",
+    "extensions": ["sdd"]
+  },
+  "application/vnd.stardivision.math": {
+    "source": "apache",
+    "extensions": ["smf"]
+  },
+  "application/vnd.stardivision.writer": {
+    "source": "apache",
+    "extensions": ["sdw","vor"]
+  },
+  "application/vnd.stardivision.writer-global": {
+    "source": "apache",
+    "extensions": ["sgl"]
+  },
+  "application/vnd.stepmania.package": {
+    "source": "iana",
+    "extensions": ["smzip"]
+  },
+  "application/vnd.stepmania.stepchart": {
+    "source": "iana",
+    "extensions": ["sm"]
+  },
+  "application/vnd.street-stream": {
+    "source": "iana"
+  },
+  "application/vnd.sun.wadl+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["wadl"]
+  },
+  "application/vnd.sun.xml.calc": {
+    "source": "apache",
+    "extensions": ["sxc"]
+  },
+  "application/vnd.sun.xml.calc.template": {
+    "source": "apache",
+    "extensions": ["stc"]
+  },
+  "application/vnd.sun.xml.draw": {
+    "source": "apache",
+    "extensions": ["sxd"]
+  },
+  "application/vnd.sun.xml.draw.template": {
+    "source": "apache",
+    "extensions": ["std"]
+  },
+  "application/vnd.sun.xml.impress": {
+    "source": "apache",
+    "extensions": ["sxi"]
+  },
+  "application/vnd.sun.xml.impress.template": {
+    "source": "apache",
+    "extensions": ["sti"]
+  },
+  "application/vnd.sun.xml.math": {
+    "source": "apache",
+    "extensions": ["sxm"]
+  },
+  "application/vnd.sun.xml.writer": {
+    "source": "apache",
+    "extensions": ["sxw"]
+  },
+  "application/vnd.sun.xml.writer.global": {
+    "source": "apache",
+    "extensions": ["sxg"]
+  },
+  "application/vnd.sun.xml.writer.template": {
+    "source": "apache",
+    "extensions": ["stw"]
+  },
+  "application/vnd.sus-calendar": {
+    "source": "iana",
+    "extensions": ["sus","susp"]
+  },
+  "application/vnd.svd": {
+    "source": "iana",
+    "extensions": ["svd"]
+  },
+  "application/vnd.swiftview-ics": {
+    "source": "iana"
+  },
+  "application/vnd.sycle+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.syft+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.symbian.install": {
+    "source": "apache",
+    "extensions": ["sis","sisx"]
+  },
+  "application/vnd.syncml+xml": {
+    "source": "iana",
+    "charset": "UTF-8",
+    "compressible": true,
+    "extensions": ["xsm"]
+  },
+  "application/vnd.syncml.dm+wbxml": {
+    "source": "iana",
+    "charset": "UTF-8",
+    "extensions": ["bdm"]
+  },
+  "application/vnd.syncml.dm+xml": {
+    "source": "iana",
+    "charset": "UTF-8",
+    "compressible": true,
+    "extensions": ["xdm"]
+  },
+  "application/vnd.syncml.dm.notification": {
+    "source": "iana"
+  },
+  "application/vnd.syncml.dmddf+wbxml": {
+    "source": "iana"
+  },
+  "application/vnd.syncml.dmddf+xml": {
+    "source": "iana",
+    "charset": "UTF-8",
+    "compressible": true,
+    "extensions": ["ddf"]
+  },
+  "application/vnd.syncml.dmtnds+wbxml": {
+    "source": "iana"
+  },
+  "application/vnd.syncml.dmtnds+xml": {
+    "source": "iana",
+    "charset": "UTF-8",
+    "compressible": true
+  },
+  "application/vnd.syncml.ds.notification": {
+    "source": "iana"
+  },
+  "application/vnd.tableschema+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.tao.intent-module-archive": {
+    "source": "iana",
+    "extensions": ["tao"]
+  },
+  "application/vnd.tcpdump.pcap": {
+    "source": "iana",
+    "extensions": ["pcap","cap","dmp"]
+  },
+  "application/vnd.think-cell.ppttc+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.tmd.mediaflex.api+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.tml": {
+    "source": "iana"
+  },
+  "application/vnd.tmobile-livetv": {
+    "source": "iana",
+    "extensions": ["tmo"]
+  },
+  "application/vnd.tri.onesource": {
+    "source": "iana"
+  },
+  "application/vnd.trid.tpt": {
+    "source": "iana",
+    "extensions": ["tpt"]
+  },
+  "application/vnd.triscape.mxs": {
+    "source": "iana",
+    "extensions": ["mxs"]
+  },
+  "application/vnd.trueapp": {
+    "source": "iana",
+    "extensions": ["tra"]
+  },
+  "application/vnd.truedoc": {
+    "source": "iana"
+  },
+  "application/vnd.ubisoft.webplayer": {
+    "source": "iana"
+  },
+  "application/vnd.ufdl": {
+    "source": "iana",
+    "extensions": ["ufd","ufdl"]
+  },
+  "application/vnd.uiq.theme": {
+    "source": "iana",
+    "extensions": ["utz"]
+  },
+  "application/vnd.umajin": {
+    "source": "iana",
+    "extensions": ["umj"]
+  },
+  "application/vnd.unity": {
+    "source": "iana",
+    "extensions": ["unityweb"]
+  },
+  "application/vnd.uoml+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["uoml"]
+  },
+  "application/vnd.uplanet.alert": {
+    "source": "iana"
+  },
+  "application/vnd.uplanet.alert-wbxml": {
+    "source": "iana"
+  },
+  "application/vnd.uplanet.bearer-choice": {
+    "source": "iana"
+  },
+  "application/vnd.uplanet.bearer-choice-wbxml": {
+    "source": "iana"
+  },
+  "application/vnd.uplanet.cacheop": {
+    "source": "iana"
+  },
+  "application/vnd.uplanet.cacheop-wbxml": {
+    "source": "iana"
+  },
+  "application/vnd.uplanet.channel": {
+    "source": "iana"
+  },
+  "application/vnd.uplanet.channel-wbxml": {
+    "source": "iana"
+  },
+  "application/vnd.uplanet.list": {
+    "source": "iana"
+  },
+  "application/vnd.uplanet.list-wbxml": {
+    "source": "iana"
+  },
+  "application/vnd.uplanet.listcmd": {
+    "source": "iana"
+  },
+  "application/vnd.uplanet.listcmd-wbxml": {
+    "source": "iana"
+  },
+  "application/vnd.uplanet.signal": {
+    "source": "iana"
+  },
+  "application/vnd.uri-map": {
+    "source": "iana"
+  },
+  "application/vnd.valve.source.material": {
+    "source": "iana"
+  },
+  "application/vnd.vcx": {
+    "source": "iana",
+    "extensions": ["vcx"]
+  },
+  "application/vnd.vd-study": {
+    "source": "iana"
+  },
+  "application/vnd.vectorworks": {
+    "source": "iana"
+  },
+  "application/vnd.vel+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.verimatrix.vcas": {
+    "source": "iana"
+  },
+  "application/vnd.veritone.aion+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.veryant.thin": {
+    "source": "iana"
+  },
+  "application/vnd.ves.encrypted": {
+    "source": "iana"
+  },
+  "application/vnd.vidsoft.vidconference": {
+    "source": "iana"
+  },
+  "application/vnd.visio": {
+    "source": "iana",
+    "extensions": ["vsd","vst","vss","vsw"]
+  },
+  "application/vnd.visionary": {
+    "source": "iana",
+    "extensions": ["vis"]
+  },
+  "application/vnd.vividence.scriptfile": {
+    "source": "iana"
+  },
+  "application/vnd.vsf": {
+    "source": "iana",
+    "extensions": ["vsf"]
+  },
+  "application/vnd.wap.sic": {
+    "source": "iana"
+  },
+  "application/vnd.wap.slc": {
+    "source": "iana"
+  },
+  "application/vnd.wap.wbxml": {
+    "source": "iana",
+    "charset": "UTF-8",
+    "extensions": ["wbxml"]
+  },
+  "application/vnd.wap.wmlc": {
+    "source": "iana",
+    "extensions": ["wmlc"]
+  },
+  "application/vnd.wap.wmlscriptc": {
+    "source": "iana",
+    "extensions": ["wmlsc"]
+  },
+  "application/vnd.webturbo": {
+    "source": "iana",
+    "extensions": ["wtb"]
+  },
+  "application/vnd.wfa.dpp": {
+    "source": "iana"
+  },
+  "application/vnd.wfa.p2p": {
+    "source": "iana"
+  },
+  "application/vnd.wfa.wsc": {
+    "source": "iana"
+  },
+  "application/vnd.windows.devicepairing": {
+    "source": "iana"
+  },
+  "application/vnd.wmc": {
+    "source": "iana"
+  },
+  "application/vnd.wmf.bootstrap": {
+    "source": "iana"
+  },
+  "application/vnd.wolfram.mathematica": {
+    "source": "iana"
+  },
+  "application/vnd.wolfram.mathematica.package": {
+    "source": "iana"
+  },
+  "application/vnd.wolfram.player": {
+    "source": "iana",
+    "extensions": ["nbp"]
+  },
+  "application/vnd.wordperfect": {
+    "source": "iana",
+    "extensions": ["wpd"]
+  },
+  "application/vnd.wqd": {
+    "source": "iana",
+    "extensions": ["wqd"]
+  },
+  "application/vnd.wrq-hp3000-labelled": {
+    "source": "iana"
+  },
+  "application/vnd.wt.stf": {
+    "source": "iana",
+    "extensions": ["stf"]
+  },
+  "application/vnd.wv.csp+wbxml": {
+    "source": "iana"
+  },
+  "application/vnd.wv.csp+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.wv.ssp+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.xacml+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.xara": {
+    "source": "iana",
+    "extensions": ["xar"]
+  },
+  "application/vnd.xfdl": {
+    "source": "iana",
+    "extensions": ["xfdl"]
+  },
+  "application/vnd.xfdl.webform": {
+    "source": "iana"
+  },
+  "application/vnd.xmi+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vnd.xmpie.cpkg": {
+    "source": "iana"
+  },
+  "application/vnd.xmpie.dpkg": {
+    "source": "iana"
+  },
+  "application/vnd.xmpie.plan": {
+    "source": "iana"
+  },
+  "application/vnd.xmpie.ppkg": {
+    "source": "iana"
+  },
+  "application/vnd.xmpie.xlim": {
+    "source": "iana"
+  },
+  "application/vnd.yamaha.hv-dic": {
+    "source": "iana",
+    "extensions": ["hvd"]
+  },
+  "application/vnd.yamaha.hv-script": {
+    "source": "iana",
+    "extensions": ["hvs"]
+  },
+  "application/vnd.yamaha.hv-voice": {
+    "source": "iana",
+    "extensions": ["hvp"]
+  },
+  "application/vnd.yamaha.openscoreformat": {
+    "source": "iana",
+    "extensions": ["osf"]
+  },
+  "application/vnd.yamaha.openscoreformat.osfpvg+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["osfpvg"]
+  },
+  "application/vnd.yamaha.remote-setup": {
+    "source": "iana"
+  },
+  "application/vnd.yamaha.smaf-audio": {
+    "source": "iana",
+    "extensions": ["saf"]
+  },
+  "application/vnd.yamaha.smaf-phrase": {
+    "source": "iana",
+    "extensions": ["spf"]
+  },
+  "application/vnd.yamaha.through-ngn": {
+    "source": "iana"
+  },
+  "application/vnd.yamaha.tunnel-udpencap": {
+    "source": "iana"
+  },
+  "application/vnd.yaoweme": {
+    "source": "iana"
+  },
+  "application/vnd.yellowriver-custom-menu": {
+    "source": "iana",
+    "extensions": ["cmp"]
+  },
+  "application/vnd.youtube.yt": {
+    "source": "iana"
+  },
+  "application/vnd.zul": {
+    "source": "iana",
+    "extensions": ["zir","zirz"]
+  },
+  "application/vnd.zzazz.deck+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["zaz"]
+  },
+  "application/voicexml+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["vxml"]
+  },
+  "application/voucher-cms+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/vq-rtcpxr": {
+    "source": "iana"
+  },
+  "application/wasm": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["wasm"]
+  },
+  "application/watcherinfo+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["wif"]
+  },
+  "application/webpush-options+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/whoispp-query": {
+    "source": "iana"
+  },
+  "application/whoispp-response": {
+    "source": "iana"
+  },
+  "application/widget": {
+    "source": "iana",
+    "extensions": ["wgt"]
+  },
+  "application/winhlp": {
+    "source": "apache",
+    "extensions": ["hlp"]
+  },
+  "application/wita": {
+    "source": "iana"
+  },
+  "application/wordperfect5.1": {
+    "source": "iana"
+  },
+  "application/wsdl+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["wsdl"]
+  },
+  "application/wspolicy+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["wspolicy"]
+  },
+  "application/x-7z-compressed": {
+    "source": "apache",
+    "compressible": false,
+    "extensions": ["7z"]
+  },
+  "application/x-abiword": {
+    "source": "apache",
+    "extensions": ["abw"]
+  },
+  "application/x-ace-compressed": {
+    "source": "apache",
+    "extensions": ["ace"]
+  },
+  "application/x-amf": {
+    "source": "apache"
+  },
+  "application/x-apple-diskimage": {
+    "source": "apache",
+    "extensions": ["dmg"]
+  },
+  "application/x-arj": {
+    "compressible": false,
+    "extensions": ["arj"]
+  },
+  "application/x-authorware-bin": {
+    "source": "apache",
+    "extensions": ["aab","x32","u32","vox"]
+  },
+  "application/x-authorware-map": {
+    "source": "apache",
+    "extensions": ["aam"]
+  },
+  "application/x-authorware-seg": {
+    "source": "apache",
+    "extensions": ["aas"]
+  },
+  "application/x-bcpio": {
+    "source": "apache",
+    "extensions": ["bcpio"]
+  },
+  "application/x-bdoc": {
+    "compressible": false,
+    "extensions": ["bdoc"]
+  },
+  "application/x-bittorrent": {
+    "source": "apache",
+    "extensions": ["torrent"]
+  },
+  "application/x-blorb": {
+    "source": "apache",
+    "extensions": ["blb","blorb"]
+  },
+  "application/x-bzip": {
+    "source": "apache",
+    "compressible": false,
+    "extensions": ["bz"]
+  },
+  "application/x-bzip2": {
+    "source": "apache",
+    "compressible": false,
+    "extensions": ["bz2","boz"]
+  },
+  "application/x-cbr": {
+    "source": "apache",
+    "extensions": ["cbr","cba","cbt","cbz","cb7"]
+  },
+  "application/x-cdlink": {
+    "source": "apache",
+    "extensions": ["vcd"]
+  },
+  "application/x-cfs-compressed": {
+    "source": "apache",
+    "extensions": ["cfs"]
+  },
+  "application/x-chat": {
+    "source": "apache",
+    "extensions": ["chat"]
+  },
+  "application/x-chess-pgn": {
+    "source": "apache",
+    "extensions": ["pgn"]
+  },
+  "application/x-chrome-extension": {
+    "extensions": ["crx"]
+  },
+  "application/x-cocoa": {
+    "source": "nginx",
+    "extensions": ["cco"]
+  },
+  "application/x-compress": {
+    "source": "apache"
+  },
+  "application/x-conference": {
+    "source": "apache",
+    "extensions": ["nsc"]
+  },
+  "application/x-cpio": {
+    "source": "apache",
+    "extensions": ["cpio"]
+  },
+  "application/x-csh": {
+    "source": "apache",
+    "extensions": ["csh"]
+  },
+  "application/x-deb": {
+    "compressible": false
+  },
+  "application/x-debian-package": {
+    "source": "apache",
+    "extensions": ["deb","udeb"]
+  },
+  "application/x-dgc-compressed": {
+    "source": "apache",
+    "extensions": ["dgc"]
+  },
+  "application/x-director": {
+    "source": "apache",
+    "extensions": ["dir","dcr","dxr","cst","cct","cxt","w3d","fgd","swa"]
+  },
+  "application/x-doom": {
+    "source": "apache",
+    "extensions": ["wad"]
+  },
+  "application/x-dtbncx+xml": {
+    "source": "apache",
+    "compressible": true,
+    "extensions": ["ncx"]
+  },
+  "application/x-dtbook+xml": {
+    "source": "apache",
+    "compressible": true,
+    "extensions": ["dtb"]
+  },
+  "application/x-dtbresource+xml": {
+    "source": "apache",
+    "compressible": true,
+    "extensions": ["res"]
+  },
+  "application/x-dvi": {
+    "source": "apache",
+    "compressible": false,
+    "extensions": ["dvi"]
+  },
+  "application/x-envoy": {
+    "source": "apache",
+    "extensions": ["evy"]
+  },
+  "application/x-eva": {
+    "source": "apache",
+    "extensions": ["eva"]
+  },
+  "application/x-font-bdf": {
+    "source": "apache",
+    "extensions": ["bdf"]
+  },
+  "application/x-font-dos": {
+    "source": "apache"
+  },
+  "application/x-font-framemaker": {
+    "source": "apache"
+  },
+  "application/x-font-ghostscript": {
+    "source": "apache",
+    "extensions": ["gsf"]
+  },
+  "application/x-font-libgrx": {
+    "source": "apache"
+  },
+  "application/x-font-linux-psf": {
+    "source": "apache",
+    "extensions": ["psf"]
+  },
+  "application/x-font-pcf": {
+    "source": "apache",
+    "extensions": ["pcf"]
+  },
+  "application/x-font-snf": {
+    "source": "apache",
+    "extensions": ["snf"]
+  },
+  "application/x-font-speedo": {
+    "source": "apache"
+  },
+  "application/x-font-sunos-news": {
+    "source": "apache"
+  },
+  "application/x-font-type1": {
+    "source": "apache",
+    "extensions": ["pfa","pfb","pfm","afm"]
+  },
+  "application/x-font-vfont": {
+    "source": "apache"
+  },
+  "application/x-freearc": {
+    "source": "apache",
+    "extensions": ["arc"]
+  },
+  "application/x-futuresplash": {
+    "source": "apache",
+    "extensions": ["spl"]
+  },
+  "application/x-gca-compressed": {
+    "source": "apache",
+    "extensions": ["gca"]
+  },
+  "application/x-glulx": {
+    "source": "apache",
+    "extensions": ["ulx"]
+  },
+  "application/x-gnumeric": {
+    "source": "apache",
+    "extensions": ["gnumeric"]
+  },
+  "application/x-gramps-xml": {
+    "source": "apache",
+    "extensions": ["gramps"]
+  },
+  "application/x-gtar": {
+    "source": "apache",
+    "extensions": ["gtar"]
+  },
+  "application/x-gzip": {
+    "source": "apache"
+  },
+  "application/x-hdf": {
+    "source": "apache",
+    "extensions": ["hdf"]
+  },
+  "application/x-httpd-php": {
+    "compressible": true,
+    "extensions": ["php"]
+  },
+  "application/x-install-instructions": {
+    "source": "apache",
+    "extensions": ["install"]
+  },
+  "application/x-iso9660-image": {
+    "source": "apache",
+    "extensions": ["iso"]
+  },
+  "application/x-iwork-keynote-sffkey": {
+    "extensions": ["key"]
+  },
+  "application/x-iwork-numbers-sffnumbers": {
+    "extensions": ["numbers"]
+  },
+  "application/x-iwork-pages-sffpages": {
+    "extensions": ["pages"]
+  },
+  "application/x-java-archive-diff": {
+    "source": "nginx",
+    "extensions": ["jardiff"]
+  },
+  "application/x-java-jnlp-file": {
+    "source": "apache",
+    "compressible": false,
+    "extensions": ["jnlp"]
+  },
+  "application/x-javascript": {
+    "compressible": true
+  },
+  "application/x-keepass2": {
+    "extensions": ["kdbx"]
+  },
+  "application/x-latex": {
+    "source": "apache",
+    "compressible": false,
+    "extensions": ["latex"]
+  },
+  "application/x-lua-bytecode": {
+    "extensions": ["luac"]
+  },
+  "application/x-lzh-compressed": {
+    "source": "apache",
+    "extensions": ["lzh","lha"]
+  },
+  "application/x-makeself": {
+    "source": "nginx",
+    "extensions": ["run"]
+  },
+  "application/x-mie": {
+    "source": "apache",
+    "extensions": ["mie"]
+  },
+  "application/x-mobipocket-ebook": {
+    "source": "apache",
+    "extensions": ["prc","mobi"]
+  },
+  "application/x-mpegurl": {
+    "compressible": false
+  },
+  "application/x-ms-application": {
+    "source": "apache",
+    "extensions": ["application"]
+  },
+  "application/x-ms-shortcut": {
+    "source": "apache",
+    "extensions": ["lnk"]
+  },
+  "application/x-ms-wmd": {
+    "source": "apache",
+    "extensions": ["wmd"]
+  },
+  "application/x-ms-wmz": {
+    "source": "apache",
+    "extensions": ["wmz"]
+  },
+  "application/x-ms-xbap": {
+    "source": "apache",
+    "extensions": ["xbap"]
+  },
+  "application/x-msaccess": {
+    "source": "apache",
+    "extensions": ["mdb"]
+  },
+  "application/x-msbinder": {
+    "source": "apache",
+    "extensions": ["obd"]
+  },
+  "application/x-mscardfile": {
+    "source": "apache",
+    "extensions": ["crd"]
+  },
+  "application/x-msclip": {
+    "source": "apache",
+    "extensions": ["clp"]
+  },
+  "application/x-msdos-program": {
+    "extensions": ["exe"]
+  },
+  "application/x-msdownload": {
+    "source": "apache",
+    "extensions": ["exe","dll","com","bat","msi"]
+  },
+  "application/x-msmediaview": {
+    "source": "apache",
+    "extensions": ["mvb","m13","m14"]
+  },
+  "application/x-msmetafile": {
+    "source": "apache",
+    "extensions": ["wmf","wmz","emf","emz"]
+  },
+  "application/x-msmoney": {
+    "source": "apache",
+    "extensions": ["mny"]
+  },
+  "application/x-mspublisher": {
+    "source": "apache",
+    "extensions": ["pub"]
+  },
+  "application/x-msschedule": {
+    "source": "apache",
+    "extensions": ["scd"]
+  },
+  "application/x-msterminal": {
+    "source": "apache",
+    "extensions": ["trm"]
+  },
+  "application/x-mswrite": {
+    "source": "apache",
+    "extensions": ["wri"]
+  },
+  "application/x-netcdf": {
+    "source": "apache",
+    "extensions": ["nc","cdf"]
+  },
+  "application/x-ns-proxy-autoconfig": {
+    "compressible": true,
+    "extensions": ["pac"]
+  },
+  "application/x-nzb": {
+    "source": "apache",
+    "extensions": ["nzb"]
+  },
+  "application/x-perl": {
+    "source": "nginx",
+    "extensions": ["pl","pm"]
+  },
+  "application/x-pilot": {
+    "source": "nginx",
+    "extensions": ["prc","pdb"]
+  },
+  "application/x-pkcs12": {
+    "source": "apache",
+    "compressible": false,
+    "extensions": ["p12","pfx"]
+  },
+  "application/x-pkcs7-certificates": {
+    "source": "apache",
+    "extensions": ["p7b","spc"]
+  },
+  "application/x-pkcs7-certreqresp": {
+    "source": "apache",
+    "extensions": ["p7r"]
+  },
+  "application/x-pki-message": {
+    "source": "iana"
+  },
+  "application/x-rar-compressed": {
+    "source": "apache",
+    "compressible": false,
+    "extensions": ["rar"]
+  },
+  "application/x-redhat-package-manager": {
+    "source": "nginx",
+    "extensions": ["rpm"]
+  },
+  "application/x-research-info-systems": {
+    "source": "apache",
+    "extensions": ["ris"]
+  },
+  "application/x-sea": {
+    "source": "nginx",
+    "extensions": ["sea"]
+  },
+  "application/x-sh": {
+    "source": "apache",
+    "compressible": true,
+    "extensions": ["sh"]
+  },
+  "application/x-shar": {
+    "source": "apache",
+    "extensions": ["shar"]
+  },
+  "application/x-shockwave-flash": {
+    "source": "apache",
+    "compressible": false,
+    "extensions": ["swf"]
+  },
+  "application/x-silverlight-app": {
+    "source": "apache",
+    "extensions": ["xap"]
+  },
+  "application/x-sql": {
+    "source": "apache",
+    "extensions": ["sql"]
+  },
+  "application/x-stuffit": {
+    "source": "apache",
+    "compressible": false,
+    "extensions": ["sit"]
+  },
+  "application/x-stuffitx": {
+    "source": "apache",
+    "extensions": ["sitx"]
+  },
+  "application/x-subrip": {
+    "source": "apache",
+    "extensions": ["srt"]
+  },
+  "application/x-sv4cpio": {
+    "source": "apache",
+    "extensions": ["sv4cpio"]
+  },
+  "application/x-sv4crc": {
+    "source": "apache",
+    "extensions": ["sv4crc"]
+  },
+  "application/x-t3vm-image": {
+    "source": "apache",
+    "extensions": ["t3"]
+  },
+  "application/x-tads": {
+    "source": "apache",
+    "extensions": ["gam"]
+  },
+  "application/x-tar": {
+    "source": "apache",
+    "compressible": true,
+    "extensions": ["tar"]
+  },
+  "application/x-tcl": {
+    "source": "apache",
+    "extensions": ["tcl","tk"]
+  },
+  "application/x-tex": {
+    "source": "apache",
+    "extensions": ["tex"]
+  },
+  "application/x-tex-tfm": {
+    "source": "apache",
+    "extensions": ["tfm"]
+  },
+  "application/x-texinfo": {
+    "source": "apache",
+    "extensions": ["texinfo","texi"]
+  },
+  "application/x-tgif": {
+    "source": "apache",
+    "extensions": ["obj"]
+  },
+  "application/x-ustar": {
+    "source": "apache",
+    "extensions": ["ustar"]
+  },
+  "application/x-virtualbox-hdd": {
+    "compressible": true,
+    "extensions": ["hdd"]
+  },
+  "application/x-virtualbox-ova": {
+    "compressible": true,
+    "extensions": ["ova"]
+  },
+  "application/x-virtualbox-ovf": {
+    "compressible": true,
+    "extensions": ["ovf"]
+  },
+  "application/x-virtualbox-vbox": {
+    "compressible": true,
+    "extensions": ["vbox"]
+  },
+  "application/x-virtualbox-vbox-extpack": {
+    "compressible": false,
+    "extensions": ["vbox-extpack"]
+  },
+  "application/x-virtualbox-vdi": {
+    "compressible": true,
+    "extensions": ["vdi"]
+  },
+  "application/x-virtualbox-vhd": {
+    "compressible": true,
+    "extensions": ["vhd"]
+  },
+  "application/x-virtualbox-vmdk": {
+    "compressible": true,
+    "extensions": ["vmdk"]
+  },
+  "application/x-wais-source": {
+    "source": "apache",
+    "extensions": ["src"]
+  },
+  "application/x-web-app-manifest+json": {
+    "compressible": true,
+    "extensions": ["webapp"]
+  },
+  "application/x-www-form-urlencoded": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/x-x509-ca-cert": {
+    "source": "iana",
+    "extensions": ["der","crt","pem"]
+  },
+  "application/x-x509-ca-ra-cert": {
+    "source": "iana"
+  },
+  "application/x-x509-next-ca-cert": {
+    "source": "iana"
+  },
+  "application/x-xfig": {
+    "source": "apache",
+    "extensions": ["fig"]
+  },
+  "application/x-xliff+xml": {
+    "source": "apache",
+    "compressible": true,
+    "extensions": ["xlf"]
+  },
+  "application/x-xpinstall": {
+    "source": "apache",
+    "compressible": false,
+    "extensions": ["xpi"]
+  },
+  "application/x-xz": {
+    "source": "apache",
+    "extensions": ["xz"]
+  },
+  "application/x-zmachine": {
+    "source": "apache",
+    "extensions": ["z1","z2","z3","z4","z5","z6","z7","z8"]
+  },
+  "application/x400-bp": {
+    "source": "iana"
+  },
+  "application/xacml+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/xaml+xml": {
+    "source": "apache",
+    "compressible": true,
+    "extensions": ["xaml"]
+  },
+  "application/xcap-att+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["xav"]
+  },
+  "application/xcap-caps+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["xca"]
+  },
+  "application/xcap-diff+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["xdf"]
+  },
+  "application/xcap-el+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["xel"]
+  },
+  "application/xcap-error+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/xcap-ns+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["xns"]
+  },
+  "application/xcon-conference-info+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/xcon-conference-info-diff+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/xenc+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["xenc"]
+  },
+  "application/xhtml+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["xhtml","xht"]
+  },
+  "application/xhtml-voice+xml": {
+    "source": "apache",
+    "compressible": true
+  },
+  "application/xliff+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["xlf"]
+  },
+  "application/xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["xml","xsl","xsd","rng"]
+  },
+  "application/xml-dtd": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["dtd"]
+  },
+  "application/xml-external-parsed-entity": {
+    "source": "iana"
+  },
+  "application/xml-patch+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/xmpp+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/xop+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["xop"]
+  },
+  "application/xproc+xml": {
+    "source": "apache",
+    "compressible": true,
+    "extensions": ["xpl"]
+  },
+  "application/xslt+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["xsl","xslt"]
+  },
+  "application/xspf+xml": {
+    "source": "apache",
+    "compressible": true,
+    "extensions": ["xspf"]
+  },
+  "application/xv+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["mxml","xhvml","xvml","xvm"]
+  },
+  "application/yang": {
+    "source": "iana",
+    "extensions": ["yang"]
+  },
+  "application/yang-data+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/yang-data+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/yang-patch+json": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/yang-patch+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "application/yin+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["yin"]
+  },
+  "application/zip": {
+    "source": "iana",
+    "compressible": false,
+    "extensions": ["zip"]
+  },
+  "application/zlib": {
+    "source": "iana"
+  },
+  "application/zstd": {
+    "source": "iana"
+  },
+  "audio/1d-interleaved-parityfec": {
+    "source": "iana"
+  },
+  "audio/32kadpcm": {
+    "source": "iana"
+  },
+  "audio/3gpp": {
+    "source": "iana",
+    "compressible": false,
+    "extensions": ["3gpp"]
+  },
+  "audio/3gpp2": {
+    "source": "iana"
+  },
+  "audio/aac": {
+    "source": "iana"
+  },
+  "audio/ac3": {
+    "source": "iana"
+  },
+  "audio/adpcm": {
+    "source": "apache",
+    "extensions": ["adp"]
+  },
+  "audio/amr": {
+    "source": "iana",
+    "extensions": ["amr"]
+  },
+  "audio/amr-wb": {
+    "source": "iana"
+  },
+  "audio/amr-wb+": {
+    "source": "iana"
+  },
+  "audio/aptx": {
+    "source": "iana"
+  },
+  "audio/asc": {
+    "source": "iana"
+  },
+  "audio/atrac-advanced-lossless": {
+    "source": "iana"
+  },
+  "audio/atrac-x": {
+    "source": "iana"
+  },
+  "audio/atrac3": {
+    "source": "iana"
+  },
+  "audio/basic": {
+    "source": "iana",
+    "compressible": false,
+    "extensions": ["au","snd"]
+  },
+  "audio/bv16": {
+    "source": "iana"
+  },
+  "audio/bv32": {
+    "source": "iana"
+  },
+  "audio/clearmode": {
+    "source": "iana"
+  },
+  "audio/cn": {
+    "source": "iana"
+  },
+  "audio/dat12": {
+    "source": "iana"
+  },
+  "audio/dls": {
+    "source": "iana"
+  },
+  "audio/dsr-es201108": {
+    "source": "iana"
+  },
+  "audio/dsr-es202050": {
+    "source": "iana"
+  },
+  "audio/dsr-es202211": {
+    "source": "iana"
+  },
+  "audio/dsr-es202212": {
+    "source": "iana"
+  },
+  "audio/dv": {
+    "source": "iana"
+  },
+  "audio/dvi4": {
+    "source": "iana"
+  },
+  "audio/eac3": {
+    "source": "iana"
+  },
+  "audio/encaprtp": {
+    "source": "iana"
+  },
+  "audio/evrc": {
+    "source": "iana"
+  },
+  "audio/evrc-qcp": {
+    "source": "iana"
+  },
+  "audio/evrc0": {
+    "source": "iana"
+  },
+  "audio/evrc1": {
+    "source": "iana"
+  },
+  "audio/evrcb": {
+    "source": "iana"
+  },
+  "audio/evrcb0": {
+    "source": "iana"
+  },
+  "audio/evrcb1": {
+    "source": "iana"
+  },
+  "audio/evrcnw": {
+    "source": "iana"
+  },
+  "audio/evrcnw0": {
+    "source": "iana"
+  },
+  "audio/evrcnw1": {
+    "source": "iana"
+  },
+  "audio/evrcwb": {
+    "source": "iana"
+  },
+  "audio/evrcwb0": {
+    "source": "iana"
+  },
+  "audio/evrcwb1": {
+    "source": "iana"
+  },
+  "audio/evs": {
+    "source": "iana"
+  },
+  "audio/flexfec": {
+    "source": "iana"
+  },
+  "audio/fwdred": {
+    "source": "iana"
+  },
+  "audio/g711-0": {
+    "source": "iana"
+  },
+  "audio/g719": {
+    "source": "iana"
+  },
+  "audio/g722": {
+    "source": "iana"
+  },
+  "audio/g7221": {
+    "source": "iana"
+  },
+  "audio/g723": {
+    "source": "iana"
+  },
+  "audio/g726-16": {
+    "source": "iana"
+  },
+  "audio/g726-24": {
+    "source": "iana"
+  },
+  "audio/g726-32": {
+    "source": "iana"
+  },
+  "audio/g726-40": {
+    "source": "iana"
+  },
+  "audio/g728": {
+    "source": "iana"
+  },
+  "audio/g729": {
+    "source": "iana"
+  },
+  "audio/g7291": {
+    "source": "iana"
+  },
+  "audio/g729d": {
+    "source": "iana"
+  },
+  "audio/g729e": {
+    "source": "iana"
+  },
+  "audio/gsm": {
+    "source": "iana"
+  },
+  "audio/gsm-efr": {
+    "source": "iana"
+  },
+  "audio/gsm-hr-08": {
+    "source": "iana"
+  },
+  "audio/ilbc": {
+    "source": "iana"
+  },
+  "audio/ip-mr_v2.5": {
+    "source": "iana"
+  },
+  "audio/isac": {
+    "source": "apache"
+  },
+  "audio/l16": {
+    "source": "iana"
+  },
+  "audio/l20": {
+    "source": "iana"
+  },
+  "audio/l24": {
+    "source": "iana",
+    "compressible": false
+  },
+  "audio/l8": {
+    "source": "iana"
+  },
+  "audio/lpc": {
+    "source": "iana"
+  },
+  "audio/melp": {
+    "source": "iana"
+  },
+  "audio/melp1200": {
+    "source": "iana"
+  },
+  "audio/melp2400": {
+    "source": "iana"
+  },
+  "audio/melp600": {
+    "source": "iana"
+  },
+  "audio/mhas": {
+    "source": "iana"
+  },
+  "audio/midi": {
+    "source": "apache",
+    "extensions": ["mid","midi","kar","rmi"]
+  },
+  "audio/mobile-xmf": {
+    "source": "iana",
+    "extensions": ["mxmf"]
+  },
+  "audio/mp3": {
+    "compressible": false,
+    "extensions": ["mp3"]
+  },
+  "audio/mp4": {
+    "source": "iana",
+    "compressible": false,
+    "extensions": ["m4a","mp4a"]
+  },
+  "audio/mp4a-latm": {
+    "source": "iana"
+  },
+  "audio/mpa": {
+    "source": "iana"
+  },
+  "audio/mpa-robust": {
+    "source": "iana"
+  },
+  "audio/mpeg": {
+    "source": "iana",
+    "compressible": false,
+    "extensions": ["mpga","mp2","mp2a","mp3","m2a","m3a"]
+  },
+  "audio/mpeg4-generic": {
+    "source": "iana"
+  },
+  "audio/musepack": {
+    "source": "apache"
+  },
+  "audio/ogg": {
+    "source": "iana",
+    "compressible": false,
+    "extensions": ["oga","ogg","spx","opus"]
+  },
+  "audio/opus": {
+    "source": "iana"
+  },
+  "audio/parityfec": {
+    "source": "iana"
+  },
+  "audio/pcma": {
+    "source": "iana"
+  },
+  "audio/pcma-wb": {
+    "source": "iana"
+  },
+  "audio/pcmu": {
+    "source": "iana"
+  },
+  "audio/pcmu-wb": {
+    "source": "iana"
+  },
+  "audio/prs.sid": {
+    "source": "iana"
+  },
+  "audio/qcelp": {
+    "source": "iana"
+  },
+  "audio/raptorfec": {
+    "source": "iana"
+  },
+  "audio/red": {
+    "source": "iana"
+  },
+  "audio/rtp-enc-aescm128": {
+    "source": "iana"
+  },
+  "audio/rtp-midi": {
+    "source": "iana"
+  },
+  "audio/rtploopback": {
+    "source": "iana"
+  },
+  "audio/rtx": {
+    "source": "iana"
+  },
+  "audio/s3m": {
+    "source": "apache",
+    "extensions": ["s3m"]
+  },
+  "audio/scip": {
+    "source": "iana"
+  },
+  "audio/silk": {
+    "source": "apache",
+    "extensions": ["sil"]
+  },
+  "audio/smv": {
+    "source": "iana"
+  },
+  "audio/smv-qcp": {
+    "source": "iana"
+  },
+  "audio/smv0": {
+    "source": "iana"
+  },
+  "audio/sofa": {
+    "source": "iana"
+  },
+  "audio/sp-midi": {
+    "source": "iana"
+  },
+  "audio/speex": {
+    "source": "iana"
+  },
+  "audio/t140c": {
+    "source": "iana"
+  },
+  "audio/t38": {
+    "source": "iana"
+  },
+  "audio/telephone-event": {
+    "source": "iana"
+  },
+  "audio/tetra_acelp": {
+    "source": "iana"
+  },
+  "audio/tetra_acelp_bb": {
+    "source": "iana"
+  },
+  "audio/tone": {
+    "source": "iana"
+  },
+  "audio/tsvcis": {
+    "source": "iana"
+  },
+  "audio/uemclip": {
+    "source": "iana"
+  },
+  "audio/ulpfec": {
+    "source": "iana"
+  },
+  "audio/usac": {
+    "source": "iana"
+  },
+  "audio/vdvi": {
+    "source": "iana"
+  },
+  "audio/vmr-wb": {
+    "source": "iana"
+  },
+  "audio/vnd.3gpp.iufp": {
+    "source": "iana"
+  },
+  "audio/vnd.4sb": {
+    "source": "iana"
+  },
+  "audio/vnd.audiokoz": {
+    "source": "iana"
+  },
+  "audio/vnd.celp": {
+    "source": "iana"
+  },
+  "audio/vnd.cisco.nse": {
+    "source": "iana"
+  },
+  "audio/vnd.cmles.radio-events": {
+    "source": "iana"
+  },
+  "audio/vnd.cns.anp1": {
+    "source": "iana"
+  },
+  "audio/vnd.cns.inf1": {
+    "source": "iana"
+  },
+  "audio/vnd.dece.audio": {
+    "source": "iana",
+    "extensions": ["uva","uvva"]
+  },
+  "audio/vnd.digital-winds": {
+    "source": "iana",
+    "extensions": ["eol"]
+  },
+  "audio/vnd.dlna.adts": {
+    "source": "iana"
+  },
+  "audio/vnd.dolby.heaac.1": {
+    "source": "iana"
+  },
+  "audio/vnd.dolby.heaac.2": {
+    "source": "iana"
+  },
+  "audio/vnd.dolby.mlp": {
+    "source": "iana"
+  },
+  "audio/vnd.dolby.mps": {
+    "source": "iana"
+  },
+  "audio/vnd.dolby.pl2": {
+    "source": "iana"
+  },
+  "audio/vnd.dolby.pl2x": {
+    "source": "iana"
+  },
+  "audio/vnd.dolby.pl2z": {
+    "source": "iana"
+  },
+  "audio/vnd.dolby.pulse.1": {
+    "source": "iana"
+  },
+  "audio/vnd.dra": {
+    "source": "iana",
+    "extensions": ["dra"]
+  },
+  "audio/vnd.dts": {
+    "source": "iana",
+    "extensions": ["dts"]
+  },
+  "audio/vnd.dts.hd": {
+    "source": "iana",
+    "extensions": ["dtshd"]
+  },
+  "audio/vnd.dts.uhd": {
+    "source": "iana"
+  },
+  "audio/vnd.dvb.file": {
+    "source": "iana"
+  },
+  "audio/vnd.everad.plj": {
+    "source": "iana"
+  },
+  "audio/vnd.hns.audio": {
+    "source": "iana"
+  },
+  "audio/vnd.lucent.voice": {
+    "source": "iana",
+    "extensions": ["lvp"]
+  },
+  "audio/vnd.ms-playready.media.pya": {
+    "source": "iana",
+    "extensions": ["pya"]
+  },
+  "audio/vnd.nokia.mobile-xmf": {
+    "source": "iana"
+  },
+  "audio/vnd.nortel.vbk": {
+    "source": "iana"
+  },
+  "audio/vnd.nuera.ecelp4800": {
+    "source": "iana",
+    "extensions": ["ecelp4800"]
+  },
+  "audio/vnd.nuera.ecelp7470": {
+    "source": "iana",
+    "extensions": ["ecelp7470"]
+  },
+  "audio/vnd.nuera.ecelp9600": {
+    "source": "iana",
+    "extensions": ["ecelp9600"]
+  },
+  "audio/vnd.octel.sbc": {
+    "source": "iana"
+  },
+  "audio/vnd.presonus.multitrack": {
+    "source": "iana"
+  },
+  "audio/vnd.qcelp": {
+    "source": "iana"
+  },
+  "audio/vnd.rhetorex.32kadpcm": {
+    "source": "iana"
+  },
+  "audio/vnd.rip": {
+    "source": "iana",
+    "extensions": ["rip"]
+  },
+  "audio/vnd.rn-realaudio": {
+    "compressible": false
+  },
+  "audio/vnd.sealedmedia.softseal.mpeg": {
+    "source": "iana"
+  },
+  "audio/vnd.vmx.cvsd": {
+    "source": "iana"
+  },
+  "audio/vnd.wave": {
+    "compressible": false
+  },
+  "audio/vorbis": {
+    "source": "iana",
+    "compressible": false
+  },
+  "audio/vorbis-config": {
+    "source": "iana"
+  },
+  "audio/wav": {
+    "compressible": false,
+    "extensions": ["wav"]
+  },
+  "audio/wave": {
+    "compressible": false,
+    "extensions": ["wav"]
+  },
+  "audio/webm": {
+    "source": "apache",
+    "compressible": false,
+    "extensions": ["weba"]
+  },
+  "audio/x-aac": {
+    "source": "apache",
+    "compressible": false,
+    "extensions": ["aac"]
+  },
+  "audio/x-aiff": {
+    "source": "apache",
+    "extensions": ["aif","aiff","aifc"]
+  },
+  "audio/x-caf": {
+    "source": "apache",
+    "compressible": false,
+    "extensions": ["caf"]
+  },
+  "audio/x-flac": {
+    "source": "apache",
+    "extensions": ["flac"]
+  },
+  "audio/x-m4a": {
+    "source": "nginx",
+    "extensions": ["m4a"]
+  },
+  "audio/x-matroska": {
+    "source": "apache",
+    "extensions": ["mka"]
+  },
+  "audio/x-mpegurl": {
+    "source": "apache",
+    "extensions": ["m3u"]
+  },
+  "audio/x-ms-wax": {
+    "source": "apache",
+    "extensions": ["wax"]
+  },
+  "audio/x-ms-wma": {
+    "source": "apache",
+    "extensions": ["wma"]
+  },
+  "audio/x-pn-realaudio": {
+    "source": "apache",
+    "extensions": ["ram","ra"]
+  },
+  "audio/x-pn-realaudio-plugin": {
+    "source": "apache",
+    "extensions": ["rmp"]
+  },
+  "audio/x-realaudio": {
+    "source": "nginx",
+    "extensions": ["ra"]
+  },
+  "audio/x-tta": {
+    "source": "apache"
+  },
+  "audio/x-wav": {
+    "source": "apache",
+    "extensions": ["wav"]
+  },
+  "audio/xm": {
+    "source": "apache",
+    "extensions": ["xm"]
+  },
+  "chemical/x-cdx": {
+    "source": "apache",
+    "extensions": ["cdx"]
+  },
+  "chemical/x-cif": {
+    "source": "apache",
+    "extensions": ["cif"]
+  },
+  "chemical/x-cmdf": {
+    "source": "apache",
+    "extensions": ["cmdf"]
+  },
+  "chemical/x-cml": {
+    "source": "apache",
+    "extensions": ["cml"]
+  },
+  "chemical/x-csml": {
+    "source": "apache",
+    "extensions": ["csml"]
+  },
+  "chemical/x-pdb": {
+    "source": "apache"
+  },
+  "chemical/x-xyz": {
+    "source": "apache",
+    "extensions": ["xyz"]
+  },
+  "font/collection": {
+    "source": "iana",
+    "extensions": ["ttc"]
+  },
+  "font/otf": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["otf"]
+  },
+  "font/sfnt": {
+    "source": "iana"
+  },
+  "font/ttf": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["ttf"]
+  },
+  "font/woff": {
+    "source": "iana",
+    "extensions": ["woff"]
+  },
+  "font/woff2": {
+    "source": "iana",
+    "extensions": ["woff2"]
+  },
+  "image/aces": {
+    "source": "iana",
+    "extensions": ["exr"]
+  },
+  "image/apng": {
+    "compressible": false,
+    "extensions": ["apng"]
+  },
+  "image/avci": {
+    "source": "iana",
+    "extensions": ["avci"]
+  },
+  "image/avcs": {
+    "source": "iana",
+    "extensions": ["avcs"]
+  },
+  "image/avif": {
+    "source": "iana",
+    "compressible": false,
+    "extensions": ["avif"]
+  },
+  "image/bmp": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["bmp"]
+  },
+  "image/cgm": {
+    "source": "iana",
+    "extensions": ["cgm"]
+  },
+  "image/dicom-rle": {
+    "source": "iana",
+    "extensions": ["drle"]
+  },
+  "image/emf": {
+    "source": "iana",
+    "extensions": ["emf"]
+  },
+  "image/fits": {
+    "source": "iana",
+    "extensions": ["fits"]
+  },
+  "image/g3fax": {
+    "source": "iana",
+    "extensions": ["g3"]
+  },
+  "image/gif": {
+    "source": "iana",
+    "compressible": false,
+    "extensions": ["gif"]
+  },
+  "image/heic": {
+    "source": "iana",
+    "extensions": ["heic"]
+  },
+  "image/heic-sequence": {
+    "source": "iana",
+    "extensions": ["heics"]
+  },
+  "image/heif": {
+    "source": "iana",
+    "extensions": ["heif"]
+  },
+  "image/heif-sequence": {
+    "source": "iana",
+    "extensions": ["heifs"]
+  },
+  "image/hej2k": {
+    "source": "iana",
+    "extensions": ["hej2"]
+  },
+  "image/hsj2": {
+    "source": "iana",
+    "extensions": ["hsj2"]
+  },
+  "image/ief": {
+    "source": "iana",
+    "extensions": ["ief"]
+  },
+  "image/jls": {
+    "source": "iana",
+    "extensions": ["jls"]
+  },
+  "image/jp2": {
+    "source": "iana",
+    "compressible": false,
+    "extensions": ["jp2","jpg2"]
+  },
+  "image/jpeg": {
+    "source": "iana",
+    "compressible": false,
+    "extensions": ["jpeg","jpg","jpe"]
+  },
+  "image/jph": {
+    "source": "iana",
+    "extensions": ["jph"]
+  },
+  "image/jphc": {
+    "source": "iana",
+    "extensions": ["jhc"]
+  },
+  "image/jpm": {
+    "source": "iana",
+    "compressible": false,
+    "extensions": ["jpm"]
+  },
+  "image/jpx": {
+    "source": "iana",
+    "compressible": false,
+    "extensions": ["jpx","jpf"]
+  },
+  "image/jxr": {
+    "source": "iana",
+    "extensions": ["jxr"]
+  },
+  "image/jxra": {
+    "source": "iana",
+    "extensions": ["jxra"]
+  },
+  "image/jxrs": {
+    "source": "iana",
+    "extensions": ["jxrs"]
+  },
+  "image/jxs": {
+    "source": "iana",
+    "extensions": ["jxs"]
+  },
+  "image/jxsc": {
+    "source": "iana",
+    "extensions": ["jxsc"]
+  },
+  "image/jxsi": {
+    "source": "iana",
+    "extensions": ["jxsi"]
+  },
+  "image/jxss": {
+    "source": "iana",
+    "extensions": ["jxss"]
+  },
+  "image/ktx": {
+    "source": "iana",
+    "extensions": ["ktx"]
+  },
+  "image/ktx2": {
+    "source": "iana",
+    "extensions": ["ktx2"]
+  },
+  "image/naplps": {
+    "source": "iana"
+  },
+  "image/pjpeg": {
+    "compressible": false
+  },
+  "image/png": {
+    "source": "iana",
+    "compressible": false,
+    "extensions": ["png"]
+  },
+  "image/prs.btif": {
+    "source": "iana",
+    "extensions": ["btif"]
+  },
+  "image/prs.pti": {
+    "source": "iana",
+    "extensions": ["pti"]
+  },
+  "image/pwg-raster": {
+    "source": "iana"
+  },
+  "image/sgi": {
+    "source": "apache",
+    "extensions": ["sgi"]
+  },
+  "image/svg+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["svg","svgz"]
+  },
+  "image/t38": {
+    "source": "iana",
+    "extensions": ["t38"]
+  },
+  "image/tiff": {
+    "source": "iana",
+    "compressible": false,
+    "extensions": ["tif","tiff"]
+  },
+  "image/tiff-fx": {
+    "source": "iana",
+    "extensions": ["tfx"]
+  },
+  "image/vnd.adobe.photoshop": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["psd"]
+  },
+  "image/vnd.airzip.accelerator.azv": {
+    "source": "iana",
+    "extensions": ["azv"]
+  },
+  "image/vnd.cns.inf2": {
+    "source": "iana"
+  },
+  "image/vnd.dece.graphic": {
+    "source": "iana",
+    "extensions": ["uvi","uvvi","uvg","uvvg"]
+  },
+  "image/vnd.djvu": {
+    "source": "iana",
+    "extensions": ["djvu","djv"]
+  },
+  "image/vnd.dvb.subtitle": {
+    "source": "iana",
+    "extensions": ["sub"]
+  },
+  "image/vnd.dwg": {
+    "source": "iana",
+    "extensions": ["dwg"]
+  },
+  "image/vnd.dxf": {
+    "source": "iana",
+    "extensions": ["dxf"]
+  },
+  "image/vnd.fastbidsheet": {
+    "source": "iana",
+    "extensions": ["fbs"]
+  },
+  "image/vnd.fpx": {
+    "source": "iana",
+    "extensions": ["fpx"]
+  },
+  "image/vnd.fst": {
+    "source": "iana",
+    "extensions": ["fst"]
+  },
+  "image/vnd.fujixerox.edmics-mmr": {
+    "source": "iana",
+    "extensions": ["mmr"]
+  },
+  "image/vnd.fujixerox.edmics-rlc": {
+    "source": "iana",
+    "extensions": ["rlc"]
+  },
+  "image/vnd.globalgraphics.pgb": {
+    "source": "iana"
+  },
+  "image/vnd.microsoft.icon": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["ico"]
+  },
+  "image/vnd.mix": {
+    "source": "iana"
+  },
+  "image/vnd.mozilla.apng": {
+    "source": "iana"
+  },
+  "image/vnd.ms-dds": {
+    "compressible": true,
+    "extensions": ["dds"]
+  },
+  "image/vnd.ms-modi": {
+    "source": "iana",
+    "extensions": ["mdi"]
+  },
+  "image/vnd.ms-photo": {
+    "source": "apache",
+    "extensions": ["wdp"]
+  },
+  "image/vnd.net-fpx": {
+    "source": "iana",
+    "extensions": ["npx"]
+  },
+  "image/vnd.pco.b16": {
+    "source": "iana",
+    "extensions": ["b16"]
+  },
+  "image/vnd.radiance": {
+    "source": "iana"
+  },
+  "image/vnd.sealed.png": {
+    "source": "iana"
+  },
+  "image/vnd.sealedmedia.softseal.gif": {
+    "source": "iana"
+  },
+  "image/vnd.sealedmedia.softseal.jpg": {
+    "source": "iana"
+  },
+  "image/vnd.svf": {
+    "source": "iana"
+  },
+  "image/vnd.tencent.tap": {
+    "source": "iana",
+    "extensions": ["tap"]
+  },
+  "image/vnd.valve.source.texture": {
+    "source": "iana",
+    "extensions": ["vtf"]
+  },
+  "image/vnd.wap.wbmp": {
+    "source": "iana",
+    "extensions": ["wbmp"]
+  },
+  "image/vnd.xiff": {
+    "source": "iana",
+    "extensions": ["xif"]
+  },
+  "image/vnd.zbrush.pcx": {
+    "source": "iana",
+    "extensions": ["pcx"]
+  },
+  "image/webp": {
+    "source": "apache",
+    "extensions": ["webp"]
+  },
+  "image/wmf": {
+    "source": "iana",
+    "extensions": ["wmf"]
+  },
+  "image/x-3ds": {
+    "source": "apache",
+    "extensions": ["3ds"]
+  },
+  "image/x-cmu-raster": {
+    "source": "apache",
+    "extensions": ["ras"]
+  },
+  "image/x-cmx": {
+    "source": "apache",
+    "extensions": ["cmx"]
+  },
+  "image/x-freehand": {
+    "source": "apache",
+    "extensions": ["fh","fhc","fh4","fh5","fh7"]
+  },
+  "image/x-icon": {
+    "source": "apache",
+    "compressible": true,
+    "extensions": ["ico"]
+  },
+  "image/x-jng": {
+    "source": "nginx",
+    "extensions": ["jng"]
+  },
+  "image/x-mrsid-image": {
+    "source": "apache",
+    "extensions": ["sid"]
+  },
+  "image/x-ms-bmp": {
+    "source": "nginx",
+    "compressible": true,
+    "extensions": ["bmp"]
+  },
+  "image/x-pcx": {
+    "source": "apache",
+    "extensions": ["pcx"]
+  },
+  "image/x-pict": {
+    "source": "apache",
+    "extensions": ["pic","pct"]
+  },
+  "image/x-portable-anymap": {
+    "source": "apache",
+    "extensions": ["pnm"]
+  },
+  "image/x-portable-bitmap": {
+    "source": "apache",
+    "extensions": ["pbm"]
+  },
+  "image/x-portable-graymap": {
+    "source": "apache",
+    "extensions": ["pgm"]
+  },
+  "image/x-portable-pixmap": {
+    "source": "apache",
+    "extensions": ["ppm"]
+  },
+  "image/x-rgb": {
+    "source": "apache",
+    "extensions": ["rgb"]
+  },
+  "image/x-tga": {
+    "source": "apache",
+    "extensions": ["tga"]
+  },
+  "image/x-xbitmap": {
+    "source": "apache",
+    "extensions": ["xbm"]
+  },
+  "image/x-xcf": {
+    "compressible": false
+  },
+  "image/x-xpixmap": {
+    "source": "apache",
+    "extensions": ["xpm"]
+  },
+  "image/x-xwindowdump": {
+    "source": "apache",
+    "extensions": ["xwd"]
+  },
+  "message/cpim": {
+    "source": "iana"
+  },
+  "message/delivery-status": {
+    "source": "iana"
+  },
+  "message/disposition-notification": {
+    "source": "iana",
+    "extensions": [
+      "disposition-notification"
+    ]
+  },
+  "message/external-body": {
+    "source": "iana"
+  },
+  "message/feedback-report": {
+    "source": "iana"
+  },
+  "message/global": {
+    "source": "iana",
+    "extensions": ["u8msg"]
+  },
+  "message/global-delivery-status": {
+    "source": "iana",
+    "extensions": ["u8dsn"]
+  },
+  "message/global-disposition-notification": {
+    "source": "iana",
+    "extensions": ["u8mdn"]
+  },
+  "message/global-headers": {
+    "source": "iana",
+    "extensions": ["u8hdr"]
+  },
+  "message/http": {
+    "source": "iana",
+    "compressible": false
+  },
+  "message/imdn+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "message/news": {
+    "source": "iana"
+  },
+  "message/partial": {
+    "source": "iana",
+    "compressible": false
+  },
+  "message/rfc822": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["eml","mime"]
+  },
+  "message/s-http": {
+    "source": "iana"
+  },
+  "message/sip": {
+    "source": "iana"
+  },
+  "message/sipfrag": {
+    "source": "iana"
+  },
+  "message/tracking-status": {
+    "source": "iana"
+  },
+  "message/vnd.si.simp": {
+    "source": "iana"
+  },
+  "message/vnd.wfa.wsc": {
+    "source": "iana",
+    "extensions": ["wsc"]
+  },
+  "model/3mf": {
+    "source": "iana",
+    "extensions": ["3mf"]
+  },
+  "model/e57": {
+    "source": "iana"
+  },
+  "model/gltf+json": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["gltf"]
+  },
+  "model/gltf-binary": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["glb"]
+  },
+  "model/iges": {
+    "source": "iana",
+    "compressible": false,
+    "extensions": ["igs","iges"]
+  },
+  "model/mesh": {
+    "source": "iana",
+    "compressible": false,
+    "extensions": ["msh","mesh","silo"]
+  },
+  "model/mtl": {
+    "source": "iana",
+    "extensions": ["mtl"]
+  },
+  "model/obj": {
+    "source": "iana",
+    "extensions": ["obj"]
+  },
+  "model/step": {
+    "source": "iana"
+  },
+  "model/step+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["stpx"]
+  },
+  "model/step+zip": {
+    "source": "iana",
+    "compressible": false,
+    "extensions": ["stpz"]
+  },
+  "model/step-xml+zip": {
+    "source": "iana",
+    "compressible": false,
+    "extensions": ["stpxz"]
+  },
+  "model/stl": {
+    "source": "iana",
+    "extensions": ["stl"]
+  },
+  "model/vnd.collada+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["dae"]
+  },
+  "model/vnd.dwf": {
+    "source": "iana",
+    "extensions": ["dwf"]
+  },
+  "model/vnd.flatland.3dml": {
+    "source": "iana"
+  },
+  "model/vnd.gdl": {
+    "source": "iana",
+    "extensions": ["gdl"]
+  },
+  "model/vnd.gs-gdl": {
+    "source": "apache"
+  },
+  "model/vnd.gs.gdl": {
+    "source": "iana"
+  },
+  "model/vnd.gtw": {
+    "source": "iana",
+    "extensions": ["gtw"]
+  },
+  "model/vnd.moml+xml": {
+    "source": "iana",
+    "compressible": true
+  },
+  "model/vnd.mts": {
+    "source": "iana",
+    "extensions": ["mts"]
+  },
+  "model/vnd.opengex": {
+    "source": "iana",
+    "extensions": ["ogex"]
+  },
+  "model/vnd.parasolid.transmit.binary": {
+    "source": "iana",
+    "extensions": ["x_b"]
+  },
+  "model/vnd.parasolid.transmit.text": {
+    "source": "iana",
+    "extensions": ["x_t"]
+  },
+  "model/vnd.pytha.pyox": {
+    "source": "iana"
+  },
+  "model/vnd.rosette.annotated-data-model": {
+    "source": "iana"
+  },
+  "model/vnd.sap.vds": {
+    "source": "iana",
+    "extensions": ["vds"]
+  },
+  "model/vnd.usdz+zip": {
+    "source": "iana",
+    "compressible": false,
+    "extensions": ["usdz"]
+  },
+  "model/vnd.valve.source.compiled-map": {
+    "source": "iana",
+    "extensions": ["bsp"]
+  },
+  "model/vnd.vtu": {
+    "source": "iana",
+    "extensions": ["vtu"]
+  },
+  "model/vrml": {
+    "source": "iana",
+    "compressible": false,
+    "extensions": ["wrl","vrml"]
+  },
+  "model/x3d+binary": {
+    "source": "apache",
+    "compressible": false,
+    "extensions": ["x3db","x3dbz"]
+  },
+  "model/x3d+fastinfoset": {
+    "source": "iana",
+    "extensions": ["x3db"]
+  },
+  "model/x3d+vrml": {
+    "source": "apache",
+    "compressible": false,
+    "extensions": ["x3dv","x3dvz"]
+  },
+  "model/x3d+xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["x3d","x3dz"]
+  },
+  "model/x3d-vrml": {
+    "source": "iana",
+    "extensions": ["x3dv"]
+  },
+  "multipart/alternative": {
+    "source": "iana",
+    "compressible": false
+  },
+  "multipart/appledouble": {
+    "source": "iana"
+  },
+  "multipart/byteranges": {
+    "source": "iana"
+  },
+  "multipart/digest": {
+    "source": "iana"
+  },
+  "multipart/encrypted": {
+    "source": "iana",
+    "compressible": false
+  },
+  "multipart/form-data": {
+    "source": "iana",
+    "compressible": false
+  },
+  "multipart/header-set": {
+    "source": "iana"
+  },
+  "multipart/mixed": {
+    "source": "iana"
+  },
+  "multipart/multilingual": {
+    "source": "iana"
+  },
+  "multipart/parallel": {
+    "source": "iana"
+  },
+  "multipart/related": {
+    "source": "iana",
+    "compressible": false
+  },
+  "multipart/report": {
+    "source": "iana"
+  },
+  "multipart/signed": {
+    "source": "iana",
+    "compressible": false
+  },
+  "multipart/vnd.bint.med-plus": {
+    "source": "iana"
+  },
+  "multipart/voice-message": {
+    "source": "iana"
+  },
+  "multipart/x-mixed-replace": {
+    "source": "iana"
+  },
+  "text/1d-interleaved-parityfec": {
+    "source": "iana"
+  },
+  "text/cache-manifest": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["appcache","manifest"]
+  },
+  "text/calendar": {
+    "source": "iana",
+    "extensions": ["ics","ifb"]
+  },
+  "text/calender": {
+    "compressible": true
+  },
+  "text/cmd": {
+    "compressible": true
+  },
+  "text/coffeescript": {
+    "extensions": ["coffee","litcoffee"]
+  },
+  "text/cql": {
+    "source": "iana"
+  },
+  "text/cql-expression": {
+    "source": "iana"
+  },
+  "text/cql-identifier": {
+    "source": "iana"
+  },
+  "text/css": {
+    "source": "iana",
+    "charset": "UTF-8",
+    "compressible": true,
+    "extensions": ["css"]
+  },
+  "text/csv": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["csv"]
+  },
+  "text/csv-schema": {
+    "source": "iana"
+  },
+  "text/directory": {
+    "source": "iana"
+  },
+  "text/dns": {
+    "source": "iana"
+  },
+  "text/ecmascript": {
+    "source": "iana"
+  },
+  "text/encaprtp": {
+    "source": "iana"
+  },
+  "text/enriched": {
+    "source": "iana"
+  },
+  "text/fhirpath": {
+    "source": "iana"
+  },
+  "text/flexfec": {
+    "source": "iana"
+  },
+  "text/fwdred": {
+    "source": "iana"
+  },
+  "text/gff3": {
+    "source": "iana"
+  },
+  "text/grammar-ref-list": {
+    "source": "iana"
+  },
+  "text/html": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["html","htm","shtml"]
+  },
+  "text/jade": {
+    "extensions": ["jade"]
+  },
+  "text/javascript": {
+    "source": "iana",
+    "compressible": true
+  },
+  "text/jcr-cnd": {
+    "source": "iana"
+  },
+  "text/jsx": {
+    "compressible": true,
+    "extensions": ["jsx"]
+  },
+  "text/less": {
+    "compressible": true,
+    "extensions": ["less"]
+  },
+  "text/markdown": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["markdown","md"]
+  },
+  "text/mathml": {
+    "source": "nginx",
+    "extensions": ["mml"]
+  },
+  "text/mdx": {
+    "compressible": true,
+    "extensions": ["mdx"]
+  },
+  "text/mizar": {
+    "source": "iana"
+  },
+  "text/n3": {
+    "source": "iana",
+    "charset": "UTF-8",
+    "compressible": true,
+    "extensions": ["n3"]
+  },
+  "text/parameters": {
+    "source": "iana",
+    "charset": "UTF-8"
+  },
+  "text/parityfec": {
+    "source": "iana"
+  },
+  "text/plain": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["txt","text","conf","def","list","log","in","ini"]
+  },
+  "text/provenance-notation": {
+    "source": "iana",
+    "charset": "UTF-8"
+  },
+  "text/prs.fallenstein.rst": {
+    "source": "iana"
+  },
+  "text/prs.lines.tag": {
+    "source": "iana",
+    "extensions": ["dsc"]
+  },
+  "text/prs.prop.logic": {
+    "source": "iana"
+  },
+  "text/raptorfec": {
+    "source": "iana"
+  },
+  "text/red": {
+    "source": "iana"
+  },
+  "text/rfc822-headers": {
+    "source": "iana"
+  },
+  "text/richtext": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["rtx"]
+  },
+  "text/rtf": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["rtf"]
+  },
+  "text/rtp-enc-aescm128": {
+    "source": "iana"
+  },
+  "text/rtploopback": {
+    "source": "iana"
+  },
+  "text/rtx": {
+    "source": "iana"
+  },
+  "text/sgml": {
+    "source": "iana",
+    "extensions": ["sgml","sgm"]
+  },
+  "text/shaclc": {
+    "source": "iana"
+  },
+  "text/shex": {
+    "source": "iana",
+    "extensions": ["shex"]
+  },
+  "text/slim": {
+    "extensions": ["slim","slm"]
+  },
+  "text/spdx": {
+    "source": "iana",
+    "extensions": ["spdx"]
+  },
+  "text/strings": {
+    "source": "iana"
+  },
+  "text/stylus": {
+    "extensions": ["stylus","styl"]
+  },
+  "text/t140": {
+    "source": "iana"
+  },
+  "text/tab-separated-values": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["tsv"]
+  },
+  "text/troff": {
+    "source": "iana",
+    "extensions": ["t","tr","roff","man","me","ms"]
+  },
+  "text/turtle": {
+    "source": "iana",
+    "charset": "UTF-8",
+    "extensions": ["ttl"]
+  },
+  "text/ulpfec": {
+    "source": "iana"
+  },
+  "text/uri-list": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["uri","uris","urls"]
+  },
+  "text/vcard": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["vcard"]
+  },
+  "text/vnd.a": {
+    "source": "iana"
+  },
+  "text/vnd.abc": {
+    "source": "iana"
+  },
+  "text/vnd.ascii-art": {
+    "source": "iana"
+  },
+  "text/vnd.curl": {
+    "source": "iana",
+    "extensions": ["curl"]
+  },
+  "text/vnd.curl.dcurl": {
+    "source": "apache",
+    "extensions": ["dcurl"]
+  },
+  "text/vnd.curl.mcurl": {
+    "source": "apache",
+    "extensions": ["mcurl"]
+  },
+  "text/vnd.curl.scurl": {
+    "source": "apache",
+    "extensions": ["scurl"]
+  },
+  "text/vnd.debian.copyright": {
+    "source": "iana",
+    "charset": "UTF-8"
+  },
+  "text/vnd.dmclientscript": {
+    "source": "iana"
+  },
+  "text/vnd.dvb.subtitle": {
+    "source": "iana",
+    "extensions": ["sub"]
+  },
+  "text/vnd.esmertec.theme-descriptor": {
+    "source": "iana",
+    "charset": "UTF-8"
+  },
+  "text/vnd.familysearch.gedcom": {
+    "source": "iana",
+    "extensions": ["ged"]
+  },
+  "text/vnd.ficlab.flt": {
+    "source": "iana"
+  },
+  "text/vnd.fly": {
+    "source": "iana",
+    "extensions": ["fly"]
+  },
+  "text/vnd.fmi.flexstor": {
+    "source": "iana",
+    "extensions": ["flx"]
+  },
+  "text/vnd.gml": {
+    "source": "iana"
+  },
+  "text/vnd.graphviz": {
+    "source": "iana",
+    "extensions": ["gv"]
+  },
+  "text/vnd.hans": {
+    "source": "iana"
+  },
+  "text/vnd.hgl": {
+    "source": "iana"
+  },
+  "text/vnd.in3d.3dml": {
+    "source": "iana",
+    "extensions": ["3dml"]
+  },
+  "text/vnd.in3d.spot": {
+    "source": "iana",
+    "extensions": ["spot"]
+  },
+  "text/vnd.iptc.newsml": {
+    "source": "iana"
+  },
+  "text/vnd.iptc.nitf": {
+    "source": "iana"
+  },
+  "text/vnd.latex-z": {
+    "source": "iana"
+  },
+  "text/vnd.motorola.reflex": {
+    "source": "iana"
+  },
+  "text/vnd.ms-mediapackage": {
+    "source": "iana"
+  },
+  "text/vnd.net2phone.commcenter.command": {
+    "source": "iana"
+  },
+  "text/vnd.radisys.msml-basic-layout": {
+    "source": "iana"
+  },
+  "text/vnd.senx.warpscript": {
+    "source": "iana"
+  },
+  "text/vnd.si.uricatalogue": {
+    "source": "iana"
+  },
+  "text/vnd.sosi": {
+    "source": "iana"
+  },
+  "text/vnd.sun.j2me.app-descriptor": {
+    "source": "iana",
+    "charset": "UTF-8",
+    "extensions": ["jad"]
+  },
+  "text/vnd.trolltech.linguist": {
+    "source": "iana",
+    "charset": "UTF-8"
+  },
+  "text/vnd.wap.si": {
+    "source": "iana"
+  },
+  "text/vnd.wap.sl": {
+    "source": "iana"
+  },
+  "text/vnd.wap.wml": {
+    "source": "iana",
+    "extensions": ["wml"]
+  },
+  "text/vnd.wap.wmlscript": {
+    "source": "iana",
+    "extensions": ["wmls"]
+  },
+  "text/vtt": {
+    "source": "iana",
+    "charset": "UTF-8",
+    "compressible": true,
+    "extensions": ["vtt"]
+  },
+  "text/x-asm": {
+    "source": "apache",
+    "extensions": ["s","asm"]
+  },
+  "text/x-c": {
+    "source": "apache",
+    "extensions": ["c","cc","cxx","cpp","h","hh","dic"]
+  },
+  "text/x-component": {
+    "source": "nginx",
+    "extensions": ["htc"]
+  },
+  "text/x-fortran": {
+    "source": "apache",
+    "extensions": ["f","for","f77","f90"]
+  },
+  "text/x-gwt-rpc": {
+    "compressible": true
+  },
+  "text/x-handlebars-template": {
+    "extensions": ["hbs"]
+  },
+  "text/x-java-source": {
+    "source": "apache",
+    "extensions": ["java"]
+  },
+  "text/x-jquery-tmpl": {
+    "compressible": true
+  },
+  "text/x-lua": {
+    "extensions": ["lua"]
+  },
+  "text/x-markdown": {
+    "compressible": true,
+    "extensions": ["mkd"]
+  },
+  "text/x-nfo": {
+    "source": "apache",
+    "extensions": ["nfo"]
+  },
+  "text/x-opml": {
+    "source": "apache",
+    "extensions": ["opml"]
+  },
+  "text/x-org": {
+    "compressible": true,
+    "extensions": ["org"]
+  },
+  "text/x-pascal": {
+    "source": "apache",
+    "extensions": ["p","pas"]
+  },
+  "text/x-processing": {
+    "compressible": true,
+    "extensions": ["pde"]
+  },
+  "text/x-sass": {
+    "extensions": ["sass"]
+  },
+  "text/x-scss": {
+    "extensions": ["scss"]
+  },
+  "text/x-setext": {
+    "source": "apache",
+    "extensions": ["etx"]
+  },
+  "text/x-sfv": {
+    "source": "apache",
+    "extensions": ["sfv"]
+  },
+  "text/x-suse-ymp": {
+    "compressible": true,
+    "extensions": ["ymp"]
+  },
+  "text/x-uuencode": {
+    "source": "apache",
+    "extensions": ["uu"]
+  },
+  "text/x-vcalendar": {
+    "source": "apache",
+    "extensions": ["vcs"]
+  },
+  "text/x-vcard": {
+    "source": "apache",
+    "extensions": ["vcf"]
+  },
+  "text/xml": {
+    "source": "iana",
+    "compressible": true,
+    "extensions": ["xml"]
+  },
+  "text/xml-external-parsed-entity": {
+    "source": "iana"
+  },
+  "text/yaml": {
+    "compressible": true,
+    "extensions": ["yaml","yml"]
+  },
+  "video/1d-interleaved-parityfec": {
+    "source": "iana"
+  },
+  "video/3gpp": {
+    "source": "iana",
+    "extensions": ["3gp","3gpp"]
+  },
+  "video/3gpp-tt": {
+    "source": "iana"
+  },
+  "video/3gpp2": {
+    "source": "iana",
+    "extensions": ["3g2"]
+  },
+  "video/av1": {
+    "source": "iana"
+  },
+  "video/bmpeg": {
+    "source": "iana"
+  },
+  "video/bt656": {
+    "source": "iana"
+  },
+  "video/celb": {
+    "source": "iana"
+  },
+  "video/dv": {
+    "source": "iana"
+  },
+  "video/encaprtp": {
+    "source": "iana"
+  },
+  "video/ffv1": {
+    "source": "iana"
+  },
+  "video/flexfec": {
+    "source": "iana"
+  },
+  "video/h261": {
+    "source": "iana",
+    "extensions": ["h261"]
+  },
+  "video/h263": {
+    "source": "iana",
+    "extensions": ["h263"]
+  },
+  "video/h263-1998": {
+    "source": "iana"
+  },
+  "video/h263-2000": {
+    "source": "iana"
+  },
+  "video/h264": {
+    "source": "iana",
+    "extensions": ["h264"]
+  },
+  "video/h264-rcdo": {
+    "source": "iana"
+  },
+  "video/h264-svc": {
+    "source": "iana"
+  },
+  "video/h265": {
+    "source": "iana"
+  },
+  "video/iso.segment": {
+    "source": "iana",
+    "extensions": ["m4s"]
+  },
+  "video/jpeg": {
+    "source": "iana",
+    "extensions": ["jpgv"]
+  },
+  "video/jpeg2000": {
+    "source": "iana"
+  },
+  "video/jpm": {
+    "source": "apache",
+    "extensions": ["jpm","jpgm"]
+  },
+  "video/jxsv": {
+    "source": "iana"
+  },
+  "video/mj2": {
+    "source": "iana",
+    "extensions": ["mj2","mjp2"]
+  },
+  "video/mp1s": {
+    "source": "iana"
+  },
+  "video/mp2p": {
+    "source": "iana"
+  },
+  "video/mp2t": {
+    "source": "iana",
+    "extensions": ["ts"]
+  },
+  "video/mp4": {
+    "source": "iana",
+    "compressible": false,
+    "extensions": ["mp4","mp4v","mpg4"]
+  },
+  "video/mp4v-es": {
+    "source": "iana"
+  },
+  "video/mpeg": {
+    "source": "iana",
+    "compressible": false,
+    "extensions": ["mpeg","mpg","mpe","m1v","m2v"]
+  },
+  "video/mpeg4-generic": {
+    "source": "iana"
+  },
+  "video/mpv": {
+    "source": "iana"
+  },
+  "video/nv": {
+    "source": "iana"
+  },
+  "video/ogg": {
+    "source": "iana",
+    "compressible": false,
+    "extensions": ["ogv"]
+  },
+  "video/parityfec": {
+    "source": "iana"
+  },
+  "video/pointer": {
+    "source": "iana"
+  },
+  "video/quicktime": {
+    "source": "iana",
+    "compressible": false,
+    "extensions": ["qt","mov"]
+  },
+  "video/raptorfec": {
+    "source": "iana"
+  },
+  "video/raw": {
+    "source": "iana"
+  },
+  "video/rtp-enc-aescm128": {
+    "source": "iana"
+  },
+  "video/rtploopback": {
+    "source": "iana"
+  },
+  "video/rtx": {
+    "source": "iana"
+  },
+  "video/scip": {
+    "source": "iana"
+  },
+  "video/smpte291": {
+    "source": "iana"
+  },
+  "video/smpte292m": {
+    "source": "iana"
+  },
+  "video/ulpfec": {
+    "source": "iana"
+  },
+  "video/vc1": {
+    "source": "iana"
+  },
+  "video/vc2": {
+    "source": "iana"
+  },
+  "video/vnd.cctv": {
+    "source": "iana"
+  },
+  "video/vnd.dece.hd": {
+    "source": "iana",
+    "extensions": ["uvh","uvvh"]
+  },
+  "video/vnd.dece.mobile": {
+    "source": "iana",
+    "extensions": ["uvm","uvvm"]
+  },
+  "video/vnd.dece.mp4": {
+    "source": "iana"
+  },
+  "video/vnd.dece.pd": {
+    "source": "iana",
+    "extensions": ["uvp","uvvp"]
+  },
+  "video/vnd.dece.sd": {
+    "source": "iana",
+    "extensions": ["uvs","uvvs"]
+  },
+  "video/vnd.dece.video": {
+    "source": "iana",
+    "extensions": ["uvv","uvvv"]
+  },
+  "video/vnd.directv.mpeg": {
+    "source": "iana"
+  },
+  "video/vnd.directv.mpeg-tts": {
+    "source": "iana"
+  },
+  "video/vnd.dlna.mpeg-tts": {
+    "source": "iana"
+  },
+  "video/vnd.dvb.file": {
+    "source": "iana",
+    "extensions": ["dvb"]
+  },
+  "video/vnd.fvt": {
+    "source": "iana",
+    "extensions": ["fvt"]
+  },
+  "video/vnd.hns.video": {
+    "source": "iana"
+  },
+  "video/vnd.iptvforum.1dparityfec-1010": {
+    "source": "iana"
+  },
+  "video/vnd.iptvforum.1dparityfec-2005": {
+    "source": "iana"
+  },
+  "video/vnd.iptvforum.2dparityfec-1010": {
+    "source": "iana"
+  },
+  "video/vnd.iptvforum.2dparityfec-2005": {
+    "source": "iana"
+  },
+  "video/vnd.iptvforum.ttsavc": {
+    "source": "iana"
+  },
+  "video/vnd.iptvforum.ttsmpeg2": {
+    "source": "iana"
+  },
+  "video/vnd.motorola.video": {
+    "source": "iana"
+  },
+  "video/vnd.motorola.videop": {
+    "source": "iana"
+  },
+  "video/vnd.mpegurl": {
+    "source": "iana",
+    "extensions": ["mxu","m4u"]
+  },
+  "video/vnd.ms-playready.media.pyv": {
+    "source": "iana",
+    "extensions": ["pyv"]
+  },
+  "video/vnd.nokia.interleaved-multimedia": {
+    "source": "iana"
+  },
+  "video/vnd.nokia.mp4vr": {
+    "source": "iana"
+  },
+  "video/vnd.nokia.videovoip": {
+    "source": "iana"
+  },
+  "video/vnd.objectvideo": {
+    "source": "iana"
+  },
+  "video/vnd.radgamettools.bink": {
+    "source": "iana"
+  },
+  "video/vnd.radgamettools.smacker": {
+    "source": "iana"
+  },
+  "video/vnd.sealed.mpeg1": {
+    "source": "iana"
+  },
+  "video/vnd.sealed.mpeg4": {
+    "source": "iana"
+  },
+  "video/vnd.sealed.swf": {
+    "source": "iana"
+  },
+  "video/vnd.sealedmedia.softseal.mov": {
+    "source": "iana"
+  },
+  "video/vnd.uvvu.mp4": {
+    "source": "iana",
+    "extensions": ["uvu","uvvu"]
+  },
+  "video/vnd.vivo": {
+    "source": "iana",
+    "extensions": ["viv"]
+  },
+  "video/vnd.youtube.yt": {
+    "source": "iana"
+  },
+  "video/vp8": {
+    "source": "iana"
+  },
+  "video/vp9": {
+    "source": "iana"
+  },
+  "video/webm": {
+    "source": "apache",
+    "compressible": false,
+    "extensions": ["webm"]
+  },
+  "video/x-f4v": {
+    "source": "apache",
+    "extensions": ["f4v"]
+  },
+  "video/x-fli": {
+    "source": "apache",
+    "extensions": ["fli"]
+  },
+  "video/x-flv": {
+    "source": "apache",
+    "compressible": false,
+    "extensions": ["flv"]
+  },
+  "video/x-m4v": {
+    "source": "apache",
+    "extensions": ["m4v"]
+  },
+  "video/x-matroska": {
+    "source": "apache",
+    "compressible": false,
+    "extensions": ["mkv","mk3d","mks"]
+  },
+  "video/x-mng": {
+    "source": "apache",
+    "extensions": ["mng"]
+  },
+  "video/x-ms-asf": {
+    "source": "apache",
+    "extensions": ["asf","asx"]
+  },
+  "video/x-ms-vob": {
+    "source": "apache",
+    "extensions": ["vob"]
+  },
+  "video/x-ms-wm": {
+    "source": "apache",
+    "extensions": ["wm"]
+  },
+  "video/x-ms-wmv": {
+    "source": "apache",
+    "compressible": false,
+    "extensions": ["wmv"]
+  },
+  "video/x-ms-wmx": {
+    "source": "apache",
+    "extensions": ["wmx"]
+  },
+  "video/x-ms-wvx": {
+    "source": "apache",
+    "extensions": ["wvx"]
+  },
+  "video/x-msvideo": {
+    "source": "apache",
+    "extensions": ["avi"]
+  },
+  "video/x-sgi-movie": {
+    "source": "apache",
+    "extensions": ["movie"]
+  },
+  "video/x-smv": {
+    "source": "apache",
+    "extensions": ["smv"]
+  },
+  "x-conference/x-cooltalk": {
+    "source": "apache",
+    "extensions": ["ice"]
+  },
+  "x-shader/x-fragment": {
+    "compressible": true
+  },
+  "x-shader/x-vertex": {
+    "compressible": true
+  }
+}
diff --git a/src/Servers/ExpressServer/node_modules/mime-db/index.js b/src/Servers/ExpressServer/node_modules/mime-db/index.js
new file mode 100644
index 0000000..ec2be30
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/mime-db/index.js
@@ -0,0 +1,12 @@
+/*!
+ * mime-db
+ * Copyright(c) 2014 Jonathan Ong
+ * Copyright(c) 2015-2022 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+/**
+ * Module exports.
+ */
+
+module.exports = require('./db.json')
diff --git a/src/Servers/ExpressServer/node_modules/mime-db/package.json b/src/Servers/ExpressServer/node_modules/mime-db/package.json
new file mode 100644
index 0000000..32c14b8
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/mime-db/package.json
@@ -0,0 +1,60 @@
+{
+  "name": "mime-db",
+  "description": "Media Type Database",
+  "version": "1.52.0",
+  "contributors": [
+    "Douglas Christopher Wilson <doug@somethingdoug.com>",
+    "Jonathan Ong <me@jongleberry.com> (http://jongleberry.com)",
+    "Robert Kieffer <robert@broofa.com> (http://github.com/broofa)"
+  ],
+  "license": "MIT",
+  "keywords": [
+    "mime",
+    "db",
+    "type",
+    "types",
+    "database",
+    "charset",
+    "charsets"
+  ],
+  "repository": "jshttp/mime-db",
+  "devDependencies": {
+    "bluebird": "3.7.2",
+    "co": "4.6.0",
+    "cogent": "1.0.1",
+    "csv-parse": "4.16.3",
+    "eslint": "7.32.0",
+    "eslint-config-standard": "15.0.1",
+    "eslint-plugin-import": "2.25.4",
+    "eslint-plugin-markdown": "2.2.1",
+    "eslint-plugin-node": "11.1.0",
+    "eslint-plugin-promise": "5.1.1",
+    "eslint-plugin-standard": "4.1.0",
+    "gnode": "0.1.2",
+    "media-typer": "1.1.0",
+    "mocha": "9.2.1",
+    "nyc": "15.1.0",
+    "raw-body": "2.5.0",
+    "stream-to-array": "2.3.0"
+  },
+  "files": [
+    "HISTORY.md",
+    "LICENSE",
+    "README.md",
+    "db.json",
+    "index.js"
+  ],
+  "engines": {
+    "node": ">= 0.6"
+  },
+  "scripts": {
+    "build": "node scripts/build",
+    "fetch": "node scripts/fetch-apache && gnode scripts/fetch-iana && node scripts/fetch-nginx",
+    "lint": "eslint .",
+    "test": "mocha --reporter spec --bail --check-leaks test/",
+    "test-ci": "nyc --reporter=lcov --reporter=text npm test",
+    "test-cov": "nyc --reporter=html --reporter=text npm test",
+    "update": "npm run fetch && npm run build",
+    "version": "node scripts/version-history.js && git add HISTORY.md"
+  }
+}
diff --git a/src/Servers/ExpressServer/node_modules/mime-types/HISTORY.md b/src/Servers/ExpressServer/node_modules/mime-types/HISTORY.md
new file mode 100644
index 0000000..c5043b7
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/mime-types/HISTORY.md
@@ -0,0 +1,397 @@
+2.1.35 / 2022-03-12
+===================
+
+  * deps: mime-db@1.52.0
+    - Add extensions from IANA for more `image/*` types
+    - Add extension `.asc` to `application/pgp-keys`
+    - Add extensions to various XML types
+    - Add new upstream MIME types
+
+2.1.34 / 2021-11-08
+===================
+
+  * deps: mime-db@1.51.0
+    - Add new upstream MIME types
+
+2.1.33 / 2021-10-01
+===================
+
+  * deps: mime-db@1.50.0
+    - Add deprecated iWorks mime types and extensions
+    - Add new upstream MIME types
+
+2.1.32 / 2021-07-27
+===================
+
+  * deps: mime-db@1.49.0
+    - Add extension `.trig` to `application/trig`
+    - Add new upstream MIME types
+
+2.1.31 / 2021-06-01
+===================
+
+  * deps: mime-db@1.48.0
+    - Add extension `.mvt` to `application/vnd.mapbox-vector-tile`
+    - Add new upstream MIME types
+
+2.1.30 / 2021-04-02
+===================
+
+  * deps: mime-db@1.47.0
+    - Add extension `.amr` to `audio/amr`
+    - Remove ambigious extensions from IANA for `application/*+xml` types
+    - Update primary extension to `.es` for `application/ecmascript`
+
+2.1.29 / 2021-02-17
+===================
+
+  * deps: mime-db@1.46.0
+    - Add extension `.amr` to `audio/amr`
+    - Add extension `.m4s` to `video/iso.segment`
+    - Add extension `.opus` to `audio/ogg`
+    - Add new upstream MIME types
+
+2.1.28 / 2021-01-01
+===================
+
+  * deps: mime-db@1.45.0
+    - Add `application/ubjson` with extension `.ubj`
+    - Add `image/avif` with extension `.avif`
+    - Add `image/ktx2` with extension `.ktx2`
+    - Add extension `.dbf` to `application/vnd.dbf`
+    - Add extension `.rar` to `application/vnd.rar`
+    - Add extension `.td` to `application/urc-targetdesc+xml`
+    - Add new upstream MIME types
+    - Fix extension of `application/vnd.apple.keynote` to be `.key`
+
+2.1.27 / 2020-04-23
+===================
+
+  * deps: mime-db@1.44.0
+    - Add charsets from IANA
+    - Add extension `.cjs` to `application/node`
+    - Add new upstream MIME types
+
+2.1.26 / 2020-01-05
+===================
+
+  * deps: mime-db@1.43.0
+    - Add `application/x-keepass2` with extension `.kdbx`
+    - Add extension `.mxmf` to `audio/mobile-xmf`
+    - Add extensions from IANA for `application/*+xml` types
+    - Add new upstream MIME types
+
+2.1.25 / 2019-11-12
+===================
+
+  * deps: mime-db@1.42.0
+    - Add new upstream MIME types
+    - Add `application/toml` with extension `.toml`
+    - Add `image/vnd.ms-dds` with extension `.dds`
+
+2.1.24 / 2019-04-20
+===================
+
+  * deps: mime-db@1.40.0
+    - Add extensions from IANA for `model/*` types
+    - Add `text/mdx` with extension `.mdx`
+
+2.1.23 / 2019-04-17
+===================
+
+  * deps: mime-db@~1.39.0
+    - Add extensions `.siv` and `.sieve` to `application/sieve`
+    - Add new upstream MIME types
+
+2.1.22 / 2019-02-14
+===================
+
+  * deps: mime-db@~1.38.0
+    - Add extension `.nq` to `application/n-quads`
+    - Add extension `.nt` to `application/n-triples`
+    - Add new upstream MIME types
+
+2.1.21 / 2018-10-19
+===================
+
+  * deps: mime-db@~1.37.0
+    - Add extensions to HEIC image types
+    - Add new upstream MIME types
+
+2.1.20 / 2018-08-26
+===================
+
+  * deps: mime-db@~1.36.0
+    - Add Apple file extensions from IANA
+    - Add extensions from IANA for `image/*` types
+    - Add new upstream MIME types
+
+2.1.19 / 2018-07-17
+===================
+
+  * deps: mime-db@~1.35.0
+    - Add extension `.csl` to `application/vnd.citationstyles.style+xml`
+    - Add extension `.es` to `application/ecmascript`
+    - Add extension `.owl` to `application/rdf+xml`
+    - Add new upstream MIME types
+    - Add UTF-8 as default charset for `text/turtle`
+
+2.1.18 / 2018-02-16
+===================
+
+  * deps: mime-db@~1.33.0
+    - Add `application/raml+yaml` with extension `.raml`
+    - Add `application/wasm` with extension `.wasm`
+    - Add `text/shex` with extension `.shex`
+    - Add extensions for JPEG-2000 images
+    - Add extensions from IANA for `message/*` types
+    - Add new upstream MIME types
+    - Update font MIME types
+    - Update `text/hjson` to registered `application/hjson`
+
+2.1.17 / 2017-09-01
+===================
+
+  * deps: mime-db@~1.30.0
+    - Add `application/vnd.ms-outlook`
+    - Add `application/x-arj`
+    - Add extension `.mjs` to `application/javascript`
+    - Add glTF types and extensions
+    - Add new upstream MIME types
+    - Add `text/x-org`
+    - Add VirtualBox MIME types
+    - Fix `source` records for `video/*` types that are IANA
+    - Update `font/opentype` to registered `font/otf`
+
+2.1.16 / 2017-07-24
+===================
+
+  * deps: mime-db@~1.29.0
+    - Add `application/fido.trusted-apps+json`
+    - Add extension `.wadl` to `application/vnd.sun.wadl+xml`
+    - Add extension `.gz` to `application/gzip`
+    - Add new upstream MIME types
+    - Update extensions `.md` and `.markdown` to be `text/markdown`
+
+2.1.15 / 2017-03-23
+===================
+
+  * deps: mime-db@~1.27.0
+    - Add new mime types
+    - Add `image/apng`
+
+2.1.14 / 2017-01-14
+===================
+
+  * deps: mime-db@~1.26.0
+    - Add new mime types
+
+2.1.13 / 2016-11-18
+===================
+
+  * deps: mime-db@~1.25.0
+    - Add new mime types
+
+2.1.12 / 2016-09-18
+===================
+
+  * deps: mime-db@~1.24.0
+    - Add new mime types
+    - Add `audio/mp3`
+
+2.1.11 / 2016-05-01
+===================
+
+  * deps: mime-db@~1.23.0
+    - Add new mime types
+
+2.1.10 / 2016-02-15
+===================
+
+  * deps: mime-db@~1.22.0
+    - Add new mime types
+    - Fix extension of `application/dash+xml`
+    - Update primary extension for `audio/mp4`
+
+2.1.9 / 2016-01-06
+==================
+
+  * deps: mime-db@~1.21.0
+    - Add new mime types
+
+2.1.8 / 2015-11-30
+==================
+
+  * deps: mime-db@~1.20.0
+    - Add new mime types
+
+2.1.7 / 2015-09-20
+==================
+
+  * deps: mime-db@~1.19.0
+    - Add new mime types
+
+2.1.6 / 2015-09-03
+==================
+
+  * deps: mime-db@~1.18.0
+    - Add new mime types
+
+2.1.5 / 2015-08-20
+==================
+
+  * deps: mime-db@~1.17.0
+    - Add new mime types
+
+2.1.4 / 2015-07-30
+==================
+
+  * deps: mime-db@~1.16.0
+    - Add new mime types
+
+2.1.3 / 2015-07-13
+==================
+
+  * deps: mime-db@~1.15.0
+    - Add new mime types
+
+2.1.2 / 2015-06-25
+==================
+
+  * deps: mime-db@~1.14.0
+    - Add new mime types
+
+2.1.1 / 2015-06-08
+==================
+
+  * perf: fix deopt during mapping
+
+2.1.0 / 2015-06-07
+==================
+
+  * Fix incorrectly treating extension-less file name as extension
+    - i.e. `'path/to/json'` will no longer return `application/json`
+  * Fix `.charset(type)` to accept parameters
+  * Fix `.charset(type)` to match case-insensitive
+  * Improve generation of extension to MIME mapping
+  * Refactor internals for readability and no argument reassignment
+  * Prefer `application/*` MIME types from the same source
+  * Prefer any type over `application/octet-stream`
+  * deps: mime-db@~1.13.0
+    - Add nginx as a source
+    - Add new mime types
+
+2.0.14 / 2015-06-06
+===================
+
+  * deps: mime-db@~1.12.0
+    - Add new mime types
+
+2.0.13 / 2015-05-31
+===================
+
+  * deps: mime-db@~1.11.0
+    - Add new mime types
+
+2.0.12 / 2015-05-19
+===================
+
+  * deps: mime-db@~1.10.0
+    - Add new mime types
+
+2.0.11 / 2015-05-05
+===================
+
+  * deps: mime-db@~1.9.1
+    - Add new mime types
+
+2.0.10 / 2015-03-13
+===================
+
+  * deps: mime-db@~1.8.0
+    - Add new mime types
+
+2.0.9 / 2015-02-09
+==================
+
+  * deps: mime-db@~1.7.0
+    - Add new mime types
+    - Community extensions ownership transferred from `node-mime`
+
+2.0.8 / 2015-01-29
+==================
+
+  * deps: mime-db@~1.6.0
+    - Add new mime types
+
+2.0.7 / 2014-12-30
+==================
+
+  * deps: mime-db@~1.5.0
+    - Add new mime types
+    - Fix various invalid MIME type entries
+
+2.0.6 / 2014-12-30
+==================
+
+  * deps: mime-db@~1.4.0
+    - Add new mime types
+    - Fix various invalid MIME type entries
+    - Remove example template MIME types
+
+2.0.5 / 2014-12-29
+==================
+
+  * deps: mime-db@~1.3.1
+    - Fix missing extensions
+
+2.0.4 / 2014-12-10
+==================
+
+  * deps: mime-db@~1.3.0
+    - Add new mime types
+
+2.0.3 / 2014-11-09
+==================
+
+  * deps: mime-db@~1.2.0
+    - Add new mime types
+
+2.0.2 / 2014-09-28
+==================
+
+  * deps: mime-db@~1.1.0
+    - Add new mime types
+    - Update charsets
+
+2.0.1 / 2014-09-07
+==================
+
+  * Support Node.js 0.6
+
+2.0.0 / 2014-09-02
+==================
+
+  * Use `mime-db`
+  * Remove `.define()`
+
+1.0.2 / 2014-08-04
+==================
+
+  * Set charset=utf-8 for `text/javascript`
+
+1.0.1 / 2014-06-24
+==================
+
+  * Add `text/jsx` type
+
+1.0.0 / 2014-05-12
+==================
+
+  * Return `false` for unknown types
+  * Set charset=utf-8 for `application/json`
+
+0.1.0 / 2014-05-02
+==================
+
+  * Initial release
diff --git a/src/Servers/ExpressServer/node_modules/mime-types/LICENSE b/src/Servers/ExpressServer/node_modules/mime-types/LICENSE
new file mode 100644
index 0000000..0616607
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/mime-types/LICENSE
@@ -0,0 +1,23 @@
+(The MIT License)
+
+Copyright (c) 2014 Jonathan Ong <me@jongleberry.com>
+Copyright (c) 2015 Douglas Christopher Wilson <doug@somethingdoug.com>
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/mime-types/README.md b/src/Servers/ExpressServer/node_modules/mime-types/README.md
new file mode 100644
index 0000000..48d2fb4
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/mime-types/README.md
@@ -0,0 +1,113 @@
+# mime-types
+
+[![NPM Version][npm-version-image]][npm-url]
+[![NPM Downloads][npm-downloads-image]][npm-url]
+[![Node.js Version][node-version-image]][node-version-url]
+[![Build Status][ci-image]][ci-url]
+[![Test Coverage][coveralls-image]][coveralls-url]
+
+The ultimate javascript content-type utility.
+
+Similar to [the `mime@1.x` module](https://www.npmjs.com/package/mime), except:
+
+- __No fallbacks.__ Instead of naively returning the first available type,
+  `mime-types` simply returns `false`, so do
+  `var type = mime.lookup('unrecognized') || 'application/octet-stream'`.
+- No `new Mime()` business, so you could do `var lookup = require('mime-types').lookup`.
+- No `.define()` functionality
+- Bug fixes for `.lookup(path)`
+
+Otherwise, the API is compatible with `mime` 1.x.
+
+## Install
+
+This is a [Node.js](https://nodejs.org/en/) module available through the
+[npm registry](https://www.npmjs.com/). Installation is done using the
+[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
+
+```sh
+$ npm install mime-types
+```
+
+## Adding Types
+
+All mime types are based on [mime-db](https://www.npmjs.com/package/mime-db),
+so open a PR there if you'd like to add mime types.
+
+## API
+
+```js
+var mime = require('mime-types')
+```
+
+All functions return `false` if input is invalid or not found.
+
+### mime.lookup(path)
+
+Lookup the content-type associated with a file.
+
+```js
+mime.lookup('json') // 'application/json'
+mime.lookup('.md') // 'text/markdown'
+mime.lookup('file.html') // 'text/html'
+mime.lookup('folder/file.js') // 'application/javascript'
+mime.lookup('folder/.htaccess') // false
+
+mime.lookup('cats') // false
+```
+
+### mime.contentType(type)
+
+Create a full content-type header given a content-type or extension.
+When given an extension, `mime.lookup` is used to get the matching
+content-type, otherwise the given content-type is used. Then if the
+content-type does not already have a `charset` parameter, `mime.charset`
+is used to get the default charset and add to the returned content-type.
+
+```js
+mime.contentType('markdown') // 'text/x-markdown; charset=utf-8'
+mime.contentType('file.json') // 'application/json; charset=utf-8'
+mime.contentType('text/html') // 'text/html; charset=utf-8'
+mime.contentType('text/html; charset=iso-8859-1') // 'text/html; charset=iso-8859-1'
+
+// from a full path
+mime.contentType(path.extname('/path/to/file.json')) // 'application/json; charset=utf-8'
+```
+
+### mime.extension(type)
+
+Get the default extension for a content-type.
+
+```js
+mime.extension('application/octet-stream') // 'bin'
+```
+
+### mime.charset(type)
+
+Lookup the implied default charset of a content-type.
+
+```js
+mime.charset('text/markdown') // 'UTF-8'
+```
+
+### var type = mime.types[extension]
+
+A map of content-types by extension.
+
+### [extensions...] = mime.extensions[type]
+
+A map of extensions by content-type.
+
+## License
+
+[MIT](LICENSE)
+
+[ci-image]: https://badgen.net/github/checks/jshttp/mime-types/master?label=ci
+[ci-url]: https://github.com/jshttp/mime-types/actions/workflows/ci.yml
+[coveralls-image]: https://badgen.net/coveralls/c/github/jshttp/mime-types/master
+[coveralls-url]: https://coveralls.io/r/jshttp/mime-types?branch=master
+[node-version-image]: https://badgen.net/npm/node/mime-types
+[node-version-url]: https://nodejs.org/en/download
+[npm-downloads-image]: https://badgen.net/npm/dm/mime-types
+[npm-url]: https://npmjs.org/package/mime-types
+[npm-version-image]: https://badgen.net/npm/v/mime-types
diff --git a/src/Servers/ExpressServer/node_modules/mime-types/index.js b/src/Servers/ExpressServer/node_modules/mime-types/index.js
new file mode 100644
index 0000000..b9f34d5
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/mime-types/index.js
@@ -0,0 +1,188 @@
+/*!
+ * mime-types
+ * Copyright(c) 2014 Jonathan Ong
+ * Copyright(c) 2015 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict'
+
+/**
+ * Module dependencies.
+ * @private
+ */
+
+var db = require('mime-db')
+var extname = require('path').extname
+
+/**
+ * Module variables.
+ * @private
+ */
+
+var EXTRACT_TYPE_REGEXP = /^\s*([^;\s]*)(?:;|\s|$)/
+var TEXT_TYPE_REGEXP = /^text\//i
+
+/**
+ * Module exports.
+ * @public
+ */
+
+exports.charset = charset
+exports.charsets = { lookup: charset }
+exports.contentType = contentType
+exports.extension = extension
+exports.extensions = Object.create(null)
+exports.lookup = lookup
+exports.types = Object.create(null)
+
+// Populate the extensions/types maps
+populateMaps(exports.extensions, exports.types)
+
+/**
+ * Get the default charset for a MIME type.
+ *
+ * @param {string} type
+ * @return {boolean|string}
+ */
+
+function charset (type) {
+  if (!type || typeof type !== 'string') {
+    return false
+  }
+
+  // TODO: use media-typer
+  var match = EXTRACT_TYPE_REGEXP.exec(type)
+  var mime = match && db[match[1].toLowerCase()]
+
+  if (mime && mime.charset) {
+    return mime.charset
+  }
+
+  // default text/* to utf-8
+  if (match && TEXT_TYPE_REGEXP.test(match[1])) {
+    return 'UTF-8'
+  }
+
+  return false
+}
+
+/**
+ * Create a full Content-Type header given a MIME type or extension.
+ *
+ * @param {string} str
+ * @return {boolean|string}
+ */
+
+function contentType (str) {
+  // TODO: should this even be in this module?
+  if (!str || typeof str !== 'string') {
+    return false
+  }
+
+  var mime = str.indexOf('/') === -1
+    ? exports.lookup(str)
+    : str
+
+  if (!mime) {
+    return false
+  }
+
+  // TODO: use content-type or other module
+  if (mime.indexOf('charset') === -1) {
+    var charset = exports.charset(mime)
+    if (charset) mime += '; charset=' + charset.toLowerCase()
+  }
+
+  return mime
+}
+
+/**
+ * Get the default extension for a MIME type.
+ *
+ * @param {string} type
+ * @return {boolean|string}
+ */
+
+function extension (type) {
+  if (!type || typeof type !== 'string') {
+    return false
+  }
+
+  // TODO: use media-typer
+  var match = EXTRACT_TYPE_REGEXP.exec(type)
+
+  // get extensions
+  var exts = match && exports.extensions[match[1].toLowerCase()]
+
+  if (!exts || !exts.length) {
+    return false
+  }
+
+  return exts[0]
+}
+
+/**
+ * Lookup the MIME type for a file path/extension.
+ *
+ * @param {string} path
+ * @return {boolean|string}
+ */
+
+function lookup (path) {
+  if (!path || typeof path !== 'string') {
+    return false
+  }
+
+  // get the extension ("ext" or ".ext" or full path)
+  var extension = extname('x.' + path)
+    .toLowerCase()
+    .substr(1)
+
+  if (!extension) {
+    return false
+  }
+
+  return exports.types[extension] || false
+}
+
+/**
+ * Populate the extensions and types maps.
+ * @private
+ */
+
+function populateMaps (extensions, types) {
+  // source preference (least -> most)
+  var preference = ['nginx', 'apache', undefined, 'iana']
+
+  Object.keys(db).forEach(function forEachMimeType (type) {
+    var mime = db[type]
+    var exts = mime.extensions
+
+    if (!exts || !exts.length) {
+      return
+    }
+
+    // mime -> extensions
+    extensions[type] = exts
+
+    // extension -> mime
+    for (var i = 0; i < exts.length; i++) {
+      var extension = exts[i]
+
+      if (types[extension]) {
+        var from = preference.indexOf(db[types[extension]].source)
+        var to = preference.indexOf(mime.source)
+
+        if (types[extension] !== 'application/octet-stream' &&
+          (from > to || (from === to && types[extension].substr(0, 12) === 'application/'))) {
+          // skip the remapping
+          continue
+        }
+      }
+
+      // set the extension -> mime
+      types[extension] = type
+    }
+  })
+}
diff --git a/src/Servers/ExpressServer/node_modules/mime-types/package.json b/src/Servers/ExpressServer/node_modules/mime-types/package.json
new file mode 100644
index 0000000..bbef696
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/mime-types/package.json
@@ -0,0 +1,44 @@
+{
+  "name": "mime-types",
+  "description": "The ultimate javascript content-type utility.",
+  "version": "2.1.35",
+  "contributors": [
+    "Douglas Christopher Wilson <doug@somethingdoug.com>",
+    "Jeremiah Senkpiel <fishrock123@rocketmail.com> (https://searchbeam.jit.su)",
+    "Jonathan Ong <me@jongleberry.com> (http://jongleberry.com)"
+  ],
+  "license": "MIT",
+  "keywords": [
+    "mime",
+    "types"
+  ],
+  "repository": "jshttp/mime-types",
+  "dependencies": {
+    "mime-db": "1.52.0"
+  },
+  "devDependencies": {
+    "eslint": "7.32.0",
+    "eslint-config-standard": "14.1.1",
+    "eslint-plugin-import": "2.25.4",
+    "eslint-plugin-markdown": "2.2.1",
+    "eslint-plugin-node": "11.1.0",
+    "eslint-plugin-promise": "5.2.0",
+    "eslint-plugin-standard": "4.1.0",
+    "mocha": "9.2.2",
+    "nyc": "15.1.0"
+  },
+  "files": [
+    "HISTORY.md",
+    "LICENSE",
+    "index.js"
+  ],
+  "engines": {
+    "node": ">= 0.6"
+  },
+  "scripts": {
+    "lint": "eslint .",
+    "test": "mocha --reporter spec test/test.js",
+    "test-ci": "nyc --reporter=lcov --reporter=text npm test",
+    "test-cov": "nyc --reporter=html --reporter=text npm test"
+  }
+}
diff --git a/src/Servers/ExpressServer/node_modules/mime/.npmignore b/src/Servers/ExpressServer/node_modules/mime/.npmignore
new file mode 100644
index 0000000..e69de29
diff --git a/src/Servers/ExpressServer/node_modules/mime/CHANGELOG.md b/src/Servers/ExpressServer/node_modules/mime/CHANGELOG.md
new file mode 100644
index 0000000..f127535
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/mime/CHANGELOG.md
@@ -0,0 +1,164 @@
+# Changelog
+
+## v1.6.0 (24/11/2017)
+*No changelog for this release.*
+
+---
+
+## v2.0.4 (24/11/2017)
+- [**closed**] Switch to mime-score module for resolving extension contention issues. [#182](https://github.com/broofa/node-mime/issues/182)
+- [**closed**] Update mime-db to 1.31.0 in v1.x branch [#181](https://github.com/broofa/node-mime/issues/181)
+
+---
+
+## v1.5.0 (22/11/2017)
+- [**closed**] need ES5 version ready in npm package [#179](https://github.com/broofa/node-mime/issues/179)
+- [**closed**] mime-db no trace of iWork - pages / numbers / etc. [#178](https://github.com/broofa/node-mime/issues/178)
+- [**closed**] How it works in brownser ? [#176](https://github.com/broofa/node-mime/issues/176)
+- [**closed**] Missing `./Mime` [#175](https://github.com/broofa/node-mime/issues/175)
+- [**closed**] Vulnerable Regular Expression [#167](https://github.com/broofa/node-mime/issues/167)
+
+---
+
+## v2.0.3 (25/09/2017)
+*No changelog for this release.*
+
+---
+
+## v1.4.1 (25/09/2017)
+- [**closed**] Issue when bundling with webpack [#172](https://github.com/broofa/node-mime/issues/172)
+
+---
+
+## v2.0.2 (15/09/2017)
+- [**V2**] fs.readFileSync is not a function [#165](https://github.com/broofa/node-mime/issues/165)
+- [**closed**] The extension for video/quicktime should map to .mov, not .qt [#164](https://github.com/broofa/node-mime/issues/164)
+- [**V2**] [v2 Feedback request] Mime class API [#163](https://github.com/broofa/node-mime/issues/163)
+- [**V2**] [v2 Feedback request] Resolving conflicts over extensions [#162](https://github.com/broofa/node-mime/issues/162)
+- [**V2**] Allow callers to load module with official, full, or no defined types.  [#161](https://github.com/broofa/node-mime/issues/161)
+- [**V2**] Use "facets" to resolve extension conflicts [#160](https://github.com/broofa/node-mime/issues/160)
+- [**V2**] Remove fs and path dependencies [#152](https://github.com/broofa/node-mime/issues/152)
+- [**V2**] Default content-type should not be application/octet-stream [#139](https://github.com/broofa/node-mime/issues/139)
+- [**V2**] reset mime-types [#124](https://github.com/broofa/node-mime/issues/124)
+- [**V2**] Extensionless paths should return null or false [#113](https://github.com/broofa/node-mime/issues/113)
+
+---
+
+## v2.0.1 (14/09/2017)
+- [**closed**] Changelog for v2.0 does not mention breaking changes [#171](https://github.com/broofa/node-mime/issues/171)
+- [**closed**] MIME breaking with 'class' declaration as it is without 'use strict mode' [#170](https://github.com/broofa/node-mime/issues/170)
+
+---
+
+## v2.0.0 (12/09/2017)
+- [**closed**] woff and woff2 [#168](https://github.com/broofa/node-mime/issues/168)
+
+---
+
+## v1.4.0 (28/08/2017)
+- [**closed**] support for ac3 voc files [#159](https://github.com/broofa/node-mime/issues/159)
+- [**closed**] Help understanding change from application/xml to text/xml [#158](https://github.com/broofa/node-mime/issues/158)
+- [**closed**] no longer able to override mimetype [#157](https://github.com/broofa/node-mime/issues/157)
+- [**closed**] application/vnd.adobe.photoshop [#147](https://github.com/broofa/node-mime/issues/147)
+- [**closed**] Directories should appear as something other than application/octet-stream [#135](https://github.com/broofa/node-mime/issues/135)
+- [**closed**] requested features [#131](https://github.com/broofa/node-mime/issues/131)
+- [**closed**] Make types.json loading optional? [#129](https://github.com/broofa/node-mime/issues/129)
+- [**closed**] Cannot find module './types.json' [#120](https://github.com/broofa/node-mime/issues/120)
+- [**V2**] .wav files show up as "audio/x-wav" instead of "audio/x-wave" [#118](https://github.com/broofa/node-mime/issues/118)
+- [**closed**] Don't be a pain in the ass for node community [#108](https://github.com/broofa/node-mime/issues/108)
+- [**closed**] don't make default_type global [#78](https://github.com/broofa/node-mime/issues/78)
+- [**closed**] mime.extension() fails if the content-type is parameterized [#74](https://github.com/broofa/node-mime/issues/74)
+
+---
+
+## v1.3.6 (11/05/2017)
+- [**closed**] .md should be text/markdown as of March 2016 [#154](https://github.com/broofa/node-mime/issues/154)
+- [**closed**] Error while installing mime [#153](https://github.com/broofa/node-mime/issues/153)
+- [**closed**] application/manifest+json [#149](https://github.com/broofa/node-mime/issues/149)
+- [**closed**] Dynamic adaptive streaming over HTTP (DASH) file extension typo [#141](https://github.com/broofa/node-mime/issues/141)
+- [**closed**] charsets image/png undefined [#140](https://github.com/broofa/node-mime/issues/140)
+- [**closed**] Mime-db dependency out of date [#130](https://github.com/broofa/node-mime/issues/130)
+- [**closed**] how to support plist？ [#126](https://github.com/broofa/node-mime/issues/126)
+- [**closed**] how does .types file format look like? [#123](https://github.com/broofa/node-mime/issues/123)
+- [**closed**] Feature: support for expanding MIME patterns [#121](https://github.com/broofa/node-mime/issues/121)
+- [**closed**] DEBUG_MIME doesn't work [#117](https://github.com/broofa/node-mime/issues/117)
+
+---
+
+## v1.3.4 (06/02/2015)
+*No changelog for this release.*
+
+---
+
+## v1.3.3 (06/02/2015)
+*No changelog for this release.*
+
+---
+
+## v1.3.1 (05/02/2015)
+- [**closed**] Consider adding support for Handlebars .hbs file ending [#111](https://github.com/broofa/node-mime/issues/111)
+- [**closed**] Consider adding support for hjson. [#110](https://github.com/broofa/node-mime/issues/110)
+- [**closed**] Add mime type for Opus audio files [#94](https://github.com/broofa/node-mime/issues/94)
+- [**closed**] Consider making the `Requesting New Types` information more visible [#77](https://github.com/broofa/node-mime/issues/77)
+
+---
+
+## v1.3.0 (05/02/2015)
+- [**closed**] Add common name? [#114](https://github.com/broofa/node-mime/issues/114)
+- [**closed**] application/x-yaml [#104](https://github.com/broofa/node-mime/issues/104)
+- [**closed**] Add mime type for WOFF file format 2.0 [#102](https://github.com/broofa/node-mime/issues/102)
+- [**closed**] application/x-msi for .msi [#99](https://github.com/broofa/node-mime/issues/99)
+- [**closed**] Add mimetype for gettext translation files [#98](https://github.com/broofa/node-mime/issues/98)
+- [**closed**] collaborators [#88](https://github.com/broofa/node-mime/issues/88)
+- [**closed**] getting errot in installation of mime module...any1 can help? [#87](https://github.com/broofa/node-mime/issues/87)
+- [**closed**] should application/json's charset be utf8? [#86](https://github.com/broofa/node-mime/issues/86)
+- [**closed**] Add "license" and "licenses" to package.json [#81](https://github.com/broofa/node-mime/issues/81)
+- [**closed**] lookup with extension-less file on Windows returns wrong type [#68](https://github.com/broofa/node-mime/issues/68)
+
+---
+
+## v1.2.11 (15/08/2013)
+- [**closed**] Update mime.types [#65](https://github.com/broofa/node-mime/issues/65)
+- [**closed**] Publish a new version [#63](https://github.com/broofa/node-mime/issues/63)
+- [**closed**] README should state upfront that "application/octet-stream" is default for unknown extension [#55](https://github.com/broofa/node-mime/issues/55)
+- [**closed**] Suggested improvement to the charset API [#52](https://github.com/broofa/node-mime/issues/52)
+
+---
+
+## v1.2.10 (25/07/2013)
+- [**closed**] Mime type for woff files should be application/font-woff and not application/x-font-woff [#62](https://github.com/broofa/node-mime/issues/62)
+- [**closed**] node.types in conflict with mime.types [#51](https://github.com/broofa/node-mime/issues/51)
+
+---
+
+## v1.2.9 (17/01/2013)
+- [**closed**] Please update "mime" NPM [#49](https://github.com/broofa/node-mime/issues/49)
+- [**closed**] Please add semicolon [#46](https://github.com/broofa/node-mime/issues/46)
+- [**closed**] parse full mime types [#43](https://github.com/broofa/node-mime/issues/43)
+
+---
+
+## v1.2.8 (10/01/2013)
+- [**closed**] /js directory mime is application/javascript. Is it correct? [#47](https://github.com/broofa/node-mime/issues/47)
+- [**closed**] Add mime types for lua code. [#45](https://github.com/broofa/node-mime/issues/45)
+
+---
+
+## v1.2.7 (19/10/2012)
+- [**closed**] cannot install 1.2.7 via npm [#41](https://github.com/broofa/node-mime/issues/41)
+- [**closed**] Transfer ownership to @broofa [#36](https://github.com/broofa/node-mime/issues/36)
+- [**closed**] it's wrong to set charset to UTF-8 for text [#30](https://github.com/broofa/node-mime/issues/30)
+- [**closed**] Allow multiple instances of MIME types container [#27](https://github.com/broofa/node-mime/issues/27)
+
+---
+
+## v1.2.5 (16/02/2012)
+- [**closed**] When looking up a types, check hasOwnProperty [#23](https://github.com/broofa/node-mime/issues/23)
+- [**closed**] Bump version to 1.2.2 [#18](https://github.com/broofa/node-mime/issues/18)
+- [**closed**] No license [#16](https://github.com/broofa/node-mime/issues/16)
+- [**closed**] Some types missing that are used by html5/css3 [#13](https://github.com/broofa/node-mime/issues/13)
+- [**closed**] npm install fails for 1.2.1 [#12](https://github.com/broofa/node-mime/issues/12)
+- [**closed**] image/pjpeg + image/x-png [#10](https://github.com/broofa/node-mime/issues/10)
+- [**closed**] symlink [#8](https://github.com/broofa/node-mime/issues/8)
+- [**closed**] gzip [#2](https://github.com/broofa/node-mime/issues/2)
+- [**closed**] ALL CAPS filenames return incorrect mime type [#1](https://github.com/broofa/node-mime/issues/1)
diff --git a/src/Servers/ExpressServer/node_modules/mime/LICENSE b/src/Servers/ExpressServer/node_modules/mime/LICENSE
new file mode 100644
index 0000000..d3f46f7
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/mime/LICENSE
@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2010 Benjamin Thomas, Robert Kieffer
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/mime/README.md b/src/Servers/ExpressServer/node_modules/mime/README.md
new file mode 100644
index 0000000..506fbe5
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/mime/README.md
@@ -0,0 +1,90 @@
+# mime
+
+Comprehensive MIME type mapping API based on mime-db module.
+
+## Install
+
+Install with [npm](http://github.com/isaacs/npm):
+
+    npm install mime
+
+## Contributing / Testing
+
+    npm run test
+
+## Command Line
+
+    mime [path_string]
+
+E.g.
+
+    > mime scripts/jquery.js
+    application/javascript
+
+## API - Queries
+
+### mime.lookup(path)
+Get the mime type associated with a file, if no mime type is found `application/octet-stream` is returned. Performs a case-insensitive lookup using the extension in `path` (the substring after the last '/' or '.').  E.g.
+
+```js
+var mime = require('mime');
+
+mime.lookup('/path/to/file.txt');         // => 'text/plain'
+mime.lookup('file.txt');                  // => 'text/plain'
+mime.lookup('.TXT');                      // => 'text/plain'
+mime.lookup('htm');                       // => 'text/html'
+```
+
+### mime.default_type
+Sets the mime type returned when `mime.lookup` fails to find the extension searched for. (Default is `application/octet-stream`.)
+
+### mime.extension(type)
+Get the default extension for `type`
+
+```js
+mime.extension('text/html');                 // => 'html'
+mime.extension('application/octet-stream');  // => 'bin'
+```
+
+### mime.charsets.lookup()
+
+Map mime-type to charset
+
+```js
+mime.charsets.lookup('text/plain');        // => 'UTF-8'
+```
+
+(The logic for charset lookups is pretty rudimentary.  Feel free to suggest improvements.)
+
+## API - Defining Custom Types
+
+Custom type mappings can be added on a per-project basis via the following APIs.
+
+### mime.define()
+
+Add custom mime/extension mappings
+
+```js
+mime.define({
+    'text/x-some-format': ['x-sf', 'x-sft', 'x-sfml'],
+    'application/x-my-type': ['x-mt', 'x-mtt'],
+    // etc ...
+});
+
+mime.lookup('x-sft');                 // => 'text/x-some-format'
+```
+
+The first entry in the extensions array is returned by `mime.extension()`. E.g.
+
+```js
+mime.extension('text/x-some-format'); // => 'x-sf'
+```
+
+### mime.load(filepath)
+
+Load mappings from an Apache ".types" format file
+
+```js
+mime.load('./my_project.types');
+```
+The .types file format is simple -  See the `types` dir for examples.
diff --git a/src/Servers/ExpressServer/node_modules/mime/cli.js b/src/Servers/ExpressServer/node_modules/mime/cli.js
new file mode 100755
index 0000000..20b1ffe
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/mime/cli.js
@@ -0,0 +1,8 @@
+#!/usr/bin/env node
+
+var mime = require('./mime.js');
+var file = process.argv[2];
+var type = mime.lookup(file);
+
+process.stdout.write(type + '\n');
+
diff --git a/src/Servers/ExpressServer/node_modules/mime/mime.js b/src/Servers/ExpressServer/node_modules/mime/mime.js
new file mode 100644
index 0000000..d7efbde
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/mime/mime.js
@@ -0,0 +1,108 @@
+var path = require('path');
+var fs = require('fs');
+
+function Mime() {
+  // Map of extension -> mime type
+  this.types = Object.create(null);
+
+  // Map of mime type -> extension
+  this.extensions = Object.create(null);
+}
+
+/**
+ * Define mimetype -> extension mappings.  Each key is a mime-type that maps
+ * to an array of extensions associated with the type.  The first extension is
+ * used as the default extension for the type.
+ *
+ * e.g. mime.define({'audio/ogg', ['oga', 'ogg', 'spx']});
+ *
+ * @param map (Object) type definitions
+ */
+Mime.prototype.define = function (map) {
+  for (var type in map) {
+    var exts = map[type];
+    for (var i = 0; i < exts.length; i++) {
+      if (process.env.DEBUG_MIME && this.types[exts[i]]) {
+        console.warn((this._loading || "define()").replace(/.*\//, ''), 'changes "' + exts[i] + '" extension type from ' +
+          this.types[exts[i]] + ' to ' + type);
+      }
+
+      this.types[exts[i]] = type;
+    }
+
+    // Default extension is the first one we encounter
+    if (!this.extensions[type]) {
+      this.extensions[type] = exts[0];
+    }
+  }
+};
+
+/**
+ * Load an Apache2-style ".types" file
+ *
+ * This may be called multiple times (it's expected).  Where files declare
+ * overlapping types/extensions, the last file wins.
+ *
+ * @param file (String) path of file to load.
+ */
+Mime.prototype.load = function(file) {
+  this._loading = file;
+  // Read file and split into lines
+  var map = {},
+      content = fs.readFileSync(file, 'ascii'),
+      lines = content.split(/[\r\n]+/);
+
+  lines.forEach(function(line) {
+    // Clean up whitespace/comments, and split into fields
+    var fields = line.replace(/\s*#.*|^\s*|\s*$/g, '').split(/\s+/);
+    map[fields.shift()] = fields;
+  });
+
+  this.define(map);
+
+  this._loading = null;
+};
+
+/**
+ * Lookup a mime type based on extension
+ */
+Mime.prototype.lookup = function(path, fallback) {
+  var ext = path.replace(/^.*[\.\/\\]/, '').toLowerCase();
+
+  return this.types[ext] || fallback || this.default_type;
+};
+
+/**
+ * Return file extension associated with a mime type
+ */
+Mime.prototype.extension = function(mimeType) {
+  var type = mimeType.match(/^\s*([^;\s]*)(?:;|\s|$)/)[1].toLowerCase();
+  return this.extensions[type];
+};
+
+// Default instance
+var mime = new Mime();
+
+// Define built-in types
+mime.define(require('./types.json'));
+
+// Default type
+mime.default_type = mime.lookup('bin');
+
+//
+// Additional API specific to the default instance
+//
+
+mime.Mime = Mime;
+
+/**
+ * Lookup a charset based on mime type.
+ */
+mime.charsets = {
+  lookup: function(mimeType, fallback) {
+    // Assume text types are utf8
+    return (/^text\/|^application\/(javascript|json)/).test(mimeType) ? 'UTF-8' : fallback;
+  }
+};
+
+module.exports = mime;
diff --git a/src/Servers/ExpressServer/node_modules/mime/package.json b/src/Servers/ExpressServer/node_modules/mime/package.json
new file mode 100644
index 0000000..6bd24bc
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/mime/package.json
@@ -0,0 +1,44 @@
+{
+  "author": {
+    "name": "Robert Kieffer",
+    "url": "http://github.com/broofa",
+    "email": "robert@broofa.com"
+  },
+  "bin": {
+    "mime": "cli.js"
+  },
+  "engines": {
+    "node": ">=4"
+  },
+  "contributors": [
+    {
+      "name": "Benjamin Thomas",
+      "url": "http://github.com/bentomas",
+      "email": "benjamin@benjaminthomas.org"
+    }
+  ],
+  "description": "A comprehensive library for mime-type mapping",
+  "license": "MIT",
+  "dependencies": {},
+  "devDependencies": {
+    "github-release-notes": "0.13.1",
+    "mime-db": "1.31.0",
+    "mime-score": "1.1.0"
+  },
+  "scripts": {
+    "prepare": "node src/build.js",
+    "changelog": "gren changelog --tags=all --generate --override",
+    "test": "node src/test.js"
+  },
+  "keywords": [
+    "util",
+    "mime"
+  ],
+  "main": "mime.js",
+  "name": "mime",
+  "repository": {
+    "url": "https://github.com/broofa/node-mime",
+    "type": "git"
+  },
+  "version": "1.6.0"
+}
diff --git a/src/Servers/ExpressServer/node_modules/mime/src/build.js b/src/Servers/ExpressServer/node_modules/mime/src/build.js
new file mode 100755
index 0000000..4928e48
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/mime/src/build.js
@@ -0,0 +1,53 @@
+#!/usr/bin/env node
+
+'use strict';
+
+const fs = require('fs');
+const path = require('path');
+const mimeScore = require('mime-score');
+
+let db = require('mime-db');
+let chalk = require('chalk');
+
+const STANDARD_FACET_SCORE = 900;
+
+const byExtension = {};
+
+// Clear out any conflict extensions in mime-db
+for (let type in db) {
+  let entry = db[type];
+  entry.type = type;
+
+  if (!entry.extensions) continue;
+
+  entry.extensions.forEach(ext => {
+    if (ext in byExtension) {
+      const e0 = entry;
+      const e1 = byExtension[ext];
+      e0.pri = mimeScore(e0.type, e0.source);
+      e1.pri = mimeScore(e1.type, e1.source);
+
+      let drop = e0.pri < e1.pri ? e0 : e1;
+      let keep = e0.pri >= e1.pri ? e0 : e1;
+      drop.extensions = drop.extensions.filter(e => e !== ext);
+
+      console.log(`${ext}: Keeping ${chalk.green(keep.type)} (${keep.pri}), dropping ${chalk.red(drop.type)} (${drop.pri})`);
+    }
+    byExtension[ext] = entry;
+  });
+}
+
+function writeTypesFile(types, path) {
+  fs.writeFileSync(path, JSON.stringify(types));
+}
+
+// Segregate into standard and non-standard types based on facet per
+// https://tools.ietf.org/html/rfc6838#section-3.1
+const types = {};
+
+Object.keys(db).sort().forEach(k => {
+  const entry = db[k];
+  types[entry.type] = entry.extensions;
+});
+
+writeTypesFile(types, path.join(__dirname, '..', 'types.json'));
diff --git a/src/Servers/ExpressServer/node_modules/mime/src/test.js b/src/Servers/ExpressServer/node_modules/mime/src/test.js
new file mode 100644
index 0000000..42958a2
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/mime/src/test.js
@@ -0,0 +1,60 @@
+/**
+ * Usage: node test.js
+ */
+
+var mime = require('../mime');
+var assert = require('assert');
+var path = require('path');
+
+//
+// Test mime lookups
+//
+
+assert.equal('text/plain', mime.lookup('text.txt'));     // normal file
+assert.equal('text/plain', mime.lookup('TEXT.TXT'));     // uppercase
+assert.equal('text/plain', mime.lookup('dir/text.txt')); // dir + file
+assert.equal('text/plain', mime.lookup('.text.txt'));    // hidden file
+assert.equal('text/plain', mime.lookup('.txt'));         // nameless
+assert.equal('text/plain', mime.lookup('txt'));          // extension-only
+assert.equal('text/plain', mime.lookup('/txt'));         // extension-less ()
+assert.equal('text/plain', mime.lookup('\\txt'));        // Windows, extension-less
+assert.equal('application/octet-stream', mime.lookup('text.nope')); // unrecognized
+assert.equal('fallback', mime.lookup('text.fallback', 'fallback')); // alternate default
+
+//
+// Test extensions
+//
+
+assert.equal('txt', mime.extension(mime.types.text));
+assert.equal('html', mime.extension(mime.types.htm));
+assert.equal('bin', mime.extension('application/octet-stream'));
+assert.equal('bin', mime.extension('application/octet-stream '));
+assert.equal('html', mime.extension(' text/html; charset=UTF-8'));
+assert.equal('html', mime.extension('text/html; charset=UTF-8 '));
+assert.equal('html', mime.extension('text/html; charset=UTF-8'));
+assert.equal('html', mime.extension('text/html ; charset=UTF-8'));
+assert.equal('html', mime.extension('text/html;charset=UTF-8'));
+assert.equal('html', mime.extension('text/Html;charset=UTF-8'));
+assert.equal(undefined, mime.extension('unrecognized'));
+
+//
+// Test node.types lookups
+//
+
+assert.equal('font/woff', mime.lookup('file.woff'));
+assert.equal('application/octet-stream', mime.lookup('file.buffer'));
+// TODO: Uncomment once #157 is resolved
+// assert.equal('audio/mp4', mime.lookup('file.m4a'));
+assert.equal('font/otf', mime.lookup('file.otf'));
+
+//
+// Test charsets
+//
+
+assert.equal('UTF-8', mime.charsets.lookup('text/plain'));
+assert.equal('UTF-8', mime.charsets.lookup(mime.types.js));
+assert.equal('UTF-8', mime.charsets.lookup(mime.types.json));
+assert.equal(undefined, mime.charsets.lookup(mime.types.bin));
+assert.equal('fallback', mime.charsets.lookup('application/octet-stream', 'fallback'));
+
+console.log('\nAll tests passed');
diff --git a/src/Servers/ExpressServer/node_modules/mime/types.json b/src/Servers/ExpressServer/node_modules/mime/types.json
new file mode 100644
index 0000000..bec78ab
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/mime/types.json
@@ -0,0 +1 @@
+{"application/andrew-inset":["ez"],"application/applixware":["aw"],"application/atom+xml":["atom"],"application/atomcat+xml":["atomcat"],"application/atomsvc+xml":["atomsvc"],"application/bdoc":["bdoc"],"application/ccxml+xml":["ccxml"],"application/cdmi-capability":["cdmia"],"application/cdmi-container":["cdmic"],"application/cdmi-domain":["cdmid"],"application/cdmi-object":["cdmio"],"application/cdmi-queue":["cdmiq"],"application/cu-seeme":["cu"],"application/dash+xml":["mpd"],"application/davmount+xml":["davmount"],"application/docbook+xml":["dbk"],"application/dssc+der":["dssc"],"application/dssc+xml":["xdssc"],"application/ecmascript":["ecma"],"application/emma+xml":["emma"],"application/epub+zip":["epub"],"application/exi":["exi"],"application/font-tdpfr":["pfr"],"application/font-woff":[],"application/font-woff2":[],"application/geo+json":["geojson"],"application/gml+xml":["gml"],"application/gpx+xml":["gpx"],"application/gxf":["gxf"],"application/gzip":["gz"],"application/hyperstudio":["stk"],"application/inkml+xml":["ink","inkml"],"application/ipfix":["ipfix"],"application/java-archive":["jar","war","ear"],"application/java-serialized-object":["ser"],"application/java-vm":["class"],"application/javascript":["js","mjs"],"application/json":["json","map"],"application/json5":["json5"],"application/jsonml+json":["jsonml"],"application/ld+json":["jsonld"],"application/lost+xml":["lostxml"],"application/mac-binhex40":["hqx"],"application/mac-compactpro":["cpt"],"application/mads+xml":["mads"],"application/manifest+json":["webmanifest"],"application/marc":["mrc"],"application/marcxml+xml":["mrcx"],"application/mathematica":["ma","nb","mb"],"application/mathml+xml":["mathml"],"application/mbox":["mbox"],"application/mediaservercontrol+xml":["mscml"],"application/metalink+xml":["metalink"],"application/metalink4+xml":["meta4"],"application/mets+xml":["mets"],"application/mods+xml":["mods"],"application/mp21":["m21","mp21"],"application/mp4":["mp4s","m4p"],"application/msword":["doc","dot"],"application/mxf":["mxf"],"application/octet-stream":["bin","dms","lrf","mar","so","dist","distz","pkg","bpk","dump","elc","deploy","exe","dll","deb","dmg","iso","img","msi","msp","msm","buffer"],"application/oda":["oda"],"application/oebps-package+xml":["opf"],"application/ogg":["ogx"],"application/omdoc+xml":["omdoc"],"application/onenote":["onetoc","onetoc2","onetmp","onepkg"],"application/oxps":["oxps"],"application/patch-ops-error+xml":["xer"],"application/pdf":["pdf"],"application/pgp-encrypted":["pgp"],"application/pgp-signature":["asc","sig"],"application/pics-rules":["prf"],"application/pkcs10":["p10"],"application/pkcs7-mime":["p7m","p7c"],"application/pkcs7-signature":["p7s"],"application/pkcs8":["p8"],"application/pkix-attr-cert":["ac"],"application/pkix-cert":["cer"],"application/pkix-crl":["crl"],"application/pkix-pkipath":["pkipath"],"application/pkixcmp":["pki"],"application/pls+xml":["pls"],"application/postscript":["ai","eps","ps"],"application/prs.cww":["cww"],"application/pskc+xml":["pskcxml"],"application/raml+yaml":["raml"],"application/rdf+xml":["rdf"],"application/reginfo+xml":["rif"],"application/relax-ng-compact-syntax":["rnc"],"application/resource-lists+xml":["rl"],"application/resource-lists-diff+xml":["rld"],"application/rls-services+xml":["rs"],"application/rpki-ghostbusters":["gbr"],"application/rpki-manifest":["mft"],"application/rpki-roa":["roa"],"application/rsd+xml":["rsd"],"application/rss+xml":["rss"],"application/rtf":["rtf"],"application/sbml+xml":["sbml"],"application/scvp-cv-request":["scq"],"application/scvp-cv-response":["scs"],"application/scvp-vp-request":["spq"],"application/scvp-vp-response":["spp"],"application/sdp":["sdp"],"application/set-payment-initiation":["setpay"],"application/set-registration-initiation":["setreg"],"application/shf+xml":["shf"],"application/smil+xml":["smi","smil"],"application/sparql-query":["rq"],"application/sparql-results+xml":["srx"],"application/srgs":["gram"],"application/srgs+xml":["grxml"],"application/sru+xml":["sru"],"application/ssdl+xml":["ssdl"],"application/ssml+xml":["ssml"],"application/tei+xml":["tei","teicorpus"],"application/thraud+xml":["tfi"],"application/timestamped-data":["tsd"],"application/vnd.3gpp.pic-bw-large":["plb"],"application/vnd.3gpp.pic-bw-small":["psb"],"application/vnd.3gpp.pic-bw-var":["pvb"],"application/vnd.3gpp2.tcap":["tcap"],"application/vnd.3m.post-it-notes":["pwn"],"application/vnd.accpac.simply.aso":["aso"],"application/vnd.accpac.simply.imp":["imp"],"application/vnd.acucobol":["acu"],"application/vnd.acucorp":["atc","acutc"],"application/vnd.adobe.air-application-installer-package+zip":["air"],"application/vnd.adobe.formscentral.fcdt":["fcdt"],"application/vnd.adobe.fxp":["fxp","fxpl"],"application/vnd.adobe.xdp+xml":["xdp"],"application/vnd.adobe.xfdf":["xfdf"],"application/vnd.ahead.space":["ahead"],"application/vnd.airzip.filesecure.azf":["azf"],"application/vnd.airzip.filesecure.azs":["azs"],"application/vnd.amazon.ebook":["azw"],"application/vnd.americandynamics.acc":["acc"],"application/vnd.amiga.ami":["ami"],"application/vnd.android.package-archive":["apk"],"application/vnd.anser-web-certificate-issue-initiation":["cii"],"application/vnd.anser-web-funds-transfer-initiation":["fti"],"application/vnd.antix.game-component":["atx"],"application/vnd.apple.installer+xml":["mpkg"],"application/vnd.apple.mpegurl":["m3u8"],"application/vnd.apple.pkpass":["pkpass"],"application/vnd.aristanetworks.swi":["swi"],"application/vnd.astraea-software.iota":["iota"],"application/vnd.audiograph":["aep"],"application/vnd.blueice.multipass":["mpm"],"application/vnd.bmi":["bmi"],"application/vnd.businessobjects":["rep"],"application/vnd.chemdraw+xml":["cdxml"],"application/vnd.chipnuts.karaoke-mmd":["mmd"],"application/vnd.cinderella":["cdy"],"application/vnd.claymore":["cla"],"application/vnd.cloanto.rp9":["rp9"],"application/vnd.clonk.c4group":["c4g","c4d","c4f","c4p","c4u"],"application/vnd.cluetrust.cartomobile-config":["c11amc"],"application/vnd.cluetrust.cartomobile-config-pkg":["c11amz"],"application/vnd.commonspace":["csp"],"application/vnd.contact.cmsg":["cdbcmsg"],"application/vnd.cosmocaller":["cmc"],"application/vnd.crick.clicker":["clkx"],"application/vnd.crick.clicker.keyboard":["clkk"],"application/vnd.crick.clicker.palette":["clkp"],"application/vnd.crick.clicker.template":["clkt"],"application/vnd.crick.clicker.wordbank":["clkw"],"application/vnd.criticaltools.wbs+xml":["wbs"],"application/vnd.ctc-posml":["pml"],"application/vnd.cups-ppd":["ppd"],"application/vnd.curl.car":["car"],"application/vnd.curl.pcurl":["pcurl"],"application/vnd.dart":["dart"],"application/vnd.data-vision.rdz":["rdz"],"application/vnd.dece.data":["uvf","uvvf","uvd","uvvd"],"application/vnd.dece.ttml+xml":["uvt","uvvt"],"application/vnd.dece.unspecified":["uvx","uvvx"],"application/vnd.dece.zip":["uvz","uvvz"],"application/vnd.denovo.fcselayout-link":["fe_launch"],"application/vnd.dna":["dna"],"application/vnd.dolby.mlp":["mlp"],"application/vnd.dpgraph":["dpg"],"application/vnd.dreamfactory":["dfac"],"application/vnd.ds-keypoint":["kpxx"],"application/vnd.dvb.ait":["ait"],"application/vnd.dvb.service":["svc"],"application/vnd.dynageo":["geo"],"application/vnd.ecowin.chart":["mag"],"application/vnd.enliven":["nml"],"application/vnd.epson.esf":["esf"],"application/vnd.epson.msf":["msf"],"application/vnd.epson.quickanime":["qam"],"application/vnd.epson.salt":["slt"],"application/vnd.epson.ssf":["ssf"],"application/vnd.eszigno3+xml":["es3","et3"],"application/vnd.ezpix-album":["ez2"],"application/vnd.ezpix-package":["ez3"],"application/vnd.fdf":["fdf"],"application/vnd.fdsn.mseed":["mseed"],"application/vnd.fdsn.seed":["seed","dataless"],"application/vnd.flographit":["gph"],"application/vnd.fluxtime.clip":["ftc"],"application/vnd.framemaker":["fm","frame","maker","book"],"application/vnd.frogans.fnc":["fnc"],"application/vnd.frogans.ltf":["ltf"],"application/vnd.fsc.weblaunch":["fsc"],"application/vnd.fujitsu.oasys":["oas"],"application/vnd.fujitsu.oasys2":["oa2"],"application/vnd.fujitsu.oasys3":["oa3"],"application/vnd.fujitsu.oasysgp":["fg5"],"application/vnd.fujitsu.oasysprs":["bh2"],"application/vnd.fujixerox.ddd":["ddd"],"application/vnd.fujixerox.docuworks":["xdw"],"application/vnd.fujixerox.docuworks.binder":["xbd"],"application/vnd.fuzzysheet":["fzs"],"application/vnd.genomatix.tuxedo":["txd"],"application/vnd.geogebra.file":["ggb"],"application/vnd.geogebra.tool":["ggt"],"application/vnd.geometry-explorer":["gex","gre"],"application/vnd.geonext":["gxt"],"application/vnd.geoplan":["g2w"],"application/vnd.geospace":["g3w"],"application/vnd.gmx":["gmx"],"application/vnd.google-apps.document":["gdoc"],"application/vnd.google-apps.presentation":["gslides"],"application/vnd.google-apps.spreadsheet":["gsheet"],"application/vnd.google-earth.kml+xml":["kml"],"application/vnd.google-earth.kmz":["kmz"],"application/vnd.grafeq":["gqf","gqs"],"application/vnd.groove-account":["gac"],"application/vnd.groove-help":["ghf"],"application/vnd.groove-identity-message":["gim"],"application/vnd.groove-injector":["grv"],"application/vnd.groove-tool-message":["gtm"],"application/vnd.groove-tool-template":["tpl"],"application/vnd.groove-vcard":["vcg"],"application/vnd.hal+xml":["hal"],"application/vnd.handheld-entertainment+xml":["zmm"],"application/vnd.hbci":["hbci"],"application/vnd.hhe.lesson-player":["les"],"application/vnd.hp-hpgl":["hpgl"],"application/vnd.hp-hpid":["hpid"],"application/vnd.hp-hps":["hps"],"application/vnd.hp-jlyt":["jlt"],"application/vnd.hp-pcl":["pcl"],"application/vnd.hp-pclxl":["pclxl"],"application/vnd.hydrostatix.sof-data":["sfd-hdstx"],"application/vnd.ibm.minipay":["mpy"],"application/vnd.ibm.modcap":["afp","listafp","list3820"],"application/vnd.ibm.rights-management":["irm"],"application/vnd.ibm.secure-container":["sc"],"application/vnd.iccprofile":["icc","icm"],"application/vnd.igloader":["igl"],"application/vnd.immervision-ivp":["ivp"],"application/vnd.immervision-ivu":["ivu"],"application/vnd.insors.igm":["igm"],"application/vnd.intercon.formnet":["xpw","xpx"],"application/vnd.intergeo":["i2g"],"application/vnd.intu.qbo":["qbo"],"application/vnd.intu.qfx":["qfx"],"application/vnd.ipunplugged.rcprofile":["rcprofile"],"application/vnd.irepository.package+xml":["irp"],"application/vnd.is-xpr":["xpr"],"application/vnd.isac.fcs":["fcs"],"application/vnd.jam":["jam"],"application/vnd.jcp.javame.midlet-rms":["rms"],"application/vnd.jisp":["jisp"],"application/vnd.joost.joda-archive":["joda"],"application/vnd.kahootz":["ktz","ktr"],"application/vnd.kde.karbon":["karbon"],"application/vnd.kde.kchart":["chrt"],"application/vnd.kde.kformula":["kfo"],"application/vnd.kde.kivio":["flw"],"application/vnd.kde.kontour":["kon"],"application/vnd.kde.kpresenter":["kpr","kpt"],"application/vnd.kde.kspread":["ksp"],"application/vnd.kde.kword":["kwd","kwt"],"application/vnd.kenameaapp":["htke"],"application/vnd.kidspiration":["kia"],"application/vnd.kinar":["kne","knp"],"application/vnd.koan":["skp","skd","skt","skm"],"application/vnd.kodak-descriptor":["sse"],"application/vnd.las.las+xml":["lasxml"],"application/vnd.llamagraphics.life-balance.desktop":["lbd"],"application/vnd.llamagraphics.life-balance.exchange+xml":["lbe"],"application/vnd.lotus-1-2-3":["123"],"application/vnd.lotus-approach":["apr"],"application/vnd.lotus-freelance":["pre"],"application/vnd.lotus-notes":["nsf"],"application/vnd.lotus-organizer":["org"],"application/vnd.lotus-screencam":["scm"],"application/vnd.lotus-wordpro":["lwp"],"application/vnd.macports.portpkg":["portpkg"],"application/vnd.mcd":["mcd"],"application/vnd.medcalcdata":["mc1"],"application/vnd.mediastation.cdkey":["cdkey"],"application/vnd.mfer":["mwf"],"application/vnd.mfmp":["mfm"],"application/vnd.micrografx.flo":["flo"],"application/vnd.micrografx.igx":["igx"],"application/vnd.mif":["mif"],"application/vnd.mobius.daf":["daf"],"application/vnd.mobius.dis":["dis"],"application/vnd.mobius.mbk":["mbk"],"application/vnd.mobius.mqy":["mqy"],"application/vnd.mobius.msl":["msl"],"application/vnd.mobius.plc":["plc"],"application/vnd.mobius.txf":["txf"],"application/vnd.mophun.application":["mpn"],"application/vnd.mophun.certificate":["mpc"],"application/vnd.mozilla.xul+xml":["xul"],"application/vnd.ms-artgalry":["cil"],"application/vnd.ms-cab-compressed":["cab"],"application/vnd.ms-excel":["xls","xlm","xla","xlc","xlt","xlw"],"application/vnd.ms-excel.addin.macroenabled.12":["xlam"],"application/vnd.ms-excel.sheet.binary.macroenabled.12":["xlsb"],"application/vnd.ms-excel.sheet.macroenabled.12":["xlsm"],"application/vnd.ms-excel.template.macroenabled.12":["xltm"],"application/vnd.ms-fontobject":["eot"],"application/vnd.ms-htmlhelp":["chm"],"application/vnd.ms-ims":["ims"],"application/vnd.ms-lrm":["lrm"],"application/vnd.ms-officetheme":["thmx"],"application/vnd.ms-outlook":["msg"],"application/vnd.ms-pki.seccat":["cat"],"application/vnd.ms-pki.stl":["stl"],"application/vnd.ms-powerpoint":["ppt","pps","pot"],"application/vnd.ms-powerpoint.addin.macroenabled.12":["ppam"],"application/vnd.ms-powerpoint.presentation.macroenabled.12":["pptm"],"application/vnd.ms-powerpoint.slide.macroenabled.12":["sldm"],"application/vnd.ms-powerpoint.slideshow.macroenabled.12":["ppsm"],"application/vnd.ms-powerpoint.template.macroenabled.12":["potm"],"application/vnd.ms-project":["mpp","mpt"],"application/vnd.ms-word.document.macroenabled.12":["docm"],"application/vnd.ms-word.template.macroenabled.12":["dotm"],"application/vnd.ms-works":["wps","wks","wcm","wdb"],"application/vnd.ms-wpl":["wpl"],"application/vnd.ms-xpsdocument":["xps"],"application/vnd.mseq":["mseq"],"application/vnd.musician":["mus"],"application/vnd.muvee.style":["msty"],"application/vnd.mynfc":["taglet"],"application/vnd.neurolanguage.nlu":["nlu"],"application/vnd.nitf":["ntf","nitf"],"application/vnd.noblenet-directory":["nnd"],"application/vnd.noblenet-sealer":["nns"],"application/vnd.noblenet-web":["nnw"],"application/vnd.nokia.n-gage.data":["ngdat"],"application/vnd.nokia.n-gage.symbian.install":["n-gage"],"application/vnd.nokia.radio-preset":["rpst"],"application/vnd.nokia.radio-presets":["rpss"],"application/vnd.novadigm.edm":["edm"],"application/vnd.novadigm.edx":["edx"],"application/vnd.novadigm.ext":["ext"],"application/vnd.oasis.opendocument.chart":["odc"],"application/vnd.oasis.opendocument.chart-template":["otc"],"application/vnd.oasis.opendocument.database":["odb"],"application/vnd.oasis.opendocument.formula":["odf"],"application/vnd.oasis.opendocument.formula-template":["odft"],"application/vnd.oasis.opendocument.graphics":["odg"],"application/vnd.oasis.opendocument.graphics-template":["otg"],"application/vnd.oasis.opendocument.image":["odi"],"application/vnd.oasis.opendocument.image-template":["oti"],"application/vnd.oasis.opendocument.presentation":["odp"],"application/vnd.oasis.opendocument.presentation-template":["otp"],"application/vnd.oasis.opendocument.spreadsheet":["ods"],"application/vnd.oasis.opendocument.spreadsheet-template":["ots"],"application/vnd.oasis.opendocument.text":["odt"],"application/vnd.oasis.opendocument.text-master":["odm"],"application/vnd.oasis.opendocument.text-template":["ott"],"application/vnd.oasis.opendocument.text-web":["oth"],"application/vnd.olpc-sugar":["xo"],"application/vnd.oma.dd2+xml":["dd2"],"application/vnd.openofficeorg.extension":["oxt"],"application/vnd.openxmlformats-officedocument.presentationml.presentation":["pptx"],"application/vnd.openxmlformats-officedocument.presentationml.slide":["sldx"],"application/vnd.openxmlformats-officedocument.presentationml.slideshow":["ppsx"],"application/vnd.openxmlformats-officedocument.presentationml.template":["potx"],"application/vnd.openxmlformats-officedocument.spreadsheetml.sheet":["xlsx"],"application/vnd.openxmlformats-officedocument.spreadsheetml.template":["xltx"],"application/vnd.openxmlformats-officedocument.wordprocessingml.document":["docx"],"application/vnd.openxmlformats-officedocument.wordprocessingml.template":["dotx"],"application/vnd.osgeo.mapguide.package":["mgp"],"application/vnd.osgi.dp":["dp"],"application/vnd.osgi.subsystem":["esa"],"application/vnd.palm":["pdb","pqa","oprc"],"application/vnd.pawaafile":["paw"],"application/vnd.pg.format":["str"],"application/vnd.pg.osasli":["ei6"],"application/vnd.picsel":["efif"],"application/vnd.pmi.widget":["wg"],"application/vnd.pocketlearn":["plf"],"application/vnd.powerbuilder6":["pbd"],"application/vnd.previewsystems.box":["box"],"application/vnd.proteus.magazine":["mgz"],"application/vnd.publishare-delta-tree":["qps"],"application/vnd.pvi.ptid1":["ptid"],"application/vnd.quark.quarkxpress":["qxd","qxt","qwd","qwt","qxl","qxb"],"application/vnd.realvnc.bed":["bed"],"application/vnd.recordare.musicxml":["mxl"],"application/vnd.recordare.musicxml+xml":["musicxml"],"application/vnd.rig.cryptonote":["cryptonote"],"application/vnd.rim.cod":["cod"],"application/vnd.rn-realmedia":["rm"],"application/vnd.rn-realmedia-vbr":["rmvb"],"application/vnd.route66.link66+xml":["link66"],"application/vnd.sailingtracker.track":["st"],"application/vnd.seemail":["see"],"application/vnd.sema":["sema"],"application/vnd.semd":["semd"],"application/vnd.semf":["semf"],"application/vnd.shana.informed.formdata":["ifm"],"application/vnd.shana.informed.formtemplate":["itp"],"application/vnd.shana.informed.interchange":["iif"],"application/vnd.shana.informed.package":["ipk"],"application/vnd.simtech-mindmapper":["twd","twds"],"application/vnd.smaf":["mmf"],"application/vnd.smart.teacher":["teacher"],"application/vnd.solent.sdkm+xml":["sdkm","sdkd"],"application/vnd.spotfire.dxp":["dxp"],"application/vnd.spotfire.sfs":["sfs"],"application/vnd.stardivision.calc":["sdc"],"application/vnd.stardivision.draw":["sda"],"application/vnd.stardivision.impress":["sdd"],"application/vnd.stardivision.math":["smf"],"application/vnd.stardivision.writer":["sdw","vor"],"application/vnd.stardivision.writer-global":["sgl"],"application/vnd.stepmania.package":["smzip"],"application/vnd.stepmania.stepchart":["sm"],"application/vnd.sun.wadl+xml":["wadl"],"application/vnd.sun.xml.calc":["sxc"],"application/vnd.sun.xml.calc.template":["stc"],"application/vnd.sun.xml.draw":["sxd"],"application/vnd.sun.xml.draw.template":["std"],"application/vnd.sun.xml.impress":["sxi"],"application/vnd.sun.xml.impress.template":["sti"],"application/vnd.sun.xml.math":["sxm"],"application/vnd.sun.xml.writer":["sxw"],"application/vnd.sun.xml.writer.global":["sxg"],"application/vnd.sun.xml.writer.template":["stw"],"application/vnd.sus-calendar":["sus","susp"],"application/vnd.svd":["svd"],"application/vnd.symbian.install":["sis","sisx"],"application/vnd.syncml+xml":["xsm"],"application/vnd.syncml.dm+wbxml":["bdm"],"application/vnd.syncml.dm+xml":["xdm"],"application/vnd.tao.intent-module-archive":["tao"],"application/vnd.tcpdump.pcap":["pcap","cap","dmp"],"application/vnd.tmobile-livetv":["tmo"],"application/vnd.trid.tpt":["tpt"],"application/vnd.triscape.mxs":["mxs"],"application/vnd.trueapp":["tra"],"application/vnd.ufdl":["ufd","ufdl"],"application/vnd.uiq.theme":["utz"],"application/vnd.umajin":["umj"],"application/vnd.unity":["unityweb"],"application/vnd.uoml+xml":["uoml"],"application/vnd.vcx":["vcx"],"application/vnd.visio":["vsd","vst","vss","vsw"],"application/vnd.visionary":["vis"],"application/vnd.vsf":["vsf"],"application/vnd.wap.wbxml":["wbxml"],"application/vnd.wap.wmlc":["wmlc"],"application/vnd.wap.wmlscriptc":["wmlsc"],"application/vnd.webturbo":["wtb"],"application/vnd.wolfram.player":["nbp"],"application/vnd.wordperfect":["wpd"],"application/vnd.wqd":["wqd"],"application/vnd.wt.stf":["stf"],"application/vnd.xara":["xar"],"application/vnd.xfdl":["xfdl"],"application/vnd.yamaha.hv-dic":["hvd"],"application/vnd.yamaha.hv-script":["hvs"],"application/vnd.yamaha.hv-voice":["hvp"],"application/vnd.yamaha.openscoreformat":["osf"],"application/vnd.yamaha.openscoreformat.osfpvg+xml":["osfpvg"],"application/vnd.yamaha.smaf-audio":["saf"],"application/vnd.yamaha.smaf-phrase":["spf"],"application/vnd.yellowriver-custom-menu":["cmp"],"application/vnd.zul":["zir","zirz"],"application/vnd.zzazz.deck+xml":["zaz"],"application/voicexml+xml":["vxml"],"application/wasm":["wasm"],"application/widget":["wgt"],"application/winhlp":["hlp"],"application/wsdl+xml":["wsdl"],"application/wspolicy+xml":["wspolicy"],"application/x-7z-compressed":["7z"],"application/x-abiword":["abw"],"application/x-ace-compressed":["ace"],"application/x-apple-diskimage":[],"application/x-arj":["arj"],"application/x-authorware-bin":["aab","x32","u32","vox"],"application/x-authorware-map":["aam"],"application/x-authorware-seg":["aas"],"application/x-bcpio":["bcpio"],"application/x-bdoc":[],"application/x-bittorrent":["torrent"],"application/x-blorb":["blb","blorb"],"application/x-bzip":["bz"],"application/x-bzip2":["bz2","boz"],"application/x-cbr":["cbr","cba","cbt","cbz","cb7"],"application/x-cdlink":["vcd"],"application/x-cfs-compressed":["cfs"],"application/x-chat":["chat"],"application/x-chess-pgn":["pgn"],"application/x-chrome-extension":["crx"],"application/x-cocoa":["cco"],"application/x-conference":["nsc"],"application/x-cpio":["cpio"],"application/x-csh":["csh"],"application/x-debian-package":["udeb"],"application/x-dgc-compressed":["dgc"],"application/x-director":["dir","dcr","dxr","cst","cct","cxt","w3d","fgd","swa"],"application/x-doom":["wad"],"application/x-dtbncx+xml":["ncx"],"application/x-dtbook+xml":["dtb"],"application/x-dtbresource+xml":["res"],"application/x-dvi":["dvi"],"application/x-envoy":["evy"],"application/x-eva":["eva"],"application/x-font-bdf":["bdf"],"application/x-font-ghostscript":["gsf"],"application/x-font-linux-psf":["psf"],"application/x-font-pcf":["pcf"],"application/x-font-snf":["snf"],"application/x-font-type1":["pfa","pfb","pfm","afm"],"application/x-freearc":["arc"],"application/x-futuresplash":["spl"],"application/x-gca-compressed":["gca"],"application/x-glulx":["ulx"],"application/x-gnumeric":["gnumeric"],"application/x-gramps-xml":["gramps"],"application/x-gtar":["gtar"],"application/x-hdf":["hdf"],"application/x-httpd-php":["php"],"application/x-install-instructions":["install"],"application/x-iso9660-image":[],"application/x-java-archive-diff":["jardiff"],"application/x-java-jnlp-file":["jnlp"],"application/x-latex":["latex"],"application/x-lua-bytecode":["luac"],"application/x-lzh-compressed":["lzh","lha"],"application/x-makeself":["run"],"application/x-mie":["mie"],"application/x-mobipocket-ebook":["prc","mobi"],"application/x-ms-application":["application"],"application/x-ms-shortcut":["lnk"],"application/x-ms-wmd":["wmd"],"application/x-ms-wmz":["wmz"],"application/x-ms-xbap":["xbap"],"application/x-msaccess":["mdb"],"application/x-msbinder":["obd"],"application/x-mscardfile":["crd"],"application/x-msclip":["clp"],"application/x-msdos-program":[],"application/x-msdownload":["com","bat"],"application/x-msmediaview":["mvb","m13","m14"],"application/x-msmetafile":["wmf","emf","emz"],"application/x-msmoney":["mny"],"application/x-mspublisher":["pub"],"application/x-msschedule":["scd"],"application/x-msterminal":["trm"],"application/x-mswrite":["wri"],"application/x-netcdf":["nc","cdf"],"application/x-ns-proxy-autoconfig":["pac"],"application/x-nzb":["nzb"],"application/x-perl":["pl","pm"],"application/x-pilot":[],"application/x-pkcs12":["p12","pfx"],"application/x-pkcs7-certificates":["p7b","spc"],"application/x-pkcs7-certreqresp":["p7r"],"application/x-rar-compressed":["rar"],"application/x-redhat-package-manager":["rpm"],"application/x-research-info-systems":["ris"],"application/x-sea":["sea"],"application/x-sh":["sh"],"application/x-shar":["shar"],"application/x-shockwave-flash":["swf"],"application/x-silverlight-app":["xap"],"application/x-sql":["sql"],"application/x-stuffit":["sit"],"application/x-stuffitx":["sitx"],"application/x-subrip":["srt"],"application/x-sv4cpio":["sv4cpio"],"application/x-sv4crc":["sv4crc"],"application/x-t3vm-image":["t3"],"application/x-tads":["gam"],"application/x-tar":["tar"],"application/x-tcl":["tcl","tk"],"application/x-tex":["tex"],"application/x-tex-tfm":["tfm"],"application/x-texinfo":["texinfo","texi"],"application/x-tgif":["obj"],"application/x-ustar":["ustar"],"application/x-virtualbox-hdd":["hdd"],"application/x-virtualbox-ova":["ova"],"application/x-virtualbox-ovf":["ovf"],"application/x-virtualbox-vbox":["vbox"],"application/x-virtualbox-vbox-extpack":["vbox-extpack"],"application/x-virtualbox-vdi":["vdi"],"application/x-virtualbox-vhd":["vhd"],"application/x-virtualbox-vmdk":["vmdk"],"application/x-wais-source":["src"],"application/x-web-app-manifest+json":["webapp"],"application/x-x509-ca-cert":["der","crt","pem"],"application/x-xfig":["fig"],"application/x-xliff+xml":["xlf"],"application/x-xpinstall":["xpi"],"application/x-xz":["xz"],"application/x-zmachine":["z1","z2","z3","z4","z5","z6","z7","z8"],"application/xaml+xml":["xaml"],"application/xcap-diff+xml":["xdf"],"application/xenc+xml":["xenc"],"application/xhtml+xml":["xhtml","xht"],"application/xml":["xml","xsl","xsd","rng"],"application/xml-dtd":["dtd"],"application/xop+xml":["xop"],"application/xproc+xml":["xpl"],"application/xslt+xml":["xslt"],"application/xspf+xml":["xspf"],"application/xv+xml":["mxml","xhvml","xvml","xvm"],"application/yang":["yang"],"application/yin+xml":["yin"],"application/zip":["zip"],"audio/3gpp":[],"audio/adpcm":["adp"],"audio/basic":["au","snd"],"audio/midi":["mid","midi","kar","rmi"],"audio/mp3":[],"audio/mp4":["m4a","mp4a"],"audio/mpeg":["mpga","mp2","mp2a","mp3","m2a","m3a"],"audio/ogg":["oga","ogg","spx"],"audio/s3m":["s3m"],"audio/silk":["sil"],"audio/vnd.dece.audio":["uva","uvva"],"audio/vnd.digital-winds":["eol"],"audio/vnd.dra":["dra"],"audio/vnd.dts":["dts"],"audio/vnd.dts.hd":["dtshd"],"audio/vnd.lucent.voice":["lvp"],"audio/vnd.ms-playready.media.pya":["pya"],"audio/vnd.nuera.ecelp4800":["ecelp4800"],"audio/vnd.nuera.ecelp7470":["ecelp7470"],"audio/vnd.nuera.ecelp9600":["ecelp9600"],"audio/vnd.rip":["rip"],"audio/wav":["wav"],"audio/wave":[],"audio/webm":["weba"],"audio/x-aac":["aac"],"audio/x-aiff":["aif","aiff","aifc"],"audio/x-caf":["caf"],"audio/x-flac":["flac"],"audio/x-m4a":[],"audio/x-matroska":["mka"],"audio/x-mpegurl":["m3u"],"audio/x-ms-wax":["wax"],"audio/x-ms-wma":["wma"],"audio/x-pn-realaudio":["ram","ra"],"audio/x-pn-realaudio-plugin":["rmp"],"audio/x-realaudio":[],"audio/x-wav":[],"audio/xm":["xm"],"chemical/x-cdx":["cdx"],"chemical/x-cif":["cif"],"chemical/x-cmdf":["cmdf"],"chemical/x-cml":["cml"],"chemical/x-csml":["csml"],"chemical/x-xyz":["xyz"],"font/collection":["ttc"],"font/otf":["otf"],"font/ttf":["ttf"],"font/woff":["woff"],"font/woff2":["woff2"],"image/apng":["apng"],"image/bmp":["bmp"],"image/cgm":["cgm"],"image/g3fax":["g3"],"image/gif":["gif"],"image/ief":["ief"],"image/jp2":["jp2","jpg2"],"image/jpeg":["jpeg","jpg","jpe"],"image/jpm":["jpm"],"image/jpx":["jpx","jpf"],"image/ktx":["ktx"],"image/png":["png"],"image/prs.btif":["btif"],"image/sgi":["sgi"],"image/svg+xml":["svg","svgz"],"image/tiff":["tiff","tif"],"image/vnd.adobe.photoshop":["psd"],"image/vnd.dece.graphic":["uvi","uvvi","uvg","uvvg"],"image/vnd.djvu":["djvu","djv"],"image/vnd.dvb.subtitle":[],"image/vnd.dwg":["dwg"],"image/vnd.dxf":["dxf"],"image/vnd.fastbidsheet":["fbs"],"image/vnd.fpx":["fpx"],"image/vnd.fst":["fst"],"image/vnd.fujixerox.edmics-mmr":["mmr"],"image/vnd.fujixerox.edmics-rlc":["rlc"],"image/vnd.ms-modi":["mdi"],"image/vnd.ms-photo":["wdp"],"image/vnd.net-fpx":["npx"],"image/vnd.wap.wbmp":["wbmp"],"image/vnd.xiff":["xif"],"image/webp":["webp"],"image/x-3ds":["3ds"],"image/x-cmu-raster":["ras"],"image/x-cmx":["cmx"],"image/x-freehand":["fh","fhc","fh4","fh5","fh7"],"image/x-icon":["ico"],"image/x-jng":["jng"],"image/x-mrsid-image":["sid"],"image/x-ms-bmp":[],"image/x-pcx":["pcx"],"image/x-pict":["pic","pct"],"image/x-portable-anymap":["pnm"],"image/x-portable-bitmap":["pbm"],"image/x-portable-graymap":["pgm"],"image/x-portable-pixmap":["ppm"],"image/x-rgb":["rgb"],"image/x-tga":["tga"],"image/x-xbitmap":["xbm"],"image/x-xpixmap":["xpm"],"image/x-xwindowdump":["xwd"],"message/rfc822":["eml","mime"],"model/gltf+json":["gltf"],"model/gltf-binary":["glb"],"model/iges":["igs","iges"],"model/mesh":["msh","mesh","silo"],"model/vnd.collada+xml":["dae"],"model/vnd.dwf":["dwf"],"model/vnd.gdl":["gdl"],"model/vnd.gtw":["gtw"],"model/vnd.mts":["mts"],"model/vnd.vtu":["vtu"],"model/vrml":["wrl","vrml"],"model/x3d+binary":["x3db","x3dbz"],"model/x3d+vrml":["x3dv","x3dvz"],"model/x3d+xml":["x3d","x3dz"],"text/cache-manifest":["appcache","manifest"],"text/calendar":["ics","ifb"],"text/coffeescript":["coffee","litcoffee"],"text/css":["css"],"text/csv":["csv"],"text/hjson":["hjson"],"text/html":["html","htm","shtml"],"text/jade":["jade"],"text/jsx":["jsx"],"text/less":["less"],"text/markdown":["markdown","md"],"text/mathml":["mml"],"text/n3":["n3"],"text/plain":["txt","text","conf","def","list","log","in","ini"],"text/prs.lines.tag":["dsc"],"text/richtext":["rtx"],"text/rtf":[],"text/sgml":["sgml","sgm"],"text/slim":["slim","slm"],"text/stylus":["stylus","styl"],"text/tab-separated-values":["tsv"],"text/troff":["t","tr","roff","man","me","ms"],"text/turtle":["ttl"],"text/uri-list":["uri","uris","urls"],"text/vcard":["vcard"],"text/vnd.curl":["curl"],"text/vnd.curl.dcurl":["dcurl"],"text/vnd.curl.mcurl":["mcurl"],"text/vnd.curl.scurl":["scurl"],"text/vnd.dvb.subtitle":["sub"],"text/vnd.fly":["fly"],"text/vnd.fmi.flexstor":["flx"],"text/vnd.graphviz":["gv"],"text/vnd.in3d.3dml":["3dml"],"text/vnd.in3d.spot":["spot"],"text/vnd.sun.j2me.app-descriptor":["jad"],"text/vnd.wap.wml":["wml"],"text/vnd.wap.wmlscript":["wmls"],"text/vtt":["vtt"],"text/x-asm":["s","asm"],"text/x-c":["c","cc","cxx","cpp","h","hh","dic"],"text/x-component":["htc"],"text/x-fortran":["f","for","f77","f90"],"text/x-handlebars-template":["hbs"],"text/x-java-source":["java"],"text/x-lua":["lua"],"text/x-markdown":["mkd"],"text/x-nfo":["nfo"],"text/x-opml":["opml"],"text/x-org":[],"text/x-pascal":["p","pas"],"text/x-processing":["pde"],"text/x-sass":["sass"],"text/x-scss":["scss"],"text/x-setext":["etx"],"text/x-sfv":["sfv"],"text/x-suse-ymp":["ymp"],"text/x-uuencode":["uu"],"text/x-vcalendar":["vcs"],"text/x-vcard":["vcf"],"text/xml":[],"text/yaml":["yaml","yml"],"video/3gpp":["3gp","3gpp"],"video/3gpp2":["3g2"],"video/h261":["h261"],"video/h263":["h263"],"video/h264":["h264"],"video/jpeg":["jpgv"],"video/jpm":["jpgm"],"video/mj2":["mj2","mjp2"],"video/mp2t":["ts"],"video/mp4":["mp4","mp4v","mpg4"],"video/mpeg":["mpeg","mpg","mpe","m1v","m2v"],"video/ogg":["ogv"],"video/quicktime":["qt","mov"],"video/vnd.dece.hd":["uvh","uvvh"],"video/vnd.dece.mobile":["uvm","uvvm"],"video/vnd.dece.pd":["uvp","uvvp"],"video/vnd.dece.sd":["uvs","uvvs"],"video/vnd.dece.video":["uvv","uvvv"],"video/vnd.dvb.file":["dvb"],"video/vnd.fvt":["fvt"],"video/vnd.mpegurl":["mxu","m4u"],"video/vnd.ms-playready.media.pyv":["pyv"],"video/vnd.uvvu.mp4":["uvu","uvvu"],"video/vnd.vivo":["viv"],"video/webm":["webm"],"video/x-f4v":["f4v"],"video/x-fli":["fli"],"video/x-flv":["flv"],"video/x-m4v":["m4v"],"video/x-matroska":["mkv","mk3d","mks"],"video/x-mng":["mng"],"video/x-ms-asf":["asf","asx"],"video/x-ms-vob":["vob"],"video/x-ms-wm":["wm"],"video/x-ms-wmv":["wmv"],"video/x-ms-wmx":["wmx"],"video/x-ms-wvx":["wvx"],"video/x-msvideo":["avi"],"video/x-sgi-movie":["movie"],"video/x-smv":["smv"],"x-conference/x-cooltalk":["ice"]}
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/ms/index.js b/src/Servers/ExpressServer/node_modules/ms/index.js
new file mode 100644
index 0000000..6a522b1
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/ms/index.js
@@ -0,0 +1,152 @@
+/**
+ * Helpers.
+ */
+
+var s = 1000;
+var m = s * 60;
+var h = m * 60;
+var d = h * 24;
+var y = d * 365.25;
+
+/**
+ * Parse or format the given `val`.
+ *
+ * Options:
+ *
+ *  - `long` verbose formatting [false]
+ *
+ * @param {String|Number} val
+ * @param {Object} [options]
+ * @throws {Error} throw an error if val is not a non-empty string or a number
+ * @return {String|Number}
+ * @api public
+ */
+
+module.exports = function(val, options) {
+  options = options || {};
+  var type = typeof val;
+  if (type === 'string' && val.length > 0) {
+    return parse(val);
+  } else if (type === 'number' && isNaN(val) === false) {
+    return options.long ? fmtLong(val) : fmtShort(val);
+  }
+  throw new Error(
+    'val is not a non-empty string or a valid number. val=' +
+      JSON.stringify(val)
+  );
+};
+
+/**
+ * Parse the given `str` and return milliseconds.
+ *
+ * @param {String} str
+ * @return {Number}
+ * @api private
+ */
+
+function parse(str) {
+  str = String(str);
+  if (str.length > 100) {
+    return;
+  }
+  var match = /^((?:\d+)?\.?\d+) *(milliseconds?|msecs?|ms|seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|years?|yrs?|y)?$/i.exec(
+    str
+  );
+  if (!match) {
+    return;
+  }
+  var n = parseFloat(match[1]);
+  var type = (match[2] || 'ms').toLowerCase();
+  switch (type) {
+    case 'years':
+    case 'year':
+    case 'yrs':
+    case 'yr':
+    case 'y':
+      return n * y;
+    case 'days':
+    case 'day':
+    case 'd':
+      return n * d;
+    case 'hours':
+    case 'hour':
+    case 'hrs':
+    case 'hr':
+    case 'h':
+      return n * h;
+    case 'minutes':
+    case 'minute':
+    case 'mins':
+    case 'min':
+    case 'm':
+      return n * m;
+    case 'seconds':
+    case 'second':
+    case 'secs':
+    case 'sec':
+    case 's':
+      return n * s;
+    case 'milliseconds':
+    case 'millisecond':
+    case 'msecs':
+    case 'msec':
+    case 'ms':
+      return n;
+    default:
+      return undefined;
+  }
+}
+
+/**
+ * Short format for `ms`.
+ *
+ * @param {Number} ms
+ * @return {String}
+ * @api private
+ */
+
+function fmtShort(ms) {
+  if (ms >= d) {
+    return Math.round(ms / d) + 'd';
+  }
+  if (ms >= h) {
+    return Math.round(ms / h) + 'h';
+  }
+  if (ms >= m) {
+    return Math.round(ms / m) + 'm';
+  }
+  if (ms >= s) {
+    return Math.round(ms / s) + 's';
+  }
+  return ms + 'ms';
+}
+
+/**
+ * Long format for `ms`.
+ *
+ * @param {Number} ms
+ * @return {String}
+ * @api private
+ */
+
+function fmtLong(ms) {
+  return plural(ms, d, 'day') ||
+    plural(ms, h, 'hour') ||
+    plural(ms, m, 'minute') ||
+    plural(ms, s, 'second') ||
+    ms + ' ms';
+}
+
+/**
+ * Pluralization helper.
+ */
+
+function plural(ms, n, name) {
+  if (ms < n) {
+    return;
+  }
+  if (ms < n * 1.5) {
+    return Math.floor(ms / n) + ' ' + name;
+  }
+  return Math.ceil(ms / n) + ' ' + name + 's';
+}
diff --git a/src/Servers/ExpressServer/node_modules/ms/license.md b/src/Servers/ExpressServer/node_modules/ms/license.md
new file mode 100644
index 0000000..69b6125
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/ms/license.md
@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2016 Zeit, Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/ms/package.json b/src/Servers/ExpressServer/node_modules/ms/package.json
new file mode 100644
index 0000000..6a31c81
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/ms/package.json
@@ -0,0 +1,37 @@
+{
+  "name": "ms",
+  "version": "2.0.0",
+  "description": "Tiny milisecond conversion utility",
+  "repository": "zeit/ms",
+  "main": "./index",
+  "files": [
+    "index.js"
+  ],
+  "scripts": {
+    "precommit": "lint-staged",
+    "lint": "eslint lib/* bin/*",
+    "test": "mocha tests.js"
+  },
+  "eslintConfig": {
+    "extends": "eslint:recommended",
+    "env": {
+      "node": true,
+      "es6": true
+    }
+  },
+  "lint-staged": {
+    "*.js": [
+      "npm run lint",
+      "prettier --single-quote --write",
+      "git add"
+    ]
+  },
+  "license": "MIT",
+  "devDependencies": {
+    "eslint": "3.19.0",
+    "expect.js": "0.3.1",
+    "husky": "0.13.3",
+    "lint-staged": "3.4.1",
+    "mocha": "3.4.1"
+  }
+}
diff --git a/src/Servers/ExpressServer/node_modules/ms/readme.md b/src/Servers/ExpressServer/node_modules/ms/readme.md
new file mode 100644
index 0000000..84a9974
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/ms/readme.md
@@ -0,0 +1,51 @@
+# ms
+
+[![Build Status](https://travis-ci.org/zeit/ms.svg?branch=master)](https://travis-ci.org/zeit/ms)
+[![Slack Channel](http://zeit-slackin.now.sh/badge.svg)](https://zeit.chat/)
+
+Use this package to easily convert various time formats to milliseconds.
+
+## Examples
+
+```js
+ms('2 days')  // 172800000
+ms('1d')      // 86400000
+ms('10h')     // 36000000
+ms('2.5 hrs') // 9000000
+ms('2h')      // 7200000
+ms('1m')      // 60000
+ms('5s')      // 5000
+ms('1y')      // 31557600000
+ms('100')     // 100
+```
+
+### Convert from milliseconds
+
+```js
+ms(60000)             // "1m"
+ms(2 * 60000)         // "2m"
+ms(ms('10 hours'))    // "10h"
+```
+
+### Time format written-out
+
+```js
+ms(60000, { long: true })             // "1 minute"
+ms(2 * 60000, { long: true })         // "2 minutes"
+ms(ms('10 hours'), { long: true })    // "10 hours"
+```
+
+## Features
+
+- Works both in [node](https://nodejs.org) and in the browser.
+- If a number is supplied to `ms`, a string with a unit is returned.
+- If a string that contains the number is supplied, it returns it as a number (e.g.: it returns `100` for `'100'`).
+- If you pass a string with a number and a valid unit, the number of equivalent ms is returned.
+
+## Caught a bug?
+
+1. [Fork](https://help.github.com/articles/fork-a-repo/) this repository to your own GitHub account and then [clone](https://help.github.com/articles/cloning-a-repository/) it to your local device
+2. Link the package to the global module directory: `npm link`
+3. Within the module you want to test your local development instance of ms, just link it to the dependencies: `npm link ms`. Instead of the default one from npm, node will now use your clone of ms!
+
+As always, you can run the tests using: `npm test`
diff --git a/src/Servers/ExpressServer/node_modules/negotiator/HISTORY.md b/src/Servers/ExpressServer/node_modules/negotiator/HISTORY.md
new file mode 100644
index 0000000..a9a5449
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/negotiator/HISTORY.md
@@ -0,0 +1,108 @@
+0.6.3 / 2022-01-22
+==================
+
+  * Revert "Lazy-load modules from main entry point"
+
+0.6.2 / 2019-04-29
+==================
+
+  * Fix sorting charset, encoding, and language with extra parameters
+
+0.6.1 / 2016-05-02
+==================
+
+  * perf: improve `Accept` parsing speed
+  * perf: improve `Accept-Charset` parsing speed
+  * perf: improve `Accept-Encoding` parsing speed
+  * perf: improve `Accept-Language` parsing speed
+
+0.6.0 / 2015-09-29
+==================
+
+  * Fix including type extensions in parameters in `Accept` parsing
+  * Fix parsing `Accept` parameters with quoted equals
+  * Fix parsing `Accept` parameters with quoted semicolons
+  * Lazy-load modules from main entry point
+  * perf: delay type concatenation until needed
+  * perf: enable strict mode
+  * perf: hoist regular expressions
+  * perf: remove closures getting spec properties
+  * perf: remove a closure from media type parsing
+  * perf: remove property delete from media type parsing
+
+0.5.3 / 2015-05-10
+==================
+
+  * Fix media type parameter matching to be case-insensitive
+
+0.5.2 / 2015-05-06
+==================
+
+  * Fix comparing media types with quoted values
+  * Fix splitting media types with quoted commas
+
+0.5.1 / 2015-02-14
+==================
+
+  * Fix preference sorting to be stable for long acceptable lists
+
+0.5.0 / 2014-12-18
+==================
+
+  * Fix list return order when large accepted list
+  * Fix missing identity encoding when q=0 exists
+  * Remove dynamic building of Negotiator class
+
+0.4.9 / 2014-10-14
+==================
+
+  * Fix error when media type has invalid parameter
+
+0.4.8 / 2014-09-28
+==================
+
+  * Fix all negotiations to be case-insensitive
+  * Stable sort preferences of same quality according to client order
+  * Support Node.js 0.6
+
+0.4.7 / 2014-06-24
+==================
+
+  * Handle invalid provided languages
+  * Handle invalid provided media types
+
+0.4.6 / 2014-06-11
+==================
+
+  *  Order by specificity when quality is the same
+
+0.4.5 / 2014-05-29
+==================
+
+  * Fix regression in empty header handling
+
+0.4.4 / 2014-05-29
+==================
+
+  * Fix behaviors when headers are not present
+
+0.4.3 / 2014-04-16
+==================
+
+  * Handle slashes on media params correctly
+
+0.4.2 / 2014-02-28
+==================
+
+  * Fix media type sorting
+  * Handle media types params strictly
+
+0.4.1 / 2014-01-16
+==================
+
+  * Use most specific matches
+
+0.4.0 / 2014-01-09
+==================
+
+  * Remove preferred prefix from methods
diff --git a/src/Servers/ExpressServer/node_modules/negotiator/LICENSE b/src/Servers/ExpressServer/node_modules/negotiator/LICENSE
new file mode 100644
index 0000000..ea6b9e2
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/negotiator/LICENSE
@@ -0,0 +1,24 @@
+(The MIT License)
+
+Copyright (c) 2012-2014 Federico Romero
+Copyright (c) 2012-2014 Isaac Z. Schlueter
+Copyright (c) 2014-2015 Douglas Christopher Wilson
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/negotiator/README.md b/src/Servers/ExpressServer/node_modules/negotiator/README.md
new file mode 100644
index 0000000..82915e5
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/negotiator/README.md
@@ -0,0 +1,203 @@
+# negotiator
+
+[![NPM Version][npm-image]][npm-url]
+[![NPM Downloads][downloads-image]][downloads-url]
+[![Node.js Version][node-version-image]][node-version-url]
+[![Build Status][github-actions-ci-image]][github-actions-ci-url]
+[![Test Coverage][coveralls-image]][coveralls-url]
+
+An HTTP content negotiator for Node.js
+
+## Installation
+
+```sh
+$ npm install negotiator
+```
+
+## API
+
+```js
+var Negotiator = require('negotiator')
+```
+
+### Accept Negotiation
+
+```js
+availableMediaTypes = ['text/html', 'text/plain', 'application/json']
+
+// The negotiator constructor receives a request object
+negotiator = new Negotiator(request)
+
+// Let's say Accept header is 'text/html, application/*;q=0.2, image/jpeg;q=0.8'
+
+negotiator.mediaTypes()
+// -> ['text/html', 'image/jpeg', 'application/*']
+
+negotiator.mediaTypes(availableMediaTypes)
+// -> ['text/html', 'application/json']
+
+negotiator.mediaType(availableMediaTypes)
+// -> 'text/html'
+```
+
+You can check a working example at `examples/accept.js`.
+
+#### Methods
+
+##### mediaType()
+
+Returns the most preferred media type from the client.
+
+##### mediaType(availableMediaType)
+
+Returns the most preferred media type from a list of available media types.
+
+##### mediaTypes()
+
+Returns an array of preferred media types ordered by the client preference.
+
+##### mediaTypes(availableMediaTypes)
+
+Returns an array of preferred media types ordered by priority from a list of
+available media types.
+
+### Accept-Language Negotiation
+
+```js
+negotiator = new Negotiator(request)
+
+availableLanguages = ['en', 'es', 'fr']
+
+// Let's say Accept-Language header is 'en;q=0.8, es, pt'
+
+negotiator.languages()
+// -> ['es', 'pt', 'en']
+
+negotiator.languages(availableLanguages)
+// -> ['es', 'en']
+
+language = negotiator.language(availableLanguages)
+// -> 'es'
+```
+
+You can check a working example at `examples/language.js`.
+
+#### Methods
+
+##### language()
+
+Returns the most preferred language from the client.
+
+##### language(availableLanguages)
+
+Returns the most preferred language from a list of available languages.
+
+##### languages()
+
+Returns an array of preferred languages ordered by the client preference.
+
+##### languages(availableLanguages)
+
+Returns an array of preferred languages ordered by priority from a list of
+available languages.
+
+### Accept-Charset Negotiation
+
+```js
+availableCharsets = ['utf-8', 'iso-8859-1', 'iso-8859-5']
+
+negotiator = new Negotiator(request)
+
+// Let's say Accept-Charset header is 'utf-8, iso-8859-1;q=0.8, utf-7;q=0.2'
+
+negotiator.charsets()
+// -> ['utf-8', 'iso-8859-1', 'utf-7']
+
+negotiator.charsets(availableCharsets)
+// -> ['utf-8', 'iso-8859-1']
+
+negotiator.charset(availableCharsets)
+// -> 'utf-8'
+```
+
+You can check a working example at `examples/charset.js`.
+
+#### Methods
+
+##### charset()
+
+Returns the most preferred charset from the client.
+
+##### charset(availableCharsets)
+
+Returns the most preferred charset from a list of available charsets.
+
+##### charsets()
+
+Returns an array of preferred charsets ordered by the client preference.
+
+##### charsets(availableCharsets)
+
+Returns an array of preferred charsets ordered by priority from a list of
+available charsets.
+
+### Accept-Encoding Negotiation
+
+```js
+availableEncodings = ['identity', 'gzip']
+
+negotiator = new Negotiator(request)
+
+// Let's say Accept-Encoding header is 'gzip, compress;q=0.2, identity;q=0.5'
+
+negotiator.encodings()
+// -> ['gzip', 'identity', 'compress']
+
+negotiator.encodings(availableEncodings)
+// -> ['gzip', 'identity']
+
+negotiator.encoding(availableEncodings)
+// -> 'gzip'
+```
+
+You can check a working example at `examples/encoding.js`.
+
+#### Methods
+
+##### encoding()
+
+Returns the most preferred encoding from the client.
+
+##### encoding(availableEncodings)
+
+Returns the most preferred encoding from a list of available encodings.
+
+##### encodings()
+
+Returns an array of preferred encodings ordered by the client preference.
+
+##### encodings(availableEncodings)
+
+Returns an array of preferred encodings ordered by priority from a list of
+available encodings.
+
+## See Also
+
+The [accepts](https://npmjs.org/package/accepts#readme) module builds on
+this module and provides an alternative interface, mime type validation,
+and more.
+
+## License
+
+[MIT](LICENSE)
+
+[npm-image]: https://img.shields.io/npm/v/negotiator.svg
+[npm-url]: https://npmjs.org/package/negotiator
+[node-version-image]: https://img.shields.io/node/v/negotiator.svg
+[node-version-url]: https://nodejs.org/en/download/
+[coveralls-image]: https://img.shields.io/coveralls/jshttp/negotiator/master.svg
+[coveralls-url]: https://coveralls.io/r/jshttp/negotiator?branch=master
+[downloads-image]: https://img.shields.io/npm/dm/negotiator.svg
+[downloads-url]: https://npmjs.org/package/negotiator
+[github-actions-ci-image]: https://img.shields.io/github/workflow/status/jshttp/negotiator/ci/master?label=ci
+[github-actions-ci-url]: https://github.com/jshttp/negotiator/actions/workflows/ci.yml
diff --git a/src/Servers/ExpressServer/node_modules/negotiator/index.js b/src/Servers/ExpressServer/node_modules/negotiator/index.js
new file mode 100644
index 0000000..4788264
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/negotiator/index.js
@@ -0,0 +1,82 @@
+/*!
+ * negotiator
+ * Copyright(c) 2012 Federico Romero
+ * Copyright(c) 2012-2014 Isaac Z. Schlueter
+ * Copyright(c) 2015 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict';
+
+var preferredCharsets = require('./lib/charset')
+var preferredEncodings = require('./lib/encoding')
+var preferredLanguages = require('./lib/language')
+var preferredMediaTypes = require('./lib/mediaType')
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = Negotiator;
+module.exports.Negotiator = Negotiator;
+
+/**
+ * Create a Negotiator instance from a request.
+ * @param {object} request
+ * @public
+ */
+
+function Negotiator(request) {
+  if (!(this instanceof Negotiator)) {
+    return new Negotiator(request);
+  }
+
+  this.request = request;
+}
+
+Negotiator.prototype.charset = function charset(available) {
+  var set = this.charsets(available);
+  return set && set[0];
+};
+
+Negotiator.prototype.charsets = function charsets(available) {
+  return preferredCharsets(this.request.headers['accept-charset'], available);
+};
+
+Negotiator.prototype.encoding = function encoding(available) {
+  var set = this.encodings(available);
+  return set && set[0];
+};
+
+Negotiator.prototype.encodings = function encodings(available) {
+  return preferredEncodings(this.request.headers['accept-encoding'], available);
+};
+
+Negotiator.prototype.language = function language(available) {
+  var set = this.languages(available);
+  return set && set[0];
+};
+
+Negotiator.prototype.languages = function languages(available) {
+  return preferredLanguages(this.request.headers['accept-language'], available);
+};
+
+Negotiator.prototype.mediaType = function mediaType(available) {
+  var set = this.mediaTypes(available);
+  return set && set[0];
+};
+
+Negotiator.prototype.mediaTypes = function mediaTypes(available) {
+  return preferredMediaTypes(this.request.headers.accept, available);
+};
+
+// Backwards compatibility
+Negotiator.prototype.preferredCharset = Negotiator.prototype.charset;
+Negotiator.prototype.preferredCharsets = Negotiator.prototype.charsets;
+Negotiator.prototype.preferredEncoding = Negotiator.prototype.encoding;
+Negotiator.prototype.preferredEncodings = Negotiator.prototype.encodings;
+Negotiator.prototype.preferredLanguage = Negotiator.prototype.language;
+Negotiator.prototype.preferredLanguages = Negotiator.prototype.languages;
+Negotiator.prototype.preferredMediaType = Negotiator.prototype.mediaType;
+Negotiator.prototype.preferredMediaTypes = Negotiator.prototype.mediaTypes;
diff --git a/src/Servers/ExpressServer/node_modules/negotiator/lib/charset.js b/src/Servers/ExpressServer/node_modules/negotiator/lib/charset.js
new file mode 100644
index 0000000..cdd0148
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/negotiator/lib/charset.js
@@ -0,0 +1,169 @@
+/**
+ * negotiator
+ * Copyright(c) 2012 Isaac Z. Schlueter
+ * Copyright(c) 2014 Federico Romero
+ * Copyright(c) 2014-2015 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict';
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = preferredCharsets;
+module.exports.preferredCharsets = preferredCharsets;
+
+/**
+ * Module variables.
+ * @private
+ */
+
+var simpleCharsetRegExp = /^\s*([^\s;]+)\s*(?:;(.*))?$/;
+
+/**
+ * Parse the Accept-Charset header.
+ * @private
+ */
+
+function parseAcceptCharset(accept) {
+  var accepts = accept.split(',');
+
+  for (var i = 0, j = 0; i < accepts.length; i++) {
+    var charset = parseCharset(accepts[i].trim(), i);
+
+    if (charset) {
+      accepts[j++] = charset;
+    }
+  }
+
+  // trim accepts
+  accepts.length = j;
+
+  return accepts;
+}
+
+/**
+ * Parse a charset from the Accept-Charset header.
+ * @private
+ */
+
+function parseCharset(str, i) {
+  var match = simpleCharsetRegExp.exec(str);
+  if (!match) return null;
+
+  var charset = match[1];
+  var q = 1;
+  if (match[2]) {
+    var params = match[2].split(';')
+    for (var j = 0; j < params.length; j++) {
+      var p = params[j].trim().split('=');
+      if (p[0] === 'q') {
+        q = parseFloat(p[1]);
+        break;
+      }
+    }
+  }
+
+  return {
+    charset: charset,
+    q: q,
+    i: i
+  };
+}
+
+/**
+ * Get the priority of a charset.
+ * @private
+ */
+
+function getCharsetPriority(charset, accepted, index) {
+  var priority = {o: -1, q: 0, s: 0};
+
+  for (var i = 0; i < accepted.length; i++) {
+    var spec = specify(charset, accepted[i], index);
+
+    if (spec && (priority.s - spec.s || priority.q - spec.q || priority.o - spec.o) < 0) {
+      priority = spec;
+    }
+  }
+
+  return priority;
+}
+
+/**
+ * Get the specificity of the charset.
+ * @private
+ */
+
+function specify(charset, spec, index) {
+  var s = 0;
+  if(spec.charset.toLowerCase() === charset.toLowerCase()){
+    s |= 1;
+  } else if (spec.charset !== '*' ) {
+    return null
+  }
+
+  return {
+    i: index,
+    o: spec.i,
+    q: spec.q,
+    s: s
+  }
+}
+
+/**
+ * Get the preferred charsets from an Accept-Charset header.
+ * @public
+ */
+
+function preferredCharsets(accept, provided) {
+  // RFC 2616 sec 14.2: no header = *
+  var accepts = parseAcceptCharset(accept === undefined ? '*' : accept || '');
+
+  if (!provided) {
+    // sorted list of all charsets
+    return accepts
+      .filter(isQuality)
+      .sort(compareSpecs)
+      .map(getFullCharset);
+  }
+
+  var priorities = provided.map(function getPriority(type, index) {
+    return getCharsetPriority(type, accepts, index);
+  });
+
+  // sorted list of accepted charsets
+  return priorities.filter(isQuality).sort(compareSpecs).map(function getCharset(priority) {
+    return provided[priorities.indexOf(priority)];
+  });
+}
+
+/**
+ * Compare two specs.
+ * @private
+ */
+
+function compareSpecs(a, b) {
+  return (b.q - a.q) || (b.s - a.s) || (a.o - b.o) || (a.i - b.i) || 0;
+}
+
+/**
+ * Get full charset string.
+ * @private
+ */
+
+function getFullCharset(spec) {
+  return spec.charset;
+}
+
+/**
+ * Check if a spec has any quality.
+ * @private
+ */
+
+function isQuality(spec) {
+  return spec.q > 0;
+}
diff --git a/src/Servers/ExpressServer/node_modules/negotiator/lib/encoding.js b/src/Servers/ExpressServer/node_modules/negotiator/lib/encoding.js
new file mode 100644
index 0000000..8432cd7
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/negotiator/lib/encoding.js
@@ -0,0 +1,184 @@
+/**
+ * negotiator
+ * Copyright(c) 2012 Isaac Z. Schlueter
+ * Copyright(c) 2014 Federico Romero
+ * Copyright(c) 2014-2015 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict';
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = preferredEncodings;
+module.exports.preferredEncodings = preferredEncodings;
+
+/**
+ * Module variables.
+ * @private
+ */
+
+var simpleEncodingRegExp = /^\s*([^\s;]+)\s*(?:;(.*))?$/;
+
+/**
+ * Parse the Accept-Encoding header.
+ * @private
+ */
+
+function parseAcceptEncoding(accept) {
+  var accepts = accept.split(',');
+  var hasIdentity = false;
+  var minQuality = 1;
+
+  for (var i = 0, j = 0; i < accepts.length; i++) {
+    var encoding = parseEncoding(accepts[i].trim(), i);
+
+    if (encoding) {
+      accepts[j++] = encoding;
+      hasIdentity = hasIdentity || specify('identity', encoding);
+      minQuality = Math.min(minQuality, encoding.q || 1);
+    }
+  }
+
+  if (!hasIdentity) {
+    /*
+     * If identity doesn't explicitly appear in the accept-encoding header,
+     * it's added to the list of acceptable encoding with the lowest q
+     */
+    accepts[j++] = {
+      encoding: 'identity',
+      q: minQuality,
+      i: i
+    };
+  }
+
+  // trim accepts
+  accepts.length = j;
+
+  return accepts;
+}
+
+/**
+ * Parse an encoding from the Accept-Encoding header.
+ * @private
+ */
+
+function parseEncoding(str, i) {
+  var match = simpleEncodingRegExp.exec(str);
+  if (!match) return null;
+
+  var encoding = match[1];
+  var q = 1;
+  if (match[2]) {
+    var params = match[2].split(';');
+    for (var j = 0; j < params.length; j++) {
+      var p = params[j].trim().split('=');
+      if (p[0] === 'q') {
+        q = parseFloat(p[1]);
+        break;
+      }
+    }
+  }
+
+  return {
+    encoding: encoding,
+    q: q,
+    i: i
+  };
+}
+
+/**
+ * Get the priority of an encoding.
+ * @private
+ */
+
+function getEncodingPriority(encoding, accepted, index) {
+  var priority = {o: -1, q: 0, s: 0};
+
+  for (var i = 0; i < accepted.length; i++) {
+    var spec = specify(encoding, accepted[i], index);
+
+    if (spec && (priority.s - spec.s || priority.q - spec.q || priority.o - spec.o) < 0) {
+      priority = spec;
+    }
+  }
+
+  return priority;
+}
+
+/**
+ * Get the specificity of the encoding.
+ * @private
+ */
+
+function specify(encoding, spec, index) {
+  var s = 0;
+  if(spec.encoding.toLowerCase() === encoding.toLowerCase()){
+    s |= 1;
+  } else if (spec.encoding !== '*' ) {
+    return null
+  }
+
+  return {
+    i: index,
+    o: spec.i,
+    q: spec.q,
+    s: s
+  }
+};
+
+/**
+ * Get the preferred encodings from an Accept-Encoding header.
+ * @public
+ */
+
+function preferredEncodings(accept, provided) {
+  var accepts = parseAcceptEncoding(accept || '');
+
+  if (!provided) {
+    // sorted list of all encodings
+    return accepts
+      .filter(isQuality)
+      .sort(compareSpecs)
+      .map(getFullEncoding);
+  }
+
+  var priorities = provided.map(function getPriority(type, index) {
+    return getEncodingPriority(type, accepts, index);
+  });
+
+  // sorted list of accepted encodings
+  return priorities.filter(isQuality).sort(compareSpecs).map(function getEncoding(priority) {
+    return provided[priorities.indexOf(priority)];
+  });
+}
+
+/**
+ * Compare two specs.
+ * @private
+ */
+
+function compareSpecs(a, b) {
+  return (b.q - a.q) || (b.s - a.s) || (a.o - b.o) || (a.i - b.i) || 0;
+}
+
+/**
+ * Get full encoding string.
+ * @private
+ */
+
+function getFullEncoding(spec) {
+  return spec.encoding;
+}
+
+/**
+ * Check if a spec has any quality.
+ * @private
+ */
+
+function isQuality(spec) {
+  return spec.q > 0;
+}
diff --git a/src/Servers/ExpressServer/node_modules/negotiator/lib/language.js b/src/Servers/ExpressServer/node_modules/negotiator/lib/language.js
new file mode 100644
index 0000000..a231672
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/negotiator/lib/language.js
@@ -0,0 +1,179 @@
+/**
+ * negotiator
+ * Copyright(c) 2012 Isaac Z. Schlueter
+ * Copyright(c) 2014 Federico Romero
+ * Copyright(c) 2014-2015 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict';
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = preferredLanguages;
+module.exports.preferredLanguages = preferredLanguages;
+
+/**
+ * Module variables.
+ * @private
+ */
+
+var simpleLanguageRegExp = /^\s*([^\s\-;]+)(?:-([^\s;]+))?\s*(?:;(.*))?$/;
+
+/**
+ * Parse the Accept-Language header.
+ * @private
+ */
+
+function parseAcceptLanguage(accept) {
+  var accepts = accept.split(',');
+
+  for (var i = 0, j = 0; i < accepts.length; i++) {
+    var language = parseLanguage(accepts[i].trim(), i);
+
+    if (language) {
+      accepts[j++] = language;
+    }
+  }
+
+  // trim accepts
+  accepts.length = j;
+
+  return accepts;
+}
+
+/**
+ * Parse a language from the Accept-Language header.
+ * @private
+ */
+
+function parseLanguage(str, i) {
+  var match = simpleLanguageRegExp.exec(str);
+  if (!match) return null;
+
+  var prefix = match[1]
+  var suffix = match[2]
+  var full = prefix
+
+  if (suffix) full += "-" + suffix;
+
+  var q = 1;
+  if (match[3]) {
+    var params = match[3].split(';')
+    for (var j = 0; j < params.length; j++) {
+      var p = params[j].split('=');
+      if (p[0] === 'q') q = parseFloat(p[1]);
+    }
+  }
+
+  return {
+    prefix: prefix,
+    suffix: suffix,
+    q: q,
+    i: i,
+    full: full
+  };
+}
+
+/**
+ * Get the priority of a language.
+ * @private
+ */
+
+function getLanguagePriority(language, accepted, index) {
+  var priority = {o: -1, q: 0, s: 0};
+
+  for (var i = 0; i < accepted.length; i++) {
+    var spec = specify(language, accepted[i], index);
+
+    if (spec && (priority.s - spec.s || priority.q - spec.q || priority.o - spec.o) < 0) {
+      priority = spec;
+    }
+  }
+
+  return priority;
+}
+
+/**
+ * Get the specificity of the language.
+ * @private
+ */
+
+function specify(language, spec, index) {
+  var p = parseLanguage(language)
+  if (!p) return null;
+  var s = 0;
+  if(spec.full.toLowerCase() === p.full.toLowerCase()){
+    s |= 4;
+  } else if (spec.prefix.toLowerCase() === p.full.toLowerCase()) {
+    s |= 2;
+  } else if (spec.full.toLowerCase() === p.prefix.toLowerCase()) {
+    s |= 1;
+  } else if (spec.full !== '*' ) {
+    return null
+  }
+
+  return {
+    i: index,
+    o: spec.i,
+    q: spec.q,
+    s: s
+  }
+};
+
+/**
+ * Get the preferred languages from an Accept-Language header.
+ * @public
+ */
+
+function preferredLanguages(accept, provided) {
+  // RFC 2616 sec 14.4: no header = *
+  var accepts = parseAcceptLanguage(accept === undefined ? '*' : accept || '');
+
+  if (!provided) {
+    // sorted list of all languages
+    return accepts
+      .filter(isQuality)
+      .sort(compareSpecs)
+      .map(getFullLanguage);
+  }
+
+  var priorities = provided.map(function getPriority(type, index) {
+    return getLanguagePriority(type, accepts, index);
+  });
+
+  // sorted list of accepted languages
+  return priorities.filter(isQuality).sort(compareSpecs).map(function getLanguage(priority) {
+    return provided[priorities.indexOf(priority)];
+  });
+}
+
+/**
+ * Compare two specs.
+ * @private
+ */
+
+function compareSpecs(a, b) {
+  return (b.q - a.q) || (b.s - a.s) || (a.o - b.o) || (a.i - b.i) || 0;
+}
+
+/**
+ * Get full language string.
+ * @private
+ */
+
+function getFullLanguage(spec) {
+  return spec.full;
+}
+
+/**
+ * Check if a spec has any quality.
+ * @private
+ */
+
+function isQuality(spec) {
+  return spec.q > 0;
+}
diff --git a/src/Servers/ExpressServer/node_modules/negotiator/lib/mediaType.js b/src/Servers/ExpressServer/node_modules/negotiator/lib/mediaType.js
new file mode 100644
index 0000000..67309dd
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/negotiator/lib/mediaType.js
@@ -0,0 +1,294 @@
+/**
+ * negotiator
+ * Copyright(c) 2012 Isaac Z. Schlueter
+ * Copyright(c) 2014 Federico Romero
+ * Copyright(c) 2014-2015 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict';
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = preferredMediaTypes;
+module.exports.preferredMediaTypes = preferredMediaTypes;
+
+/**
+ * Module variables.
+ * @private
+ */
+
+var simpleMediaTypeRegExp = /^\s*([^\s\/;]+)\/([^;\s]+)\s*(?:;(.*))?$/;
+
+/**
+ * Parse the Accept header.
+ * @private
+ */
+
+function parseAccept(accept) {
+  var accepts = splitMediaTypes(accept);
+
+  for (var i = 0, j = 0; i < accepts.length; i++) {
+    var mediaType = parseMediaType(accepts[i].trim(), i);
+
+    if (mediaType) {
+      accepts[j++] = mediaType;
+    }
+  }
+
+  // trim accepts
+  accepts.length = j;
+
+  return accepts;
+}
+
+/**
+ * Parse a media type from the Accept header.
+ * @private
+ */
+
+function parseMediaType(str, i) {
+  var match = simpleMediaTypeRegExp.exec(str);
+  if (!match) return null;
+
+  var params = Object.create(null);
+  var q = 1;
+  var subtype = match[2];
+  var type = match[1];
+
+  if (match[3]) {
+    var kvps = splitParameters(match[3]).map(splitKeyValuePair);
+
+    for (var j = 0; j < kvps.length; j++) {
+      var pair = kvps[j];
+      var key = pair[0].toLowerCase();
+      var val = pair[1];
+
+      // get the value, unwrapping quotes
+      var value = val && val[0] === '"' && val[val.length - 1] === '"'
+        ? val.substr(1, val.length - 2)
+        : val;
+
+      if (key === 'q') {
+        q = parseFloat(value);
+        break;
+      }
+
+      // store parameter
+      params[key] = value;
+    }
+  }
+
+  return {
+    type: type,
+    subtype: subtype,
+    params: params,
+    q: q,
+    i: i
+  };
+}
+
+/**
+ * Get the priority of a media type.
+ * @private
+ */
+
+function getMediaTypePriority(type, accepted, index) {
+  var priority = {o: -1, q: 0, s: 0};
+
+  for (var i = 0; i < accepted.length; i++) {
+    var spec = specify(type, accepted[i], index);
+
+    if (spec && (priority.s - spec.s || priority.q - spec.q || priority.o - spec.o) < 0) {
+      priority = spec;
+    }
+  }
+
+  return priority;
+}
+
+/**
+ * Get the specificity of the media type.
+ * @private
+ */
+
+function specify(type, spec, index) {
+  var p = parseMediaType(type);
+  var s = 0;
+
+  if (!p) {
+    return null;
+  }
+
+  if(spec.type.toLowerCase() == p.type.toLowerCase()) {
+    s |= 4
+  } else if(spec.type != '*') {
+    return null;
+  }
+
+  if(spec.subtype.toLowerCase() == p.subtype.toLowerCase()) {
+    s |= 2
+  } else if(spec.subtype != '*') {
+    return null;
+  }
+
+  var keys = Object.keys(spec.params);
+  if (keys.length > 0) {
+    if (keys.every(function (k) {
+      return spec.params[k] == '*' || (spec.params[k] || '').toLowerCase() == (p.params[k] || '').toLowerCase();
+    })) {
+      s |= 1
+    } else {
+      return null
+    }
+  }
+
+  return {
+    i: index,
+    o: spec.i,
+    q: spec.q,
+    s: s,
+  }
+}
+
+/**
+ * Get the preferred media types from an Accept header.
+ * @public
+ */
+
+function preferredMediaTypes(accept, provided) {
+  // RFC 2616 sec 14.2: no header = */*
+  var accepts = parseAccept(accept === undefined ? '*/*' : accept || '');
+
+  if (!provided) {
+    // sorted list of all types
+    return accepts
+      .filter(isQuality)
+      .sort(compareSpecs)
+      .map(getFullType);
+  }
+
+  var priorities = provided.map(function getPriority(type, index) {
+    return getMediaTypePriority(type, accepts, index);
+  });
+
+  // sorted list of accepted types
+  return priorities.filter(isQuality).sort(compareSpecs).map(function getType(priority) {
+    return provided[priorities.indexOf(priority)];
+  });
+}
+
+/**
+ * Compare two specs.
+ * @private
+ */
+
+function compareSpecs(a, b) {
+  return (b.q - a.q) || (b.s - a.s) || (a.o - b.o) || (a.i - b.i) || 0;
+}
+
+/**
+ * Get full type string.
+ * @private
+ */
+
+function getFullType(spec) {
+  return spec.type + '/' + spec.subtype;
+}
+
+/**
+ * Check if a spec has any quality.
+ * @private
+ */
+
+function isQuality(spec) {
+  return spec.q > 0;
+}
+
+/**
+ * Count the number of quotes in a string.
+ * @private
+ */
+
+function quoteCount(string) {
+  var count = 0;
+  var index = 0;
+
+  while ((index = string.indexOf('"', index)) !== -1) {
+    count++;
+    index++;
+  }
+
+  return count;
+}
+
+/**
+ * Split a key value pair.
+ * @private
+ */
+
+function splitKeyValuePair(str) {
+  var index = str.indexOf('=');
+  var key;
+  var val;
+
+  if (index === -1) {
+    key = str;
+  } else {
+    key = str.substr(0, index);
+    val = str.substr(index + 1);
+  }
+
+  return [key, val];
+}
+
+/**
+ * Split an Accept header into media types.
+ * @private
+ */
+
+function splitMediaTypes(accept) {
+  var accepts = accept.split(',');
+
+  for (var i = 1, j = 0; i < accepts.length; i++) {
+    if (quoteCount(accepts[j]) % 2 == 0) {
+      accepts[++j] = accepts[i];
+    } else {
+      accepts[j] += ',' + accepts[i];
+    }
+  }
+
+  // trim accepts
+  accepts.length = j + 1;
+
+  return accepts;
+}
+
+/**
+ * Split a string of parameters.
+ * @private
+ */
+
+function splitParameters(str) {
+  var parameters = str.split(';');
+
+  for (var i = 1, j = 0; i < parameters.length; i++) {
+    if (quoteCount(parameters[j]) % 2 == 0) {
+      parameters[++j] = parameters[i];
+    } else {
+      parameters[j] += ';' + parameters[i];
+    }
+  }
+
+  // trim parameters
+  parameters.length = j + 1;
+
+  for (var i = 0; i < parameters.length; i++) {
+    parameters[i] = parameters[i].trim();
+  }
+
+  return parameters;
+}
diff --git a/src/Servers/ExpressServer/node_modules/negotiator/package.json b/src/Servers/ExpressServer/node_modules/negotiator/package.json
new file mode 100644
index 0000000..297635f
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/negotiator/package.json
@@ -0,0 +1,42 @@
+{
+  "name": "negotiator",
+  "description": "HTTP content negotiation",
+  "version": "0.6.3",
+  "contributors": [
+    "Douglas Christopher Wilson <doug@somethingdoug.com>",
+    "Federico Romero <federico.romero@outboxlabs.com>",
+    "Isaac Z. Schlueter <i@izs.me> (http://blog.izs.me/)"
+  ],
+  "license": "MIT",
+  "keywords": [
+    "http",
+    "content negotiation",
+    "accept",
+    "accept-language",
+    "accept-encoding",
+    "accept-charset"
+  ],
+  "repository": "jshttp/negotiator",
+  "devDependencies": {
+    "eslint": "7.32.0",
+    "eslint-plugin-markdown": "2.2.1",
+    "mocha": "9.1.3",
+    "nyc": "15.1.0"
+  },
+  "files": [
+    "lib/",
+    "HISTORY.md",
+    "LICENSE",
+    "index.js",
+    "README.md"
+  ],
+  "engines": {
+    "node": ">= 0.6"
+  },
+  "scripts": {
+    "lint": "eslint .",
+    "test": "mocha --reporter spec --check-leaks --bail test/",
+    "test-ci": "nyc --reporter=lcov --reporter=text npm test",
+    "test-cov": "nyc --reporter=html --reporter=text npm test"
+  }
+}
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/.eslintrc b/src/Servers/ExpressServer/node_modules/object-inspect/.eslintrc
new file mode 100644
index 0000000..21f9039
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/object-inspect/.eslintrc
@@ -0,0 +1,53 @@
+{
+    "root": true,
+    "extends": "@ljharb",
+    "rules": {
+        "complexity": 0,
+        "func-style": [2, "declaration"],
+        "indent": [2, 4],
+        "max-lines": 1,
+        "max-lines-per-function": 1,
+        "max-params": [2, 4],
+        "max-statements": 0,
+        "max-statements-per-line": [2, { "max": 2 }],
+        "no-magic-numbers": 0,
+        "no-param-reassign": 1,
+        "strict": 0, // TODO
+    },
+    "overrides": [
+        {
+            "files": ["test/**", "test-*", "example/**"],
+            "extends": "@ljharb/eslint-config/tests",
+            "rules": {
+              "id-length": 0,
+            },
+        },
+        {
+            "files": ["example/**"],
+            "rules": {
+                "no-console": 0,
+            },
+        },
+        {
+            "files": ["test/browser/**"],
+            "env": {
+                "browser": true,
+            },
+        },
+        {
+            "files": ["test/bigint*"],
+            "rules": {
+                "new-cap": [2, { "capIsNewExceptions": ["BigInt"] }],
+            },
+        },
+        {
+            "files": "index.js",
+            "globals": {
+                "HTMLElement": false,
+            },
+            "rules": {
+                "no-use-before-define": 1,
+            },
+        },
+    ],
+}
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/.github/FUNDING.yml b/src/Servers/ExpressServer/node_modules/object-inspect/.github/FUNDING.yml
new file mode 100644
index 0000000..730276b
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/object-inspect/.github/FUNDING.yml
@@ -0,0 +1,12 @@
+# These are supported funding model platforms
+
+github: [ljharb]
+patreon: # Replace with a single Patreon username
+open_collective: # Replace with a single Open Collective username
+ko_fi: # Replace with a single Ko-fi username
+tidelift: npm/object-inspect
+community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
+liberapay: # Replace with a single Liberapay username
+issuehunt: # Replace with a single IssueHunt username
+otechie: # Replace with a single Otechie username
+custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/.nycrc b/src/Servers/ExpressServer/node_modules/object-inspect/.nycrc
new file mode 100644
index 0000000..58a5db7
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/object-inspect/.nycrc
@@ -0,0 +1,13 @@
+{
+  "all": true,
+  "check-coverage": false,
+  "instrumentation": false,
+  "sourceMap": false,
+  "reporter": ["text-summary", "text", "html", "json"],
+  "exclude": [
+    "coverage",
+    "example",
+    "test",
+    "test-core-js.js"
+  ]
+}
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/CHANGELOG.md b/src/Servers/ExpressServer/node_modules/object-inspect/CHANGELOG.md
new file mode 100644
index 0000000..bdf9002
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/object-inspect/CHANGELOG.md
@@ -0,0 +1,424 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [v1.13.4](https://github.com/inspect-js/object-inspect/compare/v1.13.3...v1.13.4) - 2025-02-04
+
+### Commits
+
+- [Fix] avoid being fooled by a `Symbol.toStringTag` [`fa5870d`](https://github.com/inspect-js/object-inspect/commit/fa5870da468a525d2f20193700f70752f506cbf7)
+- [Tests] fix tests in node v6.0 - v6.4 [`2abfe1b`](https://github.com/inspect-js/object-inspect/commit/2abfe1bc3c69f9293c07c5cd65a9d7d87a628b84)
+- [Dev Deps] update `es-value-fixtures`, `for-each`, `has-symbols` [`3edfb01`](https://github.com/inspect-js/object-inspect/commit/3edfb01cc8cce220fba0dfdfe2dc8bc955758cdd)
+
+## [v1.13.3](https://github.com/inspect-js/object-inspect/compare/v1.13.2...v1.13.3) - 2024-11-09
+
+### Commits
+
+- [actions] split out node 10-20, and 20+ [`44395a8`](https://github.com/inspect-js/object-inspect/commit/44395a8fc1deda6718a5e125e86b9ffcaa1c7580)
+- [Fix] `quoteStyle`: properly escape only the containing quotes [`5137f8f`](https://github.com/inspect-js/object-inspect/commit/5137f8f7bea69a7fc671bb683fd35f244f38fc52)
+- [Refactor] clean up `quoteStyle` code [`450680c`](https://github.com/inspect-js/object-inspect/commit/450680cd50de4e689ee3b8e1d6db3a1bcf3fc18c)
+- [Tests] add `quoteStyle` escaping tests [`e997c59`](https://github.com/inspect-js/object-inspect/commit/e997c595aeaea84fd98ca35d7e1c3b5ab3ae26e0)
+- [Dev Deps] update `auto-changelog`, `es-value-fixtures`, `tape` [`d5a469c`](https://github.com/inspect-js/object-inspect/commit/d5a469c99ec07ccaeafc36ac4b36a93285086d48)
+- [Tests] replace `aud` with `npm audit` [`fb7815f`](https://github.com/inspect-js/object-inspect/commit/fb7815f9b72cae277a04f65bbb0543f85b88be62)
+- [Dev Deps] update `mock-property` [`11c817b`](https://github.com/inspect-js/object-inspect/commit/11c817bf10392aa017755962ba6bc89d731359ee)
+
+## [v1.13.2](https://github.com/inspect-js/object-inspect/compare/v1.13.1...v1.13.2) - 2024-06-21
+
+### Commits
+
+- [readme] update badges [`8a51e6b`](https://github.com/inspect-js/object-inspect/commit/8a51e6bedaf389ec40cc4659e9df53e8543d176e)
+- [Dev Deps] update `@ljharb/eslint-config`, `tape` [`ef05f58`](https://github.com/inspect-js/object-inspect/commit/ef05f58c9761a41416ab907299bf0fa79517014b)
+- [Dev Deps] update `error-cause`, `has-tostringtag`, `tape` [`c0c6c26`](https://github.com/inspect-js/object-inspect/commit/c0c6c26c44cee6671f7c5d43d2b91d27c5c00d90)
+- [Fix] Don't throw when `global` is not defined [`d4d0965`](https://github.com/inspect-js/object-inspect/commit/d4d096570f7dbd0e03266a96de11d05eb7b63e0f)
+- [meta] add missing `engines.node` [`17a352a`](https://github.com/inspect-js/object-inspect/commit/17a352af6fe1ba6b70a19081674231eb1a50c940)
+- [Dev Deps] update `globalthis` [`9c08884`](https://github.com/inspect-js/object-inspect/commit/9c08884aa662a149e2f11403f413927736b97da7)
+- [Dev Deps] update `error-cause` [`6af352d`](https://github.com/inspect-js/object-inspect/commit/6af352d7c3929a4cc4c55768c27bf547a5e900f4)
+- [Dev Deps] update `npmignore` [`94e617d`](https://github.com/inspect-js/object-inspect/commit/94e617d38831722562fa73dff4c895746861d267)
+- [Dev Deps] update `mock-property` [`2ac24d7`](https://github.com/inspect-js/object-inspect/commit/2ac24d7e58cd388ad093c33249e413e05bbfd6c3)
+- [Dev Deps] update `tape` [`46125e5`](https://github.com/inspect-js/object-inspect/commit/46125e58f1d1dcfb170ed3d1ea69da550ea8d77b)
+
+## [v1.13.1](https://github.com/inspect-js/object-inspect/compare/v1.13.0...v1.13.1) - 2023-10-19
+
+### Commits
+
+- [Fix] in IE 8, global can !== window despite them being prototypes of each other [`30d0859`](https://github.com/inspect-js/object-inspect/commit/30d0859dc4606cf75c2410edcd5d5c6355f8d372)
+
+## [v1.13.0](https://github.com/inspect-js/object-inspect/compare/v1.12.3...v1.13.0) - 2023-10-14
+
+### Commits
+
+- [New] add special handling for the global object [`431bab2`](https://github.com/inspect-js/object-inspect/commit/431bab21a490ee51d35395966a504501e8c685da)
+- [Dev Deps] update `@ljharb/eslint-config`, `aud`, `tape` [`fd4f619`](https://github.com/inspect-js/object-inspect/commit/fd4f6193562b4b0e95dcf5c0201b4e8cbbc4f58d)
+- [Dev Deps] update `mock-property`, `tape` [`b453f6c`](https://github.com/inspect-js/object-inspect/commit/b453f6ceeebf8a1b738a1029754092e0367a4134)
+- [Dev Deps] update `error-cause` [`e8ffc57`](https://github.com/inspect-js/object-inspect/commit/e8ffc577d73b92bb6a4b00c44f14e3319e374888)
+- [Dev Deps] update `tape` [`054b8b9`](https://github.com/inspect-js/object-inspect/commit/054b8b9b98633284cf989e582450ebfbbe53503c)
+- [Dev Deps] temporarily remove `aud` due to breaking change in transitive deps [`2476845`](https://github.com/inspect-js/object-inspect/commit/2476845e0678dd290c541c81cd3dec8420782c52)
+- [Dev Deps] pin `glob`, since v10.3.8+ requires a broken `jackspeak` [`383fa5e`](https://github.com/inspect-js/object-inspect/commit/383fa5eebc0afd705cc778a4b49d8e26452e49a8)
+- [Dev Deps] pin `jackspeak` since 2.1.2+ depends on npm aliases, which kill the install process in npm &lt; 6 [`68c244c`](https://github.com/inspect-js/object-inspect/commit/68c244c5174cdd877e5dcb8ee90aa3f44b2f25be)
+
+## [v1.12.3](https://github.com/inspect-js/object-inspect/compare/v1.12.2...v1.12.3) - 2023-01-12
+
+### Commits
+
+- [Fix] in eg FF 24, collections lack forEach [`75fc226`](https://github.com/inspect-js/object-inspect/commit/75fc22673c82d45f28322b1946bb0eb41b672b7f)
+- [actions] update rebase action to use reusable workflow [`250a277`](https://github.com/inspect-js/object-inspect/commit/250a277a095e9dacc029ab8454dcfc15de549dcd)
+- [Dev Deps] update `aud`, `es-value-fixtures`, `tape` [`66a19b3`](https://github.com/inspect-js/object-inspect/commit/66a19b3209ccc3c5ef4b34c3cb0160e65d1ce9d5)
+- [Dev Deps] update `@ljharb/eslint-config`, `aud`, `error-cause` [`c43d332`](https://github.com/inspect-js/object-inspect/commit/c43d3324b48384a16fd3dc444e5fc589d785bef3)
+- [Tests] add `@pkgjs/support` to `postlint` [`e2618d2`](https://github.com/inspect-js/object-inspect/commit/e2618d22a7a3fa361b6629b53c1752fddc9c4d80)
+
+## [v1.12.2](https://github.com/inspect-js/object-inspect/compare/v1.12.1...v1.12.2) - 2022-05-26
+
+### Commits
+
+- [Fix] use `util.inspect` for a custom inspection symbol method [`e243bf2`](https://github.com/inspect-js/object-inspect/commit/e243bf2eda6c4403ac6f1146fddb14d12e9646c1)
+- [meta] add support info [`ca20ba3`](https://github.com/inspect-js/object-inspect/commit/ca20ba35713c17068ca912a86c542f5e8acb656c)
+- [Fix] ignore `cause` in node v16.9 and v16.10 where it has a bug [`86aa553`](https://github.com/inspect-js/object-inspect/commit/86aa553a4a455562c2c56f1540f0bf857b9d314b)
+
+## [v1.12.1](https://github.com/inspect-js/object-inspect/compare/v1.12.0...v1.12.1) - 2022-05-21
+
+### Commits
+
+- [Tests] use `mock-property` [`4ec8893`](https://github.com/inspect-js/object-inspect/commit/4ec8893ea9bfd28065ca3638cf6762424bf44352)
+- [meta] use `npmignore` to autogenerate an npmignore file [`07f868c`](https://github.com/inspect-js/object-inspect/commit/07f868c10bd25a9d18686528339bb749c211fc9a)
+- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `aud`, `auto-changelog`, `tape` [`b05244b`](https://github.com/inspect-js/object-inspect/commit/b05244b4f331e00c43b3151bc498041be77ccc91)
+- [Dev Deps] update `@ljharb/eslint-config`, `error-cause`, `es-value-fixtures`, `functions-have-names`, `tape` [`d037398`](https://github.com/inspect-js/object-inspect/commit/d037398dcc5d531532e4c19c4a711ed677f579c1)
+- [Fix] properly handle callable regexes in older engines [`848fe48`](https://github.com/inspect-js/object-inspect/commit/848fe48bd6dd0064ba781ee6f3c5e54a94144c37)
+
+## [v1.12.0](https://github.com/inspect-js/object-inspect/compare/v1.11.1...v1.12.0) - 2021-12-18
+
+### Commits
+
+- [New] add `numericSeparator` boolean option [`2d2d537`](https://github.com/inspect-js/object-inspect/commit/2d2d537f5359a4300ce1c10241369f8024f89e11)
+- [Robustness] cache more prototype methods [`191533d`](https://github.com/inspect-js/object-inspect/commit/191533da8aec98a05eadd73a5a6e979c9c8653e8)
+- [New] ensure an Error’s `cause` is displayed [`53bc2ce`](https://github.com/inspect-js/object-inspect/commit/53bc2cee4e5a9cc4986f3cafa22c0685f340715e)
+- [Dev Deps] update `eslint`, `@ljharb/eslint-config` [`bc164b6`](https://github.com/inspect-js/object-inspect/commit/bc164b6e2e7d36b263970f16f54de63048b84a36)
+- [Robustness] cache `RegExp.prototype.test` [`a314ab8`](https://github.com/inspect-js/object-inspect/commit/a314ab8271b905cbabc594c82914d2485a8daf12)
+- [meta] fix auto-changelog settings [`5ed0983`](https://github.com/inspect-js/object-inspect/commit/5ed0983be72f73e32e2559997517a95525c7e20d)
+
+## [v1.11.1](https://github.com/inspect-js/object-inspect/compare/v1.11.0...v1.11.1) - 2021-12-05
+
+### Commits
+
+- [meta] add `auto-changelog` [`7dbdd22`](https://github.com/inspect-js/object-inspect/commit/7dbdd228401d6025d8b7391476d88aee9ea9bbdf)
+- [actions] reuse common workflows [`c8823bc`](https://github.com/inspect-js/object-inspect/commit/c8823bc0a8790729680709d45fb6e652432e91aa)
+- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `safe-publish-latest`, `tape` [`7532b12`](https://github.com/inspect-js/object-inspect/commit/7532b120598307497b712890f75af8056f6d37a6)
+- [Refactor] use `has-tostringtag` to behave correctly in the presence of symbol shams [`94abb5d`](https://github.com/inspect-js/object-inspect/commit/94abb5d4e745bf33253942dea86b3e538d2ff6c6)
+- [actions] update codecov uploader [`5ed5102`](https://github.com/inspect-js/object-inspect/commit/5ed51025267a00e53b1341357315490ac4eb0874)
+- [Dev Deps] update `eslint`, `tape` [`37b2ad2`](https://github.com/inspect-js/object-inspect/commit/37b2ad26c08d94bfd01d5d07069a0b28ef4e2ad7)
+- [meta] add `sideEffects` flag [`d341f90`](https://github.com/inspect-js/object-inspect/commit/d341f905ef8bffa6a694cda6ddc5ba343532cd4f)
+
+## [v1.11.0](https://github.com/inspect-js/object-inspect/compare/v1.10.3...v1.11.0) - 2021-07-12
+
+### Commits
+
+- [New] `customInspect`: add `symbol` option, to mimic modern util.inspect behavior [`e973a6e`](https://github.com/inspect-js/object-inspect/commit/e973a6e21f8140c5837cf25e9d89bdde88dc3120)
+- [Dev Deps] update `eslint` [`05f1cb3`](https://github.com/inspect-js/object-inspect/commit/05f1cb3cbcfe1f238e8b51cf9bc294305b7ed793)
+
+## [v1.10.3](https://github.com/inspect-js/object-inspect/compare/v1.10.2...v1.10.3) - 2021-05-07
+
+### Commits
+
+- [Fix] handle core-js Symbol shams [`4acfc2c`](https://github.com/inspect-js/object-inspect/commit/4acfc2c4b503498759120eb517abad6d51c9c5d6)
+- [readme] update badges [`95c323a`](https://github.com/inspect-js/object-inspect/commit/95c323ad909d6cbabb95dd6015c190ba6db9c1f2)
+- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `aud` [`cb38f48`](https://github.com/inspect-js/object-inspect/commit/cb38f485de6ec7a95109b5a9bbd0a1deba2f6611)
+
+## [v1.10.2](https://github.com/inspect-js/object-inspect/compare/v1.10.1...v1.10.2) - 2021-04-17
+
+### Commits
+
+- [Fix] use a robust check for a boxed Symbol [`87f12d6`](https://github.com/inspect-js/object-inspect/commit/87f12d6e69ce530be04659c81a4cd502943acac5)
+
+## [v1.10.1](https://github.com/inspect-js/object-inspect/compare/v1.10.0...v1.10.1) - 2021-04-17
+
+### Commits
+
+- [Fix] use a robust check for a boxed bigint [`d5ca829`](https://github.com/inspect-js/object-inspect/commit/d5ca8298b6d2e5c7b9334a5b21b96ed95d225c91)
+
+## [v1.10.0](https://github.com/inspect-js/object-inspect/compare/v1.9.0...v1.10.0) - 2021-04-17
+
+### Commits
+
+- [Tests] increase coverage [`d8abb8a`](https://github.com/inspect-js/object-inspect/commit/d8abb8a62c2f084919df994a433b346e0d87a227)
+- [actions] use `node/install` instead of `node/run`; use `codecov` action [`4bfec2e`](https://github.com/inspect-js/object-inspect/commit/4bfec2e30aaef6ddef6cbb1448306f9f8b9520b7)
+- [New] respect `Symbol.toStringTag` on objects [`799b58f`](https://github.com/inspect-js/object-inspect/commit/799b58f536a45e4484633a8e9daeb0330835f175)
+- [Fix] do not allow Symbol.toStringTag to masquerade as builtins [`d6c5b37`](https://github.com/inspect-js/object-inspect/commit/d6c5b37d7e94427796b82432fb0c8964f033a6ab)
+- [New] add `WeakRef` support [`b6d898e`](https://github.com/inspect-js/object-inspect/commit/b6d898ee21868c780a7ee66b28532b5b34ed7f09)
+- [meta] do not publish github action workflow files [`918cdfc`](https://github.com/inspect-js/object-inspect/commit/918cdfc4b6fe83f559ff6ef04fe66201e3ff5cbd)
+- [meta] create `FUNDING.yml` [`0bb5fc5`](https://github.com/inspect-js/object-inspect/commit/0bb5fc516dbcd2cd728bd89cee0b580acc5ce301)
+- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `aud`, `tape` [`22c8dc0`](https://github.com/inspect-js/object-inspect/commit/22c8dc0cac113d70f4781e49a950070923a671be)
+- [meta] use `prepublishOnly` script for npm 7+ [`e52ee09`](https://github.com/inspect-js/object-inspect/commit/e52ee09e8050b8dbac94ef57f786675567728223)
+- [Dev Deps] update `eslint` [`7c4e6fd`](https://github.com/inspect-js/object-inspect/commit/7c4e6fdedcd27cc980e13c9ad834d05a96f3d40c)
+
+## [v1.9.0](https://github.com/inspect-js/object-inspect/compare/v1.8.0...v1.9.0) - 2020-11-30
+
+### Commits
+
+- [Tests] migrate tests to Github Actions [`d262251`](https://github.com/inspect-js/object-inspect/commit/d262251e13e16d3490b5473672f6b6d6ff86675d)
+- [New] add enumerable own Symbols to plain object output [`ee60c03`](https://github.com/inspect-js/object-inspect/commit/ee60c033088cff9d33baa71e59a362a541b48284)
+- [Tests] add passing tests [`01ac3e4`](https://github.com/inspect-js/object-inspect/commit/01ac3e4b5a30f97875a63dc9b1416b3bd626afc9)
+- [actions] add "Require Allow Edits" action [`c2d7746`](https://github.com/inspect-js/object-inspect/commit/c2d774680cde4ca4af332d84d4121b26f798ba9e)
+- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `aud`, `core-js` [`70058de`](https://github.com/inspect-js/object-inspect/commit/70058de1579fc54d1d15ed6c2dbe246637ce70ff)
+- [Fix] hex characters in strings should be uppercased, to match node `assert` [`6ab8faa`](https://github.com/inspect-js/object-inspect/commit/6ab8faaa0abc08fe7a8e2afd8b39c6f1f0e00113)
+- [Tests] run `nyc` on all tests [`4c47372`](https://github.com/inspect-js/object-inspect/commit/4c473727879ddc8e28b599202551ddaaf07b6210)
+- [Tests] node 0.8 has an unpredictable property order; fix `groups` test by removing property [`f192069`](https://github.com/inspect-js/object-inspect/commit/f192069a978a3b60e6f0e0d45ac7df260ab9a778)
+- [New] add enumerable properties to Function inspect result, per node’s `assert` [`fd38e1b`](https://github.com/inspect-js/object-inspect/commit/fd38e1bc3e2a1dc82091ce3e021917462eee64fc)
+- [Tests] fix tests for node &lt; 10, due to regex match `groups` [`2ac6462`](https://github.com/inspect-js/object-inspect/commit/2ac6462cc4f72eaa0b63a8cfee9aabe3008b2330)
+- [Dev Deps] update `eslint`, `@ljharb/eslint-config` [`44b59e2`](https://github.com/inspect-js/object-inspect/commit/44b59e2676a7f825ef530dfd19dafb599e3b9456)
+- [Robustness] cache `Symbol.prototype.toString` [`f3c2074`](https://github.com/inspect-js/object-inspect/commit/f3c2074d8f32faf8292587c07c9678ea931703dd)
+- [Dev Deps] update `eslint` [`9411294`](https://github.com/inspect-js/object-inspect/commit/94112944b9245e3302e25453277876402d207e7f)
+- [meta] `require-allow-edits` no longer requires an explicit github token [`36c0220`](https://github.com/inspect-js/object-inspect/commit/36c02205de3c2b0e84d53777c5c9fd54a36c48ab)
+- [actions] update rebase checkout action to v2 [`55a39a6`](https://github.com/inspect-js/object-inspect/commit/55a39a64e944f19c6a7d8efddf3df27700f20d14)
+- [actions] switch Automatic Rebase workflow to `pull_request_target` event [`f59fd3c`](https://github.com/inspect-js/object-inspect/commit/f59fd3cf406c3a7c7ece140904a80bbc6bacfcca)
+- [Dev Deps] update `eslint` [`a492bec`](https://github.com/inspect-js/object-inspect/commit/a492becec644b0155c9c4bc1caf6f9fac11fb2c7)
+
+## [v1.8.0](https://github.com/inspect-js/object-inspect/compare/v1.7.0...v1.8.0) - 2020-06-18
+
+### Fixed
+
+- [New] add `indent` option [`#27`](https://github.com/inspect-js/object-inspect/issues/27)
+
+### Commits
+
+- [Tests] add codecov [`4324cbb`](https://github.com/inspect-js/object-inspect/commit/4324cbb1a2bd7710822a4151ff373570db22453e)
+- [New] add `maxStringLength` option [`b3995cb`](https://github.com/inspect-js/object-inspect/commit/b3995cb71e15b5ee127a3094c43994df9d973502)
+- [New] add `customInspect` option, to disable custom inspect methods [`28b9179`](https://github.com/inspect-js/object-inspect/commit/28b9179ee802bb3b90810100c11637db90c2fb6d)
+- [Tests] add Date and RegExp tests [`3b28eca`](https://github.com/inspect-js/object-inspect/commit/3b28eca57b0367aeadffac604ea09e8bdae7d97b)
+- [actions] add automatic rebasing / merge commit blocking [`0d9c6c0`](https://github.com/inspect-js/object-inspect/commit/0d9c6c044e83475ff0bfffb9d35b149834c83a2e)
+- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `core-js`, `tape`; add `aud` [`7c204f2`](https://github.com/inspect-js/object-inspect/commit/7c204f22b9e41bc97147f4d32d4cb045b17769a6)
+- [readme] fix repo URLs, remove testling [`34ca9a0`](https://github.com/inspect-js/object-inspect/commit/34ca9a0dabfe75bd311f806a326fadad029909a3)
+- [Fix] when truncating a deep array, note it as `[Array]` instead of just `[Object]` [`f74c82d`](https://github.com/inspect-js/object-inspect/commit/f74c82dd0b35386445510deb250f34c41be3ec0e)
+- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `tape` [`1a8a5ea`](https://github.com/inspect-js/object-inspect/commit/1a8a5ea069ea2bee89d77caedad83ffa23d35711)
+- [Fix] do not be fooled by a function’s own `toString` method [`7cb5c65`](https://github.com/inspect-js/object-inspect/commit/7cb5c657a976f94715c19c10556a30f15bb7d5d7)
+- [patch] indicate explicitly that anon functions are anonymous, to match node [`81ebdd4`](https://github.com/inspect-js/object-inspect/commit/81ebdd4215005144074bbdff3f6bafa01407910a)
+- [Dev Deps] loosen the `core-js` dep [`e7472e8`](https://github.com/inspect-js/object-inspect/commit/e7472e8e242117670560bd995830c2a4d12080f5)
+- [Dev Deps] update `tape` [`699827e`](https://github.com/inspect-js/object-inspect/commit/699827e6b37258b5203c33c78c009bf4b0e6a66d)
+- [meta] add `safe-publish-latest` [`c5d2868`](https://github.com/inspect-js/object-inspect/commit/c5d2868d6eb33c472f37a20f89ceef2787046088)
+- [Dev Deps] update `@ljharb/eslint-config` [`9199501`](https://github.com/inspect-js/object-inspect/commit/919950195d486114ccebacbdf9d74d7f382693b0)
+
+## [v1.7.0](https://github.com/inspect-js/object-inspect/compare/v1.6.0...v1.7.0) - 2019-11-10
+
+### Commits
+
+- [Tests] use shared travis-ci configs [`19899ed`](https://github.com/inspect-js/object-inspect/commit/19899edbf31f4f8809acf745ce34ad1ce1bfa63b)
+- [Tests] add linting [`a00f057`](https://github.com/inspect-js/object-inspect/commit/a00f057d917f66ea26dd37769c6b810ec4af97e8)
+- [Tests] lint last file [`2698047`](https://github.com/inspect-js/object-inspect/commit/2698047b58af1e2e88061598ef37a75f228dddf6)
+- [Tests] up to `node` `v12.7`, `v11.15`, `v10.16`, `v8.16`, `v6.17` [`589e87a`](https://github.com/inspect-js/object-inspect/commit/589e87a99cadcff4b600e6a303418e9d922836e8)
+- [New] add support for `WeakMap` and `WeakSet` [`3ddb3e4`](https://github.com/inspect-js/object-inspect/commit/3ddb3e4e0c8287130c61a12e0ed9c104b1549306)
+- [meta] clean up license so github can detect it properly [`27527bb`](https://github.com/inspect-js/object-inspect/commit/27527bb801520c9610c68cc3b55d6f20a2bee56d)
+- [Tests] cover `util.inspect.custom` [`36d47b9`](https://github.com/inspect-js/object-inspect/commit/36d47b9c59056a57ef2f1491602c726359561800)
+- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `core-js`, `tape` [`b614eaa`](https://github.com/inspect-js/object-inspect/commit/b614eaac901da0e5c69151f534671f990a94cace)
+- [Tests] fix coverage thresholds [`7b7b176`](https://github.com/inspect-js/object-inspect/commit/7b7b176e15f8bd6e8b2f261ff5a493c2fe78d9c2)
+- [Tests] bigint tests now can run on unflagged node [`063af31`](https://github.com/inspect-js/object-inspect/commit/063af31ce9cd13c202e3b67c07ba06dc9b7c0f81)
+- [Refactor] add early bailout to `isMap` and `isSet` checks [`fc51047`](https://github.com/inspect-js/object-inspect/commit/fc5104714a3671d37e225813db79470d6335683b)
+- [meta] add `funding` field [`7f9953a`](https://github.com/inspect-js/object-inspect/commit/7f9953a113eec7b064a6393cf9f90ba15f1d131b)
+- [Tests] Fix invalid strict-mode syntax with hexadecimal [`a8b5425`](https://github.com/inspect-js/object-inspect/commit/a8b542503b4af1599a275209a1a99f5fdedb1ead)
+- [Dev Deps] update `@ljharb/eslint-config` [`98df157`](https://github.com/inspect-js/object-inspect/commit/98df1577314d9188a3fc3f17fdcf2fba697ae1bd)
+- add copyright to LICENSE [`bb69fd0`](https://github.com/inspect-js/object-inspect/commit/bb69fd017a062d299e44da1f9b2c7dcd67f621e6)
+- [Tests] use `npx aud` in `posttest` [`4838353`](https://github.com/inspect-js/object-inspect/commit/4838353593974cf7f905b9ef04c03c094f0cdbe2)
+- [Tests] move `0.6` to allowed failures, because it won‘t build on travis [`1bff32a`](https://github.com/inspect-js/object-inspect/commit/1bff32aa52e8aea687f0856b28ba754b3e43ebf7)
+
+## [v1.6.0](https://github.com/inspect-js/object-inspect/compare/v1.5.0...v1.6.0) - 2018-05-02
+
+### Commits
+
+- [New] add support for boxed BigInt primitives [`356c66a`](https://github.com/inspect-js/object-inspect/commit/356c66a410e7aece7162c8319880a5ef647beaa9)
+- [Tests] up to `node` `v10.0`, `v9.11`, `v8.11`, `v6.14`, `v4.9` [`c77b65b`](https://github.com/inspect-js/object-inspect/commit/c77b65bba593811b906b9ec57561c5cba92e2db3)
+- [New] Add support for upcoming `BigInt` [`1ac548e`](https://github.com/inspect-js/object-inspect/commit/1ac548e4b27e26466c28c9a5e63e5d4e0591c31f)
+- [Tests] run bigint tests in CI with --harmony-bigint flag [`d31b738`](https://github.com/inspect-js/object-inspect/commit/d31b73831880254b5c6cf5691cda9a149fbc5f04)
+- [Dev Deps] update `core-js`, `tape` [`ff9eff6`](https://github.com/inspect-js/object-inspect/commit/ff9eff67113341ee1aaf80c1c22d683f43bfbccf)
+- [Docs] fix example to use `safer-buffer` [`48cae12`](https://github.com/inspect-js/object-inspect/commit/48cae12a73ec6cacc955175bc56bbe6aee6a211f)
+
+## [v1.5.0](https://github.com/inspect-js/object-inspect/compare/v1.4.1...v1.5.0) - 2017-12-25
+
+### Commits
+
+- [New] add `quoteStyle` option [`f5a72d2`](https://github.com/inspect-js/object-inspect/commit/f5a72d26edb3959b048f74c056ca7100a6b091e4)
+- [Tests] add more test coverage [`30ebe4e`](https://github.com/inspect-js/object-inspect/commit/30ebe4e1fa943b99ecbb85be7614256d536e2759)
+- [Tests] require 0.6 to pass [`99a008c`](https://github.com/inspect-js/object-inspect/commit/99a008ccace189a60fd7da18bf00e32c9572b980)
+
+## [v1.4.1](https://github.com/inspect-js/object-inspect/compare/v1.4.0...v1.4.1) - 2017-12-19
+
+### Commits
+
+- [Tests] up to `node` `v9.3`, `v8.9`, `v6.12` [`6674476`](https://github.com/inspect-js/object-inspect/commit/6674476cc56acaac1bde96c84fed5ef631911906)
+- [Fix] `inspect(Object(-0))` should be “Object(-0)”, not “Object(0)” [`d0a031f`](https://github.com/inspect-js/object-inspect/commit/d0a031f1cbb3024ee9982bfe364dd18a7e4d1bd3)
+
+## [v1.4.0](https://github.com/inspect-js/object-inspect/compare/v1.3.0...v1.4.0) - 2017-10-24
+
+### Commits
+
+- [Tests] add `npm run coverage` [`3b48fb2`](https://github.com/inspect-js/object-inspect/commit/3b48fb25db037235eeb808f0b2830aad7aa36f70)
+- [Tests] remove commented-out osx builds [`71e24db`](https://github.com/inspect-js/object-inspect/commit/71e24db8ad6ee3b9b381c5300b0475f2ba595a73)
+- [New] add support for `util.inspect.custom`, in node only. [`20cca77`](https://github.com/inspect-js/object-inspect/commit/20cca7762d7e17f15b21a90793dff84acce155df)
+- [Tests] up to `node` `v8.6`; use `nvm install-latest-npm` to ensure new npm doesn’t break old node [`252952d`](https://github.com/inspect-js/object-inspect/commit/252952d230d8065851dd3d4d5fe8398aae068529)
+- [Tests] up to `node` `v8.8` [`4aa868d`](https://github.com/inspect-js/object-inspect/commit/4aa868d3a62914091d489dd6ec6eed194ee67cd3)
+- [Dev Deps] update `core-js`, `tape` [`59483d1`](https://github.com/inspect-js/object-inspect/commit/59483d1df418f852f51fa0db7b24aa6b0209a27a)
+
+## [v1.3.0](https://github.com/inspect-js/object-inspect/compare/v1.2.2...v1.3.0) - 2017-07-31
+
+### Fixed
+
+- [Fix] Map/Set: work around core-js bug &lt; v2.5.0 [`#9`](https://github.com/inspect-js/object-inspect/issues/9)
+
+### Commits
+
+- [New] add support for arrays with additional object keys [`0d19937`](https://github.com/inspect-js/object-inspect/commit/0d199374ee37959e51539616666f420ccb29acb9)
+- [Tests] up to `node` `v8.2`, `v7.10`, `v6.11`; fix new npm breaking on older nodes [`e24784a`](https://github.com/inspect-js/object-inspect/commit/e24784a90c49117787157a12a63897c49cf89bbb)
+- Only apps should have lockfiles [`c6faebc`](https://github.com/inspect-js/object-inspect/commit/c6faebcb2ee486a889a4a1c4d78c0776c7576185)
+- [Dev Deps] update `tape` [`7345a0a`](https://github.com/inspect-js/object-inspect/commit/7345a0aeba7e91b888a079c10004d17696a7f586)
+
+## [v1.2.2](https://github.com/inspect-js/object-inspect/compare/v1.2.1...v1.2.2) - 2017-03-24
+
+### Commits
+
+- [Tests] up to `node` `v7.7`, `v6.10`, `v4.8`; improve test matrix [`a2ddc15`](https://github.com/inspect-js/object-inspect/commit/a2ddc15a1f2c65af18076eea1c0eb9cbceb478a0)
+- [Tests] up to `node` `v7.0`, `v6.9`, `v5.12`, `v4.6`, `io.js` `v3.3`; improve test matrix [`a48949f`](https://github.com/inspect-js/object-inspect/commit/a48949f6b574b2d4d2298109d8e8d0eb3e7a83e7)
+- [Performance] check for primitive types as early as possible. [`3b8092a`](https://github.com/inspect-js/object-inspect/commit/3b8092a2a4deffd0575f94334f00194e2d48dad3)
+- [Refactor] remove unneeded `else`s. [`7255034`](https://github.com/inspect-js/object-inspect/commit/725503402e08de4f96f6bf2d8edef44ac36f26b6)
+- [Refactor] avoid recreating `lowbyte` function every time. [`81edd34`](https://github.com/inspect-js/object-inspect/commit/81edd3475bd15bdd18e84de7472033dcf5004aaa)
+- [Fix] differentiate -0 from 0 [`521d345`](https://github.com/inspect-js/object-inspect/commit/521d3456b009da7bf1c5785c8a9df5a9f8718264)
+- [Refactor] move object key gathering into separate function [`aca6265`](https://github.com/inspect-js/object-inspect/commit/aca626536eaeef697196c6e9db3e90e7e0355b6a)
+- [Refactor] consolidate wrapping logic for boxed primitives into a function. [`4e440cd`](https://github.com/inspect-js/object-inspect/commit/4e440cd9065df04802a2a1dead03f48c353ca301)
+- [Robustness] use `typeof` instead of comparing to literal `undefined` [`5ca6f60`](https://github.com/inspect-js/object-inspect/commit/5ca6f601937506daff8ed2fcf686363b55807b69)
+- [Refactor] consolidate Map/Set notations. [`4e576e5`](https://github.com/inspect-js/object-inspect/commit/4e576e5d7ed2f9ec3fb7f37a0d16732eb10758a9)
+- [Tests] ensure that this function remains anonymous, despite ES6 name inference. [`7540ae5`](https://github.com/inspect-js/object-inspect/commit/7540ae591278756db614fa4def55ca413150e1a3)
+- [Refactor] explicitly coerce Error objects to strings. [`7f4ca84`](https://github.com/inspect-js/object-inspect/commit/7f4ca8424ee8dc2c0ca5a422d94f7fac40327261)
+- [Refactor] split up `var` declarations for debuggability [`6f2c11e`](https://github.com/inspect-js/object-inspect/commit/6f2c11e6a85418586a00292dcec5e97683f89bc3)
+- [Robustness] cache `Object.prototype.toString` [`df44a20`](https://github.com/inspect-js/object-inspect/commit/df44a20adfccf31529d60d1df2079bfc3c836e27)
+- [Dev Deps] update `tape` [`3ec714e`](https://github.com/inspect-js/object-inspect/commit/3ec714eba57bc3f58a6eb4fca1376f49e70d300a)
+- [Dev Deps] update `tape` [`beb72d9`](https://github.com/inspect-js/object-inspect/commit/beb72d969653747d7cde300393c28755375329b0)
+
+## [v1.2.1](https://github.com/inspect-js/object-inspect/compare/v1.2.0...v1.2.1) - 2016-04-09
+
+### Fixed
+
+- [Fix] fix Boolean `false` object inspection. [`#7`](https://github.com/substack/object-inspect/pull/7)
+
+## [v1.2.0](https://github.com/inspect-js/object-inspect/compare/v1.1.0...v1.2.0) - 2016-04-09
+
+### Fixed
+
+- [New] add support for inspecting String/Number/Boolean objects. [`#6`](https://github.com/inspect-js/object-inspect/issues/6)
+
+### Commits
+
+- [Dev Deps] update `tape` [`742caa2`](https://github.com/inspect-js/object-inspect/commit/742caa262cf7af4c815d4821c8bd0129c1446432)
+
+## [v1.1.0](https://github.com/inspect-js/object-inspect/compare/1.0.2...v1.1.0) - 2015-12-14
+
+### Merged
+
+- [New] add ES6 Map/Set support. [`#4`](https://github.com/inspect-js/object-inspect/pull/4)
+
+### Fixed
+
+- [New] add ES6 Map/Set support. [`#3`](https://github.com/inspect-js/object-inspect/issues/3)
+
+### Commits
+
+- Update `travis.yml` to test on bunches of `iojs` and `node` versions. [`4c1fd65`](https://github.com/inspect-js/object-inspect/commit/4c1fd65cc3bd95307e854d114b90478324287fd2)
+- [Dev Deps] update `tape` [`88a907e`](https://github.com/inspect-js/object-inspect/commit/88a907e33afbe408e4b5d6e4e42a33143f88848c)
+
+## [1.0.2](https://github.com/inspect-js/object-inspect/compare/1.0.1...1.0.2) - 2015-08-07
+
+### Commits
+
+- [Fix] Cache `Object.prototype.hasOwnProperty` in case it's deleted later. [`1d0075d`](https://github.com/inspect-js/object-inspect/commit/1d0075d3091dc82246feeb1f9871cb2b8ed227b3)
+- [Dev Deps] Update `tape` [`ca8d5d7`](https://github.com/inspect-js/object-inspect/commit/ca8d5d75635ddbf76f944e628267581e04958457)
+- gitignore node_modules since this is a reusable modules. [`ed41407`](https://github.com/inspect-js/object-inspect/commit/ed41407811743ca530cdeb28f982beb96026af82)
+
+## [1.0.1](https://github.com/inspect-js/object-inspect/compare/1.0.0...1.0.1) - 2015-07-19
+
+### Commits
+
+- Make `inspect` work with symbol primitives and objects, including in node 0.11 and 0.12. [`ddf1b94`](https://github.com/inspect-js/object-inspect/commit/ddf1b94475ab951f1e3bccdc0a48e9073cfbfef4)
+- bump tape [`103d674`](https://github.com/inspect-js/object-inspect/commit/103d67496b504bdcfdd765d303a773f87ec106e2)
+- use newer travis config [`d497276`](https://github.com/inspect-js/object-inspect/commit/d497276c1da14234bb5098a59cf20de75fbc316a)
+
+## [1.0.0](https://github.com/inspect-js/object-inspect/compare/0.4.0...1.0.0) - 2014-08-05
+
+### Commits
+
+- error inspect works properly [`260a22d`](https://github.com/inspect-js/object-inspect/commit/260a22d134d3a8a482c67d52091c6040c34f4299)
+- seen coverage [`57269e8`](https://github.com/inspect-js/object-inspect/commit/57269e8baa992a7439047f47325111fdcbcb8417)
+- htmlelement instance coverage [`397ffe1`](https://github.com/inspect-js/object-inspect/commit/397ffe10a1980350868043ef9de65686d438979f)
+- more element coverage [`6905cc2`](https://github.com/inspect-js/object-inspect/commit/6905cc2f7df35600177e613b0642b4df5efd3eca)
+- failing test for type errors [`385b615`](https://github.com/inspect-js/object-inspect/commit/385b6152e49b51b68449a662f410b084ed7c601a)
+- fn name coverage [`edc906d`](https://github.com/inspect-js/object-inspect/commit/edc906d40fca6b9194d304062c037ee8e398c4c2)
+- server-side element test [`362d1d3`](https://github.com/inspect-js/object-inspect/commit/362d1d3e86f187651c29feeb8478110afada385b)
+- custom inspect fn [`e89b0f6`](https://github.com/inspect-js/object-inspect/commit/e89b0f6fe6d5e03681282af83732a509160435a6)
+- fixed browser test [`b530882`](https://github.com/inspect-js/object-inspect/commit/b5308824a1c8471c5617e394766a03a6977102a9)
+- depth test, matches node [`1cfd9e0`](https://github.com/inspect-js/object-inspect/commit/1cfd9e0285a4ae1dff44101ad482915d9bf47e48)
+- exercise hasOwnProperty path [`8d753fb`](https://github.com/inspect-js/object-inspect/commit/8d753fb362a534fa1106e4d80f2ee9bea06a66d9)
+- more cases covered for errors [`c5c46a5`](https://github.com/inspect-js/object-inspect/commit/c5c46a569ec4606583497e8550f0d8c7ad39a4a4)
+- \W obj key test case [`b0eceee`](https://github.com/inspect-js/object-inspect/commit/b0eceeea6e0eb94d686c1046e99b9e25e5005f75)
+- coverage for explicit depth param [`e12b91c`](https://github.com/inspect-js/object-inspect/commit/e12b91cd59683362f3a0e80f46481a0211e26c15)
+
+## [0.4.0](https://github.com/inspect-js/object-inspect/compare/0.3.1...0.4.0) - 2014-03-21
+
+### Commits
+
+- passing lowbyte interpolation test [`b847511`](https://github.com/inspect-js/object-inspect/commit/b8475114f5def7e7961c5353d48d3d8d9a520985)
+- lowbyte test [`4a2b0e1`](https://github.com/inspect-js/object-inspect/commit/4a2b0e142667fc933f195472759385ac08f3946c)
+
+## [0.3.1](https://github.com/inspect-js/object-inspect/compare/0.3.0...0.3.1) - 2014-03-04
+
+### Commits
+
+- sort keys [`a07b19c`](https://github.com/inspect-js/object-inspect/commit/a07b19cc3b1521a82d4fafb6368b7a9775428a05)
+
+## [0.3.0](https://github.com/inspect-js/object-inspect/compare/0.2.0...0.3.0) - 2014-03-04
+
+### Commits
+
+- [] and {} instead of [ ] and { } [`654c44b`](https://github.com/inspect-js/object-inspect/commit/654c44b2865811f3519e57bb8526e0821caf5c6b)
+
+## [0.2.0](https://github.com/inspect-js/object-inspect/compare/0.1.3...0.2.0) - 2014-03-04
+
+### Commits
+
+- failing holes test [`99cdfad`](https://github.com/inspect-js/object-inspect/commit/99cdfad03c6474740275a75636fe6ca86c77737a)
+- regex already work [`e324033`](https://github.com/inspect-js/object-inspect/commit/e324033267025995ec97d32ed0a65737c99477a6)
+- failing undef/null test [`1f88a00`](https://github.com/inspect-js/object-inspect/commit/1f88a00265d3209719dda8117b7e6360b4c20943)
+- holes in the all example [`7d345f3`](https://github.com/inspect-js/object-inspect/commit/7d345f3676dcbe980cff89a4f6c243269ebbb709)
+- check for .inspect(), fixes Buffer use-case [`c3f7546`](https://github.com/inspect-js/object-inspect/commit/c3f75466dbca125347d49847c05262c292f12b79)
+- fixes for holes [`ce25f73`](https://github.com/inspect-js/object-inspect/commit/ce25f736683de4b92ff27dc5471218415e2d78d8)
+- weird null behavior [`405c1ea`](https://github.com/inspect-js/object-inspect/commit/405c1ea72cd5a8cf3b498c3eaa903d01b9fbcab5)
+- tape is actually a devDependency, upgrade [`703b0ce`](https://github.com/inspect-js/object-inspect/commit/703b0ce6c5817b4245a082564bccd877e0bb6990)
+- put date in the example [`a342219`](https://github.com/inspect-js/object-inspect/commit/a3422190eeaa013215f46df2d0d37b48595ac058)
+- passing the null test [`4ab737e`](https://github.com/inspect-js/object-inspect/commit/4ab737ebf862a75d247ebe51e79307a34d6380d4)
+
+## [0.1.3](https://github.com/inspect-js/object-inspect/compare/0.1.1...0.1.3) - 2013-07-26
+
+### Commits
+
+- special isElement() check [`882768a`](https://github.com/inspect-js/object-inspect/commit/882768a54035d30747be9de1baf14e5aa0daa128)
+- oh right old IEs don't have indexOf either [`36d1275`](https://github.com/inspect-js/object-inspect/commit/36d12756c38b08a74370b0bb696c809e529913a5)
+
+## [0.1.1](https://github.com/inspect-js/object-inspect/compare/0.1.0...0.1.1) - 2013-07-26
+
+### Commits
+
+- tests! [`4422fd9`](https://github.com/inspect-js/object-inspect/commit/4422fd95532c2745aa6c4f786f35f1090be29998)
+- fix for ie&lt;9, doesn't have hasOwnProperty [`6b7d611`](https://github.com/inspect-js/object-inspect/commit/6b7d61183050f6da801ea04473211da226482613)
+- fix for all IEs: no f.name [`4e0c2f6`](https://github.com/inspect-js/object-inspect/commit/4e0c2f6dfd01c306d067d7163319acc97c94ee50)
+- badges [`5ed0d88`](https://github.com/inspect-js/object-inspect/commit/5ed0d88e4e407f9cb327fa4a146c17921f9680f3)
+
+## [0.1.0](https://github.com/inspect-js/object-inspect/compare/0.0.0...0.1.0) - 2013-07-26
+
+### Commits
+
+- [Function] for functions [`ad5c485`](https://github.com/inspect-js/object-inspect/commit/ad5c485098fc83352cb540a60b2548ca56820e0b)
+
+## 0.0.0 - 2013-07-26
+
+### Commits
+
+- working browser example [`34be6b6`](https://github.com/inspect-js/object-inspect/commit/34be6b6548f9ce92bdc3c27572857ba0c4a1218d)
+- package.json etc [`cad51f2`](https://github.com/inspect-js/object-inspect/commit/cad51f23fc6bcf1a456ed6abe16088256c2f632f)
+- docs complete [`b80cce2`](https://github.com/inspect-js/object-inspect/commit/b80cce2490c4e7183a9ee11ea89071f0abec4446)
+- circular example [`4b4a7b9`](https://github.com/inspect-js/object-inspect/commit/4b4a7b92209e4e6b4630976cb6bcd17d14165a59)
+- string rep [`7afb479`](https://github.com/inspect-js/object-inspect/commit/7afb479baa798d27f09e0a178b72ea327f60f5c8)
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/LICENSE b/src/Servers/ExpressServer/node_modules/object-inspect/LICENSE
new file mode 100644
index 0000000..ca64cc1
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/object-inspect/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2013 James Halliday
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/example/all.js b/src/Servers/ExpressServer/node_modules/object-inspect/example/all.js
new file mode 100644
index 0000000..2f3355c
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/object-inspect/example/all.js
@@ -0,0 +1,23 @@
+'use strict';
+
+var inspect = require('../');
+var Buffer = require('safer-buffer').Buffer;
+
+var holes = ['a', 'b'];
+holes[4] = 'e';
+holes[6] = 'g';
+
+var obj = {
+    a: 1,
+    b: [3, 4, undefined, null],
+    c: undefined,
+    d: null,
+    e: {
+        regex: /^x/i,
+        buf: Buffer.from('abc'),
+        holes: holes
+    },
+    now: new Date()
+};
+obj.self = obj;
+console.log(inspect(obj));
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/example/circular.js b/src/Servers/ExpressServer/node_modules/object-inspect/example/circular.js
new file mode 100644
index 0000000..487a7c1
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/object-inspect/example/circular.js
@@ -0,0 +1,6 @@
+'use strict';
+
+var inspect = require('../');
+var obj = { a: 1, b: [3, 4] };
+obj.c = obj;
+console.log(inspect(obj));
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/example/fn.js b/src/Servers/ExpressServer/node_modules/object-inspect/example/fn.js
new file mode 100644
index 0000000..9b5db8d
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/object-inspect/example/fn.js
@@ -0,0 +1,5 @@
+'use strict';
+
+var inspect = require('../');
+var obj = [1, 2, function f(n) { return n + 5; }, 4];
+console.log(inspect(obj));
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/example/inspect.js b/src/Servers/ExpressServer/node_modules/object-inspect/example/inspect.js
new file mode 100644
index 0000000..e2df7c9
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/object-inspect/example/inspect.js
@@ -0,0 +1,10 @@
+'use strict';
+
+/* eslint-env browser */
+var inspect = require('../');
+
+var d = document.createElement('div');
+d.setAttribute('id', 'beep');
+d.innerHTML = '<b>wooo</b><i>iiiii</i>';
+
+console.log(inspect([d, { a: 3, b: 4, c: [5, 6, [7, [8, [9]]]] }]));
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/index.js b/src/Servers/ExpressServer/node_modules/object-inspect/index.js
new file mode 100644
index 0000000..a4b2d4c
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/object-inspect/index.js
@@ -0,0 +1,544 @@
+var hasMap = typeof Map === 'function' && Map.prototype;
+var mapSizeDescriptor = Object.getOwnPropertyDescriptor && hasMap ? Object.getOwnPropertyDescriptor(Map.prototype, 'size') : null;
+var mapSize = hasMap && mapSizeDescriptor && typeof mapSizeDescriptor.get === 'function' ? mapSizeDescriptor.get : null;
+var mapForEach = hasMap && Map.prototype.forEach;
+var hasSet = typeof Set === 'function' && Set.prototype;
+var setSizeDescriptor = Object.getOwnPropertyDescriptor && hasSet ? Object.getOwnPropertyDescriptor(Set.prototype, 'size') : null;
+var setSize = hasSet && setSizeDescriptor && typeof setSizeDescriptor.get === 'function' ? setSizeDescriptor.get : null;
+var setForEach = hasSet && Set.prototype.forEach;
+var hasWeakMap = typeof WeakMap === 'function' && WeakMap.prototype;
+var weakMapHas = hasWeakMap ? WeakMap.prototype.has : null;
+var hasWeakSet = typeof WeakSet === 'function' && WeakSet.prototype;
+var weakSetHas = hasWeakSet ? WeakSet.prototype.has : null;
+var hasWeakRef = typeof WeakRef === 'function' && WeakRef.prototype;
+var weakRefDeref = hasWeakRef ? WeakRef.prototype.deref : null;
+var booleanValueOf = Boolean.prototype.valueOf;
+var objectToString = Object.prototype.toString;
+var functionToString = Function.prototype.toString;
+var $match = String.prototype.match;
+var $slice = String.prototype.slice;
+var $replace = String.prototype.replace;
+var $toUpperCase = String.prototype.toUpperCase;
+var $toLowerCase = String.prototype.toLowerCase;
+var $test = RegExp.prototype.test;
+var $concat = Array.prototype.concat;
+var $join = Array.prototype.join;
+var $arrSlice = Array.prototype.slice;
+var $floor = Math.floor;
+var bigIntValueOf = typeof BigInt === 'function' ? BigInt.prototype.valueOf : null;
+var gOPS = Object.getOwnPropertySymbols;
+var symToString = typeof Symbol === 'function' && typeof Symbol.iterator === 'symbol' ? Symbol.prototype.toString : null;
+var hasShammedSymbols = typeof Symbol === 'function' && typeof Symbol.iterator === 'object';
+// ie, `has-tostringtag/shams
+var toStringTag = typeof Symbol === 'function' && Symbol.toStringTag && (typeof Symbol.toStringTag === hasShammedSymbols ? 'object' : 'symbol')
+    ? Symbol.toStringTag
+    : null;
+var isEnumerable = Object.prototype.propertyIsEnumerable;
+
+var gPO = (typeof Reflect === 'function' ? Reflect.getPrototypeOf : Object.getPrototypeOf) || (
+    [].__proto__ === Array.prototype // eslint-disable-line no-proto
+        ? function (O) {
+            return O.__proto__; // eslint-disable-line no-proto
+        }
+        : null
+);
+
+function addNumericSeparator(num, str) {
+    if (
+        num === Infinity
+        || num === -Infinity
+        || num !== num
+        || (num && num > -1000 && num < 1000)
+        || $test.call(/e/, str)
+    ) {
+        return str;
+    }
+    var sepRegex = /[0-9](?=(?:[0-9]{3})+(?![0-9]))/g;
+    if (typeof num === 'number') {
+        var int = num < 0 ? -$floor(-num) : $floor(num); // trunc(num)
+        if (int !== num) {
+            var intStr = String(int);
+            var dec = $slice.call(str, intStr.length + 1);
+            return $replace.call(intStr, sepRegex, '$&_') + '.' + $replace.call($replace.call(dec, /([0-9]{3})/g, '$&_'), /_$/, '');
+        }
+    }
+    return $replace.call(str, sepRegex, '$&_');
+}
+
+var utilInspect = require('./util.inspect');
+var inspectCustom = utilInspect.custom;
+var inspectSymbol = isSymbol(inspectCustom) ? inspectCustom : null;
+
+var quotes = {
+    __proto__: null,
+    'double': '"',
+    single: "'"
+};
+var quoteREs = {
+    __proto__: null,
+    'double': /(["\\])/g,
+    single: /(['\\])/g
+};
+
+module.exports = function inspect_(obj, options, depth, seen) {
+    var opts = options || {};
+
+    if (has(opts, 'quoteStyle') && !has(quotes, opts.quoteStyle)) {
+        throw new TypeError('option "quoteStyle" must be "single" or "double"');
+    }
+    if (
+        has(opts, 'maxStringLength') && (typeof opts.maxStringLength === 'number'
+            ? opts.maxStringLength < 0 && opts.maxStringLength !== Infinity
+            : opts.maxStringLength !== null
+        )
+    ) {
+        throw new TypeError('option "maxStringLength", if provided, must be a positive integer, Infinity, or `null`');
+    }
+    var customInspect = has(opts, 'customInspect') ? opts.customInspect : true;
+    if (typeof customInspect !== 'boolean' && customInspect !== 'symbol') {
+        throw new TypeError('option "customInspect", if provided, must be `true`, `false`, or `\'symbol\'`');
+    }
+
+    if (
+        has(opts, 'indent')
+        && opts.indent !== null
+        && opts.indent !== '\t'
+        && !(parseInt(opts.indent, 10) === opts.indent && opts.indent > 0)
+    ) {
+        throw new TypeError('option "indent" must be "\\t", an integer > 0, or `null`');
+    }
+    if (has(opts, 'numericSeparator') && typeof opts.numericSeparator !== 'boolean') {
+        throw new TypeError('option "numericSeparator", if provided, must be `true` or `false`');
+    }
+    var numericSeparator = opts.numericSeparator;
+
+    if (typeof obj === 'undefined') {
+        return 'undefined';
+    }
+    if (obj === null) {
+        return 'null';
+    }
+    if (typeof obj === 'boolean') {
+        return obj ? 'true' : 'false';
+    }
+
+    if (typeof obj === 'string') {
+        return inspectString(obj, opts);
+    }
+    if (typeof obj === 'number') {
+        if (obj === 0) {
+            return Infinity / obj > 0 ? '0' : '-0';
+        }
+        var str = String(obj);
+        return numericSeparator ? addNumericSeparator(obj, str) : str;
+    }
+    if (typeof obj === 'bigint') {
+        var bigIntStr = String(obj) + 'n';
+        return numericSeparator ? addNumericSeparator(obj, bigIntStr) : bigIntStr;
+    }
+
+    var maxDepth = typeof opts.depth === 'undefined' ? 5 : opts.depth;
+    if (typeof depth === 'undefined') { depth = 0; }
+    if (depth >= maxDepth && maxDepth > 0 && typeof obj === 'object') {
+        return isArray(obj) ? '[Array]' : '[Object]';
+    }
+
+    var indent = getIndent(opts, depth);
+
+    if (typeof seen === 'undefined') {
+        seen = [];
+    } else if (indexOf(seen, obj) >= 0) {
+        return '[Circular]';
+    }
+
+    function inspect(value, from, noIndent) {
+        if (from) {
+            seen = $arrSlice.call(seen);
+            seen.push(from);
+        }
+        if (noIndent) {
+            var newOpts = {
+                depth: opts.depth
+            };
+            if (has(opts, 'quoteStyle')) {
+                newOpts.quoteStyle = opts.quoteStyle;
+            }
+            return inspect_(value, newOpts, depth + 1, seen);
+        }
+        return inspect_(value, opts, depth + 1, seen);
+    }
+
+    if (typeof obj === 'function' && !isRegExp(obj)) { // in older engines, regexes are callable
+        var name = nameOf(obj);
+        var keys = arrObjKeys(obj, inspect);
+        return '[Function' + (name ? ': ' + name : ' (anonymous)') + ']' + (keys.length > 0 ? ' { ' + $join.call(keys, ', ') + ' }' : '');
+    }
+    if (isSymbol(obj)) {
+        var symString = hasShammedSymbols ? $replace.call(String(obj), /^(Symbol\(.*\))_[^)]*$/, '$1') : symToString.call(obj);
+        return typeof obj === 'object' && !hasShammedSymbols ? markBoxed(symString) : symString;
+    }
+    if (isElement(obj)) {
+        var s = '<' + $toLowerCase.call(String(obj.nodeName));
+        var attrs = obj.attributes || [];
+        for (var i = 0; i < attrs.length; i++) {
+            s += ' ' + attrs[i].name + '=' + wrapQuotes(quote(attrs[i].value), 'double', opts);
+        }
+        s += '>';
+        if (obj.childNodes && obj.childNodes.length) { s += '...'; }
+        s += '</' + $toLowerCase.call(String(obj.nodeName)) + '>';
+        return s;
+    }
+    if (isArray(obj)) {
+        if (obj.length === 0) { return '[]'; }
+        var xs = arrObjKeys(obj, inspect);
+        if (indent && !singleLineValues(xs)) {
+            return '[' + indentedJoin(xs, indent) + ']';
+        }
+        return '[ ' + $join.call(xs, ', ') + ' ]';
+    }
+    if (isError(obj)) {
+        var parts = arrObjKeys(obj, inspect);
+        if (!('cause' in Error.prototype) && 'cause' in obj && !isEnumerable.call(obj, 'cause')) {
+            return '{ [' + String(obj) + '] ' + $join.call($concat.call('[cause]: ' + inspect(obj.cause), parts), ', ') + ' }';
+        }
+        if (parts.length === 0) { return '[' + String(obj) + ']'; }
+        return '{ [' + String(obj) + '] ' + $join.call(parts, ', ') + ' }';
+    }
+    if (typeof obj === 'object' && customInspect) {
+        if (inspectSymbol && typeof obj[inspectSymbol] === 'function' && utilInspect) {
+            return utilInspect(obj, { depth: maxDepth - depth });
+        } else if (customInspect !== 'symbol' && typeof obj.inspect === 'function') {
+            return obj.inspect();
+        }
+    }
+    if (isMap(obj)) {
+        var mapParts = [];
+        if (mapForEach) {
+            mapForEach.call(obj, function (value, key) {
+                mapParts.push(inspect(key, obj, true) + ' => ' + inspect(value, obj));
+            });
+        }
+        return collectionOf('Map', mapSize.call(obj), mapParts, indent);
+    }
+    if (isSet(obj)) {
+        var setParts = [];
+        if (setForEach) {
+            setForEach.call(obj, function (value) {
+                setParts.push(inspect(value, obj));
+            });
+        }
+        return collectionOf('Set', setSize.call(obj), setParts, indent);
+    }
+    if (isWeakMap(obj)) {
+        return weakCollectionOf('WeakMap');
+    }
+    if (isWeakSet(obj)) {
+        return weakCollectionOf('WeakSet');
+    }
+    if (isWeakRef(obj)) {
+        return weakCollectionOf('WeakRef');
+    }
+    if (isNumber(obj)) {
+        return markBoxed(inspect(Number(obj)));
+    }
+    if (isBigInt(obj)) {
+        return markBoxed(inspect(bigIntValueOf.call(obj)));
+    }
+    if (isBoolean(obj)) {
+        return markBoxed(booleanValueOf.call(obj));
+    }
+    if (isString(obj)) {
+        return markBoxed(inspect(String(obj)));
+    }
+    // note: in IE 8, sometimes `global !== window` but both are the prototypes of each other
+    /* eslint-env browser */
+    if (typeof window !== 'undefined' && obj === window) {
+        return '{ [object Window] }';
+    }
+    if (
+        (typeof globalThis !== 'undefined' && obj === globalThis)
+        || (typeof global !== 'undefined' && obj === global)
+    ) {
+        return '{ [object globalThis] }';
+    }
+    if (!isDate(obj) && !isRegExp(obj)) {
+        var ys = arrObjKeys(obj, inspect);
+        var isPlainObject = gPO ? gPO(obj) === Object.prototype : obj instanceof Object || obj.constructor === Object;
+        var protoTag = obj instanceof Object ? '' : 'null prototype';
+        var stringTag = !isPlainObject && toStringTag && Object(obj) === obj && toStringTag in obj ? $slice.call(toStr(obj), 8, -1) : protoTag ? 'Object' : '';
+        var constructorTag = isPlainObject || typeof obj.constructor !== 'function' ? '' : obj.constructor.name ? obj.constructor.name + ' ' : '';
+        var tag = constructorTag + (stringTag || protoTag ? '[' + $join.call($concat.call([], stringTag || [], protoTag || []), ': ') + '] ' : '');
+        if (ys.length === 0) { return tag + '{}'; }
+        if (indent) {
+            return tag + '{' + indentedJoin(ys, indent) + '}';
+        }
+        return tag + '{ ' + $join.call(ys, ', ') + ' }';
+    }
+    return String(obj);
+};
+
+function wrapQuotes(s, defaultStyle, opts) {
+    var style = opts.quoteStyle || defaultStyle;
+    var quoteChar = quotes[style];
+    return quoteChar + s + quoteChar;
+}
+
+function quote(s) {
+    return $replace.call(String(s), /"/g, '&quot;');
+}
+
+function canTrustToString(obj) {
+    return !toStringTag || !(typeof obj === 'object' && (toStringTag in obj || typeof obj[toStringTag] !== 'undefined'));
+}
+function isArray(obj) { return toStr(obj) === '[object Array]' && canTrustToString(obj); }
+function isDate(obj) { return toStr(obj) === '[object Date]' && canTrustToString(obj); }
+function isRegExp(obj) { return toStr(obj) === '[object RegExp]' && canTrustToString(obj); }
+function isError(obj) { return toStr(obj) === '[object Error]' && canTrustToString(obj); }
+function isString(obj) { return toStr(obj) === '[object String]' && canTrustToString(obj); }
+function isNumber(obj) { return toStr(obj) === '[object Number]' && canTrustToString(obj); }
+function isBoolean(obj) { return toStr(obj) === '[object Boolean]' && canTrustToString(obj); }
+
+// Symbol and BigInt do have Symbol.toStringTag by spec, so that can't be used to eliminate false positives
+function isSymbol(obj) {
+    if (hasShammedSymbols) {
+        return obj && typeof obj === 'object' && obj instanceof Symbol;
+    }
+    if (typeof obj === 'symbol') {
+        return true;
+    }
+    if (!obj || typeof obj !== 'object' || !symToString) {
+        return false;
+    }
+    try {
+        symToString.call(obj);
+        return true;
+    } catch (e) {}
+    return false;
+}
+
+function isBigInt(obj) {
+    if (!obj || typeof obj !== 'object' || !bigIntValueOf) {
+        return false;
+    }
+    try {
+        bigIntValueOf.call(obj);
+        return true;
+    } catch (e) {}
+    return false;
+}
+
+var hasOwn = Object.prototype.hasOwnProperty || function (key) { return key in this; };
+function has(obj, key) {
+    return hasOwn.call(obj, key);
+}
+
+function toStr(obj) {
+    return objectToString.call(obj);
+}
+
+function nameOf(f) {
+    if (f.name) { return f.name; }
+    var m = $match.call(functionToString.call(f), /^function\s*([\w$]+)/);
+    if (m) { return m[1]; }
+    return null;
+}
+
+function indexOf(xs, x) {
+    if (xs.indexOf) { return xs.indexOf(x); }
+    for (var i = 0, l = xs.length; i < l; i++) {
+        if (xs[i] === x) { return i; }
+    }
+    return -1;
+}
+
+function isMap(x) {
+    if (!mapSize || !x || typeof x !== 'object') {
+        return false;
+    }
+    try {
+        mapSize.call(x);
+        try {
+            setSize.call(x);
+        } catch (s) {
+            return true;
+        }
+        return x instanceof Map; // core-js workaround, pre-v2.5.0
+    } catch (e) {}
+    return false;
+}
+
+function isWeakMap(x) {
+    if (!weakMapHas || !x || typeof x !== 'object') {
+        return false;
+    }
+    try {
+        weakMapHas.call(x, weakMapHas);
+        try {
+            weakSetHas.call(x, weakSetHas);
+        } catch (s) {
+            return true;
+        }
+        return x instanceof WeakMap; // core-js workaround, pre-v2.5.0
+    } catch (e) {}
+    return false;
+}
+
+function isWeakRef(x) {
+    if (!weakRefDeref || !x || typeof x !== 'object') {
+        return false;
+    }
+    try {
+        weakRefDeref.call(x);
+        return true;
+    } catch (e) {}
+    return false;
+}
+
+function isSet(x) {
+    if (!setSize || !x || typeof x !== 'object') {
+        return false;
+    }
+    try {
+        setSize.call(x);
+        try {
+            mapSize.call(x);
+        } catch (m) {
+            return true;
+        }
+        return x instanceof Set; // core-js workaround, pre-v2.5.0
+    } catch (e) {}
+    return false;
+}
+
+function isWeakSet(x) {
+    if (!weakSetHas || !x || typeof x !== 'object') {
+        return false;
+    }
+    try {
+        weakSetHas.call(x, weakSetHas);
+        try {
+            weakMapHas.call(x, weakMapHas);
+        } catch (s) {
+            return true;
+        }
+        return x instanceof WeakSet; // core-js workaround, pre-v2.5.0
+    } catch (e) {}
+    return false;
+}
+
+function isElement(x) {
+    if (!x || typeof x !== 'object') { return false; }
+    if (typeof HTMLElement !== 'undefined' && x instanceof HTMLElement) {
+        return true;
+    }
+    return typeof x.nodeName === 'string' && typeof x.getAttribute === 'function';
+}
+
+function inspectString(str, opts) {
+    if (str.length > opts.maxStringLength) {
+        var remaining = str.length - opts.maxStringLength;
+        var trailer = '... ' + remaining + ' more character' + (remaining > 1 ? 's' : '');
+        return inspectString($slice.call(str, 0, opts.maxStringLength), opts) + trailer;
+    }
+    var quoteRE = quoteREs[opts.quoteStyle || 'single'];
+    quoteRE.lastIndex = 0;
+    // eslint-disable-next-line no-control-regex
+    var s = $replace.call($replace.call(str, quoteRE, '\\$1'), /[\x00-\x1f]/g, lowbyte);
+    return wrapQuotes(s, 'single', opts);
+}
+
+function lowbyte(c) {
+    var n = c.charCodeAt(0);
+    var x = {
+        8: 'b',
+        9: 't',
+        10: 'n',
+        12: 'f',
+        13: 'r'
+    }[n];
+    if (x) { return '\\' + x; }
+    return '\\x' + (n < 0x10 ? '0' : '') + $toUpperCase.call(n.toString(16));
+}
+
+function markBoxed(str) {
+    return 'Object(' + str + ')';
+}
+
+function weakCollectionOf(type) {
+    return type + ' { ? }';
+}
+
+function collectionOf(type, size, entries, indent) {
+    var joinedEntries = indent ? indentedJoin(entries, indent) : $join.call(entries, ', ');
+    return type + ' (' + size + ') {' + joinedEntries + '}';
+}
+
+function singleLineValues(xs) {
+    for (var i = 0; i < xs.length; i++) {
+        if (indexOf(xs[i], '\n') >= 0) {
+            return false;
+        }
+    }
+    return true;
+}
+
+function getIndent(opts, depth) {
+    var baseIndent;
+    if (opts.indent === '\t') {
+        baseIndent = '\t';
+    } else if (typeof opts.indent === 'number' && opts.indent > 0) {
+        baseIndent = $join.call(Array(opts.indent + 1), ' ');
+    } else {
+        return null;
+    }
+    return {
+        base: baseIndent,
+        prev: $join.call(Array(depth + 1), baseIndent)
+    };
+}
+
+function indentedJoin(xs, indent) {
+    if (xs.length === 0) { return ''; }
+    var lineJoiner = '\n' + indent.prev + indent.base;
+    return lineJoiner + $join.call(xs, ',' + lineJoiner) + '\n' + indent.prev;
+}
+
+function arrObjKeys(obj, inspect) {
+    var isArr = isArray(obj);
+    var xs = [];
+    if (isArr) {
+        xs.length = obj.length;
+        for (var i = 0; i < obj.length; i++) {
+            xs[i] = has(obj, i) ? inspect(obj[i], obj) : '';
+        }
+    }
+    var syms = typeof gOPS === 'function' ? gOPS(obj) : [];
+    var symMap;
+    if (hasShammedSymbols) {
+        symMap = {};
+        for (var k = 0; k < syms.length; k++) {
+            symMap['$' + syms[k]] = syms[k];
+        }
+    }
+
+    for (var key in obj) { // eslint-disable-line no-restricted-syntax
+        if (!has(obj, key)) { continue; } // eslint-disable-line no-restricted-syntax, no-continue
+        if (isArr && String(Number(key)) === key && key < obj.length) { continue; } // eslint-disable-line no-restricted-syntax, no-continue
+        if (hasShammedSymbols && symMap['$' + key] instanceof Symbol) {
+            // this is to prevent shammed Symbols, which are stored as strings, from being included in the string key section
+            continue; // eslint-disable-line no-restricted-syntax, no-continue
+        } else if ($test.call(/[^\w$]/, key)) {
+            xs.push(inspect(key, obj) + ': ' + inspect(obj[key], obj));
+        } else {
+            xs.push(key + ': ' + inspect(obj[key], obj));
+        }
+    }
+    if (typeof gOPS === 'function') {
+        for (var j = 0; j < syms.length; j++) {
+            if (isEnumerable.call(obj, syms[j])) {
+                xs.push('[' + inspect(syms[j]) + ']: ' + inspect(obj[syms[j]], obj));
+            }
+        }
+    }
+    return xs;
+}
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/package-support.json b/src/Servers/ExpressServer/node_modules/object-inspect/package-support.json
new file mode 100644
index 0000000..5cc12d0
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/object-inspect/package-support.json
@@ -0,0 +1,20 @@
+{
+  "versions": [
+    {
+      "version": "*",
+      "target": {
+        "node": "all"
+      },
+      "response": {
+        "type": "time-permitting"
+      },
+      "backing": {
+        "npm-funding": true,
+        "donations": [
+          "https://github.com/ljharb",
+          "https://tidelift.com/funding/github/npm/object-inspect"
+        ]
+      }
+    }
+  ]
+}
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/package.json b/src/Servers/ExpressServer/node_modules/object-inspect/package.json
new file mode 100644
index 0000000..9fd97ff
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/object-inspect/package.json
@@ -0,0 +1,105 @@
+{
+  "name": "object-inspect",
+  "version": "1.13.4",
+  "description": "string representations of objects in node and the browser",
+  "main": "index.js",
+  "sideEffects": false,
+  "devDependencies": {
+    "@ljharb/eslint-config": "^21.1.1",
+    "@pkgjs/support": "^0.0.6",
+    "auto-changelog": "^2.5.0",
+    "core-js": "^2.6.12",
+    "error-cause": "^1.0.8",
+    "es-value-fixtures": "^1.7.1",
+    "eslint": "=8.8.0",
+    "for-each": "^0.3.4",
+    "functions-have-names": "^1.2.3",
+    "glob": "=10.3.7",
+    "globalthis": "^1.0.4",
+    "has-symbols": "^1.1.0",
+    "has-tostringtag": "^1.0.2",
+    "in-publish": "^2.0.1",
+    "jackspeak": "=2.1.1",
+    "make-arrow-function": "^1.2.0",
+    "mock-property": "^1.1.0",
+    "npmignore": "^0.3.1",
+    "nyc": "^10.3.2",
+    "safe-publish-latest": "^2.0.0",
+    "safer-buffer": "^2.1.2",
+    "semver": "^6.3.1",
+    "string.prototype.repeat": "^1.0.0",
+    "tape": "^5.9.0"
+  },
+  "scripts": {
+    "prepack": "npmignore --auto --commentLines=autogenerated",
+    "prepublish": "not-in-publish || npm run prepublishOnly",
+    "prepublishOnly": "safe-publish-latest",
+    "pretest": "npm run lint",
+    "lint": "eslint --ext=js,mjs .",
+    "postlint": "npx @pkgjs/support validate",
+    "test": "npm run tests-only && npm run test:corejs",
+    "tests-only": "nyc tape 'test/*.js'",
+    "test:corejs": "nyc tape test-core-js.js 'test/*.js'",
+    "posttest": "npx npm@'>=10.2' audit --production",
+    "version": "auto-changelog && git add CHANGELOG.md",
+    "postversion": "auto-changelog && git add CHANGELOG.md && git commit --no-edit --amend && git tag -f \"v$(node -e \"console.log(require('./package.json').version)\")\""
+  },
+  "testling": {
+    "files": [
+      "test/*.js",
+      "test/browser/*.js"
+    ],
+    "browsers": [
+      "ie/6..latest",
+      "chrome/latest",
+      "firefox/latest",
+      "safari/latest",
+      "opera/latest",
+      "iphone/latest",
+      "ipad/latest",
+      "android/latest"
+    ]
+  },
+  "repository": {
+    "type": "git",
+    "url": "git://github.com/inspect-js/object-inspect.git"
+  },
+  "homepage": "https://github.com/inspect-js/object-inspect",
+  "keywords": [
+    "inspect",
+    "util.inspect",
+    "object",
+    "stringify",
+    "pretty"
+  ],
+  "author": {
+    "name": "James Halliday",
+    "email": "mail@substack.net",
+    "url": "http://substack.net"
+  },
+  "funding": {
+    "url": "https://github.com/sponsors/ljharb"
+  },
+  "license": "MIT",
+  "browser": {
+    "./util.inspect.js": false
+  },
+  "auto-changelog": {
+    "output": "CHANGELOG.md",
+    "template": "keepachangelog",
+    "unreleased": false,
+    "commitLimit": false,
+    "backfillLimit": false,
+    "hideCredit": true
+  },
+  "publishConfig": {
+    "ignore": [
+      ".github/workflows",
+      "./test-core-js.js"
+    ]
+  },
+  "support": true,
+  "engines": {
+    "node": ">= 0.4"
+  }
+}
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/readme.markdown b/src/Servers/ExpressServer/node_modules/object-inspect/readme.markdown
new file mode 100644
index 0000000..f91617d
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/object-inspect/readme.markdown
@@ -0,0 +1,84 @@
+# object-inspect <sup>[![Version Badge][npm-version-svg]][package-url]</sup>
+
+string representations of objects in node and the browser
+
+[![github actions][actions-image]][actions-url]
+[![coverage][codecov-image]][codecov-url]
+[![License][license-image]][license-url]
+[![Downloads][downloads-image]][downloads-url]
+
+[![npm badge][npm-badge-png]][package-url]
+
+# example
+
+## circular
+
+``` js
+var inspect = require('object-inspect');
+var obj = { a: 1, b: [3,4] };
+obj.c = obj;
+console.log(inspect(obj));
+```
+
+## dom element
+
+``` js
+var inspect = require('object-inspect');
+
+var d = document.createElement('div');
+d.setAttribute('id', 'beep');
+d.innerHTML = '<b>wooo</b><i>iiiii</i>';
+
+console.log(inspect([ d, { a: 3, b : 4, c: [5,6,[7,[8,[9]]]] } ]));
+```
+
+output:
+
+```
+[ <div id="beep">...</div>, { a: 3, b: 4, c: [ 5, 6, [ 7, [ 8, [ ... ] ] ] ] } ]
+```
+
+# methods
+
+``` js
+var inspect = require('object-inspect')
+```
+
+## var s = inspect(obj, opts={})
+
+Return a string `s` with the string representation of `obj` up to a depth of `opts.depth`.
+
+Additional options:
+  - `quoteStyle`: must be "single" or "double", if present. Default `'single'` for strings, `'double'` for HTML elements.
+  - `maxStringLength`: must be `0`, a positive integer, `Infinity`, or `null`, if present. Default `Infinity`.
+  - `customInspect`: When `true`, a custom inspect method function will be invoked (either undere the `util.inspect.custom` symbol, or the `inspect` property). When the string `'symbol'`, only the symbol method will be invoked. Default `true`.
+  - `indent`: must be "\t", `null`, or a positive integer. Default `null`.
+  - `numericSeparator`: must be a boolean, if present. Default `false`. If `true`, all numbers will be printed with numeric separators (eg, `1234.5678` will be printed as `'1_234.567_8'`)
+
+# install
+
+With [npm](https://npmjs.org) do:
+
+```
+npm install object-inspect
+```
+
+# license
+
+MIT
+
+[package-url]: https://npmjs.org/package/object-inspect
+[npm-version-svg]: https://versionbadg.es/inspect-js/object-inspect.svg
+[deps-svg]: https://david-dm.org/inspect-js/object-inspect.svg
+[deps-url]: https://david-dm.org/inspect-js/object-inspect
+[dev-deps-svg]: https://david-dm.org/inspect-js/object-inspect/dev-status.svg
+[dev-deps-url]: https://david-dm.org/inspect-js/object-inspect#info=devDependencies
+[npm-badge-png]: https://nodei.co/npm/object-inspect.png?downloads=true&stars=true
+[license-image]: https://img.shields.io/npm/l/object-inspect.svg
+[license-url]: LICENSE
+[downloads-image]: https://img.shields.io/npm/dm/object-inspect.svg
+[downloads-url]: https://npm-stat.com/charts.html?package=object-inspect
+[codecov-image]: https://codecov.io/gh/inspect-js/object-inspect/branch/main/graphs/badge.svg
+[codecov-url]: https://app.codecov.io/gh/inspect-js/object-inspect/
+[actions-image]: https://img.shields.io/endpoint?url=https://github-actions-badge-u3jn4tfpocch.runkit.sh/inspect-js/object-inspect
+[actions-url]: https://github.com/inspect-js/object-inspect/actions
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/test-core-js.js b/src/Servers/ExpressServer/node_modules/object-inspect/test-core-js.js
new file mode 100644
index 0000000..e53c400
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/object-inspect/test-core-js.js
@@ -0,0 +1,26 @@
+'use strict';
+
+require('core-js');
+
+var inspect = require('./');
+var test = require('tape');
+
+test('Maps', function (t) {
+    t.equal(inspect(new Map([[1, 2]])), 'Map (1) {1 => 2}');
+    t.end();
+});
+
+test('WeakMaps', function (t) {
+    t.equal(inspect(new WeakMap([[{}, 2]])), 'WeakMap { ? }');
+    t.end();
+});
+
+test('Sets', function (t) {
+    t.equal(inspect(new Set([[1, 2]])), 'Set (1) {[ 1, 2 ]}');
+    t.end();
+});
+
+test('WeakSets', function (t) {
+    t.equal(inspect(new WeakSet([[1, 2]])), 'WeakSet { ? }');
+    t.end();
+});
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/test/bigint.js b/src/Servers/ExpressServer/node_modules/object-inspect/test/bigint.js
new file mode 100644
index 0000000..4ecc31d
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/object-inspect/test/bigint.js
@@ -0,0 +1,58 @@
+'use strict';
+
+var inspect = require('../');
+var test = require('tape');
+var hasToStringTag = require('has-tostringtag/shams')();
+
+test('bigint', { skip: typeof BigInt === 'undefined' }, function (t) {
+    t.test('primitives', function (st) {
+        st.plan(3);
+
+        st.equal(inspect(BigInt(-256)), '-256n');
+        st.equal(inspect(BigInt(0)), '0n');
+        st.equal(inspect(BigInt(256)), '256n');
+    });
+
+    t.test('objects', function (st) {
+        st.plan(3);
+
+        st.equal(inspect(Object(BigInt(-256))), 'Object(-256n)');
+        st.equal(inspect(Object(BigInt(0))), 'Object(0n)');
+        st.equal(inspect(Object(BigInt(256))), 'Object(256n)');
+    });
+
+    t.test('syntactic primitives', function (st) {
+        st.plan(3);
+
+        /* eslint-disable no-new-func */
+        st.equal(inspect(Function('return -256n')()), '-256n');
+        st.equal(inspect(Function('return 0n')()), '0n');
+        st.equal(inspect(Function('return 256n')()), '256n');
+    });
+
+    t.test('toStringTag', { skip: !hasToStringTag }, function (st) {
+        st.plan(1);
+
+        var faker = {};
+        faker[Symbol.toStringTag] = 'BigInt';
+        st.equal(
+            inspect(faker),
+            '{ [Symbol(Symbol.toStringTag)]: \'BigInt\' }',
+            'object lying about being a BigInt inspects as an object'
+        );
+    });
+
+    t.test('numericSeparator', function (st) {
+        st.equal(inspect(BigInt(0), { numericSeparator: false }), '0n', '0n, numericSeparator false');
+        st.equal(inspect(BigInt(0), { numericSeparator: true }), '0n', '0n, numericSeparator true');
+
+        st.equal(inspect(BigInt(1234), { numericSeparator: false }), '1234n', '1234n, numericSeparator false');
+        st.equal(inspect(BigInt(1234), { numericSeparator: true }), '1_234n', '1234n, numericSeparator true');
+        st.equal(inspect(BigInt(-1234), { numericSeparator: false }), '-1234n', '1234n, numericSeparator false');
+        st.equal(inspect(BigInt(-1234), { numericSeparator: true }), '-1_234n', '1234n, numericSeparator true');
+
+        st.end();
+    });
+
+    t.end();
+});
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/test/browser/dom.js b/src/Servers/ExpressServer/node_modules/object-inspect/test/browser/dom.js
new file mode 100644
index 0000000..210c0b2
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/object-inspect/test/browser/dom.js
@@ -0,0 +1,15 @@
+var inspect = require('../../');
+var test = require('tape');
+
+test('dom element', function (t) {
+    t.plan(1);
+
+    var d = document.createElement('div');
+    d.setAttribute('id', 'beep');
+    d.innerHTML = '<b>wooo</b><i>iiiii</i>';
+
+    t.equal(
+        inspect([d, { a: 3, b: 4, c: [5, 6, [7, [8, [9]]]] }]),
+        '[ <div id="beep">...</div>, { a: 3, b: 4, c: [ 5, 6, [ 7, [ 8, [Object] ] ] ] } ]'
+    );
+});
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/test/circular.js b/src/Servers/ExpressServer/node_modules/object-inspect/test/circular.js
new file mode 100644
index 0000000..5df4233
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/object-inspect/test/circular.js
@@ -0,0 +1,16 @@
+var inspect = require('../');
+var test = require('tape');
+
+test('circular', function (t) {
+    t.plan(2);
+    var obj = { a: 1, b: [3, 4] };
+    obj.c = obj;
+    t.equal(inspect(obj), '{ a: 1, b: [ 3, 4 ], c: [Circular] }');
+
+    var double = {};
+    double.a = [double];
+    double.b = {};
+    double.b.inner = double.b;
+    double.b.obj = double;
+    t.equal(inspect(double), '{ a: [ [Circular] ], b: { inner: [Circular], obj: [Circular] } }');
+});
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/test/deep.js b/src/Servers/ExpressServer/node_modules/object-inspect/test/deep.js
new file mode 100644
index 0000000..99ce32a
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/object-inspect/test/deep.js
@@ -0,0 +1,12 @@
+var inspect = require('../');
+var test = require('tape');
+
+test('deep', function (t) {
+    t.plan(4);
+    var obj = [[[[[[500]]]]]];
+    t.equal(inspect(obj), '[ [ [ [ [ [Array] ] ] ] ] ]');
+    t.equal(inspect(obj, { depth: 4 }), '[ [ [ [ [Array] ] ] ] ]');
+    t.equal(inspect(obj, { depth: 2 }), '[ [ [Array] ] ]');
+
+    t.equal(inspect([[[{ a: 1 }]]], { depth: 3 }), '[ [ [ [Object] ] ] ]');
+});
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/test/element.js b/src/Servers/ExpressServer/node_modules/object-inspect/test/element.js
new file mode 100644
index 0000000..47fa9e2
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/object-inspect/test/element.js
@@ -0,0 +1,53 @@
+var inspect = require('../');
+var test = require('tape');
+
+test('element', function (t) {
+    t.plan(3);
+    var elem = {
+        nodeName: 'div',
+        attributes: [{ name: 'class', value: 'row' }],
+        getAttribute: function (key) { return key; },
+        childNodes: []
+    };
+    var obj = [1, elem, 3];
+    t.deepEqual(inspect(obj), '[ 1, <div class="row"></div>, 3 ]');
+    t.deepEqual(inspect(obj, { quoteStyle: 'single' }), "[ 1, <div class='row'></div>, 3 ]");
+    t.deepEqual(inspect(obj, { quoteStyle: 'double' }), '[ 1, <div class="row"></div>, 3 ]');
+});
+
+test('element no attr', function (t) {
+    t.plan(1);
+    var elem = {
+        nodeName: 'div',
+        getAttribute: function (key) { return key; },
+        childNodes: []
+    };
+    var obj = [1, elem, 3];
+    t.deepEqual(inspect(obj), '[ 1, <div></div>, 3 ]');
+});
+
+test('element with contents', function (t) {
+    t.plan(1);
+    var elem = {
+        nodeName: 'div',
+        getAttribute: function (key) { return key; },
+        childNodes: [{ nodeName: 'b' }]
+    };
+    var obj = [1, elem, 3];
+    t.deepEqual(inspect(obj), '[ 1, <div>...</div>, 3 ]');
+});
+
+test('element instance', function (t) {
+    t.plan(1);
+    var h = global.HTMLElement;
+    global.HTMLElement = function (name, attr) {
+        this.nodeName = name;
+        this.attributes = attr;
+    };
+    global.HTMLElement.prototype.getAttribute = function () {};
+
+    var elem = new global.HTMLElement('div', []);
+    var obj = [1, elem, 3];
+    t.deepEqual(inspect(obj), '[ 1, <div></div>, 3 ]');
+    global.HTMLElement = h;
+});
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/test/err.js b/src/Servers/ExpressServer/node_modules/object-inspect/test/err.js
new file mode 100644
index 0000000..cc1d884
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/object-inspect/test/err.js
@@ -0,0 +1,48 @@
+var test = require('tape');
+var ErrorWithCause = require('error-cause/Error');
+
+var inspect = require('../');
+
+test('type error', function (t) {
+    t.plan(1);
+    var aerr = new TypeError();
+    aerr.foo = 555;
+    aerr.bar = [1, 2, 3];
+
+    var berr = new TypeError('tuv');
+    berr.baz = 555;
+
+    var cerr = new SyntaxError();
+    cerr.message = 'whoa';
+    cerr['a-b'] = 5;
+
+    var withCause = new ErrorWithCause('foo', { cause: 'bar' });
+    var withCausePlus = new ErrorWithCause('foo', { cause: 'bar' });
+    withCausePlus.foo = 'bar';
+    var withUndefinedCause = new ErrorWithCause('foo', { cause: undefined });
+    var withEnumerableCause = new Error('foo');
+    withEnumerableCause.cause = 'bar';
+
+    var obj = [
+        new TypeError(),
+        new TypeError('xxx'),
+        aerr,
+        berr,
+        cerr,
+        withCause,
+        withCausePlus,
+        withUndefinedCause,
+        withEnumerableCause
+    ];
+    t.equal(inspect(obj), '[ ' + [
+        '[TypeError]',
+        '[TypeError: xxx]',
+        '{ [TypeError] foo: 555, bar: [ 1, 2, 3 ] }',
+        '{ [TypeError: tuv] baz: 555 }',
+        '{ [SyntaxError: whoa] message: \'whoa\', \'a-b\': 5 }',
+        'cause' in Error.prototype ? '[Error: foo]' : '{ [Error: foo] [cause]: \'bar\' }',
+        '{ [Error: foo] ' + ('cause' in Error.prototype ? '' : '[cause]: \'bar\', ') + 'foo: \'bar\' }',
+        'cause' in Error.prototype ? '[Error: foo]' : '{ [Error: foo] [cause]: undefined }',
+        '{ [Error: foo] cause: \'bar\' }'
+    ].join(', ') + ' ]');
+});
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/test/fakes.js b/src/Servers/ExpressServer/node_modules/object-inspect/test/fakes.js
new file mode 100644
index 0000000..a65c08c
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/object-inspect/test/fakes.js
@@ -0,0 +1,29 @@
+'use strict';
+
+var inspect = require('../');
+var test = require('tape');
+var hasToStringTag = require('has-tostringtag/shams')();
+var forEach = require('for-each');
+
+test('fakes', { skip: !hasToStringTag }, function (t) {
+    forEach([
+        'Array',
+        'Boolean',
+        'Date',
+        'Error',
+        'Number',
+        'RegExp',
+        'String'
+    ], function (expected) {
+        var faker = {};
+        faker[Symbol.toStringTag] = expected;
+
+        t.equal(
+            inspect(faker),
+            '{ [Symbol(Symbol.toStringTag)]: \'' + expected + '\' }',
+            'faker masquerading as ' + expected + ' is not shown as one'
+        );
+    });
+
+    t.end();
+});
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/test/fn.js b/src/Servers/ExpressServer/node_modules/object-inspect/test/fn.js
new file mode 100644
index 0000000..de3ca62
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/object-inspect/test/fn.js
@@ -0,0 +1,76 @@
+var inspect = require('../');
+var test = require('tape');
+var arrow = require('make-arrow-function')();
+var functionsHaveConfigurableNames = require('functions-have-names').functionsHaveConfigurableNames();
+
+test('function', function (t) {
+    t.plan(1);
+    var obj = [1, 2, function f(n) { return n; }, 4];
+    t.equal(inspect(obj), '[ 1, 2, [Function: f], 4 ]');
+});
+
+test('function name', function (t) {
+    t.plan(1);
+    var f = (function () {
+        return function () {};
+    }());
+    f.toString = function toStr() { return 'function xxx () {}'; };
+    var obj = [1, 2, f, 4];
+    t.equal(inspect(obj), '[ 1, 2, [Function (anonymous)] { toString: [Function: toStr] }, 4 ]');
+});
+
+test('anon function', function (t) {
+    var f = (function () {
+        return function () {};
+    }());
+    var obj = [1, 2, f, 4];
+    t.equal(inspect(obj), '[ 1, 2, [Function (anonymous)], 4 ]');
+
+    t.end();
+});
+
+test('arrow function', { skip: !arrow }, function (t) {
+    t.equal(inspect(arrow), '[Function (anonymous)]');
+
+    t.end();
+});
+
+test('truly nameless function', { skip: !arrow || !functionsHaveConfigurableNames }, function (t) {
+    function f() {}
+    Object.defineProperty(f, 'name', { value: false });
+    t.equal(f.name, false);
+    t.equal(
+        inspect(f),
+        '[Function: f]',
+        'named function with falsy `.name` does not hide its original name'
+    );
+
+    function g() {}
+    Object.defineProperty(g, 'name', { value: true });
+    t.equal(g.name, true);
+    t.equal(
+        inspect(g),
+        '[Function: true]',
+        'named function with truthy `.name` hides its original name'
+    );
+
+    var anon = function () {}; // eslint-disable-line func-style
+    Object.defineProperty(anon, 'name', { value: null });
+    t.equal(anon.name, null);
+    t.equal(
+        inspect(anon),
+        '[Function (anonymous)]',
+        'anon function with falsy `.name` does not hide its anonymity'
+    );
+
+    var anon2 = function () {}; // eslint-disable-line func-style
+    Object.defineProperty(anon2, 'name', { value: 1 });
+    t.equal(anon2.name, 1);
+    t.equal(
+        inspect(anon2),
+        '[Function: 1]',
+        'anon function with truthy `.name` hides its anonymity'
+    );
+
+    t.end();
+});
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/test/global.js b/src/Servers/ExpressServer/node_modules/object-inspect/test/global.js
new file mode 100644
index 0000000..c57216a
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/object-inspect/test/global.js
@@ -0,0 +1,17 @@
+'use strict';
+
+var inspect = require('../');
+
+var test = require('tape');
+var globalThis = require('globalthis')();
+
+test('global object', function (t) {
+    /* eslint-env browser */
+    var expected = typeof window === 'undefined' ? 'globalThis' : 'Window';
+    t.equal(
+        inspect([globalThis]),
+        '[ { [object ' + expected + '] } ]'
+    );
+
+    t.end();
+});
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/test/has.js b/src/Servers/ExpressServer/node_modules/object-inspect/test/has.js
new file mode 100644
index 0000000..01800de
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/object-inspect/test/has.js
@@ -0,0 +1,15 @@
+'use strict';
+
+var inspect = require('../');
+var test = require('tape');
+var mockProperty = require('mock-property');
+
+test('when Object#hasOwnProperty is deleted', function (t) {
+    t.plan(1);
+    var arr = [1, , 3]; // eslint-disable-line no-sparse-arrays
+
+    t.teardown(mockProperty(Array.prototype, 1, { value: 2 })); // this is needed to account for "in" vs "hasOwnProperty"
+    t.teardown(mockProperty(Object.prototype, 'hasOwnProperty', { 'delete': true }));
+
+    t.equal(inspect(arr), '[ 1, , 3 ]');
+});
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/test/holes.js b/src/Servers/ExpressServer/node_modules/object-inspect/test/holes.js
new file mode 100644
index 0000000..87fc8c8
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/object-inspect/test/holes.js
@@ -0,0 +1,15 @@
+var test = require('tape');
+var inspect = require('../');
+
+var xs = ['a', 'b'];
+xs[5] = 'f';
+xs[7] = 'j';
+xs[8] = 'k';
+
+test('holes', function (t) {
+    t.plan(1);
+    t.equal(
+        inspect(xs),
+        "[ 'a', 'b', , , , 'f', , 'j', 'k' ]"
+    );
+});
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/test/indent-option.js b/src/Servers/ExpressServer/node_modules/object-inspect/test/indent-option.js
new file mode 100644
index 0000000..89d8fce
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/object-inspect/test/indent-option.js
@@ -0,0 +1,271 @@
+var test = require('tape');
+var forEach = require('for-each');
+
+var inspect = require('../');
+
+test('bad indent options', function (t) {
+    forEach([
+        undefined,
+        true,
+        false,
+        -1,
+        1.2,
+        Infinity,
+        -Infinity,
+        NaN
+    ], function (indent) {
+        t['throws'](
+            function () { inspect('', { indent: indent }); },
+            TypeError,
+            inspect(indent) + ' is invalid'
+        );
+    });
+
+    t.end();
+});
+
+test('simple object with indent', function (t) {
+    t.plan(2);
+
+    var obj = { a: 1, b: 2 };
+
+    var expectedSpaces = [
+        '{',
+        '  a: 1,',
+        '  b: 2',
+        '}'
+    ].join('\n');
+    var expectedTabs = [
+        '{',
+        '	a: 1,',
+        '	b: 2',
+        '}'
+    ].join('\n');
+
+    t.equal(inspect(obj, { indent: 2 }), expectedSpaces, 'two');
+    t.equal(inspect(obj, { indent: '\t' }), expectedTabs, 'tabs');
+});
+
+test('two deep object with indent', function (t) {
+    t.plan(2);
+
+    var obj = { a: 1, b: { c: 3, d: 4 } };
+
+    var expectedSpaces = [
+        '{',
+        '  a: 1,',
+        '  b: {',
+        '    c: 3,',
+        '    d: 4',
+        '  }',
+        '}'
+    ].join('\n');
+    var expectedTabs = [
+        '{',
+        '	a: 1,',
+        '	b: {',
+        '		c: 3,',
+        '		d: 4',
+        '	}',
+        '}'
+    ].join('\n');
+
+    t.equal(inspect(obj, { indent: 2 }), expectedSpaces, 'two');
+    t.equal(inspect(obj, { indent: '\t' }), expectedTabs, 'tabs');
+});
+
+test('simple array with all single line elements', function (t) {
+    t.plan(2);
+
+    var obj = [1, 2, 3, 'asdf\nsdf'];
+
+    var expected = '[ 1, 2, 3, \'asdf\\nsdf\' ]';
+
+    t.equal(inspect(obj, { indent: 2 }), expected, 'two');
+    t.equal(inspect(obj, { indent: '\t' }), expected, 'tabs');
+});
+
+test('array with complex elements', function (t) {
+    t.plan(2);
+
+    var obj = [1, { a: 1, b: { c: 1 } }, 'asdf\nsdf'];
+
+    var expectedSpaces = [
+        '[',
+        '  1,',
+        '  {',
+        '    a: 1,',
+        '    b: {',
+        '      c: 1',
+        '    }',
+        '  },',
+        '  \'asdf\\nsdf\'',
+        ']'
+    ].join('\n');
+    var expectedTabs = [
+        '[',
+        '	1,',
+        '	{',
+        '		a: 1,',
+        '		b: {',
+        '			c: 1',
+        '		}',
+        '	},',
+        '	\'asdf\\nsdf\'',
+        ']'
+    ].join('\n');
+
+    t.equal(inspect(obj, { indent: 2 }), expectedSpaces, 'two');
+    t.equal(inspect(obj, { indent: '\t' }), expectedTabs, 'tabs');
+});
+
+test('values', function (t) {
+    t.plan(2);
+    var obj = [{}, [], { 'a-b': 5 }];
+
+    var expectedSpaces = [
+        '[',
+        '  {},',
+        '  [],',
+        '  {',
+        '    \'a-b\': 5',
+        '  }',
+        ']'
+    ].join('\n');
+    var expectedTabs = [
+        '[',
+        '	{},',
+        '	[],',
+        '	{',
+        '		\'a-b\': 5',
+        '	}',
+        ']'
+    ].join('\n');
+
+    t.equal(inspect(obj, { indent: 2 }), expectedSpaces, 'two');
+    t.equal(inspect(obj, { indent: '\t' }), expectedTabs, 'tabs');
+});
+
+test('Map', { skip: typeof Map !== 'function' }, function (t) {
+    var map = new Map();
+    map.set({ a: 1 }, ['b']);
+    map.set(3, NaN);
+
+    var expectedStringSpaces = [
+        'Map (2) {',
+        '  { a: 1 } => [ \'b\' ],',
+        '  3 => NaN',
+        '}'
+    ].join('\n');
+    var expectedStringTabs = [
+        'Map (2) {',
+        '	{ a: 1 } => [ \'b\' ],',
+        '	3 => NaN',
+        '}'
+    ].join('\n');
+    var expectedStringTabsDoubleQuotes = [
+        'Map (2) {',
+        '	{ a: 1 } => [ "b" ],',
+        '	3 => NaN',
+        '}'
+    ].join('\n');
+
+    t.equal(
+        inspect(map, { indent: 2 }),
+        expectedStringSpaces,
+        'Map keys are not indented (two)'
+    );
+    t.equal(
+        inspect(map, { indent: '\t' }),
+        expectedStringTabs,
+        'Map keys are not indented (tabs)'
+    );
+    t.equal(
+        inspect(map, { indent: '\t', quoteStyle: 'double' }),
+        expectedStringTabsDoubleQuotes,
+        'Map keys are not indented (tabs + double quotes)'
+    );
+
+    t.equal(inspect(new Map(), { indent: 2 }), 'Map (0) {}', 'empty Map should show as empty (two)');
+    t.equal(inspect(new Map(), { indent: '\t' }), 'Map (0) {}', 'empty Map should show as empty (tabs)');
+
+    var nestedMap = new Map();
+    nestedMap.set(nestedMap, map);
+    var expectedNestedSpaces = [
+        'Map (1) {',
+        '  [Circular] => Map (2) {',
+        '    { a: 1 } => [ \'b\' ],',
+        '    3 => NaN',
+        '  }',
+        '}'
+    ].join('\n');
+    var expectedNestedTabs = [
+        'Map (1) {',
+        '	[Circular] => Map (2) {',
+        '		{ a: 1 } => [ \'b\' ],',
+        '		3 => NaN',
+        '	}',
+        '}'
+    ].join('\n');
+    t.equal(inspect(nestedMap, { indent: 2 }), expectedNestedSpaces, 'Map containing a Map should work (two)');
+    t.equal(inspect(nestedMap, { indent: '\t' }), expectedNestedTabs, 'Map containing a Map should work (tabs)');
+
+    t.end();
+});
+
+test('Set', { skip: typeof Set !== 'function' }, function (t) {
+    var set = new Set();
+    set.add({ a: 1 });
+    set.add(['b']);
+    var expectedStringSpaces = [
+        'Set (2) {',
+        '  {',
+        '    a: 1',
+        '  },',
+        '  [ \'b\' ]',
+        '}'
+    ].join('\n');
+    var expectedStringTabs = [
+        'Set (2) {',
+        '	{',
+        '		a: 1',
+        '	},',
+        '	[ \'b\' ]',
+        '}'
+    ].join('\n');
+    t.equal(inspect(set, { indent: 2 }), expectedStringSpaces, 'new Set([{ a: 1 }, ["b"]]) should show size and contents (two)');
+    t.equal(inspect(set, { indent: '\t' }), expectedStringTabs, 'new Set([{ a: 1 }, ["b"]]) should show size and contents (tabs)');
+
+    t.equal(inspect(new Set(), { indent: 2 }), 'Set (0) {}', 'empty Set should show as empty (two)');
+    t.equal(inspect(new Set(), { indent: '\t' }), 'Set (0) {}', 'empty Set should show as empty (tabs)');
+
+    var nestedSet = new Set();
+    nestedSet.add(set);
+    nestedSet.add(nestedSet);
+    var expectedNestedSpaces = [
+        'Set (2) {',
+        '  Set (2) {',
+        '    {',
+        '      a: 1',
+        '    },',
+        '    [ \'b\' ]',
+        '  },',
+        '  [Circular]',
+        '}'
+    ].join('\n');
+    var expectedNestedTabs = [
+        'Set (2) {',
+        '	Set (2) {',
+        '		{',
+        '			a: 1',
+        '		},',
+        '		[ \'b\' ]',
+        '	},',
+        '	[Circular]',
+        '}'
+    ].join('\n');
+    t.equal(inspect(nestedSet, { indent: 2 }), expectedNestedSpaces, 'Set containing a Set should work (two)');
+    t.equal(inspect(nestedSet, { indent: '\t' }), expectedNestedTabs, 'Set containing a Set should work (tabs)');
+
+    t.end();
+});
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/test/inspect.js b/src/Servers/ExpressServer/node_modules/object-inspect/test/inspect.js
new file mode 100644
index 0000000..1abf81b
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/object-inspect/test/inspect.js
@@ -0,0 +1,139 @@
+var test = require('tape');
+var hasSymbols = require('has-symbols/shams')();
+var utilInspect = require('../util.inspect');
+var repeat = require('string.prototype.repeat');
+
+var inspect = require('..');
+
+test('inspect', function (t) {
+    t.plan(5);
+
+    var obj = [{ inspect: function xyzInspect() { return '!XYZ¡'; } }, []];
+    var stringResult = '[ !XYZ¡, [] ]';
+    var falseResult = '[ { inspect: [Function: xyzInspect] }, [] ]';
+
+    t.equal(inspect(obj), stringResult);
+    t.equal(inspect(obj, { customInspect: true }), stringResult);
+    t.equal(inspect(obj, { customInspect: 'symbol' }), falseResult);
+    t.equal(inspect(obj, { customInspect: false }), falseResult);
+    t['throws'](
+        function () { inspect(obj, { customInspect: 'not a boolean or "symbol"' }); },
+        TypeError,
+        '`customInspect` must be a boolean or the string "symbol"'
+    );
+});
+
+test('inspect custom symbol', { skip: !hasSymbols || !utilInspect || !utilInspect.custom }, function (t) {
+    t.plan(4);
+
+    var obj = { inspect: function stringInspect() { return 'string'; } };
+    obj[utilInspect.custom] = function custom() { return 'symbol'; };
+
+    var symbolResult = '[ symbol, [] ]';
+    var stringResult = '[ string, [] ]';
+    var falseResult = '[ { inspect: [Function: stringInspect]' + (utilInspect.custom ? ', [' + inspect(utilInspect.custom) + ']: [Function: custom]' : '') + ' }, [] ]';
+
+    var symbolStringFallback = utilInspect.custom ? symbolResult : stringResult;
+    var symbolFalseFallback = utilInspect.custom ? symbolResult : falseResult;
+
+    t.equal(inspect([obj, []]), symbolStringFallback);
+    t.equal(inspect([obj, []], { customInspect: true }), symbolStringFallback);
+    t.equal(inspect([obj, []], { customInspect: 'symbol' }), symbolFalseFallback);
+    t.equal(inspect([obj, []], { customInspect: false }), falseResult);
+});
+
+test('symbols', { skip: !hasSymbols }, function (t) {
+    t.plan(2);
+
+    var obj = { a: 1 };
+    obj[Symbol('test')] = 2;
+    obj[Symbol.iterator] = 3;
+    Object.defineProperty(obj, Symbol('non-enum'), {
+        enumerable: false,
+        value: 4
+    });
+
+    if (typeof Symbol.iterator === 'symbol') {
+        t.equal(inspect(obj), '{ a: 1, [Symbol(test)]: 2, [Symbol(Symbol.iterator)]: 3 }', 'object with symbols');
+        t.equal(inspect([obj, []]), '[ { a: 1, [Symbol(test)]: 2, [Symbol(Symbol.iterator)]: 3 }, [] ]', 'object with symbols in array');
+    } else {
+        // symbol sham key ordering is unreliable
+        t.match(
+            inspect(obj),
+            /^(?:{ a: 1, \[Symbol\(test\)\]: 2, \[Symbol\(Symbol.iterator\)\]: 3 }|{ a: 1, \[Symbol\(Symbol.iterator\)\]: 3, \[Symbol\(test\)\]: 2 })$/,
+            'object with symbols (nondeterministic symbol sham key ordering)'
+        );
+        t.match(
+            inspect([obj, []]),
+            /^\[ (?:{ a: 1, \[Symbol\(test\)\]: 2, \[Symbol\(Symbol.iterator\)\]: 3 }|{ a: 1, \[Symbol\(Symbol.iterator\)\]: 3, \[Symbol\(test\)\]: 2 }), \[\] \]$/,
+            'object with symbols in array (nondeterministic symbol sham key ordering)'
+        );
+    }
+});
+
+test('maxStringLength', function (t) {
+    t['throws'](
+        function () { inspect('', { maxStringLength: -1 }); },
+        TypeError,
+        'maxStringLength must be >= 0, or Infinity, not negative'
+    );
+
+    var str = repeat('a', 1e8);
+
+    t.equal(
+        inspect([str], { maxStringLength: 10 }),
+        '[ \'aaaaaaaaaa\'... 99999990 more characters ]',
+        'maxStringLength option limits output'
+    );
+
+    t.equal(
+        inspect(['f'], { maxStringLength: null }),
+        '[ \'\'... 1 more character ]',
+        'maxStringLength option accepts `null`'
+    );
+
+    t.equal(
+        inspect([str], { maxStringLength: Infinity }),
+        '[ \'' + str + '\' ]',
+        'maxStringLength option accepts ∞'
+    );
+
+    t.end();
+});
+
+test('inspect options', { skip: !utilInspect.custom }, function (t) {
+    var obj = {};
+    obj[utilInspect.custom] = function () {
+        return JSON.stringify(arguments);
+    };
+    t.equal(
+        inspect(obj),
+        utilInspect(obj, { depth: 5 }),
+        'custom symbols will use node\'s inspect'
+    );
+    t.equal(
+        inspect(obj, { depth: 2 }),
+        utilInspect(obj, { depth: 2 }),
+        'a reduced depth will be passed to node\'s inspect'
+    );
+    t.equal(
+        inspect({ d1: obj }, { depth: 3 }),
+        '{ d1: ' + utilInspect(obj, { depth: 2 }) + ' }',
+        'deep objects will receive a reduced depth'
+    );
+    t.equal(
+        inspect({ d1: obj }, { depth: 1 }),
+        '{ d1: [Object] }',
+        'unlike nodejs inspect, customInspect will not be used once the depth is exceeded.'
+    );
+    t.end();
+});
+
+test('inspect URL', { skip: typeof URL === 'undefined' }, function (t) {
+    t.match(
+        inspect(new URL('https://nodejs.org')),
+        /nodejs\.org/, // Different environments stringify it differently
+        'url can be inspected'
+    );
+    t.end();
+});
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/test/lowbyte.js b/src/Servers/ExpressServer/node_modules/object-inspect/test/lowbyte.js
new file mode 100644
index 0000000..68a345d
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/object-inspect/test/lowbyte.js
@@ -0,0 +1,12 @@
+var test = require('tape');
+var inspect = require('../');
+
+var obj = { x: 'a\r\nb', y: '\x05! \x1f \x12' };
+
+test('interpolate low bytes', function (t) {
+    t.plan(1);
+    t.equal(
+        inspect(obj),
+        "{ x: 'a\\r\\nb', y: '\\x05! \\x1F \\x12' }"
+    );
+});
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/test/number.js b/src/Servers/ExpressServer/node_modules/object-inspect/test/number.js
new file mode 100644
index 0000000..8f287e8
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/object-inspect/test/number.js
@@ -0,0 +1,58 @@
+var test = require('tape');
+var v = require('es-value-fixtures');
+var forEach = require('for-each');
+
+var inspect = require('../');
+
+test('negative zero', function (t) {
+    t.equal(inspect(0), '0', 'inspect(0) === "0"');
+    t.equal(inspect(Object(0)), 'Object(0)', 'inspect(Object(0)) === "Object(0)"');
+
+    t.equal(inspect(-0), '-0', 'inspect(-0) === "-0"');
+    t.equal(inspect(Object(-0)), 'Object(-0)', 'inspect(Object(-0)) === "Object(-0)"');
+
+    t.end();
+});
+
+test('numericSeparator', function (t) {
+    forEach(v.nonBooleans, function (nonBoolean) {
+        t['throws'](
+            function () { inspect(true, { numericSeparator: nonBoolean }); },
+            TypeError,
+            inspect(nonBoolean) + ' is not a boolean'
+        );
+    });
+
+    t.test('3 digit numbers', function (st) {
+        var failed = false;
+        for (var i = -999; i < 1000; i += 1) {
+            var actual = inspect(i);
+            var actualSepNo = inspect(i, { numericSeparator: false });
+            var actualSepYes = inspect(i, { numericSeparator: true });
+            var expected = String(i);
+            if (actual !== expected || actualSepNo !== expected || actualSepYes !== expected) {
+                failed = true;
+                t.equal(actual, expected);
+                t.equal(actualSepNo, expected);
+                t.equal(actualSepYes, expected);
+            }
+        }
+
+        st.notOk(failed, 'all 3 digit numbers passed');
+
+        st.end();
+    });
+
+    t.equal(inspect(1e3), '1000', '1000');
+    t.equal(inspect(1e3, { numericSeparator: false }), '1000', '1000, numericSeparator false');
+    t.equal(inspect(1e3, { numericSeparator: true }), '1_000', '1000, numericSeparator true');
+    t.equal(inspect(-1e3), '-1000', '-1000');
+    t.equal(inspect(-1e3, { numericSeparator: false }), '-1000', '-1000, numericSeparator false');
+    t.equal(inspect(-1e3, { numericSeparator: true }), '-1_000', '-1000, numericSeparator true');
+
+    t.equal(inspect(1234.5678, { numericSeparator: true }), '1_234.567_8', 'fractional numbers get separators');
+    t.equal(inspect(1234.56789, { numericSeparator: true }), '1_234.567_89', 'fractional numbers get separators');
+    t.equal(inspect(1234.567891, { numericSeparator: true }), '1_234.567_891', 'fractional numbers get separators');
+
+    t.end();
+});
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/test/quoteStyle.js b/src/Servers/ExpressServer/node_modules/object-inspect/test/quoteStyle.js
new file mode 100644
index 0000000..da23e63
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/object-inspect/test/quoteStyle.js
@@ -0,0 +1,26 @@
+'use strict';
+
+var inspect = require('../');
+var test = require('tape');
+
+test('quoteStyle option', function (t) {
+    t['throws'](function () { inspect(null, { quoteStyle: false }); }, 'false is not a valid value');
+    t['throws'](function () { inspect(null, { quoteStyle: true }); }, 'true is not a valid value');
+    t['throws'](function () { inspect(null, { quoteStyle: '' }); }, '"" is not a valid value');
+    t['throws'](function () { inspect(null, { quoteStyle: {} }); }, '{} is not a valid value');
+    t['throws'](function () { inspect(null, { quoteStyle: [] }); }, '[] is not a valid value');
+    t['throws'](function () { inspect(null, { quoteStyle: 42 }); }, '42 is not a valid value');
+    t['throws'](function () { inspect(null, { quoteStyle: NaN }); }, 'NaN is not a valid value');
+    t['throws'](function () { inspect(null, { quoteStyle: function () {} }); }, 'a function is not a valid value');
+
+    t.equal(inspect('"', { quoteStyle: 'single' }), '\'"\'', 'double quote, quoteStyle: "single"');
+    t.equal(inspect('"', { quoteStyle: 'double' }), '"\\""', 'double quote, quoteStyle: "double"');
+
+    t.equal(inspect('\'', { quoteStyle: 'single' }), '\'\\\'\'', 'single quote, quoteStyle: "single"');
+    t.equal(inspect('\'', { quoteStyle: 'double' }), '"\'"', 'single quote, quoteStyle: "double"');
+
+    t.equal(inspect('`', { quoteStyle: 'single' }), '\'`\'', 'backtick, quoteStyle: "single"');
+    t.equal(inspect('`', { quoteStyle: 'double' }), '"`"', 'backtick, quoteStyle: "double"');
+
+    t.end();
+});
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/test/toStringTag.js b/src/Servers/ExpressServer/node_modules/object-inspect/test/toStringTag.js
new file mode 100644
index 0000000..95f8270
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/object-inspect/test/toStringTag.js
@@ -0,0 +1,40 @@
+'use strict';
+
+var test = require('tape');
+var hasToStringTag = require('has-tostringtag/shams')();
+
+var inspect = require('../');
+
+test('Symbol.toStringTag', { skip: !hasToStringTag }, function (t) {
+    t.plan(4);
+
+    var obj = { a: 1 };
+    t.equal(inspect(obj), '{ a: 1 }', 'object, no Symbol.toStringTag');
+
+    obj[Symbol.toStringTag] = 'foo';
+    t.equal(inspect(obj), '{ a: 1, [Symbol(Symbol.toStringTag)]: \'foo\' }', 'object with Symbol.toStringTag');
+
+    t.test('null objects', { skip: 'toString' in { __proto__: null } }, function (st) {
+        st.plan(2);
+
+        var dict = { __proto__: null, a: 1 };
+        st.equal(inspect(dict), '[Object: null prototype] { a: 1 }', 'null object with Symbol.toStringTag');
+
+        dict[Symbol.toStringTag] = 'Dict';
+        st.equal(inspect(dict), '[Dict: null prototype] { a: 1, [Symbol(Symbol.toStringTag)]: \'Dict\' }', 'null object with Symbol.toStringTag');
+    });
+
+    t.test('instances', function (st) {
+        st.plan(4);
+
+        function C() {
+            this.a = 1;
+        }
+        st.equal(Object.prototype.toString.call(new C()), '[object Object]', 'instance, no toStringTag, Object.prototype.toString');
+        st.equal(inspect(new C()), 'C { a: 1 }', 'instance, no toStringTag');
+
+        C.prototype[Symbol.toStringTag] = 'Class!';
+        st.equal(Object.prototype.toString.call(new C()), '[object Class!]', 'instance, with toStringTag, Object.prototype.toString');
+        st.equal(inspect(new C()), 'C [Class!] { a: 1 }', 'instance, with toStringTag');
+    });
+});
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/test/undef.js b/src/Servers/ExpressServer/node_modules/object-inspect/test/undef.js
new file mode 100644
index 0000000..e3f4961
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/object-inspect/test/undef.js
@@ -0,0 +1,12 @@
+var test = require('tape');
+var inspect = require('../');
+
+var obj = { a: 1, b: [3, 4, undefined, null], c: undefined, d: null };
+
+test('undef and null', function (t) {
+    t.plan(1);
+    t.equal(
+        inspect(obj),
+        '{ a: 1, b: [ 3, 4, undefined, null ], c: undefined, d: null }'
+    );
+});
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/test/values.js b/src/Servers/ExpressServer/node_modules/object-inspect/test/values.js
new file mode 100644
index 0000000..15986cd
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/object-inspect/test/values.js
@@ -0,0 +1,261 @@
+'use strict';
+
+var inspect = require('../');
+var test = require('tape');
+var mockProperty = require('mock-property');
+var hasSymbols = require('has-symbols/shams')();
+var hasToStringTag = require('has-tostringtag/shams')();
+var forEach = require('for-each');
+var semver = require('semver');
+
+test('values', function (t) {
+    t.plan(1);
+    var obj = [{}, [], { 'a-b': 5 }];
+    t.equal(inspect(obj), '[ {}, [], { \'a-b\': 5 } ]');
+});
+
+test('arrays with properties', function (t) {
+    t.plan(1);
+    var arr = [3];
+    arr.foo = 'bar';
+    var obj = [1, 2, arr];
+    obj.baz = 'quux';
+    obj.index = -1;
+    t.equal(inspect(obj), '[ 1, 2, [ 3, foo: \'bar\' ], baz: \'quux\', index: -1 ]');
+});
+
+test('has', function (t) {
+    t.plan(1);
+    t.teardown(mockProperty(Object.prototype, 'hasOwnProperty', { 'delete': true }));
+
+    t.equal(inspect({ a: 1, b: 2 }), '{ a: 1, b: 2 }');
+});
+
+test('indexOf seen', function (t) {
+    t.plan(1);
+    var xs = [1, 2, 3, {}];
+    xs.push(xs);
+
+    var seen = [];
+    seen.indexOf = undefined;
+
+    t.equal(
+        inspect(xs, {}, 0, seen),
+        '[ 1, 2, 3, {}, [Circular] ]'
+    );
+});
+
+test('seen seen', function (t) {
+    t.plan(1);
+    var xs = [1, 2, 3];
+
+    var seen = [xs];
+    seen.indexOf = undefined;
+
+    t.equal(
+        inspect(xs, {}, 0, seen),
+        '[Circular]'
+    );
+});
+
+test('seen seen seen', function (t) {
+    t.plan(1);
+    var xs = [1, 2, 3];
+
+    var seen = [5, xs];
+    seen.indexOf = undefined;
+
+    t.equal(
+        inspect(xs, {}, 0, seen),
+        '[Circular]'
+    );
+});
+
+test('symbols', { skip: !hasSymbols }, function (t) {
+    var sym = Symbol('foo');
+    t.equal(inspect(sym), 'Symbol(foo)', 'Symbol("foo") should be "Symbol(foo)"');
+    if (typeof sym === 'symbol') {
+        // Symbol shams are incapable of differentiating boxed from unboxed symbols
+        t.equal(inspect(Object(sym)), 'Object(Symbol(foo))', 'Object(Symbol("foo")) should be "Object(Symbol(foo))"');
+    }
+
+    t.test('toStringTag', { skip: !hasToStringTag }, function (st) {
+        st.plan(1);
+
+        var faker = {};
+        faker[Symbol.toStringTag] = 'Symbol';
+        st.equal(
+            inspect(faker),
+            '{ [Symbol(Symbol.toStringTag)]: \'Symbol\' }',
+            'object lying about being a Symbol inspects as an object'
+        );
+    });
+
+    t.end();
+});
+
+test('Map', { skip: typeof Map !== 'function' }, function (t) {
+    var map = new Map();
+    map.set({ a: 1 }, ['b']);
+    map.set(3, NaN);
+    var expectedString = 'Map (2) {' + inspect({ a: 1 }) + ' => ' + inspect(['b']) + ', 3 => NaN}';
+    t.equal(inspect(map), expectedString, 'new Map([[{ a: 1 }, ["b"]], [3, NaN]]) should show size and contents');
+    t.equal(inspect(new Map()), 'Map (0) {}', 'empty Map should show as empty');
+
+    var nestedMap = new Map();
+    nestedMap.set(nestedMap, map);
+    t.equal(inspect(nestedMap), 'Map (1) {[Circular] => ' + expectedString + '}', 'Map containing a Map should work');
+
+    t.end();
+});
+
+test('WeakMap', { skip: typeof WeakMap !== 'function' }, function (t) {
+    var map = new WeakMap();
+    map.set({ a: 1 }, ['b']);
+    var expectedString = 'WeakMap { ? }';
+    t.equal(inspect(map), expectedString, 'new WeakMap([[{ a: 1 }, ["b"]]]) should not show size or contents');
+    t.equal(inspect(new WeakMap()), 'WeakMap { ? }', 'empty WeakMap should not show as empty');
+
+    t.end();
+});
+
+test('Set', { skip: typeof Set !== 'function' }, function (t) {
+    var set = new Set();
+    set.add({ a: 1 });
+    set.add(['b']);
+    var expectedString = 'Set (2) {' + inspect({ a: 1 }) + ', ' + inspect(['b']) + '}';
+    t.equal(inspect(set), expectedString, 'new Set([{ a: 1 }, ["b"]]) should show size and contents');
+    t.equal(inspect(new Set()), 'Set (0) {}', 'empty Set should show as empty');
+
+    var nestedSet = new Set();
+    nestedSet.add(set);
+    nestedSet.add(nestedSet);
+    t.equal(inspect(nestedSet), 'Set (2) {' + expectedString + ', [Circular]}', 'Set containing a Set should work');
+
+    t.end();
+});
+
+test('WeakSet', { skip: typeof WeakSet !== 'function' }, function (t) {
+    var map = new WeakSet();
+    map.add({ a: 1 });
+    var expectedString = 'WeakSet { ? }';
+    t.equal(inspect(map), expectedString, 'new WeakSet([{ a: 1 }]) should not show size or contents');
+    t.equal(inspect(new WeakSet()), 'WeakSet { ? }', 'empty WeakSet should not show as empty');
+
+    t.end();
+});
+
+test('WeakRef', { skip: typeof WeakRef !== 'function' }, function (t) {
+    var ref = new WeakRef({ a: 1 });
+    var expectedString = 'WeakRef { ? }';
+    t.equal(inspect(ref), expectedString, 'new WeakRef({ a: 1 }) should not show contents');
+
+    t.end();
+});
+
+test('FinalizationRegistry', { skip: typeof FinalizationRegistry !== 'function' }, function (t) {
+    var registry = new FinalizationRegistry(function () {});
+    var expectedString = 'FinalizationRegistry [FinalizationRegistry] {}';
+    t.equal(inspect(registry), expectedString, 'new FinalizationRegistry(function () {}) should work normallys');
+
+    t.end();
+});
+
+test('Strings', function (t) {
+    var str = 'abc';
+
+    t.equal(inspect(str), "'" + str + "'", 'primitive string shows as such');
+    t.equal(inspect(str, { quoteStyle: 'single' }), "'" + str + "'", 'primitive string shows as such, single quoted');
+    t.equal(inspect(str, { quoteStyle: 'double' }), '"' + str + '"', 'primitive string shows as such, double quoted');
+    t.equal(inspect(Object(str)), 'Object(' + inspect(str) + ')', 'String object shows as such');
+    t.equal(inspect(Object(str), { quoteStyle: 'single' }), 'Object(' + inspect(str, { quoteStyle: 'single' }) + ')', 'String object shows as such, single quoted');
+    t.equal(inspect(Object(str), { quoteStyle: 'double' }), 'Object(' + inspect(str, { quoteStyle: 'double' }) + ')', 'String object shows as such, double quoted');
+
+    t.end();
+});
+
+test('Numbers', function (t) {
+    var num = 42;
+
+    t.equal(inspect(num), String(num), 'primitive number shows as such');
+    t.equal(inspect(Object(num)), 'Object(' + inspect(num) + ')', 'Number object shows as such');
+
+    t.end();
+});
+
+test('Booleans', function (t) {
+    t.equal(inspect(true), String(true), 'primitive true shows as such');
+    t.equal(inspect(Object(true)), 'Object(' + inspect(true) + ')', 'Boolean object true shows as such');
+
+    t.equal(inspect(false), String(false), 'primitive false shows as such');
+    t.equal(inspect(Object(false)), 'Object(' + inspect(false) + ')', 'Boolean false object shows as such');
+
+    t.end();
+});
+
+test('Date', function (t) {
+    var now = new Date();
+    t.equal(inspect(now), String(now), 'Date shows properly');
+    t.equal(inspect(new Date(NaN)), 'Invalid Date', 'Invalid Date shows properly');
+
+    t.end();
+});
+
+test('RegExps', function (t) {
+    t.equal(inspect(/a/g), '/a/g', 'regex shows properly');
+    t.equal(inspect(new RegExp('abc', 'i')), '/abc/i', 'new RegExp shows properly');
+
+    var match = 'abc abc'.match(/[ab]+/);
+    delete match.groups; // for node < 10
+    t.equal(inspect(match), '[ \'ab\', index: 0, input: \'abc abc\' ]', 'RegExp match object shows properly');
+
+    t.end();
+});
+
+test('Proxies', { skip: typeof Proxy !== 'function' || !hasToStringTag }, function (t) {
+    var target = { proxy: true };
+    var fake = new Proxy(target, { has: function () { return false; } });
+
+    // needed to work around a weird difference in node v6.0 - v6.4 where non-present properties are not logged
+    var isNode60 = semver.satisfies(process.version, '6.0 - 6.4');
+
+    forEach([
+        'Boolean',
+        'Number',
+        'String',
+        'Symbol',
+        'Date'
+    ], function (tag) {
+        target[Symbol.toStringTag] = tag;
+
+        t.equal(
+            inspect(fake),
+            '{ ' + (isNode60 ? '' : 'proxy: true, ') + '[Symbol(Symbol.toStringTag)]: \'' + tag + '\' }',
+            'Proxy for + ' + tag + ' shows as the target, which has no slots'
+        );
+    });
+
+    t.end();
+});
+
+test('fakers', { skip: !hasToStringTag }, function (t) {
+    var target = { proxy: false };
+
+    forEach([
+        'Boolean',
+        'Number',
+        'String',
+        'Symbol',
+        'Date'
+    ], function (tag) {
+        target[Symbol.toStringTag] = tag;
+
+        t.equal(
+            inspect(target),
+            '{ proxy: false, [Symbol(Symbol.toStringTag)]: \'' + tag + '\' }',
+            'Object pretending to be ' + tag + ' does not trick us'
+        );
+    });
+
+    t.end();
+});
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/util.inspect.js b/src/Servers/ExpressServer/node_modules/object-inspect/util.inspect.js
new file mode 100644
index 0000000..7784fab
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/object-inspect/util.inspect.js
@@ -0,0 +1 @@
+module.exports = require('util').inspect;
diff --git a/src/Servers/ExpressServer/node_modules/on-finished/HISTORY.md b/src/Servers/ExpressServer/node_modules/on-finished/HISTORY.md
new file mode 100644
index 0000000..1917595
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/on-finished/HISTORY.md
@@ -0,0 +1,98 @@
+2.4.1 / 2022-02-22
+==================
+
+  * Fix error on early async hooks implementations
+
+2.4.0 / 2022-02-21
+==================
+
+  * Prevent loss of async hooks context
+
+2.3.0 / 2015-05-26
+==================
+
+  * Add defined behavior for HTTP `CONNECT` requests
+  * Add defined behavior for HTTP `Upgrade` requests
+  * deps: ee-first@1.1.1
+
+2.2.1 / 2015-04-22
+==================
+
+  * Fix `isFinished(req)` when data buffered
+
+2.2.0 / 2014-12-22
+==================
+
+  * Add message object to callback arguments
+
+2.1.1 / 2014-10-22
+==================
+
+  * Fix handling of pipelined requests
+
+2.1.0 / 2014-08-16
+==================
+
+  * Check if `socket` is detached
+  * Return `undefined` for `isFinished` if state unknown
+
+2.0.0 / 2014-08-16
+==================
+
+  * Add `isFinished` function
+  * Move to `jshttp` organization
+  * Remove support for plain socket argument
+  * Rename to `on-finished`
+  * Support both `req` and `res` as arguments
+  * deps: ee-first@1.0.5
+
+1.2.2 / 2014-06-10
+==================
+
+  * Reduce listeners added to emitters
+    - avoids "event emitter leak" warnings when used multiple times on same request
+
+1.2.1 / 2014-06-08
+==================
+
+  * Fix returned value when already finished
+
+1.2.0 / 2014-06-05
+==================
+
+  * Call callback when called on already-finished socket
+
+1.1.4 / 2014-05-27
+==================
+
+  * Support node.js 0.8
+
+1.1.3 / 2014-04-30
+==================
+
+  * Make sure errors passed as instanceof `Error`
+
+1.1.2 / 2014-04-18
+==================
+
+  * Default the `socket` to passed-in object
+
+1.1.1 / 2014-01-16
+==================
+
+  * Rename module to `finished`
+
+1.1.0 / 2013-12-25
+==================
+
+  * Call callback when called on already-errored socket
+
+1.0.1 / 2013-12-20
+==================
+
+  * Actually pass the error to the callback
+
+1.0.0 / 2013-12-20
+==================
+
+  * Initial release
diff --git a/src/Servers/ExpressServer/node_modules/on-finished/LICENSE b/src/Servers/ExpressServer/node_modules/on-finished/LICENSE
new file mode 100644
index 0000000..5931fd2
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/on-finished/LICENSE
@@ -0,0 +1,23 @@
+(The MIT License)
+
+Copyright (c) 2013 Jonathan Ong <me@jongleberry.com>
+Copyright (c) 2014 Douglas Christopher Wilson <doug@somethingdoug.com>
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/on-finished/README.md b/src/Servers/ExpressServer/node_modules/on-finished/README.md
new file mode 100644
index 0000000..8973cde
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/on-finished/README.md
@@ -0,0 +1,162 @@
+# on-finished
+
+[![NPM Version][npm-version-image]][npm-url]
+[![NPM Downloads][npm-downloads-image]][npm-url]
+[![Node.js Version][node-image]][node-url]
+[![Build Status][ci-image]][ci-url]
+[![Coverage Status][coveralls-image]][coveralls-url]
+
+Execute a callback when a HTTP request closes, finishes, or errors.
+
+## Install
+
+This is a [Node.js](https://nodejs.org/en/) module available through the
+[npm registry](https://www.npmjs.com/). Installation is done using the
+[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
+
+```sh
+$ npm install on-finished
+```
+
+## API
+
+```js
+var onFinished = require('on-finished')
+```
+
+### onFinished(res, listener)
+
+Attach a listener to listen for the response to finish. The listener will
+be invoked only once when the response finished. If the response finished
+to an error, the first argument will contain the error. If the response
+has already finished, the listener will be invoked.
+
+Listening to the end of a response would be used to close things associated
+with the response, like open files.
+
+Listener is invoked as `listener(err, res)`.
+
+<!-- eslint-disable handle-callback-err -->
+
+```js
+onFinished(res, function (err, res) {
+  // clean up open fds, etc.
+  // err contains the error if request error'd
+})
+```
+
+### onFinished(req, listener)
+
+Attach a listener to listen for the request to finish. The listener will
+be invoked only once when the request finished. If the request finished
+to an error, the first argument will contain the error. If the request
+has already finished, the listener will be invoked.
+
+Listening to the end of a request would be used to know when to continue
+after reading the data.
+
+Listener is invoked as `listener(err, req)`.
+
+<!-- eslint-disable handle-callback-err -->
+
+```js
+var data = ''
+
+req.setEncoding('utf8')
+req.on('data', function (str) {
+  data += str
+})
+
+onFinished(req, function (err, req) {
+  // data is read unless there is err
+})
+```
+
+### onFinished.isFinished(res)
+
+Determine if `res` is already finished. This would be useful to check and
+not even start certain operations if the response has already finished.
+
+### onFinished.isFinished(req)
+
+Determine if `req` is already finished. This would be useful to check and
+not even start certain operations if the request has already finished.
+
+## Special Node.js requests
+
+### HTTP CONNECT method
+
+The meaning of the `CONNECT` method from RFC 7231, section 4.3.6:
+
+> The CONNECT method requests that the recipient establish a tunnel to
+> the destination origin server identified by the request-target and,
+> if successful, thereafter restrict its behavior to blind forwarding
+> of packets, in both directions, until the tunnel is closed.  Tunnels
+> are commonly used to create an end-to-end virtual connection, through
+> one or more proxies, which can then be secured using TLS (Transport
+> Layer Security, [RFC5246]).
+
+In Node.js, these request objects come from the `'connect'` event on
+the HTTP server.
+
+When this module is used on a HTTP `CONNECT` request, the request is
+considered "finished" immediately, **due to limitations in the Node.js
+interface**. This means if the `CONNECT` request contains a request entity,
+the request will be considered "finished" even before it has been read.
+
+There is no such thing as a response object to a `CONNECT` request in
+Node.js, so there is no support for one.
+
+### HTTP Upgrade request
+
+The meaning of the `Upgrade` header from RFC 7230, section 6.1:
+
+> The "Upgrade" header field is intended to provide a simple mechanism
+> for transitioning from HTTP/1.1 to some other protocol on the same
+> connection.
+
+In Node.js, these request objects come from the `'upgrade'` event on
+the HTTP server.
+
+When this module is used on a HTTP request with an `Upgrade` header, the
+request is considered "finished" immediately, **due to limitations in the
+Node.js interface**. This means if the `Upgrade` request contains a request
+entity, the request will be considered "finished" even before it has been
+read.
+
+There is no such thing as a response object to a `Upgrade` request in
+Node.js, so there is no support for one.
+
+## Example
+
+The following code ensures that file descriptors are always closed
+once the response finishes.
+
+```js
+var destroy = require('destroy')
+var fs = require('fs')
+var http = require('http')
+var onFinished = require('on-finished')
+
+http.createServer(function onRequest (req, res) {
+  var stream = fs.createReadStream('package.json')
+  stream.pipe(res)
+  onFinished(res, function () {
+    destroy(stream)
+  })
+})
+```
+
+## License
+
+[MIT](LICENSE)
+
+[ci-image]: https://badgen.net/github/checks/jshttp/on-finished/master?label=ci
+[ci-url]: https://github.com/jshttp/on-finished/actions/workflows/ci.yml
+[coveralls-image]: https://badgen.net/coveralls/c/github/jshttp/on-finished/master
+[coveralls-url]: https://coveralls.io/r/jshttp/on-finished?branch=master
+[node-image]: https://badgen.net/npm/node/on-finished
+[node-url]: https://nodejs.org/en/download
+[npm-downloads-image]: https://badgen.net/npm/dm/on-finished
+[npm-url]: https://npmjs.org/package/on-finished
+[npm-version-image]: https://badgen.net/npm/v/on-finished
diff --git a/src/Servers/ExpressServer/node_modules/on-finished/index.js b/src/Servers/ExpressServer/node_modules/on-finished/index.js
new file mode 100644
index 0000000..e68df7b
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/on-finished/index.js
@@ -0,0 +1,234 @@
+/*!
+ * on-finished
+ * Copyright(c) 2013 Jonathan Ong
+ * Copyright(c) 2014 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict'
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = onFinished
+module.exports.isFinished = isFinished
+
+/**
+ * Module dependencies.
+ * @private
+ */
+
+var asyncHooks = tryRequireAsyncHooks()
+var first = require('ee-first')
+
+/**
+ * Variables.
+ * @private
+ */
+
+/* istanbul ignore next */
+var defer = typeof setImmediate === 'function'
+  ? setImmediate
+  : function (fn) { process.nextTick(fn.bind.apply(fn, arguments)) }
+
+/**
+ * Invoke callback when the response has finished, useful for
+ * cleaning up resources afterwards.
+ *
+ * @param {object} msg
+ * @param {function} listener
+ * @return {object}
+ * @public
+ */
+
+function onFinished (msg, listener) {
+  if (isFinished(msg) !== false) {
+    defer(listener, null, msg)
+    return msg
+  }
+
+  // attach the listener to the message
+  attachListener(msg, wrap(listener))
+
+  return msg
+}
+
+/**
+ * Determine if message is already finished.
+ *
+ * @param {object} msg
+ * @return {boolean}
+ * @public
+ */
+
+function isFinished (msg) {
+  var socket = msg.socket
+
+  if (typeof msg.finished === 'boolean') {
+    // OutgoingMessage
+    return Boolean(msg.finished || (socket && !socket.writable))
+  }
+
+  if (typeof msg.complete === 'boolean') {
+    // IncomingMessage
+    return Boolean(msg.upgrade || !socket || !socket.readable || (msg.complete && !msg.readable))
+  }
+
+  // don't know
+  return undefined
+}
+
+/**
+ * Attach a finished listener to the message.
+ *
+ * @param {object} msg
+ * @param {function} callback
+ * @private
+ */
+
+function attachFinishedListener (msg, callback) {
+  var eeMsg
+  var eeSocket
+  var finished = false
+
+  function onFinish (error) {
+    eeMsg.cancel()
+    eeSocket.cancel()
+
+    finished = true
+    callback(error)
+  }
+
+  // finished on first message event
+  eeMsg = eeSocket = first([[msg, 'end', 'finish']], onFinish)
+
+  function onSocket (socket) {
+    // remove listener
+    msg.removeListener('socket', onSocket)
+
+    if (finished) return
+    if (eeMsg !== eeSocket) return
+
+    // finished on first socket event
+    eeSocket = first([[socket, 'error', 'close']], onFinish)
+  }
+
+  if (msg.socket) {
+    // socket already assigned
+    onSocket(msg.socket)
+    return
+  }
+
+  // wait for socket to be assigned
+  msg.on('socket', onSocket)
+
+  if (msg.socket === undefined) {
+    // istanbul ignore next: node.js 0.8 patch
+    patchAssignSocket(msg, onSocket)
+  }
+}
+
+/**
+ * Attach the listener to the message.
+ *
+ * @param {object} msg
+ * @return {function}
+ * @private
+ */
+
+function attachListener (msg, listener) {
+  var attached = msg.__onFinished
+
+  // create a private single listener with queue
+  if (!attached || !attached.queue) {
+    attached = msg.__onFinished = createListener(msg)
+    attachFinishedListener(msg, attached)
+  }
+
+  attached.queue.push(listener)
+}
+
+/**
+ * Create listener on message.
+ *
+ * @param {object} msg
+ * @return {function}
+ * @private
+ */
+
+function createListener (msg) {
+  function listener (err) {
+    if (msg.__onFinished === listener) msg.__onFinished = null
+    if (!listener.queue) return
+
+    var queue = listener.queue
+    listener.queue = null
+
+    for (var i = 0; i < queue.length; i++) {
+      queue[i](err, msg)
+    }
+  }
+
+  listener.queue = []
+
+  return listener
+}
+
+/**
+ * Patch ServerResponse.prototype.assignSocket for node.js 0.8.
+ *
+ * @param {ServerResponse} res
+ * @param {function} callback
+ * @private
+ */
+
+// istanbul ignore next: node.js 0.8 patch
+function patchAssignSocket (res, callback) {
+  var assignSocket = res.assignSocket
+
+  if (typeof assignSocket !== 'function') return
+
+  // res.on('socket', callback) is broken in 0.8
+  res.assignSocket = function _assignSocket (socket) {
+    assignSocket.call(this, socket)
+    callback(socket)
+  }
+}
+
+/**
+ * Try to require async_hooks
+ * @private
+ */
+
+function tryRequireAsyncHooks () {
+  try {
+    return require('async_hooks')
+  } catch (e) {
+    return {}
+  }
+}
+
+/**
+ * Wrap function with async resource, if possible.
+ * AsyncResource.bind static method backported.
+ * @private
+ */
+
+function wrap (fn) {
+  var res
+
+  // create anonymous resource
+  if (asyncHooks.AsyncResource) {
+    res = new asyncHooks.AsyncResource(fn.name || 'bound-anonymous-fn')
+  }
+
+  // incompatible node.js
+  if (!res || !res.runInAsyncScope) {
+    return fn
+  }
+
+  // return bound function
+  return res.runInAsyncScope.bind(res, fn, null)
+}
diff --git a/src/Servers/ExpressServer/node_modules/on-finished/package.json b/src/Servers/ExpressServer/node_modules/on-finished/package.json
new file mode 100644
index 0000000..644cd81
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/on-finished/package.json
@@ -0,0 +1,39 @@
+{
+  "name": "on-finished",
+  "description": "Execute a callback when a request closes, finishes, or errors",
+  "version": "2.4.1",
+  "contributors": [
+    "Douglas Christopher Wilson <doug@somethingdoug.com>",
+    "Jonathan Ong <me@jongleberry.com> (http://jongleberry.com)"
+  ],
+  "license": "MIT",
+  "repository": "jshttp/on-finished",
+  "dependencies": {
+    "ee-first": "1.1.1"
+  },
+  "devDependencies": {
+    "eslint": "7.32.0",
+    "eslint-config-standard": "14.1.1",
+    "eslint-plugin-import": "2.25.4",
+    "eslint-plugin-markdown": "2.2.1",
+    "eslint-plugin-node": "11.1.0",
+    "eslint-plugin-promise": "5.2.0",
+    "eslint-plugin-standard": "4.1.0",
+    "mocha": "9.2.1",
+    "nyc": "15.1.0"
+  },
+  "engines": {
+    "node": ">= 0.8"
+  },
+  "files": [
+    "HISTORY.md",
+    "LICENSE",
+    "index.js"
+  ],
+  "scripts": {
+    "lint": "eslint .",
+    "test": "mocha --reporter spec --bail --check-leaks test/",
+    "test-ci": "nyc --reporter=lcovonly --reporter=text npm test",
+    "test-cov": "nyc --reporter=html --reporter=text npm test"
+  }
+}
diff --git a/src/Servers/ExpressServer/node_modules/parseurl/HISTORY.md b/src/Servers/ExpressServer/node_modules/parseurl/HISTORY.md
new file mode 100644
index 0000000..8e40954
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/parseurl/HISTORY.md
@@ -0,0 +1,58 @@
+1.3.3 / 2019-04-15
+==================
+
+  * Fix Node.js 0.8 return value inconsistencies
+
+1.3.2 / 2017-09-09
+==================
+
+  * perf: reduce overhead for full URLs
+  * perf: unroll the "fast-path" `RegExp`
+
+1.3.1 / 2016-01-17
+==================
+
+  * perf: enable strict mode
+
+1.3.0 / 2014-08-09
+==================
+
+  * Add `parseurl.original` for parsing `req.originalUrl` with fallback
+  * Return `undefined` if `req.url` is `undefined`
+
+1.2.0 / 2014-07-21
+==================
+
+  * Cache URLs based on original value
+  * Remove no-longer-needed URL mis-parse work-around
+  * Simplify the "fast-path" `RegExp`
+
+1.1.3 / 2014-07-08
+==================
+
+  * Fix typo
+
+1.1.2 / 2014-07-08
+==================
+
+  * Seriously fix Node.js 0.8 compatibility
+
+1.1.1 / 2014-07-08
+==================
+
+  * Fix Node.js 0.8 compatibility
+
+1.1.0 / 2014-07-08
+==================
+
+  * Incorporate URL href-only parse fast-path
+
+1.0.1 / 2014-03-08
+==================
+
+  * Add missing `require`
+
+1.0.0 / 2014-03-08
+==================
+
+  * Genesis from `connect`
diff --git a/src/Servers/ExpressServer/node_modules/parseurl/LICENSE b/src/Servers/ExpressServer/node_modules/parseurl/LICENSE
new file mode 100644
index 0000000..27653d3
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/parseurl/LICENSE
@@ -0,0 +1,24 @@
+
+(The MIT License)
+
+Copyright (c) 2014 Jonathan Ong <me@jongleberry.com>
+Copyright (c) 2014-2017 Douglas Christopher Wilson <doug@somethingdoug.com>
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/parseurl/README.md b/src/Servers/ExpressServer/node_modules/parseurl/README.md
new file mode 100644
index 0000000..443e716
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/parseurl/README.md
@@ -0,0 +1,133 @@
+# parseurl
+
+[![NPM Version][npm-version-image]][npm-url]
+[![NPM Downloads][npm-downloads-image]][npm-url]
+[![Node.js Version][node-image]][node-url]
+[![Build Status][travis-image]][travis-url]
+[![Test Coverage][coveralls-image]][coveralls-url]
+
+Parse a URL with memoization.
+
+## Install
+
+This is a [Node.js](https://nodejs.org/en/) module available through the
+[npm registry](https://www.npmjs.com/). Installation is done using the
+[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
+
+```sh
+$ npm install parseurl
+```
+
+## API
+
+```js
+var parseurl = require('parseurl')
+```
+
+### parseurl(req)
+
+Parse the URL of the given request object (looks at the `req.url` property)
+and return the result. The result is the same as `url.parse` in Node.js core.
+Calling this function multiple times on the same `req` where `req.url` does
+not change will return a cached parsed object, rather than parsing again.
+
+### parseurl.original(req)
+
+Parse the original URL of the given request object and return the result.
+This works by trying to parse `req.originalUrl` if it is a string, otherwise
+parses `req.url`. The result is the same as `url.parse` in Node.js core.
+Calling this function multiple times on the same `req` where `req.originalUrl`
+does not change will return a cached parsed object, rather than parsing again.
+
+## Benchmark
+
+```bash
+$ npm run-script bench
+
+> parseurl@1.3.3 bench nodejs-parseurl
+> node benchmark/index.js
+
+  http_parser@2.8.0
+  node@10.6.0
+  v8@6.7.288.46-node.13
+  uv@1.21.0
+  zlib@1.2.11
+  ares@1.14.0
+  modules@64
+  nghttp2@1.32.0
+  napi@3
+  openssl@1.1.0h
+  icu@61.1
+  unicode@10.0
+  cldr@33.0
+  tz@2018c
+
+> node benchmark/fullurl.js
+
+  Parsing URL "http://localhost:8888/foo/bar?user=tj&pet=fluffy"
+
+  4 tests completed.
+
+  fasturl            x 2,207,842 ops/sec ±3.76% (184 runs sampled)
+  nativeurl - legacy x   507,180 ops/sec ±0.82% (191 runs sampled)
+  nativeurl - whatwg x   290,044 ops/sec ±1.96% (189 runs sampled)
+  parseurl           x   488,907 ops/sec ±2.13% (192 runs sampled)
+
+> node benchmark/pathquery.js
+
+  Parsing URL "/foo/bar?user=tj&pet=fluffy"
+
+  4 tests completed.
+
+  fasturl            x 3,812,564 ops/sec ±3.15% (188 runs sampled)
+  nativeurl - legacy x 2,651,631 ops/sec ±1.68% (189 runs sampled)
+  nativeurl - whatwg x   161,837 ops/sec ±2.26% (189 runs sampled)
+  parseurl           x 4,166,338 ops/sec ±2.23% (184 runs sampled)
+
+> node benchmark/samerequest.js
+
+  Parsing URL "/foo/bar?user=tj&pet=fluffy" on same request object
+
+  4 tests completed.
+
+  fasturl            x  3,821,651 ops/sec ±2.42% (185 runs sampled)
+  nativeurl - legacy x  2,651,162 ops/sec ±1.90% (187 runs sampled)
+  nativeurl - whatwg x    175,166 ops/sec ±1.44% (188 runs sampled)
+  parseurl           x 14,912,606 ops/sec ±3.59% (183 runs sampled)
+
+> node benchmark/simplepath.js
+
+  Parsing URL "/foo/bar"
+
+  4 tests completed.
+
+  fasturl            x 12,421,765 ops/sec ±2.04% (191 runs sampled)
+  nativeurl - legacy x  7,546,036 ops/sec ±1.41% (188 runs sampled)
+  nativeurl - whatwg x    198,843 ops/sec ±1.83% (189 runs sampled)
+  parseurl           x 24,244,006 ops/sec ±0.51% (194 runs sampled)
+
+> node benchmark/slash.js
+
+  Parsing URL "/"
+
+  4 tests completed.
+
+  fasturl            x 17,159,456 ops/sec ±3.25% (188 runs sampled)
+  nativeurl - legacy x 11,635,097 ops/sec ±3.79% (184 runs sampled)
+  nativeurl - whatwg x    240,693 ops/sec ±0.83% (189 runs sampled)
+  parseurl           x 42,279,067 ops/sec ±0.55% (190 runs sampled)
+```
+
+## License
+
+  [MIT](LICENSE)
+
+[coveralls-image]: https://badgen.net/coveralls/c/github/pillarjs/parseurl/master
+[coveralls-url]: https://coveralls.io/r/pillarjs/parseurl?branch=master
+[node-image]: https://badgen.net/npm/node/parseurl
+[node-url]: https://nodejs.org/en/download
+[npm-downloads-image]: https://badgen.net/npm/dm/parseurl
+[npm-url]: https://npmjs.org/package/parseurl
+[npm-version-image]: https://badgen.net/npm/v/parseurl
+[travis-image]: https://badgen.net/travis/pillarjs/parseurl/master
+[travis-url]: https://travis-ci.org/pillarjs/parseurl
diff --git a/src/Servers/ExpressServer/node_modules/parseurl/index.js b/src/Servers/ExpressServer/node_modules/parseurl/index.js
new file mode 100644
index 0000000..ece7223
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/parseurl/index.js
@@ -0,0 +1,158 @@
+/*!
+ * parseurl
+ * Copyright(c) 2014 Jonathan Ong
+ * Copyright(c) 2014-2017 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict'
+
+/**
+ * Module dependencies.
+ * @private
+ */
+
+var url = require('url')
+var parse = url.parse
+var Url = url.Url
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = parseurl
+module.exports.original = originalurl
+
+/**
+ * Parse the `req` url with memoization.
+ *
+ * @param {ServerRequest} req
+ * @return {Object}
+ * @public
+ */
+
+function parseurl (req) {
+  var url = req.url
+
+  if (url === undefined) {
+    // URL is undefined
+    return undefined
+  }
+
+  var parsed = req._parsedUrl
+
+  if (fresh(url, parsed)) {
+    // Return cached URL parse
+    return parsed
+  }
+
+  // Parse the URL
+  parsed = fastparse(url)
+  parsed._raw = url
+
+  return (req._parsedUrl = parsed)
+};
+
+/**
+ * Parse the `req` original url with fallback and memoization.
+ *
+ * @param {ServerRequest} req
+ * @return {Object}
+ * @public
+ */
+
+function originalurl (req) {
+  var url = req.originalUrl
+
+  if (typeof url !== 'string') {
+    // Fallback
+    return parseurl(req)
+  }
+
+  var parsed = req._parsedOriginalUrl
+
+  if (fresh(url, parsed)) {
+    // Return cached URL parse
+    return parsed
+  }
+
+  // Parse the URL
+  parsed = fastparse(url)
+  parsed._raw = url
+
+  return (req._parsedOriginalUrl = parsed)
+};
+
+/**
+ * Parse the `str` url with fast-path short-cut.
+ *
+ * @param {string} str
+ * @return {Object}
+ * @private
+ */
+
+function fastparse (str) {
+  if (typeof str !== 'string' || str.charCodeAt(0) !== 0x2f /* / */) {
+    return parse(str)
+  }
+
+  var pathname = str
+  var query = null
+  var search = null
+
+  // This takes the regexp from https://github.com/joyent/node/pull/7878
+  // Which is /^(\/[^?#\s]*)(\?[^#\s]*)?$/
+  // And unrolls it into a for loop
+  for (var i = 1; i < str.length; i++) {
+    switch (str.charCodeAt(i)) {
+      case 0x3f: /* ?  */
+        if (search === null) {
+          pathname = str.substring(0, i)
+          query = str.substring(i + 1)
+          search = str.substring(i)
+        }
+        break
+      case 0x09: /* \t */
+      case 0x0a: /* \n */
+      case 0x0c: /* \f */
+      case 0x0d: /* \r */
+      case 0x20: /*    */
+      case 0x23: /* #  */
+      case 0xa0:
+      case 0xfeff:
+        return parse(str)
+    }
+  }
+
+  var url = Url !== undefined
+    ? new Url()
+    : {}
+
+  url.path = str
+  url.href = str
+  url.pathname = pathname
+
+  if (search !== null) {
+    url.query = query
+    url.search = search
+  }
+
+  return url
+}
+
+/**
+ * Determine if parsed is still fresh for url.
+ *
+ * @param {string} url
+ * @param {object} parsedUrl
+ * @return {boolean}
+ * @private
+ */
+
+function fresh (url, parsedUrl) {
+  return typeof parsedUrl === 'object' &&
+    parsedUrl !== null &&
+    (Url === undefined || parsedUrl instanceof Url) &&
+    parsedUrl._raw === url
+}
diff --git a/src/Servers/ExpressServer/node_modules/parseurl/package.json b/src/Servers/ExpressServer/node_modules/parseurl/package.json
new file mode 100644
index 0000000..6b443ca
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/parseurl/package.json
@@ -0,0 +1,40 @@
+{
+  "name": "parseurl",
+  "description": "parse a url with memoization",
+  "version": "1.3.3",
+  "contributors": [
+    "Douglas Christopher Wilson <doug@somethingdoug.com>",
+    "Jonathan Ong <me@jongleberry.com> (http://jongleberry.com)"
+  ],
+  "repository": "pillarjs/parseurl",
+  "license": "MIT",
+  "devDependencies": {
+    "beautify-benchmark": "0.2.4",
+    "benchmark": "2.1.4",
+    "eslint": "5.16.0",
+    "eslint-config-standard": "12.0.0",
+    "eslint-plugin-import": "2.17.1",
+    "eslint-plugin-node": "7.0.1",
+    "eslint-plugin-promise": "4.1.1",
+    "eslint-plugin-standard": "4.0.0",
+    "fast-url-parser": "1.1.3",
+    "istanbul": "0.4.5",
+    "mocha": "6.1.3"
+  },
+  "files": [
+    "LICENSE",
+    "HISTORY.md",
+    "README.md",
+    "index.js"
+  ],
+  "engines": {
+    "node": ">= 0.8"
+  },
+  "scripts": {
+    "bench": "node benchmark/index.js",
+    "lint": "eslint .",
+    "test": "mocha --check-leaks --bail --reporter spec test/",
+    "test-cov": "istanbul cover node_modules/mocha/bin/_mocha -- --check-leaks --reporter dot test/",
+    "test-travis": "istanbul cover node_modules/mocha/bin/_mocha --report lcovonly -- --check-leaks --reporter spec test/"
+  }
+}
diff --git a/src/Servers/ExpressServer/node_modules/path-to-regexp/LICENSE b/src/Servers/ExpressServer/node_modules/path-to-regexp/LICENSE
new file mode 100644
index 0000000..983fbe8
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/path-to-regexp/LICENSE
@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2014 Blake Embrey (hello@blakeembrey.com)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/path-to-regexp/Readme.md b/src/Servers/ExpressServer/node_modules/path-to-regexp/Readme.md
new file mode 100644
index 0000000..95452a6
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/path-to-regexp/Readme.md
@@ -0,0 +1,35 @@
+# Path-to-RegExp
+
+Turn an Express-style path string such as `/user/:name` into a regular expression.
+
+**Note:** This is a legacy branch. You should upgrade to `1.x`.
+
+## Usage
+
+```javascript
+var pathToRegexp = require('path-to-regexp');
+```
+
+### pathToRegexp(path, keys, options)
+
+ - **path** A string in the express format, an array of such strings, or a regular expression
+ - **keys** An array to be populated with the keys present in the url.  Once the function completes, this will be an array of strings.
+ - **options**
+   - **options.sensitive** Defaults to false, set this to true to make routes case sensitive
+   - **options.strict** Defaults to false, set this to true to make the trailing slash matter.
+   - **options.end** Defaults to true, set this to false to only match the prefix of the URL.
+
+```javascript
+var keys = [];
+var exp = pathToRegexp('/foo/:bar', keys);
+//keys = ['bar']
+//exp = /^\/foo\/(?:([^\/]+?))\/?$/i
+```
+
+## Live Demo
+
+You can see a live demo of this library in use at [express-route-tester](http://forbeslindesay.github.com/express-route-tester/).
+
+## License
+
+  MIT
diff --git a/src/Servers/ExpressServer/node_modules/path-to-regexp/index.js b/src/Servers/ExpressServer/node_modules/path-to-regexp/index.js
new file mode 100644
index 0000000..95d2f4b
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/path-to-regexp/index.js
@@ -0,0 +1,156 @@
+/**
+ * Expose `pathToRegexp`.
+ */
+
+module.exports = pathToRegexp;
+
+/**
+ * Match matching groups in a regular expression.
+ */
+var MATCHING_GROUP_REGEXP = /\\.|\((?:\?<(.*?)>)?(?!\?)/g;
+
+/**
+ * Normalize the given path string,
+ * returning a regular expression.
+ *
+ * An empty array should be passed,
+ * which will contain the placeholder
+ * key names. For example "/user/:id" will
+ * then contain ["id"].
+ *
+ * @param  {String|RegExp|Array} path
+ * @param  {Array} keys
+ * @param  {Object} options
+ * @return {RegExp}
+ * @api private
+ */
+
+function pathToRegexp(path, keys, options) {
+  options = options || {};
+  keys = keys || [];
+  var strict = options.strict;
+  var end = options.end !== false;
+  var flags = options.sensitive ? '' : 'i';
+  var lookahead = options.lookahead !== false;
+  var extraOffset = 0;
+  var keysOffset = keys.length;
+  var i = 0;
+  var name = 0;
+  var pos = 0;
+  var backtrack = '';
+  var m;
+
+  if (path instanceof RegExp) {
+    while (m = MATCHING_GROUP_REGEXP.exec(path.source)) {
+      if (m[0][0] === '\\') continue;
+
+      keys.push({
+        name: m[1] || name++,
+        optional: false,
+        offset: m.index
+      });
+    }
+
+    return path;
+  }
+
+  if (Array.isArray(path)) {
+    // Map array parts into regexps and return their source. We also pass
+    // the same keys and options instance into every generation to get
+    // consistent matching groups before we join the sources together.
+    path = path.map(function (value) {
+      return pathToRegexp(value, keys, options).source;
+    });
+
+    return new RegExp(path.join('|'), flags);
+  }
+
+  if (typeof path !== 'string') {
+    throw new TypeError('path must be a string, array of strings, or regular expression');
+  }
+
+  path = path.replace(
+    /\\.|(\/)?(\.)?:(\w+)(\(.*?\))?(\*)?(\?)?|[.*]|\/\(/g,
+    function (match, slash, format, key, capture, star, optional, offset) {
+      if (match[0] === '\\') {
+        backtrack += match;
+        pos += 2;
+        return match;
+      }
+
+      if (match === '.') {
+        backtrack += '\\.';
+        extraOffset += 1;
+        pos += 1;
+        return '\\.';
+      }
+
+      if (slash || format) {
+        backtrack = '';
+      } else {
+        backtrack += path.slice(pos, offset);
+      }
+
+      pos = offset + match.length;
+
+      if (match === '*') {
+        extraOffset += 3;
+        return '(.*)';
+      }
+
+      if (match === '/(') {
+        backtrack += '/';
+        extraOffset += 2;
+        return '/(?:';
+      }
+
+      slash = slash || '';
+      format = format ? '\\.' : '';
+      optional = optional || '';
+      capture = capture ?
+        capture.replace(/\\.|\*/, function (m) { return m === '*' ? '(.*)' : m; }) :
+        (backtrack ? '((?:(?!/|' + backtrack + ').)+?)' : '([^/' + format + ']+?)');
+
+      keys.push({
+        name: key,
+        optional: !!optional,
+        offset: offset + extraOffset
+      });
+
+      var result = '(?:'
+        + format + slash + capture
+        + (star ? '((?:[/' + format + '].+?)?)' : '')
+        + ')'
+        + optional;
+
+      extraOffset += result.length - match.length;
+
+      return result;
+    });
+
+  // This is a workaround for handling unnamed matching groups.
+  while (m = MATCHING_GROUP_REGEXP.exec(path)) {
+    if (m[0][0] === '\\') continue;
+
+    if (keysOffset + i === keys.length || keys[keysOffset + i].offset > m.index) {
+      keys.splice(keysOffset + i, 0, {
+        name: name++, // Unnamed matching groups must be consistently linear.
+        optional: false,
+        offset: m.index
+      });
+    }
+
+    i++;
+  }
+
+  path += strict ? '' : path[path.length - 1] === '/' ? '?' : '/?';
+
+  // If the path is non-ending, match until the end or a slash.
+  if (end) {
+    path += '$';
+  } else if (path[path.length - 1] !== '/') {
+    path += lookahead ? '(?=/|$)' : '(?:/|$)';
+  }
+
+  return new RegExp('^' + path, flags);
+};
diff --git a/src/Servers/ExpressServer/node_modules/path-to-regexp/package.json b/src/Servers/ExpressServer/node_modules/path-to-regexp/package.json
new file mode 100644
index 0000000..23b4b6a
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/path-to-regexp/package.json
@@ -0,0 +1,30 @@
+{
+  "name": "path-to-regexp",
+  "description": "Express style path to RegExp utility",
+  "version": "0.1.12",
+  "files": [
+    "index.js",
+    "LICENSE"
+  ],
+  "scripts": {
+    "test": "istanbul cover _mocha -- -R spec"
+  },
+  "keywords": [
+    "express",
+    "regexp"
+  ],
+  "component": {
+    "scripts": {
+      "path-to-regexp": "index.js"
+    }
+  },
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/pillarjs/path-to-regexp.git"
+  },
+  "devDependencies": {
+    "mocha": "^1.17.1",
+    "istanbul": "^0.2.6"
+  }
+}
diff --git a/src/Servers/ExpressServer/node_modules/proxy-addr/HISTORY.md b/src/Servers/ExpressServer/node_modules/proxy-addr/HISTORY.md
new file mode 100644
index 0000000..8480242
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/proxy-addr/HISTORY.md
@@ -0,0 +1,161 @@
+2.0.7 / 2021-05-31
+==================
+
+  * deps: forwarded@0.2.0
+    - Use `req.socket` over deprecated `req.connection`
+
+2.0.6 / 2020-02-24
+==================
+
+  * deps: ipaddr.js@1.9.1
+
+2.0.5 / 2019-04-16
+==================
+
+  * deps: ipaddr.js@1.9.0
+
+2.0.4 / 2018-07-26
+==================
+
+  * deps: ipaddr.js@1.8.0
+
+2.0.3 / 2018-02-19
+==================
+
+  * deps: ipaddr.js@1.6.0
+
+2.0.2 / 2017-09-24
+==================
+
+  * deps: forwarded@~0.1.2
+    - perf: improve header parsing
+    - perf: reduce overhead when no `X-Forwarded-For` header
+
+2.0.1 / 2017-09-10
+==================
+
+  * deps: forwarded@~0.1.1
+    - Fix trimming leading / trailing OWS
+    - perf: hoist regular expression
+  * deps: ipaddr.js@1.5.2
+
+2.0.0 / 2017-08-08
+==================
+
+  * Drop support for Node.js below 0.10
+
+1.1.5 / 2017-07-25
+==================
+
+  * Fix array argument being altered
+  * deps: ipaddr.js@1.4.0
+
+1.1.4 / 2017-03-24
+==================
+
+  * deps: ipaddr.js@1.3.0
+
+1.1.3 / 2017-01-14
+==================
+
+  * deps: ipaddr.js@1.2.0
+
+1.1.2 / 2016-05-29
+==================
+
+  * deps: ipaddr.js@1.1.1
+    - Fix IPv6-mapped IPv4 validation edge cases
+
+1.1.1 / 2016-05-03
+==================
+
+  * Fix regression matching mixed versions against multiple subnets
+
+1.1.0 / 2016-05-01
+==================
+
+  * Fix accepting various invalid netmasks
+    - IPv4 netmasks must be contingous
+    - IPv6 addresses cannot be used as a netmask
+  * deps: ipaddr.js@1.1.0
+
+1.0.10 / 2015-12-09
+===================
+
+  * deps: ipaddr.js@1.0.5
+    - Fix regression in `isValid` with non-string arguments
+
+1.0.9 / 2015-12-01
+==================
+
+  * deps: ipaddr.js@1.0.4
+    - Fix accepting some invalid IPv6 addresses
+    - Reject CIDRs with negative or overlong masks
+  * perf: enable strict mode
+
+1.0.8 / 2015-05-10
+==================
+
+  * deps: ipaddr.js@1.0.1
+
+1.0.7 / 2015-03-16
+==================
+
+  * deps: ipaddr.js@0.1.9
+    - Fix OOM on certain inputs to `isValid`
+
+1.0.6 / 2015-02-01
+==================
+
+  * deps: ipaddr.js@0.1.8
+
+1.0.5 / 2015-01-08
+==================
+
+  * deps: ipaddr.js@0.1.6
+
+1.0.4 / 2014-11-23
+==================
+
+  * deps: ipaddr.js@0.1.5
+    - Fix edge cases with `isValid`
+
+1.0.3 / 2014-09-21
+==================
+
+  * Use `forwarded` npm module
+
+1.0.2 / 2014-09-18
+==================
+
+  * Fix a global leak when multiple subnets are trusted
+  * Support Node.js 0.6
+  * deps: ipaddr.js@0.1.3
+
+1.0.1 / 2014-06-03
+==================
+
+  * Fix links in npm package
+
+1.0.0 / 2014-05-08
+==================
+
+  * Add `trust` argument to determine proxy trust on
+    * Accepts custom function
+    * Accepts IPv4/IPv6 address(es)
+    * Accepts subnets
+    * Accepts pre-defined names
+  * Add optional `trust` argument to `proxyaddr.all` to
+    stop at first untrusted
+  * Add `proxyaddr.compile` to pre-compile `trust` function
+    to make subsequent calls faster
+
+0.0.1 / 2014-05-04
+==================
+
+  * Fix bad npm publish
+
+0.0.0 / 2014-05-04
+==================
+
+  * Initial release
diff --git a/src/Servers/ExpressServer/node_modules/proxy-addr/LICENSE b/src/Servers/ExpressServer/node_modules/proxy-addr/LICENSE
new file mode 100644
index 0000000..cab251c
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/proxy-addr/LICENSE
@@ -0,0 +1,22 @@
+(The MIT License)
+
+Copyright (c) 2014-2016 Douglas Christopher Wilson
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/proxy-addr/README.md b/src/Servers/ExpressServer/node_modules/proxy-addr/README.md
new file mode 100644
index 0000000..69c0b63
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/proxy-addr/README.md
@@ -0,0 +1,139 @@
+# proxy-addr
+
+[![NPM Version][npm-version-image]][npm-url]
+[![NPM Downloads][npm-downloads-image]][npm-url]
+[![Node.js Version][node-image]][node-url]
+[![Build Status][ci-image]][ci-url]
+[![Test Coverage][coveralls-image]][coveralls-url]
+
+Determine address of proxied request
+
+## Install
+
+This is a [Node.js](https://nodejs.org/en/) module available through the
+[npm registry](https://www.npmjs.com/). Installation is done using the
+[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
+
+```sh
+$ npm install proxy-addr
+```
+
+## API
+
+```js
+var proxyaddr = require('proxy-addr')
+```
+
+### proxyaddr(req, trust)
+
+Return the address of the request, using the given `trust` parameter.
+
+The `trust` argument is a function that returns `true` if you trust
+the address, `false` if you don't. The closest untrusted address is
+returned.
+
+```js
+proxyaddr(req, function (addr) { return addr === '127.0.0.1' })
+proxyaddr(req, function (addr, i) { return i < 1 })
+```
+
+The `trust` arugment may also be a single IP address string or an
+array of trusted addresses, as plain IP addresses, CIDR-formatted
+strings, or IP/netmask strings.
+
+```js
+proxyaddr(req, '127.0.0.1')
+proxyaddr(req, ['127.0.0.0/8', '10.0.0.0/8'])
+proxyaddr(req, ['127.0.0.0/255.0.0.0', '192.168.0.0/255.255.0.0'])
+```
+
+This module also supports IPv6. Your IPv6 addresses will be normalized
+automatically (i.e. `fe80::00ed:1` equals `fe80:0:0:0:0:0:ed:1`).
+
+```js
+proxyaddr(req, '::1')
+proxyaddr(req, ['::1/128', 'fe80::/10'])
+```
+
+This module will automatically work with IPv4-mapped IPv6 addresses
+as well to support node.js in IPv6-only mode. This means that you do
+not have to specify both `::ffff:a00:1` and `10.0.0.1`.
+
+As a convenience, this module also takes certain pre-defined names
+in addition to IP addresses, which expand into IP addresses:
+
+```js
+proxyaddr(req, 'loopback')
+proxyaddr(req, ['loopback', 'fc00:ac:1ab5:fff::1/64'])
+```
+
+  * `loopback`: IPv4 and IPv6 loopback addresses (like `::1` and
+    `127.0.0.1`).
+  * `linklocal`: IPv4 and IPv6 link-local addresses (like
+    `fe80::1:1:1:1` and `169.254.0.1`).
+  * `uniquelocal`: IPv4 private addresses and IPv6 unique-local
+    addresses (like `fc00:ac:1ab5:fff::1` and `192.168.0.1`).
+
+When `trust` is specified as a function, it will be called for each
+address to determine if it is a trusted address. The function is
+given two arguments: `addr` and `i`, where `addr` is a string of
+the address to check and `i` is a number that represents the distance
+from the socket address.
+
+### proxyaddr.all(req, [trust])
+
+Return all the addresses of the request, optionally stopping at the
+first untrusted. This array is ordered from closest to furthest
+(i.e. `arr[0] === req.connection.remoteAddress`).
+
+```js
+proxyaddr.all(req)
+```
+
+The optional `trust` argument takes the same arguments as `trust`
+does in `proxyaddr(req, trust)`.
+
+```js
+proxyaddr.all(req, 'loopback')
+```
+
+### proxyaddr.compile(val)
+
+Compiles argument `val` into a `trust` function. This function takes
+the same arguments as `trust` does in `proxyaddr(req, trust)` and
+returns a function suitable for `proxyaddr(req, trust)`.
+
+```js
+var trust = proxyaddr.compile('loopback')
+var addr = proxyaddr(req, trust)
+```
+
+This function is meant to be optimized for use against every request.
+It is recommend to compile a trust function up-front for the trusted
+configuration and pass that to `proxyaddr(req, trust)` for each request.
+
+## Testing
+
+```sh
+$ npm test
+```
+
+## Benchmarks
+
+```sh
+$ npm run-script bench
+```
+
+## License
+
+[MIT](LICENSE)
+
+[ci-image]: https://badgen.net/github/checks/jshttp/proxy-addr/master?label=ci
+[ci-url]: https://github.com/jshttp/proxy-addr/actions?query=workflow%3Aci
+[coveralls-image]: https://badgen.net/coveralls/c/github/jshttp/proxy-addr/master
+[coveralls-url]: https://coveralls.io/r/jshttp/proxy-addr?branch=master
+[node-image]: https://badgen.net/npm/node/proxy-addr
+[node-url]: https://nodejs.org/en/download
+[npm-downloads-image]: https://badgen.net/npm/dm/proxy-addr
+[npm-url]: https://npmjs.org/package/proxy-addr
+[npm-version-image]: https://badgen.net/npm/v/proxy-addr
diff --git a/src/Servers/ExpressServer/node_modules/proxy-addr/index.js b/src/Servers/ExpressServer/node_modules/proxy-addr/index.js
new file mode 100644
index 0000000..a909b05
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/proxy-addr/index.js
@@ -0,0 +1,327 @@
+/*!
+ * proxy-addr
+ * Copyright(c) 2014-2016 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict'
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = proxyaddr
+module.exports.all = alladdrs
+module.exports.compile = compile
+
+/**
+ * Module dependencies.
+ * @private
+ */
+
+var forwarded = require('forwarded')
+var ipaddr = require('ipaddr.js')
+
+/**
+ * Variables.
+ * @private
+ */
+
+var DIGIT_REGEXP = /^[0-9]+$/
+var isip = ipaddr.isValid
+var parseip = ipaddr.parse
+
+/**
+ * Pre-defined IP ranges.
+ * @private
+ */
+
+var IP_RANGES = {
+  linklocal: ['169.254.0.0/16', 'fe80::/10'],
+  loopback: ['127.0.0.1/8', '::1/128'],
+  uniquelocal: ['10.0.0.0/8', '172.16.0.0/12', '192.168.0.0/16', 'fc00::/7']
+}
+
+/**
+ * Get all addresses in the request, optionally stopping
+ * at the first untrusted.
+ *
+ * @param {Object} request
+ * @param {Function|Array|String} [trust]
+ * @public
+ */
+
+function alladdrs (req, trust) {
+  // get addresses
+  var addrs = forwarded(req)
+
+  if (!trust) {
+    // Return all addresses
+    return addrs
+  }
+
+  if (typeof trust !== 'function') {
+    trust = compile(trust)
+  }
+
+  for (var i = 0; i < addrs.length - 1; i++) {
+    if (trust(addrs[i], i)) continue
+
+    addrs.length = i + 1
+  }
+
+  return addrs
+}
+
+/**
+ * Compile argument into trust function.
+ *
+ * @param {Array|String} val
+ * @private
+ */
+
+function compile (val) {
+  if (!val) {
+    throw new TypeError('argument is required')
+  }
+
+  var trust
+
+  if (typeof val === 'string') {
+    trust = [val]
+  } else if (Array.isArray(val)) {
+    trust = val.slice()
+  } else {
+    throw new TypeError('unsupported trust argument')
+  }
+
+  for (var i = 0; i < trust.length; i++) {
+    val = trust[i]
+
+    if (!Object.prototype.hasOwnProperty.call(IP_RANGES, val)) {
+      continue
+    }
+
+    // Splice in pre-defined range
+    val = IP_RANGES[val]
+    trust.splice.apply(trust, [i, 1].concat(val))
+    i += val.length - 1
+  }
+
+  return compileTrust(compileRangeSubnets(trust))
+}
+
+/**
+ * Compile `arr` elements into range subnets.
+ *
+ * @param {Array} arr
+ * @private
+ */
+
+function compileRangeSubnets (arr) {
+  var rangeSubnets = new Array(arr.length)
+
+  for (var i = 0; i < arr.length; i++) {
+    rangeSubnets[i] = parseipNotation(arr[i])
+  }
+
+  return rangeSubnets
+}
+
+/**
+ * Compile range subnet array into trust function.
+ *
+ * @param {Array} rangeSubnets
+ * @private
+ */
+
+function compileTrust (rangeSubnets) {
+  // Return optimized function based on length
+  var len = rangeSubnets.length
+  return len === 0
+    ? trustNone
+    : len === 1
+      ? trustSingle(rangeSubnets[0])
+      : trustMulti(rangeSubnets)
+}
+
+/**
+ * Parse IP notation string into range subnet.
+ *
+ * @param {String} note
+ * @private
+ */
+
+function parseipNotation (note) {
+  var pos = note.lastIndexOf('/')
+  var str = pos !== -1
+    ? note.substring(0, pos)
+    : note
+
+  if (!isip(str)) {
+    throw new TypeError('invalid IP address: ' + str)
+  }
+
+  var ip = parseip(str)
+
+  if (pos === -1 && ip.kind() === 'ipv6' && ip.isIPv4MappedAddress()) {
+    // Store as IPv4
+    ip = ip.toIPv4Address()
+  }
+
+  var max = ip.kind() === 'ipv6'
+    ? 128
+    : 32
+
+  var range = pos !== -1
+    ? note.substring(pos + 1, note.length)
+    : null
+
+  if (range === null) {
+    range = max
+  } else if (DIGIT_REGEXP.test(range)) {
+    range = parseInt(range, 10)
+  } else if (ip.kind() === 'ipv4' && isip(range)) {
+    range = parseNetmask(range)
+  } else {
+    range = null
+  }
+
+  if (range <= 0 || range > max) {
+    throw new TypeError('invalid range on address: ' + note)
+  }
+
+  return [ip, range]
+}
+
+/**
+ * Parse netmask string into CIDR range.
+ *
+ * @param {String} netmask
+ * @private
+ */
+
+function parseNetmask (netmask) {
+  var ip = parseip(netmask)
+  var kind = ip.kind()
+
+  return kind === 'ipv4'
+    ? ip.prefixLengthFromSubnetMask()
+    : null
+}
+
+/**
+ * Determine address of proxied request.
+ *
+ * @param {Object} request
+ * @param {Function|Array|String} trust
+ * @public
+ */
+
+function proxyaddr (req, trust) {
+  if (!req) {
+    throw new TypeError('req argument is required')
+  }
+
+  if (!trust) {
+    throw new TypeError('trust argument is required')
+  }
+
+  var addrs = alladdrs(req, trust)
+  var addr = addrs[addrs.length - 1]
+
+  return addr
+}
+
+/**
+ * Static trust function to trust nothing.
+ *
+ * @private
+ */
+
+function trustNone () {
+  return false
+}
+
+/**
+ * Compile trust function for multiple subnets.
+ *
+ * @param {Array} subnets
+ * @private
+ */
+
+function trustMulti (subnets) {
+  return function trust (addr) {
+    if (!isip(addr)) return false
+
+    var ip = parseip(addr)
+    var ipconv
+    var kind = ip.kind()
+
+    for (var i = 0; i < subnets.length; i++) {
+      var subnet = subnets[i]
+      var subnetip = subnet[0]
+      var subnetkind = subnetip.kind()
+      var subnetrange = subnet[1]
+      var trusted = ip
+
+      if (kind !== subnetkind) {
+        if (subnetkind === 'ipv4' && !ip.isIPv4MappedAddress()) {
+          // Incompatible IP addresses
+          continue
+        }
+
+        if (!ipconv) {
+          // Convert IP to match subnet IP kind
+          ipconv = subnetkind === 'ipv4'
+            ? ip.toIPv4Address()
+            : ip.toIPv4MappedAddress()
+        }
+
+        trusted = ipconv
+      }
+
+      if (trusted.match(subnetip, subnetrange)) {
+        return true
+      }
+    }
+
+    return false
+  }
+}
+
+/**
+ * Compile trust function for single subnet.
+ *
+ * @param {Object} subnet
+ * @private
+ */
+
+function trustSingle (subnet) {
+  var subnetip = subnet[0]
+  var subnetkind = subnetip.kind()
+  var subnetisipv4 = subnetkind === 'ipv4'
+  var subnetrange = subnet[1]
+
+  return function trust (addr) {
+    if (!isip(addr)) return false
+
+    var ip = parseip(addr)
+    var kind = ip.kind()
+
+    if (kind !== subnetkind) {
+      if (subnetisipv4 && !ip.isIPv4MappedAddress()) {
+        // Incompatible IP addresses
+        return false
+      }
+
+      // Convert IP to match subnet IP kind
+      ip = subnetisipv4
+        ? ip.toIPv4Address()
+        : ip.toIPv4MappedAddress()
+    }
+
+    return ip.match(subnetip, subnetrange)
+  }
+}
diff --git a/src/Servers/ExpressServer/node_modules/proxy-addr/package.json b/src/Servers/ExpressServer/node_modules/proxy-addr/package.json
new file mode 100644
index 0000000..24ba8f7
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/proxy-addr/package.json
@@ -0,0 +1,47 @@
+{
+  "name": "proxy-addr",
+  "description": "Determine address of proxied request",
+  "version": "2.0.7",
+  "author": "Douglas Christopher Wilson <doug@somethingdoug.com>",
+  "license": "MIT",
+  "keywords": [
+    "ip",
+    "proxy",
+    "x-forwarded-for"
+  ],
+  "repository": "jshttp/proxy-addr",
+  "dependencies": {
+    "forwarded": "0.2.0",
+    "ipaddr.js": "1.9.1"
+  },
+  "devDependencies": {
+    "benchmark": "2.1.4",
+    "beautify-benchmark": "0.2.4",
+    "deep-equal": "1.0.1",
+    "eslint": "7.26.0",
+    "eslint-config-standard": "14.1.1",
+    "eslint-plugin-import": "2.23.4",
+    "eslint-plugin-markdown": "2.2.0",
+    "eslint-plugin-node": "11.1.0",
+    "eslint-plugin-promise": "4.3.1",
+    "eslint-plugin-standard": "4.1.0",
+    "mocha": "8.4.0",
+    "nyc": "15.1.0"
+  },
+  "files": [
+    "LICENSE",
+    "HISTORY.md",
+    "README.md",
+    "index.js"
+  ],
+  "engines": {
+    "node": ">= 0.10"
+  },
+  "scripts": {
+    "bench": "node benchmark/index.js",
+    "lint": "eslint .",
+    "test": "mocha --reporter spec --bail --check-leaks test/",
+    "test-ci": "nyc --reporter=lcov --reporter=text npm test",
+    "test-cov": "nyc --reporter=html --reporter=text npm test"
+  }
+}
diff --git a/src/Servers/ExpressServer/node_modules/qs/.editorconfig b/src/Servers/ExpressServer/node_modules/qs/.editorconfig
new file mode 100644
index 0000000..dd5a8d8
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/qs/.editorconfig
@@ -0,0 +1,46 @@
+root = true
+
+[*]
+indent_style = space
+indent_size = 4
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true
+max_line_length = 180
+quote_type = single
+
+[test/*]
+max_line_length = off
+
+[LICENSE.md]
+indent_size = off
+
+[*.md]
+max_line_length = off
+
+[*.json]
+max_line_length = off
+
+[Makefile]
+max_line_length = off
+
+[CHANGELOG.md]
+indent_style = space
+indent_size = 2
+
+[LICENSE]
+indent_size = 2
+max_line_length = off
+
+[coverage/**/*]
+indent_size = off
+indent_style = off
+indent = off
+max_line_length = off
+
+[.nycrc]
+indent_style = tab
+
+[tea.yaml]
+indent_size = 2
diff --git a/src/Servers/ExpressServer/node_modules/qs/.github/FUNDING.yml b/src/Servers/ExpressServer/node_modules/qs/.github/FUNDING.yml
new file mode 100644
index 0000000..0355f4f
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/qs/.github/FUNDING.yml
@@ -0,0 +1,12 @@
+# These are supported funding model platforms
+
+github: [ljharb]
+patreon: # Replace with a single Patreon username
+open_collective: # Replace with a single Open Collective username
+ko_fi: # Replace with a single Ko-fi username
+tidelift: npm/qs
+community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
+liberapay: # Replace with a single Liberapay username
+issuehunt: # Replace with a single IssueHunt username
+otechie: # Replace with a single Otechie username
+custom: # Replace with a single custom sponsorship URL
diff --git a/src/Servers/ExpressServer/node_modules/qs/.github/SECURITY.md b/src/Servers/ExpressServer/node_modules/qs/.github/SECURITY.md
new file mode 100644
index 0000000..b499cb6
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/qs/.github/SECURITY.md
@@ -0,0 +1,11 @@
+# Security
+
+Please file a private vulnerability report via GitHub, email [@ljharb](https://github.com/ljharb), or see https://tidelift.com/security if you have a potential security vulnerability to report.
+
+## Incident Response Plan
+
+Please see our [Incident Response Plan](https://github.com/ljharb/.github/blob/main/INCIDENT_RESPONSE_PLAN.md).
+
+## Threat Model
+
+Please see [THREAT_MODEL.md](./THREAT_MODEL.md).
diff --git a/src/Servers/ExpressServer/node_modules/qs/.github/THREAT_MODEL.md b/src/Servers/ExpressServer/node_modules/qs/.github/THREAT_MODEL.md
new file mode 100644
index 0000000..7e6fef1
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/qs/.github/THREAT_MODEL.md
@@ -0,0 +1,78 @@
+## Threat Model for qs (querystring parsing library)
+
+### 1. Library Overview
+
+- **Library Name:** qs
+- **Brief Description:** A JavaScript library for parsing and stringifying URL query strings, supporting nested objects and arrays. It is widely used in Node.js and web applications for processing query parameters[2][6][8].
+- **Key Public APIs/Functions:** `qs.parse()`, `qs.stringify()`
+
+### 2. Define Scope
+
+This threat model focuses on the core parsing and stringifying functionality, specifically the handling of nested objects and arrays, option validation, and cycle management in stringification.
+
+### 3. Conceptual System Diagram
+
+```
+Caller Application → qs.parse(input, options) → Parsing Engine → Output Object
+                           │
+                           └→ Options Handling
+
+Caller Application → qs.stringify(obj, options) → Stringifying Engine → Output String
+                           │
+                           └→ Options Handling
+                           └→ Cycle Tracking
+```
+
+**Trust Boundaries:**
+- **Input string (parse):** May come from untrusted sources (e.g., user input, network requests)
+- **Input object (stringify):** May contain cycles, which can lead to infinite loops during stringification
+- **Options:** Provided by the caller
+- **Cycle Tracking:** Used only during stringification to detect and handle circular references
+
+### 4. Identify Assets
+
+- **Integrity of parsed output:** Prevent malicious manipulation of the output object structure, especially ensuring builtins/globals are not modified as a result of parse[3][4][8].
+- **Confidentiality of processed data:** Avoid leaking sensitive information through errors or output.
+- **Availability/performance for host application:** Prevent crashes or resource exhaustion in the consuming application.
+- **Security of host application:** Prevent the library from being a vector for attacks (e.g., prototype pollution, DoS).
+- **Reputation of library:** Maintain trust by avoiding supply chain attacks and vulnerabilities[1].
+
+### 5. Identify Threats
+
+| Component / API / Interaction         | S  | T  | R  | I  | D  | E  |
+|---------------------------------------|----|----|----|----|----|----|
+| Public API Call (`parse`)             | –  | ✓  | –  | ✓  | ✓  | ✓  |
+| Public API Call (`stringify`)         | –  | ✓  | –  | ✓  | ✓  | –  |
+| Options Handling                      | ✓  | ✓  | –  | ✓  | –  | ✓  |
+| Dependency Interaction                | –  | –  | –  | –  | ✓  | –  |
+
+**Key Threats:**
+- **Tampering:** Malicious input can, if not prevented, alter parsed output (e.g., prototype pollution via `__proto__`, modification of builtins/globals)[3][4][8].
+- **Information Disclosure:** Error messages may expose internal details or sensitive data.
+- **Denial of Service:** Large or malformed input can exhaust memory or CPU.
+- **Elevation of Privilege:** Prototype pollution can lead to unintended privilege escalation in the host application[3][4][8].
+
+### 6. Mitigation/Countermeasures
+
+| Threat Identified                                 | Proposed Mitigation |
+|---------------------------------------------------|---------------------|
+| Tampering (malicious input, prototype pollution)  | Strict input validation; keep `allowPrototypes: false` by default; use `plainObjects` for output; ensure builtins/globals are never modified by parse[4][8]. |
+| Information Disclosure (error messages)           | Generic error messages without stack traces or internal paths. |
+| Denial of Service (memory/CPU exhaustion)         | Enforce `arrayLimit` and `parameterLimit` with safe defaults; enable `throwOnLimitExceeded`; limit nesting depth[7]. |
+| Elevation of Privilege (prototype pollution)      | Keep `allowPrototypes: false`; validate options against allowlist; use `plainObjects` to avoid prototype pollution[4][8]. |
+
+### 7. Risk Ranking
+
+- **High:** Denial of Service via array parsing or malformed input (historical vulnerability)
+- **Medium:** Prototype pollution via options or input (if `allowPrototypes` enabled)
+- **Low:** Information disclosure in errors
+
+### 8. Next Steps & Review
+
+1. **Audit option validation logic.**
+2. **Add depth limiting to nested parsing and stringification.**
+3. **Implement fuzz testing for parser and stringifier edge cases.**
+4. **Regularly review dependencies for vulnerabilities.**
+5. **Keep documentation and threat model up to date.**
+6. **Ensure builtins/globals are never modified as a result of parse.**
+7. **Support round-trip consistency between parse and stringify as a non-security goal, with the right options[5][9].**
diff --git a/src/Servers/ExpressServer/node_modules/qs/.nycrc b/src/Servers/ExpressServer/node_modules/qs/.nycrc
new file mode 100644
index 0000000..1d57cab
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/qs/.nycrc
@@ -0,0 +1,13 @@
+{
+	"all": true,
+	"check-coverage": false,
+	"reporter": ["text-summary", "text", "html", "json"],
+	"lines": 86,
+	"statements": 85.93,
+	"functions": 82.43,
+	"branches": 76.06,
+	"exclude": [
+		"coverage",
+		"dist"
+	]
+}
diff --git a/src/Servers/ExpressServer/node_modules/qs/CHANGELOG.md b/src/Servers/ExpressServer/node_modules/qs/CHANGELOG.md
new file mode 100644
index 0000000..0d304ea
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/qs/CHANGELOG.md
@@ -0,0 +1,644 @@
+## **6.14.2**
+- [Fix] `parse`: mark overflow objects for indexed notation exceeding `arrayLimit` (#546)
+- [Fix] `arrayLimit` means max count, not max index, in `combine`/`merge`/`parseArrayValue`
+- [Fix] `parse`: throw on `arrayLimit` exceeded with indexed notation when `throwOnLimitExceeded` is true (#529)
+- [Fix] `parse`: enforce `arrayLimit` on `comma`-parsed values
+- [Fix] `parse`: fix error message to reflect arrayLimit as max index; remove extraneous comments (#545)
+- [Robustness] avoid `.push`, use `void`
+- [readme] document that `addQueryPrefix` does not add `?` to empty output (#418)
+- [readme] clarify `parseArrays` and `arrayLimit` documentation (#543)
+- [readme] replace runkit CI badge with shields.io check-runs badge
+- [meta] fix changelog typo (`arrayLength` → `arrayLimit`)
+- [actions] fix rebase workflow permissions
+
+## **6.14.1**
+- [Fix] ensure `arrayLimit` applies to `[]` notation as well
+- [Fix] `parse`: when a custom decoder returns `null` for a key, ignore that key
+- [Refactor] `parse`: extract key segment splitting helper
+- [meta] add threat model
+- [actions] add workflow permissions
+- [Tests] `stringify`: increase coverage
+- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `npmignore`, `es-value-fixtures`, `for-each`, `object-inspect`
+
+## **6.14.0**
+- [New] `parse`: add `throwOnParameterLimitExceeded` option (#517)
+- [Refactor] `parse`: use `utils.combine` more
+- [patch] `parse`: add explicit `throwOnLimitExceeded` default
+- [actions] use shared action; re-add finishers
+- [meta] Fix changelog formatting bug
+- [Deps] update `side-channel`
+- [Dev Deps] update `es-value-fixtures`, `has-bigints`, `has-proto`, `has-symbols`
+- [Tests] increase coverage
+
+## **6.13.1**
+- [Fix] `stringify`: avoid a crash when a `filter` key is `null`
+- [Fix] `utils.merge`: functions should not be stringified into keys
+- [Fix] `parse`: avoid a crash with interpretNumericEntities: true, comma: true, and iso charset
+- [Fix] `stringify`: ensure a non-string `filter` does not crash
+- [Refactor] use `__proto__` syntax instead of `Object.create` for null objects
+- [Refactor] misc cleanup
+- [Tests] `utils.merge`: add some coverage
+- [Tests] fix a test case
+- [actions] split out node 10-20, and 20+
+- [Dev Deps] update `es-value-fixtures`, `mock-property`, `object-inspect`, `tape`
+
+## **6.13.0**
+- [New] `parse`: add `strictDepth` option (#511)
+- [Tests] use `npm audit` instead of `aud`
+
+## **6.12.3**
+- [Fix] `parse`: properly account for `strictNullHandling` when `allowEmptyArrays`
+- [meta] fix changelog indentation
+
+## **6.12.2**
+- [Fix] `parse`: parse encoded square brackets (#506)
+- [readme] add CII best practices badge
+
+## **6.12.1**
+- [Fix] `parse`: Disable `decodeDotInKeys` by default to restore previous behavior (#501)
+- [Performance] `utils`: Optimize performance under large data volumes, reduce memory usage, and speed up processing (#502)
+- [Refactor] `utils`: use `+=`
+- [Tests] increase coverage
+
+## **6.12.0**
+
+- [New] `parse`/`stringify`: add `decodeDotInKeys`/`encodeDotKeys` options (#488)
+- [New] `parse`: add `duplicates` option
+- [New] `parse`/`stringify`: add `allowEmptyArrays` option to allow [] in object values (#487)
+- [Refactor] `parse`/`stringify`: move allowDots config logic to its own variable
+- [Refactor] `stringify`: move option-handling code into `normalizeStringifyOptions`
+- [readme] update readme, add logos (#484)
+- [readme] `stringify`: clarify default `arrayFormat` behavior
+- [readme] fix line wrapping
+- [readme] remove dead badges
+- [Deps] update `side-channel`
+- [meta] make the dist build 50% smaller
+- [meta] add `sideEffects` flag
+- [meta] run build in prepack, not prepublish
+- [Tests] `parse`: remove useless tests; add coverage
+- [Tests] `stringify`: increase coverage
+- [Tests] use `mock-property`
+- [Tests] `stringify`: improve coverage
+- [Dev Deps] update `@ljharb/eslint-config `, `aud`, `has-override-mistake`, `has-property-descriptors`, `mock-property`, `npmignore`, `object-inspect`, `tape`
+- [Dev Deps] pin `glob`, since v10.3.8+ requires a broken `jackspeak`
+- [Dev Deps] pin `jackspeak` since 2.1.2+ depends on npm aliases, which kill the install process in npm < 6
+
+## **6.11.2**
+- [Fix] `parse`: Fix parsing when the global Object prototype is frozen (#473)
+- [Tests] add passing test cases with empty keys (#473)
+
+## **6.11.1**
+- [Fix] `stringify`: encode comma values more consistently (#463)
+- [readme] add usage of `filter` option for injecting custom serialization, i.e. of custom types (#447)
+- [meta] remove extraneous code backticks (#457)
+- [meta] fix changelog markdown
+- [actions] update checkout action
+- [actions] restrict action permissions
+- [Dev Deps] update `@ljharb/eslint-config`, `aud`, `object-inspect`, `tape`
+
+## **6.11.0**
+- [New] [Fix] `stringify`: revert 0e903c0; add `commaRoundTrip` option (#442)
+- [readme] fix version badge
+
+## **6.10.5**
+- [Fix] `stringify`: with `arrayFormat: comma`, properly include an explicit `[]` on a single-item array (#434)
+
+## **6.10.4**
+- [Fix] `stringify`: with `arrayFormat: comma`, include an explicit `[]` on a single-item array (#441)
+- [meta] use `npmignore` to autogenerate an npmignore file
+- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `aud`, `has-symbol`, `object-inspect`, `tape`
+
+## **6.10.3**
+- [Fix] `parse`: ignore `__proto__` keys (#428)
+- [Robustness] `stringify`: avoid relying on a global `undefined` (#427)
+- [actions] reuse common workflows
+- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `object-inspect`, `tape`
+
+## **6.10.2**
+- [Fix] `stringify`: actually fix cyclic references (#426)
+- [Fix] `stringify`: avoid encoding arrayformat comma when `encodeValuesOnly = true` (#424)
+- [readme] remove travis badge; add github actions/codecov badges; update URLs
+- [Docs] add note and links for coercing primitive values (#408)
+- [actions] update codecov uploader
+- [actions] update workflows
+- [Tests] clean up stringify tests slightly
+- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `aud`, `object-inspect`, `safe-publish-latest`, `tape`
+
+## **6.10.1**
+- [Fix] `stringify`: avoid exception on repeated object values (#402)
+
+## **6.10.0**
+- [New] `stringify`: throw on cycles, instead of an infinite loop (#395, #394, #393)
+- [New] `parse`: add `allowSparse` option for collapsing arrays with missing indices (#312)
+- [meta] fix README.md (#399)
+- [meta] only run `npm run dist` in publish, not install
+- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `aud`, `has-symbols`, `tape`
+- [Tests] fix tests on node v0.6
+- [Tests] use `ljharb/actions/node/install` instead of `ljharb/actions/node/run`
+- [Tests] Revert "[meta] ignore eclint transitive audit warning"
+
+## **6.9.7**
+- [Fix] `parse`: ignore `__proto__` keys (#428)
+- [Fix] `stringify`: avoid encoding arrayformat comma when `encodeValuesOnly = true` (#424)
+- [Robustness] `stringify`: avoid relying on a global `undefined` (#427)
+- [readme] remove travis badge; add github actions/codecov badges; update URLs
+- [Docs] add note and links for coercing primitive values (#408)
+- [Tests] clean up stringify tests slightly
+- [meta] fix README.md (#399)
+- Revert "[meta] ignore eclint transitive audit warning"
+- [actions] backport actions from main
+- [Dev Deps] backport updates from main
+
+## **6.9.6**
+- [Fix] restore `dist` dir; mistakenly removed in d4f6c32
+
+## **6.9.5**
+- [Fix] `stringify`: do not encode parens for RFC1738
+- [Fix] `stringify`: fix arrayFormat comma with empty array/objects (#350)
+- [Refactor] `format`: remove `util.assign` call
+- [meta] add "Allow Edits" workflow; update rebase workflow
+- [actions] switch Automatic Rebase workflow to `pull_request_target` event
+- [Tests] `stringify`: add tests for #378
+- [Tests] migrate tests to Github Actions
+- [Tests] run `nyc` on all tests; use `tape` runner
+- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `browserify`, `mkdirp`, `object-inspect`, `tape`; add `aud`
+
+## **6.9.4**
+- [Fix] `stringify`: when `arrayFormat` is `comma`, respect `serializeDate` (#364)
+- [Refactor] `stringify`: reduce branching (part of #350)
+- [Refactor] move `maybeMap` to `utils`
+- [Dev Deps] update `browserify`, `tape`
+
+## **6.9.3**
+- [Fix] proper comma parsing of URL-encoded commas (#361)
+- [Fix] parses comma delimited array while having percent-encoded comma treated as normal text (#336)
+
+## **6.9.2**
+- [Fix] `parse`: Fix parsing array from object with `comma` true (#359)
+- [Fix] `parse`: throw a TypeError instead of an Error for bad charset (#349)
+- [meta] ignore eclint transitive audit warning
+- [meta] fix indentation in package.json
+- [meta] add tidelift marketing copy
+- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `object-inspect`, `has-symbols`, `tape`, `mkdirp`, `iconv-lite`
+- [actions] add automatic rebasing / merge commit blocking
+
+## **6.9.1**
+- [Fix] `parse`: with comma true, handle field that holds an array of arrays (#335)
+- [Fix] `parse`: with comma true, do not split non-string values (#334)
+- [meta] add `funding` field
+- [Dev Deps] update `eslint`, `@ljharb/eslint-config`
+- [Tests] use shared travis-ci config
+
+## **6.9.0**
+- [New] `parse`/`stringify`: Pass extra key/value argument to `decoder` (#333)
+- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `evalmd`
+- [Tests] `parse`: add passing `arrayFormat` tests
+- [Tests] add `posttest` using `npx aud` to run `npm audit` without a lockfile
+- [Tests] up to `node` `v12.10`, `v11.15`, `v10.16`, `v8.16`
+- [Tests] `Buffer.from` in node v5.0-v5.9 and v4.0-v4.4 requires a TypedArray
+
+## **6.8.3**
+- [Fix] `parse`: ignore `__proto__` keys (#428)
+- [Robustness] `stringify`: avoid relying on a global `undefined` (#427)
+- [Fix] `stringify`: avoid encoding arrayformat comma when `encodeValuesOnly = true` (#424)
+- [readme] remove travis badge; add github actions/codecov badges; update URLs
+- [Tests] clean up stringify tests slightly
+- [Docs] add note and links for coercing primitive values (#408)
+- [meta] fix README.md (#399)
+- [actions] backport actions from main
+- [Dev Deps] backport updates from main
+- [Refactor] `stringify`: reduce branching
+- [meta] do not publish workflow files
+
+## **6.8.2**
+- [Fix] proper comma parsing of URL-encoded commas (#361)
+- [Fix] parses comma delimited array while having percent-encoded comma treated as normal text (#336)
+
+## **6.8.1**
+- [Fix] `parse`: Fix parsing array from object with `comma` true (#359)
+- [Fix] `parse`: throw a TypeError instead of an Error for bad charset (#349)
+- [Fix] `parse`: with comma true, handle field that holds an array of arrays (#335)
+- [fix] `parse`: with comma true, do not split non-string values (#334)
+- [meta] add tidelift marketing copy
+- [meta] add `funding` field
+- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `tape`, `safe-publish-latest`, `evalmd`, `has-symbols`, `iconv-lite`, `mkdirp`, `object-inspect`
+- [Tests] `parse`: add passing `arrayFormat` tests
+- [Tests] use shared travis-ci configs
+- [Tests] `Buffer.from` in node v5.0-v5.9 and v4.0-v4.4 requires a TypedArray
+- [actions] add automatic rebasing / merge commit blocking
+
+## **6.8.0**
+- [New] add `depth=false` to preserve the original key; [Fix] `depth=0` should preserve the original key (#326)
+- [New] [Fix] stringify symbols and bigints
+- [Fix] ensure node 0.12 can stringify Symbols
+- [Fix] fix for an impossible situation: when the formatter is called with a non-string value
+- [Refactor] `formats`: tiny bit of cleanup.
+- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `browserify`, `safe-publish-latest`, `iconv-lite`, `tape`
+- [Tests] add tests for `depth=0` and `depth=false` behavior, both current and intuitive/intended (#326)
+- [Tests] use `eclint` instead of `editorconfig-tools`
+- [docs] readme: add security note
+- [meta] add github sponsorship
+- [meta] add FUNDING.yml
+- [meta] Clean up license text so it’s properly detected as BSD-3-Clause
+
+## **6.7.3**
+- [Fix] `parse`: ignore `__proto__` keys (#428)
+- [Fix] `stringify`: avoid encoding arrayformat comma when `encodeValuesOnly = true` (#424)
+- [Robustness] `stringify`: avoid relying on a global `undefined` (#427)
+- [readme] remove travis badge; add github actions/codecov badges; update URLs
+- [Docs] add note and links for coercing primitive values (#408)
+- [meta] fix README.md (#399)
+- [meta] do not publish workflow files
+- [actions] backport actions from main
+- [Dev Deps] backport updates from main
+- [Tests] use `nyc` for coverage
+- [Tests] clean up stringify tests slightly
+
+## **6.7.2**
+- [Fix] proper comma parsing of URL-encoded commas (#361)
+- [Fix] parses comma delimited array while having percent-encoded comma treated as normal text (#336)
+
+## **6.7.1**
+- [Fix] `parse`: Fix parsing array from object with `comma` true (#359)
+- [Fix] `parse`: with comma true, handle field that holds an array of arrays (#335)
+- [fix] `parse`: with comma true, do not split non-string values (#334)
+- [Fix] `parse`: throw a TypeError instead of an Error for bad charset (#349)
+- [Fix] fix for an impossible situation: when the formatter is called with a non-string value
+- [Refactor] `formats`: tiny bit of cleanup.
+- readme: add security note
+- [meta] add tidelift marketing copy
+- [meta] add `funding` field
+- [meta] add FUNDING.yml
+- [meta] Clean up license text so it’s properly detected as BSD-3-Clause
+- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `tape`, `safe-publish-latest`, `evalmd`, `iconv-lite`, `mkdirp`, `object-inspect`, `browserify`
+- [Tests] `parse`: add passing `arrayFormat` tests
+- [Tests] use shared travis-ci configs
+- [Tests] `Buffer.from` in node v5.0-v5.9 and v4.0-v4.4 requires a TypedArray
+- [Tests] add tests for `depth=0` and `depth=false` behavior, both current and intuitive/intended
+- [Tests] use `eclint` instead of `editorconfig-tools`
+- [actions] add automatic rebasing / merge commit blocking
+
+## **6.7.0**
+- [New] `stringify`/`parse`: add `comma` as an `arrayFormat` option (#276, #219)
+- [Fix] correctly parse nested arrays (#212)
+- [Fix] `utils.merge`: avoid a crash with a null target and a truthy non-array source, also with an array source
+- [Robustness] `stringify`: cache `Object.prototype.hasOwnProperty`
+- [Refactor] `utils`: `isBuffer`: small tweak; add tests
+- [Refactor] use cached `Array.isArray`
+- [Refactor] `parse`/`stringify`: make a function to normalize the options
+- [Refactor] `utils`: reduce observable [[Get]]s
+- [Refactor] `stringify`/`utils`: cache `Array.isArray`
+- [Tests] always use `String(x)` over `x.toString()`
+- [Tests] fix Buffer tests to work in node < 4.5 and node < 5.10
+- [Tests] temporarily allow coverage to fail
+
+## **6.6.1**
+- [Fix] `parse`: ignore `__proto__` keys (#428)
+- [Fix] fix for an impossible situation: when the formatter is called with a non-string value
+- [Fix] `utils.merge`: avoid a crash with a null target and an array source
+- [Fix] `utils.merge`: avoid a crash with a null target and a truthy non-array source
+- [Fix] correctly parse nested arrays
+- [Robustness] `stringify`: avoid relying on a global `undefined` (#427)
+- [Robustness] `stringify`: cache `Object.prototype.hasOwnProperty`
+- [Refactor] `formats`: tiny bit of cleanup.
+- [Refactor] `utils`: `isBuffer`: small tweak; add tests
+- [Refactor]: `stringify`/`utils`: cache `Array.isArray`
+- [Refactor] `utils`: reduce observable [[Get]]s
+- [Refactor] use cached `Array.isArray`
+- [Refactor] `parse`/`stringify`: make a function to normalize the options
+- [readme] remove travis badge; add github actions/codecov badges; update URLs
+- [Docs] Clarify the need for "arrayLimit" option
+- [meta] fix README.md (#399)
+- [meta] do not publish workflow files
+- [meta] Clean up license text so it’s properly detected as BSD-3-Clause
+- [meta] add FUNDING.yml
+- [meta] Fixes typo in CHANGELOG.md
+- [actions] backport actions from main
+- [Tests] fix Buffer tests to work in node < 4.5 and node < 5.10
+- [Tests] always use `String(x)` over `x.toString()`
+- [Dev Deps] backport from main
+
+## **6.6.0**
+- [New] Add support for iso-8859-1, utf8 "sentinel" and numeric entities (#268)
+- [New] move two-value combine to a `utils` function (#189)
+- [Fix] `stringify`: fix a crash with `strictNullHandling` and a custom `filter`/`serializeDate` (#279)
+- [Fix] when `parseArrays` is false, properly handle keys ending in `[]` (#260)
+- [Fix] `stringify`: do not crash in an obscure combo of `interpretNumericEntities`, a bad custom `decoder`, & `iso-8859-1`
+- [Fix] `utils`: `merge`: fix crash when `source` is a truthy primitive & no options are provided
+- [refactor] `stringify`: Avoid arr = arr.concat(...), push to the existing instance (#269)
+- [Refactor] `parse`: only need to reassign the var once
+- [Refactor] `parse`/`stringify`: clean up `charset` options checking; fix defaults
+- [Refactor] add missing defaults
+- [Refactor] `parse`: one less `concat` call
+- [Refactor] `utils`: `compactQueue`: make it explicitly side-effecting
+- [Dev Deps] update `browserify`, `eslint`, `@ljharb/eslint-config`, `iconv-lite`, `safe-publish-latest`, `tape`
+- [Tests] up to `node` `v10.10`, `v9.11`, `v8.12`, `v6.14`, `v4.9`; pin included builds to LTS
+
+## **6.5.3**
+- [Fix] `parse`: ignore `__proto__` keys (#428)
+- [Fix] `utils.merge`: avoid a crash with a null target and a truthy non-array source
+- [Fix] correctly parse nested arrays
+- [Fix] `stringify`: fix a crash with `strictNullHandling` and a custom `filter`/`serializeDate` (#279)
+- [Fix] `utils`: `merge`: fix crash when `source` is a truthy primitive & no options are provided
+- [Fix] when `parseArrays` is false, properly handle keys ending in `[]`
+- [Fix] fix for an impossible situation: when the formatter is called with a non-string value
+- [Fix] `utils.merge`: avoid a crash with a null target and an array source
+- [Refactor] `utils`: reduce observable [[Get]]s
+- [Refactor] use cached `Array.isArray`
+- [Refactor] `stringify`: Avoid arr = arr.concat(...), push to the existing instance (#269)
+- [Refactor] `parse`: only need to reassign the var once
+- [Robustness] `stringify`: avoid relying on a global `undefined` (#427)
+- [readme] remove travis badge; add github actions/codecov badges; update URLs
+- [Docs] Clean up license text so it’s properly detected as BSD-3-Clause
+- [Docs] Clarify the need for "arrayLimit" option
+- [meta] fix README.md (#399)
+- [meta] add FUNDING.yml
+- [actions] backport actions from main
+- [Tests] always use `String(x)` over `x.toString()`
+- [Tests] remove nonexistent tape option
+- [Dev Deps] backport from main
+
+## **6.5.2**
+- [Fix] use `safer-buffer` instead of `Buffer` constructor
+- [Refactor] utils: `module.exports` one thing, instead of mutating `exports` (#230)
+- [Dev Deps] update `browserify`, `eslint`, `iconv-lite`, `safer-buffer`, `tape`, `browserify`
+
+## **6.5.1**
+- [Fix] Fix parsing & compacting very deep objects (#224)
+- [Refactor] name utils functions
+- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `tape`
+- [Tests] up to `node` `v8.4`; use `nvm install-latest-npm` so newer npm doesn’t break older node
+- [Tests] Use precise dist for Node.js 0.6 runtime (#225)
+- [Tests] make 0.6 required, now that it’s passing
+- [Tests] on `node` `v8.2`; fix npm on node 0.6
+
+## **6.5.0**
+- [New] add `utils.assign`
+- [New] pass default encoder/decoder to custom encoder/decoder functions (#206)
+- [New] `parse`/`stringify`: add `ignoreQueryPrefix`/`addQueryPrefix` options, respectively (#213)
+- [Fix] Handle stringifying empty objects with addQueryPrefix (#217)
+- [Fix] do not mutate `options` argument (#207)
+- [Refactor] `parse`: cache index to reuse in else statement (#182)
+- [Docs] add various badges to readme (#208)
+- [Dev Deps] update `eslint`, `browserify`, `iconv-lite`, `tape`
+- [Tests] up to `node` `v8.1`, `v7.10`, `v6.11`; npm v4.6 breaks on node < v1; npm v5+ breaks on node < v4
+- [Tests] add `editorconfig-tools`
+
+## **6.4.1**
+- [Fix] `parse`: ignore `__proto__` keys (#428)
+- [Fix] fix for an impossible situation: when the formatter is called with a non-string value
+- [Fix] use `safer-buffer` instead of `Buffer` constructor
+- [Fix] `utils.merge`: avoid a crash with a null target and an array source
+- [Fix] `utils.merge`: avoid a crash with a null target and a truthy non-array source
+- [Fix] `stringify`: fix a crash with `strictNullHandling` and a custom `filter`/`serializeDate` (#279)
+- [Fix] `utils`: `merge`: fix crash when `source` is a truthy primitive & no options are provided
+- [Fix] when `parseArrays` is false, properly handle keys ending in `[]`
+- [Robustness] `stringify`: avoid relying on a global `undefined` (#427)
+- [Refactor] use cached `Array.isArray`
+- [Refactor] `stringify`: Avoid arr = arr.concat(...), push to the existing instance (#269)
+- [readme] remove travis badge; add github actions/codecov badges; update URLs
+- [Docs] Clarify the need for "arrayLimit" option
+- [meta] fix README.md (#399)
+- [meta] Clean up license text so it’s properly detected as BSD-3-Clause
+- [meta] add FUNDING.yml
+- [actions] backport actions from main
+- [Tests] remove nonexistent tape option
+- [Dev Deps] backport from main
+
+## **6.4.0**
+- [New] `qs.stringify`: add `encodeValuesOnly` option
+- [Fix] follow `allowPrototypes` option during merge (#201, #201)
+- [Fix] support keys starting with brackets (#202, #200)
+- [Fix] chmod a-x
+- [Dev Deps] update `eslint`
+- [Tests] up to `node` `v7.7`, `v6.10`,` v4.8`; disable osx builds since they block linux builds
+- [eslint] reduce warnings
+
+## **6.3.3**
+- [Fix] `parse`: ignore `__proto__` keys (#428)
+- [Fix] fix for an impossible situation: when the formatter is called with a non-string value
+- [Fix] `utils.merge`: avoid a crash with a null target and an array source
+- [Fix] `utils.merge`: avoid a crash with a null target and a truthy non-array source
+- [Fix] `stringify`: fix a crash with `strictNullHandling` and a custom `filter`/`serializeDate` (#279)
+- [Fix] `utils`: `merge`: fix crash when `source` is a truthy primitive & no options are provided
+- [Fix] when `parseArrays` is false, properly handle keys ending in `[]`
+- [Robustness] `stringify`: avoid relying on a global `undefined` (#427)
+- [Refactor] use cached `Array.isArray`
+- [Refactor] `stringify`: Avoid arr = arr.concat(...), push to the existing instance (#269)
+- [Docs] Clarify the need for "arrayLimit" option
+- [meta] fix README.md (#399)
+- [meta] Clean up license text so it’s properly detected as BSD-3-Clause
+- [meta] add FUNDING.yml
+- [actions] backport actions from main
+- [Tests] use `safer-buffer` instead of `Buffer` constructor
+- [Tests] remove nonexistent tape option
+- [Dev Deps] backport from main
+
+## **6.3.2**
+- [Fix] follow `allowPrototypes` option during merge (#201, #200)
+- [Dev Deps] update `eslint`
+- [Fix] chmod a-x
+- [Fix] support keys starting with brackets (#202, #200)
+- [Tests] up to `node` `v7.7`, `v6.10`,` v4.8`; disable osx builds since they block linux builds
+
+## **6.3.1**
+- [Fix] ensure that `allowPrototypes: false` does not ever shadow Object.prototype properties (thanks, @snyk!)
+- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `browserify`, `iconv-lite`, `qs-iconv`, `tape`
+- [Tests] on all node minors; improve test matrix
+- [Docs] document stringify option `allowDots` (#195)
+- [Docs] add empty object and array values example (#195)
+- [Docs] Fix minor inconsistency/typo (#192)
+- [Docs] document stringify option `sort` (#191)
+- [Refactor] `stringify`: throw faster with an invalid encoder
+- [Refactor] remove unnecessary escapes (#184)
+- Remove contributing.md, since `qs` is no longer part of `hapi` (#183)
+
+## **6.3.0**
+- [New] Add support for RFC 1738 (#174, #173)
+- [New] `stringify`: Add `serializeDate` option to customize Date serialization (#159)
+- [Fix] ensure `utils.merge` handles merging two arrays
+- [Refactor] only constructors should be capitalized
+- [Refactor] capitalized var names are for constructors only
+- [Refactor] avoid using a sparse array
+- [Robustness] `formats`: cache `String#replace`
+- [Dev Deps] update `browserify`, `eslint`, `@ljharb/eslint-config`; add `safe-publish-latest`
+- [Tests] up to `node` `v6.8`, `v4.6`; improve test matrix
+- [Tests] flesh out arrayLimit/arrayFormat tests (#107)
+- [Tests] skip Object.create tests when null objects are not available
+- [Tests] Turn on eslint for test files (#175)
+
+## **6.2.4**
+- [Fix] `parse`: ignore `__proto__` keys (#428)
+- [Fix] `utils.merge`: avoid a crash with a null target and an array source
+- [Fix] `utils.merge`: avoid a crash with a null target and a truthy non-array source
+- [Fix] `utils`: `merge`: fix crash when `source` is a truthy primitive & no options are provided
+- [Fix] when `parseArrays` is false, properly handle keys ending in `[]`
+- [Robustness] `stringify`: avoid relying on a global `undefined` (#427)
+- [Refactor] use cached `Array.isArray`
+- [Docs] Clarify the need for "arrayLimit" option
+- [meta] fix README.md (#399)
+- [meta] Clean up license text so it’s properly detected as BSD-3-Clause
+- [meta] add FUNDING.yml
+- [actions] backport actions from main
+- [Tests] use `safer-buffer` instead of `Buffer` constructor
+- [Tests] remove nonexistent tape option
+- [Dev Deps] backport from main
+
+## **6.2.3**
+- [Fix] follow `allowPrototypes` option during merge (#201, #200)
+- [Fix] chmod a-x
+- [Fix] support keys starting with brackets (#202, #200)
+- [Tests] up to `node` `v7.7`, `v6.10`,` v4.8`; disable osx builds since they block linux builds
+
+## **6.2.2**
+- [Fix] ensure that `allowPrototypes: false` does not ever shadow Object.prototype properties
+
+## **6.2.1**
+- [Fix] ensure `key[]=x&key[]&key[]=y` results in 3, not 2, values
+- [Refactor] Be explicit and use `Object.prototype.hasOwnProperty.call`
+- [Tests] remove `parallelshell` since it does not reliably report failures
+- [Tests] up to `node` `v6.3`, `v5.12`
+- [Dev Deps] update `tape`, `eslint`, `@ljharb/eslint-config`, `qs-iconv`
+
+## [**6.2.0**](https://github.com/ljharb/qs/issues?milestone=36&state=closed)
+- [New] pass Buffers to the encoder/decoder directly (#161)
+- [New] add "encoder" and "decoder" options, for custom param encoding/decoding (#160)
+- [Fix] fix compacting of nested sparse arrays (#150)
+
+## **6.1.2**
+- [Fix] follow `allowPrototypes` option during merge (#201, #200)
+- [Fix] chmod a-x
+- [Fix] support keys starting with brackets (#202, #200)
+- [Tests] up to `node` `v7.7`, `v6.10`,` v4.8`; disable osx builds since they block linux builds
+
+## **6.1.1**
+- [Fix] ensure that `allowPrototypes: false` does not ever shadow Object.prototype properties
+
+## [**6.1.0**](https://github.com/ljharb/qs/issues?milestone=35&state=closed)
+- [New] allowDots option for `stringify` (#151)
+- [Fix] "sort" option should work at a depth of 3 or more (#151)
+- [Fix] Restore `dist` directory; will be removed in v7 (#148)
+
+## **6.0.4**
+- [Fix] follow `allowPrototypes` option during merge (#201, #200)
+- [Fix] chmod a-x
+- [Fix] support keys starting with brackets (#202, #200)
+- [Tests] up to `node` `v7.7`, `v6.10`,` v4.8`; disable osx builds since they block linux builds
+
+## **6.0.3**
+- [Fix] ensure that `allowPrototypes: false` does not ever shadow Object.prototype properties
+- [Fix] Restore `dist` directory; will be removed in v7 (#148)
+
+## [**6.0.2**](https://github.com/ljharb/qs/issues?milestone=33&state=closed)
+- Revert ES6 requirement and restore support for node down to v0.8.
+
+## [**6.0.1**](https://github.com/ljharb/qs/issues?milestone=32&state=closed)
+- [**#127**](https://github.com/ljharb/qs/pull/127) Fix engines definition in package.json
+
+## [**6.0.0**](https://github.com/ljharb/qs/issues?milestone=31&state=closed)
+- [**#124**](https://github.com/ljharb/qs/issues/124) Use ES6 and drop support for node < v4
+
+## **5.2.1**
+- [Fix] ensure `key[]=x&key[]&key[]=y` results in 3, not 2, values
+
+## [**5.2.0**](https://github.com/ljharb/qs/issues?milestone=30&state=closed)
+- [**#64**](https://github.com/ljharb/qs/issues/64) Add option to sort object keys in the query string
+
+## [**5.1.0**](https://github.com/ljharb/qs/issues?milestone=29&state=closed)
+- [**#117**](https://github.com/ljharb/qs/issues/117) make URI encoding stringified results optional
+- [**#106**](https://github.com/ljharb/qs/issues/106) Add flag `skipNulls` to optionally skip null values in stringify
+
+## [**5.0.0**](https://github.com/ljharb/qs/issues?milestone=28&state=closed)
+- [**#114**](https://github.com/ljharb/qs/issues/114) default allowDots to false
+- [**#100**](https://github.com/ljharb/qs/issues/100) include dist to npm
+
+## [**4.0.0**](https://github.com/ljharb/qs/issues?milestone=26&state=closed)
+- [**#98**](https://github.com/ljharb/qs/issues/98) make returning plain objects and allowing prototype overwriting properties optional
+
+## [**3.1.0**](https://github.com/ljharb/qs/issues?milestone=24&state=closed)
+- [**#89**](https://github.com/ljharb/qs/issues/89) Add option to disable "Transform dot notation to bracket notation"
+
+## [**3.0.0**](https://github.com/ljharb/qs/issues?milestone=23&state=closed)
+- [**#80**](https://github.com/ljharb/qs/issues/80) qs.parse silently drops properties
+- [**#77**](https://github.com/ljharb/qs/issues/77) Perf boost
+- [**#60**](https://github.com/ljharb/qs/issues/60) Add explicit option to disable array parsing
+- [**#74**](https://github.com/ljharb/qs/issues/74) Bad parse when turning array into object
+- [**#81**](https://github.com/ljharb/qs/issues/81) Add a `filter` option
+- [**#68**](https://github.com/ljharb/qs/issues/68) Fixed issue with recursion and passing strings into objects.
+- [**#66**](https://github.com/ljharb/qs/issues/66) Add mixed array and object dot notation support Closes: #47
+- [**#76**](https://github.com/ljharb/qs/issues/76) RFC 3986
+- [**#85**](https://github.com/ljharb/qs/issues/85) No equal sign
+- [**#84**](https://github.com/ljharb/qs/issues/84) update license attribute
+
+## [**2.4.1**](https://github.com/ljharb/qs/issues?milestone=20&state=closed)
+- [**#73**](https://github.com/ljharb/qs/issues/73) Property 'hasOwnProperty' of object #<Object> is not a function
+
+## [**2.4.0**](https://github.com/ljharb/qs/issues?milestone=19&state=closed)
+- [**#70**](https://github.com/ljharb/qs/issues/70) Add arrayFormat option
+
+## [**2.3.3**](https://github.com/ljharb/qs/issues?milestone=18&state=closed)
+- [**#59**](https://github.com/ljharb/qs/issues/59) make sure array indexes are >= 0, closes #57
+- [**#58**](https://github.com/ljharb/qs/issues/58) make qs usable for browser loader
+
+## [**2.3.2**](https://github.com/ljharb/qs/issues?milestone=17&state=closed)
+- [**#55**](https://github.com/ljharb/qs/issues/55) allow merging a string into an object
+
+## [**2.3.1**](https://github.com/ljharb/qs/issues?milestone=16&state=closed)
+- [**#52**](https://github.com/ljharb/qs/issues/52) Return "undefined" and "false" instead of throwing "TypeError".
+
+## [**2.3.0**](https://github.com/ljharb/qs/issues?milestone=15&state=closed)
+- [**#50**](https://github.com/ljharb/qs/issues/50) add option to omit array indices, closes #46
+
+## [**2.2.5**](https://github.com/ljharb/qs/issues?milestone=14&state=closed)
+- [**#39**](https://github.com/ljharb/qs/issues/39) Is there an alternative to Buffer.isBuffer?
+- [**#49**](https://github.com/ljharb/qs/issues/49) refactor utils.merge, fixes #45
+- [**#41**](https://github.com/ljharb/qs/issues/41) avoid browserifying Buffer, for #39
+
+## [**2.2.4**](https://github.com/ljharb/qs/issues?milestone=13&state=closed)
+- [**#38**](https://github.com/ljharb/qs/issues/38) how to handle object keys beginning with a number
+
+## [**2.2.3**](https://github.com/ljharb/qs/issues?milestone=12&state=closed)
+- [**#37**](https://github.com/ljharb/qs/issues/37) parser discards first empty value in array
+- [**#36**](https://github.com/ljharb/qs/issues/36) Update to lab 4.x
+
+## [**2.2.2**](https://github.com/ljharb/qs/issues?milestone=11&state=closed)
+- [**#33**](https://github.com/ljharb/qs/issues/33) Error when plain object in a value
+- [**#34**](https://github.com/ljharb/qs/issues/34) use Object.prototype.hasOwnProperty.call instead of obj.hasOwnProperty
+- [**#24**](https://github.com/ljharb/qs/issues/24) Changelog? Semver?
+
+## [**2.2.1**](https://github.com/ljharb/qs/issues?milestone=10&state=closed)
+- [**#32**](https://github.com/ljharb/qs/issues/32) account for circular references properly, closes #31
+- [**#31**](https://github.com/ljharb/qs/issues/31) qs.parse stackoverflow on circular objects
+
+## [**2.2.0**](https://github.com/ljharb/qs/issues?milestone=9&state=closed)
+- [**#26**](https://github.com/ljharb/qs/issues/26) Don't use Buffer global if it's not present
+- [**#30**](https://github.com/ljharb/qs/issues/30) Bug when merging non-object values into arrays
+- [**#29**](https://github.com/ljharb/qs/issues/29) Don't call Utils.clone at the top of Utils.merge
+- [**#23**](https://github.com/ljharb/qs/issues/23) Ability to not limit parameters?
+
+## [**2.1.0**](https://github.com/ljharb/qs/issues?milestone=8&state=closed)
+- [**#22**](https://github.com/ljharb/qs/issues/22) Enable using a RegExp as delimiter
+
+## [**2.0.0**](https://github.com/ljharb/qs/issues?milestone=7&state=closed)
+- [**#18**](https://github.com/ljharb/qs/issues/18) Why is there arrayLimit?
+- [**#20**](https://github.com/ljharb/qs/issues/20) Configurable parametersLimit
+- [**#21**](https://github.com/ljharb/qs/issues/21) make all limits optional, for #18, for #20
+
+## [**1.2.2**](https://github.com/ljharb/qs/issues?milestone=6&state=closed)
+- [**#19**](https://github.com/ljharb/qs/issues/19) Don't overwrite null values
+
+## [**1.2.1**](https://github.com/ljharb/qs/issues?milestone=5&state=closed)
+- [**#16**](https://github.com/ljharb/qs/issues/16) ignore non-string delimiters
+- [**#15**](https://github.com/ljharb/qs/issues/15) Close code block
+
+## [**1.2.0**](https://github.com/ljharb/qs/issues?milestone=4&state=closed)
+- [**#12**](https://github.com/ljharb/qs/issues/12) Add optional delim argument
+- [**#13**](https://github.com/ljharb/qs/issues/13) fix #11: flattened keys in array are now correctly parsed
+
+## [**1.1.0**](https://github.com/ljharb/qs/issues?milestone=3&state=closed)
+- [**#7**](https://github.com/ljharb/qs/issues/7) Empty values of a POST array disappear after being submitted
+- [**#9**](https://github.com/ljharb/qs/issues/9) Should not omit equals signs (=) when value is null
+- [**#6**](https://github.com/ljharb/qs/issues/6) Minor grammar fix in README
+
+## [**1.0.2**](https://github.com/ljharb/qs/issues?milestone=2&state=closed)
+- [**#5**](https://github.com/ljharb/qs/issues/5) array holes incorrectly copied into object on large index
diff --git a/src/Servers/ExpressServer/node_modules/qs/LICENSE.md b/src/Servers/ExpressServer/node_modules/qs/LICENSE.md
new file mode 100644
index 0000000..fecf6b6
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/qs/LICENSE.md
@@ -0,0 +1,29 @@
+BSD 3-Clause License
+
+Copyright (c) 2014, Nathan LaFreniere and other [contributors](https://github.com/ljharb/qs/graphs/contributors)
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+3. Neither the name of the copyright holder nor the names of its
+   contributors may be used to endorse or promote products derived from
+   this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/src/Servers/ExpressServer/node_modules/qs/README.md b/src/Servers/ExpressServer/node_modules/qs/README.md
new file mode 100644
index 0000000..5c37739
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/qs/README.md
@@ -0,0 +1,740 @@
+<p align="center">
+    <img alt="qs" src="./logos/banner_default.png" width="800" />
+</p>
+
+# qs <sup>[![Version Badge][npm-version-svg]][package-url]</sup>
+
+[![github actions][actions-image]][actions-url]
+[![coverage][codecov-image]][codecov-url]
+[![License][license-image]][license-url]
+[![Downloads][downloads-image]][downloads-url]
+[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/9058/badge)](https://bestpractices.coreinfrastructure.org/projects/9058)
+
+[![npm badge][npm-badge-png]][package-url]
+
+A querystring parsing and stringifying library with some added security.
+
+Lead Maintainer: [Jordan Harband](https://github.com/ljharb)
+
+The **qs** module was originally created and maintained by [TJ Holowaychuk](https://github.com/visionmedia/node-querystring).
+
+## Usage
+
+```javascript
+var qs = require('qs');
+var assert = require('assert');
+
+var obj = qs.parse('a=c');
+assert.deepEqual(obj, { a: 'c' });
+
+var str = qs.stringify(obj);
+assert.equal(str, 'a=c');
+```
+
+### Parsing Objects
+
+[](#preventEval)
+```javascript
+qs.parse(string, [options]);
+```
+
+**qs** allows you to create nested objects within your query strings, by surrounding the name of sub-keys with square brackets `[]`.
+For example, the string `'foo[bar]=baz'` converts to:
+
+```javascript
+assert.deepEqual(qs.parse('foo[bar]=baz'), {
+    foo: {
+        bar: 'baz'
+    }
+});
+```
+
+When using the `plainObjects` option the parsed value is returned as a null object, created via `{ __proto__: null }` and as such you should be aware that prototype methods will not exist on it and a user may set those names to whatever value they like:
+
+```javascript
+var nullObject = qs.parse('a[hasOwnProperty]=b', { plainObjects: true });
+assert.deepEqual(nullObject, { a: { hasOwnProperty: 'b' } });
+```
+
+By default parameters that would overwrite properties on the object prototype are ignored, if you wish to keep the data from those fields either use `plainObjects` as mentioned above, or set `allowPrototypes` to `true` which will allow user input to overwrite those properties.
+*WARNING* It is generally a bad idea to enable this option as it can cause problems when attempting to use the properties that have been overwritten.
+Always be careful with this option.
+
+```javascript
+var protoObject = qs.parse('a[hasOwnProperty]=b', { allowPrototypes: true });
+assert.deepEqual(protoObject, { a: { hasOwnProperty: 'b' } });
+```
+
+URI encoded strings work too:
+
+```javascript
+assert.deepEqual(qs.parse('a%5Bb%5D=c'), {
+    a: { b: 'c' }
+});
+```
+
+You can also nest your objects, like `'foo[bar][baz]=foobarbaz'`:
+
+```javascript
+assert.deepEqual(qs.parse('foo[bar][baz]=foobarbaz'), {
+    foo: {
+        bar: {
+            baz: 'foobarbaz'
+        }
+    }
+});
+```
+
+By default, when nesting objects **qs** will only parse up to 5 children deep.
+This means if you attempt to parse a string like `'a[b][c][d][e][f][g][h][i]=j'` your resulting object will be:
+
+```javascript
+var expected = {
+    a: {
+        b: {
+            c: {
+                d: {
+                    e: {
+                        f: {
+                            '[g][h][i]': 'j'
+                        }
+                    }
+                }
+            }
+        }
+    }
+};
+var string = 'a[b][c][d][e][f][g][h][i]=j';
+assert.deepEqual(qs.parse(string), expected);
+```
+
+This depth can be overridden by passing a `depth` option to `qs.parse(string, [options])`:
+
+```javascript
+var deep = qs.parse('a[b][c][d][e][f][g][h][i]=j', { depth: 1 });
+assert.deepEqual(deep, { a: { b: { '[c][d][e][f][g][h][i]': 'j' } } });
+```
+
+You can configure **qs** to throw an error when parsing nested input beyond this depth using the `strictDepth` option (defaulted to false):
+
+```javascript
+try {
+    qs.parse('a[b][c][d][e][f][g][h][i]=j', { depth: 1, strictDepth: true });
+} catch (err) {
+    assert(err instanceof RangeError);
+    assert.strictEqual(err.message, 'Input depth exceeded depth option of 1 and strictDepth is true');
+}
+```
+
+The depth limit helps mitigate abuse when **qs** is used to parse user input, and it is recommended to keep it a reasonably small number. The strictDepth option adds a layer of protection by throwing an error when the limit is exceeded, allowing you to catch and handle such cases.
+
+For similar reasons, by default **qs** will only parse up to 1000 parameters. This can be overridden by passing a `parameterLimit` option:
+
+```javascript
+var limited = qs.parse('a=b&c=d', { parameterLimit: 1 });
+assert.deepEqual(limited, { a: 'b' });
+```
+
+If you want an error to be thrown whenever the a limit is exceeded (eg, `parameterLimit`, `arrayLimit`), set the `throwOnLimitExceeded` option to `true`. This option will generate a descriptive error if the query string exceeds a configured limit.
+```javascript
+try {
+    qs.parse('a=1&b=2&c=3&d=4', { parameterLimit: 3, throwOnLimitExceeded: true });
+} catch (err) {
+    assert(err instanceof Error);
+    assert.strictEqual(err.message, 'Parameter limit exceeded. Only 3 parameters allowed.');
+}
+```
+
+When `throwOnLimitExceeded` is set to `false` (default), **qs** will parse up to the specified `parameterLimit` and ignore the rest without throwing an error.
+
+To bypass the leading question mark, use `ignoreQueryPrefix`:
+
+```javascript
+var prefixed = qs.parse('?a=b&c=d', { ignoreQueryPrefix: true });
+assert.deepEqual(prefixed, { a: 'b', c: 'd' });
+```
+
+An optional delimiter can also be passed:
+
+```javascript
+var delimited = qs.parse('a=b;c=d', { delimiter: ';' });
+assert.deepEqual(delimited, { a: 'b', c: 'd' });
+```
+
+Delimiters can be a regular expression too:
+
+```javascript
+var regexed = qs.parse('a=b;c=d,e=f', { delimiter: /[;,]/ });
+assert.deepEqual(regexed, { a: 'b', c: 'd', e: 'f' });
+```
+
+Option `allowDots` can be used to enable dot notation:
+
+```javascript
+var withDots = qs.parse('a.b=c', { allowDots: true });
+assert.deepEqual(withDots, { a: { b: 'c' } });
+```
+
+Option `decodeDotInKeys` can be used to decode dots in keys
+Note: it implies `allowDots`, so `parse` will error if you set `decodeDotInKeys` to `true`, and `allowDots` to `false`.
+
+```javascript
+var withDots = qs.parse('name%252Eobj.first=John&name%252Eobj.last=Doe', { decodeDotInKeys: true });
+assert.deepEqual(withDots, { 'name.obj': { first: 'John', last: 'Doe' }});
+```
+
+Option `allowEmptyArrays` can be used to allowing empty array values in object
+```javascript
+var withEmptyArrays = qs.parse('foo[]&bar=baz', { allowEmptyArrays: true });
+assert.deepEqual(withEmptyArrays, { foo: [], bar: 'baz' });
+```
+
+Option `duplicates` can be used to change the behavior when duplicate keys are encountered
+```javascript
+assert.deepEqual(qs.parse('foo=bar&foo=baz'), { foo: ['bar', 'baz'] });
+assert.deepEqual(qs.parse('foo=bar&foo=baz', { duplicates: 'combine' }), { foo: ['bar', 'baz'] });
+assert.deepEqual(qs.parse('foo=bar&foo=baz', { duplicates: 'first' }), { foo: 'bar' });
+assert.deepEqual(qs.parse('foo=bar&foo=baz', { duplicates: 'last' }), { foo: 'baz' });
+```
+
+If you have to deal with legacy browsers or services, there's also support for decoding percent-encoded octets as iso-8859-1:
+
+```javascript
+var oldCharset = qs.parse('a=%A7', { charset: 'iso-8859-1' });
+assert.deepEqual(oldCharset, { a: '§' });
+```
+
+Some services add an initial `utf8=✓` value to forms so that old Internet Explorer versions are more likely to submit the form as utf-8.
+Additionally, the server can check the value against wrong encodings of the checkmark character and detect that a query string or `application/x-www-form-urlencoded` body was *not* sent as utf-8, eg. if the form had an `accept-charset` parameter or the containing page had a different character set.
+
+**qs** supports this mechanism via the `charsetSentinel` option.
+If specified, the `utf8` parameter will be omitted from the returned object.
+It will be used to switch to `iso-8859-1`/`utf-8` mode depending on how the checkmark is encoded.
+
+**Important**: When you specify both the `charset` option and the `charsetSentinel` option, the `charset` will be overridden when the request contains a `utf8` parameter from which the actual charset can be deduced.
+In that sense the `charset` will behave as the default charset rather than the authoritative charset.
+
+```javascript
+var detectedAsUtf8 = qs.parse('utf8=%E2%9C%93&a=%C3%B8', {
+    charset: 'iso-8859-1',
+    charsetSentinel: true
+});
+assert.deepEqual(detectedAsUtf8, { a: 'ø' });
+
+// Browsers encode the checkmark as &#10003; when submitting as iso-8859-1:
+var detectedAsIso8859_1 = qs.parse('utf8=%26%2310003%3B&a=%F8', {
+    charset: 'utf-8',
+    charsetSentinel: true
+});
+assert.deepEqual(detectedAsIso8859_1, { a: 'ø' });
+```
+
+If you want to decode the `&#...;` syntax to the actual character, you can specify the `interpretNumericEntities` option as well:
+
+```javascript
+var detectedAsIso8859_1 = qs.parse('a=%26%239786%3B', {
+    charset: 'iso-8859-1',
+    interpretNumericEntities: true
+});
+assert.deepEqual(detectedAsIso8859_1, { a: '☺' });
+```
+
+It also works when the charset has been detected in `charsetSentinel` mode.
+
+### Parsing Arrays
+
+**qs** can also parse arrays using a similar `[]` notation:
+
+```javascript
+var withArray = qs.parse('a[]=b&a[]=c');
+assert.deepEqual(withArray, { a: ['b', 'c'] });
+```
+
+You may specify an index as well:
+
+```javascript
+var withIndexes = qs.parse('a[1]=c&a[0]=b');
+assert.deepEqual(withIndexes, { a: ['b', 'c'] });
+```
+
+Note that the only difference between an index in an array and a key in an object is that the value between the brackets must be a number to create an array.
+When creating arrays with specific indices, **qs** will compact a sparse array to only the existing values preserving their order:
+
+```javascript
+var noSparse = qs.parse('a[1]=b&a[15]=c');
+assert.deepEqual(noSparse, { a: ['b', 'c'] });
+```
+
+You may also use `allowSparse` option to parse sparse arrays:
+
+```javascript
+var sparseArray = qs.parse('a[1]=2&a[3]=5', { allowSparse: true });
+assert.deepEqual(sparseArray, { a: [, '2', , '5'] });
+```
+
+Note that an empty string is also a value, and will be preserved:
+
+```javascript
+var withEmptyString = qs.parse('a[]=&a[]=b');
+assert.deepEqual(withEmptyString, { a: ['', 'b'] });
+
+var withIndexedEmptyString = qs.parse('a[0]=b&a[1]=&a[2]=c');
+assert.deepEqual(withIndexedEmptyString, { a: ['b', '', 'c'] });
+```
+
+**qs** will also limit arrays to a maximum of `20` elements.
+Any array members with an index of `20` or greater will instead be converted to an object with the index as the key.
+This is needed to handle cases when someone sent, for example, `a[999999999]` and it will take significant time to iterate over this huge array.
+
+```javascript
+var withMaxIndex = qs.parse('a[100]=b');
+assert.deepEqual(withMaxIndex, { a: { '100': 'b' } });
+```
+
+This limit can be overridden by passing an `arrayLimit` option:
+
+```javascript
+var withArrayLimit = qs.parse('a[1]=b', { arrayLimit: 0 });
+assert.deepEqual(withArrayLimit, { a: { '1': 'b' } });
+```
+
+If you want to throw an error whenever the array limit is exceeded, set the `throwOnLimitExceeded` option to `true`. This option will generate a descriptive error if the query string exceeds a configured limit.
+```javascript
+try {
+    qs.parse('a[1]=b', { arrayLimit: 0, throwOnLimitExceeded: true });
+} catch (err) {
+    assert(err instanceof Error);
+    assert.strictEqual(err.message, 'Array limit exceeded. Only 0 elements allowed in an array.');
+}
+```
+
+When `throwOnLimitExceeded` is set to `false` (default), **qs** will parse up to the specified `arrayLimit` and if the limit is exceeded, the array will instead be converted to an object with the index as the key
+
+To prevent array syntax (`a[]`, `a[0]`) from being parsed as arrays, set `parseArrays` to `false`.
+Note that duplicate keys (e.g. `a=b&a=c`) may still produce arrays when `duplicates` is `'combine'` (the default).
+
+```javascript
+var noParsingArrays = qs.parse('a[]=b', { parseArrays: false });
+assert.deepEqual(noParsingArrays, { a: { '0': 'b' } });
+```
+
+If you mix notations, **qs** will merge the two items into an object:
+
+```javascript
+var mixedNotation = qs.parse('a[0]=b&a[b]=c');
+assert.deepEqual(mixedNotation, { a: { '0': 'b', b: 'c' } });
+```
+
+You can also create arrays of objects:
+
+```javascript
+var arraysOfObjects = qs.parse('a[][b]=c');
+assert.deepEqual(arraysOfObjects, { a: [{ b: 'c' }] });
+```
+
+Some people use comma to join array, **qs** can parse it:
+```javascript
+var arraysOfObjects = qs.parse('a=b,c', { comma: true })
+assert.deepEqual(arraysOfObjects, { a: ['b', 'c'] })
+```
+(_this cannot convert nested objects, such as `a={b:1},{c:d}`_)
+
+### Parsing primitive/scalar values (numbers, booleans, null, etc)
+
+By default, all values are parsed as strings.
+This behavior will not change and is explained in [issue #91](https://github.com/ljharb/qs/issues/91).
+
+```javascript
+var primitiveValues = qs.parse('a=15&b=true&c=null');
+assert.deepEqual(primitiveValues, { a: '15', b: 'true', c: 'null' });
+```
+
+If you wish to auto-convert values which look like numbers, booleans, and other values into their primitive counterparts, you can use the [query-types Express JS middleware](https://github.com/xpepermint/query-types) which will auto-convert all request query parameters.
+
+### Stringifying
+
+[](#preventEval)
+```javascript
+qs.stringify(object, [options]);
+```
+
+When stringifying, **qs** by default URI encodes output. Objects are stringified as you would expect:
+
+```javascript
+assert.equal(qs.stringify({ a: 'b' }), 'a=b');
+assert.equal(qs.stringify({ a: { b: 'c' } }), 'a%5Bb%5D=c');
+```
+
+This encoding can be disabled by setting the `encode` option to `false`:
+
+```javascript
+var unencoded = qs.stringify({ a: { b: 'c' } }, { encode: false });
+assert.equal(unencoded, 'a[b]=c');
+```
+
+Encoding can be disabled for keys by setting the `encodeValuesOnly` option to `true`:
+```javascript
+var encodedValues = qs.stringify(
+    { a: 'b', c: ['d', 'e=f'], f: [['g'], ['h']] },
+    { encodeValuesOnly: true }
+);
+assert.equal(encodedValues,'a=b&c[0]=d&c[1]=e%3Df&f[0][0]=g&f[1][0]=h');
+```
+
+This encoding can also be replaced by a custom encoding method set as `encoder` option:
+
+```javascript
+var encoded = qs.stringify({ a: { b: 'c' } }, { encoder: function (str) {
+    // Passed in values `a`, `b`, `c`
+    return // Return encoded string
+}})
+```
+
+_(Note: the `encoder` option does not apply if `encode` is `false`)_
+
+Analogue to the `encoder` there is a `decoder` option for `parse` to override decoding of properties and values:
+
+```javascript
+var decoded = qs.parse('x=z', { decoder: function (str) {
+    // Passed in values `x`, `z`
+    return // Return decoded string
+}})
+```
+
+You can encode keys and values using different logic by using the type argument provided to the encoder:
+
+```javascript
+var encoded = qs.stringify({ a: { b: 'c' } }, { encoder: function (str, defaultEncoder, charset, type) {
+    if (type === 'key') {
+        return // Encoded key
+    } else if (type === 'value') {
+        return // Encoded value
+    }
+}})
+```
+
+The type argument is also provided to the decoder:
+
+```javascript
+var decoded = qs.parse('x=z', { decoder: function (str, defaultDecoder, charset, type) {
+    if (type === 'key') {
+        return // Decoded key
+    } else if (type === 'value') {
+        return // Decoded value
+    }
+}})
+```
+
+Examples beyond this point will be shown as though the output is not URI encoded for clarity.
+Please note that the return values in these cases *will* be URI encoded during real usage.
+
+When arrays are stringified, they follow the `arrayFormat` option, which defaults to `indices`:
+
+```javascript
+qs.stringify({ a: ['b', 'c', 'd'] });
+// 'a[0]=b&a[1]=c&a[2]=d'
+```
+
+You may override this by setting the `indices` option to `false`, or to be more explicit, the `arrayFormat` option to `repeat`:
+
+```javascript
+qs.stringify({ a: ['b', 'c', 'd'] }, { indices: false });
+// 'a=b&a=c&a=d'
+```
+
+You may use the `arrayFormat` option to specify the format of the output array:
+
+```javascript
+qs.stringify({ a: ['b', 'c'] }, { arrayFormat: 'indices' })
+// 'a[0]=b&a[1]=c'
+qs.stringify({ a: ['b', 'c'] }, { arrayFormat: 'brackets' })
+// 'a[]=b&a[]=c'
+qs.stringify({ a: ['b', 'c'] }, { arrayFormat: 'repeat' })
+// 'a=b&a=c'
+qs.stringify({ a: ['b', 'c'] }, { arrayFormat: 'comma' })
+// 'a=b,c'
+```
+
+Note: when using `arrayFormat` set to `'comma'`, you can also pass the `commaRoundTrip` option set to `true` or `false`, to append `[]` on single-item arrays, so that they can round trip through a parse.
+
+When objects are stringified, by default they use bracket notation:
+
+```javascript
+qs.stringify({ a: { b: { c: 'd', e: 'f' } } });
+// 'a[b][c]=d&a[b][e]=f'
+```
+
+You may override this to use dot notation by setting the `allowDots` option to `true`:
+
+```javascript
+qs.stringify({ a: { b: { c: 'd', e: 'f' } } }, { allowDots: true });
+// 'a.b.c=d&a.b.e=f'
+```
+
+You may encode the dot notation in the keys of object with option `encodeDotInKeys` by setting it to `true`:
+Note: it implies `allowDots`, so `stringify` will error if you set `decodeDotInKeys` to `true`, and `allowDots` to `false`.
+Caveat: when `encodeValuesOnly` is `true` as well as `encodeDotInKeys`, only dots in keys and nothing else will be encoded.
+```javascript
+qs.stringify({ "name.obj": { "first": "John", "last": "Doe" } }, { allowDots: true, encodeDotInKeys: true })
+// 'name%252Eobj.first=John&name%252Eobj.last=Doe'
+```
+
+You may allow empty array values by setting the `allowEmptyArrays` option to `true`:
+```javascript
+qs.stringify({ foo: [], bar: 'baz' }, { allowEmptyArrays: true });
+// 'foo[]&bar=baz'
+```
+
+Empty strings and null values will omit the value, but the equals sign (=) remains in place:
+
+```javascript
+assert.equal(qs.stringify({ a: '' }), 'a=');
+```
+
+Key with no values (such as an empty object or array) will return nothing:
+
+```javascript
+assert.equal(qs.stringify({ a: [] }), '');
+assert.equal(qs.stringify({ a: {} }), '');
+assert.equal(qs.stringify({ a: [{}] }), '');
+assert.equal(qs.stringify({ a: { b: []} }), '');
+assert.equal(qs.stringify({ a: { b: {}} }), '');
+```
+
+Properties that are set to `undefined` will be omitted entirely:
+
+```javascript
+assert.equal(qs.stringify({ a: null, b: undefined }), 'a=');
+```
+
+The query string may optionally be prepended with a question mark:
+
+```javascript
+assert.equal(qs.stringify({ a: 'b', c: 'd' }, { addQueryPrefix: true }), '?a=b&c=d');
+```
+
+Note that when the output is an empty string, the prefix will not be added:
+
+```javascript
+assert.equal(qs.stringify({}, { addQueryPrefix: true }), '');
+```
+
+The delimiter may be overridden with stringify as well:
+
+```javascript
+assert.equal(qs.stringify({ a: 'b', c: 'd' }, { delimiter: ';' }), 'a=b;c=d');
+```
+
+If you only want to override the serialization of `Date` objects, you can provide a `serializeDate` option:
+
+```javascript
+var date = new Date(7);
+assert.equal(qs.stringify({ a: date }), 'a=1970-01-01T00:00:00.007Z'.replace(/:/g, '%3A'));
+assert.equal(
+    qs.stringify({ a: date }, { serializeDate: function (d) { return d.getTime(); } }),
+    'a=7'
+);
+```
+
+You may use the `sort` option to affect the order of parameter keys:
+
+```javascript
+function alphabeticalSort(a, b) {
+    return a.localeCompare(b);
+}
+assert.equal(qs.stringify({ a: 'c', z: 'y', b : 'f' }, { sort: alphabeticalSort }), 'a=c&b=f&z=y');
+```
+
+Finally, you can use the `filter` option to restrict which keys will be included in the stringified output.
+If you pass a function, it will be called for each key to obtain the replacement value.
+Otherwise, if you pass an array, it will be used to select properties and array indices for stringification:
+
+```javascript
+function filterFunc(prefix, value) {
+    if (prefix == 'b') {
+        // Return an `undefined` value to omit a property.
+        return;
+    }
+    if (prefix == 'e[f]') {
+        return value.getTime();
+    }
+    if (prefix == 'e[g][0]') {
+        return value * 2;
+    }
+    return value;
+}
+qs.stringify({ a: 'b', c: 'd', e: { f: new Date(123), g: [2] } }, { filter: filterFunc });
+// 'a=b&c=d&e[f]=123&e[g][0]=4'
+qs.stringify({ a: 'b', c: 'd', e: 'f' }, { filter: ['a', 'e'] });
+// 'a=b&e=f'
+qs.stringify({ a: ['b', 'c', 'd'], e: 'f' }, { filter: ['a', 0, 2] });
+// 'a[0]=b&a[2]=d'
+```
+
+You could also use `filter` to inject custom serialization for user defined types.
+Consider you're working with some api that expects query strings of the format for ranges:
+
+```
+https://domain.com/endpoint?range=30...70
+```
+
+For which you model as:
+
+```javascript
+class Range {
+    constructor(from, to) {
+        this.from = from;
+        this.to = to;
+    }
+}
+```
+
+You could _inject_ a custom serializer to handle values of this type:
+
+```javascript
+qs.stringify(
+    {
+        range: new Range(30, 70),
+    },
+    {
+        filter: (prefix, value) => {
+            if (value instanceof Range) {
+                return `${value.from}...${value.to}`;
+            }
+            // serialize the usual way
+            return value;
+        },
+    }
+);
+// range=30...70
+```
+
+### Handling of `null` values
+
+By default, `null` values are treated like empty strings:
+
+```javascript
+var withNull = qs.stringify({ a: null, b: '' });
+assert.equal(withNull, 'a=&b=');
+```
+
+Parsing does not distinguish between parameters with and without equal signs.
+Both are converted to empty strings.
+
+```javascript
+var equalsInsensitive = qs.parse('a&b=');
+assert.deepEqual(equalsInsensitive, { a: '', b: '' });
+```
+
+To distinguish between `null` values and empty strings use the `strictNullHandling` flag. In the result string the `null`
+values have no `=` sign:
+
+```javascript
+var strictNull = qs.stringify({ a: null, b: '' }, { strictNullHandling: true });
+assert.equal(strictNull, 'a&b=');
+```
+
+To parse values without `=` back to `null` use the `strictNullHandling` flag:
+
+```javascript
+var parsedStrictNull = qs.parse('a&b=', { strictNullHandling: true });
+assert.deepEqual(parsedStrictNull, { a: null, b: '' });
+```
+
+To completely skip rendering keys with `null` values, use the `skipNulls` flag:
+
+```javascript
+var nullsSkipped = qs.stringify({ a: 'b', c: null}, { skipNulls: true });
+assert.equal(nullsSkipped, 'a=b');
+```
+
+If you're communicating with legacy systems, you can switch to `iso-8859-1` using the `charset` option:
+
+```javascript
+var iso = qs.stringify({ æ: 'æ' }, { charset: 'iso-8859-1' });
+assert.equal(iso, '%E6=%E6');
+```
+
+Characters that don't exist in `iso-8859-1` will be converted to numeric entities, similar to what browsers do:
+
+```javascript
+var numeric = qs.stringify({ a: '☺' }, { charset: 'iso-8859-1' });
+assert.equal(numeric, 'a=%26%239786%3B');
+```
+
+You can use the `charsetSentinel` option to announce the character by including an `utf8=✓` parameter with the proper encoding if the checkmark, similar to what Ruby on Rails and others do when submitting forms.
+
+```javascript
+var sentinel = qs.stringify({ a: '☺' }, { charsetSentinel: true });
+assert.equal(sentinel, 'utf8=%E2%9C%93&a=%E2%98%BA');
+
+var isoSentinel = qs.stringify({ a: 'æ' }, { charsetSentinel: true, charset: 'iso-8859-1' });
+assert.equal(isoSentinel, 'utf8=%26%2310003%3B&a=%E6');
+```
+
+### Dealing with special character sets
+
+By default the encoding and decoding of characters is done in `utf-8`, and `iso-8859-1` support is also built in via the `charset` parameter.
+
+If you wish to encode querystrings to a different character set (i.e.
+[Shift JIS](https://en.wikipedia.org/wiki/Shift_JIS)) you can use the
+[`qs-iconv`](https://github.com/martinheidegger/qs-iconv) library:
+
+```javascript
+var encoder = require('qs-iconv/encoder')('shift_jis');
+var shiftJISEncoded = qs.stringify({ a: 'こんにちは！' }, { encoder: encoder });
+assert.equal(shiftJISEncoded, 'a=%82%B1%82%F1%82%C9%82%BF%82%CD%81I');
+```
+
+This also works for decoding of query strings:
+
+```javascript
+var decoder = require('qs-iconv/decoder')('shift_jis');
+var obj = qs.parse('a=%82%B1%82%F1%82%C9%82%BF%82%CD%81I', { decoder: decoder });
+assert.deepEqual(obj, { a: 'こんにちは！' });
+```
+
+### RFC 3986 and RFC 1738 space encoding
+
+RFC3986 used as default option and encodes ' ' to *%20* which is backward compatible.
+In the same time, output can be stringified as per RFC1738 with ' ' equal to '+'.
+
+```
+assert.equal(qs.stringify({ a: 'b c' }), 'a=b%20c');
+assert.equal(qs.stringify({ a: 'b c' }, { format : 'RFC3986' }), 'a=b%20c');
+assert.equal(qs.stringify({ a: 'b c' }, { format : 'RFC1738' }), 'a=b+c');
+```
+
+## Security
+
+Please email [@ljharb](https://github.com/ljharb) or see https://tidelift.com/security if you have a potential security vulnerability to report.
+
+## qs for enterprise
+
+Available as part of the Tidelift Subscription
+
+The maintainers of qs and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source dependencies you use to build your applications.
+Save time, reduce risk, and improve code health, while paying the maintainers of the exact dependencies you use.
+[Learn more.](https://tidelift.com/subscription/pkg/npm-qs?utm_source=npm-qs&utm_medium=referral&utm_campaign=enterprise&utm_term=repo)
+
+[package-url]: https://npmjs.org/package/qs
+[npm-version-svg]: https://versionbadg.es/ljharb/qs.svg
+[deps-svg]: https://david-dm.org/ljharb/qs.svg
+[deps-url]: https://david-dm.org/ljharb/qs
+[dev-deps-svg]: https://david-dm.org/ljharb/qs/dev-status.svg
+[dev-deps-url]: https://david-dm.org/ljharb/qs#info=devDependencies
+[npm-badge-png]: https://nodei.co/npm/qs.png?downloads=true&stars=true
+[license-image]: https://img.shields.io/npm/l/qs.svg
+[license-url]: LICENSE
+[downloads-image]: https://img.shields.io/npm/dm/qs.svg
+[downloads-url]: https://npm-stat.com/charts.html?package=qs
+[codecov-image]: https://codecov.io/gh/ljharb/qs/branch/main/graphs/badge.svg
+[codecov-url]: https://app.codecov.io/gh/ljharb/qs/
+[actions-image]: https://img.shields.io/github/check-runs/ljharb/qs/main
+[actions-url]: https://github.com/ljharb/qs/actions
+
+## Acknowledgements
+
+qs logo by [NUMI](https://github.com/numi-hq/open-design):
+
+[<img src="https://raw.githubusercontent.com/numi-hq/open-design/main/assets/numi-lockup.png" alt="NUMI Logo" style="width: 200px;"/>](https://numi.tech/?ref=qs)
diff --git a/src/Servers/ExpressServer/node_modules/qs/dist/qs.js b/src/Servers/ExpressServer/node_modules/qs/dist/qs.js
new file mode 100644
index 0000000..d5eb519
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/qs/dist/qs.js
@@ -0,0 +1,141 @@
+(function(f){if(typeof exports==="object"&&typeof module!=="undefined"){module.exports=f()}else if(typeof define==="function"&&define.amd){define([],f)}else{var g;if(typeof window!=="undefined"){g=window}else if(typeof global!=="undefined"){g=global}else if(typeof self!=="undefined"){g=self}else{g=this}g.Qs = f()}})(function(){var define,module,exports;return (function(){function r(e,n,t){function o(i,f){if(!n[i]){if(!e[i]){var c="function"==typeof require&&require;if(!f&&c)return c(i,!0);if(u)return u(i,!0);var a=new Error("Cannot find module '"+i+"'");throw a.code="MODULE_NOT_FOUND",a}var p=n[i]={exports:{}};e[i][0].call(p.exports,function(r){var n=e[i][1][r];return o(n||r)},p,p.exports,r,e,n,t)}return n[i].exports}for(var u="function"==typeof require&&require,i=0;i<t.length;i++)o(t[i]);return o}return r})()({1:[function(require,module,exports){
+"use strict";var replace=String.prototype.replace,percentTwenties=/%20/g,Format={RFC1738:"RFC1738",RFC3986:"RFC3986"};module.exports={default:Format.RFC3986,formatters:{RFC1738:function(e){return replace.call(e,percentTwenties,"+")},RFC3986:function(e){return String(e)}},RFC1738:Format.RFC1738,RFC3986:Format.RFC3986};
+
+},{}],2:[function(require,module,exports){
+"use strict";var stringify=require(4),parse=require(3),formats=require(1);module.exports={formats:formats,parse:parse,stringify:stringify};
+
+},{"1":1,"3":3,"4":4}],3:[function(require,module,exports){
+"use strict";var utils=require(5),has=Object.prototype.hasOwnProperty,isArray=Array.isArray,defaults={allowDots:!1,allowEmptyArrays:!1,allowPrototypes:!1,allowSparse:!1,arrayLimit:20,charset:"utf-8",charsetSentinel:!1,comma:!1,decodeDotInKeys:!1,decoder:utils.decode,delimiter:"&",depth:5,duplicates:"combine",ignoreQueryPrefix:!1,interpretNumericEntities:!1,parameterLimit:1e3,parseArrays:!0,plainObjects:!1,strictDepth:!1,strictNullHandling:!1,throwOnLimitExceeded:!1},interpretNumericEntities=function(e){return e.replace(/&#(\d+);/g,function(e,t){return String.fromCharCode(parseInt(t,10))})},parseArrayValue=function(e,t,r){if(e&&"string"==typeof e&&t.comma&&e.indexOf(",")>-1)return e.split(",");if(t.throwOnLimitExceeded&&r>=t.arrayLimit)throw new RangeError("Array limit exceeded. Only "+t.arrayLimit+" element"+(1===t.arrayLimit?"":"s")+" allowed in an array.");return e},isoSentinel="utf8=%26%2310003%3B",charsetSentinel="utf8=%E2%9C%93",parseValues=function parseQueryStringValues(e,t){var r={__proto__:null},i=t.ignoreQueryPrefix?e.replace(/^\?/,""):e;i=i.replace(/%5B/gi,"[").replace(/%5D/gi,"]");var a=t.parameterLimit===1/0?void 0:t.parameterLimit,o=i.split(t.delimiter,t.throwOnLimitExceeded?a+1:a);if(t.throwOnLimitExceeded&&o.length>a)throw new RangeError("Parameter limit exceeded. Only "+a+" parameter"+(1===a?"":"s")+" allowed.");var l,n=-1,s=t.charset;if(t.charsetSentinel)for(l=0;l<o.length;++l)0===o[l].indexOf("utf8=")&&(o[l]===charsetSentinel?s="utf-8":o[l]===isoSentinel&&(s="iso-8859-1"),n=l,l=o.length);for(l=0;l<o.length;++l)if(l!==n){var d,p,c=o[l],u=c.indexOf("]="),y=-1===u?c.indexOf("="):u+1;if(-1===y?(d=t.decoder(c,defaults.decoder,s,"key"),p=t.strictNullHandling?null:""):null!==(d=t.decoder(c.slice(0,y),defaults.decoder,s,"key"))&&(p=utils.maybeMap(parseArrayValue(c.slice(y+1),t,isArray(r[d])?r[d].length:0),function(e){return t.decoder(e,defaults.decoder,s,"value")})),p&&t.interpretNumericEntities&&"iso-8859-1"===s&&(p=interpretNumericEntities(String(p))),c.indexOf("[]=")>-1&&(p=isArray(p)?[p]:p),t.comma&&isArray(p)&&p.length>t.arrayLimit){if(t.throwOnLimitExceeded)throw new RangeError("Array limit exceeded. Only "+t.arrayLimit+" element"+(1===t.arrayLimit?"":"s")+" allowed in an array.");p=utils.combine([],p,t.arrayLimit,t.plainObjects)}if(null!==d){var f=has.call(r,d);f&&"combine"===t.duplicates?r[d]=utils.combine(r[d],p,t.arrayLimit,t.plainObjects):f&&"last"!==t.duplicates||(r[d]=p)}}return r},parseObject=function(e,t,r,i){var a=0;if(e.length>0&&"[]"===e[e.length-1]){var o=e.slice(0,-1).join("");a=Array.isArray(t)&&t[o]?t[o].length:0}for(var l=i?t:parseArrayValue(t,r,a),n=e.length-1;n>=0;--n){var s,d=e[n];if("[]"===d&&r.parseArrays)s=utils.isOverflow(l)?l:r.allowEmptyArrays&&(""===l||r.strictNullHandling&&null===l)?[]:utils.combine([],l,r.arrayLimit,r.plainObjects);else{s=r.plainObjects?{__proto__:null}:{};var p="["===d.charAt(0)&&"]"===d.charAt(d.length-1)?d.slice(1,-1):d,c=r.decodeDotInKeys?p.replace(/%2E/g,"."):p,u=parseInt(c,10),y=!isNaN(u)&&d!==c&&String(u)===c&&u>=0&&r.parseArrays;if(r.parseArrays||""!==c)if(y&&u<r.arrayLimit)(s=[])[u]=l;else{if(y&&r.throwOnLimitExceeded)throw new RangeError("Array limit exceeded. Only "+r.arrayLimit+" element"+(1===r.arrayLimit?"":"s")+" allowed in an array.");y?(s[u]=l,utils.markOverflow(s,u)):"__proto__"!==c&&(s[c]=l)}else s={0:l}}l=s}return l},splitKeyIntoSegments=function splitKeyIntoSegments(e,t){var r=t.allowDots?e.replace(/\.([^.[]+)/g,"[$1]"):e;if(t.depth<=0){if(!t.plainObjects&&has.call(Object.prototype,r)&&!t.allowPrototypes)return;return[r]}var i=/(\[[^[\]]*])/g,a=/(\[[^[\]]*])/.exec(r),o=a?r.slice(0,a.index):r,l=[];if(o){if(!t.plainObjects&&has.call(Object.prototype,o)&&!t.allowPrototypes)return;l[l.length]=o}for(var n=0;null!==(a=i.exec(r))&&n<t.depth;){n+=1;var s=a[1].slice(1,-1);if(!t.plainObjects&&has.call(Object.prototype,s)&&!t.allowPrototypes)return;l[l.length]=a[1]}if(a){if(!0===t.strictDepth)throw new RangeError("Input depth exceeded depth option of "+t.depth+" and strictDepth is true");l[l.length]="["+r.slice(a.index)+"]"}return l},parseKeys=function parseQueryStringKeys(e,t,r,i){if(e){var a=splitKeyIntoSegments(e,r);if(a)return parseObject(a,t,r,i)}},normalizeParseOptions=function normalizeParseOptions(e){if(!e)return defaults;if(void 0!==e.allowEmptyArrays&&"boolean"!=typeof e.allowEmptyArrays)throw new TypeError("`allowEmptyArrays` option can only be `true` or `false`, when provided");if(void 0!==e.decodeDotInKeys&&"boolean"!=typeof e.decodeDotInKeys)throw new TypeError("`decodeDotInKeys` option can only be `true` or `false`, when provided");if(null!==e.decoder&&void 0!==e.decoder&&"function"!=typeof e.decoder)throw new TypeError("Decoder has to be a function.");if(void 0!==e.charset&&"utf-8"!==e.charset&&"iso-8859-1"!==e.charset)throw new TypeError("The charset option must be either utf-8, iso-8859-1, or undefined");if(void 0!==e.throwOnLimitExceeded&&"boolean"!=typeof e.throwOnLimitExceeded)throw new TypeError("`throwOnLimitExceeded` option must be a boolean");var t=void 0===e.charset?defaults.charset:e.charset,r=void 0===e.duplicates?defaults.duplicates:e.duplicates;if("combine"!==r&&"first"!==r&&"last"!==r)throw new TypeError("The duplicates option must be either combine, first, or last");return{allowDots:void 0===e.allowDots?!0===e.decodeDotInKeys||defaults.allowDots:!!e.allowDots,allowEmptyArrays:"boolean"==typeof e.allowEmptyArrays?!!e.allowEmptyArrays:defaults.allowEmptyArrays,allowPrototypes:"boolean"==typeof e.allowPrototypes?e.allowPrototypes:defaults.allowPrototypes,allowSparse:"boolean"==typeof e.allowSparse?e.allowSparse:defaults.allowSparse,arrayLimit:"number"==typeof e.arrayLimit?e.arrayLimit:defaults.arrayLimit,charset:t,charsetSentinel:"boolean"==typeof e.charsetSentinel?e.charsetSentinel:defaults.charsetSentinel,comma:"boolean"==typeof e.comma?e.comma:defaults.comma,decodeDotInKeys:"boolean"==typeof e.decodeDotInKeys?e.decodeDotInKeys:defaults.decodeDotInKeys,decoder:"function"==typeof e.decoder?e.decoder:defaults.decoder,delimiter:"string"==typeof e.delimiter||utils.isRegExp(e.delimiter)?e.delimiter:defaults.delimiter,depth:"number"==typeof e.depth||!1===e.depth?+e.depth:defaults.depth,duplicates:r,ignoreQueryPrefix:!0===e.ignoreQueryPrefix,interpretNumericEntities:"boolean"==typeof e.interpretNumericEntities?e.interpretNumericEntities:defaults.interpretNumericEntities,parameterLimit:"number"==typeof e.parameterLimit?e.parameterLimit:defaults.parameterLimit,parseArrays:!1!==e.parseArrays,plainObjects:"boolean"==typeof e.plainObjects?e.plainObjects:defaults.plainObjects,strictDepth:"boolean"==typeof e.strictDepth?!!e.strictDepth:defaults.strictDepth,strictNullHandling:"boolean"==typeof e.strictNullHandling?e.strictNullHandling:defaults.strictNullHandling,throwOnLimitExceeded:"boolean"==typeof e.throwOnLimitExceeded&&e.throwOnLimitExceeded}};module.exports=function(e,t){var r=normalizeParseOptions(t);if(""===e||null==e)return r.plainObjects?{__proto__:null}:{};for(var i="string"==typeof e?parseValues(e,r):e,a=r.plainObjects?{__proto__:null}:{},o=Object.keys(i),l=0;l<o.length;++l){var n=o[l],s=parseKeys(n,i[n],r,"string"==typeof e);a=utils.merge(a,s,r)}return!0===r.allowSparse?a:utils.compact(a)};
+
+},{"5":5}],4:[function(require,module,exports){
+"use strict";var getSideChannel=require(46),utils=require(5),formats=require(1),has=Object.prototype.hasOwnProperty,arrayPrefixGenerators={brackets:function brackets(e){return e+"[]"},comma:"comma",indices:function indices(e,r){return e+"["+r+"]"},repeat:function repeat(e){return e}},isArray=Array.isArray,push=Array.prototype.push,pushToArray=function(e,r){push.apply(e,isArray(r)?r:[r])},toISO=Date.prototype.toISOString,defaultFormat=formats.default,defaults={addQueryPrefix:!1,allowDots:!1,allowEmptyArrays:!1,arrayFormat:"indices",charset:"utf-8",charsetSentinel:!1,commaRoundTrip:!1,delimiter:"&",encode:!0,encodeDotInKeys:!1,encoder:utils.encode,encodeValuesOnly:!1,filter:void 0,format:defaultFormat,formatter:formats.formatters[defaultFormat],indices:!1,serializeDate:function serializeDate(e){return toISO.call(e)},skipNulls:!1,strictNullHandling:!1},isNonNullishPrimitive=function isNonNullishPrimitive(e){return"string"==typeof e||"number"==typeof e||"boolean"==typeof e||"symbol"==typeof e||"bigint"==typeof e},sentinel={},stringify=function stringify(e,r,t,o,a,n,i,l,s,f,u,d,y,c,p,m,h,v){for(var g=e,w=v,b=0,A=!1;void 0!==(w=w.get(sentinel))&&!A;){var D=w.get(e);if(b+=1,void 0!==D){if(D===b)throw new RangeError("Cyclic object value");A=!0}void 0===w.get(sentinel)&&(b=0)}if("function"==typeof f?g=f(r,g):g instanceof Date?g=y(g):"comma"===t&&isArray(g)&&(g=utils.maybeMap(g,function(e){return e instanceof Date?y(e):e})),null===g){if(n)return s&&!m?s(r,defaults.encoder,h,"key",c):r;g=""}if(isNonNullishPrimitive(g)||utils.isBuffer(g))return s?[p(m?r:s(r,defaults.encoder,h,"key",c))+"="+p(s(g,defaults.encoder,h,"value",c))]:[p(r)+"="+p(String(g))];var S,E=[];if(void 0===g)return E;if("comma"===t&&isArray(g))m&&s&&(g=utils.maybeMap(g,s)),S=[{value:g.length>0?g.join(",")||null:void 0}];else if(isArray(f))S=f;else{var N=Object.keys(g);S=u?N.sort(u):N}var T=l?String(r).replace(/\./g,"%2E"):String(r),O=o&&isArray(g)&&1===g.length?T+"[]":T;if(a&&isArray(g)&&0===g.length)return O+"[]";for(var k=0;k<S.length;++k){var I=S[k],P="object"==typeof I&&I&&void 0!==I.value?I.value:g[I];if(!i||null!==P){var x=d&&l?String(I).replace(/\./g,"%2E"):String(I),z=isArray(g)?"function"==typeof t?t(O,x):O:O+(d?"."+x:"["+x+"]");v.set(e,b);var K=getSideChannel();K.set(sentinel,v),pushToArray(E,stringify(P,z,t,o,a,n,i,l,"comma"===t&&m&&isArray(g)?null:s,f,u,d,y,c,p,m,h,K))}}return E},normalizeStringifyOptions=function normalizeStringifyOptions(e){if(!e)return defaults;if(void 0!==e.allowEmptyArrays&&"boolean"!=typeof e.allowEmptyArrays)throw new TypeError("`allowEmptyArrays` option can only be `true` or `false`, when provided");if(void 0!==e.encodeDotInKeys&&"boolean"!=typeof e.encodeDotInKeys)throw new TypeError("`encodeDotInKeys` option can only be `true` or `false`, when provided");if(null!==e.encoder&&void 0!==e.encoder&&"function"!=typeof e.encoder)throw new TypeError("Encoder has to be a function.");var r=e.charset||defaults.charset;if(void 0!==e.charset&&"utf-8"!==e.charset&&"iso-8859-1"!==e.charset)throw new TypeError("The charset option must be either utf-8, iso-8859-1, or undefined");var t=formats.default;if(void 0!==e.format){if(!has.call(formats.formatters,e.format))throw new TypeError("Unknown format option provided.");t=e.format}var o,a=formats.formatters[t],n=defaults.filter;if(("function"==typeof e.filter||isArray(e.filter))&&(n=e.filter),o=e.arrayFormat in arrayPrefixGenerators?e.arrayFormat:"indices"in e?e.indices?"indices":"repeat":defaults.arrayFormat,"commaRoundTrip"in e&&"boolean"!=typeof e.commaRoundTrip)throw new TypeError("`commaRoundTrip` must be a boolean, or absent");var i=void 0===e.allowDots?!0===e.encodeDotInKeys||defaults.allowDots:!!e.allowDots;return{addQueryPrefix:"boolean"==typeof e.addQueryPrefix?e.addQueryPrefix:defaults.addQueryPrefix,allowDots:i,allowEmptyArrays:"boolean"==typeof e.allowEmptyArrays?!!e.allowEmptyArrays:defaults.allowEmptyArrays,arrayFormat:o,charset:r,charsetSentinel:"boolean"==typeof e.charsetSentinel?e.charsetSentinel:defaults.charsetSentinel,commaRoundTrip:!!e.commaRoundTrip,delimiter:void 0===e.delimiter?defaults.delimiter:e.delimiter,encode:"boolean"==typeof e.encode?e.encode:defaults.encode,encodeDotInKeys:"boolean"==typeof e.encodeDotInKeys?e.encodeDotInKeys:defaults.encodeDotInKeys,encoder:"function"==typeof e.encoder?e.encoder:defaults.encoder,encodeValuesOnly:"boolean"==typeof e.encodeValuesOnly?e.encodeValuesOnly:defaults.encodeValuesOnly,filter:n,format:t,formatter:a,serializeDate:"function"==typeof e.serializeDate?e.serializeDate:defaults.serializeDate,skipNulls:"boolean"==typeof e.skipNulls?e.skipNulls:defaults.skipNulls,sort:"function"==typeof e.sort?e.sort:null,strictNullHandling:"boolean"==typeof e.strictNullHandling?e.strictNullHandling:defaults.strictNullHandling}};module.exports=function(e,r){var t,o=e,a=normalizeStringifyOptions(r);"function"==typeof a.filter?o=(0,a.filter)("",o):isArray(a.filter)&&(t=a.filter);var n=[];if("object"!=typeof o||null===o)return"";var i=arrayPrefixGenerators[a.arrayFormat],l="comma"===i&&a.commaRoundTrip;t||(t=Object.keys(o)),a.sort&&t.sort(a.sort);for(var s=getSideChannel(),f=0;f<t.length;++f){var u=t[f],d=o[u];a.skipNulls&&null===d||pushToArray(n,stringify(d,u,i,l,a.allowEmptyArrays,a.strictNullHandling,a.skipNulls,a.encodeDotInKeys,a.encode?a.encoder:null,a.filter,a.sort,a.allowDots,a.serializeDate,a.format,a.formatter,a.encodeValuesOnly,a.charset,s))}var y=n.join(a.delimiter),c=!0===a.addQueryPrefix?"?":"";return a.charsetSentinel&&("iso-8859-1"===a.charset?c+="utf8=%26%2310003%3B&":c+="utf8=%E2%9C%93&"),y.length>0?c+y:""};
+
+},{"1":1,"46":46,"5":5}],5:[function(require,module,exports){
+"use strict";var formats=require(1),getSideChannel=require(46),has=Object.prototype.hasOwnProperty,isArray=Array.isArray,overflowChannel=getSideChannel(),markOverflow=function markOverflow(e,r){return overflowChannel.set(e,r),e},isOverflow=function isOverflow(e){return overflowChannel.has(e)},getMaxIndex=function getMaxIndex(e){return overflowChannel.get(e)},setMaxIndex=function setMaxIndex(e,r){overflowChannel.set(e,r)},hexTable=function(){for(var e=[],r=0;r<256;++r)e[e.length]="%"+((r<16?"0":"")+r.toString(16)).toUpperCase();return e}(),compactQueue=function compactQueue(e){for(;e.length>1;){var r=e.pop(),t=r.obj[r.prop];if(isArray(t)){for(var n=[],o=0;o<t.length;++o)void 0!==t[o]&&(n[n.length]=t[o]);r.obj[r.prop]=n}}},arrayToObject=function arrayToObject(e,r){for(var t=r&&r.plainObjects?{__proto__:null}:{},n=0;n<e.length;++n)void 0!==e[n]&&(t[n]=e[n]);return t},merge=function merge(e,r,t){if(!r)return e;if("object"!=typeof r&&"function"!=typeof r){if(isArray(e)){var n=e.length;if(t&&"number"==typeof t.arrayLimit&&n>t.arrayLimit)return markOverflow(arrayToObject(e.concat(r),t),n);e[n]=r}else{if(!e||"object"!=typeof e)return[e,r];if(isOverflow(e)){var o=getMaxIndex(e)+1;e[o]=r,setMaxIndex(e,o)}else(t&&(t.plainObjects||t.allowPrototypes)||!has.call(Object.prototype,r))&&(e[r]=!0)}return e}if(!e||"object"!=typeof e){if(isOverflow(r)){for(var a=Object.keys(r),i=t&&t.plainObjects?{__proto__:null,0:e}:{0:e},c=0;c<a.length;c++)i[parseInt(a[c],10)+1]=r[a[c]];return markOverflow(i,getMaxIndex(r)+1)}var l=[e].concat(r);return t&&"number"==typeof t.arrayLimit&&l.length>t.arrayLimit?markOverflow(arrayToObject(l,t),l.length-1):l}var f=e;return isArray(e)&&!isArray(r)&&(f=arrayToObject(e,t)),isArray(e)&&isArray(r)?(r.forEach(function(r,n){if(has.call(e,n)){var o=e[n];o&&"object"==typeof o&&r&&"object"==typeof r?e[n]=merge(o,r,t):e[e.length]=r}else e[n]=r}),e):Object.keys(r).reduce(function(e,n){var o=r[n];if(has.call(e,n)?e[n]=merge(e[n],o,t):e[n]=o,isOverflow(r)&&!isOverflow(e)&&markOverflow(e,getMaxIndex(r)),isOverflow(e)){var a=parseInt(n,10);String(a)===n&&a>=0&&a>getMaxIndex(e)&&setMaxIndex(e,a)}return e},f)},assign=function assignSingleSource(e,r){return Object.keys(r).reduce(function(e,t){return e[t]=r[t],e},e)},decode=function(e,r,t){var n=e.replace(/\+/g," ");if("iso-8859-1"===t)return n.replace(/%[0-9a-f]{2}/gi,unescape);try{return decodeURIComponent(n)}catch(e){return n}},limit=1024,encode=function encode(e,r,t,n,o){if(0===e.length)return e;var a=e;if("symbol"==typeof e?a=Symbol.prototype.toString.call(e):"string"!=typeof e&&(a=String(e)),"iso-8859-1"===t)return escape(a).replace(/%u[0-9a-f]{4}/gi,function(e){return"%26%23"+parseInt(e.slice(2),16)+"%3B"});for(var i="",c=0;c<a.length;c+=limit){for(var l=a.length>=limit?a.slice(c,c+limit):a,f=[],s=0;s<l.length;++s){var u=l.charCodeAt(s);45===u||46===u||95===u||126===u||u>=48&&u<=57||u>=65&&u<=90||u>=97&&u<=122||o===formats.RFC1738&&(40===u||41===u)?f[f.length]=l.charAt(s):u<128?f[f.length]=hexTable[u]:u<2048?f[f.length]=hexTable[192|u>>6]+hexTable[128|63&u]:u<55296||u>=57344?f[f.length]=hexTable[224|u>>12]+hexTable[128|u>>6&63]+hexTable[128|63&u]:(s+=1,u=65536+((1023&u)<<10|1023&l.charCodeAt(s)),f[f.length]=hexTable[240|u>>18]+hexTable[128|u>>12&63]+hexTable[128|u>>6&63]+hexTable[128|63&u])}i+=f.join("")}return i},compact=function compact(e){for(var r=[{obj:{o:e},prop:"o"}],t=[],n=0;n<r.length;++n)for(var o=r[n],a=o.obj[o.prop],i=Object.keys(a),c=0;c<i.length;++c){var l=i[c],f=a[l];"object"==typeof f&&null!==f&&-1===t.indexOf(f)&&(r[r.length]={obj:a,prop:l},t[t.length]=f)}return compactQueue(r),e},isRegExp=function isRegExp(e){return"[object RegExp]"===Object.prototype.toString.call(e)},isBuffer=function isBuffer(e){return!(!e||"object"!=typeof e||!(e.constructor&&e.constructor.isBuffer&&e.constructor.isBuffer(e)))},combine=function combine(e,r,t,n){if(isOverflow(e)){var o=getMaxIndex(e)+1;return e[o]=r,setMaxIndex(e,o),e}var a=[].concat(e,r);return a.length>t?markOverflow(arrayToObject(a,{plainObjects:n}),a.length-1):a},maybeMap=function maybeMap(e,r){if(isArray(e)){for(var t=[],n=0;n<e.length;n+=1)t[t.length]=r(e[n]);return t}return r(e)};module.exports={/* common-shake removed: arrayToObject:arrayToObject *//* common-shake removed: assign:assign */combine:combine,compact:compact,decode:decode,encode:encode,isBuffer:isBuffer,isOverflow:isOverflow,isRegExp:isRegExp,markOverflow:markOverflow,maybeMap:maybeMap,merge:merge};
+
+},{"1":1,"46":46}],46:[function(require,module,exports){
+"use strict";var $TypeError=require(20),inspect=require(42),getSideChannelList=require(43),getSideChannelMap=require(44),getSideChannelWeakMap=require(45),makeChannel=getSideChannelWeakMap||getSideChannelMap||getSideChannelList;module.exports=function getSideChannel(){var e,n={assert:function(e){if(!n.has(e))throw new $TypeError("Side channel does not contain "+inspect(e))},delete:function(n){return!!e&&e.delete(n)},get:function(n){return e&&e.get(n)},has:function(n){return!!e&&e.has(n)},set:function(n,t){e||(e=makeChannel()),e.set(n,t)}};return n};
+
+},{"20":20,"42":42,"43":43,"44":44,"45":45}],6:[function(require,module,exports){
+
+},{}],7:[function(require,module,exports){
+"use strict";var bind=require(24),$apply=require(8),$call=require(9),$reflectApply=require(11);module.exports=$reflectApply||bind.call($call,$apply);
+
+},{"11":11,"24":24,"8":8,"9":9}],9:[function(require,module,exports){
+"use strict";module.exports=Function.prototype.call;
+
+},{}],8:[function(require,module,exports){
+"use strict";module.exports=Function.prototype.apply;
+
+},{}],24:[function(require,module,exports){
+"use strict";var implementation=require(23);module.exports=Function.prototype.bind||implementation;
+
+},{"23":23}],11:[function(require,module,exports){
+"use strict";module.exports="undefined"!=typeof Reflect&&Reflect&&Reflect.apply;
+
+},{}],10:[function(require,module,exports){
+"use strict";var bind=require(24),$TypeError=require(20),$call=require(9),$actualApply=require(7);module.exports=function callBindBasic(r){if(r.length<1||"function"!=typeof r[0])throw new $TypeError("a function is required");return $actualApply(bind,$call,r)};
+
+},{"20":20,"24":24,"7":7,"9":9}],20:[function(require,module,exports){
+"use strict";module.exports=TypeError;
+
+},{}],12:[function(require,module,exports){
+"use strict";var GetIntrinsic=require(25),callBindBasic=require(10),$indexOf=callBindBasic([GetIntrinsic("%String.prototype.indexOf%")]);module.exports=function callBoundIntrinsic(i,n){var t=GetIntrinsic(i,!!n);return"function"==typeof t&&$indexOf(i,".prototype.")>-1?callBindBasic([t]):t};
+
+},{"10":10,"25":25}],25:[function(require,module,exports){
+"use strict";var undefined,$Object=require(22),$Error=require(16),$EvalError=require(15),$RangeError=require(17),$ReferenceError=require(18),$SyntaxError=require(19),$TypeError=require(20),$URIError=require(21),abs=require(34),floor=require(35),max=require(37),min=require(38),pow=require(39),round=require(40),sign=require(41),$Function=Function,getEvalledConstructor=function(r){try{return $Function('"use strict"; return ('+r+").constructor;")()}catch(r){}},$gOPD=require(30),$defineProperty=require(14),throwTypeError=function(){throw new $TypeError},ThrowTypeError=$gOPD?function(){try{return throwTypeError}catch(r){try{return $gOPD(arguments,"callee").get}catch(r){return throwTypeError}}}():throwTypeError,hasSymbols=require(31)(),getProto=require(28),$ObjectGPO=require(26),$ReflectGPO=require(27),$apply=require(8),$call=require(9),needsEval={},TypedArray="undefined"!=typeof Uint8Array&&getProto?getProto(Uint8Array):undefined,INTRINSICS={__proto__:null,"%AggregateError%":"undefined"==typeof AggregateError?undefined:AggregateError,"%Array%":Array,"%ArrayBuffer%":"undefined"==typeof ArrayBuffer?undefined:ArrayBuffer,"%ArrayIteratorPrototype%":hasSymbols&&getProto?getProto([][Symbol.iterator]()):undefined,"%AsyncFromSyncIteratorPrototype%":undefined,"%AsyncFunction%":needsEval,"%AsyncGenerator%":needsEval,"%AsyncGeneratorFunction%":needsEval,"%AsyncIteratorPrototype%":needsEval,"%Atomics%":"undefined"==typeof Atomics?undefined:Atomics,"%BigInt%":"undefined"==typeof BigInt?undefined:BigInt,"%BigInt64Array%":"undefined"==typeof BigInt64Array?undefined:BigInt64Array,"%BigUint64Array%":"undefined"==typeof BigUint64Array?undefined:BigUint64Array,"%Boolean%":Boolean,"%DataView%":"undefined"==typeof DataView?undefined:DataView,"%Date%":Date,"%decodeURI%":decodeURI,"%decodeURIComponent%":decodeURIComponent,"%encodeURI%":encodeURI,"%encodeURIComponent%":encodeURIComponent,"%Error%":$Error,"%eval%":eval,"%EvalError%":$EvalError,"%Float16Array%":"undefined"==typeof Float16Array?undefined:Float16Array,"%Float32Array%":"undefined"==typeof Float32Array?undefined:Float32Array,"%Float64Array%":"undefined"==typeof Float64Array?undefined:Float64Array,"%FinalizationRegistry%":"undefined"==typeof FinalizationRegistry?undefined:FinalizationRegistry,"%Function%":$Function,"%GeneratorFunction%":needsEval,"%Int8Array%":"undefined"==typeof Int8Array?undefined:Int8Array,"%Int16Array%":"undefined"==typeof Int16Array?undefined:Int16Array,"%Int32Array%":"undefined"==typeof Int32Array?undefined:Int32Array,"%isFinite%":isFinite,"%isNaN%":isNaN,"%IteratorPrototype%":hasSymbols&&getProto?getProto(getProto([][Symbol.iterator]())):undefined,"%JSON%":"object"==typeof JSON?JSON:undefined,"%Map%":"undefined"==typeof Map?undefined:Map,"%MapIteratorPrototype%":"undefined"!=typeof Map&&hasSymbols&&getProto?getProto((new Map)[Symbol.iterator]()):undefined,"%Math%":Math,"%Number%":Number,"%Object%":$Object,"%Object.getOwnPropertyDescriptor%":$gOPD,"%parseFloat%":parseFloat,"%parseInt%":parseInt,"%Promise%":"undefined"==typeof Promise?undefined:Promise,"%Proxy%":"undefined"==typeof Proxy?undefined:Proxy,"%RangeError%":$RangeError,"%ReferenceError%":$ReferenceError,"%Reflect%":"undefined"==typeof Reflect?undefined:Reflect,"%RegExp%":RegExp,"%Set%":"undefined"==typeof Set?undefined:Set,"%SetIteratorPrototype%":"undefined"!=typeof Set&&hasSymbols&&getProto?getProto((new Set)[Symbol.iterator]()):undefined,"%SharedArrayBuffer%":"undefined"==typeof SharedArrayBuffer?undefined:SharedArrayBuffer,"%String%":String,"%StringIteratorPrototype%":hasSymbols&&getProto?getProto(""[Symbol.iterator]()):undefined,"%Symbol%":hasSymbols?Symbol:undefined,"%SyntaxError%":$SyntaxError,"%ThrowTypeError%":ThrowTypeError,"%TypedArray%":TypedArray,"%TypeError%":$TypeError,"%Uint8Array%":"undefined"==typeof Uint8Array?undefined:Uint8Array,"%Uint8ClampedArray%":"undefined"==typeof Uint8ClampedArray?undefined:Uint8ClampedArray,"%Uint16Array%":"undefined"==typeof Uint16Array?undefined:Uint16Array,"%Uint32Array%":"undefined"==typeof Uint32Array?undefined:Uint32Array,"%URIError%":$URIError,"%WeakMap%":"undefined"==typeof WeakMap?undefined:WeakMap,"%WeakRef%":"undefined"==typeof WeakRef?undefined:WeakRef,"%WeakSet%":"undefined"==typeof WeakSet?undefined:WeakSet,"%Function.prototype.call%":$call,"%Function.prototype.apply%":$apply,"%Object.defineProperty%":$defineProperty,"%Object.getPrototypeOf%":$ObjectGPO,"%Math.abs%":abs,"%Math.floor%":floor,"%Math.max%":max,"%Math.min%":min,"%Math.pow%":pow,"%Math.round%":round,"%Math.sign%":sign,"%Reflect.getPrototypeOf%":$ReflectGPO};if(getProto)try{null.error}catch(r){var errorProto=getProto(getProto(r));INTRINSICS["%Error.prototype%"]=errorProto}var doEval=function doEval(r){var e;if("%AsyncFunction%"===r)e=getEvalledConstructor("async function () {}");else if("%GeneratorFunction%"===r)e=getEvalledConstructor("function* () {}");else if("%AsyncGeneratorFunction%"===r)e=getEvalledConstructor("async function* () {}");else if("%AsyncGenerator%"===r){var t=doEval("%AsyncGeneratorFunction%");t&&(e=t.prototype)}else if("%AsyncIteratorPrototype%"===r){var o=doEval("%AsyncGenerator%");o&&getProto&&(e=getProto(o.prototype))}return INTRINSICS[r]=e,e},LEGACY_ALIASES={__proto__:null,"%ArrayBufferPrototype%":["ArrayBuffer","prototype"],"%ArrayPrototype%":["Array","prototype"],"%ArrayProto_entries%":["Array","prototype","entries"],"%ArrayProto_forEach%":["Array","prototype","forEach"],"%ArrayProto_keys%":["Array","prototype","keys"],"%ArrayProto_values%":["Array","prototype","values"],"%AsyncFunctionPrototype%":["AsyncFunction","prototype"],"%AsyncGenerator%":["AsyncGeneratorFunction","prototype"],"%AsyncGeneratorPrototype%":["AsyncGeneratorFunction","prototype","prototype"],"%BooleanPrototype%":["Boolean","prototype"],"%DataViewPrototype%":["DataView","prototype"],"%DatePrototype%":["Date","prototype"],"%ErrorPrototype%":["Error","prototype"],"%EvalErrorPrototype%":["EvalError","prototype"],"%Float32ArrayPrototype%":["Float32Array","prototype"],"%Float64ArrayPrototype%":["Float64Array","prototype"],"%FunctionPrototype%":["Function","prototype"],"%Generator%":["GeneratorFunction","prototype"],"%GeneratorPrototype%":["GeneratorFunction","prototype","prototype"],"%Int8ArrayPrototype%":["Int8Array","prototype"],"%Int16ArrayPrototype%":["Int16Array","prototype"],"%Int32ArrayPrototype%":["Int32Array","prototype"],"%JSONParse%":["JSON","parse"],"%JSONStringify%":["JSON","stringify"],"%MapPrototype%":["Map","prototype"],"%NumberPrototype%":["Number","prototype"],"%ObjectPrototype%":["Object","prototype"],"%ObjProto_toString%":["Object","prototype","toString"],"%ObjProto_valueOf%":["Object","prototype","valueOf"],"%PromisePrototype%":["Promise","prototype"],"%PromiseProto_then%":["Promise","prototype","then"],"%Promise_all%":["Promise","all"],"%Promise_reject%":["Promise","reject"],"%Promise_resolve%":["Promise","resolve"],"%RangeErrorPrototype%":["RangeError","prototype"],"%ReferenceErrorPrototype%":["ReferenceError","prototype"],"%RegExpPrototype%":["RegExp","prototype"],"%SetPrototype%":["Set","prototype"],"%SharedArrayBufferPrototype%":["SharedArrayBuffer","prototype"],"%StringPrototype%":["String","prototype"],"%SymbolPrototype%":["Symbol","prototype"],"%SyntaxErrorPrototype%":["SyntaxError","prototype"],"%TypedArrayPrototype%":["TypedArray","prototype"],"%TypeErrorPrototype%":["TypeError","prototype"],"%Uint8ArrayPrototype%":["Uint8Array","prototype"],"%Uint8ClampedArrayPrototype%":["Uint8ClampedArray","prototype"],"%Uint16ArrayPrototype%":["Uint16Array","prototype"],"%Uint32ArrayPrototype%":["Uint32Array","prototype"],"%URIErrorPrototype%":["URIError","prototype"],"%WeakMapPrototype%":["WeakMap","prototype"],"%WeakSetPrototype%":["WeakSet","prototype"]},bind=require(24),hasOwn=require(33),$concat=bind.call($call,Array.prototype.concat),$spliceApply=bind.call($apply,Array.prototype.splice),$replace=bind.call($call,String.prototype.replace),$strSlice=bind.call($call,String.prototype.slice),$exec=bind.call($call,RegExp.prototype.exec),rePropName=/[^%.[\]]+|\[(?:(-?\d+(?:\.\d+)?)|(["'])((?:(?!\2)[^\\]|\\.)*?)\2)\]|(?=(?:\.|\[\])(?:\.|\[\]|%$))/g,reEscapeChar=/\\(\\)?/g,stringToPath=function stringToPath(r){var e=$strSlice(r,0,1),t=$strSlice(r,-1);if("%"===e&&"%"!==t)throw new $SyntaxError("invalid intrinsic syntax, expected closing `%`");if("%"===t&&"%"!==e)throw new $SyntaxError("invalid intrinsic syntax, expected opening `%`");var o=[];return $replace(r,rePropName,function(r,e,t,n){o[o.length]=t?$replace(n,reEscapeChar,"$1"):e||r}),o},getBaseIntrinsic=function getBaseIntrinsic(r,e){var t,o=r;if(hasOwn(LEGACY_ALIASES,o)&&(o="%"+(t=LEGACY_ALIASES[o])[0]+"%"),hasOwn(INTRINSICS,o)){var n=INTRINSICS[o];if(n===needsEval&&(n=doEval(o)),void 0===n&&!e)throw new $TypeError("intrinsic "+r+" exists, but is not available. Please file an issue!");return{alias:t,name:o,value:n}}throw new $SyntaxError("intrinsic "+r+" does not exist!")};module.exports=function GetIntrinsic(r,e){if("string"!=typeof r||0===r.length)throw new $TypeError("intrinsic name must be a non-empty string");if(arguments.length>1&&"boolean"!=typeof e)throw new $TypeError('"allowMissing" argument must be a boolean');if(null===$exec(/^%?[^%]*%?$/,r))throw new $SyntaxError("`%` may not be present anywhere but at the beginning and end of the intrinsic name");var t=stringToPath(r),o=t.length>0?t[0]:"",n=getBaseIntrinsic("%"+o+"%",e),a=n.name,i=n.value,y=!1,p=n.alias;p&&(o=p[0],$spliceApply(t,$concat([0,1],p)));for(var d=1,s=!0;d<t.length;d+=1){var f=t[d],l=$strSlice(f,0,1),u=$strSlice(f,-1);if(('"'===l||"'"===l||"`"===l||'"'===u||"'"===u||"`"===u)&&l!==u)throw new $SyntaxError("property names with quotes must have matching quotes");if("constructor"!==f&&s||(y=!0),hasOwn(INTRINSICS,a="%"+(o+="."+f)+"%"))i=INTRINSICS[a];else if(null!=i){if(!(f in i)){if(!e)throw new $TypeError("base intrinsic for "+r+" exists, but the property is not available.");return}if($gOPD&&d+1>=t.length){var c=$gOPD(i,f);i=(s=!!c)&&"get"in c&&!("originalValue"in c.get)?c.get:i[f]}else s=hasOwn(i,f),i=i[f];s&&!y&&(INTRINSICS[a]=i)}}return i};
+
+},{"14":14,"15":15,"16":16,"17":17,"18":18,"19":19,"20":20,"21":21,"22":22,"24":24,"26":26,"27":27,"28":28,"30":30,"31":31,"33":33,"34":34,"35":35,"37":37,"38":38,"39":39,"40":40,"41":41,"8":8,"9":9}],13:[function(require,module,exports){
+"use strict";var hasProtoAccessor,callBind=require(10),gOPD=require(30);try{hasProtoAccessor=[].__proto__===Array.prototype}catch(t){if(!t||"object"!=typeof t||!("code"in t)||"ERR_PROTO_ACCESS"!==t.code)throw t}var desc=!!hasProtoAccessor&&gOPD&&gOPD(Object.prototype,"__proto__"),$Object=Object,$getPrototypeOf=$Object.getPrototypeOf;module.exports=desc&&"function"==typeof desc.get?callBind([desc.get]):"function"==typeof $getPrototypeOf&&function getDunder(t){return $getPrototypeOf(null==t?t:$Object(t))};
+
+},{"10":10,"30":30}],30:[function(require,module,exports){
+"use strict";var $gOPD=require(29);if($gOPD)try{$gOPD([],"length")}catch(g){$gOPD=null}module.exports=$gOPD;
+
+},{"29":29}],14:[function(require,module,exports){
+"use strict";var $defineProperty=Object.defineProperty||!1;if($defineProperty)try{$defineProperty({},"a",{value:1})}catch(e){$defineProperty=!1}module.exports=$defineProperty;
+
+},{}],15:[function(require,module,exports){
+"use strict";module.exports=EvalError;
+
+},{}],16:[function(require,module,exports){
+"use strict";module.exports=Error;
+
+},{}],17:[function(require,module,exports){
+"use strict";module.exports=RangeError;
+
+},{}],18:[function(require,module,exports){
+"use strict";module.exports=ReferenceError;
+
+},{}],19:[function(require,module,exports){
+"use strict";module.exports=SyntaxError;
+
+},{}],21:[function(require,module,exports){
+"use strict";module.exports=URIError;
+
+},{}],22:[function(require,module,exports){
+"use strict";module.exports=Object;
+
+},{}],23:[function(require,module,exports){
+"use strict";var ERROR_MESSAGE="Function.prototype.bind called on incompatible ",toStr=Object.prototype.toString,max=Math.max,funcType="[object Function]",concatty=function concatty(t,n){for(var r=[],o=0;o<t.length;o+=1)r[o]=t[o];for(var e=0;e<n.length;e+=1)r[e+t.length]=n[e];return r},slicy=function slicy(t,n){for(var r=[],o=n||0,e=0;o<t.length;o+=1,e+=1)r[e]=t[o];return r},joiny=function(t,n){for(var r="",o=0;o<t.length;o+=1)r+=t[o],o+1<t.length&&(r+=n);return r};module.exports=function bind(t){var n=this;if("function"!=typeof n||toStr.apply(n)!==funcType)throw new TypeError(ERROR_MESSAGE+n);for(var r,o=slicy(arguments,1),e=max(0,n.length-o.length),i=[],c=0;c<e;c++)i[c]="$"+c;if(r=Function("binder","return function ("+joiny(i,",")+"){ return binder.apply(this,arguments); }")(function(){if(this instanceof r){var e=n.apply(this,concatty(o,arguments));return Object(e)===e?e:this}return n.apply(t,concatty(o,arguments))}),n.prototype){var p=function Empty(){};p.prototype=n.prototype,r.prototype=new p,p.prototype=null}return r};
+
+},{}],39:[function(require,module,exports){
+"use strict";module.exports=Math.pow;
+
+},{}],37:[function(require,module,exports){
+"use strict";module.exports=Math.max;
+
+},{}],34:[function(require,module,exports){
+"use strict";module.exports=Math.abs;
+
+},{}],38:[function(require,module,exports){
+"use strict";module.exports=Math.min;
+
+},{}],35:[function(require,module,exports){
+"use strict";module.exports=Math.floor;
+
+},{}],40:[function(require,module,exports){
+"use strict";module.exports=Math.round;
+
+},{}],27:[function(require,module,exports){
+"use strict";module.exports="undefined"!=typeof Reflect&&Reflect.getPrototypeOf||null;
+
+},{}],26:[function(require,module,exports){
+"use strict";var $Object=require(22);module.exports=$Object.getPrototypeOf||null;
+
+},{"22":22}],41:[function(require,module,exports){
+"use strict";var $isNaN=require(36);module.exports=function sign(i){return $isNaN(i)||0===i?i:i<0?-1:1};
+
+},{"36":36}],33:[function(require,module,exports){
+"use strict";var call=Function.prototype.call,$hasOwn=Object.prototype.hasOwnProperty,bind=require(24);module.exports=bind.call(call,$hasOwn);
+
+},{"24":24}],31:[function(require,module,exports){
+"use strict";var origSymbol="undefined"!=typeof Symbol&&Symbol,hasSymbolSham=require(32);module.exports=function hasNativeSymbols(){return"function"==typeof origSymbol&&"function"==typeof Symbol&&"symbol"==typeof origSymbol("foo")&&"symbol"==typeof Symbol("bar")&&hasSymbolSham()};
+
+},{"32":32}],28:[function(require,module,exports){
+"use strict";var reflectGetProto=require(27),originalGetProto=require(26),getDunderProto=require(13);module.exports=reflectGetProto?function getProto(t){return reflectGetProto(t)}:originalGetProto?function getProto(t){if(!t||"object"!=typeof t&&"function"!=typeof t)throw new TypeError("getProto: not an object");return originalGetProto(t)}:getDunderProto?function getProto(t){return getDunderProto(t)}:null;
+
+},{"13":13,"26":26,"27":27}],29:[function(require,module,exports){
+"use strict";module.exports=Object.getOwnPropertyDescriptor;
+
+},{}],32:[function(require,module,exports){
+"use strict";module.exports=function hasSymbols(){if("function"!=typeof Symbol||"function"!=typeof Object.getOwnPropertySymbols)return!1;if("symbol"==typeof Symbol.iterator)return!0;var t={},e=Symbol("test"),r=Object(e);if("string"==typeof e)return!1;if("[object Symbol]"!==Object.prototype.toString.call(e))return!1;if("[object Symbol]"!==Object.prototype.toString.call(r))return!1;for(var o in t[e]=42,t)return!1;if("function"==typeof Object.keys&&0!==Object.keys(t).length)return!1;if("function"==typeof Object.getOwnPropertyNames&&0!==Object.getOwnPropertyNames(t).length)return!1;var n=Object.getOwnPropertySymbols(t);if(1!==n.length||n[0]!==e)return!1;if(!Object.prototype.propertyIsEnumerable.call(t,e))return!1;if("function"==typeof Object.getOwnPropertyDescriptor){var y=Object.getOwnPropertyDescriptor(t,e);if(42!==y.value||!0!==y.enumerable)return!1}return!0};
+
+},{}],36:[function(require,module,exports){
+"use strict";module.exports=Number.isNaN||function isNaN(e){return e!=e};
+
+},{}],42:[function(require,module,exports){
+(function (global){(function (){
+var hasMap="function"==typeof Map&&Map.prototype,mapSizeDescriptor=Object.getOwnPropertyDescriptor&&hasMap?Object.getOwnPropertyDescriptor(Map.prototype,"size"):null,mapSize=hasMap&&mapSizeDescriptor&&"function"==typeof mapSizeDescriptor.get?mapSizeDescriptor.get:null,mapForEach=hasMap&&Map.prototype.forEach,hasSet="function"==typeof Set&&Set.prototype,setSizeDescriptor=Object.getOwnPropertyDescriptor&&hasSet?Object.getOwnPropertyDescriptor(Set.prototype,"size"):null,setSize=hasSet&&setSizeDescriptor&&"function"==typeof setSizeDescriptor.get?setSizeDescriptor.get:null,setForEach=hasSet&&Set.prototype.forEach,hasWeakMap="function"==typeof WeakMap&&WeakMap.prototype,weakMapHas=hasWeakMap?WeakMap.prototype.has:null,hasWeakSet="function"==typeof WeakSet&&WeakSet.prototype,weakSetHas=hasWeakSet?WeakSet.prototype.has:null,hasWeakRef="function"==typeof WeakRef&&WeakRef.prototype,weakRefDeref=hasWeakRef?WeakRef.prototype.deref:null,booleanValueOf=Boolean.prototype.valueOf,objectToString=Object.prototype.toString,functionToString=Function.prototype.toString,$match=String.prototype.match,$slice=String.prototype.slice,$replace=String.prototype.replace,$toUpperCase=String.prototype.toUpperCase,$toLowerCase=String.prototype.toLowerCase,$test=RegExp.prototype.test,$concat=Array.prototype.concat,$join=Array.prototype.join,$arrSlice=Array.prototype.slice,$floor=Math.floor,bigIntValueOf="function"==typeof BigInt?BigInt.prototype.valueOf:null,gOPS=Object.getOwnPropertySymbols,symToString="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?Symbol.prototype.toString:null,hasShammedSymbols="function"==typeof Symbol&&"object"==typeof Symbol.iterator,toStringTag="function"==typeof Symbol&&Symbol.toStringTag&&(Symbol.toStringTag,1)?Symbol.toStringTag:null,isEnumerable=Object.prototype.propertyIsEnumerable,gPO=("function"==typeof Reflect?Reflect.getPrototypeOf:Object.getPrototypeOf)||([].__proto__===Array.prototype?function(t){return t.__proto__}:null);function addNumericSeparator(t,e){if(t===1/0||t===-1/0||t!=t||t&&t>-1e3&&t<1e3||$test.call(/e/,e))return e;var r=/[0-9](?=(?:[0-9]{3})+(?![0-9]))/g;if("number"==typeof t){var n=t<0?-$floor(-t):$floor(t);if(n!==t){var o=String(n),i=$slice.call(e,o.length+1);return $replace.call(o,r,"$&_")+"."+$replace.call($replace.call(i,/([0-9]{3})/g,"$&_"),/_$/,"")}}return $replace.call(e,r,"$&_")}var utilInspect=require(6),inspectCustom=utilInspect.custom,inspectSymbol=isSymbol(inspectCustom)?inspectCustom:null,quotes={__proto__:null,double:'"',single:"'"},quoteREs={__proto__:null,double:/(["\\])/g,single:/(['\\])/g};function wrapQuotes(t,e,r){var n=r.quoteStyle||e,o=quotes[n];return o+t+o}function quote(t){return $replace.call(String(t),/"/g,"&quot;")}function canTrustToString(t){return!toStringTag||!("object"==typeof t&&(toStringTag in t||void 0!==t[toStringTag]))}function isArray(t){return"[object Array]"===toStr(t)&&canTrustToString(t)}function isDate(t){return"[object Date]"===toStr(t)&&canTrustToString(t)}function isRegExp(t){return"[object RegExp]"===toStr(t)&&canTrustToString(t)}function isError(t){return"[object Error]"===toStr(t)&&canTrustToString(t)}function isString(t){return"[object String]"===toStr(t)&&canTrustToString(t)}function isNumber(t){return"[object Number]"===toStr(t)&&canTrustToString(t)}function isBoolean(t){return"[object Boolean]"===toStr(t)&&canTrustToString(t)}function isSymbol(t){if(hasShammedSymbols)return t&&"object"==typeof t&&t instanceof Symbol;if("symbol"==typeof t)return!0;if(!t||"object"!=typeof t||!symToString)return!1;try{return symToString.call(t),!0}catch(t){}return!1}function isBigInt(t){if(!t||"object"!=typeof t||!bigIntValueOf)return!1;try{return bigIntValueOf.call(t),!0}catch(t){}return!1}module.exports=function inspect_(t,e,r,n){var o=e||{};if(has(o,"quoteStyle")&&!has(quotes,o.quoteStyle))throw new TypeError('option "quoteStyle" must be "single" or "double"');if(has(o,"maxStringLength")&&("number"==typeof o.maxStringLength?o.maxStringLength<0&&o.maxStringLength!==1/0:null!==o.maxStringLength))throw new TypeError('option "maxStringLength", if provided, must be a positive integer, Infinity, or `null`');var i=!has(o,"customInspect")||o.customInspect;if("boolean"!=typeof i&&"symbol"!==i)throw new TypeError("option \"customInspect\", if provided, must be `true`, `false`, or `'symbol'`");if(has(o,"indent")&&null!==o.indent&&"\t"!==o.indent&&!(parseInt(o.indent,10)===o.indent&&o.indent>0))throw new TypeError('option "indent" must be "\\t", an integer > 0, or `null`');if(has(o,"numericSeparator")&&"boolean"!=typeof o.numericSeparator)throw new TypeError('option "numericSeparator", if provided, must be `true` or `false`');var a=o.numericSeparator;if(void 0===t)return"undefined";if(null===t)return"null";if("boolean"==typeof t)return t?"true":"false";if("string"==typeof t)return inspectString(t,o);if("number"==typeof t){if(0===t)return 1/0/t>0?"0":"-0";var c=String(t);return a?addNumericSeparator(t,c):c}if("bigint"==typeof t){var l=String(t)+"n";return a?addNumericSeparator(t,l):l}var u=void 0===o.depth?5:o.depth;if(void 0===r&&(r=0),r>=u&&u>0&&"object"==typeof t)return isArray(t)?"[Array]":"[Object]";var p=getIndent(o,r);if(void 0===n)n=[];else if(indexOf(n,t)>=0)return"[Circular]";function inspect(t,e,i){if(e&&(n=$arrSlice.call(n)).push(e),i){var a={depth:o.depth};return has(o,"quoteStyle")&&(a.quoteStyle=o.quoteStyle),inspect_(t,a,r+1,n)}return inspect_(t,o,r+1,n)}if("function"==typeof t&&!isRegExp(t)){var s=nameOf(t),f=arrObjKeys(t,inspect);return"[Function"+(s?": "+s:" (anonymous)")+"]"+(f.length>0?" { "+$join.call(f,", ")+" }":"")}if(isSymbol(t)){var y=hasShammedSymbols?$replace.call(String(t),/^(Symbol\(.*\))_[^)]*$/,"$1"):symToString.call(t);return"object"!=typeof t||hasShammedSymbols?y:markBoxed(y)}if(isElement(t)){for(var S="<"+$toLowerCase.call(String(t.nodeName)),g=t.attributes||[],m=0;m<g.length;m++)S+=" "+g[m].name+"="+wrapQuotes(quote(g[m].value),"double",o);return S+=">",t.childNodes&&t.childNodes.length&&(S+="..."),S+"</"+$toLowerCase.call(String(t.nodeName))+">"}if(isArray(t)){if(0===t.length)return"[]";var b=arrObjKeys(t,inspect);return p&&!singleLineValues(b)?"["+indentedJoin(b,p)+"]":"[ "+$join.call(b,", ")+" ]"}if(isError(t)){var h=arrObjKeys(t,inspect);return"cause"in Error.prototype||!("cause"in t)||isEnumerable.call(t,"cause")?0===h.length?"["+String(t)+"]":"{ ["+String(t)+"] "+$join.call(h,", ")+" }":"{ ["+String(t)+"] "+$join.call($concat.call("[cause]: "+inspect(t.cause),h),", ")+" }"}if("object"==typeof t&&i){if(inspectSymbol&&"function"==typeof t[inspectSymbol]&&utilInspect)return utilInspect(t,{depth:u-r});if("symbol"!==i&&"function"==typeof t.inspect)return t.inspect()}if(isMap(t)){var d=[];return mapForEach&&mapForEach.call(t,function(e,r){d.push(inspect(r,t,!0)+" => "+inspect(e,t))}),collectionOf("Map",mapSize.call(t),d,p)}if(isSet(t)){var O=[];return setForEach&&setForEach.call(t,function(e){O.push(inspect(e,t))}),collectionOf("Set",setSize.call(t),O,p)}if(isWeakMap(t))return weakCollectionOf("WeakMap");if(isWeakSet(t))return weakCollectionOf("WeakSet");if(isWeakRef(t))return weakCollectionOf("WeakRef");if(isNumber(t))return markBoxed(inspect(Number(t)));if(isBigInt(t))return markBoxed(inspect(bigIntValueOf.call(t)));if(isBoolean(t))return markBoxed(booleanValueOf.call(t));if(isString(t))return markBoxed(inspect(String(t)));if("undefined"!=typeof window&&t===window)return"{ [object Window] }";if("undefined"!=typeof globalThis&&t===globalThis||"undefined"!=typeof global&&t===global)return"{ [object globalThis] }";if(!isDate(t)&&!isRegExp(t)){var j=arrObjKeys(t,inspect),w=gPO?gPO(t)===Object.prototype:t instanceof Object||t.constructor===Object,$=t instanceof Object?"":"null prototype",v=!w&&toStringTag&&Object(t)===t&&toStringTag in t?$slice.call(toStr(t),8,-1):$?"Object":"",k=(w||"function"!=typeof t.constructor?"":t.constructor.name?t.constructor.name+" ":"")+(v||$?"["+$join.call($concat.call([],v||[],$||[]),": ")+"] ":"");return 0===j.length?k+"{}":p?k+"{"+indentedJoin(j,p)+"}":k+"{ "+$join.call(j,", ")+" }"}return String(t)};var hasOwn=Object.prototype.hasOwnProperty||function(t){return t in this};function has(t,e){return hasOwn.call(t,e)}function toStr(t){return objectToString.call(t)}function nameOf(t){if(t.name)return t.name;var e=$match.call(functionToString.call(t),/^function\s*([\w$]+)/);return e?e[1]:null}function indexOf(t,e){if(t.indexOf)return t.indexOf(e);for(var r=0,n=t.length;r<n;r++)if(t[r]===e)return r;return-1}function isMap(t){if(!mapSize||!t||"object"!=typeof t)return!1;try{mapSize.call(t);try{setSize.call(t)}catch(t){return!0}return t instanceof Map}catch(t){}return!1}function isWeakMap(t){if(!weakMapHas||!t||"object"!=typeof t)return!1;try{weakMapHas.call(t,weakMapHas);try{weakSetHas.call(t,weakSetHas)}catch(t){return!0}return t instanceof WeakMap}catch(t){}return!1}function isWeakRef(t){if(!weakRefDeref||!t||"object"!=typeof t)return!1;try{return weakRefDeref.call(t),!0}catch(t){}return!1}function isSet(t){if(!setSize||!t||"object"!=typeof t)return!1;try{setSize.call(t);try{mapSize.call(t)}catch(t){return!0}return t instanceof Set}catch(t){}return!1}function isWeakSet(t){if(!weakSetHas||!t||"object"!=typeof t)return!1;try{weakSetHas.call(t,weakSetHas);try{weakMapHas.call(t,weakMapHas)}catch(t){return!0}return t instanceof WeakSet}catch(t){}return!1}function isElement(t){return!(!t||"object"!=typeof t)&&("undefined"!=typeof HTMLElement&&t instanceof HTMLElement||"string"==typeof t.nodeName&&"function"==typeof t.getAttribute)}function inspectString(t,e){if(t.length>e.maxStringLength){var r=t.length-e.maxStringLength,n="... "+r+" more character"+(r>1?"s":"");return inspectString($slice.call(t,0,e.maxStringLength),e)+n}var o=quoteREs[e.quoteStyle||"single"];return o.lastIndex=0,wrapQuotes($replace.call($replace.call(t,o,"\\$1"),/[\x00-\x1f]/g,lowbyte),"single",e)}function lowbyte(t){var e=t.charCodeAt(0),r={8:"b",9:"t",10:"n",12:"f",13:"r"}[e];return r?"\\"+r:"\\x"+(e<16?"0":"")+$toUpperCase.call(e.toString(16))}function markBoxed(t){return"Object("+t+")"}function weakCollectionOf(t){return t+" { ? }"}function collectionOf(t,e,r,n){return t+" ("+e+") {"+(n?indentedJoin(r,n):$join.call(r,", "))+"}"}function singleLineValues(t){for(var e=0;e<t.length;e++)if(indexOf(t[e],"\n")>=0)return!1;return!0}function getIndent(t,e){var r;if("\t"===t.indent)r="\t";else{if(!("number"==typeof t.indent&&t.indent>0))return null;r=$join.call(Array(t.indent+1)," ")}return{base:r,prev:$join.call(Array(e+1),r)}}function indentedJoin(t,e){if(0===t.length)return"";var r="\n"+e.prev+e.base;return r+$join.call(t,","+r)+"\n"+e.prev}function arrObjKeys(t,e){var r=isArray(t),n=[];if(r){n.length=t.length;for(var o=0;o<t.length;o++)n[o]=has(t,o)?e(t[o],t):""}var i,a="function"==typeof gOPS?gOPS(t):[];if(hasShammedSymbols){i={};for(var c=0;c<a.length;c++)i["$"+a[c]]=a[c]}for(var l in t)has(t,l)&&(r&&String(Number(l))===l&&l<t.length||hasShammedSymbols&&i["$"+l]instanceof Symbol||($test.call(/[^\w$]/,l)?n.push(e(l,t)+": "+e(t[l],t)):n.push(l+": "+e(t[l],t))));if("function"==typeof gOPS)for(var u=0;u<a.length;u++)isEnumerable.call(t,a[u])&&n.push("["+e(a[u])+"]: "+e(t[a[u]],t));return n}
+
+}).call(this)}).call(this,typeof global !== "undefined" ? global : typeof self !== "undefined" ? self : typeof window !== "undefined" ? window : {})
+},{"6":6}],43:[function(require,module,exports){
+"use strict";var inspect=require(42),$TypeError=require(20),listGetNode=function(e,t,n){for(var i,r=e;null!=(i=r.next);r=i)if(i.key===t)return r.next=i.next,n||(i.next=e.next,e.next=i),i},listGet=function(e,t){if(e){var n=listGetNode(e,t);return n&&n.value}},listSet=function(e,t,n){var i=listGetNode(e,t);i?i.value=n:e.next={key:t,next:e.next,value:n}},listHas=function(e,t){return!!e&&!!listGetNode(e,t)},listDelete=function(e,t){if(e)return listGetNode(e,t,!0)};module.exports=function getSideChannelList(){var e,t={assert:function(e){if(!t.has(e))throw new $TypeError("Side channel does not contain "+inspect(e))},delete:function(t){var n=e&&e.next,i=listDelete(e,t);return i&&n&&n===i&&(e=void 0),!!i},get:function(t){return listGet(e,t)},has:function(t){return listHas(e,t)},set:function(t,n){e||(e={next:void 0}),listSet(e,t,n)}};return t};
+
+},{"20":20,"42":42}],44:[function(require,module,exports){
+"use strict";var GetIntrinsic=require(25),callBound=require(12),inspect=require(42),$TypeError=require(20),$Map=GetIntrinsic("%Map%",!0),$mapGet=callBound("Map.prototype.get",!0),$mapSet=callBound("Map.prototype.set",!0),$mapHas=callBound("Map.prototype.has",!0),$mapDelete=callBound("Map.prototype.delete",!0),$mapSize=callBound("Map.prototype.size",!0);module.exports=!!$Map&&function getSideChannelMap(){var e,t={assert:function(e){if(!t.has(e))throw new $TypeError("Side channel does not contain "+inspect(e))},delete:function(t){if(e){var n=$mapDelete(e,t);return 0===$mapSize(e)&&(e=void 0),n}return!1},get:function(t){if(e)return $mapGet(e,t)},has:function(t){return!!e&&$mapHas(e,t)},set:function(t,n){e||(e=new $Map),$mapSet(e,t,n)}};return t};
+
+},{"12":12,"20":20,"25":25,"42":42}],45:[function(require,module,exports){
+"use strict";var GetIntrinsic=require(25),callBound=require(12),inspect=require(42),getSideChannelMap=require(44),$TypeError=require(20),$WeakMap=GetIntrinsic("%WeakMap%",!0),$weakMapGet=callBound("WeakMap.prototype.get",!0),$weakMapSet=callBound("WeakMap.prototype.set",!0),$weakMapHas=callBound("WeakMap.prototype.has",!0),$weakMapDelete=callBound("WeakMap.prototype.delete",!0);module.exports=$WeakMap?function getSideChannelWeakMap(){var e,t,a={assert:function(e){if(!a.has(e))throw new $TypeError("Side channel does not contain "+inspect(e))},delete:function(a){if($WeakMap&&a&&("object"==typeof a||"function"==typeof a)){if(e)return $weakMapDelete(e,a)}else if(getSideChannelMap&&t)return t.delete(a);return!1},get:function(a){return $WeakMap&&a&&("object"==typeof a||"function"==typeof a)&&e?$weakMapGet(e,a):t&&t.get(a)},has:function(a){return $WeakMap&&a&&("object"==typeof a||"function"==typeof a)&&e?$weakMapHas(e,a):!!t&&t.has(a)},set:function(a,n){$WeakMap&&a&&("object"==typeof a||"function"==typeof a)?(e||(e=new $WeakMap),$weakMapSet(e,a,n)):getSideChannelMap&&(t||(t=getSideChannelMap()),t.set(a,n))}};return a}:getSideChannelMap;
+
+},{"12":12,"20":20,"25":25,"42":42,"44":44}]},{},[2])(2)
+});
diff --git a/src/Servers/ExpressServer/node_modules/qs/eslint.config.mjs b/src/Servers/ExpressServer/node_modules/qs/eslint.config.mjs
new file mode 100644
index 0000000..bdde6e9
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/qs/eslint.config.mjs
@@ -0,0 +1,56 @@
+import ljharbConfig from '@ljharb/eslint-config/flat';
+
+export default [
+    {
+        ignores: ['dist/'],
+    },
+
+    ...ljharbConfig,
+
+    {
+        rules: {
+            complexity: 'off',
+            'consistent-return': 'warn',
+            'func-name-matching': 'off',
+            'id-length': [
+                'error',
+                {
+                    max: 25,
+                    min: 1,
+                    properties: 'never',
+                },
+            ],
+            indent: ['error', 4],
+            'max-lines': 'off',
+            'max-lines-per-function': [
+                'error',
+                { max: 150 },
+            ],
+            'max-params': ['error', 18],
+            'max-statements': ['error', 100],
+            'multiline-comment-style': 'off',
+            'no-continue': 'warn',
+            'no-magic-numbers': 'off',
+            'no-restricted-syntax': [
+                'error',
+                'BreakStatement',
+                'DebuggerStatement',
+                'ForInStatement',
+                'LabeledStatement',
+                'WithStatement',
+            ],
+        },
+    },
+
+    {
+        files: ['test/**'],
+        rules: {
+            'function-paren-newline': 'off',
+            'max-lines-per-function': 'off',
+            'max-statements': 'off',
+            'no-buffer-constructor': 'off',
+            'no-extend-native': 'off',
+            'no-throw-literal': 'off',
+        },
+    },
+];
diff --git a/src/Servers/ExpressServer/node_modules/qs/lib/formats.js b/src/Servers/ExpressServer/node_modules/qs/lib/formats.js
new file mode 100644
index 0000000..f36cf20
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/qs/lib/formats.js
@@ -0,0 +1,23 @@
+'use strict';
+
+var replace = String.prototype.replace;
+var percentTwenties = /%20/g;
+
+var Format = {
+    RFC1738: 'RFC1738',
+    RFC3986: 'RFC3986'
+};
+
+module.exports = {
+    'default': Format.RFC3986,
+    formatters: {
+        RFC1738: function (value) {
+            return replace.call(value, percentTwenties, '+');
+        },
+        RFC3986: function (value) {
+            return String(value);
+        }
+    },
+    RFC1738: Format.RFC1738,
+    RFC3986: Format.RFC3986
+};
diff --git a/src/Servers/ExpressServer/node_modules/qs/lib/index.js b/src/Servers/ExpressServer/node_modules/qs/lib/index.js
new file mode 100644
index 0000000..0d6a97d
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/qs/lib/index.js
@@ -0,0 +1,11 @@
+'use strict';
+
+var stringify = require('./stringify');
+var parse = require('./parse');
+var formats = require('./formats');
+
+module.exports = {
+    formats: formats,
+    parse: parse,
+    stringify: stringify
+};
diff --git a/src/Servers/ExpressServer/node_modules/qs/lib/parse.js b/src/Servers/ExpressServer/node_modules/qs/lib/parse.js
new file mode 100644
index 0000000..2aa1c48
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/qs/lib/parse.js
@@ -0,0 +1,371 @@
+'use strict';
+
+var utils = require('./utils');
+
+var has = Object.prototype.hasOwnProperty;
+var isArray = Array.isArray;
+
+var defaults = {
+    allowDots: false,
+    allowEmptyArrays: false,
+    allowPrototypes: false,
+    allowSparse: false,
+    arrayLimit: 20,
+    charset: 'utf-8',
+    charsetSentinel: false,
+    comma: false,
+    decodeDotInKeys: false,
+    decoder: utils.decode,
+    delimiter: '&',
+    depth: 5,
+    duplicates: 'combine',
+    ignoreQueryPrefix: false,
+    interpretNumericEntities: false,
+    parameterLimit: 1000,
+    parseArrays: true,
+    plainObjects: false,
+    strictDepth: false,
+    strictNullHandling: false,
+    throwOnLimitExceeded: false
+};
+
+var interpretNumericEntities = function (str) {
+    return str.replace(/&#(\d+);/g, function ($0, numberStr) {
+        return String.fromCharCode(parseInt(numberStr, 10));
+    });
+};
+
+var parseArrayValue = function (val, options, currentArrayLength) {
+    if (val && typeof val === 'string' && options.comma && val.indexOf(',') > -1) {
+        return val.split(',');
+    }
+
+    if (options.throwOnLimitExceeded && currentArrayLength >= options.arrayLimit) {
+        throw new RangeError('Array limit exceeded. Only ' + options.arrayLimit + ' element' + (options.arrayLimit === 1 ? '' : 's') + ' allowed in an array.');
+    }
+
+    return val;
+};
+
+// This is what browsers will submit when the ✓ character occurs in an
+// application/x-www-form-urlencoded body and the encoding of the page containing
+// the form is iso-8859-1, or when the submitted form has an accept-charset
+// attribute of iso-8859-1. Presumably also with other charsets that do not contain
+// the ✓ character, such as us-ascii.
+var isoSentinel = 'utf8=%26%2310003%3B'; // encodeURIComponent('&#10003;')
+
+// These are the percent-encoded utf-8 octets representing a checkmark, indicating that the request actually is utf-8 encoded.
+var charsetSentinel = 'utf8=%E2%9C%93'; // encodeURIComponent('✓')
+
+var parseValues = function parseQueryStringValues(str, options) {
+    var obj = { __proto__: null };
+
+    var cleanStr = options.ignoreQueryPrefix ? str.replace(/^\?/, '') : str;
+    cleanStr = cleanStr.replace(/%5B/gi, '[').replace(/%5D/gi, ']');
+
+    var limit = options.parameterLimit === Infinity ? void undefined : options.parameterLimit;
+    var parts = cleanStr.split(
+        options.delimiter,
+        options.throwOnLimitExceeded ? limit + 1 : limit
+    );
+
+    if (options.throwOnLimitExceeded && parts.length > limit) {
+        throw new RangeError('Parameter limit exceeded. Only ' + limit + ' parameter' + (limit === 1 ? '' : 's') + ' allowed.');
+    }
+
+    var skipIndex = -1; // Keep track of where the utf8 sentinel was found
+    var i;
+
+    var charset = options.charset;
+    if (options.charsetSentinel) {
+        for (i = 0; i < parts.length; ++i) {
+            if (parts[i].indexOf('utf8=') === 0) {
+                if (parts[i] === charsetSentinel) {
+                    charset = 'utf-8';
+                } else if (parts[i] === isoSentinel) {
+                    charset = 'iso-8859-1';
+                }
+                skipIndex = i;
+                i = parts.length; // The eslint settings do not allow break;
+            }
+        }
+    }
+
+    for (i = 0; i < parts.length; ++i) {
+        if (i === skipIndex) {
+            continue;
+        }
+        var part = parts[i];
+
+        var bracketEqualsPos = part.indexOf(']=');
+        var pos = bracketEqualsPos === -1 ? part.indexOf('=') : bracketEqualsPos + 1;
+
+        var key;
+        var val;
+        if (pos === -1) {
+            key = options.decoder(part, defaults.decoder, charset, 'key');
+            val = options.strictNullHandling ? null : '';
+        } else {
+            key = options.decoder(part.slice(0, pos), defaults.decoder, charset, 'key');
+
+            if (key !== null) {
+                val = utils.maybeMap(
+                    parseArrayValue(
+                        part.slice(pos + 1),
+                        options,
+                        isArray(obj[key]) ? obj[key].length : 0
+                    ),
+                    function (encodedVal) {
+                        return options.decoder(encodedVal, defaults.decoder, charset, 'value');
+                    }
+                );
+            }
+        }
+
+        if (val && options.interpretNumericEntities && charset === 'iso-8859-1') {
+            val = interpretNumericEntities(String(val));
+        }
+
+        if (part.indexOf('[]=') > -1) {
+            val = isArray(val) ? [val] : val;
+        }
+
+        if (options.comma && isArray(val) && val.length > options.arrayLimit) {
+            if (options.throwOnLimitExceeded) {
+                throw new RangeError('Array limit exceeded. Only ' + options.arrayLimit + ' element' + (options.arrayLimit === 1 ? '' : 's') + ' allowed in an array.');
+            }
+            val = utils.combine([], val, options.arrayLimit, options.plainObjects);
+        }
+
+        if (key !== null) {
+            var existing = has.call(obj, key);
+            if (existing && options.duplicates === 'combine') {
+                obj[key] = utils.combine(
+                    obj[key],
+                    val,
+                    options.arrayLimit,
+                    options.plainObjects
+                );
+            } else if (!existing || options.duplicates === 'last') {
+                obj[key] = val;
+            }
+        }
+    }
+
+    return obj;
+};
+
+var parseObject = function (chain, val, options, valuesParsed) {
+    var currentArrayLength = 0;
+    if (chain.length > 0 && chain[chain.length - 1] === '[]') {
+        var parentKey = chain.slice(0, -1).join('');
+        currentArrayLength = Array.isArray(val) && val[parentKey] ? val[parentKey].length : 0;
+    }
+
+    var leaf = valuesParsed ? val : parseArrayValue(val, options, currentArrayLength);
+
+    for (var i = chain.length - 1; i >= 0; --i) {
+        var obj;
+        var root = chain[i];
+
+        if (root === '[]' && options.parseArrays) {
+            if (utils.isOverflow(leaf)) {
+                // leaf is already an overflow object, preserve it
+                obj = leaf;
+            } else {
+                obj = options.allowEmptyArrays && (leaf === '' || (options.strictNullHandling && leaf === null))
+                    ? []
+                    : utils.combine(
+                        [],
+                        leaf,
+                        options.arrayLimit,
+                        options.plainObjects
+                    );
+            }
+        } else {
+            obj = options.plainObjects ? { __proto__: null } : {};
+            var cleanRoot = root.charAt(0) === '[' && root.charAt(root.length - 1) === ']' ? root.slice(1, -1) : root;
+            var decodedRoot = options.decodeDotInKeys ? cleanRoot.replace(/%2E/g, '.') : cleanRoot;
+            var index = parseInt(decodedRoot, 10);
+            var isValidArrayIndex = !isNaN(index)
+                && root !== decodedRoot
+                && String(index) === decodedRoot
+                && index >= 0
+                && options.parseArrays;
+            if (!options.parseArrays && decodedRoot === '') {
+                obj = { 0: leaf };
+            } else if (isValidArrayIndex && index < options.arrayLimit) {
+                obj = [];
+                obj[index] = leaf;
+            } else if (isValidArrayIndex && options.throwOnLimitExceeded) {
+                throw new RangeError('Array limit exceeded. Only ' + options.arrayLimit + ' element' + (options.arrayLimit === 1 ? '' : 's') + ' allowed in an array.');
+            } else if (isValidArrayIndex) {
+                obj[index] = leaf;
+                utils.markOverflow(obj, index);
+            } else if (decodedRoot !== '__proto__') {
+                obj[decodedRoot] = leaf;
+            }
+        }
+
+        leaf = obj;
+    }
+
+    return leaf;
+};
+
+var splitKeyIntoSegments = function splitKeyIntoSegments(givenKey, options) {
+    var key = options.allowDots ? givenKey.replace(/\.([^.[]+)/g, '[$1]') : givenKey;
+
+    if (options.depth <= 0) {
+        if (!options.plainObjects && has.call(Object.prototype, key)) {
+            if (!options.allowPrototypes) {
+                return;
+            }
+        }
+
+        return [key];
+    }
+
+    var brackets = /(\[[^[\]]*])/;
+    var child = /(\[[^[\]]*])/g;
+
+    var segment = brackets.exec(key);
+    var parent = segment ? key.slice(0, segment.index) : key;
+
+    var keys = [];
+
+    if (parent) {
+        if (!options.plainObjects && has.call(Object.prototype, parent)) {
+            if (!options.allowPrototypes) {
+                return;
+            }
+        }
+
+        keys[keys.length] = parent;
+    }
+
+    var i = 0;
+    while ((segment = child.exec(key)) !== null && i < options.depth) {
+        i += 1;
+
+        var segmentContent = segment[1].slice(1, -1);
+        if (!options.plainObjects && has.call(Object.prototype, segmentContent)) {
+            if (!options.allowPrototypes) {
+                return;
+            }
+        }
+
+        keys[keys.length] = segment[1];
+    }
+
+    if (segment) {
+        if (options.strictDepth === true) {
+            throw new RangeError('Input depth exceeded depth option of ' + options.depth + ' and strictDepth is true');
+        }
+
+        keys[keys.length] = '[' + key.slice(segment.index) + ']';
+    }
+
+    return keys;
+};
+
+var parseKeys = function parseQueryStringKeys(givenKey, val, options, valuesParsed) {
+    if (!givenKey) {
+        return;
+    }
+
+    var keys = splitKeyIntoSegments(givenKey, options);
+
+    if (!keys) {
+        return;
+    }
+
+    return parseObject(keys, val, options, valuesParsed);
+};
+
+var normalizeParseOptions = function normalizeParseOptions(opts) {
+    if (!opts) {
+        return defaults;
+    }
+
+    if (typeof opts.allowEmptyArrays !== 'undefined' && typeof opts.allowEmptyArrays !== 'boolean') {
+        throw new TypeError('`allowEmptyArrays` option can only be `true` or `false`, when provided');
+    }
+
+    if (typeof opts.decodeDotInKeys !== 'undefined' && typeof opts.decodeDotInKeys !== 'boolean') {
+        throw new TypeError('`decodeDotInKeys` option can only be `true` or `false`, when provided');
+    }
+
+    if (opts.decoder !== null && typeof opts.decoder !== 'undefined' && typeof opts.decoder !== 'function') {
+        throw new TypeError('Decoder has to be a function.');
+    }
+
+    if (typeof opts.charset !== 'undefined' && opts.charset !== 'utf-8' && opts.charset !== 'iso-8859-1') {
+        throw new TypeError('The charset option must be either utf-8, iso-8859-1, or undefined');
+    }
+
+    if (typeof opts.throwOnLimitExceeded !== 'undefined' && typeof opts.throwOnLimitExceeded !== 'boolean') {
+        throw new TypeError('`throwOnLimitExceeded` option must be a boolean');
+    }
+
+    var charset = typeof opts.charset === 'undefined' ? defaults.charset : opts.charset;
+
+    var duplicates = typeof opts.duplicates === 'undefined' ? defaults.duplicates : opts.duplicates;
+
+    if (duplicates !== 'combine' && duplicates !== 'first' && duplicates !== 'last') {
+        throw new TypeError('The duplicates option must be either combine, first, or last');
+    }
+
+    var allowDots = typeof opts.allowDots === 'undefined' ? opts.decodeDotInKeys === true ? true : defaults.allowDots : !!opts.allowDots;
+
+    return {
+        allowDots: allowDots,
+        allowEmptyArrays: typeof opts.allowEmptyArrays === 'boolean' ? !!opts.allowEmptyArrays : defaults.allowEmptyArrays,
+        allowPrototypes: typeof opts.allowPrototypes === 'boolean' ? opts.allowPrototypes : defaults.allowPrototypes,
+        allowSparse: typeof opts.allowSparse === 'boolean' ? opts.allowSparse : defaults.allowSparse,
+        arrayLimit: typeof opts.arrayLimit === 'number' ? opts.arrayLimit : defaults.arrayLimit,
+        charset: charset,
+        charsetSentinel: typeof opts.charsetSentinel === 'boolean' ? opts.charsetSentinel : defaults.charsetSentinel,
+        comma: typeof opts.comma === 'boolean' ? opts.comma : defaults.comma,
+        decodeDotInKeys: typeof opts.decodeDotInKeys === 'boolean' ? opts.decodeDotInKeys : defaults.decodeDotInKeys,
+        decoder: typeof opts.decoder === 'function' ? opts.decoder : defaults.decoder,
+        delimiter: typeof opts.delimiter === 'string' || utils.isRegExp(opts.delimiter) ? opts.delimiter : defaults.delimiter,
+        // eslint-disable-next-line no-implicit-coercion, no-extra-parens
+        depth: (typeof opts.depth === 'number' || opts.depth === false) ? +opts.depth : defaults.depth,
+        duplicates: duplicates,
+        ignoreQueryPrefix: opts.ignoreQueryPrefix === true,
+        interpretNumericEntities: typeof opts.interpretNumericEntities === 'boolean' ? opts.interpretNumericEntities : defaults.interpretNumericEntities,
+        parameterLimit: typeof opts.parameterLimit === 'number' ? opts.parameterLimit : defaults.parameterLimit,
+        parseArrays: opts.parseArrays !== false,
+        plainObjects: typeof opts.plainObjects === 'boolean' ? opts.plainObjects : defaults.plainObjects,
+        strictDepth: typeof opts.strictDepth === 'boolean' ? !!opts.strictDepth : defaults.strictDepth,
+        strictNullHandling: typeof opts.strictNullHandling === 'boolean' ? opts.strictNullHandling : defaults.strictNullHandling,
+        throwOnLimitExceeded: typeof opts.throwOnLimitExceeded === 'boolean' ? opts.throwOnLimitExceeded : false
+    };
+};
+
+module.exports = function (str, opts) {
+    var options = normalizeParseOptions(opts);
+
+    if (str === '' || str === null || typeof str === 'undefined') {
+        return options.plainObjects ? { __proto__: null } : {};
+    }
+
+    var tempObj = typeof str === 'string' ? parseValues(str, options) : str;
+    var obj = options.plainObjects ? { __proto__: null } : {};
+
+    // Iterate over the keys and setup the new object
+
+    var keys = Object.keys(tempObj);
+    for (var i = 0; i < keys.length; ++i) {
+        var key = keys[i];
+        var newObj = parseKeys(key, tempObj[key], options, typeof str === 'string');
+        obj = utils.merge(obj, newObj, options);
+    }
+
+    if (options.allowSparse === true) {
+        return obj;
+    }
+
+    return utils.compact(obj);
+};
diff --git a/src/Servers/ExpressServer/node_modules/qs/lib/stringify.js b/src/Servers/ExpressServer/node_modules/qs/lib/stringify.js
new file mode 100644
index 0000000..2666eaf
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/qs/lib/stringify.js
@@ -0,0 +1,356 @@
+'use strict';
+
+var getSideChannel = require('side-channel');
+var utils = require('./utils');
+var formats = require('./formats');
+var has = Object.prototype.hasOwnProperty;
+
+var arrayPrefixGenerators = {
+    brackets: function brackets(prefix) {
+        return prefix + '[]';
+    },
+    comma: 'comma',
+    indices: function indices(prefix, key) {
+        return prefix + '[' + key + ']';
+    },
+    repeat: function repeat(prefix) {
+        return prefix;
+    }
+};
+
+var isArray = Array.isArray;
+var push = Array.prototype.push;
+var pushToArray = function (arr, valueOrArray) {
+    push.apply(arr, isArray(valueOrArray) ? valueOrArray : [valueOrArray]);
+};
+
+var toISO = Date.prototype.toISOString;
+
+var defaultFormat = formats['default'];
+var defaults = {
+    addQueryPrefix: false,
+    allowDots: false,
+    allowEmptyArrays: false,
+    arrayFormat: 'indices',
+    charset: 'utf-8',
+    charsetSentinel: false,
+    commaRoundTrip: false,
+    delimiter: '&',
+    encode: true,
+    encodeDotInKeys: false,
+    encoder: utils.encode,
+    encodeValuesOnly: false,
+    filter: void undefined,
+    format: defaultFormat,
+    formatter: formats.formatters[defaultFormat],
+    // deprecated
+    indices: false,
+    serializeDate: function serializeDate(date) {
+        return toISO.call(date);
+    },
+    skipNulls: false,
+    strictNullHandling: false
+};
+
+var isNonNullishPrimitive = function isNonNullishPrimitive(v) {
+    return typeof v === 'string'
+        || typeof v === 'number'
+        || typeof v === 'boolean'
+        || typeof v === 'symbol'
+        || typeof v === 'bigint';
+};
+
+var sentinel = {};
+
+var stringify = function stringify(
+    object,
+    prefix,
+    generateArrayPrefix,
+    commaRoundTrip,
+    allowEmptyArrays,
+    strictNullHandling,
+    skipNulls,
+    encodeDotInKeys,
+    encoder,
+    filter,
+    sort,
+    allowDots,
+    serializeDate,
+    format,
+    formatter,
+    encodeValuesOnly,
+    charset,
+    sideChannel
+) {
+    var obj = object;
+
+    var tmpSc = sideChannel;
+    var step = 0;
+    var findFlag = false;
+    while ((tmpSc = tmpSc.get(sentinel)) !== void undefined && !findFlag) {
+        // Where object last appeared in the ref tree
+        var pos = tmpSc.get(object);
+        step += 1;
+        if (typeof pos !== 'undefined') {
+            if (pos === step) {
+                throw new RangeError('Cyclic object value');
+            } else {
+                findFlag = true; // Break while
+            }
+        }
+        if (typeof tmpSc.get(sentinel) === 'undefined') {
+            step = 0;
+        }
+    }
+
+    if (typeof filter === 'function') {
+        obj = filter(prefix, obj);
+    } else if (obj instanceof Date) {
+        obj = serializeDate(obj);
+    } else if (generateArrayPrefix === 'comma' && isArray(obj)) {
+        obj = utils.maybeMap(obj, function (value) {
+            if (value instanceof Date) {
+                return serializeDate(value);
+            }
+            return value;
+        });
+    }
+
+    if (obj === null) {
+        if (strictNullHandling) {
+            return encoder && !encodeValuesOnly ? encoder(prefix, defaults.encoder, charset, 'key', format) : prefix;
+        }
+
+        obj = '';
+    }
+
+    if (isNonNullishPrimitive(obj) || utils.isBuffer(obj)) {
+        if (encoder) {
+            var keyValue = encodeValuesOnly ? prefix : encoder(prefix, defaults.encoder, charset, 'key', format);
+            return [formatter(keyValue) + '=' + formatter(encoder(obj, defaults.encoder, charset, 'value', format))];
+        }
+        return [formatter(prefix) + '=' + formatter(String(obj))];
+    }
+
+    var values = [];
+
+    if (typeof obj === 'undefined') {
+        return values;
+    }
+
+    var objKeys;
+    if (generateArrayPrefix === 'comma' && isArray(obj)) {
+        // we need to join elements in
+        if (encodeValuesOnly && encoder) {
+            obj = utils.maybeMap(obj, encoder);
+        }
+        objKeys = [{ value: obj.length > 0 ? obj.join(',') || null : void undefined }];
+    } else if (isArray(filter)) {
+        objKeys = filter;
+    } else {
+        var keys = Object.keys(obj);
+        objKeys = sort ? keys.sort(sort) : keys;
+    }
+
+    var encodedPrefix = encodeDotInKeys ? String(prefix).replace(/\./g, '%2E') : String(prefix);
+
+    var adjustedPrefix = commaRoundTrip && isArray(obj) && obj.length === 1 ? encodedPrefix + '[]' : encodedPrefix;
+
+    if (allowEmptyArrays && isArray(obj) && obj.length === 0) {
+        return adjustedPrefix + '[]';
+    }
+
+    for (var j = 0; j < objKeys.length; ++j) {
+        var key = objKeys[j];
+        var value = typeof key === 'object' && key && typeof key.value !== 'undefined'
+            ? key.value
+            : obj[key];
+
+        if (skipNulls && value === null) {
+            continue;
+        }
+
+        var encodedKey = allowDots && encodeDotInKeys ? String(key).replace(/\./g, '%2E') : String(key);
+        var keyPrefix = isArray(obj)
+            ? typeof generateArrayPrefix === 'function' ? generateArrayPrefix(adjustedPrefix, encodedKey) : adjustedPrefix
+            : adjustedPrefix + (allowDots ? '.' + encodedKey : '[' + encodedKey + ']');
+
+        sideChannel.set(object, step);
+        var valueSideChannel = getSideChannel();
+        valueSideChannel.set(sentinel, sideChannel);
+        pushToArray(values, stringify(
+            value,
+            keyPrefix,
+            generateArrayPrefix,
+            commaRoundTrip,
+            allowEmptyArrays,
+            strictNullHandling,
+            skipNulls,
+            encodeDotInKeys,
+            generateArrayPrefix === 'comma' && encodeValuesOnly && isArray(obj) ? null : encoder,
+            filter,
+            sort,
+            allowDots,
+            serializeDate,
+            format,
+            formatter,
+            encodeValuesOnly,
+            charset,
+            valueSideChannel
+        ));
+    }
+
+    return values;
+};
+
+var normalizeStringifyOptions = function normalizeStringifyOptions(opts) {
+    if (!opts) {
+        return defaults;
+    }
+
+    if (typeof opts.allowEmptyArrays !== 'undefined' && typeof opts.allowEmptyArrays !== 'boolean') {
+        throw new TypeError('`allowEmptyArrays` option can only be `true` or `false`, when provided');
+    }
+
+    if (typeof opts.encodeDotInKeys !== 'undefined' && typeof opts.encodeDotInKeys !== 'boolean') {
+        throw new TypeError('`encodeDotInKeys` option can only be `true` or `false`, when provided');
+    }
+
+    if (opts.encoder !== null && typeof opts.encoder !== 'undefined' && typeof opts.encoder !== 'function') {
+        throw new TypeError('Encoder has to be a function.');
+    }
+
+    var charset = opts.charset || defaults.charset;
+    if (typeof opts.charset !== 'undefined' && opts.charset !== 'utf-8' && opts.charset !== 'iso-8859-1') {
+        throw new TypeError('The charset option must be either utf-8, iso-8859-1, or undefined');
+    }
+
+    var format = formats['default'];
+    if (typeof opts.format !== 'undefined') {
+        if (!has.call(formats.formatters, opts.format)) {
+            throw new TypeError('Unknown format option provided.');
+        }
+        format = opts.format;
+    }
+    var formatter = formats.formatters[format];
+
+    var filter = defaults.filter;
+    if (typeof opts.filter === 'function' || isArray(opts.filter)) {
+        filter = opts.filter;
+    }
+
+    var arrayFormat;
+    if (opts.arrayFormat in arrayPrefixGenerators) {
+        arrayFormat = opts.arrayFormat;
+    } else if ('indices' in opts) {
+        arrayFormat = opts.indices ? 'indices' : 'repeat';
+    } else {
+        arrayFormat = defaults.arrayFormat;
+    }
+
+    if ('commaRoundTrip' in opts && typeof opts.commaRoundTrip !== 'boolean') {
+        throw new TypeError('`commaRoundTrip` must be a boolean, or absent');
+    }
+
+    var allowDots = typeof opts.allowDots === 'undefined' ? opts.encodeDotInKeys === true ? true : defaults.allowDots : !!opts.allowDots;
+
+    return {
+        addQueryPrefix: typeof opts.addQueryPrefix === 'boolean' ? opts.addQueryPrefix : defaults.addQueryPrefix,
+        allowDots: allowDots,
+        allowEmptyArrays: typeof opts.allowEmptyArrays === 'boolean' ? !!opts.allowEmptyArrays : defaults.allowEmptyArrays,
+        arrayFormat: arrayFormat,
+        charset: charset,
+        charsetSentinel: typeof opts.charsetSentinel === 'boolean' ? opts.charsetSentinel : defaults.charsetSentinel,
+        commaRoundTrip: !!opts.commaRoundTrip,
+        delimiter: typeof opts.delimiter === 'undefined' ? defaults.delimiter : opts.delimiter,
+        encode: typeof opts.encode === 'boolean' ? opts.encode : defaults.encode,
+        encodeDotInKeys: typeof opts.encodeDotInKeys === 'boolean' ? opts.encodeDotInKeys : defaults.encodeDotInKeys,
+        encoder: typeof opts.encoder === 'function' ? opts.encoder : defaults.encoder,
+        encodeValuesOnly: typeof opts.encodeValuesOnly === 'boolean' ? opts.encodeValuesOnly : defaults.encodeValuesOnly,
+        filter: filter,
+        format: format,
+        formatter: formatter,
+        serializeDate: typeof opts.serializeDate === 'function' ? opts.serializeDate : defaults.serializeDate,
+        skipNulls: typeof opts.skipNulls === 'boolean' ? opts.skipNulls : defaults.skipNulls,
+        sort: typeof opts.sort === 'function' ? opts.sort : null,
+        strictNullHandling: typeof opts.strictNullHandling === 'boolean' ? opts.strictNullHandling : defaults.strictNullHandling
+    };
+};
+
+module.exports = function (object, opts) {
+    var obj = object;
+    var options = normalizeStringifyOptions(opts);
+
+    var objKeys;
+    var filter;
+
+    if (typeof options.filter === 'function') {
+        filter = options.filter;
+        obj = filter('', obj);
+    } else if (isArray(options.filter)) {
+        filter = options.filter;
+        objKeys = filter;
+    }
+
+    var keys = [];
+
+    if (typeof obj !== 'object' || obj === null) {
+        return '';
+    }
+
+    var generateArrayPrefix = arrayPrefixGenerators[options.arrayFormat];
+    var commaRoundTrip = generateArrayPrefix === 'comma' && options.commaRoundTrip;
+
+    if (!objKeys) {
+        objKeys = Object.keys(obj);
+    }
+
+    if (options.sort) {
+        objKeys.sort(options.sort);
+    }
+
+    var sideChannel = getSideChannel();
+    for (var i = 0; i < objKeys.length; ++i) {
+        var key = objKeys[i];
+        var value = obj[key];
+
+        if (options.skipNulls && value === null) {
+            continue;
+        }
+        pushToArray(keys, stringify(
+            value,
+            key,
+            generateArrayPrefix,
+            commaRoundTrip,
+            options.allowEmptyArrays,
+            options.strictNullHandling,
+            options.skipNulls,
+            options.encodeDotInKeys,
+            options.encode ? options.encoder : null,
+            options.filter,
+            options.sort,
+            options.allowDots,
+            options.serializeDate,
+            options.format,
+            options.formatter,
+            options.encodeValuesOnly,
+            options.charset,
+            sideChannel
+        ));
+    }
+
+    var joined = keys.join(options.delimiter);
+    var prefix = options.addQueryPrefix === true ? '?' : '';
+
+    if (options.charsetSentinel) {
+        if (options.charset === 'iso-8859-1') {
+            // encodeURIComponent('&#10003;'), the "numeric entity" representation of a checkmark
+            prefix += 'utf8=%26%2310003%3B&';
+        } else {
+            // encodeURIComponent('✓')
+            prefix += 'utf8=%E2%9C%93&';
+        }
+    }
+
+    return joined.length > 0 ? prefix + joined : '';
+};
diff --git a/src/Servers/ExpressServer/node_modules/qs/lib/utils.js b/src/Servers/ExpressServer/node_modules/qs/lib/utils.js
new file mode 100644
index 0000000..8e10e39
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/qs/lib/utils.js
@@ -0,0 +1,340 @@
+'use strict';
+
+var formats = require('./formats');
+var getSideChannel = require('side-channel');
+
+var has = Object.prototype.hasOwnProperty;
+var isArray = Array.isArray;
+
+// Track objects created from arrayLimit overflow using side-channel
+// Stores the current max numeric index for O(1) lookup
+var overflowChannel = getSideChannel();
+
+var markOverflow = function markOverflow(obj, maxIndex) {
+    overflowChannel.set(obj, maxIndex);
+    return obj;
+};
+
+var isOverflow = function isOverflow(obj) {
+    return overflowChannel.has(obj);
+};
+
+var getMaxIndex = function getMaxIndex(obj) {
+    return overflowChannel.get(obj);
+};
+
+var setMaxIndex = function setMaxIndex(obj, maxIndex) {
+    overflowChannel.set(obj, maxIndex);
+};
+
+var hexTable = (function () {
+    var array = [];
+    for (var i = 0; i < 256; ++i) {
+        array[array.length] = '%' + ((i < 16 ? '0' : '') + i.toString(16)).toUpperCase();
+    }
+
+    return array;
+}());
+
+var compactQueue = function compactQueue(queue) {
+    while (queue.length > 1) {
+        var item = queue.pop();
+        var obj = item.obj[item.prop];
+
+        if (isArray(obj)) {
+            var compacted = [];
+
+            for (var j = 0; j < obj.length; ++j) {
+                if (typeof obj[j] !== 'undefined') {
+                    compacted[compacted.length] = obj[j];
+                }
+            }
+
+            item.obj[item.prop] = compacted;
+        }
+    }
+};
+
+var arrayToObject = function arrayToObject(source, options) {
+    var obj = options && options.plainObjects ? { __proto__: null } : {};
+    for (var i = 0; i < source.length; ++i) {
+        if (typeof source[i] !== 'undefined') {
+            obj[i] = source[i];
+        }
+    }
+
+    return obj;
+};
+
+var merge = function merge(target, source, options) {
+    /* eslint no-param-reassign: 0 */
+    if (!source) {
+        return target;
+    }
+
+    if (typeof source !== 'object' && typeof source !== 'function') {
+        if (isArray(target)) {
+            var nextIndex = target.length;
+            if (options && typeof options.arrayLimit === 'number' && nextIndex > options.arrayLimit) {
+                return markOverflow(arrayToObject(target.concat(source), options), nextIndex);
+            }
+            target[nextIndex] = source;
+        } else if (target && typeof target === 'object') {
+            if (isOverflow(target)) {
+                // Add at next numeric index for overflow objects
+                var newIndex = getMaxIndex(target) + 1;
+                target[newIndex] = source;
+                setMaxIndex(target, newIndex);
+            } else if (
+                (options && (options.plainObjects || options.allowPrototypes))
+                || !has.call(Object.prototype, source)
+            ) {
+                target[source] = true;
+            }
+        } else {
+            return [target, source];
+        }
+
+        return target;
+    }
+
+    if (!target || typeof target !== 'object') {
+        if (isOverflow(source)) {
+            // Create new object with target at 0, source values shifted by 1
+            var sourceKeys = Object.keys(source);
+            var result = options && options.plainObjects
+                ? { __proto__: null, 0: target }
+                : { 0: target };
+            for (var m = 0; m < sourceKeys.length; m++) {
+                var oldKey = parseInt(sourceKeys[m], 10);
+                result[oldKey + 1] = source[sourceKeys[m]];
+            }
+            return markOverflow(result, getMaxIndex(source) + 1);
+        }
+        var combined = [target].concat(source);
+        if (options && typeof options.arrayLimit === 'number' && combined.length > options.arrayLimit) {
+            return markOverflow(arrayToObject(combined, options), combined.length - 1);
+        }
+        return combined;
+    }
+
+    var mergeTarget = target;
+    if (isArray(target) && !isArray(source)) {
+        mergeTarget = arrayToObject(target, options);
+    }
+
+    if (isArray(target) && isArray(source)) {
+        source.forEach(function (item, i) {
+            if (has.call(target, i)) {
+                var targetItem = target[i];
+                if (targetItem && typeof targetItem === 'object' && item && typeof item === 'object') {
+                    target[i] = merge(targetItem, item, options);
+                } else {
+                    target[target.length] = item;
+                }
+            } else {
+                target[i] = item;
+            }
+        });
+        return target;
+    }
+
+    return Object.keys(source).reduce(function (acc, key) {
+        var value = source[key];
+
+        if (has.call(acc, key)) {
+            acc[key] = merge(acc[key], value, options);
+        } else {
+            acc[key] = value;
+        }
+
+        if (isOverflow(source) && !isOverflow(acc)) {
+            markOverflow(acc, getMaxIndex(source));
+        }
+        if (isOverflow(acc)) {
+            var keyNum = parseInt(key, 10);
+            if (String(keyNum) === key && keyNum >= 0 && keyNum > getMaxIndex(acc)) {
+                setMaxIndex(acc, keyNum);
+            }
+        }
+
+        return acc;
+    }, mergeTarget);
+};
+
+var assign = function assignSingleSource(target, source) {
+    return Object.keys(source).reduce(function (acc, key) {
+        acc[key] = source[key];
+        return acc;
+    }, target);
+};
+
+var decode = function (str, defaultDecoder, charset) {
+    var strWithoutPlus = str.replace(/\+/g, ' ');
+    if (charset === 'iso-8859-1') {
+        // unescape never throws, no try...catch needed:
+        return strWithoutPlus.replace(/%[0-9a-f]{2}/gi, unescape);
+    }
+    // utf-8
+    try {
+        return decodeURIComponent(strWithoutPlus);
+    } catch (e) {
+        return strWithoutPlus;
+    }
+};
+
+var limit = 1024;
+
+/* eslint operator-linebreak: [2, "before"] */
+
+var encode = function encode(str, defaultEncoder, charset, kind, format) {
+    // This code was originally written by Brian White (mscdex) for the io.js core querystring library.
+    // It has been adapted here for stricter adherence to RFC 3986
+    if (str.length === 0) {
+        return str;
+    }
+
+    var string = str;
+    if (typeof str === 'symbol') {
+        string = Symbol.prototype.toString.call(str);
+    } else if (typeof str !== 'string') {
+        string = String(str);
+    }
+
+    if (charset === 'iso-8859-1') {
+        return escape(string).replace(/%u[0-9a-f]{4}/gi, function ($0) {
+            return '%26%23' + parseInt($0.slice(2), 16) + '%3B';
+        });
+    }
+
+    var out = '';
+    for (var j = 0; j < string.length; j += limit) {
+        var segment = string.length >= limit ? string.slice(j, j + limit) : string;
+        var arr = [];
+
+        for (var i = 0; i < segment.length; ++i) {
+            var c = segment.charCodeAt(i);
+            if (
+                c === 0x2D // -
+                || c === 0x2E // .
+                || c === 0x5F // _
+                || c === 0x7E // ~
+                || (c >= 0x30 && c <= 0x39) // 0-9
+                || (c >= 0x41 && c <= 0x5A) // a-z
+                || (c >= 0x61 && c <= 0x7A) // A-Z
+                || (format === formats.RFC1738 && (c === 0x28 || c === 0x29)) // ( )
+            ) {
+                arr[arr.length] = segment.charAt(i);
+                continue;
+            }
+
+            if (c < 0x80) {
+                arr[arr.length] = hexTable[c];
+                continue;
+            }
+
+            if (c < 0x800) {
+                arr[arr.length] = hexTable[0xC0 | (c >> 6)]
+                    + hexTable[0x80 | (c & 0x3F)];
+                continue;
+            }
+
+            if (c < 0xD800 || c >= 0xE000) {
+                arr[arr.length] = hexTable[0xE0 | (c >> 12)]
+                    + hexTable[0x80 | ((c >> 6) & 0x3F)]
+                    + hexTable[0x80 | (c & 0x3F)];
+                continue;
+            }
+
+            i += 1;
+            c = 0x10000 + (((c & 0x3FF) << 10) | (segment.charCodeAt(i) & 0x3FF));
+
+            arr[arr.length] = hexTable[0xF0 | (c >> 18)]
+                + hexTable[0x80 | ((c >> 12) & 0x3F)]
+                + hexTable[0x80 | ((c >> 6) & 0x3F)]
+                + hexTable[0x80 | (c & 0x3F)];
+        }
+
+        out += arr.join('');
+    }
+
+    return out;
+};
+
+var compact = function compact(value) {
+    var queue = [{ obj: { o: value }, prop: 'o' }];
+    var refs = [];
+
+    for (var i = 0; i < queue.length; ++i) {
+        var item = queue[i];
+        var obj = item.obj[item.prop];
+
+        var keys = Object.keys(obj);
+        for (var j = 0; j < keys.length; ++j) {
+            var key = keys[j];
+            var val = obj[key];
+            if (typeof val === 'object' && val !== null && refs.indexOf(val) === -1) {
+                queue[queue.length] = { obj: obj, prop: key };
+                refs[refs.length] = val;
+            }
+        }
+    }
+
+    compactQueue(queue);
+
+    return value;
+};
+
+var isRegExp = function isRegExp(obj) {
+    return Object.prototype.toString.call(obj) === '[object RegExp]';
+};
+
+var isBuffer = function isBuffer(obj) {
+    if (!obj || typeof obj !== 'object') {
+        return false;
+    }
+
+    return !!(obj.constructor && obj.constructor.isBuffer && obj.constructor.isBuffer(obj));
+};
+
+var combine = function combine(a, b, arrayLimit, plainObjects) {
+    // If 'a' is already an overflow object, add to it
+    if (isOverflow(a)) {
+        var newIndex = getMaxIndex(a) + 1;
+        a[newIndex] = b;
+        setMaxIndex(a, newIndex);
+        return a;
+    }
+
+    var result = [].concat(a, b);
+    if (result.length > arrayLimit) {
+        return markOverflow(arrayToObject(result, { plainObjects: plainObjects }), result.length - 1);
+    }
+    return result;
+};
+
+var maybeMap = function maybeMap(val, fn) {
+    if (isArray(val)) {
+        var mapped = [];
+        for (var i = 0; i < val.length; i += 1) {
+            mapped[mapped.length] = fn(val[i]);
+        }
+        return mapped;
+    }
+    return fn(val);
+};
+
+module.exports = {
+    arrayToObject: arrayToObject,
+    assign: assign,
+    combine: combine,
+    compact: compact,
+    decode: decode,
+    encode: encode,
+    isBuffer: isBuffer,
+    isOverflow: isOverflow,
+    isRegExp: isRegExp,
+    markOverflow: markOverflow,
+    maybeMap: maybeMap,
+    merge: merge
+};
diff --git a/src/Servers/ExpressServer/node_modules/qs/package.json b/src/Servers/ExpressServer/node_modules/qs/package.json
new file mode 100644
index 0000000..cb5cfbe
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/qs/package.json
@@ -0,0 +1,94 @@
+{
+    "name": "qs",
+    "description": "A querystring parser that supports nesting and arrays, with a depth limit",
+    "homepage": "https://github.com/ljharb/qs",
+    "version": "6.14.2",
+    "repository": {
+        "type": "git",
+        "url": "https://github.com/ljharb/qs.git"
+    },
+    "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+    },
+    "main": "lib/index.js",
+    "sideEffects": false,
+    "contributors": [
+        {
+            "name": "Jordan Harband",
+            "email": "ljharb@gmail.com",
+            "url": "http://ljharb.codes"
+        }
+    ],
+    "keywords": [
+        "querystring",
+        "qs",
+        "query",
+        "url",
+        "parse",
+        "stringify"
+    ],
+    "engines": {
+        "node": ">=0.6"
+    },
+    "dependencies": {
+        "side-channel": "^1.1.0"
+    },
+    "devDependencies": {
+        "@browserify/envify": "^6.0.0",
+        "@browserify/uglifyify": "^6.0.0",
+        "@ljharb/eslint-config": "^22.1.3",
+        "browserify": "^16.5.2",
+        "bundle-collapser": "^1.4.0",
+        "common-shakeify": "~1.0.0",
+        "eclint": "^2.8.1",
+        "es-value-fixtures": "^1.7.1",
+        "eslint": "^9.39.2",
+        "evalmd": "^0.0.19",
+        "for-each": "^0.3.5",
+        "glob": "=10.3.7",
+        "has-bigints": "^1.1.0",
+        "has-override-mistake": "^1.0.1",
+        "has-property-descriptors": "^1.0.2",
+        "has-proto": "^1.2.0",
+        "has-symbols": "^1.1.0",
+        "iconv-lite": "^0.5.1",
+        "in-publish": "^2.0.1",
+        "jackspeak": "=2.1.1",
+        "jiti": "^0.0.0",
+        "mkdirp": "^0.5.5",
+        "mock-property": "^1.1.0",
+        "module-deps": "^6.2.3",
+        "npmignore": "^0.3.5",
+        "nyc": "^10.3.2",
+        "object-inspect": "^1.13.4",
+        "qs-iconv": "^1.0.4",
+        "safe-publish-latest": "^2.0.0",
+        "safer-buffer": "^2.1.2",
+        "tape": "^5.9.0",
+        "unassertify": "^3.0.1"
+    },
+    "scripts": {
+        "prepack": "npmignore --auto --commentLines=autogenerated && npm run dist",
+        "prepublishOnly": "safe-publish-latest",
+        "prepublish": "not-in-publish || npm run prepublishOnly",
+        "pretest": "npm run --silent readme && npm run --silent lint",
+        "test": "npm run tests-only",
+        "tests-only": "nyc tape 'test/**/*.js'",
+        "posttest": "npx npm@'>=10.2' audit --production",
+        "readme": "evalmd README.md",
+        "postlint": "eclint check $(git ls-files | xargs find 2> /dev/null | grep -vE 'node_modules|\\.git' | grep -v dist/)",
+        "lint": "eslint .",
+        "dist": "mkdirp dist && browserify --standalone Qs -g unassertify -g @browserify/envify -g [@browserify/uglifyify --mangle.keep_fnames --compress.keep_fnames --format.indent_level=1 --compress.arrows=false --compress.passes=4 --compress.typeofs=false] -p common-shakeify -p bundle-collapser/plugin lib/index.js > dist/qs.js"
+    },
+    "license": "BSD-3-Clause",
+    "publishConfig": {
+        "ignore": [
+            "!dist/*",
+            "bower.json",
+            "component.json",
+            ".github/workflows",
+            "logos",
+            "tea.yaml"
+        ]
+    }
+}
diff --git a/src/Servers/ExpressServer/node_modules/qs/test/empty-keys-cases.js b/src/Servers/ExpressServer/node_modules/qs/test/empty-keys-cases.js
new file mode 100644
index 0000000..2b1190e
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/qs/test/empty-keys-cases.js
@@ -0,0 +1,267 @@
+'use strict';
+
+module.exports = {
+    emptyTestCases: [
+        {
+            input: '&',
+            withEmptyKeys: {},
+            stringifyOutput: {
+                brackets: '',
+                indices: '',
+                repeat: ''
+            },
+            noEmptyKeys: {}
+        },
+        {
+            input: '&&',
+            withEmptyKeys: {},
+            stringifyOutput: {
+                brackets: '',
+                indices: '',
+                repeat: ''
+            },
+            noEmptyKeys: {}
+        },
+        {
+            input: '&=',
+            withEmptyKeys: { '': '' },
+            stringifyOutput: {
+                brackets: '=',
+                indices: '=',
+                repeat: '='
+            },
+            noEmptyKeys: {}
+        },
+        {
+            input: '&=&',
+            withEmptyKeys: { '': '' },
+            stringifyOutput: {
+                brackets: '=',
+                indices: '=',
+                repeat: '='
+            },
+            noEmptyKeys: {}
+        },
+        {
+            input: '&=&=',
+            withEmptyKeys: { '': ['', ''] },
+            stringifyOutput: {
+                brackets: '[]=&[]=',
+                indices: '[0]=&[1]=',
+                repeat: '=&='
+            },
+            noEmptyKeys: {}
+        },
+        {
+            input: '&=&=&',
+            withEmptyKeys: { '': ['', ''] },
+            stringifyOutput: {
+                brackets: '[]=&[]=',
+                indices: '[0]=&[1]=',
+                repeat: '=&='
+            },
+            noEmptyKeys: {}
+        },
+        {
+            input: '=',
+            withEmptyKeys: { '': '' },
+            noEmptyKeys: {},
+            stringifyOutput: {
+                brackets: '=',
+                indices: '=',
+                repeat: '='
+            }
+        },
+        {
+            input: '=&',
+            withEmptyKeys: { '': '' },
+            stringifyOutput: {
+                brackets: '=',
+                indices: '=',
+                repeat: '='
+            },
+            noEmptyKeys: {}
+        },
+        {
+            input: '=&&&',
+            withEmptyKeys: { '': '' },
+            stringifyOutput: {
+                brackets: '=',
+                indices: '=',
+                repeat: '='
+            },
+            noEmptyKeys: {}
+        },
+        {
+            input: '=&=&=&',
+            withEmptyKeys: { '': ['', '', ''] },
+            stringifyOutput: {
+                brackets: '[]=&[]=&[]=',
+                indices: '[0]=&[1]=&[2]=',
+                repeat: '=&=&='
+            },
+            noEmptyKeys: {}
+        },
+        {
+            input: '=&a[]=b&a[1]=c',
+            withEmptyKeys: { '': '', a: ['b', 'c'] },
+            stringifyOutput: {
+                brackets: '=&a[]=b&a[]=c',
+                indices: '=&a[0]=b&a[1]=c',
+                repeat: '=&a=b&a=c'
+            },
+            noEmptyKeys: { a: ['b', 'c'] }
+        },
+        {
+            input: '=a',
+            withEmptyKeys: { '': 'a' },
+            noEmptyKeys: {},
+            stringifyOutput: {
+                brackets: '=a',
+                indices: '=a',
+                repeat: '=a'
+            }
+        },
+        {
+            input: 'a==a',
+            withEmptyKeys: { a: '=a' },
+            noEmptyKeys: { a: '=a' },
+            stringifyOutput: {
+                brackets: 'a==a',
+                indices: 'a==a',
+                repeat: 'a==a'
+            }
+        },
+        {
+            input: '=&a[]=b',
+            withEmptyKeys: { '': '', a: ['b'] },
+            stringifyOutput: {
+                brackets: '=&a[]=b',
+                indices: '=&a[0]=b',
+                repeat: '=&a=b'
+            },
+            noEmptyKeys: { a: ['b'] }
+        },
+        {
+            input: '=&a[]=b&a[]=c&a[2]=d',
+            withEmptyKeys: { '': '', a: ['b', 'c', 'd'] },
+            stringifyOutput: {
+                brackets: '=&a[]=b&a[]=c&a[]=d',
+                indices: '=&a[0]=b&a[1]=c&a[2]=d',
+                repeat: '=&a=b&a=c&a=d'
+            },
+            noEmptyKeys: { a: ['b', 'c', 'd'] }
+        },
+        {
+            input: '=a&=b',
+            withEmptyKeys: { '': ['a', 'b'] },
+            stringifyOutput: {
+                brackets: '[]=a&[]=b',
+                indices: '[0]=a&[1]=b',
+                repeat: '=a&=b'
+            },
+            noEmptyKeys: {}
+        },
+        {
+            input: '=a&foo=b',
+            withEmptyKeys: { '': 'a', foo: 'b' },
+            noEmptyKeys: { foo: 'b' },
+            stringifyOutput: {
+                brackets: '=a&foo=b',
+                indices: '=a&foo=b',
+                repeat: '=a&foo=b'
+            }
+        },
+        {
+            input: 'a[]=b&a=c&=',
+            withEmptyKeys: { '': '', a: ['b', 'c'] },
+            stringifyOutput: {
+                brackets: '=&a[]=b&a[]=c',
+                indices: '=&a[0]=b&a[1]=c',
+                repeat: '=&a=b&a=c'
+            },
+            noEmptyKeys: { a: ['b', 'c'] }
+        },
+        {
+            input: 'a[]=b&a=c&=',
+            withEmptyKeys: { '': '', a: ['b', 'c'] },
+            stringifyOutput: {
+                brackets: '=&a[]=b&a[]=c',
+                indices: '=&a[0]=b&a[1]=c',
+                repeat: '=&a=b&a=c'
+            },
+            noEmptyKeys: { a: ['b', 'c'] }
+        },
+        {
+            input: 'a[0]=b&a=c&=',
+            withEmptyKeys: { '': '', a: ['b', 'c'] },
+            stringifyOutput: {
+                brackets: '=&a[]=b&a[]=c',
+                indices: '=&a[0]=b&a[1]=c',
+                repeat: '=&a=b&a=c'
+            },
+            noEmptyKeys: { a: ['b', 'c'] }
+        },
+        {
+            input: 'a=b&a[]=c&=',
+            withEmptyKeys: { '': '', a: ['b', 'c'] },
+            stringifyOutput: {
+                brackets: '=&a[]=b&a[]=c',
+                indices: '=&a[0]=b&a[1]=c',
+                repeat: '=&a=b&a=c'
+            },
+            noEmptyKeys: { a: ['b', 'c'] }
+        },
+        {
+            input: 'a=b&a[0]=c&=',
+            withEmptyKeys: { '': '', a: ['b', 'c'] },
+            stringifyOutput: {
+                brackets: '=&a[]=b&a[]=c',
+                indices: '=&a[0]=b&a[1]=c',
+                repeat: '=&a=b&a=c'
+            },
+            noEmptyKeys: { a: ['b', 'c'] }
+        },
+        {
+            input: '[]=a&[]=b& []=1',
+            withEmptyKeys: { '': ['a', 'b'], ' ': ['1'] },
+            stringifyOutput: {
+                brackets: '[]=a&[]=b& []=1',
+                indices: '[0]=a&[1]=b& [0]=1',
+                repeat: '=a&=b& =1'
+            },
+            noEmptyKeys: { 0: 'a', 1: 'b', ' ': ['1'] }
+        },
+        {
+            input: '[0]=a&[1]=b&a[0]=1&a[1]=2',
+            withEmptyKeys: { '': ['a', 'b'], a: ['1', '2'] },
+            noEmptyKeys: { 0: 'a', 1: 'b', a: ['1', '2'] },
+            stringifyOutput: {
+                brackets: '[]=a&[]=b&a[]=1&a[]=2',
+                indices: '[0]=a&[1]=b&a[0]=1&a[1]=2',
+                repeat: '=a&=b&a=1&a=2'
+            }
+        },
+        {
+            input: '[deep]=a&[deep]=2',
+            withEmptyKeys: { '': { deep: ['a', '2'] }
+            },
+            stringifyOutput: {
+                brackets: '[deep][]=a&[deep][]=2',
+                indices: '[deep][0]=a&[deep][1]=2',
+                repeat: '[deep]=a&[deep]=2'
+            },
+            noEmptyKeys: { deep: ['a', '2'] }
+        },
+        {
+            input: '%5B0%5D=a&%5B1%5D=b',
+            withEmptyKeys: { '': ['a', 'b'] },
+            stringifyOutput: {
+                brackets: '[]=a&[]=b',
+                indices: '[0]=a&[1]=b',
+                repeat: '=a&=b'
+            },
+            noEmptyKeys: { 0: 'a', 1: 'b' }
+        }
+    ]
+};
diff --git a/src/Servers/ExpressServer/node_modules/qs/test/parse.js b/src/Servers/ExpressServer/node_modules/qs/test/parse.js
new file mode 100644
index 0000000..6234fef
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/qs/test/parse.js
@@ -0,0 +1,1512 @@
+'use strict';
+
+var test = require('tape');
+var hasPropertyDescriptors = require('has-property-descriptors')();
+var iconv = require('iconv-lite');
+var mockProperty = require('mock-property');
+var hasOverrideMistake = require('has-override-mistake')();
+var SaferBuffer = require('safer-buffer').Buffer;
+var v = require('es-value-fixtures');
+var inspect = require('object-inspect');
+var emptyTestCases = require('./empty-keys-cases').emptyTestCases;
+var hasProto = require('has-proto')();
+
+var qs = require('../');
+var utils = require('../lib/utils');
+
+test('parse()', function (t) {
+    t.test('parses a simple string', function (st) {
+        st.deepEqual(qs.parse('0=foo'), { 0: 'foo' });
+        st.deepEqual(qs.parse('foo=c++'), { foo: 'c  ' });
+        st.deepEqual(qs.parse('a[>=]=23'), { a: { '>=': '23' } });
+        st.deepEqual(qs.parse('a[<=>]==23'), { a: { '<=>': '=23' } });
+        st.deepEqual(qs.parse('a[==]=23'), { a: { '==': '23' } });
+        st.deepEqual(qs.parse('foo', { strictNullHandling: true }), { foo: null });
+        st.deepEqual(qs.parse('foo'), { foo: '' });
+        st.deepEqual(qs.parse('foo='), { foo: '' });
+        st.deepEqual(qs.parse('foo=bar'), { foo: 'bar' });
+        st.deepEqual(qs.parse(' foo = bar = baz '), { ' foo ': ' bar = baz ' });
+        st.deepEqual(qs.parse('foo=bar=baz'), { foo: 'bar=baz' });
+        st.deepEqual(qs.parse('foo=bar&bar=baz'), { foo: 'bar', bar: 'baz' });
+        st.deepEqual(qs.parse('foo2=bar2&baz2='), { foo2: 'bar2', baz2: '' });
+        st.deepEqual(qs.parse('foo=bar&baz', { strictNullHandling: true }), { foo: 'bar', baz: null });
+        st.deepEqual(qs.parse('foo=bar&baz'), { foo: 'bar', baz: '' });
+        st.deepEqual(qs.parse('cht=p3&chd=t:60,40&chs=250x100&chl=Hello|World'), {
+            cht: 'p3',
+            chd: 't:60,40',
+            chs: '250x100',
+            chl: 'Hello|World'
+        });
+        st.end();
+    });
+
+    t.test('comma: false', function (st) {
+        st.deepEqual(qs.parse('a[]=b&a[]=c'), { a: ['b', 'c'] });
+        st.deepEqual(qs.parse('a[0]=b&a[1]=c'), { a: ['b', 'c'] });
+        st.deepEqual(qs.parse('a=b,c'), { a: 'b,c' });
+        st.deepEqual(qs.parse('a=b&a=c'), { a: ['b', 'c'] });
+        st.end();
+    });
+
+    t.test('comma: true', function (st) {
+        st.deepEqual(qs.parse('a[]=b&a[]=c', { comma: true }), { a: ['b', 'c'] });
+        st.deepEqual(qs.parse('a[0]=b&a[1]=c', { comma: true }), { a: ['b', 'c'] });
+        st.deepEqual(qs.parse('a=b,c', { comma: true }), { a: ['b', 'c'] });
+        st.deepEqual(qs.parse('a=b&a=c', { comma: true }), { a: ['b', 'c'] });
+        st.end();
+    });
+
+    t.test('allows enabling dot notation', function (st) {
+        st.deepEqual(qs.parse('a.b=c'), { 'a.b': 'c' });
+        st.deepEqual(qs.parse('a.b=c', { allowDots: true }), { a: { b: 'c' } });
+
+        st.end();
+    });
+
+    t.test('decode dot keys correctly', function (st) {
+        st.deepEqual(
+            qs.parse('name%252Eobj.first=John&name%252Eobj.last=Doe', { allowDots: false, decodeDotInKeys: false }),
+            { 'name%2Eobj.first': 'John', 'name%2Eobj.last': 'Doe' },
+            'with allowDots false and decodeDotInKeys false'
+        );
+        st.deepEqual(
+            qs.parse('name.obj.first=John&name.obj.last=Doe', { allowDots: true, decodeDotInKeys: false }),
+            { name: { obj: { first: 'John', last: 'Doe' } } },
+            'with allowDots false and decodeDotInKeys false'
+        );
+        st.deepEqual(
+            qs.parse('name%252Eobj.first=John&name%252Eobj.last=Doe', { allowDots: true, decodeDotInKeys: false }),
+            { 'name%2Eobj': { first: 'John', last: 'Doe' } },
+            'with allowDots true and decodeDotInKeys false'
+        );
+        st.deepEqual(
+            qs.parse('name%252Eobj.first=John&name%252Eobj.last=Doe', { allowDots: true, decodeDotInKeys: true }),
+            { 'name.obj': { first: 'John', last: 'Doe' } },
+            'with allowDots true and decodeDotInKeys true'
+        );
+
+        st.deepEqual(
+            qs.parse(
+                'name%252Eobj%252Esubobject.first%252Egodly%252Ename=John&name%252Eobj%252Esubobject.last=Doe',
+                { allowDots: false, decodeDotInKeys: false }
+            ),
+            { 'name%2Eobj%2Esubobject.first%2Egodly%2Ename': 'John', 'name%2Eobj%2Esubobject.last': 'Doe' },
+            'with allowDots false and decodeDotInKeys false'
+        );
+        st.deepEqual(
+            qs.parse(
+                'name.obj.subobject.first.godly.name=John&name.obj.subobject.last=Doe',
+                { allowDots: true, decodeDotInKeys: false }
+            ),
+            { name: { obj: { subobject: { first: { godly: { name: 'John' } }, last: 'Doe' } } } },
+            'with allowDots true and decodeDotInKeys false'
+        );
+        st.deepEqual(
+            qs.parse(
+                'name%252Eobj%252Esubobject.first%252Egodly%252Ename=John&name%252Eobj%252Esubobject.last=Doe',
+                { allowDots: true, decodeDotInKeys: true }
+            ),
+            { 'name.obj.subobject': { 'first.godly.name': 'John', last: 'Doe' } },
+            'with allowDots true and decodeDotInKeys true'
+        );
+        st.deepEqual(
+            qs.parse('name%252Eobj.first=John&name%252Eobj.last=Doe'),
+            { 'name%2Eobj.first': 'John', 'name%2Eobj.last': 'Doe' },
+            'with allowDots and decodeDotInKeys undefined'
+        );
+
+        st.end();
+    });
+
+    t.test('decodes dot in key of object, and allow enabling dot notation when decodeDotInKeys is set to true and allowDots is undefined', function (st) {
+        st.deepEqual(
+            qs.parse(
+                'name%252Eobj%252Esubobject.first%252Egodly%252Ename=John&name%252Eobj%252Esubobject.last=Doe',
+                { decodeDotInKeys: true }
+            ),
+            { 'name.obj.subobject': { 'first.godly.name': 'John', last: 'Doe' } },
+            'with allowDots undefined and decodeDotInKeys true'
+        );
+
+        st.end();
+    });
+
+    t.test('throws when decodeDotInKeys is not of type boolean', function (st) {
+        st['throws'](
+            function () { qs.parse('foo[]&bar=baz', { decodeDotInKeys: 'foobar' }); },
+            TypeError
+        );
+
+        st['throws'](
+            function () { qs.parse('foo[]&bar=baz', { decodeDotInKeys: 0 }); },
+            TypeError
+        );
+        st['throws'](
+            function () { qs.parse('foo[]&bar=baz', { decodeDotInKeys: NaN }); },
+            TypeError
+        );
+
+        st['throws'](
+            function () { qs.parse('foo[]&bar=baz', { decodeDotInKeys: null }); },
+            TypeError
+        );
+
+        st.end();
+    });
+
+    t.test('allows empty arrays in obj values', function (st) {
+        st.deepEqual(qs.parse('foo[]&bar=baz', { allowEmptyArrays: true }), { foo: [], bar: 'baz' });
+        st.deepEqual(qs.parse('foo[]&bar=baz', { allowEmptyArrays: false }), { foo: [''], bar: 'baz' });
+
+        st.end();
+    });
+
+    t.test('throws when allowEmptyArrays is not of type boolean', function (st) {
+        st['throws'](
+            function () { qs.parse('foo[]&bar=baz', { allowEmptyArrays: 'foobar' }); },
+            TypeError
+        );
+
+        st['throws'](
+            function () { qs.parse('foo[]&bar=baz', { allowEmptyArrays: 0 }); },
+            TypeError
+        );
+        st['throws'](
+            function () { qs.parse('foo[]&bar=baz', { allowEmptyArrays: NaN }); },
+            TypeError
+        );
+
+        st['throws'](
+            function () { qs.parse('foo[]&bar=baz', { allowEmptyArrays: null }); },
+            TypeError
+        );
+
+        st.end();
+    });
+
+    t.test('allowEmptyArrays + strictNullHandling', function (st) {
+        st.deepEqual(
+            qs.parse('testEmptyArray[]', { strictNullHandling: true, allowEmptyArrays: true }),
+            { testEmptyArray: [] }
+        );
+
+        st.end();
+    });
+
+    t.deepEqual(qs.parse('a[b]=c'), { a: { b: 'c' } }, 'parses a single nested string');
+    t.deepEqual(qs.parse('a[b][c]=d'), { a: { b: { c: 'd' } } }, 'parses a double nested string');
+    t.deepEqual(
+        qs.parse('a[b][c][d][e][f][g][h]=i'),
+        { a: { b: { c: { d: { e: { f: { '[g][h]': 'i' } } } } } } },
+        'defaults to a depth of 5'
+    );
+
+    t.test('only parses one level when depth = 1', function (st) {
+        st.deepEqual(qs.parse('a[b][c]=d', { depth: 1 }), { a: { b: { '[c]': 'd' } } });
+        st.deepEqual(qs.parse('a[b][c][d]=e', { depth: 1 }), { a: { b: { '[c][d]': 'e' } } });
+        st.end();
+    });
+
+    t.test('uses original key when depth = 0', function (st) {
+        st.deepEqual(qs.parse('a[0]=b&a[1]=c', { depth: 0 }), { 'a[0]': 'b', 'a[1]': 'c' });
+        st.deepEqual(qs.parse('a[0][0]=b&a[0][1]=c&a[1]=d&e=2', { depth: 0 }), { 'a[0][0]': 'b', 'a[0][1]': 'c', 'a[1]': 'd', e: '2' });
+        st.end();
+    });
+
+    t.test('uses original key when depth = false', function (st) {
+        st.deepEqual(qs.parse('a[0]=b&a[1]=c', { depth: false }), { 'a[0]': 'b', 'a[1]': 'c' });
+        st.deepEqual(qs.parse('a[0][0]=b&a[0][1]=c&a[1]=d&e=2', { depth: false }), { 'a[0][0]': 'b', 'a[0][1]': 'c', 'a[1]': 'd', e: '2' });
+        st.end();
+    });
+
+    t.deepEqual(qs.parse('a=b&a=c'), { a: ['b', 'c'] }, 'parses a simple array');
+
+    t.test('parses an explicit array', function (st) {
+        st.deepEqual(qs.parse('a[]=b'), { a: ['b'] });
+        st.deepEqual(qs.parse('a[]=b&a[]=c'), { a: ['b', 'c'] });
+        st.deepEqual(qs.parse('a[]=b&a[]=c&a[]=d'), { a: ['b', 'c', 'd'] });
+        st.end();
+    });
+
+    t.test('parses a mix of simple and explicit arrays', function (st) {
+        st.deepEqual(qs.parse('a=b&a[]=c'), { a: ['b', 'c'] });
+        st.deepEqual(qs.parse('a[]=b&a=c'), { a: ['b', 'c'] });
+        st.deepEqual(qs.parse('a[0]=b&a=c'), { a: ['b', 'c'] });
+        st.deepEqual(qs.parse('a=b&a[0]=c'), { a: ['b', 'c'] });
+
+        st.deepEqual(qs.parse('a[1]=b&a=c', { arrayLimit: 20 }), { a: ['b', 'c'] });
+        st.deepEqual(qs.parse('a[]=b&a=c', { arrayLimit: 0 }), { a: { 0: 'b', 1: 'c' } });
+        st.deepEqual(qs.parse('a[]=b&a=c'), { a: ['b', 'c'] });
+
+        st.deepEqual(qs.parse('a=b&a[1]=c', { arrayLimit: 20 }), { a: ['b', 'c'] });
+        st.deepEqual(qs.parse('a=b&a[]=c', { arrayLimit: 0 }), { a: { 0: 'b', 1: 'c' } });
+        st.deepEqual(qs.parse('a=b&a[]=c'), { a: ['b', 'c'] });
+
+        st.end();
+    });
+
+    t.test('parses a nested array', function (st) {
+        st.deepEqual(qs.parse('a[b][]=c&a[b][]=d'), { a: { b: ['c', 'd'] } });
+        st.deepEqual(qs.parse('a[>=]=25'), { a: { '>=': '25' } });
+        st.end();
+    });
+
+    t.test('allows to specify array indices', function (st) {
+        st.deepEqual(qs.parse('a[1]=c&a[0]=b&a[2]=d'), { a: ['b', 'c', 'd'] });
+        st.deepEqual(qs.parse('a[1]=c&a[0]=b'), { a: ['b', 'c'] });
+        st.deepEqual(qs.parse('a[1]=c', { arrayLimit: 20 }), { a: ['c'] });
+        st.deepEqual(qs.parse('a[1]=c', { arrayLimit: 0 }), { a: { 1: 'c' } });
+        st.deepEqual(qs.parse('a[1]=c'), { a: ['c'] });
+        st.end();
+    });
+
+    t.test('limits specific array indices to arrayLimit', function (st) {
+        st.deepEqual(qs.parse('a[19]=a', { arrayLimit: 20 }), { a: ['a'] });
+        st.deepEqual(qs.parse('a[20]=a', { arrayLimit: 20 }), { a: { 20: 'a' } });
+
+        st.deepEqual(qs.parse('a[19]=a'), { a: ['a'] });
+        st.deepEqual(qs.parse('a[20]=a'), { a: { 20: 'a' } });
+        st.end();
+    });
+
+    t.deepEqual(qs.parse('a[12b]=c'), { a: { '12b': 'c' } }, 'supports keys that begin with a number');
+
+    t.test('supports encoded = signs', function (st) {
+        st.deepEqual(qs.parse('he%3Dllo=th%3Dere'), { 'he=llo': 'th=ere' });
+        st.end();
+    });
+
+    t.test('is ok with url encoded strings', function (st) {
+        st.deepEqual(qs.parse('a[b%20c]=d'), { a: { 'b c': 'd' } });
+        st.deepEqual(qs.parse('a[b]=c%20d'), { a: { b: 'c d' } });
+        st.end();
+    });
+
+    t.test('allows brackets in the value', function (st) {
+        st.deepEqual(qs.parse('pets=["tobi"]'), { pets: '["tobi"]' });
+        st.deepEqual(qs.parse('operators=[">=", "<="]'), { operators: '[">=", "<="]' });
+        st.end();
+    });
+
+    t.test('allows empty values', function (st) {
+        st.deepEqual(qs.parse(''), {});
+        st.deepEqual(qs.parse(null), {});
+        st.deepEqual(qs.parse(undefined), {});
+        st.end();
+    });
+
+    t.test('transforms arrays to objects', function (st) {
+        st.deepEqual(qs.parse('foo[0]=bar&foo[bad]=baz'), { foo: { 0: 'bar', bad: 'baz' } });
+        st.deepEqual(qs.parse('foo[bad]=baz&foo[0]=bar'), { foo: { bad: 'baz', 0: 'bar' } });
+        st.deepEqual(qs.parse('foo[bad]=baz&foo[]=bar'), { foo: { bad: 'baz', 0: 'bar' } });
+        st.deepEqual(qs.parse('foo[]=bar&foo[bad]=baz'), { foo: { 0: 'bar', bad: 'baz' } });
+        st.deepEqual(qs.parse('foo[bad]=baz&foo[]=bar&foo[]=foo'), { foo: { bad: 'baz', 0: 'bar', 1: 'foo' } });
+        st.deepEqual(qs.parse('foo[0][a]=a&foo[0][b]=b&foo[1][a]=aa&foo[1][b]=bb'), { foo: [{ a: 'a', b: 'b' }, { a: 'aa', b: 'bb' }] });
+
+        st.deepEqual(qs.parse('a[]=b&a[t]=u&a[hasOwnProperty]=c', { allowPrototypes: false }), { a: { 0: 'b', t: 'u' } });
+        st.deepEqual(qs.parse('a[]=b&a[t]=u&a[hasOwnProperty]=c', { allowPrototypes: true }), { a: { 0: 'b', t: 'u', hasOwnProperty: 'c' } });
+        st.deepEqual(qs.parse('a[]=b&a[hasOwnProperty]=c&a[x]=y', { allowPrototypes: false }), { a: { 0: 'b', x: 'y' } });
+        st.deepEqual(qs.parse('a[]=b&a[hasOwnProperty]=c&a[x]=y', { allowPrototypes: true }), { a: { 0: 'b', hasOwnProperty: 'c', x: 'y' } });
+        st.end();
+    });
+
+    t.test('transforms arrays to objects (dot notation)', function (st) {
+        st.deepEqual(qs.parse('foo[0].baz=bar&fool.bad=baz', { allowDots: true }), { foo: [{ baz: 'bar' }], fool: { bad: 'baz' } });
+        st.deepEqual(qs.parse('foo[0].baz=bar&fool.bad.boo=baz', { allowDots: true }), { foo: [{ baz: 'bar' }], fool: { bad: { boo: 'baz' } } });
+        st.deepEqual(qs.parse('foo[0][0].baz=bar&fool.bad=baz', { allowDots: true }), { foo: [[{ baz: 'bar' }]], fool: { bad: 'baz' } });
+        st.deepEqual(qs.parse('foo[0].baz[0]=15&foo[0].bar=2', { allowDots: true }), { foo: [{ baz: ['15'], bar: '2' }] });
+        st.deepEqual(qs.parse('foo[0].baz[0]=15&foo[0].baz[1]=16&foo[0].bar=2', { allowDots: true }), { foo: [{ baz: ['15', '16'], bar: '2' }] });
+        st.deepEqual(qs.parse('foo.bad=baz&foo[0]=bar', { allowDots: true }), { foo: { bad: 'baz', 0: 'bar' } });
+        st.deepEqual(qs.parse('foo.bad=baz&foo[]=bar', { allowDots: true }), { foo: { bad: 'baz', 0: 'bar' } });
+        st.deepEqual(qs.parse('foo[]=bar&foo.bad=baz', { allowDots: true }), { foo: { 0: 'bar', bad: 'baz' } });
+        st.deepEqual(qs.parse('foo.bad=baz&foo[]=bar&foo[]=foo', { allowDots: true }), { foo: { bad: 'baz', 0: 'bar', 1: 'foo' } });
+        st.deepEqual(qs.parse('foo[0].a=a&foo[0].b=b&foo[1].a=aa&foo[1].b=bb', { allowDots: true }), { foo: [{ a: 'a', b: 'b' }, { a: 'aa', b: 'bb' }] });
+        st.end();
+    });
+
+    t.test('correctly prunes undefined values when converting an array to an object', function (st) {
+        st.deepEqual(qs.parse('a[2]=b&a[99999999]=c'), { a: { 2: 'b', 99999999: 'c' } });
+        st.end();
+    });
+
+    t.test('supports malformed uri characters', function (st) {
+        st.deepEqual(qs.parse('{%:%}', { strictNullHandling: true }), { '{%:%}': null });
+        st.deepEqual(qs.parse('{%:%}='), { '{%:%}': '' });
+        st.deepEqual(qs.parse('foo=%:%}'), { foo: '%:%}' });
+        st.end();
+    });
+
+    t.test('doesn\'t produce empty keys', function (st) {
+        st.deepEqual(qs.parse('_r=1&'), { _r: '1' });
+        st.end();
+    });
+
+    t.test('cannot access Object prototype', function (st) {
+        qs.parse('constructor[prototype][bad]=bad');
+        qs.parse('bad[constructor][prototype][bad]=bad');
+        st.equal(typeof Object.prototype.bad, 'undefined');
+        st.end();
+    });
+
+    t.test('parses arrays of objects', function (st) {
+        st.deepEqual(qs.parse('a[][b]=c'), { a: [{ b: 'c' }] });
+        st.deepEqual(qs.parse('a[0][b]=c'), { a: [{ b: 'c' }] });
+        st.end();
+    });
+
+    t.test('allows for empty strings in arrays', function (st) {
+        st.deepEqual(qs.parse('a[]=b&a[]=&a[]=c'), { a: ['b', '', 'c'] });
+
+        st.deepEqual(
+            qs.parse('a[0]=b&a[1]&a[2]=c&a[19]=', { strictNullHandling: true, arrayLimit: 20 }),
+            { a: ['b', null, 'c', ''] },
+            'with arrayLimit 20 + array indices: null then empty string works'
+        );
+        st.deepEqual(
+            qs.parse('a[]=b&a[]&a[]=c&a[]=', { strictNullHandling: true, arrayLimit: 0 }),
+            { a: { 0: 'b', 1: null, 2: 'c', 3: '' } },
+            'with arrayLimit 0 + array brackets: null then empty string works'
+        );
+
+        st.deepEqual(
+            qs.parse('a[0]=b&a[1]=&a[2]=c&a[19]', { strictNullHandling: true, arrayLimit: 20 }),
+            { a: ['b', '', 'c', null] },
+            'with arrayLimit 20 + array indices: empty string then null works'
+        );
+        st.deepEqual(
+            qs.parse('a[]=b&a[]=&a[]=c&a[]', { strictNullHandling: true, arrayLimit: 0 }),
+            { a: { 0: 'b', 1: '', 2: 'c', 3: null } },
+            'with arrayLimit 0 + array brackets: empty string then null works'
+        );
+
+        st.deepEqual(
+            qs.parse('a[]=&a[]=b&a[]=c'),
+            { a: ['', 'b', 'c'] },
+            'array brackets: empty strings work'
+        );
+        st.end();
+    });
+
+    t.test('compacts sparse arrays', function (st) {
+        st.deepEqual(qs.parse('a[10]=1&a[2]=2', { arrayLimit: 20 }), { a: ['2', '1'] });
+        st.deepEqual(qs.parse('a[1][b][2][c]=1', { arrayLimit: 20 }), { a: [{ b: [{ c: '1' }] }] });
+        st.deepEqual(qs.parse('a[1][2][3][c]=1', { arrayLimit: 20 }), { a: [[[{ c: '1' }]]] });
+        st.deepEqual(qs.parse('a[1][2][3][c][1]=1', { arrayLimit: 20 }), { a: [[[{ c: ['1'] }]]] });
+        st.end();
+    });
+
+    t.test('parses sparse arrays', function (st) {
+        /* eslint no-sparse-arrays: 0 */
+        st.deepEqual(qs.parse('a[4]=1&a[1]=2', { allowSparse: true }), { a: [, '2', , , '1'] });
+        st.deepEqual(qs.parse('a[1][b][2][c]=1', { allowSparse: true }), { a: [, { b: [, , { c: '1' }] }] });
+        st.deepEqual(qs.parse('a[1][2][3][c]=1', { allowSparse: true }), { a: [, [, , [, , , { c: '1' }]]] });
+        st.deepEqual(qs.parse('a[1][2][3][c][1]=1', { allowSparse: true }), { a: [, [, , [, , , { c: [, '1'] }]]] });
+        st.end();
+    });
+
+    t.test('parses semi-parsed strings', function (st) {
+        st.deepEqual(qs.parse({ 'a[b]': 'c' }), { a: { b: 'c' } });
+        st.deepEqual(qs.parse({ 'a[b]': 'c', 'a[d]': 'e' }), { a: { b: 'c', d: 'e' } });
+        st.end();
+    });
+
+    t.test('parses buffers correctly', function (st) {
+        var b = SaferBuffer.from('test');
+        st.deepEqual(qs.parse({ a: b }), { a: b });
+        st.end();
+    });
+
+    t.test('parses jquery-param strings', function (st) {
+        // readable = 'filter[0][]=int1&filter[0][]==&filter[0][]=77&filter[]=and&filter[2][]=int2&filter[2][]==&filter[2][]=8'
+        var encoded = 'filter%5B0%5D%5B%5D=int1&filter%5B0%5D%5B%5D=%3D&filter%5B0%5D%5B%5D=77&filter%5B%5D=and&filter%5B2%5D%5B%5D=int2&filter%5B2%5D%5B%5D=%3D&filter%5B2%5D%5B%5D=8';
+        var expected = { filter: [['int1', '=', '77'], 'and', ['int2', '=', '8']] };
+        st.deepEqual(qs.parse(encoded), expected);
+        st.end();
+    });
+
+    t.test('continues parsing when no parent is found', function (st) {
+        st.deepEqual(qs.parse('[]=&a=b'), { 0: '', a: 'b' });
+        st.deepEqual(qs.parse('[]&a=b', { strictNullHandling: true }), { 0: null, a: 'b' });
+        st.deepEqual(qs.parse('[foo]=bar'), { foo: 'bar' });
+        st.end();
+    });
+
+    t.test('does not error when parsing a very long array', function (st) {
+        var str = 'a[]=a';
+        while (Buffer.byteLength(str) < 128 * 1024) {
+            str = str + '&' + str;
+        }
+
+        st.doesNotThrow(function () {
+            qs.parse(str);
+        });
+
+        st.end();
+    });
+
+    t.test('does not throw when a native prototype has an enumerable property', function (st) {
+        st.intercept(Object.prototype, 'crash', { value: '' });
+        st.intercept(Array.prototype, 'crash', { value: '' });
+
+        st.doesNotThrow(qs.parse.bind(null, 'a=b'));
+        st.deepEqual(qs.parse('a=b'), { a: 'b' });
+        st.doesNotThrow(qs.parse.bind(null, 'a[][b]=c'));
+        st.deepEqual(qs.parse('a[][b]=c'), { a: [{ b: 'c' }] });
+
+        st.end();
+    });
+
+    t.test('parses a string with an alternative string delimiter', function (st) {
+        st.deepEqual(qs.parse('a=b;c=d', { delimiter: ';' }), { a: 'b', c: 'd' });
+        st.end();
+    });
+
+    t.test('parses a string with an alternative RegExp delimiter', function (st) {
+        st.deepEqual(qs.parse('a=b; c=d', { delimiter: /[;,] */ }), { a: 'b', c: 'd' });
+        st.end();
+    });
+
+    t.test('does not use non-splittable objects as delimiters', function (st) {
+        st.deepEqual(qs.parse('a=b&c=d', { delimiter: true }), { a: 'b', c: 'd' });
+        st.end();
+    });
+
+    t.test('allows overriding parameter limit', function (st) {
+        st.deepEqual(qs.parse('a=b&c=d', { parameterLimit: 1 }), { a: 'b' });
+        st.end();
+    });
+
+    t.test('allows setting the parameter limit to Infinity', function (st) {
+        st.deepEqual(qs.parse('a=b&c=d', { parameterLimit: Infinity }), { a: 'b', c: 'd' });
+        st.end();
+    });
+
+    t.test('allows overriding array limit', function (st) {
+        st.deepEqual(qs.parse('a[0]=b', { arrayLimit: -1 }), { a: { 0: 'b' } });
+        st.deepEqual(qs.parse('a[0]=b', { arrayLimit: 0 }), { a: { 0: 'b' } });
+
+        st.deepEqual(qs.parse('a[-1]=b', { arrayLimit: -1 }), { a: { '-1': 'b' } });
+        st.deepEqual(qs.parse('a[-1]=b', { arrayLimit: 0 }), { a: { '-1': 'b' } });
+
+        st.deepEqual(qs.parse('a[0]=b&a[1]=c', { arrayLimit: -1 }), { a: { 0: 'b', 1: 'c' } });
+        st.deepEqual(qs.parse('a[0]=b&a[1]=c', { arrayLimit: 0 }), { a: { 0: 'b', 1: 'c' } });
+
+        st.end();
+    });
+
+    t.test('allows disabling array parsing', function (st) {
+        var indices = qs.parse('a[0]=b&a[1]=c', { parseArrays: false });
+        st.deepEqual(indices, { a: { 0: 'b', 1: 'c' } });
+        st.equal(Array.isArray(indices.a), false, 'parseArrays:false, indices case is not an array');
+
+        var emptyBrackets = qs.parse('a[]=b', { parseArrays: false });
+        st.deepEqual(emptyBrackets, { a: { 0: 'b' } });
+        st.equal(Array.isArray(emptyBrackets.a), false, 'parseArrays:false, empty brackets case is not an array');
+
+        st.end();
+    });
+
+    t.test('allows for query string prefix', function (st) {
+        st.deepEqual(qs.parse('?foo=bar', { ignoreQueryPrefix: true }), { foo: 'bar' });
+        st.deepEqual(qs.parse('foo=bar', { ignoreQueryPrefix: true }), { foo: 'bar' });
+        st.deepEqual(qs.parse('?foo=bar', { ignoreQueryPrefix: false }), { '?foo': 'bar' });
+
+        st.end();
+    });
+
+    t.test('parses an object', function (st) {
+        var input = {
+            'user[name]': { 'pop[bob]': 3 },
+            'user[email]': null
+        };
+
+        var expected = {
+            user: {
+                name: { 'pop[bob]': 3 },
+                email: null
+            }
+        };
+
+        var result = qs.parse(input);
+
+        st.deepEqual(result, expected);
+        st.end();
+    });
+
+    t.test('parses string with comma as array divider', function (st) {
+        st.deepEqual(qs.parse('foo=bar,tee', { comma: true }), { foo: ['bar', 'tee'] });
+        st.deepEqual(qs.parse('foo[bar]=coffee,tee', { comma: true }), { foo: { bar: ['coffee', 'tee'] } });
+        st.deepEqual(qs.parse('foo=', { comma: true }), { foo: '' });
+        st.deepEqual(qs.parse('foo', { comma: true }), { foo: '' });
+        st.deepEqual(qs.parse('foo', { comma: true, strictNullHandling: true }), { foo: null });
+
+        // test cases inversed from from stringify tests
+        st.deepEqual(qs.parse('a[0]=c'), { a: ['c'] });
+        st.deepEqual(qs.parse('a[]=c'), { a: ['c'] });
+        st.deepEqual(qs.parse('a[]=c', { comma: true }), { a: ['c'] });
+
+        st.deepEqual(qs.parse('a[0]=c&a[1]=d'), { a: ['c', 'd'] });
+        st.deepEqual(qs.parse('a[]=c&a[]=d'), { a: ['c', 'd'] });
+        st.deepEqual(qs.parse('a=c,d', { comma: true }), { a: ['c', 'd'] });
+
+        st.end();
+    });
+
+    t.test('parses values with comma as array divider', function (st) {
+        st.deepEqual(qs.parse({ foo: 'bar,tee' }, { comma: false }), { foo: 'bar,tee' });
+        st.deepEqual(qs.parse({ foo: 'bar,tee' }, { comma: true }), { foo: ['bar', 'tee'] });
+        st.end();
+    });
+
+    t.test('use number decoder, parses string that has one number with comma option enabled', function (st) {
+        var decoder = function (str, defaultDecoder, charset, type) {
+            if (!isNaN(Number(str))) {
+                return parseFloat(str);
+            }
+            return defaultDecoder(str, defaultDecoder, charset, type);
+        };
+
+        st.deepEqual(qs.parse('foo=1', { comma: true, decoder: decoder }), { foo: 1 });
+        st.deepEqual(qs.parse('foo=0', { comma: true, decoder: decoder }), { foo: 0 });
+
+        st.end();
+    });
+
+    t.test('parses brackets holds array of arrays when having two parts of strings with comma as array divider', function (st) {
+        st.deepEqual(qs.parse('foo[]=1,2,3&foo[]=4,5,6', { comma: true }), { foo: [['1', '2', '3'], ['4', '5', '6']] });
+        st.deepEqual(qs.parse('foo[]=1,2,3&foo[]=', { comma: true }), { foo: [['1', '2', '3'], ''] });
+        st.deepEqual(qs.parse('foo[]=1,2,3&foo[]=,', { comma: true }), { foo: [['1', '2', '3'], ['', '']] });
+        st.deepEqual(qs.parse('foo[]=1,2,3&foo[]=a', { comma: true }), { foo: [['1', '2', '3'], 'a'] });
+
+        st.end();
+    });
+
+    t.test('parses url-encoded brackets holds array of arrays when having two parts of strings with comma as array divider', function (st) {
+        st.deepEqual(qs.parse('foo%5B%5D=1,2,3&foo%5B%5D=4,5,6', { comma: true }), { foo: [['1', '2', '3'], ['4', '5', '6']] });
+        st.deepEqual(qs.parse('foo%5B%5D=1,2,3&foo%5B%5D=', { comma: true }), { foo: [['1', '2', '3'], ''] });
+        st.deepEqual(qs.parse('foo%5B%5D=1,2,3&foo%5B%5D=,', { comma: true }), { foo: [['1', '2', '3'], ['', '']] });
+        st.deepEqual(qs.parse('foo%5B%5D=1,2,3&foo%5B%5D=a', { comma: true }), { foo: [['1', '2', '3'], 'a'] });
+
+        st.end();
+    });
+
+    t.test('parses comma delimited array while having percent-encoded comma treated as normal text', function (st) {
+        st.deepEqual(qs.parse('foo=a%2Cb', { comma: true }), { foo: 'a,b' });
+        st.deepEqual(qs.parse('foo=a%2C%20b,d', { comma: true }), { foo: ['a, b', 'd'] });
+        st.deepEqual(qs.parse('foo=a%2C%20b,c%2C%20d', { comma: true }), { foo: ['a, b', 'c, d'] });
+
+        st.end();
+    });
+
+    t.test('parses an object in dot notation', function (st) {
+        var input = {
+            'user.name': { 'pop[bob]': 3 },
+            'user.email.': null
+        };
+
+        var expected = {
+            user: {
+                name: { 'pop[bob]': 3 },
+                email: null
+            }
+        };
+
+        var result = qs.parse(input, { allowDots: true });
+
+        st.deepEqual(result, expected);
+        st.end();
+    });
+
+    t.test('parses an object and not child values', function (st) {
+        var input = {
+            'user[name]': { 'pop[bob]': { test: 3 } },
+            'user[email]': null
+        };
+
+        var expected = {
+            user: {
+                name: { 'pop[bob]': { test: 3 } },
+                email: null
+            }
+        };
+
+        var result = qs.parse(input);
+
+        st.deepEqual(result, expected);
+        st.end();
+    });
+
+    t.test('does not blow up when Buffer global is missing', function (st) {
+        var restore = mockProperty(global, 'Buffer', { 'delete': true });
+
+        var result = qs.parse('a=b&c=d');
+
+        restore();
+
+        st.deepEqual(result, { a: 'b', c: 'd' });
+        st.end();
+    });
+
+    t.test('does not crash when parsing circular references', function (st) {
+        var a = {};
+        a.b = a;
+
+        var parsed;
+
+        st.doesNotThrow(function () {
+            parsed = qs.parse({ 'foo[bar]': 'baz', 'foo[baz]': a });
+        });
+
+        st.equal('foo' in parsed, true, 'parsed has "foo" property');
+        st.equal('bar' in parsed.foo, true);
+        st.equal('baz' in parsed.foo, true);
+        st.equal(parsed.foo.bar, 'baz');
+        st.deepEqual(parsed.foo.baz, a);
+        st.end();
+    });
+
+    t.test('does not crash when parsing deep objects', function (st) {
+        var parsed;
+        var str = 'foo';
+
+        for (var i = 0; i < 5000; i++) {
+            str += '[p]';
+        }
+
+        str += '=bar';
+
+        st.doesNotThrow(function () {
+            parsed = qs.parse(str, { depth: 5000 });
+        });
+
+        st.equal('foo' in parsed, true, 'parsed has "foo" property');
+
+        var depth = 0;
+        var ref = parsed.foo;
+        while ((ref = ref.p)) {
+            depth += 1;
+        }
+
+        st.equal(depth, 5000, 'parsed is 5000 properties deep');
+
+        st.end();
+    });
+
+    t.test('parses null objects correctly', { skip: !hasProto }, function (st) {
+        var a = { __proto__: null, b: 'c' };
+
+        st.deepEqual(qs.parse(a), { b: 'c' });
+        var result = qs.parse({ a: a });
+        st.equal('a' in result, true, 'result has "a" property');
+        st.deepEqual(result.a, a);
+        st.end();
+    });
+
+    t.test('parses dates correctly', function (st) {
+        var now = new Date();
+        st.deepEqual(qs.parse({ a: now }), { a: now });
+        st.end();
+    });
+
+    t.test('parses regular expressions correctly', function (st) {
+        var re = /^test$/;
+        st.deepEqual(qs.parse({ a: re }), { a: re });
+        st.end();
+    });
+
+    t.test('does not allow overwriting prototype properties', function (st) {
+        st.deepEqual(qs.parse('a[hasOwnProperty]=b', { allowPrototypes: false }), {});
+        st.deepEqual(qs.parse('hasOwnProperty=b', { allowPrototypes: false }), {});
+
+        st.deepEqual(
+            qs.parse('toString', { allowPrototypes: false }),
+            {},
+            'bare "toString" results in {}'
+        );
+
+        st.end();
+    });
+
+    t.test('can allow overwriting prototype properties', function (st) {
+        st.deepEqual(qs.parse('a[hasOwnProperty]=b', { allowPrototypes: true }), { a: { hasOwnProperty: 'b' } });
+        st.deepEqual(qs.parse('hasOwnProperty=b', { allowPrototypes: true }), { hasOwnProperty: 'b' });
+
+        st.deepEqual(
+            qs.parse('toString', { allowPrototypes: true }),
+            { toString: '' },
+            'bare "toString" results in { toString: "" }'
+        );
+
+        st.end();
+    });
+
+    t.test('does not crash when the global Object prototype is frozen', { skip: !hasPropertyDescriptors || !hasOverrideMistake }, function (st) {
+        // We can't actually freeze the global Object prototype as that will interfere with other tests, and once an object is frozen, it
+        // can't be unfrozen. Instead, we add a new non-writable property to simulate this.
+        st.teardown(mockProperty(Object.prototype, 'frozenProp', { value: 'foo', nonWritable: true, nonEnumerable: true }));
+
+        st['throws'](
+            function () {
+                var obj = {};
+                obj.frozenProp = 'bar';
+            },
+            // node < 6 has a different error message
+            /^TypeError: Cannot assign to read only property 'frozenProp' of (?:object '#<Object>'|#<Object>)/,
+            'regular assignment of an inherited non-writable property throws'
+        );
+
+        var parsed;
+        st.doesNotThrow(
+            function () {
+                parsed = qs.parse('frozenProp', { allowPrototypes: false });
+            },
+            'parsing a nonwritable Object.prototype property does not throw'
+        );
+
+        st.deepEqual(parsed, {}, 'bare "frozenProp" results in {}');
+
+        st.end();
+    });
+
+    t.test('params starting with a closing bracket', function (st) {
+        st.deepEqual(qs.parse(']=toString'), { ']': 'toString' });
+        st.deepEqual(qs.parse(']]=toString'), { ']]': 'toString' });
+        st.deepEqual(qs.parse(']hello]=toString'), { ']hello]': 'toString' });
+        st.end();
+    });
+
+    t.test('params starting with a starting bracket', function (st) {
+        st.deepEqual(qs.parse('[=toString'), { '[': 'toString' });
+        st.deepEqual(qs.parse('[[=toString'), { '[[': 'toString' });
+        st.deepEqual(qs.parse('[hello[=toString'), { '[hello[': 'toString' });
+        st.end();
+    });
+
+    t.test('add keys to objects', function (st) {
+        st.deepEqual(
+            qs.parse('a[b]=c&a=d'),
+            { a: { b: 'c', d: true } },
+            'can add keys to objects'
+        );
+
+        st.deepEqual(
+            qs.parse('a[b]=c&a=toString'),
+            { a: { b: 'c' } },
+            'can not overwrite prototype'
+        );
+
+        st.deepEqual(
+            qs.parse('a[b]=c&a=toString', { allowPrototypes: true }),
+            { a: { b: 'c', toString: true } },
+            'can overwrite prototype with allowPrototypes true'
+        );
+
+        st.deepEqual(
+            qs.parse('a[b]=c&a=toString', { plainObjects: true }),
+            { __proto__: null, a: { __proto__: null, b: 'c', toString: true } },
+            'can overwrite prototype with plainObjects true'
+        );
+
+        st.end();
+    });
+
+    t.test('dunder proto is ignored', function (st) {
+        var payload = 'categories[__proto__]=login&categories[__proto__]&categories[length]=42';
+        var result = qs.parse(payload, { allowPrototypes: true });
+
+        st.deepEqual(
+            result,
+            {
+                categories: {
+                    length: '42'
+                }
+            },
+            'silent [[Prototype]] payload'
+        );
+
+        var plainResult = qs.parse(payload, { allowPrototypes: true, plainObjects: true });
+
+        st.deepEqual(
+            plainResult,
+            {
+                __proto__: null,
+                categories: {
+                    __proto__: null,
+                    length: '42'
+                }
+            },
+            'silent [[Prototype]] payload: plain objects'
+        );
+
+        var query = qs.parse('categories[__proto__]=cats&categories[__proto__]=dogs&categories[some][json]=toInject', { allowPrototypes: true });
+
+        st.notOk(Array.isArray(query.categories), 'is not an array');
+        st.notOk(query.categories instanceof Array, 'is not instanceof an array');
+        st.deepEqual(query.categories, { some: { json: 'toInject' } });
+        st.equal(JSON.stringify(query.categories), '{"some":{"json":"toInject"}}', 'stringifies as a non-array');
+
+        st.deepEqual(
+            qs.parse('foo[__proto__][hidden]=value&foo[bar]=stuffs', { allowPrototypes: true }),
+            {
+                foo: {
+                    bar: 'stuffs'
+                }
+            },
+            'hidden values'
+        );
+
+        st.deepEqual(
+            qs.parse('foo[__proto__][hidden]=value&foo[bar]=stuffs', { allowPrototypes: true, plainObjects: true }),
+            {
+                __proto__: null,
+                foo: {
+                    __proto__: null,
+                    bar: 'stuffs'
+                }
+            },
+            'hidden values: plain objects'
+        );
+
+        st.end();
+    });
+
+    t.test('can return null objects', { skip: !hasProto }, function (st) {
+        var expected = {
+            __proto__: null,
+            a: {
+                __proto__: null,
+                b: 'c',
+                hasOwnProperty: 'd'
+            }
+        };
+        st.deepEqual(qs.parse('a[b]=c&a[hasOwnProperty]=d', { plainObjects: true }), expected);
+        st.deepEqual(qs.parse(null, { plainObjects: true }), { __proto__: null });
+        var expectedArray = {
+            __proto__: null,
+            a: {
+                __proto__: null,
+                0: 'b',
+                c: 'd'
+            }
+        };
+        st.deepEqual(qs.parse('a[]=b&a[c]=d', { plainObjects: true }), expectedArray);
+        st.end();
+    });
+
+    t.test('can parse with custom encoding', function (st) {
+        st.deepEqual(qs.parse('%8c%a7=%91%e5%8d%e3%95%7b', {
+            decoder: function (str) {
+                var reg = /%([0-9A-F]{2})/ig;
+                var result = [];
+                var parts = reg.exec(str);
+                while (parts) {
+                    result.push(parseInt(parts[1], 16));
+                    parts = reg.exec(str);
+                }
+                return String(iconv.decode(SaferBuffer.from(result), 'shift_jis'));
+            }
+        }), { 県: '大阪府' });
+        st.end();
+    });
+
+    t.test('receives the default decoder as a second argument', function (st) {
+        st.plan(1);
+        qs.parse('a', {
+            decoder: function (str, defaultDecoder) {
+                st.equal(defaultDecoder, utils.decode);
+            }
+        });
+        st.end();
+    });
+
+    t.test('throws error with wrong decoder', function (st) {
+        st['throws'](function () {
+            qs.parse({}, { decoder: 'string' });
+        }, new TypeError('Decoder has to be a function.'));
+        st.end();
+    });
+
+    t.test('does not mutate the options argument', function (st) {
+        var options = {};
+        qs.parse('a[b]=true', options);
+        st.deepEqual(options, {});
+        st.end();
+    });
+
+    t.test('throws if an invalid charset is specified', function (st) {
+        st['throws'](function () {
+            qs.parse('a=b', { charset: 'foobar' });
+        }, new TypeError('The charset option must be either utf-8, iso-8859-1, or undefined'));
+        st.end();
+    });
+
+    t.test('parses an iso-8859-1 string if asked to', function (st) {
+        st.deepEqual(qs.parse('%A2=%BD', { charset: 'iso-8859-1' }), { '¢': '½' });
+        st.end();
+    });
+
+    var urlEncodedCheckmarkInUtf8 = '%E2%9C%93';
+    var urlEncodedOSlashInUtf8 = '%C3%B8';
+    var urlEncodedNumCheckmark = '%26%2310003%3B';
+    var urlEncodedNumSmiley = '%26%239786%3B';
+
+    t.test('prefers an utf-8 charset specified by the utf8 sentinel to a default charset of iso-8859-1', function (st) {
+        st.deepEqual(qs.parse('utf8=' + urlEncodedCheckmarkInUtf8 + '&' + urlEncodedOSlashInUtf8 + '=' + urlEncodedOSlashInUtf8, { charsetSentinel: true, charset: 'iso-8859-1' }), { ø: 'ø' });
+        st.end();
+    });
+
+    t.test('prefers an iso-8859-1 charset specified by the utf8 sentinel to a default charset of utf-8', function (st) {
+        st.deepEqual(qs.parse('utf8=' + urlEncodedNumCheckmark + '&' + urlEncodedOSlashInUtf8 + '=' + urlEncodedOSlashInUtf8, { charsetSentinel: true, charset: 'utf-8' }), { 'ø': 'ø' });
+        st.end();
+    });
+
+    t.test('does not require the utf8 sentinel to be defined before the parameters whose decoding it affects', function (st) {
+        st.deepEqual(qs.parse('a=' + urlEncodedOSlashInUtf8 + '&utf8=' + urlEncodedNumCheckmark, { charsetSentinel: true, charset: 'utf-8' }), { a: 'ø' });
+        st.end();
+    });
+
+    t.test('ignores an utf8 sentinel with an unknown value', function (st) {
+        st.deepEqual(qs.parse('utf8=foo&' + urlEncodedOSlashInUtf8 + '=' + urlEncodedOSlashInUtf8, { charsetSentinel: true, charset: 'utf-8' }), { ø: 'ø' });
+        st.end();
+    });
+
+    t.test('uses the utf8 sentinel to switch to utf-8 when no default charset is given', function (st) {
+        st.deepEqual(qs.parse('utf8=' + urlEncodedCheckmarkInUtf8 + '&' + urlEncodedOSlashInUtf8 + '=' + urlEncodedOSlashInUtf8, { charsetSentinel: true }), { ø: 'ø' });
+        st.end();
+    });
+
+    t.test('uses the utf8 sentinel to switch to iso-8859-1 when no default charset is given', function (st) {
+        st.deepEqual(qs.parse('utf8=' + urlEncodedNumCheckmark + '&' + urlEncodedOSlashInUtf8 + '=' + urlEncodedOSlashInUtf8, { charsetSentinel: true }), { 'ø': 'ø' });
+        st.end();
+    });
+
+    t.test('interprets numeric entities in iso-8859-1 when `interpretNumericEntities`', function (st) {
+        st.deepEqual(qs.parse('foo=' + urlEncodedNumSmiley, { charset: 'iso-8859-1', interpretNumericEntities: true }), { foo: '☺' });
+        st.end();
+    });
+
+    t.test('handles a custom decoder returning `null`, in the `iso-8859-1` charset, when `interpretNumericEntities`', function (st) {
+        st.deepEqual(qs.parse('foo=&bar=' + urlEncodedNumSmiley, {
+            charset: 'iso-8859-1',
+            decoder: function (str, defaultDecoder, charset) {
+                return str ? defaultDecoder(str, defaultDecoder, charset) : null;
+            },
+            interpretNumericEntities: true
+        }), { foo: null, bar: '☺' });
+        st.end();
+    });
+
+    t.test('handles a custom decoder returning `null`, with a string key of `null`', function (st) {
+        st.deepEqual(
+            qs.parse('null=1&ToNull=2', {
+                decoder: function (str, defaultDecoder, charset) {
+                    return str === 'ToNull' ? null : defaultDecoder(str, defaultDecoder, charset);
+                }
+            }),
+            { 'null': '1' },
+            '"null" key is not overridden by `null` decoder result'
+        );
+
+        st.end();
+    });
+
+    t.test('does not interpret numeric entities in iso-8859-1 when `interpretNumericEntities` is absent', function (st) {
+        st.deepEqual(qs.parse('foo=' + urlEncodedNumSmiley, { charset: 'iso-8859-1' }), { foo: '&#9786;' });
+        st.end();
+    });
+
+    t.test('does not interpret numeric entities when the charset is utf-8, even when `interpretNumericEntities`', function (st) {
+        st.deepEqual(qs.parse('foo=' + urlEncodedNumSmiley, { charset: 'utf-8', interpretNumericEntities: true }), { foo: '&#9786;' });
+        st.end();
+    });
+
+    t.test('interpretNumericEntities with comma:true and iso charset does not crash', function (st) {
+        st.deepEqual(
+            qs.parse('b&a[]=1,' + urlEncodedNumSmiley, { comma: true, charset: 'iso-8859-1', interpretNumericEntities: true }),
+            { b: '', a: ['1,☺'] }
+        );
+
+        st.end();
+    });
+
+    t.test('does not interpret %uXXXX syntax in iso-8859-1 mode', function (st) {
+        st.deepEqual(qs.parse('%u263A=%u263A', { charset: 'iso-8859-1' }), { '%u263A': '%u263A' });
+        st.end();
+    });
+
+    t.test('allows for decoding keys and values differently', function (st) {
+        var decoder = function (str, defaultDecoder, charset, type) {
+            if (type === 'key') {
+                return defaultDecoder(str, defaultDecoder, charset, type).toLowerCase();
+            }
+            if (type === 'value') {
+                return defaultDecoder(str, defaultDecoder, charset, type).toUpperCase();
+            }
+            throw 'this should never happen! type: ' + type;
+        };
+
+        st.deepEqual(qs.parse('KeY=vAlUe', { decoder: decoder }), { key: 'VALUE' });
+        st.end();
+    });
+
+    t.test('parameter limit tests', function (st) {
+        st.test('does not throw error when within parameter limit', function (sst) {
+            var result = qs.parse('a=1&b=2&c=3', { parameterLimit: 5, throwOnLimitExceeded: true });
+            sst.deepEqual(result, { a: '1', b: '2', c: '3' }, 'parses without errors');
+            sst.end();
+        });
+
+        st.test('throws error when throwOnLimitExceeded is present but not boolean', function (sst) {
+            sst['throws'](
+                function () {
+                    qs.parse('a=1&b=2&c=3&d=4&e=5&f=6', { parameterLimit: 3, throwOnLimitExceeded: 'true' });
+                },
+                new TypeError('`throwOnLimitExceeded` option must be a boolean'),
+                'throws error when throwOnLimitExceeded is present and not boolean'
+            );
+            sst.end();
+        });
+
+        st.test('throws error when parameter limit exceeded', function (sst) {
+            sst['throws'](
+                function () {
+                    qs.parse('a=1&b=2&c=3&d=4&e=5&f=6', { parameterLimit: 3, throwOnLimitExceeded: true });
+                },
+                new RangeError('Parameter limit exceeded. Only 3 parameters allowed.'),
+                'throws error when parameter limit is exceeded'
+            );
+            sst.end();
+        });
+
+        st.test('silently truncates when throwOnLimitExceeded is not given', function (sst) {
+            var result = qs.parse('a=1&b=2&c=3&d=4&e=5', { parameterLimit: 3 });
+            sst.deepEqual(result, { a: '1', b: '2', c: '3' }, 'parses and truncates silently');
+            sst.end();
+        });
+
+        st.test('silently truncates when parameter limit exceeded without error', function (sst) {
+            var result = qs.parse('a=1&b=2&c=3&d=4&e=5', { parameterLimit: 3, throwOnLimitExceeded: false });
+            sst.deepEqual(result, { a: '1', b: '2', c: '3' }, 'parses and truncates silently');
+            sst.end();
+        });
+
+        st.test('allows unlimited parameters when parameterLimit set to Infinity', function (sst) {
+            var result = qs.parse('a=1&b=2&c=3&d=4&e=5&f=6', { parameterLimit: Infinity });
+            sst.deepEqual(result, { a: '1', b: '2', c: '3', d: '4', e: '5', f: '6' }, 'parses all parameters without truncation');
+            sst.end();
+        });
+
+        st.end();
+    });
+
+    t.test('array limit tests', function (st) {
+        st.test('does not throw error when array is within limit', function (sst) {
+            var result = qs.parse('a[]=1&a[]=2&a[]=3', { arrayLimit: 5, throwOnLimitExceeded: true });
+            sst.deepEqual(result, { a: ['1', '2', '3'] }, 'parses array without errors');
+            sst.end();
+        });
+
+        st.test('throws error when throwOnLimitExceeded is present but not boolean for array limit', function (sst) {
+            sst['throws'](
+                function () {
+                    qs.parse('a[]=1&a[]=2&a[]=3&a[]=4', { arrayLimit: 3, throwOnLimitExceeded: 'true' });
+                },
+                new TypeError('`throwOnLimitExceeded` option must be a boolean'),
+                'throws error when throwOnLimitExceeded is present and not boolean for array limit'
+            );
+            sst.end();
+        });
+
+        st.test('throws error when array limit exceeded', function (sst) {
+            // 4 elements exceeds limit of 3
+            sst['throws'](
+                function () {
+                    qs.parse('a[]=1&a[]=2&a[]=3&a[]=4', { arrayLimit: 3, throwOnLimitExceeded: true });
+                },
+                new RangeError('Array limit exceeded. Only 3 elements allowed in an array.'),
+                'throws error when array limit is exceeded'
+            );
+            sst.end();
+        });
+
+        st.test('does not throw when at limit', function (sst) {
+            // 3 elements = limit of 3, should not throw
+            var result = qs.parse('a[]=1&a[]=2&a[]=3', { arrayLimit: 3, throwOnLimitExceeded: true });
+            sst.ok(Array.isArray(result.a), 'result is an array');
+            sst.deepEqual(result.a, ['1', '2', '3'], 'all values present');
+            sst.end();
+        });
+
+        st.test('converts array to object if length is greater than limit', function (sst) {
+            var result = qs.parse('a[1]=1&a[2]=2&a[3]=3&a[4]=4&a[5]=5&a[6]=6', { arrayLimit: 5 });
+
+            sst.deepEqual(result, { a: { 1: '1', 2: '2', 3: '3', 4: '4', 5: '5', 6: '6' } }, 'parses into object if array length is greater than limit');
+            sst.end();
+        });
+
+        st.test('throws error when indexed notation exceeds arrayLimit with throwOnLimitExceeded', function (sst) {
+            sst['throws'](
+                function () {
+                    qs.parse('a[1001]=b', { arrayLimit: 1000, throwOnLimitExceeded: true });
+                },
+                new RangeError('Array limit exceeded. Only 1000 elements allowed in an array.'),
+                'throws error for a single index exceeding arrayLimit'
+            );
+
+            sst['throws'](
+                function () {
+                    qs.parse('a[0]=1&a[1]=2&a[2]=3&a[10]=4', { arrayLimit: 6, throwOnLimitExceeded: true, allowSparse: true });
+                },
+                new RangeError('Array limit exceeded. Only 6 elements allowed in an array.'),
+                'throws error when a sparse index exceeds arrayLimit'
+            );
+
+            sst.end();
+        });
+
+        st.test('does not throw for indexed notation within arrayLimit with throwOnLimitExceeded', function (sst) {
+            var result = qs.parse('a[4]=b', { arrayLimit: 5, throwOnLimitExceeded: true, allowSparse: true });
+            sst.ok(Array.isArray(result.a), 'result is an array');
+            sst.equal(result.a.length, 5, 'array has correct length');
+            sst.equal(result.a[4], 'b', 'value at index 4 is correct');
+            sst.end();
+        });
+
+        st.test('silently converts to object for indexed notation exceeding arrayLimit without throwOnLimitExceeded', function (sst) {
+            var result = qs.parse('a[1001]=b', { arrayLimit: 1000 });
+            sst.deepEqual(result, { a: { 1001: 'b' } }, 'converts to object without throwing');
+            sst.end();
+        });
+
+        st.end();
+    });
+
+    t.end();
+});
+
+test('parses empty keys', function (t) {
+    emptyTestCases.forEach(function (testCase) {
+        t.test('skips empty string key with ' + testCase.input, function (st) {
+            st.deepEqual(qs.parse(testCase.input), testCase.noEmptyKeys);
+
+            st.end();
+        });
+    });
+});
+
+test('`duplicates` option', function (t) {
+    v.nonStrings.concat('not a valid option').forEach(function (invalidOption) {
+        if (typeof invalidOption !== 'undefined') {
+            t['throws'](
+                function () { qs.parse('', { duplicates: invalidOption }); },
+                TypeError,
+                'throws on invalid option: ' + inspect(invalidOption)
+            );
+        }
+    });
+
+    t.deepEqual(
+        qs.parse('foo=bar&foo=baz'),
+        { foo: ['bar', 'baz'] },
+        'duplicates: default, combine'
+    );
+
+    t.deepEqual(
+        qs.parse('foo=bar&foo=baz', { duplicates: 'combine' }),
+        { foo: ['bar', 'baz'] },
+        'duplicates: combine'
+    );
+
+    t.deepEqual(
+        qs.parse('foo=bar&foo=baz', { duplicates: 'first' }),
+        { foo: 'bar' },
+        'duplicates: first'
+    );
+
+    t.deepEqual(
+        qs.parse('foo=bar&foo=baz', { duplicates: 'last' }),
+        { foo: 'baz' },
+        'duplicates: last'
+    );
+
+    t.end();
+});
+
+test('qs strictDepth option - throw cases', function (t) {
+    t.test('throws an exception when depth exceeds the limit with strictDepth: true', function (st) {
+        st['throws'](
+            function () {
+                qs.parse('a[b][c][d][e][f][g][h][i]=j', { depth: 1, strictDepth: true });
+            },
+            RangeError,
+            'throws RangeError'
+        );
+        st.end();
+    });
+
+    t.test('throws an exception for multiple nested arrays with strictDepth: true', function (st) {
+        st['throws'](
+            function () {
+                qs.parse('a[0][1][2][3][4]=b', { depth: 3, strictDepth: true });
+            },
+            RangeError,
+            'throws RangeError'
+        );
+        st.end();
+    });
+
+    t.test('throws an exception for nested objects and arrays with strictDepth: true', function (st) {
+        st['throws'](
+            function () {
+                qs.parse('a[b][c][0][d][e]=f', { depth: 3, strictDepth: true });
+            },
+            RangeError,
+            'throws RangeError'
+        );
+        st.end();
+    });
+
+    t.test('throws an exception for different types of values with strictDepth: true', function (st) {
+        st['throws'](
+            function () {
+                qs.parse('a[b][c][d][e]=true&a[b][c][d][f]=42', { depth: 3, strictDepth: true });
+            },
+            RangeError,
+            'throws RangeError'
+        );
+        st.end();
+    });
+
+});
+
+test('qs strictDepth option - non-throw cases', function (t) {
+    t.test('when depth is 0 and strictDepth true, do not throw', function (st) {
+        st.doesNotThrow(
+            function () {
+                qs.parse('a[b][c][d][e]=true&a[b][c][d][f]=42', { depth: 0, strictDepth: true });
+            },
+            RangeError,
+            'does not throw RangeError'
+        );
+        st.end();
+    });
+
+    t.test('parses successfully when depth is within the limit with strictDepth: true', function (st) {
+        st.doesNotThrow(
+            function () {
+                var result = qs.parse('a[b]=c', { depth: 1, strictDepth: true });
+                st.deepEqual(result, { a: { b: 'c' } }, 'parses correctly');
+            }
+        );
+        st.end();
+    });
+
+    t.test('does not throw an exception when depth exceeds the limit with strictDepth: false', function (st) {
+        st.doesNotThrow(
+            function () {
+                var result = qs.parse('a[b][c][d][e][f][g][h][i]=j', { depth: 1 });
+                st.deepEqual(result, { a: { b: { '[c][d][e][f][g][h][i]': 'j' } } }, 'parses with depth limit');
+            }
+        );
+        st.end();
+    });
+
+    t.test('parses successfully when depth is within the limit with strictDepth: false', function (st) {
+        st.doesNotThrow(
+            function () {
+                var result = qs.parse('a[b]=c', { depth: 1 });
+                st.deepEqual(result, { a: { b: 'c' } }, 'parses correctly');
+            }
+        );
+        st.end();
+    });
+
+    t.test('does not throw when depth is exactly at the limit with strictDepth: true', function (st) {
+        st.doesNotThrow(
+            function () {
+                var result = qs.parse('a[b][c]=d', { depth: 2, strictDepth: true });
+                st.deepEqual(result, { a: { b: { c: 'd' } } }, 'parses correctly');
+            }
+        );
+        st.end();
+    });
+});
+
+test('DOS', function (t) {
+    var arr = [];
+    for (var i = 0; i < 105; i++) {
+        arr[arr.length] = 'x';
+    }
+    var attack = 'a[]=' + arr.join('&a[]=');
+    var result = qs.parse(attack, { arrayLimit: 100 });
+
+    t.notOk(Array.isArray(result.a), 'arrayLimit is respected: result is an object, not an array');
+    t.equal(Object.keys(result.a).length, 105, 'all values are preserved');
+
+    t.end();
+});
+
+test('arrayLimit boundary conditions', function (t) {
+    // arrayLimit is the max number of elements allowed in an array
+    t.test('exactly at the limit stays as array', function (st) {
+        // 3 elements = limit of 3
+        var result = qs.parse('a[]=1&a[]=2&a[]=3', { arrayLimit: 3 });
+        st.ok(Array.isArray(result.a), 'result is an array when count equals limit');
+        st.deepEqual(result.a, ['1', '2', '3'], 'all values present');
+        st.end();
+    });
+
+    t.test('one over the limit converts to object', function (st) {
+        // 4 elements exceeds limit of 3
+        var result = qs.parse('a[]=1&a[]=2&a[]=3&a[]=4', { arrayLimit: 3 });
+        st.notOk(Array.isArray(result.a), 'result is not an array when over limit');
+        st.deepEqual(result.a, { 0: '1', 1: '2', 2: '3', 3: '4' }, 'all values preserved as object');
+        st.end();
+    });
+
+    t.test('arrayLimit 1 with one value', function (st) {
+        // 1 element = limit of 1
+        var result = qs.parse('a[]=1', { arrayLimit: 1 });
+        st.ok(Array.isArray(result.a), 'result is an array when count equals limit');
+        st.deepEqual(result.a, ['1'], 'value preserved as array');
+        st.end();
+    });
+
+    t.test('arrayLimit 1 with two values converts to object', function (st) {
+        // 2 elements exceeds limit of 1
+        var result = qs.parse('a[]=1&a[]=2', { arrayLimit: 1 });
+        st.notOk(Array.isArray(result.a), 'result is not an array');
+        st.deepEqual(result.a, { 0: '1', 1: '2' }, 'all values preserved as object');
+        st.end();
+    });
+
+    t.end();
+});
+
+test('comma + arrayLimit', function (t) {
+    t.test('comma-separated values within arrayLimit stay as array', function (st) {
+        var result = qs.parse('a=1,2,3', { comma: true, arrayLimit: 5 });
+        st.ok(Array.isArray(result.a), 'result is an array');
+        st.deepEqual(result.a, ['1', '2', '3'], 'all values present');
+        st.end();
+    });
+
+    t.test('comma-separated values exceeding arrayLimit convert to object', function (st) {
+        var result = qs.parse('a=1,2,3,4', { comma: true, arrayLimit: 3 });
+        st.notOk(Array.isArray(result.a), 'result is not an array when over limit');
+        st.deepEqual(result.a, { 0: '1', 1: '2', 2: '3', 3: '4' }, 'all values preserved as object');
+        st.end();
+    });
+
+    t.test('comma-separated values exceeding arrayLimit with throwOnLimitExceeded throws', function (st) {
+        st['throws'](
+            function () {
+                qs.parse('a=1,2,3,4', { comma: true, arrayLimit: 3, throwOnLimitExceeded: true });
+            },
+            new RangeError('Array limit exceeded. Only 3 elements allowed in an array.'),
+            'throws error when comma-split exceeds array limit'
+        );
+        st.end();
+    });
+
+    t.test('comma-separated values at exactly arrayLimit stay as array', function (st) {
+        var result = qs.parse('a=1,2,3', { comma: true, arrayLimit: 3 });
+        st.ok(Array.isArray(result.a), 'result is an array when exactly at limit');
+        st.deepEqual(result.a, ['1', '2', '3'], 'all values present');
+        st.end();
+    });
+
+    t.end();
+});
+
+test('mixed array and object notation', function (t) {
+    t.test('array brackets with object key - under limit', function (st) {
+        st.deepEqual(
+            qs.parse('a[]=b&a[c]=d'),
+            { a: { 0: 'b', c: 'd' } },
+            'mixing [] and [key] converts to object'
+        );
+        st.end();
+    });
+
+    t.test('array index with object key - under limit', function (st) {
+        st.deepEqual(
+            qs.parse('a[0]=b&a[c]=d'),
+            { a: { 0: 'b', c: 'd' } },
+            'mixing [0] and [key] produces object'
+        );
+        st.end();
+    });
+
+    t.test('plain value with array brackets - under limit', function (st) {
+        st.deepEqual(
+            qs.parse('a=b&a[]=c', { arrayLimit: 20 }),
+            { a: ['b', 'c'] },
+            'plain value combined with [] stays as array under limit'
+        );
+        st.end();
+    });
+
+    t.test('array brackets with plain value - under limit', function (st) {
+        st.deepEqual(
+            qs.parse('a[]=b&a=c', { arrayLimit: 20 }),
+            { a: ['b', 'c'] },
+            '[] combined with plain value stays as array under limit'
+        );
+        st.end();
+    });
+
+    t.test('plain value with array index - under limit', function (st) {
+        st.deepEqual(
+            qs.parse('a=b&a[0]=c', { arrayLimit: 20 }),
+            { a: ['b', 'c'] },
+            'plain value combined with [0] stays as array under limit'
+        );
+        st.end();
+    });
+
+    t.test('multiple plain values with duplicates combine', function (st) {
+        st.deepEqual(
+            qs.parse('a=b&a=c&a=d', { arrayLimit: 20 }),
+            { a: ['b', 'c', 'd'] },
+            'duplicate plain keys combine into array'
+        );
+        st.end();
+    });
+
+    t.test('multiple plain values exceeding limit', function (st) {
+        // 3 elements (indices 0-2), max index 2 > limit 1
+        st.deepEqual(
+            qs.parse('a=b&a=c&a=d', { arrayLimit: 1 }),
+            { a: { 0: 'b', 1: 'c', 2: 'd' } },
+            'duplicate plain keys convert to object when exceeding limit'
+        );
+        st.end();
+    });
+
+    t.test('mixed notation produces consistent results when arrayLimit is exceeded', function (st) {
+        var expected = { a: { 0: 'b', 1: 'c', 2: 'd' } };
+
+        st.deepEqual(
+            qs.parse('a[]=b&a[1]=c&a=d', { arrayLimit: -1 }),
+            expected,
+            'arrayLimit -1'
+        );
+
+        st.deepEqual(
+            qs.parse('a[]=b&a[1]=c&a=d', { arrayLimit: 0 }),
+            expected,
+            'arrayLimit 0'
+        );
+
+        st.deepEqual(
+            qs.parse('a[]=b&a[1]=c&a=d', { arrayLimit: 1 }),
+            expected,
+            'arrayLimit 1'
+        );
+
+        st.end();
+    });
+
+    t.end();
+});
diff --git a/src/Servers/ExpressServer/node_modules/qs/test/stringify.js b/src/Servers/ExpressServer/node_modules/qs/test/stringify.js
new file mode 100644
index 0000000..4d77694
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/qs/test/stringify.js
@@ -0,0 +1,1310 @@
+'use strict';
+
+var test = require('tape');
+var qs = require('../');
+var utils = require('../lib/utils');
+var iconv = require('iconv-lite');
+var SaferBuffer = require('safer-buffer').Buffer;
+var hasSymbols = require('has-symbols');
+var mockProperty = require('mock-property');
+var emptyTestCases = require('./empty-keys-cases').emptyTestCases;
+var hasProto = require('has-proto')();
+var hasBigInt = require('has-bigints')();
+
+test('stringify()', function (t) {
+    t.test('stringifies a querystring object', function (st) {
+        st.equal(qs.stringify({ a: 'b' }), 'a=b');
+        st.equal(qs.stringify({ a: 1 }), 'a=1');
+        st.equal(qs.stringify({ a: 1, b: 2 }), 'a=1&b=2');
+        st.equal(qs.stringify({ a: 'A_Z' }), 'a=A_Z');
+        st.equal(qs.stringify({ a: '€' }), 'a=%E2%82%AC');
+        st.equal(qs.stringify({ a: '' }), 'a=%EE%80%80');
+        st.equal(qs.stringify({ a: 'א' }), 'a=%D7%90');
+        st.equal(qs.stringify({ a: '𐐷' }), 'a=%F0%90%90%B7');
+        st.end();
+    });
+
+    t.test('stringifies falsy values', function (st) {
+        st.equal(qs.stringify(undefined), '');
+        st.equal(qs.stringify(null), '');
+        st.equal(qs.stringify(null, { strictNullHandling: true }), '');
+        st.equal(qs.stringify(false), '');
+        st.equal(qs.stringify(0), '');
+        st.end();
+    });
+
+    t.test('stringifies symbols', { skip: !hasSymbols() }, function (st) {
+        st.equal(qs.stringify(Symbol.iterator), '');
+        st.equal(qs.stringify([Symbol.iterator]), '0=Symbol%28Symbol.iterator%29');
+        st.equal(qs.stringify({ a: Symbol.iterator }), 'a=Symbol%28Symbol.iterator%29');
+        st.equal(
+            qs.stringify({ a: [Symbol.iterator] }, { encodeValuesOnly: true, arrayFormat: 'brackets' }),
+            'a[]=Symbol%28Symbol.iterator%29'
+        );
+        st.end();
+    });
+
+    t.test('stringifies bigints', { skip: !hasBigInt }, function (st) {
+        var three = BigInt(3);
+        var encodeWithN = function (value, defaultEncoder, charset) {
+            var result = defaultEncoder(value, defaultEncoder, charset);
+            return typeof value === 'bigint' ? result + 'n' : result;
+        };
+        st.equal(qs.stringify(three), '');
+        st.equal(qs.stringify([three]), '0=3');
+        st.equal(qs.stringify([three], { encoder: encodeWithN }), '0=3n');
+        st.equal(qs.stringify({ a: three }), 'a=3');
+        st.equal(qs.stringify({ a: three }, { encoder: encodeWithN }), 'a=3n');
+        st.equal(
+            qs.stringify({ a: [three] }, { encodeValuesOnly: true, arrayFormat: 'brackets' }),
+            'a[]=3'
+        );
+        st.equal(
+            qs.stringify({ a: [three] }, { encodeValuesOnly: true, encoder: encodeWithN, arrayFormat: 'brackets' }),
+            'a[]=3n'
+        );
+        st.end();
+    });
+
+    t.test('encodes dot in key of object when encodeDotInKeys and allowDots is provided', function (st) {
+        st.equal(
+            qs.stringify(
+                { 'name.obj': { first: 'John', last: 'Doe' } },
+                { allowDots: false, encodeDotInKeys: false }
+            ),
+            'name.obj%5Bfirst%5D=John&name.obj%5Blast%5D=Doe',
+            'with allowDots false and encodeDotInKeys false'
+        );
+        st.equal(
+            qs.stringify(
+                { 'name.obj': { first: 'John', last: 'Doe' } },
+                { allowDots: true, encodeDotInKeys: false }
+            ),
+            'name.obj.first=John&name.obj.last=Doe',
+            'with allowDots true and encodeDotInKeys false'
+        );
+        st.equal(
+            qs.stringify(
+                { 'name.obj': { first: 'John', last: 'Doe' } },
+                { allowDots: false, encodeDotInKeys: true }
+            ),
+            'name%252Eobj%5Bfirst%5D=John&name%252Eobj%5Blast%5D=Doe',
+            'with allowDots false and encodeDotInKeys true'
+        );
+        st.equal(
+            qs.stringify(
+                { 'name.obj': { first: 'John', last: 'Doe' } },
+                { allowDots: true, encodeDotInKeys: true }
+            ),
+            'name%252Eobj.first=John&name%252Eobj.last=Doe',
+            'with allowDots true and encodeDotInKeys true'
+        );
+
+        st.equal(
+            qs.stringify(
+                { 'name.obj.subobject': { 'first.godly.name': 'John', last: 'Doe' } },
+                { allowDots: false, encodeDotInKeys: false }
+            ),
+            'name.obj.subobject%5Bfirst.godly.name%5D=John&name.obj.subobject%5Blast%5D=Doe',
+            'with allowDots false and encodeDotInKeys false'
+        );
+        st.equal(
+            qs.stringify(
+                { 'name.obj.subobject': { 'first.godly.name': 'John', last: 'Doe' } },
+                { allowDots: true, encodeDotInKeys: false }
+            ),
+            'name.obj.subobject.first.godly.name=John&name.obj.subobject.last=Doe',
+            'with allowDots false and encodeDotInKeys false'
+        );
+        st.equal(
+            qs.stringify(
+                { 'name.obj.subobject': { 'first.godly.name': 'John', last: 'Doe' } },
+                { allowDots: false, encodeDotInKeys: true }
+            ),
+            'name%252Eobj%252Esubobject%5Bfirst.godly.name%5D=John&name%252Eobj%252Esubobject%5Blast%5D=Doe',
+            'with allowDots false and encodeDotInKeys true'
+        );
+        st.equal(
+            qs.stringify(
+                { 'name.obj.subobject': { 'first.godly.name': 'John', last: 'Doe' } },
+                { allowDots: true, encodeDotInKeys: true }
+            ),
+            'name%252Eobj%252Esubobject.first%252Egodly%252Ename=John&name%252Eobj%252Esubobject.last=Doe',
+            'with allowDots true and encodeDotInKeys true'
+        );
+
+        st.end();
+    });
+
+    t.test('should encode dot in key of object, and automatically set allowDots to `true` when encodeDotInKeys is true and allowDots in undefined', function (st) {
+        st.equal(
+            qs.stringify(
+                { 'name.obj.subobject': { 'first.godly.name': 'John', last: 'Doe' } },
+                { encodeDotInKeys: true }
+            ),
+            'name%252Eobj%252Esubobject.first%252Egodly%252Ename=John&name%252Eobj%252Esubobject.last=Doe',
+            'with allowDots undefined and encodeDotInKeys true'
+        );
+        st.end();
+    });
+
+    t.test('should encode dot in key of object when encodeDotInKeys and allowDots is provided, and nothing else when encodeValuesOnly is provided', function (st) {
+        st.equal(
+            qs.stringify({ 'name.obj': { first: 'John', last: 'Doe' } }, {
+                encodeDotInKeys: true, allowDots: true, encodeValuesOnly: true
+            }),
+            'name%2Eobj.first=John&name%2Eobj.last=Doe'
+        );
+
+        st.equal(
+            qs.stringify({ 'name.obj.subobject': { 'first.godly.name': 'John', last: 'Doe' } }, { allowDots: true, encodeDotInKeys: true, encodeValuesOnly: true }),
+            'name%2Eobj%2Esubobject.first%2Egodly%2Ename=John&name%2Eobj%2Esubobject.last=Doe'
+        );
+
+        st.end();
+    });
+
+    t.test('throws when `commaRoundTrip` is not a boolean', function (st) {
+        st['throws'](
+            function () { qs.stringify({}, { commaRoundTrip: 'not a boolean' }); },
+            TypeError,
+            'throws when `commaRoundTrip` is not a boolean'
+        );
+
+        st.end();
+    });
+
+    t.test('throws when `encodeDotInKeys` is not a boolean', function (st) {
+        st['throws'](
+            function () { qs.stringify({ a: [], b: 'zz' }, { encodeDotInKeys: 'foobar' }); },
+            TypeError
+        );
+
+        st['throws'](
+            function () { qs.stringify({ a: [], b: 'zz' }, { encodeDotInKeys: 0 }); },
+            TypeError
+        );
+
+        st['throws'](
+            function () { qs.stringify({ a: [], b: 'zz' }, { encodeDotInKeys: NaN }); },
+            TypeError
+        );
+
+        st['throws'](
+            function () { qs.stringify({ a: [], b: 'zz' }, { encodeDotInKeys: null }); },
+            TypeError
+        );
+
+        st.end();
+    });
+
+    t.test('adds query prefix', function (st) {
+        st.equal(qs.stringify({ a: 'b' }, { addQueryPrefix: true }), '?a=b');
+        st.end();
+    });
+
+    t.test('with query prefix, outputs blank string given an empty object', function (st) {
+        st.equal(qs.stringify({}, { addQueryPrefix: true }), '');
+        st.end();
+    });
+
+    t.test('stringifies nested falsy values', function (st) {
+        st.equal(qs.stringify({ a: { b: { c: null } } }), 'a%5Bb%5D%5Bc%5D=');
+        st.equal(qs.stringify({ a: { b: { c: null } } }, { strictNullHandling: true }), 'a%5Bb%5D%5Bc%5D');
+        st.equal(qs.stringify({ a: { b: { c: false } } }), 'a%5Bb%5D%5Bc%5D=false');
+        st.end();
+    });
+
+    t.test('stringifies a nested object', function (st) {
+        st.equal(qs.stringify({ a: { b: 'c' } }), 'a%5Bb%5D=c');
+        st.equal(qs.stringify({ a: { b: { c: { d: 'e' } } } }), 'a%5Bb%5D%5Bc%5D%5Bd%5D=e');
+        st.end();
+    });
+
+    t.test('`allowDots` option: stringifies a nested object with dots notation', function (st) {
+        st.equal(qs.stringify({ a: { b: 'c' } }, { allowDots: true }), 'a.b=c');
+        st.equal(qs.stringify({ a: { b: { c: { d: 'e' } } } }, { allowDots: true }), 'a.b.c.d=e');
+        st.end();
+    });
+
+    t.test('stringifies an array value', function (st) {
+        st.equal(
+            qs.stringify({ a: ['b', 'c', 'd'] }, { arrayFormat: 'indices' }),
+            'a%5B0%5D=b&a%5B1%5D=c&a%5B2%5D=d',
+            'indices => indices'
+        );
+        st.equal(
+            qs.stringify({ a: ['b', 'c', 'd'] }, { arrayFormat: 'brackets' }),
+            'a%5B%5D=b&a%5B%5D=c&a%5B%5D=d',
+            'brackets => brackets'
+        );
+        st.equal(
+            qs.stringify({ a: ['b', 'c', 'd'] }, { arrayFormat: 'comma' }),
+            'a=b%2Cc%2Cd',
+            'comma => comma'
+        );
+        st.equal(
+            qs.stringify({ a: ['b', 'c', 'd'] }, { arrayFormat: 'comma', commaRoundTrip: true }),
+            'a=b%2Cc%2Cd',
+            'comma round trip => comma'
+        );
+        st.equal(
+            qs.stringify({ a: ['b', 'c', 'd'] }),
+            'a%5B0%5D=b&a%5B1%5D=c&a%5B2%5D=d',
+            'default => indices'
+        );
+        st.end();
+    });
+
+    t.test('`skipNulls` option', function (st) {
+        st.equal(
+            qs.stringify({ a: 'b', c: null }, { skipNulls: true }),
+            'a=b',
+            'omits nulls when asked'
+        );
+
+        st.equal(
+            qs.stringify({ a: { b: 'c', d: null } }, { skipNulls: true }),
+            'a%5Bb%5D=c',
+            'omits nested nulls when asked'
+        );
+
+        st.end();
+    });
+
+    t.test('omits array indices when asked', function (st) {
+        st.equal(qs.stringify({ a: ['b', 'c', 'd'] }, { indices: false }), 'a=b&a=c&a=d');
+
+        st.end();
+    });
+
+    t.test('omits object key/value pair when value is empty array', function (st) {
+        st.equal(qs.stringify({ a: [], b: 'zz' }), 'b=zz');
+
+        st.end();
+    });
+
+    t.test('should not omit object key/value pair when value is empty array and when asked', function (st) {
+        st.equal(qs.stringify({ a: [], b: 'zz' }), 'b=zz');
+        st.equal(qs.stringify({ a: [], b: 'zz' }, { allowEmptyArrays: false }), 'b=zz');
+        st.equal(qs.stringify({ a: [], b: 'zz' }, { allowEmptyArrays: true }), 'a[]&b=zz');
+
+        st.end();
+    });
+
+    t.test('should throw when allowEmptyArrays is not of type boolean', function (st) {
+        st['throws'](
+            function () { qs.stringify({ a: [], b: 'zz' }, { allowEmptyArrays: 'foobar' }); },
+            TypeError
+        );
+
+        st['throws'](
+            function () { qs.stringify({ a: [], b: 'zz' }, { allowEmptyArrays: 0 }); },
+            TypeError
+        );
+
+        st['throws'](
+            function () { qs.stringify({ a: [], b: 'zz' }, { allowEmptyArrays: NaN }); },
+            TypeError
+        );
+
+        st['throws'](
+            function () { qs.stringify({ a: [], b: 'zz' }, { allowEmptyArrays: null }); },
+            TypeError
+        );
+
+        st.end();
+    });
+
+    t.test('allowEmptyArrays + strictNullHandling', function (st) {
+        st.equal(
+            qs.stringify(
+                { testEmptyArray: [] },
+                { strictNullHandling: true, allowEmptyArrays: true }
+            ),
+            'testEmptyArray[]'
+        );
+
+        st.end();
+    });
+
+    t.test('stringifies an array value with one item vs multiple items', function (st) {
+        st.test('non-array item', function (s2t) {
+            s2t.equal(qs.stringify({ a: 'c' }, { encodeValuesOnly: true, arrayFormat: 'indices' }), 'a=c');
+            s2t.equal(qs.stringify({ a: 'c' }, { encodeValuesOnly: true, arrayFormat: 'brackets' }), 'a=c');
+            s2t.equal(qs.stringify({ a: 'c' }, { encodeValuesOnly: true, arrayFormat: 'comma' }), 'a=c');
+            s2t.equal(qs.stringify({ a: 'c' }, { encodeValuesOnly: true }), 'a=c');
+
+            s2t.end();
+        });
+
+        st.test('array with a single item', function (s2t) {
+            s2t.equal(qs.stringify({ a: ['c'] }, { encodeValuesOnly: true, arrayFormat: 'indices' }), 'a[0]=c');
+            s2t.equal(qs.stringify({ a: ['c'] }, { encodeValuesOnly: true, arrayFormat: 'brackets' }), 'a[]=c');
+            s2t.equal(qs.stringify({ a: ['c'] }, { encodeValuesOnly: true, arrayFormat: 'comma' }), 'a=c');
+            s2t.equal(qs.stringify({ a: ['c'] }, { encodeValuesOnly: true, arrayFormat: 'comma', commaRoundTrip: true }), 'a[]=c'); // so it parses back as an array
+            s2t.equal(qs.stringify({ a: ['c'] }, { encodeValuesOnly: true }), 'a[0]=c');
+
+            s2t.end();
+        });
+
+        st.test('array with multiple items', function (s2t) {
+            s2t.equal(qs.stringify({ a: ['c', 'd'] }, { encodeValuesOnly: true, arrayFormat: 'indices' }), 'a[0]=c&a[1]=d');
+            s2t.equal(qs.stringify({ a: ['c', 'd'] }, { encodeValuesOnly: true, arrayFormat: 'brackets' }), 'a[]=c&a[]=d');
+            s2t.equal(qs.stringify({ a: ['c', 'd'] }, { encodeValuesOnly: true, arrayFormat: 'comma' }), 'a=c,d');
+            s2t.equal(qs.stringify({ a: ['c', 'd'] }, { encodeValuesOnly: true, arrayFormat: 'comma', commaRoundTrip: true }), 'a=c,d');
+            s2t.equal(qs.stringify({ a: ['c', 'd'] }, { encodeValuesOnly: true }), 'a[0]=c&a[1]=d');
+
+            s2t.end();
+        });
+
+        st.test('array with multiple items with a comma inside', function (s2t) {
+            s2t.equal(qs.stringify({ a: ['c,d', 'e'] }, { encodeValuesOnly: true, arrayFormat: 'comma' }), 'a=c%2Cd,e');
+            s2t.equal(qs.stringify({ a: ['c,d', 'e'] }, { arrayFormat: 'comma' }), 'a=c%2Cd%2Ce');
+
+            s2t.equal(qs.stringify({ a: ['c,d', 'e'] }, { encodeValuesOnly: true, arrayFormat: 'comma', commaRoundTrip: true }), 'a=c%2Cd,e');
+            s2t.equal(qs.stringify({ a: ['c,d', 'e'] }, { arrayFormat: 'comma', commaRoundTrip: true }), 'a=c%2Cd%2Ce');
+
+            s2t.end();
+        });
+
+        st.end();
+    });
+
+    t.test('stringifies a nested array value', function (st) {
+        st.equal(qs.stringify({ a: { b: ['c', 'd'] } }, { encodeValuesOnly: true, arrayFormat: 'indices' }), 'a[b][0]=c&a[b][1]=d');
+        st.equal(qs.stringify({ a: { b: ['c', 'd'] } }, { encodeValuesOnly: true, arrayFormat: 'brackets' }), 'a[b][]=c&a[b][]=d');
+        st.equal(qs.stringify({ a: { b: ['c', 'd'] } }, { encodeValuesOnly: true, arrayFormat: 'comma' }), 'a[b]=c,d');
+        st.equal(qs.stringify({ a: { b: ['c', 'd'] } }, { encodeValuesOnly: true }), 'a[b][0]=c&a[b][1]=d');
+        st.end();
+    });
+
+    t.test('stringifies comma and empty array values', function (st) {
+        st.equal(qs.stringify({ a: [',', '', 'c,d%'] }, { encode: false, arrayFormat: 'indices' }), 'a[0]=,&a[1]=&a[2]=c,d%');
+        st.equal(qs.stringify({ a: [',', '', 'c,d%'] }, { encode: false, arrayFormat: 'brackets' }), 'a[]=,&a[]=&a[]=c,d%');
+        st.equal(qs.stringify({ a: [',', '', 'c,d%'] }, { encode: false, arrayFormat: 'comma' }), 'a=,,,c,d%');
+        st.equal(qs.stringify({ a: [',', '', 'c,d%'] }, { encode: false, arrayFormat: 'repeat' }), 'a=,&a=&a=c,d%');
+
+        st.equal(qs.stringify({ a: [',', '', 'c,d%'] }, { encode: true, encodeValuesOnly: true, arrayFormat: 'indices' }), 'a[0]=%2C&a[1]=&a[2]=c%2Cd%25');
+        st.equal(qs.stringify({ a: [',', '', 'c,d%'] }, { encode: true, encodeValuesOnly: true, arrayFormat: 'brackets' }), 'a[]=%2C&a[]=&a[]=c%2Cd%25');
+        st.equal(qs.stringify({ a: [',', '', 'c,d%'] }, { encode: true, encodeValuesOnly: true, arrayFormat: 'comma' }), 'a=%2C,,c%2Cd%25');
+        st.equal(qs.stringify({ a: [',', '', 'c,d%'] }, { encode: true, encodeValuesOnly: true, arrayFormat: 'repeat' }), 'a=%2C&a=&a=c%2Cd%25');
+
+        st.equal(qs.stringify({ a: [',', '', 'c,d%'] }, { encode: true, encodeValuesOnly: false, arrayFormat: 'indices' }), 'a%5B0%5D=%2C&a%5B1%5D=&a%5B2%5D=c%2Cd%25');
+        st.equal(qs.stringify({ a: [',', '', 'c,d%'] }, { encode: true, encodeValuesOnly: false, arrayFormat: 'brackets' }), 'a%5B%5D=%2C&a%5B%5D=&a%5B%5D=c%2Cd%25');
+        st.equal(qs.stringify({ a: [',', '', 'c,d%'] }, { encode: true, encodeValuesOnly: false, arrayFormat: 'comma' }), 'a=%2C%2C%2Cc%2Cd%25');
+        st.equal(qs.stringify({ a: [',', '', 'c,d%'] }, { encode: true, encodeValuesOnly: false, arrayFormat: 'repeat' }), 'a=%2C&a=&a=c%2Cd%25');
+
+        st.end();
+    });
+
+    t.test('stringifies comma and empty non-array values', function (st) {
+        st.equal(qs.stringify({ a: ',', b: '', c: 'c,d%' }, { encode: false, arrayFormat: 'indices' }), 'a=,&b=&c=c,d%');
+        st.equal(qs.stringify({ a: ',', b: '', c: 'c,d%' }, { encode: false, arrayFormat: 'brackets' }), 'a=,&b=&c=c,d%');
+        st.equal(qs.stringify({ a: ',', b: '', c: 'c,d%' }, { encode: false, arrayFormat: 'comma' }), 'a=,&b=&c=c,d%');
+        st.equal(qs.stringify({ a: ',', b: '', c: 'c,d%' }, { encode: false, arrayFormat: 'repeat' }), 'a=,&b=&c=c,d%');
+
+        st.equal(qs.stringify({ a: ',', b: '', c: 'c,d%' }, { encode: true, encodeValuesOnly: true, arrayFormat: 'indices' }), 'a=%2C&b=&c=c%2Cd%25');
+        st.equal(qs.stringify({ a: ',', b: '', c: 'c,d%' }, { encode: true, encodeValuesOnly: true, arrayFormat: 'brackets' }), 'a=%2C&b=&c=c%2Cd%25');
+        st.equal(qs.stringify({ a: ',', b: '', c: 'c,d%' }, { encode: true, encodeValuesOnly: true, arrayFormat: 'comma' }), 'a=%2C&b=&c=c%2Cd%25');
+        st.equal(qs.stringify({ a: ',', b: '', c: 'c,d%' }, { encode: true, encodeValuesOnly: true, arrayFormat: 'repeat' }), 'a=%2C&b=&c=c%2Cd%25');
+
+        st.equal(qs.stringify({ a: ',', b: '', c: 'c,d%' }, { encode: true, encodeValuesOnly: false, arrayFormat: 'indices' }), 'a=%2C&b=&c=c%2Cd%25');
+        st.equal(qs.stringify({ a: ',', b: '', c: 'c,d%' }, { encode: true, encodeValuesOnly: false, arrayFormat: 'brackets' }), 'a=%2C&b=&c=c%2Cd%25');
+        st.equal(qs.stringify({ a: ',', b: '', c: 'c,d%' }, { encode: true, encodeValuesOnly: false, arrayFormat: 'comma' }), 'a=%2C&b=&c=c%2Cd%25');
+        st.equal(qs.stringify({ a: ',', b: '', c: 'c,d%' }, { encode: true, encodeValuesOnly: false, arrayFormat: 'repeat' }), 'a=%2C&b=&c=c%2Cd%25');
+
+        st.end();
+    });
+
+    t.test('stringifies a nested array value with dots notation', function (st) {
+        st.equal(
+            qs.stringify(
+                { a: { b: ['c', 'd'] } },
+                { allowDots: true, encodeValuesOnly: true, arrayFormat: 'indices' }
+            ),
+            'a.b[0]=c&a.b[1]=d',
+            'indices: stringifies with dots + indices'
+        );
+        st.equal(
+            qs.stringify(
+                { a: { b: ['c', 'd'] } },
+                { allowDots: true, encodeValuesOnly: true, arrayFormat: 'brackets' }
+            ),
+            'a.b[]=c&a.b[]=d',
+            'brackets: stringifies with dots + brackets'
+        );
+        st.equal(
+            qs.stringify(
+                { a: { b: ['c', 'd'] } },
+                { allowDots: true, encodeValuesOnly: true, arrayFormat: 'comma' }
+            ),
+            'a.b=c,d',
+            'comma: stringifies with dots + comma'
+        );
+        st.equal(
+            qs.stringify(
+                { a: { b: ['c', 'd'] } },
+                { allowDots: true, encodeValuesOnly: true }
+            ),
+            'a.b[0]=c&a.b[1]=d',
+            'default: stringifies with dots + indices'
+        );
+        st.end();
+    });
+
+    t.test('stringifies an object inside an array', function (st) {
+        st.equal(
+            qs.stringify({ a: [{ b: 'c' }] }, { arrayFormat: 'indices', encodeValuesOnly: true }),
+            'a[0][b]=c',
+            'indices => indices'
+        );
+        st.equal(
+            qs.stringify({ a: [{ b: 'c' }] }, { arrayFormat: 'repeat', encodeValuesOnly: true }),
+            'a[b]=c',
+            'repeat => repeat'
+        );
+        st.equal(
+            qs.stringify({ a: [{ b: 'c' }] }, { arrayFormat: 'brackets', encodeValuesOnly: true }),
+            'a[][b]=c',
+            'brackets => brackets'
+        );
+        st.equal(
+            qs.stringify({ a: [{ b: 'c' }] }, { encodeValuesOnly: true }),
+            'a[0][b]=c',
+            'default => indices'
+        );
+
+        st.equal(
+            qs.stringify({ a: [{ b: { c: [1] } }] }, { arrayFormat: 'indices', encodeValuesOnly: true }),
+            'a[0][b][c][0]=1',
+            'indices => indices'
+        );
+        st.equal(
+            qs.stringify({ a: [{ b: { c: [1] } }] }, { arrayFormat: 'repeat', encodeValuesOnly: true }),
+            'a[b][c]=1',
+            'repeat => repeat'
+        );
+        st.equal(
+            qs.stringify({ a: [{ b: { c: [1] } }] }, { arrayFormat: 'brackets', encodeValuesOnly: true }),
+            'a[][b][c][]=1',
+            'brackets => brackets'
+        );
+        st.equal(
+            qs.stringify({ a: [{ b: { c: [1] } }] }, { encodeValuesOnly: true }),
+            'a[0][b][c][0]=1',
+            'default => indices'
+        );
+
+        st.end();
+    });
+
+    t.test('stringifies an array with mixed objects and primitives', function (st) {
+        st.equal(
+            qs.stringify({ a: [{ b: 1 }, 2, 3] }, { encodeValuesOnly: true, arrayFormat: 'indices' }),
+            'a[0][b]=1&a[1]=2&a[2]=3',
+            'indices => indices'
+        );
+        st.equal(
+            qs.stringify({ a: [{ b: 1 }, 2, 3] }, { encodeValuesOnly: true, arrayFormat: 'brackets' }),
+            'a[][b]=1&a[]=2&a[]=3',
+            'brackets => brackets'
+        );
+        st.equal(
+            qs.stringify({ a: [{ b: 1 }, 2, 3] }, { encodeValuesOnly: true, arrayFormat: 'comma' }),
+            '???',
+            'brackets => brackets',
+            { skip: 'TODO: figure out what this should do' }
+        );
+        st.equal(
+            qs.stringify({ a: [{ b: 1 }, 2, 3] }, { encodeValuesOnly: true }),
+            'a[0][b]=1&a[1]=2&a[2]=3',
+            'default => indices'
+        );
+
+        st.end();
+    });
+
+    t.test('stringifies an object inside an array with dots notation', function (st) {
+        st.equal(
+            qs.stringify(
+                { a: [{ b: 'c' }] },
+                { allowDots: true, encode: false, arrayFormat: 'indices' }
+            ),
+            'a[0].b=c',
+            'indices => indices'
+        );
+        st.equal(
+            qs.stringify(
+                { a: [{ b: 'c' }] },
+                { allowDots: true, encode: false, arrayFormat: 'brackets' }
+            ),
+            'a[].b=c',
+            'brackets => brackets'
+        );
+        st.equal(
+            qs.stringify(
+                { a: [{ b: 'c' }] },
+                { allowDots: true, encode: false }
+            ),
+            'a[0].b=c',
+            'default => indices'
+        );
+
+        st.equal(
+            qs.stringify(
+                { a: [{ b: { c: [1] } }] },
+                { allowDots: true, encode: false, arrayFormat: 'indices' }
+            ),
+            'a[0].b.c[0]=1',
+            'indices => indices'
+        );
+        st.equal(
+            qs.stringify(
+                { a: [{ b: { c: [1] } }] },
+                { allowDots: true, encode: false, arrayFormat: 'brackets' }
+            ),
+            'a[].b.c[]=1',
+            'brackets => brackets'
+        );
+        st.equal(
+            qs.stringify(
+                { a: [{ b: { c: [1] } }] },
+                { allowDots: true, encode: false }
+            ),
+            'a[0].b.c[0]=1',
+            'default => indices'
+        );
+
+        st.end();
+    });
+
+    t.test('does not omit object keys when indices = false', function (st) {
+        st.equal(qs.stringify({ a: [{ b: 'c' }] }, { indices: false }), 'a%5Bb%5D=c');
+        st.end();
+    });
+
+    t.test('uses indices notation for arrays when indices=true', function (st) {
+        st.equal(qs.stringify({ a: ['b', 'c'] }, { indices: true }), 'a%5B0%5D=b&a%5B1%5D=c');
+        st.end();
+    });
+
+    t.test('uses indices notation for arrays when no arrayFormat is specified', function (st) {
+        st.equal(qs.stringify({ a: ['b', 'c'] }), 'a%5B0%5D=b&a%5B1%5D=c');
+        st.end();
+    });
+
+    t.test('uses indices notation for arrays when arrayFormat=indices', function (st) {
+        st.equal(qs.stringify({ a: ['b', 'c'] }, { arrayFormat: 'indices' }), 'a%5B0%5D=b&a%5B1%5D=c');
+        st.end();
+    });
+
+    t.test('uses repeat notation for arrays when arrayFormat=repeat', function (st) {
+        st.equal(qs.stringify({ a: ['b', 'c'] }, { arrayFormat: 'repeat' }), 'a=b&a=c');
+        st.end();
+    });
+
+    t.test('uses brackets notation for arrays when arrayFormat=brackets', function (st) {
+        st.equal(qs.stringify({ a: ['b', 'c'] }, { arrayFormat: 'brackets' }), 'a%5B%5D=b&a%5B%5D=c');
+        st.end();
+    });
+
+    t.test('stringifies a complicated object', function (st) {
+        st.equal(qs.stringify({ a: { b: 'c', d: 'e' } }), 'a%5Bb%5D=c&a%5Bd%5D=e');
+        st.end();
+    });
+
+    t.test('stringifies an empty value', function (st) {
+        st.equal(qs.stringify({ a: '' }), 'a=');
+        st.equal(qs.stringify({ a: null }, { strictNullHandling: true }), 'a');
+
+        st.equal(qs.stringify({ a: '', b: '' }), 'a=&b=');
+        st.equal(qs.stringify({ a: null, b: '' }, { strictNullHandling: true }), 'a&b=');
+
+        st.equal(qs.stringify({ a: { b: '' } }), 'a%5Bb%5D=');
+        st.equal(qs.stringify({ a: { b: null } }, { strictNullHandling: true }), 'a%5Bb%5D');
+        st.equal(qs.stringify({ a: { b: null } }, { strictNullHandling: false }), 'a%5Bb%5D=');
+
+        st.end();
+    });
+
+    t.test('stringifies an empty array in different arrayFormat', function (st) {
+        st.equal(qs.stringify({ a: [], b: [null], c: 'c' }, { encode: false }), 'b[0]=&c=c');
+        // arrayFormat default
+        st.equal(qs.stringify({ a: [], b: [null], c: 'c' }, { encode: false, arrayFormat: 'indices' }), 'b[0]=&c=c');
+        st.equal(qs.stringify({ a: [], b: [null], c: 'c' }, { encode: false, arrayFormat: 'brackets' }), 'b[]=&c=c');
+        st.equal(qs.stringify({ a: [], b: [null], c: 'c' }, { encode: false, arrayFormat: 'repeat' }), 'b=&c=c');
+        st.equal(qs.stringify({ a: [], b: [null], c: 'c' }, { encode: false, arrayFormat: 'comma' }), 'b=&c=c');
+        st.equal(qs.stringify({ a: [], b: [null], c: 'c' }, { encode: false, arrayFormat: 'comma', commaRoundTrip: true }), 'b[]=&c=c');
+        // with strictNullHandling
+        st.equal(qs.stringify({ a: [], b: [null], c: 'c' }, { encode: false, arrayFormat: 'indices', strictNullHandling: true }), 'b[0]&c=c');
+        st.equal(qs.stringify({ a: [], b: [null], c: 'c' }, { encode: false, arrayFormat: 'brackets', strictNullHandling: true }), 'b[]&c=c');
+        st.equal(qs.stringify({ a: [], b: [null], c: 'c' }, { encode: false, arrayFormat: 'repeat', strictNullHandling: true }), 'b&c=c');
+        st.equal(qs.stringify({ a: [], b: [null], c: 'c' }, { encode: false, arrayFormat: 'comma', strictNullHandling: true }), 'b&c=c');
+        st.equal(qs.stringify({ a: [], b: [null], c: 'c' }, { encode: false, arrayFormat: 'comma', strictNullHandling: true, commaRoundTrip: true }), 'b[]&c=c');
+        // with skipNulls
+        st.equal(qs.stringify({ a: [], b: [null], c: 'c' }, { encode: false, arrayFormat: 'indices', skipNulls: true }), 'c=c');
+        st.equal(qs.stringify({ a: [], b: [null], c: 'c' }, { encode: false, arrayFormat: 'brackets', skipNulls: true }), 'c=c');
+        st.equal(qs.stringify({ a: [], b: [null], c: 'c' }, { encode: false, arrayFormat: 'repeat', skipNulls: true }), 'c=c');
+        st.equal(qs.stringify({ a: [], b: [null], c: 'c' }, { encode: false, arrayFormat: 'comma', skipNulls: true }), 'c=c');
+
+        st.end();
+    });
+
+    t.test('stringifies a null object', { skip: !hasProto }, function (st) {
+        st.equal(qs.stringify({ __proto__: null, a: 'b' }), 'a=b');
+        st.end();
+    });
+
+    t.test('returns an empty string for invalid input', function (st) {
+        st.equal(qs.stringify(undefined), '');
+        st.equal(qs.stringify(false), '');
+        st.equal(qs.stringify(null), '');
+        st.equal(qs.stringify(''), '');
+        st.end();
+    });
+
+    t.test('stringifies an object with a null object as a child', { skip: !hasProto }, function (st) {
+        st.equal(qs.stringify({ a: { __proto__: null, b: 'c' } }), 'a%5Bb%5D=c');
+        st.end();
+    });
+
+    t.test('drops keys with a value of undefined', function (st) {
+        st.equal(qs.stringify({ a: undefined }), '');
+
+        st.equal(qs.stringify({ a: { b: undefined, c: null } }, { strictNullHandling: true }), 'a%5Bc%5D');
+        st.equal(qs.stringify({ a: { b: undefined, c: null } }, { strictNullHandling: false }), 'a%5Bc%5D=');
+        st.equal(qs.stringify({ a: { b: undefined, c: '' } }), 'a%5Bc%5D=');
+        st.end();
+    });
+
+    t.test('url encodes values', function (st) {
+        st.equal(qs.stringify({ a: 'b c' }), 'a=b%20c');
+        st.end();
+    });
+
+    t.test('stringifies a date', function (st) {
+        var now = new Date();
+        var str = 'a=' + encodeURIComponent(now.toISOString());
+        st.equal(qs.stringify({ a: now }), str);
+        st.end();
+    });
+
+    t.test('stringifies the weird object from qs', function (st) {
+        st.equal(qs.stringify({ 'my weird field': '~q1!2"\'w$5&7/z8)?' }), 'my%20weird%20field=~q1%212%22%27w%245%267%2Fz8%29%3F');
+        st.end();
+    });
+
+    t.test('skips properties that are part of the object prototype', function (st) {
+        st.intercept(Object.prototype, 'crash', { value: 'test' });
+
+        st.equal(qs.stringify({ a: 'b' }), 'a=b');
+        st.equal(qs.stringify({ a: { b: 'c' } }), 'a%5Bb%5D=c');
+
+        st.end();
+    });
+
+    t.test('stringifies boolean values', function (st) {
+        st.equal(qs.stringify({ a: true }), 'a=true');
+        st.equal(qs.stringify({ a: { b: true } }), 'a%5Bb%5D=true');
+        st.equal(qs.stringify({ b: false }), 'b=false');
+        st.equal(qs.stringify({ b: { c: false } }), 'b%5Bc%5D=false');
+        st.end();
+    });
+
+    t.test('stringifies buffer values', function (st) {
+        st.equal(qs.stringify({ a: SaferBuffer.from('test') }), 'a=test');
+        st.equal(qs.stringify({ a: { b: SaferBuffer.from('test') } }), 'a%5Bb%5D=test');
+        st.end();
+    });
+
+    t.test('stringifies an object using an alternative delimiter', function (st) {
+        st.equal(qs.stringify({ a: 'b', c: 'd' }, { delimiter: ';' }), 'a=b;c=d');
+        st.end();
+    });
+
+    t.test('does not blow up when Buffer global is missing', function (st) {
+        var restore = mockProperty(global, 'Buffer', { 'delete': true });
+
+        var result = qs.stringify({ a: 'b', c: 'd' });
+
+        restore();
+
+        st.equal(result, 'a=b&c=d');
+        st.end();
+    });
+
+    t.test('does not crash when parsing circular references', function (st) {
+        var a = {};
+        a.b = a;
+
+        st['throws'](
+            function () { qs.stringify({ 'foo[bar]': 'baz', 'foo[baz]': a }); },
+            /RangeError: Cyclic object value/,
+            'cyclic values throw'
+        );
+
+        var circular = {
+            a: 'value'
+        };
+        circular.a = circular;
+        st['throws'](
+            function () { qs.stringify(circular); },
+            /RangeError: Cyclic object value/,
+            'cyclic values throw'
+        );
+
+        var arr = ['a'];
+        st.doesNotThrow(
+            function () { qs.stringify({ x: arr, y: arr }); },
+            'non-cyclic values do not throw'
+        );
+
+        st.end();
+    });
+
+    t.test('non-circular duplicated references can still work', function (st) {
+        var hourOfDay = {
+            'function': 'hour_of_day'
+        };
+
+        var p1 = {
+            'function': 'gte',
+            arguments: [hourOfDay, 0]
+        };
+        var p2 = {
+            'function': 'lte',
+            arguments: [hourOfDay, 23]
+        };
+
+        st.equal(
+            qs.stringify({ filters: { $and: [p1, p2] } }, { encodeValuesOnly: true, arrayFormat: 'indices' }),
+            'filters[$and][0][function]=gte&filters[$and][0][arguments][0][function]=hour_of_day&filters[$and][0][arguments][1]=0&filters[$and][1][function]=lte&filters[$and][1][arguments][0][function]=hour_of_day&filters[$and][1][arguments][1]=23'
+        );
+        st.equal(
+            qs.stringify({ filters: { $and: [p1, p2] } }, { encodeValuesOnly: true, arrayFormat: 'brackets' }),
+            'filters[$and][][function]=gte&filters[$and][][arguments][][function]=hour_of_day&filters[$and][][arguments][]=0&filters[$and][][function]=lte&filters[$and][][arguments][][function]=hour_of_day&filters[$and][][arguments][]=23'
+        );
+        st.equal(
+            qs.stringify({ filters: { $and: [p1, p2] } }, { encodeValuesOnly: true, arrayFormat: 'repeat' }),
+            'filters[$and][function]=gte&filters[$and][arguments][function]=hour_of_day&filters[$and][arguments]=0&filters[$and][function]=lte&filters[$and][arguments][function]=hour_of_day&filters[$and][arguments]=23'
+        );
+
+        st.end();
+    });
+
+    t.test('selects properties when filter=array', function (st) {
+        st.equal(qs.stringify({ a: 'b' }, { filter: ['a'] }), 'a=b');
+        st.equal(qs.stringify({ a: 1 }, { filter: [] }), '');
+
+        st.equal(
+            qs.stringify(
+                { a: { b: [1, 2, 3, 4], c: 'd' }, c: 'f' },
+                { filter: ['a', 'b', 0, 2], arrayFormat: 'indices' }
+            ),
+            'a%5Bb%5D%5B0%5D=1&a%5Bb%5D%5B2%5D=3',
+            'indices => indices'
+        );
+        st.equal(
+            qs.stringify(
+                { a: { b: [1, 2, 3, 4], c: 'd' }, c: 'f' },
+                { filter: ['a', 'b', 0, 2], arrayFormat: 'brackets' }
+            ),
+            'a%5Bb%5D%5B%5D=1&a%5Bb%5D%5B%5D=3',
+            'brackets => brackets'
+        );
+        st.equal(
+            qs.stringify(
+                { a: { b: [1, 2, 3, 4], c: 'd' }, c: 'f' },
+                { filter: ['a', 'b', 0, 2] }
+            ),
+            'a%5Bb%5D%5B0%5D=1&a%5Bb%5D%5B2%5D=3',
+            'default => indices'
+        );
+
+        st.end();
+    });
+
+    t.test('supports custom representations when filter=function', function (st) {
+        var calls = 0;
+        var obj = { a: 'b', c: 'd', e: { f: new Date(1257894000000) } };
+        var filterFunc = function (prefix, value) {
+            calls += 1;
+            if (calls === 1) {
+                st.equal(prefix, '', 'prefix is empty');
+                st.equal(value, obj);
+            } else if (prefix === 'c') {
+                return void 0;
+            } else if (value instanceof Date) {
+                st.equal(prefix, 'e[f]');
+                return value.getTime();
+            }
+            return value;
+        };
+
+        st.equal(qs.stringify(obj, { filter: filterFunc }), 'a=b&e%5Bf%5D=1257894000000');
+        st.equal(calls, 5);
+        st.end();
+    });
+
+    t.test('can disable uri encoding', function (st) {
+        st.equal(qs.stringify({ a: 'b' }, { encode: false }), 'a=b');
+        st.equal(qs.stringify({ a: { b: 'c' } }, { encode: false }), 'a[b]=c');
+        st.equal(qs.stringify({ a: 'b', c: null }, { strictNullHandling: true, encode: false }), 'a=b&c');
+        st.end();
+    });
+
+    t.test('can sort the keys', function (st) {
+        var sort = function (a, b) {
+            return a.localeCompare(b);
+        };
+        st.equal(qs.stringify({ a: 'c', z: 'y', b: 'f' }, { sort: sort }), 'a=c&b=f&z=y');
+        st.equal(qs.stringify({ a: 'c', z: { j: 'a', i: 'b' }, b: 'f' }, { sort: sort }), 'a=c&b=f&z%5Bi%5D=b&z%5Bj%5D=a');
+        st.end();
+    });
+
+    t.test('can sort the keys at depth 3 or more too', function (st) {
+        var sort = function (a, b) {
+            return a.localeCompare(b);
+        };
+        st.equal(
+            qs.stringify(
+                { a: 'a', z: { zj: { zjb: 'zjb', zja: 'zja' }, zi: { zib: 'zib', zia: 'zia' } }, b: 'b' },
+                { sort: sort, encode: false }
+            ),
+            'a=a&b=b&z[zi][zia]=zia&z[zi][zib]=zib&z[zj][zja]=zja&z[zj][zjb]=zjb'
+        );
+        st.equal(
+            qs.stringify(
+                { a: 'a', z: { zj: { zjb: 'zjb', zja: 'zja' }, zi: { zib: 'zib', zia: 'zia' } }, b: 'b' },
+                { sort: null, encode: false }
+            ),
+            'a=a&z[zj][zjb]=zjb&z[zj][zja]=zja&z[zi][zib]=zib&z[zi][zia]=zia&b=b'
+        );
+        st.end();
+    });
+
+    t.test('can stringify with custom encoding', function (st) {
+        st.equal(qs.stringify({ 県: '大阪府', '': '' }, {
+            encoder: function (str) {
+                if (str.length === 0) {
+                    return '';
+                }
+                var buf = iconv.encode(str, 'shiftjis');
+                var result = [];
+                for (var i = 0; i < buf.length; ++i) {
+                    result.push(buf.readUInt8(i).toString(16));
+                }
+                return '%' + result.join('%');
+            }
+        }), '%8c%a7=%91%e5%8d%e3%95%7b&=');
+        st.end();
+    });
+
+    t.test('receives the default encoder as a second argument', function (st) {
+        st.plan(8);
+
+        qs.stringify({ a: 1, b: new Date(), c: true, d: [1] }, {
+            encoder: function (str) {
+                st.match(typeof str, /^(?:string|number|boolean)$/);
+                return '';
+            }
+        });
+
+        st.end();
+    });
+
+    t.test('receives the default encoder as a second argument', function (st) {
+        st.plan(2);
+
+        qs.stringify({ a: 1 }, {
+            encoder: function (str, defaultEncoder) {
+                st.equal(defaultEncoder, utils.encode);
+            }
+        });
+
+        st.end();
+    });
+
+    t.test('throws error with wrong encoder', function (st) {
+        st['throws'](function () {
+            qs.stringify({}, { encoder: 'string' });
+        }, new TypeError('Encoder has to be a function.'));
+        st.end();
+    });
+
+    t.test('can use custom encoder for a buffer object', { skip: typeof Buffer === 'undefined' }, function (st) {
+        st.equal(qs.stringify({ a: SaferBuffer.from([1]) }, {
+            encoder: function (buffer) {
+                if (typeof buffer === 'string') {
+                    return buffer;
+                }
+                return String.fromCharCode(buffer.readUInt8(0) + 97);
+            }
+        }), 'a=b');
+
+        st.equal(qs.stringify({ a: SaferBuffer.from('a b') }, {
+            encoder: function (buffer) {
+                return buffer;
+            }
+        }), 'a=a b');
+        st.end();
+    });
+
+    t.test('serializeDate option', function (st) {
+        var date = new Date();
+        st.equal(
+            qs.stringify({ a: date }),
+            'a=' + date.toISOString().replace(/:/g, '%3A'),
+            'default is toISOString'
+        );
+
+        var mutatedDate = new Date();
+        mutatedDate.toISOString = function () {
+            throw new SyntaxError();
+        };
+        st['throws'](function () {
+            mutatedDate.toISOString();
+        }, SyntaxError);
+        st.equal(
+            qs.stringify({ a: mutatedDate }),
+            'a=' + Date.prototype.toISOString.call(mutatedDate).replace(/:/g, '%3A'),
+            'toISOString works even when method is not locally present'
+        );
+
+        var specificDate = new Date(6);
+        st.equal(
+            qs.stringify(
+                { a: specificDate },
+                { serializeDate: function (d) { return d.getTime() * 7; } }
+            ),
+            'a=42',
+            'custom serializeDate function called'
+        );
+
+        st.equal(
+            qs.stringify(
+                { a: [date] },
+                {
+                    serializeDate: function (d) { return d.getTime(); },
+                    arrayFormat: 'comma'
+                }
+            ),
+            'a=' + date.getTime(),
+            'works with arrayFormat comma'
+        );
+        st.equal(
+            qs.stringify(
+                { a: [date] },
+                {
+                    serializeDate: function (d) { return d.getTime(); },
+                    arrayFormat: 'comma',
+                    commaRoundTrip: true
+                }
+            ),
+            'a%5B%5D=' + date.getTime(),
+            'works with arrayFormat comma'
+        );
+
+        st.end();
+    });
+
+    t.test('RFC 1738 serialization', function (st) {
+        st.equal(qs.stringify({ a: 'b c' }, { format: qs.formats.RFC1738 }), 'a=b+c');
+        st.equal(qs.stringify({ 'a b': 'c d' }, { format: qs.formats.RFC1738 }), 'a+b=c+d');
+        st.equal(qs.stringify({ 'a b': SaferBuffer.from('a b') }, { format: qs.formats.RFC1738 }), 'a+b=a+b');
+
+        st.equal(qs.stringify({ 'foo(ref)': 'bar' }, { format: qs.formats.RFC1738 }), 'foo(ref)=bar');
+
+        st.end();
+    });
+
+    t.test('RFC 3986 spaces serialization', function (st) {
+        st.equal(qs.stringify({ a: 'b c' }, { format: qs.formats.RFC3986 }), 'a=b%20c');
+        st.equal(qs.stringify({ 'a b': 'c d' }, { format: qs.formats.RFC3986 }), 'a%20b=c%20d');
+        st.equal(qs.stringify({ 'a b': SaferBuffer.from('a b') }, { format: qs.formats.RFC3986 }), 'a%20b=a%20b');
+
+        st.end();
+    });
+
+    t.test('Backward compatibility to RFC 3986', function (st) {
+        st.equal(qs.stringify({ a: 'b c' }), 'a=b%20c');
+        st.equal(qs.stringify({ 'a b': SaferBuffer.from('a b') }), 'a%20b=a%20b');
+
+        st.end();
+    });
+
+    t.test('Edge cases and unknown formats', function (st) {
+        ['UFO1234', false, 1234, null, {}, []].forEach(function (format) {
+            st['throws'](
+                function () {
+                    qs.stringify({ a: 'b c' }, { format: format });
+                },
+                new TypeError('Unknown format option provided.')
+            );
+        });
+        st.end();
+    });
+
+    t.test('encodeValuesOnly', function (st) {
+        st.equal(
+            qs.stringify(
+                { a: 'b', c: ['d', 'e=f'], f: [['g'], ['h']] },
+                { encodeValuesOnly: true, arrayFormat: 'indices' }
+            ),
+            'a=b&c[0]=d&c[1]=e%3Df&f[0][0]=g&f[1][0]=h',
+            'encodeValuesOnly + indices'
+        );
+        st.equal(
+            qs.stringify(
+                { a: 'b', c: ['d', 'e=f'], f: [['g'], ['h']] },
+                { encodeValuesOnly: true, arrayFormat: 'brackets' }
+            ),
+            'a=b&c[]=d&c[]=e%3Df&f[][]=g&f[][]=h',
+            'encodeValuesOnly + brackets'
+        );
+        st.equal(
+            qs.stringify(
+                { a: 'b', c: ['d', 'e=f'], f: [['g'], ['h']] },
+                { encodeValuesOnly: true, arrayFormat: 'repeat' }
+            ),
+            'a=b&c=d&c=e%3Df&f=g&f=h',
+            'encodeValuesOnly + repeat'
+        );
+
+        st.equal(
+            qs.stringify(
+                { a: 'b', c: ['d', 'e'], f: [['g'], ['h']] },
+                { arrayFormat: 'indices' }
+            ),
+            'a=b&c%5B0%5D=d&c%5B1%5D=e&f%5B0%5D%5B0%5D=g&f%5B1%5D%5B0%5D=h',
+            'no encodeValuesOnly + indices'
+        );
+        st.equal(
+            qs.stringify(
+                { a: 'b', c: ['d', 'e'], f: [['g'], ['h']] },
+                { arrayFormat: 'brackets' }
+            ),
+            'a=b&c%5B%5D=d&c%5B%5D=e&f%5B%5D%5B%5D=g&f%5B%5D%5B%5D=h',
+            'no encodeValuesOnly + brackets'
+        );
+        st.equal(
+            qs.stringify(
+                { a: 'b', c: ['d', 'e'], f: [['g'], ['h']] },
+                { arrayFormat: 'repeat' }
+            ),
+            'a=b&c=d&c=e&f=g&f=h',
+            'no encodeValuesOnly + repeat'
+        );
+
+        st.end();
+    });
+
+    t.test('encodeValuesOnly - strictNullHandling', function (st) {
+        st.equal(
+            qs.stringify(
+                { a: { b: null } },
+                { encodeValuesOnly: true, strictNullHandling: true }
+            ),
+            'a[b]'
+        );
+        st.end();
+    });
+
+    t.test('throws if an invalid charset is specified', function (st) {
+        st['throws'](function () {
+            qs.stringify({ a: 'b' }, { charset: 'foobar' });
+        }, new TypeError('The charset option must be either utf-8, iso-8859-1, or undefined'));
+        st.end();
+    });
+
+    t.test('respects a charset of iso-8859-1', function (st) {
+        st.equal(qs.stringify({ æ: 'æ' }, { charset: 'iso-8859-1' }), '%E6=%E6');
+        st.end();
+    });
+
+    t.test('encodes unrepresentable chars as numeric entities in iso-8859-1 mode', function (st) {
+        st.equal(qs.stringify({ a: '☺' }, { charset: 'iso-8859-1' }), 'a=%26%239786%3B');
+        st.end();
+    });
+
+    t.test('respects an explicit charset of utf-8 (the default)', function (st) {
+        st.equal(qs.stringify({ a: 'æ' }, { charset: 'utf-8' }), 'a=%C3%A6');
+        st.end();
+    });
+
+    t.test('`charsetSentinel` option', function (st) {
+        st.equal(
+            qs.stringify({ a: 'æ' }, { charsetSentinel: true, charset: 'utf-8' }),
+            'utf8=%E2%9C%93&a=%C3%A6',
+            'adds the right sentinel when instructed to and the charset is utf-8'
+        );
+
+        st.equal(
+            qs.stringify({ a: 'æ' }, { charsetSentinel: true, charset: 'iso-8859-1' }),
+            'utf8=%26%2310003%3B&a=%E6',
+            'adds the right sentinel when instructed to and the charset is iso-8859-1'
+        );
+
+        st.end();
+    });
+
+    t.test('does not mutate the options argument', function (st) {
+        var options = {};
+        qs.stringify({}, options);
+        st.deepEqual(options, {});
+        st.end();
+    });
+
+    t.test('strictNullHandling works with custom filter', function (st) {
+        var filter = function (prefix, value) {
+            return value;
+        };
+
+        var options = { strictNullHandling: true, filter: filter };
+        st.equal(qs.stringify({ key: null }, options), 'key');
+        st.end();
+    });
+
+    t.test('strictNullHandling works with null serializeDate', function (st) {
+        var serializeDate = function () {
+            return null;
+        };
+        var options = { strictNullHandling: true, serializeDate: serializeDate };
+        var date = new Date();
+        st.equal(qs.stringify({ key: date }, options), 'key');
+        st.end();
+    });
+
+    t.test('allows for encoding keys and values differently', function (st) {
+        var encoder = function (str, defaultEncoder, charset, type) {
+            if (type === 'key') {
+                return defaultEncoder(str, defaultEncoder, charset, type).toLowerCase();
+            }
+            if (type === 'value') {
+                return defaultEncoder(str, defaultEncoder, charset, type).toUpperCase();
+            }
+            throw 'this should never happen! type: ' + type;
+        };
+
+        st.deepEqual(qs.stringify({ KeY: 'vAlUe' }, { encoder: encoder }), 'key=VALUE');
+        st.end();
+    });
+
+    t.test('objects inside arrays', function (st) {
+        var obj = { a: { b: { c: 'd', e: 'f' } } };
+        var withArray = { a: { b: [{ c: 'd', e: 'f' }] } };
+
+        st.equal(qs.stringify(obj, { encode: false }), 'a[b][c]=d&a[b][e]=f', 'no array, no arrayFormat');
+        st.equal(qs.stringify(obj, { encode: false, arrayFormat: 'brackets' }), 'a[b][c]=d&a[b][e]=f', 'no array, bracket');
+        st.equal(qs.stringify(obj, { encode: false, arrayFormat: 'indices' }), 'a[b][c]=d&a[b][e]=f', 'no array, indices');
+        st.equal(qs.stringify(obj, { encode: false, arrayFormat: 'repeat' }), 'a[b][c]=d&a[b][e]=f', 'no array, repeat');
+        st.equal(qs.stringify(obj, { encode: false, arrayFormat: 'comma' }), 'a[b][c]=d&a[b][e]=f', 'no array, comma');
+
+        st.equal(qs.stringify(withArray, { encode: false }), 'a[b][0][c]=d&a[b][0][e]=f', 'array, no arrayFormat');
+        st.equal(qs.stringify(withArray, { encode: false, arrayFormat: 'brackets' }), 'a[b][][c]=d&a[b][][e]=f', 'array, bracket');
+        st.equal(qs.stringify(withArray, { encode: false, arrayFormat: 'indices' }), 'a[b][0][c]=d&a[b][0][e]=f', 'array, indices');
+        st.equal(qs.stringify(withArray, { encode: false, arrayFormat: 'repeat' }), 'a[b][c]=d&a[b][e]=f', 'array, repeat');
+        st.equal(
+            qs.stringify(withArray, { encode: false, arrayFormat: 'comma' }),
+            '???',
+            'array, comma',
+            { skip: 'TODO: figure out what this should do' }
+        );
+
+        st.end();
+    });
+
+    t.test('stringifies sparse arrays', function (st) {
+        /* eslint no-sparse-arrays: 0 */
+        st.equal(qs.stringify({ a: [, '2', , , '1'] }, { encodeValuesOnly: true, arrayFormat: 'indices' }), 'a[1]=2&a[4]=1');
+        st.equal(qs.stringify({ a: [, '2', , , '1'] }, { encodeValuesOnly: true, arrayFormat: 'brackets' }), 'a[]=2&a[]=1');
+        st.equal(qs.stringify({ a: [, '2', , , '1'] }, { encodeValuesOnly: true, arrayFormat: 'repeat' }), 'a=2&a=1');
+
+        st.equal(qs.stringify({ a: [, { b: [, , { c: '1' }] }] }, { encodeValuesOnly: true, arrayFormat: 'indices' }), 'a[1][b][2][c]=1');
+        st.equal(qs.stringify({ a: [, { b: [, , { c: '1' }] }] }, { encodeValuesOnly: true, arrayFormat: 'brackets' }), 'a[][b][][c]=1');
+        st.equal(qs.stringify({ a: [, { b: [, , { c: '1' }] }] }, { encodeValuesOnly: true, arrayFormat: 'repeat' }), 'a[b][c]=1');
+
+        st.equal(qs.stringify({ a: [, [, , [, , , { c: '1' }]]] }, { encodeValuesOnly: true, arrayFormat: 'indices' }), 'a[1][2][3][c]=1');
+        st.equal(qs.stringify({ a: [, [, , [, , , { c: '1' }]]] }, { encodeValuesOnly: true, arrayFormat: 'brackets' }), 'a[][][][c]=1');
+        st.equal(qs.stringify({ a: [, [, , [, , , { c: '1' }]]] }, { encodeValuesOnly: true, arrayFormat: 'repeat' }), 'a[c]=1');
+
+        st.equal(qs.stringify({ a: [, [, , [, , , { c: [, '1'] }]]] }, { encodeValuesOnly: true, arrayFormat: 'indices' }), 'a[1][2][3][c][1]=1');
+        st.equal(qs.stringify({ a: [, [, , [, , , { c: [, '1'] }]]] }, { encodeValuesOnly: true, arrayFormat: 'brackets' }), 'a[][][][c][]=1');
+        st.equal(qs.stringify({ a: [, [, , [, , , { c: [, '1'] }]]] }, { encodeValuesOnly: true, arrayFormat: 'repeat' }), 'a[c]=1');
+
+        st.end();
+    });
+
+    t.test('encodes a very long string', function (st) {
+        var chars = [];
+        var expected = [];
+        for (var i = 0; i < 5e3; i++) {
+            chars.push(' ' + i);
+
+            expected.push('%20' + i);
+        }
+
+        var obj = {
+            foo: chars.join('')
+        };
+
+        st.equal(
+            qs.stringify(obj, { arrayFormat: 'brackets', charset: 'utf-8' }),
+            'foo=' + expected.join('')
+        );
+
+        st.end();
+    });
+
+    t.end();
+});
+
+test('stringifies empty keys', function (t) {
+    emptyTestCases.forEach(function (testCase) {
+        t.test('stringifies an object with empty string key with ' + testCase.input, function (st) {
+            st.deepEqual(
+                qs.stringify(testCase.withEmptyKeys, { encode: false, arrayFormat: 'indices' }),
+                testCase.stringifyOutput.indices,
+                'test case: ' + testCase.input + ', indices'
+            );
+            st.deepEqual(
+                qs.stringify(testCase.withEmptyKeys, { encode: false, arrayFormat: 'brackets' }),
+                testCase.stringifyOutput.brackets,
+                'test case: ' + testCase.input + ', brackets'
+            );
+            st.deepEqual(
+                qs.stringify(testCase.withEmptyKeys, { encode: false, arrayFormat: 'repeat' }),
+                testCase.stringifyOutput.repeat,
+                'test case: ' + testCase.input + ', repeat'
+            );
+
+            st.end();
+        });
+    });
+
+    t.test('edge case with object/arrays', function (st) {
+        st.deepEqual(qs.stringify({ '': { '': [2, 3] } }, { encode: false }), '[][0]=2&[][1]=3');
+        st.deepEqual(qs.stringify({ '': { '': [2, 3], a: 2 } }, { encode: false }), '[][0]=2&[][1]=3&[a]=2');
+        st.deepEqual(qs.stringify({ '': { '': [2, 3] } }, { encode: false, arrayFormat: 'indices' }), '[][0]=2&[][1]=3');
+        st.deepEqual(qs.stringify({ '': { '': [2, 3], a: 2 } }, { encode: false, arrayFormat: 'indices' }), '[][0]=2&[][1]=3&[a]=2');
+
+        st.end();
+    });
+
+    t.test('stringifies non-string keys', function (st) {
+        var S = Object('abc');
+        S.toString = function () {
+            return 'd';
+        };
+        var actual = qs.stringify({ a: 'b', 'false': {}, 1e+22: 'c', d: 'e' }, {
+            filter: ['a', false, null, 10000000000000000000000, S],
+            allowDots: true,
+            encodeDotInKeys: true
+        });
+
+        st.equal(actual, 'a=b&1e%2B22=c&d=e', 'stringifies correctly');
+
+        st.end();
+    });
+});
diff --git a/src/Servers/ExpressServer/node_modules/qs/test/utils.js b/src/Servers/ExpressServer/node_modules/qs/test/utils.js
new file mode 100644
index 0000000..65baea7
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/qs/test/utils.js
@@ -0,0 +1,397 @@
+'use strict';
+
+var test = require('tape');
+var inspect = require('object-inspect');
+var SaferBuffer = require('safer-buffer').Buffer;
+var forEach = require('for-each');
+var v = require('es-value-fixtures');
+
+var utils = require('../lib/utils');
+
+test('merge()', function (t) {
+    t.deepEqual(utils.merge(null, true), [null, true], 'merges true into null');
+
+    t.deepEqual(utils.merge(null, [42]), [null, 42], 'merges null into an array');
+
+    t.deepEqual(utils.merge({ a: 'b' }, { a: 'c' }), { a: ['b', 'c'] }, 'merges two objects with the same key');
+
+    var oneMerged = utils.merge({ foo: 'bar' }, { foo: { first: '123' } });
+    t.deepEqual(oneMerged, { foo: ['bar', { first: '123' }] }, 'merges a standalone and an object into an array');
+
+    var twoMerged = utils.merge({ foo: ['bar', { first: '123' }] }, { foo: { second: '456' } });
+    t.deepEqual(twoMerged, { foo: { 0: 'bar', 1: { first: '123' }, second: '456' } }, 'merges a standalone and two objects into an array');
+
+    var sandwiched = utils.merge({ foo: ['bar', { first: '123', second: '456' }] }, { foo: 'baz' });
+    t.deepEqual(sandwiched, { foo: ['bar', { first: '123', second: '456' }, 'baz'] }, 'merges an object sandwiched by two standalones into an array');
+
+    var nestedArrays = utils.merge({ foo: ['baz'] }, { foo: ['bar', 'xyzzy'] });
+    t.deepEqual(nestedArrays, { foo: ['baz', 'bar', 'xyzzy'] });
+
+    var noOptionsNonObjectSource = utils.merge({ foo: 'baz' }, 'bar');
+    t.deepEqual(noOptionsNonObjectSource, { foo: 'baz', bar: true });
+
+    var func = function f() {};
+    t.deepEqual(
+        utils.merge(func, { foo: 'bar' }),
+        [func, { foo: 'bar' }],
+        'functions can not be merged into'
+    );
+
+    func.bar = 'baz';
+    t.deepEqual(
+        utils.merge({ foo: 'bar' }, func),
+        { foo: 'bar', bar: 'baz' },
+        'functions can be merge sources'
+    );
+
+    t.test(
+        'avoids invoking array setters unnecessarily',
+        { skip: typeof Object.defineProperty !== 'function' },
+        function (st) {
+            var setCount = 0;
+            var getCount = 0;
+            var observed = [];
+            Object.defineProperty(observed, 0, {
+                get: function () {
+                    getCount += 1;
+                    return { bar: 'baz' };
+                },
+                set: function () { setCount += 1; }
+            });
+            utils.merge(observed, [null]);
+            st.equal(setCount, 0);
+            st.equal(getCount, 1);
+            observed[0] = observed[0]; // eslint-disable-line no-self-assign
+            st.equal(setCount, 1);
+            st.equal(getCount, 2);
+            st.end();
+        }
+    );
+
+    t.test('with overflow objects (from arrayLimit)', function (st) {
+        // arrayLimit is max index, so with limit 0, max index 0 is allowed (1 element)
+        // To create overflow, need 2+ elements with limit 0, or 3+ with limit 1, etc.
+        st.test('merges primitive into overflow object at next index', function (s2t) {
+            // Create an overflow object via combine: 3 elements (indices 0-2) with limit 0
+            var overflow = utils.combine(['a', 'b'], 'c', 0, false);
+            s2t.ok(utils.isOverflow(overflow), 'overflow object is marked');
+            var merged = utils.merge(overflow, 'd');
+            s2t.deepEqual(merged, { 0: 'a', 1: 'b', 2: 'c', 3: 'd' }, 'adds primitive at next numeric index');
+            s2t.end();
+        });
+
+        st.test('merges primitive into regular object with numeric keys normally', function (s2t) {
+            var obj = { 0: 'a', 1: 'b' };
+            s2t.notOk(utils.isOverflow(obj), 'plain object is not marked as overflow');
+            var merged = utils.merge(obj, 'c');
+            s2t.deepEqual(merged, { 0: 'a', 1: 'b', c: true }, 'adds primitive as key (not at next index)');
+            s2t.end();
+        });
+
+        st.test('merges primitive into object with non-numeric keys normally', function (s2t) {
+            var obj = { foo: 'bar' };
+            var merged = utils.merge(obj, 'baz');
+            s2t.deepEqual(merged, { foo: 'bar', baz: true }, 'adds primitive as key with value true');
+            s2t.end();
+        });
+
+        st.test('merges overflow object into primitive', function (s2t) {
+            // Create an overflow object via combine: 2 elements (indices 0-1) with limit 0
+            var overflow = utils.combine(['a'], 'b', 0, false);
+            s2t.ok(utils.isOverflow(overflow), 'overflow object is marked');
+            var merged = utils.merge('c', overflow);
+            s2t.ok(utils.isOverflow(merged), 'result is also marked as overflow');
+            s2t.deepEqual(merged, { 0: 'c', 1: 'a', 2: 'b' }, 'creates object with primitive at 0, source values shifted');
+            s2t.end();
+        });
+
+        st.test('merges overflow object with multiple values into primitive', function (s2t) {
+            // Create an overflow object via combine: 3 elements (indices 0-2) with limit 0
+            var overflow = utils.combine(['b', 'c'], 'd', 0, false);
+            s2t.ok(utils.isOverflow(overflow), 'overflow object is marked');
+            var merged = utils.merge('a', overflow);
+            s2t.deepEqual(merged, { 0: 'a', 1: 'b', 2: 'c', 3: 'd' }, 'shifts all source indices by 1');
+            s2t.end();
+        });
+
+        st.test('merges regular object into primitive as array', function (s2t) {
+            var obj = { foo: 'bar' };
+            var merged = utils.merge('a', obj);
+            s2t.deepEqual(merged, ['a', { foo: 'bar' }], 'creates array with primitive and object');
+            s2t.end();
+        });
+
+        st.end();
+    });
+
+    t.end();
+});
+
+test('assign()', function (t) {
+    var target = { a: 1, b: 2 };
+    var source = { b: 3, c: 4 };
+    var result = utils.assign(target, source);
+
+    t.equal(result, target, 'returns the target');
+    t.deepEqual(target, { a: 1, b: 3, c: 4 }, 'target and source are merged');
+    t.deepEqual(source, { b: 3, c: 4 }, 'source is untouched');
+
+    t.end();
+});
+
+test('combine()', function (t) {
+    t.test('both arrays', function (st) {
+        var a = [1];
+        var b = [2];
+        var combined = utils.combine(a, b);
+
+        st.deepEqual(a, [1], 'a is not mutated');
+        st.deepEqual(b, [2], 'b is not mutated');
+        st.notEqual(a, combined, 'a !== combined');
+        st.notEqual(b, combined, 'b !== combined');
+        st.deepEqual(combined, [1, 2], 'combined is a + b');
+
+        st.end();
+    });
+
+    t.test('one array, one non-array', function (st) {
+        var aN = 1;
+        var a = [aN];
+        var bN = 2;
+        var b = [bN];
+
+        var combinedAnB = utils.combine(aN, b);
+        st.deepEqual(b, [bN], 'b is not mutated');
+        st.notEqual(aN, combinedAnB, 'aN + b !== aN');
+        st.notEqual(a, combinedAnB, 'aN + b !== a');
+        st.notEqual(bN, combinedAnB, 'aN + b !== bN');
+        st.notEqual(b, combinedAnB, 'aN + b !== b');
+        st.deepEqual([1, 2], combinedAnB, 'first argument is array-wrapped when not an array');
+
+        var combinedABn = utils.combine(a, bN);
+        st.deepEqual(a, [aN], 'a is not mutated');
+        st.notEqual(aN, combinedABn, 'a + bN !== aN');
+        st.notEqual(a, combinedABn, 'a + bN !== a');
+        st.notEqual(bN, combinedABn, 'a + bN !== bN');
+        st.notEqual(b, combinedABn, 'a + bN !== b');
+        st.deepEqual([1, 2], combinedABn, 'second argument is array-wrapped when not an array');
+
+        st.end();
+    });
+
+    t.test('neither is an array', function (st) {
+        var combined = utils.combine(1, 2);
+        st.notEqual(1, combined, '1 + 2 !== 1');
+        st.notEqual(2, combined, '1 + 2 !== 2');
+        st.deepEqual([1, 2], combined, 'both arguments are array-wrapped when not an array');
+
+        st.end();
+    });
+
+    t.test('with arrayLimit', function (st) {
+        st.test('under the limit', function (s2t) {
+            var combined = utils.combine(['a', 'b'], 'c', 10, false);
+            s2t.deepEqual(combined, ['a', 'b', 'c'], 'returns array when under limit');
+            s2t.ok(Array.isArray(combined), 'result is an array');
+            s2t.end();
+        });
+
+        st.test('exactly at the limit stays as array', function (s2t) {
+            var combined = utils.combine(['a', 'b'], 'c', 3, false);
+            s2t.deepEqual(combined, ['a', 'b', 'c'], 'stays as array when count equals limit');
+            s2t.ok(Array.isArray(combined), 'result is an array');
+            s2t.end();
+        });
+
+        st.test('over the limit', function (s2t) {
+            var combined = utils.combine(['a', 'b', 'c'], 'd', 3, false);
+            s2t.deepEqual(combined, { 0: 'a', 1: 'b', 2: 'c', 3: 'd' }, 'converts to object when over limit');
+            s2t.notOk(Array.isArray(combined), 'result is not an array');
+            s2t.end();
+        });
+
+        st.test('with arrayLimit 1', function (s2t) {
+            var combined = utils.combine([], 'a', 1, false);
+            s2t.deepEqual(combined, ['a'], 'stays as array when count equals limit');
+            s2t.ok(Array.isArray(combined), 'result is an array');
+            s2t.end();
+        });
+
+        st.test('with arrayLimit 0 converts single element to object', function (s2t) {
+            var combined = utils.combine([], 'a', 0, false);
+            s2t.deepEqual(combined, { 0: 'a' }, 'converts to object when count exceeds limit');
+            s2t.notOk(Array.isArray(combined), 'result is not an array');
+            s2t.end();
+        });
+
+        st.test('with arrayLimit 0 and two elements converts to object', function (s2t) {
+            var combined = utils.combine(['a'], 'b', 0, false);
+            s2t.deepEqual(combined, { 0: 'a', 1: 'b' }, 'converts to object when count exceeds limit');
+            s2t.notOk(Array.isArray(combined), 'result is not an array');
+            s2t.end();
+        });
+
+        st.test('with plainObjects option', function (s2t) {
+            var combined = utils.combine(['a', 'b'], 'c', 1, true);
+            var expected = { __proto__: null, 0: 'a', 1: 'b', 2: 'c' };
+            s2t.deepEqual(combined, expected, 'converts to object with null prototype');
+            s2t.equal(Object.getPrototypeOf(combined), null, 'result has null prototype when plainObjects is true');
+            s2t.end();
+        });
+
+        st.end();
+    });
+
+    t.test('with existing overflow object', function (st) {
+        st.test('adds to existing overflow object at next index', function (s2t) {
+            // Create overflow object first via combine: 3 elements (indices 0-2) with limit 0
+            var overflow = utils.combine(['a', 'b'], 'c', 0, false);
+            s2t.ok(utils.isOverflow(overflow), 'initial object is marked as overflow');
+
+            var combined = utils.combine(overflow, 'd', 10, false);
+            s2t.equal(combined, overflow, 'returns the same object (mutated)');
+            s2t.deepEqual(combined, { 0: 'a', 1: 'b', 2: 'c', 3: 'd' }, 'adds value at next numeric index');
+            s2t.end();
+        });
+
+        st.test('does not treat plain object with numeric keys as overflow', function (s2t) {
+            var plainObj = { 0: 'a', 1: 'b' };
+            s2t.notOk(utils.isOverflow(plainObj), 'plain object is not marked as overflow');
+
+            // combine treats this as a regular value, not an overflow object to append to
+            var combined = utils.combine(plainObj, 'c', 10, false);
+            s2t.deepEqual(combined, [{ 0: 'a', 1: 'b' }, 'c'], 'concatenates as regular values');
+            s2t.end();
+        });
+
+        st.end();
+    });
+
+    t.end();
+});
+
+test('decode', function (t) {
+    t.equal(
+        utils.decode('a+b'),
+        'a b',
+        'decodes + to space'
+    );
+
+    t.equal(
+        utils.decode('name%2Eobj'),
+        'name.obj',
+        'decodes a string'
+    );
+    t.equal(
+        utils.decode('name%2Eobj%2Efoo', null, 'iso-8859-1'),
+        'name.obj.foo',
+        'decodes a string in iso-8859-1'
+    );
+
+    t.end();
+});
+
+test('encode', function (t) {
+    forEach(v.nullPrimitives, function (nullish) {
+        t['throws'](
+            function () { utils.encode(nullish); },
+            TypeError,
+            inspect(nullish) + ' is not a string'
+        );
+    });
+
+    t.equal(utils.encode(''), '', 'empty string returns itself');
+    t.deepEqual(utils.encode([]), [], 'empty array returns itself');
+    t.deepEqual(utils.encode({ length: 0 }), { length: 0 }, 'empty arraylike returns itself');
+
+    t.test('symbols', { skip: !v.hasSymbols }, function (st) {
+        st.equal(utils.encode(Symbol('x')), 'Symbol%28x%29', 'symbol is encoded');
+
+        st.end();
+    });
+
+    t.equal(
+        utils.encode('(abc)'),
+        '%28abc%29',
+        'encodes parentheses'
+    );
+    t.equal(
+        utils.encode({ toString: function () { return '(abc)'; } }),
+        '%28abc%29',
+        'toStrings and encodes parentheses'
+    );
+
+    t.equal(
+        utils.encode('abc 123 💩', null, 'iso-8859-1'),
+        'abc%20123%20%26%2355357%3B%26%2356489%3B',
+        'encodes in iso-8859-1'
+    );
+
+    var longString = '';
+    var expectedString = '';
+    for (var i = 0; i < 1500; i++) {
+        longString += ' ';
+        expectedString += '%20';
+    }
+
+    t.equal(
+        utils.encode(longString),
+        expectedString,
+        'encodes a long string'
+    );
+
+    t.equal(
+        utils.encode('\x28\x29'),
+        '%28%29',
+        'encodes parens normally'
+    );
+    t.equal(
+        utils.encode('\x28\x29', null, null, null, 'RFC1738'),
+        '()',
+        'does not encode parens in RFC1738'
+    );
+
+    // todo RFC1738 format
+
+    t.equal(
+        utils.encode('Āက豈'),
+        '%C4%80%E1%80%80%EF%A4%80',
+        'encodes multibyte chars'
+    );
+
+    t.equal(
+        utils.encode('\uD83D \uDCA9'),
+        '%F0%9F%90%A0%F0%BA%90%80',
+        'encodes lone surrogates'
+    );
+
+    t.end();
+});
+
+test('isBuffer()', function (t) {
+    forEach([null, undefined, true, false, '', 'abc', 42, 0, NaN, {}, [], function () {}, /a/g], function (x) {
+        t.equal(utils.isBuffer(x), false, inspect(x) + ' is not a buffer');
+    });
+
+    var fakeBuffer = { constructor: Buffer };
+    t.equal(utils.isBuffer(fakeBuffer), false, 'fake buffer is not a buffer');
+
+    var saferBuffer = SaferBuffer.from('abc');
+    t.equal(utils.isBuffer(saferBuffer), true, 'SaferBuffer instance is a buffer');
+
+    var buffer = Buffer.from && Buffer.alloc ? Buffer.from('abc') : new Buffer('abc');
+    t.equal(utils.isBuffer(buffer), true, 'real Buffer instance is a buffer');
+    t.end();
+});
+
+test('isRegExp()', function (t) {
+    t.equal(utils.isRegExp(/a/g), true, 'RegExp is a RegExp');
+    t.equal(utils.isRegExp(new RegExp('a', 'g')), true, 'new RegExp is a RegExp');
+    t.equal(utils.isRegExp(new Date()), false, 'Date is not a RegExp');
+
+    forEach(v.primitives, function (primitive) {
+        t.equal(utils.isRegExp(primitive), false, inspect(primitive) + ' is not a RegExp');
+    });
+
+    t.end();
+});
diff --git a/src/Servers/ExpressServer/node_modules/range-parser/HISTORY.md b/src/Servers/ExpressServer/node_modules/range-parser/HISTORY.md
new file mode 100644
index 0000000..70a973d
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/range-parser/HISTORY.md
@@ -0,0 +1,56 @@
+1.2.1 / 2019-05-10
+==================
+
+  * Improve error when `str` is not a string
+
+1.2.0 / 2016-06-01
+==================
+
+  * Add `combine` option to combine overlapping ranges
+
+1.1.0 / 2016-05-13
+==================
+
+  * Fix incorrectly returning -1 when there is at least one valid range
+  * perf: remove internal function
+
+1.0.3 / 2015-10-29
+==================
+
+  * perf: enable strict mode
+
+1.0.2 / 2014-09-08
+==================
+
+  * Support Node.js 0.6
+
+1.0.1 / 2014-09-07
+==================
+
+  * Move repository to jshttp
+
+1.0.0 / 2013-12-11
+==================
+
+  * Add repository to package.json
+  * Add MIT license
+
+0.0.4 / 2012-06-17
+==================
+
+  * Change ret -1 for unsatisfiable and -2 when invalid
+
+0.0.3 / 2012-06-17
+==================
+
+  * Fix last-byte-pos default to len - 1
+
+0.0.2 / 2012-06-14
+==================
+
+  * Add `.type`
+
+0.0.1 / 2012-06-11
+==================
+
+  * Initial release
diff --git a/src/Servers/ExpressServer/node_modules/range-parser/LICENSE b/src/Servers/ExpressServer/node_modules/range-parser/LICENSE
new file mode 100644
index 0000000..3599954
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/range-parser/LICENSE
@@ -0,0 +1,23 @@
+(The MIT License)
+
+Copyright (c) 2012-2014 TJ Holowaychuk <tj@vision-media.ca>
+Copyright (c) 2015-2016 Douglas Christopher Wilson <doug@somethingdoug.com
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/range-parser/README.md b/src/Servers/ExpressServer/node_modules/range-parser/README.md
new file mode 100644
index 0000000..c247e82
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/range-parser/README.md
@@ -0,0 +1,84 @@
+# range-parser
+
+[![NPM Version][npm-version-image]][npm-url]
+[![NPM Downloads][npm-downloads-image]][npm-url]
+[![Node.js Version][node-image]][node-url]
+[![Build Status][travis-image]][travis-url]
+[![Test Coverage][coveralls-image]][coveralls-url]
+
+Range header field parser.
+
+## Installation
+
+This is a [Node.js](https://nodejs.org/en/) module available through the
+[npm registry](https://www.npmjs.com/). Installation is done using the
+[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
+
+```sh
+$ npm install range-parser
+```
+
+## API
+
+<!-- eslint-disable no-unused-vars -->
+
+```js
+var parseRange = require('range-parser')
+```
+
+### parseRange(size, header, options)
+
+Parse the given `header` string where `size` is the maximum size of the resource.
+An array of ranges will be returned or negative numbers indicating an error parsing.
+
+  * `-2` signals a malformed header string
+  * `-1` signals an unsatisfiable range
+
+<!-- eslint-disable no-undef -->
+
+```js
+// parse header from request
+var range = parseRange(size, req.headers.range)
+
+// the type of the range
+if (range.type === 'bytes') {
+  // the ranges
+  range.forEach(function (r) {
+    // do something with r.start and r.end
+  })
+}
+```
+
+#### Options
+
+These properties are accepted in the options object.
+
+##### combine
+
+Specifies if overlapping & adjacent ranges should be combined, defaults to `false`.
+When `true`, ranges will be combined and returned as if they were specified that
+way in the header.
+
+<!-- eslint-disable no-undef -->
+
+```js
+parseRange(100, 'bytes=50-55,0-10,5-10,56-60', { combine: true })
+// => [
+//      { start: 0,  end: 10 },
+//      { start: 50, end: 60 }
+//    ]
+```
+
+## License
+
+[MIT](LICENSE)
+
+[coveralls-image]: https://badgen.net/coveralls/c/github/jshttp/range-parser/master
+[coveralls-url]: https://coveralls.io/r/jshttp/range-parser?branch=master
+[node-image]: https://badgen.net/npm/node/range-parser
+[node-url]: https://nodejs.org/en/download
+[npm-downloads-image]: https://badgen.net/npm/dm/range-parser
+[npm-url]: https://npmjs.org/package/range-parser
+[npm-version-image]: https://badgen.net/npm/v/range-parser
+[travis-image]: https://badgen.net/travis/jshttp/range-parser/master
+[travis-url]: https://travis-ci.org/jshttp/range-parser
diff --git a/src/Servers/ExpressServer/node_modules/range-parser/index.js b/src/Servers/ExpressServer/node_modules/range-parser/index.js
new file mode 100644
index 0000000..b7dc5c0
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/range-parser/index.js
@@ -0,0 +1,162 @@
+/*!
+ * range-parser
+ * Copyright(c) 2012-2014 TJ Holowaychuk
+ * Copyright(c) 2015-2016 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict'
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = rangeParser
+
+/**
+ * Parse "Range" header `str` relative to the given file `size`.
+ *
+ * @param {Number} size
+ * @param {String} str
+ * @param {Object} [options]
+ * @return {Array}
+ * @public
+ */
+
+function rangeParser (size, str, options) {
+  if (typeof str !== 'string') {
+    throw new TypeError('argument str must be a string')
+  }
+
+  var index = str.indexOf('=')
+
+  if (index === -1) {
+    return -2
+  }
+
+  // split the range string
+  var arr = str.slice(index + 1).split(',')
+  var ranges = []
+
+  // add ranges type
+  ranges.type = str.slice(0, index)
+
+  // parse all ranges
+  for (var i = 0; i < arr.length; i++) {
+    var range = arr[i].split('-')
+    var start = parseInt(range[0], 10)
+    var end = parseInt(range[1], 10)
+
+    // -nnn
+    if (isNaN(start)) {
+      start = size - end
+      end = size - 1
+    // nnn-
+    } else if (isNaN(end)) {
+      end = size - 1
+    }
+
+    // limit last-byte-pos to current length
+    if (end > size - 1) {
+      end = size - 1
+    }
+
+    // invalid or unsatisifiable
+    if (isNaN(start) || isNaN(end) || start > end || start < 0) {
+      continue
+    }
+
+    // add range
+    ranges.push({
+      start: start,
+      end: end
+    })
+  }
+
+  if (ranges.length < 1) {
+    // unsatisifiable
+    return -1
+  }
+
+  return options && options.combine
+    ? combineRanges(ranges)
+    : ranges
+}
+
+/**
+ * Combine overlapping & adjacent ranges.
+ * @private
+ */
+
+function combineRanges (ranges) {
+  var ordered = ranges.map(mapWithIndex).sort(sortByRangeStart)
+
+  for (var j = 0, i = 1; i < ordered.length; i++) {
+    var range = ordered[i]
+    var current = ordered[j]
+
+    if (range.start > current.end + 1) {
+      // next range
+      ordered[++j] = range
+    } else if (range.end > current.end) {
+      // extend range
+      current.end = range.end
+      current.index = Math.min(current.index, range.index)
+    }
+  }
+
+  // trim ordered array
+  ordered.length = j + 1
+
+  // generate combined range
+  var combined = ordered.sort(sortByRangeIndex).map(mapWithoutIndex)
+
+  // copy ranges type
+  combined.type = ranges.type
+
+  return combined
+}
+
+/**
+ * Map function to add index value to ranges.
+ * @private
+ */
+
+function mapWithIndex (range, index) {
+  return {
+    start: range.start,
+    end: range.end,
+    index: index
+  }
+}
+
+/**
+ * Map function to remove index value from ranges.
+ * @private
+ */
+
+function mapWithoutIndex (range) {
+  return {
+    start: range.start,
+    end: range.end
+  }
+}
+
+/**
+ * Sort function to sort ranges by index.
+ * @private
+ */
+
+function sortByRangeIndex (a, b) {
+  return a.index - b.index
+}
+
+/**
+ * Sort function to sort ranges by start position.
+ * @private
+ */
+
+function sortByRangeStart (a, b) {
+  return a.start - b.start
+}
diff --git a/src/Servers/ExpressServer/node_modules/range-parser/package.json b/src/Servers/ExpressServer/node_modules/range-parser/package.json
new file mode 100644
index 0000000..abea6d8
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/range-parser/package.json
@@ -0,0 +1,44 @@
+{
+  "name": "range-parser",
+  "author": "TJ Holowaychuk <tj@vision-media.ca> (http://tjholowaychuk.com)",
+  "description": "Range header field string parser",
+  "version": "1.2.1",
+  "contributors": [
+    "Douglas Christopher Wilson <doug@somethingdoug.com>",
+    "James Wyatt Cready <wyatt.cready@lanetix.com>",
+    "Jonathan Ong <me@jongleberry.com> (http://jongleberry.com)"
+  ],
+  "license": "MIT",
+  "keywords": [
+    "range",
+    "parser",
+    "http"
+  ],
+  "repository": "jshttp/range-parser",
+  "devDependencies": {
+    "deep-equal": "1.0.1",
+    "eslint": "5.16.0",
+    "eslint-config-standard": "12.0.0",
+    "eslint-plugin-markdown": "1.0.0",
+    "eslint-plugin-import": "2.17.2",
+    "eslint-plugin-node": "8.0.1",
+    "eslint-plugin-promise": "4.1.1",
+    "eslint-plugin-standard": "4.0.0",
+    "mocha": "6.1.4",
+    "nyc": "14.1.1"
+  },
+  "files": [
+    "HISTORY.md",
+    "LICENSE",
+    "index.js"
+  ],
+  "engines": {
+    "node": ">= 0.6"
+  },
+  "scripts": {
+    "lint": "eslint --plugin markdown --ext js,md .",
+    "test": "mocha --reporter spec",
+    "test-cov": "nyc --reporter=html --reporter=text npm test",
+    "test-travis": "nyc --reporter=text npm test"
+  }
+}
diff --git a/src/Servers/ExpressServer/node_modules/raw-body/LICENSE b/src/Servers/ExpressServer/node_modules/raw-body/LICENSE
new file mode 100644
index 0000000..1029a7a
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/raw-body/LICENSE
@@ -0,0 +1,22 @@
+The MIT License (MIT)
+
+Copyright (c) 2013-2014 Jonathan Ong <me@jongleberry.com>
+Copyright (c) 2014-2022 Douglas Christopher Wilson <doug@somethingdoug.com>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/raw-body/README.md b/src/Servers/ExpressServer/node_modules/raw-body/README.md
new file mode 100644
index 0000000..d9b36d6
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/raw-body/README.md
@@ -0,0 +1,223 @@
+# raw-body
+
+[![NPM Version][npm-image]][npm-url]
+[![NPM Downloads][downloads-image]][downloads-url]
+[![Node.js Version][node-version-image]][node-version-url]
+[![Build status][github-actions-ci-image]][github-actions-ci-url]
+[![Test coverage][coveralls-image]][coveralls-url]
+
+Gets the entire buffer of a stream either as a `Buffer` or a string.
+Validates the stream's length against an expected length and maximum limit.
+Ideal for parsing request bodies.
+
+## Install
+
+This is a [Node.js](https://nodejs.org/en/) module available through the
+[npm registry](https://www.npmjs.com/). Installation is done using the
+[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
+
+```sh
+$ npm install raw-body
+```
+
+### TypeScript
+
+This module includes a [TypeScript](https://www.typescriptlang.org/)
+declaration file to enable auto complete in compatible editors and type
+information for TypeScript projects. This module depends on the Node.js
+types, so install `@types/node`:
+
+```sh
+$ npm install @types/node
+```
+
+## API
+
+```js
+var getRawBody = require('raw-body')
+```
+
+### getRawBody(stream, [options], [callback])
+
+**Returns a promise if no callback specified and global `Promise` exists.**
+
+Options:
+
+- `length` - The length of the stream.
+  If the contents of the stream do not add up to this length,
+  an `400` error code is returned.
+- `limit` - The byte limit of the body.
+  This is the number of bytes or any string format supported by
+  [bytes](https://www.npmjs.com/package/bytes),
+  for example `1000`, `'500kb'` or `'3mb'`.
+  If the body ends up being larger than this limit,
+  a `413` error code is returned.
+- `encoding` - The encoding to use to decode the body into a string.
+  By default, a `Buffer` instance will be returned when no encoding is specified.
+  Most likely, you want `utf-8`, so setting `encoding` to `true` will decode as `utf-8`.
+  You can use any type of encoding supported by [iconv-lite](https://www.npmjs.org/package/iconv-lite#readme).
+
+You can also pass a string in place of options to just specify the encoding.
+
+If an error occurs, the stream will be paused, everything unpiped,
+and you are responsible for correctly disposing the stream.
+For HTTP requests, you may need to finish consuming the stream if
+you want to keep the socket open for future requests. For streams
+that use file descriptors, you should `stream.destroy()` or
+`stream.close()` to prevent leaks.
+
+## Errors
+
+This module creates errors depending on the error condition during reading.
+The error may be an error from the underlying Node.js implementation, but is
+otherwise an error created by this module, which has the following attributes:
+
+  * `limit` - the limit in bytes
+  * `length` and `expected` - the expected length of the stream
+  * `received` - the received bytes
+  * `encoding` - the invalid encoding
+  * `status` and `statusCode` - the corresponding status code for the error
+  * `type` - the error type
+
+### Types
+
+The errors from this module have a `type` property which allows for the programmatic
+determination of the type of error returned.
+
+#### encoding.unsupported
+
+This error will occur when the `encoding` option is specified, but the value does
+not map to an encoding supported by the [iconv-lite](https://www.npmjs.org/package/iconv-lite#readme)
+module.
+
+#### entity.too.large
+
+This error will occur when the `limit` option is specified, but the stream has
+an entity that is larger.
+
+#### request.aborted
+
+This error will occur when the request stream is aborted by the client before
+reading the body has finished.
+
+#### request.size.invalid
+
+This error will occur when the `length` option is specified, but the stream has
+emitted more bytes.
+
+#### stream.encoding.set
+
+This error will occur when the given stream has an encoding set on it, making it
+a decoded stream. The stream should not have an encoding set and is expected to
+emit `Buffer` objects.
+
+#### stream.not.readable
+
+This error will occur when the given stream is not readable.
+
+## Examples
+
+### Simple Express example
+
+```js
+var contentType = require('content-type')
+var express = require('express')
+var getRawBody = require('raw-body')
+
+var app = express()
+
+app.use(function (req, res, next) {
+  getRawBody(req, {
+    length: req.headers['content-length'],
+    limit: '1mb',
+    encoding: contentType.parse(req).parameters.charset
+  }, function (err, string) {
+    if (err) return next(err)
+    req.text = string
+    next()
+  })
+})
+
+// now access req.text
+```
+
+### Simple Koa example
+
+```js
+var contentType = require('content-type')
+var getRawBody = require('raw-body')
+var koa = require('koa')
+
+var app = koa()
+
+app.use(function * (next) {
+  this.text = yield getRawBody(this.req, {
+    length: this.req.headers['content-length'],
+    limit: '1mb',
+    encoding: contentType.parse(this.req).parameters.charset
+  })
+  yield next
+})
+
+// now access this.text
+```
+
+### Using as a promise
+
+To use this library as a promise, simply omit the `callback` and a promise is
+returned, provided that a global `Promise` is defined.
+
+```js
+var getRawBody = require('raw-body')
+var http = require('http')
+
+var server = http.createServer(function (req, res) {
+  getRawBody(req)
+    .then(function (buf) {
+      res.statusCode = 200
+      res.end(buf.length + ' bytes submitted')
+    })
+    .catch(function (err) {
+      res.statusCode = 500
+      res.end(err.message)
+    })
+})
+
+server.listen(3000)
+```
+
+### Using with TypeScript
+
+```ts
+import * as getRawBody from 'raw-body';
+import * as http from 'http';
+
+const server = http.createServer((req, res) => {
+  getRawBody(req)
+  .then((buf) => {
+    res.statusCode = 200;
+    res.end(buf.length + ' bytes submitted');
+  })
+  .catch((err) => {
+    res.statusCode = err.statusCode;
+    res.end(err.message);
+  });
+});
+
+server.listen(3000);
+```
+
+## License
+
+[MIT](LICENSE)
+
+[npm-image]: https://img.shields.io/npm/v/raw-body.svg
+[npm-url]: https://npmjs.org/package/raw-body
+[node-version-image]: https://img.shields.io/node/v/raw-body.svg
+[node-version-url]: https://nodejs.org/en/download/
+[coveralls-image]: https://img.shields.io/coveralls/stream-utils/raw-body/master.svg
+[coveralls-url]: https://coveralls.io/r/stream-utils/raw-body?branch=master
+[downloads-image]: https://img.shields.io/npm/dm/raw-body.svg
+[downloads-url]: https://npmjs.org/package/raw-body
+[github-actions-ci-image]: https://img.shields.io/github/actions/workflow/status/stream-utils/raw-body/ci.yml?branch=master&label=ci
+[github-actions-ci-url]: https://github.com/jshttp/stream-utils/raw-body?query=workflow%3Aci
diff --git a/src/Servers/ExpressServer/node_modules/raw-body/index.d.ts b/src/Servers/ExpressServer/node_modules/raw-body/index.d.ts
new file mode 100644
index 0000000..dcbbebd
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/raw-body/index.d.ts
@@ -0,0 +1,87 @@
+import { Readable } from 'stream';
+
+declare namespace getRawBody {
+  export type Encoding = string | true;
+
+  export interface Options {
+    /**
+     * The expected length of the stream.
+     */
+    length?: number | string | null;
+    /**
+     * The byte limit of the body. This is the number of bytes or any string
+     * format supported by `bytes`, for example `1000`, `'500kb'` or `'3mb'`.
+     */
+    limit?: number | string | null;
+    /**
+     * The encoding to use to decode the body into a string. By default, a
+     * `Buffer` instance will be returned when no encoding is specified. Most
+     * likely, you want `utf-8`, so setting encoding to `true` will decode as
+     * `utf-8`. You can use any type of encoding supported by `iconv-lite`.
+     */
+    encoding?: Encoding | null;
+  }
+
+  export interface RawBodyError extends Error {
+    /**
+     * The limit in bytes.
+     */
+    limit?: number;
+    /**
+     * The expected length of the stream.
+     */
+    length?: number;
+    expected?: number;
+    /**
+     * The received bytes.
+     */
+    received?: number;
+    /**
+     * The encoding.
+     */
+    encoding?: string;
+    /**
+     * The corresponding status code for the error.
+     */
+    status: number;
+    statusCode: number;
+    /**
+     * The error type.
+     */
+    type: string;
+  }
+}
+
+/**
+ * Gets the entire buffer of a stream either as a `Buffer` or a string.
+ * Validates the stream's length against an expected length and maximum
+ * limit. Ideal for parsing request bodies.
+ */
+declare function getRawBody(
+  stream: Readable,
+  callback: (err: getRawBody.RawBodyError, body: Buffer) => void
+): void;
+
+declare function getRawBody(
+  stream: Readable,
+  options: (getRawBody.Options & { encoding: getRawBody.Encoding }) | getRawBody.Encoding,
+  callback: (err: getRawBody.RawBodyError, body: string) => void
+): void;
+
+declare function getRawBody(
+  stream: Readable,
+  options: getRawBody.Options,
+  callback: (err: getRawBody.RawBodyError, body: Buffer) => void
+): void;
+
+declare function getRawBody(
+  stream: Readable,
+  options: (getRawBody.Options & { encoding: getRawBody.Encoding }) | getRawBody.Encoding
+): Promise<string>;
+
+declare function getRawBody(
+  stream: Readable,
+  options?: getRawBody.Options
+): Promise<Buffer>;
+
+export = getRawBody;
diff --git a/src/Servers/ExpressServer/node_modules/raw-body/index.js b/src/Servers/ExpressServer/node_modules/raw-body/index.js
new file mode 100644
index 0000000..9cdcd12
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/raw-body/index.js
@@ -0,0 +1,336 @@
+/*!
+ * raw-body
+ * Copyright(c) 2013-2014 Jonathan Ong
+ * Copyright(c) 2014-2022 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict'
+
+/**
+ * Module dependencies.
+ * @private
+ */
+
+var asyncHooks = tryRequireAsyncHooks()
+var bytes = require('bytes')
+var createError = require('http-errors')
+var iconv = require('iconv-lite')
+var unpipe = require('unpipe')
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = getRawBody
+
+/**
+ * Module variables.
+ * @private
+ */
+
+var ICONV_ENCODING_MESSAGE_REGEXP = /^Encoding not recognized: /
+
+/**
+ * Get the decoder for a given encoding.
+ *
+ * @param {string} encoding
+ * @private
+ */
+
+function getDecoder (encoding) {
+  if (!encoding) return null
+
+  try {
+    return iconv.getDecoder(encoding)
+  } catch (e) {
+    // error getting decoder
+    if (!ICONV_ENCODING_MESSAGE_REGEXP.test(e.message)) throw e
+
+    // the encoding was not found
+    throw createError(415, 'specified encoding unsupported', {
+      encoding: encoding,
+      type: 'encoding.unsupported'
+    })
+  }
+}
+
+/**
+ * Get the raw body of a stream (typically HTTP).
+ *
+ * @param {object} stream
+ * @param {object|string|function} [options]
+ * @param {function} [callback]
+ * @public
+ */
+
+function getRawBody (stream, options, callback) {
+  var done = callback
+  var opts = options || {}
+
+  // light validation
+  if (stream === undefined) {
+    throw new TypeError('argument stream is required')
+  } else if (typeof stream !== 'object' || stream === null || typeof stream.on !== 'function') {
+    throw new TypeError('argument stream must be a stream')
+  }
+
+  if (options === true || typeof options === 'string') {
+    // short cut for encoding
+    opts = {
+      encoding: options
+    }
+  }
+
+  if (typeof options === 'function') {
+    done = options
+    opts = {}
+  }
+
+  // validate callback is a function, if provided
+  if (done !== undefined && typeof done !== 'function') {
+    throw new TypeError('argument callback must be a function')
+  }
+
+  // require the callback without promises
+  if (!done && !global.Promise) {
+    throw new TypeError('argument callback is required')
+  }
+
+  // get encoding
+  var encoding = opts.encoding !== true
+    ? opts.encoding
+    : 'utf-8'
+
+  // convert the limit to an integer
+  var limit = bytes.parse(opts.limit)
+
+  // convert the expected length to an integer
+  var length = opts.length != null && !isNaN(opts.length)
+    ? parseInt(opts.length, 10)
+    : null
+
+  if (done) {
+    // classic callback style
+    return readStream(stream, encoding, length, limit, wrap(done))
+  }
+
+  return new Promise(function executor (resolve, reject) {
+    readStream(stream, encoding, length, limit, function onRead (err, buf) {
+      if (err) return reject(err)
+      resolve(buf)
+    })
+  })
+}
+
+/**
+ * Halt a stream.
+ *
+ * @param {Object} stream
+ * @private
+ */
+
+function halt (stream) {
+  // unpipe everything from the stream
+  unpipe(stream)
+
+  // pause stream
+  if (typeof stream.pause === 'function') {
+    stream.pause()
+  }
+}
+
+/**
+ * Read the data from the stream.
+ *
+ * @param {object} stream
+ * @param {string} encoding
+ * @param {number} length
+ * @param {number} limit
+ * @param {function} callback
+ * @public
+ */
+
+function readStream (stream, encoding, length, limit, callback) {
+  var complete = false
+  var sync = true
+
+  // check the length and limit options.
+  // note: we intentionally leave the stream paused,
+  // so users should handle the stream themselves.
+  if (limit !== null && length !== null && length > limit) {
+    return done(createError(413, 'request entity too large', {
+      expected: length,
+      length: length,
+      limit: limit,
+      type: 'entity.too.large'
+    }))
+  }
+
+  // streams1: assert request encoding is buffer.
+  // streams2+: assert the stream encoding is buffer.
+  //   stream._decoder: streams1
+  //   state.encoding: streams2
+  //   state.decoder: streams2, specifically < 0.10.6
+  var state = stream._readableState
+  if (stream._decoder || (state && (state.encoding || state.decoder))) {
+    // developer error
+    return done(createError(500, 'stream encoding should not be set', {
+      type: 'stream.encoding.set'
+    }))
+  }
+
+  if (typeof stream.readable !== 'undefined' && !stream.readable) {
+    return done(createError(500, 'stream is not readable', {
+      type: 'stream.not.readable'
+    }))
+  }
+
+  var received = 0
+  var decoder
+
+  try {
+    decoder = getDecoder(encoding)
+  } catch (err) {
+    return done(err)
+  }
+
+  var buffer = decoder
+    ? ''
+    : []
+
+  // attach listeners
+  stream.on('aborted', onAborted)
+  stream.on('close', cleanup)
+  stream.on('data', onData)
+  stream.on('end', onEnd)
+  stream.on('error', onEnd)
+
+  // mark sync section complete
+  sync = false
+
+  function done () {
+    var args = new Array(arguments.length)
+
+    // copy arguments
+    for (var i = 0; i < args.length; i++) {
+      args[i] = arguments[i]
+    }
+
+    // mark complete
+    complete = true
+
+    if (sync) {
+      process.nextTick(invokeCallback)
+    } else {
+      invokeCallback()
+    }
+
+    function invokeCallback () {
+      cleanup()
+
+      if (args[0]) {
+        // halt the stream on error
+        halt(stream)
+      }
+
+      callback.apply(null, args)
+    }
+  }
+
+  function onAborted () {
+    if (complete) return
+
+    done(createError(400, 'request aborted', {
+      code: 'ECONNABORTED',
+      expected: length,
+      length: length,
+      received: received,
+      type: 'request.aborted'
+    }))
+  }
+
+  function onData (chunk) {
+    if (complete) return
+
+    received += chunk.length
+
+    if (limit !== null && received > limit) {
+      done(createError(413, 'request entity too large', {
+        limit: limit,
+        received: received,
+        type: 'entity.too.large'
+      }))
+    } else if (decoder) {
+      buffer += decoder.write(chunk)
+    } else {
+      buffer.push(chunk)
+    }
+  }
+
+  function onEnd (err) {
+    if (complete) return
+    if (err) return done(err)
+
+    if (length !== null && received !== length) {
+      done(createError(400, 'request size did not match content length', {
+        expected: length,
+        length: length,
+        received: received,
+        type: 'request.size.invalid'
+      }))
+    } else {
+      var string = decoder
+        ? buffer + (decoder.end() || '')
+        : Buffer.concat(buffer)
+      done(null, string)
+    }
+  }
+
+  function cleanup () {
+    buffer = null
+
+    stream.removeListener('aborted', onAborted)
+    stream.removeListener('data', onData)
+    stream.removeListener('end', onEnd)
+    stream.removeListener('error', onEnd)
+    stream.removeListener('close', cleanup)
+  }
+}
+
+/**
+ * Try to require async_hooks
+ * @private
+ */
+
+function tryRequireAsyncHooks () {
+  try {
+    return require('async_hooks')
+  } catch (e) {
+    return {}
+  }
+}
+
+/**
+ * Wrap function with async resource, if possible.
+ * AsyncResource.bind static method backported.
+ * @private
+ */
+
+function wrap (fn) {
+  var res
+
+  // create anonymous resource
+  if (asyncHooks.AsyncResource) {
+    res = new asyncHooks.AsyncResource(fn.name || 'bound-anonymous-fn')
+  }
+
+  // incompatible node.js
+  if (!res || !res.runInAsyncScope) {
+    return fn
+  }
+
+  // return bound function
+  return res.runInAsyncScope.bind(res, fn, null)
+}
diff --git a/src/Servers/ExpressServer/node_modules/raw-body/package.json b/src/Servers/ExpressServer/node_modules/raw-body/package.json
new file mode 100644
index 0000000..d8120af
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/raw-body/package.json
@@ -0,0 +1,47 @@
+{
+  "name": "raw-body",
+  "description": "Get and validate the raw body of a readable stream.",
+  "version": "2.5.3",
+  "author": "Jonathan Ong <me@jongleberry.com> (http://jongleberry.com)",
+  "contributors": [
+    "Douglas Christopher Wilson <doug@somethingdoug.com>",
+    "Raynos <raynos2@gmail.com>"
+  ],
+  "license": "MIT",
+  "repository": "stream-utils/raw-body",
+  "dependencies": {
+    "bytes": "~3.1.2",
+    "http-errors": "~2.0.1",
+    "iconv-lite": "~0.4.24",
+    "unpipe": "~1.0.0"
+  },
+  "devDependencies": {
+    "bluebird": "3.7.2",
+    "eslint": "8.34.0",
+    "eslint-config-standard": "15.0.1",
+    "eslint-plugin-import": "2.27.5",
+    "eslint-plugin-markdown": "3.0.0",
+    "eslint-plugin-node": "11.1.0",
+    "eslint-plugin-promise": "6.1.1",
+    "eslint-plugin-standard": "4.1.0",
+    "mocha": "10.2.0",
+    "nyc": "15.1.0",
+    "readable-stream": "2.3.7",
+    "safe-buffer": "5.2.1"
+  },
+  "engines": {
+    "node": ">= 0.8"
+  },
+  "files": [
+    "LICENSE",
+    "README.md",
+    "index.d.ts",
+    "index.js"
+  ],
+  "scripts": {
+    "lint": "eslint .",
+    "test": "mocha --trace-deprecation --reporter spec --bail --check-leaks test/",
+    "test-ci": "nyc --reporter=lcovonly --reporter=text npm test",
+    "test-cov": "nyc --reporter=html --reporter=text npm test"
+  }
+}
diff --git a/src/Servers/ExpressServer/node_modules/safe-buffer/LICENSE b/src/Servers/ExpressServer/node_modules/safe-buffer/LICENSE
new file mode 100644
index 0000000..0c068ce
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/safe-buffer/LICENSE
@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) Feross Aboukhadijeh
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/safe-buffer/README.md b/src/Servers/ExpressServer/node_modules/safe-buffer/README.md
new file mode 100644
index 0000000..e9a81af
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/safe-buffer/README.md
@@ -0,0 +1,584 @@
+# safe-buffer [![travis][travis-image]][travis-url] [![npm][npm-image]][npm-url] [![downloads][downloads-image]][downloads-url] [![javascript style guide][standard-image]][standard-url]
+
+[travis-image]: https://img.shields.io/travis/feross/safe-buffer/master.svg
+[travis-url]: https://travis-ci.org/feross/safe-buffer
+[npm-image]: https://img.shields.io/npm/v/safe-buffer.svg
+[npm-url]: https://npmjs.org/package/safe-buffer
+[downloads-image]: https://img.shields.io/npm/dm/safe-buffer.svg
+[downloads-url]: https://npmjs.org/package/safe-buffer
+[standard-image]: https://img.shields.io/badge/code_style-standard-brightgreen.svg
+[standard-url]: https://standardjs.com
+
+#### Safer Node.js Buffer API
+
+**Use the new Node.js Buffer APIs (`Buffer.from`, `Buffer.alloc`,
+`Buffer.allocUnsafe`, `Buffer.allocUnsafeSlow`) in all versions of Node.js.**
+
+**Uses the built-in implementation when available.**
+
+## install
+
+```
+npm install safe-buffer
+```
+
+## usage
+
+The goal of this package is to provide a safe replacement for the node.js `Buffer`.
+
+It's a drop-in replacement for `Buffer`. You can use it by adding one `require` line to
+the top of your node.js modules:
+
+```js
+var Buffer = require('safe-buffer').Buffer
+
+// Existing buffer code will continue to work without issues:
+
+new Buffer('hey', 'utf8')
+new Buffer([1, 2, 3], 'utf8')
+new Buffer(obj)
+new Buffer(16) // create an uninitialized buffer (potentially unsafe)
+
+// But you can use these new explicit APIs to make clear what you want:
+
+Buffer.from('hey', 'utf8') // convert from many types to a Buffer
+Buffer.alloc(16) // create a zero-filled buffer (safe)
+Buffer.allocUnsafe(16) // create an uninitialized buffer (potentially unsafe)
+```
+
+## api
+
+### Class Method: Buffer.from(array)
+<!-- YAML
+added: v3.0.0
+-->
+
+* `array` {Array}
+
+Allocates a new `Buffer` using an `array` of octets.
+
+```js
+const buf = Buffer.from([0x62,0x75,0x66,0x66,0x65,0x72]);
+  // creates a new Buffer containing ASCII bytes
+  // ['b','u','f','f','e','r']
+```
+
+A `TypeError` will be thrown if `array` is not an `Array`.
+
+### Class Method: Buffer.from(arrayBuffer[, byteOffset[, length]])
+<!-- YAML
+added: v5.10.0
+-->
+
+* `arrayBuffer` {ArrayBuffer} The `.buffer` property of a `TypedArray` or
+  a `new ArrayBuffer()`
+* `byteOffset` {Number} Default: `0`
+* `length` {Number} Default: `arrayBuffer.length - byteOffset`
+
+When passed a reference to the `.buffer` property of a `TypedArray` instance,
+the newly created `Buffer` will share the same allocated memory as the
+TypedArray.
+
+```js
+const arr = new Uint16Array(2);
+arr[0] = 5000;
+arr[1] = 4000;
+
+const buf = Buffer.from(arr.buffer); // shares the memory with arr;
+
+console.log(buf);
+  // Prints: <Buffer 88 13 a0 0f>
+
+// changing the TypedArray changes the Buffer also
+arr[1] = 6000;
+
+console.log(buf);
+  // Prints: <Buffer 88 13 70 17>
+```
+
+The optional `byteOffset` and `length` arguments specify a memory range within
+the `arrayBuffer` that will be shared by the `Buffer`.
+
+```js
+const ab = new ArrayBuffer(10);
+const buf = Buffer.from(ab, 0, 2);
+console.log(buf.length);
+  // Prints: 2
+```
+
+A `TypeError` will be thrown if `arrayBuffer` is not an `ArrayBuffer`.
+
+### Class Method: Buffer.from(buffer)
+<!-- YAML
+added: v3.0.0
+-->
+
+* `buffer` {Buffer}
+
+Copies the passed `buffer` data onto a new `Buffer` instance.
+
+```js
+const buf1 = Buffer.from('buffer');
+const buf2 = Buffer.from(buf1);
+
+buf1[0] = 0x61;
+console.log(buf1.toString());
+  // 'auffer'
+console.log(buf2.toString());
+  // 'buffer' (copy is not changed)
+```
+
+A `TypeError` will be thrown if `buffer` is not a `Buffer`.
+
+### Class Method: Buffer.from(str[, encoding])
+<!-- YAML
+added: v5.10.0
+-->
+
+* `str` {String} String to encode.
+* `encoding` {String} Encoding to use, Default: `'utf8'`
+
+Creates a new `Buffer` containing the given JavaScript string `str`. If
+provided, the `encoding` parameter identifies the character encoding.
+If not provided, `encoding` defaults to `'utf8'`.
+
+```js
+const buf1 = Buffer.from('this is a tést');
+console.log(buf1.toString());
+  // prints: this is a tést
+console.log(buf1.toString('ascii'));
+  // prints: this is a tC)st
+
+const buf2 = Buffer.from('7468697320697320612074c3a97374', 'hex');
+console.log(buf2.toString());
+  // prints: this is a tést
+```
+
+A `TypeError` will be thrown if `str` is not a string.
+
+### Class Method: Buffer.alloc(size[, fill[, encoding]])
+<!-- YAML
+added: v5.10.0
+-->
+
+* `size` {Number}
+* `fill` {Value} Default: `undefined`
+* `encoding` {String} Default: `utf8`
+
+Allocates a new `Buffer` of `size` bytes. If `fill` is `undefined`, the
+`Buffer` will be *zero-filled*.
+
+```js
+const buf = Buffer.alloc(5);
+console.log(buf);
+  // <Buffer 00 00 00 00 00>
+```
+
+The `size` must be less than or equal to the value of
+`require('buffer').kMaxLength` (on 64-bit architectures, `kMaxLength` is
+`(2^31)-1`). Otherwise, a [`RangeError`][] is thrown. A zero-length Buffer will
+be created if a `size` less than or equal to 0 is specified.
+
+If `fill` is specified, the allocated `Buffer` will be initialized by calling
+`buf.fill(fill)`. See [`buf.fill()`][] for more information.
+
+```js
+const buf = Buffer.alloc(5, 'a');
+console.log(buf);
+  // <Buffer 61 61 61 61 61>
+```
+
+If both `fill` and `encoding` are specified, the allocated `Buffer` will be
+initialized by calling `buf.fill(fill, encoding)`. For example:
+
+```js
+const buf = Buffer.alloc(11, 'aGVsbG8gd29ybGQ=', 'base64');
+console.log(buf);
+  // <Buffer 68 65 6c 6c 6f 20 77 6f 72 6c 64>
+```
+
+Calling `Buffer.alloc(size)` can be significantly slower than the alternative
+`Buffer.allocUnsafe(size)` but ensures that the newly created `Buffer` instance
+contents will *never contain sensitive data*.
+
+A `TypeError` will be thrown if `size` is not a number.
+
+### Class Method: Buffer.allocUnsafe(size)
+<!-- YAML
+added: v5.10.0
+-->
+
+* `size` {Number}
+
+Allocates a new *non-zero-filled* `Buffer` of `size` bytes.  The `size` must
+be less than or equal to the value of `require('buffer').kMaxLength` (on 64-bit
+architectures, `kMaxLength` is `(2^31)-1`). Otherwise, a [`RangeError`][] is
+thrown. A zero-length Buffer will be created if a `size` less than or equal to
+0 is specified.
+
+The underlying memory for `Buffer` instances created in this way is *not
+initialized*. The contents of the newly created `Buffer` are unknown and
+*may contain sensitive data*. Use [`buf.fill(0)`][] to initialize such
+`Buffer` instances to zeroes.
+
+```js
+const buf = Buffer.allocUnsafe(5);
+console.log(buf);
+  // <Buffer 78 e0 82 02 01>
+  // (octets will be different, every time)
+buf.fill(0);
+console.log(buf);
+  // <Buffer 00 00 00 00 00>
+```
+
+A `TypeError` will be thrown if `size` is not a number.
+
+Note that the `Buffer` module pre-allocates an internal `Buffer` instance of
+size `Buffer.poolSize` that is used as a pool for the fast allocation of new
+`Buffer` instances created using `Buffer.allocUnsafe(size)` (and the deprecated
+`new Buffer(size)` constructor) only when `size` is less than or equal to
+`Buffer.poolSize >> 1` (floor of `Buffer.poolSize` divided by two). The default
+value of `Buffer.poolSize` is `8192` but can be modified.
+
+Use of this pre-allocated internal memory pool is a key difference between
+calling `Buffer.alloc(size, fill)` vs. `Buffer.allocUnsafe(size).fill(fill)`.
+Specifically, `Buffer.alloc(size, fill)` will *never* use the internal Buffer
+pool, while `Buffer.allocUnsafe(size).fill(fill)` *will* use the internal
+Buffer pool if `size` is less than or equal to half `Buffer.poolSize`. The
+difference is subtle but can be important when an application requires the
+additional performance that `Buffer.allocUnsafe(size)` provides.
+
+### Class Method: Buffer.allocUnsafeSlow(size)
+<!-- YAML
+added: v5.10.0
+-->
+
+* `size` {Number}
+
+Allocates a new *non-zero-filled* and non-pooled `Buffer` of `size` bytes.  The
+`size` must be less than or equal to the value of
+`require('buffer').kMaxLength` (on 64-bit architectures, `kMaxLength` is
+`(2^31)-1`). Otherwise, a [`RangeError`][] is thrown. A zero-length Buffer will
+be created if a `size` less than or equal to 0 is specified.
+
+The underlying memory for `Buffer` instances created in this way is *not
+initialized*. The contents of the newly created `Buffer` are unknown and
+*may contain sensitive data*. Use [`buf.fill(0)`][] to initialize such
+`Buffer` instances to zeroes.
+
+When using `Buffer.allocUnsafe()` to allocate new `Buffer` instances,
+allocations under 4KB are, by default, sliced from a single pre-allocated
+`Buffer`. This allows applications to avoid the garbage collection overhead of
+creating many individually allocated Buffers. This approach improves both
+performance and memory usage by eliminating the need to track and cleanup as
+many `Persistent` objects.
+
+However, in the case where a developer may need to retain a small chunk of
+memory from a pool for an indeterminate amount of time, it may be appropriate
+to create an un-pooled Buffer instance using `Buffer.allocUnsafeSlow()` then
+copy out the relevant bits.
+
+```js
+// need to keep around a few small chunks of memory
+const store = [];
+
+socket.on('readable', () => {
+  const data = socket.read();
+  // allocate for retained data
+  const sb = Buffer.allocUnsafeSlow(10);
+  // copy the data into the new allocation
+  data.copy(sb, 0, 0, 10);
+  store.push(sb);
+});
+```
+
+Use of `Buffer.allocUnsafeSlow()` should be used only as a last resort *after*
+a developer has observed undue memory retention in their applications.
+
+A `TypeError` will be thrown if `size` is not a number.
+
+### All the Rest
+
+The rest of the `Buffer` API is exactly the same as in node.js.
+[See the docs](https://nodejs.org/api/buffer.html).
+
+
+## Related links
+
+- [Node.js issue: Buffer(number) is unsafe](https://github.com/nodejs/node/issues/4660)
+- [Node.js Enhancement Proposal: Buffer.from/Buffer.alloc/Buffer.zalloc/Buffer() soft-deprecate](https://github.com/nodejs/node-eps/pull/4)
+
+## Why is `Buffer` unsafe?
+
+Today, the node.js `Buffer` constructor is overloaded to handle many different argument
+types like `String`, `Array`, `Object`, `TypedArrayView` (`Uint8Array`, etc.),
+`ArrayBuffer`, and also `Number`.
+
+The API is optimized for convenience: you can throw any type at it, and it will try to do
+what you want.
+
+Because the Buffer constructor is so powerful, you often see code like this:
+
+```js
+// Convert UTF-8 strings to hex
+function toHex (str) {
+  return new Buffer(str).toString('hex')
+}
+```
+
+***But what happens if `toHex` is called with a `Number` argument?***
+
+### Remote Memory Disclosure
+
+If an attacker can make your program call the `Buffer` constructor with a `Number`
+argument, then they can make it allocate uninitialized memory from the node.js process.
+This could potentially disclose TLS private keys, user data, or database passwords.
+
+When the `Buffer` constructor is passed a `Number` argument, it returns an
+**UNINITIALIZED** block of memory of the specified `size`. When you create a `Buffer` like
+this, you **MUST** overwrite the contents before returning it to the user.
+
+From the [node.js docs](https://nodejs.org/api/buffer.html#buffer_new_buffer_size):
+
+> `new Buffer(size)`
+>
+> - `size` Number
+>
+> The underlying memory for `Buffer` instances created in this way is not initialized.
+> **The contents of a newly created `Buffer` are unknown and could contain sensitive
+> data.** Use `buf.fill(0)` to initialize a Buffer to zeroes.
+
+(Emphasis our own.)
+
+Whenever the programmer intended to create an uninitialized `Buffer` you often see code
+like this:
+
+```js
+var buf = new Buffer(16)
+
+// Immediately overwrite the uninitialized buffer with data from another buffer
+for (var i = 0; i < buf.length; i++) {
+  buf[i] = otherBuf[i]
+}
+```
+
+
+### Would this ever be a problem in real code?
+
+Yes. It's surprisingly common to forget to check the type of your variables in a
+dynamically-typed language like JavaScript.
+
+Usually the consequences of assuming the wrong type is that your program crashes with an
+uncaught exception. But the failure mode for forgetting to check the type of arguments to
+the `Buffer` constructor is more catastrophic.
+
+Here's an example of a vulnerable service that takes a JSON payload and converts it to
+hex:
+
+```js
+// Take a JSON payload {str: "some string"} and convert it to hex
+var server = http.createServer(function (req, res) {
+  var data = ''
+  req.setEncoding('utf8')
+  req.on('data', function (chunk) {
+    data += chunk
+  })
+  req.on('end', function () {
+    var body = JSON.parse(data)
+    res.end(new Buffer(body.str).toString('hex'))
+  })
+})
+
+server.listen(8080)
+```
+
+In this example, an http client just has to send:
+
+```json
+{
+  "str": 1000
+}
+```
+
+and it will get back 1,000 bytes of uninitialized memory from the server.
+
+This is a very serious bug. It's similar in severity to the
+[the Heartbleed bug](http://heartbleed.com/) that allowed disclosure of OpenSSL process
+memory by remote attackers.
+
+
+### Which real-world packages were vulnerable?
+
+#### [`bittorrent-dht`](https://www.npmjs.com/package/bittorrent-dht)
+
+[Mathias Buus](https://github.com/mafintosh) and I
+([Feross Aboukhadijeh](http://feross.org/)) found this issue in one of our own packages,
+[`bittorrent-dht`](https://www.npmjs.com/package/bittorrent-dht). The bug would allow
+anyone on the internet to send a series of messages to a user of `bittorrent-dht` and get
+them to reveal 20 bytes at a time of uninitialized memory from the node.js process.
+
+Here's
+[the commit](https://github.com/feross/bittorrent-dht/commit/6c7da04025d5633699800a99ec3fbadf70ad35b8)
+that fixed it. We released a new fixed version, created a
+[Node Security Project disclosure](https://nodesecurity.io/advisories/68), and deprecated all
+vulnerable versions on npm so users will get a warning to upgrade to a newer version.
+
+#### [`ws`](https://www.npmjs.com/package/ws)
+
+That got us wondering if there were other vulnerable packages. Sure enough, within a short
+period of time, we found the same issue in [`ws`](https://www.npmjs.com/package/ws), the
+most popular WebSocket implementation in node.js.
+
+If certain APIs were called with `Number` parameters instead of `String` or `Buffer` as
+expected, then uninitialized server memory would be disclosed to the remote peer.
+
+These were the vulnerable methods:
+
+```js
+socket.send(number)
+socket.ping(number)
+socket.pong(number)
+```
+
+Here's a vulnerable socket server with some echo functionality:
+
+```js
+server.on('connection', function (socket) {
+  socket.on('message', function (message) {
+    message = JSON.parse(message)
+    if (message.type === 'echo') {
+      socket.send(message.data) // send back the user's message
+    }
+  })
+})
+```
+
+`socket.send(number)` called on the server, will disclose server memory.
+
+Here's [the release](https://github.com/websockets/ws/releases/tag/1.0.1) where the issue
+was fixed, with a more detailed explanation. Props to
+[Arnout Kazemier](https://github.com/3rd-Eden) for the quick fix. Here's the
+[Node Security Project disclosure](https://nodesecurity.io/advisories/67).
+
+
+### What's the solution?
+
+It's important that node.js offers a fast way to get memory otherwise performance-critical
+applications would needlessly get a lot slower.
+
+But we need a better way to *signal our intent* as programmers. **When we want
+uninitialized memory, we should request it explicitly.**
+
+Sensitive functionality should not be packed into a developer-friendly API that loosely
+accepts many different types. This type of API encourages the lazy practice of passing
+variables in without checking the type very carefully.
+
+#### A new API: `Buffer.allocUnsafe(number)`
+
+The functionality of creating buffers with uninitialized memory should be part of another
+API. We propose `Buffer.allocUnsafe(number)`. This way, it's not part of an API that
+frequently gets user input of all sorts of different types passed into it.
+
+```js
+var buf = Buffer.allocUnsafe(16) // careful, uninitialized memory!
+
+// Immediately overwrite the uninitialized buffer with data from another buffer
+for (var i = 0; i < buf.length; i++) {
+  buf[i] = otherBuf[i]
+}
+```
+
+
+### How do we fix node.js core?
+
+We sent [a PR to node.js core](https://github.com/nodejs/node/pull/4514) (merged as
+`semver-major`) which defends against one case:
+
+```js
+var str = 16
+new Buffer(str, 'utf8')
+```
+
+In this situation, it's implied that the programmer intended the first argument to be a
+string, since they passed an encoding as a second argument. Today, node.js will allocate
+uninitialized memory in the case of `new Buffer(number, encoding)`, which is probably not
+what the programmer intended.
+
+But this is only a partial solution, since if the programmer does `new Buffer(variable)`
+(without an `encoding` parameter) there's no way to know what they intended. If `variable`
+is sometimes a number, then uninitialized memory will sometimes be returned.
+
+### What's the real long-term fix?
+
+We could deprecate and remove `new Buffer(number)` and use `Buffer.allocUnsafe(number)` when
+we need uninitialized memory. But that would break 1000s of packages.
+
+~~We believe the best solution is to:~~
+
+~~1. Change `new Buffer(number)` to return safe, zeroed-out memory~~
+
+~~2. Create a new API for creating uninitialized Buffers. We propose: `Buffer.allocUnsafe(number)`~~
+
+#### Update
+
+We now support adding three new APIs:
+
+- `Buffer.from(value)` - convert from any type to a buffer
+- `Buffer.alloc(size)` - create a zero-filled buffer
+- `Buffer.allocUnsafe(size)` - create an uninitialized buffer with given size
+
+This solves the core problem that affected `ws` and `bittorrent-dht` which is
+`Buffer(variable)` getting tricked into taking a number argument.
+
+This way, existing code continues working and the impact on the npm ecosystem will be
+minimal. Over time, npm maintainers can migrate performance-critical code to use
+`Buffer.allocUnsafe(number)` instead of `new Buffer(number)`.
+
+
+### Conclusion
+
+We think there's a serious design issue with the `Buffer` API as it exists today. It
+promotes insecure software by putting high-risk functionality into a convenient API
+with friendly "developer ergonomics".
+
+This wasn't merely a theoretical exercise because we found the issue in some of the
+most popular npm packages.
+
+Fortunately, there's an easy fix that can be applied today. Use `safe-buffer` in place of
+`buffer`.
+
+```js
+var Buffer = require('safe-buffer').Buffer
+```
+
+Eventually, we hope that node.js core can switch to this new, safer behavior. We believe
+the impact on the ecosystem would be minimal since it's not a breaking change.
+Well-maintained, popular packages would be updated to use `Buffer.alloc` quickly, while
+older, insecure packages would magically become safe from this attack vector.
+
+
+## links
+
+- [Node.js PR: buffer: throw if both length and enc are passed](https://github.com/nodejs/node/pull/4514)
+- [Node Security Project disclosure for `ws`](https://nodesecurity.io/advisories/67)
+- [Node Security Project disclosure for`bittorrent-dht`](https://nodesecurity.io/advisories/68)
+
+
+## credit
+
+The original issues in `bittorrent-dht`
+([disclosure](https://nodesecurity.io/advisories/68)) and
+`ws` ([disclosure](https://nodesecurity.io/advisories/67)) were discovered by
+[Mathias Buus](https://github.com/mafintosh) and
+[Feross Aboukhadijeh](http://feross.org/).
+
+Thanks to [Adam Baldwin](https://github.com/evilpacket) for helping disclose these issues
+and for his work running the [Node Security Project](https://nodesecurity.io/).
+
+Thanks to [John Hiesey](https://github.com/jhiesey) for proofreading this README and
+auditing the code.
+
+
+## license
+
+MIT. Copyright (C) [Feross Aboukhadijeh](http://feross.org)
diff --git a/src/Servers/ExpressServer/node_modules/safe-buffer/index.d.ts b/src/Servers/ExpressServer/node_modules/safe-buffer/index.d.ts
new file mode 100644
index 0000000..e9fed80
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/safe-buffer/index.d.ts
@@ -0,0 +1,187 @@
+declare module "safe-buffer" {
+  export class Buffer {
+    length: number
+    write(string: string, offset?: number, length?: number, encoding?: string): number;
+    toString(encoding?: string, start?: number, end?: number): string;
+    toJSON(): { type: 'Buffer', data: any[] };
+    equals(otherBuffer: Buffer): boolean;
+    compare(otherBuffer: Buffer, targetStart?: number, targetEnd?: number, sourceStart?: number, sourceEnd?: number): number;
+    copy(targetBuffer: Buffer, targetStart?: number, sourceStart?: number, sourceEnd?: number): number;
+    slice(start?: number, end?: number): Buffer;
+    writeUIntLE(value: number, offset: number, byteLength: number, noAssert?: boolean): number;
+    writeUIntBE(value: number, offset: number, byteLength: number, noAssert?: boolean): number;
+    writeIntLE(value: number, offset: number, byteLength: number, noAssert?: boolean): number;
+    writeIntBE(value: number, offset: number, byteLength: number, noAssert?: boolean): number;
+    readUIntLE(offset: number, byteLength: number, noAssert?: boolean): number;
+    readUIntBE(offset: number, byteLength: number, noAssert?: boolean): number;
+    readIntLE(offset: number, byteLength: number, noAssert?: boolean): number;
+    readIntBE(offset: number, byteLength: number, noAssert?: boolean): number;
+    readUInt8(offset: number, noAssert?: boolean): number;
+    readUInt16LE(offset: number, noAssert?: boolean): number;
+    readUInt16BE(offset: number, noAssert?: boolean): number;
+    readUInt32LE(offset: number, noAssert?: boolean): number;
+    readUInt32BE(offset: number, noAssert?: boolean): number;
+    readInt8(offset: number, noAssert?: boolean): number;
+    readInt16LE(offset: number, noAssert?: boolean): number;
+    readInt16BE(offset: number, noAssert?: boolean): number;
+    readInt32LE(offset: number, noAssert?: boolean): number;
+    readInt32BE(offset: number, noAssert?: boolean): number;
+    readFloatLE(offset: number, noAssert?: boolean): number;
+    readFloatBE(offset: number, noAssert?: boolean): number;
+    readDoubleLE(offset: number, noAssert?: boolean): number;
+    readDoubleBE(offset: number, noAssert?: boolean): number;
+    swap16(): Buffer;
+    swap32(): Buffer;
+    swap64(): Buffer;
+    writeUInt8(value: number, offset: number, noAssert?: boolean): number;
+    writeUInt16LE(value: number, offset: number, noAssert?: boolean): number;
+    writeUInt16BE(value: number, offset: number, noAssert?: boolean): number;
+    writeUInt32LE(value: number, offset: number, noAssert?: boolean): number;
+    writeUInt32BE(value: number, offset: number, noAssert?: boolean): number;
+    writeInt8(value: number, offset: number, noAssert?: boolean): number;
+    writeInt16LE(value: number, offset: number, noAssert?: boolean): number;
+    writeInt16BE(value: number, offset: number, noAssert?: boolean): number;
+    writeInt32LE(value: number, offset: number, noAssert?: boolean): number;
+    writeInt32BE(value: number, offset: number, noAssert?: boolean): number;
+    writeFloatLE(value: number, offset: number, noAssert?: boolean): number;
+    writeFloatBE(value: number, offset: number, noAssert?: boolean): number;
+    writeDoubleLE(value: number, offset: number, noAssert?: boolean): number;
+    writeDoubleBE(value: number, offset: number, noAssert?: boolean): number;
+    fill(value: any, offset?: number, end?: number): this;
+    indexOf(value: string | number | Buffer, byteOffset?: number, encoding?: string): number;
+    lastIndexOf(value: string | number | Buffer, byteOffset?: number, encoding?: string): number;
+    includes(value: string | number | Buffer, byteOffset?: number, encoding?: string): boolean;
+
+    /**
+     * Allocates a new buffer containing the given {str}.
+     *
+     * @param str String to store in buffer.
+     * @param encoding encoding to use, optional.  Default is 'utf8'
+     */
+     constructor (str: string, encoding?: string);
+    /**
+     * Allocates a new buffer of {size} octets.
+     *
+     * @param size count of octets to allocate.
+     */
+    constructor (size: number);
+    /**
+     * Allocates a new buffer containing the given {array} of octets.
+     *
+     * @param array The octets to store.
+     */
+    constructor (array: Uint8Array);
+    /**
+     * Produces a Buffer backed by the same allocated memory as
+     * the given {ArrayBuffer}.
+     *
+     *
+     * @param arrayBuffer The ArrayBuffer with which to share memory.
+     */
+    constructor (arrayBuffer: ArrayBuffer);
+    /**
+     * Allocates a new buffer containing the given {array} of octets.
+     *
+     * @param array The octets to store.
+     */
+    constructor (array: any[]);
+    /**
+     * Copies the passed {buffer} data onto a new {Buffer} instance.
+     *
+     * @param buffer The buffer to copy.
+     */
+    constructor (buffer: Buffer);
+    prototype: Buffer;
+    /**
+     * Allocates a new Buffer using an {array} of octets.
+     *
+     * @param array
+     */
+    static from(array: any[]): Buffer;
+    /**
+     * When passed a reference to the .buffer property of a TypedArray instance,
+     * the newly created Buffer will share the same allocated memory as the TypedArray.
+     * The optional {byteOffset} and {length} arguments specify a memory range
+     * within the {arrayBuffer} that will be shared by the Buffer.
+     *
+     * @param arrayBuffer The .buffer property of a TypedArray or a new ArrayBuffer()
+     * @param byteOffset
+     * @param length
+     */
+    static from(arrayBuffer: ArrayBuffer, byteOffset?: number, length?: number): Buffer;
+    /**
+     * Copies the passed {buffer} data onto a new Buffer instance.
+     *
+     * @param buffer
+     */
+    static from(buffer: Buffer): Buffer;
+    /**
+     * Creates a new Buffer containing the given JavaScript string {str}.
+     * If provided, the {encoding} parameter identifies the character encoding.
+     * If not provided, {encoding} defaults to 'utf8'.
+     *
+     * @param str
+     */
+    static from(str: string, encoding?: string): Buffer;
+    /**
+     * Returns true if {obj} is a Buffer
+     *
+     * @param obj object to test.
+     */
+    static isBuffer(obj: any): obj is Buffer;
+    /**
+     * Returns true if {encoding} is a valid encoding argument.
+     * Valid string encodings in Node 0.12: 'ascii'|'utf8'|'utf16le'|'ucs2'(alias of 'utf16le')|'base64'|'binary'(deprecated)|'hex'
+     *
+     * @param encoding string to test.
+     */
+    static isEncoding(encoding: string): boolean;
+    /**
+     * Gives the actual byte length of a string. encoding defaults to 'utf8'.
+     * This is not the same as String.prototype.length since that returns the number of characters in a string.
+     *
+     * @param string string to test.
+     * @param encoding encoding used to evaluate (defaults to 'utf8')
+     */
+    static byteLength(string: string, encoding?: string): number;
+    /**
+     * Returns a buffer which is the result of concatenating all the buffers in the list together.
+     *
+     * If the list has no items, or if the totalLength is 0, then it returns a zero-length buffer.
+     * If the list has exactly one item, then the first item of the list is returned.
+     * If the list has more than one item, then a new Buffer is created.
+     *
+     * @param list An array of Buffer objects to concatenate
+     * @param totalLength Total length of the buffers when concatenated.
+     *   If totalLength is not provided, it is read from the buffers in the list. However, this adds an additional loop to the function, so it is faster to provide the length explicitly.
+     */
+    static concat(list: Buffer[], totalLength?: number): Buffer;
+    /**
+     * The same as buf1.compare(buf2).
+     */
+    static compare(buf1: Buffer, buf2: Buffer): number;
+    /**
+     * Allocates a new buffer of {size} octets.
+     *
+     * @param size count of octets to allocate.
+     * @param fill if specified, buffer will be initialized by calling buf.fill(fill).
+     *    If parameter is omitted, buffer will be filled with zeros.
+     * @param encoding encoding used for call to buf.fill while initalizing
+     */
+    static alloc(size: number, fill?: string | Buffer | number, encoding?: string): Buffer;
+    /**
+     * Allocates a new buffer of {size} octets, leaving memory not initialized, so the contents
+     * of the newly created Buffer are unknown and may contain sensitive data.
+     *
+     * @param size count of octets to allocate
+     */
+    static allocUnsafe(size: number): Buffer;
+    /**
+     * Allocates a new non-pooled buffer of {size} octets, leaving memory not initialized, so the contents
+     * of the newly created Buffer are unknown and may contain sensitive data.
+     *
+     * @param size count of octets to allocate
+     */
+    static allocUnsafeSlow(size: number): Buffer;
+  }
+}
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/safe-buffer/index.js b/src/Servers/ExpressServer/node_modules/safe-buffer/index.js
new file mode 100644
index 0000000..f8d3ec9
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/safe-buffer/index.js
@@ -0,0 +1,65 @@
+/*! safe-buffer. MIT License. Feross Aboukhadijeh <https://feross.org/opensource> */
+/* eslint-disable node/no-deprecated-api */
+var buffer = require('buffer')
+var Buffer = buffer.Buffer
+
+// alternative to using Object.keys for old browsers
+function copyProps (src, dst) {
+  for (var key in src) {
+    dst[key] = src[key]
+  }
+}
+if (Buffer.from && Buffer.alloc && Buffer.allocUnsafe && Buffer.allocUnsafeSlow) {
+  module.exports = buffer
+} else {
+  // Copy properties from require('buffer')
+  copyProps(buffer, exports)
+  exports.Buffer = SafeBuffer
+}
+
+function SafeBuffer (arg, encodingOrOffset, length) {
+  return Buffer(arg, encodingOrOffset, length)
+}
+
+SafeBuffer.prototype = Object.create(Buffer.prototype)
+
+// Copy static methods from Buffer
+copyProps(Buffer, SafeBuffer)
+
+SafeBuffer.from = function (arg, encodingOrOffset, length) {
+  if (typeof arg === 'number') {
+    throw new TypeError('Argument must not be a number')
+  }
+  return Buffer(arg, encodingOrOffset, length)
+}
+
+SafeBuffer.alloc = function (size, fill, encoding) {
+  if (typeof size !== 'number') {
+    throw new TypeError('Argument must be a number')
+  }
+  var buf = Buffer(size)
+  if (fill !== undefined) {
+    if (typeof encoding === 'string') {
+      buf.fill(fill, encoding)
+    } else {
+      buf.fill(fill)
+    }
+  } else {
+    buf.fill(0)
+  }
+  return buf
+}
+
+SafeBuffer.allocUnsafe = function (size) {
+  if (typeof size !== 'number') {
+    throw new TypeError('Argument must be a number')
+  }
+  return Buffer(size)
+}
+
+SafeBuffer.allocUnsafeSlow = function (size) {
+  if (typeof size !== 'number') {
+    throw new TypeError('Argument must be a number')
+  }
+  return buffer.SlowBuffer(size)
+}
diff --git a/src/Servers/ExpressServer/node_modules/safe-buffer/package.json b/src/Servers/ExpressServer/node_modules/safe-buffer/package.json
new file mode 100644
index 0000000..f2869e2
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/safe-buffer/package.json
@@ -0,0 +1,51 @@
+{
+  "name": "safe-buffer",
+  "description": "Safer Node.js Buffer API",
+  "version": "5.2.1",
+  "author": {
+    "name": "Feross Aboukhadijeh",
+    "email": "feross@feross.org",
+    "url": "https://feross.org"
+  },
+  "bugs": {
+    "url": "https://github.com/feross/safe-buffer/issues"
+  },
+  "devDependencies": {
+    "standard": "*",
+    "tape": "^5.0.0"
+  },
+  "homepage": "https://github.com/feross/safe-buffer",
+  "keywords": [
+    "buffer",
+    "buffer allocate",
+    "node security",
+    "safe",
+    "safe-buffer",
+    "security",
+    "uninitialized"
+  ],
+  "license": "MIT",
+  "main": "index.js",
+  "types": "index.d.ts",
+  "repository": {
+    "type": "git",
+    "url": "git://github.com/feross/safe-buffer.git"
+  },
+  "scripts": {
+    "test": "standard && tape test/*.js"
+  },
+  "funding": [
+    {
+      "type": "github",
+      "url": "https://github.com/sponsors/feross"
+    },
+    {
+      "type": "patreon",
+      "url": "https://www.patreon.com/feross"
+    },
+    {
+      "type": "consulting",
+      "url": "https://feross.org/support"
+    }
+  ]
+}
diff --git a/src/Servers/ExpressServer/node_modules/safer-buffer/LICENSE b/src/Servers/ExpressServer/node_modules/safer-buffer/LICENSE
new file mode 100644
index 0000000..4fe9e6f
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/safer-buffer/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2018 Nikita Skovoroda <chalkerx@gmail.com>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/safer-buffer/Porting-Buffer.md b/src/Servers/ExpressServer/node_modules/safer-buffer/Porting-Buffer.md
new file mode 100644
index 0000000..68d86ba
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/safer-buffer/Porting-Buffer.md
@@ -0,0 +1,268 @@
+# Porting to the Buffer.from/Buffer.alloc API
+
+<a id="overview"></a>
+## Overview
+
+- [Variant 1: Drop support for Node.js ≤ 4.4.x and 5.0.0 — 5.9.x.](#variant-1) (*recommended*)
+- [Variant 2: Use a polyfill](#variant-2)
+- [Variant 3: manual detection, with safeguards](#variant-3)
+
+### Finding problematic bits of code using grep
+
+Just run `grep -nrE '[^a-zA-Z](Slow)?Buffer\s*\(' --exclude-dir node_modules`.
+
+It will find all the potentially unsafe places in your own code (with some considerably unlikely
+exceptions).
+
+### Finding problematic bits of code using Node.js 8
+
+If you’re using Node.js ≥ 8.0.0 (which is recommended), Node.js exposes multiple options that help with finding the relevant pieces of code:
+
+- `--trace-warnings` will make Node.js show a stack trace for this warning and other warnings that are printed by Node.js.
+- `--trace-deprecation` does the same thing, but only for deprecation warnings.
+- `--pending-deprecation` will show more types of deprecation warnings. In particular, it will show the `Buffer()` deprecation warning, even on Node.js 8.
+
+You can set these flags using an environment variable:
+
+```console
+$ export NODE_OPTIONS='--trace-warnings --pending-deprecation'
+$ cat example.js
+'use strict';
+const foo = new Buffer('foo');
+$ node example.js
+(node:7147) [DEP0005] DeprecationWarning: The Buffer() and new Buffer() constructors are not recommended for use due to security and usability concerns. Please use the new Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() construction methods instead.
+    at showFlaggedDeprecation (buffer.js:127:13)
+    at new Buffer (buffer.js:148:3)
+    at Object.<anonymous> (/path/to/example.js:2:13)
+    [... more stack trace lines ...]
+```
+
+### Finding problematic bits of code using linters
+
+Eslint rules [no-buffer-constructor](https://eslint.org/docs/rules/no-buffer-constructor)
+or
+[node/no-deprecated-api](https://github.com/mysticatea/eslint-plugin-node/blob/master/docs/rules/no-deprecated-api.md)
+also find calls to deprecated `Buffer()` API. Those rules are included in some pre-sets.
+
+There is a drawback, though, that it doesn't always
+[work correctly](https://github.com/chalker/safer-buffer#why-not-safe-buffer) when `Buffer` is
+overriden e.g. with a polyfill, so recommended is a combination of this and some other method
+described above.
+
+<a id="variant-1"></a>
+## Variant 1: Drop support for Node.js ≤ 4.4.x and 5.0.0 — 5.9.x.
+
+This is the recommended solution nowadays that would imply only minimal overhead.
+
+The Node.js 5.x release line has been unsupported since July 2016, and the Node.js 4.x release line reaches its End of Life in April 2018 (→ [Schedule](https://github.com/nodejs/Release#release-schedule)). This means that these versions of Node.js will *not* receive any updates, even in case of security issues, so using these release lines should be avoided, if at all possible.
+
+What you would do in this case is to convert all `new Buffer()` or `Buffer()` calls to use `Buffer.alloc()` or `Buffer.from()`, in the following way:
+
+- For `new Buffer(number)`, replace it with `Buffer.alloc(number)`.
+- For `new Buffer(string)` (or `new Buffer(string, encoding)`), replace it with `Buffer.from(string)` (or `Buffer.from(string, encoding)`).
+- For all other combinations of arguments (these are much rarer), also replace `new Buffer(...arguments)` with `Buffer.from(...arguments)`.
+
+Note that `Buffer.alloc()` is also _faster_ on the current Node.js versions than
+`new Buffer(size).fill(0)`, which is what you would otherwise need to ensure zero-filling.
+
+Enabling eslint rule [no-buffer-constructor](https://eslint.org/docs/rules/no-buffer-constructor)
+or
+[node/no-deprecated-api](https://github.com/mysticatea/eslint-plugin-node/blob/master/docs/rules/no-deprecated-api.md)
+is recommended to avoid accidential unsafe Buffer API usage.
+
+There is also a [JSCodeshift codemod](https://github.com/joyeecheung/node-dep-codemod#dep005)
+for automatically migrating Buffer constructors to `Buffer.alloc()` or `Buffer.from()`.
+Note that it currently only works with cases where the arguments are literals or where the
+constructor is invoked with two arguments.
+
+_If you currently support those older Node.js versions and dropping them would be a semver-major change
+for you, or if you support older branches of your packages, consider using [Variant 2](#variant-2)
+or [Variant 3](#variant-3) on older branches, so people using those older branches will also receive
+the fix. That way, you will eradicate potential issues caused by unguarded Buffer API usage and
+your users will not observe a runtime deprecation warning when running your code on Node.js 10._
+
+<a id="variant-2"></a>
+## Variant 2: Use a polyfill
+
+Utilize [safer-buffer](https://www.npmjs.com/package/safer-buffer) as a polyfill to support older
+Node.js versions.
+
+You would take exacly the same steps as in [Variant 1](#variant-1), but with a polyfill
+`const Buffer = require('safer-buffer').Buffer` in all files where you use the new `Buffer` api.
+
+Make sure that you do not use old `new Buffer` API — in any files where the line above is added,
+using old `new Buffer()` API will _throw_. It will be easy to notice that in CI, though.
+
+Alternatively, you could use [buffer-from](https://www.npmjs.com/package/buffer-from) and/or
+[buffer-alloc](https://www.npmjs.com/package/buffer-alloc) [ponyfills](https://ponyfill.com/) —
+those are great, the only downsides being 4 deps in the tree and slightly more code changes to
+migrate off them (as you would be using e.g. `Buffer.from` under a different name). If you need only
+`Buffer.from` polyfilled — `buffer-from` alone which comes with no extra dependencies.
+
+_Alternatively, you could use [safe-buffer](https://www.npmjs.com/package/safe-buffer) — it also
+provides a polyfill, but takes a different approach which has
+[it's drawbacks](https://github.com/chalker/safer-buffer#why-not-safe-buffer). It will allow you
+to also use the older `new Buffer()` API in your code, though — but that's arguably a benefit, as
+it is problematic, can cause issues in your code, and will start emitting runtime deprecation
+warnings starting with Node.js 10._
+
+Note that in either case, it is important that you also remove all calls to the old Buffer
+API manually — just throwing in `safe-buffer` doesn't fix the problem by itself, it just provides
+a polyfill for the new API. I have seen people doing that mistake.
+
+Enabling eslint rule [no-buffer-constructor](https://eslint.org/docs/rules/no-buffer-constructor)
+or
+[node/no-deprecated-api](https://github.com/mysticatea/eslint-plugin-node/blob/master/docs/rules/no-deprecated-api.md)
+is recommended.
+
+_Don't forget to drop the polyfill usage once you drop support for Node.js < 4.5.0._
+
+<a id="variant-3"></a>
+## Variant 3 — manual detection, with safeguards
+
+This is useful if you create Buffer instances in only a few places (e.g. one), or you have your own
+wrapper around them.
+
+### Buffer(0)
+
+This special case for creating empty buffers can be safely replaced with `Buffer.concat([])`, which
+returns the same result all the way down to Node.js 0.8.x.
+
+### Buffer(notNumber)
+
+Before:
+
+```js
+var buf = new Buffer(notNumber, encoding);
+```
+
+After:
+
+```js
+var buf;
+if (Buffer.from && Buffer.from !== Uint8Array.from) {
+  buf = Buffer.from(notNumber, encoding);
+} else {
+  if (typeof notNumber === 'number')
+    throw new Error('The "size" argument must be of type number.');
+  buf = new Buffer(notNumber, encoding);
+}
+```
+
+`encoding` is optional.
+
+Note that the `typeof notNumber` before `new Buffer` is required (for cases when `notNumber` argument is not
+hard-coded) and _is not caused by the deprecation of Buffer constructor_ — it's exactly _why_ the
+Buffer constructor is deprecated. Ecosystem packages lacking this type-check caused numereous
+security issues — situations when unsanitized user input could end up in the `Buffer(arg)` create
+problems ranging from DoS to leaking sensitive information to the attacker from the process memory.
+
+When `notNumber` argument is hardcoded (e.g. literal `"abc"` or `[0,1,2]`), the `typeof` check can
+be omitted.
+
+Also note that using TypeScript does not fix this problem for you — when libs written in
+`TypeScript` are used from JS, or when user input ends up there — it behaves exactly as pure JS, as
+all type checks are translation-time only and are not present in the actual JS code which TS
+compiles to.
+
+### Buffer(number)
+
+For Node.js 0.10.x (and below) support:
+
+```js
+var buf;
+if (Buffer.alloc) {
+  buf = Buffer.alloc(number);
+} else {
+  buf = new Buffer(number);
+  buf.fill(0);
+}
+```
+
+Otherwise (Node.js ≥ 0.12.x):
+
+```js
+const buf = Buffer.alloc ? Buffer.alloc(number) : new Buffer(number).fill(0);
+```
+
+## Regarding Buffer.allocUnsafe
+
+Be extra cautious when using `Buffer.allocUnsafe`:
+ * Don't use it if you don't have a good reason to
+   * e.g. you probably won't ever see a performance difference for small buffers, in fact, those
+     might be even faster with `Buffer.alloc()`,
+   * if your code is not in the hot code path — you also probably won't notice a difference,
+   * keep in mind that zero-filling minimizes the potential risks.
+ * If you use it, make sure that you never return the buffer in a partially-filled state,
+   * if you are writing to it sequentially — always truncate it to the actuall written length
+
+Errors in handling buffers allocated with `Buffer.allocUnsafe` could result in various issues,
+ranged from undefined behaviour of your code to sensitive data (user input, passwords, certs)
+leaking to the remote attacker.
+
+_Note that the same applies to `new Buffer` usage without zero-filling, depending on the Node.js
+version (and lacking type checks also adds DoS to the list of potential problems)._
+
+<a id="faq"></a>
+## FAQ
+
+<a id="design-flaws"></a>
+### What is wrong with the `Buffer` constructor?
+
+The `Buffer` constructor could be used to create a buffer in many different ways:
+
+- `new Buffer(42)` creates a `Buffer` of 42 bytes. Before Node.js 8, this buffer contained
+  *arbitrary memory* for performance reasons, which could include anything ranging from
+  program source code to passwords and encryption keys.
+- `new Buffer('abc')` creates a `Buffer` that contains the UTF-8-encoded version of
+  the string `'abc'`. A second argument could specify another encoding: For example,
+  `new Buffer(string, 'base64')` could be used to convert a Base64 string into the original
+  sequence of bytes that it represents.
+- There are several other combinations of arguments.
+
+This meant that, in code like `var buffer = new Buffer(foo);`, *it is not possible to tell
+what exactly the contents of the generated buffer are* without knowing the type of `foo`.
+
+Sometimes, the value of `foo` comes from an external source. For example, this function
+could be exposed as a service on a web server, converting a UTF-8 string into its Base64 form:
+
+```
+function stringToBase64(req, res) {
+  // The request body should have the format of `{ string: 'foobar' }`
+  const rawBytes = new Buffer(req.body.string)
+  const encoded = rawBytes.toString('base64')
+  res.end({ encoded: encoded })
+}
+```
+
+Note that this code does *not* validate the type of `req.body.string`:
+
+- `req.body.string` is expected to be a string. If this is the case, all goes well.
+- `req.body.string` is controlled by the client that sends the request.
+- If `req.body.string` is the *number* `50`, the `rawBytes` would be 50 bytes:
+  - Before Node.js 8, the content would be uninitialized
+  - After Node.js 8, the content would be `50` bytes with the value `0`
+
+Because of the missing type check, an attacker could intentionally send a number
+as part of the request. Using this, they can either:
+
+- Read uninitialized memory. This **will** leak passwords, encryption keys and other
+  kinds of sensitive information. (Information leak)
+- Force the program to allocate a large amount of memory. For example, when specifying
+  `500000000` as the input value, each request will allocate 500MB of memory.
+  This can be used to either exhaust the memory available of a program completely
+  and make it crash, or slow it down significantly. (Denial of Service)
+
+Both of these scenarios are considered serious security issues in a real-world
+web server context.
+
+when using `Buffer.from(req.body.string)` instead, passing a number will always
+throw an exception instead, giving a controlled behaviour that can always be
+handled by the program.
+
+<a id="ecosystem-usage"></a>
+### The `Buffer()` constructor has been deprecated for a while. Is this really an issue?
+
+Surveys of code in the `npm` ecosystem have shown that the `Buffer()` constructor is still
+widely used. This includes new code, and overall usage of such code has actually been
+*increasing*.
diff --git a/src/Servers/ExpressServer/node_modules/safer-buffer/Readme.md b/src/Servers/ExpressServer/node_modules/safer-buffer/Readme.md
new file mode 100644
index 0000000..14b0822
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/safer-buffer/Readme.md
@@ -0,0 +1,156 @@
+# safer-buffer [![travis][travis-image]][travis-url] [![npm][npm-image]][npm-url] [![javascript style guide][standard-image]][standard-url] [![Security Responsible Disclosure][secuirty-image]][secuirty-url]
+
+[travis-image]: https://travis-ci.org/ChALkeR/safer-buffer.svg?branch=master
+[travis-url]: https://travis-ci.org/ChALkeR/safer-buffer
+[npm-image]: https://img.shields.io/npm/v/safer-buffer.svg
+[npm-url]: https://npmjs.org/package/safer-buffer
+[standard-image]: https://img.shields.io/badge/code_style-standard-brightgreen.svg
+[standard-url]: https://standardjs.com
+[secuirty-image]: https://img.shields.io/badge/Security-Responsible%20Disclosure-green.svg
+[secuirty-url]: https://github.com/nodejs/security-wg/blob/master/processes/responsible_disclosure_template.md
+
+Modern Buffer API polyfill without footguns, working on Node.js from 0.8 to current.
+
+## How to use?
+
+First, port all `Buffer()` and `new Buffer()` calls to `Buffer.alloc()` and `Buffer.from()` API.
+
+Then, to achieve compatibility with outdated Node.js versions (`<4.5.0` and 5.x `<5.9.0`), use
+`const Buffer = require('safer-buffer').Buffer` in all files where you make calls to the new
+Buffer API. _Use `var` instead of `const` if you need that for your Node.js version range support._
+
+Also, see the
+[porting Buffer](https://github.com/ChALkeR/safer-buffer/blob/master/Porting-Buffer.md) guide.
+
+## Do I need it?
+
+Hopefully, not — dropping support for outdated Node.js versions should be fine nowdays, and that
+is the recommended path forward. You _do_ need to port to the `Buffer.alloc()` and `Buffer.from()`
+though.
+
+See the [porting guide](https://github.com/ChALkeR/safer-buffer/blob/master/Porting-Buffer.md)
+for a better description.
+
+## Why not [safe-buffer](https://npmjs.com/safe-buffer)?
+
+_In short: while `safe-buffer` serves as a polyfill for the new API, it allows old API usage and
+itself contains footguns._
+
+`safe-buffer` could be used safely to get the new API while still keeping support for older
+Node.js versions (like this module), but while analyzing ecosystem usage of the old Buffer API
+I found out that `safe-buffer` is itself causing problems in some cases.
+
+For example, consider the following snippet:
+
+```console
+$ cat example.unsafe.js
+console.log(Buffer(20))
+$ ./node-v6.13.0-linux-x64/bin/node example.unsafe.js
+<Buffer 0a 00 00 00 00 00 00 00 28 13 de 02 00 00 00 00 05 00 00 00>
+$ standard example.unsafe.js
+standard: Use JavaScript Standard Style (https://standardjs.com)
+  /home/chalker/repo/safer-buffer/example.unsafe.js:2:13: 'Buffer()' was deprecated since v6. Use 'Buffer.alloc()' or 'Buffer.from()' (use 'https://www.npmjs.com/package/safe-buffer' for '<4.5.0') instead.
+```
+
+This is allocates and writes to console an uninitialized chunk of memory.
+[standard](https://www.npmjs.com/package/standard) linter (among others) catch that and warn people
+to avoid using unsafe API.
+
+Let's now throw in `safe-buffer`!
+
+```console
+$ cat example.safe-buffer.js
+const Buffer = require('safe-buffer').Buffer
+console.log(Buffer(20))
+$ standard example.safe-buffer.js
+$ ./node-v6.13.0-linux-x64/bin/node example.safe-buffer.js
+<Buffer 08 00 00 00 00 00 00 00 28 58 01 82 fe 7f 00 00 00 00 00 00>
+```
+
+See the problem? Adding in `safe-buffer` _magically removes the lint warning_, but the behavior
+remains identiсal to what we had before, and when launched on Node.js 6.x LTS — this dumps out
+chunks of uninitialized memory.
+_And this code will still emit runtime warnings on Node.js 10.x and above._
+
+That was done by design. I first considered changing `safe-buffer`, prohibiting old API usage or
+emitting warnings on it, but that significantly diverges from `safe-buffer` design. After some
+discussion, it was decided to move my approach into a separate package, and _this is that separate
+package_.
+
+This footgun is not imaginary — I observed top-downloaded packages doing that kind of thing,
+«fixing» the lint warning by blindly including `safe-buffer` without any actual changes.
+
+Also in some cases, even if the API _was_ migrated to use of safe Buffer API — a random pull request
+can bring unsafe Buffer API usage back to the codebase by adding new calls — and that could go
+unnoticed even if you have a linter prohibiting that (becase of the reason stated above), and even
+pass CI. _I also observed that being done in popular packages._
+
+Some examples:
+ * [webdriverio](https://github.com/webdriverio/webdriverio/commit/05cbd3167c12e4930f09ef7cf93b127ba4effae4#diff-124380949022817b90b622871837d56cR31)
+   (a module with 548 759 downloads/month),
+ * [websocket-stream](https://github.com/maxogden/websocket-stream/commit/c9312bd24d08271687d76da0fe3c83493871cf61)
+   (218 288 d/m, fix in [maxogden/websocket-stream#142](https://github.com/maxogden/websocket-stream/pull/142)),
+ * [node-serialport](https://github.com/node-serialport/node-serialport/commit/e8d9d2b16c664224920ce1c895199b1ce2def48c)
+   (113 138 d/m, fix in [node-serialport/node-serialport#1510](https://github.com/node-serialport/node-serialport/pull/1510)),
+ * [karma](https://github.com/karma-runner/karma/commit/3d94b8cf18c695104ca195334dc75ff054c74eec)
+   (3 973 193 d/m, fix in [karma-runner/karma#2947](https://github.com/karma-runner/karma/pull/2947)),
+ * [spdy-transport](https://github.com/spdy-http2/spdy-transport/commit/5375ac33f4a62a4f65bcfc2827447d42a5dbe8b1)
+   (5 970 727 d/m, fix in [spdy-http2/spdy-transport#53](https://github.com/spdy-http2/spdy-transport/pull/53)).
+ * And there are a lot more over the ecosystem.
+
+I filed a PR at
+[mysticatea/eslint-plugin-node#110](https://github.com/mysticatea/eslint-plugin-node/pull/110) to
+partially fix that (for cases when that lint rule is used), but it is a semver-major change for
+linter rules and presets, so it would take significant time for that to reach actual setups.
+_It also hasn't been released yet (2018-03-20)._
+
+Also, `safer-buffer` discourages the usage of `.allocUnsafe()`, which is often done by a mistake.
+It still supports it with an explicit concern barier, by placing it under
+`require('safer-buffer/dangereous')`.
+
+## But isn't throwing bad?
+
+Not really. It's an error that could be noticed and fixed early, instead of causing havoc later like
+unguarded `new Buffer()` calls that end up receiving user input can do.
+
+This package affects only the files where `var Buffer = require('safer-buffer').Buffer` was done, so
+it is really simple to keep track of things and make sure that you don't mix old API usage with that.
+Also, CI should hint anything that you might have missed.
+
+New commits, if tested, won't land new usage of unsafe Buffer API this way.
+_Node.js 10.x also deals with that by printing a runtime depecation warning._
+
+### Would it affect third-party modules?
+
+No, unless you explicitly do an awful thing like monkey-patching or overriding the built-in `Buffer`.
+Don't do that.
+
+### But I don't want throwing…
+
+That is also fine!
+
+Also, it could be better in some cases when you don't comprehensive enough test coverage.
+
+In that case — just don't override `Buffer` and use
+`var SaferBuffer = require('safer-buffer').Buffer` instead.
+
+That way, everything using `Buffer` natively would still work, but there would be two drawbacks:
+
+* `Buffer.from`/`Buffer.alloc` won't be polyfilled — use `SaferBuffer.from` and
+  `SaferBuffer.alloc` instead.
+* You are still open to accidentally using the insecure deprecated API — use a linter to catch that.
+
+Note that using a linter to catch accidential `Buffer` constructor usage in this case is strongly
+recommended. `Buffer` is not overriden in this usecase, so linters won't get confused.
+
+## «Without footguns»?
+
+Well, it is still possible to do _some_ things with `Buffer` API, e.g. accessing `.buffer` property
+on older versions and duping things from there. You shouldn't do that in your code, probabably.
+
+The intention is to remove the most significant footguns that affect lots of packages in the
+ecosystem, and to do it in the proper way.
+
+Also, this package doesn't protect against security issues affecting some Node.js versions, so for
+usage in your own production code, it is still recommended to update to a Node.js version
+[supported by upstream](https://github.com/nodejs/release#release-schedule).
diff --git a/src/Servers/ExpressServer/node_modules/safer-buffer/dangerous.js b/src/Servers/ExpressServer/node_modules/safer-buffer/dangerous.js
new file mode 100644
index 0000000..ca41fdc
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/safer-buffer/dangerous.js
@@ -0,0 +1,58 @@
+/* eslint-disable node/no-deprecated-api */
+
+'use strict'
+
+var buffer = require('buffer')
+var Buffer = buffer.Buffer
+var safer = require('./safer.js')
+var Safer = safer.Buffer
+
+var dangerous = {}
+
+var key
+
+for (key in safer) {
+  if (!safer.hasOwnProperty(key)) continue
+  dangerous[key] = safer[key]
+}
+
+var Dangereous = dangerous.Buffer = {}
+
+// Copy Safer API
+for (key in Safer) {
+  if (!Safer.hasOwnProperty(key)) continue
+  Dangereous[key] = Safer[key]
+}
+
+// Copy those missing unsafe methods, if they are present
+for (key in Buffer) {
+  if (!Buffer.hasOwnProperty(key)) continue
+  if (Dangereous.hasOwnProperty(key)) continue
+  Dangereous[key] = Buffer[key]
+}
+
+if (!Dangereous.allocUnsafe) {
+  Dangereous.allocUnsafe = function (size) {
+    if (typeof size !== 'number') {
+      throw new TypeError('The "size" argument must be of type number. Received type ' + typeof size)
+    }
+    if (size < 0 || size >= 2 * (1 << 30)) {
+      throw new RangeError('The value "' + size + '" is invalid for option "size"')
+    }
+    return Buffer(size)
+  }
+}
+
+if (!Dangereous.allocUnsafeSlow) {
+  Dangereous.allocUnsafeSlow = function (size) {
+    if (typeof size !== 'number') {
+      throw new TypeError('The "size" argument must be of type number. Received type ' + typeof size)
+    }
+    if (size < 0 || size >= 2 * (1 << 30)) {
+      throw new RangeError('The value "' + size + '" is invalid for option "size"')
+    }
+    return buffer.SlowBuffer(size)
+  }
+}
+
+module.exports = dangerous
diff --git a/src/Servers/ExpressServer/node_modules/safer-buffer/package.json b/src/Servers/ExpressServer/node_modules/safer-buffer/package.json
new file mode 100644
index 0000000..d452b04
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/safer-buffer/package.json
@@ -0,0 +1,34 @@
+{
+  "name": "safer-buffer",
+  "version": "2.1.2",
+  "description": "Modern Buffer API polyfill without footguns",
+  "main": "safer.js",
+  "scripts": {
+    "browserify-test": "browserify --external tape tests.js > browserify-tests.js && tape browserify-tests.js",
+    "test": "standard && tape tests.js"
+  },
+  "author": {
+    "name": "Nikita Skovoroda",
+    "email": "chalkerx@gmail.com",
+    "url": "https://github.com/ChALkeR"
+  },
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/ChALkeR/safer-buffer.git"
+  },
+  "bugs": {
+    "url": "https://github.com/ChALkeR/safer-buffer/issues"
+  },
+  "devDependencies": {
+    "standard": "^11.0.1",
+    "tape": "^4.9.0"
+  },
+  "files": [
+    "Porting-Buffer.md",
+    "Readme.md",
+    "tests.js",
+    "dangerous.js",
+    "safer.js"
+  ]
+}
diff --git a/src/Servers/ExpressServer/node_modules/safer-buffer/safer.js b/src/Servers/ExpressServer/node_modules/safer-buffer/safer.js
new file mode 100644
index 0000000..37c7e1a
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/safer-buffer/safer.js
@@ -0,0 +1,77 @@
+/* eslint-disable node/no-deprecated-api */
+
+'use strict'
+
+var buffer = require('buffer')
+var Buffer = buffer.Buffer
+
+var safer = {}
+
+var key
+
+for (key in buffer) {
+  if (!buffer.hasOwnProperty(key)) continue
+  if (key === 'SlowBuffer' || key === 'Buffer') continue
+  safer[key] = buffer[key]
+}
+
+var Safer = safer.Buffer = {}
+for (key in Buffer) {
+  if (!Buffer.hasOwnProperty(key)) continue
+  if (key === 'allocUnsafe' || key === 'allocUnsafeSlow') continue
+  Safer[key] = Buffer[key]
+}
+
+safer.Buffer.prototype = Buffer.prototype
+
+if (!Safer.from || Safer.from === Uint8Array.from) {
+  Safer.from = function (value, encodingOrOffset, length) {
+    if (typeof value === 'number') {
+      throw new TypeError('The "value" argument must not be of type number. Received type ' + typeof value)
+    }
+    if (value && typeof value.length === 'undefined') {
+      throw new TypeError('The first argument must be one of type string, Buffer, ArrayBuffer, Array, or Array-like Object. Received type ' + typeof value)
+    }
+    return Buffer(value, encodingOrOffset, length)
+  }
+}
+
+if (!Safer.alloc) {
+  Safer.alloc = function (size, fill, encoding) {
+    if (typeof size !== 'number') {
+      throw new TypeError('The "size" argument must be of type number. Received type ' + typeof size)
+    }
+    if (size < 0 || size >= 2 * (1 << 30)) {
+      throw new RangeError('The value "' + size + '" is invalid for option "size"')
+    }
+    var buf = Buffer(size)
+    if (!fill || fill.length === 0) {
+      buf.fill(0)
+    } else if (typeof encoding === 'string') {
+      buf.fill(fill, encoding)
+    } else {
+      buf.fill(fill)
+    }
+    return buf
+  }
+}
+
+if (!safer.kStringMaxLength) {
+  try {
+    safer.kStringMaxLength = process.binding('buffer').kStringMaxLength
+  } catch (e) {
+    // we can't determine kStringMaxLength in environments where process.binding
+    // is unsupported, so let's not set it
+  }
+}
+
+if (!safer.constants) {
+  safer.constants = {
+    MAX_LENGTH: safer.kMaxLength
+  }
+  if (safer.kStringMaxLength) {
+    safer.constants.MAX_STRING_LENGTH = safer.kStringMaxLength
+  }
+}
+
+module.exports = safer
diff --git a/src/Servers/ExpressServer/node_modules/safer-buffer/tests.js b/src/Servers/ExpressServer/node_modules/safer-buffer/tests.js
new file mode 100644
index 0000000..7ed2777
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/safer-buffer/tests.js
@@ -0,0 +1,406 @@
+/* eslint-disable node/no-deprecated-api */
+
+'use strict'
+
+var test = require('tape')
+
+var buffer = require('buffer')
+
+var index = require('./')
+var safer = require('./safer')
+var dangerous = require('./dangerous')
+
+/* Inheritance tests */
+
+test('Default is Safer', function (t) {
+  t.equal(index, safer)
+  t.notEqual(safer, dangerous)
+  t.notEqual(index, dangerous)
+  t.end()
+})
+
+test('Is not a function', function (t) {
+  [index, safer, dangerous].forEach(function (impl) {
+    t.equal(typeof impl, 'object')
+    t.equal(typeof impl.Buffer, 'object')
+  });
+  [buffer].forEach(function (impl) {
+    t.equal(typeof impl, 'object')
+    t.equal(typeof impl.Buffer, 'function')
+  })
+  t.end()
+})
+
+test('Constructor throws', function (t) {
+  [index, safer, dangerous].forEach(function (impl) {
+    t.throws(function () { impl.Buffer() })
+    t.throws(function () { impl.Buffer(0) })
+    t.throws(function () { impl.Buffer('a') })
+    t.throws(function () { impl.Buffer('a', 'utf-8') })
+    t.throws(function () { return new impl.Buffer() })
+    t.throws(function () { return new impl.Buffer(0) })
+    t.throws(function () { return new impl.Buffer('a') })
+    t.throws(function () { return new impl.Buffer('a', 'utf-8') })
+  })
+  t.end()
+})
+
+test('Safe methods exist', function (t) {
+  [index, safer, dangerous].forEach(function (impl) {
+    t.equal(typeof impl.Buffer.alloc, 'function', 'alloc')
+    t.equal(typeof impl.Buffer.from, 'function', 'from')
+  })
+  t.end()
+})
+
+test('Unsafe methods exist only in Dangerous', function (t) {
+  [index, safer].forEach(function (impl) {
+    t.equal(typeof impl.Buffer.allocUnsafe, 'undefined')
+    t.equal(typeof impl.Buffer.allocUnsafeSlow, 'undefined')
+  });
+  [dangerous].forEach(function (impl) {
+    t.equal(typeof impl.Buffer.allocUnsafe, 'function')
+    t.equal(typeof impl.Buffer.allocUnsafeSlow, 'function')
+  })
+  t.end()
+})
+
+test('Generic methods/properties are defined and equal', function (t) {
+  ['poolSize', 'isBuffer', 'concat', 'byteLength'].forEach(function (method) {
+    [index, safer, dangerous].forEach(function (impl) {
+      t.equal(impl.Buffer[method], buffer.Buffer[method], method)
+      t.notEqual(typeof impl.Buffer[method], 'undefined', method)
+    })
+  })
+  t.end()
+})
+
+test('Built-in buffer static methods/properties are inherited', function (t) {
+  Object.keys(buffer).forEach(function (method) {
+    if (method === 'SlowBuffer' || method === 'Buffer') return;
+    [index, safer, dangerous].forEach(function (impl) {
+      t.equal(impl[method], buffer[method], method)
+      t.notEqual(typeof impl[method], 'undefined', method)
+    })
+  })
+  t.end()
+})
+
+test('Built-in Buffer static methods/properties are inherited', function (t) {
+  Object.keys(buffer.Buffer).forEach(function (method) {
+    if (method === 'allocUnsafe' || method === 'allocUnsafeSlow') return;
+    [index, safer, dangerous].forEach(function (impl) {
+      t.equal(impl.Buffer[method], buffer.Buffer[method], method)
+      t.notEqual(typeof impl.Buffer[method], 'undefined', method)
+    })
+  })
+  t.end()
+})
+
+test('.prototype property of Buffer is inherited', function (t) {
+  [index, safer, dangerous].forEach(function (impl) {
+    t.equal(impl.Buffer.prototype, buffer.Buffer.prototype, 'prototype')
+    t.notEqual(typeof impl.Buffer.prototype, 'undefined', 'prototype')
+  })
+  t.end()
+})
+
+test('All Safer methods are present in Dangerous', function (t) {
+  Object.keys(safer).forEach(function (method) {
+    if (method === 'Buffer') return;
+    [index, safer, dangerous].forEach(function (impl) {
+      t.equal(impl[method], safer[method], method)
+      if (method !== 'kStringMaxLength') {
+        t.notEqual(typeof impl[method], 'undefined', method)
+      }
+    })
+  })
+  Object.keys(safer.Buffer).forEach(function (method) {
+    [index, safer, dangerous].forEach(function (impl) {
+      t.equal(impl.Buffer[method], safer.Buffer[method], method)
+      t.notEqual(typeof impl.Buffer[method], 'undefined', method)
+    })
+  })
+  t.end()
+})
+
+test('Safe methods from Dangerous methods are present in Safer', function (t) {
+  Object.keys(dangerous).forEach(function (method) {
+    if (method === 'Buffer') return;
+    [index, safer, dangerous].forEach(function (impl) {
+      t.equal(impl[method], dangerous[method], method)
+      if (method !== 'kStringMaxLength') {
+        t.notEqual(typeof impl[method], 'undefined', method)
+      }
+    })
+  })
+  Object.keys(dangerous.Buffer).forEach(function (method) {
+    if (method === 'allocUnsafe' || method === 'allocUnsafeSlow') return;
+    [index, safer, dangerous].forEach(function (impl) {
+      t.equal(impl.Buffer[method], dangerous.Buffer[method], method)
+      t.notEqual(typeof impl.Buffer[method], 'undefined', method)
+    })
+  })
+  t.end()
+})
+
+/* Behaviour tests */
+
+test('Methods return Buffers', function (t) {
+  [index, safer, dangerous].forEach(function (impl) {
+    t.ok(buffer.Buffer.isBuffer(impl.Buffer.alloc(0)))
+    t.ok(buffer.Buffer.isBuffer(impl.Buffer.alloc(0, 10)))
+    t.ok(buffer.Buffer.isBuffer(impl.Buffer.alloc(0, 'a')))
+    t.ok(buffer.Buffer.isBuffer(impl.Buffer.alloc(10)))
+    t.ok(buffer.Buffer.isBuffer(impl.Buffer.alloc(10, 'x')))
+    t.ok(buffer.Buffer.isBuffer(impl.Buffer.alloc(9, 'ab')))
+    t.ok(buffer.Buffer.isBuffer(impl.Buffer.from('')))
+    t.ok(buffer.Buffer.isBuffer(impl.Buffer.from('string')))
+    t.ok(buffer.Buffer.isBuffer(impl.Buffer.from('string', 'utf-8')))
+    t.ok(buffer.Buffer.isBuffer(impl.Buffer.from('b25ldHdvdGhyZWU=', 'base64')))
+    t.ok(buffer.Buffer.isBuffer(impl.Buffer.from([0, 42, 3])))
+    t.ok(buffer.Buffer.isBuffer(impl.Buffer.from(new Uint8Array([0, 42, 3]))))
+    t.ok(buffer.Buffer.isBuffer(impl.Buffer.from([])))
+  });
+  ['allocUnsafe', 'allocUnsafeSlow'].forEach(function (method) {
+    t.ok(buffer.Buffer.isBuffer(dangerous.Buffer[method](0)))
+    t.ok(buffer.Buffer.isBuffer(dangerous.Buffer[method](10)))
+  })
+  t.end()
+})
+
+test('Constructor is buffer.Buffer', function (t) {
+  [index, safer, dangerous].forEach(function (impl) {
+    t.equal(impl.Buffer.alloc(0).constructor, buffer.Buffer)
+    t.equal(impl.Buffer.alloc(0, 10).constructor, buffer.Buffer)
+    t.equal(impl.Buffer.alloc(0, 'a').constructor, buffer.Buffer)
+    t.equal(impl.Buffer.alloc(10).constructor, buffer.Buffer)
+    t.equal(impl.Buffer.alloc(10, 'x').constructor, buffer.Buffer)
+    t.equal(impl.Buffer.alloc(9, 'ab').constructor, buffer.Buffer)
+    t.equal(impl.Buffer.from('').constructor, buffer.Buffer)
+    t.equal(impl.Buffer.from('string').constructor, buffer.Buffer)
+    t.equal(impl.Buffer.from('string', 'utf-8').constructor, buffer.Buffer)
+    t.equal(impl.Buffer.from('b25ldHdvdGhyZWU=', 'base64').constructor, buffer.Buffer)
+    t.equal(impl.Buffer.from([0, 42, 3]).constructor, buffer.Buffer)
+    t.equal(impl.Buffer.from(new Uint8Array([0, 42, 3])).constructor, buffer.Buffer)
+    t.equal(impl.Buffer.from([]).constructor, buffer.Buffer)
+  });
+  [0, 10, 100].forEach(function (arg) {
+    t.equal(dangerous.Buffer.allocUnsafe(arg).constructor, buffer.Buffer)
+    t.equal(dangerous.Buffer.allocUnsafeSlow(arg).constructor, buffer.SlowBuffer(0).constructor)
+  })
+  t.end()
+})
+
+test('Invalid calls throw', function (t) {
+  [index, safer, dangerous].forEach(function (impl) {
+    t.throws(function () { impl.Buffer.from(0) })
+    t.throws(function () { impl.Buffer.from(10) })
+    t.throws(function () { impl.Buffer.from(10, 'utf-8') })
+    t.throws(function () { impl.Buffer.from('string', 'invalid encoding') })
+    t.throws(function () { impl.Buffer.from(-10) })
+    t.throws(function () { impl.Buffer.from(1e90) })
+    t.throws(function () { impl.Buffer.from(Infinity) })
+    t.throws(function () { impl.Buffer.from(-Infinity) })
+    t.throws(function () { impl.Buffer.from(NaN) })
+    t.throws(function () { impl.Buffer.from(null) })
+    t.throws(function () { impl.Buffer.from(undefined) })
+    t.throws(function () { impl.Buffer.from() })
+    t.throws(function () { impl.Buffer.from({}) })
+    t.throws(function () { impl.Buffer.alloc('') })
+    t.throws(function () { impl.Buffer.alloc('string') })
+    t.throws(function () { impl.Buffer.alloc('string', 'utf-8') })
+    t.throws(function () { impl.Buffer.alloc('b25ldHdvdGhyZWU=', 'base64') })
+    t.throws(function () { impl.Buffer.alloc(-10) })
+    t.throws(function () { impl.Buffer.alloc(1e90) })
+    t.throws(function () { impl.Buffer.alloc(2 * (1 << 30)) })
+    t.throws(function () { impl.Buffer.alloc(Infinity) })
+    t.throws(function () { impl.Buffer.alloc(-Infinity) })
+    t.throws(function () { impl.Buffer.alloc(null) })
+    t.throws(function () { impl.Buffer.alloc(undefined) })
+    t.throws(function () { impl.Buffer.alloc() })
+    t.throws(function () { impl.Buffer.alloc([]) })
+    t.throws(function () { impl.Buffer.alloc([0, 42, 3]) })
+    t.throws(function () { impl.Buffer.alloc({}) })
+  });
+  ['allocUnsafe', 'allocUnsafeSlow'].forEach(function (method) {
+    t.throws(function () { dangerous.Buffer[method]('') })
+    t.throws(function () { dangerous.Buffer[method]('string') })
+    t.throws(function () { dangerous.Buffer[method]('string', 'utf-8') })
+    t.throws(function () { dangerous.Buffer[method](2 * (1 << 30)) })
+    t.throws(function () { dangerous.Buffer[method](Infinity) })
+    if (dangerous.Buffer[method] === buffer.Buffer.allocUnsafe) {
+      t.skip('Skipping, older impl of allocUnsafe coerced negative sizes to 0')
+    } else {
+      t.throws(function () { dangerous.Buffer[method](-10) })
+      t.throws(function () { dangerous.Buffer[method](-1e90) })
+      t.throws(function () { dangerous.Buffer[method](-Infinity) })
+    }
+    t.throws(function () { dangerous.Buffer[method](null) })
+    t.throws(function () { dangerous.Buffer[method](undefined) })
+    t.throws(function () { dangerous.Buffer[method]() })
+    t.throws(function () { dangerous.Buffer[method]([]) })
+    t.throws(function () { dangerous.Buffer[method]([0, 42, 3]) })
+    t.throws(function () { dangerous.Buffer[method]({}) })
+  })
+  t.end()
+})
+
+test('Buffers have appropriate lengths', function (t) {
+  [index, safer, dangerous].forEach(function (impl) {
+    t.equal(impl.Buffer.alloc(0).length, 0)
+    t.equal(impl.Buffer.alloc(10).length, 10)
+    t.equal(impl.Buffer.from('').length, 0)
+    t.equal(impl.Buffer.from('string').length, 6)
+    t.equal(impl.Buffer.from('string', 'utf-8').length, 6)
+    t.equal(impl.Buffer.from('b25ldHdvdGhyZWU=', 'base64').length, 11)
+    t.equal(impl.Buffer.from([0, 42, 3]).length, 3)
+    t.equal(impl.Buffer.from(new Uint8Array([0, 42, 3])).length, 3)
+    t.equal(impl.Buffer.from([]).length, 0)
+  });
+  ['allocUnsafe', 'allocUnsafeSlow'].forEach(function (method) {
+    t.equal(dangerous.Buffer[method](0).length, 0)
+    t.equal(dangerous.Buffer[method](10).length, 10)
+  })
+  t.end()
+})
+
+test('Buffers have appropriate lengths (2)', function (t) {
+  t.equal(index.Buffer.alloc, safer.Buffer.alloc)
+  t.equal(index.Buffer.alloc, dangerous.Buffer.alloc)
+  var ok = true;
+  [ safer.Buffer.alloc,
+    dangerous.Buffer.allocUnsafe,
+    dangerous.Buffer.allocUnsafeSlow
+  ].forEach(function (method) {
+    for (var i = 0; i < 1e2; i++) {
+      var length = Math.round(Math.random() * 1e5)
+      var buf = method(length)
+      if (!buffer.Buffer.isBuffer(buf)) ok = false
+      if (buf.length !== length) ok = false
+    }
+  })
+  t.ok(ok)
+  t.end()
+})
+
+test('.alloc(size) is zero-filled and has correct length', function (t) {
+  t.equal(index.Buffer.alloc, safer.Buffer.alloc)
+  t.equal(index.Buffer.alloc, dangerous.Buffer.alloc)
+  var ok = true
+  for (var i = 0; i < 1e2; i++) {
+    var length = Math.round(Math.random() * 2e6)
+    var buf = index.Buffer.alloc(length)
+    if (!buffer.Buffer.isBuffer(buf)) ok = false
+    if (buf.length !== length) ok = false
+    var j
+    for (j = 0; j < length; j++) {
+      if (buf[j] !== 0) ok = false
+    }
+    buf.fill(1)
+    for (j = 0; j < length; j++) {
+      if (buf[j] !== 1) ok = false
+    }
+  }
+  t.ok(ok)
+  t.end()
+})
+
+test('.allocUnsafe / .allocUnsafeSlow are fillable and have correct lengths', function (t) {
+  ['allocUnsafe', 'allocUnsafeSlow'].forEach(function (method) {
+    var ok = true
+    for (var i = 0; i < 1e2; i++) {
+      var length = Math.round(Math.random() * 2e6)
+      var buf = dangerous.Buffer[method](length)
+      if (!buffer.Buffer.isBuffer(buf)) ok = false
+      if (buf.length !== length) ok = false
+      buf.fill(0, 0, length)
+      var j
+      for (j = 0; j < length; j++) {
+        if (buf[j] !== 0) ok = false
+      }
+      buf.fill(1, 0, length)
+      for (j = 0; j < length; j++) {
+        if (buf[j] !== 1) ok = false
+      }
+    }
+    t.ok(ok, method)
+  })
+  t.end()
+})
+
+test('.alloc(size, fill) is `fill`-filled', function (t) {
+  t.equal(index.Buffer.alloc, safer.Buffer.alloc)
+  t.equal(index.Buffer.alloc, dangerous.Buffer.alloc)
+  var ok = true
+  for (var i = 0; i < 1e2; i++) {
+    var length = Math.round(Math.random() * 2e6)
+    var fill = Math.round(Math.random() * 255)
+    var buf = index.Buffer.alloc(length, fill)
+    if (!buffer.Buffer.isBuffer(buf)) ok = false
+    if (buf.length !== length) ok = false
+    for (var j = 0; j < length; j++) {
+      if (buf[j] !== fill) ok = false
+    }
+  }
+  t.ok(ok)
+  t.end()
+})
+
+test('.alloc(size, fill) is `fill`-filled', function (t) {
+  t.equal(index.Buffer.alloc, safer.Buffer.alloc)
+  t.equal(index.Buffer.alloc, dangerous.Buffer.alloc)
+  var ok = true
+  for (var i = 0; i < 1e2; i++) {
+    var length = Math.round(Math.random() * 2e6)
+    var fill = Math.round(Math.random() * 255)
+    var buf = index.Buffer.alloc(length, fill)
+    if (!buffer.Buffer.isBuffer(buf)) ok = false
+    if (buf.length !== length) ok = false
+    for (var j = 0; j < length; j++) {
+      if (buf[j] !== fill) ok = false
+    }
+  }
+  t.ok(ok)
+  t.deepEqual(index.Buffer.alloc(9, 'a'), index.Buffer.alloc(9, 97))
+  t.notDeepEqual(index.Buffer.alloc(9, 'a'), index.Buffer.alloc(9, 98))
+
+  var tmp = new buffer.Buffer(2)
+  tmp.fill('ok')
+  if (tmp[1] === tmp[0]) {
+    // Outdated Node.js
+    t.deepEqual(index.Buffer.alloc(5, 'ok'), index.Buffer.from('ooooo'))
+  } else {
+    t.deepEqual(index.Buffer.alloc(5, 'ok'), index.Buffer.from('okoko'))
+  }
+  t.notDeepEqual(index.Buffer.alloc(5, 'ok'), index.Buffer.from('kokok'))
+
+  t.end()
+})
+
+test('safer.Buffer.from returns results same as Buffer constructor', function (t) {
+  [index, safer, dangerous].forEach(function (impl) {
+    t.deepEqual(impl.Buffer.from(''), new buffer.Buffer(''))
+    t.deepEqual(impl.Buffer.from('string'), new buffer.Buffer('string'))
+    t.deepEqual(impl.Buffer.from('string', 'utf-8'), new buffer.Buffer('string', 'utf-8'))
+    t.deepEqual(impl.Buffer.from('b25ldHdvdGhyZWU=', 'base64'), new buffer.Buffer('b25ldHdvdGhyZWU=', 'base64'))
+    t.deepEqual(impl.Buffer.from([0, 42, 3]), new buffer.Buffer([0, 42, 3]))
+    t.deepEqual(impl.Buffer.from(new Uint8Array([0, 42, 3])), new buffer.Buffer(new Uint8Array([0, 42, 3])))
+    t.deepEqual(impl.Buffer.from([]), new buffer.Buffer([]))
+  })
+  t.end()
+})
+
+test('safer.Buffer.from returns consistent results', function (t) {
+  [index, safer, dangerous].forEach(function (impl) {
+    t.deepEqual(impl.Buffer.from(''), impl.Buffer.alloc(0))
+    t.deepEqual(impl.Buffer.from([]), impl.Buffer.alloc(0))
+    t.deepEqual(impl.Buffer.from(new Uint8Array([])), impl.Buffer.alloc(0))
+    t.deepEqual(impl.Buffer.from('string', 'utf-8'), impl.Buffer.from('string'))
+    t.deepEqual(impl.Buffer.from('string'), impl.Buffer.from([115, 116, 114, 105, 110, 103]))
+    t.deepEqual(impl.Buffer.from('string'), impl.Buffer.from(impl.Buffer.from('string')))
+    t.deepEqual(impl.Buffer.from('b25ldHdvdGhyZWU=', 'base64'), impl.Buffer.from('onetwothree'))
+    t.notDeepEqual(impl.Buffer.from('b25ldHdvdGhyZWU='), impl.Buffer.from('onetwothree'))
+  })
+  t.end()
+})
diff --git a/src/Servers/ExpressServer/node_modules/send/HISTORY.md b/src/Servers/ExpressServer/node_modules/send/HISTORY.md
new file mode 100644
index 0000000..13789ba
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/send/HISTORY.md
@@ -0,0 +1,538 @@
+0.19.2 / 2025-12-15
+===================
+
+* deps: use tilde notation for dependencies
+* deps: http-errors@~2.0.1
+* deps: statuses@~2.0.2
+
+0.19.1 / 2024-10-09
+===================
+
+* deps: encodeurl@~2.0.0
+
+0.19.0 / 2024-09-10
+===================
+
+* Remove link renderization in html while redirecting
+
+0.18.0 / 2022-03-23
+===================
+
+  * Fix emitted 416 error missing headers property
+  * Limit the headers removed for 304 response
+  * deps: depd@2.0.0
+    - Replace internal `eval` usage with `Function` constructor
+    - Use instance methods on `process` to check for listeners
+  * deps: destroy@1.2.0
+  * deps: http-errors@2.0.0
+    - deps: depd@2.0.0
+    - deps: statuses@2.0.1
+  * deps: on-finished@2.4.1
+  * deps: statuses@2.0.1
+
+0.17.2 / 2021-12-11
+===================
+
+  * pref: ignore empty http tokens
+  * deps: http-errors@1.8.1
+    - deps: inherits@2.0.4
+    - deps: toidentifier@1.0.1
+    - deps: setprototypeof@1.2.0
+  * deps: ms@2.1.3
+
+0.17.1 / 2019-05-10
+===================
+
+  * Set stricter CSP header in redirect & error responses
+  * deps: range-parser@~1.2.1
+
+0.17.0 / 2019-05-03
+===================
+
+  * deps: http-errors@~1.7.2
+    - Set constructor name when possible
+    - Use `toidentifier` module to make class names
+    - deps: depd@~1.1.2
+    - deps: setprototypeof@1.1.1
+    - deps: statuses@'>= 1.5.0 < 2'
+  * deps: mime@1.6.0
+    - Add extensions for JPEG-2000 images
+    - Add new `font/*` types from IANA
+    - Add WASM mapping
+    - Update `.bdoc` to `application/bdoc`
+    - Update `.bmp` to `image/bmp`
+    - Update `.m4a` to `audio/mp4`
+    - Update `.rtf` to `application/rtf`
+    - Update `.wav` to `audio/wav`
+    - Update `.xml` to `application/xml`
+    - Update generic extensions to `application/octet-stream`:
+      `.deb`, `.dll`, `.dmg`, `.exe`, `.iso`, `.msi`
+    - Use mime-score module to resolve extension conflicts
+  * deps: ms@2.1.1
+    - Add `week`/`w` support
+    - Fix negative number handling
+  * deps: statuses@~1.5.0
+  * perf: remove redundant `path.normalize` call
+
+0.16.2 / 2018-02-07
+===================
+
+  * Fix incorrect end tag in default error & redirects
+  * deps: depd@~1.1.2
+    - perf: remove argument reassignment
+  * deps: encodeurl@~1.0.2
+    - Fix encoding `%` as last character
+  * deps: statuses@~1.4.0
+
+0.16.1 / 2017-09-29
+===================
+
+  * Fix regression in edge-case behavior for empty `path`
+
+0.16.0 / 2017-09-27
+===================
+
+  * Add `immutable` option
+  * Fix missing `</html>` in default error & redirects
+  * Use instance methods on steam to check for listeners
+  * deps: mime@1.4.1
+    - Add 70 new types for file extensions
+    - Set charset as "UTF-8" for .js and .json
+  * perf: improve path validation speed
+
+0.15.6 / 2017-09-22
+===================
+
+  * deps: debug@2.6.9
+  * perf: improve `If-Match` token parsing
+
+0.15.5 / 2017-09-20
+===================
+
+  * deps: etag@~1.8.1
+    - perf: replace regular expression with substring
+  * deps: fresh@0.5.2
+    - Fix handling of modified headers with invalid dates
+    - perf: improve ETag match loop
+    - perf: improve `If-None-Match` token parsing
+
+0.15.4 / 2017-08-05
+===================
+
+  * deps: debug@2.6.8
+  * deps: depd@~1.1.1
+    - Remove unnecessary `Buffer` loading
+  * deps: http-errors@~1.6.2
+    - deps: depd@1.1.1
+
+0.15.3 / 2017-05-16
+===================
+
+  * deps: debug@2.6.7
+    - deps: ms@2.0.0
+  * deps: ms@2.0.0
+
+0.15.2 / 2017-04-26
+===================
+
+  * deps: debug@2.6.4
+    - Fix `DEBUG_MAX_ARRAY_LENGTH`
+    - deps: ms@0.7.3
+  * deps: ms@1.0.0
+
+0.15.1 / 2017-03-04
+===================
+
+  * Fix issue when `Date.parse` does not return `NaN` on invalid date
+  * Fix strict violation in broken environments
+
+0.15.0 / 2017-02-25
+===================
+
+  * Support `If-Match` and `If-Unmodified-Since` headers
+  * Add `res` and `path` arguments to `directory` event
+  * Remove usage of `res._headers` private field
+    - Improves compatibility with Node.js 8 nightly
+  * Send complete HTML document in redirect & error responses
+  * Set default CSP header in redirect & error responses
+  * Use `res.getHeaderNames()` when available
+  * Use `res.headersSent` when available
+  * deps: debug@2.6.1
+    - Allow colors in workers
+    - Deprecated `DEBUG_FD` environment variable set to `3` or higher
+    - Fix error when running under React Native
+    - Use same color for same namespace
+    - deps: ms@0.7.2
+  * deps: etag@~1.8.0
+  * deps: fresh@0.5.0
+    - Fix false detection of `no-cache` request directive
+    - Fix incorrect result when `If-None-Match` has both `*` and ETags
+    - Fix weak `ETag` matching to match spec
+    - perf: delay reading header values until needed
+    - perf: enable strict mode
+    - perf: hoist regular expressions
+    - perf: remove duplicate conditional
+    - perf: remove unnecessary boolean coercions
+    - perf: skip checking modified time if ETag check failed
+    - perf: skip parsing `If-None-Match` when no `ETag` header
+    - perf: use `Date.parse` instead of `new Date`
+  * deps: http-errors@~1.6.1
+    - Make `message` property enumerable for `HttpError`s
+    - deps: setprototypeof@1.0.3
+
+0.14.2 / 2017-01-23
+===================
+
+  * deps: http-errors@~1.5.1
+    - deps: inherits@2.0.3
+    - deps: setprototypeof@1.0.2
+    - deps: statuses@'>= 1.3.1 < 2'
+  * deps: ms@0.7.2
+  * deps: statuses@~1.3.1
+
+0.14.1 / 2016-06-09
+===================
+
+  * Fix redirect error when `path` contains raw non-URL characters
+  * Fix redirect when `path` starts with multiple forward slashes
+
+0.14.0 / 2016-06-06
+===================
+
+  * Add `acceptRanges` option
+  * Add `cacheControl` option
+  * Attempt to combine multiple ranges into single range
+  * Correctly inherit from `Stream` class
+  * Fix `Content-Range` header in 416 responses when using `start`/`end` options
+  * Fix `Content-Range` header missing from default 416 responses
+  * Ignore non-byte `Range` headers
+  * deps: http-errors@~1.5.0
+    - Add `HttpError` export, for `err instanceof createError.HttpError`
+    - Support new code `421 Misdirected Request`
+    - Use `setprototypeof` module to replace `__proto__` setting
+    - deps: inherits@2.0.1
+    - deps: statuses@'>= 1.3.0 < 2'
+    - perf: enable strict mode
+  * deps: range-parser@~1.2.0
+    - Fix incorrectly returning -1 when there is at least one valid range
+    - perf: remove internal function
+  * deps: statuses@~1.3.0
+    - Add `421 Misdirected Request`
+    - perf: enable strict mode
+  * perf: remove argument reassignment
+
+0.13.2 / 2016-03-05
+===================
+
+  * Fix invalid `Content-Type` header when `send.mime.default_type` unset
+
+0.13.1 / 2016-01-16
+===================
+
+  * deps: depd@~1.1.0
+    - Support web browser loading
+    - perf: enable strict mode
+  * deps: destroy@~1.0.4
+    - perf: enable strict mode
+  * deps: escape-html@~1.0.3
+    - perf: enable strict mode
+    - perf: optimize string replacement
+    - perf: use faster string coercion
+  * deps: range-parser@~1.0.3
+    - perf: enable strict mode
+
+0.13.0 / 2015-06-16
+===================
+
+  * Allow Node.js HTTP server to set `Date` response header
+  * Fix incorrectly removing `Content-Location` on 304 response
+  * Improve the default redirect response headers
+  * Send appropriate headers on default error response
+  * Use `http-errors` for standard emitted errors
+  * Use `statuses` instead of `http` module for status messages
+  * deps: escape-html@1.0.2
+  * deps: etag@~1.7.0
+    - Improve stat performance by removing hashing
+  * deps: fresh@0.3.0
+    - Add weak `ETag` matching support
+  * deps: on-finished@~2.3.0
+    - Add defined behavior for HTTP `CONNECT` requests
+    - Add defined behavior for HTTP `Upgrade` requests
+    - deps: ee-first@1.1.1
+  * perf: enable strict mode
+  * perf: remove unnecessary array allocations
+
+0.12.3 / 2015-05-13
+===================
+
+  * deps: debug@~2.2.0
+    - deps: ms@0.7.1
+  * deps: depd@~1.0.1
+  * deps: etag@~1.6.0
+   - Improve support for JXcore
+   - Support "fake" stats objects in environments without `fs`
+  * deps: ms@0.7.1
+    - Prevent extraordinarily long inputs
+  * deps: on-finished@~2.2.1
+
+0.12.2 / 2015-03-13
+===================
+
+  * Throw errors early for invalid `extensions` or `index` options
+  * deps: debug@~2.1.3
+    - Fix high intensity foreground color for bold
+    - deps: ms@0.7.0
+
+0.12.1 / 2015-02-17
+===================
+
+  * Fix regression sending zero-length files
+
+0.12.0 / 2015-02-16
+===================
+
+  * Always read the stat size from the file
+  * Fix mutating passed-in `options`
+  * deps: mime@1.3.4
+
+0.11.1 / 2015-01-20
+===================
+
+  * Fix `root` path disclosure
+
+0.11.0 / 2015-01-05
+===================
+
+  * deps: debug@~2.1.1
+  * deps: etag@~1.5.1
+    - deps: crc@3.2.1
+  * deps: ms@0.7.0
+    - Add `milliseconds`
+    - Add `msecs`
+    - Add `secs`
+    - Add `mins`
+    - Add `hrs`
+    - Add `yrs`
+  * deps: on-finished@~2.2.0
+
+0.10.1 / 2014-10-22
+===================
+
+  * deps: on-finished@~2.1.1
+    - Fix handling of pipelined requests
+
+0.10.0 / 2014-10-15
+===================
+
+  * deps: debug@~2.1.0
+    - Implement `DEBUG_FD` env variable support
+  * deps: depd@~1.0.0
+  * deps: etag@~1.5.0
+    - Improve string performance
+    - Slightly improve speed for weak ETags over 1KB
+
+0.9.3 / 2014-09-24
+==================
+
+  * deps: etag@~1.4.0
+    - Support "fake" stats objects
+
+0.9.2 / 2014-09-15
+==================
+
+  * deps: depd@0.4.5
+  * deps: etag@~1.3.1
+  * deps: range-parser@~1.0.2
+
+0.9.1 / 2014-09-07
+==================
+
+  * deps: fresh@0.2.4
+
+0.9.0 / 2014-09-07
+==================
+
+  * Add `lastModified` option
+  * Use `etag` to generate `ETag` header
+  * deps: debug@~2.0.0
+
+0.8.5 / 2014-09-04
+==================
+
+  * Fix malicious path detection for empty string path
+
+0.8.4 / 2014-09-04
+==================
+
+  * Fix a path traversal issue when using `root`
+
+0.8.3 / 2014-08-16
+==================
+
+  * deps: destroy@1.0.3
+    - renamed from dethroy
+  * deps: on-finished@2.1.0
+
+0.8.2 / 2014-08-14
+==================
+
+  * Work around `fd` leak in Node.js 0.10 for `fs.ReadStream`
+  * deps: dethroy@1.0.2
+
+0.8.1 / 2014-08-05
+==================
+
+  * Fix `extensions` behavior when file already has extension
+
+0.8.0 / 2014-08-05
+==================
+
+  * Add `extensions` option
+
+0.7.4 / 2014-08-04
+==================
+
+  * Fix serving index files without root dir
+
+0.7.3 / 2014-07-29
+==================
+
+  * Fix incorrect 403 on Windows and Node.js 0.11
+
+0.7.2 / 2014-07-27
+==================
+
+  * deps: depd@0.4.4
+    - Work-around v8 generating empty stack traces
+
+0.7.1 / 2014-07-26
+==================
+
+ * deps: depd@0.4.3
+   - Fix exception when global `Error.stackTraceLimit` is too low
+
+0.7.0 / 2014-07-20
+==================
+
+ * Deprecate `hidden` option; use `dotfiles` option
+ * Add `dotfiles` option
+ * deps: debug@1.0.4
+ * deps: depd@0.4.2
+   - Add `TRACE_DEPRECATION` environment variable
+   - Remove non-standard grey color from color output
+   - Support `--no-deprecation` argument
+   - Support `--trace-deprecation` argument
+
+0.6.0 / 2014-07-11
+==================
+
+ * Deprecate `from` option; use `root` option
+ * Deprecate `send.etag()` -- use `etag` in `options`
+ * Deprecate `send.hidden()` -- use `hidden` in `options`
+ * Deprecate `send.index()` -- use `index` in `options`
+ * Deprecate `send.maxage()` -- use `maxAge` in `options`
+ * Deprecate `send.root()` -- use `root` in `options`
+ * Cap `maxAge` value to 1 year
+ * deps: debug@1.0.3
+   - Add support for multiple wildcards in namespaces
+
+0.5.0 / 2014-06-28
+==================
+
+ * Accept string for `maxAge` (converted by `ms`)
+ * Add `headers` event
+ * Include link in default redirect response
+ * Use `EventEmitter.listenerCount` to count listeners
+
+0.4.3 / 2014-06-11
+==================
+
+ * Do not throw un-catchable error on file open race condition
+ * Use `escape-html` for HTML escaping
+ * deps: debug@1.0.2
+   - fix some debugging output colors on node.js 0.8
+ * deps: finished@1.2.2
+ * deps: fresh@0.2.2
+
+0.4.2 / 2014-06-09
+==================
+
+ * fix "event emitter leak" warnings
+ * deps: debug@1.0.1
+ * deps: finished@1.2.1
+
+0.4.1 / 2014-06-02
+==================
+
+ * Send `max-age` in `Cache-Control` in correct format
+
+0.4.0 / 2014-05-27
+==================
+
+ * Calculate ETag with md5 for reduced collisions
+ * Fix wrong behavior when index file matches directory
+ * Ignore stream errors after request ends
+   - Goodbye `EBADF, read`
+ * Skip directories in index file search
+ * deps: debug@0.8.1
+
+0.3.0 / 2014-04-24
+==================
+
+ * Fix sending files with dots without root set
+ * Coerce option types
+ * Accept API options in options object
+ * Set etags to "weak"
+ * Include file path in etag
+ * Make "Can't set headers after they are sent." catchable
+ * Send full entity-body for multi range requests
+ * Default directory access to 403 when index disabled
+ * Support multiple index paths
+ * Support "If-Range" header
+ * Control whether to generate etags
+ * deps: mime@1.2.11
+
+0.2.0 / 2014-01-29
+==================
+
+ * update range-parser and fresh
+
+0.1.4 / 2013-08-11
+==================
+
+ * update fresh
+
+0.1.3 / 2013-07-08
+==================
+
+ * Revert "Fix fd leak"
+
+0.1.2 / 2013-07-03
+==================
+
+ * Fix fd leak
+
+0.1.0 / 2012-08-25
+==================
+
+  * add options parameter to send() that is passed to fs.createReadStream() [kanongil]
+
+0.0.4 / 2012-08-16
+==================
+
+  * allow custom "Accept-Ranges" definition
+
+0.0.3 / 2012-07-16
+==================
+
+  * fix normalization of the root directory. Closes #3
+
+0.0.2 / 2012-07-09
+==================
+
+  * add passing of req explicitly for now (YUCK)
+
+0.0.1 / 2010-01-03
+==================
+
+  * Initial release
diff --git a/src/Servers/ExpressServer/node_modules/send/LICENSE b/src/Servers/ExpressServer/node_modules/send/LICENSE
new file mode 100644
index 0000000..b6ea1c1
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/send/LICENSE
@@ -0,0 +1,23 @@
+(The MIT License)
+
+Copyright (c) 2012 TJ Holowaychuk
+Copyright (c) 2014-2022 Douglas Christopher Wilson
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/send/README.md b/src/Servers/ExpressServer/node_modules/send/README.md
new file mode 100644
index 0000000..fadf838
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/send/README.md
@@ -0,0 +1,327 @@
+# send
+
+[![NPM Version][npm-version-image]][npm-url]
+[![NPM Downloads][npm-downloads-image]][npm-url]
+[![Linux Build][github-actions-ci-image]][github-actions-ci-url]
+[![Windows Build][appveyor-image]][appveyor-url]
+[![Test Coverage][coveralls-image]][coveralls-url]
+
+Send is a library for streaming files from the file system as a http response
+supporting partial responses (Ranges), conditional-GET negotiation (If-Match,
+If-Unmodified-Since, If-None-Match, If-Modified-Since), high test coverage,
+and granular events which may be leveraged to take appropriate actions in your
+application or framework.
+
+Looking to serve up entire folders mapped to URLs? Try [serve-static](https://www.npmjs.org/package/serve-static).
+
+## Installation
+
+This is a [Node.js](https://nodejs.org/en/) module available through the
+[npm registry](https://www.npmjs.com/). Installation is done using the
+[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
+
+```bash
+$ npm install send
+```
+
+## API
+
+```js
+var send = require('send')
+```
+
+### send(req, path, [options])
+
+Create a new `SendStream` for the given path to send to a `res`. The `req` is
+the Node.js HTTP request and the `path` is a urlencoded path to send (urlencoded,
+not the actual file-system path).
+
+#### Options
+
+##### acceptRanges
+
+Enable or disable accepting ranged requests, defaults to true.
+Disabling this will not send `Accept-Ranges` and ignore the contents
+of the `Range` request header.
+
+##### cacheControl
+
+Enable or disable setting `Cache-Control` response header, defaults to
+true. Disabling this will ignore the `immutable` and `maxAge` options.
+
+##### dotfiles
+
+Set how "dotfiles" are treated when encountered. A dotfile is a file
+or directory that begins with a dot ("."). Note this check is done on
+the path itself without checking if the path actually exists on the
+disk. If `root` is specified, only the dotfiles above the root are
+checked (i.e. the root itself can be within a dotfile when when set
+to "deny").
+
+  - `'allow'` No special treatment for dotfiles.
+  - `'deny'` Send a 403 for any request for a dotfile.
+  - `'ignore'` Pretend like the dotfile does not exist and 404.
+
+The default value is _similar_ to `'ignore'`, with the exception that
+this default will not ignore the files within a directory that begins
+with a dot, for backward-compatibility.
+
+##### end
+
+Byte offset at which the stream ends, defaults to the length of the file
+minus 1. The end is inclusive in the stream, meaning `end: 3` will include
+the 4th byte in the stream.
+
+##### etag
+
+Enable or disable etag generation, defaults to true.
+
+##### extensions
+
+If a given file doesn't exist, try appending one of the given extensions,
+in the given order. By default, this is disabled (set to `false`). An
+example value that will serve extension-less HTML files: `['html', 'htm']`.
+This is skipped if the requested file already has an extension.
+
+##### immutable
+
+Enable or disable the `immutable` directive in the `Cache-Control` response
+header, defaults to `false`. If set to `true`, the `maxAge` option should
+also be specified to enable caching. The `immutable` directive will prevent
+supported clients from making conditional requests during the life of the
+`maxAge` option to check if the file has changed.
+
+##### index
+
+By default send supports "index.html" files, to disable this
+set `false` or to supply a new index pass a string or an array
+in preferred order.
+
+##### lastModified
+
+Enable or disable `Last-Modified` header, defaults to true. Uses the file
+system's last modified value.
+
+##### maxAge
+
+Provide a max-age in milliseconds for http caching, defaults to 0.
+This can also be a string accepted by the
+[ms](https://www.npmjs.org/package/ms#readme) module.
+
+##### root
+
+Serve files relative to `path`.
+
+##### start
+
+Byte offset at which the stream starts, defaults to 0. The start is inclusive,
+meaning `start: 2` will include the 3rd byte in the stream.
+
+#### Events
+
+The `SendStream` is an event emitter and will emit the following events:
+
+  - `error` an error occurred `(err)`
+  - `directory` a directory was requested `(res, path)`
+  - `file` a file was requested `(path, stat)`
+  - `headers` the headers are about to be set on a file `(res, path, stat)`
+  - `stream` file streaming has started `(stream)`
+  - `end` streaming has completed
+
+#### .pipe
+
+The `pipe` method is used to pipe the response into the Node.js HTTP response
+object, typically `send(req, path, options).pipe(res)`.
+
+### .mime
+
+The `mime` export is the global instance of of the
+[`mime` npm module](https://www.npmjs.com/package/mime).
+
+This is used to configure the MIME types that are associated with file extensions
+as well as other options for how to resolve the MIME type of a file (like the
+default type to use for an unknown file extension).
+
+## Error-handling
+
+By default when no `error` listeners are present an automatic response will be
+made, otherwise you have full control over the response, aka you may show a 5xx
+page etc.
+
+## Caching
+
+It does _not_ perform internal caching, you should use a reverse proxy cache
+such as Varnish for this, or those fancy things called CDNs. If your
+application is small enough that it would benefit from single-node memory
+caching, it's small enough that it does not need caching at all ;).
+
+## Debugging
+
+To enable `debug()` instrumentation output export __DEBUG__:
+
+```
+$ DEBUG=send node app
+```
+
+## Running tests
+
+```
+$ npm install
+$ npm test
+```
+
+## Examples
+
+### Serve a specific file
+
+This simple example will send a specific file to all requests.
+
+```js
+var http = require('http')
+var send = require('send')
+
+var server = http.createServer(function onRequest (req, res) {
+  send(req, '/path/to/index.html')
+    .pipe(res)
+})
+
+server.listen(3000)
+```
+
+### Serve all files from a directory
+
+This simple example will just serve up all the files in a
+given directory as the top-level. For example, a request
+`GET /foo.txt` will send back `/www/public/foo.txt`.
+
+```js
+var http = require('http')
+var parseUrl = require('parseurl')
+var send = require('send')
+
+var server = http.createServer(function onRequest (req, res) {
+  send(req, parseUrl(req).pathname, { root: '/www/public' })
+    .pipe(res)
+})
+
+server.listen(3000)
+```
+
+### Custom file types
+
+```js
+var http = require('http')
+var parseUrl = require('parseurl')
+var send = require('send')
+
+// Default unknown types to text/plain
+send.mime.default_type = 'text/plain'
+
+// Add a custom type
+send.mime.define({
+  'application/x-my-type': ['x-mt', 'x-mtt']
+})
+
+var server = http.createServer(function onRequest (req, res) {
+  send(req, parseUrl(req).pathname, { root: '/www/public' })
+    .pipe(res)
+})
+
+server.listen(3000)
+```
+
+### Custom directory index view
+
+This is a example of serving up a structure of directories with a
+custom function to render a listing of a directory.
+
+```js
+var http = require('http')
+var fs = require('fs')
+var parseUrl = require('parseurl')
+var send = require('send')
+
+// Transfer arbitrary files from within /www/example.com/public/*
+// with a custom handler for directory listing
+var server = http.createServer(function onRequest (req, res) {
+  send(req, parseUrl(req).pathname, { index: false, root: '/www/public' })
+    .once('directory', directory)
+    .pipe(res)
+})
+
+server.listen(3000)
+
+// Custom directory handler
+function directory (res, path) {
+  var stream = this
+
+  // redirect to trailing slash for consistent url
+  if (!stream.hasTrailingSlash()) {
+    return stream.redirect(path)
+  }
+
+  // get directory list
+  fs.readdir(path, function onReaddir (err, list) {
+    if (err) return stream.error(err)
+
+    // render an index for the directory
+    res.setHeader('Content-Type', 'text/plain; charset=UTF-8')
+    res.end(list.join('\n') + '\n')
+  })
+}
+```
+
+### Serving from a root directory with custom error-handling
+
+```js
+var http = require('http')
+var parseUrl = require('parseurl')
+var send = require('send')
+
+var server = http.createServer(function onRequest (req, res) {
+  // your custom error-handling logic:
+  function error (err) {
+    res.statusCode = err.status || 500
+    res.end(err.message)
+  }
+
+  // your custom headers
+  function headers (res, path, stat) {
+    // serve all files for download
+    res.setHeader('Content-Disposition', 'attachment')
+  }
+
+  // your custom directory handling logic:
+  function redirect () {
+    res.statusCode = 301
+    res.setHeader('Location', req.url + '/')
+    res.end('Redirecting to ' + req.url + '/')
+  }
+
+  // transfer arbitrary files from within
+  // /www/example.com/public/*
+  send(req, parseUrl(req).pathname, { root: '/www/public' })
+    .on('error', error)
+    .on('directory', redirect)
+    .on('headers', headers)
+    .pipe(res)
+})
+
+server.listen(3000)
+```
+
+## License
+
+[MIT](LICENSE)
+
+[appveyor-image]: https://badgen.net/appveyor/ci/dougwilson/send/master?label=windows
+[appveyor-url]: https://ci.appveyor.com/project/dougwilson/send
+[coveralls-image]: https://badgen.net/coveralls/c/github/pillarjs/send/master
+[coveralls-url]: https://coveralls.io/r/pillarjs/send?branch=master
+[github-actions-ci-image]: https://badgen.net/github/checks/pillarjs/send/master?label=linux
+[github-actions-ci-url]: https://github.com/pillarjs/send/actions/workflows/ci.yml
+[node-image]: https://badgen.net/npm/node/send
+[node-url]: https://nodejs.org/en/download/
+[npm-downloads-image]: https://badgen.net/npm/dm/send
+[npm-url]: https://npmjs.org/package/send
+[npm-version-image]: https://badgen.net/npm/v/send
diff --git a/src/Servers/ExpressServer/node_modules/send/SECURITY.md b/src/Servers/ExpressServer/node_modules/send/SECURITY.md
new file mode 100644
index 0000000..46b48f7
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/send/SECURITY.md
@@ -0,0 +1,24 @@
+# Security Policies and Procedures
+
+## Reporting a Bug
+
+The `send` team and community take all security bugs seriously. Thank you
+for improving the security of Express. We appreciate your efforts and
+responsible disclosure and will make every effort to acknowledge your
+contributions.
+
+Report security bugs by emailing the current owner(s) of `send`. This information
+can be found in the npm registry using the command `npm owner ls send`.
+If unsure or unable to get the information from the above, open an issue
+in the [project issue tracker](https://github.com/pillarjs/send/issues)
+asking for the current contact information.
+
+To ensure the timely response to your report, please ensure that the entirety
+of the report is contained within the email body and not solely behind a web
+link or an attachment.
+
+At least one owner will acknowledge your email within 48 hours, and will send a
+more detailed response within 48 hours indicating the next steps in handling
+your report. After the initial reply to your report, the owners will
+endeavor to keep you informed of the progress towards a fix and full
+announcement, and may ask for additional information or guidance.
diff --git a/src/Servers/ExpressServer/node_modules/send/index.js b/src/Servers/ExpressServer/node_modules/send/index.js
new file mode 100644
index 0000000..768f8ca
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/send/index.js
@@ -0,0 +1,1142 @@
+/*!
+ * send
+ * Copyright(c) 2012 TJ Holowaychuk
+ * Copyright(c) 2014-2022 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict'
+
+/**
+ * Module dependencies.
+ * @private
+ */
+
+var createError = require('http-errors')
+var debug = require('debug')('send')
+var deprecate = require('depd')('send')
+var destroy = require('destroy')
+var encodeUrl = require('encodeurl')
+var escapeHtml = require('escape-html')
+var etag = require('etag')
+var fresh = require('fresh')
+var fs = require('fs')
+var mime = require('mime')
+var ms = require('ms')
+var onFinished = require('on-finished')
+var parseRange = require('range-parser')
+var path = require('path')
+var statuses = require('statuses')
+var Stream = require('stream')
+var util = require('util')
+
+/**
+ * Path function references.
+ * @private
+ */
+
+var extname = path.extname
+var join = path.join
+var normalize = path.normalize
+var resolve = path.resolve
+var sep = path.sep
+
+/**
+ * Regular expression for identifying a bytes Range header.
+ * @private
+ */
+
+var BYTES_RANGE_REGEXP = /^ *bytes=/
+
+/**
+ * Maximum value allowed for the max age.
+ * @private
+ */
+
+var MAX_MAXAGE = 60 * 60 * 24 * 365 * 1000 // 1 year
+
+/**
+ * Regular expression to match a path with a directory up component.
+ * @private
+ */
+
+var UP_PATH_REGEXP = /(?:^|[\\/])\.\.(?:[\\/]|$)/
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = send
+module.exports.mime = mime
+
+/**
+ * Return a `SendStream` for `req` and `path`.
+ *
+ * @param {object} req
+ * @param {string} path
+ * @param {object} [options]
+ * @return {SendStream}
+ * @public
+ */
+
+function send (req, path, options) {
+  return new SendStream(req, path, options)
+}
+
+/**
+ * Initialize a `SendStream` with the given `path`.
+ *
+ * @param {Request} req
+ * @param {String} path
+ * @param {object} [options]
+ * @private
+ */
+
+function SendStream (req, path, options) {
+  Stream.call(this)
+
+  var opts = options || {}
+
+  this.options = opts
+  this.path = path
+  this.req = req
+
+  this._acceptRanges = opts.acceptRanges !== undefined
+    ? Boolean(opts.acceptRanges)
+    : true
+
+  this._cacheControl = opts.cacheControl !== undefined
+    ? Boolean(opts.cacheControl)
+    : true
+
+  this._etag = opts.etag !== undefined
+    ? Boolean(opts.etag)
+    : true
+
+  this._dotfiles = opts.dotfiles !== undefined
+    ? opts.dotfiles
+    : 'ignore'
+
+  if (this._dotfiles !== 'ignore' && this._dotfiles !== 'allow' && this._dotfiles !== 'deny') {
+    throw new TypeError('dotfiles option must be "allow", "deny", or "ignore"')
+  }
+
+  this._hidden = Boolean(opts.hidden)
+
+  if (opts.hidden !== undefined) {
+    deprecate('hidden: use dotfiles: \'' + (this._hidden ? 'allow' : 'ignore') + '\' instead')
+  }
+
+  // legacy support
+  if (opts.dotfiles === undefined) {
+    this._dotfiles = undefined
+  }
+
+  this._extensions = opts.extensions !== undefined
+    ? normalizeList(opts.extensions, 'extensions option')
+    : []
+
+  this._immutable = opts.immutable !== undefined
+    ? Boolean(opts.immutable)
+    : false
+
+  this._index = opts.index !== undefined
+    ? normalizeList(opts.index, 'index option')
+    : ['index.html']
+
+  this._lastModified = opts.lastModified !== undefined
+    ? Boolean(opts.lastModified)
+    : true
+
+  this._maxage = opts.maxAge || opts.maxage
+  this._maxage = typeof this._maxage === 'string'
+    ? ms(this._maxage)
+    : Number(this._maxage)
+  this._maxage = !isNaN(this._maxage)
+    ? Math.min(Math.max(0, this._maxage), MAX_MAXAGE)
+    : 0
+
+  this._root = opts.root
+    ? resolve(opts.root)
+    : null
+
+  if (!this._root && opts.from) {
+    this.from(opts.from)
+  }
+}
+
+/**
+ * Inherits from `Stream`.
+ */
+
+util.inherits(SendStream, Stream)
+
+/**
+ * Enable or disable etag generation.
+ *
+ * @param {Boolean} val
+ * @return {SendStream}
+ * @api public
+ */
+
+SendStream.prototype.etag = deprecate.function(function etag (val) {
+  this._etag = Boolean(val)
+  debug('etag %s', this._etag)
+  return this
+}, 'send.etag: pass etag as option')
+
+/**
+ * Enable or disable "hidden" (dot) files.
+ *
+ * @param {Boolean} path
+ * @return {SendStream}
+ * @api public
+ */
+
+SendStream.prototype.hidden = deprecate.function(function hidden (val) {
+  this._hidden = Boolean(val)
+  this._dotfiles = undefined
+  debug('hidden %s', this._hidden)
+  return this
+}, 'send.hidden: use dotfiles option')
+
+/**
+ * Set index `paths`, set to a falsy
+ * value to disable index support.
+ *
+ * @param {String|Boolean|Array} paths
+ * @return {SendStream}
+ * @api public
+ */
+
+SendStream.prototype.index = deprecate.function(function index (paths) {
+  var index = !paths ? [] : normalizeList(paths, 'paths argument')
+  debug('index %o', paths)
+  this._index = index
+  return this
+}, 'send.index: pass index as option')
+
+/**
+ * Set root `path`.
+ *
+ * @param {String} path
+ * @return {SendStream}
+ * @api public
+ */
+
+SendStream.prototype.root = function root (path) {
+  this._root = resolve(String(path))
+  debug('root %s', this._root)
+  return this
+}
+
+SendStream.prototype.from = deprecate.function(SendStream.prototype.root,
+  'send.from: pass root as option')
+
+SendStream.prototype.root = deprecate.function(SendStream.prototype.root,
+  'send.root: pass root as option')
+
+/**
+ * Set max-age to `maxAge`.
+ *
+ * @param {Number} maxAge
+ * @return {SendStream}
+ * @api public
+ */
+
+SendStream.prototype.maxage = deprecate.function(function maxage (maxAge) {
+  this._maxage = typeof maxAge === 'string'
+    ? ms(maxAge)
+    : Number(maxAge)
+  this._maxage = !isNaN(this._maxage)
+    ? Math.min(Math.max(0, this._maxage), MAX_MAXAGE)
+    : 0
+  debug('max-age %d', this._maxage)
+  return this
+}, 'send.maxage: pass maxAge as option')
+
+/**
+ * Emit error with `status`.
+ *
+ * @param {number} status
+ * @param {Error} [err]
+ * @private
+ */
+
+SendStream.prototype.error = function error (status, err) {
+  // emit if listeners instead of responding
+  if (hasListeners(this, 'error')) {
+    return this.emit('error', createHttpError(status, err))
+  }
+
+  var res = this.res
+  var msg = statuses.message[status] || String(status)
+  var doc = createHtmlDocument('Error', escapeHtml(msg))
+
+  // clear existing headers
+  clearHeaders(res)
+
+  // add error headers
+  if (err && err.headers) {
+    setHeaders(res, err.headers)
+  }
+
+  // send basic response
+  res.statusCode = status
+  res.setHeader('Content-Type', 'text/html; charset=UTF-8')
+  res.setHeader('Content-Length', Buffer.byteLength(doc))
+  res.setHeader('Content-Security-Policy', "default-src 'none'")
+  res.setHeader('X-Content-Type-Options', 'nosniff')
+  res.end(doc)
+}
+
+/**
+ * Check if the pathname ends with "/".
+ *
+ * @return {boolean}
+ * @private
+ */
+
+SendStream.prototype.hasTrailingSlash = function hasTrailingSlash () {
+  return this.path[this.path.length - 1] === '/'
+}
+
+/**
+ * Check if this is a conditional GET request.
+ *
+ * @return {Boolean}
+ * @api private
+ */
+
+SendStream.prototype.isConditionalGET = function isConditionalGET () {
+  return this.req.headers['if-match'] ||
+    this.req.headers['if-unmodified-since'] ||
+    this.req.headers['if-none-match'] ||
+    this.req.headers['if-modified-since']
+}
+
+/**
+ * Check if the request preconditions failed.
+ *
+ * @return {boolean}
+ * @private
+ */
+
+SendStream.prototype.isPreconditionFailure = function isPreconditionFailure () {
+  var req = this.req
+  var res = this.res
+
+  // if-match
+  var match = req.headers['if-match']
+  if (match) {
+    var etag = res.getHeader('ETag')
+    return !etag || (match !== '*' && parseTokenList(match).every(function (match) {
+      return match !== etag && match !== 'W/' + etag && 'W/' + match !== etag
+    }))
+  }
+
+  // if-unmodified-since
+  var unmodifiedSince = parseHttpDate(req.headers['if-unmodified-since'])
+  if (!isNaN(unmodifiedSince)) {
+    var lastModified = parseHttpDate(res.getHeader('Last-Modified'))
+    return isNaN(lastModified) || lastModified > unmodifiedSince
+  }
+
+  return false
+}
+
+/**
+ * Strip various content header fields for a change in entity.
+ *
+ * @private
+ */
+
+SendStream.prototype.removeContentHeaderFields = function removeContentHeaderFields () {
+  var res = this.res
+
+  res.removeHeader('Content-Encoding')
+  res.removeHeader('Content-Language')
+  res.removeHeader('Content-Length')
+  res.removeHeader('Content-Range')
+  res.removeHeader('Content-Type')
+}
+
+/**
+ * Respond with 304 not modified.
+ *
+ * @api private
+ */
+
+SendStream.prototype.notModified = function notModified () {
+  var res = this.res
+  debug('not modified')
+  this.removeContentHeaderFields()
+  res.statusCode = 304
+  res.end()
+}
+
+/**
+ * Raise error that headers already sent.
+ *
+ * @api private
+ */
+
+SendStream.prototype.headersAlreadySent = function headersAlreadySent () {
+  var err = new Error('Can\'t set headers after they are sent.')
+  debug('headers already sent')
+  this.error(500, err)
+}
+
+/**
+ * Check if the request is cacheable, aka
+ * responded with 2xx or 304 (see RFC 2616 section 14.2{5,6}).
+ *
+ * @return {Boolean}
+ * @api private
+ */
+
+SendStream.prototype.isCachable = function isCachable () {
+  var statusCode = this.res.statusCode
+  return (statusCode >= 200 && statusCode < 300) ||
+    statusCode === 304
+}
+
+/**
+ * Handle stat() error.
+ *
+ * @param {Error} error
+ * @private
+ */
+
+SendStream.prototype.onStatError = function onStatError (error) {
+  switch (error.code) {
+    case 'ENAMETOOLONG':
+    case 'ENOENT':
+    case 'ENOTDIR':
+      this.error(404, error)
+      break
+    default:
+      this.error(500, error)
+      break
+  }
+}
+
+/**
+ * Check if the cache is fresh.
+ *
+ * @return {Boolean}
+ * @api private
+ */
+
+SendStream.prototype.isFresh = function isFresh () {
+  return fresh(this.req.headers, {
+    etag: this.res.getHeader('ETag'),
+    'last-modified': this.res.getHeader('Last-Modified')
+  })
+}
+
+/**
+ * Check if the range is fresh.
+ *
+ * @return {Boolean}
+ * @api private
+ */
+
+SendStream.prototype.isRangeFresh = function isRangeFresh () {
+  var ifRange = this.req.headers['if-range']
+
+  if (!ifRange) {
+    return true
+  }
+
+  // if-range as etag
+  if (ifRange.indexOf('"') !== -1) {
+    var etag = this.res.getHeader('ETag')
+    return Boolean(etag && ifRange.indexOf(etag) !== -1)
+  }
+
+  // if-range as modified date
+  var lastModified = this.res.getHeader('Last-Modified')
+  return parseHttpDate(lastModified) <= parseHttpDate(ifRange)
+}
+
+/**
+ * Redirect to path.
+ *
+ * @param {string} path
+ * @private
+ */
+
+SendStream.prototype.redirect = function redirect (path) {
+  var res = this.res
+
+  if (hasListeners(this, 'directory')) {
+    this.emit('directory', res, path)
+    return
+  }
+
+  if (this.hasTrailingSlash()) {
+    this.error(403)
+    return
+  }
+
+  var loc = encodeUrl(collapseLeadingSlashes(this.path + '/'))
+  var doc = createHtmlDocument('Redirecting', 'Redirecting to ' + escapeHtml(loc))
+
+  // redirect
+  res.statusCode = 301
+  res.setHeader('Content-Type', 'text/html; charset=UTF-8')
+  res.setHeader('Content-Length', Buffer.byteLength(doc))
+  res.setHeader('Content-Security-Policy', "default-src 'none'")
+  res.setHeader('X-Content-Type-Options', 'nosniff')
+  res.setHeader('Location', loc)
+  res.end(doc)
+}
+
+/**
+ * Pipe to `res.
+ *
+ * @param {Stream} res
+ * @return {Stream} res
+ * @api public
+ */
+
+SendStream.prototype.pipe = function pipe (res) {
+  // root path
+  var root = this._root
+
+  // references
+  this.res = res
+
+  // decode the path
+  var path = decode(this.path)
+  if (path === -1) {
+    this.error(400)
+    return res
+  }
+
+  // null byte(s)
+  if (~path.indexOf('\0')) {
+    this.error(400)
+    return res
+  }
+
+  var parts
+  if (root !== null) {
+    // normalize
+    if (path) {
+      path = normalize('.' + sep + path)
+    }
+
+    // malicious path
+    if (UP_PATH_REGEXP.test(path)) {
+      debug('malicious path "%s"', path)
+      this.error(403)
+      return res
+    }
+
+    // explode path parts
+    parts = path.split(sep)
+
+    // join / normalize from optional root dir
+    path = normalize(join(root, path))
+  } else {
+    // ".." is malicious without "root"
+    if (UP_PATH_REGEXP.test(path)) {
+      debug('malicious path "%s"', path)
+      this.error(403)
+      return res
+    }
+
+    // explode path parts
+    parts = normalize(path).split(sep)
+
+    // resolve the path
+    path = resolve(path)
+  }
+
+  // dotfile handling
+  if (containsDotFile(parts)) {
+    var access = this._dotfiles
+
+    // legacy support
+    if (access === undefined) {
+      access = parts[parts.length - 1][0] === '.'
+        ? (this._hidden ? 'allow' : 'ignore')
+        : 'allow'
+    }
+
+    debug('%s dotfile "%s"', access, path)
+    switch (access) {
+      case 'allow':
+        break
+      case 'deny':
+        this.error(403)
+        return res
+      case 'ignore':
+      default:
+        this.error(404)
+        return res
+    }
+  }
+
+  // index file support
+  if (this._index.length && this.hasTrailingSlash()) {
+    this.sendIndex(path)
+    return res
+  }
+
+  this.sendFile(path)
+  return res
+}
+
+/**
+ * Transfer `path`.
+ *
+ * @param {String} path
+ * @api public
+ */
+
+SendStream.prototype.send = function send (path, stat) {
+  var len = stat.size
+  var options = this.options
+  var opts = {}
+  var res = this.res
+  var req = this.req
+  var ranges = req.headers.range
+  var offset = options.start || 0
+
+  if (headersSent(res)) {
+    // impossible to send now
+    this.headersAlreadySent()
+    return
+  }
+
+  debug('pipe "%s"', path)
+
+  // set header fields
+  this.setHeader(path, stat)
+
+  // set content-type
+  this.type(path)
+
+  // conditional GET support
+  if (this.isConditionalGET()) {
+    if (this.isPreconditionFailure()) {
+      this.error(412)
+      return
+    }
+
+    if (this.isCachable() && this.isFresh()) {
+      this.notModified()
+      return
+    }
+  }
+
+  // adjust len to start/end options
+  len = Math.max(0, len - offset)
+  if (options.end !== undefined) {
+    var bytes = options.end - offset + 1
+    if (len > bytes) len = bytes
+  }
+
+  // Range support
+  if (this._acceptRanges && BYTES_RANGE_REGEXP.test(ranges)) {
+    // parse
+    ranges = parseRange(len, ranges, {
+      combine: true
+    })
+
+    // If-Range support
+    if (!this.isRangeFresh()) {
+      debug('range stale')
+      ranges = -2
+    }
+
+    // unsatisfiable
+    if (ranges === -1) {
+      debug('range unsatisfiable')
+
+      // Content-Range
+      res.setHeader('Content-Range', contentRange('bytes', len))
+
+      // 416 Requested Range Not Satisfiable
+      return this.error(416, {
+        headers: { 'Content-Range': res.getHeader('Content-Range') }
+      })
+    }
+
+    // valid (syntactically invalid/multiple ranges are treated as a regular response)
+    if (ranges !== -2 && ranges.length === 1) {
+      debug('range %j', ranges)
+
+      // Content-Range
+      res.statusCode = 206
+      res.setHeader('Content-Range', contentRange('bytes', len, ranges[0]))
+
+      // adjust for requested range
+      offset += ranges[0].start
+      len = ranges[0].end - ranges[0].start + 1
+    }
+  }
+
+  // clone options
+  for (var prop in options) {
+    opts[prop] = options[prop]
+  }
+
+  // set read options
+  opts.start = offset
+  opts.end = Math.max(offset, offset + len - 1)
+
+  // content-length
+  res.setHeader('Content-Length', len)
+
+  // HEAD support
+  if (req.method === 'HEAD') {
+    res.end()
+    return
+  }
+
+  this.stream(path, opts)
+}
+
+/**
+ * Transfer file for `path`.
+ *
+ * @param {String} path
+ * @api private
+ */
+SendStream.prototype.sendFile = function sendFile (path) {
+  var i = 0
+  var self = this
+
+  debug('stat "%s"', path)
+  fs.stat(path, function onstat (err, stat) {
+    if (err && err.code === 'ENOENT' && !extname(path) && path[path.length - 1] !== sep) {
+      // not found, check extensions
+      return next(err)
+    }
+    if (err) return self.onStatError(err)
+    if (stat.isDirectory()) return self.redirect(path)
+    self.emit('file', path, stat)
+    self.send(path, stat)
+  })
+
+  function next (err) {
+    if (self._extensions.length <= i) {
+      return err
+        ? self.onStatError(err)
+        : self.error(404)
+    }
+
+    var p = path + '.' + self._extensions[i++]
+
+    debug('stat "%s"', p)
+    fs.stat(p, function (err, stat) {
+      if (err) return next(err)
+      if (stat.isDirectory()) return next()
+      self.emit('file', p, stat)
+      self.send(p, stat)
+    })
+  }
+}
+
+/**
+ * Transfer index for `path`.
+ *
+ * @param {String} path
+ * @api private
+ */
+SendStream.prototype.sendIndex = function sendIndex (path) {
+  var i = -1
+  var self = this
+
+  function next (err) {
+    if (++i >= self._index.length) {
+      if (err) return self.onStatError(err)
+      return self.error(404)
+    }
+
+    var p = join(path, self._index[i])
+
+    debug('stat "%s"', p)
+    fs.stat(p, function (err, stat) {
+      if (err) return next(err)
+      if (stat.isDirectory()) return next()
+      self.emit('file', p, stat)
+      self.send(p, stat)
+    })
+  }
+
+  next()
+}
+
+/**
+ * Stream `path` to the response.
+ *
+ * @param {String} path
+ * @param {Object} options
+ * @api private
+ */
+
+SendStream.prototype.stream = function stream (path, options) {
+  var self = this
+  var res = this.res
+
+  // pipe
+  var stream = fs.createReadStream(path, options)
+  this.emit('stream', stream)
+  stream.pipe(res)
+
+  // cleanup
+  function cleanup () {
+    destroy(stream, true)
+  }
+
+  // response finished, cleanup
+  onFinished(res, cleanup)
+
+  // error handling
+  stream.on('error', function onerror (err) {
+    // clean up stream early
+    cleanup()
+
+    // error
+    self.onStatError(err)
+  })
+
+  // end
+  stream.on('end', function onend () {
+    self.emit('end')
+  })
+}
+
+/**
+ * Set content-type based on `path`
+ * if it hasn't been explicitly set.
+ *
+ * @param {String} path
+ * @api private
+ */
+
+SendStream.prototype.type = function type (path) {
+  var res = this.res
+
+  if (res.getHeader('Content-Type')) return
+
+  var type = mime.lookup(path)
+
+  if (!type) {
+    debug('no content-type')
+    return
+  }
+
+  var charset = mime.charsets.lookup(type)
+
+  debug('content-type %s', type)
+  res.setHeader('Content-Type', type + (charset ? '; charset=' + charset : ''))
+}
+
+/**
+ * Set response header fields, most
+ * fields may be pre-defined.
+ *
+ * @param {String} path
+ * @param {Object} stat
+ * @api private
+ */
+
+SendStream.prototype.setHeader = function setHeader (path, stat) {
+  var res = this.res
+
+  this.emit('headers', res, path, stat)
+
+  if (this._acceptRanges && !res.getHeader('Accept-Ranges')) {
+    debug('accept ranges')
+    res.setHeader('Accept-Ranges', 'bytes')
+  }
+
+  if (this._cacheControl && !res.getHeader('Cache-Control')) {
+    var cacheControl = 'public, max-age=' + Math.floor(this._maxage / 1000)
+
+    if (this._immutable) {
+      cacheControl += ', immutable'
+    }
+
+    debug('cache-control %s', cacheControl)
+    res.setHeader('Cache-Control', cacheControl)
+  }
+
+  if (this._lastModified && !res.getHeader('Last-Modified')) {
+    var modified = stat.mtime.toUTCString()
+    debug('modified %s', modified)
+    res.setHeader('Last-Modified', modified)
+  }
+
+  if (this._etag && !res.getHeader('ETag')) {
+    var val = etag(stat)
+    debug('etag %s', val)
+    res.setHeader('ETag', val)
+  }
+}
+
+/**
+ * Clear all headers from a response.
+ *
+ * @param {object} res
+ * @private
+ */
+
+function clearHeaders (res) {
+  var headers = getHeaderNames(res)
+
+  for (var i = 0; i < headers.length; i++) {
+    res.removeHeader(headers[i])
+  }
+}
+
+/**
+ * Collapse all leading slashes into a single slash
+ *
+ * @param {string} str
+ * @private
+ */
+function collapseLeadingSlashes (str) {
+  for (var i = 0; i < str.length; i++) {
+    if (str[i] !== '/') {
+      break
+    }
+  }
+
+  return i > 1
+    ? '/' + str.substr(i)
+    : str
+}
+
+/**
+ * Determine if path parts contain a dotfile.
+ *
+ * @api private
+ */
+
+function containsDotFile (parts) {
+  for (var i = 0; i < parts.length; i++) {
+    var part = parts[i]
+    if (part.length > 1 && part[0] === '.') {
+      return true
+    }
+  }
+
+  return false
+}
+
+/**
+ * Create a Content-Range header.
+ *
+ * @param {string} type
+ * @param {number} size
+ * @param {array} [range]
+ */
+
+function contentRange (type, size, range) {
+  return type + ' ' + (range ? range.start + '-' + range.end : '*') + '/' + size
+}
+
+/**
+ * Create a minimal HTML document.
+ *
+ * @param {string} title
+ * @param {string} body
+ * @private
+ */
+
+function createHtmlDocument (title, body) {
+  return '<!DOCTYPE html>\n' +
+    '<html lang="en">\n' +
+    '<head>\n' +
+    '<meta charset="utf-8">\n' +
+    '<title>' + title + '</title>\n' +
+    '</head>\n' +
+    '<body>\n' +
+    '<pre>' + body + '</pre>\n' +
+    '</body>\n' +
+    '</html>\n'
+}
+
+/**
+ * Create a HttpError object from simple arguments.
+ *
+ * @param {number} status
+ * @param {Error|object} err
+ * @private
+ */
+
+function createHttpError (status, err) {
+  if (!err) {
+    return createError(status)
+  }
+
+  return err instanceof Error
+    ? createError(status, err, { expose: false })
+    : createError(status, err)
+}
+
+/**
+ * decodeURIComponent.
+ *
+ * Allows V8 to only deoptimize this fn instead of all
+ * of send().
+ *
+ * @param {String} path
+ * @api private
+ */
+
+function decode (path) {
+  try {
+    return decodeURIComponent(path)
+  } catch (err) {
+    return -1
+  }
+}
+
+/**
+ * Get the header names on a respnse.
+ *
+ * @param {object} res
+ * @returns {array[string]}
+ * @private
+ */
+
+function getHeaderNames (res) {
+  return typeof res.getHeaderNames !== 'function'
+    ? Object.keys(res._headers || {})
+    : res.getHeaderNames()
+}
+
+/**
+ * Determine if emitter has listeners of a given type.
+ *
+ * The way to do this check is done three different ways in Node.js >= 0.8
+ * so this consolidates them into a minimal set using instance methods.
+ *
+ * @param {EventEmitter} emitter
+ * @param {string} type
+ * @returns {boolean}
+ * @private
+ */
+
+function hasListeners (emitter, type) {
+  var count = typeof emitter.listenerCount !== 'function'
+    ? emitter.listeners(type).length
+    : emitter.listenerCount(type)
+
+  return count > 0
+}
+
+/**
+ * Determine if the response headers have been sent.
+ *
+ * @param {object} res
+ * @returns {boolean}
+ * @private
+ */
+
+function headersSent (res) {
+  return typeof res.headersSent !== 'boolean'
+    ? Boolean(res._header)
+    : res.headersSent
+}
+
+/**
+ * Normalize the index option into an array.
+ *
+ * @param {boolean|string|array} val
+ * @param {string} name
+ * @private
+ */
+
+function normalizeList (val, name) {
+  var list = [].concat(val || [])
+
+  for (var i = 0; i < list.length; i++) {
+    if (typeof list[i] !== 'string') {
+      throw new TypeError(name + ' must be array of strings or false')
+    }
+  }
+
+  return list
+}
+
+/**
+ * Parse an HTTP Date into a number.
+ *
+ * @param {string} date
+ * @private
+ */
+
+function parseHttpDate (date) {
+  var timestamp = date && Date.parse(date)
+
+  return typeof timestamp === 'number'
+    ? timestamp
+    : NaN
+}
+
+/**
+ * Parse a HTTP token list.
+ *
+ * @param {string} str
+ * @private
+ */
+
+function parseTokenList (str) {
+  var end = 0
+  var list = []
+  var start = 0
+
+  // gather tokens
+  for (var i = 0, len = str.length; i < len; i++) {
+    switch (str.charCodeAt(i)) {
+      case 0x20: /*   */
+        if (start === end) {
+          start = end = i + 1
+        }
+        break
+      case 0x2c: /* , */
+        if (start !== end) {
+          list.push(str.substring(start, end))
+        }
+        start = end = i + 1
+        break
+      default:
+        end = i + 1
+        break
+    }
+  }
+
+  // final token
+  if (start !== end) {
+    list.push(str.substring(start, end))
+  }
+
+  return list
+}
+
+/**
+ * Set an object of headers on a response.
+ *
+ * @param {object} res
+ * @param {object} headers
+ * @private
+ */
+
+function setHeaders (res, headers) {
+  var keys = Object.keys(headers)
+
+  for (var i = 0; i < keys.length; i++) {
+    var key = keys[i]
+    res.setHeader(key, headers[key])
+  }
+}
diff --git a/src/Servers/ExpressServer/node_modules/send/node_modules/ms/index.js b/src/Servers/ExpressServer/node_modules/send/node_modules/ms/index.js
new file mode 100644
index 0000000..ea734fb
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/send/node_modules/ms/index.js
@@ -0,0 +1,162 @@
+/**
+ * Helpers.
+ */
+
+var s = 1000;
+var m = s * 60;
+var h = m * 60;
+var d = h * 24;
+var w = d * 7;
+var y = d * 365.25;
+
+/**
+ * Parse or format the given `val`.
+ *
+ * Options:
+ *
+ *  - `long` verbose formatting [false]
+ *
+ * @param {String|Number} val
+ * @param {Object} [options]
+ * @throws {Error} throw an error if val is not a non-empty string or a number
+ * @return {String|Number}
+ * @api public
+ */
+
+module.exports = function (val, options) {
+  options = options || {};
+  var type = typeof val;
+  if (type === 'string' && val.length > 0) {
+    return parse(val);
+  } else if (type === 'number' && isFinite(val)) {
+    return options.long ? fmtLong(val) : fmtShort(val);
+  }
+  throw new Error(
+    'val is not a non-empty string or a valid number. val=' +
+      JSON.stringify(val)
+  );
+};
+
+/**
+ * Parse the given `str` and return milliseconds.
+ *
+ * @param {String} str
+ * @return {Number}
+ * @api private
+ */
+
+function parse(str) {
+  str = String(str);
+  if (str.length > 100) {
+    return;
+  }
+  var match = /^(-?(?:\d+)?\.?\d+) *(milliseconds?|msecs?|ms|seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)?$/i.exec(
+    str
+  );
+  if (!match) {
+    return;
+  }
+  var n = parseFloat(match[1]);
+  var type = (match[2] || 'ms').toLowerCase();
+  switch (type) {
+    case 'years':
+    case 'year':
+    case 'yrs':
+    case 'yr':
+    case 'y':
+      return n * y;
+    case 'weeks':
+    case 'week':
+    case 'w':
+      return n * w;
+    case 'days':
+    case 'day':
+    case 'd':
+      return n * d;
+    case 'hours':
+    case 'hour':
+    case 'hrs':
+    case 'hr':
+    case 'h':
+      return n * h;
+    case 'minutes':
+    case 'minute':
+    case 'mins':
+    case 'min':
+    case 'm':
+      return n * m;
+    case 'seconds':
+    case 'second':
+    case 'secs':
+    case 'sec':
+    case 's':
+      return n * s;
+    case 'milliseconds':
+    case 'millisecond':
+    case 'msecs':
+    case 'msec':
+    case 'ms':
+      return n;
+    default:
+      return undefined;
+  }
+}
+
+/**
+ * Short format for `ms`.
+ *
+ * @param {Number} ms
+ * @return {String}
+ * @api private
+ */
+
+function fmtShort(ms) {
+  var msAbs = Math.abs(ms);
+  if (msAbs >= d) {
+    return Math.round(ms / d) + 'd';
+  }
+  if (msAbs >= h) {
+    return Math.round(ms / h) + 'h';
+  }
+  if (msAbs >= m) {
+    return Math.round(ms / m) + 'm';
+  }
+  if (msAbs >= s) {
+    return Math.round(ms / s) + 's';
+  }
+  return ms + 'ms';
+}
+
+/**
+ * Long format for `ms`.
+ *
+ * @param {Number} ms
+ * @return {String}
+ * @api private
+ */
+
+function fmtLong(ms) {
+  var msAbs = Math.abs(ms);
+  if (msAbs >= d) {
+    return plural(ms, msAbs, d, 'day');
+  }
+  if (msAbs >= h) {
+    return plural(ms, msAbs, h, 'hour');
+  }
+  if (msAbs >= m) {
+    return plural(ms, msAbs, m, 'minute');
+  }
+  if (msAbs >= s) {
+    return plural(ms, msAbs, s, 'second');
+  }
+  return ms + ' ms';
+}
+
+/**
+ * Pluralization helper.
+ */
+
+function plural(ms, msAbs, n, name) {
+  var isPlural = msAbs >= n * 1.5;
+  return Math.round(ms / n) + ' ' + name + (isPlural ? 's' : '');
+}
diff --git a/src/Servers/ExpressServer/node_modules/send/node_modules/ms/license.md b/src/Servers/ExpressServer/node_modules/send/node_modules/ms/license.md
new file mode 100644
index 0000000..fa5d39b
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/send/node_modules/ms/license.md
@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2020 Vercel, Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/send/node_modules/ms/package.json b/src/Servers/ExpressServer/node_modules/send/node_modules/ms/package.json
new file mode 100644
index 0000000..4997189
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/send/node_modules/ms/package.json
@@ -0,0 +1,38 @@
+{
+  "name": "ms",
+  "version": "2.1.3",
+  "description": "Tiny millisecond conversion utility",
+  "repository": "vercel/ms",
+  "main": "./index",
+  "files": [
+    "index.js"
+  ],
+  "scripts": {
+    "precommit": "lint-staged",
+    "lint": "eslint lib/* bin/*",
+    "test": "mocha tests.js"
+  },
+  "eslintConfig": {
+    "extends": "eslint:recommended",
+    "env": {
+      "node": true,
+      "es6": true
+    }
+  },
+  "lint-staged": {
+    "*.js": [
+      "npm run lint",
+      "prettier --single-quote --write",
+      "git add"
+    ]
+  },
+  "license": "MIT",
+  "devDependencies": {
+    "eslint": "4.18.2",
+    "expect.js": "0.3.1",
+    "husky": "0.14.3",
+    "lint-staged": "5.0.0",
+    "mocha": "4.0.1",
+    "prettier": "2.0.5"
+  }
+}
diff --git a/src/Servers/ExpressServer/node_modules/send/node_modules/ms/readme.md b/src/Servers/ExpressServer/node_modules/send/node_modules/ms/readme.md
new file mode 100644
index 0000000..0fc1abb
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/send/node_modules/ms/readme.md
@@ -0,0 +1,59 @@
+# ms
+
+![CI](https://github.com/vercel/ms/workflows/CI/badge.svg)
+
+Use this package to easily convert various time formats to milliseconds.
+
+## Examples
+
+```js
+ms('2 days')  // 172800000
+ms('1d')      // 86400000
+ms('10h')     // 36000000
+ms('2.5 hrs') // 9000000
+ms('2h')      // 7200000
+ms('1m')      // 60000
+ms('5s')      // 5000
+ms('1y')      // 31557600000
+ms('100')     // 100
+ms('-3 days') // -259200000
+ms('-1h')     // -3600000
+ms('-200')    // -200
+```
+
+### Convert from Milliseconds
+
+```js
+ms(60000)             // "1m"
+ms(2 * 60000)         // "2m"
+ms(-3 * 60000)        // "-3m"
+ms(ms('10 hours'))    // "10h"
+```
+
+### Time Format Written-Out
+
+```js
+ms(60000, { long: true })             // "1 minute"
+ms(2 * 60000, { long: true })         // "2 minutes"
+ms(-3 * 60000, { long: true })        // "-3 minutes"
+ms(ms('10 hours'), { long: true })    // "10 hours"
+```
+
+## Features
+
+- Works both in [Node.js](https://nodejs.org) and in the browser
+- If a number is supplied to `ms`, a string with a unit is returned
+- If a string that contains the number is supplied, it returns it as a number (e.g.: it returns `100` for `'100'`)
+- If you pass a string with a number and a valid unit, the number of equivalent milliseconds is returned
+
+## Related Packages
+
+- [ms.macro](https://github.com/knpwrs/ms.macro) - Run `ms` as a macro at build-time.
+
+## Caught a Bug?
+
+1. [Fork](https://help.github.com/articles/fork-a-repo/) this repository to your own GitHub account and then [clone](https://help.github.com/articles/cloning-a-repository/) it to your local device
+2. Link the package to the global module directory: `npm link`
+3. Within the module you want to test your local development instance of ms, just link it to the dependencies: `npm link ms`. Instead of the default one from npm, Node.js will now use your clone of ms!
+
+As always, you can run the tests using: `npm test`
diff --git a/src/Servers/ExpressServer/node_modules/send/package.json b/src/Servers/ExpressServer/node_modules/send/package.json
new file mode 100644
index 0000000..2d2b805
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/send/package.json
@@ -0,0 +1,62 @@
+{
+  "name": "send",
+  "description": "Better streaming static file server with Range and conditional-GET support",
+  "version": "0.19.2",
+  "author": "TJ Holowaychuk <tj@vision-media.ca>",
+  "contributors": [
+    "Douglas Christopher Wilson <doug@somethingdoug.com>",
+    "James Wyatt Cready <jcready@gmail.com>",
+    "Jesús Leganés Combarro <piranna@gmail.com>"
+  ],
+  "license": "MIT",
+  "repository": "pillarjs/send",
+  "keywords": [
+    "static",
+    "file",
+    "server"
+  ],
+  "dependencies": {
+    "debug": "2.6.9",
+    "depd": "2.0.0",
+    "destroy": "1.2.0",
+    "encodeurl": "~2.0.0",
+    "escape-html": "~1.0.3",
+    "etag": "~1.8.1",
+    "fresh": "~0.5.2",
+    "http-errors": "~2.0.1",
+    "mime": "1.6.0",
+    "ms": "2.1.3",
+    "on-finished": "~2.4.1",
+    "range-parser": "~1.2.1",
+    "statuses": "~2.0.2"
+  },
+  "devDependencies": {
+    "after": "0.8.2",
+    "eslint": "7.32.0",
+    "eslint-config-standard": "14.1.1",
+    "eslint-plugin-import": "2.25.4",
+    "eslint-plugin-markdown": "2.2.1",
+    "eslint-plugin-node": "11.1.0",
+    "eslint-plugin-promise": "5.2.0",
+    "eslint-plugin-standard": "4.1.0",
+    "mocha": "9.2.2",
+    "nyc": "15.1.0",
+    "supertest": "6.2.2"
+  },
+  "files": [
+    "HISTORY.md",
+    "LICENSE",
+    "README.md",
+    "SECURITY.md",
+    "index.js"
+  ],
+  "engines": {
+    "node": ">= 0.8.0"
+  },
+  "scripts": {
+    "lint": "eslint .",
+    "test": "mocha --check-leaks --reporter spec --bail",
+    "test-ci": "nyc --reporter=lcov --reporter=text npm test",
+    "test-cov": "nyc --reporter=html --reporter=text npm test"
+  }
+}
diff --git a/src/Servers/ExpressServer/node_modules/serve-static/HISTORY.md b/src/Servers/ExpressServer/node_modules/serve-static/HISTORY.md
new file mode 100644
index 0000000..9919669
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/serve-static/HISTORY.md
@@ -0,0 +1,493 @@
+1.16.3 / 2024-12-15
+===================
+
+* deps: send@~0.19.1
+  - deps: encodeurl@~2.0.0 
+
+1.16.2 / 2024-09-11
+===================
+
+* deps: encodeurl@~2.0.0
+
+1.16.1 / 2024-09-11
+===================
+
+* deps: send@0.19.0
+
+1.16.0 / 2024-09-10
+===================
+
+* Remove link renderization in html while redirecting
+
+
+1.15.0 / 2022-03-24
+===================
+
+  * deps: send@0.18.0
+    - Fix emitted 416 error missing headers property
+    - Limit the headers removed for 304 response
+    - deps: depd@2.0.0
+    - deps: destroy@1.2.0
+    - deps: http-errors@2.0.0
+    - deps: on-finished@2.4.1
+    - deps: statuses@2.0.1
+
+1.14.2 / 2021-12-15
+===================
+
+  * deps: send@0.17.2
+    - deps: http-errors@1.8.1
+    - deps: ms@2.1.3
+    - pref: ignore empty http tokens
+
+1.14.1 / 2019-05-10
+===================
+
+  * Set stricter CSP header in redirect response
+  * deps: send@0.17.1
+    - deps: range-parser@~1.2.1
+
+1.14.0 / 2019-05-07
+===================
+
+  * deps: parseurl@~1.3.3
+  * deps: send@0.17.0
+    - deps: http-errors@~1.7.2
+    - deps: mime@1.6.0
+    - deps: ms@2.1.1
+    - deps: statuses@~1.5.0
+    - perf: remove redundant `path.normalize` call
+
+1.13.2 / 2018-02-07
+===================
+
+  * Fix incorrect end tag in redirects
+  * deps: encodeurl@~1.0.2
+    - Fix encoding `%` as last character
+  * deps: send@0.16.2
+    - deps: depd@~1.1.2
+    - deps: encodeurl@~1.0.2
+    - deps: statuses@~1.4.0
+
+1.13.1 / 2017-09-29
+===================
+
+  * Fix regression when `root` is incorrectly set to a file
+  * deps: send@0.16.1
+
+1.13.0 / 2017-09-27
+===================
+
+  * deps: send@0.16.0
+    - Add 70 new types for file extensions
+    - Add `immutable` option
+    - Fix missing `</html>` in default error & redirects
+    - Set charset as "UTF-8" for .js and .json
+    - Use instance methods on steam to check for listeners
+    - deps: mime@1.4.1
+    - perf: improve path validation speed
+
+1.12.6 / 2017-09-22
+===================
+
+  * deps: send@0.15.6
+    - deps: debug@2.6.9
+    - perf: improve `If-Match` token parsing
+  * perf: improve slash collapsing
+
+1.12.5 / 2017-09-21
+===================
+
+  * deps: parseurl@~1.3.2
+    - perf: reduce overhead for full URLs
+    - perf: unroll the "fast-path" `RegExp`
+  * deps: send@0.15.5
+    - Fix handling of modified headers with invalid dates
+    - deps: etag@~1.8.1
+    - deps: fresh@0.5.2
+
+1.12.4 / 2017-08-05
+===================
+
+  * deps: send@0.15.4
+    - deps: debug@2.6.8
+    - deps: depd@~1.1.1
+    - deps: http-errors@~1.6.2
+
+1.12.3 / 2017-05-16
+===================
+
+  * deps: send@0.15.3
+    - deps: debug@2.6.7
+
+1.12.2 / 2017-04-26
+===================
+
+  * deps: send@0.15.2
+    - deps: debug@2.6.4
+
+1.12.1 / 2017-03-04
+===================
+
+  * deps: send@0.15.1
+    - Fix issue when `Date.parse` does not return `NaN` on invalid date
+    - Fix strict violation in broken environments
+
+1.12.0 / 2017-02-25
+===================
+
+  * Send complete HTML document in redirect response
+  * Set default CSP header in redirect response
+  * deps: send@0.15.0
+    - Fix false detection of `no-cache` request directive
+    - Fix incorrect result when `If-None-Match` has both `*` and ETags
+    - Fix weak `ETag` matching to match spec
+    - Remove usage of `res._headers` private field
+    - Support `If-Match` and `If-Unmodified-Since` headers
+    - Use `res.getHeaderNames()` when available
+    - Use `res.headersSent` when available
+    - deps: debug@2.6.1
+    - deps: etag@~1.8.0
+    - deps: fresh@0.5.0
+    - deps: http-errors@~1.6.1
+
+1.11.2 / 2017-01-23
+===================
+
+  * deps: send@0.14.2
+    - deps: http-errors@~1.5.1
+    - deps: ms@0.7.2
+    - deps: statuses@~1.3.1
+
+1.11.1 / 2016-06-10
+===================
+
+  * Fix redirect error when `req.url` contains raw non-URL characters
+  * deps: send@0.14.1
+
+1.11.0 / 2016-06-07
+===================
+
+  * Use status code 301 for redirects
+  * deps: send@0.14.0
+    - Add `acceptRanges` option
+    - Add `cacheControl` option
+    - Attempt to combine multiple ranges into single range
+    - Correctly inherit from `Stream` class
+    - Fix `Content-Range` header in 416 responses when using `start`/`end` options
+    - Fix `Content-Range` header missing from default 416 responses
+    - Ignore non-byte `Range` headers
+    - deps: http-errors@~1.5.0
+    - deps: range-parser@~1.2.0
+    - deps: statuses@~1.3.0
+    - perf: remove argument reassignment
+
+1.10.3 / 2016-05-30
+===================
+
+  * deps: send@0.13.2
+    - Fix invalid `Content-Type` header when `send.mime.default_type` unset
+
+1.10.2 / 2016-01-19
+===================
+
+  * deps: parseurl@~1.3.1
+    - perf: enable strict mode
+
+1.10.1 / 2016-01-16
+===================
+
+  * deps: escape-html@~1.0.3
+    - perf: enable strict mode
+    - perf: optimize string replacement
+    - perf: use faster string coercion
+  * deps: send@0.13.1
+    - deps: depd@~1.1.0
+    - deps: destroy@~1.0.4
+    - deps: escape-html@~1.0.3
+    - deps: range-parser@~1.0.3
+
+1.10.0 / 2015-06-17
+===================
+
+  * Add `fallthrough` option
+    - Allows declaring this middleware is the final destination
+    - Provides better integration with Express patterns
+  * Fix reading options from options prototype
+  * Improve the default redirect response headers
+  * deps: escape-html@1.0.2
+  * deps: send@0.13.0
+    - Allow Node.js HTTP server to set `Date` response header
+    - Fix incorrectly removing `Content-Location` on 304 response
+    - Improve the default redirect response headers
+    - Send appropriate headers on default error response
+    - Use `http-errors` for standard emitted errors
+    - Use `statuses` instead of `http` module for status messages
+    - deps: escape-html@1.0.2
+    - deps: etag@~1.7.0
+    - deps: fresh@0.3.0
+    - deps: on-finished@~2.3.0
+    - perf: enable strict mode
+    - perf: remove unnecessary array allocations
+  * perf: enable strict mode
+  * perf: remove argument reassignment
+
+1.9.3 / 2015-05-14
+==================
+
+  * deps: send@0.12.3
+    - deps: debug@~2.2.0
+    - deps: depd@~1.0.1
+    - deps: etag@~1.6.0
+    - deps: ms@0.7.1
+    - deps: on-finished@~2.2.1
+
+1.9.2 / 2015-03-14
+==================
+
+  * deps: send@0.12.2
+    - Throw errors early for invalid `extensions` or `index` options
+    - deps: debug@~2.1.3
+
+1.9.1 / 2015-02-17
+==================
+
+  * deps: send@0.12.1
+    - Fix regression sending zero-length files
+
+1.9.0 / 2015-02-16
+==================
+
+  * deps: send@0.12.0
+    - Always read the stat size from the file
+    - Fix mutating passed-in `options`
+    - deps: mime@1.3.4
+
+1.8.1 / 2015-01-20
+==================
+
+  * Fix redirect loop in Node.js 0.11.14
+  * deps: send@0.11.1
+    - Fix root path disclosure
+
+1.8.0 / 2015-01-05
+==================
+
+  * deps: send@0.11.0
+    - deps: debug@~2.1.1
+    - deps: etag@~1.5.1
+    - deps: ms@0.7.0
+    - deps: on-finished@~2.2.0
+
+1.7.2 / 2015-01-02
+==================
+
+  * Fix potential open redirect when mounted at root
+
+1.7.1 / 2014-10-22
+==================
+
+  * deps: send@0.10.1
+    - deps: on-finished@~2.1.1
+
+1.7.0 / 2014-10-15
+==================
+
+  * deps: send@0.10.0
+    - deps: debug@~2.1.0
+    - deps: depd@~1.0.0
+    - deps: etag@~1.5.0
+
+1.6.5 / 2015-02-04
+==================
+
+  * Fix potential open redirect when mounted at root
+    - Back-ported from v1.7.2
+
+1.6.4 / 2014-10-08
+==================
+
+  * Fix redirect loop when index file serving disabled
+
+1.6.3 / 2014-09-24
+==================
+
+  * deps: send@0.9.3
+    - deps: etag@~1.4.0
+
+1.6.2 / 2014-09-15
+==================
+
+  * deps: send@0.9.2
+    - deps: depd@0.4.5
+    - deps: etag@~1.3.1
+    - deps: range-parser@~1.0.2
+
+1.6.1 / 2014-09-07
+==================
+
+  * deps: send@0.9.1
+    - deps: fresh@0.2.4
+
+1.6.0 / 2014-09-07
+==================
+
+  * deps: send@0.9.0
+    - Add `lastModified` option
+    - Use `etag` to generate `ETag` header
+    - deps: debug@~2.0.0
+
+1.5.4 / 2014-09-04
+==================
+
+  * deps: send@0.8.5
+    - Fix a path traversal issue when using `root`
+    - Fix malicious path detection for empty string path
+
+1.5.3 / 2014-08-17
+==================
+
+  * deps: send@0.8.3
+
+1.5.2 / 2014-08-14
+==================
+
+  * deps: send@0.8.2
+    - Work around `fd` leak in Node.js 0.10 for `fs.ReadStream`
+
+1.5.1 / 2014-08-09
+==================
+
+  * Fix parsing of weird `req.originalUrl` values
+  * deps: parseurl@~1.3.0
+  * deps: utils-merge@1.0.0
+
+1.5.0 / 2014-08-05
+==================
+
+  * deps: send@0.8.1
+    - Add `extensions` option
+
+1.4.4 / 2014-08-04
+==================
+
+  * deps: send@0.7.4
+    - Fix serving index files without root dir
+
+1.4.3 / 2014-07-29
+==================
+
+  * deps: send@0.7.3
+    - Fix incorrect 403 on Windows and Node.js 0.11
+
+1.4.2 / 2014-07-27
+==================
+
+  * deps: send@0.7.2
+    - deps: depd@0.4.4
+
+1.4.1 / 2014-07-26
+==================
+
+  * deps: send@0.7.1
+    - deps: depd@0.4.3
+
+1.4.0 / 2014-07-21
+==================
+
+  * deps: parseurl@~1.2.0
+    - Cache URLs based on original value
+    - Remove no-longer-needed URL mis-parse work-around
+    - Simplify the "fast-path" `RegExp`
+  * deps: send@0.7.0
+    - Add `dotfiles` option
+    - deps: debug@1.0.4
+    - deps: depd@0.4.2
+
+1.3.2 / 2014-07-11
+==================
+
+  * deps: send@0.6.0
+    - Cap `maxAge` value to 1 year
+    - deps: debug@1.0.3
+
+1.3.1 / 2014-07-09
+==================
+
+  * deps: parseurl@~1.1.3
+    - faster parsing of href-only URLs
+
+1.3.0 / 2014-06-28
+==================
+
+  * Add `setHeaders` option
+  * Include HTML link in redirect response
+  * deps: send@0.5.0
+    - Accept string for `maxAge` (converted by `ms`)
+
+1.2.3 / 2014-06-11
+==================
+
+  * deps: send@0.4.3
+    - Do not throw un-catchable error on file open race condition
+    - Use `escape-html` for HTML escaping
+    - deps: debug@1.0.2
+    - deps: finished@1.2.2
+    - deps: fresh@0.2.2
+
+1.2.2 / 2014-06-09
+==================
+
+  * deps: send@0.4.2
+    - fix "event emitter leak" warnings
+    - deps: debug@1.0.1
+    - deps: finished@1.2.1
+
+1.2.1 / 2014-06-02
+==================
+
+  * use `escape-html` for escaping
+  * deps: send@0.4.1
+    - Send `max-age` in `Cache-Control` in correct format
+
+1.2.0 / 2014-05-29
+==================
+
+  * deps: send@0.4.0
+    - Calculate ETag with md5 for reduced collisions
+    - Fix wrong behavior when index file matches directory
+    - Ignore stream errors after request ends
+    - Skip directories in index file search
+    - deps: debug@0.8.1
+
+1.1.0 / 2014-04-24
+==================
+
+  * Accept options directly to `send` module
+  * deps: send@0.3.0
+
+1.0.4 / 2014-04-07
+==================
+
+  * Resolve relative paths at middleware setup
+  * Use parseurl to parse the URL from request
+
+1.0.3 / 2014-03-20
+==================
+
+  * Do not rely on connect-like environments
+
+1.0.2 / 2014-03-06
+==================
+
+  * deps: send@0.2.0
+
+1.0.1 / 2014-03-05
+==================
+
+  * Add mime export for back-compat
+
+1.0.0 / 2014-03-05
+==================
+
+  * Genesis from `connect`
diff --git a/src/Servers/ExpressServer/node_modules/serve-static/LICENSE b/src/Servers/ExpressServer/node_modules/serve-static/LICENSE
new file mode 100644
index 0000000..cbe62e8
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/serve-static/LICENSE
@@ -0,0 +1,25 @@
+(The MIT License)
+
+Copyright (c) 2010 Sencha Inc.
+Copyright (c) 2011 LearnBoost
+Copyright (c) 2011 TJ Holowaychuk
+Copyright (c) 2014-2016 Douglas Christopher Wilson
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/serve-static/README.md b/src/Servers/ExpressServer/node_modules/serve-static/README.md
new file mode 100644
index 0000000..262d944
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/serve-static/README.md
@@ -0,0 +1,257 @@
+# serve-static
+
+[![NPM Version][npm-version-image]][npm-url]
+[![NPM Downloads][npm-downloads-image]][npm-url]
+[![Linux Build][github-actions-ci-image]][github-actions-ci-url]
+[![Windows Build][appveyor-image]][appveyor-url]
+[![Test Coverage][coveralls-image]][coveralls-url]
+
+## Install
+
+This is a [Node.js](https://nodejs.org/en/) module available through the
+[npm registry](https://www.npmjs.com/). Installation is done using the
+[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
+
+```sh
+$ npm install serve-static
+```
+
+## API
+
+```js
+var serveStatic = require('serve-static')
+```
+
+### serveStatic(root, options)
+
+Create a new middleware function to serve files from within a given root
+directory. The file to serve will be determined by combining `req.url`
+with the provided root directory. When a file is not found, instead of
+sending a 404 response, this module will instead call `next()` to move on
+to the next middleware, allowing for stacking and fall-backs.
+
+#### Options
+
+##### acceptRanges
+
+Enable or disable accepting ranged requests, defaults to true.
+Disabling this will not send `Accept-Ranges` and ignore the contents
+of the `Range` request header.
+
+##### cacheControl
+
+Enable or disable setting `Cache-Control` response header, defaults to
+true. Disabling this will ignore the `immutable` and `maxAge` options.
+
+##### dotfiles
+
+ Set how "dotfiles" are treated when encountered. A dotfile is a file
+or directory that begins with a dot ("."). Note this check is done on
+the path itself without checking if the path actually exists on the
+disk. If `root` is specified, only the dotfiles above the root are
+checked (i.e. the root itself can be within a dotfile when set
+to "deny").
+
+  - `'allow'` No special treatment for dotfiles.
+  - `'deny'` Deny a request for a dotfile and 403/`next()`.
+  - `'ignore'` Pretend like the dotfile does not exist and 404/`next()`.
+
+The default value is similar to `'ignore'`, with the exception that this
+default will not ignore the files within a directory that begins with a dot.
+
+##### etag
+
+Enable or disable etag generation, defaults to true.
+
+##### extensions
+
+Set file extension fallbacks. When set, if a file is not found, the given
+extensions will be added to the file name and search for. The first that
+exists will be served. Example: `['html', 'htm']`.
+
+The default value is `false`.
+
+##### fallthrough
+
+Set the middleware to have client errors fall-through as just unhandled
+requests, otherwise forward a client error. The difference is that client
+errors like a bad request or a request to a non-existent file will cause
+this middleware to simply `next()` to your next middleware when this value
+is `true`. When this value is `false`, these errors (even 404s), will invoke
+`next(err)`.
+
+Typically `true` is desired such that multiple physical directories can be
+mapped to the same web address or for routes to fill in non-existent files.
+
+The value `false` can be used if this middleware is mounted at a path that
+is designed to be strictly a single file system directory, which allows for
+short-circuiting 404s for less overhead. This middleware will also reply to
+all methods.
+
+The default value is `true`.
+
+##### immutable
+
+Enable or disable the `immutable` directive in the `Cache-Control` response
+header, defaults to `false`. If set to `true`, the `maxAge` option should
+also be specified to enable caching. The `immutable` directive will prevent
+supported clients from making conditional requests during the life of the
+`maxAge` option to check if the file has changed.
+
+##### index
+
+By default this module will send "index.html" files in response to a request
+on a directory. To disable this set `false` or to supply a new index pass a
+string or an array in preferred order.
+
+##### lastModified
+
+Enable or disable `Last-Modified` header, defaults to true. Uses the file
+system's last modified value.
+
+##### maxAge
+
+Provide a max-age in milliseconds for http caching, defaults to 0. This
+can also be a string accepted by the [ms](https://www.npmjs.org/package/ms#readme)
+module.
+
+##### redirect
+
+Redirect to trailing "/" when the pathname is a dir. Defaults to `true`.
+
+##### setHeaders
+
+Function to set custom headers on response. Alterations to the headers need to
+occur synchronously. The function is called as `fn(res, path, stat)`, where
+the arguments are:
+
+  - `res` the response object
+  - `path` the file path that is being sent
+  - `stat` the stat object of the file that is being sent
+
+## Examples
+
+### Serve files with vanilla node.js http server
+
+```js
+var finalhandler = require('finalhandler')
+var http = require('http')
+var serveStatic = require('serve-static')
+
+// Serve up public/ftp folder
+var serve = serveStatic('public/ftp', { index: ['index.html', 'index.htm'] })
+
+// Create server
+var server = http.createServer(function onRequest (req, res) {
+  serve(req, res, finalhandler(req, res))
+})
+
+// Listen
+server.listen(3000)
+```
+
+### Serve all files as downloads
+
+```js
+var contentDisposition = require('content-disposition')
+var finalhandler = require('finalhandler')
+var http = require('http')
+var serveStatic = require('serve-static')
+
+// Serve up public/ftp folder
+var serve = serveStatic('public/ftp', {
+  index: false,
+  setHeaders: setHeaders
+})
+
+// Set header to force download
+function setHeaders (res, path) {
+  res.setHeader('Content-Disposition', contentDisposition(path))
+}
+
+// Create server
+var server = http.createServer(function onRequest (req, res) {
+  serve(req, res, finalhandler(req, res))
+})
+
+// Listen
+server.listen(3000)
+```
+
+### Serving using express
+
+#### Simple
+
+This is a simple example of using Express.
+
+```js
+var express = require('express')
+var serveStatic = require('serve-static')
+
+var app = express()
+
+app.use(serveStatic('public/ftp', { index: ['default.html', 'default.htm'] }))
+app.listen(3000)
+```
+
+#### Multiple roots
+
+This example shows a simple way to search through multiple directories.
+Files are searched for in `public-optimized/` first, then `public/` second
+as a fallback.
+
+```js
+var express = require('express')
+var path = require('path')
+var serveStatic = require('serve-static')
+
+var app = express()
+
+app.use(serveStatic(path.join(__dirname, 'public-optimized')))
+app.use(serveStatic(path.join(__dirname, 'public')))
+app.listen(3000)
+```
+
+#### Different settings for paths
+
+This example shows how to set a different max age depending on the served
+file type. In this example, HTML files are not cached, while everything else
+is for 1 day.
+
+```js
+var express = require('express')
+var path = require('path')
+var serveStatic = require('serve-static')
+
+var app = express()
+
+app.use(serveStatic(path.join(__dirname, 'public'), {
+  maxAge: '1d',
+  setHeaders: setCustomCacheControl
+}))
+
+app.listen(3000)
+
+function setCustomCacheControl (res, path) {
+  if (serveStatic.mime.lookup(path) === 'text/html') {
+    // Custom Cache-Control for HTML files
+    res.setHeader('Cache-Control', 'public, max-age=0')
+  }
+}
+```
+
+## License
+
+[MIT](LICENSE)
+
+[appveyor-image]: https://badgen.net/appveyor/ci/dougwilson/serve-static/master?label=windows
+[appveyor-url]: https://ci.appveyor.com/project/dougwilson/serve-static
+[coveralls-image]: https://badgen.net/coveralls/c/github/expressjs/serve-static/master
+[coveralls-url]: https://coveralls.io/r/expressjs/serve-static?branch=master
+[github-actions-ci-image]: https://badgen.net/github/checks/expressjs/serve-static/master?label=linux
+[github-actions-ci-url]: https://github.com/expressjs/serve-static/actions/workflows/ci.yml
+[node-image]: https://badgen.net/npm/node/serve-static
+[node-url]: https://nodejs.org/en/download/
+[npm-downloads-image]: https://badgen.net/npm/dm/serve-static
+[npm-url]: https://npmjs.org/package/serve-static
+[npm-version-image]: https://badgen.net/npm/v/serve-static
diff --git a/src/Servers/ExpressServer/node_modules/serve-static/index.js b/src/Servers/ExpressServer/node_modules/serve-static/index.js
new file mode 100644
index 0000000..3f3e64e
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/serve-static/index.js
@@ -0,0 +1,209 @@
+/*!
+ * serve-static
+ * Copyright(c) 2010 Sencha Inc.
+ * Copyright(c) 2011 TJ Holowaychuk
+ * Copyright(c) 2014-2016 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict'
+
+/**
+ * Module dependencies.
+ * @private
+ */
+
+var encodeUrl = require('encodeurl')
+var escapeHtml = require('escape-html')
+var parseUrl = require('parseurl')
+var resolve = require('path').resolve
+var send = require('send')
+var url = require('url')
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = serveStatic
+module.exports.mime = send.mime
+
+/**
+ * @param {string} root
+ * @param {object} [options]
+ * @return {function}
+ * @public
+ */
+
+function serveStatic (root, options) {
+  if (!root) {
+    throw new TypeError('root path required')
+  }
+
+  if (typeof root !== 'string') {
+    throw new TypeError('root path must be a string')
+  }
+
+  // copy options object
+  var opts = Object.create(options || null)
+
+  // fall-though
+  var fallthrough = opts.fallthrough !== false
+
+  // default redirect
+  var redirect = opts.redirect !== false
+
+  // headers listener
+  var setHeaders = opts.setHeaders
+
+  if (setHeaders && typeof setHeaders !== 'function') {
+    throw new TypeError('option setHeaders must be function')
+  }
+
+  // setup options for send
+  opts.maxage = opts.maxage || opts.maxAge || 0
+  opts.root = resolve(root)
+
+  // construct directory listener
+  var onDirectory = redirect
+    ? createRedirectDirectoryListener()
+    : createNotFoundDirectoryListener()
+
+  return function serveStatic (req, res, next) {
+    if (req.method !== 'GET' && req.method !== 'HEAD') {
+      if (fallthrough) {
+        return next()
+      }
+
+      // method not allowed
+      res.statusCode = 405
+      res.setHeader('Allow', 'GET, HEAD')
+      res.setHeader('Content-Length', '0')
+      res.end()
+      return
+    }
+
+    var forwardError = !fallthrough
+    var originalUrl = parseUrl.original(req)
+    var path = parseUrl(req).pathname
+
+    // make sure redirect occurs at mount
+    if (path === '/' && originalUrl.pathname.substr(-1) !== '/') {
+      path = ''
+    }
+
+    // create send stream
+    var stream = send(req, path, opts)
+
+    // add directory handler
+    stream.on('directory', onDirectory)
+
+    // add headers listener
+    if (setHeaders) {
+      stream.on('headers', setHeaders)
+    }
+
+    // add file listener for fallthrough
+    if (fallthrough) {
+      stream.on('file', function onFile () {
+        // once file is determined, always forward error
+        forwardError = true
+      })
+    }
+
+    // forward errors
+    stream.on('error', function error (err) {
+      if (forwardError || !(err.statusCode < 500)) {
+        next(err)
+        return
+      }
+
+      next()
+    })
+
+    // pipe
+    stream.pipe(res)
+  }
+}
+
+/**
+ * Collapse all leading slashes into a single slash
+ * @private
+ */
+function collapseLeadingSlashes (str) {
+  for (var i = 0; i < str.length; i++) {
+    if (str.charCodeAt(i) !== 0x2f /* / */) {
+      break
+    }
+  }
+
+  return i > 1
+    ? '/' + str.substr(i)
+    : str
+}
+
+/**
+ * Create a minimal HTML document.
+ *
+ * @param {string} title
+ * @param {string} body
+ * @private
+ */
+
+function createHtmlDocument (title, body) {
+  return '<!DOCTYPE html>\n' +
+    '<html lang="en">\n' +
+    '<head>\n' +
+    '<meta charset="utf-8">\n' +
+    '<title>' + title + '</title>\n' +
+    '</head>\n' +
+    '<body>\n' +
+    '<pre>' + body + '</pre>\n' +
+    '</body>\n' +
+    '</html>\n'
+}
+
+/**
+ * Create a directory listener that just 404s.
+ * @private
+ */
+
+function createNotFoundDirectoryListener () {
+  return function notFound () {
+    this.error(404)
+  }
+}
+
+/**
+ * Create a directory listener that performs a redirect.
+ * @private
+ */
+
+function createRedirectDirectoryListener () {
+  return function redirect (res) {
+    if (this.hasTrailingSlash()) {
+      this.error(404)
+      return
+    }
+
+    // get original URL
+    var originalUrl = parseUrl.original(this.req)
+
+    // append trailing slash
+    originalUrl.path = null
+    originalUrl.pathname = collapseLeadingSlashes(originalUrl.pathname + '/')
+
+    // reformat the URL
+    var loc = encodeUrl(url.format(originalUrl))
+    var doc = createHtmlDocument('Redirecting', 'Redirecting to ' + escapeHtml(loc))
+
+    // send redirect response
+    res.statusCode = 301
+    res.setHeader('Content-Type', 'text/html; charset=UTF-8')
+    res.setHeader('Content-Length', Buffer.byteLength(doc))
+    res.setHeader('Content-Security-Policy', "default-src 'none'")
+    res.setHeader('X-Content-Type-Options', 'nosniff')
+    res.setHeader('Location', loc)
+    res.end(doc)
+  }
+}
diff --git a/src/Servers/ExpressServer/node_modules/serve-static/package.json b/src/Servers/ExpressServer/node_modules/serve-static/package.json
new file mode 100644
index 0000000..b268e48
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/serve-static/package.json
@@ -0,0 +1,42 @@
+{
+  "name": "serve-static",
+  "description": "Serve static files",
+  "version": "1.16.3",
+  "author": "Douglas Christopher Wilson <doug@somethingdoug.com>",
+  "license": "MIT",
+  "repository": "expressjs/serve-static",
+  "dependencies": {
+    "encodeurl": "~2.0.0",
+    "escape-html": "~1.0.3",
+    "parseurl": "~1.3.3",
+    "send": "~0.19.1"
+  },
+  "devDependencies": {
+    "eslint": "7.32.0",
+    "eslint-config-standard": "14.1.1",
+    "eslint-plugin-import": "2.25.4",
+    "eslint-plugin-markdown": "2.2.1",
+    "eslint-plugin-node": "11.1.0",
+    "eslint-plugin-promise": "5.2.0",
+    "eslint-plugin-standard": "4.1.0",
+    "mocha": "9.2.2",
+    "nyc": "15.1.0",
+    "safe-buffer": "5.2.1",
+    "supertest": "6.2.2"
+  },
+  "files": [
+    "LICENSE",
+    "HISTORY.md",
+    "index.js"
+  ],
+  "engines": {
+    "node": ">= 0.8.0"
+  },
+  "scripts": {
+    "lint": "eslint .",
+    "test": "mocha --reporter spec --bail --check-leaks test/",
+    "test-ci": "nyc --reporter=lcov --reporter=text npm test",
+    "test-cov": "nyc --reporter=html --reporter=text npm test",
+    "version": "node scripts/version-history.js && git add HISTORY.md"
+  }
+}
diff --git a/src/Servers/ExpressServer/node_modules/setprototypeof/LICENSE b/src/Servers/ExpressServer/node_modules/setprototypeof/LICENSE
new file mode 100644
index 0000000..61afa2f
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/setprototypeof/LICENSE
@@ -0,0 +1,13 @@
+Copyright (c) 2015, Wes Todd
+
+Permission to use, copy, modify, and/or distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/setprototypeof/README.md b/src/Servers/ExpressServer/node_modules/setprototypeof/README.md
new file mode 100644
index 0000000..791eeff
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/setprototypeof/README.md
@@ -0,0 +1,31 @@
+# Polyfill for `Object.setPrototypeOf`
+
+[![NPM Version](https://img.shields.io/npm/v/setprototypeof.svg)](https://npmjs.org/package/setprototypeof)
+[![NPM Downloads](https://img.shields.io/npm/dm/setprototypeof.svg)](https://npmjs.org/package/setprototypeof)
+[![js-standard-style](https://img.shields.io/badge/code%20style-standard-brightgreen.svg)](https://github.com/standard/standard)
+
+A simple cross platform implementation to set the prototype of an instianted object.  Supports all modern browsers and at least back to IE8.
+
+## Usage:
+
+```
+$ npm install --save setprototypeof
+```
+
+```javascript
+var setPrototypeOf = require('setprototypeof')
+
+var obj = {}
+setPrototypeOf(obj, {
+  foo: function () {
+    return 'bar'
+  }
+})
+obj.foo() // bar
+```
+
+TypeScript is also supported:
+
+```typescript
+import setPrototypeOf from 'setprototypeof'
+```
diff --git a/src/Servers/ExpressServer/node_modules/setprototypeof/index.d.ts b/src/Servers/ExpressServer/node_modules/setprototypeof/index.d.ts
new file mode 100644
index 0000000..f108ecd
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/setprototypeof/index.d.ts
@@ -0,0 +1,2 @@
+declare function setPrototypeOf(o: any, proto: object | null): any;
+export = setPrototypeOf;
diff --git a/src/Servers/ExpressServer/node_modules/setprototypeof/index.js b/src/Servers/ExpressServer/node_modules/setprototypeof/index.js
new file mode 100644
index 0000000..c527055
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/setprototypeof/index.js
@@ -0,0 +1,17 @@
+'use strict'
+/* eslint no-proto: 0 */
+module.exports = Object.setPrototypeOf || ({ __proto__: [] } instanceof Array ? setProtoOf : mixinProperties)
+
+function setProtoOf (obj, proto) {
+  obj.__proto__ = proto
+  return obj
+}
+
+function mixinProperties (obj, proto) {
+  for (var prop in proto) {
+    if (!Object.prototype.hasOwnProperty.call(obj, prop)) {
+      obj[prop] = proto[prop]
+    }
+  }
+  return obj
+}
diff --git a/src/Servers/ExpressServer/node_modules/setprototypeof/package.json b/src/Servers/ExpressServer/node_modules/setprototypeof/package.json
new file mode 100644
index 0000000..f20915b
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/setprototypeof/package.json
@@ -0,0 +1,38 @@
+{
+  "name": "setprototypeof",
+  "version": "1.2.0",
+  "description": "A small polyfill for Object.setprototypeof",
+  "main": "index.js",
+  "typings": "index.d.ts",
+  "scripts": {
+    "test": "standard && mocha",
+    "testallversions": "npm run node010 && npm run node4 && npm run node6 && npm run node9 && npm run node11",
+    "testversion": "docker run -it --rm -v $(PWD):/usr/src/app -w /usr/src/app node:${NODE_VER} npm install mocha@${MOCHA_VER:-latest} && npm t",
+    "node010": "NODE_VER=0.10 MOCHA_VER=3 npm run testversion",
+    "node4": "NODE_VER=4 npm run testversion",
+    "node6": "NODE_VER=6 npm run testversion",
+    "node9": "NODE_VER=9 npm run testversion",
+    "node11": "NODE_VER=11 npm run testversion",
+    "prepublishOnly": "npm t",
+    "postpublish": "git push origin && git push origin --tags"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/wesleytodd/setprototypeof.git"
+  },
+  "keywords": [
+    "polyfill",
+    "object",
+    "setprototypeof"
+  ],
+  "author": "Wes Todd",
+  "license": "ISC",
+  "bugs": {
+    "url": "https://github.com/wesleytodd/setprototypeof/issues"
+  },
+  "homepage": "https://github.com/wesleytodd/setprototypeof",
+  "devDependencies": {
+    "mocha": "^6.1.4",
+    "standard": "^13.0.2"
+  }
+}
diff --git a/src/Servers/ExpressServer/node_modules/setprototypeof/test/index.js b/src/Servers/ExpressServer/node_modules/setprototypeof/test/index.js
new file mode 100644
index 0000000..afeb4dd
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/setprototypeof/test/index.js
@@ -0,0 +1,24 @@
+'use strict'
+/* eslint-env mocha */
+/* eslint no-proto: 0 */
+var assert = require('assert')
+var setPrototypeOf = require('..')
+
+describe('setProtoOf(obj, proto)', function () {
+  it('should merge objects', function () {
+    var obj = { a: 1, b: 2 }
+    var proto = { b: 3, c: 4 }
+    var mergeObj = setPrototypeOf(obj, proto)
+
+    if (Object.getPrototypeOf) {
+      assert.strictEqual(Object.getPrototypeOf(obj), proto)
+    } else if ({ __proto__: [] } instanceof Array) {
+      assert.strictEqual(obj.__proto__, proto)
+    } else {
+      assert.strictEqual(obj.a, 1)
+      assert.strictEqual(obj.b, 2)
+      assert.strictEqual(obj.c, 4)
+    }
+    assert.strictEqual(mergeObj, obj)
+  })
+})
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-list/.editorconfig b/src/Servers/ExpressServer/node_modules/side-channel-list/.editorconfig
new file mode 100644
index 0000000..72e0eba
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/side-channel-list/.editorconfig
@@ -0,0 +1,9 @@
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+insert_final_newline = true
+indent_style = tab
+indent_size = 2
+trim_trailing_whitespace = true
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-list/.eslintrc b/src/Servers/ExpressServer/node_modules/side-channel-list/.eslintrc
new file mode 100644
index 0000000..93978e7
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/side-channel-list/.eslintrc
@@ -0,0 +1,11 @@
+{
+	"root": true,
+
+	"extends": "@ljharb",
+
+	"rules": {
+		"max-lines-per-function": 0,
+		"multiline-comment-style": 1,
+		"new-cap": [2, { "capIsNewExceptions": ["GetIntrinsic"] }],
+	},
+}
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-list/.github/FUNDING.yml b/src/Servers/ExpressServer/node_modules/side-channel-list/.github/FUNDING.yml
new file mode 100644
index 0000000..eaff735
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/side-channel-list/.github/FUNDING.yml
@@ -0,0 +1,12 @@
+# These are supported funding model platforms
+
+github: [ljharb]
+patreon: # Replace with a single Patreon username
+open_collective: # Replace with a single Open Collective username
+ko_fi: # Replace with a single Ko-fi username
+tidelift: npm/side-channel-list
+community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
+liberapay: # Replace with a single Liberapay username
+issuehunt: # Replace with a single IssueHunt username
+otechie: # Replace with a single Otechie username
+custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-list/.nycrc b/src/Servers/ExpressServer/node_modules/side-channel-list/.nycrc
new file mode 100644
index 0000000..1826526
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/side-channel-list/.nycrc
@@ -0,0 +1,13 @@
+{
+	"all": true,
+	"check-coverage": false,
+	"reporter": ["text-summary", "text", "html", "json"],
+	"lines": 86,
+	"statements": 85.93,
+	"functions": 82.43,
+	"branches": 76.06,
+	"exclude": [
+		"coverage",
+		"test"
+	]
+}
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-list/CHANGELOG.md b/src/Servers/ExpressServer/node_modules/side-channel-list/CHANGELOG.md
new file mode 100644
index 0000000..2ec51b7
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/side-channel-list/CHANGELOG.md
@@ -0,0 +1,15 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## v1.0.0 - 2024-12-10
+
+### Commits
+
+- Initial implementation, tests, readme, types [`5d6baee`](https://github.com/ljharb/side-channel-list/commit/5d6baee5c9054a1238007f5a1dfc109a7a816251)
+- Initial commit [`3ae784c`](https://github.com/ljharb/side-channel-list/commit/3ae784c63a47895fbaeed2a91ab54a8029a7a100)
+- npm init [`07055a4`](https://github.com/ljharb/side-channel-list/commit/07055a4d139895565b199dba5fe2479c1a1b9e28)
+- Only apps should have lockfiles [`9573058`](https://github.com/ljharb/side-channel-list/commit/9573058a47494e2d68f8c6c77b5d7fbe441949c1)
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-list/LICENSE b/src/Servers/ExpressServer/node_modules/side-channel-list/LICENSE
new file mode 100644
index 0000000..f82f389
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/side-channel-list/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 Jordan Harband
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-list/README.md b/src/Servers/ExpressServer/node_modules/side-channel-list/README.md
new file mode 100644
index 0000000..d9c7a13
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/side-channel-list/README.md
@@ -0,0 +1,62 @@
+# side-channel-list <sup>[![Version Badge][npm-version-svg]][package-url]</sup>
+
+[![github actions][actions-image]][actions-url]
+[![coverage][codecov-image]][codecov-url]
+[![License][license-image]][license-url]
+[![Downloads][downloads-image]][downloads-url]
+
+[![npm badge][npm-badge-png]][package-url]
+
+Store information about any JS value in a side channel, using a linked list.
+
+Warning: this implementation will leak memory until you `delete` the `key`.
+Use [`side-channel`](https://npmjs.com/side-channel) for the best available strategy.
+
+## Getting started
+
+```sh
+npm install --save side-channel-list
+```
+
+## Usage/Examples
+
+```js
+const assert = require('assert');
+const getSideChannelList = require('side-channel-list');
+
+const channel = getSideChannelList();
+
+const key = {};
+assert.equal(channel.has(key), false);
+assert.throws(() => channel.assert(key), TypeError);
+
+channel.set(key, 42);
+
+channel.assert(key); // does not throw
+assert.equal(channel.has(key), true);
+assert.equal(channel.get(key), 42);
+
+channel.delete(key);
+assert.equal(channel.has(key), false);
+assert.throws(() => channel.assert(key), TypeError);
+```
+
+## Tests
+
+Clone the repo, `npm install`, and run `npm test`
+
+[package-url]: https://npmjs.org/package/side-channel-list
+[npm-version-svg]: https://versionbadg.es/ljharb/side-channel-list.svg
+[deps-svg]: https://david-dm.org/ljharb/side-channel-list.svg
+[deps-url]: https://david-dm.org/ljharb/side-channel-list
+[dev-deps-svg]: https://david-dm.org/ljharb/side-channel-list/dev-status.svg
+[dev-deps-url]: https://david-dm.org/ljharb/side-channel-list#info=devDependencies
+[npm-badge-png]: https://nodei.co/npm/side-channel-list.png?downloads=true&stars=true
+[license-image]: https://img.shields.io/npm/l/side-channel-list.svg
+[license-url]: LICENSE
+[downloads-image]: https://img.shields.io/npm/dm/side-channel-list.svg
+[downloads-url]: https://npm-stat.com/charts.html?package=side-channel-list
+[codecov-image]: https://codecov.io/gh/ljharb/side-channel-list/branch/main/graphs/badge.svg
+[codecov-url]: https://app.codecov.io/gh/ljharb/side-channel-list/
+[actions-image]: https://img.shields.io/endpoint?url=https://github-actions-badge-u3jn4tfpocch.runkit.sh/ljharb/side-channel-list
+[actions-url]: https://github.com/ljharb/side-channel-list/actions
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-list/index.d.ts b/src/Servers/ExpressServer/node_modules/side-channel-list/index.d.ts
new file mode 100644
index 0000000..c9cabc8
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/side-channel-list/index.d.ts
@@ -0,0 +1,13 @@
+declare namespace getSideChannelList {
+	type Channel<K, V> = {
+		assert: (key: K) => void;
+		has: (key: K) => boolean;
+		get: (key: K) => V | undefined;
+		set: (key: K, value: V) => void;
+		delete: (key: K) => boolean;
+	};
+}
+
+declare function getSideChannelList<V, K>(): getSideChannelList.Channel<K, V>;
+
+export = getSideChannelList;
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-list/index.js b/src/Servers/ExpressServer/node_modules/side-channel-list/index.js
new file mode 100644
index 0000000..8d6f98c
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/side-channel-list/index.js
@@ -0,0 +1,113 @@
+'use strict';
+
+var inspect = require('object-inspect');
+
+var $TypeError = require('es-errors/type');
+
+/*
+* This function traverses the list returning the node corresponding to the given key.
+*
+* That node is also moved to the head of the list, so that if it's accessed again we don't need to traverse the whole list.
+* By doing so, all the recently used nodes can be accessed relatively quickly.
+*/
+/** @type {import('./list.d.ts').listGetNode} */
+// eslint-disable-next-line consistent-return
+var listGetNode = function (list, key, isDelete) {
+	/** @type {typeof list | NonNullable<(typeof list)['next']>} */
+	var prev = list;
+	/** @type {(typeof list)['next']} */
+	var curr;
+	// eslint-disable-next-line eqeqeq
+	for (; (curr = prev.next) != null; prev = curr) {
+		if (curr.key === key) {
+			prev.next = curr.next;
+			if (!isDelete) {
+				// eslint-disable-next-line no-extra-parens
+				curr.next = /** @type {NonNullable<typeof list.next>} */ (list.next);
+				list.next = curr; // eslint-disable-line no-param-reassign
+			}
+			return curr;
+		}
+	}
+};
+
+/** @type {import('./list.d.ts').listGet} */
+var listGet = function (objects, key) {
+	if (!objects) {
+		return void undefined;
+	}
+	var node = listGetNode(objects, key);
+	return node && node.value;
+};
+/** @type {import('./list.d.ts').listSet} */
+var listSet = function (objects, key, value) {
+	var node = listGetNode(objects, key);
+	if (node) {
+		node.value = value;
+	} else {
+		// Prepend the new node to the beginning of the list
+		objects.next = /** @type {import('./list.d.ts').ListNode<typeof value, typeof key>} */ ({ // eslint-disable-line no-param-reassign, no-extra-parens
+			key: key,
+			next: objects.next,
+			value: value
+		});
+	}
+};
+/** @type {import('./list.d.ts').listHas} */
+var listHas = function (objects, key) {
+	if (!objects) {
+		return false;
+	}
+	return !!listGetNode(objects, key);
+};
+/** @type {import('./list.d.ts').listDelete} */
+// eslint-disable-next-line consistent-return
+var listDelete = function (objects, key) {
+	if (objects) {
+		return listGetNode(objects, key, true);
+	}
+};
+
+/** @type {import('.')} */
+module.exports = function getSideChannelList() {
+	/** @typedef {ReturnType<typeof getSideChannelList>} Channel */
+	/** @typedef {Parameters<Channel['get']>[0]} K */
+	/** @typedef {Parameters<Channel['set']>[1]} V */
+
+	/** @type {import('./list.d.ts').RootNode<V, K> | undefined} */ var $o;
+
+	/** @type {Channel} */
+	var channel = {
+		assert: function (key) {
+			if (!channel.has(key)) {
+				throw new $TypeError('Side channel does not contain ' + inspect(key));
+			}
+		},
+		'delete': function (key) {
+			var root = $o && $o.next;
+			var deletedNode = listDelete($o, key);
+			if (deletedNode && root && root === deletedNode) {
+				$o = void undefined;
+			}
+			return !!deletedNode;
+		},
+		get: function (key) {
+			return listGet($o, key);
+		},
+		has: function (key) {
+			return listHas($o, key);
+		},
+		set: function (key, value) {
+			if (!$o) {
+				// Initialize the linked list as an empty node, so that we don't have to special-case handling of the first node: we can always refer to it as (previous node).next, instead of something like (list).head
+				$o = {
+					next: void undefined
+				};
+			}
+			// eslint-disable-next-line no-extra-parens
+			listSet(/** @type {NonNullable<typeof $o>} */ ($o), key, value);
+		}
+	};
+	// @ts-expect-error TODO: figure out why this is erroring
+	return channel;
+};
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-list/list.d.ts b/src/Servers/ExpressServer/node_modules/side-channel-list/list.d.ts
new file mode 100644
index 0000000..2c759e2
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/side-channel-list/list.d.ts
@@ -0,0 +1,14 @@
+type ListNode<T, K> = {
+	key: K;
+	next: undefined | ListNode<T, K>;
+	value: T;
+};
+type RootNode<T, K> = {
+	next: undefined | ListNode<T, K>;
+};
+
+export function listGetNode<T, K>(list: RootNode<T, K>, key: ListNode<T, K>['key'], isDelete?: boolean): ListNode<T, K> | undefined;
+export function listGet<T, K>(objects: undefined | RootNode<T, K>, key: ListNode<T, K>['key']): T | undefined;
+export function listSet<T, K>(objects: RootNode<T, K>, key: ListNode<T, K>['key'], value: T): void;
+export function listHas<T, K>(objects: undefined | RootNode<T, K>, key: ListNode<T, K>['key']): boolean;
+export function listDelete<T, K>(objects: undefined | RootNode<T, K>, key: ListNode<T, K>['key']): ListNode<T, K> | undefined;
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-list/package.json b/src/Servers/ExpressServer/node_modules/side-channel-list/package.json
new file mode 100644
index 0000000..ba0f5c5
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/side-channel-list/package.json
@@ -0,0 +1,77 @@
+{
+	"name": "side-channel-list",
+	"version": "1.0.0",
+	"description": "Store information about any JS value in a side channel, using a linked list",
+	"main": "index.js",
+	"exports": {
+		".": "./index.js",
+		"./package.json": "./package.json"
+	},
+	"types": "./index.d.ts",
+	"scripts": {
+		"prepack": "npmignore --auto --commentLines=autogenerated",
+		"prepublishOnly": "safe-publish-latest",
+		"prepublish": "not-in-publish || npm run prepublishOnly",
+		"prelint": "evalmd README.md && eclint check $(git ls-files | xargs find 2> /dev/null | grep -vE 'node_modules|\\.git')",
+		"lint": "eslint --ext=js,mjs .",
+		"postlint": "tsc -p . && attw -P",
+		"pretest": "npm run lint",
+		"tests-only": "nyc tape 'test/**/*.js'",
+		"test": "npm run tests-only",
+		"posttest": "npx npm@'>= 10.2' audit --production",
+		"version": "auto-changelog && git add CHANGELOG.md",
+		"postversion": "auto-changelog && git add CHANGELOG.md && git commit --no-edit --amend && git tag -f \"v$(node -e \"console.log(require('./package.json').version)\")\""
+	},
+	"repository": {
+		"type": "git",
+		"url": "git+https://github.com/ljharb/side-channel-list.git"
+	},
+	"keywords": [],
+	"author": "Jordan Harband <ljharb@gmail.com>",
+	"funding": {
+		"url": "https://github.com/sponsors/ljharb"
+	},
+	"license": "MIT",
+	"bugs": {
+		"url": "https://github.com/ljharb/side-channel-list/issues"
+	},
+	"homepage": "https://github.com/ljharb/side-channel-list#readme",
+	"dependencies": {
+		"es-errors": "^1.3.0",
+		"object-inspect": "^1.13.3"
+	},
+	"devDependencies": {
+		"@arethetypeswrong/cli": "^0.17.1",
+		"@ljharb/eslint-config": "^21.1.1",
+		"@ljharb/tsconfig": "^0.2.2",
+		"@types/object-inspect": "^1.13.0",
+		"@types/tape": "^5.6.5",
+		"auto-changelog": "^2.5.0",
+		"eclint": "^2.8.1",
+		"encoding": "^0.1.13",
+		"eslint": "=8.8.0",
+		"evalmd": "^0.0.19",
+		"in-publish": "^2.0.1",
+		"npmignore": "^0.3.1",
+		"nyc": "^10.3.2",
+		"safe-publish-latest": "^2.0.0",
+		"tape": "^5.9.0",
+		"typescript": "next"
+	},
+	"auto-changelog": {
+		"output": "CHANGELOG.md",
+		"template": "keepachangelog",
+		"unreleased": false,
+		"commitLimit": false,
+		"backfillLimit": false,
+		"hideCredit": true
+	},
+	"publishConfig": {
+		"ignore": [
+			".github/workflows"
+		]
+	},
+	"engines": {
+		"node": ">= 0.4"
+	}
+}
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-list/test/index.js b/src/Servers/ExpressServer/node_modules/side-channel-list/test/index.js
new file mode 100644
index 0000000..3ad4368
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/side-channel-list/test/index.js
@@ -0,0 +1,104 @@
+'use strict';
+
+var test = require('tape');
+
+var getSideChannelList = require('../');
+
+test('getSideChannelList', function (t) {
+	t.test('export', function (st) {
+		st.equal(typeof getSideChannelList, 'function', 'is a function');
+
+		st.equal(getSideChannelList.length, 0, 'takes no arguments');
+
+		var channel = getSideChannelList();
+		st.ok(channel, 'is truthy');
+		st.equal(typeof channel, 'object', 'is an object');
+		st.end();
+	});
+
+	t.test('assert', function (st) {
+		var channel = getSideChannelList();
+		st['throws'](
+			function () { channel.assert({}); },
+			TypeError,
+			'nonexistent value throws'
+		);
+
+		var o = {};
+		channel.set(o, 'data');
+		st.doesNotThrow(function () { channel.assert(o); }, 'existent value noops');
+
+		st.end();
+	});
+
+	t.test('has', function (st) {
+		var channel = getSideChannelList();
+		/** @type {unknown[]} */ var o = [];
+
+		st.equal(channel.has(o), false, 'nonexistent value yields false');
+
+		channel.set(o, 'foo');
+		st.equal(channel.has(o), true, 'existent value yields true');
+
+		st.equal(channel.has('abc'), false, 'non object value non existent yields false');
+
+		channel.set('abc', 'foo');
+		st.equal(channel.has('abc'), true, 'non object value that exists yields true');
+
+		st.end();
+	});
+
+	t.test('get', function (st) {
+		var channel = getSideChannelList();
+		var o = {};
+		st.equal(channel.get(o), undefined, 'nonexistent value yields undefined');
+
+		var data = {};
+		channel.set(o, data);
+		st.equal(channel.get(o), data, '"get" yields data set by "set"');
+
+		st.end();
+	});
+
+	t.test('set', function (st) {
+		var channel = getSideChannelList();
+		var o = function () {};
+		st.equal(channel.get(o), undefined, 'value not set');
+
+		channel.set(o, 42);
+		st.equal(channel.get(o), 42, 'value was set');
+
+		channel.set(o, Infinity);
+		st.equal(channel.get(o), Infinity, 'value was set again');
+
+		var o2 = {};
+		channel.set(o2, 17);
+		st.equal(channel.get(o), Infinity, 'o is not modified');
+		st.equal(channel.get(o2), 17, 'o2 is set');
+
+		channel.set(o, 14);
+		st.equal(channel.get(o), 14, 'o is modified');
+		st.equal(channel.get(o2), 17, 'o2 is not modified');
+
+		st.end();
+	});
+
+	t.test('delete', function (st) {
+		var channel = getSideChannelList();
+		var o = {};
+		st.equal(channel['delete']({}), false, 'nonexistent value yields false');
+
+		channel.set(o, 42);
+		st.equal(channel.has(o), true, 'value is set');
+
+		st.equal(channel['delete']({}), false, 'nonexistent value still yields false');
+
+		st.equal(channel['delete'](o), true, 'deleted value yields true');
+
+		st.equal(channel.has(o), false, 'value is no longer set');
+
+		st.end();
+	});
+
+	t.end();
+});
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-list/tsconfig.json b/src/Servers/ExpressServer/node_modules/side-channel-list/tsconfig.json
new file mode 100644
index 0000000..d9a6668
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/side-channel-list/tsconfig.json
@@ -0,0 +1,9 @@
+{
+	"extends": "@ljharb/tsconfig",
+	"compilerOptions": {
+		"target": "es2021",
+	},
+	"exclude": [
+		"coverage",
+	],
+}
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-map/.editorconfig b/src/Servers/ExpressServer/node_modules/side-channel-map/.editorconfig
new file mode 100644
index 0000000..72e0eba
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/side-channel-map/.editorconfig
@@ -0,0 +1,9 @@
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+insert_final_newline = true
+indent_style = tab
+indent_size = 2
+trim_trailing_whitespace = true
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-map/.eslintrc b/src/Servers/ExpressServer/node_modules/side-channel-map/.eslintrc
new file mode 100644
index 0000000..93978e7
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/side-channel-map/.eslintrc
@@ -0,0 +1,11 @@
+{
+	"root": true,
+
+	"extends": "@ljharb",
+
+	"rules": {
+		"max-lines-per-function": 0,
+		"multiline-comment-style": 1,
+		"new-cap": [2, { "capIsNewExceptions": ["GetIntrinsic"] }],
+	},
+}
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-map/.github/FUNDING.yml b/src/Servers/ExpressServer/node_modules/side-channel-map/.github/FUNDING.yml
new file mode 100644
index 0000000..f2891bd
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/side-channel-map/.github/FUNDING.yml
@@ -0,0 +1,12 @@
+# These are supported funding model platforms
+
+github: [ljharb]
+patreon: # Replace with a single Patreon username
+open_collective: # Replace with a single Open Collective username
+ko_fi: # Replace with a single Ko-fi username
+tidelift: npm/side-channel-map
+community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
+liberapay: # Replace with a single Liberapay username
+issuehunt: # Replace with a single IssueHunt username
+otechie: # Replace with a single Otechie username
+custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-map/.nycrc b/src/Servers/ExpressServer/node_modules/side-channel-map/.nycrc
new file mode 100644
index 0000000..1826526
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/side-channel-map/.nycrc
@@ -0,0 +1,13 @@
+{
+	"all": true,
+	"check-coverage": false,
+	"reporter": ["text-summary", "text", "html", "json"],
+	"lines": 86,
+	"statements": 85.93,
+	"functions": 82.43,
+	"branches": 76.06,
+	"exclude": [
+		"coverage",
+		"test"
+	]
+}
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-map/CHANGELOG.md b/src/Servers/ExpressServer/node_modules/side-channel-map/CHANGELOG.md
new file mode 100644
index 0000000..b6ccea9
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/side-channel-map/CHANGELOG.md
@@ -0,0 +1,22 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [v1.0.1](https://github.com/ljharb/side-channel-map/compare/v1.0.0...v1.0.1) - 2024-12-10
+
+### Commits
+
+- [Deps] update `call-bound` [`6d05aaa`](https://github.com/ljharb/side-channel-map/commit/6d05aaa4ce5f2be4e7825df433d650696f0ba40f)
+- [types] fix generics ordering [`11c0184`](https://github.com/ljharb/side-channel-map/commit/11c0184132ac11fdc16857e12682e148e5e9ee74)
+
+## v1.0.0 - 2024-12-10
+
+### Commits
+
+- Initial implementation, tests, readme, types [`ad877b4`](https://github.com/ljharb/side-channel-map/commit/ad877b42926d46d63fff76a2bd01d2b4a01959a9)
+- Initial commit [`28f8879`](https://github.com/ljharb/side-channel-map/commit/28f8879c512abe8fcf9b6a4dc7754a0287e5eba4)
+- npm init [`2c9604e`](https://github.com/ljharb/side-channel-map/commit/2c9604e5aa40223e425ea7cea78f8a07697504bd)
+- Only apps should have lockfiles [`5e7ba9c`](https://github.com/ljharb/side-channel-map/commit/5e7ba9cffe3ef42095815adc8ac1255b49bbadf5)
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-map/LICENSE b/src/Servers/ExpressServer/node_modules/side-channel-map/LICENSE
new file mode 100644
index 0000000..f82f389
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/side-channel-map/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 Jordan Harband
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-map/README.md b/src/Servers/ExpressServer/node_modules/side-channel-map/README.md
new file mode 100644
index 0000000..8fa6f77
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/side-channel-map/README.md
@@ -0,0 +1,62 @@
+# side-channel-map <sup>[![Version Badge][npm-version-svg]][package-url]</sup>
+
+[![github actions][actions-image]][actions-url]
+[![coverage][codecov-image]][codecov-url]
+[![License][license-image]][license-url]
+[![Downloads][downloads-image]][downloads-url]
+
+[![npm badge][npm-badge-png]][package-url]
+
+Store information about any JS value in a side channel, using a Map.
+
+Warning: if the `key` is an object, this implementation will leak memory until you `delete` it.
+Use [`side-channel`](https://npmjs.com/side-channel) for the best available strategy.
+
+## Getting started
+
+```sh
+npm install --save side-channel-map
+```
+
+## Usage/Examples
+
+```js
+const assert = require('assert');
+const getSideChannelMap = require('side-channel-map');
+
+const channel = getSideChannelMap();
+
+const key = {};
+assert.equal(channel.has(key), false);
+assert.throws(() => channel.assert(key), TypeError);
+
+channel.set(key, 42);
+
+channel.assert(key); // does not throw
+assert.equal(channel.has(key), true);
+assert.equal(channel.get(key), 42);
+
+channel.delete(key);
+assert.equal(channel.has(key), false);
+assert.throws(() => channel.assert(key), TypeError);
+```
+
+## Tests
+
+Clone the repo, `npm install`, and run `npm test`
+
+[package-url]: https://npmjs.org/package/side-channel-map
+[npm-version-svg]: https://versionbadg.es/ljharb/side-channel-map.svg
+[deps-svg]: https://david-dm.org/ljharb/side-channel-map.svg
+[deps-url]: https://david-dm.org/ljharb/side-channel-map
+[dev-deps-svg]: https://david-dm.org/ljharb/side-channel-map/dev-status.svg
+[dev-deps-url]: https://david-dm.org/ljharb/side-channel-map#info=devDependencies
+[npm-badge-png]: https://nodei.co/npm/side-channel-map.png?downloads=true&stars=true
+[license-image]: https://img.shields.io/npm/l/side-channel-map.svg
+[license-url]: LICENSE
+[downloads-image]: https://img.shields.io/npm/dm/side-channel-map.svg
+[downloads-url]: https://npm-stat.com/charts.html?package=side-channel-map
+[codecov-image]: https://codecov.io/gh/ljharb/side-channel-map/branch/main/graphs/badge.svg
+[codecov-url]: https://app.codecov.io/gh/ljharb/side-channel-map/
+[actions-image]: https://img.shields.io/endpoint?url=https://github-actions-badge-u3jn4tfpocch.runkit.sh/ljharb/side-channel-map
+[actions-url]: https://github.com/ljharb/side-channel-map/actions
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-map/index.d.ts b/src/Servers/ExpressServer/node_modules/side-channel-map/index.d.ts
new file mode 100644
index 0000000..de33e89
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/side-channel-map/index.d.ts
@@ -0,0 +1,15 @@
+declare namespace getSideChannelMap {
+	type Channel<K, V> = {
+		assert: (key: K) => void;
+		has: (key: K) => boolean;
+		get: (key: K) => V | undefined;
+		set: (key: K, value: V) => void;
+		delete: (key: K) => boolean;
+	};
+}
+
+declare function getSideChannelMap<K, V>(): getSideChannelMap.Channel<K, V>;
+
+declare const x: false | typeof getSideChannelMap;
+
+export = x;
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-map/index.js b/src/Servers/ExpressServer/node_modules/side-channel-map/index.js
new file mode 100644
index 0000000..e111100
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/side-channel-map/index.js
@@ -0,0 +1,68 @@
+'use strict';
+
+var GetIntrinsic = require('get-intrinsic');
+var callBound = require('call-bound');
+var inspect = require('object-inspect');
+
+var $TypeError = require('es-errors/type');
+var $Map = GetIntrinsic('%Map%', true);
+
+/** @type {<K, V>(thisArg: Map<K, V>, key: K) => V} */
+var $mapGet = callBound('Map.prototype.get', true);
+/** @type {<K, V>(thisArg: Map<K, V>, key: K, value: V) => void} */
+var $mapSet = callBound('Map.prototype.set', true);
+/** @type {<K, V>(thisArg: Map<K, V>, key: K) => boolean} */
+var $mapHas = callBound('Map.prototype.has', true);
+/** @type {<K, V>(thisArg: Map<K, V>, key: K) => boolean} */
+var $mapDelete = callBound('Map.prototype.delete', true);
+/** @type {<K, V>(thisArg: Map<K, V>) => number} */
+var $mapSize = callBound('Map.prototype.size', true);
+
+/** @type {import('.')} */
+module.exports = !!$Map && /** @type {Exclude<import('.'), false>} */ function getSideChannelMap() {
+	/** @typedef {ReturnType<typeof getSideChannelMap>} Channel */
+	/** @typedef {Parameters<Channel['get']>[0]} K */
+	/** @typedef {Parameters<Channel['set']>[1]} V */
+
+	/** @type {Map<K, V> | undefined} */ var $m;
+
+	/** @type {Channel} */
+	var channel = {
+		assert: function (key) {
+			if (!channel.has(key)) {
+				throw new $TypeError('Side channel does not contain ' + inspect(key));
+			}
+		},
+		'delete': function (key) {
+			if ($m) {
+				var result = $mapDelete($m, key);
+				if ($mapSize($m) === 0) {
+					$m = void undefined;
+				}
+				return result;
+			}
+			return false;
+		},
+		get: function (key) { // eslint-disable-line consistent-return
+			if ($m) {
+				return $mapGet($m, key);
+			}
+		},
+		has: function (key) {
+			if ($m) {
+				return $mapHas($m, key);
+			}
+			return false;
+		},
+		set: function (key, value) {
+			if (!$m) {
+				// @ts-expect-error TS can't handle narrowing a variable inside a closure
+				$m = new $Map();
+			}
+			$mapSet($m, key, value);
+		}
+	};
+
+	// @ts-expect-error TODO: figure out why TS is erroring here
+	return channel;
+};
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-map/package.json b/src/Servers/ExpressServer/node_modules/side-channel-map/package.json
new file mode 100644
index 0000000..18e8080
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/side-channel-map/package.json
@@ -0,0 +1,80 @@
+{
+	"name": "side-channel-map",
+	"version": "1.0.1",
+	"description": "Store information about any JS value in a side channel, using a Map",
+	"main": "index.js",
+	"exports": {
+		".": "./index.js",
+		"./package.json": "./package.json"
+	},
+	"types": "./index.d.ts",
+	"scripts": {
+		"prepack": "npmignore --auto --commentLines=autogenerated",
+		"prepublishOnly": "safe-publish-latest",
+		"prepublish": "not-in-publish || npm run prepublishOnly",
+		"prelint": "evalmd README.md && eclint check $(git ls-files | xargs find 2> /dev/null | grep -vE 'node_modules|\\.git')",
+		"lint": "eslint --ext=js,mjs .",
+		"postlint": "tsc -p . && attw -P",
+		"pretest": "npm run lint",
+		"tests-only": "nyc tape 'test/**/*.js'",
+		"test": "npm run tests-only",
+		"posttest": "npx npm@'>= 10.2' audit --production",
+		"version": "auto-changelog && git add CHANGELOG.md",
+		"postversion": "auto-changelog && git add CHANGELOG.md && git commit --no-edit --amend && git tag -f \"v$(node -e \"console.log(require('./package.json').version)\")\""
+	},
+	"repository": {
+		"type": "git",
+		"url": "git+https://github.com/ljharb/side-channel-map.git"
+	},
+	"keywords": [],
+	"author": "Jordan Harband <ljharb@gmail.com>",
+	"funding": {
+		"url": "https://github.com/sponsors/ljharb"
+	},
+	"license": "MIT",
+	"bugs": {
+		"url": "https://github.com/ljharb/side-channel-map/issues"
+	},
+	"homepage": "https://github.com/ljharb/side-channel-map#readme",
+	"dependencies": {
+		"call-bound": "^1.0.2",
+		"es-errors": "^1.3.0",
+		"get-intrinsic": "^1.2.5",
+		"object-inspect": "^1.13.3"
+	},
+	"devDependencies": {
+		"@arethetypeswrong/cli": "^0.17.1",
+		"@ljharb/eslint-config": "^21.1.1",
+		"@ljharb/tsconfig": "^0.2.2",
+		"@types/get-intrinsic": "^1.2.3",
+		"@types/object-inspect": "^1.13.0",
+		"@types/tape": "^5.6.5",
+		"auto-changelog": "^2.5.0",
+		"eclint": "^2.8.1",
+		"encoding": "^0.1.13",
+		"eslint": "=8.8.0",
+		"evalmd": "^0.0.19",
+		"in-publish": "^2.0.1",
+		"npmignore": "^0.3.1",
+		"nyc": "^10.3.2",
+		"safe-publish-latest": "^2.0.0",
+		"tape": "^5.9.0",
+		"typescript": "next"
+	},
+	"auto-changelog": {
+		"output": "CHANGELOG.md",
+		"template": "keepachangelog",
+		"unreleased": false,
+		"commitLimit": false,
+		"backfillLimit": false,
+		"hideCredit": true
+	},
+	"publishConfig": {
+		"ignore": [
+			".github/workflows"
+		]
+	},
+	"engines": {
+		"node": ">= 0.4"
+	}
+}
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-map/test/index.js b/src/Servers/ExpressServer/node_modules/side-channel-map/test/index.js
new file mode 100644
index 0000000..1743323
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/side-channel-map/test/index.js
@@ -0,0 +1,114 @@
+'use strict';
+
+var test = require('tape');
+
+var getSideChannelMap = require('../');
+
+test('getSideChannelMap', { skip: typeof Map !== 'function' }, function (t) {
+	var getSideChannel = getSideChannelMap || function () {
+		throw new EvalError('should never happen');
+	};
+
+	t.test('export', function (st) {
+		st.equal(typeof getSideChannel, 'function', 'is a function');
+
+		st.equal(getSideChannel.length, 0, 'takes no arguments');
+
+		var channel = getSideChannel();
+		st.ok(channel, 'is truthy');
+		st.equal(typeof channel, 'object', 'is an object');
+		st.end();
+	});
+
+	t.test('assert', function (st) {
+		var channel = getSideChannel();
+		st['throws'](
+			function () { channel.assert({}); },
+			TypeError,
+			'nonexistent value throws'
+		);
+
+		var o = {};
+		channel.set(o, 'data');
+		st.doesNotThrow(function () { channel.assert(o); }, 'existent value noops');
+
+		st.end();
+	});
+
+	t.test('has', function (st) {
+		var channel = getSideChannel();
+		/** @type {unknown[]} */ var o = [];
+
+		st.equal(channel.has(o), false, 'nonexistent value yields false');
+
+		channel.set(o, 'foo');
+		st.equal(channel.has(o), true, 'existent value yields true');
+
+		st.equal(channel.has('abc'), false, 'non object value non existent yields false');
+
+		channel.set('abc', 'foo');
+		st.equal(channel.has('abc'), true, 'non object value that exists yields true');
+
+		st.end();
+	});
+
+	t.test('get', function (st) {
+		var channel = getSideChannel();
+		var o = {};
+		st.equal(channel.get(o), undefined, 'nonexistent value yields undefined');
+
+		var data = {};
+		channel.set(o, data);
+		st.equal(channel.get(o), data, '"get" yields data set by "set"');
+
+		st.end();
+	});
+
+	t.test('set', function (st) {
+		var channel = getSideChannel();
+		var o = function () {};
+		st.equal(channel.get(o), undefined, 'value not set');
+
+		channel.set(o, 42);
+		st.equal(channel.get(o), 42, 'value was set');
+
+		channel.set(o, Infinity);
+		st.equal(channel.get(o), Infinity, 'value was set again');
+
+		var o2 = {};
+		channel.set(o2, 17);
+		st.equal(channel.get(o), Infinity, 'o is not modified');
+		st.equal(channel.get(o2), 17, 'o2 is set');
+
+		channel.set(o, 14);
+		st.equal(channel.get(o), 14, 'o is modified');
+		st.equal(channel.get(o2), 17, 'o2 is not modified');
+
+		st.end();
+	});
+
+	t.test('delete', function (st) {
+		var channel = getSideChannel();
+		var o = {};
+		st.equal(channel['delete']({}), false, 'nonexistent value yields false');
+
+		channel.set(o, 42);
+		st.equal(channel.has(o), true, 'value is set');
+
+		st.equal(channel['delete']({}), false, 'nonexistent value still yields false');
+
+		st.equal(channel['delete'](o), true, 'deleted value yields true');
+
+		st.equal(channel.has(o), false, 'value is no longer set');
+
+		st.end();
+	});
+
+	t.end();
+});
+
+test('getSideChannelMap, no Maps', { skip: typeof Map === 'function' }, function (t) {
+	t.equal(getSideChannelMap, false, 'is false');
+
+	t.end();
+});
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-map/tsconfig.json b/src/Servers/ExpressServer/node_modules/side-channel-map/tsconfig.json
new file mode 100644
index 0000000..d9a6668
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/side-channel-map/tsconfig.json
@@ -0,0 +1,9 @@
+{
+	"extends": "@ljharb/tsconfig",
+	"compilerOptions": {
+		"target": "es2021",
+	},
+	"exclude": [
+		"coverage",
+	],
+}
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-weakmap/.editorconfig b/src/Servers/ExpressServer/node_modules/side-channel-weakmap/.editorconfig
new file mode 100644
index 0000000..72e0eba
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/side-channel-weakmap/.editorconfig
@@ -0,0 +1,9 @@
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+insert_final_newline = true
+indent_style = tab
+indent_size = 2
+trim_trailing_whitespace = true
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-weakmap/.eslintrc b/src/Servers/ExpressServer/node_modules/side-channel-weakmap/.eslintrc
new file mode 100644
index 0000000..9b13ad8
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/side-channel-weakmap/.eslintrc
@@ -0,0 +1,12 @@
+{
+	"root": true,
+
+	"extends": "@ljharb",
+
+	"rules": {
+		"id-length": 0,
+		"max-lines-per-function": 0,
+		"multiline-comment-style": 1,
+		"new-cap": [2, { "capIsNewExceptions": ["GetIntrinsic"] }],
+	},
+}
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-weakmap/.github/FUNDING.yml b/src/Servers/ExpressServer/node_modules/side-channel-weakmap/.github/FUNDING.yml
new file mode 100644
index 0000000..2ae71cd
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/side-channel-weakmap/.github/FUNDING.yml
@@ -0,0 +1,12 @@
+# These are supported funding model platforms
+
+github: [ljharb]
+patreon: # Replace with a single Patreon username
+open_collective: # Replace with a single Open Collective username
+ko_fi: # Replace with a single Ko-fi username
+tidelift: npm/side-channel-weakmap
+community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
+liberapay: # Replace with a single Liberapay username
+issuehunt: # Replace with a single IssueHunt username
+otechie: # Replace with a single Otechie username
+custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-weakmap/.nycrc b/src/Servers/ExpressServer/node_modules/side-channel-weakmap/.nycrc
new file mode 100644
index 0000000..1826526
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/side-channel-weakmap/.nycrc
@@ -0,0 +1,13 @@
+{
+	"all": true,
+	"check-coverage": false,
+	"reporter": ["text-summary", "text", "html", "json"],
+	"lines": 86,
+	"statements": 85.93,
+	"functions": 82.43,
+	"branches": 76.06,
+	"exclude": [
+		"coverage",
+		"test"
+	]
+}
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-weakmap/CHANGELOG.md b/src/Servers/ExpressServer/node_modules/side-channel-weakmap/CHANGELOG.md
new file mode 100644
index 0000000..aba7ab0
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/side-channel-weakmap/CHANGELOG.md
@@ -0,0 +1,28 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [v1.0.2](https://github.com/ljharb/side-channel-weakmap/compare/v1.0.1...v1.0.2) - 2024-12-10
+
+### Commits
+
+- [types] fix generics ordering [`1b62e94`](https://github.com/ljharb/side-channel-weakmap/commit/1b62e94a2ad6ed30b640ba73c4a2535836c67289)
+
+## [v1.0.1](https://github.com/ljharb/side-channel-weakmap/compare/v1.0.0...v1.0.1) - 2024-12-10
+
+### Commits
+
+- [types] fix generics ordering [`08a4a5d`](https://github.com/ljharb/side-channel-weakmap/commit/08a4a5dbffedc3ebc79f1aaaf5a3dd6d2196dc1b)
+- [Deps] update `side-channel-map` [`b53fe44`](https://github.com/ljharb/side-channel-weakmap/commit/b53fe447dfdd3a9aebedfd015b384eac17fce916)
+
+## v1.0.0 - 2024-12-10
+
+### Commits
+
+- Initial implementation, tests, readme, types [`53c0fa4`](https://github.com/ljharb/side-channel-weakmap/commit/53c0fa4788435a006f58b9d7b43cb65989ecee49)
+- Initial commit [`a157947`](https://github.com/ljharb/side-channel-weakmap/commit/a157947f26fcaf2c4a941d3a044e76bf67343532)
+- npm init [`54dfc55`](https://github.com/ljharb/side-channel-weakmap/commit/54dfc55bafb16265910d5aad4e743c43aee5bbbb)
+- Only apps should have lockfiles [`0ddd6c7`](https://github.com/ljharb/side-channel-weakmap/commit/0ddd6c7b07fe8ee04d67b2e9f7255af7ce62c07d)
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-weakmap/LICENSE b/src/Servers/ExpressServer/node_modules/side-channel-weakmap/LICENSE
new file mode 100644
index 0000000..3900dd7
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/side-channel-weakmap/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2019 Jordan Harband
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-weakmap/README.md b/src/Servers/ExpressServer/node_modules/side-channel-weakmap/README.md
new file mode 100644
index 0000000..856ee36
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/side-channel-weakmap/README.md
@@ -0,0 +1,62 @@
+# side-channel-weakmap <sup>[![Version Badge][npm-version-svg]][package-url]</sup>
+
+[![github actions][actions-image]][actions-url]
+[![coverage][codecov-image]][codecov-url]
+[![License][license-image]][license-url]
+[![Downloads][downloads-image]][downloads-url]
+
+[![npm badge][npm-badge-png]][package-url]
+
+Store information about any JS value in a side channel. Uses WeakMap if available.
+
+Warning: this implementation will leak memory until you `delete` the `key`.
+Use [`side-channel`](https://npmjs.com/side-channel) for the best available strategy.
+
+## Getting started
+
+```sh
+npm install --save side-channel-weakmap
+```
+
+## Usage/Examples
+
+```js
+const assert = require('assert');
+const getSideChannelList = require('side-channel-weakmap');
+
+const channel = getSideChannelList();
+
+const key = {};
+assert.equal(channel.has(key), false);
+assert.throws(() => channel.assert(key), TypeError);
+
+channel.set(key, 42);
+
+channel.assert(key); // does not throw
+assert.equal(channel.has(key), true);
+assert.equal(channel.get(key), 42);
+
+channel.delete(key);
+assert.equal(channel.has(key), false);
+assert.throws(() => channel.assert(key), TypeError);
+```
+
+## Tests
+
+Clone the repo, `npm install`, and run `npm test`
+
+[package-url]: https://npmjs.org/package/side-channel-weakmap
+[npm-version-svg]: https://versionbadg.es/ljharb/side-channel-weakmap.svg
+[deps-svg]: https://david-dm.org/ljharb/side-channel-weakmap.svg
+[deps-url]: https://david-dm.org/ljharb/side-channel-weakmap
+[dev-deps-svg]: https://david-dm.org/ljharb/side-channel-weakmap/dev-status.svg
+[dev-deps-url]: https://david-dm.org/ljharb/side-channel-weakmap#info=devDependencies
+[npm-badge-png]: https://nodei.co/npm/side-channel-weakmap.png?downloads=true&stars=true
+[license-image]: https://img.shields.io/npm/l/side-channel-weakmap.svg
+[license-url]: LICENSE
+[downloads-image]: https://img.shields.io/npm/dm/side-channel-weakmap.svg
+[downloads-url]: https://npm-stat.com/charts.html?package=side-channel-weakmap
+[codecov-image]: https://codecov.io/gh/ljharb/side-channel-weakmap/branch/main/graphs/badge.svg
+[codecov-url]: https://app.codecov.io/gh/ljharb/side-channel-weakmap/
+[actions-image]: https://img.shields.io/endpoint?url=https://github-actions-badge-u3jn4tfpocch.runkit.sh/ljharb/side-channel-weakmap
+[actions-url]: https://github.com/ljharb/side-channel-weakmap/actions
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-weakmap/index.d.ts b/src/Servers/ExpressServer/node_modules/side-channel-weakmap/index.d.ts
new file mode 100644
index 0000000..ce1bc2a
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/side-channel-weakmap/index.d.ts
@@ -0,0 +1,15 @@
+declare namespace getSideChannelWeakMap {
+	type Channel<K, V> = {
+		assert: (key: K) => void;
+		has: (key: K) => boolean;
+		get: (key: K) => V | undefined;
+		set: (key: K, value: V) => void;
+		delete: (key: K) => boolean;
+	}
+}
+
+declare function getSideChannelWeakMap<K, V>(): getSideChannelWeakMap.Channel<K, V>;
+
+declare const x: false | typeof getSideChannelWeakMap;
+
+export = x;
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-weakmap/index.js b/src/Servers/ExpressServer/node_modules/side-channel-weakmap/index.js
new file mode 100644
index 0000000..e5b8183
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/side-channel-weakmap/index.js
@@ -0,0 +1,84 @@
+'use strict';
+
+var GetIntrinsic = require('get-intrinsic');
+var callBound = require('call-bound');
+var inspect = require('object-inspect');
+var getSideChannelMap = require('side-channel-map');
+
+var $TypeError = require('es-errors/type');
+var $WeakMap = GetIntrinsic('%WeakMap%', true);
+
+/** @type {<K extends object, V>(thisArg: WeakMap<K, V>, key: K) => V} */
+var $weakMapGet = callBound('WeakMap.prototype.get', true);
+/** @type {<K extends object, V>(thisArg: WeakMap<K, V>, key: K, value: V) => void} */
+var $weakMapSet = callBound('WeakMap.prototype.set', true);
+/** @type {<K extends object, V>(thisArg: WeakMap<K, V>, key: K) => boolean} */
+var $weakMapHas = callBound('WeakMap.prototype.has', true);
+/** @type {<K extends object, V>(thisArg: WeakMap<K, V>, key: K) => boolean} */
+var $weakMapDelete = callBound('WeakMap.prototype.delete', true);
+
+/** @type {import('.')} */
+module.exports = $WeakMap
+	? /** @type {Exclude<import('.'), false>} */ function getSideChannelWeakMap() {
+		/** @typedef {ReturnType<typeof getSideChannelWeakMap>} Channel */
+		/** @typedef {Parameters<Channel['get']>[0]} K */
+		/** @typedef {Parameters<Channel['set']>[1]} V */
+
+		/** @type {WeakMap<K & object, V> | undefined} */ var $wm;
+		/** @type {Channel | undefined} */ var $m;
+
+		/** @type {Channel} */
+		var channel = {
+			assert: function (key) {
+				if (!channel.has(key)) {
+					throw new $TypeError('Side channel does not contain ' + inspect(key));
+				}
+			},
+			'delete': function (key) {
+				if ($WeakMap && key && (typeof key === 'object' || typeof key === 'function')) {
+					if ($wm) {
+						return $weakMapDelete($wm, key);
+					}
+				} else if (getSideChannelMap) {
+					if ($m) {
+						return $m['delete'](key);
+					}
+				}
+				return false;
+			},
+			get: function (key) {
+				if ($WeakMap && key && (typeof key === 'object' || typeof key === 'function')) {
+					if ($wm) {
+						return $weakMapGet($wm, key);
+					}
+				}
+				return $m && $m.get(key);
+			},
+			has: function (key) {
+				if ($WeakMap && key && (typeof key === 'object' || typeof key === 'function')) {
+					if ($wm) {
+						return $weakMapHas($wm, key);
+					}
+				}
+				return !!$m && $m.has(key);
+			},
+			set: function (key, value) {
+				if ($WeakMap && key && (typeof key === 'object' || typeof key === 'function')) {
+					if (!$wm) {
+						$wm = new $WeakMap();
+					}
+					$weakMapSet($wm, key, value);
+				} else if (getSideChannelMap) {
+					if (!$m) {
+						$m = getSideChannelMap();
+					}
+					// eslint-disable-next-line no-extra-parens
+					/** @type {NonNullable<typeof $m>} */ ($m).set(key, value);
+				}
+			}
+		};
+
+		// @ts-expect-error TODO: figure out why this is erroring
+		return channel;
+	}
+	: getSideChannelMap;
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-weakmap/package.json b/src/Servers/ExpressServer/node_modules/side-channel-weakmap/package.json
new file mode 100644
index 0000000..9ef6583
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/side-channel-weakmap/package.json
@@ -0,0 +1,87 @@
+{
+	"name": "side-channel-weakmap",
+	"version": "1.0.2",
+	"description": "Store information about any JS value in a side channel. Uses WeakMap if available.",
+	"main": "index.js",
+	"exports": {
+		".": "./index.js",
+		"./package.json": "./package.json"
+	},
+	"types": "./index.d.ts",
+	"scripts": {
+		"prepack": "npmignore --auto --commentLines=autogenerated",
+		"prepublishOnly": "safe-publish-latest",
+		"prepublish": "not-in-publish || npm run prepublishOnly",
+		"prelint": "eclint check $(git ls-files | xargs find 2> /dev/null | grep -vE 'node_modules|\\.git')",
+		"lint": "eslint --ext=js,mjs .",
+		"postlint": "tsc -p . && attw -P",
+		"pretest": "npm run lint",
+		"tests-only": "nyc tape 'test/**/*.js'",
+		"test": "npm run tests-only",
+		"posttest": "npx npm@'>=10.2' audit --production",
+		"version": "auto-changelog && git add CHANGELOG.md",
+		"postversion": "auto-changelog && git add CHANGELOG.md && git commit --no-edit --amend && git tag -f \"v$(node -e \"console.log(require('./package.json').version)\")\""
+	},
+	"repository": {
+		"type": "git",
+		"url": "git+https://github.com/ljharb/side-channel-weakmap.git"
+	},
+	"keywords": [
+		"weakmap",
+		"map",
+		"side",
+		"channel",
+		"metadata"
+	],
+	"author": "Jordan Harband <ljharb@gmail.com>",
+	"funding": {
+		"url": "https://github.com/sponsors/ljharb"
+	},
+	"license": "MIT",
+	"bugs": {
+		"url": "https://github.com/ljharb/side-channel-weakmap/issues"
+	},
+	"homepage": "https://github.com/ljharb/side-channel-weakmap#readme",
+	"dependencies": {
+		"call-bound": "^1.0.2",
+		"es-errors": "^1.3.0",
+		"get-intrinsic": "^1.2.5",
+		"object-inspect": "^1.13.3",
+		"side-channel-map": "^1.0.1"
+	},
+	"devDependencies": {
+		"@arethetypeswrong/cli": "^0.17.1",
+		"@ljharb/eslint-config": "^21.1.1",
+		"@ljharb/tsconfig": "^0.2.2",
+		"@types/call-bind": "^1.0.5",
+		"@types/get-intrinsic": "^1.2.3",
+		"@types/object-inspect": "^1.13.0",
+		"@types/tape": "^5.6.5",
+		"auto-changelog": "^2.5.0",
+		"eclint": "^2.8.1",
+		"encoding": "^0.1.13",
+		"eslint": "=8.8.0",
+		"in-publish": "^2.0.1",
+		"npmignore": "^0.3.1",
+		"nyc": "^10.3.2",
+		"safe-publish-latest": "^2.0.0",
+		"tape": "^5.9.0",
+		"typescript": "next"
+	},
+	"auto-changelog": {
+		"output": "CHANGELOG.md",
+		"template": "keepachangelog",
+		"unreleased": false,
+		"commitLimit": false,
+		"backfillLimit": false,
+		"hideCredit": true
+	},
+	"publishConfig": {
+		"ignore": [
+			".github/workflows"
+		]
+	},
+	"engines": {
+		"node": ">= 0.4"
+	}
+}
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-weakmap/test/index.js b/src/Servers/ExpressServer/node_modules/side-channel-weakmap/test/index.js
new file mode 100644
index 0000000..a01248b
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/side-channel-weakmap/test/index.js
@@ -0,0 +1,114 @@
+'use strict';
+
+var test = require('tape');
+
+var getSideChannelWeakMap = require('../');
+
+test('getSideChannelMap', { skip: typeof WeakMap !== 'function' && typeof Map !== 'function' }, function (t) {
+	var getSideChannel = getSideChannelWeakMap || function () {
+		throw new EvalError('should never happen');
+	};
+
+	t.test('export', function (st) {
+		st.equal(typeof getSideChannel, 'function', 'is a function');
+
+		st.equal(getSideChannel.length, 0, 'takes no arguments');
+
+		var channel = getSideChannel();
+		st.ok(channel, 'is truthy');
+		st.equal(typeof channel, 'object', 'is an object');
+		st.end();
+	});
+
+	t.test('assert', function (st) {
+		var channel = getSideChannel();
+		st['throws'](
+			function () { channel.assert({}); },
+			TypeError,
+			'nonexistent value throws'
+		);
+
+		var o = {};
+		channel.set(o, 'data');
+		st.doesNotThrow(function () { channel.assert(o); }, 'existent value noops');
+
+		st.end();
+	});
+
+	t.test('has', function (st) {
+		var channel = getSideChannel();
+		/** @type {unknown[]} */ var o = [];
+
+		st.equal(channel.has(o), false, 'nonexistent value yields false');
+
+		channel.set(o, 'foo');
+		st.equal(channel.has(o), true, 'existent value yields true');
+
+		st.equal(channel.has('abc'), false, 'non object value non existent yields false');
+
+		channel.set('abc', 'foo');
+		st.equal(channel.has('abc'), true, 'non object value that exists yields true');
+
+		st.end();
+	});
+
+	t.test('get', function (st) {
+		var channel = getSideChannel();
+		var o = {};
+		st.equal(channel.get(o), undefined, 'nonexistent value yields undefined');
+
+		var data = {};
+		channel.set(o, data);
+		st.equal(channel.get(o), data, '"get" yields data set by "set"');
+
+		st.end();
+	});
+
+	t.test('set', function (st) {
+		var channel = getSideChannel();
+		var o = function () {};
+		st.equal(channel.get(o), undefined, 'value not set');
+
+		channel.set(o, 42);
+		st.equal(channel.get(o), 42, 'value was set');
+
+		channel.set(o, Infinity);
+		st.equal(channel.get(o), Infinity, 'value was set again');
+
+		var o2 = {};
+		channel.set(o2, 17);
+		st.equal(channel.get(o), Infinity, 'o is not modified');
+		st.equal(channel.get(o2), 17, 'o2 is set');
+
+		channel.set(o, 14);
+		st.equal(channel.get(o), 14, 'o is modified');
+		st.equal(channel.get(o2), 17, 'o2 is not modified');
+
+		st.end();
+	});
+
+	t.test('delete', function (st) {
+		var channel = getSideChannel();
+		var o = {};
+		st.equal(channel['delete']({}), false, 'nonexistent value yields false');
+
+		channel.set(o, 42);
+		st.equal(channel.has(o), true, 'value is set');
+
+		st.equal(channel['delete']({}), false, 'nonexistent value still yields false');
+
+		st.equal(channel['delete'](o), true, 'deleted value yields true');
+
+		st.equal(channel.has(o), false, 'value is no longer set');
+
+		st.end();
+	});
+
+	t.end();
+});
+
+test('getSideChannelMap, no WeakMaps and/or Maps', { skip: typeof WeakMap === 'function' || typeof Map === 'function' }, function (t) {
+	t.equal(getSideChannelWeakMap, false, 'is false');
+
+	t.end();
+});
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-weakmap/tsconfig.json b/src/Servers/ExpressServer/node_modules/side-channel-weakmap/tsconfig.json
new file mode 100644
index 0000000..d9a6668
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/side-channel-weakmap/tsconfig.json
@@ -0,0 +1,9 @@
+{
+	"extends": "@ljharb/tsconfig",
+	"compilerOptions": {
+		"target": "es2021",
+	},
+	"exclude": [
+		"coverage",
+	],
+}
diff --git a/src/Servers/ExpressServer/node_modules/side-channel/.editorconfig b/src/Servers/ExpressServer/node_modules/side-channel/.editorconfig
new file mode 100644
index 0000000..72e0eba
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/side-channel/.editorconfig
@@ -0,0 +1,9 @@
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+insert_final_newline = true
+indent_style = tab
+indent_size = 2
+trim_trailing_whitespace = true
diff --git a/src/Servers/ExpressServer/node_modules/side-channel/.eslintrc b/src/Servers/ExpressServer/node_modules/side-channel/.eslintrc
new file mode 100644
index 0000000..9b13ad8
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/side-channel/.eslintrc
@@ -0,0 +1,12 @@
+{
+	"root": true,
+
+	"extends": "@ljharb",
+
+	"rules": {
+		"id-length": 0,
+		"max-lines-per-function": 0,
+		"multiline-comment-style": 1,
+		"new-cap": [2, { "capIsNewExceptions": ["GetIntrinsic"] }],
+	},
+}
diff --git a/src/Servers/ExpressServer/node_modules/side-channel/.github/FUNDING.yml b/src/Servers/ExpressServer/node_modules/side-channel/.github/FUNDING.yml
new file mode 100644
index 0000000..2a94840
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/side-channel/.github/FUNDING.yml
@@ -0,0 +1,12 @@
+# These are supported funding model platforms
+
+github: [ljharb]
+patreon: # Replace with a single Patreon username
+open_collective: # Replace with a single Open Collective username
+ko_fi: # Replace with a single Ko-fi username
+tidelift: npm/side-channel
+community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
+liberapay: # Replace with a single Liberapay username
+issuehunt: # Replace with a single IssueHunt username
+otechie: # Replace with a single Otechie username
+custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']
diff --git a/src/Servers/ExpressServer/node_modules/side-channel/.nycrc b/src/Servers/ExpressServer/node_modules/side-channel/.nycrc
new file mode 100644
index 0000000..1826526
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/side-channel/.nycrc
@@ -0,0 +1,13 @@
+{
+	"all": true,
+	"check-coverage": false,
+	"reporter": ["text-summary", "text", "html", "json"],
+	"lines": 86,
+	"statements": 85.93,
+	"functions": 82.43,
+	"branches": 76.06,
+	"exclude": [
+		"coverage",
+		"test"
+	]
+}
diff --git a/src/Servers/ExpressServer/node_modules/side-channel/CHANGELOG.md b/src/Servers/ExpressServer/node_modules/side-channel/CHANGELOG.md
new file mode 100644
index 0000000..58e378c
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/side-channel/CHANGELOG.md
@@ -0,0 +1,110 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [v1.1.0](https://github.com/ljharb/side-channel/compare/v1.0.6...v1.1.0) - 2024-12-11
+
+### Commits
+
+- [Refactor] extract implementations to `side-channel-weakmap`, `side-channel-map`, `side-channel-list` [`ada5955`](https://github.com/ljharb/side-channel/commit/ada595549a5c4c6c853756d598846b180941c6da)
+- [New] add `channel.delete` [`c01d2d3`](https://github.com/ljharb/side-channel/commit/c01d2d3fd51dbb1ce6da72ad7916e61bd6172aad)
+- [types] improve types [`0c54356`](https://github.com/ljharb/side-channel/commit/0c5435651417df41b8cc1a5f7cdce8bffae68cde)
+- [readme] add content [`be24868`](https://github.com/ljharb/side-channel/commit/be248682ac294b0e22c883092c45985aa91c490a)
+- [actions] split out node 10-20, and 20+ [`c4488e2`](https://github.com/ljharb/side-channel/commit/c4488e241ef3d49a19fe266ac830a2e644305911)
+- [types] use shared tsconfig [`0e0d57c`](https://github.com/ljharb/side-channel/commit/0e0d57c2ff17c7b45c6cbd43ebcf553edc9e3adc)
+- [Dev Deps] update `@ljharb/eslint-config`, `@ljharb/tsconfig`, `@types/get-intrinsic`, `@types/object-inspect`, `@types/tape`, `auto-changelog`, `tape` [`fb4f622`](https://github.com/ljharb/side-channel/commit/fb4f622e64a99a1e40b6e5cd7691674a9dc429e4)
+- [Deps] update `call-bind`, `get-intrinsic`, `object-inspect` [`b78336b`](https://github.com/ljharb/side-channel/commit/b78336b886172d1b457d414ac9e28de8c5fecc78)
+- [Tests] replace `aud` with `npm audit` [`ee3ab46`](https://github.com/ljharb/side-channel/commit/ee3ab4690d954311c35115651bcfd45edd205aa1)
+- [Dev Deps] add missing peer dep [`c03e21a`](https://github.com/ljharb/side-channel/commit/c03e21a7def3b67cdc15ae22316884fefcb2f6a8)
+
+## [v1.0.6](https://github.com/ljharb/side-channel/compare/v1.0.5...v1.0.6) - 2024-02-29
+
+### Commits
+
+- add types [`9beef66`](https://github.com/ljharb/side-channel/commit/9beef6643e6d717ea57bedabf86448123a7dd9e9)
+- [meta] simplify `exports` [`4334cf9`](https://github.com/ljharb/side-channel/commit/4334cf9df654151504c383b62a2f9ebdc8d9d5ac)
+- [Deps] update `call-bind` [`d6043c4`](https://github.com/ljharb/side-channel/commit/d6043c4d8f4d7be9037dd0f0419c7a2e0e39ec6a)
+- [Dev Deps] update `tape` [`6aca376`](https://github.com/ljharb/side-channel/commit/6aca3761868dc8cd5ff7fd9799bf6b95e09a6eb0)
+
+## [v1.0.5](https://github.com/ljharb/side-channel/compare/v1.0.4...v1.0.5) - 2024-02-06
+
+### Commits
+
+- [actions] reuse common workflows [`3d2e1ff`](https://github.com/ljharb/side-channel/commit/3d2e1ffd16dd6eaaf3e40ff57951f840d2d63c04)
+- [meta] use `npmignore` to autogenerate an npmignore file [`04296ea`](https://github.com/ljharb/side-channel/commit/04296ea17d1544b0a5d20fd5bfb31aa4f6513eb9)
+- [meta] add `.editorconfig`; add `eclint` [`130f0a6`](https://github.com/ljharb/side-channel/commit/130f0a6adbc04d385c7456a601d38344dce3d6a9)
+- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `aud`, `auto-changelog`, `safe-publish-latest`, `tape` [`d480c2f`](https://github.com/ljharb/side-channel/commit/d480c2fbe757489ae9b4275491ffbcc3ac4725e9)
+- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `aud`, `auto-changelog`, `tape` [`ecbe70e`](https://github.com/ljharb/side-channel/commit/ecbe70e53a418234081a77971fec1fdfae20c841)
+- [actions] update rebase action [`75240b9`](https://github.com/ljharb/side-channel/commit/75240b9963b816e8846400d2287cb68f88c7fba7)
+- [Dev Deps] update `@ljharb/eslint-config`, `aud`, `npmignore`, `tape` [`ae8d281`](https://github.com/ljharb/side-channel/commit/ae8d281572430099109870fd9430d2ca3f320b8d)
+- [Dev Deps] update `@ljharb/eslint-config`, `aud`, `tape` [`7125b88`](https://github.com/ljharb/side-channel/commit/7125b885fd0eacad4fee9b073b72d14065ece278)
+- [Deps] update `call-bind`, `get-intrinsic`, `object-inspect` [`82577c9`](https://github.com/ljharb/side-channel/commit/82577c9796304519139a570f82a317211b5f3b86)
+- [Deps] update `call-bind`, `get-intrinsic`, `object-inspect` [`550aadf`](https://github.com/ljharb/side-channel/commit/550aadf20475a6081fd70304cc54f77259a5c8a8)
+- [Tests] increase coverage [`5130877`](https://github.com/ljharb/side-channel/commit/5130877a7b27c862e64e6d1c12a178b28808859d)
+- [Deps] update `get-intrinsic`, `object-inspect` [`ba0194c`](https://github.com/ljharb/side-channel/commit/ba0194c505b1a8a0427be14cadd5b8a46d4d01b8)
+- [meta] add missing `engines.node` [`985fd24`](https://github.com/ljharb/side-channel/commit/985fd249663cb06617a693a94fe08cad12f5cb70)
+- [Refactor] use `es-errors`, so things that only need those do not need `get-intrinsic` [`40227a8`](https://github.com/ljharb/side-channel/commit/40227a87b01709ad2c0eebf87eb4223a800099b9)
+- [Deps] update `get-intrinsic` [`a989b40`](https://github.com/ljharb/side-channel/commit/a989b4024958737ae7be9fbffdeff2078f33a0fd)
+- [Deps] update `object-inspect` [`aec42d2`](https://github.com/ljharb/side-channel/commit/aec42d2ec541a31aaa02475692c87d489237d9a3)
+
+## [v1.0.4](https://github.com/ljharb/side-channel/compare/v1.0.3...v1.0.4) - 2020-12-29
+
+### Commits
+
+- [Tests] migrate tests to Github Actions [`10909cb`](https://github.com/ljharb/side-channel/commit/10909cbf8ce9c0bf96f604cf13d7ffd5a22c2d40)
+- [Refactor] Use a linked list rather than an array, and move accessed nodes to the beginning [`195613f`](https://github.com/ljharb/side-channel/commit/195613f28b5c1e6072ef0b61b5beebaf2b6a304e)
+- [meta] do not publish github action workflow files [`290ec29`](https://github.com/ljharb/side-channel/commit/290ec29cd21a60585145b4a7237ec55228c52c27)
+- [Tests] run `nyc` on all tests; use `tape` runner [`ea6d030`](https://github.com/ljharb/side-channel/commit/ea6d030ff3fe6be2eca39e859d644c51ecd88869)
+- [actions] add "Allow Edits" workflow [`d464d8f`](https://github.com/ljharb/side-channel/commit/d464d8fe52b5eddf1504a0ed97f0941a90f32c15)
+- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `aud`, `auto-changelog` [`02daca8`](https://github.com/ljharb/side-channel/commit/02daca87c6809821c97be468d1afa2f5ef447383)
+- [Refactor] use `call-bind` and `get-intrinsic` instead of `es-abstract` [`e09d481`](https://github.com/ljharb/side-channel/commit/e09d481528452ebafa5cdeae1af665c35aa2deee)
+- [Deps] update `object.assign` [`ee83aa8`](https://github.com/ljharb/side-channel/commit/ee83aa81df313b5e46319a63adb05cf0c179079a)
+- [actions] update rebase action to use checkout v2 [`7726b0b`](https://github.com/ljharb/side-channel/commit/7726b0b058b632fccea709f58960871defaaa9d7)
+
+## [v1.0.3](https://github.com/ljharb/side-channel/compare/v1.0.2...v1.0.3) - 2020-08-23
+
+### Commits
+
+- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `aud`, `auto-changelog`, `tape` [`1f10561`](https://github.com/ljharb/side-channel/commit/1f105611ef3acf32dec8032ae5c0baa5e56bb868)
+- [Deps] update `es-abstract`, `object-inspect` [`bc20159`](https://github.com/ljharb/side-channel/commit/bc201597949a505e37cef9eaf24c7010831e6f03)
+- [Dev Deps] update `@ljharb/eslint-config`, `tape` [`b9b2b22`](https://github.com/ljharb/side-channel/commit/b9b2b225f9e0ea72a6ec2b89348f0bd690bc9ed1)
+- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `tape` [`7055ab4`](https://github.com/ljharb/side-channel/commit/7055ab4de0860606efd2003674a74f1fe6ebc07e)
+- [Dev Deps] update `auto-changelog`; add `aud` [`d278c37`](https://github.com/ljharb/side-channel/commit/d278c37d08227be4f84aa769fcd919e73feeba40)
+- [actions] switch Automatic Rebase workflow to `pull_request_target` event [`3bcf982`](https://github.com/ljharb/side-channel/commit/3bcf982faa122745b39c33ce83d32fdf003741c6)
+- [Tests] only audit prod deps [`18d01c4`](https://github.com/ljharb/side-channel/commit/18d01c4015b82a3d75044c4d5ba7917b2eac01ec)
+- [Deps] update `es-abstract` [`6ab096d`](https://github.com/ljharb/side-channel/commit/6ab096d9de2b482cf5e0717e34e212f5b2b9bc9a)
+- [Dev Deps] update `tape` [`9dc174c`](https://github.com/ljharb/side-channel/commit/9dc174cc651dfd300b4b72da936a0a7eda5f9452)
+- [Deps] update `es-abstract` [`431d0f0`](https://github.com/ljharb/side-channel/commit/431d0f0ff11fbd2ae6f3115582a356d3a1cfce82)
+- [Deps] update `es-abstract` [`49869fd`](https://github.com/ljharb/side-channel/commit/49869fd323bf4453f0ba515c0fb265cf5ab7b932)
+- [meta] Add package.json to package's exports [`77d9cdc`](https://github.com/ljharb/side-channel/commit/77d9cdceb2a9e47700074f2ae0c0a202e7dac0d4)
+
+## [v1.0.2](https://github.com/ljharb/side-channel/compare/v1.0.1...v1.0.2) - 2019-12-20
+
+### Commits
+
+- [Dev Deps] update `@ljharb/eslint-config`, `tape` [`4a526df`](https://github.com/ljharb/side-channel/commit/4a526df44e4701566ed001ec78546193f818b082)
+- [Deps] update `es-abstract` [`d4f6e62`](https://github.com/ljharb/side-channel/commit/d4f6e629b6fb93a07415db7f30d3c90fd7f264fe)
+
+## [v1.0.1](https://github.com/ljharb/side-channel/compare/v1.0.0...v1.0.1) - 2019-12-01
+
+### Commits
+
+- [Fix] add missing "exports" [`d212907`](https://github.com/ljharb/side-channel/commit/d2129073abf0701a5343bf28aa2145617604dc2e)
+
+## v1.0.0 - 2019-12-01
+
+### Commits
+
+- Initial implementation [`dbebd3a`](https://github.com/ljharb/side-channel/commit/dbebd3a4b5ed64242f9a6810efe7c4214cd8cde4)
+- Initial tests [`73bdefe`](https://github.com/ljharb/side-channel/commit/73bdefe568c9076cf8c0b8719bc2141aec0e19b8)
+- Initial commit [`43c03e1`](https://github.com/ljharb/side-channel/commit/43c03e1c2849ec50a87b7a5cd76238a62b0b8770)
+- npm init [`5c090a7`](https://github.com/ljharb/side-channel/commit/5c090a765d66a5527d9889b89aeff78dee91348c)
+- [meta] add `auto-changelog` [`a5c4e56`](https://github.com/ljharb/side-channel/commit/a5c4e5675ec02d5eb4d84b4243aeea2a1d38fbec)
+- [actions] add automatic rebasing / merge commit blocking [`bab1683`](https://github.com/ljharb/side-channel/commit/bab1683d8f9754b086e94397699fdc645e0d7077)
+- [meta] add `funding` field; create FUNDING.yml [`63d7aea`](https://github.com/ljharb/side-channel/commit/63d7aeaf34f5650650ae97ca4b9fae685bd0937c)
+- [Tests] add `npm run lint` [`46a5a81`](https://github.com/ljharb/side-channel/commit/46a5a81705cd2664f83df232c01dbbf2ee952885)
+- Only apps should have lockfiles [`8b16b03`](https://github.com/ljharb/side-channel/commit/8b16b0305f00895d90c4e2e5773c854cfea0e448)
+- [meta] add `safe-publish-latest` [`2f098ef`](https://github.com/ljharb/side-channel/commit/2f098ef092a39399cfe548b19a1fc03c2fd2f490)
diff --git a/src/Servers/ExpressServer/node_modules/side-channel/LICENSE b/src/Servers/ExpressServer/node_modules/side-channel/LICENSE
new file mode 100644
index 0000000..3900dd7
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/side-channel/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2019 Jordan Harband
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/side-channel/README.md b/src/Servers/ExpressServer/node_modules/side-channel/README.md
new file mode 100644
index 0000000..cc7e103
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/side-channel/README.md
@@ -0,0 +1,61 @@
+# side-channel <sup>[![Version Badge][npm-version-svg]][package-url]</sup>
+
+[![github actions][actions-image]][actions-url]
+[![coverage][codecov-image]][codecov-url]
+[![License][license-image]][license-url]
+[![Downloads][downloads-image]][downloads-url]
+
+[![npm badge][npm-badge-png]][package-url]
+
+Store information about any JS value in a side channel. Uses WeakMap if available.
+
+Warning: in an environment that lacks `WeakMap`, this implementation will leak memory until you `delete` the `key`.
+
+## Getting started
+
+```sh
+npm install --save side-channel
+```
+
+## Usage/Examples
+
+```js
+const assert = require('assert');
+const getSideChannel = require('side-channel');
+
+const channel = getSideChannel();
+
+const key = {};
+assert.equal(channel.has(key), false);
+assert.throws(() => channel.assert(key), TypeError);
+
+channel.set(key, 42);
+
+channel.assert(key); // does not throw
+assert.equal(channel.has(key), true);
+assert.equal(channel.get(key), 42);
+
+channel.delete(key);
+assert.equal(channel.has(key), false);
+assert.throws(() => channel.assert(key), TypeError);
+```
+
+## Tests
+
+Clone the repo, `npm install`, and run `npm test`
+
+[package-url]: https://npmjs.org/package/side-channel
+[npm-version-svg]: https://versionbadg.es/ljharb/side-channel.svg
+[deps-svg]: https://david-dm.org/ljharb/side-channel.svg
+[deps-url]: https://david-dm.org/ljharb/side-channel
+[dev-deps-svg]: https://david-dm.org/ljharb/side-channel/dev-status.svg
+[dev-deps-url]: https://david-dm.org/ljharb/side-channel#info=devDependencies
+[npm-badge-png]: https://nodei.co/npm/side-channel.png?downloads=true&stars=true
+[license-image]: https://img.shields.io/npm/l/side-channel.svg
+[license-url]: LICENSE
+[downloads-image]: https://img.shields.io/npm/dm/side-channel.svg
+[downloads-url]: https://npm-stat.com/charts.html?package=side-channel
+[codecov-image]: https://codecov.io/gh/ljharb/side-channel/branch/main/graphs/badge.svg
+[codecov-url]: https://app.codecov.io/gh/ljharb/side-channel/
+[actions-image]: https://img.shields.io/endpoint?url=https://github-actions-badge-u3jn4tfpocch.runkit.sh/ljharb/side-channel
+[actions-url]: https://github.com/ljharb/side-channel/actions
diff --git a/src/Servers/ExpressServer/node_modules/side-channel/index.d.ts b/src/Servers/ExpressServer/node_modules/side-channel/index.d.ts
new file mode 100644
index 0000000..18c6317
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/side-channel/index.d.ts
@@ -0,0 +1,14 @@
+import getSideChannelList from 'side-channel-list';
+import getSideChannelMap from 'side-channel-map';
+import getSideChannelWeakMap from 'side-channel-weakmap';
+
+declare namespace getSideChannel {
+	type Channel<K, V> =
+		| getSideChannelList.Channel<K, V>
+		| ReturnType<Exclude<typeof getSideChannelMap<K, V>, false>>
+		| ReturnType<Exclude<typeof getSideChannelWeakMap<K, V>, false>>;
+}
+
+declare function getSideChannel<K, V>(): getSideChannel.Channel<K, V>;
+
+export = getSideChannel;
diff --git a/src/Servers/ExpressServer/node_modules/side-channel/index.js b/src/Servers/ExpressServer/node_modules/side-channel/index.js
new file mode 100644
index 0000000..a8a9b05
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/side-channel/index.js
@@ -0,0 +1,43 @@
+'use strict';
+
+var $TypeError = require('es-errors/type');
+var inspect = require('object-inspect');
+var getSideChannelList = require('side-channel-list');
+var getSideChannelMap = require('side-channel-map');
+var getSideChannelWeakMap = require('side-channel-weakmap');
+
+var makeChannel = getSideChannelWeakMap || getSideChannelMap || getSideChannelList;
+
+/** @type {import('.')} */
+module.exports = function getSideChannel() {
+	/** @typedef {ReturnType<typeof getSideChannel>} Channel */
+
+	/** @type {Channel | undefined} */ var $channelData;
+
+	/** @type {Channel} */
+	var channel = {
+		assert: function (key) {
+			if (!channel.has(key)) {
+				throw new $TypeError('Side channel does not contain ' + inspect(key));
+			}
+		},
+		'delete': function (key) {
+			return !!$channelData && $channelData['delete'](key);
+		},
+		get: function (key) {
+			return $channelData && $channelData.get(key);
+		},
+		has: function (key) {
+			return !!$channelData && $channelData.has(key);
+		},
+		set: function (key, value) {
+			if (!$channelData) {
+				$channelData = makeChannel();
+			}
+
+			$channelData.set(key, value);
+		}
+	};
+	// @ts-expect-error TODO: figure out why this is erroring
+	return channel;
+};
diff --git a/src/Servers/ExpressServer/node_modules/side-channel/package.json b/src/Servers/ExpressServer/node_modules/side-channel/package.json
new file mode 100644
index 0000000..30fa42c
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/side-channel/package.json
@@ -0,0 +1,85 @@
+{
+	"name": "side-channel",
+	"version": "1.1.0",
+	"description": "Store information about any JS value in a side channel. Uses WeakMap if available.",
+	"main": "index.js",
+	"exports": {
+		".": "./index.js",
+		"./package.json": "./package.json"
+	},
+	"types": "./index.d.ts",
+	"scripts": {
+		"prepack": "npmignore --auto --commentLines=autogenerated",
+		"prepublishOnly": "safe-publish-latest",
+		"prepublish": "not-in-publish || npm run prepublishOnly",
+		"prelint": "eclint check $(git ls-files | xargs find 2> /dev/null | grep -vE 'node_modules|\\.git')",
+		"lint": "eslint --ext=js,mjs .",
+		"postlint": "tsc -p . && attw -P",
+		"pretest": "npm run lint",
+		"tests-only": "nyc tape 'test/**/*.js'",
+		"test": "npm run tests-only",
+		"posttest": "npx npm@'>=10.2' audit --production",
+		"version": "auto-changelog && git add CHANGELOG.md",
+		"postversion": "auto-changelog && git add CHANGELOG.md && git commit --no-edit --amend && git tag -f \"v$(node -e \"console.log(require('./package.json').version)\")\""
+	},
+	"repository": {
+		"type": "git",
+		"url": "git+https://github.com/ljharb/side-channel.git"
+	},
+	"keywords": [
+		"weakmap",
+		"map",
+		"side",
+		"channel",
+		"metadata"
+	],
+	"author": "Jordan Harband <ljharb@gmail.com>",
+	"funding": {
+		"url": "https://github.com/sponsors/ljharb"
+	},
+	"license": "MIT",
+	"bugs": {
+		"url": "https://github.com/ljharb/side-channel/issues"
+	},
+	"homepage": "https://github.com/ljharb/side-channel#readme",
+	"dependencies": {
+		"es-errors": "^1.3.0",
+		"object-inspect": "^1.13.3",
+		"side-channel-list": "^1.0.0",
+		"side-channel-map": "^1.0.1",
+		"side-channel-weakmap": "^1.0.2"
+	},
+	"devDependencies": {
+		"@arethetypeswrong/cli": "^0.17.1",
+		"@ljharb/eslint-config": "^21.1.1",
+		"@ljharb/tsconfig": "^0.2.2",
+		"@types/object-inspect": "^1.13.0",
+		"@types/tape": "^5.6.5",
+		"auto-changelog": "^2.5.0",
+		"eclint": "^2.8.1",
+		"encoding": "^0.1.13",
+		"eslint": "=8.8.0",
+		"in-publish": "^2.0.1",
+		"npmignore": "^0.3.1",
+		"nyc": "^10.3.2",
+		"safe-publish-latest": "^2.0.0",
+		"tape": "^5.9.0",
+		"typescript": "next"
+	},
+	"auto-changelog": {
+		"output": "CHANGELOG.md",
+		"template": "keepachangelog",
+		"unreleased": false,
+		"commitLimit": false,
+		"backfillLimit": false,
+		"hideCredit": true
+	},
+	"publishConfig": {
+		"ignore": [
+			".github/workflows"
+		]
+	},
+	"engines": {
+		"node": ">= 0.4"
+	}
+}
diff --git a/src/Servers/ExpressServer/node_modules/side-channel/test/index.js b/src/Servers/ExpressServer/node_modules/side-channel/test/index.js
new file mode 100644
index 0000000..bd1e7c2
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/side-channel/test/index.js
@@ -0,0 +1,104 @@
+'use strict';
+
+var test = require('tape');
+
+var getSideChannel = require('../');
+
+test('getSideChannel', function (t) {
+	t.test('export', function (st) {
+		st.equal(typeof getSideChannel, 'function', 'is a function');
+
+		st.equal(getSideChannel.length, 0, 'takes no arguments');
+
+		var channel = getSideChannel();
+		st.ok(channel, 'is truthy');
+		st.equal(typeof channel, 'object', 'is an object');
+		st.end();
+	});
+
+	t.test('assert', function (st) {
+		var channel = getSideChannel();
+		st['throws'](
+			function () { channel.assert({}); },
+			TypeError,
+			'nonexistent value throws'
+		);
+
+		var o = {};
+		channel.set(o, 'data');
+		st.doesNotThrow(function () { channel.assert(o); }, 'existent value noops');
+
+		st.end();
+	});
+
+	t.test('has', function (st) {
+		var channel = getSideChannel();
+		/** @type {unknown[]} */ var o = [];
+
+		st.equal(channel.has(o), false, 'nonexistent value yields false');
+
+		channel.set(o, 'foo');
+		st.equal(channel.has(o), true, 'existent value yields true');
+
+		st.equal(channel.has('abc'), false, 'non object value non existent yields false');
+
+		channel.set('abc', 'foo');
+		st.equal(channel.has('abc'), true, 'non object value that exists yields true');
+
+		st.end();
+	});
+
+	t.test('get', function (st) {
+		var channel = getSideChannel();
+		var o = {};
+		st.equal(channel.get(o), undefined, 'nonexistent value yields undefined');
+
+		var data = {};
+		channel.set(o, data);
+		st.equal(channel.get(o), data, '"get" yields data set by "set"');
+
+		st.end();
+	});
+
+	t.test('set', function (st) {
+		var channel = getSideChannel();
+		var o = function () {};
+		st.equal(channel.get(o), undefined, 'value not set');
+
+		channel.set(o, 42);
+		st.equal(channel.get(o), 42, 'value was set');
+
+		channel.set(o, Infinity);
+		st.equal(channel.get(o), Infinity, 'value was set again');
+
+		var o2 = {};
+		channel.set(o2, 17);
+		st.equal(channel.get(o), Infinity, 'o is not modified');
+		st.equal(channel.get(o2), 17, 'o2 is set');
+
+		channel.set(o, 14);
+		st.equal(channel.get(o), 14, 'o is modified');
+		st.equal(channel.get(o2), 17, 'o2 is not modified');
+
+		st.end();
+	});
+
+	t.test('delete', function (st) {
+		var channel = getSideChannel();
+		var o = {};
+		st.equal(channel['delete']({}), false, 'nonexistent value yields false');
+
+		channel.set(o, 42);
+		st.equal(channel.has(o), true, 'value is set');
+
+		st.equal(channel['delete']({}), false, 'nonexistent value still yields false');
+
+		st.equal(channel['delete'](o), true, 'deleted value yields true');
+
+		st.equal(channel.has(o), false, 'value is no longer set');
+
+		st.end();
+	});
+
+	t.end();
+});
diff --git a/src/Servers/ExpressServer/node_modules/side-channel/tsconfig.json b/src/Servers/ExpressServer/node_modules/side-channel/tsconfig.json
new file mode 100644
index 0000000..d9a6668
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/side-channel/tsconfig.json
@@ -0,0 +1,9 @@
+{
+	"extends": "@ljharb/tsconfig",
+	"compilerOptions": {
+		"target": "es2021",
+	},
+	"exclude": [
+		"coverage",
+	],
+}
diff --git a/src/Servers/ExpressServer/node_modules/statuses/HISTORY.md b/src/Servers/ExpressServer/node_modules/statuses/HISTORY.md
new file mode 100644
index 0000000..dc549b8
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/statuses/HISTORY.md
@@ -0,0 +1,87 @@
+2.0.2 / 2025-06-06
+==================
+
+  * Migrate to `String.prototype.slice()`
+
+2.0.1 / 2021-01-03
+==================
+
+  * Fix returning values from `Object.prototype`
+
+2.0.0 / 2020-04-19
+==================
+
+  * Drop support for Node.js 0.6
+  * Fix messaging casing of `418 I'm a Teapot`
+  * Remove code 306
+  * Remove `status[code]` exports; use `status.message[code]`
+  * Remove `status[msg]` exports; use `status.code[msg]`
+  * Rename `425 Unordered Collection` to standard `425 Too Early`
+  * Rename `STATUS_CODES` export to `message`
+  * Return status message for `statuses(code)` when given code
+
+1.5.0 / 2018-03-27
+==================
+
+  * Add `103 Early Hints`
+
+1.4.0 / 2017-10-20
+==================
+
+  * Add `STATUS_CODES` export
+
+1.3.1 / 2016-11-11
+==================
+
+  * Fix return type in JSDoc
+
+1.3.0 / 2016-05-17
+==================
+
+  * Add `421 Misdirected Request`
+  * perf: enable strict mode
+
+1.2.1 / 2015-02-01
+==================
+
+  * Fix message for status 451
+    - `451 Unavailable For Legal Reasons`
+
+1.2.0 / 2014-09-28
+==================
+
+  * Add `208 Already Repored`
+  * Add `226 IM Used`
+  * Add `306 (Unused)`
+  * Add `415 Unable For Legal Reasons`
+  * Add `508 Loop Detected`
+
+1.1.1 / 2014-09-24
+==================
+
+  * Add missing 308 to `codes.json`
+
+1.1.0 / 2014-09-21
+==================
+
+  * Add `codes.json` for universal support
+
+1.0.4 / 2014-08-20
+==================
+
+  * Package cleanup
+
+1.0.3 / 2014-06-08
+==================
+
+  * Add 308 to `.redirect` category
+
+1.0.2 / 2014-03-13
+==================
+
+  * Add `.retry` category
+
+1.0.1 / 2014-03-12
+==================
+
+  * Initial release
diff --git a/src/Servers/ExpressServer/node_modules/statuses/LICENSE b/src/Servers/ExpressServer/node_modules/statuses/LICENSE
new file mode 100644
index 0000000..28a3161
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/statuses/LICENSE
@@ -0,0 +1,23 @@
+
+The MIT License (MIT)
+
+Copyright (c) 2014 Jonathan Ong <me@jongleberry.com>
+Copyright (c) 2016 Douglas Christopher Wilson <doug@somethingdoug.com>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/statuses/README.md b/src/Servers/ExpressServer/node_modules/statuses/README.md
new file mode 100644
index 0000000..89d542f
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/statuses/README.md
@@ -0,0 +1,139 @@
+# statuses
+
+[![NPM Version][npm-version-image]][npm-url]
+[![NPM Downloads][npm-downloads-image]][npm-url]
+[![Node.js Version][node-version-image]][node-version-url]
+[![Build Status][ci-image]][ci-url]
+[![Test Coverage][coveralls-image]][coveralls-url]
+[![OpenSSF Scorecard Badge][ossf-scorecard-badge]][ossf-scorecard-visualizer]
+
+HTTP status utility for node.
+
+This module provides a list of status codes and messages sourced from
+a few different projects:
+
+  * The [IANA Status Code Registry](https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml)
+  * The [Node.js project](https://nodejs.org/)
+  * The [NGINX project](https://www.nginx.com/)
+  * The [Apache HTTP Server project](https://httpd.apache.org/)
+
+## Installation
+
+This is a [Node.js](https://nodejs.org/en/) module available through the
+[npm registry](https://www.npmjs.com/). Installation is done using the
+[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
+
+```sh
+$ npm install statuses
+```
+
+## API
+
+<!-- eslint-disable no-unused-vars -->
+
+```js
+var status = require('statuses')
+```
+
+### status(code)
+
+Returns the status message string for a known HTTP status code. The code
+may be a number or a string. An error is thrown for an unknown status code.
+
+<!-- eslint-disable no-undef -->
+
+```js
+status(403) // => 'Forbidden'
+status('403') // => 'Forbidden'
+status(306) // throws
+```
+
+### status(msg)
+
+Returns the numeric status code for a known HTTP status message. The message
+is case-insensitive. An error is thrown for an unknown status message.
+
+<!-- eslint-disable no-undef -->
+
+```js
+status('forbidden') // => 403
+status('Forbidden') // => 403
+status('foo') // throws
+```
+
+### status.codes
+
+Returns an array of all the status codes as `Integer`s.
+
+### status.code[msg]
+
+Returns the numeric status code for a known status message (in lower-case),
+otherwise `undefined`.
+
+<!-- eslint-disable no-undef, no-unused-expressions -->
+
+```js
+status['not found'] // => 404
+```
+
+### status.empty[code]
+
+Returns `true` if a status code expects an empty body.
+
+<!-- eslint-disable no-undef, no-unused-expressions -->
+
+```js
+status.empty[200] // => undefined
+status.empty[204] // => true
+status.empty[304] // => true
+```
+
+### status.message[code]
+
+Returns the string message for a known numeric status code, otherwise
+`undefined`. This object is the same format as the
+[Node.js http module `http.STATUS_CODES`](https://nodejs.org/dist/latest/docs/api/http.html#http_http_status_codes).
+
+<!-- eslint-disable no-undef, no-unused-expressions -->
+
+```js
+status.message[404] // => 'Not Found'
+```
+
+### status.redirect[code]
+
+Returns `true` if a status code is a valid redirect status.
+
+<!-- eslint-disable no-undef, no-unused-expressions -->
+
+```js
+status.redirect[200] // => undefined
+status.redirect[301] // => true
+```
+
+### status.retry[code]
+
+Returns `true` if you should retry the rest.
+
+<!-- eslint-disable no-undef, no-unused-expressions -->
+
+```js
+status.retry[501] // => undefined
+status.retry[503] // => true
+```
+
+## License
+
+[MIT](LICENSE)
+
+[ci-image]: https://badgen.net/github/checks/jshttp/statuses/master?label=ci
+[ci-url]: https://github.com/jshttp/statuses/actions?query=workflow%3Aci
+[coveralls-image]: https://badgen.net/coveralls/c/github/jshttp/statuses/master
+[coveralls-url]: https://coveralls.io/r/jshttp/statuses?branch=master
+[node-version-image]: https://badgen.net/npm/node/statuses
+[node-version-url]: https://nodejs.org/en/download
+[npm-downloads-image]: https://badgen.net/npm/dm/statuses
+[npm-url]: https://npmjs.org/package/statuses
+[npm-version-image]: https://badgen.net/npm/v/statuses
+[ossf-scorecard-badge]: https://api.securityscorecards.dev/projects/github.com/jshttp/statuses/badge
+[ossf-scorecard-visualizer]: https://kooltheba.github.io/openssf-scorecard-api-visualizer/#/projects/github.com/jshttp/statuses
diff --git a/src/Servers/ExpressServer/node_modules/statuses/codes.json b/src/Servers/ExpressServer/node_modules/statuses/codes.json
new file mode 100644
index 0000000..1333ed1
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/statuses/codes.json
@@ -0,0 +1,65 @@
+{
+  "100": "Continue",
+  "101": "Switching Protocols",
+  "102": "Processing",
+  "103": "Early Hints",
+  "200": "OK",
+  "201": "Created",
+  "202": "Accepted",
+  "203": "Non-Authoritative Information",
+  "204": "No Content",
+  "205": "Reset Content",
+  "206": "Partial Content",
+  "207": "Multi-Status",
+  "208": "Already Reported",
+  "226": "IM Used",
+  "300": "Multiple Choices",
+  "301": "Moved Permanently",
+  "302": "Found",
+  "303": "See Other",
+  "304": "Not Modified",
+  "305": "Use Proxy",
+  "307": "Temporary Redirect",
+  "308": "Permanent Redirect",
+  "400": "Bad Request",
+  "401": "Unauthorized",
+  "402": "Payment Required",
+  "403": "Forbidden",
+  "404": "Not Found",
+  "405": "Method Not Allowed",
+  "406": "Not Acceptable",
+  "407": "Proxy Authentication Required",
+  "408": "Request Timeout",
+  "409": "Conflict",
+  "410": "Gone",
+  "411": "Length Required",
+  "412": "Precondition Failed",
+  "413": "Payload Too Large",
+  "414": "URI Too Long",
+  "415": "Unsupported Media Type",
+  "416": "Range Not Satisfiable",
+  "417": "Expectation Failed",
+  "418": "I'm a Teapot",
+  "421": "Misdirected Request",
+  "422": "Unprocessable Entity",
+  "423": "Locked",
+  "424": "Failed Dependency",
+  "425": "Too Early",
+  "426": "Upgrade Required",
+  "428": "Precondition Required",
+  "429": "Too Many Requests",
+  "431": "Request Header Fields Too Large",
+  "451": "Unavailable For Legal Reasons",
+  "500": "Internal Server Error",
+  "501": "Not Implemented",
+  "502": "Bad Gateway",
+  "503": "Service Unavailable",
+  "504": "Gateway Timeout",
+  "505": "HTTP Version Not Supported",
+  "506": "Variant Also Negotiates",
+  "507": "Insufficient Storage",
+  "508": "Loop Detected",
+  "509": "Bandwidth Limit Exceeded",
+  "510": "Not Extended",
+  "511": "Network Authentication Required"
+}
diff --git a/src/Servers/ExpressServer/node_modules/statuses/index.js b/src/Servers/ExpressServer/node_modules/statuses/index.js
new file mode 100644
index 0000000..ea351c5
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/statuses/index.js
@@ -0,0 +1,146 @@
+/*!
+ * statuses
+ * Copyright(c) 2014 Jonathan Ong
+ * Copyright(c) 2016 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict'
+
+/**
+ * Module dependencies.
+ * @private
+ */
+
+var codes = require('./codes.json')
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = status
+
+// status code to message map
+status.message = codes
+
+// status message (lower-case) to code map
+status.code = createMessageToStatusCodeMap(codes)
+
+// array of status codes
+status.codes = createStatusCodeList(codes)
+
+// status codes for redirects
+status.redirect = {
+  300: true,
+  301: true,
+  302: true,
+  303: true,
+  305: true,
+  307: true,
+  308: true
+}
+
+// status codes for empty bodies
+status.empty = {
+  204: true,
+  205: true,
+  304: true
+}
+
+// status codes for when you should retry the request
+status.retry = {
+  502: true,
+  503: true,
+  504: true
+}
+
+/**
+ * Create a map of message to status code.
+ * @private
+ */
+
+function createMessageToStatusCodeMap (codes) {
+  var map = {}
+
+  Object.keys(codes).forEach(function forEachCode (code) {
+    var message = codes[code]
+    var status = Number(code)
+
+    // populate map
+    map[message.toLowerCase()] = status
+  })
+
+  return map
+}
+
+/**
+ * Create a list of all status codes.
+ * @private
+ */
+
+function createStatusCodeList (codes) {
+  return Object.keys(codes).map(function mapCode (code) {
+    return Number(code)
+  })
+}
+
+/**
+ * Get the status code for given message.
+ * @private
+ */
+
+function getStatusCode (message) {
+  var msg = message.toLowerCase()
+
+  if (!Object.prototype.hasOwnProperty.call(status.code, msg)) {
+    throw new Error('invalid status message: "' + message + '"')
+  }
+
+  return status.code[msg]
+}
+
+/**
+ * Get the status message for given code.
+ * @private
+ */
+
+function getStatusMessage (code) {
+  if (!Object.prototype.hasOwnProperty.call(status.message, code)) {
+    throw new Error('invalid status code: ' + code)
+  }
+
+  return status.message[code]
+}
+
+/**
+ * Get the status code.
+ *
+ * Given a number, this will throw if it is not a known status
+ * code, otherwise the code will be returned. Given a string,
+ * the string will be parsed for a number and return the code
+ * if valid, otherwise will lookup the code assuming this is
+ * the status message.
+ *
+ * @param {string|number} code
+ * @returns {number}
+ * @public
+ */
+
+function status (code) {
+  if (typeof code === 'number') {
+    return getStatusMessage(code)
+  }
+
+  if (typeof code !== 'string') {
+    throw new TypeError('code must be a number or string')
+  }
+
+  // '403'
+  var n = parseInt(code, 10)
+  if (!isNaN(n)) {
+    return getStatusMessage(n)
+  }
+
+  return getStatusCode(code)
+}
diff --git a/src/Servers/ExpressServer/node_modules/statuses/package.json b/src/Servers/ExpressServer/node_modules/statuses/package.json
new file mode 100644
index 0000000..b5d016e
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/statuses/package.json
@@ -0,0 +1,49 @@
+{
+  "name": "statuses",
+  "description": "HTTP status utility",
+  "version": "2.0.2",
+  "contributors": [
+    "Douglas Christopher Wilson <doug@somethingdoug.com>",
+    "Jonathan Ong <me@jongleberry.com> (http://jongleberry.com)"
+  ],
+  "repository": "jshttp/statuses",
+  "license": "MIT",
+  "keywords": [
+    "http",
+    "status",
+    "code"
+  ],
+  "files": [
+    "HISTORY.md",
+    "index.js",
+    "codes.json",
+    "LICENSE"
+  ],
+  "devDependencies": {
+    "csv-parse": "4.16.3",
+    "eslint": "7.19.0",
+    "eslint-config-standard": "14.1.1",
+    "eslint-plugin-import": "2.31.0",
+    "eslint-plugin-markdown": "1.0.2",
+    "eslint-plugin-node": "11.1.0",
+    "eslint-plugin-promise": "4.3.1",
+    "eslint-plugin-standard": "4.1.0",
+    "mocha": "8.4.0",
+    "nyc": "15.1.0",
+    "raw-body": "2.5.2",
+    "stream-to-array": "2.3.0"
+  },
+  "engines": {
+    "node": ">= 0.8"
+  },
+  "scripts": {
+    "build": "node scripts/build.js",
+    "fetch": "node scripts/fetch-apache.js && node scripts/fetch-iana.js && node scripts/fetch-nginx.js && node scripts/fetch-node.js",
+    "lint": "eslint --plugin markdown --ext js,md .",
+    "test": "mocha --reporter spec --check-leaks --bail test/",
+    "test-ci": "nyc --reporter=lcov --reporter=text npm test",
+    "test-cov": "nyc --reporter=html --reporter=text npm test",
+    "update": "npm run fetch && npm run build",
+    "version": "node scripts/version-history.js && git add HISTORY.md"
+  }
+}
diff --git a/src/Servers/ExpressServer/node_modules/toidentifier/HISTORY.md b/src/Servers/ExpressServer/node_modules/toidentifier/HISTORY.md
new file mode 100644
index 0000000..cb7cc89
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/toidentifier/HISTORY.md
@@ -0,0 +1,9 @@
+1.0.1 / 2021-11-14
+==================
+
+  * pref: enable strict mode
+
+1.0.0 / 2018-07-09
+==================
+
+  * Initial release
diff --git a/src/Servers/ExpressServer/node_modules/toidentifier/LICENSE b/src/Servers/ExpressServer/node_modules/toidentifier/LICENSE
new file mode 100644
index 0000000..de22d15
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/toidentifier/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2016 Douglas Christopher Wilson <doug@somethingdoug.com>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/toidentifier/README.md b/src/Servers/ExpressServer/node_modules/toidentifier/README.md
new file mode 100644
index 0000000..57e8a78
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/toidentifier/README.md
@@ -0,0 +1,61 @@
+# toidentifier
+
+[![NPM Version][npm-image]][npm-url]
+[![NPM Downloads][downloads-image]][downloads-url]
+[![Build Status][github-actions-ci-image]][github-actions-ci-url]
+[![Test Coverage][codecov-image]][codecov-url]
+
+> Convert a string of words to a JavaScript identifier
+
+## Install
+
+This is a [Node.js](https://nodejs.org/en/) module available through the
+[npm registry](https://www.npmjs.com/). Installation is done using the
+[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
+
+```bash
+$ npm install toidentifier
+```
+
+## Example
+
+```js
+var toIdentifier = require('toidentifier')
+
+console.log(toIdentifier('Bad Request'))
+// => "BadRequest"
+```
+
+## API
+
+This CommonJS module exports a single default function: `toIdentifier`.
+
+### toIdentifier(string)
+
+Given a string as the argument, it will be transformed according to
+the following rules and the new string will be returned:
+
+1. Split into words separated by space characters (`0x20`).
+2. Upper case the first character of each word.
+3. Join the words together with no separator.
+4. Remove all non-word (`[0-9a-z_]`) characters.
+
+## License
+
+[MIT](LICENSE)
+
+[codecov-image]: https://img.shields.io/codecov/c/github/component/toidentifier.svg
+[codecov-url]: https://codecov.io/gh/component/toidentifier
+[downloads-image]: https://img.shields.io/npm/dm/toidentifier.svg
+[downloads-url]: https://npmjs.org/package/toidentifier
+[github-actions-ci-image]: https://img.shields.io/github/workflow/status/component/toidentifier/ci/master?label=ci
+[github-actions-ci-url]: https://github.com/component/toidentifier?query=workflow%3Aci
+[npm-image]: https://img.shields.io/npm/v/toidentifier.svg
+[npm-url]: https://npmjs.org/package/toidentifier
+
+
+##
+
+[npm]: https://www.npmjs.com/
+
+[yarn]: https://yarnpkg.com/
diff --git a/src/Servers/ExpressServer/node_modules/toidentifier/index.js b/src/Servers/ExpressServer/node_modules/toidentifier/index.js
new file mode 100644
index 0000000..9295d02
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/toidentifier/index.js
@@ -0,0 +1,32 @@
+/*!
+ * toidentifier
+ * Copyright(c) 2016 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict'
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = toIdentifier
+
+/**
+ * Trasform the given string into a JavaScript identifier
+ *
+ * @param {string} str
+ * @returns {string}
+ * @public
+ */
+
+function toIdentifier (str) {
+  return str
+    .split(' ')
+    .map(function (token) {
+      return token.slice(0, 1).toUpperCase() + token.slice(1)
+    })
+    .join('')
+    .replace(/[^ _0-9a-z]/gi, '')
+}
diff --git a/src/Servers/ExpressServer/node_modules/toidentifier/package.json b/src/Servers/ExpressServer/node_modules/toidentifier/package.json
new file mode 100644
index 0000000..42db1a6
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/toidentifier/package.json
@@ -0,0 +1,38 @@
+{
+  "name": "toidentifier",
+  "description": "Convert a string of words to a JavaScript identifier",
+  "version": "1.0.1",
+  "author": "Douglas Christopher Wilson <doug@somethingdoug.com>",
+  "contributors": [
+    "Douglas Christopher Wilson <doug@somethingdoug.com>",
+    "Nick Baugh <niftylettuce@gmail.com> (http://niftylettuce.com/)"
+  ],
+  "repository": "component/toidentifier",
+  "devDependencies": {
+    "eslint": "7.32.0",
+    "eslint-config-standard": "14.1.1",
+    "eslint-plugin-import": "2.25.3",
+    "eslint-plugin-markdown": "2.2.1",
+    "eslint-plugin-node": "11.1.0",
+    "eslint-plugin-promise": "4.3.1",
+    "eslint-plugin-standard": "4.1.0",
+    "mocha": "9.1.3",
+    "nyc": "15.1.0"
+  },
+  "engines": {
+    "node": ">=0.6"
+  },
+  "license": "MIT",
+  "files": [
+    "HISTORY.md",
+    "LICENSE",
+    "index.js"
+  ],
+  "scripts": {
+    "lint": "eslint .",
+    "test": "mocha --reporter spec --bail --check-leaks test/",
+    "test-ci": "nyc --reporter=lcov --reporter=text npm test",
+    "test-cov": "nyc --reporter=html --reporter=text npm test",
+    "version": "node scripts/version-history.js && git add HISTORY.md"
+  }
+}
diff --git a/src/Servers/ExpressServer/node_modules/type-is/HISTORY.md b/src/Servers/ExpressServer/node_modules/type-is/HISTORY.md
new file mode 100644
index 0000000..8de21f7
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/type-is/HISTORY.md
@@ -0,0 +1,259 @@
+1.6.18 / 2019-04-26
+===================
+
+  * Fix regression passing request object to `typeis.is`
+
+1.6.17 / 2019-04-25
+===================
+
+  * deps: mime-types@~2.1.24
+    - Add Apple file extensions from IANA
+    - Add extension `.csl` to `application/vnd.citationstyles.style+xml`
+    - Add extension `.es` to `application/ecmascript`
+    - Add extension `.nq` to `application/n-quads`
+    - Add extension `.nt` to `application/n-triples`
+    - Add extension `.owl` to `application/rdf+xml`
+    - Add extensions `.siv` and `.sieve` to `application/sieve`
+    - Add extensions from IANA for `image/*` types
+    - Add extensions from IANA for `model/*` types
+    - Add extensions to HEIC image types
+    - Add new mime types
+    - Add `text/mdx` with extension `.mdx`
+  * perf: prevent internal `throw` on invalid type
+
+1.6.16 / 2018-02-16
+===================
+
+  * deps: mime-types@~2.1.18
+    - Add `application/raml+yaml` with extension `.raml`
+    - Add `application/wasm` with extension `.wasm`
+    - Add `text/shex` with extension `.shex`
+    - Add extensions for JPEG-2000 images
+    - Add extensions from IANA for `message/*` types
+    - Add extension `.mjs` to `application/javascript`
+    - Add extension `.wadl` to `application/vnd.sun.wadl+xml`
+    - Add extension `.gz` to `application/gzip`
+    - Add glTF types and extensions
+    - Add new mime types
+    - Update extensions `.md` and `.markdown` to be `text/markdown`
+    - Update font MIME types
+    - Update `text/hjson` to registered `application/hjson`
+
+1.6.15 / 2017-03-31
+===================
+
+  * deps: mime-types@~2.1.15
+    - Add new mime types
+
+1.6.14 / 2016-11-18
+===================
+
+  * deps: mime-types@~2.1.13
+    - Add new mime types
+
+1.6.13 / 2016-05-18
+===================
+
+  * deps: mime-types@~2.1.11
+    - Add new mime types
+
+1.6.12 / 2016-02-28
+===================
+
+  * deps: mime-types@~2.1.10
+    - Add new mime types
+    - Fix extension of `application/dash+xml`
+    - Update primary extension for `audio/mp4`
+
+1.6.11 / 2016-01-29
+===================
+
+  * deps: mime-types@~2.1.9
+    - Add new mime types
+
+1.6.10 / 2015-12-01
+===================
+
+  * deps: mime-types@~2.1.8
+    - Add new mime types
+
+1.6.9 / 2015-09-27
+==================
+
+  * deps: mime-types@~2.1.7
+    - Add new mime types
+
+1.6.8 / 2015-09-04
+==================
+
+  * deps: mime-types@~2.1.6
+    - Add new mime types
+
+1.6.7 / 2015-08-20
+==================
+
+  * Fix type error when given invalid type to match against
+  * deps: mime-types@~2.1.5
+    - Add new mime types
+
+1.6.6 / 2015-07-31
+==================
+
+  * deps: mime-types@~2.1.4
+    - Add new mime types
+
+1.6.5 / 2015-07-16
+==================
+
+  * deps: mime-types@~2.1.3
+    - Add new mime types
+
+1.6.4 / 2015-07-01
+==================
+
+  * deps: mime-types@~2.1.2
+    - Add new mime types
+  * perf: enable strict mode
+  * perf: remove argument reassignment
+
+1.6.3 / 2015-06-08
+==================
+
+  * deps: mime-types@~2.1.1
+    - Add new mime types
+  * perf: reduce try block size
+  * perf: remove bitwise operations
+
+1.6.2 / 2015-05-10
+==================
+
+  * deps: mime-types@~2.0.11
+    - Add new mime types
+
+1.6.1 / 2015-03-13
+==================
+
+  * deps: mime-types@~2.0.10
+    - Add new mime types
+
+1.6.0 / 2015-02-12
+==================
+
+  * fix false-positives in `hasBody` `Transfer-Encoding` check
+  * support wildcard for both type and subtype (`*/*`)
+
+1.5.7 / 2015-02-09
+==================
+
+  * fix argument reassignment
+  * deps: mime-types@~2.0.9
+    - Add new mime types
+
+1.5.6 / 2015-01-29
+==================
+
+  * deps: mime-types@~2.0.8
+    - Add new mime types
+
+1.5.5 / 2014-12-30
+==================
+
+  * deps: mime-types@~2.0.7
+    - Add new mime types
+    - Fix missing extensions
+    - Fix various invalid MIME type entries
+    - Remove example template MIME types
+    - deps: mime-db@~1.5.0
+
+1.5.4 / 2014-12-10
+==================
+
+  * deps: mime-types@~2.0.4
+    - Add new mime types
+    - deps: mime-db@~1.3.0
+
+1.5.3 / 2014-11-09
+==================
+
+  * deps: mime-types@~2.0.3
+    - Add new mime types
+    - deps: mime-db@~1.2.0
+
+1.5.2 / 2014-09-28
+==================
+
+  * deps: mime-types@~2.0.2
+    - Add new mime types
+    - deps: mime-db@~1.1.0
+
+1.5.1 / 2014-09-07
+==================
+
+  * Support Node.js 0.6
+  * deps: media-typer@0.3.0
+  * deps: mime-types@~2.0.1
+    - Support Node.js 0.6
+
+1.5.0 / 2014-09-05
+==================
+
+ * fix `hasbody` to be true for `content-length: 0`
+
+1.4.0 / 2014-09-02
+==================
+
+ * update mime-types
+
+1.3.2 / 2014-06-24
+==================
+
+ * use `~` range on mime-types
+
+1.3.1 / 2014-06-19
+==================
+
+ * fix global variable leak
+
+1.3.0 / 2014-06-19
+==================
+
+ * improve type parsing
+
+   - invalid media type never matches
+   - media type not case-sensitive
+   - extra LWS does not affect results
+
+1.2.2 / 2014-06-19
+==================
+
+ * fix behavior on unknown type argument
+
+1.2.1 / 2014-06-03
+==================
+
+ * switch dependency from `mime` to `mime-types@1.0.0`
+
+1.2.0 / 2014-05-11
+==================
+
+ * support suffix matching:
+
+   - `+json` matches `application/vnd+json`
+   - `*/vnd+json` matches `application/vnd+json`
+   - `application/*+json` matches `application/vnd+json`
+
+1.1.0 / 2014-04-12
+==================
+
+ * add non-array values support
+ * expose internal utilities:
+
+   - `.is()`
+   - `.hasBody()`
+   - `.normalize()`
+   - `.match()`
+
+1.0.1 / 2014-03-30
+==================
+
+ * add `multipart` as a shorthand
diff --git a/src/Servers/ExpressServer/node_modules/type-is/LICENSE b/src/Servers/ExpressServer/node_modules/type-is/LICENSE
new file mode 100644
index 0000000..386b7b6
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/type-is/LICENSE
@@ -0,0 +1,23 @@
+(The MIT License)
+
+Copyright (c) 2014 Jonathan Ong <me@jongleberry.com>
+Copyright (c) 2014-2015 Douglas Christopher Wilson <doug@somethingdoug.com>
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/type-is/README.md b/src/Servers/ExpressServer/node_modules/type-is/README.md
new file mode 100644
index 0000000..b85ef8f
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/type-is/README.md
@@ -0,0 +1,170 @@
+# type-is
+
+[![NPM Version][npm-version-image]][npm-url]
+[![NPM Downloads][npm-downloads-image]][npm-url]
+[![Node.js Version][node-version-image]][node-version-url]
+[![Build Status][travis-image]][travis-url]
+[![Test Coverage][coveralls-image]][coveralls-url]
+
+Infer the content-type of a request.
+
+### Install
+
+This is a [Node.js](https://nodejs.org/en/) module available through the
+[npm registry](https://www.npmjs.com/). Installation is done using the
+[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
+
+```sh
+$ npm install type-is
+```
+
+## API
+
+```js
+var http = require('http')
+var typeis = require('type-is')
+
+http.createServer(function (req, res) {
+  var istext = typeis(req, ['text/*'])
+  res.end('you ' + (istext ? 'sent' : 'did not send') + ' me text')
+})
+```
+
+### typeis(request, types)
+
+Checks if the `request` is one of the `types`. If the request has no body,
+even if there is a `Content-Type` header, then `null` is returned. If the
+`Content-Type` header is invalid or does not matches any of the `types`, then
+`false` is returned. Otherwise, a string of the type that matched is returned.
+
+The `request` argument is expected to be a Node.js HTTP request. The `types`
+argument is an array of type strings.
+
+Each type in the `types` array can be one of the following:
+
+- A file extension name such as `json`. This name will be returned if matched.
+- A mime type such as `application/json`.
+- A mime type with a wildcard such as `*/*` or `*/json` or `application/*`.
+  The full mime type will be returned if matched.
+- A suffix such as `+json`. This can be combined with a wildcard such as
+  `*/vnd+json` or `application/*+json`. The full mime type will be returned
+  if matched.
+
+Some examples to illustrate the inputs and returned value:
+
+<!-- eslint-disable no-undef -->
+
+```js
+// req.headers.content-type = 'application/json'
+
+typeis(req, ['json']) // => 'json'
+typeis(req, ['html', 'json']) // => 'json'
+typeis(req, ['application/*']) // => 'application/json'
+typeis(req, ['application/json']) // => 'application/json'
+
+typeis(req, ['html']) // => false
+```
+
+### typeis.hasBody(request)
+
+Returns a Boolean if the given `request` has a body, regardless of the
+`Content-Type` header.
+
+Having a body has no relation to how large the body is (it may be 0 bytes).
+This is similar to how file existence works. If a body does exist, then this
+indicates that there is data to read from the Node.js request stream.
+
+<!-- eslint-disable no-undef -->
+
+```js
+if (typeis.hasBody(req)) {
+  // read the body, since there is one
+
+  req.on('data', function (chunk) {
+    // ...
+  })
+}
+```
+
+### typeis.is(mediaType, types)
+
+Checks if the `mediaType` is one of the `types`. If the `mediaType` is invalid
+or does not matches any of the `types`, then `false` is returned. Otherwise, a
+string of the type that matched is returned.
+
+The `mediaType` argument is expected to be a
+[media type](https://tools.ietf.org/html/rfc6838) string. The `types` argument
+is an array of type strings.
+
+Each type in the `types` array can be one of the following:
+
+- A file extension name such as `json`. This name will be returned if matched.
+- A mime type such as `application/json`.
+- A mime type with a wildcard such as `*/*` or `*/json` or `application/*`.
+  The full mime type will be returned if matched.
+- A suffix such as `+json`. This can be combined with a wildcard such as
+  `*/vnd+json` or `application/*+json`. The full mime type will be returned
+  if matched.
+
+Some examples to illustrate the inputs and returned value:
+
+<!-- eslint-disable no-undef -->
+
+```js
+var mediaType = 'application/json'
+
+typeis.is(mediaType, ['json']) // => 'json'
+typeis.is(mediaType, ['html', 'json']) // => 'json'
+typeis.is(mediaType, ['application/*']) // => 'application/json'
+typeis.is(mediaType, ['application/json']) // => 'application/json'
+
+typeis.is(mediaType, ['html']) // => false
+```
+
+## Examples
+
+### Example body parser
+
+```js
+var express = require('express')
+var typeis = require('type-is')
+
+var app = express()
+
+app.use(function bodyParser (req, res, next) {
+  if (!typeis.hasBody(req)) {
+    return next()
+  }
+
+  switch (typeis(req, ['urlencoded', 'json', 'multipart'])) {
+    case 'urlencoded':
+      // parse urlencoded body
+      throw new Error('implement urlencoded body parsing')
+    case 'json':
+      // parse json body
+      throw new Error('implement json body parsing')
+    case 'multipart':
+      // parse multipart body
+      throw new Error('implement multipart body parsing')
+    default:
+      // 415 error code
+      res.statusCode = 415
+      res.end()
+      break
+  }
+})
+```
+
+## License
+
+[MIT](LICENSE)
+
+[coveralls-image]: https://badgen.net/coveralls/c/github/jshttp/type-is/master
+[coveralls-url]: https://coveralls.io/r/jshttp/type-is?branch=master
+[node-version-image]: https://badgen.net/npm/node/type-is
+[node-version-url]: https://nodejs.org/en/download
+[npm-downloads-image]: https://badgen.net/npm/dm/type-is
+[npm-url]: https://npmjs.org/package/type-is
+[npm-version-image]: https://badgen.net/npm/v/type-is
+[travis-image]: https://badgen.net/travis/jshttp/type-is/master
+[travis-url]: https://travis-ci.org/jshttp/type-is
diff --git a/src/Servers/ExpressServer/node_modules/type-is/index.js b/src/Servers/ExpressServer/node_modules/type-is/index.js
new file mode 100644
index 0000000..890ad76
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/type-is/index.js
@@ -0,0 +1,266 @@
+/*!
+ * type-is
+ * Copyright(c) 2014 Jonathan Ong
+ * Copyright(c) 2014-2015 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict'
+
+/**
+ * Module dependencies.
+ * @private
+ */
+
+var typer = require('media-typer')
+var mime = require('mime-types')
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = typeofrequest
+module.exports.is = typeis
+module.exports.hasBody = hasbody
+module.exports.normalize = normalize
+module.exports.match = mimeMatch
+
+/**
+ * Compare a `value` content-type with `types`.
+ * Each `type` can be an extension like `html`,
+ * a special shortcut like `multipart` or `urlencoded`,
+ * or a mime type.
+ *
+ * If no types match, `false` is returned.
+ * Otherwise, the first `type` that matches is returned.
+ *
+ * @param {String} value
+ * @param {Array} types
+ * @public
+ */
+
+function typeis (value, types_) {
+  var i
+  var types = types_
+
+  // remove parameters and normalize
+  var val = tryNormalizeType(value)
+
+  // no type or invalid
+  if (!val) {
+    return false
+  }
+
+  // support flattened arguments
+  if (types && !Array.isArray(types)) {
+    types = new Array(arguments.length - 1)
+    for (i = 0; i < types.length; i++) {
+      types[i] = arguments[i + 1]
+    }
+  }
+
+  // no types, return the content type
+  if (!types || !types.length) {
+    return val
+  }
+
+  var type
+  for (i = 0; i < types.length; i++) {
+    if (mimeMatch(normalize(type = types[i]), val)) {
+      return type[0] === '+' || type.indexOf('*') !== -1
+        ? val
+        : type
+    }
+  }
+
+  // no matches
+  return false
+}
+
+/**
+ * Check if a request has a request body.
+ * A request with a body __must__ either have `transfer-encoding`
+ * or `content-length` headers set.
+ * http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.3
+ *
+ * @param {Object} request
+ * @return {Boolean}
+ * @public
+ */
+
+function hasbody (req) {
+  return req.headers['transfer-encoding'] !== undefined ||
+    !isNaN(req.headers['content-length'])
+}
+
+/**
+ * Check if the incoming request contains the "Content-Type"
+ * header field, and it contains any of the give mime `type`s.
+ * If there is no request body, `null` is returned.
+ * If there is no content type, `false` is returned.
+ * Otherwise, it returns the first `type` that matches.
+ *
+ * Examples:
+ *
+ *     // With Content-Type: text/html; charset=utf-8
+ *     this.is('html'); // => 'html'
+ *     this.is('text/html'); // => 'text/html'
+ *     this.is('text/*', 'application/json'); // => 'text/html'
+ *
+ *     // When Content-Type is application/json
+ *     this.is('json', 'urlencoded'); // => 'json'
+ *     this.is('application/json'); // => 'application/json'
+ *     this.is('html', 'application/*'); // => 'application/json'
+ *
+ *     this.is('html'); // => false
+ *
+ * @param {String|Array} types...
+ * @return {String|false|null}
+ * @public
+ */
+
+function typeofrequest (req, types_) {
+  var types = types_
+
+  // no body
+  if (!hasbody(req)) {
+    return null
+  }
+
+  // support flattened arguments
+  if (arguments.length > 2) {
+    types = new Array(arguments.length - 1)
+    for (var i = 0; i < types.length; i++) {
+      types[i] = arguments[i + 1]
+    }
+  }
+
+  // request content type
+  var value = req.headers['content-type']
+
+  return typeis(value, types)
+}
+
+/**
+ * Normalize a mime type.
+ * If it's a shorthand, expand it to a valid mime type.
+ *
+ * In general, you probably want:
+ *
+ *   var type = is(req, ['urlencoded', 'json', 'multipart']);
+ *
+ * Then use the appropriate body parsers.
+ * These three are the most common request body types
+ * and are thus ensured to work.
+ *
+ * @param {String} type
+ * @private
+ */
+
+function normalize (type) {
+  if (typeof type !== 'string') {
+    // invalid type
+    return false
+  }
+
+  switch (type) {
+    case 'urlencoded':
+      return 'application/x-www-form-urlencoded'
+    case 'multipart':
+      return 'multipart/*'
+  }
+
+  if (type[0] === '+') {
+    // "+json" -> "*/*+json" expando
+    return '*/*' + type
+  }
+
+  return type.indexOf('/') === -1
+    ? mime.lookup(type)
+    : type
+}
+
+/**
+ * Check if `expected` mime type
+ * matches `actual` mime type with
+ * wildcard and +suffix support.
+ *
+ * @param {String} expected
+ * @param {String} actual
+ * @return {Boolean}
+ * @private
+ */
+
+function mimeMatch (expected, actual) {
+  // invalid type
+  if (expected === false) {
+    return false
+  }
+
+  // split types
+  var actualParts = actual.split('/')
+  var expectedParts = expected.split('/')
+
+  // invalid format
+  if (actualParts.length !== 2 || expectedParts.length !== 2) {
+    return false
+  }
+
+  // validate type
+  if (expectedParts[0] !== '*' && expectedParts[0] !== actualParts[0]) {
+    return false
+  }
+
+  // validate suffix wildcard
+  if (expectedParts[1].substr(0, 2) === '*+') {
+    return expectedParts[1].length <= actualParts[1].length + 1 &&
+      expectedParts[1].substr(1) === actualParts[1].substr(1 - expectedParts[1].length)
+  }
+
+  // validate subtype
+  if (expectedParts[1] !== '*' && expectedParts[1] !== actualParts[1]) {
+    return false
+  }
+
+  return true
+}
+
+/**
+ * Normalize a type and remove parameters.
+ *
+ * @param {string} value
+ * @return {string}
+ * @private
+ */
+
+function normalizeType (value) {
+  // parse the type
+  var type = typer.parse(value)
+
+  // remove the parameters
+  type.parameters = undefined
+
+  // reformat it
+  return typer.format(type)
+}
+
+/**
+ * Try to normalize a type and remove parameters.
+ *
+ * @param {string} value
+ * @return {string}
+ * @private
+ */
+
+function tryNormalizeType (value) {
+  if (!value) {
+    return null
+  }
+
+  try {
+    return normalizeType(value)
+  } catch (err) {
+    return null
+  }
+}
diff --git a/src/Servers/ExpressServer/node_modules/type-is/package.json b/src/Servers/ExpressServer/node_modules/type-is/package.json
new file mode 100644
index 0000000..97ba5f1
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/type-is/package.json
@@ -0,0 +1,45 @@
+{
+  "name": "type-is",
+  "description": "Infer the content-type of a request.",
+  "version": "1.6.18",
+  "contributors": [
+    "Douglas Christopher Wilson <doug@somethingdoug.com>",
+    "Jonathan Ong <me@jongleberry.com> (http://jongleberry.com)"
+  ],
+  "license": "MIT",
+  "repository": "jshttp/type-is",
+  "dependencies": {
+    "media-typer": "0.3.0",
+    "mime-types": "~2.1.24"
+  },
+  "devDependencies": {
+    "eslint": "5.16.0",
+    "eslint-config-standard": "12.0.0",
+    "eslint-plugin-import": "2.17.2",
+    "eslint-plugin-markdown": "1.0.0",
+    "eslint-plugin-node": "8.0.1",
+    "eslint-plugin-promise": "4.1.1",
+    "eslint-plugin-standard": "4.0.0",
+    "mocha": "6.1.4",
+    "nyc": "14.0.0"
+  },
+  "engines": {
+    "node": ">= 0.6"
+  },
+  "files": [
+    "LICENSE",
+    "HISTORY.md",
+    "index.js"
+  ],
+  "scripts": {
+    "lint": "eslint --plugin markdown --ext js,md .",
+    "test": "mocha --reporter spec --check-leaks --bail test/",
+    "test-cov": "nyc --reporter=html --reporter=text npm test",
+    "test-travis": "nyc --reporter=text npm test"
+  },
+  "keywords": [
+    "content",
+    "type",
+    "checking"
+  ]
+}
diff --git a/src/Servers/ExpressServer/node_modules/unpipe/HISTORY.md b/src/Servers/ExpressServer/node_modules/unpipe/HISTORY.md
new file mode 100644
index 0000000..85e0f8d
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/unpipe/HISTORY.md
@@ -0,0 +1,4 @@
+1.0.0 / 2015-06-14
+==================
+
+  * Initial release
diff --git a/src/Servers/ExpressServer/node_modules/unpipe/LICENSE b/src/Servers/ExpressServer/node_modules/unpipe/LICENSE
new file mode 100644
index 0000000..aed0138
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/unpipe/LICENSE
@@ -0,0 +1,22 @@
+(The MIT License)
+
+Copyright (c) 2015 Douglas Christopher Wilson <doug@somethingdoug.com>
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/unpipe/README.md b/src/Servers/ExpressServer/node_modules/unpipe/README.md
new file mode 100644
index 0000000..e536ad2
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/unpipe/README.md
@@ -0,0 +1,43 @@
+# unpipe
+
+[![NPM Version][npm-image]][npm-url]
+[![NPM Downloads][downloads-image]][downloads-url]
+[![Node.js Version][node-image]][node-url]
+[![Build Status][travis-image]][travis-url]
+[![Test Coverage][coveralls-image]][coveralls-url]
+
+Unpipe a stream from all destinations.
+
+## Installation
+
+```sh
+$ npm install unpipe
+```
+
+## API
+
+```js
+var unpipe = require('unpipe')
+```
+
+### unpipe(stream)
+
+Unpipes all destinations from a given stream. With stream 2+, this is
+equivalent to `stream.unpipe()`. When used with streams 1 style streams
+(typically Node.js 0.8 and below), this module attempts to undo the
+actions done in `stream.pipe(dest)`.
+
+## License
+
+[MIT](LICENSE)
+
+[npm-image]: https://img.shields.io/npm/v/unpipe.svg
+[npm-url]: https://npmjs.org/package/unpipe
+[node-image]: https://img.shields.io/node/v/unpipe.svg
+[node-url]: http://nodejs.org/download/
+[travis-image]: https://img.shields.io/travis/stream-utils/unpipe.svg
+[travis-url]: https://travis-ci.org/stream-utils/unpipe
+[coveralls-image]: https://img.shields.io/coveralls/stream-utils/unpipe.svg
+[coveralls-url]: https://coveralls.io/r/stream-utils/unpipe?branch=master
+[downloads-image]: https://img.shields.io/npm/dm/unpipe.svg
+[downloads-url]: https://npmjs.org/package/unpipe
diff --git a/src/Servers/ExpressServer/node_modules/unpipe/index.js b/src/Servers/ExpressServer/node_modules/unpipe/index.js
new file mode 100644
index 0000000..15c3d97
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/unpipe/index.js
@@ -0,0 +1,69 @@
+/*!
+ * unpipe
+ * Copyright(c) 2015 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict'
+
+/**
+ * Module exports.
+ * @public
+ */
+
+module.exports = unpipe
+
+/**
+ * Determine if there are Node.js pipe-like data listeners.
+ * @private
+ */
+
+function hasPipeDataListeners(stream) {
+  var listeners = stream.listeners('data')
+
+  for (var i = 0; i < listeners.length; i++) {
+    if (listeners[i].name === 'ondata') {
+      return true
+    }
+  }
+
+  return false
+}
+
+/**
+ * Unpipe a stream from all destinations.
+ *
+ * @param {object} stream
+ * @public
+ */
+
+function unpipe(stream) {
+  if (!stream) {
+    throw new TypeError('argument stream is required')
+  }
+
+  if (typeof stream.unpipe === 'function') {
+    // new-style
+    stream.unpipe()
+    return
+  }
+
+  // Node.js 0.8 hack
+  if (!hasPipeDataListeners(stream)) {
+    return
+  }
+
+  var listener
+  var listeners = stream.listeners('close')
+
+  for (var i = 0; i < listeners.length; i++) {
+    listener = listeners[i]
+
+    if (listener.name !== 'cleanup' && listener.name !== 'onclose') {
+      continue
+    }
+
+    // invoke the listener
+    listener.call(stream)
+  }
+}
diff --git a/src/Servers/ExpressServer/node_modules/unpipe/package.json b/src/Servers/ExpressServer/node_modules/unpipe/package.json
new file mode 100644
index 0000000..a2b7358
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/unpipe/package.json
@@ -0,0 +1,27 @@
+{
+  "name": "unpipe",
+  "description": "Unpipe a stream from all destinations",
+  "version": "1.0.0",
+  "author": "Douglas Christopher Wilson <doug@somethingdoug.com>",
+  "license": "MIT",
+  "repository": "stream-utils/unpipe",
+  "devDependencies": {
+    "istanbul": "0.3.15",
+    "mocha": "2.2.5",
+    "readable-stream": "1.1.13"
+  },
+  "files": [
+    "HISTORY.md",
+    "LICENSE",
+    "README.md",
+    "index.js"
+  ],
+  "engines": {
+    "node": ">= 0.8"
+  },
+  "scripts": {
+    "test": "mocha --reporter spec --bail --check-leaks test/",
+    "test-cov": "istanbul cover node_modules/mocha/bin/_mocha -- --reporter dot --check-leaks test/",
+    "test-travis": "istanbul cover node_modules/mocha/bin/_mocha --report lcovonly -- --reporter spec --check-leaks test/"
+  }
+}
diff --git a/src/Servers/ExpressServer/node_modules/utils-merge/.npmignore b/src/Servers/ExpressServer/node_modules/utils-merge/.npmignore
new file mode 100644
index 0000000..3e53844
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/utils-merge/.npmignore
@@ -0,0 +1,9 @@
+CONTRIBUTING.md
+Makefile
+docs/
+examples/
+reports/
+test/
+
+.jshintrc
+.travis.yml
diff --git a/src/Servers/ExpressServer/node_modules/utils-merge/LICENSE b/src/Servers/ExpressServer/node_modules/utils-merge/LICENSE
new file mode 100644
index 0000000..76f6d08
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/utils-merge/LICENSE
@@ -0,0 +1,20 @@
+The MIT License (MIT)
+
+Copyright (c) 2013-2017 Jared Hanson
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/utils-merge/README.md b/src/Servers/ExpressServer/node_modules/utils-merge/README.md
new file mode 100644
index 0000000..0cb7117
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/utils-merge/README.md
@@ -0,0 +1,34 @@
+# utils-merge
+
+[![Version](https://img.shields.io/npm/v/utils-merge.svg?label=version)](https://www.npmjs.com/package/utils-merge)
+[![Build](https://img.shields.io/travis/jaredhanson/utils-merge.svg)](https://travis-ci.org/jaredhanson/utils-merge)
+[![Quality](https://img.shields.io/codeclimate/github/jaredhanson/utils-merge.svg?label=quality)](https://codeclimate.com/github/jaredhanson/utils-merge)
+[![Coverage](https://img.shields.io/coveralls/jaredhanson/utils-merge.svg)](https://coveralls.io/r/jaredhanson/utils-merge)
+[![Dependencies](https://img.shields.io/david/jaredhanson/utils-merge.svg)](https://david-dm.org/jaredhanson/utils-merge)
+
+
+Merges the properties from a source object into a destination object.
+
+## Install
+
+```bash
+$ npm install utils-merge
+```
+
+## Usage
+
+```javascript
+var a = { foo: 'bar' }
+  , b = { bar: 'baz' };
+
+merge(a, b);
+// => { foo: 'bar', bar: 'baz' }
+```
+
+## License
+
+[The MIT License](http://opensource.org/licenses/MIT)
+
+Copyright (c) 2013-2017 Jared Hanson <[http://jaredhanson.net/](http://jaredhanson.net/)>
+
+<a target='_blank' rel='nofollow' href='https://app.codesponsor.io/link/vK9dyjRnnWsMzzJTQ57fRJpH/jaredhanson/utils-merge'>  <img alt='Sponsor' width='888' height='68' src='https://app.codesponsor.io/embed/vK9dyjRnnWsMzzJTQ57fRJpH/jaredhanson/utils-merge.svg' /></a>
diff --git a/src/Servers/ExpressServer/node_modules/utils-merge/index.js b/src/Servers/ExpressServer/node_modules/utils-merge/index.js
new file mode 100644
index 0000000..4265c69
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/utils-merge/index.js
@@ -0,0 +1,23 @@
+/**
+ * Merge object b with object a.
+ *
+ *     var a = { foo: 'bar' }
+ *       , b = { bar: 'baz' };
+ *
+ *     merge(a, b);
+ *     // => { foo: 'bar', bar: 'baz' }
+ *
+ * @param {Object} a
+ * @param {Object} b
+ * @return {Object}
+ * @api public
+ */
+
+exports = module.exports = function(a, b){
+  if (a && b) {
+    for (var key in b) {
+      a[key] = b[key];
+    }
+  }
+  return a;
+};
diff --git a/src/Servers/ExpressServer/node_modules/utils-merge/package.json b/src/Servers/ExpressServer/node_modules/utils-merge/package.json
new file mode 100644
index 0000000..e36b078
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/utils-merge/package.json
@@ -0,0 +1,40 @@
+{
+  "name": "utils-merge",
+  "version": "1.0.1",
+  "description": "merge() utility function",
+  "keywords": [
+    "util"
+  ],
+  "author": {
+    "name": "Jared Hanson",
+    "email": "jaredhanson@gmail.com",
+    "url": "http://www.jaredhanson.net/"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git://github.com/jaredhanson/utils-merge.git"
+  },
+  "bugs": {
+    "url": "http://github.com/jaredhanson/utils-merge/issues"
+  },
+  "license": "MIT",
+  "licenses": [
+    {
+      "type": "MIT",
+      "url": "http://opensource.org/licenses/MIT"
+    }
+  ],
+  "main": "./index",
+  "dependencies": {},
+  "devDependencies": {
+    "make-node": "0.3.x",
+    "mocha": "1.x.x",
+    "chai": "1.x.x"
+  },
+  "engines": {
+    "node": ">= 0.4.0"
+  },
+  "scripts": {
+    "test": "node_modules/.bin/mocha --reporter spec --require test/bootstrap/node test/*.test.js"
+  }
+}
diff --git a/src/Servers/ExpressServer/node_modules/vary/HISTORY.md b/src/Servers/ExpressServer/node_modules/vary/HISTORY.md
new file mode 100644
index 0000000..f6cbcf7
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/vary/HISTORY.md
@@ -0,0 +1,39 @@
+1.1.2 / 2017-09-23
+==================
+
+  * perf: improve header token parsing speed
+
+1.1.1 / 2017-03-20
+==================
+
+  * perf: hoist regular expression
+
+1.1.0 / 2015-09-29
+==================
+
+  * Only accept valid field names in the `field` argument
+    - Ensures the resulting string is a valid HTTP header value
+
+1.0.1 / 2015-07-08
+==================
+
+  * Fix setting empty header from empty `field`
+  * perf: enable strict mode
+  * perf: remove argument reassignments
+
+1.0.0 / 2014-08-10
+==================
+
+  * Accept valid `Vary` header string as `field`
+  * Add `vary.append` for low-level string manipulation
+  * Move to `jshttp` orgainzation
+
+0.1.0 / 2014-06-05
+==================
+
+  * Support array of fields to set
+
+0.0.0 / 2014-06-04
+==================
+
+  * Initial release
diff --git a/src/Servers/ExpressServer/node_modules/vary/LICENSE b/src/Servers/ExpressServer/node_modules/vary/LICENSE
new file mode 100644
index 0000000..84441fb
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/vary/LICENSE
@@ -0,0 +1,22 @@
+(The MIT License)
+
+Copyright (c) 2014-2017 Douglas Christopher Wilson
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/vary/README.md b/src/Servers/ExpressServer/node_modules/vary/README.md
new file mode 100644
index 0000000..cc000b3
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/vary/README.md
@@ -0,0 +1,101 @@
+# vary
+
+[![NPM Version][npm-image]][npm-url]
+[![NPM Downloads][downloads-image]][downloads-url]
+[![Node.js Version][node-version-image]][node-version-url]
+[![Build Status][travis-image]][travis-url]
+[![Test Coverage][coveralls-image]][coveralls-url]
+
+Manipulate the HTTP Vary header
+
+## Installation
+
+This is a [Node.js](https://nodejs.org/en/) module available through the
+[npm registry](https://www.npmjs.com/). Installation is done using the
+[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally): 
+
+```sh
+$ npm install vary
+```
+
+## API
+
+<!-- eslint-disable no-unused-vars -->
+
+```js
+var vary = require('vary')
+```
+
+### vary(res, field)
+
+Adds the given header `field` to the `Vary` response header of `res`.
+This can be a string of a single field, a string of a valid `Vary`
+header, or an array of multiple fields.
+
+This will append the header if not already listed, otherwise leaves
+it listed in the current location.
+
+<!-- eslint-disable no-undef -->
+
+```js
+// Append "Origin" to the Vary header of the response
+vary(res, 'Origin')
+```
+
+### vary.append(header, field)
+
+Adds the given header `field` to the `Vary` response header string `header`.
+This can be a string of a single field, a string of a valid `Vary` header,
+or an array of multiple fields.
+
+This will append the header if not already listed, otherwise leaves
+it listed in the current location. The new header string is returned.
+
+<!-- eslint-disable no-undef -->
+
+```js
+// Get header string appending "Origin" to "Accept, User-Agent"
+vary.append('Accept, User-Agent', 'Origin')
+```
+
+## Examples
+
+### Updating the Vary header when content is based on it
+
+```js
+var http = require('http')
+var vary = require('vary')
+
+http.createServer(function onRequest (req, res) {
+  // about to user-agent sniff
+  vary(res, 'User-Agent')
+
+  var ua = req.headers['user-agent'] || ''
+  var isMobile = /mobi|android|touch|mini/i.test(ua)
+
+  // serve site, depending on isMobile
+  res.setHeader('Content-Type', 'text/html')
+  res.end('You are (probably) ' + (isMobile ? '' : 'not ') + 'a mobile user')
+})
+```
+
+## Testing
+
+```sh
+$ npm test
+```
+
+## License
+
+[MIT](LICENSE)
+
+[npm-image]: https://img.shields.io/npm/v/vary.svg
+[npm-url]: https://npmjs.org/package/vary
+[node-version-image]: https://img.shields.io/node/v/vary.svg
+[node-version-url]: https://nodejs.org/en/download
+[travis-image]: https://img.shields.io/travis/jshttp/vary/master.svg
+[travis-url]: https://travis-ci.org/jshttp/vary
+[coveralls-image]: https://img.shields.io/coveralls/jshttp/vary/master.svg
+[coveralls-url]: https://coveralls.io/r/jshttp/vary
+[downloads-image]: https://img.shields.io/npm/dm/vary.svg
+[downloads-url]: https://npmjs.org/package/vary
diff --git a/src/Servers/ExpressServer/node_modules/vary/index.js b/src/Servers/ExpressServer/node_modules/vary/index.js
new file mode 100644
index 0000000..5b5e741
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/vary/index.js
@@ -0,0 +1,149 @@
+/*!
+ * vary
+ * Copyright(c) 2014-2017 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+
+'use strict'
+
+/**
+ * Module exports.
+ */
+
+module.exports = vary
+module.exports.append = append
+
+/**
+ * RegExp to match field-name in RFC 7230 sec 3.2
+ *
+ * field-name    = token
+ * token         = 1*tchar
+ * tchar         = "!" / "#" / "$" / "%" / "&" / "'" / "*"
+ *               / "+" / "-" / "." / "^" / "_" / "`" / "|" / "~"
+ *               / DIGIT / ALPHA
+ *               ; any VCHAR, except delimiters
+ */
+
+var FIELD_NAME_REGEXP = /^[!#$%&'*+\-.^_`|~0-9A-Za-z]+$/
+
+/**
+ * Append a field to a vary header.
+ *
+ * @param {String} header
+ * @param {String|Array} field
+ * @return {String}
+ * @public
+ */
+
+function append (header, field) {
+  if (typeof header !== 'string') {
+    throw new TypeError('header argument is required')
+  }
+
+  if (!field) {
+    throw new TypeError('field argument is required')
+  }
+
+  // get fields array
+  var fields = !Array.isArray(field)
+    ? parse(String(field))
+    : field
+
+  // assert on invalid field names
+  for (var j = 0; j < fields.length; j++) {
+    if (!FIELD_NAME_REGEXP.test(fields[j])) {
+      throw new TypeError('field argument contains an invalid header name')
+    }
+  }
+
+  // existing, unspecified vary
+  if (header === '*') {
+    return header
+  }
+
+  // enumerate current values
+  var val = header
+  var vals = parse(header.toLowerCase())
+
+  // unspecified vary
+  if (fields.indexOf('*') !== -1 || vals.indexOf('*') !== -1) {
+    return '*'
+  }
+
+  for (var i = 0; i < fields.length; i++) {
+    var fld = fields[i].toLowerCase()
+
+    // append value (case-preserving)
+    if (vals.indexOf(fld) === -1) {
+      vals.push(fld)
+      val = val
+        ? val + ', ' + fields[i]
+        : fields[i]
+    }
+  }
+
+  return val
+}
+
+/**
+ * Parse a vary header into an array.
+ *
+ * @param {String} header
+ * @return {Array}
+ * @private
+ */
+
+function parse (header) {
+  var end = 0
+  var list = []
+  var start = 0
+
+  // gather tokens
+  for (var i = 0, len = header.length; i < len; i++) {
+    switch (header.charCodeAt(i)) {
+      case 0x20: /*   */
+        if (start === end) {
+          start = end = i + 1
+        }
+        break
+      case 0x2c: /* , */
+        list.push(header.substring(start, end))
+        start = end = i + 1
+        break
+      default:
+        end = i + 1
+        break
+    }
+  }
+
+  // final token
+  list.push(header.substring(start, end))
+
+  return list
+}
+
+/**
+ * Mark that a request is varied on a header field.
+ *
+ * @param {Object} res
+ * @param {String|Array} field
+ * @public
+ */
+
+function vary (res, field) {
+  if (!res || !res.getHeader || !res.setHeader) {
+    // quack quack
+    throw new TypeError('res argument is required')
+  }
+
+  // get existing header
+  var val = res.getHeader('Vary') || ''
+  var header = Array.isArray(val)
+    ? val.join(', ')
+    : String(val)
+
+  // set new header
+  if ((val = append(header, field))) {
+    res.setHeader('Vary', val)
+  }
+}
diff --git a/src/Servers/ExpressServer/node_modules/vary/package.json b/src/Servers/ExpressServer/node_modules/vary/package.json
new file mode 100644
index 0000000..028f72a
--- /dev/null
+++ b/src/Servers/ExpressServer/node_modules/vary/package.json
@@ -0,0 +1,43 @@
+{
+  "name": "vary",
+  "description": "Manipulate the HTTP Vary header",
+  "version": "1.1.2",
+  "author": "Douglas Christopher Wilson <doug@somethingdoug.com>",
+  "license": "MIT",
+  "keywords": [
+    "http",
+    "res",
+    "vary"
+  ],
+  "repository": "jshttp/vary",
+  "devDependencies": {
+    "beautify-benchmark": "0.2.4",
+    "benchmark": "2.1.4",
+    "eslint": "3.19.0",
+    "eslint-config-standard": "10.2.1",
+    "eslint-plugin-import": "2.7.0",
+    "eslint-plugin-markdown": "1.0.0-beta.6",
+    "eslint-plugin-node": "5.1.1",
+    "eslint-plugin-promise": "3.5.0",
+    "eslint-plugin-standard": "3.0.1",
+    "istanbul": "0.4.5",
+    "mocha": "2.5.3",
+    "supertest": "1.1.0"
+  },
+  "files": [
+    "HISTORY.md",
+    "LICENSE",
+    "README.md",
+    "index.js"
+  ],
+  "engines": {
+    "node": ">= 0.8"
+  },
+  "scripts": {
+    "bench": "node benchmark/index.js",
+    "lint": "eslint --plugin markdown --ext js,md .",
+    "test": "mocha --reporter spec --bail --check-leaks test/",
+    "test-cov": "istanbul cover node_modules/mocha/bin/_mocha -- --reporter dot --check-leaks test/",
+    "test-travis": "istanbul cover node_modules/mocha/bin/_mocha --report lcovonly -- --reporter spec --check-leaks test/"
+  }
+}
diff --git a/src/Servers/ExpressServer/package-lock.json b/src/Servers/ExpressServer/package-lock.json
new file mode 100644
index 0000000..63a1f0a
--- /dev/null
+++ b/src/Servers/ExpressServer/package-lock.json
@@ -0,0 +1,757 @@
+{
+  "name": "express-server",
+  "lockfileVersion": 3,
+  "requires": true,
+  "packages": {
+    "": {
+      "name": "express-server",
+      "dependencies": {
+        "express": "^4.21.0"
+      }
+    },
+    "node_modules/accepts": {
+      "version": "1.3.8",
+      "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz",
+      "integrity": "sha512-PYAthTa2m2VKxuvSD3DPC/Gy+U+sOA1LAuT8mkmRuvw+NACSaeXEQ+NHcVF7rONl6qcaxV3Uuemwawk+7+SJLw==",
+      "dependencies": {
+        "mime-types": "~2.1.34",
+        "negotiator": "0.6.3"
+      },
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/array-flatten": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz",
+      "integrity": "sha512-PCVAQswWemu6UdxsDFFX/+gVeYqKAod3D3UVm91jHwynguOwAvYPhx8nNlM++NqRcK6CxxpUafjmhIdKiHibqg=="
+    },
+    "node_modules/body-parser": {
+      "version": "1.20.4",
+      "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.4.tgz",
+      "integrity": "sha512-ZTgYYLMOXY9qKU/57FAo8F+HA2dGX7bqGc71txDRC1rS4frdFI5R7NhluHxH6M0YItAP0sHB4uqAOcYKxO6uGA==",
+      "dependencies": {
+        "bytes": "~3.1.2",
+        "content-type": "~1.0.5",
+        "debug": "2.6.9",
+        "depd": "2.0.0",
+        "destroy": "~1.2.0",
+        "http-errors": "~2.0.1",
+        "iconv-lite": "~0.4.24",
+        "on-finished": "~2.4.1",
+        "qs": "~6.14.0",
+        "raw-body": "~2.5.3",
+        "type-is": "~1.6.18",
+        "unpipe": "~1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.8",
+        "npm": "1.2.8000 || >= 1.4.16"
+      }
+    },
+    "node_modules/bytes": {
+      "version": "3.1.2",
+      "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz",
+      "integrity": "sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg==",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/call-bind-apply-helpers": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz",
+      "integrity": "sha512-Sp1ablJ0ivDkSzjcaJdxEunN5/XvksFJ2sMBFfq6x0ryhQV/2b/KwFe21cMpmHtPOSij8K99/wSfoEuTObmuMQ==",
+      "dependencies": {
+        "es-errors": "^1.3.0",
+        "function-bind": "^1.1.2"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/call-bound": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/call-bound/-/call-bound-1.0.4.tgz",
+      "integrity": "sha512-+ys997U96po4Kx/ABpBCqhA9EuxJaQWDQg7295H4hBphv3IZg0boBKuwYpt4YXp6MZ5AmZQnU/tyMTlRpaSejg==",
+      "dependencies": {
+        "call-bind-apply-helpers": "^1.0.2",
+        "get-intrinsic": "^1.3.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/content-disposition": {
+      "version": "0.5.4",
+      "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.4.tgz",
+      "integrity": "sha512-FveZTNuGw04cxlAiWbzi6zTAL/lhehaWbTtgluJh4/E95DqMwTmha3KZN1aAWA8cFIhHzMZUvLevkw5Rqk+tSQ==",
+      "dependencies": {
+        "safe-buffer": "5.2.1"
+      },
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/content-type": {
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz",
+      "integrity": "sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA==",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/cookie": {
+      "version": "0.7.2",
+      "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.2.tgz",
+      "integrity": "sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w==",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/cookie-signature": {
+      "version": "1.0.7",
+      "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.7.tgz",
+      "integrity": "sha512-NXdYc3dLr47pBkpUCHtKSwIOQXLVn8dZEuywboCOJY/osA0wFSLlSawr3KN8qXJEyX66FcONTH8EIlVuK0yyFA=="
+    },
+    "node_modules/debug": {
+      "version": "2.6.9",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
+      "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==",
+      "dependencies": {
+        "ms": "2.0.0"
+      }
+    },
+    "node_modules/depd": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz",
+      "integrity": "sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw==",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/destroy": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/destroy/-/destroy-1.2.0.tgz",
+      "integrity": "sha512-2sJGJTaXIIaR1w4iJSNoN0hnMY7Gpc/n8D4qSCJw8QqFWXf7cuAgnEHxBpweaVcPevC2l3KpjYCx3NypQQgaJg==",
+      "engines": {
+        "node": ">= 0.8",
+        "npm": "1.2.8000 || >= 1.4.16"
+      }
+    },
+    "node_modules/dunder-proto": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/dunder-proto/-/dunder-proto-1.0.1.tgz",
+      "integrity": "sha512-KIN/nDJBQRcXw0MLVhZE9iQHmG68qAVIBg9CqmUYjmQIhgij9U5MFvrqkUL5FbtyyzZuOeOt0zdeRe4UY7ct+A==",
+      "dependencies": {
+        "call-bind-apply-helpers": "^1.0.1",
+        "es-errors": "^1.3.0",
+        "gopd": "^1.2.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/ee-first": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz",
+      "integrity": "sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow=="
+    },
+    "node_modules/encodeurl": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-2.0.0.tgz",
+      "integrity": "sha512-Q0n9HRi4m6JuGIV1eFlmvJB7ZEVxu93IrMyiMsGC0lrMJMWzRgx6WGquyfQgZVb31vhGgXnfmPNNXmxnOkRBrg==",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/es-define-property": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.1.tgz",
+      "integrity": "sha512-e3nRfgfUZ4rNGL232gUgX06QNyyez04KdjFrF+LTRoOXmrOgFKDg4BCdsjW8EnT69eqdYGmRpJwiPVYNrCaW3g==",
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/es-errors": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz",
+      "integrity": "sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw==",
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/es-object-atoms": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/es-object-atoms/-/es-object-atoms-1.1.1.tgz",
+      "integrity": "sha512-FGgH2h8zKNim9ljj7dankFPcICIK9Cp5bm+c2gQSYePhpaG5+esrLODihIorn+Pe6FGJzWhXQotPv73jTaldXA==",
+      "dependencies": {
+        "es-errors": "^1.3.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/escape-html": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz",
+      "integrity": "sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow=="
+    },
+    "node_modules/etag": {
+      "version": "1.8.1",
+      "resolved": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz",
+      "integrity": "sha512-aIL5Fx7mawVa300al2BnEE4iNvo1qETxLrPI/o05L7z6go7fCw1J6EQmbK4FmJ2AS7kgVF/KEZWufBfdClMcPg==",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/express": {
+      "version": "4.22.1",
+      "resolved": "https://registry.npmjs.org/express/-/express-4.22.1.tgz",
+      "integrity": "sha512-F2X8g9P1X7uCPZMA3MVf9wcTqlyNp7IhH5qPCI0izhaOIYXaW9L535tGA3qmjRzpH+bZczqq7hVKxTR4NWnu+g==",
+      "dependencies": {
+        "accepts": "~1.3.8",
+        "array-flatten": "1.1.1",
+        "body-parser": "~1.20.3",
+        "content-disposition": "~0.5.4",
+        "content-type": "~1.0.4",
+        "cookie": "~0.7.1",
+        "cookie-signature": "~1.0.6",
+        "debug": "2.6.9",
+        "depd": "2.0.0",
+        "encodeurl": "~2.0.0",
+        "escape-html": "~1.0.3",
+        "etag": "~1.8.1",
+        "finalhandler": "~1.3.1",
+        "fresh": "~0.5.2",
+        "http-errors": "~2.0.0",
+        "merge-descriptors": "1.0.3",
+        "methods": "~1.1.2",
+        "on-finished": "~2.4.1",
+        "parseurl": "~1.3.3",
+        "path-to-regexp": "~0.1.12",
+        "proxy-addr": "~2.0.7",
+        "qs": "~6.14.0",
+        "range-parser": "~1.2.1",
+        "safe-buffer": "5.2.1",
+        "send": "~0.19.0",
+        "serve-static": "~1.16.2",
+        "setprototypeof": "1.2.0",
+        "statuses": "~2.0.1",
+        "type-is": "~1.6.18",
+        "utils-merge": "1.0.1",
+        "vary": "~1.1.2"
+      },
+      "engines": {
+        "node": ">= 0.10.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/express"
+      }
+    },
+    "node_modules/finalhandler": {
+      "version": "1.3.2",
+      "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.3.2.tgz",
+      "integrity": "sha512-aA4RyPcd3badbdABGDuTXCMTtOneUCAYH/gxoYRTZlIJdF0YPWuGqiAsIrhNnnqdXGswYk6dGujem4w80UJFhg==",
+      "dependencies": {
+        "debug": "2.6.9",
+        "encodeurl": "~2.0.0",
+        "escape-html": "~1.0.3",
+        "on-finished": "~2.4.1",
+        "parseurl": "~1.3.3",
+        "statuses": "~2.0.2",
+        "unpipe": "~1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/forwarded": {
+      "version": "0.2.0",
+      "resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz",
+      "integrity": "sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow==",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/fresh": {
+      "version": "0.5.2",
+      "resolved": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz",
+      "integrity": "sha512-zJ2mQYM18rEFOudeV4GShTGIQ7RbzA7ozbU9I/XBpm7kqgMywgmylMwXHxZJmkVoYkna9d2pVXVXPdYTP9ej8Q==",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/function-bind": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz",
+      "integrity": "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==",
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/get-intrinsic": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.3.0.tgz",
+      "integrity": "sha512-9fSjSaos/fRIVIp+xSJlE6lfwhES7LNtKaCBIamHsjr2na1BiABJPo0mOjjz8GJDURarmCPGqaiVg5mfjb98CQ==",
+      "dependencies": {
+        "call-bind-apply-helpers": "^1.0.2",
+        "es-define-property": "^1.0.1",
+        "es-errors": "^1.3.0",
+        "es-object-atoms": "^1.1.1",
+        "function-bind": "^1.1.2",
+        "get-proto": "^1.0.1",
+        "gopd": "^1.2.0",
+        "has-symbols": "^1.1.0",
+        "hasown": "^2.0.2",
+        "math-intrinsics": "^1.1.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/get-proto": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/get-proto/-/get-proto-1.0.1.tgz",
+      "integrity": "sha512-sTSfBjoXBp89JvIKIefqw7U2CCebsc74kiY6awiGogKtoSGbgjYE/G/+l9sF3MWFPNc9IcoOC4ODfKHfxFmp0g==",
+      "dependencies": {
+        "dunder-proto": "^1.0.1",
+        "es-object-atoms": "^1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/gopd": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/gopd/-/gopd-1.2.0.tgz",
+      "integrity": "sha512-ZUKRh6/kUFoAiTAtTYPZJ3hw9wNxx+BIBOijnlG9PnrJsCcSjs1wyyD6vJpaYtgnzDrKYRSqf3OO6Rfa93xsRg==",
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/has-symbols": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.1.0.tgz",
+      "integrity": "sha512-1cDNdwJ2Jaohmb3sg4OmKaMBwuC48sYni5HUw2DvsC8LjGTLK9h+eb1X6RyuOHe4hT0ULCW68iomhjUoKUqlPQ==",
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/hasown": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz",
+      "integrity": "sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ==",
+      "dependencies": {
+        "function-bind": "^1.1.2"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/http-errors": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.1.tgz",
+      "integrity": "sha512-4FbRdAX+bSdmo4AUFuS0WNiPz8NgFt+r8ThgNWmlrjQjt1Q7ZR9+zTlce2859x4KSXrwIsaeTqDoKQmtP8pLmQ==",
+      "dependencies": {
+        "depd": "~2.0.0",
+        "inherits": "~2.0.4",
+        "setprototypeof": "~1.2.0",
+        "statuses": "~2.0.2",
+        "toidentifier": "~1.0.1"
+      },
+      "engines": {
+        "node": ">= 0.8"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/express"
+      }
+    },
+    "node_modules/iconv-lite": {
+      "version": "0.4.24",
+      "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz",
+      "integrity": "sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==",
+      "dependencies": {
+        "safer-buffer": ">= 2.1.2 < 3"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/inherits": {
+      "version": "2.0.4",
+      "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz",
+      "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ=="
+    },
+    "node_modules/ipaddr.js": {
+      "version": "1.9.1",
+      "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz",
+      "integrity": "sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==",
+      "engines": {
+        "node": ">= 0.10"
+      }
+    },
+    "node_modules/math-intrinsics": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/math-intrinsics/-/math-intrinsics-1.1.0.tgz",
+      "integrity": "sha512-/IXtbwEk5HTPyEwyKX6hGkYXxM9nbj64B+ilVJnC/R6B0pH5G4V3b0pVbL7DBj4tkhBAppbQUlf6F6Xl9LHu1g==",
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/media-typer": {
+      "version": "0.3.0",
+      "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz",
+      "integrity": "sha512-dq+qelQ9akHpcOl/gUVRTxVIOkAJ1wR3QAvb4RsVjS8oVoFjDGTc679wJYmUmknUF5HwMLOgb5O+a3KxfWapPQ==",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/merge-descriptors": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.3.tgz",
+      "integrity": "sha512-gaNvAS7TZ897/rVaZ0nMtAyxNyi/pdbjbAwUpFQpN70GqnVfOiXpeUUMKRBmzXaSQ8DdTX4/0ms62r2K+hE6mQ==",
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/methods": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz",
+      "integrity": "sha512-iclAHeNqNm68zFtnZ0e+1L2yUIdvzNoauKU4WBA3VvH/vPFieF7qfRlwUZU+DA9P9bPXIS90ulxoUoCH23sV2w==",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/mime": {
+      "version": "1.6.0",
+      "resolved": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz",
+      "integrity": "sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg==",
+      "bin": {
+        "mime": "cli.js"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/mime-db": {
+      "version": "1.52.0",
+      "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz",
+      "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/mime-types": {
+      "version": "2.1.35",
+      "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz",
+      "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==",
+      "dependencies": {
+        "mime-db": "1.52.0"
+      },
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/ms": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
+      "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A=="
+    },
+    "node_modules/negotiator": {
+      "version": "0.6.3",
+      "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz",
+      "integrity": "sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg==",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/object-inspect": {
+      "version": "1.13.4",
+      "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.4.tgz",
+      "integrity": "sha512-W67iLl4J2EXEGTbfeHCffrjDfitvLANg0UlX3wFUUSTx92KXRFegMHUVgSqE+wvhAbi4WqjGg9czysTV2Epbew==",
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/on-finished": {
+      "version": "2.4.1",
+      "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz",
+      "integrity": "sha512-oVlzkg3ENAhCk2zdv7IJwd/QUD4z2RxRwpkcGY8psCVcCYZNq4wYnVWALHM+brtuJjePWiYF/ClmuDr8Ch5+kg==",
+      "dependencies": {
+        "ee-first": "1.1.1"
+      },
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/parseurl": {
+      "version": "1.3.3",
+      "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz",
+      "integrity": "sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ==",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/path-to-regexp": {
+      "version": "0.1.12",
+      "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.12.tgz",
+      "integrity": "sha512-RA1GjUVMnvYFxuqovrEqZoxxW5NUZqbwKtYz/Tt7nXerk0LbLblQmrsgdeOxV5SFHf0UDggjS/bSeOZwt1pmEQ=="
+    },
+    "node_modules/proxy-addr": {
+      "version": "2.0.7",
+      "resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz",
+      "integrity": "sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==",
+      "dependencies": {
+        "forwarded": "0.2.0",
+        "ipaddr.js": "1.9.1"
+      },
+      "engines": {
+        "node": ">= 0.10"
+      }
+    },
+    "node_modules/qs": {
+      "version": "6.14.2",
+      "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.2.tgz",
+      "integrity": "sha512-V/yCWTTF7VJ9hIh18Ugr2zhJMP01MY7c5kh4J870L7imm6/DIzBsNLTXzMwUA3yZ5b/KBqLx8Kp3uRvd7xSe3Q==",
+      "dependencies": {
+        "side-channel": "^1.1.0"
+      },
+      "engines": {
+        "node": ">=0.6"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/range-parser": {
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz",
+      "integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/raw-body": {
+      "version": "2.5.3",
+      "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.3.tgz",
+      "integrity": "sha512-s4VSOf6yN0rvbRZGxs8Om5CWj6seneMwK3oDb4lWDH0UPhWcxwOWw5+qk24bxq87szX1ydrwylIOp2uG1ojUpA==",
+      "dependencies": {
+        "bytes": "~3.1.2",
+        "http-errors": "~2.0.1",
+        "iconv-lite": "~0.4.24",
+        "unpipe": "~1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/safe-buffer": {
+      "version": "5.2.1",
+      "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz",
+      "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/feross"
+        },
+        {
+          "type": "patreon",
+          "url": "https://www.patreon.com/feross"
+        },
+        {
+          "type": "consulting",
+          "url": "https://feross.org/support"
+        }
+      ]
+    },
+    "node_modules/safer-buffer": {
+      "version": "2.1.2",
+      "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz",
+      "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg=="
+    },
+    "node_modules/send": {
+      "version": "0.19.2",
+      "resolved": "https://registry.npmjs.org/send/-/send-0.19.2.tgz",
+      "integrity": "sha512-VMbMxbDeehAxpOtWJXlcUS5E8iXh6QmN+BkRX1GARS3wRaXEEgzCcB10gTQazO42tpNIya8xIyNx8fll1OFPrg==",
+      "dependencies": {
+        "debug": "2.6.9",
+        "depd": "2.0.0",
+        "destroy": "1.2.0",
+        "encodeurl": "~2.0.0",
+        "escape-html": "~1.0.3",
+        "etag": "~1.8.1",
+        "fresh": "~0.5.2",
+        "http-errors": "~2.0.1",
+        "mime": "1.6.0",
+        "ms": "2.1.3",
+        "on-finished": "~2.4.1",
+        "range-parser": "~1.2.1",
+        "statuses": "~2.0.2"
+      },
+      "engines": {
+        "node": ">= 0.8.0"
+      }
+    },
+    "node_modules/send/node_modules/ms": {
+      "version": "2.1.3",
+      "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
+      "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA=="
+    },
+    "node_modules/serve-static": {
+      "version": "1.16.3",
+      "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-1.16.3.tgz",
+      "integrity": "sha512-x0RTqQel6g5SY7Lg6ZreMmsOzncHFU7nhnRWkKgWuMTu5NN0DR5oruckMqRvacAN9d5w6ARnRBXl9xhDCgfMeA==",
+      "dependencies": {
+        "encodeurl": "~2.0.0",
+        "escape-html": "~1.0.3",
+        "parseurl": "~1.3.3",
+        "send": "~0.19.1"
+      },
+      "engines": {
+        "node": ">= 0.8.0"
+      }
+    },
+    "node_modules/setprototypeof": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz",
+      "integrity": "sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw=="
+    },
+    "node_modules/side-channel": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.1.0.tgz",
+      "integrity": "sha512-ZX99e6tRweoUXqR+VBrslhda51Nh5MTQwou5tnUDgbtyM0dBgmhEDtWGP/xbKn6hqfPRHujUNwz5fy/wbbhnpw==",
+      "dependencies": {
+        "es-errors": "^1.3.0",
+        "object-inspect": "^1.13.3",
+        "side-channel-list": "^1.0.0",
+        "side-channel-map": "^1.0.1",
+        "side-channel-weakmap": "^1.0.2"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/side-channel-list": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/side-channel-list/-/side-channel-list-1.0.0.tgz",
+      "integrity": "sha512-FCLHtRD/gnpCiCHEiJLOwdmFP+wzCmDEkc9y7NsYxeF4u7Btsn1ZuwgwJGxImImHicJArLP4R0yX4c2KCrMrTA==",
+      "dependencies": {
+        "es-errors": "^1.3.0",
+        "object-inspect": "^1.13.3"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/side-channel-map": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/side-channel-map/-/side-channel-map-1.0.1.tgz",
+      "integrity": "sha512-VCjCNfgMsby3tTdo02nbjtM/ewra6jPHmpThenkTYh8pG9ucZ/1P8So4u4FGBek/BjpOVsDCMoLA/iuBKIFXRA==",
+      "dependencies": {
+        "call-bound": "^1.0.2",
+        "es-errors": "^1.3.0",
+        "get-intrinsic": "^1.2.5",
+        "object-inspect": "^1.13.3"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/side-channel-weakmap": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/side-channel-weakmap/-/side-channel-weakmap-1.0.2.tgz",
+      "integrity": "sha512-WPS/HvHQTYnHisLo9McqBHOJk2FkHO/tlpvldyrnem4aeQp4hai3gythswg6p01oSoTl58rcpiFAjF2br2Ak2A==",
+      "dependencies": {
+        "call-bound": "^1.0.2",
+        "es-errors": "^1.3.0",
+        "get-intrinsic": "^1.2.5",
+        "object-inspect": "^1.13.3",
+        "side-channel-map": "^1.0.1"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/statuses": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.2.tgz",
+      "integrity": "sha512-DvEy55V3DB7uknRo+4iOGT5fP1slR8wQohVdknigZPMpMstaKJQWhwiYBACJE3Ul2pTnATihhBYnRhZQHGBiRw==",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/toidentifier": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz",
+      "integrity": "sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA==",
+      "engines": {
+        "node": ">=0.6"
+      }
+    },
+    "node_modules/type-is": {
+      "version": "1.6.18",
+      "resolved": "https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz",
+      "integrity": "sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==",
+      "dependencies": {
+        "media-typer": "0.3.0",
+        "mime-types": "~2.1.24"
+      },
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/unpipe": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz",
+      "integrity": "sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ==",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/utils-merge": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz",
+      "integrity": "sha512-pMZTvIkT1d+TFGvDOqodOclx0QWkkgi6Tdoa8gC8ffGAAqz9pzPTZWAybbsHHoED/ztMtkv/VoYTYyShUn81hA==",
+      "engines": {
+        "node": ">= 0.4.0"
+      }
+    },
+    "node_modules/vary": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz",
+      "integrity": "sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg==",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    }
+  }
+}
diff --git a/src/Servers/ExpressServer/server.js b/src/Servers/ExpressServer/server.js
index 1064a7f..a1aafd4 100644
--- a/src/Servers/ExpressServer/server.js
+++ b/src/Servers/ExpressServer/server.js
@@ -7,8 +7,10 @@ app.get("/", (_req, res) => {
   res.send("OK");
 });
 
-app.post("/", (_req, res) => {
-  res.send("OK");
+app.post("/", (req, res) => {
+  const chunks = [];
+  req.on("data", (chunk) => chunks.push(chunk));
+  req.on("end", () => res.send(Buffer.concat(chunks)));
 });
 
 app.listen(port, "127.0.0.1", () => {
diff --git a/src/Servers/FastHttpServer/main.go b/src/Servers/FastHttpServer/main.go
index dfcd5b5..02cf6e7 100644
--- a/src/Servers/FastHttpServer/main.go
+++ b/src/Servers/FastHttpServer/main.go
@@ -14,6 +14,10 @@ func main() {
 
 	handler := func(ctx *fasthttp.RequestCtx) {
 		ctx.SetStatusCode(200)
+		if string(ctx.Method()) == "POST" {
+			ctx.SetBody(ctx.Request.Body())
+			return
+		}
 		ctx.SetBodyString("OK")
 	}
 
diff --git a/src/Servers/FlaskServer/app.py b/src/Servers/FlaskServer/app.py
index 857ee75..dc37f53 100644
--- a/src/Servers/FlaskServer/app.py
+++ b/src/Servers/FlaskServer/app.py
@@ -1,5 +1,5 @@
 import sys
-from flask import Flask
+from flask import Flask, request
 from werkzeug.routing import Rule
 
 app = Flask(__name__)
@@ -9,6 +9,8 @@
 
 @app.endpoint('catch_all')
 def catch_all(path):
+    if request.method == 'POST':
+        return request.get_data(as_text=True)
     return "OK"
 
 if __name__ == "__main__":
diff --git a/src/Servers/GenHttpServer/GenHttpServer.csproj b/src/Servers/GenHttpServer/GenHttpServer.csproj
index c423eff..57d2c3c 100644
--- a/src/Servers/GenHttpServer/GenHttpServer.csproj
+++ b/src/Servers/GenHttpServer/GenHttpServer.csproj
@@ -8,6 +8,7 @@
 
   <ItemGroup>
     <PackageReference Include="GenHTTP.Core" Version="10.4.2" />
+    <PackageReference Include="GenHTTP.Modules.Functional" Version="10.4.2" />
   </ItemGroup>
 
 </Project>
diff --git a/src/Servers/GenHttpServer/Program.cs b/src/Servers/GenHttpServer/Program.cs
index 8f7b6cf..a5e0792 100644
--- a/src/Servers/GenHttpServer/Program.cs
+++ b/src/Servers/GenHttpServer/Program.cs
@@ -1,13 +1,29 @@
+using GenHTTP.Api.Content;
+using GenHTTP.Api.Protocol;
 using GenHTTP.Engine.Internal;
-using GenHTTP.Modules.IO;
+using GenHTTP.Modules.Functional;
 using GenHTTP.Modules.Practices;
 
 var port = args.Length > 0 && int.TryParse(args[0], out var p) ? p : 8080;
 
-var content = Content.From(Resource.FromString("OK"));
+var handler = Inline.Create()
+    .Get(async (IRequest request) =>
+    {
+        await ValueTask.CompletedTask;
+        return "OK";
+    })
+    .Post(async (IRequest request) =>
+    {
+        if (request.Content is not null)
+        {
+            using var reader = new StreamReader(request.Content);
+            return await reader.ReadToEndAsync();
+        }
+        return "";
+    });
 
 await Host.Create()
-    .Handler(content)
+    .Handler(handler)
     .Defaults()
     .Port((ushort)port)
     .RunAsync();
diff --git a/src/Servers/GinServer/main.go b/src/Servers/GinServer/main.go
index 121b80a..11b589b 100644
--- a/src/Servers/GinServer/main.go
+++ b/src/Servers/GinServer/main.go
@@ -1,6 +1,7 @@
 package main
 
 import (
+	"io"
 	"os"
 
 	"github.com/gin-gonic/gin"
@@ -15,6 +16,11 @@ func main() {
 	gin.SetMode(gin.ReleaseMode)
 	r := gin.New()
 	r.NoRoute(func(c *gin.Context) {
+		if c.Request.Method == "POST" {
+			body, _ := io.ReadAll(c.Request.Body)
+			c.Data(200, "text/plain", body)
+			return
+		}
 		c.String(200, "OK")
 	})
 	r.Run("0.0.0.0:" + port)
diff --git a/src/Servers/GlyphServer/Program.cs b/src/Servers/GlyphServer/Program.cs
index a55d088..00b9006 100644
--- a/src/Servers/GlyphServer/Program.cs
+++ b/src/Servers/GlyphServer/Program.cs
@@ -141,6 +141,9 @@ static async Task HandleClientAsync(TcpClient client, CancellationToken ct)
                 reader.AdvanceTo(headerBuffer.GetPosition(headerByteCount));
 
                 // ── Phase 4: consume body ──────────────────────────
+                var bodyBytes = new MemoryStream();
+                const int maxCapture = 4096;
+
                 switch (framing.Framing)
                 {
                     case BodyFraming.ContentLength:
@@ -151,6 +154,14 @@ static async Task HandleClientAsync(TcpClient client, CancellationToken ct)
                             var result = await reader.ReadAsync(ct);
                             var buffer = result.Buffer;
                             long available = Math.Min(buffer.Length, remaining);
+
+                            if (bodyBytes.Length < maxCapture)
+                            {
+                                var toCapture = (int)Math.Min(available, maxCapture - bodyBytes.Length);
+                                foreach (var seg in buffer.Slice(0, toCapture))
+                                    bodyBytes.Write(seg.Span);
+                            }
+
                             remaining -= available;
                             reader.AdvanceTo(buffer.GetPosition(available));
 
@@ -188,9 +199,16 @@ static async Task HandleClientAsync(TcpClient client, CancellationToken ct)
                             int totalConsumed = 0;
                             while (true)
                             {
-                                var cr = chunked.TryReadChunk(span[totalConsumed..], out var consumed, out _, out _);
+                                var localSpan = span[totalConsumed..];
+                                var cr = chunked.TryReadChunk(localSpan, out var consumed, out var dataOffset, out var dataLength);
                                 totalConsumed += consumed;
 
+                                if (cr == ChunkResult.Chunk && dataLength > 0 && bodyBytes.Length < maxCapture)
+                                {
+                                    var toCapture = Math.Min(dataLength, maxCapture - (int)bodyBytes.Length);
+                                    bodyBytes.Write(localSpan.Slice(dataOffset, toCapture));
+                                }
+
                                 if (cr == ChunkResult.Completed)
                                 {
                                     done = true;
@@ -221,7 +239,8 @@ static async Task HandleClientAsync(TcpClient client, CancellationToken ct)
                 }
 
                 // ── Phase 5: send response ─────────────────────────
-                var responseBytes = BuildResponse(method, path);
+                var capturedBody = bodyBytes.Length > 0 ? Encoding.ASCII.GetString(bodyBytes.ToArray()) : null;
+                var responseBytes = BuildResponse(method, path, capturedBody);
                 await stream.WriteAsync(responseBytes, ct);
             }
         }
@@ -244,9 +263,11 @@ static async Task HandleClientAsync(TcpClient client, CancellationToken ct)
     }
 }
 
-static byte[] BuildResponse(string method, string path)
+static byte[] BuildResponse(string method, string path, string? echoBody)
 {
-    var body = $"Hello from GlyphServer\r\nMethod: {method}\r\nPath: {path}\r\n";
+    var body = method == "POST" && echoBody is not null
+        ? echoBody
+        : $"Hello from GlyphServer\r\nMethod: {method}\r\nPath: {path}\r\n";
     return MakeResponse(200, "OK", body);
 }
 
diff --git a/src/Servers/GunicornServer/__pycache__/app.cpython-312.pyc b/src/Servers/GunicornServer/__pycache__/app.cpython-312.pyc
new file mode 100644
index 0000000000000000000000000000000000000000..f3857b08c2cfffea5db5636afce467248d71eedf
GIT binary patch
literal 790
zcmZ8fO-vI(6n?X_w6p>R5i1gfL@?GwmYVpNAcjC&jM@TSP2fTbJ1GlgXPuo=+7!dV
zLt~6`FhNgx)OazTxN`PVz{I-o=E+-QJs3{TRLX%bnK$#zd*AnFCiA7W)eizV_QHIE
z0Del+fZ%o1WXTp7@Dyetk3!0Va+r~mM+_`Rtt`S8C{RQOGL$s>cvyv?2nOyJSwmgE
z1i(gpz#HBow<OiaU^E$?hJFn>3If3oHS0=IF+9uT!YL@6z0!Hfd(1%4qH?6bMVv-S
zFq+pJE1%>SfU6B%Kd>g*WnGzp=iwZz;Tg!GkUw7VTpb$fOWX@7g_bdDaboc+dfp}l
zKPPKkvok5va@(dOQx79aeeOX-pGb_m>SQ9RyKQ5MxE_h?bN3_hm_G4K_A2;uPTCwa
zEj!C=a>J3&B<xien-+I*nsC?uD3!^Q2xFAFDkCXFWWB^%H5nDX9G+r)juFSEmP1@m
zhFEF7=&JM7$UE{veF6tDZIP}J%`j=2YU9LN=G4}viA^1Cf^$0@o@8{MXbxM@l7y`i
z=4i33WiC)={pVWBwg>IJi^a@3gspsk=cNc6@LfH*d9!?exP0#RS9PS~Z7T<QcfEb@
zqI=%URR#NkKf2Dm4!-Sq(^DR}_UZ9{_pQC|k?pDdt~;e@)dSauw^N^IOS#SBZlM2L
zAha6@y}!602$$4K`>E1uskMqBiteH#UTNtl-Pnl#{o{l7v%dlPf|ah*&!SZ<RtJte
z+^gQvAnXKBj1J(Pek5W%gzBgM08D-k)-J+9^Y98avKcbMIt8s?NPceNgHTQJq0V~k
EKX|ji#{d8T

literal 0
HcmV?d00001

diff --git a/src/Servers/GunicornServer/app.py b/src/Servers/GunicornServer/app.py
index ba72deb..669cbe3 100644
--- a/src/Servers/GunicornServer/app.py
+++ b/src/Servers/GunicornServer/app.py
@@ -1,3 +1,10 @@
 def app(environ, start_response):
     start_response('200 OK', [('Content-Type', 'text/plain')])
+    if environ['REQUEST_METHOD'] == 'POST':
+        try:
+            length = int(environ.get('CONTENT_LENGTH', 0) or 0)
+        except ValueError:
+            length = 0
+        body = environ['wsgi.input'].read(length) if length > 0 else b''
+        return [body]
     return [b'OK']
diff --git a/src/Servers/H2OServer/h2o.conf b/src/Servers/H2OServer/h2o.conf
index 9c4a6ae..0d297b6 100644
--- a/src/Servers/H2OServer/h2o.conf
+++ b/src/Servers/H2OServer/h2o.conf
@@ -4,4 +4,11 @@ hosts:
     paths:
       /:
         mruby.handler: |
-          proc {|env| [200, {"content-type" => "text/plain"}, ["OK"]] }
+          proc {|env|
+            if env["REQUEST_METHOD"] == "POST"
+              body = env["rack.input"] ? env["rack.input"].read : ""
+              [200, {"content-type" => "text/plain"}, [body]]
+            else
+              [200, {"content-type" => "text/plain"}, ["OK"]]
+            end
+          }
diff --git a/src/Servers/HyperServer/src/main.rs b/src/Servers/HyperServer/src/main.rs
index 66e14dd..f279878 100644
--- a/src/Servers/HyperServer/src/main.rs
+++ b/src/Servers/HyperServer/src/main.rs
@@ -9,7 +9,14 @@ use hyper::{Request, Response};
 use hyper_util::rt::TokioIo;
 use tokio::net::TcpListener;
 
-async fn handle(_req: Request<hyper::body::Incoming>) -> Result<Response<Full<Bytes>>, Infallible> {
+async fn handle(req: Request<hyper::body::Incoming>) -> Result<Response<Full<Bytes>>, Infallible> {
+    if req.method() == hyper::Method::POST {
+        let body = match http_body_util::BodyExt::collect(req.into_body()).await {
+            Ok(collected) => collected.to_bytes(),
+            Err(_) => Bytes::new(),
+        };
+        return Ok(Response::new(Full::new(body)));
+    }
     Ok(Response::new(Full::new(Bytes::from("OK"))))
 }
 
diff --git a/src/Servers/JettyServer/src/main/java/server/Application.java b/src/Servers/JettyServer/src/main/java/server/Application.java
index 65fc9c9..507d007 100644
--- a/src/Servers/JettyServer/src/main/java/server/Application.java
+++ b/src/Servers/JettyServer/src/main/java/server/Application.java
@@ -16,10 +16,15 @@ public class Application extends Handler.Abstract {
             ByteBuffer.wrap("OK".getBytes(StandardCharsets.UTF_8)).asReadOnlyBuffer();
 
     @Override
-    public boolean handle(Request request, Response response, Callback callback) {
+    public boolean handle(Request request, Response response, Callback callback) throws Exception {
         response.setStatus(200);
         response.getHeaders().put("Content-Type", "text/plain");
-        response.write(true, OK_BODY.slice(), callback);
+        if ("POST".equals(request.getMethod())) {
+            byte[] body = Request.asInputStream(request).readAllBytes();
+            response.write(true, ByteBuffer.wrap(body), callback);
+        } else {
+            response.write(true, OK_BODY.slice(), callback);
+        }
         return true;
     }
 
diff --git a/src/Servers/LighttpdServer/index.cgi b/src/Servers/LighttpdServer/index.cgi
index ad94d45..8c23b46 100644
--- a/src/Servers/LighttpdServer/index.cgi
+++ b/src/Servers/LighttpdServer/index.cgi
@@ -1,2 +1,7 @@
 #!/bin/sh
-printf 'Content-Type: text/plain\r\n\r\nOK'
+printf 'Content-Type: text/plain\r\n\r\n'
+if [ "$REQUEST_METHOD" = "POST" ]; then
+    cat
+else
+    printf 'OK'
+fi
diff --git a/src/Servers/NancyServer/Program.cs b/src/Servers/NancyServer/Program.cs
index d261f39..2b8490a 100644
--- a/src/Servers/NancyServer/Program.cs
+++ b/src/Servers/NancyServer/Program.cs
@@ -21,7 +21,13 @@ public HomeModule()
     {
         Get("/{path*}", _ => "OK");
         Get("/", _ => "OK");
-        Post("/{path*}", _ => "OK");
-        Post("/", _ => "OK");
+        Post("/{path*}", _ => EchoBody());
+        Post("/", _ => EchoBody());
+    }
+
+    private string EchoBody()
+    {
+        using var reader = new System.IO.StreamReader(Request.Body);
+        return reader.ReadToEnd();
     }
 }
diff --git a/src/Servers/NetCoreServerFramework/Program.cs b/src/Servers/NetCoreServerFramework/Program.cs
index f1cf48f..e386ab8 100644
--- a/src/Servers/NetCoreServerFramework/Program.cs
+++ b/src/Servers/NetCoreServerFramework/Program.cs
@@ -21,7 +21,10 @@ public OkHttpSession(NetCoreServer.HttpServer server) : base(server) { }
 
     protected override void OnReceivedRequest(HttpRequest request)
     {
-        SendResponseAsync(Response.MakeOkResponse(200).SetBody("OK"));
+        if (request.Method == "POST" && request.Body.Length > 0)
+            SendResponseAsync(Response.MakeOkResponse(200).SetBody(request.Body));
+        else
+            SendResponseAsync(Response.MakeOkResponse(200).SetBody("OK"));
     }
 
     protected override void OnReceivedRequestError(HttpRequest request, string error)
diff --git a/src/Servers/NodeServer/server.js b/src/Servers/NodeServer/server.js
index 5ddab47..c3439b4 100644
--- a/src/Servers/NodeServer/server.js
+++ b/src/Servers/NodeServer/server.js
@@ -3,8 +3,17 @@ const http = require('http');
 const port = parseInt(process.argv[2] || '8080', 10);
 
 const server = http.createServer((req, res) => {
-    res.writeHead(200, { 'Content-Type': 'text/plain' });
-    res.end('OK');
+    if (req.method === 'POST') {
+        const chunks = [];
+        req.on('data', (chunk) => chunks.push(chunk));
+        req.on('end', () => {
+            res.writeHead(200, { 'Content-Type': 'text/plain' });
+            res.end(Buffer.concat(chunks));
+        });
+    } else {
+        res.writeHead(200, { 'Content-Type': 'text/plain' });
+        res.end('OK');
+    }
 });
 
 server.listen(port, '0.0.0.0');
diff --git a/src/Servers/NtexServer/src/main.rs b/src/Servers/NtexServer/src/main.rs
index a1813de..cafe1aa 100644
--- a/src/Servers/NtexServer/src/main.rs
+++ b/src/Servers/NtexServer/src/main.rs
@@ -1,7 +1,16 @@
 use ntex::web;
+use ntex::util::Bytes;
 
-async fn ok() -> &'static str {
-    "OK"
+async fn handler(req: web::HttpRequest, body: Bytes) -> web::HttpResponse {
+    if req.method() == ntex::http::Method::POST {
+        web::HttpResponse::Ok()
+            .content_type("text/plain")
+            .body(body)
+    } else {
+        web::HttpResponse::Ok()
+            .content_type("text/plain")
+            .body("OK")
+    }
 }
 
 #[ntex::main]
@@ -12,7 +21,7 @@ async fn main() -> std::io::Result<()> {
         .unwrap_or(8080);
 
     web::server(|| {
-        web::App::new().default_service(web::to(ok))
+        web::App::new().default_service(web::to(handler))
     })
     .bind(("0.0.0.0", port))?
     .run()
diff --git a/src/Servers/PhpServer/index.php b/src/Servers/PhpServer/index.php
index 897c436..04d3790 100644
--- a/src/Servers/PhpServer/index.php
+++ b/src/Servers/PhpServer/index.php
@@ -1,3 +1,7 @@
 <?php
 header('Content-Type: text/plain');
-echo 'OK';
+if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+    echo file_get_contents('php://input');
+} else {
+    echo 'OK';
+}
diff --git a/src/Servers/PingoraServer/src/main.rs b/src/Servers/PingoraServer/src/main.rs
index 95fd891..e87cdd4 100644
--- a/src/Servers/PingoraServer/src/main.rs
+++ b/src/Servers/PingoraServer/src/main.rs
@@ -17,14 +17,24 @@ impl ProxyHttp for OkProxy {
         session: &mut Session,
         _ctx: &mut Self::CTX,
     ) -> Result<bool> {
+        let is_post = session.req_header().method == pingora::http::Method::POST;
+        let body = if is_post {
+            let mut buf = Vec::new();
+            while let Some(chunk) = session.read_request_body().await? {
+                buf.extend_from_slice(&chunk);
+            }
+            Bytes::from(buf)
+        } else {
+            Bytes::from_static(b"OK")
+        };
         let mut header = ResponseHeader::build(200, None)?;
         header.insert_header("Content-Type", "text/plain")?;
-        header.insert_header("Content-Length", "2")?;
+        header.insert_header("Content-Length", &body.len().to_string())?;
         session
             .write_response_header(Box::new(header), false)
             .await?;
         session
-            .write_response_body(Some(Bytes::from_static(b"OK")), true)
+            .write_response_body(Some(body), true)
             .await?;
         Ok(true)
     }
diff --git a/src/Servers/PumaServer/config.ru b/src/Servers/PumaServer/config.ru
index 35ce95a..1d4ed48 100644
--- a/src/Servers/PumaServer/config.ru
+++ b/src/Servers/PumaServer/config.ru
@@ -1,2 +1,9 @@
-app = proc { |_env| [200, { 'content-type' => 'text/plain' }, ['OK']] }
+app = proc { |env|
+  if env['REQUEST_METHOD'] == 'POST'
+    body = env['rack.input'].read
+    [200, { 'content-type' => 'text/plain' }, [body]]
+  else
+    [200, { 'content-type' => 'text/plain' }, ['OK']]
+  end
+}
 run app
diff --git a/src/Servers/QuarkusServer/src/main/java/server/Application.java b/src/Servers/QuarkusServer/src/main/java/server/Application.java
index 0f7052b..0adc237 100644
--- a/src/Servers/QuarkusServer/src/main/java/server/Application.java
+++ b/src/Servers/QuarkusServer/src/main/java/server/Application.java
@@ -1,5 +1,8 @@
 package server;
 
+import java.io.InputStream;
+import java.io.IOException;
+
 import jakarta.ws.rs.GET;
 import jakarta.ws.rs.POST;
 import jakarta.ws.rs.Path;
@@ -19,7 +22,7 @@ public String catchAll() {
     @POST
     @Path("{path:.*}")
     @Produces(MediaType.TEXT_PLAIN)
-    public String catchAllPost() {
-        return "OK";
+    public byte[] catchAllPost(InputStream body) throws IOException {
+        return body.readAllBytes();
     }
 }
diff --git a/src/Servers/ServiceStackServer/Program.cs b/src/Servers/ServiceStackServer/Program.cs
index c8acbea..5286a2c 100644
--- a/src/Servers/ServiceStackServer/Program.cs
+++ b/src/Servers/ServiceStackServer/Program.cs
@@ -4,7 +4,16 @@
 var app = builder.Build();
 
 app.UseServiceStack(new AppHost());
-app.MapFallback(() => Results.Ok("OK"));
+app.MapFallback(async (HttpContext ctx) =>
+{
+    if (ctx.Request.Method == "POST")
+    {
+        using var reader = new StreamReader(ctx.Request.Body);
+        var body = await reader.ReadToEndAsync();
+        return Results.Text(body);
+    }
+    return Results.Ok("OK");
+});
 app.Run("http://0.0.0.0:8080");
 
 class AppHost : AppHostBase
diff --git a/src/Servers/SimpleWServer/Program.cs b/src/Servers/SimpleWServer/Program.cs
index 9748b1d..2d980f5 100644
--- a/src/Servers/SimpleWServer/Program.cs
+++ b/src/Servers/SimpleWServer/Program.cs
@@ -8,8 +8,8 @@
 
 server.MapGet("/", () => "OK");
 server.MapGet("/{path}", () => "OK");
-server.MapPost("/", () => "OK");
-server.MapPost("/{path}", () => "OK");
+server.MapPost("/", (HttpSession session) => session.Request.BodyString);
+server.MapPost("/{path}", (HttpSession session) => session.Request.BodyString);
 
 Console.WriteLine($"SimpleW listening on http://localhost:{port}");
 
diff --git a/src/Servers/SiskServer/Program.cs b/src/Servers/SiskServer/Program.cs
index 1163b11..e4a0ccf 100644
--- a/src/Servers/SiskServer/Program.cs
+++ b/src/Servers/SiskServer/Program.cs
@@ -9,6 +9,11 @@
 
 app.Router.SetRoute(RouteMethod.Any, Route.AnyPath, request =>
 {
+    if (request.Method == HttpMethod.Post && request.Body is not null)
+    {
+        var body = request.Body;
+        return new HttpResponse(200).WithContent(body);
+    }
     return new HttpResponse(200).WithContent("OK");
 });
 
diff --git a/src/Servers/SpringBootServer/src/main/java/server/Application.java b/src/Servers/SpringBootServer/src/main/java/server/Application.java
index 0117c13..29661cf 100644
--- a/src/Servers/SpringBootServer/src/main/java/server/Application.java
+++ b/src/Servers/SpringBootServer/src/main/java/server/Application.java
@@ -2,10 +2,14 @@
 
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RestController;
 
+import jakarta.servlet.http.HttpServletRequest;
+import java.io.IOException;
+
 @SpringBootApplication
 @RestController
 public class Application {
@@ -14,8 +18,13 @@ public static void main(String[] args) {
         SpringApplication.run(Application.class, args);
     }
 
-    @RequestMapping(value = "/", method = {RequestMethod.GET, RequestMethod.POST})
-    public String index() {
+    @RequestMapping(value = "/", method = RequestMethod.GET)
+    public String indexGet() {
         return "OK";
     }
+
+    @RequestMapping(value = "/", method = RequestMethod.POST)
+    public byte[] indexPost(HttpServletRequest request) throws IOException {
+        return request.getInputStream().readAllBytes();
+    }
 }
diff --git a/src/Servers/TomcatServer/webapp/ok.jsp b/src/Servers/TomcatServer/webapp/ok.jsp
index 8534ce6..25d3811 100644
--- a/src/Servers/TomcatServer/webapp/ok.jsp
+++ b/src/Servers/TomcatServer/webapp/ok.jsp
@@ -1 +1,9 @@
-<%@page contentType="text/plain"%><% out.print("OK"); %>
\ No newline at end of file
+<%@page contentType="text/plain" import="java.io.*"%><%
+if ("POST".equals(request.getMethod())) {
+    InputStream in = request.getInputStream();
+    byte[] buf = in.readAllBytes();
+    out.print(new String(buf, "UTF-8"));
+} else {
+    out.print("OK");
+}
+%>
\ No newline at end of file
diff --git a/src/Servers/UvicornServer/__pycache__/app.cpython-312.pyc b/src/Servers/UvicornServer/__pycache__/app.cpython-312.pyc
new file mode 100644
index 0000000000000000000000000000000000000000..80f5291720271a87d4e2fda7362b739d2b3bffe2
GIT binary patch
literal 1038
zcmZ`%OHWfl6rQ<H`T%MlN*V+sD0X3QNH8okCe{W`2#<&+#*HbRu@7kP&7BKUY!eit
zkPy+0t&v1miXr|4H>^zD7-4a_TQ|BZ=|aNFGo>~7I>|Y6&YbT&XFj#Ix)G3a<w@qa
zfY4WNGzmA98i$k-K@ZU_RKO7-DK;T+D!_}twK(915#~r-5{oF?j6Vb>!bankh*M_}
zGH<3(Npc|p74b#`w+NN)L51f+S$rhRs3aGq?BR+HTv7gK1&PQTFbSt-EsXwyRfyWe
zGMvXNaUy5sgV@8eC^a*cMCeo?EyP9KDNH<TV$<_y*O<>F5N}Z=t!uxg{u@<5gJ^{T
zhk;%1#k)AtHp=(_W5bS;qgGlcjx;_taov$7byBGD#vE5pH|cF|56uVCmSsdu$_zcv
zXp~tA)B64qP!WN7;YjLvi{`DfR>7c*Kcz+IEX|lsWbzTwk@&TvK$JDZ95qc7gqm#L
z|9etiDI%CIh&K6xAW%$E%TW@BLG#dHR)=hgBeSFq=~R;@X=au>5(95N!cmgxnfw%U
z#2ia8{%KCsX@5vd>p7~CjGof9IAv3oZfMu2p)>6&4A$R2Zt9a%V`fsDpyn(zr`?#%
zBy}@?U~14p)F?P2oMs5}@(;#7fcS>?7Le`nEyQir`?zqw@U&w~4Oi}bQG4wpfhEOm
z^Y3(YzjT$grOUS0zdEu!Qt5fs_oDCh>GhtiaCF<N*@2_w!DoY&^Xu|<AZq(URTpXx
zRNcrISe;v*t0-IT-AmGryUq5Uvi%`DIPf`eZda9jN)1UK^#_t<waUe=8+qDoU$5;8
z?#d!}i`*@Ohl^?m1y1f&-GBrM7yE1gCV0>rJAvQeSXg>{DGcf+#<5OmQ}A;=h+|#S
zW=P?BC+4z?%h3p~ui+gs`IgNfi2areIi1W*(~IUYFzXxQKcOmOjBA1)t99&8HzDy)

literal 0
HcmV?d00001

diff --git a/src/Servers/UvicornServer/app.py b/src/Servers/UvicornServer/app.py
index cd198d2..e5d9f24 100644
--- a/src/Servers/UvicornServer/app.py
+++ b/src/Servers/UvicornServer/app.py
@@ -1,4 +1,13 @@
 async def app(scope, receive, send):
+    body = b'OK'
+    if scope.get('method') == 'POST':
+        chunks = []
+        while True:
+            msg = await receive()
+            chunks.append(msg.get('body', b''))
+            if not msg.get('more_body', False):
+                break
+        body = b''.join(chunks)
     await send({
         'type': 'http.response.start',
         'status': 200,
@@ -6,5 +15,5 @@ async def app(scope, receive, send):
     })
     await send({
         'type': 'http.response.body',
-        'body': b'OK',
+        'body': body,
     })
diff --git a/src/Servers/WatsonServer/Program.cs b/src/Servers/WatsonServer/Program.cs
index 0291202..f93adc6 100644
--- a/src/Servers/WatsonServer/Program.cs
+++ b/src/Servers/WatsonServer/Program.cs
@@ -8,7 +8,16 @@
 {
     ctx.Response.StatusCode = 200;
     ctx.Response.ContentType = "text/plain";
-    await ctx.Response.Send("OK");
+    if (ctx.Request.Method == WatsonWebserver.Core.HttpMethod.POST && ctx.Request.Data != null)
+    {
+        using var reader = new StreamReader(ctx.Request.Data);
+        var body = await reader.ReadToEndAsync();
+        await ctx.Response.Send(body);
+    }
+    else
+    {
+        await ctx.Response.Send("OK");
+    }
 });
 
 server.Start();

From 2712f318734c8c092c43acd32a5f9a123073b381 Mon Sep 17 00:00:00 2001
From: Diogo Martins <diogoalves@ua.pt>
Date: Thu, 12 Feb 2026 22:00:16 +0000
Subject: [PATCH 2/2] Remove clutter files

---
 .gitignore                                    |    6 +
 docs/static/probe/data.js                     |    1 -
 .../ExpressServer/node_modules/.bin/mime      |    1 -
 .../node_modules/.package-lock.json           |  751 --
 .../node_modules/accepts/HISTORY.md           |  243 -
 .../node_modules/accepts/LICENSE              |   23 -
 .../node_modules/accepts/README.md            |  140 -
 .../node_modules/accepts/index.js             |  238 -
 .../node_modules/accepts/package.json         |   47 -
 .../node_modules/array-flatten/LICENSE        |   21 -
 .../node_modules/array-flatten/README.md      |   43 -
 .../array-flatten/array-flatten.js            |   64 -
 .../node_modules/array-flatten/package.json   |   39 -
 .../node_modules/body-parser/HISTORY.md       |  680 --
 .../node_modules/body-parser/LICENSE          |   23 -
 .../node_modules/body-parser/README.md        |  476 -
 .../node_modules/body-parser/index.js         |  156 -
 .../node_modules/body-parser/lib/read.js      |  205 -
 .../body-parser/lib/types/json.js             |  247 -
 .../node_modules/body-parser/lib/types/raw.js |  101 -
 .../body-parser/lib/types/text.js             |  121 -
 .../body-parser/lib/types/urlencoded.js       |  300 -
 .../node_modules/body-parser/package.json     |   55 -
 .../node_modules/bytes/History.md             |   97 -
 .../ExpressServer/node_modules/bytes/LICENSE  |   23 -
 .../node_modules/bytes/Readme.md              |  152 -
 .../ExpressServer/node_modules/bytes/index.js |  170 -
 .../node_modules/bytes/package.json           |   42 -
 .../call-bind-apply-helpers/.eslintrc         |   17 -
 .../.github/FUNDING.yml                       |   12 -
 .../call-bind-apply-helpers/.nycrc            |    9 -
 .../call-bind-apply-helpers/CHANGELOG.md      |   30 -
 .../call-bind-apply-helpers/LICENSE           |   21 -
 .../call-bind-apply-helpers/README.md         |   62 -
 .../call-bind-apply-helpers/actualApply.d.ts  |    1 -
 .../call-bind-apply-helpers/actualApply.js    |   10 -
 .../call-bind-apply-helpers/applyBind.d.ts    |   19 -
 .../call-bind-apply-helpers/applyBind.js      |   10 -
 .../functionApply.d.ts                        |    1 -
 .../call-bind-apply-helpers/functionApply.js  |    4 -
 .../call-bind-apply-helpers/functionCall.d.ts |    1 -
 .../call-bind-apply-helpers/functionCall.js   |    4 -
 .../call-bind-apply-helpers/index.d.ts        |   64 -
 .../call-bind-apply-helpers/index.js          |   15 -
 .../call-bind-apply-helpers/package.json      |   85 -
 .../call-bind-apply-helpers/reflectApply.d.ts |    3 -
 .../call-bind-apply-helpers/reflectApply.js   |    4 -
 .../call-bind-apply-helpers/test/index.js     |   63 -
 .../call-bind-apply-helpers/tsconfig.json     |    9 -
 .../node_modules/call-bound/.eslintrc         |   13 -
 .../call-bound/.github/FUNDING.yml            |   12 -
 .../node_modules/call-bound/.nycrc            |    9 -
 .../node_modules/call-bound/CHANGELOG.md      |   42 -
 .../node_modules/call-bound/LICENSE           |   21 -
 .../node_modules/call-bound/README.md         |   53 -
 .../node_modules/call-bound/index.d.ts        |   94 -
 .../node_modules/call-bound/index.js          |   19 -
 .../node_modules/call-bound/package.json      |   99 -
 .../node_modules/call-bound/test/index.js     |   61 -
 .../node_modules/call-bound/tsconfig.json     |   10 -
 .../content-disposition/HISTORY.md            |   60 -
 .../node_modules/content-disposition/LICENSE  |   22 -
 .../content-disposition/README.md             |  142 -
 .../node_modules/content-disposition/index.js |  458 -
 .../content-disposition/package.json          |   44 -
 .../node_modules/content-type/HISTORY.md      |   29 -
 .../node_modules/content-type/LICENSE         |   22 -
 .../node_modules/content-type/README.md       |   94 -
 .../node_modules/content-type/index.js        |  225 -
 .../node_modules/content-type/package.json    |   42 -
 .../node_modules/cookie-signature/History.md  |   42 -
 .../node_modules/cookie-signature/Readme.md   |   42 -
 .../node_modules/cookie-signature/index.js    |   51 -
 .../cookie-signature/package.json             |   18 -
 .../ExpressServer/node_modules/cookie/LICENSE |   24 -
 .../node_modules/cookie/README.md             |  317 -
 .../node_modules/cookie/SECURITY.md           |   25 -
 .../node_modules/cookie/index.js              |  335 -
 .../node_modules/cookie/package.json          |   44 -
 .../node_modules/depd/History.md              |  103 -
 .../ExpressServer/node_modules/depd/LICENSE   |   22 -
 .../ExpressServer/node_modules/depd/Readme.md |  280 -
 .../ExpressServer/node_modules/depd/index.js  |  538 --
 .../node_modules/depd/lib/browser/index.js    |   77 -
 .../node_modules/depd/package.json            |   45 -
 .../node_modules/destroy/LICENSE              |   23 -
 .../node_modules/destroy/README.md            |   63 -
 .../node_modules/destroy/index.js             |  209 -
 .../node_modules/destroy/package.json         |   48 -
 .../node_modules/dunder-proto/.eslintrc       |    5 -
 .../dunder-proto/.github/FUNDING.yml          |   12 -
 .../node_modules/dunder-proto/.nycrc          |   13 -
 .../node_modules/dunder-proto/CHANGELOG.md    |   24 -
 .../node_modules/dunder-proto/LICENSE         |   21 -
 .../node_modules/dunder-proto/README.md       |   54 -
 .../node_modules/dunder-proto/get.d.ts        |    5 -
 .../node_modules/dunder-proto/get.js          |   30 -
 .../node_modules/dunder-proto/package.json    |   76 -
 .../node_modules/dunder-proto/set.d.ts        |    5 -
 .../node_modules/dunder-proto/set.js          |   35 -
 .../node_modules/dunder-proto/test/get.js     |   34 -
 .../node_modules/dunder-proto/test/index.js   |    4 -
 .../node_modules/dunder-proto/test/set.js     |   50 -
 .../node_modules/dunder-proto/tsconfig.json   |    9 -
 .../node_modules/ee-first/LICENSE             |   22 -
 .../node_modules/ee-first/README.md           |   80 -
 .../node_modules/ee-first/index.js            |   95 -
 .../node_modules/ee-first/package.json        |   29 -
 .../node_modules/encodeurl/LICENSE            |   22 -
 .../node_modules/encodeurl/README.md          |  109 -
 .../node_modules/encodeurl/index.js           |   60 -
 .../node_modules/encodeurl/package.json       |   40 -
 .../node_modules/es-define-property/.eslintrc |   13 -
 .../es-define-property/.github/FUNDING.yml    |   12 -
 .../node_modules/es-define-property/.nycrc    |    9 -
 .../es-define-property/CHANGELOG.md           |   29 -
 .../node_modules/es-define-property/LICENSE   |   21 -
 .../node_modules/es-define-property/README.md |   49 -
 .../es-define-property/index.d.ts             |    3 -
 .../node_modules/es-define-property/index.js  |   14 -
 .../es-define-property/package.json           |   81 -
 .../es-define-property/test/index.js          |   56 -
 .../es-define-property/tsconfig.json          |   10 -
 .../node_modules/es-errors/.eslintrc          |    5 -
 .../es-errors/.github/FUNDING.yml             |   12 -
 .../node_modules/es-errors/CHANGELOG.md       |   40 -
 .../node_modules/es-errors/LICENSE            |   21 -
 .../node_modules/es-errors/README.md          |   55 -
 .../node_modules/es-errors/eval.d.ts          |    3 -
 .../node_modules/es-errors/eval.js            |    4 -
 .../node_modules/es-errors/index.d.ts         |    3 -
 .../node_modules/es-errors/index.js           |    4 -
 .../node_modules/es-errors/package.json       |   80 -
 .../node_modules/es-errors/range.d.ts         |    3 -
 .../node_modules/es-errors/range.js           |    4 -
 .../node_modules/es-errors/ref.d.ts           |    3 -
 .../node_modules/es-errors/ref.js             |    4 -
 .../node_modules/es-errors/syntax.d.ts        |    3 -
 .../node_modules/es-errors/syntax.js          |    4 -
 .../node_modules/es-errors/test/index.js      |   19 -
 .../node_modules/es-errors/tsconfig.json      |   49 -
 .../node_modules/es-errors/type.d.ts          |    3 -
 .../node_modules/es-errors/type.js            |    4 -
 .../node_modules/es-errors/uri.d.ts           |    3 -
 .../node_modules/es-errors/uri.js             |    4 -
 .../node_modules/es-object-atoms/.eslintrc    |   16 -
 .../es-object-atoms/.github/FUNDING.yml       |   12 -
 .../node_modules/es-object-atoms/CHANGELOG.md |   37 -
 .../node_modules/es-object-atoms/LICENSE      |   21 -
 .../node_modules/es-object-atoms/README.md    |   63 -
 .../RequireObjectCoercible.d.ts               |    3 -
 .../es-object-atoms/RequireObjectCoercible.js |   11 -
 .../es-object-atoms/ToObject.d.ts             |    7 -
 .../node_modules/es-object-atoms/ToObject.js  |   10 -
 .../node_modules/es-object-atoms/index.d.ts   |    3 -
 .../node_modules/es-object-atoms/index.js     |    4 -
 .../es-object-atoms/isObject.d.ts             |    3 -
 .../node_modules/es-object-atoms/isObject.js  |    6 -
 .../node_modules/es-object-atoms/package.json |   80 -
 .../es-object-atoms/test/index.js             |   38 -
 .../es-object-atoms/tsconfig.json             |    6 -
 .../node_modules/escape-html/LICENSE          |   24 -
 .../node_modules/escape-html/Readme.md        |   43 -
 .../node_modules/escape-html/index.js         |   78 -
 .../node_modules/escape-html/package.json     |   24 -
 .../node_modules/etag/HISTORY.md              |   83 -
 .../ExpressServer/node_modules/etag/LICENSE   |   22 -
 .../ExpressServer/node_modules/etag/README.md |  159 -
 .../ExpressServer/node_modules/etag/index.js  |  131 -
 .../node_modules/etag/package.json            |   47 -
 .../node_modules/express/History.md           | 3667 -------
 .../node_modules/express/LICENSE              |   24 -
 .../node_modules/express/Readme.md            |  260 -
 .../node_modules/express/index.js             |   11 -
 .../node_modules/express/lib/application.js   |  661 --
 .../node_modules/express/lib/express.js       |  116 -
 .../express/lib/middleware/init.js            |   43 -
 .../express/lib/middleware/query.js           |   47 -
 .../node_modules/express/lib/request.js       |  525 -
 .../node_modules/express/lib/response.js      | 1179 ---
 .../node_modules/express/lib/router/index.js  |  673 --
 .../node_modules/express/lib/router/layer.js  |  181 -
 .../node_modules/express/lib/router/route.js  |  230 -
 .../node_modules/express/lib/utils.js         |  303 -
 .../node_modules/express/lib/view.js          |  182 -
 .../node_modules/express/package.json         |  102 -
 .../node_modules/finalhandler/HISTORY.md      |  216 -
 .../node_modules/finalhandler/LICENSE         |   22 -
 .../node_modules/finalhandler/README.md       |  147 -
 .../node_modules/finalhandler/SECURITY.md     |   25 -
 .../node_modules/finalhandler/index.js        |  341 -
 .../node_modules/finalhandler/package.json    |   47 -
 .../node_modules/forwarded/HISTORY.md         |   21 -
 .../node_modules/forwarded/LICENSE            |   22 -
 .../node_modules/forwarded/README.md          |   57 -
 .../node_modules/forwarded/index.js           |   90 -
 .../node_modules/forwarded/package.json       |   45 -
 .../node_modules/fresh/HISTORY.md             |   70 -
 .../ExpressServer/node_modules/fresh/LICENSE  |   23 -
 .../node_modules/fresh/README.md              |  119 -
 .../ExpressServer/node_modules/fresh/index.js |  137 -
 .../node_modules/fresh/package.json           |   46 -
 .../node_modules/function-bind/.eslintrc      |   21 -
 .../function-bind/.github/FUNDING.yml         |   12 -
 .../function-bind/.github/SECURITY.md         |    3 -
 .../node_modules/function-bind/.nycrc         |   13 -
 .../node_modules/function-bind/CHANGELOG.md   |  136 -
 .../node_modules/function-bind/LICENSE        |   20 -
 .../node_modules/function-bind/README.md      |   46 -
 .../function-bind/implementation.js           |   84 -
 .../node_modules/function-bind/index.js       |    5 -
 .../node_modules/function-bind/package.json   |   87 -
 .../node_modules/function-bind/test/.eslintrc |    9 -
 .../node_modules/function-bind/test/index.js  |  252 -
 .../node_modules/get-intrinsic/.eslintrc      |   42 -
 .../get-intrinsic/.github/FUNDING.yml         |   12 -
 .../node_modules/get-intrinsic/.nycrc         |    9 -
 .../node_modules/get-intrinsic/CHANGELOG.md   |  186 -
 .../node_modules/get-intrinsic/LICENSE        |   21 -
 .../node_modules/get-intrinsic/README.md      |   71 -
 .../node_modules/get-intrinsic/index.js       |  378 -
 .../node_modules/get-intrinsic/package.json   |   97 -
 .../get-intrinsic/test/GetIntrinsic.js        |  274 -
 .../node_modules/get-proto/.eslintrc          |   10 -
 .../get-proto/.github/FUNDING.yml             |   12 -
 .../node_modules/get-proto/.nycrc             |    9 -
 .../node_modules/get-proto/CHANGELOG.md       |   21 -
 .../node_modules/get-proto/LICENSE            |   21 -
 .../get-proto/Object.getPrototypeOf.d.ts      |    5 -
 .../get-proto/Object.getPrototypeOf.js        |    6 -
 .../node_modules/get-proto/README.md          |   50 -
 .../get-proto/Reflect.getPrototypeOf.d.ts     |    3 -
 .../get-proto/Reflect.getPrototypeOf.js       |    4 -
 .../node_modules/get-proto/index.d.ts         |    5 -
 .../node_modules/get-proto/index.js           |   27 -
 .../node_modules/get-proto/package.json       |   81 -
 .../node_modules/get-proto/test/index.js      |   68 -
 .../node_modules/get-proto/tsconfig.json      |    9 -
 .../ExpressServer/node_modules/gopd/.eslintrc |   16 -
 .../node_modules/gopd/.github/FUNDING.yml     |   12 -
 .../node_modules/gopd/CHANGELOG.md            |   45 -
 .../ExpressServer/node_modules/gopd/LICENSE   |   21 -
 .../ExpressServer/node_modules/gopd/README.md |   40 -
 .../ExpressServer/node_modules/gopd/gOPD.d.ts |    1 -
 .../ExpressServer/node_modules/gopd/gOPD.js   |    4 -
 .../node_modules/gopd/index.d.ts              |    5 -
 .../ExpressServer/node_modules/gopd/index.js  |   15 -
 .../node_modules/gopd/package.json            |   77 -
 .../node_modules/gopd/test/index.js           |   36 -
 .../node_modules/gopd/tsconfig.json           |    9 -
 .../node_modules/has-symbols/.eslintrc        |   11 -
 .../has-symbols/.github/FUNDING.yml           |   12 -
 .../node_modules/has-symbols/.nycrc           |    9 -
 .../node_modules/has-symbols/CHANGELOG.md     |   91 -
 .../node_modules/has-symbols/LICENSE          |   21 -
 .../node_modules/has-symbols/README.md        |   46 -
 .../node_modules/has-symbols/index.d.ts       |    3 -
 .../node_modules/has-symbols/index.js         |   14 -
 .../node_modules/has-symbols/package.json     |  111 -
 .../node_modules/has-symbols/shams.d.ts       |    3 -
 .../node_modules/has-symbols/shams.js         |   45 -
 .../node_modules/has-symbols/test/index.js    |   22 -
 .../has-symbols/test/shams/core-js.js         |   29 -
 .../test/shams/get-own-property-symbols.js    |   29 -
 .../node_modules/has-symbols/test/tests.js    |   58 -
 .../node_modules/has-symbols/tsconfig.json    |   10 -
 .../node_modules/hasown/.eslintrc             |    5 -
 .../node_modules/hasown/.github/FUNDING.yml   |   12 -
 .../ExpressServer/node_modules/hasown/.nycrc  |   13 -
 .../node_modules/hasown/CHANGELOG.md          |   40 -
 .../ExpressServer/node_modules/hasown/LICENSE |   21 -
 .../node_modules/hasown/README.md             |   40 -
 .../node_modules/hasown/index.d.ts            |    3 -
 .../node_modules/hasown/index.js              |    8 -
 .../node_modules/hasown/package.json          |   92 -
 .../node_modules/hasown/tsconfig.json         |    6 -
 .../node_modules/http-errors/HISTORY.md       |  186 -
 .../node_modules/http-errors/LICENSE          |   23 -
 .../node_modules/http-errors/README.md        |  169 -
 .../node_modules/http-errors/index.js         |  290 -
 .../node_modules/http-errors/package.json     |   54 -
 .../node_modules/iconv-lite/Changelog.md      |  162 -
 .../node_modules/iconv-lite/LICENSE           |   21 -
 .../node_modules/iconv-lite/README.md         |  156 -
 .../iconv-lite/encodings/dbcs-codec.js        |  555 --
 .../iconv-lite/encodings/dbcs-data.js         |  176 -
 .../iconv-lite/encodings/index.js             |   22 -
 .../iconv-lite/encodings/internal.js          |  188 -
 .../iconv-lite/encodings/sbcs-codec.js        |   72 -
 .../encodings/sbcs-data-generated.js          |  451 -
 .../iconv-lite/encodings/sbcs-data.js         |  174 -
 .../encodings/tables/big5-added.json          |  122 -
 .../iconv-lite/encodings/tables/cp936.json    |  264 -
 .../iconv-lite/encodings/tables/cp949.json    |  273 -
 .../iconv-lite/encodings/tables/cp950.json    |  177 -
 .../iconv-lite/encodings/tables/eucjp.json    |  182 -
 .../encodings/tables/gb18030-ranges.json      |    1 -
 .../encodings/tables/gbk-added.json           |   55 -
 .../iconv-lite/encodings/tables/shiftjis.json |  125 -
 .../iconv-lite/encodings/utf16.js             |  177 -
 .../node_modules/iconv-lite/encodings/utf7.js |  290 -
 .../iconv-lite/lib/bom-handling.js            |   52 -
 .../iconv-lite/lib/extend-node.js             |  217 -
 .../node_modules/iconv-lite/lib/index.d.ts    |   24 -
 .../node_modules/iconv-lite/lib/index.js      |  153 -
 .../node_modules/iconv-lite/lib/streams.js    |  121 -
 .../node_modules/iconv-lite/package.json      |   46 -
 .../node_modules/inherits/LICENSE             |   16 -
 .../node_modules/inherits/README.md           |   42 -
 .../node_modules/inherits/inherits.js         |    9 -
 .../node_modules/inherits/inherits_browser.js |   27 -
 .../node_modules/inherits/package.json        |   29 -
 .../node_modules/ipaddr.js/LICENSE            |   19 -
 .../node_modules/ipaddr.js/README.md          |  233 -
 .../node_modules/ipaddr.js/ipaddr.min.js      |    1 -
 .../node_modules/ipaddr.js/lib/ipaddr.js      |  673 --
 .../node_modules/ipaddr.js/lib/ipaddr.js.d.ts |   68 -
 .../node_modules/ipaddr.js/package.json       |   35 -
 .../node_modules/math-intrinsics/.eslintrc    |   16 -
 .../math-intrinsics/.github/FUNDING.yml       |   12 -
 .../node_modules/math-intrinsics/CHANGELOG.md |   24 -
 .../node_modules/math-intrinsics/LICENSE      |   21 -
 .../node_modules/math-intrinsics/README.md    |   50 -
 .../node_modules/math-intrinsics/abs.d.ts     |    1 -
 .../node_modules/math-intrinsics/abs.js       |    4 -
 .../constants/maxArrayLength.d.ts             |    3 -
 .../constants/maxArrayLength.js               |    4 -
 .../constants/maxSafeInteger.d.ts             |    3 -
 .../constants/maxSafeInteger.js               |    5 -
 .../math-intrinsics/constants/maxValue.d.ts   |    3 -
 .../math-intrinsics/constants/maxValue.js     |    5 -
 .../node_modules/math-intrinsics/floor.d.ts   |    1 -
 .../node_modules/math-intrinsics/floor.js     |    4 -
 .../math-intrinsics/isFinite.d.ts             |    3 -
 .../node_modules/math-intrinsics/isFinite.js  |   12 -
 .../math-intrinsics/isInteger.d.ts            |    3 -
 .../node_modules/math-intrinsics/isInteger.js |   16 -
 .../node_modules/math-intrinsics/isNaN.d.ts   |    1 -
 .../node_modules/math-intrinsics/isNaN.js     |    6 -
 .../math-intrinsics/isNegativeZero.d.ts       |    3 -
 .../math-intrinsics/isNegativeZero.js         |    6 -
 .../node_modules/math-intrinsics/max.d.ts     |    1 -
 .../node_modules/math-intrinsics/max.js       |    4 -
 .../node_modules/math-intrinsics/min.d.ts     |    1 -
 .../node_modules/math-intrinsics/min.js       |    4 -
 .../node_modules/math-intrinsics/mod.d.ts     |    3 -
 .../node_modules/math-intrinsics/mod.js       |    9 -
 .../node_modules/math-intrinsics/package.json |   86 -
 .../node_modules/math-intrinsics/pow.d.ts     |    1 -
 .../node_modules/math-intrinsics/pow.js       |    4 -
 .../node_modules/math-intrinsics/round.d.ts   |    1 -
 .../node_modules/math-intrinsics/round.js     |    4 -
 .../node_modules/math-intrinsics/sign.d.ts    |    3 -
 .../node_modules/math-intrinsics/sign.js      |   11 -
 .../math-intrinsics/test/index.js             |  192 -
 .../math-intrinsics/tsconfig.json             |    3 -
 .../node_modules/media-typer/HISTORY.md       |   22 -
 .../node_modules/media-typer/LICENSE          |   22 -
 .../node_modules/media-typer/README.md        |   81 -
 .../node_modules/media-typer/index.js         |  270 -
 .../node_modules/media-typer/package.json     |   26 -
 .../node_modules/merge-descriptors/HISTORY.md |   21 -
 .../node_modules/merge-descriptors/LICENSE    |   23 -
 .../node_modules/merge-descriptors/README.md  |   49 -
 .../node_modules/merge-descriptors/index.js   |   60 -
 .../merge-descriptors/package.json            |   39 -
 .../node_modules/methods/HISTORY.md           |   29 -
 .../node_modules/methods/LICENSE              |   24 -
 .../node_modules/methods/README.md            |   51 -
 .../node_modules/methods/index.js             |   69 -
 .../node_modules/methods/package.json         |   36 -
 .../node_modules/mime-db/HISTORY.md           |  507 -
 .../node_modules/mime-db/LICENSE              |   23 -
 .../node_modules/mime-db/README.md            |  100 -
 .../node_modules/mime-db/db.json              | 8519 -----------------
 .../node_modules/mime-db/index.js             |   12 -
 .../node_modules/mime-db/package.json         |   60 -
 .../node_modules/mime-types/HISTORY.md        |  397 -
 .../node_modules/mime-types/LICENSE           |   23 -
 .../node_modules/mime-types/README.md         |  113 -
 .../node_modules/mime-types/index.js          |  188 -
 .../node_modules/mime-types/package.json      |   44 -
 .../node_modules/mime/.npmignore              |    0
 .../node_modules/mime/CHANGELOG.md            |  164 -
 .../ExpressServer/node_modules/mime/LICENSE   |   21 -
 .../ExpressServer/node_modules/mime/README.md |   90 -
 .../ExpressServer/node_modules/mime/cli.js    |    8 -
 .../ExpressServer/node_modules/mime/mime.js   |  108 -
 .../node_modules/mime/package.json            |   44 -
 .../node_modules/mime/src/build.js            |   53 -
 .../node_modules/mime/src/test.js             |   60 -
 .../node_modules/mime/types.json              |    1 -
 .../ExpressServer/node_modules/ms/index.js    |  152 -
 .../ExpressServer/node_modules/ms/license.md  |   21 -
 .../node_modules/ms/package.json              |   37 -
 .../ExpressServer/node_modules/ms/readme.md   |   51 -
 .../node_modules/negotiator/HISTORY.md        |  108 -
 .../node_modules/negotiator/LICENSE           |   24 -
 .../node_modules/negotiator/README.md         |  203 -
 .../node_modules/negotiator/index.js          |   82 -
 .../node_modules/negotiator/lib/charset.js    |  169 -
 .../node_modules/negotiator/lib/encoding.js   |  184 -
 .../node_modules/negotiator/lib/language.js   |  179 -
 .../node_modules/negotiator/lib/mediaType.js  |  294 -
 .../node_modules/negotiator/package.json      |   42 -
 .../node_modules/object-inspect/.eslintrc     |   53 -
 .../object-inspect/.github/FUNDING.yml        |   12 -
 .../node_modules/object-inspect/.nycrc        |   13 -
 .../node_modules/object-inspect/CHANGELOG.md  |  424 -
 .../node_modules/object-inspect/LICENSE       |   21 -
 .../object-inspect/example/all.js             |   23 -
 .../object-inspect/example/circular.js        |    6 -
 .../node_modules/object-inspect/example/fn.js |    5 -
 .../object-inspect/example/inspect.js         |   10 -
 .../node_modules/object-inspect/index.js      |  544 --
 .../object-inspect/package-support.json       |   20 -
 .../node_modules/object-inspect/package.json  |  105 -
 .../object-inspect/readme.markdown            |   84 -
 .../object-inspect/test-core-js.js            |   26 -
 .../object-inspect/test/bigint.js             |   58 -
 .../object-inspect/test/browser/dom.js        |   15 -
 .../object-inspect/test/circular.js           |   16 -
 .../node_modules/object-inspect/test/deep.js  |   12 -
 .../object-inspect/test/element.js            |   53 -
 .../node_modules/object-inspect/test/err.js   |   48 -
 .../node_modules/object-inspect/test/fakes.js |   29 -
 .../node_modules/object-inspect/test/fn.js    |   76 -
 .../object-inspect/test/global.js             |   17 -
 .../node_modules/object-inspect/test/has.js   |   15 -
 .../node_modules/object-inspect/test/holes.js |   15 -
 .../object-inspect/test/indent-option.js      |  271 -
 .../object-inspect/test/inspect.js            |  139 -
 .../object-inspect/test/lowbyte.js            |   12 -
 .../object-inspect/test/number.js             |   58 -
 .../object-inspect/test/quoteStyle.js         |   26 -
 .../object-inspect/test/toStringTag.js        |   40 -
 .../node_modules/object-inspect/test/undef.js |   12 -
 .../object-inspect/test/values.js             |  261 -
 .../object-inspect/util.inspect.js            |    1 -
 .../node_modules/on-finished/HISTORY.md       |   98 -
 .../node_modules/on-finished/LICENSE          |   23 -
 .../node_modules/on-finished/README.md        |  162 -
 .../node_modules/on-finished/index.js         |  234 -
 .../node_modules/on-finished/package.json     |   39 -
 .../node_modules/parseurl/HISTORY.md          |   58 -
 .../node_modules/parseurl/LICENSE             |   24 -
 .../node_modules/parseurl/README.md           |  133 -
 .../node_modules/parseurl/index.js            |  158 -
 .../node_modules/parseurl/package.json        |   40 -
 .../node_modules/path-to-regexp/LICENSE       |   21 -
 .../node_modules/path-to-regexp/Readme.md     |   35 -
 .../node_modules/path-to-regexp/index.js      |  156 -
 .../node_modules/path-to-regexp/package.json  |   30 -
 .../node_modules/proxy-addr/HISTORY.md        |  161 -
 .../node_modules/proxy-addr/LICENSE           |   22 -
 .../node_modules/proxy-addr/README.md         |  139 -
 .../node_modules/proxy-addr/index.js          |  327 -
 .../node_modules/proxy-addr/package.json      |   47 -
 .../node_modules/qs/.editorconfig             |   46 -
 .../node_modules/qs/.github/FUNDING.yml       |   12 -
 .../node_modules/qs/.github/SECURITY.md       |   11 -
 .../node_modules/qs/.github/THREAT_MODEL.md   |   78 -
 .../ExpressServer/node_modules/qs/.nycrc      |   13 -
 .../node_modules/qs/CHANGELOG.md              |  644 --
 .../ExpressServer/node_modules/qs/LICENSE.md  |   29 -
 .../ExpressServer/node_modules/qs/README.md   |  740 --
 .../ExpressServer/node_modules/qs/dist/qs.js  |  141 -
 .../node_modules/qs/eslint.config.mjs         |   56 -
 .../node_modules/qs/lib/formats.js            |   23 -
 .../node_modules/qs/lib/index.js              |   11 -
 .../node_modules/qs/lib/parse.js              |  371 -
 .../node_modules/qs/lib/stringify.js          |  356 -
 .../node_modules/qs/lib/utils.js              |  340 -
 .../node_modules/qs/package.json              |   94 -
 .../node_modules/qs/test/empty-keys-cases.js  |  267 -
 .../node_modules/qs/test/parse.js             | 1512 ---
 .../node_modules/qs/test/stringify.js         | 1310 ---
 .../node_modules/qs/test/utils.js             |  397 -
 .../node_modules/range-parser/HISTORY.md      |   56 -
 .../node_modules/range-parser/LICENSE         |   23 -
 .../node_modules/range-parser/README.md       |   84 -
 .../node_modules/range-parser/index.js        |  162 -
 .../node_modules/range-parser/package.json    |   44 -
 .../node_modules/raw-body/LICENSE             |   22 -
 .../node_modules/raw-body/README.md           |  223 -
 .../node_modules/raw-body/index.d.ts          |   87 -
 .../node_modules/raw-body/index.js            |  336 -
 .../node_modules/raw-body/package.json        |   47 -
 .../node_modules/safe-buffer/LICENSE          |   21 -
 .../node_modules/safe-buffer/README.md        |  584 --
 .../node_modules/safe-buffer/index.d.ts       |  187 -
 .../node_modules/safe-buffer/index.js         |   65 -
 .../node_modules/safe-buffer/package.json     |   51 -
 .../node_modules/safer-buffer/LICENSE         |   21 -
 .../safer-buffer/Porting-Buffer.md            |  268 -
 .../node_modules/safer-buffer/Readme.md       |  156 -
 .../node_modules/safer-buffer/dangerous.js    |   58 -
 .../node_modules/safer-buffer/package.json    |   34 -
 .../node_modules/safer-buffer/safer.js        |   77 -
 .../node_modules/safer-buffer/tests.js        |  406 -
 .../node_modules/send/HISTORY.md              |  538 --
 .../ExpressServer/node_modules/send/LICENSE   |   23 -
 .../ExpressServer/node_modules/send/README.md |  327 -
 .../node_modules/send/SECURITY.md             |   24 -
 .../ExpressServer/node_modules/send/index.js  | 1142 ---
 .../send/node_modules/ms/index.js             |  162 -
 .../send/node_modules/ms/license.md           |   21 -
 .../send/node_modules/ms/package.json         |   38 -
 .../send/node_modules/ms/readme.md            |   59 -
 .../node_modules/send/package.json            |   62 -
 .../node_modules/serve-static/HISTORY.md      |  493 -
 .../node_modules/serve-static/LICENSE         |   25 -
 .../node_modules/serve-static/README.md       |  257 -
 .../node_modules/serve-static/index.js        |  209 -
 .../node_modules/serve-static/package.json    |   42 -
 .../node_modules/setprototypeof/LICENSE       |   13 -
 .../node_modules/setprototypeof/README.md     |   31 -
 .../node_modules/setprototypeof/index.d.ts    |    2 -
 .../node_modules/setprototypeof/index.js      |   17 -
 .../node_modules/setprototypeof/package.json  |   38 -
 .../node_modules/setprototypeof/test/index.js |   24 -
 .../side-channel-list/.editorconfig           |    9 -
 .../node_modules/side-channel-list/.eslintrc  |   11 -
 .../side-channel-list/.github/FUNDING.yml     |   12 -
 .../node_modules/side-channel-list/.nycrc     |   13 -
 .../side-channel-list/CHANGELOG.md            |   15 -
 .../node_modules/side-channel-list/LICENSE    |   21 -
 .../node_modules/side-channel-list/README.md  |   62 -
 .../node_modules/side-channel-list/index.d.ts |   13 -
 .../node_modules/side-channel-list/index.js   |  113 -
 .../node_modules/side-channel-list/list.d.ts  |   14 -
 .../side-channel-list/package.json            |   77 -
 .../side-channel-list/test/index.js           |  104 -
 .../side-channel-list/tsconfig.json           |    9 -
 .../side-channel-map/.editorconfig            |    9 -
 .../node_modules/side-channel-map/.eslintrc   |   11 -
 .../side-channel-map/.github/FUNDING.yml      |   12 -
 .../node_modules/side-channel-map/.nycrc      |   13 -
 .../side-channel-map/CHANGELOG.md             |   22 -
 .../node_modules/side-channel-map/LICENSE     |   21 -
 .../node_modules/side-channel-map/README.md   |   62 -
 .../node_modules/side-channel-map/index.d.ts  |   15 -
 .../node_modules/side-channel-map/index.js    |   68 -
 .../side-channel-map/package.json             |   80 -
 .../side-channel-map/test/index.js            |  114 -
 .../side-channel-map/tsconfig.json            |    9 -
 .../side-channel-weakmap/.editorconfig        |    9 -
 .../side-channel-weakmap/.eslintrc            |   12 -
 .../side-channel-weakmap/.github/FUNDING.yml  |   12 -
 .../node_modules/side-channel-weakmap/.nycrc  |   13 -
 .../side-channel-weakmap/CHANGELOG.md         |   28 -
 .../node_modules/side-channel-weakmap/LICENSE |   21 -
 .../side-channel-weakmap/README.md            |   62 -
 .../side-channel-weakmap/index.d.ts           |   15 -
 .../side-channel-weakmap/index.js             |   84 -
 .../side-channel-weakmap/package.json         |   87 -
 .../side-channel-weakmap/test/index.js        |  114 -
 .../side-channel-weakmap/tsconfig.json        |    9 -
 .../node_modules/side-channel/.editorconfig   |    9 -
 .../node_modules/side-channel/.eslintrc       |   12 -
 .../side-channel/.github/FUNDING.yml          |   12 -
 .../node_modules/side-channel/.nycrc          |   13 -
 .../node_modules/side-channel/CHANGELOG.md    |  110 -
 .../node_modules/side-channel/LICENSE         |   21 -
 .../node_modules/side-channel/README.md       |   61 -
 .../node_modules/side-channel/index.d.ts      |   14 -
 .../node_modules/side-channel/index.js        |   43 -
 .../node_modules/side-channel/package.json    |   85 -
 .../node_modules/side-channel/test/index.js   |  104 -
 .../node_modules/side-channel/tsconfig.json   |    9 -
 .../node_modules/statuses/HISTORY.md          |   87 -
 .../node_modules/statuses/LICENSE             |   23 -
 .../node_modules/statuses/README.md           |  139 -
 .../node_modules/statuses/codes.json          |   65 -
 .../node_modules/statuses/index.js            |  146 -
 .../node_modules/statuses/package.json        |   49 -
 .../node_modules/toidentifier/HISTORY.md      |    9 -
 .../node_modules/toidentifier/LICENSE         |   21 -
 .../node_modules/toidentifier/README.md       |   61 -
 .../node_modules/toidentifier/index.js        |   32 -
 .../node_modules/toidentifier/package.json    |   38 -
 .../node_modules/type-is/HISTORY.md           |  259 -
 .../node_modules/type-is/LICENSE              |   23 -
 .../node_modules/type-is/README.md            |  170 -
 .../node_modules/type-is/index.js             |  266 -
 .../node_modules/type-is/package.json         |   45 -
 .../node_modules/unpipe/HISTORY.md            |    4 -
 .../ExpressServer/node_modules/unpipe/LICENSE |   22 -
 .../node_modules/unpipe/README.md             |   43 -
 .../node_modules/unpipe/index.js              |   69 -
 .../node_modules/unpipe/package.json          |   27 -
 .../node_modules/utils-merge/.npmignore       |    9 -
 .../node_modules/utils-merge/LICENSE          |   20 -
 .../node_modules/utils-merge/README.md        |   34 -
 .../node_modules/utils-merge/index.js         |   23 -
 .../node_modules/utils-merge/package.json     |   40 -
 .../node_modules/vary/HISTORY.md              |   39 -
 .../ExpressServer/node_modules/vary/LICENSE   |   22 -
 .../ExpressServer/node_modules/vary/README.md |  101 -
 .../ExpressServer/node_modules/vary/index.js  |  149 -
 .../node_modules/vary/package.json            |   43 -
 601 files changed, 6 insertions(+), 64897 deletions(-)
 delete mode 100644 docs/static/probe/data.js
 delete mode 120000 src/Servers/ExpressServer/node_modules/.bin/mime
 delete mode 100644 src/Servers/ExpressServer/node_modules/.package-lock.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/accepts/HISTORY.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/accepts/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/accepts/README.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/accepts/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/accepts/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/array-flatten/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/array-flatten/README.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/array-flatten/array-flatten.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/array-flatten/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/body-parser/HISTORY.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/body-parser/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/body-parser/README.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/body-parser/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/body-parser/lib/read.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/body-parser/lib/types/json.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/body-parser/lib/types/raw.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/body-parser/lib/types/text.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/body-parser/lib/types/urlencoded.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/body-parser/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/bytes/History.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/bytes/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/bytes/Readme.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/bytes/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/bytes/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/.eslintrc
 delete mode 100644 src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/.github/FUNDING.yml
 delete mode 100644 src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/.nycrc
 delete mode 100644 src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/CHANGELOG.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/README.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/actualApply.d.ts
 delete mode 100644 src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/actualApply.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/applyBind.d.ts
 delete mode 100644 src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/applyBind.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/functionApply.d.ts
 delete mode 100644 src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/functionApply.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/functionCall.d.ts
 delete mode 100644 src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/functionCall.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/index.d.ts
 delete mode 100644 src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/reflectApply.d.ts
 delete mode 100644 src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/reflectApply.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/test/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/tsconfig.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/call-bound/.eslintrc
 delete mode 100644 src/Servers/ExpressServer/node_modules/call-bound/.github/FUNDING.yml
 delete mode 100644 src/Servers/ExpressServer/node_modules/call-bound/.nycrc
 delete mode 100644 src/Servers/ExpressServer/node_modules/call-bound/CHANGELOG.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/call-bound/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/call-bound/README.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/call-bound/index.d.ts
 delete mode 100644 src/Servers/ExpressServer/node_modules/call-bound/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/call-bound/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/call-bound/test/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/call-bound/tsconfig.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/content-disposition/HISTORY.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/content-disposition/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/content-disposition/README.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/content-disposition/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/content-disposition/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/content-type/HISTORY.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/content-type/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/content-type/README.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/content-type/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/content-type/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/cookie-signature/History.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/cookie-signature/Readme.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/cookie-signature/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/cookie-signature/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/cookie/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/cookie/README.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/cookie/SECURITY.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/cookie/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/cookie/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/depd/History.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/depd/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/depd/Readme.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/depd/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/depd/lib/browser/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/depd/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/destroy/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/destroy/README.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/destroy/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/destroy/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/dunder-proto/.eslintrc
 delete mode 100644 src/Servers/ExpressServer/node_modules/dunder-proto/.github/FUNDING.yml
 delete mode 100644 src/Servers/ExpressServer/node_modules/dunder-proto/.nycrc
 delete mode 100644 src/Servers/ExpressServer/node_modules/dunder-proto/CHANGELOG.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/dunder-proto/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/dunder-proto/README.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/dunder-proto/get.d.ts
 delete mode 100644 src/Servers/ExpressServer/node_modules/dunder-proto/get.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/dunder-proto/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/dunder-proto/set.d.ts
 delete mode 100644 src/Servers/ExpressServer/node_modules/dunder-proto/set.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/dunder-proto/test/get.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/dunder-proto/test/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/dunder-proto/test/set.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/dunder-proto/tsconfig.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/ee-first/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/ee-first/README.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/ee-first/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/ee-first/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/encodeurl/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/encodeurl/README.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/encodeurl/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/encodeurl/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/es-define-property/.eslintrc
 delete mode 100644 src/Servers/ExpressServer/node_modules/es-define-property/.github/FUNDING.yml
 delete mode 100644 src/Servers/ExpressServer/node_modules/es-define-property/.nycrc
 delete mode 100644 src/Servers/ExpressServer/node_modules/es-define-property/CHANGELOG.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/es-define-property/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/es-define-property/README.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/es-define-property/index.d.ts
 delete mode 100644 src/Servers/ExpressServer/node_modules/es-define-property/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/es-define-property/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/es-define-property/test/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/es-define-property/tsconfig.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/es-errors/.eslintrc
 delete mode 100644 src/Servers/ExpressServer/node_modules/es-errors/.github/FUNDING.yml
 delete mode 100644 src/Servers/ExpressServer/node_modules/es-errors/CHANGELOG.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/es-errors/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/es-errors/README.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/es-errors/eval.d.ts
 delete mode 100644 src/Servers/ExpressServer/node_modules/es-errors/eval.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/es-errors/index.d.ts
 delete mode 100644 src/Servers/ExpressServer/node_modules/es-errors/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/es-errors/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/es-errors/range.d.ts
 delete mode 100644 src/Servers/ExpressServer/node_modules/es-errors/range.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/es-errors/ref.d.ts
 delete mode 100644 src/Servers/ExpressServer/node_modules/es-errors/ref.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/es-errors/syntax.d.ts
 delete mode 100644 src/Servers/ExpressServer/node_modules/es-errors/syntax.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/es-errors/test/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/es-errors/tsconfig.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/es-errors/type.d.ts
 delete mode 100644 src/Servers/ExpressServer/node_modules/es-errors/type.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/es-errors/uri.d.ts
 delete mode 100644 src/Servers/ExpressServer/node_modules/es-errors/uri.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/es-object-atoms/.eslintrc
 delete mode 100644 src/Servers/ExpressServer/node_modules/es-object-atoms/.github/FUNDING.yml
 delete mode 100644 src/Servers/ExpressServer/node_modules/es-object-atoms/CHANGELOG.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/es-object-atoms/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/es-object-atoms/README.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/es-object-atoms/RequireObjectCoercible.d.ts
 delete mode 100644 src/Servers/ExpressServer/node_modules/es-object-atoms/RequireObjectCoercible.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/es-object-atoms/ToObject.d.ts
 delete mode 100644 src/Servers/ExpressServer/node_modules/es-object-atoms/ToObject.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/es-object-atoms/index.d.ts
 delete mode 100644 src/Servers/ExpressServer/node_modules/es-object-atoms/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/es-object-atoms/isObject.d.ts
 delete mode 100644 src/Servers/ExpressServer/node_modules/es-object-atoms/isObject.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/es-object-atoms/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/es-object-atoms/test/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/es-object-atoms/tsconfig.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/escape-html/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/escape-html/Readme.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/escape-html/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/escape-html/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/etag/HISTORY.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/etag/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/etag/README.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/etag/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/etag/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/express/History.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/express/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/express/Readme.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/express/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/express/lib/application.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/express/lib/express.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/express/lib/middleware/init.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/express/lib/middleware/query.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/express/lib/request.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/express/lib/response.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/express/lib/router/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/express/lib/router/layer.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/express/lib/router/route.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/express/lib/utils.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/express/lib/view.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/express/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/finalhandler/HISTORY.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/finalhandler/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/finalhandler/README.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/finalhandler/SECURITY.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/finalhandler/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/finalhandler/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/forwarded/HISTORY.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/forwarded/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/forwarded/README.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/forwarded/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/forwarded/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/fresh/HISTORY.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/fresh/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/fresh/README.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/fresh/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/fresh/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/function-bind/.eslintrc
 delete mode 100644 src/Servers/ExpressServer/node_modules/function-bind/.github/FUNDING.yml
 delete mode 100644 src/Servers/ExpressServer/node_modules/function-bind/.github/SECURITY.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/function-bind/.nycrc
 delete mode 100644 src/Servers/ExpressServer/node_modules/function-bind/CHANGELOG.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/function-bind/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/function-bind/README.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/function-bind/implementation.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/function-bind/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/function-bind/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/function-bind/test/.eslintrc
 delete mode 100644 src/Servers/ExpressServer/node_modules/function-bind/test/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/get-intrinsic/.eslintrc
 delete mode 100644 src/Servers/ExpressServer/node_modules/get-intrinsic/.github/FUNDING.yml
 delete mode 100644 src/Servers/ExpressServer/node_modules/get-intrinsic/.nycrc
 delete mode 100644 src/Servers/ExpressServer/node_modules/get-intrinsic/CHANGELOG.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/get-intrinsic/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/get-intrinsic/README.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/get-intrinsic/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/get-intrinsic/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/get-intrinsic/test/GetIntrinsic.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/get-proto/.eslintrc
 delete mode 100644 src/Servers/ExpressServer/node_modules/get-proto/.github/FUNDING.yml
 delete mode 100644 src/Servers/ExpressServer/node_modules/get-proto/.nycrc
 delete mode 100644 src/Servers/ExpressServer/node_modules/get-proto/CHANGELOG.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/get-proto/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/get-proto/Object.getPrototypeOf.d.ts
 delete mode 100644 src/Servers/ExpressServer/node_modules/get-proto/Object.getPrototypeOf.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/get-proto/README.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/get-proto/Reflect.getPrototypeOf.d.ts
 delete mode 100644 src/Servers/ExpressServer/node_modules/get-proto/Reflect.getPrototypeOf.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/get-proto/index.d.ts
 delete mode 100644 src/Servers/ExpressServer/node_modules/get-proto/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/get-proto/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/get-proto/test/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/get-proto/tsconfig.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/gopd/.eslintrc
 delete mode 100644 src/Servers/ExpressServer/node_modules/gopd/.github/FUNDING.yml
 delete mode 100644 src/Servers/ExpressServer/node_modules/gopd/CHANGELOG.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/gopd/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/gopd/README.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/gopd/gOPD.d.ts
 delete mode 100644 src/Servers/ExpressServer/node_modules/gopd/gOPD.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/gopd/index.d.ts
 delete mode 100644 src/Servers/ExpressServer/node_modules/gopd/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/gopd/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/gopd/test/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/gopd/tsconfig.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/has-symbols/.eslintrc
 delete mode 100644 src/Servers/ExpressServer/node_modules/has-symbols/.github/FUNDING.yml
 delete mode 100644 src/Servers/ExpressServer/node_modules/has-symbols/.nycrc
 delete mode 100644 src/Servers/ExpressServer/node_modules/has-symbols/CHANGELOG.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/has-symbols/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/has-symbols/README.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/has-symbols/index.d.ts
 delete mode 100644 src/Servers/ExpressServer/node_modules/has-symbols/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/has-symbols/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/has-symbols/shams.d.ts
 delete mode 100644 src/Servers/ExpressServer/node_modules/has-symbols/shams.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/has-symbols/test/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/has-symbols/test/shams/core-js.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/has-symbols/test/shams/get-own-property-symbols.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/has-symbols/test/tests.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/has-symbols/tsconfig.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/hasown/.eslintrc
 delete mode 100644 src/Servers/ExpressServer/node_modules/hasown/.github/FUNDING.yml
 delete mode 100644 src/Servers/ExpressServer/node_modules/hasown/.nycrc
 delete mode 100644 src/Servers/ExpressServer/node_modules/hasown/CHANGELOG.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/hasown/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/hasown/README.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/hasown/index.d.ts
 delete mode 100644 src/Servers/ExpressServer/node_modules/hasown/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/hasown/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/hasown/tsconfig.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/http-errors/HISTORY.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/http-errors/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/http-errors/README.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/http-errors/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/http-errors/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/iconv-lite/Changelog.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/iconv-lite/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/iconv-lite/README.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/iconv-lite/encodings/dbcs-codec.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/iconv-lite/encodings/dbcs-data.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/iconv-lite/encodings/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/iconv-lite/encodings/internal.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/iconv-lite/encodings/sbcs-codec.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/iconv-lite/encodings/sbcs-data-generated.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/iconv-lite/encodings/sbcs-data.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/big5-added.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/cp936.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/cp949.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/cp950.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/eucjp.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/gb18030-ranges.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/gbk-added.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/shiftjis.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/iconv-lite/encodings/utf16.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/iconv-lite/encodings/utf7.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/iconv-lite/lib/bom-handling.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/iconv-lite/lib/extend-node.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/iconv-lite/lib/index.d.ts
 delete mode 100644 src/Servers/ExpressServer/node_modules/iconv-lite/lib/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/iconv-lite/lib/streams.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/iconv-lite/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/inherits/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/inherits/README.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/inherits/inherits.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/inherits/inherits_browser.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/inherits/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/ipaddr.js/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/ipaddr.js/README.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/ipaddr.js/ipaddr.min.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/ipaddr.js/lib/ipaddr.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/ipaddr.js/lib/ipaddr.js.d.ts
 delete mode 100644 src/Servers/ExpressServer/node_modules/ipaddr.js/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/.eslintrc
 delete mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/.github/FUNDING.yml
 delete mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/CHANGELOG.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/README.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/abs.d.ts
 delete mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/abs.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/constants/maxArrayLength.d.ts
 delete mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/constants/maxArrayLength.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/constants/maxSafeInteger.d.ts
 delete mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/constants/maxSafeInteger.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/constants/maxValue.d.ts
 delete mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/constants/maxValue.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/floor.d.ts
 delete mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/floor.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/isFinite.d.ts
 delete mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/isFinite.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/isInteger.d.ts
 delete mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/isInteger.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/isNaN.d.ts
 delete mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/isNaN.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/isNegativeZero.d.ts
 delete mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/isNegativeZero.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/max.d.ts
 delete mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/max.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/min.d.ts
 delete mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/min.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/mod.d.ts
 delete mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/mod.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/pow.d.ts
 delete mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/pow.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/round.d.ts
 delete mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/round.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/sign.d.ts
 delete mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/sign.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/test/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/math-intrinsics/tsconfig.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/media-typer/HISTORY.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/media-typer/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/media-typer/README.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/media-typer/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/media-typer/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/merge-descriptors/HISTORY.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/merge-descriptors/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/merge-descriptors/README.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/merge-descriptors/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/merge-descriptors/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/methods/HISTORY.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/methods/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/methods/README.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/methods/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/methods/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/mime-db/HISTORY.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/mime-db/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/mime-db/README.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/mime-db/db.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/mime-db/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/mime-db/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/mime-types/HISTORY.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/mime-types/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/mime-types/README.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/mime-types/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/mime-types/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/mime/.npmignore
 delete mode 100644 src/Servers/ExpressServer/node_modules/mime/CHANGELOG.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/mime/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/mime/README.md
 delete mode 100755 src/Servers/ExpressServer/node_modules/mime/cli.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/mime/mime.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/mime/package.json
 delete mode 100755 src/Servers/ExpressServer/node_modules/mime/src/build.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/mime/src/test.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/mime/types.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/ms/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/ms/license.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/ms/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/ms/readme.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/negotiator/HISTORY.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/negotiator/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/negotiator/README.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/negotiator/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/negotiator/lib/charset.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/negotiator/lib/encoding.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/negotiator/lib/language.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/negotiator/lib/mediaType.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/negotiator/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/.eslintrc
 delete mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/.github/FUNDING.yml
 delete mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/.nycrc
 delete mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/CHANGELOG.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/example/all.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/example/circular.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/example/fn.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/example/inspect.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/package-support.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/readme.markdown
 delete mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/test-core-js.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/test/bigint.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/test/browser/dom.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/test/circular.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/test/deep.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/test/element.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/test/err.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/test/fakes.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/test/fn.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/test/global.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/test/has.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/test/holes.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/test/indent-option.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/test/inspect.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/test/lowbyte.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/test/number.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/test/quoteStyle.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/test/toStringTag.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/test/undef.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/test/values.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/object-inspect/util.inspect.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/on-finished/HISTORY.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/on-finished/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/on-finished/README.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/on-finished/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/on-finished/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/parseurl/HISTORY.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/parseurl/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/parseurl/README.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/parseurl/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/parseurl/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/path-to-regexp/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/path-to-regexp/Readme.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/path-to-regexp/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/path-to-regexp/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/proxy-addr/HISTORY.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/proxy-addr/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/proxy-addr/README.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/proxy-addr/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/proxy-addr/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/qs/.editorconfig
 delete mode 100644 src/Servers/ExpressServer/node_modules/qs/.github/FUNDING.yml
 delete mode 100644 src/Servers/ExpressServer/node_modules/qs/.github/SECURITY.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/qs/.github/THREAT_MODEL.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/qs/.nycrc
 delete mode 100644 src/Servers/ExpressServer/node_modules/qs/CHANGELOG.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/qs/LICENSE.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/qs/README.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/qs/dist/qs.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/qs/eslint.config.mjs
 delete mode 100644 src/Servers/ExpressServer/node_modules/qs/lib/formats.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/qs/lib/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/qs/lib/parse.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/qs/lib/stringify.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/qs/lib/utils.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/qs/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/qs/test/empty-keys-cases.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/qs/test/parse.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/qs/test/stringify.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/qs/test/utils.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/range-parser/HISTORY.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/range-parser/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/range-parser/README.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/range-parser/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/range-parser/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/raw-body/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/raw-body/README.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/raw-body/index.d.ts
 delete mode 100644 src/Servers/ExpressServer/node_modules/raw-body/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/raw-body/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/safe-buffer/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/safe-buffer/README.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/safe-buffer/index.d.ts
 delete mode 100644 src/Servers/ExpressServer/node_modules/safe-buffer/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/safe-buffer/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/safer-buffer/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/safer-buffer/Porting-Buffer.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/safer-buffer/Readme.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/safer-buffer/dangerous.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/safer-buffer/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/safer-buffer/safer.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/safer-buffer/tests.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/send/HISTORY.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/send/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/send/README.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/send/SECURITY.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/send/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/send/node_modules/ms/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/send/node_modules/ms/license.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/send/node_modules/ms/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/send/node_modules/ms/readme.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/send/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/serve-static/HISTORY.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/serve-static/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/serve-static/README.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/serve-static/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/serve-static/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/setprototypeof/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/setprototypeof/README.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/setprototypeof/index.d.ts
 delete mode 100644 src/Servers/ExpressServer/node_modules/setprototypeof/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/setprototypeof/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/setprototypeof/test/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/side-channel-list/.editorconfig
 delete mode 100644 src/Servers/ExpressServer/node_modules/side-channel-list/.eslintrc
 delete mode 100644 src/Servers/ExpressServer/node_modules/side-channel-list/.github/FUNDING.yml
 delete mode 100644 src/Servers/ExpressServer/node_modules/side-channel-list/.nycrc
 delete mode 100644 src/Servers/ExpressServer/node_modules/side-channel-list/CHANGELOG.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/side-channel-list/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/side-channel-list/README.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/side-channel-list/index.d.ts
 delete mode 100644 src/Servers/ExpressServer/node_modules/side-channel-list/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/side-channel-list/list.d.ts
 delete mode 100644 src/Servers/ExpressServer/node_modules/side-channel-list/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/side-channel-list/test/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/side-channel-list/tsconfig.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/side-channel-map/.editorconfig
 delete mode 100644 src/Servers/ExpressServer/node_modules/side-channel-map/.eslintrc
 delete mode 100644 src/Servers/ExpressServer/node_modules/side-channel-map/.github/FUNDING.yml
 delete mode 100644 src/Servers/ExpressServer/node_modules/side-channel-map/.nycrc
 delete mode 100644 src/Servers/ExpressServer/node_modules/side-channel-map/CHANGELOG.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/side-channel-map/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/side-channel-map/README.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/side-channel-map/index.d.ts
 delete mode 100644 src/Servers/ExpressServer/node_modules/side-channel-map/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/side-channel-map/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/side-channel-map/test/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/side-channel-map/tsconfig.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/side-channel-weakmap/.editorconfig
 delete mode 100644 src/Servers/ExpressServer/node_modules/side-channel-weakmap/.eslintrc
 delete mode 100644 src/Servers/ExpressServer/node_modules/side-channel-weakmap/.github/FUNDING.yml
 delete mode 100644 src/Servers/ExpressServer/node_modules/side-channel-weakmap/.nycrc
 delete mode 100644 src/Servers/ExpressServer/node_modules/side-channel-weakmap/CHANGELOG.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/side-channel-weakmap/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/side-channel-weakmap/README.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/side-channel-weakmap/index.d.ts
 delete mode 100644 src/Servers/ExpressServer/node_modules/side-channel-weakmap/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/side-channel-weakmap/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/side-channel-weakmap/test/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/side-channel-weakmap/tsconfig.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/side-channel/.editorconfig
 delete mode 100644 src/Servers/ExpressServer/node_modules/side-channel/.eslintrc
 delete mode 100644 src/Servers/ExpressServer/node_modules/side-channel/.github/FUNDING.yml
 delete mode 100644 src/Servers/ExpressServer/node_modules/side-channel/.nycrc
 delete mode 100644 src/Servers/ExpressServer/node_modules/side-channel/CHANGELOG.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/side-channel/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/side-channel/README.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/side-channel/index.d.ts
 delete mode 100644 src/Servers/ExpressServer/node_modules/side-channel/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/side-channel/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/side-channel/test/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/side-channel/tsconfig.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/statuses/HISTORY.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/statuses/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/statuses/README.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/statuses/codes.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/statuses/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/statuses/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/toidentifier/HISTORY.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/toidentifier/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/toidentifier/README.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/toidentifier/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/toidentifier/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/type-is/HISTORY.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/type-is/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/type-is/README.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/type-is/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/type-is/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/unpipe/HISTORY.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/unpipe/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/unpipe/README.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/unpipe/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/unpipe/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/utils-merge/.npmignore
 delete mode 100644 src/Servers/ExpressServer/node_modules/utils-merge/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/utils-merge/README.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/utils-merge/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/utils-merge/package.json
 delete mode 100644 src/Servers/ExpressServer/node_modules/vary/HISTORY.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/vary/LICENSE
 delete mode 100644 src/Servers/ExpressServer/node_modules/vary/README.md
 delete mode 100644 src/Servers/ExpressServer/node_modules/vary/index.js
 delete mode 100644 src/Servers/ExpressServer/node_modules/vary/package.json

diff --git a/.gitignore b/.gitignore
index 845d16d..c461843 100644
--- a/.gitignore
+++ b/.gitignore
@@ -59,3 +59,9 @@ nunit-*.xml
 docs/public/
 docs/.hugo_build.lock
 docs/resources/
+
+# Probe data (generated by CI, pushed to latest-results branch)
+docs/static/probe/data.js
+
+# Node
+node_modules/
diff --git a/docs/static/probe/data.js b/docs/static/probe/data.js
deleted file mode 100644
index 35330dc..0000000
--- a/docs/static/probe/data.js
+++ /dev/null
@@ -1 +0,0 @@
-window.PROBE_DATA = {"commit": {"id": "acfa55caef2f31a94883ee9c52c9ee97235b349a", "message": "Merge pull request #21 from MDA2AV/fix/adjust-bare-lf", "timestamp": "2026-02-12T18:31:51+00:00"}, "servers": [{"summary": {"total": 143, "scored": 125, "passed": 93, "failed": 15, "warnings": 17, "unscored": 18}, "results": [{"id": "COMP-BASELINE", "description": "Valid GET request \u2014 confirms server is reachable", "category": "Compliance", "rfc": null, "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid GET request \u2014 confirms server is reachable", "scored": true, "durationMs": 63.9613, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:05:53 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-2.2-BARE-LF-REQUEST-LINE", "description": "Bare LF in request line should be rejected, but MAY be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or close (pass), 2xx (warn)", "got": "200", "connectionState": "Open", "reason": "Bare LF in request line should be rejected, but MAY be accepted", "scored": true, "durationMs": 50.8521, "rawRequest": "GET / HTTP/1.1\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:05:53 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-2.2-BARE-LF-HEADER", "description": "Bare LF in header should be rejected, but MAY be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or close (pass), 2xx (warn)", "got": "200", "connectionState": "Open", "reason": "Bare LF in header should be rejected, but MAY be accepted", "scored": true, "durationMs": 51.7311, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\nX-Test: value\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:05:53 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-5.1-OBS-FOLD", "description": "Obs-fold (line folding) in headers should be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75.1", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Obs-fold (line folding) in headers should be rejected", "scored": true, "durationMs": 51.7214, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: value\r\n continued\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:05:53 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "RFC9110-5.6.2-SP-BEFORE-COLON", "description": "Whitespace between header name and colon must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Whitespace between header name and colon must be rejected", "scored": true, "durationMs": 50.6919, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test : value\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:05:53 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-3-MULTI-SP-REQUEST-LINE", "description": "Multiple spaces between request-line components \u2014 SHOULD reject but MAY parse leniently", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Multiple spaces between request-line components \u2014 SHOULD reject but MAY parse leniently", "scored": true, "durationMs": 50.9083, "rawRequest": "GET  / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:05:53 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-7.1-MISSING-HOST", "description": "Request without Host header must be rejected with 400", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Request without Host header must be rejected with 400", "scored": true, "durationMs": 50.6966, "rawRequest": "GET / HTTP/1.1\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:05:53 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-2.3-INVALID-VERSION", "description": "Invalid HTTP version must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 505, "expected": "400/505 or close", "got": "505", "connectionState": "ClosedByServer", "reason": "Invalid HTTP version must be rejected", "scored": true, "durationMs": 50.8775, "rawRequest": "GET / HTTP/9.9\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 505 HTTP Version Not Supported\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:05:53 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-5-EMPTY-HEADER-NAME", "description": "Empty header name (leading colon) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Empty header name (leading colon) must be rejected", "scored": true, "durationMs": 50.6139, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\n: empty-name\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:05:53 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-3-CR-ONLY-LINE-ENDING", "description": "CR without LF as line ending must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "CR without LF as line ending must be rejected", "scored": true, "durationMs": 50.5972, "rawRequest": "GET / HTTP/1.1\rHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:05:53 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-3-MISSING-TARGET", "description": "Request line with no target (space but no path) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Request line with no target (space but no path) must be rejected", "scored": true, "durationMs": 50.5834, "rawRequest": "GET HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:05:53 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-3.2-FRAGMENT-IN-TARGET", "description": "Fragment (#) in request-target \u2014 not part of origin-form grammar", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 404, "expected": "400 or 2xx", "got": "404", "connectionState": "Open", "reason": "Expected 400 or 2xx, got 404 \u2014 Fragment (#) in request-target \u2014 not part of origin-form grammar", "scored": true, "durationMs": 51.238, "rawRequest": "GET /path#frag HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nContent-Length: 0\r\nDate: Thu, 12 Feb 2026 21:05:53 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-2.3-HTTP09-REQUEST", "description": "HTTP/0.9 request (no version) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/0.9 request (no version) must be rejected", "scored": true, "durationMs": 50.834, "rawRequest": "GET /\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:05:53 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-5-INVALID-HEADER-NAME", "description": "Header name with invalid characters (brackets) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Header name with invalid characters (brackets) must be rejected", "scored": true, "durationMs": 50.6348, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nBad[Name: value\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:05:53 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-5-HEADER-NO-COLON", "description": "Header line without colon must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Header line without colon must be rejected", "scored": true, "durationMs": 50.6964, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nNoColonHere\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:05:53 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "RFC9110-5.4-DUPLICATE-HOST", "description": "Duplicate Host headers with different values must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Duplicate Host headers with different values must be rejected", "scored": true, "durationMs": 50.8738, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nHost: other.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:05:53 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-6.1-CL-NON-NUMERIC", "description": "Non-numeric Content-Length must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Non-numeric Content-Length must be rejected", "scored": true, "durationMs": 50.8284, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: abc\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:05:53 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-6.1-CL-PLUS-SIGN", "description": "Content-Length with plus sign must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Content-Length with plus sign must be rejected", "scored": true, "durationMs": 52.5229, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: +5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:05:53 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-WHITESPACE-BEFORE-HEADERS", "description": "Whitespace before first header line must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Whitespace before first header line must be rejected", "scored": true, "durationMs": 50.5472, "rawRequest": "GET / HTTP/1.1\r\n \r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:05:53 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "COMP-DUPLICATE-HOST-SAME", "description": "Duplicate Host headers with identical values must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Duplicate Host headers with identical values must be rejected", "scored": true, "durationMs": 50.7728, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:05:54 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "COMP-HOST-WITH-USERINFO", "description": "Host header with userinfo (user@host) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Host header with userinfo (user@host) must be rejected", "scored": true, "durationMs": 50.8696, "rawRequest": "GET / HTTP/1.1\r\nHost: user@localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:05:54 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "COMP-HOST-WITH-PATH", "description": "Host header with path component must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Host header with path component must be rejected", "scored": true, "durationMs": 50.4779, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080/path\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:05:54 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "COMP-ASTERISK-WITH-GET", "description": "Asterisk-form (*) request-target with GET must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.4", "verdict": "Fail", "statusCode": 405, "expected": "400 or close", "got": "405", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 405 \u2014 Asterisk-form (*) request-target with GET must be rejected", "scored": true, "durationMs": 50.5336, "rawRequest": "GET * HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 405 Method Not Allowed\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:05:54 GMT\r\nServer: Kestrel\r\nAllow: OPTIONS\r\n\r\n", "behavioralNote": null}, {"id": "COMP-OPTIONS-STAR", "description": "OPTIONS * is the only valid asterisk-form request", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.4", "verdict": "Fail", "statusCode": 405, "expected": "2xx", "got": "405", "connectionState": "Open", "reason": "Expected 2xx, got 405 \u2014 OPTIONS * is the only valid asterisk-form request", "scored": true, "durationMs": 50.5558, "rawRequest": "OPTIONS * HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 405 Method Not Allowed\r\nContent-Length: 0\r\nDate: Thu, 12 Feb 2026 21:05:54 GMT\r\nServer: Kestrel\r\nAllow: GET, POST\r\n\r\n", "behavioralNote": null}, {"id": "COMP-UNKNOWN-TE-501", "description": "Unknown Transfer-Encoding without CL should be rejected with 501", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400/501 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Unknown Transfer-Encoding without CL should be rejected with 501", "scored": true, "durationMs": 50.7638, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: gzip\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:05:54 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "COMP-LEADING-CRLF", "description": "Leading CRLF before request-line \u2014 server may ignore per RFC", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Leading CRLF before request-line \u2014 server may ignore per RFC", "scored": true, "durationMs": 51.0067, "rawRequest": "\r\n\r\nGET / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:05:54 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-ABSOLUTE-FORM", "description": "Absolute-form request-target \u2014 server should accept per RFC", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Absolute-form request-target \u2014 server should accept per RFC", "scored": true, "durationMs": 51.6673, "rawRequest": "GET http://localhost:8080/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:05:54 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n", "behavioralNote": null}, {"id": "COMP-METHOD-CASE", "description": "Lowercase method 'get' \u2014 methods are case-sensitive per RFC", "category": "Compliance", "rfc": "RFC 9110 \u00a79.1", "verdict": "Warn", "statusCode": 200, "expected": "400/405/501 or 2xx", "got": "200", "connectionState": "Open", "reason": "Lowercase method 'get' \u2014 methods are case-sensitive per RFC", "scored": true, "durationMs": 50.6896, "rawRequest": "get / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:05:54 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-POST-CL-BODY", "description": "POST with Content-Length and matching body must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "POST with Content-Length and matching body must be accepted", "scored": true, "durationMs": 50.5437, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:05:54 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-POST-CL-ZERO", "description": "POST with Content-Length: 0 and no body must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "POST with Content-Length: 0 and no body must be accepted", "scored": true, "durationMs": 50.4767, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:05:54 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "COMP-POST-NO-CL-NO-TE", "description": "POST with neither Content-Length nor Transfer-Encoding \u2014 implicit zero-length body", "category": "Compliance", "rfc": "RFC 9112 \u00a76.3", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "POST with neither Content-Length nor Transfer-Encoding \u2014 implicit zero-length body", "scored": true, "durationMs": 50.567, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:05:54 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "COMP-POST-CL-UNDERSEND", "description": "POST with Content-Length: 10 but only 5 bytes sent \u2014 incomplete body", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "POST with Content-Length: 10 but only 5 bytes sent \u2014 incomplete body", "scored": true, "durationMs": 5001.0418, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 10\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-CHUNKED-BODY", "description": "Valid single-chunk POST must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid single-chunk POST must be accepted", "scored": true, "durationMs": 51.8296, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:05:59 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-CHUNKED-MULTI", "description": "Valid multi-chunk POST must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid multi-chunk POST must be accepted", "scored": true, "durationMs": 50.5902, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n6\r\n world\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:05:59 GMT\r\nServer: Kestrel\r\n\r\nhello world", "behavioralNote": null}, {"id": "COMP-CHUNKED-EMPTY", "description": "Zero-length chunked body (just terminator) must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "Zero-length chunked body (just terminator) must be accepted", "scored": true, "durationMs": 50.563, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:05:59 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-NO-FINAL", "description": "Chunked body without zero terminator \u2014 incomplete transfer", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Chunked body without zero terminator \u2014 incomplete transfer", "scored": true, "durationMs": 5001.0627, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-UPGRADE-POST", "description": "WebSocket upgrade via POST must not be accepted", "category": "Compliance", "rfc": "RFC 6455 \u00a74.1", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "WebSocket upgrade via POST must not be accepted", "scored": true, "durationMs": 50.8326, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 13\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:04 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "COMP-UPGRADE-MISSING-CONN", "description": "Upgrade header without Connection: Upgrade must not trigger protocol switch", "category": "Compliance", "rfc": "RFC 9110 \u00a77.8", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "Upgrade header without Connection: Upgrade must not trigger protocol switch", "scored": true, "durationMs": 51.1047, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 13\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:04 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-UPGRADE-UNKNOWN", "description": "Upgrade to unknown protocol must not return 101", "category": "Compliance", "rfc": "RFC 9110 \u00a77.8", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "Upgrade to unknown protocol must not return 101", "scored": true, "durationMs": 50.553, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: totally-made-up/1.0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:04 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-METHOD-CONNECT", "description": "CONNECT to an origin server must be rejected", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.6", "verdict": "Pass", "statusCode": 405, "expected": "400/405/501 or close", "got": "405", "connectionState": "Open", "reason": "CONNECT to an origin server must be rejected", "scored": true, "durationMs": 50.6154, "rawRequest": "CONNECT example.com:443 HTTP/1.1\r\nHost: example.com:443\r\n\r\n", "rawResponse": "HTTP/1.1 405 Method Not Allowed\r\nContent-Length: 0\r\nDate: Thu, 12 Feb 2026 21:06:04 GMT\r\nServer: Kestrel\r\nAllow: GET, POST\r\n\r\n", "behavioralNote": null}, {"id": "COMP-EXPECT-UNKNOWN", "description": "Unknown Expect value should be rejected with 417", "category": "Compliance", "rfc": "RFC 9110 \u00a710.1.1", "verdict": "Warn", "statusCode": 200, "expected": "417 or 2xx", "got": "200", "connectionState": "Open", "reason": "Unknown Expect value should be rejected with 417", "scored": true, "durationMs": 50.4924, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nExpect: 200-ok\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:04 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-GET-WITH-CL-BODY", "description": "GET with Content-Length and body \u2014 semantically unusual", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "GET with Content-Length and body \u2014 semantically unusual", "scored": false, "durationMs": 50.4628, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:05 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-EXTENSION", "description": "Chunk extension (valid per RFC) \u2014 server should accept or may reject", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx or 400", "got": "200", "connectionState": "Open", "reason": "Chunk extension (valid per RFC) \u2014 server should accept or may reject", "scored": true, "durationMs": 50.7131, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;ext=value\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:05 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-UPGRADE-INVALID-VER", "description": "WebSocket upgrade with unsupported version \u2014 should return 426", "category": "Compliance", "rfc": "RFC 6455 \u00a74.4", "verdict": "Warn", "statusCode": 200, "expected": "426 or 2xx", "got": "200", "connectionState": "Open", "reason": "WebSocket upgrade with unsupported version \u2014 should return 426", "scored": true, "durationMs": 50.5868, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 99\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:05 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-METHOD-TRACE", "description": "TRACE request \u2014 should be disabled in production", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.8", "verdict": "Pass", "statusCode": 405, "expected": "405/501 or 2xx", "got": "405", "connectionState": "Open", "reason": "TRACE request \u2014 should be disabled in production", "scored": false, "durationMs": 50.6518, "rawRequest": "TRACE / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 405 Method Not Allowed\r\nContent-Length: 0\r\nDate: Thu, 12 Feb 2026 21:06:05 GMT\r\nServer: Kestrel\r\nAllow: GET, POST\r\n\r\n", "behavioralNote": null}, {"id": "COMP-HOST-EMPTY-VALUE", "description": "Empty Host header value must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Empty Host header value must be rejected", "scored": true, "durationMs": 50.4216, "rawRequest": "GET / HTTP/1.1\r\nHost: \r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:05 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-REQUEST-LINE-TAB", "description": "Tab as request-line delimiter \u2014 SHOULD reject but MAY parse on whitespace", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Tab as request-line delimiter \u2014 SHOULD reject but MAY parse on whitespace", "scored": true, "durationMs": 50.6045, "rawRequest": "GET\t/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:05 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "COMP-VERSION-MISSING-MINOR", "description": "HTTP/1 with no minor version digit is invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/1 with no minor version digit is invalid", "scored": true, "durationMs": 50.4746, "rawRequest": "GET / HTTP/1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:05 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "COMP-VERSION-LEADING-ZEROS", "description": "HTTP/01.01 \u2014 leading zeros in version digits are invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/01.01 \u2014 leading zeros in version digits are invalid", "scored": true, "durationMs": 50.3841, "rawRequest": "GET / HTTP/01.01\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:05 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "COMP-VERSION-WHITESPACE", "description": "HTTP/ 1.1 \u2014 whitespace inside version token is invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/ 1.1 \u2014 whitespace inside version token is invalid", "scored": true, "durationMs": 50.3768, "rawRequest": "GET / HTTP/ 1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:05 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CONNECTION-CLOSE", "description": "Server must close connection after responding to Connection: close", "category": "Compliance", "rfc": "RFC 9112 \u00a79.3", "verdict": "Pass", "statusCode": 200, "expected": "2xx + close", "got": "200", "connectionState": "ClosedByServer", "reason": "Server must close connection after responding to Connection: close", "scored": true, "durationMs": 50.6001, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nConnection: close\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:05 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-HTTP10-DEFAULT-CLOSE", "description": "HTTP/1.0 without keep-alive \u2014 server should close connection after response", "category": "Compliance", "rfc": "RFC 9112 \u00a79.3", "verdict": "Pass", "statusCode": 200, "expected": "2xx + close", "got": "200", "connectionState": "ClosedByServer", "reason": "HTTP/1.0 without keep-alive \u2014 server should close connection after response", "scored": true, "durationMs": 50.6256, "rawRequest": "GET / HTTP/1.0\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nConnection: close\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:05 GMT\r\nServer: Kestrel\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HTTP10-NO-HOST", "description": "HTTP/1.0 without Host header \u2014 valid per HTTP/1.0", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Warn", "statusCode": 200, "expected": "200 or 400", "got": "200", "connectionState": "ClosedByServer", "reason": "HTTP/1.0 without Host header \u2014 valid per HTTP/1.0", "scored": false, "durationMs": 50.4733, "rawRequest": "GET / HTTP/1.0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nConnection: close\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:05 GMT\r\nServer: Kestrel\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HTTP12-VERSION", "description": "HTTP/1.2 \u2014 higher minor version should be accepted as HTTP/1.x compatible", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Warn", "statusCode": 505, "expected": "200 or 505", "got": "505", "connectionState": "ClosedByServer", "reason": "HTTP/1.2 \u2014 higher minor version should be accepted as HTTP/1.x compatible", "scored": false, "durationMs": 50.5612, "rawRequest": "GET / HTTP/1.2\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 505 HTTP Version Not Supported\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:05 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "COMP-TRACE-WITH-BODY", "description": "TRACE with Content-Length body should be rejected", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.8", "verdict": "Pass", "statusCode": 405, "expected": "400/405 or 200", "got": "405", "connectionState": "Open", "reason": "TRACE with Content-Length body should be rejected", "scored": false, "durationMs": 50.69, "rawRequest": "TRACE / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 405 Method Not Allowed\r\nContent-Length: 0\r\nDate: Thu, 12 Feb 2026 21:06:05 GMT\r\nServer: Kestrel\r\nAllow: GET, POST\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-TRAILER-VALID", "description": "Valid chunked body with trailer field should be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid chunked body with trailer field should be accepted", "scored": true, "durationMs": 50.55, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nX-Checksum: abc\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:05 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-CHUNKED-HEX-UPPERCASE", "description": "Chunk size with uppercase hex (A = 10) should be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Chunk size with uppercase hex (A = 10) should be accepted", "scored": true, "durationMs": 50.5699, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\nA\r\nhelloworld\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 10\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:05 GMT\r\nServer: Kestrel\r\n\r\nhelloworld", "behavioralNote": null}, {"id": "SMUG-CL-TE-BOTH", "description": "Both Content-Length and Transfer-Encoding present \u2014 server MAY reject or process with TE alone", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Both Content-Length and Transfer-Encoding present \u2014 server MAY reject or process with TE alone", "scored": true, "durationMs": 50.9074, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 6\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:05 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": "Used TE (chunked 0-length \u2192 empty body)"}, {"id": "SMUG-DUPLICATE-CL", "description": "Duplicate Content-Length with different values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Duplicate Content-Length with different values must be rejected", "scored": true, "durationMs": 50.5989, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nContent-Length: 10\r\n\r\nhelloworld", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:05 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-LEADING-ZEROS", "description": "Content-Length with leading zeros \u2014 valid per 1*DIGIT grammar but may cause parser disagreement", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with leading zeros \u2014 valid per 1*DIGIT grammar but may cause parser disagreement", "scored": true, "durationMs": 50.5974, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 005\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:05 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TE-XCHUNKED", "description": "Transfer-Encoding: xchunked must not be treated as chunked", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: xchunked must not be treated as chunked", "scored": true, "durationMs": 50.6735, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: xchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:05 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-TRAILING-SPACE", "description": "Transfer-Encoding: 'chunked ' (trailing space) must not be treated as chunked", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: 'chunked ' (trailing space) must not be treated as chunked", "scored": true, "durationMs": 56.9713, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked \r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:06 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-SP-BEFORE-COLON", "description": "Transfer-Encoding with space before colon must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with space before colon must be rejected", "scored": true, "durationMs": 50.3571, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding : chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:06 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-NEGATIVE", "description": "Negative Content-Length must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Negative Content-Length must be rejected", "scored": true, "durationMs": 50.4327, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: -1\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:06 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CLTE-PIPELINE", "description": "CL.TE smuggling probe \u2014 follow-up should not receive smuggled response", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 CL.TE smuggling probe \u2014 follow-up should not receive smuggled response", "scored": true, "durationMs": 0.4616, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 4\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:06 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TECL-PIPELINE", "description": "TE.CL smuggling probe \u2014 TE: chunked + CL: 30 with pipelined GET", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 TE.CL smuggling probe \u2014 TE: chunked + CL: 30 with pipelined GET", "scored": true, "durationMs": 0.3813, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nContent-Length: 30\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:06 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-TRAILING-SPACE", "description": "Content-Length with trailing space \u2014 OWS trimming is valid per RFC 9110 \u00a75.5", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with trailing space \u2014 OWS trimming is valid per RFC 9110 \u00a75.5", "scored": true, "durationMs": 50.4264, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5 \r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:06 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TE-DOUBLE-CHUNKED", "description": "Transfer-Encoding: chunked, chunked with CL is ambiguous", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: chunked, chunked with CL is ambiguous", "scored": true, "durationMs": 50.9583, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked, chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:06 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-EXTRA-LEADING-SP", "description": "Content-Length with extra leading whitespace (double space OWS)", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with extra leading whitespace (double space OWS)", "scored": true, "durationMs": 50.5576, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length:  5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:06 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TE-CASE-MISMATCH", "description": "Transfer-Encoding: Chunked (capital C) with CL \u2014 case-insensitive is valid", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: Chunked (capital C) with CL \u2014 case-insensitive is valid", "scored": true, "durationMs": 50.8788, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: Chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:06 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-COMMA-DIFFERENT", "description": "Content-Length with comma-separated different values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with comma-separated different values must be rejected", "scored": true, "durationMs": 50.3231, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5, 10\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:06 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-NOT-FINAL-CHUNKED", "description": "Transfer-Encoding where chunked is not final \u2014 server MUST respond with 400 (RFC 9112 \u00a76.3)", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding where chunked is not final \u2014 server MUST respond with 400 (RFC 9112 \u00a76.3)", "scored": true, "durationMs": 50.597, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked, gzip\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:06 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-HTTP10", "description": "Transfer-Encoding in HTTP/1.0 request must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding in HTTP/1.0 request must be rejected", "scored": true, "durationMs": 50.805, "rawRequest": "POST / HTTP/1.0\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:06 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-BARE-SEMICOLON", "description": "Chunk size with bare semicolon and no extension name must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Chunk size with bare semicolon and no extension name must be rejected", "scored": true, "durationMs": 50.5703, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:06 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-BARE-CR-HEADER-VALUE", "description": "Bare CR in header value must be rejected or replaced with SP", "category": "Smuggling", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare CR in header value must be rejected or replaced with SP", "scored": true, "durationMs": 50.7052, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nX-Test: val\rue\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:06 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-OCTAL", "description": "Content-Length with octal prefix (0o5) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with octal prefix (0o5) must be rejected", "scored": true, "durationMs": 50.372, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0o5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:06 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-UNDERSCORE", "description": "Chunk size with underscores (1_0) must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size with underscores (1_0) must be rejected", "scored": true, "durationMs": 50.9501, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n1_0\r\nhello world!!!!!\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:06 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-EMPTY-VALUE", "description": "Transfer-Encoding with empty value must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with empty value must be rejected", "scored": true, "durationMs": 50.3571, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:06 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-LEADING-COMMA", "description": "Transfer-Encoding with leading comma (, chunked) \u2014 RFC says empty list elements MUST be ignored", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.6.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with leading comma (, chunked) \u2014 RFC says empty list elements MUST be ignored", "scored": true, "durationMs": 51.0878, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: , chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:06 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-DUPLICATE-HEADERS", "description": "Two Transfer-Encoding headers with CL present \u2014 ambiguous framing", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Two Transfer-Encoding headers with CL present \u2014 ambiguous framing", "scored": true, "durationMs": 50.4488, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nTransfer-Encoding: identity\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:06 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-HEX-PREFIX", "description": "Chunk size with 0x prefix must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size with 0x prefix must be rejected", "scored": true, "durationMs": 50.818, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n0x5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:06 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-HEX-PREFIX", "description": "Content-Length with hex prefix (0x5) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with hex prefix (0x5) must be rejected", "scored": true, "durationMs": 50.6808, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0x5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:06 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-INTERNAL-SPACE", "description": "Content-Length with internal space (1 0) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with internal space (1 0) must be rejected", "scored": true, "durationMs": 50.5266, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 1 0\r\n\r\nhello12345", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:07 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-LEADING-SP", "description": "Chunk size with leading space must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size with leading space must be rejected", "scored": true, "durationMs": 50.8318, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n 5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:07 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-MISSING-TRAILING-CRLF", "description": "Chunk data without trailing CRLF must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk data without trailing CRLF must be rejected", "scored": true, "durationMs": 50.7802, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:07 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-LF", "description": "Bare LF in chunk extension \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare LF in chunk extension \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 51.2805, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:07 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-SPILL", "description": "Chunk declares size 5 but sends 7 bytes \u2014 oversized chunk data must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk declares size 5 but sends 7 bytes \u2014 oversized chunk data must be rejected", "scored": true, "durationMs": 50.7555, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello!!\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:07 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-LF-TERM", "description": "Bare LF as chunk data terminator \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare LF as chunk data terminator \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 50.7244, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:07 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-CTRL", "description": "NUL byte in chunk extension must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 NUL byte in chunk extension must be rejected", "scored": true, "durationMs": 50.4353, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\u0000ext\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:07 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-CR", "description": "Bare CR (not CRLF) in chunk extension \u2014 some parsers treat CR alone as line ending", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare CR (not CRLF) in chunk extension \u2014 some parsers treat CR alone as line ending", "scored": true, "durationMs": 50.8682, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;a\rX\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:07 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-VTAB", "description": "Vertical tab before 'chunked' in TE value \u2014 control char obfuscation vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Vertical tab before 'chunked' in TE value \u2014 control char obfuscation vector", "scored": true, "durationMs": 50.4556, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \u000bchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:07 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-FORMFEED", "description": "Form feed before 'chunked' in TE value \u2014 control char obfuscation vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Form feed before 'chunked' in TE value \u2014 control char obfuscation vector", "scored": true, "durationMs": 50.4942, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \fchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:07 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-NULL", "description": "NUL byte appended to 'chunked' in TE value \u2014 C-string truncation attack", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "NUL byte appended to 'chunked' in TE value \u2014 C-string truncation attack", "scored": true, "durationMs": 50.4, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\u0000\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:07 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-LF-TRAILER", "description": "Bare LF in chunked trailer termination \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Bare LF in chunked trailer termination \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 5000.0705, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-IDENTITY", "description": "Transfer-Encoding: identity (deprecated) with CL must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: identity (deprecated) with CL must be rejected", "scored": true, "durationMs": 50.3507, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: identity\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:12 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-NEGATIVE", "description": "Negative chunk size must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Negative chunk size must be rejected", "scored": true, "durationMs": 50.6773, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n-1\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:12 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRANSFER_ENCODING", "description": "Transfer_Encoding (underscore) header with CL \u2014 not a valid header but some parsers accept", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer_Encoding (underscore) header with CL \u2014 not a valid header but some parsers accept", "scored": false, "durationMs": 50.6048, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer_Encoding: chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:12 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-CL-COMMA-SAME", "description": "Content-Length with comma-separated identical values \u2014 some servers merge", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with comma-separated identical values \u2014 some servers merge", "scored": false, "durationMs": 50.5078, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5, 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:12 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNKED-WITH-PARAMS", "description": "Transfer-Encoding: chunked;ext=val \u2014 parameters on chunked encoding", "category": "Smuggling", "rfc": "RFC 9112 \u00a77", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: chunked;ext=val \u2014 parameters on chunked encoding", "scored": true, "durationMs": 50.5134, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked;ext=val\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:12 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-EXPECT-100-CL", "description": "Expect: 100-continue with Content-Length \u2014 server should send 100 then read body", "category": "Smuggling", "rfc": "RFC 9110 \u00a710.1.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Expect: 100-continue with Content-Length \u2014 server should send 100 then read body", "scored": false, "durationMs": 50.463, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nExpect: 100-continue\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:12 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TRAILER-CL", "description": "Content-Length in chunked trailers must be ignored \u2014 prohibited trailer field", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length in chunked trailers must be ignored \u2014 prohibited trailer field", "scored": false, "durationMs": 50.5165, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nContent-Length: 50\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:12 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TRAILER-TE", "description": "Transfer-Encoding in chunked trailers must be ignored \u2014 prohibited trailer field", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer-Encoding in chunked trailers must be ignored \u2014 prohibited trailer field", "scored": false, "durationMs": 50.5979, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nTransfer-Encoding: chunked\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:12 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TRAILER-HOST", "description": "Host header in chunked trailers must not be used for routing", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Host header in chunked trailers must not be used for routing", "scored": false, "durationMs": 50.8176, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nHost: evil.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:12 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TRAILER-AUTH", "description": "Authorization header in chunked trailers \u2014 prohibited per RFC 9110 \u00a76.5.1", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Authorization header in chunked trailers \u2014 prohibited per RFC 9110 \u00a76.5.1", "scored": false, "durationMs": 50.4916, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nAuthorization: Bearer evil\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:13 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-HEAD-CL-BODY", "description": "HEAD request with Content-Length and body \u2014 server must not leave body on connection", "category": "Smuggling", "rfc": "RFC 9110 \u00a79.3.2", "verdict": "Fail", "statusCode": 405, "expected": "400 or 2xx", "got": "405", "connectionState": "Open", "reason": "Expected 400 or 2xx, got 405 \u2014 HEAD request with Content-Length and body \u2014 server must not leave body on connection", "scored": false, "durationMs": 50.5122, "rawRequest": "HEAD / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 405 Method Not Allowed\r\nDate: Thu, 12 Feb 2026 21:06:13 GMT\r\nServer: Kestrel\r\nAllow: GET, POST\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-OPTIONS-CL-BODY", "description": "OPTIONS with Content-Length and body \u2014 server should consume or reject body", "category": "Smuggling", "rfc": "RFC 9110 \u00a79.3.7", "verdict": "Fail", "statusCode": 405, "expected": "400 or 2xx", "got": "405", "connectionState": "Open", "reason": "Expected 400 or 2xx, got 405 \u2014 OPTIONS with Content-Length and body \u2014 server should consume or reject body", "scored": false, "durationMs": 50.4106, "rawRequest": "OPTIONS / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 405 Method Not Allowed\r\nContent-Length: 0\r\nDate: Thu, 12 Feb 2026 21:06:13 GMT\r\nServer: Kestrel\r\nAllow: GET, POST\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-UNDERSCORE", "description": "Content-Length with underscore digit separator (1_0) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with underscore digit separator (1_0) must be rejected", "scored": true, "durationMs": 50.3345, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 1_0\r\n\r\nhelloworld", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:13 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-NEGATIVE-ZERO", "description": "Content-Length: -0 must be rejected \u2014 not valid 1*DIGIT", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Content-Length: -0 must be rejected \u2014 not valid 1*DIGIT", "scored": true, "durationMs": 50.3982, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: -0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:13 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-DOUBLE-ZERO", "description": "Content-Length: 00 \u2014 matches 1*DIGIT but leading zero ambiguity", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length: 00 \u2014 matches 1*DIGIT but leading zero ambiguity", "scored": true, "durationMs": 50.5182, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 00\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:13 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-LEADING-ZEROS-OCTAL", "description": "Content-Length: 0200 \u2014 octal 128 vs decimal 200, parser disagreement vector", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length: 0200 \u2014 octal 128 vs decimal 200, parser disagreement vector", "scored": true, "durationMs": 50.6327, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0200\r\n\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 200\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:13 GMT\r\nServer: Kestrel\r\n\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "behavioralNote": null}, {"id": "SMUG-TE-OBS-FOLD", "description": "Transfer-Encoding with obs-fold line wrapping must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a75.1", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with obs-fold line wrapping must be rejected", "scored": true, "durationMs": 50.3608, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding:\r\n chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:13 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-TRAILING-COMMA", "description": "Transfer-Encoding: chunked, \u2014 trailing comma produces empty list element", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.6.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: chunked, \u2014 trailing comma produces empty list element", "scored": true, "durationMs": 50.6948, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked,\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:13 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-TAB-BEFORE-VALUE", "description": "Transfer-Encoding with tab as OWS before value", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with tab as OWS before value", "scored": false, "durationMs": 50.7319, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding:\tchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:13 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-ABSOLUTE-URI-HOST-MISMATCH", "description": "Absolute-form URI with different Host header \u2014 routing confusion vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a73.2.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Absolute-form URI with different Host header \u2014 routing confusion vector", "scored": false, "durationMs": 50.7775, "rawRequest": "GET http://other.example.com/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:13 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-MULTIPLE-HOST-COMMA", "description": "Host header with comma-separated values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a77.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Host header with comma-separated values must be rejected", "scored": true, "durationMs": 50.3249, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080, other.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:13 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-BARE-CR-TERM", "description": "Chunk size line terminated by bare CR \u2014 not a valid line terminator", "category": "Smuggling", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size line terminated by bare CR \u2014 not a valid line terminator", "scored": true, "durationMs": 50.6562, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\rhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:13 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-CONTENT-TYPE", "description": "Content-Type in chunked trailer \u2014 prohibited per RFC 9110 \u00a76.5.1", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Type in chunked trailer \u2014 prohibited per RFC 9110 \u00a76.5.1", "scored": false, "durationMs": 50.5449, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nContent-Type: text/evil\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:13 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "MAL-BINARY-GARBAGE", "description": "Random binary garbage should be rejected or connection closed", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "Random binary garbage should be rejected or connection closed", "scored": true, "durationMs": 50.7432, "rawRequest": ">\u0017???\u0004?;???V???:o?M%U\u0017]?n?\t\u0014W??6??(\u000b??\u0007???p??\u0005\tngk??\rF?'??'\"?????g?\u001a?????rvc??7i??????)??\u0000Q?????\u000eq\u0005-~????>B??u?8???`\u000b?J\u0017>?\u001d?b?\t???T5{\n????\u0006t|????\u0018\u0010?D??\u0015'????dQ%5w\tN K???\r?\u0011????D?\u0003I?(?\u0011??\r?\u001bi?L???\u0005?kg4Ze\f6??\"QT><<`\u0007u\f????=1?jMah\u0012??+?-??J\u001cP??\u001d?7?,???j2\u0014????(", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:13 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-LONG-URL", "description": "100KB URL should be rejected with 414 URI Too Long", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 414, "expected": "400/414/431 or close", "got": "414", "connectionState": "ClosedByServer", "reason": "100KB URL should be rejected with 414 URI Too Long", "scored": true, "durationMs": 51.0139, "rawRequest": "GET /AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 414 URI Too Long\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:13 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-LONG-HEADER-VALUE", "description": "100KB header value should be rejected with 431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 431, "expected": "400/431 or close", "got": "431", "connectionState": "ClosedByServer", "reason": "100KB header value should be rejected with 431", "scored": true, "durationMs": 50.9136, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Big: BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB", "rawResponse": "HTTP/1.1 431 Request Header Fields Too Large\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:13 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-MANY-HEADERS", "description": "10,000 headers should be rejected with 431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 431, "expected": "400/431 or close", "got": "431", "connectionState": "ClosedByServer", "reason": "10,000 headers should be rejected with 431", "scored": true, "durationMs": 51.5534, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-H-0: value\r\nX-H-1: value\r\nX-H-2: value\r\nX-H-3: value\r\nX-H-4: value\r\nX-H-5: value\r\nX-H-6: value\r\nX-H-7: value\r\nX-H-8: value\r\nX-H-9: value\r\nX-H-10: value\r\nX-H-11: value\r\nX-H-12: value\r\nX-H-13: value\r\nX-H-14: value\r\nX-H-15: value\r\nX-H-16: value\r\nX-H-17: value\r\nX-H-18: value\r\nX-H-19: value\r\nX-H-20: value\r\nX-H-21: value\r\nX-H-22: value\r\nX-H-23: value\r\nX-H-24: value\r\nX-H-25: value\r\nX-H-26: value\r\nX-H-27: value\r\nX-H-28: value\r\nX-H-29: value\r\nX-H-30: value\r\nX-H-31: value\r\nX-H-32: value\r\nX-H-33: value\r\nX-H-34: value\r\nX-H-35: value\r\nX-H-36: value\r\nX-H-37: value\r\nX-H-38: value\r\nX-H-39: value\r\nX-H-40: value\r\nX-H-41: value\r\nX-H-42: value\r\nX-H-43: value\r\nX-H-44: value\r\nX-H-45: value\r\nX-H-46: value\r\nX-H-47: value\r\nX-H-48: value\r\nX-H-49: value\r\nX-H-50: value\r\nX-H-51: value\r\nX-H-52: value\r\nX-H-53: value\r\nX-H-54: value\r\nX-H-55: value\r\nX-H-56: value\r\nX-H-57: value\r\nX-H-58: value\r\nX-H-59: value\r\nX-H-60: value\r\nX-H-61: value\r\nX-H-62: value\r\nX-H-63: value\r\nX-H-64: value\r\nX-H-65: value\r\nX-H-66: value\r\nX-H-67: value\r\nX-H-68: value\r\nX-H-69: value\r\nX-H-70: value\r\nX-H-71: value\r\nX-H-72: value\r\nX-H-73: value\r\nX-H-74: value\r\nX-H-75: value\r\nX-H-76: value\r\nX-H-77: value\r\nX-H-78: value\r\nX-H-79: value\r\nX-H-80: value\r\nX-H-81: value\r\nX-H-82: value\r\nX-H-83: value\r\nX-H-84: value\r\nX-H-85: value\r\nX-H-86: value\r\nX-H-87: value\r\nX-H-88: value\r\nX-H-89: value\r\nX-H-90: value\r\nX-H-91: value\r\nX-H-92: value\r\nX-H-93: value\r\nX-H-94: value\r\nX-H-95: value\r\nX-H-96: value\r\nX-H-97: value\r\nX-H-98: value\r\nX-H-99: value\r\nX-H-100: value\r\nX-H-101: value\r\nX-H-102: value\r\nX-H-103: value\r\nX-H-104: value\r\nX-H-105: value\r\nX-H-106: value\r\nX-H-107: value\r\nX-H-108: value\r\nX-H-109: value\r\nX-H-110: value\r\nX-H-111: value\r\nX-H-112: value\r\nX-H-113: value\r\nX-H-114: value\r\nX-H-115: value\r\nX-H-116: value\r\nX-H-117: value\r\nX-H-118: value\r\nX-H-119: value\r\nX-H-120: value\r\nX-H-121: value\r\nX-H-122: value\r\nX-H-123: value\r\nX-H-124: value\r\nX-H-125: value\r\nX-H-126: value\r\nX-H-127: value\r\nX-H-128: value\r\nX-H-129: value\r\nX-H-130: value\r\nX-H-131: value\r\nX-H-132: value\r\nX-H-133: value\r\nX-H-134: value\r\nX-H-135: value\r\nX-H-136: value\r\nX-H-137: value\r\nX-H-138: value\r\nX-H-139: value\r\nX-H-140: value\r\nX-H-141: value\r\nX-H-142: value\r\nX-H-143: value\r\nX-H-144: value\r\nX-H-145: value\r\nX-H-146: value\r\nX-H-147: value\r\nX-H-148: value\r\nX-H-149: value\r\nX-H-150: value\r\nX-H-151: value\r\nX-H-152: value\r\nX-H-153: value\r\nX-H-154: value\r\nX-H-155: value\r\nX-H-156: value\r\nX-H-157: value\r\nX-H-158: value\r\nX-H-159: value\r\nX-H-160: value\r\nX-H-161: value\r\nX-H-162: value\r\nX-H-163: value\r\nX-H-164: value\r\nX-H-165: value\r\nX-H-166: value\r\nX-H-167: value\r\nX-H-168: value\r\nX-H-169: value\r\nX-H-170: value\r\nX-H-171: value\r\nX-H-172: value\r\nX-H-173: value\r\nX-H-174: value\r\nX-H-175: value\r\nX-H-176: value\r\nX-H-177: value\r\nX-H-178: value\r\nX-H-179: value\r\nX-H-180: value\r\nX-H-181: value\r\nX-H-182: value\r\nX-H-183: value\r\nX-H-184: value\r\nX-H-185: value\r\nX-H-186: value\r\nX-H-187: value\r\nX-H-188: value\r\nX-H-189: value\r\nX-H-190: value\r\nX-H-191: value\r\nX-H-192: value\r\nX-H-193: value\r\nX-H-194: value\r\nX-H-195: value\r\nX-H-196: value\r\nX-H-197: value\r\nX-H-198: value\r\nX-H-199: value\r\nX-H-200: value\r\nX-H-201: value\r\nX-H-202: value\r\nX-H-203: value\r\nX-H-204: value\r\nX-H-205: value\r\nX-H-206: value\r\nX-H-207: value\r\nX-H-208: value\r\nX-H-209: value\r\nX-H-210: value\r\nX-H-211: value\r\nX-H-212: value\r\nX-H-213: value\r\nX-H-214: value\r\nX-H-215: value\r\nX-H-216: value\r\nX-H-217: value\r\nX-H-218: value\r\nX-H-219: value\r\nX-H-220: value\r\nX-H-221: value\r\nX-H-222: value\r\nX-H-223: value\r\nX-H-224: value\r\nX-H-225: value\r\nX-H-226: value\r\nX-H-227: value\r\nX-H-228: value\r\nX-H-229: value\r\nX-H-230: value\r\nX-H-231: value\r\nX-H-232: value\r\nX-H-233: value\r\nX-H-234: value\r\nX-H-235: value\r\nX-H-236: value\r\nX-H-237: value\r\nX-H-238: value\r\nX-H-239: value\r\nX-H-240: value\r\nX-H-241: value\r\nX-H-242: value\r\nX-H-243: value\r\nX-H-244: value\r\nX-H-245: value\r\nX-H-246: value\r\nX-H-247: value\r\nX-H-248: value\r\nX-H-249: value\r\nX-H-250: value\r\nX-H-251: value\r\nX-H-252: value\r\nX-H-253: value\r\nX-H-254: value\r\nX-H-255: value\r\nX-H-256: value\r\nX-H-257: value\r\nX-H-258: value\r\nX-H-259: value\r\nX-H-260: value\r\nX-H-261: value\r\nX-H-262: value\r\nX-H-263: value\r\nX-H-264: value\r\nX-H-265: value\r\nX-H-266: value\r\nX-H-267: value\r\nX-H-268: value\r\nX-H-269: value\r\nX-H-270: value\r\nX-H-271: value\r\nX-H-272: value\r\nX-H-273: value\r\nX-H-274: value\r\nX-H-275: value\r\nX-H-276: value\r\nX-H-277: value\r\nX-H-278: value\r\nX-H-279: value\r\nX-H-280: value\r\nX-H-281: value\r\nX-H-282: value\r\nX-H-283: value\r\nX-H-284: value\r\nX-H-285: value\r\nX-H-286: value\r\nX-H-287: value\r\nX-H-288: value\r\nX-H-289: value\r\nX-H-290: value\r\nX-H-291: value\r\nX-H-292: value\r\nX-H-293: value\r\nX-H-294: value\r\nX-H-295: value\r\nX-H-296: value\r\nX-H-297: value\r\nX-H-298: value\r\nX-H-299: value\r\nX-H-300: value\r\nX-H-301: value\r\nX-H-302: value\r\nX-H-303: value\r\nX-H-304: value\r\nX-H-305: value\r\nX-H-306: value\r\nX-H-307: value\r\nX-H-308: value\r\nX-H-309: value\r\nX-H-310: value\r\nX-H-311: value\r\nX-H-312: value\r\nX-H-313: value\r\nX-H-314: value\r\nX-H-315: value\r\nX-H-316: value\r\nX-H-317: value\r\nX-H-318: value\r\nX-H-319: value\r\nX-H-320: value\r\nX-H-321: value\r\nX-H-322: value\r\nX-H-323: value\r\nX-H-324: value\r\nX-H-325: value\r\nX-H-326: value\r\nX-H-327: value\r\nX-H-328: value\r\nX-H-329: value\r\nX-H-330: value\r\nX-H-331: value\r\nX-H-332: value\r\nX-H-333: value\r\nX-H-334: value\r\nX-H-335: value\r\nX-H-336: value\r\nX-H-337: value\r\nX-H-338: value\r\nX-H-339: value\r\nX-H-340: value\r\nX-H-341: value\r\nX-H-342: value\r\nX-H-343: value\r\nX-H-344: value\r\nX-H-345: value\r\nX-H-346: value\r\nX-H-347: value\r\nX-H-348: value\r\nX-H-349: value\r\nX-H-350: value\r\nX-H-351: value\r\nX-H-352: value\r\nX-H-353: value\r\nX-H-354: value\r\nX-H-355: value\r\nX-H-356: value\r\nX-H-357: value\r\nX-H-358: value\r\nX-H-359: value\r\nX-H-360: value\r\nX-H-361: value\r\nX-H-362: value\r\nX-H-363: value\r\nX-H-364: value\r\nX-H-365: value\r\nX-H-366: value\r\nX-H-367: value\r\nX-H-368: value\r\nX-H-369: value\r\nX-H-370: value\r\nX-H-371: value\r\nX-H-372: value\r\nX-H-373: value\r\nX-H-374: value\r\nX-H-375: value\r\nX-H-376: value\r\nX-H-377: value\r\nX-H-378: value\r\nX-H-379: value\r\nX-H-380: value\r\nX-H-381: value\r\nX-H-382: value\r\nX-H-383: value\r\nX-H-384: value\r\nX-H-385: value\r\nX-H-386: value\r\nX-H-387: value\r\nX-H-388: value\r\nX-H-389: value\r\nX-H-390: value\r\nX-H-391: value\r\nX-H-392: value\r\nX-H-393: value\r\nX-H-394: value\r\nX-H-395: value\r\nX-H-396: value\r\nX-H-397: value\r\nX-H-398: value\r\nX-H-399: value\r\nX-H-400: value\r\nX-H-401: value\r\nX-H-402: value\r\nX-H-403: value\r\nX-H-404: value\r\nX-H-405: value\r\nX-H-406: value\r\nX-H-407: value\r\nX-H-408: value\r\nX-H-409: value\r\nX-H-410: value\r\nX-H-411: value\r\nX-H-412: value\r\nX-H-413: value\r\nX-H-414: value\r\nX-H-415: value\r\nX-H-416: value\r\nX-H-417: value\r\nX-H-418: value\r\nX-H-419: value\r\nX-H-420: value\r\nX-H-421: value\r\nX-H-422: value\r\nX-H-423: value\r\nX-H-424: value\r\nX-H-425: value\r\nX-H-426: value\r\nX-H-427: value\r\nX-H-428: value\r\nX-H-429: value\r\nX-H-430: value\r\nX-H-431: value\r\nX-H-432: value\r\nX-H-433: value\r\nX-H-434: value\r\nX-H-435: value\r\nX-H-436: value\r\nX-H-437: value\r\nX-H-438: value\r\nX-H-439: value\r\nX-H-440: value\r\nX-H-441: value\r\nX-H-442: value\r\nX-H-443: value\r\nX-H-444: value\r\nX-H-445: value\r\nX-H-446: value\r\nX-H-447: value\r\nX-H-448: value\r\nX-H-449: value\r\nX-H-450: value\r\nX-H-451: value\r\nX-H-452: value\r\nX-H-453: value\r\nX-H-454: value\r\nX-H-455: value\r\nX-H-456: value\r\nX-H-457: value\r\nX-H-458: value\r\nX-H-459: value\r\nX-H-460: value\r\nX-H-461: value\r\nX-H-462: value\r\nX-H-463: value\r\nX-H-464: value\r\nX-H-465: value\r\nX-H-466: value\r\nX-H-467: value\r\nX-H-468: value\r\nX-H-469: value\r\nX-H-470: value\r\nX-H-471: value\r\nX-H-472: value\r\nX-H-473: value\r\nX-H-474: value\r\nX-H-475: value\r\nX-H-476: value\r\nX-H-477: value\r\nX-H-478: value\r\nX-H-479: value\r\nX-H-480: value\r\nX-H-481: value\r\nX-H-482: value\r\nX-H-483: value\r\nX-H-484: value\r\nX-H-485: value\r\nX-H-486: value\r\nX-H-487: value\r\nX-H-488: value\r\nX-H-489: value\r\nX-H-490: value\r\nX-H-491: value\r\nX-H-492: value\r\nX-H-493: value\r\nX-H-494: value\r\nX-H-495: value\r\nX-H-496: value\r\nX-H-497: value\r\nX-H-498: value\r\nX-H-499: value\r\nX-H-500: value\r\nX-H-501: value\r\nX-H-502: value\r\nX-H-503: value\r\nX-H-504: value\r\nX-H-505: value\r\nX-H-506: value\r\nX-H-507: value\r\nX-H-508: value\r\nX-H-509: value\r\nX-H-510: value\r\nX-H-511: value\r\nX-H-512: value\r\nX-H-513: value\r\nX-H-514: value\r\nX-H-515: value\r\nX-H-516:", "rawResponse": "HTTP/1.1 431 Request Header Fields Too Large\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:13 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-NUL-IN-URL", "description": "NUL byte in URL should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "NUL byte in URL should be rejected", "scored": true, "durationMs": 50.4295, "rawRequest": "GET /\u0000test HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:13 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-CONTROL-CHARS-HEADER", "description": "Control characters in header value should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Control characters in header value should be rejected", "scored": true, "durationMs": 51.485, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: abc\u0007\b?f\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:13 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-INCOMPLETE-REQUEST", "description": "Partial HTTP request \u2014 request-line and headers but no final CRLF", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Partial HTTP request \u2014 request-line and headers but no final CRLF", "scored": true, "durationMs": 5000.7124, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: value", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-EMPTY-REQUEST", "description": "Zero bytes \u2014 TCP connection established without sending any data", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Zero bytes \u2014 TCP connection established without sending any data", "scored": true, "durationMs": 5000.452, "rawRequest": "", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-LONG-HEADER-NAME", "description": "100KB header name should be rejected with 400/431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 431, "expected": "400/431 or close", "got": "431", "connectionState": "ClosedByServer", "reason": "100KB header name should be rejected with 400/431", "scored": true, "durationMs": 50.7265, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 431 Request Header Fields Too Large\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:24 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-LONG-METHOD", "description": "100KB method name should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 414, "expected": "400 or close", "got": "414", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 414 \u2014 100KB method name should be rejected", "scored": true, "durationMs": 50.9427, "rawRequest": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 414 URI Too Long\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:24 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-NON-ASCII-HEADER-NAME", "description": "Non-ASCII bytes (UTF-8 \u00eb) in header name must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Non-ASCII bytes (UTF-8 \u00eb) in header name must be rejected", "scored": true, "durationMs": 50.6813, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-T??st: value\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:24 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-NON-ASCII-URL", "description": "Non-ASCII bytes (UTF-8 \u00e9) in URL must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Non-ASCII bytes (UTF-8 \u00e9) in URL must be rejected", "scored": true, "durationMs": 50.7907, "rawRequest": "GET /caf?? HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:24 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-CL-OVERFLOW", "description": "Content-Length with integer overflow value must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with integer overflow value must be rejected", "scored": true, "durationMs": 50.5514, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 99999999999999999999\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:24 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-WHITESPACE-ONLY-LINE", "description": "Whitespace-only request line should be rejected or timeout", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "Whitespace-only request line should be rejected or timeout", "scored": true, "durationMs": 49.526, "rawRequest": "   \r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:24 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-NUL-IN-HEADER-VALUE", "description": "NUL byte in header value should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "NUL byte in header value should be rejected", "scored": true, "durationMs": 50.3307, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: val\u0000ue\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:24 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-CHUNK-SIZE-OVERFLOW", "description": "Chunk size with integer overflow must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 500, "expected": "400 or close", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 500 \u2014 Chunk size with integer overflow must be rejected", "scored": true, "durationMs": 50.7695, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\nFFFFFFFFFFFFFFFF0\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 500 Internal Server Error\r\nContent-Length: 0\r\nDate: Thu, 12 Feb 2026 21:06:24 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-H2-PREFACE", "description": "HTTP/2 connection preface sent to HTTP/1.1 server must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/505/close/timeout", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "HTTP/2 connection preface sent to HTTP/1.1 server must be rejected", "scored": true, "durationMs": 0.363, "rawRequest": "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-CL-EMPTY", "description": "Empty Content-Length value must be rejected", "category": "MalformedInput", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Empty Content-Length value must be rejected", "scored": true, "durationMs": 50.4228, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: \r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:24 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-CL-TAB-BEFORE-VALUE", "description": "Content-Length with tab as OWS \u2014 valid per RFC but unusual", "category": "MalformedInput", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with tab as OWS \u2014 valid per RFC but unusual", "scored": true, "durationMs": 50.5968, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length:\t5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:24 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "MAL-URL-BACKSLASH", "description": "Backslash in URL path \u2014 not valid URI character, some servers normalize to /", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 404, "expected": "400 or 2xx/404", "got": "404", "connectionState": "Open", "reason": "Backslash in URL path \u2014 not valid URI character, some servers normalize to /", "scored": true, "durationMs": 50.4421, "rawRequest": "GET /path\\file HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nContent-Length: 0\r\nDate: Thu, 12 Feb 2026 21:06:24 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-URL-OVERLONG-UTF8", "description": "Overlong UTF-8 encoding of / (0xC0 0xAF) in URL must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Overlong UTF-8 encoding of / (0xC0 0xAF) in URL must be rejected", "scored": true, "durationMs": 50.4549, "rawRequest": "GET /?? HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:24 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-URL-PERCENT-NULL", "description": "Percent-encoded NUL byte (%00) in URL \u2014 security risk from null byte injection", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx/404", "got": "400", "connectionState": "ClosedByServer", "reason": "Percent-encoded NUL byte (%00) in URL \u2014 security risk from null byte injection", "scored": true, "durationMs": 50.5505, "rawRequest": "GET /path%00.html HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:24 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-URL-PERCENT-CRLF", "description": "Percent-encoded CRLF (%0d%0a) in URL \u2014 header injection if server decodes during parsing", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 404, "expected": "400 or 2xx/404", "got": "404", "connectionState": "Open", "reason": "Percent-encoded CRLF (%0d%0a) in URL \u2014 header injection if server decodes during parsing", "scored": true, "durationMs": 50.5531, "rawRequest": "GET /path%0d%0aX-Injected:%20true HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nContent-Length: 0\r\nDate: Thu, 12 Feb 2026 21:06:24 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-CHUNK-EXT-64K", "description": "64KB chunk extension \u2014 tests extension length limits (CVE-2023-39326 class)", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "64KB chunk extension \u2014 tests extension length limits (CVE-2023-39326 class)", "scored": true, "durationMs": 50.9734, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;ext=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:24 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "MAL-RANGE-OVERLAPPING", "description": "1000 overlapping Range values \u2014 resource exhaustion vector (CVE-2011-3192 class)", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "200/206/400/416", "got": "200", "connectionState": "Open", "reason": "1000 overlapping Range values \u2014 resource exhaustion vector (CVE-2011-3192 class)", "scored": false, "durationMs": 51.4104, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nRange: bytes=0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:06:24 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-POST-CL-HUGE-NO-BODY", "description": "POST with Content-Length: 999999999 but no body \u2014 tests timeout vs memory allocation", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 413, "expected": "400/close/timeout", "got": "413", "connectionState": "ClosedByServer", "reason": "POST with Content-Length: 999999999 but no body \u2014 tests timeout vs memory allocation", "scored": true, "durationMs": 51.0306, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 999999999\r\n\r\n", "rawResponse": "HTTP/1.1 413 Payload Too Large\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:06:24 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}], "name": "ASP.NET Minimal", "language": "C#"}, {"summary": {"total": 143, "scored": 125, "passed": 37, "failed": 61, "warnings": 27, "unscored": 18}, "results": [{"id": "COMP-BASELINE", "description": "Valid GET request \u2014 confirms server is reachable", "category": "Compliance", "rfc": null, "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid GET request \u2014 confirms server is reachable", "scored": true, "durationMs": 64.3781, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:46 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-2.2-BARE-LF-REQUEST-LINE", "description": "Bare LF in request line should be rejected, but MAY be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or close (pass), 2xx (warn)", "got": "200", "connectionState": "Open", "reason": "Bare LF in request line should be rejected, but MAY be accepted", "scored": true, "durationMs": 50.7735, "rawRequest": "GET / HTTP/1.1\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:46 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": null}, {"id": "RFC9112-2.2-BARE-LF-HEADER", "description": "Bare LF in header should be rejected, but MAY be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or close (pass), 2xx (warn)", "got": "200", "connectionState": "Open", "reason": "Bare LF in header should be rejected, but MAY be accepted", "scored": true, "durationMs": 50.6053, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\nX-Test: value\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:46 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": null}, {"id": "RFC9112-5.1-OBS-FOLD", "description": "Obs-fold (line folding) in headers should be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75.1", "verdict": "Fail", "statusCode": null, "expected": "400", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "Expected 400, got ClosedByServer \u2014 Obs-fold (line folding) in headers should be rejected", "scored": true, "durationMs": 0.3113, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: value\r\n continued\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "RFC9110-5.6.2-SP-BEFORE-COLON", "description": "Whitespace between header name and colon must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "Open", "reason": "Expected 400, got 200 \u2014 Whitespace between header name and colon must be rejected", "scored": true, "durationMs": 50.4123, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test : value\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:46 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": null}, {"id": "RFC9112-3-MULTI-SP-REQUEST-LINE", "description": "Multiple spaces between request-line components \u2014 SHOULD reject but MAY parse leniently", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": null, "expected": "400 or 2xx", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "Multiple spaces between request-line components \u2014 SHOULD reject but MAY parse leniently", "scored": true, "durationMs": 0.3401, "rawRequest": "GET  / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "RFC9112-7.1-MISSING-HOST", "description": "Request without Host header must be rejected with 400", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": null, "expected": "400", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "Expected 400, got ClosedByServer \u2014 Request without Host header must be rejected with 400", "scored": true, "durationMs": 0.344, "rawRequest": "GET / HTTP/1.1\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "RFC9112-2.3-INVALID-VERSION", "description": "Invalid HTTP version must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Fail", "statusCode": 200, "expected": "400/505 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400/505 or close, got 200 \u2014 Invalid HTTP version must be rejected", "scored": true, "durationMs": 50.5644, "rawRequest": "GET / HTTP/9.9\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/9.9 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:46 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n2\r\nOK\r\n", "behavioralNote": null}, {"id": "RFC9112-5-EMPTY-HEADER-NAME", "description": "Empty header name (leading colon) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "Empty header name (leading colon) must be rejected", "scored": true, "durationMs": 0.3423, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\n: empty-name\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "RFC9112-3-CR-ONLY-LINE-ENDING", "description": "CR without LF as line ending must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Fail", "statusCode": null, "expected": "400", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "Expected 400, got ClosedByServer \u2014 CR without LF as line ending must be rejected", "scored": true, "durationMs": 0.1922, "rawRequest": "GET / HTTP/1.1\rHost: localhost:8080\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "RFC9112-3-MISSING-TARGET", "description": "Request line with no target (space but no path) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "Request line with no target (space but no path) must be rejected", "scored": true, "durationMs": 0.0994, "rawRequest": "GET HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "RFC9112-3.2-FRAGMENT-IN-TARGET", "description": "Fragment (#) in request-target \u2014 not part of origin-form grammar", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Fragment (#) in request-target \u2014 not part of origin-form grammar", "scored": true, "durationMs": 51.1572, "rawRequest": "GET /path#frag HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:46 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": null}, {"id": "RFC9112-2.3-HTTP09-REQUEST", "description": "HTTP/0.9 request (no version) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "HTTP/0.9 request (no version) must be rejected", "scored": true, "durationMs": 0.284, "rawRequest": "GET /\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "RFC9112-5-INVALID-HEADER-NAME", "description": "Header name with invalid characters (brackets) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Header name with invalid characters (brackets) must be rejected", "scored": true, "durationMs": 50.4229, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nBad[Name: value\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:46 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": null}, {"id": "RFC9112-5-HEADER-NO-COLON", "description": "Header line without colon must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "Header line without colon must be rejected", "scored": true, "durationMs": 0.2881, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nNoColonHere\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "RFC9110-5.4-DUPLICATE-HOST", "description": "Duplicate Host headers with different values must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "Open", "reason": "Expected 400, got 200 \u2014 Duplicate Host headers with different values must be rejected", "scored": true, "durationMs": 50.6508, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nHost: other.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:46 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": null}, {"id": "RFC9112-6.1-CL-NON-NUMERIC", "description": "Non-numeric Content-Length must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Non-numeric Content-Length must be rejected", "scored": true, "durationMs": 51.2014, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: abc\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:46 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-6.1-CL-PLUS-SIGN", "description": "Content-Length with plus sign must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Content-Length with plus sign must be rejected", "scored": true, "durationMs": 51.7666, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: +5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:46 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n5\r\n", "behavioralNote": null}, {"id": "COMP-WHITESPACE-BEFORE-HEADERS", "description": "Whitespace before first header line must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "Whitespace before first header line must be rejected", "scored": true, "durationMs": 0.3487, "rawRequest": "GET / HTTP/1.1\r\n \r\nHost: localhost:8080\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-DUPLICATE-HOST-SAME", "description": "Duplicate Host headers with identical values must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "Open", "reason": "Expected 400, got 200 \u2014 Duplicate Host headers with identical values must be rejected", "scored": true, "durationMs": 50.6412, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:46 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n2\r\nOK\r\n", "behavioralNote": null}, {"id": "COMP-HOST-WITH-USERINFO", "description": "Host header with userinfo (user@host) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Host header with userinfo (user@host) must be rejected", "scored": true, "durationMs": 50.5834, "rawRequest": "GET / HTTP/1.1\r\nHost: user@localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:47 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-HOST-WITH-PATH", "description": "Host header with path component must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Host header with path component must be rejected", "scored": true, "durationMs": 50.6544, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080/path\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:47 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-ASTERISK-WITH-GET", "description": "Asterisk-form (*) request-target with GET must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.4", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "Asterisk-form (*) request-target with GET must be rejected", "scored": true, "durationMs": 0.8217, "rawRequest": "GET * HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-OPTIONS-STAR", "description": "OPTIONS * is the only valid asterisk-form request", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.4", "verdict": "Fail", "statusCode": null, "expected": "2xx", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "Expected 2xx, got ClosedByServer \u2014 OPTIONS * is the only valid asterisk-form request", "scored": true, "durationMs": 0.2103, "rawRequest": "OPTIONS * HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-UNKNOWN-TE-501", "description": "Unknown Transfer-Encoding without CL should be rejected with 501", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400/501 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400/501 or close, got 200 \u2014 Unknown Transfer-Encoding without CL should be rejected with 501", "scored": true, "durationMs": 50.7134, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: gzip\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:47 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-LEADING-CRLF", "description": "Leading CRLF before request-line \u2014 server may ignore per RFC", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Leading CRLF before request-line \u2014 server may ignore per RFC", "scored": true, "durationMs": 50.9592, "rawRequest": "\r\n\r\nGET / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:47 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-ABSOLUTE-FORM", "description": "Absolute-form request-target \u2014 server should accept per RFC", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Absolute-form request-target \u2014 server should accept per RFC", "scored": true, "durationMs": 50.8956, "rawRequest": "GET http://localhost:8080/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:47 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-METHOD-CASE", "description": "Lowercase method 'get' \u2014 methods are case-sensitive per RFC", "category": "Compliance", "rfc": "RFC 9110 \u00a79.1", "verdict": "Warn", "statusCode": 200, "expected": "400/405/501 or 2xx", "got": "200", "connectionState": "Open", "reason": "Lowercase method 'get' \u2014 methods are case-sensitive per RFC", "scored": true, "durationMs": 50.797, "rawRequest": "get / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:47 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-POST-CL-BODY", "description": "POST with Content-Length and matching body must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "POST with Content-Length and matching body must be accepted", "scored": true, "durationMs": 50.7784, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:47 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-POST-CL-ZERO", "description": "POST with Content-Length: 0 and no body must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "POST with Content-Length: 0 and no body must be accepted", "scored": true, "durationMs": 50.7095, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:47 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-POST-NO-CL-NO-TE", "description": "POST with neither Content-Length nor Transfer-Encoding \u2014 implicit zero-length body", "category": "Compliance", "rfc": "RFC 9112 \u00a76.3", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "POST with neither Content-Length nor Transfer-Encoding \u2014 implicit zero-length body", "scored": true, "durationMs": 50.7361, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:47 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-POST-CL-UNDERSEND", "description": "POST with Content-Length: 10 but only 5 bytes sent \u2014 incomplete body", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "POST with Content-Length: 10 but only 5 bytes sent \u2014 incomplete body", "scored": true, "durationMs": 5001.0906, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 10\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-CHUNKED-BODY", "description": "Valid single-chunk POST must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid single-chunk POST must be accepted", "scored": true, "durationMs": 50.7762, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:52 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-MULTI", "description": "Valid multi-chunk POST must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid multi-chunk POST must be accepted", "scored": true, "durationMs": 50.5748, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n6\r\n world\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:52 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-EMPTY", "description": "Zero-length chunked body (just terminator) must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "Zero-length chunked body (just terminator) must be accepted", "scored": true, "durationMs": 50.7801, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:52 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-NO-FINAL", "description": "Chunked body without zero terminator \u2014 incomplete transfer", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 200, "expected": "400/close/timeout", "got": "200", "connectionState": "Open", "reason": "Expected 400/close/timeout, got 200 \u2014 Chunked body without zero terminator \u2014 incomplete transfer", "scored": true, "durationMs": 51.0933, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:52 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-UPGRADE-POST", "description": "WebSocket upgrade via POST must not be accepted", "category": "Compliance", "rfc": "RFC 6455 \u00a74.1", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "WebSocket upgrade via POST must not be accepted", "scored": true, "durationMs": 50.8535, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 13\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:52 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": null}, {"id": "COMP-UPGRADE-MISSING-CONN", "description": "Upgrade header without Connection: Upgrade must not trigger protocol switch", "category": "Compliance", "rfc": "RFC 9110 \u00a77.8", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "Upgrade header without Connection: Upgrade must not trigger protocol switch", "scored": true, "durationMs": 50.7361, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 13\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:52 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-UPGRADE-UNKNOWN", "description": "Upgrade to unknown protocol must not return 101", "category": "Compliance", "rfc": "RFC 9110 \u00a77.8", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "Upgrade to unknown protocol must not return 101", "scored": true, "durationMs": 50.8169, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: totally-made-up/1.0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:52 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-METHOD-CONNECT", "description": "CONNECT to an origin server must be rejected", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.6", "verdict": "Pass", "statusCode": null, "expected": "400/405/501 or close", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "CONNECT to an origin server must be rejected", "scored": true, "durationMs": 0.3716, "rawRequest": "CONNECT example.com:443 HTTP/1.1\r\nHost: example.com:443\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-EXPECT-UNKNOWN", "description": "Unknown Expect value should be rejected with 417", "category": "Compliance", "rfc": "RFC 9110 \u00a710.1.1", "verdict": "Warn", "statusCode": 200, "expected": "417 or 2xx", "got": "200", "connectionState": "Open", "reason": "Unknown Expect value should be rejected with 417", "scored": true, "durationMs": 50.8932, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nExpect: 200-ok\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:52 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": null}, {"id": "COMP-GET-WITH-CL-BODY", "description": "GET with Content-Length and body \u2014 semantically unusual", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "GET with Content-Length and body \u2014 semantically unusual", "scored": false, "durationMs": 50.8532, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:52 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-EXTENSION", "description": "Chunk extension (valid per RFC) \u2014 server should accept or may reject", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx or 400", "got": "200", "connectionState": "Open", "reason": "Chunk extension (valid per RFC) \u2014 server should accept or may reject", "scored": true, "durationMs": 50.8891, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;ext=value\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:52 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": null}, {"id": "COMP-UPGRADE-INVALID-VER", "description": "WebSocket upgrade with unsupported version \u2014 should return 426", "category": "Compliance", "rfc": "RFC 6455 \u00a74.4", "verdict": "Warn", "statusCode": 200, "expected": "426 or 2xx", "got": "200", "connectionState": "Open", "reason": "WebSocket upgrade with unsupported version \u2014 should return 426", "scored": true, "durationMs": 50.8855, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 99\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:52 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": null}, {"id": "COMP-METHOD-TRACE", "description": "TRACE request \u2014 should be disabled in production", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.8", "verdict": "Warn", "statusCode": 200, "expected": "405/501 or 2xx", "got": "200", "connectionState": "Open", "reason": "TRACE request \u2014 should be disabled in production", "scored": false, "durationMs": 50.867, "rawRequest": "TRACE / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": null}, {"id": "COMP-HOST-EMPTY-VALUE", "description": "Empty Host header value must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "Empty Host header value must be rejected", "scored": true, "durationMs": 0.3747, "rawRequest": "GET / HTTP/1.1\r\nHost: \r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-REQUEST-LINE-TAB", "description": "Tab as request-line delimiter \u2014 SHOULD reject but MAY parse on whitespace", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": null, "expected": "400 or 2xx", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "Tab as request-line delimiter \u2014 SHOULD reject but MAY parse on whitespace", "scored": true, "durationMs": 0.1832, "rawRequest": "GET\t/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-VERSION-MISSING-MINOR", "description": "HTTP/1 with no minor version digit is invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "HTTP/1 with no minor version digit is invalid", "scored": true, "durationMs": 0.6986, "rawRequest": "GET / HTTP/1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-VERSION-LEADING-ZEROS", "description": "HTTP/01.01 \u2014 leading zeros in version digits are invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "HTTP/01.01 \u2014 leading zeros in version digits are invalid", "scored": true, "durationMs": 0.165, "rawRequest": "GET / HTTP/01.01\r\nHost: localhost:8080\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-VERSION-WHITESPACE", "description": "HTTP/ 1.1 \u2014 whitespace inside version token is invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "HTTP/ 1.1 \u2014 whitespace inside version token is invalid", "scored": true, "durationMs": 0.1544, "rawRequest": "GET / HTTP/ 1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-CONNECTION-CLOSE", "description": "Server must close connection after responding to Connection: close", "category": "Compliance", "rfc": "RFC 9112 \u00a79.3", "verdict": "Fail", "statusCode": 200, "expected": "2xx + close", "got": "200", "connectionState": "Open", "reason": "Expected 2xx + close, got 200 \u2014 Server must close connection after responding to Connection: close", "scored": true, "durationMs": 50.6109, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": null}, {"id": "COMP-HTTP10-DEFAULT-CLOSE", "description": "HTTP/1.0 without keep-alive \u2014 server should close connection after response", "category": "Compliance", "rfc": "RFC 9112 \u00a79.3", "verdict": "Warn", "statusCode": 200, "expected": "2xx + close", "got": "200", "connectionState": "Open", "reason": "HTTP/1.0 without keep-alive \u2014 server should close connection after response", "scored": true, "durationMs": 51.0971, "rawRequest": "GET / HTTP/1.0\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.0 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:53 GMT\r\nConnection: keep-alive\r\n\r\n???OK", "behavioralNote": null}, {"id": "COMP-HTTP10-NO-HOST", "description": "HTTP/1.0 without Host header \u2014 valid per HTTP/1.0", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Warn", "statusCode": 200, "expected": "200 or 400", "got": "200", "connectionState": "Open", "reason": "HTTP/1.0 without Host header \u2014 valid per HTTP/1.0", "scored": false, "durationMs": 55.6087, "rawRequest": "GET / HTTP/1.0\r\n\r\n", "rawResponse": "HTTP/1.0 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:53 GMT\r\nConnection: keep-alive\r\n\r\n???OK", "behavioralNote": null}, {"id": "COMP-HTTP12-VERSION", "description": "HTTP/1.2 \u2014 higher minor version should be accepted as HTTP/1.x compatible", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Warn", "statusCode": 200, "expected": "200 or 505", "got": "200", "connectionState": "Open", "reason": "HTTP/1.2 \u2014 higher minor version should be accepted as HTTP/1.x compatible", "scored": false, "durationMs": 50.6809, "rawRequest": "GET / HTTP/1.2\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.2 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-TRACE-WITH-BODY", "description": "TRACE with Content-Length body should be rejected", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.8", "verdict": "Warn", "statusCode": 200, "expected": "400/405 or 200", "got": "200", "connectionState": "Open", "reason": "TRACE with Content-Length body should be rejected", "scored": false, "durationMs": 50.7968, "rawRequest": "TRACE / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-TRAILER-VALID", "description": "Valid chunked body with trailer field should be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid chunked body with trailer field should be accepted", "scored": true, "durationMs": 50.7687, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nX-Checksum: abc\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": null}, {"id": "COMP-CHUNKED-HEX-UPPERCASE", "description": "Chunk size with uppercase hex (A = 10) should be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Chunk size with uppercase hex (A = 10) should be accepted", "scored": true, "durationMs": 50.7982, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\nA\r\nhelloworld\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-TE-BOTH", "description": "Both Content-Length and Transfer-Encoding present \u2014 server MAY reject or process with TE alone", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Both Content-Length and Transfer-Encoding present \u2014 server MAY reject or process with TE alone", "scored": true, "durationMs": 5001.1998, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 6\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-DUPLICATE-CL", "description": "Duplicate Content-Length with different values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Duplicate Content-Length with different values must be rejected", "scored": true, "durationMs": 51.4727, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nContent-Length: 10\r\n\r\nhelloworld", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:58 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\na\r\nhelloworld\r\n0\r\n\r\n", "behavioralNote": "Body: 3\r\n???\r\na\r\nhelloworld\r\n0"}, {"id": "SMUG-CL-LEADING-ZEROS", "description": "Content-Length with leading zeros \u2014 valid per 1*DIGIT grammar but may cause parser disagreement", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with leading zeros \u2014 valid per 1*DIGIT grammar but may cause parser disagreement", "scored": true, "durationMs": 50.7815, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 005\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:58 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n5\r\nhello", "behavioralNote": null}, {"id": "SMUG-TE-XCHUNKED", "description": "Transfer-Encoding: xchunked must not be treated as chunked", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding: xchunked must not be treated as chunked", "scored": true, "durationMs": 50.8256, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: xchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:58 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": "Body: 3\r\n???\r\n5\r\nhello\r\n0"}, {"id": "SMUG-TE-TRAILING-SPACE", "description": "Transfer-Encoding: 'chunked ' (trailing space) must not be treated as chunked", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding: 'chunked ' (trailing space) must not be treated as chunked", "scored": true, "durationMs": 50.7274, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked \r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:58 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": "Body: 3\r\n???\r\n5\r\nhello\r\n0"}, {"id": "SMUG-TE-SP-BEFORE-COLON", "description": "Transfer-Encoding with space before colon must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a75", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding with space before colon must be rejected", "scored": true, "durationMs": 50.7069, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding : chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:58 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": "Body: 3\r\n???\r\n5\r\nhello\r\n0"}, {"id": "SMUG-CL-NEGATIVE", "description": "Negative Content-Length must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "Negative Content-Length must be rejected", "scored": true, "durationMs": 0.244, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: -1\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CLTE-PIPELINE", "description": "CL.TE smuggling probe \u2014 follow-up should not receive smuggled response", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 CL.TE smuggling probe \u2014 follow-up should not receive smuggled response", "scored": true, "durationMs": 0.3495, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 4\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:06:58 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": null}, {"id": "SMUG-TECL-PIPELINE", "description": "TE.CL smuggling probe \u2014 TE: chunked + CL: 30 with pipelined GET", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or close, got TimedOut \u2014 TE.CL smuggling probe \u2014 TE: chunked + CL: 30 with pipelined GET", "scored": true, "durationMs": 5000.2989, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nContent-Length: 30\r\n\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CL-TRAILING-SPACE", "description": "Content-Length with trailing space \u2014 OWS trimming is valid per RFC 9110 \u00a75.5", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with trailing space \u2014 OWS trimming is valid per RFC 9110 \u00a75.5", "scored": true, "durationMs": 50.742, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5 \r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:03 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": null}, {"id": "SMUG-TE-DOUBLE-CHUNKED", "description": "Transfer-Encoding: chunked, chunked with CL is ambiguous", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer-Encoding: chunked, chunked with CL is ambiguous", "scored": true, "durationMs": 50.5914, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked, chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:03 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n5\r\n", "behavioralNote": "Body: 3\r\n???\r\n5"}, {"id": "SMUG-CL-EXTRA-LEADING-SP", "description": "Content-Length with extra leading whitespace (double space OWS)", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with extra leading whitespace (double space OWS)", "scored": true, "durationMs": 50.5761, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length:  5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:03 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": null}, {"id": "SMUG-TE-CASE-MISMATCH", "description": "Transfer-Encoding: Chunked (capital C) with CL \u2014 case-insensitive is valid", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer-Encoding: Chunked (capital C) with CL \u2014 case-insensitive is valid", "scored": true, "durationMs": 50.5102, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: Chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:03 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": "Body: 3\r\n???"}, {"id": "SMUG-CL-COMMA-DIFFERENT", "description": "Content-Length with comma-separated different values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Content-Length with comma-separated different values must be rejected", "scored": true, "durationMs": 50.3701, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5, 10\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:03 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-NOT-FINAL-CHUNKED", "description": "Transfer-Encoding where chunked is not final \u2014 server MUST respond with 400 (RFC 9112 \u00a76.3)", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.3", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding where chunked is not final \u2014 server MUST respond with 400 (RFC 9112 \u00a76.3)", "scored": true, "durationMs": 50.558, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked, gzip\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:03 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": null}, {"id": "SMUG-TE-HTTP10", "description": "Transfer-Encoding in HTTP/1.0 request must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding in HTTP/1.0 request must be rejected", "scored": true, "durationMs": 50.4028, "rawRequest": "POST / HTTP/1.0\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.0 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:04 GMT\r\nConnection: keep-alive\r\n\r\n???", "behavioralNote": "Body: ???"}, {"id": "SMUG-CHUNK-BARE-SEMICOLON", "description": "Chunk size with bare semicolon and no extension name must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Chunk size with bare semicolon and no extension name must be rejected", "scored": true, "durationMs": 50.4824, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:04 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-BARE-CR-HEADER-VALUE", "description": "Bare CR in header value must be rejected or replaced with SP", "category": "Smuggling", "rfc": "RFC 9112 \u00a72.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Bare CR in header value must be rejected or replaced with SP", "scored": true, "durationMs": 50.6682, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nX-Test: val\rue\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:04 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": null}, {"id": "SMUG-CL-OCTAL", "description": "Content-Length with octal prefix (0o5) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Content-Length with octal prefix (0o5) must be rejected", "scored": true, "durationMs": 50.6301, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0o5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:04 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-UNDERSCORE", "description": "Chunk size with underscores (1_0) must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Chunk size with underscores (1_0) must be rejected", "scored": true, "durationMs": 50.5703, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n1_0\r\nhello world!!!!!\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:04 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": null}, {"id": "SMUG-TE-EMPTY-VALUE", "description": "Transfer-Encoding with empty value must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding with empty value must be rejected", "scored": true, "durationMs": 50.6253, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:04 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n5\r\n", "behavioralNote": "Body: 3\r\n???\r\n5"}, {"id": "SMUG-TE-LEADING-COMMA", "description": "Transfer-Encoding with leading comma (, chunked) \u2014 RFC says empty list elements MUST be ignored", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.6.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer-Encoding with leading comma (, chunked) \u2014 RFC says empty list elements MUST be ignored", "scored": true, "durationMs": 50.666, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: , chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:04 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": "Body: 3\r\n???\r\n5\r\nhello\r\n0"}, {"id": "SMUG-TE-DUPLICATE-HEADERS", "description": "Two Transfer-Encoding headers with CL present \u2014 ambiguous framing", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Two Transfer-Encoding headers with CL present \u2014 ambiguous framing", "scored": true, "durationMs": 50.6127, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nTransfer-Encoding: identity\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:04 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": "Body: 3\r\n???\r\n5\r\nhello\r\n0"}, {"id": "SMUG-CHUNK-HEX-PREFIX", "description": "Chunk size with 0x prefix must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Chunk size with 0x prefix must be rejected", "scored": true, "durationMs": 50.7414, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n0x5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:04 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-HEX-PREFIX", "description": "Content-Length with hex prefix (0x5) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Content-Length with hex prefix (0x5) must be rejected", "scored": true, "durationMs": 50.8767, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0x5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:04 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": null}, {"id": "SMUG-CL-INTERNAL-SPACE", "description": "Content-Length with internal space (1 0) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Content-Length with internal space (1 0) must be rejected", "scored": true, "durationMs": 50.6687, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 1 0\r\n\r\nhello12345", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:04 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-LEADING-SP", "description": "Chunk size with leading space must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Chunk size with leading space must be rejected", "scored": true, "durationMs": 50.4005, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n 5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:04 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": null}, {"id": "SMUG-CHUNK-MISSING-TRAILING-CRLF", "description": "Chunk data without trailing CRLF must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Chunk data without trailing CRLF must be rejected", "scored": true, "durationMs": 50.5308, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:04 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-LF", "description": "Bare LF in chunk extension \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Bare LF in chunk extension \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 50.7621, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:04 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-SPILL", "description": "Chunk declares size 5 but sends 7 bytes \u2014 oversized chunk data must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Chunk declares size 5 but sends 7 bytes \u2014 oversized chunk data must be rejected", "scored": true, "durationMs": 50.6888, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello!!\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:04 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-LF-TERM", "description": "Bare LF as chunk data terminator \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Bare LF as chunk data terminator \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 50.7034, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:04 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-CTRL", "description": "NUL byte in chunk extension must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 NUL byte in chunk extension must be rejected", "scored": true, "durationMs": 50.576, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\u0000ext\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:04 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-CR", "description": "Bare CR (not CRLF) in chunk extension \u2014 some parsers treat CR alone as line ending", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Bare CR (not CRLF) in chunk extension \u2014 some parsers treat CR alone as line ending", "scored": true, "durationMs": 50.6333, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;a\rX\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:04 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": null}, {"id": "SMUG-TE-VTAB", "description": "Vertical tab before 'chunked' in TE value \u2014 control char obfuscation vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Vertical tab before 'chunked' in TE value \u2014 control char obfuscation vector", "scored": true, "durationMs": 49.6763, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \u000bchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:04 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": "Body: 3\r\n???"}, {"id": "SMUG-TE-FORMFEED", "description": "Form feed before 'chunked' in TE value \u2014 control char obfuscation vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Form feed before 'chunked' in TE value \u2014 control char obfuscation vector", "scored": true, "durationMs": 50.5281, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \fchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:04 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": "Body: 3\r\n???"}, {"id": "SMUG-TE-NULL", "description": "NUL byte appended to 'chunked' in TE value \u2014 C-string truncation attack", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 NUL byte appended to 'chunked' in TE value \u2014 C-string truncation attack", "scored": true, "durationMs": 50.8357, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\u0000\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:05 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": "Body: 3\r\n???"}, {"id": "SMUG-CHUNK-LF-TRAILER", "description": "Bare LF in chunked trailer termination \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Bare LF in chunked trailer termination \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 50.6658, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:05 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-IDENTITY", "description": "Transfer-Encoding: identity (deprecated) with CL must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding: identity (deprecated) with CL must be rejected", "scored": true, "durationMs": 50.4198, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: identity\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:05 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": "Body: 3\r\n???"}, {"id": "SMUG-CHUNK-NEGATIVE", "description": "Negative chunk size must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Negative chunk size must be rejected", "scored": true, "durationMs": 50.4041, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n-1\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:05 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": null}, {"id": "SMUG-TRANSFER_ENCODING", "description": "Transfer_Encoding (underscore) header with CL \u2014 not a valid header but some parsers accept", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer_Encoding (underscore) header with CL \u2014 not a valid header but some parsers accept", "scored": false, "durationMs": 50.8277, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer_Encoding: chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:05 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": "Body: 3\r\n???"}, {"id": "SMUG-CL-COMMA-SAME", "description": "Content-Length with comma-separated identical values \u2014 some servers merge", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with comma-separated identical values \u2014 some servers merge", "scored": false, "durationMs": 50.5174, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5, 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:05 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": null}, {"id": "SMUG-CHUNKED-WITH-PARAMS", "description": "Transfer-Encoding: chunked;ext=val \u2014 parameters on chunked encoding", "category": "Smuggling", "rfc": "RFC 9112 \u00a77", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer-Encoding: chunked;ext=val \u2014 parameters on chunked encoding", "scored": true, "durationMs": 50.6123, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked;ext=val\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:05 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": "Body: 3\r\n???\r\n5\r\nhello\r\n0"}, {"id": "SMUG-EXPECT-100-CL", "description": "Expect: 100-continue with Content-Length \u2014 server should send 100 then read body", "category": "Smuggling", "rfc": "RFC 9110 \u00a710.1.1", "verdict": "Fail", "statusCode": 100, "expected": "400 or 2xx", "got": "100", "connectionState": "Open", "reason": "Expected 400 or 2xx, got 100 \u2014 Expect: 100-continue with Content-Length \u2014 server should send 100 then read body", "scored": false, "durationMs": 50.5709, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nExpect: 100-continue\r\n\r\nhello", "rawResponse": "HTTP/1.1 100 Continue\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-CL", "description": "Content-Length in chunked trailers must be ignored \u2014 prohibited trailer field", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length in chunked trailers must be ignored \u2014 prohibited trailer field", "scored": false, "durationMs": 50.4987, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nContent-Length: 50\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:05 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": null}, {"id": "SMUG-TRAILER-TE", "description": "Transfer-Encoding in chunked trailers must be ignored \u2014 prohibited trailer field", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer-Encoding in chunked trailers must be ignored \u2014 prohibited trailer field", "scored": false, "durationMs": 50.5716, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nTransfer-Encoding: chunked\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:05 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-HOST", "description": "Host header in chunked trailers must not be used for routing", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Host header in chunked trailers must not be used for routing", "scored": false, "durationMs": 50.5196, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nHost: evil.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:05 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": null}, {"id": "SMUG-TRAILER-AUTH", "description": "Authorization header in chunked trailers \u2014 prohibited per RFC 9110 \u00a76.5.1", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Authorization header in chunked trailers \u2014 prohibited per RFC 9110 \u00a76.5.1", "scored": false, "durationMs": 50.5713, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nAuthorization: Bearer evil\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:05 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": null}, {"id": "SMUG-HEAD-CL-BODY", "description": "HEAD request with Content-Length and body \u2014 server must not leave body on connection", "category": "Smuggling", "rfc": "RFC 9110 \u00a79.3.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "HEAD request with Content-Length and body \u2014 server must not leave body on connection", "scored": false, "durationMs": 50.4708, "rawRequest": "HEAD / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:05 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": null}, {"id": "SMUG-OPTIONS-CL-BODY", "description": "OPTIONS with Content-Length and body \u2014 server should consume or reject body", "category": "Smuggling", "rfc": "RFC 9110 \u00a79.3.7", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "OPTIONS with Content-Length and body \u2014 server should consume or reject body", "scored": false, "durationMs": 50.5316, "rawRequest": "OPTIONS / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:05 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": null}, {"id": "SMUG-CL-UNDERSCORE", "description": "Content-Length with underscore digit separator (1_0) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Content-Length with underscore digit separator (1_0) must be rejected", "scored": true, "durationMs": 50.3814, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 1_0\r\n\r\nhelloworld", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:05 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": null}, {"id": "SMUG-CL-NEGATIVE-ZERO", "description": "Content-Length: -0 must be rejected \u2014 not valid 1*DIGIT", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Content-Length: -0 must be rejected \u2014 not valid 1*DIGIT", "scored": true, "durationMs": 50.4307, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: -0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:05 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": null}, {"id": "SMUG-CL-DOUBLE-ZERO", "description": "Content-Length: 00 \u2014 matches 1*DIGIT but leading zero ambiguity", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length: 00 \u2014 matches 1*DIGIT but leading zero ambiguity", "scored": true, "durationMs": 50.4829, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 00\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:05 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": null}, {"id": "SMUG-CL-LEADING-ZEROS-OCTAL", "description": "Content-Length: 0200 \u2014 octal 128 vs decimal 200, parser disagreement vector", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length: 0200 \u2014 octal 128 vs decimal 200, parser disagreement vector", "scored": true, "durationMs": 50.5981, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0200\r\n\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:05 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": null}, {"id": "SMUG-TE-OBS-FOLD", "description": "Transfer-Encoding with obs-fold line wrapping must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a75.1", "verdict": "Fail", "statusCode": null, "expected": "400", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "Expected 400, got ClosedByServer \u2014 Transfer-Encoding with obs-fold line wrapping must be rejected", "scored": true, "durationMs": 0.2049, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding:\r\n chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-TRAILING-COMMA", "description": "Transfer-Encoding: chunked, \u2014 trailing comma produces empty list element", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.6.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer-Encoding: chunked, \u2014 trailing comma produces empty list element", "scored": true, "durationMs": 50.4725, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked,\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:05 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": "Body: 3\r\n???"}, {"id": "SMUG-TE-TAB-BEFORE-VALUE", "description": "Transfer-Encoding with tab as OWS before value", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer-Encoding with tab as OWS before value", "scored": false, "durationMs": 50.6371, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding:\tchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:05 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": "Body: 3\r\n???"}, {"id": "SMUG-ABSOLUTE-URI-HOST-MISMATCH", "description": "Absolute-form URI with different Host header \u2014 routing confusion vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a73.2.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Absolute-form URI with different Host header \u2014 routing confusion vector", "scored": false, "durationMs": 50.5973, "rawRequest": "GET http://other.example.com/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:06 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-MULTIPLE-HOST-COMMA", "description": "Host header with comma-separated values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a77.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Host header with comma-separated values must be rejected", "scored": true, "durationMs": 50.511, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080, other.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:06 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-BARE-CR-TERM", "description": "Chunk size line terminated by bare CR \u2014 not a valid line terminator", "category": "Smuggling", "rfc": "RFC 9112 \u00a72.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Chunk size line terminated by bare CR \u2014 not a valid line terminator", "scored": true, "durationMs": 50.4016, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\rhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:06 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": null}, {"id": "SMUG-TRAILER-CONTENT-TYPE", "description": "Content-Type in chunked trailer \u2014 prohibited per RFC 9110 \u00a76.5.1", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Type in chunked trailer \u2014 prohibited per RFC 9110 \u00a76.5.1", "scored": false, "durationMs": 50.6072, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nContent-Type: text/evil\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:06 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-BINARY-GARBAGE", "description": "Random binary garbage should be rejected or connection closed", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "Random binary garbage should be rejected or connection closed", "scored": true, "durationMs": 0.5196, "rawRequest": ">\u0017???\u0004?;???V???:o?M%U\u0017]?n?\t\u0014W??6??(\u000b??\u0007???p??\u0005\tngk??\rF?'??'\"?????g?\u001a?????rvc??7i??????)??\u0000Q?????\u000eq\u0005-~????>B??u?8???`\u000b?J\u0017>?\u001d?b?\t???T5{\n????\u0006t|????\u0018\u0010?D??\u0015'????dQ%5w\tN K???\r?\u0011????D?\u0003I?(?\u0011??\r?\u001bi?L???\u0005?kg4Ze\f6??\"QT><<`\u0007u\f????=1?jMah\u0012??+?-??J\u001cP??\u001d?7?,???j2\u0014????(", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-LONG-URL", "description": "100KB URL should be rejected with 414 URI Too Long", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400/414/431 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400/414/431 or close, got 200 \u2014 100KB URL should be rejected with 414 URI Too Long", "scored": true, "durationMs": 52.0159, "rawRequest": "GET /AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:06 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-LONG-HEADER-VALUE", "description": "100KB header value should be rejected with 431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/431 or close", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "100KB header value should be rejected with 431", "scored": true, "durationMs": 0.4432, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Big: BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-MANY-HEADERS", "description": "10,000 headers should be rejected with 431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/431 or close", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "10,000 headers should be rejected with 431", "scored": true, "durationMs": 1.768, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-H-0: value\r\nX-H-1: value\r\nX-H-2: value\r\nX-H-3: value\r\nX-H-4: value\r\nX-H-5: value\r\nX-H-6: value\r\nX-H-7: value\r\nX-H-8: value\r\nX-H-9: value\r\nX-H-10: value\r\nX-H-11: value\r\nX-H-12: value\r\nX-H-13: value\r\nX-H-14: value\r\nX-H-15: value\r\nX-H-16: value\r\nX-H-17: value\r\nX-H-18: value\r\nX-H-19: value\r\nX-H-20: value\r\nX-H-21: value\r\nX-H-22: value\r\nX-H-23: value\r\nX-H-24: value\r\nX-H-25: value\r\nX-H-26: value\r\nX-H-27: value\r\nX-H-28: value\r\nX-H-29: value\r\nX-H-30: value\r\nX-H-31: value\r\nX-H-32: value\r\nX-H-33: value\r\nX-H-34: value\r\nX-H-35: value\r\nX-H-36: value\r\nX-H-37: value\r\nX-H-38: value\r\nX-H-39: value\r\nX-H-40: value\r\nX-H-41: value\r\nX-H-42: value\r\nX-H-43: value\r\nX-H-44: value\r\nX-H-45: value\r\nX-H-46: value\r\nX-H-47: value\r\nX-H-48: value\r\nX-H-49: value\r\nX-H-50: value\r\nX-H-51: value\r\nX-H-52: value\r\nX-H-53: value\r\nX-H-54: value\r\nX-H-55: value\r\nX-H-56: value\r\nX-H-57: value\r\nX-H-58: value\r\nX-H-59: value\r\nX-H-60: value\r\nX-H-61: value\r\nX-H-62: value\r\nX-H-63: value\r\nX-H-64: value\r\nX-H-65: value\r\nX-H-66: value\r\nX-H-67: value\r\nX-H-68: value\r\nX-H-69: value\r\nX-H-70: value\r\nX-H-71: value\r\nX-H-72: value\r\nX-H-73: value\r\nX-H-74: value\r\nX-H-75: value\r\nX-H-76: value\r\nX-H-77: value\r\nX-H-78: value\r\nX-H-79: value\r\nX-H-80: value\r\nX-H-81: value\r\nX-H-82: value\r\nX-H-83: value\r\nX-H-84: value\r\nX-H-85: value\r\nX-H-86: value\r\nX-H-87: value\r\nX-H-88: value\r\nX-H-89: value\r\nX-H-90: value\r\nX-H-91: value\r\nX-H-92: value\r\nX-H-93: value\r\nX-H-94: value\r\nX-H-95: value\r\nX-H-96: value\r\nX-H-97: value\r\nX-H-98: value\r\nX-H-99: value\r\nX-H-100: value\r\nX-H-101: value\r\nX-H-102: value\r\nX-H-103: value\r\nX-H-104: value\r\nX-H-105: value\r\nX-H-106: value\r\nX-H-107: value\r\nX-H-108: value\r\nX-H-109: value\r\nX-H-110: value\r\nX-H-111: value\r\nX-H-112: value\r\nX-H-113: value\r\nX-H-114: value\r\nX-H-115: value\r\nX-H-116: value\r\nX-H-117: value\r\nX-H-118: value\r\nX-H-119: value\r\nX-H-120: value\r\nX-H-121: value\r\nX-H-122: value\r\nX-H-123: value\r\nX-H-124: value\r\nX-H-125: value\r\nX-H-126: value\r\nX-H-127: value\r\nX-H-128: value\r\nX-H-129: value\r\nX-H-130: value\r\nX-H-131: value\r\nX-H-132: value\r\nX-H-133: value\r\nX-H-134: value\r\nX-H-135: value\r\nX-H-136: value\r\nX-H-137: value\r\nX-H-138: value\r\nX-H-139: value\r\nX-H-140: value\r\nX-H-141: value\r\nX-H-142: value\r\nX-H-143: value\r\nX-H-144: value\r\nX-H-145: value\r\nX-H-146: value\r\nX-H-147: value\r\nX-H-148: value\r\nX-H-149: value\r\nX-H-150: value\r\nX-H-151: value\r\nX-H-152: value\r\nX-H-153: value\r\nX-H-154: value\r\nX-H-155: value\r\nX-H-156: value\r\nX-H-157: value\r\nX-H-158: value\r\nX-H-159: value\r\nX-H-160: value\r\nX-H-161: value\r\nX-H-162: value\r\nX-H-163: value\r\nX-H-164: value\r\nX-H-165: value\r\nX-H-166: value\r\nX-H-167: value\r\nX-H-168: value\r\nX-H-169: value\r\nX-H-170: value\r\nX-H-171: value\r\nX-H-172: value\r\nX-H-173: value\r\nX-H-174: value\r\nX-H-175: value\r\nX-H-176: value\r\nX-H-177: value\r\nX-H-178: value\r\nX-H-179: value\r\nX-H-180: value\r\nX-H-181: value\r\nX-H-182: value\r\nX-H-183: value\r\nX-H-184: value\r\nX-H-185: value\r\nX-H-186: value\r\nX-H-187: value\r\nX-H-188: value\r\nX-H-189: value\r\nX-H-190: value\r\nX-H-191: value\r\nX-H-192: value\r\nX-H-193: value\r\nX-H-194: value\r\nX-H-195: value\r\nX-H-196: value\r\nX-H-197: value\r\nX-H-198: value\r\nX-H-199: value\r\nX-H-200: value\r\nX-H-201: value\r\nX-H-202: value\r\nX-H-203: value\r\nX-H-204: value\r\nX-H-205: value\r\nX-H-206: value\r\nX-H-207: value\r\nX-H-208: value\r\nX-H-209: value\r\nX-H-210: value\r\nX-H-211: value\r\nX-H-212: value\r\nX-H-213: value\r\nX-H-214: value\r\nX-H-215: value\r\nX-H-216: value\r\nX-H-217: value\r\nX-H-218: value\r\nX-H-219: value\r\nX-H-220: value\r\nX-H-221: value\r\nX-H-222: value\r\nX-H-223: value\r\nX-H-224: value\r\nX-H-225: value\r\nX-H-226: value\r\nX-H-227: value\r\nX-H-228: value\r\nX-H-229: value\r\nX-H-230: value\r\nX-H-231: value\r\nX-H-232: value\r\nX-H-233: value\r\nX-H-234: value\r\nX-H-235: value\r\nX-H-236: value\r\nX-H-237: value\r\nX-H-238: value\r\nX-H-239: value\r\nX-H-240: value\r\nX-H-241: value\r\nX-H-242: value\r\nX-H-243: value\r\nX-H-244: value\r\nX-H-245: value\r\nX-H-246: value\r\nX-H-247: value\r\nX-H-248: value\r\nX-H-249: value\r\nX-H-250: value\r\nX-H-251: value\r\nX-H-252: value\r\nX-H-253: value\r\nX-H-254: value\r\nX-H-255: value\r\nX-H-256: value\r\nX-H-257: value\r\nX-H-258: value\r\nX-H-259: value\r\nX-H-260: value\r\nX-H-261: value\r\nX-H-262: value\r\nX-H-263: value\r\nX-H-264: value\r\nX-H-265: value\r\nX-H-266: value\r\nX-H-267: value\r\nX-H-268: value\r\nX-H-269: value\r\nX-H-270: value\r\nX-H-271: value\r\nX-H-272: value\r\nX-H-273: value\r\nX-H-274: value\r\nX-H-275: value\r\nX-H-276: value\r\nX-H-277: value\r\nX-H-278: value\r\nX-H-279: value\r\nX-H-280: value\r\nX-H-281: value\r\nX-H-282: value\r\nX-H-283: value\r\nX-H-284: value\r\nX-H-285: value\r\nX-H-286: value\r\nX-H-287: value\r\nX-H-288: value\r\nX-H-289: value\r\nX-H-290: value\r\nX-H-291: value\r\nX-H-292: value\r\nX-H-293: value\r\nX-H-294: value\r\nX-H-295: value\r\nX-H-296: value\r\nX-H-297: value\r\nX-H-298: value\r\nX-H-299: value\r\nX-H-300: value\r\nX-H-301: value\r\nX-H-302: value\r\nX-H-303: value\r\nX-H-304: value\r\nX-H-305: value\r\nX-H-306: value\r\nX-H-307: value\r\nX-H-308: value\r\nX-H-309: value\r\nX-H-310: value\r\nX-H-311: value\r\nX-H-312: value\r\nX-H-313: value\r\nX-H-314: value\r\nX-H-315: value\r\nX-H-316: value\r\nX-H-317: value\r\nX-H-318: value\r\nX-H-319: value\r\nX-H-320: value\r\nX-H-321: value\r\nX-H-322: value\r\nX-H-323: value\r\nX-H-324: value\r\nX-H-325: value\r\nX-H-326: value\r\nX-H-327: value\r\nX-H-328: value\r\nX-H-329: value\r\nX-H-330: value\r\nX-H-331: value\r\nX-H-332: value\r\nX-H-333: value\r\nX-H-334: value\r\nX-H-335: value\r\nX-H-336: value\r\nX-H-337: value\r\nX-H-338: value\r\nX-H-339: value\r\nX-H-340: value\r\nX-H-341: value\r\nX-H-342: value\r\nX-H-343: value\r\nX-H-344: value\r\nX-H-345: value\r\nX-H-346: value\r\nX-H-347: value\r\nX-H-348: value\r\nX-H-349: value\r\nX-H-350: value\r\nX-H-351: value\r\nX-H-352: value\r\nX-H-353: value\r\nX-H-354: value\r\nX-H-355: value\r\nX-H-356: value\r\nX-H-357: value\r\nX-H-358: value\r\nX-H-359: value\r\nX-H-360: value\r\nX-H-361: value\r\nX-H-362: value\r\nX-H-363: value\r\nX-H-364: value\r\nX-H-365: value\r\nX-H-366: value\r\nX-H-367: value\r\nX-H-368: value\r\nX-H-369: value\r\nX-H-370: value\r\nX-H-371: value\r\nX-H-372: value\r\nX-H-373: value\r\nX-H-374: value\r\nX-H-375: value\r\nX-H-376: value\r\nX-H-377: value\r\nX-H-378: value\r\nX-H-379: value\r\nX-H-380: value\r\nX-H-381: value\r\nX-H-382: value\r\nX-H-383: value\r\nX-H-384: value\r\nX-H-385: value\r\nX-H-386: value\r\nX-H-387: value\r\nX-H-388: value\r\nX-H-389: value\r\nX-H-390: value\r\nX-H-391: value\r\nX-H-392: value\r\nX-H-393: value\r\nX-H-394: value\r\nX-H-395: value\r\nX-H-396: value\r\nX-H-397: value\r\nX-H-398: value\r\nX-H-399: value\r\nX-H-400: value\r\nX-H-401: value\r\nX-H-402: value\r\nX-H-403: value\r\nX-H-404: value\r\nX-H-405: value\r\nX-H-406: value\r\nX-H-407: value\r\nX-H-408: value\r\nX-H-409: value\r\nX-H-410: value\r\nX-H-411: value\r\nX-H-412: value\r\nX-H-413: value\r\nX-H-414: value\r\nX-H-415: value\r\nX-H-416: value\r\nX-H-417: value\r\nX-H-418: value\r\nX-H-419: value\r\nX-H-420: value\r\nX-H-421: value\r\nX-H-422: value\r\nX-H-423: value\r\nX-H-424: value\r\nX-H-425: value\r\nX-H-426: value\r\nX-H-427: value\r\nX-H-428: value\r\nX-H-429: value\r\nX-H-430: value\r\nX-H-431: value\r\nX-H-432: value\r\nX-H-433: value\r\nX-H-434: value\r\nX-H-435: value\r\nX-H-436: value\r\nX-H-437: value\r\nX-H-438: value\r\nX-H-439: value\r\nX-H-440: value\r\nX-H-441: value\r\nX-H-442: value\r\nX-H-443: value\r\nX-H-444: value\r\nX-H-445: value\r\nX-H-446: value\r\nX-H-447: value\r\nX-H-448: value\r\nX-H-449: value\r\nX-H-450: value\r\nX-H-451: value\r\nX-H-452: value\r\nX-H-453: value\r\nX-H-454: value\r\nX-H-455: value\r\nX-H-456: value\r\nX-H-457: value\r\nX-H-458: value\r\nX-H-459: value\r\nX-H-460: value\r\nX-H-461: value\r\nX-H-462: value\r\nX-H-463: value\r\nX-H-464: value\r\nX-H-465: value\r\nX-H-466: value\r\nX-H-467: value\r\nX-H-468: value\r\nX-H-469: value\r\nX-H-470: value\r\nX-H-471: value\r\nX-H-472: value\r\nX-H-473: value\r\nX-H-474: value\r\nX-H-475: value\r\nX-H-476: value\r\nX-H-477: value\r\nX-H-478: value\r\nX-H-479: value\r\nX-H-480: value\r\nX-H-481: value\r\nX-H-482: value\r\nX-H-483: value\r\nX-H-484: value\r\nX-H-485: value\r\nX-H-486: value\r\nX-H-487: value\r\nX-H-488: value\r\nX-H-489: value\r\nX-H-490: value\r\nX-H-491: value\r\nX-H-492: value\r\nX-H-493: value\r\nX-H-494: value\r\nX-H-495: value\r\nX-H-496: value\r\nX-H-497: value\r\nX-H-498: value\r\nX-H-499: value\r\nX-H-500: value\r\nX-H-501: value\r\nX-H-502: value\r\nX-H-503: value\r\nX-H-504: value\r\nX-H-505: value\r\nX-H-506: value\r\nX-H-507: value\r\nX-H-508: value\r\nX-H-509: value\r\nX-H-510: value\r\nX-H-511: value\r\nX-H-512: value\r\nX-H-513: value\r\nX-H-514: value\r\nX-H-515: value\r\nX-H-516:", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-NUL-IN-URL", "description": "NUL byte in URL should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 NUL byte in URL should be rejected", "scored": true, "durationMs": 50.5345, "rawRequest": "GET /\u0000test HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:06 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": null}, {"id": "MAL-CONTROL-CHARS-HEADER", "description": "Control characters in header value should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Control characters in header value should be rejected", "scored": true, "durationMs": 50.4417, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: abc\u0007\b?f\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:06 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": null}, {"id": "MAL-INCOMPLETE-REQUEST", "description": "Partial HTTP request \u2014 request-line and headers but no final CRLF", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Partial HTTP request \u2014 request-line and headers but no final CRLF", "scored": true, "durationMs": 5001.145, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: value", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-EMPTY-REQUEST", "description": "Zero bytes \u2014 TCP connection established without sending any data", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Zero bytes \u2014 TCP connection established without sending any data", "scored": true, "durationMs": 5000.2467, "rawRequest": "", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-LONG-HEADER-NAME", "description": "100KB header name should be rejected with 400/431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/431 or close", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "100KB header name should be rejected with 400/431", "scored": true, "durationMs": 0.4604, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-LONG-METHOD", "description": "100KB method name should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 100KB method name should be rejected", "scored": true, "durationMs": 51.4514, "rawRequest": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:16 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n2\r\nOK", "behavioralNote": null}, {"id": "MAL-NON-ASCII-HEADER-NAME", "description": "Non-ASCII bytes (UTF-8 \u00eb) in header name must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Non-ASCII bytes (UTF-8 \u00eb) in header name must be rejected", "scored": true, "durationMs": 50.5193, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-T??st: value\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:16 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": null}, {"id": "MAL-NON-ASCII-URL", "description": "Non-ASCII bytes (UTF-8 \u00e9) in URL must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Non-ASCII bytes (UTF-8 \u00e9) in URL must be rejected", "scored": true, "durationMs": 50.6458, "rawRequest": "GET /caf?? HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:16 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": null}, {"id": "MAL-CL-OVERFLOW", "description": "Content-Length with integer overflow value must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Content-Length with integer overflow value must be rejected", "scored": true, "durationMs": 50.3615, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 99999999999999999999\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:16 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": null}, {"id": "MAL-WHITESPACE-ONLY-LINE", "description": "Whitespace-only request line should be rejected or timeout", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "Whitespace-only request line should be rejected or timeout", "scored": true, "durationMs": 0.2699, "rawRequest": "   \r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-NUL-IN-HEADER-VALUE", "description": "NUL byte in header value should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 NUL byte in header value should be rejected", "scored": true, "durationMs": 50.3026, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: val\u0000ue\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:16 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": null}, {"id": "MAL-CHUNK-SIZE-OVERFLOW", "description": "Chunk size with integer overflow must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Chunk size with integer overflow must be rejected", "scored": true, "durationMs": 50.3949, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\nFFFFFFFFFFFFFFFF0\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:16 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": null}, {"id": "MAL-H2-PREFACE", "description": "HTTP/2 connection preface sent to HTTP/1.1 server must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/505/close/timeout", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "HTTP/2 connection preface sent to HTTP/1.1 server must be rejected", "scored": true, "durationMs": 0.2355, "rawRequest": "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-CL-EMPTY", "description": "Empty Content-Length value must be rejected", "category": "MalformedInput", "rfc": "RFC 9110 \u00a78.6", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Empty Content-Length value must be rejected", "scored": true, "durationMs": 50.26, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: \r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:16 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": null}, {"id": "MAL-CL-TAB-BEFORE-VALUE", "description": "Content-Length with tab as OWS \u2014 valid per RFC but unusual", "category": "MalformedInput", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with tab as OWS \u2014 valid per RFC but unusual", "scored": true, "durationMs": 50.5124, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length:\t5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:16 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": null}, {"id": "MAL-URL-BACKSLASH", "description": "Backslash in URL path \u2014 not valid URI character, some servers normalize to /", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx/404", "got": "200", "connectionState": "Open", "reason": "Backslash in URL path \u2014 not valid URI character, some servers normalize to /", "scored": true, "durationMs": 50.7833, "rawRequest": "GET /path\\file HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:16 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": null}, {"id": "MAL-URL-OVERLONG-UTF8", "description": "Overlong UTF-8 encoding of / (0xC0 0xAF) in URL must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Overlong UTF-8 encoding of / (0xC0 0xAF) in URL must be rejected", "scored": true, "durationMs": 50.3676, "rawRequest": "GET /?? HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:16 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": null}, {"id": "MAL-URL-PERCENT-NULL", "description": "Percent-encoded NUL byte (%00) in URL \u2014 security risk from null byte injection", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx/404", "got": "200", "connectionState": "Open", "reason": "Percent-encoded NUL byte (%00) in URL \u2014 security risk from null byte injection", "scored": true, "durationMs": 50.5167, "rawRequest": "GET /path%00.html HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:16 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": null}, {"id": "MAL-URL-PERCENT-CRLF", "description": "Percent-encoded CRLF (%0d%0a) in URL \u2014 header injection if server decodes during parsing", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx/404", "got": "200", "connectionState": "Open", "reason": "Percent-encoded CRLF (%0d%0a) in URL \u2014 header injection if server decodes during parsing", "scored": true, "durationMs": 50.8334, "rawRequest": "GET /path%0d%0aX-Injected:%20true HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:16 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": null}, {"id": "MAL-CHUNK-EXT-64K", "description": "64KB chunk extension \u2014 tests extension length limits (CVE-2023-39326 class)", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "64KB chunk extension \u2014 tests extension length limits (CVE-2023-39326 class)", "scored": true, "durationMs": 50.7678, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;ext=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:16 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???", "behavioralNote": null}, {"id": "MAL-RANGE-OVERLAPPING", "description": "1000 overlapping Range values \u2014 resource exhaustion vector (CVE-2011-3192 class)", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "200/206/400/416", "got": "200", "connectionState": "Open", "reason": "1000 overlapping Range values \u2014 resource exhaustion vector (CVE-2011-3192 class)", "scored": false, "durationMs": 50.4908, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nRange: bytes=0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nVary: Accept-Encoding\r\nContent-Encoding: identity\r\nContent-Type: text/plain; charset=utf-8\r\nServer: EmbedIO/3.5.2\r\nDate: Thu, 12 Feb 2026 21:07:17 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=15,max=100\r\n\r\n3\r\n???\r\n", "behavioralNote": null}, {"id": "MAL-POST-CL-HUGE-NO-BODY", "description": "POST with Content-Length: 999999999 but no body \u2014 tests timeout vs memory allocation", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "POST with Content-Length: 999999999 but no body \u2014 tests timeout vs memory allocation", "scored": true, "durationMs": 5001.0565, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 999999999\r\n\r\n", "rawResponse": null, "behavioralNote": null}], "name": "EmbedIO", "language": "C#"}, {"summary": {"total": 143, "scored": 125, "passed": 93, "failed": 14, "warnings": 18, "unscored": 18}, "results": [{"id": "COMP-BASELINE", "description": "Valid GET request \u2014 confirms server is reachable", "category": "Compliance", "rfc": null, "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid GET request \u2014 confirms server is reachable", "scored": true, "durationMs": 64.4801, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: application/json; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:24 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n4\r\n\"OK\"\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-2.2-BARE-LF-REQUEST-LINE", "description": "Bare LF in request line should be rejected, but MAY be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or close (pass), 2xx (warn)", "got": "200", "connectionState": "Open", "reason": "Bare LF in request line should be rejected, but MAY be accepted", "scored": true, "durationMs": 50.9708, "rawRequest": "GET / HTTP/1.1\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: application/json; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:24 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n4\r\n\"OK\"\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-2.2-BARE-LF-HEADER", "description": "Bare LF in header should be rejected, but MAY be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or close (pass), 2xx (warn)", "got": "200", "connectionState": "Open", "reason": "Bare LF in header should be rejected, but MAY be accepted", "scored": true, "durationMs": 52.2787, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\nX-Test: value\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: application/json; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:24 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n4\r\n\"OK\"\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-5.1-OBS-FOLD", "description": "Obs-fold (line folding) in headers should be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75.1", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Obs-fold (line folding) in headers should be rejected", "scored": true, "durationMs": 52.0217, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: value\r\n continued\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:25 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "RFC9110-5.6.2-SP-BEFORE-COLON", "description": "Whitespace between header name and colon must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Whitespace between header name and colon must be rejected", "scored": true, "durationMs": 50.7755, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test : value\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:25 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-3-MULTI-SP-REQUEST-LINE", "description": "Multiple spaces between request-line components \u2014 SHOULD reject but MAY parse leniently", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Multiple spaces between request-line components \u2014 SHOULD reject but MAY parse leniently", "scored": true, "durationMs": 50.8332, "rawRequest": "GET  / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:25 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-7.1-MISSING-HOST", "description": "Request without Host header must be rejected with 400", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Request without Host header must be rejected with 400", "scored": true, "durationMs": 50.8459, "rawRequest": "GET / HTTP/1.1\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:25 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-2.3-INVALID-VERSION", "description": "Invalid HTTP version must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 505, "expected": "400/505 or close", "got": "505", "connectionState": "ClosedByServer", "reason": "Invalid HTTP version must be rejected", "scored": true, "durationMs": 51.1186, "rawRequest": "GET / HTTP/9.9\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 505 HTTP Version Not Supported\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:25 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-5-EMPTY-HEADER-NAME", "description": "Empty header name (leading colon) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Empty header name (leading colon) must be rejected", "scored": true, "durationMs": 50.9291, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\n: empty-name\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:25 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-3-CR-ONLY-LINE-ENDING", "description": "CR without LF as line ending must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "CR without LF as line ending must be rejected", "scored": true, "durationMs": 50.8973, "rawRequest": "GET / HTTP/1.1\rHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:25 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-3-MISSING-TARGET", "description": "Request line with no target (space but no path) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Request line with no target (space but no path) must be rejected", "scored": true, "durationMs": 50.9172, "rawRequest": "GET HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:25 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-3.2-FRAGMENT-IN-TARGET", "description": "Fragment (#) in request-target \u2014 not part of origin-form grammar", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Fragment (#) in request-target \u2014 not part of origin-form grammar", "scored": true, "durationMs": 54.6011, "rawRequest": "GET /path#frag HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: application/json; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:25 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n4\r\n\"OK\"\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-2.3-HTTP09-REQUEST", "description": "HTTP/0.9 request (no version) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/0.9 request (no version) must be rejected", "scored": true, "durationMs": 50.7769, "rawRequest": "GET /\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:25 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-5-INVALID-HEADER-NAME", "description": "Header name with invalid characters (brackets) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Header name with invalid characters (brackets) must be rejected", "scored": true, "durationMs": 50.9095, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nBad[Name: value\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: application/json; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:25 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n4\r\n\"OK\"\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-5-HEADER-NO-COLON", "description": "Header line without colon must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Header line without colon must be rejected", "scored": true, "durationMs": 50.6241, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nNoColonHere\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:25 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "RFC9110-5.4-DUPLICATE-HOST", "description": "Duplicate Host headers with different values must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Duplicate Host headers with different values must be rejected", "scored": true, "durationMs": 50.7631, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nHost: other.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:25 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-6.1-CL-NON-NUMERIC", "description": "Non-numeric Content-Length must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Non-numeric Content-Length must be rejected", "scored": true, "durationMs": 51.0065, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: abc\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:25 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-6.1-CL-PLUS-SIGN", "description": "Content-Length with plus sign must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Content-Length with plus sign must be rejected", "scored": true, "durationMs": 52.608, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: +5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:25 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-WHITESPACE-BEFORE-HEADERS", "description": "Whitespace before first header line must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Whitespace before first header line must be rejected", "scored": true, "durationMs": 50.6225, "rawRequest": "GET / HTTP/1.1\r\n \r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:25 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "COMP-DUPLICATE-HOST-SAME", "description": "Duplicate Host headers with identical values must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Duplicate Host headers with identical values must be rejected", "scored": true, "durationMs": 50.579, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:25 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "COMP-HOST-WITH-USERINFO", "description": "Host header with userinfo (user@host) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Host header with userinfo (user@host) must be rejected", "scored": true, "durationMs": 50.6911, "rawRequest": "GET / HTTP/1.1\r\nHost: user@localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:25 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "COMP-HOST-WITH-PATH", "description": "Host header with path component must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Host header with path component must be rejected", "scored": true, "durationMs": 50.6017, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080/path\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:25 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "COMP-ASTERISK-WITH-GET", "description": "Asterisk-form (*) request-target with GET must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.4", "verdict": "Fail", "statusCode": 405, "expected": "400 or close", "got": "405", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 405 \u2014 Asterisk-form (*) request-target with GET must be rejected", "scored": true, "durationMs": 50.7305, "rawRequest": "GET * HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 405 Method Not Allowed\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:26 GMT\r\nServer: Kestrel\r\nAllow: OPTIONS\r\n\r\n", "behavioralNote": null}, {"id": "COMP-OPTIONS-STAR", "description": "OPTIONS * is the only valid asterisk-form request", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.4", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "OPTIONS * is the only valid asterisk-form request", "scored": true, "durationMs": 50.8757, "rawRequest": "OPTIONS * HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: application/json; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:26 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n4\r\n\"OK\"\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-UNKNOWN-TE-501", "description": "Unknown Transfer-Encoding without CL should be rejected with 501", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400/501 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Unknown Transfer-Encoding without CL should be rejected with 501", "scored": true, "durationMs": 50.641, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: gzip\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:26 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "COMP-LEADING-CRLF", "description": "Leading CRLF before request-line \u2014 server may ignore per RFC", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Leading CRLF before request-line \u2014 server may ignore per RFC", "scored": true, "durationMs": 51.386, "rawRequest": "\r\n\r\nGET / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: application/json; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:26 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n4\r\n\"OK\"\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-ABSOLUTE-FORM", "description": "Absolute-form request-target \u2014 server should accept per RFC", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Absolute-form request-target \u2014 server should accept per RFC", "scored": true, "durationMs": 51.9918, "rawRequest": "GET http://localhost:8080/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: application/json; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:26 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n4\r\n\"OK\"\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-METHOD-CASE", "description": "Lowercase method 'get' \u2014 methods are case-sensitive per RFC", "category": "Compliance", "rfc": "RFC 9110 \u00a79.1", "verdict": "Warn", "statusCode": 200, "expected": "400/405/501 or 2xx", "got": "200", "connectionState": "Open", "reason": "Lowercase method 'get' \u2014 methods are case-sensitive per RFC", "scored": true, "durationMs": 51.2473, "rawRequest": "get / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: application/json; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:26 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n4\r\n\"OK\"\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-POST-CL-BODY", "description": "POST with Content-Length and matching body must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "POST with Content-Length and matching body must be accepted", "scored": true, "durationMs": 50.6625, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:26 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-POST-CL-ZERO", "description": "POST with Content-Length: 0 and no body must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "POST with Content-Length: 0 and no body must be accepted", "scored": true, "durationMs": 50.8321, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:26 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "COMP-POST-NO-CL-NO-TE", "description": "POST with neither Content-Length nor Transfer-Encoding \u2014 implicit zero-length body", "category": "Compliance", "rfc": "RFC 9112 \u00a76.3", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "POST with neither Content-Length nor Transfer-Encoding \u2014 implicit zero-length body", "scored": true, "durationMs": 50.707, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:26 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "COMP-POST-CL-UNDERSEND", "description": "POST with Content-Length: 10 but only 5 bytes sent \u2014 incomplete body", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "POST with Content-Length: 10 but only 5 bytes sent \u2014 incomplete body", "scored": true, "durationMs": 5001.2158, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 10\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-CHUNKED-BODY", "description": "Valid single-chunk POST must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid single-chunk POST must be accepted", "scored": true, "durationMs": 51.777, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:31 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-CHUNKED-MULTI", "description": "Valid multi-chunk POST must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid multi-chunk POST must be accepted", "scored": true, "durationMs": 50.6944, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n6\r\n world\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:31 GMT\r\nServer: Kestrel\r\n\r\nhello world", "behavioralNote": null}, {"id": "COMP-CHUNKED-EMPTY", "description": "Zero-length chunked body (just terminator) must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "Zero-length chunked body (just terminator) must be accepted", "scored": true, "durationMs": 50.5012, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:31 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-NO-FINAL", "description": "Chunked body without zero terminator \u2014 incomplete transfer", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Chunked body without zero terminator \u2014 incomplete transfer", "scored": true, "durationMs": 5000.467, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-UPGRADE-POST", "description": "WebSocket upgrade via POST must not be accepted", "category": "Compliance", "rfc": "RFC 6455 \u00a74.1", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "WebSocket upgrade via POST must not be accepted", "scored": true, "durationMs": 50.9586, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 13\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:36 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "COMP-UPGRADE-MISSING-CONN", "description": "Upgrade header without Connection: Upgrade must not trigger protocol switch", "category": "Compliance", "rfc": "RFC 9110 \u00a77.8", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "Upgrade header without Connection: Upgrade must not trigger protocol switch", "scored": true, "durationMs": 50.8909, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 13\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: application/json; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:36 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n4\r\n\"OK\"\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-UPGRADE-UNKNOWN", "description": "Upgrade to unknown protocol must not return 101", "category": "Compliance", "rfc": "RFC 9110 \u00a77.8", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "Upgrade to unknown protocol must not return 101", "scored": true, "durationMs": 50.7161, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: totally-made-up/1.0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: application/json; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:36 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n4\r\n\"OK\"\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-METHOD-CONNECT", "description": "CONNECT to an origin server must be rejected", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.6", "verdict": "Fail", "statusCode": 200, "expected": "400/405/501 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400/405/501 or close, got 200 \u2014 CONNECT to an origin server must be rejected", "scored": true, "durationMs": 50.6353, "rawRequest": "CONNECT example.com:443 HTTP/1.1\r\nHost: example.com:443\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: application/json; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:36 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n4\r\n\"OK\"\r\n", "behavioralNote": null}, {"id": "COMP-EXPECT-UNKNOWN", "description": "Unknown Expect value should be rejected with 417", "category": "Compliance", "rfc": "RFC 9110 \u00a710.1.1", "verdict": "Warn", "statusCode": 200, "expected": "417 or 2xx", "got": "200", "connectionState": "Open", "reason": "Unknown Expect value should be rejected with 417", "scored": true, "durationMs": 50.6143, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nExpect: 200-ok\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: application/json; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:36 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n4\r\n\"OK\"\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-GET-WITH-CL-BODY", "description": "GET with Content-Length and body \u2014 semantically unusual", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "GET with Content-Length and body \u2014 semantically unusual", "scored": false, "durationMs": 50.7231, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: application/json; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:36 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n4\r\n\"OK\"\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-EXTENSION", "description": "Chunk extension (valid per RFC) \u2014 server should accept or may reject", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx or 400", "got": "200", "connectionState": "Open", "reason": "Chunk extension (valid per RFC) \u2014 server should accept or may reject", "scored": true, "durationMs": 51.0463, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;ext=value\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:36 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-UPGRADE-INVALID-VER", "description": "WebSocket upgrade with unsupported version \u2014 should return 426", "category": "Compliance", "rfc": "RFC 6455 \u00a74.4", "verdict": "Warn", "statusCode": 200, "expected": "426 or 2xx", "got": "200", "connectionState": "Open", "reason": "WebSocket upgrade with unsupported version \u2014 should return 426", "scored": true, "durationMs": 50.6648, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 99\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: application/json; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:36 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n4\r\n\"OK\"\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-METHOD-TRACE", "description": "TRACE request \u2014 should be disabled in production", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.8", "verdict": "Warn", "statusCode": 200, "expected": "405/501 or 2xx", "got": "200", "connectionState": "Open", "reason": "TRACE request \u2014 should be disabled in production", "scored": false, "durationMs": 49.9036, "rawRequest": "TRACE / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: application/json; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:37 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n4\r\n\"OK\"\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-HOST-EMPTY-VALUE", "description": "Empty Host header value must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Empty Host header value must be rejected", "scored": true, "durationMs": 50.7033, "rawRequest": "GET / HTTP/1.1\r\nHost: \r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: application/json; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:37 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n4\r\n\"OK\"\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-REQUEST-LINE-TAB", "description": "Tab as request-line delimiter \u2014 SHOULD reject but MAY parse on whitespace", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Tab as request-line delimiter \u2014 SHOULD reject but MAY parse on whitespace", "scored": true, "durationMs": 50.8671, "rawRequest": "GET\t/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:37 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "COMP-VERSION-MISSING-MINOR", "description": "HTTP/1 with no minor version digit is invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/1 with no minor version digit is invalid", "scored": true, "durationMs": 50.6103, "rawRequest": "GET / HTTP/1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:37 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "COMP-VERSION-LEADING-ZEROS", "description": "HTTP/01.01 \u2014 leading zeros in version digits are invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/01.01 \u2014 leading zeros in version digits are invalid", "scored": true, "durationMs": 50.6228, "rawRequest": "GET / HTTP/01.01\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:37 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "COMP-VERSION-WHITESPACE", "description": "HTTP/ 1.1 \u2014 whitespace inside version token is invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/ 1.1 \u2014 whitespace inside version token is invalid", "scored": true, "durationMs": 50.58, "rawRequest": "GET / HTTP/ 1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:37 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CONNECTION-CLOSE", "description": "Server must close connection after responding to Connection: close", "category": "Compliance", "rfc": "RFC 9112 \u00a79.3", "verdict": "Pass", "statusCode": 200, "expected": "2xx + close", "got": "200", "connectionState": "ClosedByServer", "reason": "Server must close connection after responding to Connection: close", "scored": true, "durationMs": 51.0132, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nConnection: close\r\nContent-Type: application/json; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:37 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n4\r\n\"OK\"\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-HTTP10-DEFAULT-CLOSE", "description": "HTTP/1.0 without keep-alive \u2014 server should close connection after response", "category": "Compliance", "rfc": "RFC 9112 \u00a79.3", "verdict": "Pass", "statusCode": 200, "expected": "2xx + close", "got": "200", "connectionState": "ClosedByServer", "reason": "HTTP/1.0 without keep-alive \u2014 server should close connection after response", "scored": true, "durationMs": 50.6599, "rawRequest": "GET / HTTP/1.0\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nConnection: close\r\nContent-Type: application/json; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:37 GMT\r\nServer: Kestrel\r\n\r\n\"OK\"", "behavioralNote": null}, {"id": "COMP-HTTP10-NO-HOST", "description": "HTTP/1.0 without Host header \u2014 valid per HTTP/1.0", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Warn", "statusCode": 200, "expected": "200 or 400", "got": "200", "connectionState": "ClosedByServer", "reason": "HTTP/1.0 without Host header \u2014 valid per HTTP/1.0", "scored": false, "durationMs": 50.7088, "rawRequest": "GET / HTTP/1.0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nConnection: close\r\nContent-Type: application/json; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:37 GMT\r\nServer: Kestrel\r\n\r\n\"OK\"", "behavioralNote": null}, {"id": "COMP-HTTP12-VERSION", "description": "HTTP/1.2 \u2014 higher minor version should be accepted as HTTP/1.x compatible", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Warn", "statusCode": 505, "expected": "200 or 505", "got": "505", "connectionState": "ClosedByServer", "reason": "HTTP/1.2 \u2014 higher minor version should be accepted as HTTP/1.x compatible", "scored": false, "durationMs": 50.6706, "rawRequest": "GET / HTTP/1.2\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 505 HTTP Version Not Supported\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:37 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "COMP-TRACE-WITH-BODY", "description": "TRACE with Content-Length body should be rejected", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.8", "verdict": "Warn", "statusCode": 200, "expected": "400/405 or 200", "got": "200", "connectionState": "Open", "reason": "TRACE with Content-Length body should be rejected", "scored": false, "durationMs": 50.6557, "rawRequest": "TRACE / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: application/json; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:37 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n4\r\n\"OK\"\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-TRAILER-VALID", "description": "Valid chunked body with trailer field should be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid chunked body with trailer field should be accepted", "scored": true, "durationMs": 50.7584, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nX-Checksum: abc\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:37 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-CHUNKED-HEX-UPPERCASE", "description": "Chunk size with uppercase hex (A = 10) should be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Chunk size with uppercase hex (A = 10) should be accepted", "scored": true, "durationMs": 50.5519, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\nA\r\nhelloworld\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 10\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:37 GMT\r\nServer: Kestrel\r\n\r\nhelloworld", "behavioralNote": null}, {"id": "SMUG-CL-TE-BOTH", "description": "Both Content-Length and Transfer-Encoding present \u2014 server MAY reject or process with TE alone", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Both Content-Length and Transfer-Encoding present \u2014 server MAY reject or process with TE alone", "scored": true, "durationMs": 50.9255, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 6\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:37 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": "Used TE (chunked 0-length \u2192 empty body)"}, {"id": "SMUG-DUPLICATE-CL", "description": "Duplicate Content-Length with different values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Duplicate Content-Length with different values must be rejected", "scored": true, "durationMs": 50.6301, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nContent-Length: 10\r\n\r\nhelloworld", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:37 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-LEADING-ZEROS", "description": "Content-Length with leading zeros \u2014 valid per 1*DIGIT grammar but may cause parser disagreement", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with leading zeros \u2014 valid per 1*DIGIT grammar but may cause parser disagreement", "scored": true, "durationMs": 50.5755, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 005\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:37 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TE-XCHUNKED", "description": "Transfer-Encoding: xchunked must not be treated as chunked", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: xchunked must not be treated as chunked", "scored": true, "durationMs": 50.7153, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: xchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:37 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-TRAILING-SPACE", "description": "Transfer-Encoding: 'chunked ' (trailing space) must not be treated as chunked", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: 'chunked ' (trailing space) must not be treated as chunked", "scored": true, "durationMs": 58.5966, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked \r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:37 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-SP-BEFORE-COLON", "description": "Transfer-Encoding with space before colon must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with space before colon must be rejected", "scored": true, "durationMs": 50.803, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding : chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:37 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-NEGATIVE", "description": "Negative Content-Length must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Negative Content-Length must be rejected", "scored": true, "durationMs": 50.545, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: -1\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:37 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CLTE-PIPELINE", "description": "CL.TE smuggling probe \u2014 follow-up should not receive smuggled response", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 CL.TE smuggling probe \u2014 follow-up should not receive smuggled response", "scored": true, "durationMs": 0.7445, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 4\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:38 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TECL-PIPELINE", "description": "TE.CL smuggling probe \u2014 TE: chunked + CL: 30 with pipelined GET", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 TE.CL smuggling probe \u2014 TE: chunked + CL: 30 with pipelined GET", "scored": true, "durationMs": 0.4043, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nContent-Length: 30\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:38 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-TRAILING-SPACE", "description": "Content-Length with trailing space \u2014 OWS trimming is valid per RFC 9110 \u00a75.5", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with trailing space \u2014 OWS trimming is valid per RFC 9110 \u00a75.5", "scored": true, "durationMs": 50.4732, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5 \r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:38 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TE-DOUBLE-CHUNKED", "description": "Transfer-Encoding: chunked, chunked with CL is ambiguous", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: chunked, chunked with CL is ambiguous", "scored": true, "durationMs": 50.9619, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked, chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:38 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-EXTRA-LEADING-SP", "description": "Content-Length with extra leading whitespace (double space OWS)", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with extra leading whitespace (double space OWS)", "scored": true, "durationMs": 50.8436, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length:  5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:38 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TE-CASE-MISMATCH", "description": "Transfer-Encoding: Chunked (capital C) with CL \u2014 case-insensitive is valid", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: Chunked (capital C) with CL \u2014 case-insensitive is valid", "scored": true, "durationMs": 51.4282, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: Chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:38 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-COMMA-DIFFERENT", "description": "Content-Length with comma-separated different values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with comma-separated different values must be rejected", "scored": true, "durationMs": 50.5125, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5, 10\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:38 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-NOT-FINAL-CHUNKED", "description": "Transfer-Encoding where chunked is not final \u2014 server MUST respond with 400 (RFC 9112 \u00a76.3)", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding where chunked is not final \u2014 server MUST respond with 400 (RFC 9112 \u00a76.3)", "scored": true, "durationMs": 50.5629, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked, gzip\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:38 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-HTTP10", "description": "Transfer-Encoding in HTTP/1.0 request must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding in HTTP/1.0 request must be rejected", "scored": true, "durationMs": 50.8594, "rawRequest": "POST / HTTP/1.0\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:38 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-BARE-SEMICOLON", "description": "Chunk size with bare semicolon and no extension name must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Chunk size with bare semicolon and no extension name must be rejected", "scored": true, "durationMs": 50.7972, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:38 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-BARE-CR-HEADER-VALUE", "description": "Bare CR in header value must be rejected or replaced with SP", "category": "Smuggling", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare CR in header value must be rejected or replaced with SP", "scored": true, "durationMs": 50.4838, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nX-Test: val\rue\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:38 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-OCTAL", "description": "Content-Length with octal prefix (0o5) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with octal prefix (0o5) must be rejected", "scored": true, "durationMs": 50.438, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0o5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:38 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-UNDERSCORE", "description": "Chunk size with underscores (1_0) must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size with underscores (1_0) must be rejected", "scored": true, "durationMs": 51.5078, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n1_0\r\nhello world!!!!!\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:38 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-EMPTY-VALUE", "description": "Transfer-Encoding with empty value must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with empty value must be rejected", "scored": true, "durationMs": 51.0859, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:38 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-LEADING-COMMA", "description": "Transfer-Encoding with leading comma (, chunked) \u2014 RFC says empty list elements MUST be ignored", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.6.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with leading comma (, chunked) \u2014 RFC says empty list elements MUST be ignored", "scored": true, "durationMs": 51.5125, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: , chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:38 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-DUPLICATE-HEADERS", "description": "Two Transfer-Encoding headers with CL present \u2014 ambiguous framing", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Two Transfer-Encoding headers with CL present \u2014 ambiguous framing", "scored": true, "durationMs": 50.4828, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nTransfer-Encoding: identity\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:38 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-HEX-PREFIX", "description": "Chunk size with 0x prefix must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size with 0x prefix must be rejected", "scored": true, "durationMs": 51.0528, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n0x5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:38 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-HEX-PREFIX", "description": "Content-Length with hex prefix (0x5) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with hex prefix (0x5) must be rejected", "scored": true, "durationMs": 50.5188, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0x5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:38 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-INTERNAL-SPACE", "description": "Content-Length with internal space (1 0) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with internal space (1 0) must be rejected", "scored": true, "durationMs": 50.4488, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 1 0\r\n\r\nhello12345", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:38 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-LEADING-SP", "description": "Chunk size with leading space must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size with leading space must be rejected", "scored": true, "durationMs": 50.9069, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n 5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:38 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-MISSING-TRAILING-CRLF", "description": "Chunk data without trailing CRLF must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk data without trailing CRLF must be rejected", "scored": true, "durationMs": 50.9564, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:38 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-LF", "description": "Bare LF in chunk extension \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare LF in chunk extension \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 51.2247, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:39 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-SPILL", "description": "Chunk declares size 5 but sends 7 bytes \u2014 oversized chunk data must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk declares size 5 but sends 7 bytes \u2014 oversized chunk data must be rejected", "scored": true, "durationMs": 50.84, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello!!\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:39 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-LF-TERM", "description": "Bare LF as chunk data terminator \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare LF as chunk data terminator \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 50.9952, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:39 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-CTRL", "description": "NUL byte in chunk extension must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 NUL byte in chunk extension must be rejected", "scored": true, "durationMs": 50.5043, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\u0000ext\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:39 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-CR", "description": "Bare CR (not CRLF) in chunk extension \u2014 some parsers treat CR alone as line ending", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare CR (not CRLF) in chunk extension \u2014 some parsers treat CR alone as line ending", "scored": true, "durationMs": 50.9341, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;a\rX\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:39 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-VTAB", "description": "Vertical tab before 'chunked' in TE value \u2014 control char obfuscation vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Vertical tab before 'chunked' in TE value \u2014 control char obfuscation vector", "scored": true, "durationMs": 50.5435, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \u000bchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:39 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-FORMFEED", "description": "Form feed before 'chunked' in TE value \u2014 control char obfuscation vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Form feed before 'chunked' in TE value \u2014 control char obfuscation vector", "scored": true, "durationMs": 50.5554, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \fchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:39 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-NULL", "description": "NUL byte appended to 'chunked' in TE value \u2014 C-string truncation attack", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "NUL byte appended to 'chunked' in TE value \u2014 C-string truncation attack", "scored": true, "durationMs": 50.8001, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\u0000\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:39 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-LF-TRAILER", "description": "Bare LF in chunked trailer termination \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Bare LF in chunked trailer termination \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 5000.0752, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-IDENTITY", "description": "Transfer-Encoding: identity (deprecated) with CL must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: identity (deprecated) with CL must be rejected", "scored": true, "durationMs": 50.3928, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: identity\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:44 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-NEGATIVE", "description": "Negative chunk size must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Negative chunk size must be rejected", "scored": true, "durationMs": 50.8306, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n-1\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:44 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRANSFER_ENCODING", "description": "Transfer_Encoding (underscore) header with CL \u2014 not a valid header but some parsers accept", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer_Encoding (underscore) header with CL \u2014 not a valid header but some parsers accept", "scored": false, "durationMs": 50.76, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer_Encoding: chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:44 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-CL-COMMA-SAME", "description": "Content-Length with comma-separated identical values \u2014 some servers merge", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with comma-separated identical values \u2014 some servers merge", "scored": false, "durationMs": 50.5044, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5, 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:44 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNKED-WITH-PARAMS", "description": "Transfer-Encoding: chunked;ext=val \u2014 parameters on chunked encoding", "category": "Smuggling", "rfc": "RFC 9112 \u00a77", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: chunked;ext=val \u2014 parameters on chunked encoding", "scored": true, "durationMs": 50.546, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked;ext=val\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:44 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-EXPECT-100-CL", "description": "Expect: 100-continue with Content-Length \u2014 server should send 100 then read body", "category": "Smuggling", "rfc": "RFC 9110 \u00a710.1.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Expect: 100-continue with Content-Length \u2014 server should send 100 then read body", "scored": false, "durationMs": 50.5372, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nExpect: 100-continue\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:44 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TRAILER-CL", "description": "Content-Length in chunked trailers must be ignored \u2014 prohibited trailer field", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length in chunked trailers must be ignored \u2014 prohibited trailer field", "scored": false, "durationMs": 50.8157, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nContent-Length: 50\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:44 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TRAILER-TE", "description": "Transfer-Encoding in chunked trailers must be ignored \u2014 prohibited trailer field", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer-Encoding in chunked trailers must be ignored \u2014 prohibited trailer field", "scored": false, "durationMs": 50.5525, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nTransfer-Encoding: chunked\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:44 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TRAILER-HOST", "description": "Host header in chunked trailers must not be used for routing", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Host header in chunked trailers must not be used for routing", "scored": false, "durationMs": 50.6006, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nHost: evil.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:44 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TRAILER-AUTH", "description": "Authorization header in chunked trailers \u2014 prohibited per RFC 9110 \u00a76.5.1", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Authorization header in chunked trailers \u2014 prohibited per RFC 9110 \u00a76.5.1", "scored": false, "durationMs": 50.6276, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nAuthorization: Bearer evil\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:44 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-HEAD-CL-BODY", "description": "HEAD request with Content-Length and body \u2014 server must not leave body on connection", "category": "Smuggling", "rfc": "RFC 9110 \u00a79.3.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "HEAD request with Content-Length and body \u2014 server must not leave body on connection", "scored": false, "durationMs": 50.6852, "rawRequest": "HEAD / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: application/json; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:44 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-OPTIONS-CL-BODY", "description": "OPTIONS with Content-Length and body \u2014 server should consume or reject body", "category": "Smuggling", "rfc": "RFC 9110 \u00a79.3.7", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "OPTIONS with Content-Length and body \u2014 server should consume or reject body", "scored": false, "durationMs": 50.6402, "rawRequest": "OPTIONS / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: application/json; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:44 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n4\r\n\"OK\"\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-UNDERSCORE", "description": "Content-Length with underscore digit separator (1_0) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with underscore digit separator (1_0) must be rejected", "scored": true, "durationMs": 50.4314, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 1_0\r\n\r\nhelloworld", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:45 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-NEGATIVE-ZERO", "description": "Content-Length: -0 must be rejected \u2014 not valid 1*DIGIT", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Content-Length: -0 must be rejected \u2014 not valid 1*DIGIT", "scored": true, "durationMs": 50.4324, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: -0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:45 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-DOUBLE-ZERO", "description": "Content-Length: 00 \u2014 matches 1*DIGIT but leading zero ambiguity", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length: 00 \u2014 matches 1*DIGIT but leading zero ambiguity", "scored": true, "durationMs": 50.7729, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 00\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:45 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-LEADING-ZEROS-OCTAL", "description": "Content-Length: 0200 \u2014 octal 128 vs decimal 200, parser disagreement vector", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length: 0200 \u2014 octal 128 vs decimal 200, parser disagreement vector", "scored": true, "durationMs": 50.7375, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0200\r\n\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 200\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:45 GMT\r\nServer: Kestrel\r\n\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "behavioralNote": null}, {"id": "SMUG-TE-OBS-FOLD", "description": "Transfer-Encoding with obs-fold line wrapping must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a75.1", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with obs-fold line wrapping must be rejected", "scored": true, "durationMs": 50.364, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding:\r\n chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:45 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-TRAILING-COMMA", "description": "Transfer-Encoding: chunked, \u2014 trailing comma produces empty list element", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.6.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: chunked, \u2014 trailing comma produces empty list element", "scored": true, "durationMs": 50.8576, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked,\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:45 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-TAB-BEFORE-VALUE", "description": "Transfer-Encoding with tab as OWS before value", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with tab as OWS before value", "scored": false, "durationMs": 51.0947, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding:\tchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:45 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-ABSOLUTE-URI-HOST-MISMATCH", "description": "Absolute-form URI with different Host header \u2014 routing confusion vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a73.2.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Absolute-form URI with different Host header \u2014 routing confusion vector", "scored": false, "durationMs": 50.6017, "rawRequest": "GET http://other.example.com/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:45 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-MULTIPLE-HOST-COMMA", "description": "Host header with comma-separated values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a77.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Host header with comma-separated values must be rejected", "scored": true, "durationMs": 50.4665, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080, other.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:45 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-BARE-CR-TERM", "description": "Chunk size line terminated by bare CR \u2014 not a valid line terminator", "category": "Smuggling", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size line terminated by bare CR \u2014 not a valid line terminator", "scored": true, "durationMs": 51.145, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\rhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:45 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-CONTENT-TYPE", "description": "Content-Type in chunked trailer \u2014 prohibited per RFC 9110 \u00a76.5.1", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Type in chunked trailer \u2014 prohibited per RFC 9110 \u00a76.5.1", "scored": false, "durationMs": 50.9427, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nContent-Type: text/evil\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:45 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "MAL-BINARY-GARBAGE", "description": "Random binary garbage should be rejected or connection closed", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "Random binary garbage should be rejected or connection closed", "scored": true, "durationMs": 50.8779, "rawRequest": ">\u0017???\u0004?;???V???:o?M%U\u0017]?n?\t\u0014W??6??(\u000b??\u0007???p??\u0005\tngk??\rF?'??'\"?????g?\u001a?????rvc??7i??????)??\u0000Q?????\u000eq\u0005-~????>B??u?8???`\u000b?J\u0017>?\u001d?b?\t???T5{\n????\u0006t|????\u0018\u0010?D??\u0015'????dQ%5w\tN K???\r?\u0011????D?\u0003I?(?\u0011??\r?\u001bi?L???\u0005?kg4Ze\f6??\"QT><<`\u0007u\f????=1?jMah\u0012??+?-??J\u001cP??\u001d?7?,???j2\u0014????(", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:45 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-LONG-URL", "description": "100KB URL should be rejected with 414 URI Too Long", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 414, "expected": "400/414/431 or close", "got": "414", "connectionState": "ClosedByServer", "reason": "100KB URL should be rejected with 414 URI Too Long", "scored": true, "durationMs": 51.327, "rawRequest": "GET /AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 414 URI Too Long\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:45 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-LONG-HEADER-VALUE", "description": "100KB header value should be rejected with 431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 431, "expected": "400/431 or close", "got": "431", "connectionState": "ClosedByServer", "reason": "100KB header value should be rejected with 431", "scored": true, "durationMs": 51.1445, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Big: BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB", "rawResponse": "HTTP/1.1 431 Request Header Fields Too Large\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:45 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-MANY-HEADERS", "description": "10,000 headers should be rejected with 431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 431, "expected": "400/431 or close", "got": "431", "connectionState": "ClosedByServer", "reason": "10,000 headers should be rejected with 431", "scored": true, "durationMs": 52.1356, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-H-0: value\r\nX-H-1: value\r\nX-H-2: value\r\nX-H-3: value\r\nX-H-4: value\r\nX-H-5: value\r\nX-H-6: value\r\nX-H-7: value\r\nX-H-8: value\r\nX-H-9: value\r\nX-H-10: value\r\nX-H-11: value\r\nX-H-12: value\r\nX-H-13: value\r\nX-H-14: value\r\nX-H-15: value\r\nX-H-16: value\r\nX-H-17: value\r\nX-H-18: value\r\nX-H-19: value\r\nX-H-20: value\r\nX-H-21: value\r\nX-H-22: value\r\nX-H-23: value\r\nX-H-24: value\r\nX-H-25: value\r\nX-H-26: value\r\nX-H-27: value\r\nX-H-28: value\r\nX-H-29: value\r\nX-H-30: value\r\nX-H-31: value\r\nX-H-32: value\r\nX-H-33: value\r\nX-H-34: value\r\nX-H-35: value\r\nX-H-36: value\r\nX-H-37: value\r\nX-H-38: value\r\nX-H-39: value\r\nX-H-40: value\r\nX-H-41: value\r\nX-H-42: value\r\nX-H-43: value\r\nX-H-44: value\r\nX-H-45: value\r\nX-H-46: value\r\nX-H-47: value\r\nX-H-48: value\r\nX-H-49: value\r\nX-H-50: value\r\nX-H-51: value\r\nX-H-52: value\r\nX-H-53: value\r\nX-H-54: value\r\nX-H-55: value\r\nX-H-56: value\r\nX-H-57: value\r\nX-H-58: value\r\nX-H-59: value\r\nX-H-60: value\r\nX-H-61: value\r\nX-H-62: value\r\nX-H-63: value\r\nX-H-64: value\r\nX-H-65: value\r\nX-H-66: value\r\nX-H-67: value\r\nX-H-68: value\r\nX-H-69: value\r\nX-H-70: value\r\nX-H-71: value\r\nX-H-72: value\r\nX-H-73: value\r\nX-H-74: value\r\nX-H-75: value\r\nX-H-76: value\r\nX-H-77: value\r\nX-H-78: value\r\nX-H-79: value\r\nX-H-80: value\r\nX-H-81: value\r\nX-H-82: value\r\nX-H-83: value\r\nX-H-84: value\r\nX-H-85: value\r\nX-H-86: value\r\nX-H-87: value\r\nX-H-88: value\r\nX-H-89: value\r\nX-H-90: value\r\nX-H-91: value\r\nX-H-92: value\r\nX-H-93: value\r\nX-H-94: value\r\nX-H-95: value\r\nX-H-96: value\r\nX-H-97: value\r\nX-H-98: value\r\nX-H-99: value\r\nX-H-100: value\r\nX-H-101: value\r\nX-H-102: value\r\nX-H-103: value\r\nX-H-104: value\r\nX-H-105: value\r\nX-H-106: value\r\nX-H-107: value\r\nX-H-108: value\r\nX-H-109: value\r\nX-H-110: value\r\nX-H-111: value\r\nX-H-112: value\r\nX-H-113: value\r\nX-H-114: value\r\nX-H-115: value\r\nX-H-116: value\r\nX-H-117: value\r\nX-H-118: value\r\nX-H-119: value\r\nX-H-120: value\r\nX-H-121: value\r\nX-H-122: value\r\nX-H-123: value\r\nX-H-124: value\r\nX-H-125: value\r\nX-H-126: value\r\nX-H-127: value\r\nX-H-128: value\r\nX-H-129: value\r\nX-H-130: value\r\nX-H-131: value\r\nX-H-132: value\r\nX-H-133: value\r\nX-H-134: value\r\nX-H-135: value\r\nX-H-136: value\r\nX-H-137: value\r\nX-H-138: value\r\nX-H-139: value\r\nX-H-140: value\r\nX-H-141: value\r\nX-H-142: value\r\nX-H-143: value\r\nX-H-144: value\r\nX-H-145: value\r\nX-H-146: value\r\nX-H-147: value\r\nX-H-148: value\r\nX-H-149: value\r\nX-H-150: value\r\nX-H-151: value\r\nX-H-152: value\r\nX-H-153: value\r\nX-H-154: value\r\nX-H-155: value\r\nX-H-156: value\r\nX-H-157: value\r\nX-H-158: value\r\nX-H-159: value\r\nX-H-160: value\r\nX-H-161: value\r\nX-H-162: value\r\nX-H-163: value\r\nX-H-164: value\r\nX-H-165: value\r\nX-H-166: value\r\nX-H-167: value\r\nX-H-168: value\r\nX-H-169: value\r\nX-H-170: value\r\nX-H-171: value\r\nX-H-172: value\r\nX-H-173: value\r\nX-H-174: value\r\nX-H-175: value\r\nX-H-176: value\r\nX-H-177: value\r\nX-H-178: value\r\nX-H-179: value\r\nX-H-180: value\r\nX-H-181: value\r\nX-H-182: value\r\nX-H-183: value\r\nX-H-184: value\r\nX-H-185: value\r\nX-H-186: value\r\nX-H-187: value\r\nX-H-188: value\r\nX-H-189: value\r\nX-H-190: value\r\nX-H-191: value\r\nX-H-192: value\r\nX-H-193: value\r\nX-H-194: value\r\nX-H-195: value\r\nX-H-196: value\r\nX-H-197: value\r\nX-H-198: value\r\nX-H-199: value\r\nX-H-200: value\r\nX-H-201: value\r\nX-H-202: value\r\nX-H-203: value\r\nX-H-204: value\r\nX-H-205: value\r\nX-H-206: value\r\nX-H-207: value\r\nX-H-208: value\r\nX-H-209: value\r\nX-H-210: value\r\nX-H-211: value\r\nX-H-212: value\r\nX-H-213: value\r\nX-H-214: value\r\nX-H-215: value\r\nX-H-216: value\r\nX-H-217: value\r\nX-H-218: value\r\nX-H-219: value\r\nX-H-220: value\r\nX-H-221: value\r\nX-H-222: value\r\nX-H-223: value\r\nX-H-224: value\r\nX-H-225: value\r\nX-H-226: value\r\nX-H-227: value\r\nX-H-228: value\r\nX-H-229: value\r\nX-H-230: value\r\nX-H-231: value\r\nX-H-232: value\r\nX-H-233: value\r\nX-H-234: value\r\nX-H-235: value\r\nX-H-236: value\r\nX-H-237: value\r\nX-H-238: value\r\nX-H-239: value\r\nX-H-240: value\r\nX-H-241: value\r\nX-H-242: value\r\nX-H-243: value\r\nX-H-244: value\r\nX-H-245: value\r\nX-H-246: value\r\nX-H-247: value\r\nX-H-248: value\r\nX-H-249: value\r\nX-H-250: value\r\nX-H-251: value\r\nX-H-252: value\r\nX-H-253: value\r\nX-H-254: value\r\nX-H-255: value\r\nX-H-256: value\r\nX-H-257: value\r\nX-H-258: value\r\nX-H-259: value\r\nX-H-260: value\r\nX-H-261: value\r\nX-H-262: value\r\nX-H-263: value\r\nX-H-264: value\r\nX-H-265: value\r\nX-H-266: value\r\nX-H-267: value\r\nX-H-268: value\r\nX-H-269: value\r\nX-H-270: value\r\nX-H-271: value\r\nX-H-272: value\r\nX-H-273: value\r\nX-H-274: value\r\nX-H-275: value\r\nX-H-276: value\r\nX-H-277: value\r\nX-H-278: value\r\nX-H-279: value\r\nX-H-280: value\r\nX-H-281: value\r\nX-H-282: value\r\nX-H-283: value\r\nX-H-284: value\r\nX-H-285: value\r\nX-H-286: value\r\nX-H-287: value\r\nX-H-288: value\r\nX-H-289: value\r\nX-H-290: value\r\nX-H-291: value\r\nX-H-292: value\r\nX-H-293: value\r\nX-H-294: value\r\nX-H-295: value\r\nX-H-296: value\r\nX-H-297: value\r\nX-H-298: value\r\nX-H-299: value\r\nX-H-300: value\r\nX-H-301: value\r\nX-H-302: value\r\nX-H-303: value\r\nX-H-304: value\r\nX-H-305: value\r\nX-H-306: value\r\nX-H-307: value\r\nX-H-308: value\r\nX-H-309: value\r\nX-H-310: value\r\nX-H-311: value\r\nX-H-312: value\r\nX-H-313: value\r\nX-H-314: value\r\nX-H-315: value\r\nX-H-316: value\r\nX-H-317: value\r\nX-H-318: value\r\nX-H-319: value\r\nX-H-320: value\r\nX-H-321: value\r\nX-H-322: value\r\nX-H-323: value\r\nX-H-324: value\r\nX-H-325: value\r\nX-H-326: value\r\nX-H-327: value\r\nX-H-328: value\r\nX-H-329: value\r\nX-H-330: value\r\nX-H-331: value\r\nX-H-332: value\r\nX-H-333: value\r\nX-H-334: value\r\nX-H-335: value\r\nX-H-336: value\r\nX-H-337: value\r\nX-H-338: value\r\nX-H-339: value\r\nX-H-340: value\r\nX-H-341: value\r\nX-H-342: value\r\nX-H-343: value\r\nX-H-344: value\r\nX-H-345: value\r\nX-H-346: value\r\nX-H-347: value\r\nX-H-348: value\r\nX-H-349: value\r\nX-H-350: value\r\nX-H-351: value\r\nX-H-352: value\r\nX-H-353: value\r\nX-H-354: value\r\nX-H-355: value\r\nX-H-356: value\r\nX-H-357: value\r\nX-H-358: value\r\nX-H-359: value\r\nX-H-360: value\r\nX-H-361: value\r\nX-H-362: value\r\nX-H-363: value\r\nX-H-364: value\r\nX-H-365: value\r\nX-H-366: value\r\nX-H-367: value\r\nX-H-368: value\r\nX-H-369: value\r\nX-H-370: value\r\nX-H-371: value\r\nX-H-372: value\r\nX-H-373: value\r\nX-H-374: value\r\nX-H-375: value\r\nX-H-376: value\r\nX-H-377: value\r\nX-H-378: value\r\nX-H-379: value\r\nX-H-380: value\r\nX-H-381: value\r\nX-H-382: value\r\nX-H-383: value\r\nX-H-384: value\r\nX-H-385: value\r\nX-H-386: value\r\nX-H-387: value\r\nX-H-388: value\r\nX-H-389: value\r\nX-H-390: value\r\nX-H-391: value\r\nX-H-392: value\r\nX-H-393: value\r\nX-H-394: value\r\nX-H-395: value\r\nX-H-396: value\r\nX-H-397: value\r\nX-H-398: value\r\nX-H-399: value\r\nX-H-400: value\r\nX-H-401: value\r\nX-H-402: value\r\nX-H-403: value\r\nX-H-404: value\r\nX-H-405: value\r\nX-H-406: value\r\nX-H-407: value\r\nX-H-408: value\r\nX-H-409: value\r\nX-H-410: value\r\nX-H-411: value\r\nX-H-412: value\r\nX-H-413: value\r\nX-H-414: value\r\nX-H-415: value\r\nX-H-416: value\r\nX-H-417: value\r\nX-H-418: value\r\nX-H-419: value\r\nX-H-420: value\r\nX-H-421: value\r\nX-H-422: value\r\nX-H-423: value\r\nX-H-424: value\r\nX-H-425: value\r\nX-H-426: value\r\nX-H-427: value\r\nX-H-428: value\r\nX-H-429: value\r\nX-H-430: value\r\nX-H-431: value\r\nX-H-432: value\r\nX-H-433: value\r\nX-H-434: value\r\nX-H-435: value\r\nX-H-436: value\r\nX-H-437: value\r\nX-H-438: value\r\nX-H-439: value\r\nX-H-440: value\r\nX-H-441: value\r\nX-H-442: value\r\nX-H-443: value\r\nX-H-444: value\r\nX-H-445: value\r\nX-H-446: value\r\nX-H-447: value\r\nX-H-448: value\r\nX-H-449: value\r\nX-H-450: value\r\nX-H-451: value\r\nX-H-452: value\r\nX-H-453: value\r\nX-H-454: value\r\nX-H-455: value\r\nX-H-456: value\r\nX-H-457: value\r\nX-H-458: value\r\nX-H-459: value\r\nX-H-460: value\r\nX-H-461: value\r\nX-H-462: value\r\nX-H-463: value\r\nX-H-464: value\r\nX-H-465: value\r\nX-H-466: value\r\nX-H-467: value\r\nX-H-468: value\r\nX-H-469: value\r\nX-H-470: value\r\nX-H-471: value\r\nX-H-472: value\r\nX-H-473: value\r\nX-H-474: value\r\nX-H-475: value\r\nX-H-476: value\r\nX-H-477: value\r\nX-H-478: value\r\nX-H-479: value\r\nX-H-480: value\r\nX-H-481: value\r\nX-H-482: value\r\nX-H-483: value\r\nX-H-484: value\r\nX-H-485: value\r\nX-H-486: value\r\nX-H-487: value\r\nX-H-488: value\r\nX-H-489: value\r\nX-H-490: value\r\nX-H-491: value\r\nX-H-492: value\r\nX-H-493: value\r\nX-H-494: value\r\nX-H-495: value\r\nX-H-496: value\r\nX-H-497: value\r\nX-H-498: value\r\nX-H-499: value\r\nX-H-500: value\r\nX-H-501: value\r\nX-H-502: value\r\nX-H-503: value\r\nX-H-504: value\r\nX-H-505: value\r\nX-H-506: value\r\nX-H-507: value\r\nX-H-508: value\r\nX-H-509: value\r\nX-H-510: value\r\nX-H-511: value\r\nX-H-512: value\r\nX-H-513: value\r\nX-H-514: value\r\nX-H-515: value\r\nX-H-516:", "rawResponse": "HTTP/1.1 431 Request Header Fields Too Large\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:45 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-NUL-IN-URL", "description": "NUL byte in URL should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "NUL byte in URL should be rejected", "scored": true, "durationMs": 50.4819, "rawRequest": "GET /\u0000test HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:45 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-CONTROL-CHARS-HEADER", "description": "Control characters in header value should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Control characters in header value should be rejected", "scored": true, "durationMs": 50.5536, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: abc\u0007\b?f\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: application/json; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:45 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n4\r\n\"OK\"\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-INCOMPLETE-REQUEST", "description": "Partial HTTP request \u2014 request-line and headers but no final CRLF", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Partial HTTP request \u2014 request-line and headers but no final CRLF", "scored": true, "durationMs": 5000.9967, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: value", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-EMPTY-REQUEST", "description": "Zero bytes \u2014 TCP connection established without sending any data", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Zero bytes \u2014 TCP connection established without sending any data", "scored": true, "durationMs": 5000.6596, "rawRequest": "", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-LONG-HEADER-NAME", "description": "100KB header name should be rejected with 400/431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 431, "expected": "400/431 or close", "got": "431", "connectionState": "ClosedByServer", "reason": "100KB header name should be rejected with 400/431", "scored": true, "durationMs": 50.821, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 431 Request Header Fields Too Large\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:55 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-LONG-METHOD", "description": "100KB method name should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 414, "expected": "400 or close", "got": "414", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 414 \u2014 100KB method name should be rejected", "scored": true, "durationMs": 51.4029, "rawRequest": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 414 URI Too Long\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:55 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-NON-ASCII-HEADER-NAME", "description": "Non-ASCII bytes (UTF-8 \u00eb) in header name must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Non-ASCII bytes (UTF-8 \u00eb) in header name must be rejected", "scored": true, "durationMs": 50.7683, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-T??st: value\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:55 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-NON-ASCII-URL", "description": "Non-ASCII bytes (UTF-8 \u00e9) in URL must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Non-ASCII bytes (UTF-8 \u00e9) in URL must be rejected", "scored": true, "durationMs": 50.7009, "rawRequest": "GET /caf?? HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:56 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-CL-OVERFLOW", "description": "Content-Length with integer overflow value must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with integer overflow value must be rejected", "scored": true, "durationMs": 50.5294, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 99999999999999999999\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:56 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-WHITESPACE-ONLY-LINE", "description": "Whitespace-only request line should be rejected or timeout", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "Whitespace-only request line should be rejected or timeout", "scored": true, "durationMs": 50.5932, "rawRequest": "   \r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:56 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-NUL-IN-HEADER-VALUE", "description": "NUL byte in header value should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "NUL byte in header value should be rejected", "scored": true, "durationMs": 50.434, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: val\u0000ue\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:56 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-CHUNK-SIZE-OVERFLOW", "description": "Chunk size with integer overflow must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 500, "expected": "400 or close", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 500 \u2014 Chunk size with integer overflow must be rejected", "scored": true, "durationMs": 51.0682, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\nFFFFFFFFFFFFFFFF0\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 500 Internal Server Error\r\nContent-Length: 0\r\nDate: Thu, 12 Feb 2026 21:07:56 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-H2-PREFACE", "description": "HTTP/2 connection preface sent to HTTP/1.1 server must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/505/close/timeout", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "HTTP/2 connection preface sent to HTTP/1.1 server must be rejected", "scored": true, "durationMs": 0.4447, "rawRequest": "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-CL-EMPTY", "description": "Empty Content-Length value must be rejected", "category": "MalformedInput", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Empty Content-Length value must be rejected", "scored": true, "durationMs": 50.5891, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: \r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:56 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-CL-TAB-BEFORE-VALUE", "description": "Content-Length with tab as OWS \u2014 valid per RFC but unusual", "category": "MalformedInput", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with tab as OWS \u2014 valid per RFC but unusual", "scored": true, "durationMs": 50.7394, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length:\t5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:56 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "MAL-URL-BACKSLASH", "description": "Backslash in URL path \u2014 not valid URI character, some servers normalize to /", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx/404", "got": "200", "connectionState": "Open", "reason": "Backslash in URL path \u2014 not valid URI character, some servers normalize to /", "scored": true, "durationMs": 50.9679, "rawRequest": "GET /path\\file HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: application/json; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:56 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n4\r\n\"OK\"\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-URL-OVERLONG-UTF8", "description": "Overlong UTF-8 encoding of / (0xC0 0xAF) in URL must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Overlong UTF-8 encoding of / (0xC0 0xAF) in URL must be rejected", "scored": true, "durationMs": 50.5508, "rawRequest": "GET /?? HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:56 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-URL-PERCENT-NULL", "description": "Percent-encoded NUL byte (%00) in URL \u2014 security risk from null byte injection", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx/404", "got": "400", "connectionState": "ClosedByServer", "reason": "Percent-encoded NUL byte (%00) in URL \u2014 security risk from null byte injection", "scored": true, "durationMs": 50.5908, "rawRequest": "GET /path%00.html HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:56 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}, {"id": "MAL-URL-PERCENT-CRLF", "description": "Percent-encoded CRLF (%0d%0a) in URL \u2014 header injection if server decodes during parsing", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx/404", "got": "200", "connectionState": "Open", "reason": "Percent-encoded CRLF (%0d%0a) in URL \u2014 header injection if server decodes during parsing", "scored": true, "durationMs": 50.5902, "rawRequest": "GET /path%0d%0aX-Injected:%20true HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: application/json; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:56 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n4\r\n\"OK\"\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-CHUNK-EXT-64K", "description": "64KB chunk extension \u2014 tests extension length limits (CVE-2023-39326 class)", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "64KB chunk extension \u2014 tests extension length limits (CVE-2023-39326 class)", "scored": true, "durationMs": 51.929, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;ext=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:56 GMT\r\nServer: Kestrel\r\n\r\nhello", "behavioralNote": null}, {"id": "MAL-RANGE-OVERLAPPING", "description": "1000 overlapping Range values \u2014 resource exhaustion vector (CVE-2011-3192 class)", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "200/206/400/416", "got": "200", "connectionState": "Open", "reason": "1000 overlapping Range values \u2014 resource exhaustion vector (CVE-2011-3192 class)", "scored": false, "durationMs": 51.5522, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nRange: bytes=0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: application/json; charset=utf-8\r\nDate: Thu, 12 Feb 2026 21:07:56 GMT\r\nServer: Kestrel\r\nTransfer-Encoding: chunked\r\n\r\n4\r\n\"OK\"\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-POST-CL-HUGE-NO-BODY", "description": "POST with Content-Length: 999999999 but no body \u2014 tests timeout vs memory allocation", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 413, "expected": "400/close/timeout", "got": "413", "connectionState": "ClosedByServer", "reason": "POST with Content-Length: 999999999 but no body \u2014 tests timeout vs memory allocation", "scored": true, "durationMs": 51.4641, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 999999999\r\n\r\n", "rawResponse": "HTTP/1.1 413 Payload Too Large\r\nContent-Length: 0\r\nConnection: close\r\nDate: Thu, 12 Feb 2026 21:07:56 GMT\r\nServer: Kestrel\r\n\r\n", "behavioralNote": null}], "name": "ServiceStack", "language": "C#"}, {"summary": {"total": 143, "scored": 125, "passed": 37, "failed": 63, "warnings": 25, "unscored": 18}, "results": [{"id": "COMP-BASELINE", "description": "Valid GET request \u2014 confirms server is reachable", "category": "Compliance", "rfc": null, "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid GET request \u2014 confirms server is reachable", "scored": true, "durationMs": 63.5191, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-2.2-BARE-LF-REQUEST-LINE", "description": "Bare LF in request line should be rejected, but MAY be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or close (pass), 2xx (warn)", "got": "200", "connectionState": "Open", "reason": "Bare LF in request line should be rejected, but MAY be accepted", "scored": true, "durationMs": 51.5126, "rawRequest": "GET / HTTP/1.1\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-2.2-BARE-LF-HEADER", "description": "Bare LF in header should be rejected, but MAY be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or close (pass), 2xx (warn)", "got": "200", "connectionState": "Open", "reason": "Bare LF in header should be rejected, but MAY be accepted", "scored": true, "durationMs": 50.614, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\nX-Test: value\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-5.1-OBS-FOLD", "description": "Obs-fold (line folding) in headers should be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75.1", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "Open", "reason": "Expected 400, got 200 \u2014 Obs-fold (line folding) in headers should be rejected", "scored": true, "durationMs": 50.4004, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: value\r\n continued\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9110-5.6.2-SP-BEFORE-COLON", "description": "Whitespace between header name and colon must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "Open", "reason": "Expected 400, got 200 \u2014 Whitespace between header name and colon must be rejected", "scored": true, "durationMs": 50.4281, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test : value\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-3-MULTI-SP-REQUEST-LINE", "description": "Multiple spaces between request-line components \u2014 SHOULD reject but MAY parse leniently", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Multiple spaces between request-line components \u2014 SHOULD reject but MAY parse leniently", "scored": true, "durationMs": 51.1071, "rawRequest": "GET  / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-7.1-MISSING-HOST", "description": "Request without Host header must be rejected with 400", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "Open", "reason": "Expected 400, got 200 \u2014 Request without Host header must be rejected with 400", "scored": true, "durationMs": 50.6765, "rawRequest": "GET / HTTP/1.1\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-2.3-INVALID-VERSION", "description": "Invalid HTTP version must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Fail", "statusCode": 200, "expected": "400/505 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400/505 or close, got 200 \u2014 Invalid HTTP version must be rejected", "scored": true, "durationMs": 50.5977, "rawRequest": "GET / HTTP/9.9\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-5-EMPTY-HEADER-NAME", "description": "Empty header name (leading colon) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Empty header name (leading colon) must be rejected", "scored": true, "durationMs": 50.7725, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\n: empty-name\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 0\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-3-CR-ONLY-LINE-ENDING", "description": "CR without LF as line ending must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "CR without LF as line ending must be rejected", "scored": true, "durationMs": 50.3754, "rawRequest": "GET / HTTP/1.1\rHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 0\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-3-MISSING-TARGET", "description": "Request line with no target (space but no path) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Request line with no target (space but no path) must be rejected", "scored": true, "durationMs": 50.445, "rawRequest": "GET HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-3.2-FRAGMENT-IN-TARGET", "description": "Fragment (#) in request-target \u2014 not part of origin-form grammar", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Fragment (#) in request-target \u2014 not part of origin-form grammar", "scored": true, "durationMs": 50.4698, "rawRequest": "GET /path#frag HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-2.3-HTTP09-REQUEST", "description": "HTTP/0.9 request (no version) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "HTTP/0.9 request (no version) must be rejected", "scored": true, "durationMs": 5001.3604, "rawRequest": "GET /\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "RFC9112-5-INVALID-HEADER-NAME", "description": "Header name with invalid characters (brackets) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Header name with invalid characters (brackets) must be rejected", "scored": true, "durationMs": 50.3916, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nBad[Name: value\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-5-HEADER-NO-COLON", "description": "Header line without colon must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Header line without colon must be rejected", "scored": true, "durationMs": 50.5183, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nNoColonHere\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9110-5.4-DUPLICATE-HOST", "description": "Duplicate Host headers with different values must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "Open", "reason": "Expected 400, got 200 \u2014 Duplicate Host headers with different values must be rejected", "scored": true, "durationMs": 50.6166, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nHost: other.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-6.1-CL-NON-NUMERIC", "description": "Non-numeric Content-Length must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Non-numeric Content-Length must be rejected", "scored": true, "durationMs": 50.4561, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: abc\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 0\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-6.1-CL-PLUS-SIGN", "description": "Content-Length with plus sign must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with plus sign must be rejected", "scored": true, "durationMs": 50.5674, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: +5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-WHITESPACE-BEFORE-HEADERS", "description": "Whitespace before first header line must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Whitespace before first header line must be rejected", "scored": true, "durationMs": 50.5923, "rawRequest": "GET / HTTP/1.1\r\n \r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-DUPLICATE-HOST-SAME", "description": "Duplicate Host headers with identical values must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "Open", "reason": "Expected 400, got 200 \u2014 Duplicate Host headers with identical values must be rejected", "scored": true, "durationMs": 50.6545, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HOST-WITH-USERINFO", "description": "Host header with userinfo (user@host) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Host header with userinfo (user@host) must be rejected", "scored": true, "durationMs": 50.6255, "rawRequest": "GET / HTTP/1.1\r\nHost: user@localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HOST-WITH-PATH", "description": "Host header with path component must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Host header with path component must be rejected", "scored": true, "durationMs": 50.4274, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080/path\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-ASTERISK-WITH-GET", "description": "Asterisk-form (*) request-target with GET must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.4", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Asterisk-form (*) request-target with GET must be rejected", "scored": true, "durationMs": 50.3512, "rawRequest": "GET * HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-OPTIONS-STAR", "description": "OPTIONS * is the only valid asterisk-form request", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.4", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "OPTIONS * is the only valid asterisk-form request", "scored": true, "durationMs": 50.6326, "rawRequest": "OPTIONS * HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-UNKNOWN-TE-501", "description": "Unknown Transfer-Encoding without CL should be rejected with 501", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": null, "expected": "400/501 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400/501 or close, got TimedOut \u2014 Unknown Transfer-Encoding without CL should be rejected with 501", "scored": true, "durationMs": 5001.2737, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: gzip\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-LEADING-CRLF", "description": "Leading CRLF before request-line \u2014 server may ignore per RFC", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Leading CRLF before request-line \u2014 server may ignore per RFC", "scored": true, "durationMs": 50.4981, "rawRequest": "\r\n\r\nGET / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-ABSOLUTE-FORM", "description": "Absolute-form request-target \u2014 server should accept per RFC", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Absolute-form request-target \u2014 server should accept per RFC", "scored": true, "durationMs": 50.5966, "rawRequest": "GET http://localhost:8080/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-METHOD-CASE", "description": "Lowercase method 'get' \u2014 methods are case-sensitive per RFC", "category": "Compliance", "rfc": "RFC 9110 \u00a79.1", "verdict": "Fail", "statusCode": null, "expected": "400/405/501 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400/405/501 or 2xx, got TimedOut \u2014 Lowercase method 'get' \u2014 methods are case-sensitive per RFC", "scored": true, "durationMs": 5001.5791, "rawRequest": "get / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-POST-CL-BODY", "description": "POST with Content-Length and matching body must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "POST with Content-Length and matching body must be accepted", "scored": true, "durationMs": 51.0864, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-POST-CL-ZERO", "description": "POST with Content-Length: 0 and no body must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "POST with Content-Length: 0 and no body must be accepted", "scored": true, "durationMs": 50.5865, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-POST-NO-CL-NO-TE", "description": "POST with neither Content-Length nor Transfer-Encoding \u2014 implicit zero-length body", "category": "Compliance", "rfc": "RFC 9112 \u00a76.3", "verdict": "Pass", "statusCode": null, "expected": "2xx or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "POST with neither Content-Length nor Transfer-Encoding \u2014 implicit zero-length body", "scored": true, "durationMs": 5000.5495, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-POST-CL-UNDERSEND", "description": "POST with Content-Length: 10 but only 5 bytes sent \u2014 incomplete body", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "POST with Content-Length: 10 but only 5 bytes sent \u2014 incomplete body", "scored": true, "durationMs": 5000.7836, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 10\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-CHUNKED-BODY", "description": "Valid single-chunk POST must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid single-chunk POST must be accepted", "scored": true, "durationMs": 50.5449, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 15\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-MULTI", "description": "Valid multi-chunk POST must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid multi-chunk POST must be accepted", "scored": true, "durationMs": 50.9227, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n6\r\n world\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 26\r\n\r\n5\r\nhello\r\n6\r\n world\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-EMPTY", "description": "Zero-length chunked body (just terminator) must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "Zero-length chunked body (just terminator) must be accepted", "scored": true, "durationMs": 50.5233, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 5\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-NO-FINAL", "description": "Chunked body without zero terminator \u2014 incomplete transfer", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Chunked body without zero terminator \u2014 incomplete transfer", "scored": true, "durationMs": 5000.9442, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-UPGRADE-POST", "description": "WebSocket upgrade via POST must not be accepted", "category": "Compliance", "rfc": "RFC 6455 \u00a74.1", "verdict": "Fail", "statusCode": null, "expected": "!101", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected !101, got TimedOut \u2014 WebSocket upgrade via POST must not be accepted", "scored": true, "durationMs": 5000.3044, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 13\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-UPGRADE-MISSING-CONN", "description": "Upgrade header without Connection: Upgrade must not trigger protocol switch", "category": "Compliance", "rfc": "RFC 9110 \u00a77.8", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "Upgrade header without Connection: Upgrade must not trigger protocol switch", "scored": true, "durationMs": 50.7769, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 13\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-UPGRADE-UNKNOWN", "description": "Upgrade to unknown protocol must not return 101", "category": "Compliance", "rfc": "RFC 9110 \u00a77.8", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "Upgrade to unknown protocol must not return 101", "scored": true, "durationMs": 50.5844, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: totally-made-up/1.0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-METHOD-CONNECT", "description": "CONNECT to an origin server must be rejected", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.6", "verdict": "Fail", "statusCode": null, "expected": "400/405/501 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400/405/501 or close, got TimedOut \u2014 CONNECT to an origin server must be rejected", "scored": true, "durationMs": 5001.1693, "rawRequest": "CONNECT example.com:443 HTTP/1.1\r\nHost: example.com:443\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-EXPECT-UNKNOWN", "description": "Unknown Expect value should be rejected with 417", "category": "Compliance", "rfc": "RFC 9110 \u00a710.1.1", "verdict": "Warn", "statusCode": 200, "expected": "417 or 2xx", "got": "200", "connectionState": "Open", "reason": "Unknown Expect value should be rejected with 417", "scored": true, "durationMs": 50.5932, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nExpect: 200-ok\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-GET-WITH-CL-BODY", "description": "GET with Content-Length and body \u2014 semantically unusual", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "GET with Content-Length and body \u2014 semantically unusual", "scored": false, "durationMs": 50.4759, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-CHUNKED-EXTENSION", "description": "Chunk extension (valid per RFC) \u2014 server should accept or may reject", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx or 400", "got": "200", "connectionState": "Open", "reason": "Chunk extension (valid per RFC) \u2014 server should accept or may reject", "scored": true, "durationMs": 50.5498, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;ext=value\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 25\r\n\r\n5;ext=value\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-UPGRADE-INVALID-VER", "description": "WebSocket upgrade with unsupported version \u2014 should return 426", "category": "Compliance", "rfc": "RFC 6455 \u00a74.4", "verdict": "Warn", "statusCode": 200, "expected": "426 or 2xx", "got": "200", "connectionState": "Open", "reason": "WebSocket upgrade with unsupported version \u2014 should return 426", "scored": true, "durationMs": 50.6774, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 99\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-METHOD-TRACE", "description": "TRACE request \u2014 should be disabled in production", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.8", "verdict": "Warn", "statusCode": 200, "expected": "405/501 or 2xx", "got": "200", "connectionState": "Open", "reason": "TRACE request \u2014 should be disabled in production", "scored": false, "durationMs": 50.7116, "rawRequest": "TRACE / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HOST-EMPTY-VALUE", "description": "Empty Host header value must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Empty Host header value must be rejected", "scored": true, "durationMs": 50.5393, "rawRequest": "GET / HTTP/1.1\r\nHost: \r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-REQUEST-LINE-TAB", "description": "Tab as request-line delimiter \u2014 SHOULD reject but MAY parse on whitespace", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Tab as request-line delimiter \u2014 SHOULD reject but MAY parse on whitespace", "scored": true, "durationMs": 5000.5504, "rawRequest": "GET\t/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-VERSION-MISSING-MINOR", "description": "HTTP/1 with no minor version digit is invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 HTTP/1 with no minor version digit is invalid", "scored": true, "durationMs": 50.3927, "rawRequest": "GET / HTTP/1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-VERSION-LEADING-ZEROS", "description": "HTTP/01.01 \u2014 leading zeros in version digits are invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 HTTP/01.01 \u2014 leading zeros in version digits are invalid", "scored": true, "durationMs": 50.4493, "rawRequest": "GET / HTTP/01.01\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-VERSION-WHITESPACE", "description": "HTTP/ 1.1 \u2014 whitespace inside version token is invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 HTTP/ 1.1 \u2014 whitespace inside version token is invalid", "scored": true, "durationMs": 50.4873, "rawRequest": "GET / HTTP/ 1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-CONNECTION-CLOSE", "description": "Server must close connection after responding to Connection: close", "category": "Compliance", "rfc": "RFC 9112 \u00a79.3", "verdict": "Fail", "statusCode": 200, "expected": "2xx + close", "got": "200", "connectionState": "Open", "reason": "Expected 2xx + close, got 200 \u2014 Server must close connection after responding to Connection: close", "scored": true, "durationMs": 50.4874, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HTTP10-DEFAULT-CLOSE", "description": "HTTP/1.0 without keep-alive \u2014 server should close connection after response", "category": "Compliance", "rfc": "RFC 9112 \u00a79.3", "verdict": "Warn", "statusCode": 200, "expected": "2xx + close", "got": "200", "connectionState": "Open", "reason": "HTTP/1.0 without keep-alive \u2014 server should close connection after response", "scored": true, "durationMs": 50.3474, "rawRequest": "GET / HTTP/1.0\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HTTP10-NO-HOST", "description": "HTTP/1.0 without Host header \u2014 valid per HTTP/1.0", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Warn", "statusCode": 200, "expected": "200 or 400", "got": "200", "connectionState": "Open", "reason": "HTTP/1.0 without Host header \u2014 valid per HTTP/1.0", "scored": false, "durationMs": 50.4578, "rawRequest": "GET / HTTP/1.0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HTTP12-VERSION", "description": "HTTP/1.2 \u2014 higher minor version should be accepted as HTTP/1.x compatible", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Warn", "statusCode": 200, "expected": "200 or 505", "got": "200", "connectionState": "Open", "reason": "HTTP/1.2 \u2014 higher minor version should be accepted as HTTP/1.x compatible", "scored": false, "durationMs": 50.6558, "rawRequest": "GET / HTTP/1.2\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-TRACE-WITH-BODY", "description": "TRACE with Content-Length body should be rejected", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.8", "verdict": "Warn", "statusCode": 200, "expected": "400/405 or 200", "got": "200", "connectionState": "Open", "reason": "TRACE with Content-Length body should be rejected", "scored": false, "durationMs": 50.802, "rawRequest": "TRACE / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-CHUNKED-TRAILER-VALID", "description": "Valid chunked body with trailer field should be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid chunked body with trailer field should be accepted", "scored": true, "durationMs": 50.6864, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nX-Checksum: abc\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 32\r\n\r\n5\r\nhello\r\n0\r\nX-Checksum: abc\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-HEX-UPPERCASE", "description": "Chunk size with uppercase hex (A = 10) should be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Chunk size with uppercase hex (A = 10) should be accepted", "scored": true, "durationMs": 50.6547, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\nA\r\nhelloworld\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 20\r\n\r\nA\r\nhelloworld\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-TE-BOTH", "description": "Both Content-Length and Transfer-Encoding present \u2014 server MAY reject or process with TE alone", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Both Content-Length and Transfer-Encoding present \u2014 server MAY reject or process with TE alone", "scored": true, "durationMs": 5001.5699, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 6\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-DUPLICATE-CL", "description": "Duplicate Content-Length with different values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Duplicate Content-Length with different values must be rejected", "scored": true, "durationMs": 50.969, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nContent-Length: 10\r\n\r\nhelloworld", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 10\r\n\r\nhelloworld", "behavioralNote": "Body: Content-Length: 10\r\n\r\nhelloworld"}, {"id": "SMUG-CL-LEADING-ZEROS", "description": "Content-Length with leading zeros \u2014 valid per 1*DIGIT grammar but may cause parser disagreement", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with leading zeros \u2014 valid per 1*DIGIT grammar but may cause parser disagreement", "scored": true, "durationMs": 50.4794, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 005\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TE-XCHUNKED", "description": "Transfer-Encoding: xchunked must not be treated as chunked", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding: xchunked must not be treated as chunked", "scored": true, "durationMs": 50.605, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: xchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Body: Content-Length: 5\r\n\r\nhello"}, {"id": "SMUG-TE-TRAILING-SPACE", "description": "Transfer-Encoding: 'chunked ' (trailing space) must not be treated as chunked", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding: 'chunked ' (trailing space) must not be treated as chunked", "scored": true, "durationMs": 50.6944, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked \r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Body: Content-Length: 5\r\n\r\nhello"}, {"id": "SMUG-TE-SP-BEFORE-COLON", "description": "Transfer-Encoding with space before colon must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a75", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding with space before colon must be rejected", "scored": true, "durationMs": 50.4628, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding : chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Body: Content-Length: 5\r\n\r\nhello"}, {"id": "SMUG-CL-NEGATIVE", "description": "Negative Content-Length must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Negative Content-Length must be rejected", "scored": true, "durationMs": 50.3812, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: -1\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CLTE-PIPELINE", "description": "CL.TE smuggling probe \u2014 follow-up should not receive smuggled response", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 CL.TE smuggling probe \u2014 follow-up should not receive smuggled response", "scored": true, "durationMs": 0.4844, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 4\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 4\r\n\r\n0\r\n\r", "behavioralNote": null}, {"id": "SMUG-TECL-PIPELINE", "description": "TE.CL smuggling probe \u2014 TE: chunked + CL: 30 with pipelined GET", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or close, got TimedOut \u2014 TE.CL smuggling probe \u2014 TE: chunked + CL: 30 with pipelined GET", "scored": true, "durationMs": 5001.1093, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nContent-Length: 30\r\n\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CL-TRAILING-SPACE", "description": "Content-Length with trailing space \u2014 OWS trimming is valid per RFC 9110 \u00a75.5", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with trailing space \u2014 OWS trimming is valid per RFC 9110 \u00a75.5", "scored": true, "durationMs": 50.9841, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5 \r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-DOUBLE-CHUNKED", "description": "Transfer-Encoding: chunked, chunked with CL is ambiguous", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer-Encoding: chunked, chunked with CL is ambiguous", "scored": true, "durationMs": 50.3643, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked, chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Body: Content-Length: 5\r\n\r\nhello"}, {"id": "SMUG-CL-EXTRA-LEADING-SP", "description": "Content-Length with extra leading whitespace (double space OWS)", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with extra leading whitespace (double space OWS)", "scored": true, "durationMs": 50.4987, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length:  5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TE-CASE-MISMATCH", "description": "Transfer-Encoding: Chunked (capital C) with CL \u2014 case-insensitive is valid", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer-Encoding: Chunked (capital C) with CL \u2014 case-insensitive is valid", "scored": true, "durationMs": 50.427, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: Chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Body: Content-Length: 5\r\n\r\nhello"}, {"id": "SMUG-CL-COMMA-DIFFERENT", "description": "Content-Length with comma-separated different values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with comma-separated different values must be rejected", "scored": true, "durationMs": 50.2745, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5, 10\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-NOT-FINAL-CHUNKED", "description": "Transfer-Encoding where chunked is not final \u2014 server MUST respond with 400 (RFC 9112 \u00a76.3)", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.3", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding where chunked is not final \u2014 server MUST respond with 400 (RFC 9112 \u00a76.3)", "scored": true, "durationMs": 50.2333, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked, gzip\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 5\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-HTTP10", "description": "Transfer-Encoding in HTTP/1.0 request must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding in HTTP/1.0 request must be rejected", "scored": true, "durationMs": 50.3484, "rawRequest": "POST / HTTP/1.0\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Body: Content-Length: 5\r\n\r\nhello"}, {"id": "SMUG-CHUNK-BARE-SEMICOLON", "description": "Chunk size with bare semicolon and no extension name must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Chunk size with bare semicolon and no extension name must be rejected", "scored": true, "durationMs": 50.3925, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 16\r\n\r\n5;\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-BARE-CR-HEADER-VALUE", "description": "Bare CR in header value must be rejected or replaced with SP", "category": "Smuggling", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare CR in header value must be rejected or replaced with SP", "scored": true, "durationMs": 50.3286, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nX-Test: val\rue\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-OCTAL", "description": "Content-Length with octal prefix (0o5) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with octal prefix (0o5) must be rejected", "scored": true, "durationMs": 50.3789, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0o5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-UNDERSCORE", "description": "Chunk size with underscores (1_0) must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Chunk size with underscores (1_0) must be rejected", "scored": true, "durationMs": 50.3412, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n1_0\r\nhello world!!!!!\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 28\r\n\r\n1_0\r\nhello world!!!!!\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-EMPTY-VALUE", "description": "Transfer-Encoding with empty value must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Transfer-Encoding with empty value must be rejected", "scored": true, "durationMs": 5000.4025, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-LEADING-COMMA", "description": "Transfer-Encoding with leading comma (, chunked) \u2014 RFC says empty list elements MUST be ignored", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.6.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer-Encoding with leading comma (, chunked) \u2014 RFC says empty list elements MUST be ignored", "scored": true, "durationMs": 50.7948, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: , chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Body: Content-Length: 5\r\n\r\nhello"}, {"id": "SMUG-TE-DUPLICATE-HEADERS", "description": "Two Transfer-Encoding headers with CL present \u2014 ambiguous framing", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Two Transfer-Encoding headers with CL present \u2014 ambiguous framing", "scored": true, "durationMs": 50.732, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nTransfer-Encoding: identity\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Body: Content-Length: 5\r\n\r\nhello"}, {"id": "SMUG-CHUNK-HEX-PREFIX", "description": "Chunk size with 0x prefix must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Chunk size with 0x prefix must be rejected", "scored": true, "durationMs": 50.6196, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n0x5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 17\r\n\r\n0x5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-HEX-PREFIX", "description": "Content-Length with hex prefix (0x5) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with hex prefix (0x5) must be rejected", "scored": true, "durationMs": 50.7224, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0x5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-INTERNAL-SPACE", "description": "Content-Length with internal space (1 0) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with internal space (1 0) must be rejected", "scored": true, "durationMs": 50.4991, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 1 0\r\n\r\nhello12345", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-LEADING-SP", "description": "Chunk size with leading space must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Chunk size with leading space must be rejected", "scored": true, "durationMs": 50.5771, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n 5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 16\r\n\r\n 5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-MISSING-TRAILING-CRLF", "description": "Chunk data without trailing CRLF must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Chunk data without trailing CRLF must be rejected", "scored": true, "durationMs": 50.6041, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 13\r\n\r\n5\r\nhello0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-LF", "description": "Bare LF in chunk extension \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Bare LF in chunk extension \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 50.7357, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 15\r\n\r\n5;\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-SPILL", "description": "Chunk declares size 5 but sends 7 bytes \u2014 oversized chunk data must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Chunk declares size 5 but sends 7 bytes \u2014 oversized chunk data must be rejected", "scored": true, "durationMs": 50.9336, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello!!\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 17\r\n\r\n5\r\nhello!!\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-LF-TERM", "description": "Bare LF as chunk data terminator \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Bare LF as chunk data terminator \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 50.8636, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 14\r\n\r\n5\r\nhello\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-CTRL", "description": "NUL byte in chunk extension must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 NUL byte in chunk extension must be rejected", "scored": true, "durationMs": 50.7226, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\u0000ext\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 20\r\n\r\n5;\u0000ext\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-CR", "description": "Bare CR (not CRLF) in chunk extension \u2014 some parsers treat CR alone as line ending", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Bare CR (not CRLF) in chunk extension \u2014 some parsers treat CR alone as line ending", "scored": true, "durationMs": 50.7314, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;a\rX\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 19\r\n\r\n5;a\rX\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-VTAB", "description": "Vertical tab before 'chunked' in TE value \u2014 control char obfuscation vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Vertical tab before 'chunked' in TE value \u2014 control char obfuscation vector", "scored": true, "durationMs": 50.7689, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \u000bchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Body: Content-Length: 5\r\n\r\nhello"}, {"id": "SMUG-TE-FORMFEED", "description": "Form feed before 'chunked' in TE value \u2014 control char obfuscation vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Form feed before 'chunked' in TE value \u2014 control char obfuscation vector", "scored": true, "durationMs": 50.6859, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \fchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Body: Content-Length: 5\r\n\r\nhello"}, {"id": "SMUG-TE-NULL", "description": "NUL byte appended to 'chunked' in TE value \u2014 C-string truncation attack", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 NUL byte appended to 'chunked' in TE value \u2014 C-string truncation attack", "scored": true, "durationMs": 50.6594, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\u0000\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Body: Content-Length: 5\r\n\r\nhello"}, {"id": "SMUG-CHUNK-LF-TRAILER", "description": "Bare LF in chunked trailer termination \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Bare LF in chunked trailer termination \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 5000.9136, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-IDENTITY", "description": "Transfer-Encoding: identity (deprecated) with CL must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding: identity (deprecated) with CL must be rejected", "scored": true, "durationMs": 50.5865, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: identity\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Body: Content-Length: 5\r\n\r\nhello"}, {"id": "SMUG-CHUNK-NEGATIVE", "description": "Negative chunk size must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Negative chunk size must be rejected", "scored": true, "durationMs": 50.5641, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n-1\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 16\r\n\r\n-1\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRANSFER_ENCODING", "description": "Transfer_Encoding (underscore) header with CL \u2014 not a valid header but some parsers accept", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer_Encoding (underscore) header with CL \u2014 not a valid header but some parsers accept", "scored": false, "durationMs": 50.4299, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer_Encoding: chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Body: Content-Length: 5\r\n\r\nhello"}, {"id": "SMUG-CL-COMMA-SAME", "description": "Content-Length with comma-separated identical values \u2014 some servers merge", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with comma-separated identical values \u2014 some servers merge", "scored": false, "durationMs": 50.4173, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5, 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNKED-WITH-PARAMS", "description": "Transfer-Encoding: chunked;ext=val \u2014 parameters on chunked encoding", "category": "Smuggling", "rfc": "RFC 9112 \u00a77", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer-Encoding: chunked;ext=val \u2014 parameters on chunked encoding", "scored": true, "durationMs": 50.5059, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked;ext=val\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Body: Content-Length: 5\r\n\r\nhello"}, {"id": "SMUG-EXPECT-100-CL", "description": "Expect: 100-continue with Content-Length \u2014 server should send 100 then read body", "category": "Smuggling", "rfc": "RFC 9110 \u00a710.1.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Expect: 100-continue with Content-Length \u2014 server should send 100 then read body", "scored": false, "durationMs": 50.5028, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nExpect: 100-continue\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TRAILER-CL", "description": "Content-Length in chunked trailers must be ignored \u2014 prohibited trailer field", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length in chunked trailers must be ignored \u2014 prohibited trailer field", "scored": false, "durationMs": 50.6183, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nContent-Length: 50\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 35\r\n\r\n5\r\nhello\r\n0\r\nContent-Length: 50\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-TE", "description": "Transfer-Encoding in chunked trailers must be ignored \u2014 prohibited trailer field", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer-Encoding in chunked trailers must be ignored \u2014 prohibited trailer field", "scored": false, "durationMs": 50.3602, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nTransfer-Encoding: chunked\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 43\r\n\r\n5\r\nhello\r\n0\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-HOST", "description": "Host header in chunked trailers must not be used for routing", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Host header in chunked trailers must not be used for routing", "scored": false, "durationMs": 50.316, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nHost: evil.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 39\r\n\r\n5\r\nhello\r\n0\r\nHost: evil.example.com\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-AUTH", "description": "Authorization header in chunked trailers \u2014 prohibited per RFC 9110 \u00a76.5.1", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Authorization header in chunked trailers \u2014 prohibited per RFC 9110 \u00a76.5.1", "scored": false, "durationMs": 50.4099, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nAuthorization: Bearer evil\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 43\r\n\r\n5\r\nhello\r\n0\r\nAuthorization: Bearer evil\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-HEAD-CL-BODY", "description": "HEAD request with Content-Length and body \u2014 server must not leave body on connection", "category": "Smuggling", "rfc": "RFC 9110 \u00a79.3.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "HEAD request with Content-Length and body \u2014 server must not leave body on connection", "scored": false, "durationMs": 50.3459, "rawRequest": "HEAD / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "SMUG-OPTIONS-CL-BODY", "description": "OPTIONS with Content-Length and body \u2014 server should consume or reject body", "category": "Smuggling", "rfc": "RFC 9110 \u00a79.3.7", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "OPTIONS with Content-Length and body \u2014 server should consume or reject body", "scored": false, "durationMs": 50.4016, "rawRequest": "OPTIONS / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "SMUG-CL-UNDERSCORE", "description": "Content-Length with underscore digit separator (1_0) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with underscore digit separator (1_0) must be rejected", "scored": true, "durationMs": 50.3477, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 1_0\r\n\r\nhelloworld", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-NEGATIVE-ZERO", "description": "Content-Length: -0 must be rejected \u2014 not valid 1*DIGIT", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length: -0 must be rejected \u2014 not valid 1*DIGIT", "scored": true, "durationMs": 50.4989, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: -0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-DOUBLE-ZERO", "description": "Content-Length: 00 \u2014 matches 1*DIGIT but leading zero ambiguity", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length: 00 \u2014 matches 1*DIGIT but leading zero ambiguity", "scored": true, "durationMs": 50.4322, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 00\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "SMUG-CL-LEADING-ZEROS-OCTAL", "description": "Content-Length: 0200 \u2014 octal 128 vs decimal 200, parser disagreement vector", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length: 0200 \u2014 octal 128 vs decimal 200, parser disagreement vector", "scored": true, "durationMs": 50.5358, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0200\r\n\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 200\r\n\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "behavioralNote": null}, {"id": "SMUG-TE-OBS-FOLD", "description": "Transfer-Encoding with obs-fold line wrapping must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a75.1", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "Open", "reason": "Expected 400, got 200 \u2014 Transfer-Encoding with obs-fold line wrapping must be rejected", "scored": true, "durationMs": 50.547, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding:\r\n chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Body: Content-Length: 5\r\n\r\nhello"}, {"id": "SMUG-TE-TRAILING-COMMA", "description": "Transfer-Encoding: chunked, \u2014 trailing comma produces empty list element", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.6.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer-Encoding: chunked, \u2014 trailing comma produces empty list element", "scored": true, "durationMs": 50.7201, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked,\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Body: Content-Length: 5\r\n\r\nhello"}, {"id": "SMUG-TE-TAB-BEFORE-VALUE", "description": "Transfer-Encoding with tab as OWS before value", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer-Encoding with tab as OWS before value", "scored": false, "durationMs": 50.4874, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding:\tchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Body: Content-Length: 5\r\n\r\nhello"}, {"id": "SMUG-ABSOLUTE-URI-HOST-MISMATCH", "description": "Absolute-form URI with different Host header \u2014 routing confusion vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a73.2.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Absolute-form URI with different Host header \u2014 routing confusion vector", "scored": false, "durationMs": 51.5216, "rawRequest": "GET http://other.example.com/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "SMUG-MULTIPLE-HOST-COMMA", "description": "Host header with comma-separated values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a77.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Host header with comma-separated values must be rejected", "scored": true, "durationMs": 50.3366, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080, other.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "SMUG-CHUNK-BARE-CR-TERM", "description": "Chunk size line terminated by bare CR \u2014 not a valid line terminator", "category": "Smuggling", "rfc": "RFC 9112 \u00a72.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Chunk size line terminated by bare CR \u2014 not a valid line terminator", "scored": true, "durationMs": 50.3992, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\rhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 14\r\n\r\n5\rhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-CONTENT-TYPE", "description": "Content-Type in chunked trailer \u2014 prohibited per RFC 9110 \u00a76.5.1", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Type in chunked trailer \u2014 prohibited per RFC 9110 \u00a76.5.1", "scored": false, "durationMs": 50.4944, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nContent-Type: text/evil\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 40\r\n\r\n5\r\nhello\r\n0\r\nContent-Type: text/evil\r\n\r\n", "behavioralNote": null}, {"id": "MAL-BINARY-GARBAGE", "description": "Random binary garbage should be rejected or connection closed", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Random binary garbage should be rejected or connection closed", "scored": true, "durationMs": 5001.1692, "rawRequest": ">\u0017???\u0004?;???V???:o?M%U\u0017]?n?\t\u0014W??6??(\u000b??\u0007???p??\u0005\tngk??\rF?'??'\"?????g?\u001a?????rvc??7i??????)??\u0000Q?????\u000eq\u0005-~????>B??u?8???`\u000b?J\u0017>?\u001d?b?\t???T5{\n????\u0006t|????\u0018\u0010?D??\u0015'????dQ%5w\tN K???\r?\u0011????D?\u0003I?(?\u0011??\r?\u001bi?L???\u0005?kg4Ze\f6??\"QT><<`\u0007u\f????=1?jMah\u0012??+?-??J\u001cP??\u001d?7?,???j2\u0014????(", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-LONG-URL", "description": "100KB URL should be rejected with 414 URI Too Long", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400/414/431 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400/414/431 or close, got 200 \u2014 100KB URL should be rejected with 414 URI Too Long", "scored": true, "durationMs": 51.0049, "rawRequest": "GET /AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-LONG-HEADER-VALUE", "description": "100KB header value should be rejected with 431", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400/431 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400/431 or close, got 200 \u2014 100KB header value should be rejected with 431", "scored": true, "durationMs": 50.808, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Big: BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-MANY-HEADERS", "description": "10,000 headers should be rejected with 431", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400/431 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400/431 or close, got 200 \u2014 10,000 headers should be rejected with 431", "scored": true, "durationMs": 52.2522, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-H-0: value\r\nX-H-1: value\r\nX-H-2: value\r\nX-H-3: value\r\nX-H-4: value\r\nX-H-5: value\r\nX-H-6: value\r\nX-H-7: value\r\nX-H-8: value\r\nX-H-9: value\r\nX-H-10: value\r\nX-H-11: value\r\nX-H-12: value\r\nX-H-13: value\r\nX-H-14: value\r\nX-H-15: value\r\nX-H-16: value\r\nX-H-17: value\r\nX-H-18: value\r\nX-H-19: value\r\nX-H-20: value\r\nX-H-21: value\r\nX-H-22: value\r\nX-H-23: value\r\nX-H-24: value\r\nX-H-25: value\r\nX-H-26: value\r\nX-H-27: value\r\nX-H-28: value\r\nX-H-29: value\r\nX-H-30: value\r\nX-H-31: value\r\nX-H-32: value\r\nX-H-33: value\r\nX-H-34: value\r\nX-H-35: value\r\nX-H-36: value\r\nX-H-37: value\r\nX-H-38: value\r\nX-H-39: value\r\nX-H-40: value\r\nX-H-41: value\r\nX-H-42: value\r\nX-H-43: value\r\nX-H-44: value\r\nX-H-45: value\r\nX-H-46: value\r\nX-H-47: value\r\nX-H-48: value\r\nX-H-49: value\r\nX-H-50: value\r\nX-H-51: value\r\nX-H-52: value\r\nX-H-53: value\r\nX-H-54: value\r\nX-H-55: value\r\nX-H-56: value\r\nX-H-57: value\r\nX-H-58: value\r\nX-H-59: value\r\nX-H-60: value\r\nX-H-61: value\r\nX-H-62: value\r\nX-H-63: value\r\nX-H-64: value\r\nX-H-65: value\r\nX-H-66: value\r\nX-H-67: value\r\nX-H-68: value\r\nX-H-69: value\r\nX-H-70: value\r\nX-H-71: value\r\nX-H-72: value\r\nX-H-73: value\r\nX-H-74: value\r\nX-H-75: value\r\nX-H-76: value\r\nX-H-77: value\r\nX-H-78: value\r\nX-H-79: value\r\nX-H-80: value\r\nX-H-81: value\r\nX-H-82: value\r\nX-H-83: value\r\nX-H-84: value\r\nX-H-85: value\r\nX-H-86: value\r\nX-H-87: value\r\nX-H-88: value\r\nX-H-89: value\r\nX-H-90: value\r\nX-H-91: value\r\nX-H-92: value\r\nX-H-93: value\r\nX-H-94: value\r\nX-H-95: value\r\nX-H-96: value\r\nX-H-97: value\r\nX-H-98: value\r\nX-H-99: value\r\nX-H-100: value\r\nX-H-101: value\r\nX-H-102: value\r\nX-H-103: value\r\nX-H-104: value\r\nX-H-105: value\r\nX-H-106: value\r\nX-H-107: value\r\nX-H-108: value\r\nX-H-109: value\r\nX-H-110: value\r\nX-H-111: value\r\nX-H-112: value\r\nX-H-113: value\r\nX-H-114: value\r\nX-H-115: value\r\nX-H-116: value\r\nX-H-117: value\r\nX-H-118: value\r\nX-H-119: value\r\nX-H-120: value\r\nX-H-121: value\r\nX-H-122: value\r\nX-H-123: value\r\nX-H-124: value\r\nX-H-125: value\r\nX-H-126: value\r\nX-H-127: value\r\nX-H-128: value\r\nX-H-129: value\r\nX-H-130: value\r\nX-H-131: value\r\nX-H-132: value\r\nX-H-133: value\r\nX-H-134: value\r\nX-H-135: value\r\nX-H-136: value\r\nX-H-137: value\r\nX-H-138: value\r\nX-H-139: value\r\nX-H-140: value\r\nX-H-141: value\r\nX-H-142: value\r\nX-H-143: value\r\nX-H-144: value\r\nX-H-145: value\r\nX-H-146: value\r\nX-H-147: value\r\nX-H-148: value\r\nX-H-149: value\r\nX-H-150: value\r\nX-H-151: value\r\nX-H-152: value\r\nX-H-153: value\r\nX-H-154: value\r\nX-H-155: value\r\nX-H-156: value\r\nX-H-157: value\r\nX-H-158: value\r\nX-H-159: value\r\nX-H-160: value\r\nX-H-161: value\r\nX-H-162: value\r\nX-H-163: value\r\nX-H-164: value\r\nX-H-165: value\r\nX-H-166: value\r\nX-H-167: value\r\nX-H-168: value\r\nX-H-169: value\r\nX-H-170: value\r\nX-H-171: value\r\nX-H-172: value\r\nX-H-173: value\r\nX-H-174: value\r\nX-H-175: value\r\nX-H-176: value\r\nX-H-177: value\r\nX-H-178: value\r\nX-H-179: value\r\nX-H-180: value\r\nX-H-181: value\r\nX-H-182: value\r\nX-H-183: value\r\nX-H-184: value\r\nX-H-185: value\r\nX-H-186: value\r\nX-H-187: value\r\nX-H-188: value\r\nX-H-189: value\r\nX-H-190: value\r\nX-H-191: value\r\nX-H-192: value\r\nX-H-193: value\r\nX-H-194: value\r\nX-H-195: value\r\nX-H-196: value\r\nX-H-197: value\r\nX-H-198: value\r\nX-H-199: value\r\nX-H-200: value\r\nX-H-201: value\r\nX-H-202: value\r\nX-H-203: value\r\nX-H-204: value\r\nX-H-205: value\r\nX-H-206: value\r\nX-H-207: value\r\nX-H-208: value\r\nX-H-209: value\r\nX-H-210: value\r\nX-H-211: value\r\nX-H-212: value\r\nX-H-213: value\r\nX-H-214: value\r\nX-H-215: value\r\nX-H-216: value\r\nX-H-217: value\r\nX-H-218: value\r\nX-H-219: value\r\nX-H-220: value\r\nX-H-221: value\r\nX-H-222: value\r\nX-H-223: value\r\nX-H-224: value\r\nX-H-225: value\r\nX-H-226: value\r\nX-H-227: value\r\nX-H-228: value\r\nX-H-229: value\r\nX-H-230: value\r\nX-H-231: value\r\nX-H-232: value\r\nX-H-233: value\r\nX-H-234: value\r\nX-H-235: value\r\nX-H-236: value\r\nX-H-237: value\r\nX-H-238: value\r\nX-H-239: value\r\nX-H-240: value\r\nX-H-241: value\r\nX-H-242: value\r\nX-H-243: value\r\nX-H-244: value\r\nX-H-245: value\r\nX-H-246: value\r\nX-H-247: value\r\nX-H-248: value\r\nX-H-249: value\r\nX-H-250: value\r\nX-H-251: value\r\nX-H-252: value\r\nX-H-253: value\r\nX-H-254: value\r\nX-H-255: value\r\nX-H-256: value\r\nX-H-257: value\r\nX-H-258: value\r\nX-H-259: value\r\nX-H-260: value\r\nX-H-261: value\r\nX-H-262: value\r\nX-H-263: value\r\nX-H-264: value\r\nX-H-265: value\r\nX-H-266: value\r\nX-H-267: value\r\nX-H-268: value\r\nX-H-269: value\r\nX-H-270: value\r\nX-H-271: value\r\nX-H-272: value\r\nX-H-273: value\r\nX-H-274: value\r\nX-H-275: value\r\nX-H-276: value\r\nX-H-277: value\r\nX-H-278: value\r\nX-H-279: value\r\nX-H-280: value\r\nX-H-281: value\r\nX-H-282: value\r\nX-H-283: value\r\nX-H-284: value\r\nX-H-285: value\r\nX-H-286: value\r\nX-H-287: value\r\nX-H-288: value\r\nX-H-289: value\r\nX-H-290: value\r\nX-H-291: value\r\nX-H-292: value\r\nX-H-293: value\r\nX-H-294: value\r\nX-H-295: value\r\nX-H-296: value\r\nX-H-297: value\r\nX-H-298: value\r\nX-H-299: value\r\nX-H-300: value\r\nX-H-301: value\r\nX-H-302: value\r\nX-H-303: value\r\nX-H-304: value\r\nX-H-305: value\r\nX-H-306: value\r\nX-H-307: value\r\nX-H-308: value\r\nX-H-309: value\r\nX-H-310: value\r\nX-H-311: value\r\nX-H-312: value\r\nX-H-313: value\r\nX-H-314: value\r\nX-H-315: value\r\nX-H-316: value\r\nX-H-317: value\r\nX-H-318: value\r\nX-H-319: value\r\nX-H-320: value\r\nX-H-321: value\r\nX-H-322: value\r\nX-H-323: value\r\nX-H-324: value\r\nX-H-325: value\r\nX-H-326: value\r\nX-H-327: value\r\nX-H-328: value\r\nX-H-329: value\r\nX-H-330: value\r\nX-H-331: value\r\nX-H-332: value\r\nX-H-333: value\r\nX-H-334: value\r\nX-H-335: value\r\nX-H-336: value\r\nX-H-337: value\r\nX-H-338: value\r\nX-H-339: value\r\nX-H-340: value\r\nX-H-341: value\r\nX-H-342: value\r\nX-H-343: value\r\nX-H-344: value\r\nX-H-345: value\r\nX-H-346: value\r\nX-H-347: value\r\nX-H-348: value\r\nX-H-349: value\r\nX-H-350: value\r\nX-H-351: value\r\nX-H-352: value\r\nX-H-353: value\r\nX-H-354: value\r\nX-H-355: value\r\nX-H-356: value\r\nX-H-357: value\r\nX-H-358: value\r\nX-H-359: value\r\nX-H-360: value\r\nX-H-361: value\r\nX-H-362: value\r\nX-H-363: value\r\nX-H-364: value\r\nX-H-365: value\r\nX-H-366: value\r\nX-H-367: value\r\nX-H-368: value\r\nX-H-369: value\r\nX-H-370: value\r\nX-H-371: value\r\nX-H-372: value\r\nX-H-373: value\r\nX-H-374: value\r\nX-H-375: value\r\nX-H-376: value\r\nX-H-377: value\r\nX-H-378: value\r\nX-H-379: value\r\nX-H-380: value\r\nX-H-381: value\r\nX-H-382: value\r\nX-H-383: value\r\nX-H-384: value\r\nX-H-385: value\r\nX-H-386: value\r\nX-H-387: value\r\nX-H-388: value\r\nX-H-389: value\r\nX-H-390: value\r\nX-H-391: value\r\nX-H-392: value\r\nX-H-393: value\r\nX-H-394: value\r\nX-H-395: value\r\nX-H-396: value\r\nX-H-397: value\r\nX-H-398: value\r\nX-H-399: value\r\nX-H-400: value\r\nX-H-401: value\r\nX-H-402: value\r\nX-H-403: value\r\nX-H-404: value\r\nX-H-405: value\r\nX-H-406: value\r\nX-H-407: value\r\nX-H-408: value\r\nX-H-409: value\r\nX-H-410: value\r\nX-H-411: value\r\nX-H-412: value\r\nX-H-413: value\r\nX-H-414: value\r\nX-H-415: value\r\nX-H-416: value\r\nX-H-417: value\r\nX-H-418: value\r\nX-H-419: value\r\nX-H-420: value\r\nX-H-421: value\r\nX-H-422: value\r\nX-H-423: value\r\nX-H-424: value\r\nX-H-425: value\r\nX-H-426: value\r\nX-H-427: value\r\nX-H-428: value\r\nX-H-429: value\r\nX-H-430: value\r\nX-H-431: value\r\nX-H-432: value\r\nX-H-433: value\r\nX-H-434: value\r\nX-H-435: value\r\nX-H-436: value\r\nX-H-437: value\r\nX-H-438: value\r\nX-H-439: value\r\nX-H-440: value\r\nX-H-441: value\r\nX-H-442: value\r\nX-H-443: value\r\nX-H-444: value\r\nX-H-445: value\r\nX-H-446: value\r\nX-H-447: value\r\nX-H-448: value\r\nX-H-449: value\r\nX-H-450: value\r\nX-H-451: value\r\nX-H-452: value\r\nX-H-453: value\r\nX-H-454: value\r\nX-H-455: value\r\nX-H-456: value\r\nX-H-457: value\r\nX-H-458: value\r\nX-H-459: value\r\nX-H-460: value\r\nX-H-461: value\r\nX-H-462: value\r\nX-H-463: value\r\nX-H-464: value\r\nX-H-465: value\r\nX-H-466: value\r\nX-H-467: value\r\nX-H-468: value\r\nX-H-469: value\r\nX-H-470: value\r\nX-H-471: value\r\nX-H-472: value\r\nX-H-473: value\r\nX-H-474: value\r\nX-H-475: value\r\nX-H-476: value\r\nX-H-477: value\r\nX-H-478: value\r\nX-H-479: value\r\nX-H-480: value\r\nX-H-481: value\r\nX-H-482: value\r\nX-H-483: value\r\nX-H-484: value\r\nX-H-485: value\r\nX-H-486: value\r\nX-H-487: value\r\nX-H-488: value\r\nX-H-489: value\r\nX-H-490: value\r\nX-H-491: value\r\nX-H-492: value\r\nX-H-493: value\r\nX-H-494: value\r\nX-H-495: value\r\nX-H-496: value\r\nX-H-497: value\r\nX-H-498: value\r\nX-H-499: value\r\nX-H-500: value\r\nX-H-501: value\r\nX-H-502: value\r\nX-H-503: value\r\nX-H-504: value\r\nX-H-505: value\r\nX-H-506: value\r\nX-H-507: value\r\nX-H-508: value\r\nX-H-509: value\r\nX-H-510: value\r\nX-H-511: value\r\nX-H-512: value\r\nX-H-513: value\r\nX-H-514: value\r\nX-H-515: value\r\nX-H-516:", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-NUL-IN-URL", "description": "NUL byte in URL should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 NUL byte in URL should be rejected", "scored": true, "durationMs": 50.3462, "rawRequest": "GET /\u0000test HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-CONTROL-CHARS-HEADER", "description": "Control characters in header value should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Control characters in header value should be rejected", "scored": true, "durationMs": 50.3888, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: abc\u0007\b?f\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-INCOMPLETE-REQUEST", "description": "Partial HTTP request \u2014 request-line and headers but no final CRLF", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Partial HTTP request \u2014 request-line and headers but no final CRLF", "scored": true, "durationMs": 5000.6353, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: value", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-EMPTY-REQUEST", "description": "Zero bytes \u2014 TCP connection established without sending any data", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Zero bytes \u2014 TCP connection established without sending any data", "scored": true, "durationMs": 5000.5708, "rawRequest": "", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-LONG-HEADER-NAME", "description": "100KB header name should be rejected with 400/431", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400/431 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400/431 or close, got 200 \u2014 100KB header name should be rejected with 400/431", "scored": true, "durationMs": 51.4913, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-LONG-METHOD", "description": "100KB method name should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or close, got TimedOut \u2014 100KB method name should be rejected", "scored": true, "durationMs": 5000.5432, "rawRequest": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-NON-ASCII-HEADER-NAME", "description": "Non-ASCII bytes (UTF-8 \u00eb) in header name must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Non-ASCII bytes (UTF-8 \u00eb) in header name must be rejected", "scored": true, "durationMs": 50.3934, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-T??st: value\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-NON-ASCII-URL", "description": "Non-ASCII bytes (UTF-8 \u00e9) in URL must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Non-ASCII bytes (UTF-8 \u00e9) in URL must be rejected", "scored": true, "durationMs": 50.411, "rawRequest": "GET /caf?? HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-CL-OVERFLOW", "description": "Content-Length with integer overflow value must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Content-Length with integer overflow value must be rejected", "scored": true, "durationMs": 5000.2636, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 99999999999999999999\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-WHITESPACE-ONLY-LINE", "description": "Whitespace-only request line should be rejected or timeout", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Whitespace-only request line should be rejected or timeout", "scored": true, "durationMs": 5000.2703, "rawRequest": "   \r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-NUL-IN-HEADER-VALUE", "description": "NUL byte in header value should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 NUL byte in header value should be rejected", "scored": true, "durationMs": 50.4229, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: val\u0000ue\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-CHUNK-SIZE-OVERFLOW", "description": "Chunk size with integer overflow must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Chunk size with integer overflow must be rejected", "scored": true, "durationMs": 50.3448, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\nFFFFFFFFFFFFFFFF0\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 31\r\n\r\nFFFFFFFFFFFFFFFF0\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-H2-PREFACE", "description": "HTTP/2 connection preface sent to HTTP/1.1 server must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400/505/close/timeout", "got": "200", "connectionState": "Open", "reason": "Expected 400/505/close/timeout, got 200 \u2014 HTTP/2 connection preface sent to HTTP/1.1 server must be rejected", "scored": true, "durationMs": 50.4745, "rawRequest": "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-CL-EMPTY", "description": "Empty Content-Length value must be rejected", "category": "MalformedInput", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Empty Content-Length value must be rejected", "scored": true, "durationMs": 5000.5358, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: \r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-CL-TAB-BEFORE-VALUE", "description": "Content-Length with tab as OWS \u2014 valid per RFC but unusual", "category": "MalformedInput", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with tab as OWS \u2014 valid per RFC but unusual", "scored": true, "durationMs": 50.6308, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length:\t5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "MAL-URL-BACKSLASH", "description": "Backslash in URL path \u2014 not valid URI character, some servers normalize to /", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx/404", "got": "200", "connectionState": "Open", "reason": "Backslash in URL path \u2014 not valid URI character, some servers normalize to /", "scored": true, "durationMs": 50.8525, "rawRequest": "GET /path\\file HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-URL-OVERLONG-UTF8", "description": "Overlong UTF-8 encoding of / (0xC0 0xAF) in URL must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Overlong UTF-8 encoding of / (0xC0 0xAF) in URL must be rejected", "scored": true, "durationMs": 51.3225, "rawRequest": "GET /?? HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-URL-PERCENT-NULL", "description": "Percent-encoded NUL byte (%00) in URL \u2014 security risk from null byte injection", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx/404", "got": "200", "connectionState": "Open", "reason": "Percent-encoded NUL byte (%00) in URL \u2014 security risk from null byte injection", "scored": true, "durationMs": 49.6858, "rawRequest": "GET /path%00.html HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-URL-PERCENT-CRLF", "description": "Percent-encoded CRLF (%0d%0a) in URL \u2014 header injection if server decodes during parsing", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx/404", "got": "200", "connectionState": "Open", "reason": "Percent-encoded CRLF (%0d%0a) in URL \u2014 header injection if server decodes during parsing", "scored": true, "durationMs": 50.7989, "rawRequest": "GET /path%0d%0aX-Injected:%20true HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-CHUNK-EXT-64K", "description": "64KB chunk extension \u2014 tests extension length limits (CVE-2023-39326 class)", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "64KB chunk extension \u2014 tests extension length limits (CVE-2023-39326 class)", "scored": true, "durationMs": 51.9701, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;ext=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 65556\r\n\r\n5;ext=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "behavioralNote": null}, {"id": "MAL-RANGE-OVERLAPPING", "description": "1000 overlapping Range values \u2014 resource exhaustion vector (CVE-2011-3192 class)", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "200/206/400/416", "got": "200", "connectionState": "Open", "reason": "1000 overlapping Range values \u2014 resource exhaustion vector (CVE-2011-3192 class)", "scored": false, "durationMs": 51.595, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nRange: bytes=0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-POST-CL-HUGE-NO-BODY", "description": "POST with Content-Length: 999999999 but no body \u2014 tests timeout vs memory allocation", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "POST with Content-Length: 999999999 but no body \u2014 tests timeout vs memory allocation", "scored": true, "durationMs": 5000.8277, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 999999999\r\n\r\n", "rawResponse": null, "behavioralNote": null}], "name": "NetCoreServer", "language": "C#"}, {"summary": {"total": 143, "scored": 125, "passed": 75, "failed": 32, "warnings": 18, "unscored": 18}, "results": [{"id": "COMP-BASELINE", "description": "Valid GET request \u2014 confirms server is reachable", "category": "Compliance", "rfc": null, "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid GET request \u2014 confirms server is reachable", "scored": true, "durationMs": 63.5033, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:55 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-2.2-BARE-LF-REQUEST-LINE", "description": "Bare LF in request line should be rejected, but MAY be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or close (pass), 2xx (warn)", "got": "200", "connectionState": "Open", "reason": "Bare LF in request line should be rejected, but MAY be accepted", "scored": true, "durationMs": 51.3799, "rawRequest": "GET / HTTP/1.1\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:55 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-2.2-BARE-LF-HEADER", "description": "Bare LF in header should be rejected, but MAY be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or close (pass), 2xx (warn)", "got": "200", "connectionState": "Open", "reason": "Bare LF in header should be rejected, but MAY be accepted", "scored": true, "durationMs": 50.5625, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\nX-Test: value\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:55 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-5.1-OBS-FOLD", "description": "Obs-fold (line folding) in headers should be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75.1", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Obs-fold (line folding) in headers should be rejected", "scored": true, "durationMs": 50.5445, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: value\r\n continued\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:55 GMT\r\nContent-Length: 34\r\nConnection: close\r\n\r\n<h1>Bad Request (Bad Request)</h1>", "behavioralNote": null}, {"id": "RFC9110-5.6.2-SP-BEFORE-COLON", "description": "Whitespace between header name and colon must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "Open", "reason": "Expected 400, got 200 \u2014 Whitespace between header name and colon must be rejected", "scored": true, "durationMs": 50.5362, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test : value\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:55 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-3-MULTI-SP-REQUEST-LINE", "description": "Multiple spaces between request-line components \u2014 SHOULD reject but MAY parse leniently", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Multiple spaces between request-line components \u2014 SHOULD reject but MAY parse leniently", "scored": true, "durationMs": 50.6879, "rawRequest": "GET  / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:55 GMT\r\nContent-Length: 54\r\nConnection: close\r\nKeep-Alive: true\r\n\r\n<h1>Bad Request (Invalid request line (version).)</h1>", "behavioralNote": null}, {"id": "RFC9112-7.1-MISSING-HOST", "description": "Request without Host header must be rejected with 400", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Request without Host header must be rejected with 400", "scored": true, "durationMs": 50.2565, "rawRequest": "GET / HTTP/1.1\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:55 GMT\r\nContent-Length: 40\r\nConnection: close\r\n\r\n<h1>Bad Request (Invalid host name)</h1>", "behavioralNote": null}, {"id": "RFC9112-2.3-INVALID-VERSION", "description": "Invalid HTTP version must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 505, "expected": "400/505 or close", "got": "505", "connectionState": "Open", "reason": "Invalid HTTP version must be rejected", "scored": true, "durationMs": 50.4323, "rawRequest": "GET / HTTP/9.9\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 505 Http Version Not Supported\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:55 GMT\r\nContent-Length: 64\r\n\r\n<h1>Http Version Not Supported (Http Version Not Supported)</h1>", "behavioralNote": null}, {"id": "RFC9112-5-EMPTY-HEADER-NAME", "description": "Empty header name (leading colon) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Empty header name (leading colon) must be rejected", "scored": true, "durationMs": 50.4481, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\n: empty-name\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:55 GMT\r\nContent-Length: 34\r\nConnection: close\r\n\r\n<h1>Bad Request (Bad Request)</h1>", "behavioralNote": null}, {"id": "RFC9112-3-CR-ONLY-LINE-ENDING", "description": "CR without LF as line ending must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "CR without LF as line ending must be rejected", "scored": true, "durationMs": 50.461, "rawRequest": "GET / HTTP/1.1\rHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:55 GMT\r\nContent-Length: 54\r\nConnection: close\r\nKeep-Alive: true\r\n\r\n<h1>Bad Request (Invalid request line (version).)</h1>", "behavioralNote": null}, {"id": "RFC9112-3-MISSING-TARGET", "description": "Request line with no target (space but no path) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Request line with no target (space but no path) must be rejected", "scored": true, "durationMs": 50.4874, "rawRequest": "GET HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:55 GMT\r\nContent-Length: 52\r\nConnection: close\r\nKeep-Alive: true\r\n\r\n<h1>Bad Request (Invalid request line (parts).)</h1>", "behavioralNote": null}, {"id": "RFC9112-3.2-FRAGMENT-IN-TARGET", "description": "Fragment (#) in request-target \u2014 not part of origin-form grammar", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Fragment (#) in request-target \u2014 not part of origin-form grammar", "scored": true, "durationMs": 50.6829, "rawRequest": "GET /path#frag HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:55 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-2.3-HTTP09-REQUEST", "description": "HTTP/0.9 request (no version) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/0.9 request (no version) must be rejected", "scored": true, "durationMs": 50.4506, "rawRequest": "GET /\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:55 GMT\r\nContent-Length: 52\r\nConnection: close\r\nKeep-Alive: true\r\n\r\n<h1>Bad Request (Invalid request line (parts).)</h1>", "behavioralNote": null}, {"id": "RFC9112-5-INVALID-HEADER-NAME", "description": "Header name with invalid characters (brackets) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Header name with invalid characters (brackets) must be rejected", "scored": true, "durationMs": 50.6697, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nBad[Name: value\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:55 GMT\r\nContent-Length: 104\r\nConnection: close\r\n\r\n<h1>Bad Request (Specified value 'Bad[Name' has invalid HTTP Header characters. (Parameter 'name'))</h1>", "behavioralNote": null}, {"id": "RFC9112-5-HEADER-NO-COLON", "description": "Header line without colon must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Header line without colon must be rejected", "scored": true, "durationMs": 50.5028, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nNoColonHere\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:55 GMT\r\nContent-Length: 34\r\nConnection: close\r\n\r\n<h1>Bad Request (Bad Request)</h1>", "behavioralNote": null}, {"id": "RFC9110-5.4-DUPLICATE-HOST", "description": "Duplicate Host headers with different values must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "Open", "reason": "Expected 400, got 200 \u2014 Duplicate Host headers with different values must be rejected", "scored": true, "durationMs": 50.5913, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nHost: other.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:56 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-6.1-CL-NON-NUMERIC", "description": "Non-numeric Content-Length must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Non-numeric Content-Length must be rejected", "scored": true, "durationMs": 51.1327, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: abc\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:56 GMT\r\nContent-Length: 74\r\nConnection: close\r\n\r\n<h1>Bad Request (The input string 'abc' was not in a correct format.)</h1>", "behavioralNote": null}, {"id": "RFC9112-6.1-CL-PLUS-SIGN", "description": "Content-Length with plus sign must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Content-Length with plus sign must be rejected", "scored": true, "durationMs": 51.1007, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: +5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:56 GMT\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-WHITESPACE-BEFORE-HEADERS", "description": "Whitespace before first header line must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Whitespace before first header line must be rejected", "scored": true, "durationMs": 50.5618, "rawRequest": "GET / HTTP/1.1\r\n \r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:56 GMT\r\nContent-Length: 34\r\nConnection: close\r\n\r\n<h1>Bad Request (Bad Request)</h1>", "behavioralNote": null}, {"id": "COMP-DUPLICATE-HOST-SAME", "description": "Duplicate Host headers with identical values must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "Open", "reason": "Expected 400, got 200 \u2014 Duplicate Host headers with identical values must be rejected", "scored": true, "durationMs": 50.7804, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:56 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HOST-WITH-USERINFO", "description": "Host header with userinfo (user@host) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Host header with userinfo (user@host) must be rejected", "scored": true, "durationMs": 50.5007, "rawRequest": "GET / HTTP/1.1\r\nHost: user@localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:56 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HOST-WITH-PATH", "description": "Host header with path component must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Host header with path component must be rejected", "scored": true, "durationMs": 50.6651, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080/path\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:56 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-ASTERISK-WITH-GET", "description": "Asterisk-form (*) request-target with GET must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.4", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Asterisk-form (*) request-target with GET must be rejected", "scored": true, "durationMs": 50.8171, "rawRequest": "GET * HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:56 GMT\r\nContent-Length: 58\r\nConnection: close\r\n\r\n<h1>Bad Request (Invalid url: http://localhost:8080*)</h1>", "behavioralNote": null}, {"id": "COMP-OPTIONS-STAR", "description": "OPTIONS * is the only valid asterisk-form request", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.4", "verdict": "Fail", "statusCode": 400, "expected": "2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Expected 2xx, got 400 \u2014 OPTIONS * is the only valid asterisk-form request", "scored": true, "durationMs": 50.7987, "rawRequest": "OPTIONS * HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:56 GMT\r\nContent-Length: 58\r\nConnection: close\r\n\r\n<h1>Bad Request (Invalid url: http://localhost:8080*)</h1>", "behavioralNote": null}, {"id": "COMP-UNKNOWN-TE-501", "description": "Unknown Transfer-Encoding without CL should be rejected with 501", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 501, "expected": "400/501 or close", "got": "501", "connectionState": "Open", "reason": "Unknown Transfer-Encoding without CL should be rejected with 501", "scored": true, "durationMs": 50.8482, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: gzip\r\n\r\n", "rawResponse": "HTTP/1.1 501 Not Implemented\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:56 GMT\r\nContent-Length: 24\r\n\r\n<h1>Not Implemented</h1>", "behavioralNote": null}, {"id": "COMP-LEADING-CRLF", "description": "Leading CRLF before request-line \u2014 server may ignore per RFC", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Leading CRLF before request-line \u2014 server may ignore per RFC", "scored": true, "durationMs": 50.5891, "rawRequest": "\r\n\r\nGET / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:56 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-ABSOLUTE-FORM", "description": "Absolute-form request-target \u2014 server should accept per RFC", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Absolute-form request-target \u2014 server should accept per RFC", "scored": true, "durationMs": 50.5984, "rawRequest": "GET http://localhost:8080/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:56 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-METHOD-CASE", "description": "Lowercase method 'get' \u2014 methods are case-sensitive per RFC", "category": "Compliance", "rfc": "RFC 9110 \u00a79.1", "verdict": "Warn", "statusCode": 200, "expected": "400/405/501 or 2xx", "got": "200", "connectionState": "Open", "reason": "Lowercase method 'get' \u2014 methods are case-sensitive per RFC", "scored": true, "durationMs": 50.5363, "rawRequest": "get / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:56 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-POST-CL-BODY", "description": "POST with Content-Length and matching body must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "POST with Content-Length and matching body must be accepted", "scored": true, "durationMs": 50.4926, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:56 GMT\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-POST-CL-ZERO", "description": "POST with Content-Length: 0 and no body must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "POST with Content-Length: 0 and no body must be accepted", "scored": true, "durationMs": 50.4292, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:56 GMT\r\nContent-Length: 0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-POST-NO-CL-NO-TE", "description": "POST with neither Content-Length nor Transfer-Encoding \u2014 implicit zero-length body", "category": "Compliance", "rfc": "RFC 9112 \u00a76.3", "verdict": "Fail", "statusCode": 411, "expected": "2xx or close", "got": "411", "connectionState": "ClosedByServer", "reason": "Expected 2xx or close, got 411 \u2014 POST with neither Content-Length nor Transfer-Encoding \u2014 implicit zero-length body", "scored": true, "durationMs": 50.3962, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 411 Length Required\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:09:56 GMT\r\nContent-Length: 24\r\nConnection: close\r\n\r\n<h1>Length Required</h1>", "behavioralNote": null}, {"id": "COMP-POST-CL-UNDERSEND", "description": "POST with Content-Length: 10 but only 5 bytes sent \u2014 incomplete body", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "POST with Content-Length: 10 but only 5 bytes sent \u2014 incomplete body", "scored": true, "durationMs": 5000.8952, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 10\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-CHUNKED-BODY", "description": "Valid single-chunk POST must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid single-chunk POST must be accepted", "scored": true, "durationMs": 51.4415, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:01 GMT\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-CHUNKED-MULTI", "description": "Valid multi-chunk POST must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid multi-chunk POST must be accepted", "scored": true, "durationMs": 50.6216, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n6\r\n world\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:01 GMT\r\nContent-Length: 11\r\n\r\nhello world", "behavioralNote": null}, {"id": "COMP-CHUNKED-EMPTY", "description": "Zero-length chunked body (just terminator) must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "Zero-length chunked body (just terminator) must be accepted", "scored": true, "durationMs": 50.468, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:01 GMT\r\nContent-Length: 0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-NO-FINAL", "description": "Chunked body without zero terminator \u2014 incomplete transfer", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Chunked body without zero terminator \u2014 incomplete transfer", "scored": true, "durationMs": 5000.9998, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-UPGRADE-POST", "description": "WebSocket upgrade via POST must not be accepted", "category": "Compliance", "rfc": "RFC 6455 \u00a74.1", "verdict": "Pass", "statusCode": 411, "expected": "!101", "got": "411", "connectionState": "ClosedByServer", "reason": "WebSocket upgrade via POST must not be accepted", "scored": true, "durationMs": 50.6764, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 13\r\n\r\n", "rawResponse": "HTTP/1.1 411 Length Required\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:06 GMT\r\nContent-Length: 24\r\nConnection: close\r\n\r\n<h1>Length Required</h1>", "behavioralNote": null}, {"id": "COMP-UPGRADE-MISSING-CONN", "description": "Upgrade header without Connection: Upgrade must not trigger protocol switch", "category": "Compliance", "rfc": "RFC 9110 \u00a77.8", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "Upgrade header without Connection: Upgrade must not trigger protocol switch", "scored": true, "durationMs": 50.7966, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 13\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:07 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-UPGRADE-UNKNOWN", "description": "Upgrade to unknown protocol must not return 101", "category": "Compliance", "rfc": "RFC 9110 \u00a77.8", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "Upgrade to unknown protocol must not return 101", "scored": true, "durationMs": 50.6511, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: totally-made-up/1.0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:07 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-METHOD-CONNECT", "description": "CONNECT to an origin server must be rejected", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.6", "verdict": "Pass", "statusCode": 400, "expected": "400/405/501 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "CONNECT to an origin server must be rejected", "scored": true, "durationMs": 50.6827, "rawRequest": "CONNECT example.com:443 HTTP/1.1\r\nHost: example.com:443\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:07 GMT\r\nContent-Length: 74\r\nConnection: close\r\n\r\n<h1>Bad Request (Invalid url: http://example.com:8080example.com:443)</h1>", "behavioralNote": null}, {"id": "COMP-EXPECT-UNKNOWN", "description": "Unknown Expect value should be rejected with 417", "category": "Compliance", "rfc": "RFC 9110 \u00a710.1.1", "verdict": "Warn", "statusCode": 200, "expected": "417 or 2xx", "got": "200", "connectionState": "Open", "reason": "Unknown Expect value should be rejected with 417", "scored": true, "durationMs": 50.977, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nExpect: 200-ok\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:07 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-GET-WITH-CL-BODY", "description": "GET with Content-Length and body \u2014 semantically unusual", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "GET with Content-Length and body \u2014 semantically unusual", "scored": false, "durationMs": 50.8667, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:07 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-CHUNKED-EXTENSION", "description": "Chunk extension (valid per RFC) \u2014 server should accept or may reject", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx or 400", "got": "200", "connectionState": "Open", "reason": "Chunk extension (valid per RFC) \u2014 server should accept or may reject", "scored": true, "durationMs": 50.7826, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;ext=value\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:07 GMT\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-UPGRADE-INVALID-VER", "description": "WebSocket upgrade with unsupported version \u2014 should return 426", "category": "Compliance", "rfc": "RFC 6455 \u00a74.4", "verdict": "Warn", "statusCode": 200, "expected": "426 or 2xx", "got": "200", "connectionState": "Open", "reason": "WebSocket upgrade with unsupported version \u2014 should return 426", "scored": true, "durationMs": 50.591, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 99\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:07 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-METHOD-TRACE", "description": "TRACE request \u2014 should be disabled in production", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.8", "verdict": "Warn", "statusCode": 200, "expected": "405/501 or 2xx", "got": "200", "connectionState": "Open", "reason": "TRACE request \u2014 should be disabled in production", "scored": false, "durationMs": 50.4413, "rawRequest": "TRACE / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:07 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HOST-EMPTY-VALUE", "description": "Empty Host header value must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Empty Host header value must be rejected", "scored": true, "durationMs": 50.5397, "rawRequest": "GET / HTTP/1.1\r\nHost: \r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:07 GMT\r\nContent-Length: 40\r\nConnection: close\r\n\r\n<h1>Bad Request (Invalid host name)</h1>", "behavioralNote": null}, {"id": "COMP-REQUEST-LINE-TAB", "description": "Tab as request-line delimiter \u2014 SHOULD reject but MAY parse on whitespace", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Tab as request-line delimiter \u2014 SHOULD reject but MAY parse on whitespace", "scored": true, "durationMs": 50.6292, "rawRequest": "GET\t/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:07 GMT\r\nContent-Length: 52\r\nConnection: close\r\nKeep-Alive: true\r\n\r\n<h1>Bad Request (Invalid request line (parts).)</h1>", "behavioralNote": null}, {"id": "COMP-VERSION-MISSING-MINOR", "description": "HTTP/1 with no minor version digit is invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/1 with no minor version digit is invalid", "scored": true, "durationMs": 50.7173, "rawRequest": "GET / HTTP/1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:07 GMT\r\nContent-Length: 54\r\nConnection: close\r\nKeep-Alive: true\r\n\r\n<h1>Bad Request (Invalid request line (version).)</h1>", "behavioralNote": null}, {"id": "COMP-VERSION-LEADING-ZEROS", "description": "HTTP/01.01 \u2014 leading zeros in version digits are invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/01.01 \u2014 leading zeros in version digits are invalid", "scored": true, "durationMs": 50.4046, "rawRequest": "GET / HTTP/01.01\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:07 GMT\r\nContent-Length: 54\r\nConnection: close\r\nKeep-Alive: true\r\n\r\n<h1>Bad Request (Invalid request line (version).)</h1>", "behavioralNote": null}, {"id": "COMP-VERSION-WHITESPACE", "description": "HTTP/ 1.1 \u2014 whitespace inside version token is invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/ 1.1 \u2014 whitespace inside version token is invalid", "scored": true, "durationMs": 50.3698, "rawRequest": "GET / HTTP/ 1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:07 GMT\r\nContent-Length: 54\r\nConnection: close\r\nKeep-Alive: true\r\n\r\n<h1>Bad Request (Invalid request line (version).)</h1>", "behavioralNote": null}, {"id": "COMP-CONNECTION-CLOSE", "description": "Server must close connection after responding to Connection: close", "category": "Compliance", "rfc": "RFC 9112 \u00a79.3", "verdict": "Pass", "statusCode": 200, "expected": "2xx + close", "got": "200", "connectionState": "ClosedByServer", "reason": "Server must close connection after responding to Connection: close", "scored": true, "durationMs": 50.9712, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:07 GMT\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HTTP10-DEFAULT-CLOSE", "description": "HTTP/1.0 without keep-alive \u2014 server should close connection after response", "category": "Compliance", "rfc": "RFC 9112 \u00a79.3", "verdict": "Pass", "statusCode": 200, "expected": "2xx + close", "got": "200", "connectionState": "ClosedByServer", "reason": "HTTP/1.0 without keep-alive \u2014 server should close connection after response", "scored": true, "durationMs": 50.8411, "rawRequest": "GET / HTTP/1.0\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:07 GMT\r\nContent-Length: 2\r\nConnection: close\r\nKeep-Alive: true\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HTTP10-NO-HOST", "description": "HTTP/1.0 without Host header \u2014 valid per HTTP/1.0", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Warn", "statusCode": 200, "expected": "200 or 400", "got": "200", "connectionState": "ClosedByServer", "reason": "HTTP/1.0 without Host header \u2014 valid per HTTP/1.0", "scored": false, "durationMs": 51.4605, "rawRequest": "GET / HTTP/1.0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:07 GMT\r\nContent-Length: 2\r\nConnection: close\r\nKeep-Alive: true\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HTTP12-VERSION", "description": "HTTP/1.2 \u2014 higher minor version should be accepted as HTTP/1.x compatible", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Warn", "statusCode": 200, "expected": "200 or 505", "got": "200", "connectionState": "Open", "reason": "HTTP/1.2 \u2014 higher minor version should be accepted as HTTP/1.x compatible", "scored": false, "durationMs": 49.7763, "rawRequest": "GET / HTTP/1.2\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:07 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-TRACE-WITH-BODY", "description": "TRACE with Content-Length body should be rejected", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.8", "verdict": "Warn", "statusCode": 200, "expected": "400/405 or 200", "got": "200", "connectionState": "Open", "reason": "TRACE with Content-Length body should be rejected", "scored": false, "durationMs": 50.6088, "rawRequest": "TRACE / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:07 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-CHUNKED-TRAILER-VALID", "description": "Valid chunked body with trailer field should be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid chunked body with trailer field should be accepted", "scored": true, "durationMs": 50.3949, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nX-Checksum: abc\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:07 GMT\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-CHUNKED-HEX-UPPERCASE", "description": "Chunk size with uppercase hex (A = 10) should be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Chunk size with uppercase hex (A = 10) should be accepted", "scored": true, "durationMs": 50.447, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\nA\r\nhelloworld\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:07 GMT\r\nContent-Length: 10\r\n\r\nhelloworld", "behavioralNote": null}, {"id": "SMUG-CL-TE-BOTH", "description": "Both Content-Length and Transfer-Encoding present \u2014 server MAY reject or process with TE alone", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Both Content-Length and Transfer-Encoding present \u2014 server MAY reject or process with TE alone", "scored": true, "durationMs": 50.701, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 6\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:08 GMT\r\nContent-Length: 0\r\n\r\n", "behavioralNote": "Used TE (chunked 0-length \u2192 empty body)"}, {"id": "SMUG-DUPLICATE-CL", "description": "Duplicate Content-Length with different values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Duplicate Content-Length with different values must be rejected", "scored": true, "durationMs": 50.5314, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nContent-Length: 10\r\n\r\nhelloworld", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:08 GMT\r\nContent-Length: 46\r\nConnection: close\r\n\r\n<h1>Bad Request (Invalid Content-Length.)</h1>", "behavioralNote": null}, {"id": "SMUG-CL-LEADING-ZEROS", "description": "Content-Length with leading zeros \u2014 valid per 1*DIGIT grammar but may cause parser disagreement", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with leading zeros \u2014 valid per 1*DIGIT grammar but may cause parser disagreement", "scored": true, "durationMs": 50.6376, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 005\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:08 GMT\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TE-XCHUNKED", "description": "Transfer-Encoding: xchunked must not be treated as chunked", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 501, "expected": "400 or close", "got": "501", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 501 \u2014 Transfer-Encoding: xchunked must not be treated as chunked", "scored": true, "durationMs": 50.6611, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: xchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 501 Not Implemented\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:08 GMT\r\nContent-Length: 24\r\n\r\n<h1>Not Implemented</h1>HTTP/1.1 404 Not Found\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:08 GMT\r\nContent-Length: 30\r\nConnection: close\r\nKeep-Alive: true\r\n\r\n<h1>Not Found (Not Found)</h1>", "behavioralNote": null}, {"id": "SMUG-TE-TRAILING-SPACE", "description": "Transfer-Encoding: 'chunked ' (trailing space) must not be treated as chunked", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "Open", "reason": "Transfer-Encoding: 'chunked ' (trailing space) must not be treated as chunked", "scored": true, "durationMs": 50.544, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked \r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:08 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\n\r\n2f\r\n<h1>Bad Request (Cannot parse chunk size.)</h1>", "behavioralNote": null}, {"id": "SMUG-TE-SP-BEFORE-COLON", "description": "Transfer-Encoding with space before colon must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "Open", "reason": "Transfer-Encoding with space before colon must be rejected", "scored": true, "durationMs": 50.6248, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding : chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:08 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\n\r\n2f\r\n<h1>Bad Request (Cannot parse chunk size.)</h1>", "behavioralNote": null}, {"id": "SMUG-CL-NEGATIVE", "description": "Negative Content-Length must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Negative Content-Length must be rejected", "scored": true, "durationMs": 50.3688, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: -1\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:08 GMT\r\nContent-Length: 46\r\nConnection: close\r\n\r\n<h1>Bad Request (Invalid Content-Length.)</h1>", "behavioralNote": null}, {"id": "SMUG-CLTE-PIPELINE", "description": "CL.TE smuggling probe \u2014 follow-up should not receive smuggled response", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 CL.TE smuggling probe \u2014 follow-up should not receive smuggled response", "scored": true, "durationMs": 0.4598, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 4\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:08 GMT\r\nContent-Length: 0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TECL-PIPELINE", "description": "TE.CL smuggling probe \u2014 TE: chunked + CL: 30 with pipelined GET", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 TE.CL smuggling probe \u2014 TE: chunked + CL: 30 with pipelined GET", "scored": true, "durationMs": 0.2281, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nContent-Length: 30\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:08 GMT\r\nContent-Length: 0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-TRAILING-SPACE", "description": "Content-Length with trailing space \u2014 OWS trimming is valid per RFC 9110 \u00a75.5", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with trailing space \u2014 OWS trimming is valid per RFC 9110 \u00a75.5", "scored": true, "durationMs": 50.3457, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5 \r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:08 GMT\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TE-DOUBLE-CHUNKED", "description": "Transfer-Encoding: chunked, chunked with CL is ambiguous", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 501, "expected": "400 or 2xx", "got": "501", "connectionState": "Open", "reason": "Expected 400 or 2xx, got 501 \u2014 Transfer-Encoding: chunked, chunked with CL is ambiguous", "scored": true, "durationMs": 50.4349, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked, chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 501 Not Implemented\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:08 GMT\r\nContent-Length: 24\r\n\r\n<h1>Not Implemented</h1>", "behavioralNote": null}, {"id": "SMUG-CL-EXTRA-LEADING-SP", "description": "Content-Length with extra leading whitespace (double space OWS)", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with extra leading whitespace (double space OWS)", "scored": true, "durationMs": 50.4216, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length:  5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:08 GMT\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TE-CASE-MISMATCH", "description": "Transfer-Encoding: Chunked (capital C) with CL \u2014 case-insensitive is valid", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "Open", "reason": "Transfer-Encoding: Chunked (capital C) with CL \u2014 case-insensitive is valid", "scored": true, "durationMs": 50.6288, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: Chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:08 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\n\r\n2f\r\n<h1>Bad Request (Cannot parse chunk size.)</h1>\r\n", "behavioralNote": null}, {"id": "SMUG-CL-COMMA-DIFFERENT", "description": "Content-Length with comma-separated different values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with comma-separated different values must be rejected", "scored": true, "durationMs": 50.5935, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5, 10\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:08 GMT\r\nContent-Length: 76\r\nConnection: close\r\n\r\n<h1>Bad Request (The input string '5, 10' was not in a correct format.)</h1>", "behavioralNote": null}, {"id": "SMUG-TE-NOT-FINAL-CHUNKED", "description": "Transfer-Encoding where chunked is not final \u2014 server MUST respond with 400 (RFC 9112 \u00a76.3)", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.3", "verdict": "Fail", "statusCode": 501, "expected": "400 or close", "got": "501", "connectionState": "Open", "reason": "Expected 400 or close, got 501 \u2014 Transfer-Encoding where chunked is not final \u2014 server MUST respond with 400 (RFC 9112 \u00a76.3)", "scored": true, "durationMs": 50.4238, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked, gzip\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 501 Not Implemented\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:08 GMT\r\nContent-Length: 24\r\n\r\n<h1>Not Implemented</h1>", "behavioralNote": null}, {"id": "SMUG-TE-HTTP10", "description": "Transfer-Encoding in HTTP/1.0 request must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding in HTTP/1.0 request must be rejected", "scored": true, "durationMs": 50.5095, "rawRequest": "POST / HTTP/1.0\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:08 GMT\r\nContent-Length: 5\r\nConnection: close\r\nKeep-Alive: true\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-CHUNK-BARE-SEMICOLON", "description": "Chunk size with bare semicolon and no extension name must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Chunk size with bare semicolon and no extension name must be rejected", "scored": true, "durationMs": 50.7029, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:08 GMT\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-BARE-CR-HEADER-VALUE", "description": "Bare CR in header value must be rejected or replaced with SP", "category": "Smuggling", "rfc": "RFC 9112 \u00a72.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Bare CR in header value must be rejected or replaced with SP", "scored": true, "durationMs": 50.7019, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nX-Test: val\rue\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:08 GMT\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-CL-OCTAL", "description": "Content-Length with octal prefix (0o5) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with octal prefix (0o5) must be rejected", "scored": true, "durationMs": 50.4264, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0o5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:08 GMT\r\nContent-Length: 74\r\nConnection: close\r\n\r\n<h1>Bad Request (The input string '0o5' was not in a correct format.)</h1>", "behavioralNote": null}, {"id": "SMUG-CHUNK-UNDERSCORE", "description": "Chunk size with underscores (1_0) must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size with underscores (1_0) must be rejected", "scored": true, "durationMs": 50.9023, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n1_0\r\nhello world!!!!!\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:08 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\n\r\n2f\r\n<h1>Bad Request (Cannot parse chunk size.)</h1>\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-EMPTY-VALUE", "description": "Transfer-Encoding with empty value must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 501, "expected": "400 or close", "got": "501", "connectionState": "Open", "reason": "Expected 400 or close, got 501 \u2014 Transfer-Encoding with empty value must be rejected", "scored": true, "durationMs": 50.7524, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 501 Not Implemented\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:08 GMT\r\nContent-Length: 24\r\n\r\n<h1>Not Implemented</h1>", "behavioralNote": null}, {"id": "SMUG-TE-LEADING-COMMA", "description": "Transfer-Encoding with leading comma (, chunked) \u2014 RFC says empty list elements MUST be ignored", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.6.1", "verdict": "Fail", "statusCode": 501, "expected": "400 or 2xx", "got": "501", "connectionState": "Open", "reason": "Expected 400 or 2xx, got 501 \u2014 Transfer-Encoding with leading comma (, chunked) \u2014 RFC says empty list elements MUST be ignored", "scored": true, "durationMs": 50.756, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: , chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 501 Not Implemented\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:09 GMT\r\nContent-Length: 24\r\n\r\n<h1>Not Implemented</h1>", "behavioralNote": null}, {"id": "SMUG-TE-DUPLICATE-HEADERS", "description": "Two Transfer-Encoding headers with CL present \u2014 ambiguous framing", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 501, "expected": "400 or close", "got": "501", "connectionState": "Open", "reason": "Expected 400 or close, got 501 \u2014 Two Transfer-Encoding headers with CL present \u2014 ambiguous framing", "scored": true, "durationMs": 50.5554, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nTransfer-Encoding: identity\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 501 Not Implemented\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:09 GMT\r\nContent-Length: 42\r\n\r\n<h1>Not Implemented (Not Implemented)</h1>", "behavioralNote": null}, {"id": "SMUG-CHUNK-HEX-PREFIX", "description": "Chunk size with 0x prefix must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size with 0x prefix must be rejected", "scored": true, "durationMs": 50.7736, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n0x5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:09 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\n\r\n2f\r\n<h1>Bad Request (Cannot parse chunk size.)</h1>\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-HEX-PREFIX", "description": "Content-Length with hex prefix (0x5) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with hex prefix (0x5) must be rejected", "scored": true, "durationMs": 50.4233, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0x5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:09 GMT\r\nContent-Length: 74\r\nConnection: close\r\n\r\n<h1>Bad Request (The input string '0x5' was not in a correct format.)</h1>", "behavioralNote": null}, {"id": "SMUG-CL-INTERNAL-SPACE", "description": "Content-Length with internal space (1 0) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with internal space (1 0) must be rejected", "scored": true, "durationMs": 50.5545, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 1 0\r\n\r\nhello12345", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:09 GMT\r\nContent-Length: 74\r\nConnection: close\r\n\r\n<h1>Bad Request (The input string '1 0' was not in a correct format.)</h1>", "behavioralNote": null}, {"id": "SMUG-CHUNK-LEADING-SP", "description": "Chunk size with leading space must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size with leading space must be rejected", "scored": true, "durationMs": 50.6092, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n 5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:09 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\n\r\n2f\r\n<h1>Bad Request (Cannot parse chunk size.)</h1>\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-MISSING-TRAILING-CRLF", "description": "Chunk data without trailing CRLF must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "Open", "reason": "Chunk data without trailing CRLF must be rejected", "scored": true, "durationMs": 50.4345, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:09 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\n\r\n23\r\n<h1>Bad Request (Expecting \\r)</h1>\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-LF", "description": "Bare LF in chunk extension \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Bare LF in chunk extension \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 5000.678, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\nhello\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CHUNK-SPILL", "description": "Chunk declares size 5 but sends 7 bytes \u2014 oversized chunk data must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "Open", "reason": "Chunk declares size 5 but sends 7 bytes \u2014 oversized chunk data must be rejected", "scored": true, "durationMs": 50.4152, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello!!\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:14 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\n\r\n23\r\n<h1>Bad Request (Expecting \\r)</h1>", "behavioralNote": null}, {"id": "SMUG-CHUNK-LF-TERM", "description": "Bare LF as chunk data terminator \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "Open", "reason": "Bare LF as chunk data terminator \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 50.6052, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:14 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\n\r\n23\r\n<h1>Bad Request (Expecting \\r)</h1>\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-CTRL", "description": "NUL byte in chunk extension must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 NUL byte in chunk extension must be rejected", "scored": true, "durationMs": 50.6347, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\u0000ext\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:14 GMT\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-CR", "description": "Bare CR (not CRLF) in chunk extension \u2014 some parsers treat CR alone as line ending", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare CR (not CRLF) in chunk extension \u2014 some parsers treat CR alone as line ending", "scored": true, "durationMs": 50.8026, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;a\rX\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:14 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\n\r\n21\r\n<h1>Bad Request (2 CR found)</h1>\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-VTAB", "description": "Vertical tab before 'chunked' in TE value \u2014 control char obfuscation vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "Open", "reason": "Vertical tab before 'chunked' in TE value \u2014 control char obfuscation vector", "scored": true, "durationMs": 50.5021, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \u000bchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:14 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\n\r\n2f\r\n<h1>Bad Request (Cannot parse chunk size.)</h1>\r\n", "behavioralNote": null}, {"id": "SMUG-TE-FORMFEED", "description": "Form feed before 'chunked' in TE value \u2014 control char obfuscation vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "Open", "reason": "Form feed before 'chunked' in TE value \u2014 control char obfuscation vector", "scored": true, "durationMs": 50.4251, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \fchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:14 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\n\r\n2f\r\n<h1>Bad Request (Cannot parse chunk size.)</h1>\r\n", "behavioralNote": null}, {"id": "SMUG-TE-NULL", "description": "NUL byte appended to 'chunked' in TE value \u2014 C-string truncation attack", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "NUL byte appended to 'chunked' in TE value \u2014 C-string truncation attack", "scored": true, "durationMs": 50.4535, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\u0000\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:14 GMT\r\nContent-Length: 90\r\nConnection: close\r\n\r\n<h1>Bad Request (Specified value has invalid Control characters. (Parameter 'value'))</h1>", "behavioralNote": null}, {"id": "SMUG-CHUNK-LF-TRAILER", "description": "Bare LF in chunked trailer termination \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Bare LF in chunked trailer termination \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 5000.7821, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-IDENTITY", "description": "Transfer-Encoding: identity (deprecated) with CL must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77", "verdict": "Fail", "statusCode": 501, "expected": "400 or close", "got": "501", "connectionState": "Open", "reason": "Expected 400 or close, got 501 \u2014 Transfer-Encoding: identity (deprecated) with CL must be rejected", "scored": true, "durationMs": 50.5672, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: identity\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 501 Not Implemented\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:19 GMT\r\nContent-Length: 24\r\n\r\n<h1>Not Implemented</h1>", "behavioralNote": null}, {"id": "SMUG-CHUNK-NEGATIVE", "description": "Negative chunk size must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "Open", "reason": "Negative chunk size must be rejected", "scored": true, "durationMs": 50.3783, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n-1\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:19 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\n\r\n2f\r\n<h1>Bad Request (Cannot parse chunk size.)</h1>", "behavioralNote": null}, {"id": "SMUG-TRANSFER_ENCODING", "description": "Transfer_Encoding (underscore) header with CL \u2014 not a valid header but some parsers accept", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer_Encoding (underscore) header with CL \u2014 not a valid header but some parsers accept", "scored": false, "durationMs": 50.4397, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer_Encoding: chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:19 GMT\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-CL-COMMA-SAME", "description": "Content-Length with comma-separated identical values \u2014 some servers merge", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with comma-separated identical values \u2014 some servers merge", "scored": false, "durationMs": 50.4921, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5, 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:19 GMT\r\nContent-Length: 75\r\nConnection: close\r\n\r\n<h1>Bad Request (The input string '5, 5' was not in a correct format.)</h1>", "behavioralNote": null}, {"id": "SMUG-CHUNKED-WITH-PARAMS", "description": "Transfer-Encoding: chunked;ext=val \u2014 parameters on chunked encoding", "category": "Smuggling", "rfc": "RFC 9112 \u00a77", "verdict": "Fail", "statusCode": 501, "expected": "400 or 2xx", "got": "501", "connectionState": "Open", "reason": "Expected 400 or 2xx, got 501 \u2014 Transfer-Encoding: chunked;ext=val \u2014 parameters on chunked encoding", "scored": true, "durationMs": 50.409, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked;ext=val\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 501 Not Implemented\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:19 GMT\r\nContent-Length: 24\r\n\r\n<h1>Not Implemented</h1>", "behavioralNote": null}, {"id": "SMUG-EXPECT-100-CL", "description": "Expect: 100-continue with Content-Length \u2014 server should send 100 then read body", "category": "Smuggling", "rfc": "RFC 9110 \u00a710.1.1", "verdict": "Fail", "statusCode": 100, "expected": "400 or 2xx", "got": "100", "connectionState": "Open", "reason": "Expected 400 or 2xx, got 100 \u2014 Expect: 100-continue with Content-Length \u2014 server should send 100 then read body", "scored": false, "durationMs": 50.3937, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nExpect: 100-continue\r\n\r\nhello", "rawResponse": "HTTP/1.1 100 Continue\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-CL", "description": "Content-Length in chunked trailers must be ignored \u2014 prohibited trailer field", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length in chunked trailers must be ignored \u2014 prohibited trailer field", "scored": false, "durationMs": 50.5483, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nContent-Length: 50\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:20 GMT\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TRAILER-TE", "description": "Transfer-Encoding in chunked trailers must be ignored \u2014 prohibited trailer field", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer-Encoding in chunked trailers must be ignored \u2014 prohibited trailer field", "scored": false, "durationMs": 50.5818, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nTransfer-Encoding: chunked\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:20 GMT\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TRAILER-HOST", "description": "Host header in chunked trailers must not be used for routing", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Host header in chunked trailers must not be used for routing", "scored": false, "durationMs": 50.5645, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nHost: evil.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:20 GMT\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TRAILER-AUTH", "description": "Authorization header in chunked trailers \u2014 prohibited per RFC 9110 \u00a76.5.1", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Authorization header in chunked trailers \u2014 prohibited per RFC 9110 \u00a76.5.1", "scored": false, "durationMs": 50.8437, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nAuthorization: Bearer evil\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:20 GMT\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-HEAD-CL-BODY", "description": "HEAD request with Content-Length and body \u2014 server must not leave body on connection", "category": "Smuggling", "rfc": "RFC 9110 \u00a79.3.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "HEAD request with Content-Length and body \u2014 server must not leave body on connection", "scored": false, "durationMs": 50.5677, "rawRequest": "HEAD / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:20 GMT\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-OPTIONS-CL-BODY", "description": "OPTIONS with Content-Length and body \u2014 server should consume or reject body", "category": "Smuggling", "rfc": "RFC 9110 \u00a79.3.7", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "OPTIONS with Content-Length and body \u2014 server should consume or reject body", "scored": false, "durationMs": 50.6227, "rawRequest": "OPTIONS / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:20 GMT\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-UNDERSCORE", "description": "Content-Length with underscore digit separator (1_0) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with underscore digit separator (1_0) must be rejected", "scored": true, "durationMs": 50.5771, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 1_0\r\n\r\nhelloworld", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:20 GMT\r\nContent-Length: 74\r\nConnection: close\r\n\r\n<h1>Bad Request (The input string '1_0' was not in a correct format.)</h1>", "behavioralNote": null}, {"id": "SMUG-CL-NEGATIVE-ZERO", "description": "Content-Length: -0 must be rejected \u2014 not valid 1*DIGIT", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Content-Length: -0 must be rejected \u2014 not valid 1*DIGIT", "scored": true, "durationMs": 50.642, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: -0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:20 GMT\r\nContent-Length: 0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-DOUBLE-ZERO", "description": "Content-Length: 00 \u2014 matches 1*DIGIT but leading zero ambiguity", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length: 00 \u2014 matches 1*DIGIT but leading zero ambiguity", "scored": true, "durationMs": 50.5495, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 00\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:20 GMT\r\nContent-Length: 0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-LEADING-ZEROS-OCTAL", "description": "Content-Length: 0200 \u2014 octal 128 vs decimal 200, parser disagreement vector", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length: 0200 \u2014 octal 128 vs decimal 200, parser disagreement vector", "scored": true, "durationMs": 50.7211, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0200\r\n\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:20 GMT\r\nContent-Length: 200\r\n\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "behavioralNote": null}, {"id": "SMUG-TE-OBS-FOLD", "description": "Transfer-Encoding with obs-fold line wrapping must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a75.1", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with obs-fold line wrapping must be rejected", "scored": true, "durationMs": 50.5629, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding:\r\n chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:20 GMT\r\nContent-Length: 34\r\nConnection: close\r\n\r\n<h1>Bad Request (Bad Request)</h1>", "behavioralNote": null}, {"id": "SMUG-TE-TRAILING-COMMA", "description": "Transfer-Encoding: chunked, \u2014 trailing comma produces empty list element", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.6.1", "verdict": "Fail", "statusCode": 501, "expected": "400 or 2xx", "got": "501", "connectionState": "Open", "reason": "Expected 400 or 2xx, got 501 \u2014 Transfer-Encoding: chunked, \u2014 trailing comma produces empty list element", "scored": true, "durationMs": 50.5604, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked,\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 501 Not Implemented\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:20 GMT\r\nContent-Length: 24\r\n\r\n<h1>Not Implemented</h1>", "behavioralNote": null}, {"id": "SMUG-TE-TAB-BEFORE-VALUE", "description": "Transfer-Encoding with tab as OWS before value", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "Open", "reason": "Transfer-Encoding with tab as OWS before value", "scored": false, "durationMs": 50.5504, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding:\tchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:20 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\n\r\n2f\r\n<h1>Bad Request (Cannot parse chunk size.)</h1>", "behavioralNote": null}, {"id": "SMUG-ABSOLUTE-URI-HOST-MISMATCH", "description": "Absolute-form URI with different Host header \u2014 routing confusion vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a73.2.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Absolute-form URI with different Host header \u2014 routing confusion vector", "scored": false, "durationMs": 50.4726, "rawRequest": "GET http://other.example.com/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:20 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "SMUG-MULTIPLE-HOST-COMMA", "description": "Host header with comma-separated values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a77.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Host header with comma-separated values must be rejected", "scored": true, "durationMs": 50.3955, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080, other.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:20 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "SMUG-CHUNK-BARE-CR-TERM", "description": "Chunk size line terminated by bare CR \u2014 not a valid line terminator", "category": "Smuggling", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "Open", "reason": "Chunk size line terminated by bare CR \u2014 not a valid line terminator", "scored": true, "durationMs": 50.6415, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\rhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:20 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\n\r\n21\r\n<h1>Bad Request (2 CR found)</h1>\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-CONTENT-TYPE", "description": "Content-Type in chunked trailer \u2014 prohibited per RFC 9110 \u00a76.5.1", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Type in chunked trailer \u2014 prohibited per RFC 9110 \u00a76.5.1", "scored": false, "durationMs": 50.7684, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nContent-Type: text/evil\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:20 GMT\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "MAL-BINARY-GARBAGE", "description": "Random binary garbage should be rejected or connection closed", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "Random binary garbage should be rejected or connection closed", "scored": true, "durationMs": 50.6062, "rawRequest": ">\u0017???\u0004?;???V???:o?M%U\u0017]?n?\t\u0014W??6??(\u000b??\u0007???p??\u0005\tngk??\rF?'??'\"?????g?\u001a?????rvc??7i??????)??\u0000Q?????\u000eq\u0005-~????>B??u?8???`\u000b?J\u0017>?\u001d?b?\t???T5{\n????\u0006t|????\u0018\u0010?D??\u0015'????dQ%5w\tN K???\r?\u0011????D?\u0003I?(?\u0011??\r?\u001bi?L???\u0005?kg4Ze\f6??\"QT><<`\u0007u\f????=1?jMah\u0012??+?-??J\u001cP??\u001d?7?,???j2\u0014????(", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:20 GMT\r\nContent-Length: 52\r\nConnection: close\r\nKeep-Alive: true\r\n\r\n<h1>Bad Request (Invalid request line (parts).)</h1>", "behavioralNote": null}, {"id": "MAL-LONG-URL", "description": "100KB URL should be rejected with 414 URI Too Long", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400/414/431 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400/414/431 or close, got 200 \u2014 100KB URL should be rejected with 414 URI Too Long", "scored": true, "durationMs": 52.028, "rawRequest": "GET /AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:20 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-LONG-HEADER-VALUE", "description": "100KB header value should be rejected with 431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/431 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "100KB header value should be rejected with 431", "scored": true, "durationMs": 50.6715, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Big: BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:20 GMT\r\nContent-Length: 34\r\nConnection: close\r\n\r\n<h1>Bad Request (Bad Request)</h1>", "behavioralNote": null}, {"id": "MAL-MANY-HEADERS", "description": "10,000 headers should be rejected with 431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/431 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "10,000 headers should be rejected with 431", "scored": true, "durationMs": 51.6275, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-H-0: value\r\nX-H-1: value\r\nX-H-2: value\r\nX-H-3: value\r\nX-H-4: value\r\nX-H-5: value\r\nX-H-6: value\r\nX-H-7: value\r\nX-H-8: value\r\nX-H-9: value\r\nX-H-10: value\r\nX-H-11: value\r\nX-H-12: value\r\nX-H-13: value\r\nX-H-14: value\r\nX-H-15: value\r\nX-H-16: value\r\nX-H-17: value\r\nX-H-18: value\r\nX-H-19: value\r\nX-H-20: value\r\nX-H-21: value\r\nX-H-22: value\r\nX-H-23: value\r\nX-H-24: value\r\nX-H-25: value\r\nX-H-26: value\r\nX-H-27: value\r\nX-H-28: value\r\nX-H-29: value\r\nX-H-30: value\r\nX-H-31: value\r\nX-H-32: value\r\nX-H-33: value\r\nX-H-34: value\r\nX-H-35: value\r\nX-H-36: value\r\nX-H-37: value\r\nX-H-38: value\r\nX-H-39: value\r\nX-H-40: value\r\nX-H-41: value\r\nX-H-42: value\r\nX-H-43: value\r\nX-H-44: value\r\nX-H-45: value\r\nX-H-46: value\r\nX-H-47: value\r\nX-H-48: value\r\nX-H-49: value\r\nX-H-50: value\r\nX-H-51: value\r\nX-H-52: value\r\nX-H-53: value\r\nX-H-54: value\r\nX-H-55: value\r\nX-H-56: value\r\nX-H-57: value\r\nX-H-58: value\r\nX-H-59: value\r\nX-H-60: value\r\nX-H-61: value\r\nX-H-62: value\r\nX-H-63: value\r\nX-H-64: value\r\nX-H-65: value\r\nX-H-66: value\r\nX-H-67: value\r\nX-H-68: value\r\nX-H-69: value\r\nX-H-70: value\r\nX-H-71: value\r\nX-H-72: value\r\nX-H-73: value\r\nX-H-74: value\r\nX-H-75: value\r\nX-H-76: value\r\nX-H-77: value\r\nX-H-78: value\r\nX-H-79: value\r\nX-H-80: value\r\nX-H-81: value\r\nX-H-82: value\r\nX-H-83: value\r\nX-H-84: value\r\nX-H-85: value\r\nX-H-86: value\r\nX-H-87: value\r\nX-H-88: value\r\nX-H-89: value\r\nX-H-90: value\r\nX-H-91: value\r\nX-H-92: value\r\nX-H-93: value\r\nX-H-94: value\r\nX-H-95: value\r\nX-H-96: value\r\nX-H-97: value\r\nX-H-98: value\r\nX-H-99: value\r\nX-H-100: value\r\nX-H-101: value\r\nX-H-102: value\r\nX-H-103: value\r\nX-H-104: value\r\nX-H-105: value\r\nX-H-106: value\r\nX-H-107: value\r\nX-H-108: value\r\nX-H-109: value\r\nX-H-110: value\r\nX-H-111: value\r\nX-H-112: value\r\nX-H-113: value\r\nX-H-114: value\r\nX-H-115: value\r\nX-H-116: value\r\nX-H-117: value\r\nX-H-118: value\r\nX-H-119: value\r\nX-H-120: value\r\nX-H-121: value\r\nX-H-122: value\r\nX-H-123: value\r\nX-H-124: value\r\nX-H-125: value\r\nX-H-126: value\r\nX-H-127: value\r\nX-H-128: value\r\nX-H-129: value\r\nX-H-130: value\r\nX-H-131: value\r\nX-H-132: value\r\nX-H-133: value\r\nX-H-134: value\r\nX-H-135: value\r\nX-H-136: value\r\nX-H-137: value\r\nX-H-138: value\r\nX-H-139: value\r\nX-H-140: value\r\nX-H-141: value\r\nX-H-142: value\r\nX-H-143: value\r\nX-H-144: value\r\nX-H-145: value\r\nX-H-146: value\r\nX-H-147: value\r\nX-H-148: value\r\nX-H-149: value\r\nX-H-150: value\r\nX-H-151: value\r\nX-H-152: value\r\nX-H-153: value\r\nX-H-154: value\r\nX-H-155: value\r\nX-H-156: value\r\nX-H-157: value\r\nX-H-158: value\r\nX-H-159: value\r\nX-H-160: value\r\nX-H-161: value\r\nX-H-162: value\r\nX-H-163: value\r\nX-H-164: value\r\nX-H-165: value\r\nX-H-166: value\r\nX-H-167: value\r\nX-H-168: value\r\nX-H-169: value\r\nX-H-170: value\r\nX-H-171: value\r\nX-H-172: value\r\nX-H-173: value\r\nX-H-174: value\r\nX-H-175: value\r\nX-H-176: value\r\nX-H-177: value\r\nX-H-178: value\r\nX-H-179: value\r\nX-H-180: value\r\nX-H-181: value\r\nX-H-182: value\r\nX-H-183: value\r\nX-H-184: value\r\nX-H-185: value\r\nX-H-186: value\r\nX-H-187: value\r\nX-H-188: value\r\nX-H-189: value\r\nX-H-190: value\r\nX-H-191: value\r\nX-H-192: value\r\nX-H-193: value\r\nX-H-194: value\r\nX-H-195: value\r\nX-H-196: value\r\nX-H-197: value\r\nX-H-198: value\r\nX-H-199: value\r\nX-H-200: value\r\nX-H-201: value\r\nX-H-202: value\r\nX-H-203: value\r\nX-H-204: value\r\nX-H-205: value\r\nX-H-206: value\r\nX-H-207: value\r\nX-H-208: value\r\nX-H-209: value\r\nX-H-210: value\r\nX-H-211: value\r\nX-H-212: value\r\nX-H-213: value\r\nX-H-214: value\r\nX-H-215: value\r\nX-H-216: value\r\nX-H-217: value\r\nX-H-218: value\r\nX-H-219: value\r\nX-H-220: value\r\nX-H-221: value\r\nX-H-222: value\r\nX-H-223: value\r\nX-H-224: value\r\nX-H-225: value\r\nX-H-226: value\r\nX-H-227: value\r\nX-H-228: value\r\nX-H-229: value\r\nX-H-230: value\r\nX-H-231: value\r\nX-H-232: value\r\nX-H-233: value\r\nX-H-234: value\r\nX-H-235: value\r\nX-H-236: value\r\nX-H-237: value\r\nX-H-238: value\r\nX-H-239: value\r\nX-H-240: value\r\nX-H-241: value\r\nX-H-242: value\r\nX-H-243: value\r\nX-H-244: value\r\nX-H-245: value\r\nX-H-246: value\r\nX-H-247: value\r\nX-H-248: value\r\nX-H-249: value\r\nX-H-250: value\r\nX-H-251: value\r\nX-H-252: value\r\nX-H-253: value\r\nX-H-254: value\r\nX-H-255: value\r\nX-H-256: value\r\nX-H-257: value\r\nX-H-258: value\r\nX-H-259: value\r\nX-H-260: value\r\nX-H-261: value\r\nX-H-262: value\r\nX-H-263: value\r\nX-H-264: value\r\nX-H-265: value\r\nX-H-266: value\r\nX-H-267: value\r\nX-H-268: value\r\nX-H-269: value\r\nX-H-270: value\r\nX-H-271: value\r\nX-H-272: value\r\nX-H-273: value\r\nX-H-274: value\r\nX-H-275: value\r\nX-H-276: value\r\nX-H-277: value\r\nX-H-278: value\r\nX-H-279: value\r\nX-H-280: value\r\nX-H-281: value\r\nX-H-282: value\r\nX-H-283: value\r\nX-H-284: value\r\nX-H-285: value\r\nX-H-286: value\r\nX-H-287: value\r\nX-H-288: value\r\nX-H-289: value\r\nX-H-290: value\r\nX-H-291: value\r\nX-H-292: value\r\nX-H-293: value\r\nX-H-294: value\r\nX-H-295: value\r\nX-H-296: value\r\nX-H-297: value\r\nX-H-298: value\r\nX-H-299: value\r\nX-H-300: value\r\nX-H-301: value\r\nX-H-302: value\r\nX-H-303: value\r\nX-H-304: value\r\nX-H-305: value\r\nX-H-306: value\r\nX-H-307: value\r\nX-H-308: value\r\nX-H-309: value\r\nX-H-310: value\r\nX-H-311: value\r\nX-H-312: value\r\nX-H-313: value\r\nX-H-314: value\r\nX-H-315: value\r\nX-H-316: value\r\nX-H-317: value\r\nX-H-318: value\r\nX-H-319: value\r\nX-H-320: value\r\nX-H-321: value\r\nX-H-322: value\r\nX-H-323: value\r\nX-H-324: value\r\nX-H-325: value\r\nX-H-326: value\r\nX-H-327: value\r\nX-H-328: value\r\nX-H-329: value\r\nX-H-330: value\r\nX-H-331: value\r\nX-H-332: value\r\nX-H-333: value\r\nX-H-334: value\r\nX-H-335: value\r\nX-H-336: value\r\nX-H-337: value\r\nX-H-338: value\r\nX-H-339: value\r\nX-H-340: value\r\nX-H-341: value\r\nX-H-342: value\r\nX-H-343: value\r\nX-H-344: value\r\nX-H-345: value\r\nX-H-346: value\r\nX-H-347: value\r\nX-H-348: value\r\nX-H-349: value\r\nX-H-350: value\r\nX-H-351: value\r\nX-H-352: value\r\nX-H-353: value\r\nX-H-354: value\r\nX-H-355: value\r\nX-H-356: value\r\nX-H-357: value\r\nX-H-358: value\r\nX-H-359: value\r\nX-H-360: value\r\nX-H-361: value\r\nX-H-362: value\r\nX-H-363: value\r\nX-H-364: value\r\nX-H-365: value\r\nX-H-366: value\r\nX-H-367: value\r\nX-H-368: value\r\nX-H-369: value\r\nX-H-370: value\r\nX-H-371: value\r\nX-H-372: value\r\nX-H-373: value\r\nX-H-374: value\r\nX-H-375: value\r\nX-H-376: value\r\nX-H-377: value\r\nX-H-378: value\r\nX-H-379: value\r\nX-H-380: value\r\nX-H-381: value\r\nX-H-382: value\r\nX-H-383: value\r\nX-H-384: value\r\nX-H-385: value\r\nX-H-386: value\r\nX-H-387: value\r\nX-H-388: value\r\nX-H-389: value\r\nX-H-390: value\r\nX-H-391: value\r\nX-H-392: value\r\nX-H-393: value\r\nX-H-394: value\r\nX-H-395: value\r\nX-H-396: value\r\nX-H-397: value\r\nX-H-398: value\r\nX-H-399: value\r\nX-H-400: value\r\nX-H-401: value\r\nX-H-402: value\r\nX-H-403: value\r\nX-H-404: value\r\nX-H-405: value\r\nX-H-406: value\r\nX-H-407: value\r\nX-H-408: value\r\nX-H-409: value\r\nX-H-410: value\r\nX-H-411: value\r\nX-H-412: value\r\nX-H-413: value\r\nX-H-414: value\r\nX-H-415: value\r\nX-H-416: value\r\nX-H-417: value\r\nX-H-418: value\r\nX-H-419: value\r\nX-H-420: value\r\nX-H-421: value\r\nX-H-422: value\r\nX-H-423: value\r\nX-H-424: value\r\nX-H-425: value\r\nX-H-426: value\r\nX-H-427: value\r\nX-H-428: value\r\nX-H-429: value\r\nX-H-430: value\r\nX-H-431: value\r\nX-H-432: value\r\nX-H-433: value\r\nX-H-434: value\r\nX-H-435: value\r\nX-H-436: value\r\nX-H-437: value\r\nX-H-438: value\r\nX-H-439: value\r\nX-H-440: value\r\nX-H-441: value\r\nX-H-442: value\r\nX-H-443: value\r\nX-H-444: value\r\nX-H-445: value\r\nX-H-446: value\r\nX-H-447: value\r\nX-H-448: value\r\nX-H-449: value\r\nX-H-450: value\r\nX-H-451: value\r\nX-H-452: value\r\nX-H-453: value\r\nX-H-454: value\r\nX-H-455: value\r\nX-H-456: value\r\nX-H-457: value\r\nX-H-458: value\r\nX-H-459: value\r\nX-H-460: value\r\nX-H-461: value\r\nX-H-462: value\r\nX-H-463: value\r\nX-H-464: value\r\nX-H-465: value\r\nX-H-466: value\r\nX-H-467: value\r\nX-H-468: value\r\nX-H-469: value\r\nX-H-470: value\r\nX-H-471: value\r\nX-H-472: value\r\nX-H-473: value\r\nX-H-474: value\r\nX-H-475: value\r\nX-H-476: value\r\nX-H-477: value\r\nX-H-478: value\r\nX-H-479: value\r\nX-H-480: value\r\nX-H-481: value\r\nX-H-482: value\r\nX-H-483: value\r\nX-H-484: value\r\nX-H-485: value\r\nX-H-486: value\r\nX-H-487: value\r\nX-H-488: value\r\nX-H-489: value\r\nX-H-490: value\r\nX-H-491: value\r\nX-H-492: value\r\nX-H-493: value\r\nX-H-494: value\r\nX-H-495: value\r\nX-H-496: value\r\nX-H-497: value\r\nX-H-498: value\r\nX-H-499: value\r\nX-H-500: value\r\nX-H-501: value\r\nX-H-502: value\r\nX-H-503: value\r\nX-H-504: value\r\nX-H-505: value\r\nX-H-506: value\r\nX-H-507: value\r\nX-H-508: value\r\nX-H-509: value\r\nX-H-510: value\r\nX-H-511: value\r\nX-H-512: value\r\nX-H-513: value\r\nX-H-514: value\r\nX-H-515: value\r\nX-H-516:", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:21 GMT\r\nContent-Length: 34\r\nConnection: close\r\n\r\n<h1>Bad Request (Bad Request)</h1>", "behavioralNote": null}, {"id": "MAL-NUL-IN-URL", "description": "NUL byte in URL should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 NUL byte in URL should be rejected", "scored": true, "durationMs": 50.4628, "rawRequest": "GET /\u0000test HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:21 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-CONTROL-CHARS-HEADER", "description": "Control characters in header value should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Control characters in header value should be rejected", "scored": true, "durationMs": 50.5616, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: abc\u0007\b?f\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:21 GMT\r\nContent-Length: 90\r\nConnection: close\r\n\r\n<h1>Bad Request (Specified value has invalid Control characters. (Parameter 'value'))</h1>", "behavioralNote": null}, {"id": "MAL-INCOMPLETE-REQUEST", "description": "Partial HTTP request \u2014 request-line and headers but no final CRLF", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Partial HTTP request \u2014 request-line and headers but no final CRLF", "scored": true, "durationMs": 4999.8568, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: value", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-EMPTY-REQUEST", "description": "Zero bytes \u2014 TCP connection established without sending any data", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Zero bytes \u2014 TCP connection established without sending any data", "scored": true, "durationMs": 5000.4764, "rawRequest": "", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-LONG-HEADER-NAME", "description": "100KB header name should be rejected with 400/431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/431 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "100KB header name should be rejected with 400/431", "scored": true, "durationMs": 50.8204, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:31 GMT\r\nContent-Length: 34\r\nConnection: close\r\n\r\n<h1>Bad Request (Bad Request)</h1>", "behavioralNote": null}, {"id": "MAL-LONG-METHOD", "description": "100KB method name should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 100KB method name should be rejected", "scored": true, "durationMs": 53.6198, "rawRequest": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:31 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-NON-ASCII-HEADER-NAME", "description": "Non-ASCII bytes (UTF-8 \u00eb) in header name must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Non-ASCII bytes (UTF-8 \u00eb) in header name must be rejected", "scored": true, "durationMs": 50.4591, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-T??st: value\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:31 GMT\r\nContent-Length: 105\r\nConnection: close\r\n\r\n<h1>Bad Request (Specified value 'X-T????st' has invalid HTTP Header characters. (Parameter 'name'))</h1>", "behavioralNote": null}, {"id": "MAL-NON-ASCII-URL", "description": "Non-ASCII bytes (UTF-8 \u00e9) in URL must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Non-ASCII bytes (UTF-8 \u00e9) in URL must be rejected", "scored": true, "durationMs": 50.6024, "rawRequest": "GET /caf?? HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:31 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-CL-OVERFLOW", "description": "Content-Length with integer overflow value must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with integer overflow value must be rejected", "scored": true, "durationMs": 50.4893, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 99999999999999999999\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:31 GMT\r\nContent-Length: 76\r\nConnection: close\r\n\r\n<h1>Bad Request (Value was either too large or too small for an Int64.)</h1>", "behavioralNote": null}, {"id": "MAL-WHITESPACE-ONLY-LINE", "description": "Whitespace-only request line should be rejected or timeout", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "Whitespace-only request line should be rejected or timeout", "scored": true, "durationMs": 50.5236, "rawRequest": "   \r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:31 GMT\r\nContent-Length: 54\r\nConnection: close\r\nKeep-Alive: true\r\n\r\n<h1>Bad Request (Invalid request line (version).)</h1>", "behavioralNote": null}, {"id": "MAL-NUL-IN-HEADER-VALUE", "description": "NUL byte in header value should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "NUL byte in header value should be rejected", "scored": true, "durationMs": 50.3718, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: val\u0000ue\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:31 GMT\r\nContent-Length: 90\r\nConnection: close\r\n\r\n<h1>Bad Request (Specified value has invalid Control characters. (Parameter 'value'))</h1>", "behavioralNote": null}, {"id": "MAL-CHUNK-SIZE-OVERFLOW", "description": "Chunk size with integer overflow must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size with integer overflow must be rejected", "scored": true, "durationMs": 50.5764, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\nFFFFFFFFFFFFFFFF0\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:31 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\n\r\n2f\r\n<h1>Bad Request (Cannot parse chunk size.)</h1>\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-H2-PREFACE", "description": "HTTP/2 connection preface sent to HTTP/1.1 server must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 505, "expected": "400/505/close/timeout", "got": "505", "connectionState": "Open", "reason": "HTTP/2 connection preface sent to HTTP/1.1 server must be rejected", "scored": true, "durationMs": 50.5224, "rawRequest": "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", "rawResponse": "HTTP/1.1 505 Http Version Not Supported\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:31 GMT\r\nContent-Length: 64\r\n\r\n<h1>Http Version Not Supported (Http Version Not Supported)</h1>", "behavioralNote": null}, {"id": "MAL-CL-EMPTY", "description": "Empty Content-Length value must be rejected", "category": "MalformedInput", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Empty Content-Length value must be rejected", "scored": true, "durationMs": 50.5213, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: \r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:31 GMT\r\nContent-Length: 71\r\nConnection: close\r\n\r\n<h1>Bad Request (The input string '' was not in a correct format.)</h1>", "behavioralNote": null}, {"id": "MAL-CL-TAB-BEFORE-VALUE", "description": "Content-Length with tab as OWS \u2014 valid per RFC but unusual", "category": "MalformedInput", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with tab as OWS \u2014 valid per RFC but unusual", "scored": true, "durationMs": 50.7574, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length:\t5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:31 GMT\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "MAL-URL-BACKSLASH", "description": "Backslash in URL path \u2014 not valid URI character, some servers normalize to /", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx/404", "got": "200", "connectionState": "Open", "reason": "Backslash in URL path \u2014 not valid URI character, some servers normalize to /", "scored": true, "durationMs": 50.8522, "rawRequest": "GET /path\\file HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:31 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-URL-OVERLONG-UTF8", "description": "Overlong UTF-8 encoding of / (0xC0 0xAF) in URL must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Overlong UTF-8 encoding of / (0xC0 0xAF) in URL must be rejected", "scored": true, "durationMs": 50.6845, "rawRequest": "GET /?? HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:31 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-URL-PERCENT-NULL", "description": "Percent-encoded NUL byte (%00) in URL \u2014 security risk from null byte injection", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx/404", "got": "200", "connectionState": "Open", "reason": "Percent-encoded NUL byte (%00) in URL \u2014 security risk from null byte injection", "scored": true, "durationMs": 51.0683, "rawRequest": "GET /path%00.html HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:31 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-URL-PERCENT-CRLF", "description": "Percent-encoded CRLF (%0d%0a) in URL \u2014 header injection if server decodes during parsing", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx/404", "got": "200", "connectionState": "Open", "reason": "Percent-encoded CRLF (%0d%0a) in URL \u2014 header injection if server decodes during parsing", "scored": true, "durationMs": 49.5657, "rawRequest": "GET /path%0d%0aX-Injected:%20true HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:31 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-CHUNK-EXT-64K", "description": "64KB chunk extension \u2014 tests extension length limits (CVE-2023-39326 class)", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "64KB chunk extension \u2014 tests extension length limits (CVE-2023-39326 class)", "scored": true, "durationMs": 51.5051, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;ext=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "rawResponse": "HTTP/1.1 400 Bad Request\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:31 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\n\r\n2b\r\n<h1>Bad Request (chunk size too long.)</h1>\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-RANGE-OVERLAPPING", "description": "1000 overlapping Range values \u2014 resource exhaustion vector (CVE-2011-3192 class)", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "200/206/400/416", "got": "200", "connectionState": "Open", "reason": "1000 overlapping Range values \u2014 resource exhaustion vector (CVE-2011-3192 class)", "scored": false, "durationMs": 51.3004, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nRange: bytes=0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Sisk/1.6\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:31 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-POST-CL-HUGE-NO-BODY", "description": "POST with Content-Length: 999999999 but no body \u2014 tests timeout vs memory allocation", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "POST with Content-Length: 999999999 but no body \u2014 tests timeout vs memory allocation", "scored": true, "durationMs": 5001.0079, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 999999999\r\n\r\n", "rawResponse": null, "behavioralNote": null}], "name": "Sisk", "language": "C#"}, {"summary": {"total": 143, "scored": 125, "passed": 72, "failed": 47, "warnings": 6, "unscored": 18}, "results": [{"id": "COMP-BASELINE", "description": "Valid GET request \u2014 confirms server is reachable", "category": "Compliance", "rfc": null, "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Valid GET request \u2014 confirms server is reachable", "scored": true, "durationMs": 62.4722, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Expose-Headers: \r\nAccept: */*\r\nAccept-Language: en-US, en\r\nAccept-Charset: ISO-8859-1, utf-8\r\nCache-Control: no-cache\r\nConnection: close\r\nHost: diogo-system-product-name:8080\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:40 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-2.2-BARE-LF-REQUEST-LINE", "description": "Bare LF in request line should be rejected, but MAY be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or close (pass), 2xx (warn)", "got": "200", "connectionState": "ClosedByServer", "reason": "Bare LF in request line should be rejected, but MAY be accepted", "scored": true, "durationMs": 51.4321, "rawRequest": "GET / HTTP/1.1\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Expose-Headers: \r\nAccept: */*\r\nAccept-Language: en-US, en\r\nAccept-Charset: ISO-8859-1, utf-8\r\nCache-Control: no-cache\r\nConnection: close\r\nHost: diogo-system-product-name:8080\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:40 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-2.2-BARE-LF-HEADER", "description": "Bare LF in header should be rejected, but MAY be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or close (pass), 2xx (warn)", "got": "200", "connectionState": "ClosedByServer", "reason": "Bare LF in header should be rejected, but MAY be accepted", "scored": true, "durationMs": 50.6734, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\nX-Test: value\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Expose-Headers: \r\nAccept: */*\r\nAccept-Language: en-US, en\r\nAccept-Charset: ISO-8859-1, utf-8\r\nCache-Control: no-cache\r\nConnection: close\r\nHost: diogo-system-product-name:8080\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:40 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-5.1-OBS-FOLD", "description": "Obs-fold (line folding) in headers should be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75.1", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Obs-fold (line folding) in headers should be rejected", "scored": true, "durationMs": 50.438, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: value\r\n continued\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:40 GMT\r\nContent-Length: 34\r\nConnection: close\r\n\r\n<h1>Bad Request (Bad Request)</h1>", "behavioralNote": null}, {"id": "RFC9110-5.6.2-SP-BEFORE-COLON", "description": "Whitespace between header name and colon must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400, got 200 \u2014 Whitespace between header name and colon must be rejected", "scored": true, "durationMs": 51.0559, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test : value\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Expose-Headers: \r\nAccept: */*\r\nAccept-Language: en-US, en\r\nAccept-Charset: ISO-8859-1, utf-8\r\nCache-Control: no-cache\r\nConnection: close\r\nHost: diogo-system-product-name:8080\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:40 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-3-MULTI-SP-REQUEST-LINE", "description": "Multiple spaces between request-line components \u2014 SHOULD reject but MAY parse leniently", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Multiple spaces between request-line components \u2014 SHOULD reject but MAY parse leniently", "scored": true, "durationMs": 50.7878, "rawRequest": "GET  / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:40 GMT\r\nContent-Length: 54\r\nConnection: close\r\nKeep-Alive: true\r\n\r\n<h1>Bad Request (Invalid request line (version).)</h1>", "behavioralNote": null}, {"id": "RFC9112-7.1-MISSING-HOST", "description": "Request without Host header must be rejected with 400", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Request without Host header must be rejected with 400", "scored": true, "durationMs": 50.532, "rawRequest": "GET / HTTP/1.1\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:40 GMT\r\nContent-Length: 40\r\nConnection: close\r\n\r\n<h1>Bad Request (Invalid host name)</h1>", "behavioralNote": null}, {"id": "RFC9112-2.3-INVALID-VERSION", "description": "Invalid HTTP version must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 505, "expected": "400/505 or close", "got": "505", "connectionState": "Open", "reason": "Invalid HTTP version must be rejected", "scored": true, "durationMs": 50.6595, "rawRequest": "GET / HTTP/9.9\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 505 Http Version Not Supported\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:40 GMT\r\nContent-Length: 64\r\n\r\n<h1>Http Version Not Supported (Http Version Not Supported)</h1>", "behavioralNote": null}, {"id": "RFC9112-5-EMPTY-HEADER-NAME", "description": "Empty header name (leading colon) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Empty header name (leading colon) must be rejected", "scored": true, "durationMs": 50.6008, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\n: empty-name\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:40 GMT\r\nContent-Length: 34\r\nConnection: close\r\n\r\n<h1>Bad Request (Bad Request)</h1>", "behavioralNote": null}, {"id": "RFC9112-3-CR-ONLY-LINE-ENDING", "description": "CR without LF as line ending must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "CR without LF as line ending must be rejected", "scored": true, "durationMs": 50.6136, "rawRequest": "GET / HTTP/1.1\rHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:40 GMT\r\nContent-Length: 54\r\nConnection: close\r\nKeep-Alive: true\r\n\r\n<h1>Bad Request (Invalid request line (version).)</h1>", "behavioralNote": null}, {"id": "RFC9112-3-MISSING-TARGET", "description": "Request line with no target (space but no path) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Request line with no target (space but no path) must be rejected", "scored": true, "durationMs": 50.6843, "rawRequest": "GET HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:40 GMT\r\nContent-Length: 52\r\nConnection: close\r\nKeep-Alive: true\r\n\r\n<h1>Bad Request (Invalid request line (parts).)</h1>", "behavioralNote": null}, {"id": "RFC9112-3.2-FRAGMENT-IN-TARGET", "description": "Fragment (#) in request-target \u2014 not part of origin-form grammar", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Fragment (#) in request-target \u2014 not part of origin-form grammar", "scored": true, "durationMs": 51.0658, "rawRequest": "GET /path#frag HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Expose-Headers: \r\nAccept: */*\r\nAccept-Language: en-US, en\r\nAccept-Charset: ISO-8859-1, utf-8\r\nCache-Control: no-cache\r\nConnection: close\r\nHost: diogo-system-product-name:8080\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:40 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-2.3-HTTP09-REQUEST", "description": "HTTP/0.9 request (no version) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/0.9 request (no version) must be rejected", "scored": true, "durationMs": 50.6345, "rawRequest": "GET /\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:41 GMT\r\nContent-Length: 52\r\nConnection: close\r\nKeep-Alive: true\r\n\r\n<h1>Bad Request (Invalid request line (parts).)</h1>", "behavioralNote": null}, {"id": "RFC9112-5-INVALID-HEADER-NAME", "description": "Header name with invalid characters (brackets) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Header name with invalid characters (brackets) must be rejected", "scored": true, "durationMs": 50.7229, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nBad[Name: value\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:41 GMT\r\nContent-Length: 104\r\nConnection: close\r\n\r\n<h1>Bad Request (Specified value 'Bad[Name' has invalid HTTP Header characters. (Parameter 'name'))</h1>", "behavioralNote": null}, {"id": "RFC9112-5-HEADER-NO-COLON", "description": "Header line without colon must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Header line without colon must be rejected", "scored": true, "durationMs": 50.5229, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nNoColonHere\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:41 GMT\r\nContent-Length: 34\r\nConnection: close\r\n\r\n<h1>Bad Request (Bad Request)</h1>", "behavioralNote": null}, {"id": "RFC9110-5.4-DUPLICATE-HOST", "description": "Duplicate Host headers with different values must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400, got 200 \u2014 Duplicate Host headers with different values must be rejected", "scored": true, "durationMs": 50.7704, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nHost: other.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Expose-Headers: \r\nAccept: */*\r\nAccept-Language: en-US, en\r\nAccept-Charset: ISO-8859-1, utf-8\r\nCache-Control: no-cache\r\nConnection: close\r\nHost: diogo-system-product-name:8080\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:41 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-6.1-CL-NON-NUMERIC", "description": "Non-numeric Content-Length must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Non-numeric Content-Length must be rejected", "scored": true, "durationMs": 51.071, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: abc\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:41 GMT\r\nContent-Length: 74\r\nConnection: close\r\n\r\n<h1>Bad Request (The input string 'abc' was not in a correct format.)</h1>", "behavioralNote": null}, {"id": "RFC9112-6.1-CL-PLUS-SIGN", "description": "Content-Length with plus sign must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Content-Length with plus sign must be rejected", "scored": true, "durationMs": 51.9757, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: +5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Expose-Headers: \r\nAccept: */*\r\nAccept-Language: en-US, en\r\nAccept-Charset: ISO-8859-1, utf-8\r\nCache-Control: no-cache\r\nConnection: close\r\nHost: diogo-system-product-name:8080\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:41 GMT\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-WHITESPACE-BEFORE-HEADERS", "description": "Whitespace before first header line must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Whitespace before first header line must be rejected", "scored": true, "durationMs": 50.5522, "rawRequest": "GET / HTTP/1.1\r\n \r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:41 GMT\r\nContent-Length: 34\r\nConnection: close\r\n\r\n<h1>Bad Request (Bad Request)</h1>", "behavioralNote": null}, {"id": "COMP-DUPLICATE-HOST-SAME", "description": "Duplicate Host headers with identical values must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400, got 200 \u2014 Duplicate Host headers with identical values must be rejected", "scored": true, "durationMs": 50.9081, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Expose-Headers: \r\nAccept: */*\r\nAccept-Language: en-US, en\r\nAccept-Charset: ISO-8859-1, utf-8\r\nCache-Control: no-cache\r\nConnection: close\r\nHost: diogo-system-product-name:8080\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:41 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HOST-WITH-USERINFO", "description": "Host header with userinfo (user@host) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Host header with userinfo (user@host) must be rejected", "scored": true, "durationMs": 50.7459, "rawRequest": "GET / HTTP/1.1\r\nHost: user@localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Expose-Headers: \r\nAccept: */*\r\nAccept-Language: en-US, en\r\nAccept-Charset: ISO-8859-1, utf-8\r\nCache-Control: no-cache\r\nConnection: close\r\nHost: diogo-system-product-name:8080\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:41 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HOST-WITH-PATH", "description": "Host header with path component must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Host header with path component must be rejected", "scored": true, "durationMs": 50.778, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080/path\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Expose-Headers: \r\nAccept: */*\r\nAccept-Language: en-US, en\r\nAccept-Charset: ISO-8859-1, utf-8\r\nCache-Control: no-cache\r\nConnection: close\r\nHost: diogo-system-product-name:8080\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:41 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-ASTERISK-WITH-GET", "description": "Asterisk-form (*) request-target with GET must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.4", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Asterisk-form (*) request-target with GET must be rejected", "scored": true, "durationMs": 50.6973, "rawRequest": "GET * HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:41 GMT\r\nContent-Length: 58\r\nConnection: close\r\n\r\n<h1>Bad Request (Invalid url: http://localhost:8080*)</h1>", "behavioralNote": null}, {"id": "COMP-OPTIONS-STAR", "description": "OPTIONS * is the only valid asterisk-form request", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.4", "verdict": "Fail", "statusCode": 400, "expected": "2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Expected 2xx, got 400 \u2014 OPTIONS * is the only valid asterisk-form request", "scored": true, "durationMs": 50.7106, "rawRequest": "OPTIONS * HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:41 GMT\r\nContent-Length: 58\r\nConnection: close\r\n\r\n<h1>Bad Request (Invalid url: http://localhost:8080*)</h1>", "behavioralNote": null}, {"id": "COMP-UNKNOWN-TE-501", "description": "Unknown Transfer-Encoding without CL should be rejected with 501", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 501, "expected": "400/501 or close", "got": "501", "connectionState": "Open", "reason": "Unknown Transfer-Encoding without CL should be rejected with 501", "scored": true, "durationMs": 50.8556, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: gzip\r\n\r\n", "rawResponse": "HTTP/1.1 501 Not Implemented\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:41 GMT\r\nContent-Length: 24\r\n\r\n<h1>Not Implemented</h1>", "behavioralNote": null}, {"id": "COMP-LEADING-CRLF", "description": "Leading CRLF before request-line \u2014 server may ignore per RFC", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Leading CRLF before request-line \u2014 server may ignore per RFC", "scored": true, "durationMs": 51.09, "rawRequest": "\r\n\r\nGET / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Expose-Headers: \r\nAccept: */*\r\nAccept-Language: en-US, en\r\nAccept-Charset: ISO-8859-1, utf-8\r\nCache-Control: no-cache\r\nConnection: close\r\nHost: diogo-system-product-name:8080\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:41 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-ABSOLUTE-FORM", "description": "Absolute-form request-target \u2014 server should accept per RFC", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Absolute-form request-target \u2014 server should accept per RFC", "scored": true, "durationMs": 50.9935, "rawRequest": "GET http://localhost:8080/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Expose-Headers: \r\nAccept: */*\r\nAccept-Language: en-US, en\r\nAccept-Charset: ISO-8859-1, utf-8\r\nCache-Control: no-cache\r\nConnection: close\r\nHost: diogo-system-product-name:8080\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:41 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-METHOD-CASE", "description": "Lowercase method 'get' \u2014 methods are case-sensitive per RFC", "category": "Compliance", "rfc": "RFC 9110 \u00a79.1", "verdict": "Warn", "statusCode": 200, "expected": "400/405/501 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Lowercase method 'get' \u2014 methods are case-sensitive per RFC", "scored": true, "durationMs": 50.9143, "rawRequest": "get / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Expose-Headers: \r\nAccept: */*\r\nAccept-Language: en-US, en\r\nAccept-Charset: ISO-8859-1, utf-8\r\nCache-Control: no-cache\r\nConnection: close\r\nHost: diogo-system-product-name:8080\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:41 GMT\r\nContent-Length: 2\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-POST-CL-BODY", "description": "POST with Content-Length and matching body must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "POST with Content-Length and matching body must be accepted", "scored": true, "durationMs": 49.9016, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Expose-Headers: \r\nAccept: */*\r\nAccept-Language: en-US, en\r\nAccept-Charset: ISO-8859-1, utf-8\r\nCache-Control: no-cache\r\nConnection: close\r\nHost: diogo-system-product-name:8080\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:41 GMT\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-POST-CL-ZERO", "description": "POST with Content-Length: 0 and no body must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "ClosedByServer", "reason": "POST with Content-Length: 0 and no body must be accepted", "scored": true, "durationMs": 49.8863, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT, POST, DELETE, PATCH\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Expose-Headers: \r\nAccept: */*\r\nAccept-Language: en-US, en\r\nAccept-Charset: ISO-8859-1, utf-8\r\nCache-Control: no-cache\r\nConnection: close\r\nHost: diogo-system-product-name:8080\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:41 GMT\r\nContent-Length: 0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-POST-NO-CL-NO-TE", "description": "POST with neither Content-Length nor Transfer-Encoding \u2014 implicit zero-length body", "category": "Compliance", "rfc": "RFC 9112 \u00a76.3", "verdict": "Fail", "statusCode": 411, "expected": "2xx or close", "got": "411", "connectionState": "ClosedByServer", "reason": "Expected 2xx or close, got 411 \u2014 POST with neither Content-Length nor Transfer-Encoding \u2014 implicit zero-length body", "scored": true, "durationMs": 50.839, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 411 Length Required\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:10:41 GMT\r\nContent-Length: 24\r\nConnection: close\r\n\r\n<h1>Length Required</h1>", "behavioralNote": null}, {"id": "COMP-POST-CL-UNDERSEND", "description": "POST with Content-Length: 10 but only 5 bytes sent \u2014 incomplete body", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "POST with Content-Length: 10 but only 5 bytes sent \u2014 incomplete body", "scored": true, "durationMs": 5000.9497, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 10\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-CHUNKED-BODY", "description": "Valid single-chunk POST must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": null, "expected": "2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 2xx, got TimedOut \u2014 Valid single-chunk POST must be accepted", "scored": true, "durationMs": 5000.5871, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-CHUNKED-MULTI", "description": "Valid multi-chunk POST must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": null, "expected": "2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 2xx, got TimedOut \u2014 Valid multi-chunk POST must be accepted", "scored": true, "durationMs": 5000.2458, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n6\r\n world\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-CHUNKED-EMPTY", "description": "Zero-length chunked body (just terminator) must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": null, "expected": "2xx or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Zero-length chunked body (just terminator) must be accepted", "scored": true, "durationMs": 5001.196, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-CHUNKED-NO-FINAL", "description": "Chunked body without zero terminator \u2014 incomplete transfer", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Chunked body without zero terminator \u2014 incomplete transfer", "scored": true, "durationMs": 5001.0558, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-UPGRADE-POST", "description": "WebSocket upgrade via POST must not be accepted", "category": "Compliance", "rfc": "RFC 6455 \u00a74.1", "verdict": "Pass", "statusCode": 411, "expected": "!101", "got": "411", "connectionState": "ClosedByServer", "reason": "WebSocket upgrade via POST must not be accepted", "scored": true, "durationMs": 50.8215, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 13\r\n\r\n", "rawResponse": "HTTP/1.1 411 Length Required\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:11:06 GMT\r\nContent-Length: 24\r\nConnection: close\r\n\r\n<h1>Length Required</h1>", "behavioralNote": null}, {"id": "COMP-UPGRADE-MISSING-CONN", "description": "Upgrade header without Connection: Upgrade must not trigger protocol switch", "category": "Compliance", "rfc": "RFC 9110 \u00a77.8", "verdict": "Fail", "statusCode": null, "expected": "!101", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected !101, got TimedOut \u2014 Upgrade header without Connection: Upgrade must not trigger protocol switch", "scored": true, "durationMs": 5001.1303, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 13\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-UPGRADE-UNKNOWN", "description": "Upgrade to unknown protocol must not return 101", "category": "Compliance", "rfc": "RFC 9110 \u00a77.8", "verdict": "Fail", "statusCode": null, "expected": "!101", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected !101, got TimedOut \u2014 Upgrade to unknown protocol must not return 101", "scored": true, "durationMs": 5000.4173, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: totally-made-up/1.0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-METHOD-CONNECT", "description": "CONNECT to an origin server must be rejected", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.6", "verdict": "Pass", "statusCode": 400, "expected": "400/405/501 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "CONNECT to an origin server must be rejected", "scored": true, "durationMs": 50.9251, "rawRequest": "CONNECT example.com:443 HTTP/1.1\r\nHost: example.com:443\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:11:17 GMT\r\nContent-Length: 74\r\nConnection: close\r\n\r\n<h1>Bad Request (Invalid url: http://example.com:8080example.com:443)</h1>", "behavioralNote": null}, {"id": "COMP-EXPECT-UNKNOWN", "description": "Unknown Expect value should be rejected with 417", "category": "Compliance", "rfc": "RFC 9110 \u00a710.1.1", "verdict": "Fail", "statusCode": null, "expected": "417 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 417 or 2xx, got TimedOut \u2014 Unknown Expect value should be rejected with 417", "scored": true, "durationMs": 5000.7811, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nExpect: 200-ok\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-GET-WITH-CL-BODY", "description": "GET with Content-Length and body \u2014 semantically unusual", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.1", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 GET with Content-Length and body \u2014 semantically unusual", "scored": false, "durationMs": 5000.4996, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-CHUNKED-EXTENSION", "description": "Chunk extension (valid per RFC) \u2014 server should accept or may reject", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": null, "expected": "2xx or 400", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 2xx or 400, got TimedOut \u2014 Chunk extension (valid per RFC) \u2014 server should accept or may reject", "scored": true, "durationMs": 5000.735, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;ext=value\r\nhello\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-UPGRADE-INVALID-VER", "description": "WebSocket upgrade with unsupported version \u2014 should return 426", "category": "Compliance", "rfc": "RFC 6455 \u00a74.4", "verdict": "Fail", "statusCode": null, "expected": "426 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 426 or 2xx, got TimedOut \u2014 WebSocket upgrade with unsupported version \u2014 should return 426", "scored": true, "durationMs": 5000.5493, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 99\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-METHOD-TRACE", "description": "TRACE request \u2014 should be disabled in production", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.8", "verdict": "Fail", "statusCode": null, "expected": "405/501 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 405/501 or 2xx, got TimedOut \u2014 TRACE request \u2014 should be disabled in production", "scored": false, "durationMs": 5001.4962, "rawRequest": "TRACE / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-HOST-EMPTY-VALUE", "description": "Empty Host header value must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Empty Host header value must be rejected", "scored": true, "durationMs": 50.7924, "rawRequest": "GET / HTTP/1.1\r\nHost: \r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:11:42 GMT\r\nContent-Length: 40\r\nConnection: close\r\n\r\n<h1>Bad Request (Invalid host name)</h1>", "behavioralNote": null}, {"id": "COMP-REQUEST-LINE-TAB", "description": "Tab as request-line delimiter \u2014 SHOULD reject but MAY parse on whitespace", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Tab as request-line delimiter \u2014 SHOULD reject but MAY parse on whitespace", "scored": true, "durationMs": 50.85, "rawRequest": "GET\t/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:11:42 GMT\r\nContent-Length: 52\r\nConnection: close\r\nKeep-Alive: true\r\n\r\n<h1>Bad Request (Invalid request line (parts).)</h1>", "behavioralNote": null}, {"id": "COMP-VERSION-MISSING-MINOR", "description": "HTTP/1 with no minor version digit is invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/1 with no minor version digit is invalid", "scored": true, "durationMs": 50.7097, "rawRequest": "GET / HTTP/1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:11:42 GMT\r\nContent-Length: 54\r\nConnection: close\r\nKeep-Alive: true\r\n\r\n<h1>Bad Request (Invalid request line (version).)</h1>", "behavioralNote": null}, {"id": "COMP-VERSION-LEADING-ZEROS", "description": "HTTP/01.01 \u2014 leading zeros in version digits are invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/01.01 \u2014 leading zeros in version digits are invalid", "scored": true, "durationMs": 50.687, "rawRequest": "GET / HTTP/01.01\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:11:42 GMT\r\nContent-Length: 54\r\nConnection: close\r\nKeep-Alive: true\r\n\r\n<h1>Bad Request (Invalid request line (version).)</h1>", "behavioralNote": null}, {"id": "COMP-VERSION-WHITESPACE", "description": "HTTP/ 1.1 \u2014 whitespace inside version token is invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/ 1.1 \u2014 whitespace inside version token is invalid", "scored": true, "durationMs": 50.4743, "rawRequest": "GET / HTTP/ 1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:11:42 GMT\r\nContent-Length: 54\r\nConnection: close\r\nKeep-Alive: true\r\n\r\n<h1>Bad Request (Invalid request line (version).)</h1>", "behavioralNote": null}, {"id": "COMP-CONNECTION-CLOSE", "description": "Server must close connection after responding to Connection: close", "category": "Compliance", "rfc": "RFC 9112 \u00a79.3", "verdict": "Fail", "statusCode": null, "expected": "2xx + close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 2xx + close, got TimedOut \u2014 Server must close connection after responding to Connection: close", "scored": true, "durationMs": 5000.8464, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-HTTP10-DEFAULT-CLOSE", "description": "HTTP/1.0 without keep-alive \u2014 server should close connection after response", "category": "Compliance", "rfc": "RFC 9112 \u00a79.3", "verdict": "Fail", "statusCode": null, "expected": "2xx + close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 2xx + close, got TimedOut \u2014 HTTP/1.0 without keep-alive \u2014 server should close connection after response", "scored": true, "durationMs": 5000.7992, "rawRequest": "GET / HTTP/1.0\r\nHost: localhost:8080\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-HTTP10-NO-HOST", "description": "HTTP/1.0 without Host header \u2014 valid per HTTP/1.0", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": null, "expected": "200 or 400", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 200 or 400, got TimedOut \u2014 HTTP/1.0 without Host header \u2014 valid per HTTP/1.0", "scored": false, "durationMs": 5000.5845, "rawRequest": "GET / HTTP/1.0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-HTTP12-VERSION", "description": "HTTP/1.2 \u2014 higher minor version should be accepted as HTTP/1.x compatible", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Fail", "statusCode": null, "expected": "200 or 505", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 200 or 505, got TimedOut \u2014 HTTP/1.2 \u2014 higher minor version should be accepted as HTTP/1.x compatible", "scored": false, "durationMs": 5001.2249, "rawRequest": "GET / HTTP/1.2\r\nHost: localhost:8080\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-TRACE-WITH-BODY", "description": "TRACE with Content-Length body should be rejected", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.8", "verdict": "Fail", "statusCode": null, "expected": "400/405 or 200", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400/405 or 200, got TimedOut \u2014 TRACE with Content-Length body should be rejected", "scored": false, "durationMs": 5000.6362, "rawRequest": "TRACE / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-CHUNKED-TRAILER-VALID", "description": "Valid chunked body with trailer field should be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1.2", "verdict": "Fail", "statusCode": null, "expected": "2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 2xx, got TimedOut \u2014 Valid chunked body with trailer field should be accepted", "scored": true, "durationMs": 5000.2995, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nX-Checksum: abc\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-CHUNKED-HEX-UPPERCASE", "description": "Chunk size with uppercase hex (A = 10) should be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": null, "expected": "2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 2xx, got TimedOut \u2014 Chunk size with uppercase hex (A = 10) should be accepted", "scored": true, "durationMs": 5000.5502, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\nA\r\nhelloworld\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CL-TE-BOTH", "description": "Both Content-Length and Transfer-Encoding present \u2014 server MAY reject or process with TE alone", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Both Content-Length and Transfer-Encoding present \u2014 server MAY reject or process with TE alone", "scored": true, "durationMs": 5001.024, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 6\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-DUPLICATE-CL", "description": "Duplicate Content-Length with different values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Duplicate Content-Length with different values must be rejected", "scored": true, "durationMs": 51.2144, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nContent-Length: 10\r\n\r\nhelloworld", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:12:22 GMT\r\nContent-Length: 46\r\nConnection: close\r\n\r\n<h1>Bad Request (Invalid Content-Length.)</h1>", "behavioralNote": null}, {"id": "SMUG-CL-LEADING-ZEROS", "description": "Content-Length with leading zeros \u2014 valid per 1*DIGIT grammar but may cause parser disagreement", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Content-Length with leading zeros \u2014 valid per 1*DIGIT grammar but may cause parser disagreement", "scored": true, "durationMs": 5000.6635, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 005\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-XCHUNKED", "description": "Transfer-Encoding: xchunked must not be treated as chunked", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 501, "expected": "400 or close", "got": "501", "connectionState": "Open", "reason": "Expected 400 or close, got 501 \u2014 Transfer-Encoding: xchunked must not be treated as chunked", "scored": true, "durationMs": 50.6881, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: xchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 501 Not Implemented\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:12:27 GMT\r\nContent-Length: 24\r\n\r\n<h1>Not Implemented</h1>", "behavioralNote": null}, {"id": "SMUG-TE-TRAILING-SPACE", "description": "Transfer-Encoding: 'chunked ' (trailing space) must not be treated as chunked", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Transfer-Encoding: 'chunked ' (trailing space) must not be treated as chunked", "scored": true, "durationMs": 5000.8747, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked \r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-SP-BEFORE-COLON", "description": "Transfer-Encoding with space before colon must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Transfer-Encoding with space before colon must be rejected", "scored": true, "durationMs": 5000.5322, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding : chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CL-NEGATIVE", "description": "Negative Content-Length must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Negative Content-Length must be rejected", "scored": true, "durationMs": 50.5764, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: -1\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:12:37 GMT\r\nContent-Length: 46\r\nConnection: close\r\n\r\n<h1>Bad Request (Invalid Content-Length.)</h1>", "behavioralNote": null}, {"id": "SMUG-CLTE-PIPELINE", "description": "CL.TE smuggling probe \u2014 follow-up should not receive smuggled response", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or close, got TimedOut \u2014 CL.TE smuggling probe \u2014 follow-up should not receive smuggled response", "scored": true, "durationMs": 5001.3467, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 4\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TECL-PIPELINE", "description": "TE.CL smuggling probe \u2014 TE: chunked + CL: 30 with pipelined GET", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or close, got TimedOut \u2014 TE.CL smuggling probe \u2014 TE: chunked + CL: 30 with pipelined GET", "scored": true, "durationMs": 5000.6815, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nContent-Length: 30\r\n\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CL-TRAILING-SPACE", "description": "Content-Length with trailing space \u2014 OWS trimming is valid per RFC 9110 \u00a75.5", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Content-Length with trailing space \u2014 OWS trimming is valid per RFC 9110 \u00a75.5", "scored": true, "durationMs": 5001.1962, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5 \r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-DOUBLE-CHUNKED", "description": "Transfer-Encoding: chunked, chunked with CL is ambiguous", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 501, "expected": "400 or 2xx", "got": "501", "connectionState": "ClosedByServer", "reason": "Expected 400 or 2xx, got 501 \u2014 Transfer-Encoding: chunked, chunked with CL is ambiguous", "scored": true, "durationMs": 50.8155, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked, chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 501 Not Implemented\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:12:52 GMT\r\nContent-Length: 24\r\n\r\n<h1>Not Implemented</h1>HTTP/1.1 404 Not Found\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:12:52 GMT\r\nContent-Length: 30\r\nConnection: close\r\nKeep-Alive: true\r\n\r\n<h1>Not Found (Not Found)</h1>", "behavioralNote": null}, {"id": "SMUG-CL-EXTRA-LEADING-SP", "description": "Content-Length with extra leading whitespace (double space OWS)", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Content-Length with extra leading whitespace (double space OWS)", "scored": true, "durationMs": 5000.2496, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length:  5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-CASE-MISMATCH", "description": "Transfer-Encoding: Chunked (capital C) with CL \u2014 case-insensitive is valid", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Transfer-Encoding: Chunked (capital C) with CL \u2014 case-insensitive is valid", "scored": true, "durationMs": 5000.7097, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: Chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CL-COMMA-DIFFERENT", "description": "Content-Length with comma-separated different values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with comma-separated different values must be rejected", "scored": true, "durationMs": 50.696, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5, 10\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:13:02 GMT\r\nContent-Length: 76\r\nConnection: close\r\n\r\n<h1>Bad Request (The input string '5, 10' was not in a correct format.)</h1>", "behavioralNote": null}, {"id": "SMUG-TE-NOT-FINAL-CHUNKED", "description": "Transfer-Encoding where chunked is not final \u2014 server MUST respond with 400 (RFC 9112 \u00a76.3)", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.3", "verdict": "Fail", "statusCode": 501, "expected": "400 or close", "got": "501", "connectionState": "Open", "reason": "Expected 400 or close, got 501 \u2014 Transfer-Encoding where chunked is not final \u2014 server MUST respond with 400 (RFC 9112 \u00a76.3)", "scored": true, "durationMs": 50.3862, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked, gzip\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 501 Not Implemented\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:13:02 GMT\r\nContent-Length: 24\r\n\r\n<h1>Not Implemented</h1>", "behavioralNote": null}, {"id": "SMUG-TE-HTTP10", "description": "Transfer-Encoding in HTTP/1.0 request must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Transfer-Encoding in HTTP/1.0 request must be rejected", "scored": true, "durationMs": 5000.3743, "rawRequest": "POST / HTTP/1.0\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CHUNK-BARE-SEMICOLON", "description": "Chunk size with bare semicolon and no extension name must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Chunk size with bare semicolon and no extension name must be rejected", "scored": true, "durationMs": 5000.7535, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\r\nhello\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-BARE-CR-HEADER-VALUE", "description": "Bare CR in header value must be rejected or replaced with SP", "category": "Smuggling", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Bare CR in header value must be rejected or replaced with SP", "scored": true, "durationMs": 5000.5138, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nX-Test: val\rue\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CL-OCTAL", "description": "Content-Length with octal prefix (0o5) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with octal prefix (0o5) must be rejected", "scored": true, "durationMs": 50.8968, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0o5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:13:17 GMT\r\nContent-Length: 74\r\nConnection: close\r\n\r\n<h1>Bad Request (The input string '0o5' was not in a correct format.)</h1>", "behavioralNote": null}, {"id": "SMUG-CHUNK-UNDERSCORE", "description": "Chunk size with underscores (1_0) must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Chunk size with underscores (1_0) must be rejected", "scored": true, "durationMs": 5001.4599, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n1_0\r\nhello world!!!!!\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-EMPTY-VALUE", "description": "Transfer-Encoding with empty value must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 501, "expected": "400 or close", "got": "501", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 501 \u2014 Transfer-Encoding with empty value must be rejected", "scored": true, "durationMs": 50.706, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 501 Not Implemented\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:13:22 GMT\r\nContent-Length: 24\r\n\r\n<h1>Not Implemented</h1>HTTP/1.1 404 Not Found\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:13:22 GMT\r\nContent-Length: 30\r\nConnection: close\r\nKeep-Alive: true\r\n\r\n<h1>Not Found (Not Found)</h1>", "behavioralNote": null}, {"id": "SMUG-TE-LEADING-COMMA", "description": "Transfer-Encoding with leading comma (, chunked) \u2014 RFC says empty list elements MUST be ignored", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.6.1", "verdict": "Fail", "statusCode": 501, "expected": "400 or 2xx", "got": "501", "connectionState": "Open", "reason": "Expected 400 or 2xx, got 501 \u2014 Transfer-Encoding with leading comma (, chunked) \u2014 RFC says empty list elements MUST be ignored", "scored": true, "durationMs": 50.8293, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: , chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 501 Not Implemented\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:13:22 GMT\r\nContent-Length: 24\r\n\r\n<h1>Not Implemented</h1>", "behavioralNote": null}, {"id": "SMUG-TE-DUPLICATE-HEADERS", "description": "Two Transfer-Encoding headers with CL present \u2014 ambiguous framing", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 501, "expected": "400 or close", "got": "501", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 501 \u2014 Two Transfer-Encoding headers with CL present \u2014 ambiguous framing", "scored": true, "durationMs": 50.4682, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nTransfer-Encoding: identity\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 501 Not Implemented\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:13:22 GMT\r\nContent-Length: 42\r\n\r\n<h1>Not Implemented (Not Implemented)</h1>HTTP/1.1 200 OK\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:13:22 GMT\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-HEX-PREFIX", "description": "Chunk size with 0x prefix must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Chunk size with 0x prefix must be rejected", "scored": true, "durationMs": 5000.5998, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n0x5\r\nhello\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CL-HEX-PREFIX", "description": "Content-Length with hex prefix (0x5) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with hex prefix (0x5) must be rejected", "scored": true, "durationMs": 50.6014, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0x5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:13:27 GMT\r\nContent-Length: 74\r\nConnection: close\r\n\r\n<h1>Bad Request (The input string '0x5' was not in a correct format.)</h1>", "behavioralNote": null}, {"id": "SMUG-CL-INTERNAL-SPACE", "description": "Content-Length with internal space (1 0) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with internal space (1 0) must be rejected", "scored": true, "durationMs": 50.3408, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 1 0\r\n\r\nhello12345", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:13:27 GMT\r\nContent-Length: 74\r\nConnection: close\r\n\r\n<h1>Bad Request (The input string '1 0' was not in a correct format.)</h1>", "behavioralNote": null}, {"id": "SMUG-CHUNK-LEADING-SP", "description": "Chunk size with leading space must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Chunk size with leading space must be rejected", "scored": true, "durationMs": 5000.1543, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n 5\r\nhello\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CHUNK-MISSING-TRAILING-CRLF", "description": "Chunk data without trailing CRLF must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Chunk data without trailing CRLF must be rejected", "scored": true, "durationMs": 5000.1132, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-LF", "description": "Bare LF in chunk extension \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Bare LF in chunk extension \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 5000.2466, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\nhello\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CHUNK-SPILL", "description": "Chunk declares size 5 but sends 7 bytes \u2014 oversized chunk data must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Chunk declares size 5 but sends 7 bytes \u2014 oversized chunk data must be rejected", "scored": true, "durationMs": 5000.3329, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello!!\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CHUNK-LF-TERM", "description": "Bare LF as chunk data terminator \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Bare LF as chunk data terminator \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 5000.239, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-CTRL", "description": "NUL byte in chunk extension must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "NUL byte in chunk extension must be rejected", "scored": true, "durationMs": 5000.1441, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\u0000ext\r\nhello\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-CR", "description": "Bare CR (not CRLF) in chunk extension \u2014 some parsers treat CR alone as line ending", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Bare CR (not CRLF) in chunk extension \u2014 some parsers treat CR alone as line ending", "scored": true, "durationMs": 5000.6841, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;a\rX\r\nhello\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-VTAB", "description": "Vertical tab before 'chunked' in TE value \u2014 control char obfuscation vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Vertical tab before 'chunked' in TE value \u2014 control char obfuscation vector", "scored": true, "durationMs": 5000.5707, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \u000bchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-FORMFEED", "description": "Form feed before 'chunked' in TE value \u2014 control char obfuscation vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Form feed before 'chunked' in TE value \u2014 control char obfuscation vector", "scored": true, "durationMs": 5000.4606, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \fchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-NULL", "description": "NUL byte appended to 'chunked' in TE value \u2014 C-string truncation attack", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "NUL byte appended to 'chunked' in TE value \u2014 C-string truncation attack", "scored": true, "durationMs": 50.6991, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\u0000\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:14:12 GMT\r\nContent-Length: 90\r\nConnection: close\r\n\r\n<h1>Bad Request (Specified value has invalid Control characters. (Parameter 'value'))</h1>", "behavioralNote": null}, {"id": "SMUG-CHUNK-LF-TRAILER", "description": "Bare LF in chunked trailer termination \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Bare LF in chunked trailer termination \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 5000.3574, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-IDENTITY", "description": "Transfer-Encoding: identity (deprecated) with CL must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77", "verdict": "Fail", "statusCode": 501, "expected": "400 or close", "got": "501", "connectionState": "Open", "reason": "Expected 400 or close, got 501 \u2014 Transfer-Encoding: identity (deprecated) with CL must be rejected", "scored": true, "durationMs": 50.5382, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: identity\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 501 Not Implemented\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:14:18 GMT\r\nContent-Length: 24\r\n\r\n<h1>Not Implemented</h1>", "behavioralNote": null}, {"id": "SMUG-CHUNK-NEGATIVE", "description": "Negative chunk size must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Negative chunk size must be rejected", "scored": true, "durationMs": 5000.212, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n-1\r\nhello\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TRANSFER_ENCODING", "description": "Transfer_Encoding (underscore) header with CL \u2014 not a valid header but some parsers accept", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Transfer_Encoding (underscore) header with CL \u2014 not a valid header but some parsers accept", "scored": false, "durationMs": 5000.2438, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer_Encoding: chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CL-COMMA-SAME", "description": "Content-Length with comma-separated identical values \u2014 some servers merge", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with comma-separated identical values \u2014 some servers merge", "scored": false, "durationMs": 50.4451, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5, 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:14:28 GMT\r\nContent-Length: 75\r\nConnection: close\r\n\r\n<h1>Bad Request (The input string '5, 5' was not in a correct format.)</h1>", "behavioralNote": null}, {"id": "SMUG-CHUNKED-WITH-PARAMS", "description": "Transfer-Encoding: chunked;ext=val \u2014 parameters on chunked encoding", "category": "Smuggling", "rfc": "RFC 9112 \u00a77", "verdict": "Fail", "statusCode": 501, "expected": "400 or 2xx", "got": "501", "connectionState": "Open", "reason": "Expected 400 or 2xx, got 501 \u2014 Transfer-Encoding: chunked;ext=val \u2014 parameters on chunked encoding", "scored": true, "durationMs": 50.4734, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked;ext=val\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 501 Not Implemented\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:14:28 GMT\r\nContent-Length: 24\r\n\r\n<h1>Not Implemented</h1>", "behavioralNote": null}, {"id": "SMUG-EXPECT-100-CL", "description": "Expect: 100-continue with Content-Length \u2014 server should send 100 then read body", "category": "Smuggling", "rfc": "RFC 9110 \u00a710.1.1", "verdict": "Fail", "statusCode": 100, "expected": "400 or 2xx", "got": "100", "connectionState": "Open", "reason": "Expected 400 or 2xx, got 100 \u2014 Expect: 100-continue with Content-Length \u2014 server should send 100 then read body", "scored": false, "durationMs": 50.4413, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nExpect: 100-continue\r\n\r\nhello", "rawResponse": "HTTP/1.1 100 Continue\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-CL", "description": "Content-Length in chunked trailers must be ignored \u2014 prohibited trailer field", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Content-Length in chunked trailers must be ignored \u2014 prohibited trailer field", "scored": false, "durationMs": 5000.8345, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nContent-Length: 50\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TRAILER-TE", "description": "Transfer-Encoding in chunked trailers must be ignored \u2014 prohibited trailer field", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Transfer-Encoding in chunked trailers must be ignored \u2014 prohibited trailer field", "scored": false, "durationMs": 5000.3279, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nTransfer-Encoding: chunked\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TRAILER-HOST", "description": "Host header in chunked trailers must not be used for routing", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.2", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Host header in chunked trailers must not be used for routing", "scored": false, "durationMs": 5000.5226, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nHost: evil.example.com\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TRAILER-AUTH", "description": "Authorization header in chunked trailers \u2014 prohibited per RFC 9110 \u00a76.5.1", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Authorization header in chunked trailers \u2014 prohibited per RFC 9110 \u00a76.5.1", "scored": false, "durationMs": 5000.4892, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nAuthorization: Bearer evil\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-HEAD-CL-BODY", "description": "HEAD request with Content-Length and body \u2014 server must not leave body on connection", "category": "Smuggling", "rfc": "RFC 9110 \u00a79.3.2", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 HEAD request with Content-Length and body \u2014 server must not leave body on connection", "scored": false, "durationMs": 5000.4802, "rawRequest": "HEAD / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-OPTIONS-CL-BODY", "description": "OPTIONS with Content-Length and body \u2014 server should consume or reject body", "category": "Smuggling", "rfc": "RFC 9110 \u00a79.3.7", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 OPTIONS with Content-Length and body \u2014 server should consume or reject body", "scored": false, "durationMs": 5000.4273, "rawRequest": "OPTIONS / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CL-UNDERSCORE", "description": "Content-Length with underscore digit separator (1_0) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with underscore digit separator (1_0) must be rejected", "scored": true, "durationMs": 50.4404, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 1_0\r\n\r\nhelloworld", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:14:58 GMT\r\nContent-Length: 74\r\nConnection: close\r\n\r\n<h1>Bad Request (The input string '1_0' was not in a correct format.)</h1>", "behavioralNote": null}, {"id": "SMUG-CL-NEGATIVE-ZERO", "description": "Content-Length: -0 must be rejected \u2014 not valid 1*DIGIT", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Content-Length: -0 must be rejected \u2014 not valid 1*DIGIT", "scored": true, "durationMs": 5000.4135, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: -0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CL-DOUBLE-ZERO", "description": "Content-Length: 00 \u2014 matches 1*DIGIT but leading zero ambiguity", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Content-Length: 00 \u2014 matches 1*DIGIT but leading zero ambiguity", "scored": true, "durationMs": 5000.5927, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 00\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CL-LEADING-ZEROS-OCTAL", "description": "Content-Length: 0200 \u2014 octal 128 vs decimal 200, parser disagreement vector", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Content-Length: 0200 \u2014 octal 128 vs decimal 200, parser disagreement vector", "scored": true, "durationMs": 5001.5829, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0200\r\n\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-OBS-FOLD", "description": "Transfer-Encoding with obs-fold line wrapping must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a75.1", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with obs-fold line wrapping must be rejected", "scored": true, "durationMs": 51.1831, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding:\r\n chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:15:13 GMT\r\nContent-Length: 34\r\nConnection: close\r\n\r\n<h1>Bad Request (Bad Request)</h1>", "behavioralNote": null}, {"id": "SMUG-TE-TRAILING-COMMA", "description": "Transfer-Encoding: chunked, \u2014 trailing comma produces empty list element", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.6.1", "verdict": "Fail", "statusCode": 501, "expected": "400 or 2xx", "got": "501", "connectionState": "Open", "reason": "Expected 400 or 2xx, got 501 \u2014 Transfer-Encoding: chunked, \u2014 trailing comma produces empty list element", "scored": true, "durationMs": 50.658, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked,\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 501 Not Implemented\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:15:13 GMT\r\nContent-Length: 24\r\n\r\n<h1>Not Implemented</h1>", "behavioralNote": null}, {"id": "SMUG-TE-TAB-BEFORE-VALUE", "description": "Transfer-Encoding with tab as OWS before value", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Transfer-Encoding with tab as OWS before value", "scored": false, "durationMs": 5000.6416, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding:\tchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-ABSOLUTE-URI-HOST-MISMATCH", "description": "Absolute-form URI with different Host header \u2014 routing confusion vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a73.2.2", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Absolute-form URI with different Host header \u2014 routing confusion vector", "scored": false, "durationMs": 5000.456, "rawRequest": "GET http://other.example.com/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-MULTIPLE-HOST-COMMA", "description": "Host header with comma-separated values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a77.2", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Host header with comma-separated values must be rejected", "scored": true, "durationMs": 5000.4887, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080, other.example.com\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CHUNK-BARE-CR-TERM", "description": "Chunk size line terminated by bare CR \u2014 not a valid line terminator", "category": "Smuggling", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Chunk size line terminated by bare CR \u2014 not a valid line terminator", "scored": true, "durationMs": 5000.205, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\rhello\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TRAILER-CONTENT-TYPE", "description": "Content-Type in chunked trailer \u2014 prohibited per RFC 9110 \u00a76.5.1", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Content-Type in chunked trailer \u2014 prohibited per RFC 9110 \u00a76.5.1", "scored": false, "durationMs": 5000.528, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nContent-Type: text/evil\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-BINARY-GARBAGE", "description": "Random binary garbage should be rejected or connection closed", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "Random binary garbage should be rejected or connection closed", "scored": true, "durationMs": 51.0283, "rawRequest": ">\u0017???\u0004?;???V???:o?M%U\u0017]?n?\t\u0014W??6??(\u000b??\u0007???p??\u0005\tngk??\rF?'??'\"?????g?\u001a?????rvc??7i??????)??\u0000Q?????\u000eq\u0005-~????>B??u?8???`\u000b?J\u0017>?\u001d?b?\t???T5{\n????\u0006t|????\u0018\u0010?D??\u0015'????dQ%5w\tN K???\r?\u0011????D?\u0003I?(?\u0011??\r?\u001bi?L???\u0005?kg4Ze\f6??\"QT><<`\u0007u\f????=1?jMah\u0012??+?-??J\u001cP??\u001d?7?,???j2\u0014????(", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:15:38 GMT\r\nContent-Length: 52\r\nConnection: close\r\nKeep-Alive: true\r\n\r\n<h1>Bad Request (Invalid request line (parts).)</h1>", "behavioralNote": null}, {"id": "MAL-LONG-URL", "description": "100KB URL should be rejected with 414 URI Too Long", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": null, "expected": "400/414/431 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400/414/431 or close, got TimedOut \u2014 100KB URL should be rejected with 414 URI Too Long", "scored": true, "durationMs": 5001.2794, "rawRequest": "GET /AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-LONG-HEADER-VALUE", "description": "100KB header value should be rejected with 431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/431 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "100KB header value should be rejected with 431", "scored": true, "durationMs": 51.027, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Big: BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:15:43 GMT\r\nContent-Length: 34\r\nConnection: close\r\n\r\n<h1>Bad Request (Bad Request)</h1>", "behavioralNote": null}, {"id": "MAL-MANY-HEADERS", "description": "10,000 headers should be rejected with 431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/431 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "10,000 headers should be rejected with 431", "scored": true, "durationMs": 51.6348, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-H-0: value\r\nX-H-1: value\r\nX-H-2: value\r\nX-H-3: value\r\nX-H-4: value\r\nX-H-5: value\r\nX-H-6: value\r\nX-H-7: value\r\nX-H-8: value\r\nX-H-9: value\r\nX-H-10: value\r\nX-H-11: value\r\nX-H-12: value\r\nX-H-13: value\r\nX-H-14: value\r\nX-H-15: value\r\nX-H-16: value\r\nX-H-17: value\r\nX-H-18: value\r\nX-H-19: value\r\nX-H-20: value\r\nX-H-21: value\r\nX-H-22: value\r\nX-H-23: value\r\nX-H-24: value\r\nX-H-25: value\r\nX-H-26: value\r\nX-H-27: value\r\nX-H-28: value\r\nX-H-29: value\r\nX-H-30: value\r\nX-H-31: value\r\nX-H-32: value\r\nX-H-33: value\r\nX-H-34: value\r\nX-H-35: value\r\nX-H-36: value\r\nX-H-37: value\r\nX-H-38: value\r\nX-H-39: value\r\nX-H-40: value\r\nX-H-41: value\r\nX-H-42: value\r\nX-H-43: value\r\nX-H-44: value\r\nX-H-45: value\r\nX-H-46: value\r\nX-H-47: value\r\nX-H-48: value\r\nX-H-49: value\r\nX-H-50: value\r\nX-H-51: value\r\nX-H-52: value\r\nX-H-53: value\r\nX-H-54: value\r\nX-H-55: value\r\nX-H-56: value\r\nX-H-57: value\r\nX-H-58: value\r\nX-H-59: value\r\nX-H-60: value\r\nX-H-61: value\r\nX-H-62: value\r\nX-H-63: value\r\nX-H-64: value\r\nX-H-65: value\r\nX-H-66: value\r\nX-H-67: value\r\nX-H-68: value\r\nX-H-69: value\r\nX-H-70: value\r\nX-H-71: value\r\nX-H-72: value\r\nX-H-73: value\r\nX-H-74: value\r\nX-H-75: value\r\nX-H-76: value\r\nX-H-77: value\r\nX-H-78: value\r\nX-H-79: value\r\nX-H-80: value\r\nX-H-81: value\r\nX-H-82: value\r\nX-H-83: value\r\nX-H-84: value\r\nX-H-85: value\r\nX-H-86: value\r\nX-H-87: value\r\nX-H-88: value\r\nX-H-89: value\r\nX-H-90: value\r\nX-H-91: value\r\nX-H-92: value\r\nX-H-93: value\r\nX-H-94: value\r\nX-H-95: value\r\nX-H-96: value\r\nX-H-97: value\r\nX-H-98: value\r\nX-H-99: value\r\nX-H-100: value\r\nX-H-101: value\r\nX-H-102: value\r\nX-H-103: value\r\nX-H-104: value\r\nX-H-105: value\r\nX-H-106: value\r\nX-H-107: value\r\nX-H-108: value\r\nX-H-109: value\r\nX-H-110: value\r\nX-H-111: value\r\nX-H-112: value\r\nX-H-113: value\r\nX-H-114: value\r\nX-H-115: value\r\nX-H-116: value\r\nX-H-117: value\r\nX-H-118: value\r\nX-H-119: value\r\nX-H-120: value\r\nX-H-121: value\r\nX-H-122: value\r\nX-H-123: value\r\nX-H-124: value\r\nX-H-125: value\r\nX-H-126: value\r\nX-H-127: value\r\nX-H-128: value\r\nX-H-129: value\r\nX-H-130: value\r\nX-H-131: value\r\nX-H-132: value\r\nX-H-133: value\r\nX-H-134: value\r\nX-H-135: value\r\nX-H-136: value\r\nX-H-137: value\r\nX-H-138: value\r\nX-H-139: value\r\nX-H-140: value\r\nX-H-141: value\r\nX-H-142: value\r\nX-H-143: value\r\nX-H-144: value\r\nX-H-145: value\r\nX-H-146: value\r\nX-H-147: value\r\nX-H-148: value\r\nX-H-149: value\r\nX-H-150: value\r\nX-H-151: value\r\nX-H-152: value\r\nX-H-153: value\r\nX-H-154: value\r\nX-H-155: value\r\nX-H-156: value\r\nX-H-157: value\r\nX-H-158: value\r\nX-H-159: value\r\nX-H-160: value\r\nX-H-161: value\r\nX-H-162: value\r\nX-H-163: value\r\nX-H-164: value\r\nX-H-165: value\r\nX-H-166: value\r\nX-H-167: value\r\nX-H-168: value\r\nX-H-169: value\r\nX-H-170: value\r\nX-H-171: value\r\nX-H-172: value\r\nX-H-173: value\r\nX-H-174: value\r\nX-H-175: value\r\nX-H-176: value\r\nX-H-177: value\r\nX-H-178: value\r\nX-H-179: value\r\nX-H-180: value\r\nX-H-181: value\r\nX-H-182: value\r\nX-H-183: value\r\nX-H-184: value\r\nX-H-185: value\r\nX-H-186: value\r\nX-H-187: value\r\nX-H-188: value\r\nX-H-189: value\r\nX-H-190: value\r\nX-H-191: value\r\nX-H-192: value\r\nX-H-193: value\r\nX-H-194: value\r\nX-H-195: value\r\nX-H-196: value\r\nX-H-197: value\r\nX-H-198: value\r\nX-H-199: value\r\nX-H-200: value\r\nX-H-201: value\r\nX-H-202: value\r\nX-H-203: value\r\nX-H-204: value\r\nX-H-205: value\r\nX-H-206: value\r\nX-H-207: value\r\nX-H-208: value\r\nX-H-209: value\r\nX-H-210: value\r\nX-H-211: value\r\nX-H-212: value\r\nX-H-213: value\r\nX-H-214: value\r\nX-H-215: value\r\nX-H-216: value\r\nX-H-217: value\r\nX-H-218: value\r\nX-H-219: value\r\nX-H-220: value\r\nX-H-221: value\r\nX-H-222: value\r\nX-H-223: value\r\nX-H-224: value\r\nX-H-225: value\r\nX-H-226: value\r\nX-H-227: value\r\nX-H-228: value\r\nX-H-229: value\r\nX-H-230: value\r\nX-H-231: value\r\nX-H-232: value\r\nX-H-233: value\r\nX-H-234: value\r\nX-H-235: value\r\nX-H-236: value\r\nX-H-237: value\r\nX-H-238: value\r\nX-H-239: value\r\nX-H-240: value\r\nX-H-241: value\r\nX-H-242: value\r\nX-H-243: value\r\nX-H-244: value\r\nX-H-245: value\r\nX-H-246: value\r\nX-H-247: value\r\nX-H-248: value\r\nX-H-249: value\r\nX-H-250: value\r\nX-H-251: value\r\nX-H-252: value\r\nX-H-253: value\r\nX-H-254: value\r\nX-H-255: value\r\nX-H-256: value\r\nX-H-257: value\r\nX-H-258: value\r\nX-H-259: value\r\nX-H-260: value\r\nX-H-261: value\r\nX-H-262: value\r\nX-H-263: value\r\nX-H-264: value\r\nX-H-265: value\r\nX-H-266: value\r\nX-H-267: value\r\nX-H-268: value\r\nX-H-269: value\r\nX-H-270: value\r\nX-H-271: value\r\nX-H-272: value\r\nX-H-273: value\r\nX-H-274: value\r\nX-H-275: value\r\nX-H-276: value\r\nX-H-277: value\r\nX-H-278: value\r\nX-H-279: value\r\nX-H-280: value\r\nX-H-281: value\r\nX-H-282: value\r\nX-H-283: value\r\nX-H-284: value\r\nX-H-285: value\r\nX-H-286: value\r\nX-H-287: value\r\nX-H-288: value\r\nX-H-289: value\r\nX-H-290: value\r\nX-H-291: value\r\nX-H-292: value\r\nX-H-293: value\r\nX-H-294: value\r\nX-H-295: value\r\nX-H-296: value\r\nX-H-297: value\r\nX-H-298: value\r\nX-H-299: value\r\nX-H-300: value\r\nX-H-301: value\r\nX-H-302: value\r\nX-H-303: value\r\nX-H-304: value\r\nX-H-305: value\r\nX-H-306: value\r\nX-H-307: value\r\nX-H-308: value\r\nX-H-309: value\r\nX-H-310: value\r\nX-H-311: value\r\nX-H-312: value\r\nX-H-313: value\r\nX-H-314: value\r\nX-H-315: value\r\nX-H-316: value\r\nX-H-317: value\r\nX-H-318: value\r\nX-H-319: value\r\nX-H-320: value\r\nX-H-321: value\r\nX-H-322: value\r\nX-H-323: value\r\nX-H-324: value\r\nX-H-325: value\r\nX-H-326: value\r\nX-H-327: value\r\nX-H-328: value\r\nX-H-329: value\r\nX-H-330: value\r\nX-H-331: value\r\nX-H-332: value\r\nX-H-333: value\r\nX-H-334: value\r\nX-H-335: value\r\nX-H-336: value\r\nX-H-337: value\r\nX-H-338: value\r\nX-H-339: value\r\nX-H-340: value\r\nX-H-341: value\r\nX-H-342: value\r\nX-H-343: value\r\nX-H-344: value\r\nX-H-345: value\r\nX-H-346: value\r\nX-H-347: value\r\nX-H-348: value\r\nX-H-349: value\r\nX-H-350: value\r\nX-H-351: value\r\nX-H-352: value\r\nX-H-353: value\r\nX-H-354: value\r\nX-H-355: value\r\nX-H-356: value\r\nX-H-357: value\r\nX-H-358: value\r\nX-H-359: value\r\nX-H-360: value\r\nX-H-361: value\r\nX-H-362: value\r\nX-H-363: value\r\nX-H-364: value\r\nX-H-365: value\r\nX-H-366: value\r\nX-H-367: value\r\nX-H-368: value\r\nX-H-369: value\r\nX-H-370: value\r\nX-H-371: value\r\nX-H-372: value\r\nX-H-373: value\r\nX-H-374: value\r\nX-H-375: value\r\nX-H-376: value\r\nX-H-377: value\r\nX-H-378: value\r\nX-H-379: value\r\nX-H-380: value\r\nX-H-381: value\r\nX-H-382: value\r\nX-H-383: value\r\nX-H-384: value\r\nX-H-385: value\r\nX-H-386: value\r\nX-H-387: value\r\nX-H-388: value\r\nX-H-389: value\r\nX-H-390: value\r\nX-H-391: value\r\nX-H-392: value\r\nX-H-393: value\r\nX-H-394: value\r\nX-H-395: value\r\nX-H-396: value\r\nX-H-397: value\r\nX-H-398: value\r\nX-H-399: value\r\nX-H-400: value\r\nX-H-401: value\r\nX-H-402: value\r\nX-H-403: value\r\nX-H-404: value\r\nX-H-405: value\r\nX-H-406: value\r\nX-H-407: value\r\nX-H-408: value\r\nX-H-409: value\r\nX-H-410: value\r\nX-H-411: value\r\nX-H-412: value\r\nX-H-413: value\r\nX-H-414: value\r\nX-H-415: value\r\nX-H-416: value\r\nX-H-417: value\r\nX-H-418: value\r\nX-H-419: value\r\nX-H-420: value\r\nX-H-421: value\r\nX-H-422: value\r\nX-H-423: value\r\nX-H-424: value\r\nX-H-425: value\r\nX-H-426: value\r\nX-H-427: value\r\nX-H-428: value\r\nX-H-429: value\r\nX-H-430: value\r\nX-H-431: value\r\nX-H-432: value\r\nX-H-433: value\r\nX-H-434: value\r\nX-H-435: value\r\nX-H-436: value\r\nX-H-437: value\r\nX-H-438: value\r\nX-H-439: value\r\nX-H-440: value\r\nX-H-441: value\r\nX-H-442: value\r\nX-H-443: value\r\nX-H-444: value\r\nX-H-445: value\r\nX-H-446: value\r\nX-H-447: value\r\nX-H-448: value\r\nX-H-449: value\r\nX-H-450: value\r\nX-H-451: value\r\nX-H-452: value\r\nX-H-453: value\r\nX-H-454: value\r\nX-H-455: value\r\nX-H-456: value\r\nX-H-457: value\r\nX-H-458: value\r\nX-H-459: value\r\nX-H-460: value\r\nX-H-461: value\r\nX-H-462: value\r\nX-H-463: value\r\nX-H-464: value\r\nX-H-465: value\r\nX-H-466: value\r\nX-H-467: value\r\nX-H-468: value\r\nX-H-469: value\r\nX-H-470: value\r\nX-H-471: value\r\nX-H-472: value\r\nX-H-473: value\r\nX-H-474: value\r\nX-H-475: value\r\nX-H-476: value\r\nX-H-477: value\r\nX-H-478: value\r\nX-H-479: value\r\nX-H-480: value\r\nX-H-481: value\r\nX-H-482: value\r\nX-H-483: value\r\nX-H-484: value\r\nX-H-485: value\r\nX-H-486: value\r\nX-H-487: value\r\nX-H-488: value\r\nX-H-489: value\r\nX-H-490: value\r\nX-H-491: value\r\nX-H-492: value\r\nX-H-493: value\r\nX-H-494: value\r\nX-H-495: value\r\nX-H-496: value\r\nX-H-497: value\r\nX-H-498: value\r\nX-H-499: value\r\nX-H-500: value\r\nX-H-501: value\r\nX-H-502: value\r\nX-H-503: value\r\nX-H-504: value\r\nX-H-505: value\r\nX-H-506: value\r\nX-H-507: value\r\nX-H-508: value\r\nX-H-509: value\r\nX-H-510: value\r\nX-H-511: value\r\nX-H-512: value\r\nX-H-513: value\r\nX-H-514: value\r\nX-H-515: value\r\nX-H-516:", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:15:43 GMT\r\nContent-Length: 34\r\nConnection: close\r\n\r\n<h1>Bad Request (Bad Request)</h1>", "behavioralNote": null}, {"id": "MAL-NUL-IN-URL", "description": "NUL byte in URL should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "NUL byte in URL should be rejected", "scored": true, "durationMs": 5000.614, "rawRequest": "GET /\u0000test HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-CONTROL-CHARS-HEADER", "description": "Control characters in header value should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Control characters in header value should be rejected", "scored": true, "durationMs": 50.4787, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: abc\u0007\b?f\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:15:48 GMT\r\nContent-Length: 90\r\nConnection: close\r\n\r\n<h1>Bad Request (Specified value has invalid Control characters. (Parameter 'value'))</h1>", "behavioralNote": null}, {"id": "MAL-INCOMPLETE-REQUEST", "description": "Partial HTTP request \u2014 request-line and headers but no final CRLF", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Partial HTTP request \u2014 request-line and headers but no final CRLF", "scored": true, "durationMs": 5000.7961, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: value", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-EMPTY-REQUEST", "description": "Zero bytes \u2014 TCP connection established without sending any data", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Zero bytes \u2014 TCP connection established without sending any data", "scored": true, "durationMs": 4999.6169, "rawRequest": "", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-LONG-HEADER-NAME", "description": "100KB header name should be rejected with 400/431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/431 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "100KB header name should be rejected with 400/431", "scored": true, "durationMs": 50.8427, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:15:58 GMT\r\nContent-Length: 34\r\nConnection: close\r\n\r\n<h1>Bad Request (Bad Request)</h1>", "behavioralNote": null}, {"id": "MAL-LONG-METHOD", "description": "100KB method name should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or close, got TimedOut \u2014 100KB method name should be rejected", "scored": true, "durationMs": 5001.4795, "rawRequest": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-NON-ASCII-HEADER-NAME", "description": "Non-ASCII bytes (UTF-8 \u00eb) in header name must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Non-ASCII bytes (UTF-8 \u00eb) in header name must be rejected", "scored": true, "durationMs": 50.721, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-T??st: value\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:16:03 GMT\r\nContent-Length: 105\r\nConnection: close\r\n\r\n<h1>Bad Request (Specified value 'X-T????st' has invalid HTTP Header characters. (Parameter 'name'))</h1>", "behavioralNote": null}, {"id": "MAL-NON-ASCII-URL", "description": "Non-ASCII bytes (UTF-8 \u00e9) in URL must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Non-ASCII bytes (UTF-8 \u00e9) in URL must be rejected", "scored": true, "durationMs": 5000.4641, "rawRequest": "GET /caf?? HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-CL-OVERFLOW", "description": "Content-Length with integer overflow value must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with integer overflow value must be rejected", "scored": true, "durationMs": 51.5922, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 99999999999999999999\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:16:08 GMT\r\nContent-Length: 76\r\nConnection: close\r\n\r\n<h1>Bad Request (Value was either too large or too small for an Int64.)</h1>", "behavioralNote": null}, {"id": "MAL-WHITESPACE-ONLY-LINE", "description": "Whitespace-only request line should be rejected or timeout", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "Whitespace-only request line should be rejected or timeout", "scored": true, "durationMs": 50.8616, "rawRequest": "   \r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:16:08 GMT\r\nContent-Length: 54\r\nConnection: close\r\nKeep-Alive: true\r\n\r\n<h1>Bad Request (Invalid request line (version).)</h1>", "behavioralNote": null}, {"id": "MAL-NUL-IN-HEADER-VALUE", "description": "NUL byte in header value should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "NUL byte in header value should be rejected", "scored": true, "durationMs": 50.7507, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: val\u0000ue\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:16:08 GMT\r\nContent-Length: 90\r\nConnection: close\r\n\r\n<h1>Bad Request (Specified value has invalid Control characters. (Parameter 'value'))</h1>", "behavioralNote": null}, {"id": "MAL-CHUNK-SIZE-OVERFLOW", "description": "Chunk size with integer overflow must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Chunk size with integer overflow must be rejected", "scored": true, "durationMs": 5000.4531, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\nFFFFFFFFFFFFFFFF0\r\nhello\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-H2-PREFACE", "description": "HTTP/2 connection preface sent to HTTP/1.1 server must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 505, "expected": "400/505/close/timeout", "got": "505", "connectionState": "Open", "reason": "HTTP/2 connection preface sent to HTTP/1.1 server must be rejected", "scored": true, "durationMs": 50.6962, "rawRequest": "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", "rawResponse": "HTTP/1.1 505 Http Version Not Supported\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:16:13 GMT\r\nContent-Length: 64\r\n\r\n<h1>Http Version Not Supported (Http Version Not Supported)</h1>", "behavioralNote": null}, {"id": "MAL-CL-EMPTY", "description": "Empty Content-Length value must be rejected", "category": "MalformedInput", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Empty Content-Length value must be rejected", "scored": true, "durationMs": 50.3291, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: \r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/html\r\nServer: Microsoft-NetCore/2.0\r\nDate: Thu, 12 Feb 2026 21:16:13 GMT\r\nContent-Length: 71\r\nConnection: close\r\n\r\n<h1>Bad Request (The input string '' was not in a correct format.)</h1>", "behavioralNote": null}, {"id": "MAL-CL-TAB-BEFORE-VALUE", "description": "Content-Length with tab as OWS \u2014 valid per RFC but unusual", "category": "MalformedInput", "rfc": "RFC 9110 \u00a75.5", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Content-Length with tab as OWS \u2014 valid per RFC but unusual", "scored": true, "durationMs": 5000.4282, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length:\t5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-URL-BACKSLASH", "description": "Backslash in URL path \u2014 not valid URI character, some servers normalize to /", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx/404", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx/404, got TimedOut \u2014 Backslash in URL path \u2014 not valid URI character, some servers normalize to /", "scored": true, "durationMs": 5000.5795, "rawRequest": "GET /path\\file HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-URL-OVERLONG-UTF8", "description": "Overlong UTF-8 encoding of / (0xC0 0xAF) in URL must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Overlong UTF-8 encoding of / (0xC0 0xAF) in URL must be rejected", "scored": true, "durationMs": 5000.5436, "rawRequest": "GET /?? HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-URL-PERCENT-NULL", "description": "Percent-encoded NUL byte (%00) in URL \u2014 security risk from null byte injection", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx/404", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx/404, got TimedOut \u2014 Percent-encoded NUL byte (%00) in URL \u2014 security risk from null byte injection", "scored": true, "durationMs": 5000.4861, "rawRequest": "GET /path%00.html HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-URL-PERCENT-CRLF", "description": "Percent-encoded CRLF (%0d%0a) in URL \u2014 header injection if server decodes during parsing", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx/404", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx/404, got TimedOut \u2014 Percent-encoded CRLF (%0d%0a) in URL \u2014 header injection if server decodes during parsing", "scored": true, "durationMs": 5000.7692, "rawRequest": "GET /path%0d%0aX-Injected:%20true HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-CHUNK-EXT-64K", "description": "64KB chunk extension \u2014 tests extension length limits (CVE-2023-39326 class)", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 64KB chunk extension \u2014 tests extension length limits (CVE-2023-39326 class)", "scored": true, "durationMs": 5001.5843, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;ext=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-RANGE-OVERLAPPING", "description": "1000 overlapping Range values \u2014 resource exhaustion vector (CVE-2011-3192 class)", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": null, "expected": "200/206/400/416", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 200/206/400/416, got TimedOut \u2014 1000 overlapping Range values \u2014 resource exhaustion vector (CVE-2011-3192 class)", "scored": false, "durationMs": 5000.5681, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nRange: bytes=0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-POST-CL-HUGE-NO-BODY", "description": "POST with Content-Length: 999999999 but no body \u2014 tests timeout vs memory allocation", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "POST with Content-Length: 999999999 but no body \u2014 tests timeout vs memory allocation", "scored": true, "durationMs": 5000.6982, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 999999999\r\n\r\n", "rawResponse": null, "behavioralNote": null}], "name": "Watson", "language": "C#"}, {"summary": {"total": 143, "scored": 125, "passed": 112, "failed": 4, "warnings": 9, "unscored": 18}, "results": [{"id": "COMP-BASELINE", "description": "Valid GET request \u2014 confirms server is reachable", "category": "Compliance", "rfc": null, "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid GET request \u2014 confirms server is reachable", "scored": true, "durationMs": 64.1536, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 46\r\nConnection: keep-alive\r\n\r\nHello from GlyphServer\r\nMethod: GET\r\nPath: /\r\n", "behavioralNote": null}, {"id": "RFC9112-2.2-BARE-LF-REQUEST-LINE", "description": "Bare LF in request line should be rejected, but MAY be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close (pass), 2xx (warn)", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare LF in request line should be rejected, but MAY be accepted", "scored": true, "durationMs": 52.4886, "rawRequest": "GET / HTTP/1.1\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "RFC9112-2.2-BARE-LF-HEADER", "description": "Bare LF in header should be rejected, but MAY be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close (pass), 2xx (warn)", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare LF in header should be rejected, but MAY be accepted", "scored": true, "durationMs": 50.7329, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\nX-Test: value\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "RFC9112-5.1-OBS-FOLD", "description": "Obs-fold (line folding) in headers should be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75.1", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Obs-fold (line folding) in headers should be rejected", "scored": true, "durationMs": 50.4747, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: value\r\n continued\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "RFC9110-5.6.2-SP-BEFORE-COLON", "description": "Whitespace between header name and colon must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Whitespace between header name and colon must be rejected", "scored": true, "durationMs": 50.5019, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test : value\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "RFC9112-3-MULTI-SP-REQUEST-LINE", "description": "Multiple spaces between request-line components \u2014 SHOULD reject but MAY parse leniently", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Multiple spaces between request-line components \u2014 SHOULD reject but MAY parse leniently", "scored": true, "durationMs": 50.7475, "rawRequest": "GET  / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "RFC9112-7.1-MISSING-HOST", "description": "Request without Host header must be rejected with 400", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Request without Host header must be rejected with 400", "scored": true, "durationMs": 50.6011, "rawRequest": "GET / HTTP/1.1\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "RFC9112-2.3-INVALID-VERSION", "description": "Invalid HTTP version must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400/505 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Invalid HTTP version must be rejected", "scored": true, "durationMs": 50.9628, "rawRequest": "GET / HTTP/9.9\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "RFC9112-5-EMPTY-HEADER-NAME", "description": "Empty header name (leading colon) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Empty header name (leading colon) must be rejected", "scored": true, "durationMs": 50.7536, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\n: empty-name\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "RFC9112-3-CR-ONLY-LINE-ENDING", "description": "CR without LF as line ending must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "CR without LF as line ending must be rejected", "scored": true, "durationMs": 50.4728, "rawRequest": "GET / HTTP/1.1\rHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "RFC9112-3-MISSING-TARGET", "description": "Request line with no target (space but no path) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Request line with no target (space but no path) must be rejected", "scored": true, "durationMs": 50.4665, "rawRequest": "GET HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "RFC9112-3.2-FRAGMENT-IN-TARGET", "description": "Fragment (#) in request-target \u2014 not part of origin-form grammar", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Fragment (#) in request-target \u2014 not part of origin-form grammar", "scored": true, "durationMs": 50.481, "rawRequest": "GET /path#frag HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "RFC9112-2.3-HTTP09-REQUEST", "description": "HTTP/0.9 request (no version) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "HTTP/0.9 request (no version) must be rejected", "scored": true, "durationMs": 5002.0627, "rawRequest": "GET /\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "RFC9112-5-INVALID-HEADER-NAME", "description": "Header name with invalid characters (brackets) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Header name with invalid characters (brackets) must be rejected", "scored": true, "durationMs": 50.777, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nBad[Name: value\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "RFC9112-5-HEADER-NO-COLON", "description": "Header line without colon must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Header line without colon must be rejected", "scored": true, "durationMs": 50.8102, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nNoColonHere\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "RFC9110-5.4-DUPLICATE-HOST", "description": "Duplicate Host headers with different values must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Duplicate Host headers with different values must be rejected", "scored": true, "durationMs": 51.2952, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nHost: other.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "RFC9112-6.1-CL-NON-NUMERIC", "description": "Non-numeric Content-Length must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Non-numeric Content-Length must be rejected", "scored": true, "durationMs": 50.9495, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: abc\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "RFC9112-6.1-CL-PLUS-SIGN", "description": "Content-Length with plus sign must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with plus sign must be rejected", "scored": true, "durationMs": 50.8053, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: +5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "COMP-WHITESPACE-BEFORE-HEADERS", "description": "Whitespace before first header line must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Whitespace before first header line must be rejected", "scored": true, "durationMs": 51.1739, "rawRequest": "GET / HTTP/1.1\r\n \r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "COMP-DUPLICATE-HOST-SAME", "description": "Duplicate Host headers with identical values must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Duplicate Host headers with identical values must be rejected", "scored": true, "durationMs": 51.0106, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "COMP-HOST-WITH-USERINFO", "description": "Host header with userinfo (user@host) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Host header with userinfo (user@host) must be rejected", "scored": true, "durationMs": 51.0824, "rawRequest": "GET / HTTP/1.1\r\nHost: user@localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "COMP-HOST-WITH-PATH", "description": "Host header with path component must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Host header with path component must be rejected", "scored": true, "durationMs": 50.9351, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080/path\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "COMP-ASTERISK-WITH-GET", "description": "Asterisk-form (*) request-target with GET must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.4", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Asterisk-form (*) request-target with GET must be rejected", "scored": true, "durationMs": 51.1257, "rawRequest": "GET * HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "COMP-OPTIONS-STAR", "description": "OPTIONS * is the only valid asterisk-form request", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.4", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "OPTIONS * is the only valid asterisk-form request", "scored": true, "durationMs": 50.6799, "rawRequest": "OPTIONS * HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 50\r\nConnection: keep-alive\r\n\r\nHello from GlyphServer\r\nMethod: OPTIONS\r\nPath: *\r\n", "behavioralNote": null}, {"id": "COMP-UNKNOWN-TE-501", "description": "Unknown Transfer-Encoding without CL should be rejected with 501", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400/501 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Unknown Transfer-Encoding without CL should be rejected with 501", "scored": true, "durationMs": 51.1447, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: gzip\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "COMP-LEADING-CRLF", "description": "Leading CRLF before request-line \u2014 server may ignore per RFC", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Leading CRLF before request-line \u2014 server may ignore per RFC", "scored": true, "durationMs": 50.8412, "rawRequest": "\r\n\r\nGET / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "COMP-ABSOLUTE-FORM", "description": "Absolute-form request-target \u2014 server should accept per RFC", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Absolute-form request-target \u2014 server should accept per RFC", "scored": true, "durationMs": 49.9191, "rawRequest": "GET http://localhost:8080/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 67\r\nConnection: keep-alive\r\n\r\nHello from GlyphServer\r\nMethod: GET\r\nPath: http://localhost:8080/\r\n", "behavioralNote": null}, {"id": "COMP-METHOD-CASE", "description": "Lowercase method 'get' \u2014 methods are case-sensitive per RFC", "category": "Compliance", "rfc": "RFC 9110 \u00a79.1", "verdict": "Warn", "statusCode": 200, "expected": "400/405/501 or 2xx", "got": "200", "connectionState": "Open", "reason": "Lowercase method 'get' \u2014 methods are case-sensitive per RFC", "scored": true, "durationMs": 50.6323, "rawRequest": "get / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 46\r\nConnection: keep-alive\r\n\r\nHello from GlyphServer\r\nMethod: get\r\nPath: /\r\n", "behavioralNote": null}, {"id": "COMP-POST-CL-BODY", "description": "POST with Content-Length and matching body must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "POST with Content-Length and matching body must be accepted", "scored": true, "durationMs": 50.9646, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 5\r\nConnection: keep-alive\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-POST-CL-ZERO", "description": "POST with Content-Length: 0 and no body must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "POST with Content-Length: 0 and no body must be accepted", "scored": true, "durationMs": 50.7535, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 47\r\nConnection: keep-alive\r\n\r\nHello from GlyphServer\r\nMethod: POST\r\nPath: /\r\n", "behavioralNote": null}, {"id": "COMP-POST-NO-CL-NO-TE", "description": "POST with neither Content-Length nor Transfer-Encoding \u2014 implicit zero-length body", "category": "Compliance", "rfc": "RFC 9112 \u00a76.3", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "POST with neither Content-Length nor Transfer-Encoding \u2014 implicit zero-length body", "scored": true, "durationMs": 50.5553, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 47\r\nConnection: keep-alive\r\n\r\nHello from GlyphServer\r\nMethod: POST\r\nPath: /\r\n", "behavioralNote": null}, {"id": "COMP-POST-CL-UNDERSEND", "description": "POST with Content-Length: 10 but only 5 bytes sent \u2014 incomplete body", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "POST with Content-Length: 10 but only 5 bytes sent \u2014 incomplete body", "scored": true, "durationMs": 5000.9572, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 10\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-CHUNKED-BODY", "description": "Valid single-chunk POST must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid single-chunk POST must be accepted", "scored": true, "durationMs": 51.9869, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 5\r\nConnection: keep-alive\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-CHUNKED-MULTI", "description": "Valid multi-chunk POST must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid multi-chunk POST must be accepted", "scored": true, "durationMs": 50.6962, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n6\r\n world\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 11\r\nConnection: keep-alive\r\n\r\nhello world", "behavioralNote": null}, {"id": "COMP-CHUNKED-EMPTY", "description": "Zero-length chunked body (just terminator) must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "Zero-length chunked body (just terminator) must be accepted", "scored": true, "durationMs": 50.4689, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 47\r\nConnection: keep-alive\r\n\r\nHello from GlyphServer\r\nMethod: POST\r\nPath: /\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-NO-FINAL", "description": "Chunked body without zero terminator \u2014 incomplete transfer", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Chunked body without zero terminator \u2014 incomplete transfer", "scored": true, "durationMs": 5000.5005, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-UPGRADE-POST", "description": "WebSocket upgrade via POST must not be accepted", "category": "Compliance", "rfc": "RFC 6455 \u00a74.1", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "WebSocket upgrade via POST must not be accepted", "scored": true, "durationMs": 50.9831, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 13\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 47\r\nConnection: keep-alive\r\n\r\nHello from GlyphServer\r\nMethod: POST\r\nPath: /\r\n", "behavioralNote": null}, {"id": "COMP-UPGRADE-MISSING-CONN", "description": "Upgrade header without Connection: Upgrade must not trigger protocol switch", "category": "Compliance", "rfc": "RFC 9110 \u00a77.8", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "Upgrade header without Connection: Upgrade must not trigger protocol switch", "scored": true, "durationMs": 50.6176, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 13\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 46\r\nConnection: keep-alive\r\n\r\nHello from GlyphServer\r\nMethod: GET\r\nPath: /\r\n", "behavioralNote": null}, {"id": "COMP-UPGRADE-UNKNOWN", "description": "Upgrade to unknown protocol must not return 101", "category": "Compliance", "rfc": "RFC 9110 \u00a77.8", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "Upgrade to unknown protocol must not return 101", "scored": true, "durationMs": 50.5587, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: totally-made-up/1.0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 46\r\nConnection: keep-alive\r\n\r\nHello from GlyphServer\r\nMethod: GET\r\nPath: /\r\n", "behavioralNote": null}, {"id": "COMP-METHOD-CONNECT", "description": "CONNECT to an origin server must be rejected", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.6", "verdict": "Pass", "statusCode": 400, "expected": "400/405/501 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "CONNECT to an origin server must be rejected", "scored": true, "durationMs": 50.3654, "rawRequest": "CONNECT example.com:443 HTTP/1.1\r\nHost: example.com:443\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "COMP-EXPECT-UNKNOWN", "description": "Unknown Expect value should be rejected with 417", "category": "Compliance", "rfc": "RFC 9110 \u00a710.1.1", "verdict": "Warn", "statusCode": 200, "expected": "417 or 2xx", "got": "200", "connectionState": "Open", "reason": "Unknown Expect value should be rejected with 417", "scored": true, "durationMs": 50.4333, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nExpect: 200-ok\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 46\r\nConnection: keep-alive\r\n\r\nHello from GlyphServer\r\nMethod: GET\r\nPath: /\r\n", "behavioralNote": null}, {"id": "COMP-GET-WITH-CL-BODY", "description": "GET with Content-Length and body \u2014 semantically unusual", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "GET with Content-Length and body \u2014 semantically unusual", "scored": false, "durationMs": 50.533, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 46\r\nConnection: keep-alive\r\n\r\nHello from GlyphServer\r\nMethod: GET\r\nPath: /\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-EXTENSION", "description": "Chunk extension (valid per RFC) \u2014 server should accept or may reject", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx or 400", "got": "200", "connectionState": "Open", "reason": "Chunk extension (valid per RFC) \u2014 server should accept or may reject", "scored": true, "durationMs": 50.4751, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;ext=value\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 5\r\nConnection: keep-alive\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-UPGRADE-INVALID-VER", "description": "WebSocket upgrade with unsupported version \u2014 should return 426", "category": "Compliance", "rfc": "RFC 6455 \u00a74.4", "verdict": "Warn", "statusCode": 200, "expected": "426 or 2xx", "got": "200", "connectionState": "Open", "reason": "WebSocket upgrade with unsupported version \u2014 should return 426", "scored": true, "durationMs": 50.5151, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 99\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 46\r\nConnection: keep-alive\r\n\r\nHello from GlyphServer\r\nMethod: GET\r\nPath: /\r\n", "behavioralNote": null}, {"id": "COMP-METHOD-TRACE", "description": "TRACE request \u2014 should be disabled in production", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.8", "verdict": "Warn", "statusCode": 200, "expected": "405/501 or 2xx", "got": "200", "connectionState": "Open", "reason": "TRACE request \u2014 should be disabled in production", "scored": false, "durationMs": 50.4066, "rawRequest": "TRACE / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 48\r\nConnection: keep-alive\r\n\r\nHello from GlyphServer\r\nMethod: TRACE\r\nPath: /\r\n", "behavioralNote": null}, {"id": "COMP-HOST-EMPTY-VALUE", "description": "Empty Host header value must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Empty Host header value must be rejected", "scored": true, "durationMs": 50.3499, "rawRequest": "GET / HTTP/1.1\r\nHost: \r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 46\r\nConnection: keep-alive\r\n\r\nHello from GlyphServer\r\nMethod: GET\r\nPath: /\r\n", "behavioralNote": null}, {"id": "COMP-REQUEST-LINE-TAB", "description": "Tab as request-line delimiter \u2014 SHOULD reject but MAY parse on whitespace", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Tab as request-line delimiter \u2014 SHOULD reject but MAY parse on whitespace", "scored": true, "durationMs": 50.541, "rawRequest": "GET\t/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "COMP-VERSION-MISSING-MINOR", "description": "HTTP/1 with no minor version digit is invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/1 with no minor version digit is invalid", "scored": true, "durationMs": 50.5026, "rawRequest": "GET / HTTP/1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "COMP-VERSION-LEADING-ZEROS", "description": "HTTP/01.01 \u2014 leading zeros in version digits are invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/01.01 \u2014 leading zeros in version digits are invalid", "scored": true, "durationMs": 50.5292, "rawRequest": "GET / HTTP/01.01\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "COMP-VERSION-WHITESPACE", "description": "HTTP/ 1.1 \u2014 whitespace inside version token is invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/ 1.1 \u2014 whitespace inside version token is invalid", "scored": true, "durationMs": 50.501, "rawRequest": "GET / HTTP/ 1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "COMP-CONNECTION-CLOSE", "description": "Server must close connection after responding to Connection: close", "category": "Compliance", "rfc": "RFC 9112 \u00a79.3", "verdict": "Fail", "statusCode": 200, "expected": "2xx + close", "got": "200", "connectionState": "Open", "reason": "Expected 2xx + close, got 200 \u2014 Server must close connection after responding to Connection: close", "scored": true, "durationMs": 50.565, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 46\r\nConnection: keep-alive\r\n\r\nHello from GlyphServer\r\nMethod: GET\r\nPath: /\r\n", "behavioralNote": null}, {"id": "COMP-HTTP10-DEFAULT-CLOSE", "description": "HTTP/1.0 without keep-alive \u2014 server should close connection after response", "category": "Compliance", "rfc": "RFC 9112 \u00a79.3", "verdict": "Warn", "statusCode": 200, "expected": "2xx + close", "got": "200", "connectionState": "Open", "reason": "HTTP/1.0 without keep-alive \u2014 server should close connection after response", "scored": true, "durationMs": 50.4862, "rawRequest": "GET / HTTP/1.0\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 46\r\nConnection: keep-alive\r\n\r\nHello from GlyphServer\r\nMethod: GET\r\nPath: /\r\n", "behavioralNote": null}, {"id": "COMP-HTTP10-NO-HOST", "description": "HTTP/1.0 without Host header \u2014 valid per HTTP/1.0", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Pass", "statusCode": 400, "expected": "200 or 400", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/1.0 without Host header \u2014 valid per HTTP/1.0", "scored": false, "durationMs": 50.5342, "rawRequest": "GET / HTTP/1.0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "COMP-HTTP12-VERSION", "description": "HTTP/1.2 \u2014 higher minor version should be accepted as HTTP/1.x compatible", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Fail", "statusCode": 400, "expected": "200 or 505", "got": "400", "connectionState": "ClosedByServer", "reason": "Expected 200 or 505, got 400 \u2014 HTTP/1.2 \u2014 higher minor version should be accepted as HTTP/1.x compatible", "scored": false, "durationMs": 50.7081, "rawRequest": "GET / HTTP/1.2\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "COMP-TRACE-WITH-BODY", "description": "TRACE with Content-Length body should be rejected", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.8", "verdict": "Warn", "statusCode": 200, "expected": "400/405 or 200", "got": "200", "connectionState": "Open", "reason": "TRACE with Content-Length body should be rejected", "scored": false, "durationMs": 50.5638, "rawRequest": "TRACE / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 48\r\nConnection: keep-alive\r\n\r\nHello from GlyphServer\r\nMethod: TRACE\r\nPath: /\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-TRAILER-VALID", "description": "Valid chunked body with trailer field should be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid chunked body with trailer field should be accepted", "scored": true, "durationMs": 49.3848, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nX-Checksum: abc\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 5\r\nConnection: keep-alive\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-CHUNKED-HEX-UPPERCASE", "description": "Chunk size with uppercase hex (A = 10) should be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Chunk size with uppercase hex (A = 10) should be accepted", "scored": true, "durationMs": 50.5384, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\nA\r\nhelloworld\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 10\r\nConnection: keep-alive\r\n\r\nhelloworld", "behavioralNote": null}, {"id": "SMUG-CL-TE-BOTH", "description": "Both Content-Length and Transfer-Encoding present \u2014 server MAY reject or process with TE alone", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Both Content-Length and Transfer-Encoding present \u2014 server MAY reject or process with TE alone", "scored": true, "durationMs": 50.8144, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 6\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-DUPLICATE-CL", "description": "Duplicate Content-Length with different values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Duplicate Content-Length with different values must be rejected", "scored": true, "durationMs": 49.6558, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nContent-Length: 10\r\n\r\nhelloworld", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-CL-LEADING-ZEROS", "description": "Content-Length with leading zeros \u2014 valid per 1*DIGIT grammar but may cause parser disagreement", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with leading zeros \u2014 valid per 1*DIGIT grammar but may cause parser disagreement", "scored": true, "durationMs": 50.9471, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 005\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-TE-XCHUNKED", "description": "Transfer-Encoding: xchunked must not be treated as chunked", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: xchunked must not be treated as chunked", "scored": true, "durationMs": 50.783, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: xchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-TE-TRAILING-SPACE", "description": "Transfer-Encoding: 'chunked ' (trailing space) must not be treated as chunked", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: 'chunked ' (trailing space) must not be treated as chunked", "scored": true, "durationMs": 50.5162, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked \r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-TE-SP-BEFORE-COLON", "description": "Transfer-Encoding with space before colon must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with space before colon must be rejected", "scored": true, "durationMs": 50.9989, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding : chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-CL-NEGATIVE", "description": "Negative Content-Length must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Negative Content-Length must be rejected", "scored": true, "durationMs": 50.8507, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: -1\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-CLTE-PIPELINE", "description": "CL.TE smuggling probe \u2014 follow-up should not receive smuggled response", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "CL.TE smuggling probe \u2014 follow-up should not receive smuggled response", "scored": true, "durationMs": 0.5979, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 4\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-TECL-PIPELINE", "description": "TE.CL smuggling probe \u2014 TE: chunked + CL: 30 with pipelined GET", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "TE.CL smuggling probe \u2014 TE: chunked + CL: 30 with pipelined GET", "scored": true, "durationMs": 0.4491, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nContent-Length: 30\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-CL-TRAILING-SPACE", "description": "Content-Length with trailing space \u2014 OWS trimming is valid per RFC 9110 \u00a75.5", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with trailing space \u2014 OWS trimming is valid per RFC 9110 \u00a75.5", "scored": true, "durationMs": 50.4316, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5 \r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 5\r\nConnection: keep-alive\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TE-DOUBLE-CHUNKED", "description": "Transfer-Encoding: chunked, chunked with CL is ambiguous", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: chunked, chunked with CL is ambiguous", "scored": true, "durationMs": 50.418, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked, chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-CL-EXTRA-LEADING-SP", "description": "Content-Length with extra leading whitespace (double space OWS)", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with extra leading whitespace (double space OWS)", "scored": true, "durationMs": 50.4211, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length:  5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 5\r\nConnection: keep-alive\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TE-CASE-MISMATCH", "description": "Transfer-Encoding: Chunked (capital C) with CL \u2014 case-insensitive is valid", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: Chunked (capital C) with CL \u2014 case-insensitive is valid", "scored": true, "durationMs": 50.6137, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: Chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-CL-COMMA-DIFFERENT", "description": "Content-Length with comma-separated different values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with comma-separated different values must be rejected", "scored": true, "durationMs": 50.5536, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5, 10\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-TE-NOT-FINAL-CHUNKED", "description": "Transfer-Encoding where chunked is not final \u2014 server MUST respond with 400 (RFC 9112 \u00a76.3)", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding where chunked is not final \u2014 server MUST respond with 400 (RFC 9112 \u00a76.3)", "scored": true, "durationMs": 50.3415, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked, gzip\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-TE-HTTP10", "description": "Transfer-Encoding in HTTP/1.0 request must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding in HTTP/1.0 request must be rejected", "scored": true, "durationMs": 50.3249, "rawRequest": "POST / HTTP/1.0\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-BARE-SEMICOLON", "description": "Chunk size with bare semicolon and no extension name must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size with bare semicolon and no extension name must be rejected", "scored": true, "durationMs": 50.4974, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-BARE-CR-HEADER-VALUE", "description": "Bare CR in header value must be rejected or replaced with SP", "category": "Smuggling", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare CR in header value must be rejected or replaced with SP", "scored": true, "durationMs": 50.5784, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nX-Test: val\rue\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-CL-OCTAL", "description": "Content-Length with octal prefix (0o5) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with octal prefix (0o5) must be rejected", "scored": true, "durationMs": 49.4626, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0o5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-UNDERSCORE", "description": "Chunk size with underscores (1_0) must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size with underscores (1_0) must be rejected", "scored": true, "durationMs": 50.4838, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n1_0\r\nhello world!!!!!\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-TE-EMPTY-VALUE", "description": "Transfer-Encoding with empty value must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with empty value must be rejected", "scored": true, "durationMs": 50.4658, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-TE-LEADING-COMMA", "description": "Transfer-Encoding with leading comma (, chunked) \u2014 RFC says empty list elements MUST be ignored", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.6.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with leading comma (, chunked) \u2014 RFC says empty list elements MUST be ignored", "scored": true, "durationMs": 50.6179, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: , chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-TE-DUPLICATE-HEADERS", "description": "Two Transfer-Encoding headers with CL present \u2014 ambiguous framing", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Two Transfer-Encoding headers with CL present \u2014 ambiguous framing", "scored": true, "durationMs": 50.4478, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nTransfer-Encoding: identity\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-HEX-PREFIX", "description": "Chunk size with 0x prefix must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size with 0x prefix must be rejected", "scored": true, "durationMs": 50.6664, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n0x5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-CL-HEX-PREFIX", "description": "Content-Length with hex prefix (0x5) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with hex prefix (0x5) must be rejected", "scored": true, "durationMs": 50.4959, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0x5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-CL-INTERNAL-SPACE", "description": "Content-Length with internal space (1 0) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with internal space (1 0) must be rejected", "scored": true, "durationMs": 50.4542, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 1 0\r\n\r\nhello12345", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-LEADING-SP", "description": "Chunk size with leading space must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size with leading space must be rejected", "scored": true, "durationMs": 50.5819, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n 5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-MISSING-TRAILING-CRLF", "description": "Chunk data without trailing CRLF must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk data without trailing CRLF must be rejected", "scored": true, "durationMs": 50.6117, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-LF", "description": "Bare LF in chunk extension \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare LF in chunk extension \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 50.5458, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-SPILL", "description": "Chunk declares size 5 but sends 7 bytes \u2014 oversized chunk data must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk declares size 5 but sends 7 bytes \u2014 oversized chunk data must be rejected", "scored": true, "durationMs": 50.3306, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello!!\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-LF-TERM", "description": "Bare LF as chunk data terminator \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare LF as chunk data terminator \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 50.5127, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-CTRL", "description": "NUL byte in chunk extension must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "NUL byte in chunk extension must be rejected", "scored": true, "durationMs": 50.5018, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\u0000ext\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-CR", "description": "Bare CR (not CRLF) in chunk extension \u2014 some parsers treat CR alone as line ending", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare CR (not CRLF) in chunk extension \u2014 some parsers treat CR alone as line ending", "scored": true, "durationMs": 50.6975, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;a\rX\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-TE-VTAB", "description": "Vertical tab before 'chunked' in TE value \u2014 control char obfuscation vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Vertical tab before 'chunked' in TE value \u2014 control char obfuscation vector", "scored": true, "durationMs": 50.8717, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \u000bchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-TE-FORMFEED", "description": "Form feed before 'chunked' in TE value \u2014 control char obfuscation vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Form feed before 'chunked' in TE value \u2014 control char obfuscation vector", "scored": true, "durationMs": 50.4149, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \fchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-TE-NULL", "description": "NUL byte appended to 'chunked' in TE value \u2014 C-string truncation attack", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "NUL byte appended to 'chunked' in TE value \u2014 C-string truncation attack", "scored": true, "durationMs": 50.5559, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\u0000\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-LF-TRAILER", "description": "Bare LF in chunked trailer termination \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare LF in chunked trailer termination \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 50.7566, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-TE-IDENTITY", "description": "Transfer-Encoding: identity (deprecated) with CL must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: identity (deprecated) with CL must be rejected", "scored": true, "durationMs": 50.6059, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: identity\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-NEGATIVE", "description": "Negative chunk size must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Negative chunk size must be rejected", "scored": true, "durationMs": 50.7459, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n-1\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-TRANSFER_ENCODING", "description": "Transfer_Encoding (underscore) header with CL \u2014 not a valid header but some parsers accept", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer_Encoding (underscore) header with CL \u2014 not a valid header but some parsers accept", "scored": false, "durationMs": 50.8341, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer_Encoding: chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 5\r\nConnection: keep-alive\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-CL-COMMA-SAME", "description": "Content-Length with comma-separated identical values \u2014 some servers merge", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with comma-separated identical values \u2014 some servers merge", "scored": false, "durationMs": 50.8491, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5, 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 5\r\nConnection: keep-alive\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-CHUNKED-WITH-PARAMS", "description": "Transfer-Encoding: chunked;ext=val \u2014 parameters on chunked encoding", "category": "Smuggling", "rfc": "RFC 9112 \u00a77", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: chunked;ext=val \u2014 parameters on chunked encoding", "scored": true, "durationMs": 50.7338, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked;ext=val\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-EXPECT-100-CL", "description": "Expect: 100-continue with Content-Length \u2014 server should send 100 then read body", "category": "Smuggling", "rfc": "RFC 9110 \u00a710.1.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Expect: 100-continue with Content-Length \u2014 server should send 100 then read body", "scored": false, "durationMs": 50.6422, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nExpect: 100-continue\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 5\r\nConnection: keep-alive\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TRAILER-CL", "description": "Content-Length in chunked trailers must be ignored \u2014 prohibited trailer field", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length in chunked trailers must be ignored \u2014 prohibited trailer field", "scored": false, "durationMs": 50.5962, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nContent-Length: 50\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 5\r\nConnection: keep-alive\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TRAILER-TE", "description": "Transfer-Encoding in chunked trailers must be ignored \u2014 prohibited trailer field", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer-Encoding in chunked trailers must be ignored \u2014 prohibited trailer field", "scored": false, "durationMs": 50.4943, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nTransfer-Encoding: chunked\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 5\r\nConnection: keep-alive\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TRAILER-HOST", "description": "Host header in chunked trailers must not be used for routing", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Host header in chunked trailers must not be used for routing", "scored": false, "durationMs": 50.511, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nHost: evil.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 5\r\nConnection: keep-alive\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TRAILER-AUTH", "description": "Authorization header in chunked trailers \u2014 prohibited per RFC 9110 \u00a76.5.1", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Authorization header in chunked trailers \u2014 prohibited per RFC 9110 \u00a76.5.1", "scored": false, "durationMs": 50.5386, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nAuthorization: Bearer evil\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 5\r\nConnection: keep-alive\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-HEAD-CL-BODY", "description": "HEAD request with Content-Length and body \u2014 server must not leave body on connection", "category": "Smuggling", "rfc": "RFC 9110 \u00a79.3.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "HEAD request with Content-Length and body \u2014 server must not leave body on connection", "scored": false, "durationMs": 50.5363, "rawRequest": "HEAD / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 47\r\nConnection: keep-alive\r\n\r\nHello from GlyphServer\r\nMethod: HEAD\r\nPath: /\r\n", "behavioralNote": null}, {"id": "SMUG-OPTIONS-CL-BODY", "description": "OPTIONS with Content-Length and body \u2014 server should consume or reject body", "category": "Smuggling", "rfc": "RFC 9110 \u00a79.3.7", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "OPTIONS with Content-Length and body \u2014 server should consume or reject body", "scored": false, "durationMs": 50.5884, "rawRequest": "OPTIONS / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 50\r\nConnection: keep-alive\r\n\r\nHello from GlyphServer\r\nMethod: OPTIONS\r\nPath: /\r\n", "behavioralNote": null}, {"id": "SMUG-CL-UNDERSCORE", "description": "Content-Length with underscore digit separator (1_0) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with underscore digit separator (1_0) must be rejected", "scored": true, "durationMs": 50.3715, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 1_0\r\n\r\nhelloworld", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-CL-NEGATIVE-ZERO", "description": "Content-Length: -0 must be rejected \u2014 not valid 1*DIGIT", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length: -0 must be rejected \u2014 not valid 1*DIGIT", "scored": true, "durationMs": 50.4233, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: -0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-CL-DOUBLE-ZERO", "description": "Content-Length: 00 \u2014 matches 1*DIGIT but leading zero ambiguity", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length: 00 \u2014 matches 1*DIGIT but leading zero ambiguity", "scored": true, "durationMs": 50.653, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 00\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-CL-LEADING-ZEROS-OCTAL", "description": "Content-Length: 0200 \u2014 octal 128 vs decimal 200, parser disagreement vector", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length: 0200 \u2014 octal 128 vs decimal 200, parser disagreement vector", "scored": true, "durationMs": 50.5752, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0200\r\n\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-TE-OBS-FOLD", "description": "Transfer-Encoding with obs-fold line wrapping must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a75.1", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with obs-fold line wrapping must be rejected", "scored": true, "durationMs": 50.5395, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding:\r\n chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-TE-TRAILING-COMMA", "description": "Transfer-Encoding: chunked, \u2014 trailing comma produces empty list element", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.6.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: chunked, \u2014 trailing comma produces empty list element", "scored": true, "durationMs": 50.5349, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked,\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-TE-TAB-BEFORE-VALUE", "description": "Transfer-Encoding with tab as OWS before value", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with tab as OWS before value", "scored": false, "durationMs": 50.5968, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding:\tchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-ABSOLUTE-URI-HOST-MISMATCH", "description": "Absolute-form URI with different Host header \u2014 routing confusion vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a73.2.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Absolute-form URI with different Host header \u2014 routing confusion vector", "scored": false, "durationMs": 50.7231, "rawRequest": "GET http://other.example.com/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 70\r\nConnection: keep-alive\r\n\r\nHello from GlyphServer\r\nMethod: GET\r\nPath: http://other.example.com/\r\n", "behavioralNote": null}, {"id": "SMUG-MULTIPLE-HOST-COMMA", "description": "Host header with comma-separated values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a77.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Host header with comma-separated values must be rejected", "scored": true, "durationMs": 50.4568, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080, other.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 46\r\nConnection: keep-alive\r\n\r\nHello from GlyphServer\r\nMethod: GET\r\nPath: /\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-BARE-CR-TERM", "description": "Chunk size line terminated by bare CR \u2014 not a valid line terminator", "category": "Smuggling", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size line terminated by bare CR \u2014 not a valid line terminator", "scored": true, "durationMs": 50.5515, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\rhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-CONTENT-TYPE", "description": "Content-Type in chunked trailer \u2014 prohibited per RFC 9110 \u00a76.5.1", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Type in chunked trailer \u2014 prohibited per RFC 9110 \u00a76.5.1", "scored": false, "durationMs": 50.5077, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nContent-Type: text/evil\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 5\r\nConnection: keep-alive\r\n\r\nhello", "behavioralNote": null}, {"id": "MAL-BINARY-GARBAGE", "description": "Random binary garbage should be rejected or connection closed", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Random binary garbage should be rejected or connection closed", "scored": true, "durationMs": 5000.4971, "rawRequest": ">\u0017???\u0004?;???V???:o?M%U\u0017]?n?\t\u0014W??6??(\u000b??\u0007???p??\u0005\tngk??\rF?'??'\"?????g?\u001a?????rvc??7i??????)??\u0000Q?????\u000eq\u0005-~????>B??u?8???`\u000b?J\u0017>?\u001d?b?\t???T5{\n????\u0006t|????\u0018\u0010?D??\u0015'????dQ%5w\tN K???\r?\u0011????D?\u0003I?(?\u0011??\r?\u001bi?L???\u0005?kg4Ze\f6??\"QT><<`\u0007u\f????=1?jMah\u0012??+?-??J\u001cP??\u001d?7?,???j2\u0014????(", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-LONG-URL", "description": "100KB URL should be rejected with 414 URI Too Long", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 431, "expected": "400/414/431 or close", "got": "431", "connectionState": "ClosedByServer", "reason": "100KB URL should be rejected with 414 URI Too Long", "scored": true, "durationMs": 52.6188, "rawRequest": "GET /AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 431 Request Header Fields Too Large\r\nContent-Type: text/plain\r\nContent-Length: 37\r\nConnection: keep-alive\r\n\r\n431 Request Header Fields Too Large\r\n", "behavioralNote": null}, {"id": "MAL-LONG-HEADER-VALUE", "description": "100KB header value should be rejected with 431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 431, "expected": "400/431 or close", "got": "431", "connectionState": "ClosedByServer", "reason": "100KB header value should be rejected with 431", "scored": true, "durationMs": 50.8309, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Big: BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB", "rawResponse": "HTTP/1.1 431 Request Header Fields Too Large\r\nContent-Type: text/plain\r\nContent-Length: 37\r\nConnection: keep-alive\r\n\r\n431 Request Header Fields Too Large\r\n", "behavioralNote": null}, {"id": "MAL-MANY-HEADERS", "description": "10,000 headers should be rejected with 431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 431, "expected": "400/431 or close", "got": "431", "connectionState": "ClosedByServer", "reason": "10,000 headers should be rejected with 431", "scored": true, "durationMs": 61.0772, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-H-0: value\r\nX-H-1: value\r\nX-H-2: value\r\nX-H-3: value\r\nX-H-4: value\r\nX-H-5: value\r\nX-H-6: value\r\nX-H-7: value\r\nX-H-8: value\r\nX-H-9: value\r\nX-H-10: value\r\nX-H-11: value\r\nX-H-12: value\r\nX-H-13: value\r\nX-H-14: value\r\nX-H-15: value\r\nX-H-16: value\r\nX-H-17: value\r\nX-H-18: value\r\nX-H-19: value\r\nX-H-20: value\r\nX-H-21: value\r\nX-H-22: value\r\nX-H-23: value\r\nX-H-24: value\r\nX-H-25: value\r\nX-H-26: value\r\nX-H-27: value\r\nX-H-28: value\r\nX-H-29: value\r\nX-H-30: value\r\nX-H-31: value\r\nX-H-32: value\r\nX-H-33: value\r\nX-H-34: value\r\nX-H-35: value\r\nX-H-36: value\r\nX-H-37: value\r\nX-H-38: value\r\nX-H-39: value\r\nX-H-40: value\r\nX-H-41: value\r\nX-H-42: value\r\nX-H-43: value\r\nX-H-44: value\r\nX-H-45: value\r\nX-H-46: value\r\nX-H-47: value\r\nX-H-48: value\r\nX-H-49: value\r\nX-H-50: value\r\nX-H-51: value\r\nX-H-52: value\r\nX-H-53: value\r\nX-H-54: value\r\nX-H-55: value\r\nX-H-56: value\r\nX-H-57: value\r\nX-H-58: value\r\nX-H-59: value\r\nX-H-60: value\r\nX-H-61: value\r\nX-H-62: value\r\nX-H-63: value\r\nX-H-64: value\r\nX-H-65: value\r\nX-H-66: value\r\nX-H-67: value\r\nX-H-68: value\r\nX-H-69: value\r\nX-H-70: value\r\nX-H-71: value\r\nX-H-72: value\r\nX-H-73: value\r\nX-H-74: value\r\nX-H-75: value\r\nX-H-76: value\r\nX-H-77: value\r\nX-H-78: value\r\nX-H-79: value\r\nX-H-80: value\r\nX-H-81: value\r\nX-H-82: value\r\nX-H-83: value\r\nX-H-84: value\r\nX-H-85: value\r\nX-H-86: value\r\nX-H-87: value\r\nX-H-88: value\r\nX-H-89: value\r\nX-H-90: value\r\nX-H-91: value\r\nX-H-92: value\r\nX-H-93: value\r\nX-H-94: value\r\nX-H-95: value\r\nX-H-96: value\r\nX-H-97: value\r\nX-H-98: value\r\nX-H-99: value\r\nX-H-100: value\r\nX-H-101: value\r\nX-H-102: value\r\nX-H-103: value\r\nX-H-104: value\r\nX-H-105: value\r\nX-H-106: value\r\nX-H-107: value\r\nX-H-108: value\r\nX-H-109: value\r\nX-H-110: value\r\nX-H-111: value\r\nX-H-112: value\r\nX-H-113: value\r\nX-H-114: value\r\nX-H-115: value\r\nX-H-116: value\r\nX-H-117: value\r\nX-H-118: value\r\nX-H-119: value\r\nX-H-120: value\r\nX-H-121: value\r\nX-H-122: value\r\nX-H-123: value\r\nX-H-124: value\r\nX-H-125: value\r\nX-H-126: value\r\nX-H-127: value\r\nX-H-128: value\r\nX-H-129: value\r\nX-H-130: value\r\nX-H-131: value\r\nX-H-132: value\r\nX-H-133: value\r\nX-H-134: value\r\nX-H-135: value\r\nX-H-136: value\r\nX-H-137: value\r\nX-H-138: value\r\nX-H-139: value\r\nX-H-140: value\r\nX-H-141: value\r\nX-H-142: value\r\nX-H-143: value\r\nX-H-144: value\r\nX-H-145: value\r\nX-H-146: value\r\nX-H-147: value\r\nX-H-148: value\r\nX-H-149: value\r\nX-H-150: value\r\nX-H-151: value\r\nX-H-152: value\r\nX-H-153: value\r\nX-H-154: value\r\nX-H-155: value\r\nX-H-156: value\r\nX-H-157: value\r\nX-H-158: value\r\nX-H-159: value\r\nX-H-160: value\r\nX-H-161: value\r\nX-H-162: value\r\nX-H-163: value\r\nX-H-164: value\r\nX-H-165: value\r\nX-H-166: value\r\nX-H-167: value\r\nX-H-168: value\r\nX-H-169: value\r\nX-H-170: value\r\nX-H-171: value\r\nX-H-172: value\r\nX-H-173: value\r\nX-H-174: value\r\nX-H-175: value\r\nX-H-176: value\r\nX-H-177: value\r\nX-H-178: value\r\nX-H-179: value\r\nX-H-180: value\r\nX-H-181: value\r\nX-H-182: value\r\nX-H-183: value\r\nX-H-184: value\r\nX-H-185: value\r\nX-H-186: value\r\nX-H-187: value\r\nX-H-188: value\r\nX-H-189: value\r\nX-H-190: value\r\nX-H-191: value\r\nX-H-192: value\r\nX-H-193: value\r\nX-H-194: value\r\nX-H-195: value\r\nX-H-196: value\r\nX-H-197: value\r\nX-H-198: value\r\nX-H-199: value\r\nX-H-200: value\r\nX-H-201: value\r\nX-H-202: value\r\nX-H-203: value\r\nX-H-204: value\r\nX-H-205: value\r\nX-H-206: value\r\nX-H-207: value\r\nX-H-208: value\r\nX-H-209: value\r\nX-H-210: value\r\nX-H-211: value\r\nX-H-212: value\r\nX-H-213: value\r\nX-H-214: value\r\nX-H-215: value\r\nX-H-216: value\r\nX-H-217: value\r\nX-H-218: value\r\nX-H-219: value\r\nX-H-220: value\r\nX-H-221: value\r\nX-H-222: value\r\nX-H-223: value\r\nX-H-224: value\r\nX-H-225: value\r\nX-H-226: value\r\nX-H-227: value\r\nX-H-228: value\r\nX-H-229: value\r\nX-H-230: value\r\nX-H-231: value\r\nX-H-232: value\r\nX-H-233: value\r\nX-H-234: value\r\nX-H-235: value\r\nX-H-236: value\r\nX-H-237: value\r\nX-H-238: value\r\nX-H-239: value\r\nX-H-240: value\r\nX-H-241: value\r\nX-H-242: value\r\nX-H-243: value\r\nX-H-244: value\r\nX-H-245: value\r\nX-H-246: value\r\nX-H-247: value\r\nX-H-248: value\r\nX-H-249: value\r\nX-H-250: value\r\nX-H-251: value\r\nX-H-252: value\r\nX-H-253: value\r\nX-H-254: value\r\nX-H-255: value\r\nX-H-256: value\r\nX-H-257: value\r\nX-H-258: value\r\nX-H-259: value\r\nX-H-260: value\r\nX-H-261: value\r\nX-H-262: value\r\nX-H-263: value\r\nX-H-264: value\r\nX-H-265: value\r\nX-H-266: value\r\nX-H-267: value\r\nX-H-268: value\r\nX-H-269: value\r\nX-H-270: value\r\nX-H-271: value\r\nX-H-272: value\r\nX-H-273: value\r\nX-H-274: value\r\nX-H-275: value\r\nX-H-276: value\r\nX-H-277: value\r\nX-H-278: value\r\nX-H-279: value\r\nX-H-280: value\r\nX-H-281: value\r\nX-H-282: value\r\nX-H-283: value\r\nX-H-284: value\r\nX-H-285: value\r\nX-H-286: value\r\nX-H-287: value\r\nX-H-288: value\r\nX-H-289: value\r\nX-H-290: value\r\nX-H-291: value\r\nX-H-292: value\r\nX-H-293: value\r\nX-H-294: value\r\nX-H-295: value\r\nX-H-296: value\r\nX-H-297: value\r\nX-H-298: value\r\nX-H-299: value\r\nX-H-300: value\r\nX-H-301: value\r\nX-H-302: value\r\nX-H-303: value\r\nX-H-304: value\r\nX-H-305: value\r\nX-H-306: value\r\nX-H-307: value\r\nX-H-308: value\r\nX-H-309: value\r\nX-H-310: value\r\nX-H-311: value\r\nX-H-312: value\r\nX-H-313: value\r\nX-H-314: value\r\nX-H-315: value\r\nX-H-316: value\r\nX-H-317: value\r\nX-H-318: value\r\nX-H-319: value\r\nX-H-320: value\r\nX-H-321: value\r\nX-H-322: value\r\nX-H-323: value\r\nX-H-324: value\r\nX-H-325: value\r\nX-H-326: value\r\nX-H-327: value\r\nX-H-328: value\r\nX-H-329: value\r\nX-H-330: value\r\nX-H-331: value\r\nX-H-332: value\r\nX-H-333: value\r\nX-H-334: value\r\nX-H-335: value\r\nX-H-336: value\r\nX-H-337: value\r\nX-H-338: value\r\nX-H-339: value\r\nX-H-340: value\r\nX-H-341: value\r\nX-H-342: value\r\nX-H-343: value\r\nX-H-344: value\r\nX-H-345: value\r\nX-H-346: value\r\nX-H-347: value\r\nX-H-348: value\r\nX-H-349: value\r\nX-H-350: value\r\nX-H-351: value\r\nX-H-352: value\r\nX-H-353: value\r\nX-H-354: value\r\nX-H-355: value\r\nX-H-356: value\r\nX-H-357: value\r\nX-H-358: value\r\nX-H-359: value\r\nX-H-360: value\r\nX-H-361: value\r\nX-H-362: value\r\nX-H-363: value\r\nX-H-364: value\r\nX-H-365: value\r\nX-H-366: value\r\nX-H-367: value\r\nX-H-368: value\r\nX-H-369: value\r\nX-H-370: value\r\nX-H-371: value\r\nX-H-372: value\r\nX-H-373: value\r\nX-H-374: value\r\nX-H-375: value\r\nX-H-376: value\r\nX-H-377: value\r\nX-H-378: value\r\nX-H-379: value\r\nX-H-380: value\r\nX-H-381: value\r\nX-H-382: value\r\nX-H-383: value\r\nX-H-384: value\r\nX-H-385: value\r\nX-H-386: value\r\nX-H-387: value\r\nX-H-388: value\r\nX-H-389: value\r\nX-H-390: value\r\nX-H-391: value\r\nX-H-392: value\r\nX-H-393: value\r\nX-H-394: value\r\nX-H-395: value\r\nX-H-396: value\r\nX-H-397: value\r\nX-H-398: value\r\nX-H-399: value\r\nX-H-400: value\r\nX-H-401: value\r\nX-H-402: value\r\nX-H-403: value\r\nX-H-404: value\r\nX-H-405: value\r\nX-H-406: value\r\nX-H-407: value\r\nX-H-408: value\r\nX-H-409: value\r\nX-H-410: value\r\nX-H-411: value\r\nX-H-412: value\r\nX-H-413: value\r\nX-H-414: value\r\nX-H-415: value\r\nX-H-416: value\r\nX-H-417: value\r\nX-H-418: value\r\nX-H-419: value\r\nX-H-420: value\r\nX-H-421: value\r\nX-H-422: value\r\nX-H-423: value\r\nX-H-424: value\r\nX-H-425: value\r\nX-H-426: value\r\nX-H-427: value\r\nX-H-428: value\r\nX-H-429: value\r\nX-H-430: value\r\nX-H-431: value\r\nX-H-432: value\r\nX-H-433: value\r\nX-H-434: value\r\nX-H-435: value\r\nX-H-436: value\r\nX-H-437: value\r\nX-H-438: value\r\nX-H-439: value\r\nX-H-440: value\r\nX-H-441: value\r\nX-H-442: value\r\nX-H-443: value\r\nX-H-444: value\r\nX-H-445: value\r\nX-H-446: value\r\nX-H-447: value\r\nX-H-448: value\r\nX-H-449: value\r\nX-H-450: value\r\nX-H-451: value\r\nX-H-452: value\r\nX-H-453: value\r\nX-H-454: value\r\nX-H-455: value\r\nX-H-456: value\r\nX-H-457: value\r\nX-H-458: value\r\nX-H-459: value\r\nX-H-460: value\r\nX-H-461: value\r\nX-H-462: value\r\nX-H-463: value\r\nX-H-464: value\r\nX-H-465: value\r\nX-H-466: value\r\nX-H-467: value\r\nX-H-468: value\r\nX-H-469: value\r\nX-H-470: value\r\nX-H-471: value\r\nX-H-472: value\r\nX-H-473: value\r\nX-H-474: value\r\nX-H-475: value\r\nX-H-476: value\r\nX-H-477: value\r\nX-H-478: value\r\nX-H-479: value\r\nX-H-480: value\r\nX-H-481: value\r\nX-H-482: value\r\nX-H-483: value\r\nX-H-484: value\r\nX-H-485: value\r\nX-H-486: value\r\nX-H-487: value\r\nX-H-488: value\r\nX-H-489: value\r\nX-H-490: value\r\nX-H-491: value\r\nX-H-492: value\r\nX-H-493: value\r\nX-H-494: value\r\nX-H-495: value\r\nX-H-496: value\r\nX-H-497: value\r\nX-H-498: value\r\nX-H-499: value\r\nX-H-500: value\r\nX-H-501: value\r\nX-H-502: value\r\nX-H-503: value\r\nX-H-504: value\r\nX-H-505: value\r\nX-H-506: value\r\nX-H-507: value\r\nX-H-508: value\r\nX-H-509: value\r\nX-H-510: value\r\nX-H-511: value\r\nX-H-512: value\r\nX-H-513: value\r\nX-H-514: value\r\nX-H-515: value\r\nX-H-516:", "rawResponse": "HTTP/1.1 431 Request Header Fields Too Large\r\nContent-Type: text/plain\r\nContent-Length: 37\r\nConnection: keep-alive\r\n\r\n431 Request Header Fields Too Large\r\n", "behavioralNote": null}, {"id": "MAL-NUL-IN-URL", "description": "NUL byte in URL should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "NUL byte in URL should be rejected", "scored": true, "durationMs": 50.4006, "rawRequest": "GET /\u0000test HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "MAL-CONTROL-CHARS-HEADER", "description": "Control characters in header value should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Control characters in header value should be rejected", "scored": true, "durationMs": 50.4138, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: abc\u0007\b?f\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "MAL-INCOMPLETE-REQUEST", "description": "Partial HTTP request \u2014 request-line and headers but no final CRLF", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Partial HTTP request \u2014 request-line and headers but no final CRLF", "scored": true, "durationMs": 5000.6895, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: value", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-EMPTY-REQUEST", "description": "Zero bytes \u2014 TCP connection established without sending any data", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Zero bytes \u2014 TCP connection established without sending any data", "scored": true, "durationMs": 5000.3526, "rawRequest": "", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-LONG-HEADER-NAME", "description": "100KB header name should be rejected with 400/431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 431, "expected": "400/431 or close", "got": "431", "connectionState": "ClosedByServer", "reason": "100KB header name should be rejected with 400/431", "scored": true, "durationMs": 51.3942, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 431 Request Header Fields Too Large\r\nContent-Type: text/plain\r\nContent-Length: 37\r\nConnection: keep-alive\r\n\r\n431 Request Header Fields Too Large\r\n", "behavioralNote": null}, {"id": "MAL-LONG-METHOD", "description": "100KB method name should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "100KB method name should be rejected", "scored": true, "durationMs": 51.2742, "rawRequest": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "MAL-NON-ASCII-HEADER-NAME", "description": "Non-ASCII bytes (UTF-8 \u00eb) in header name must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Non-ASCII bytes (UTF-8 \u00eb) in header name must be rejected", "scored": true, "durationMs": 50.4057, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-T??st: value\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "MAL-NON-ASCII-URL", "description": "Non-ASCII bytes (UTF-8 \u00e9) in URL must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Non-ASCII bytes (UTF-8 \u00e9) in URL must be rejected", "scored": true, "durationMs": 50.5138, "rawRequest": "GET /caf?? HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "MAL-CL-OVERFLOW", "description": "Content-Length with integer overflow value must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with integer overflow value must be rejected", "scored": true, "durationMs": 50.5086, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 99999999999999999999\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "MAL-WHITESPACE-ONLY-LINE", "description": "Whitespace-only request line should be rejected or timeout", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "Whitespace-only request line should be rejected or timeout", "scored": true, "durationMs": 50.6341, "rawRequest": "   \r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "MAL-NUL-IN-HEADER-VALUE", "description": "NUL byte in header value should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "NUL byte in header value should be rejected", "scored": true, "durationMs": 50.4248, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: val\u0000ue\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "MAL-CHUNK-SIZE-OVERFLOW", "description": "Chunk size with integer overflow must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size with integer overflow must be rejected", "scored": true, "durationMs": 50.5211, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\nFFFFFFFFFFFFFFFF0\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "MAL-H2-PREFACE", "description": "HTTP/2 connection preface sent to HTTP/1.1 server must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/505/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/2 connection preface sent to HTTP/1.1 server must be rejected", "scored": true, "durationMs": 50.6572, "rawRequest": "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "MAL-CL-EMPTY", "description": "Empty Content-Length value must be rejected", "category": "MalformedInput", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Empty Content-Length value must be rejected", "scored": true, "durationMs": 50.4577, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: \r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "MAL-CL-TAB-BEFORE-VALUE", "description": "Content-Length with tab as OWS \u2014 valid per RFC but unusual", "category": "MalformedInput", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with tab as OWS \u2014 valid per RFC but unusual", "scored": true, "durationMs": 50.8263, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length:\t5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 5\r\nConnection: keep-alive\r\n\r\nhello", "behavioralNote": null}, {"id": "MAL-URL-BACKSLASH", "description": "Backslash in URL path \u2014 not valid URI character, some servers normalize to /", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx/404", "got": "400", "connectionState": "ClosedByServer", "reason": "Backslash in URL path \u2014 not valid URI character, some servers normalize to /", "scored": true, "durationMs": 50.5492, "rawRequest": "GET /path\\file HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "MAL-URL-OVERLONG-UTF8", "description": "Overlong UTF-8 encoding of / (0xC0 0xAF) in URL must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Overlong UTF-8 encoding of / (0xC0 0xAF) in URL must be rejected", "scored": true, "durationMs": 50.5769, "rawRequest": "GET /?? HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "MAL-URL-PERCENT-NULL", "description": "Percent-encoded NUL byte (%00) in URL \u2014 security risk from null byte injection", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx/404", "got": "400", "connectionState": "ClosedByServer", "reason": "Percent-encoded NUL byte (%00) in URL \u2014 security risk from null byte injection", "scored": true, "durationMs": 50.6839, "rawRequest": "GET /path%00.html HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Type: text/plain\r\nContent-Length: 17\r\nConnection: keep-alive\r\n\r\n400 Bad Request\r\n", "behavioralNote": null}, {"id": "MAL-URL-PERCENT-CRLF", "description": "Percent-encoded CRLF (%0d%0a) in URL \u2014 header injection if server decodes during parsing", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx/404", "got": "200", "connectionState": "Open", "reason": "Percent-encoded CRLF (%0d%0a) in URL \u2014 header injection if server decodes during parsing", "scored": true, "durationMs": 50.7737, "rawRequest": "GET /path%0d%0aX-Injected:%20true HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 74\r\nConnection: keep-alive\r\n\r\nHello from GlyphServer\r\nMethod: GET\r\nPath: /path%0d%0aX-Injected:%20true\r\n", "behavioralNote": null}, {"id": "MAL-CHUNK-EXT-64K", "description": "64KB chunk extension \u2014 tests extension length limits (CVE-2023-39326 class)", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 64KB chunk extension \u2014 tests extension length limits (CVE-2023-39326 class)", "scored": true, "durationMs": 5000.9566, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;ext=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-RANGE-OVERLAPPING", "description": "1000 overlapping Range values \u2014 resource exhaustion vector (CVE-2011-3192 class)", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "200/206/400/416", "got": "200", "connectionState": "Open", "reason": "1000 overlapping Range values \u2014 resource exhaustion vector (CVE-2011-3192 class)", "scored": false, "durationMs": 51.8433, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nRange: bytes=0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nContent-Length: 46\r\nConnection: keep-alive\r\n\r\nHello from GlyphServer\r\nMethod: GET\r\nPath: /\r\n", "behavioralNote": null}, {"id": "MAL-POST-CL-HUGE-NO-BODY", "description": "POST with Content-Length: 999999999 but no body \u2014 tests timeout vs memory allocation", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "POST with Content-Length: 999999999 but no body \u2014 tests timeout vs memory allocation", "scored": true, "durationMs": 5000.7516, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 999999999\r\n\r\n", "rawResponse": null, "behavioralNote": null}], "name": "Glyph", "language": "C#"}, {"summary": {"total": 143, "scored": 125, "passed": 75, "failed": 39, "warnings": 11, "unscored": 18}, "results": [{"id": "COMP-BASELINE", "description": "Valid GET request \u2014 confirms server is reachable", "category": "Compliance", "rfc": null, "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid GET request \u2014 confirms server is reachable", "scored": true, "durationMs": 62.8133, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 4\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"OK\"", "behavioralNote": null}, {"id": "RFC9112-2.2-BARE-LF-REQUEST-LINE", "description": "Bare LF in request line should be rejected, but MAY be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close (pass), 2xx (warn)", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare LF in request line should be rejected, but MAY be accepted", "scored": true, "durationMs": 51.5176, "rawRequest": "GET / HTTP/1.1\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "RFC9112-2.2-BARE-LF-HEADER", "description": "Bare LF in header should be rejected, but MAY be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close (pass), 2xx (warn)", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare LF in header should be rejected, but MAY be accepted", "scored": true, "durationMs": 50.5514, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\nX-Test: value\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "RFC9112-5.1-OBS-FOLD", "description": "Obs-fold (line folding) in headers should be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75.1", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Obs-fold (line folding) in headers should be rejected", "scored": true, "durationMs": 49.5731, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: value\r\n continued\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "RFC9110-5.6.2-SP-BEFORE-COLON", "description": "Whitespace between header name and colon must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Whitespace between header name and colon must be rejected", "scored": true, "durationMs": 50.7634, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test : value\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "RFC9112-3-MULTI-SP-REQUEST-LINE", "description": "Multiple spaces between request-line components \u2014 SHOULD reject but MAY parse leniently", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Multiple spaces between request-line components \u2014 SHOULD reject but MAY parse leniently", "scored": true, "durationMs": 50.6961, "rawRequest": "GET  / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "RFC9112-7.1-MISSING-HOST", "description": "Request without Host header must be rejected with 400", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Request without Host header must be rejected with 400", "scored": true, "durationMs": 50.5479, "rawRequest": "GET / HTTP/1.1\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "RFC9112-2.3-INVALID-VERSION", "description": "Invalid HTTP version must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400/505 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Invalid HTTP version must be rejected", "scored": true, "durationMs": 50.4936, "rawRequest": "GET / HTTP/9.9\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 26\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nHTTP Version Not Supported", "behavioralNote": null}, {"id": "RFC9112-5-EMPTY-HEADER-NAME", "description": "Empty header name (leading colon) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Empty header name (leading colon) must be rejected", "scored": true, "durationMs": 50.4252, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\n: empty-name\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "RFC9112-3-CR-ONLY-LINE-ENDING", "description": "CR without LF as line ending must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "CR without LF as line ending must be rejected", "scored": true, "durationMs": 50.4346, "rawRequest": "GET / HTTP/1.1\rHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "RFC9112-3-MISSING-TARGET", "description": "Request line with no target (space but no path) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Request line with no target (space but no path) must be rejected", "scored": true, "durationMs": 50.4728, "rawRequest": "GET HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "RFC9112-3.2-FRAGMENT-IN-TARGET", "description": "Fragment (#) in request-target \u2014 not part of origin-form grammar", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 404, "expected": "400 or 2xx", "got": "404", "connectionState": "Open", "reason": "Expected 400 or 2xx, got 404 \u2014 Fragment (#) in request-target \u2014 not part of origin-form grammar", "scored": true, "durationMs": 50.8778, "rawRequest": "GET /path#frag HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nContent-Length: 9\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: keep-alive\r\n\r\nNot Found", "behavioralNote": null}, {"id": "RFC9112-2.3-HTTP09-REQUEST", "description": "HTTP/0.9 request (no version) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "HTTP/0.9 request (no version) must be rejected", "scored": true, "durationMs": 5001.1041, "rawRequest": "GET /\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "RFC9112-5-INVALID-HEADER-NAME", "description": "Header name with invalid characters (brackets) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Header name with invalid characters (brackets) must be rejected", "scored": true, "durationMs": 50.3397, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nBad[Name: value\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "RFC9112-5-HEADER-NO-COLON", "description": "Header line without colon must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Header line without colon must be rejected", "scored": true, "durationMs": 50.4472, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nNoColonHere\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "RFC9110-5.4-DUPLICATE-HOST", "description": "Duplicate Host headers with different values must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Duplicate Host headers with different values must be rejected", "scored": true, "durationMs": 50.473, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nHost: other.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "RFC9112-6.1-CL-NON-NUMERIC", "description": "Non-numeric Content-Length must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Non-numeric Content-Length must be rejected", "scored": true, "durationMs": 50.6565, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: abc\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "RFC9112-6.1-CL-PLUS-SIGN", "description": "Content-Length with plus sign must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with plus sign must be rejected", "scored": true, "durationMs": 50.497, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: +5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "COMP-WHITESPACE-BEFORE-HEADERS", "description": "Whitespace before first header line must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Whitespace before first header line must be rejected", "scored": true, "durationMs": 50.4891, "rawRequest": "GET / HTTP/1.1\r\n \r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "COMP-DUPLICATE-HOST-SAME", "description": "Duplicate Host headers with identical values must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Duplicate Host headers with identical values must be rejected", "scored": true, "durationMs": 50.4846, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "COMP-HOST-WITH-USERINFO", "description": "Host header with userinfo (user@host) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Host header with userinfo (user@host) must be rejected", "scored": true, "durationMs": 50.4164, "rawRequest": "GET / HTTP/1.1\r\nHost: user@localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 4\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"OK\"", "behavioralNote": null}, {"id": "COMP-HOST-WITH-PATH", "description": "Host header with path component must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Host header with path component must be rejected", "scored": true, "durationMs": 50.5474, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080/path\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 4\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"OK\"", "behavioralNote": null}, {"id": "COMP-ASTERISK-WITH-GET", "description": "Asterisk-form (*) request-target with GET must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.4", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Asterisk-form (*) request-target with GET must be rejected", "scored": true, "durationMs": 50.5147, "rawRequest": "GET * HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "COMP-OPTIONS-STAR", "description": "OPTIONS * is the only valid asterisk-form request", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.4", "verdict": "Fail", "statusCode": 400, "expected": "2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Expected 2xx, got 400 \u2014 OPTIONS * is the only valid asterisk-form request", "scored": true, "durationMs": 50.4662, "rawRequest": "OPTIONS * HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "COMP-UNKNOWN-TE-501", "description": "Unknown Transfer-Encoding without CL should be rejected with 501", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400/501 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400/501 or close, got 200 \u2014 Unknown Transfer-Encoding without CL should be rejected with 501", "scored": true, "durationMs": 50.8815, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: gzip\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 2\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"\"", "behavioralNote": null}, {"id": "COMP-LEADING-CRLF", "description": "Leading CRLF before request-line \u2014 server may ignore per RFC", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Leading CRLF before request-line \u2014 server may ignore per RFC", "scored": true, "durationMs": 50.5792, "rawRequest": "\r\n\r\nGET / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "COMP-ABSOLUTE-FORM", "description": "Absolute-form request-target \u2014 server should accept per RFC", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Absolute-form request-target \u2014 server should accept per RFC", "scored": true, "durationMs": 50.5991, "rawRequest": "GET http://localhost:8080/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "COMP-METHOD-CASE", "description": "Lowercase method 'get' \u2014 methods are case-sensitive per RFC", "category": "Compliance", "rfc": "RFC 9110 \u00a79.1", "verdict": "Fail", "statusCode": 404, "expected": "400/405/501 or 2xx", "got": "404", "connectionState": "Open", "reason": "Expected 400/405/501 or 2xx, got 404 \u2014 Lowercase method 'get' \u2014 methods are case-sensitive per RFC", "scored": true, "durationMs": 50.7745, "rawRequest": "get / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nContent-Length: 9\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: keep-alive\r\n\r\nNot Found", "behavioralNote": null}, {"id": "COMP-POST-CL-BODY", "description": "POST with Content-Length and matching body must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "POST with Content-Length and matching body must be accepted", "scored": true, "durationMs": 49.8704, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 7\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"hello\"", "behavioralNote": null}, {"id": "COMP-POST-CL-ZERO", "description": "POST with Content-Length: 0 and no body must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "POST with Content-Length: 0 and no body must be accepted", "scored": true, "durationMs": 50.534, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 2\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"\"", "behavioralNote": null}, {"id": "COMP-POST-NO-CL-NO-TE", "description": "POST with neither Content-Length nor Transfer-Encoding \u2014 implicit zero-length body", "category": "Compliance", "rfc": "RFC 9112 \u00a76.3", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "POST with neither Content-Length nor Transfer-Encoding \u2014 implicit zero-length body", "scored": true, "durationMs": 50.5612, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 2\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"\"", "behavioralNote": null}, {"id": "COMP-POST-CL-UNDERSEND", "description": "POST with Content-Length: 10 but only 5 bytes sent \u2014 incomplete body", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "POST with Content-Length: 10 but only 5 bytes sent \u2014 incomplete body", "scored": true, "durationMs": 5000.0539, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 10\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-CHUNKED-BODY", "description": "Valid single-chunk POST must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": null, "expected": "2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 2xx, got TimedOut \u2014 Valid single-chunk POST must be accepted", "scored": true, "durationMs": 5000.4685, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-CHUNKED-MULTI", "description": "Valid multi-chunk POST must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": null, "expected": "2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 2xx, got TimedOut \u2014 Valid multi-chunk POST must be accepted", "scored": true, "durationMs": 5000.8152, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n6\r\n world\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-CHUNKED-EMPTY", "description": "Zero-length chunked body (just terminator) must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": null, "expected": "2xx or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Zero-length chunked body (just terminator) must be accepted", "scored": true, "durationMs": 5000.4628, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-CHUNKED-NO-FINAL", "description": "Chunked body without zero terminator \u2014 incomplete transfer", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Chunked body without zero terminator \u2014 incomplete transfer", "scored": true, "durationMs": 5000.7505, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-UPGRADE-POST", "description": "WebSocket upgrade via POST must not be accepted", "category": "Compliance", "rfc": "RFC 6455 \u00a74.1", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "WebSocket upgrade via POST must not be accepted", "scored": true, "durationMs": 49.7838, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 13\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 2\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"\"", "behavioralNote": null}, {"id": "COMP-UPGRADE-MISSING-CONN", "description": "Upgrade header without Connection: Upgrade must not trigger protocol switch", "category": "Compliance", "rfc": "RFC 9110 \u00a77.8", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "Upgrade header without Connection: Upgrade must not trigger protocol switch", "scored": true, "durationMs": 50.8762, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 13\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 4\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"OK\"", "behavioralNote": null}, {"id": "COMP-UPGRADE-UNKNOWN", "description": "Upgrade to unknown protocol must not return 101", "category": "Compliance", "rfc": "RFC 9110 \u00a77.8", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "Upgrade to unknown protocol must not return 101", "scored": true, "durationMs": 50.4694, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: totally-made-up/1.0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 4\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"OK\"", "behavioralNote": null}, {"id": "COMP-METHOD-CONNECT", "description": "CONNECT to an origin server must be rejected", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.6", "verdict": "Pass", "statusCode": 400, "expected": "400/405/501 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "CONNECT to an origin server must be rejected", "scored": true, "durationMs": 50.4791, "rawRequest": "CONNECT example.com:443 HTTP/1.1\r\nHost: example.com:443\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "COMP-EXPECT-UNKNOWN", "description": "Unknown Expect value should be rejected with 417", "category": "Compliance", "rfc": "RFC 9110 \u00a710.1.1", "verdict": "Warn", "statusCode": 200, "expected": "417 or 2xx", "got": "200", "connectionState": "Open", "reason": "Unknown Expect value should be rejected with 417", "scored": true, "durationMs": 50.6982, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nExpect: 200-ok\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 4\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"OK\"", "behavioralNote": null}, {"id": "COMP-GET-WITH-CL-BODY", "description": "GET with Content-Length and body \u2014 semantically unusual", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "GET with Content-Length and body \u2014 semantically unusual", "scored": false, "durationMs": 50.7519, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 4\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"OK\"", "behavioralNote": null}, {"id": "COMP-CHUNKED-EXTENSION", "description": "Chunk extension (valid per RFC) \u2014 server should accept or may reject", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": null, "expected": "2xx or 400", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 2xx or 400, got TimedOut \u2014 Chunk extension (valid per RFC) \u2014 server should accept or may reject", "scored": true, "durationMs": 5000.743, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;ext=value\r\nhello\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-UPGRADE-INVALID-VER", "description": "WebSocket upgrade with unsupported version \u2014 should return 426", "category": "Compliance", "rfc": "RFC 6455 \u00a74.4", "verdict": "Warn", "statusCode": 200, "expected": "426 or 2xx", "got": "200", "connectionState": "Open", "reason": "WebSocket upgrade with unsupported version \u2014 should return 426", "scored": true, "durationMs": 50.8045, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 99\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 4\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"OK\"", "behavioralNote": null}, {"id": "COMP-METHOD-TRACE", "description": "TRACE request \u2014 should be disabled in production", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.8", "verdict": "Fail", "statusCode": 404, "expected": "405/501 or 2xx", "got": "404", "connectionState": "Open", "reason": "Expected 405/501 or 2xx, got 404 \u2014 TRACE request \u2014 should be disabled in production", "scored": false, "durationMs": 51.9391, "rawRequest": "TRACE / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nContent-Length: 9\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: keep-alive\r\n\r\nNot Found", "behavioralNote": null}, {"id": "COMP-HOST-EMPTY-VALUE", "description": "Empty Host header value must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Empty Host header value must be rejected", "scored": true, "durationMs": 50.8946, "rawRequest": "GET / HTTP/1.1\r\nHost: \r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 4\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"OK\"", "behavioralNote": null}, {"id": "COMP-REQUEST-LINE-TAB", "description": "Tab as request-line delimiter \u2014 SHOULD reject but MAY parse on whitespace", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Tab as request-line delimiter \u2014 SHOULD reject but MAY parse on whitespace", "scored": true, "durationMs": 50.7707, "rawRequest": "GET\t/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "COMP-VERSION-MISSING-MINOR", "description": "HTTP/1 with no minor version digit is invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/1 with no minor version digit is invalid", "scored": true, "durationMs": 50.8339, "rawRequest": "GET / HTTP/1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 26\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nHTTP Version Not Supported", "behavioralNote": null}, {"id": "COMP-VERSION-LEADING-ZEROS", "description": "HTTP/01.01 \u2014 leading zeros in version digits are invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/01.01 \u2014 leading zeros in version digits are invalid", "scored": true, "durationMs": 50.7473, "rawRequest": "GET / HTTP/01.01\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 26\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nHTTP Version Not Supported", "behavioralNote": null}, {"id": "COMP-VERSION-WHITESPACE", "description": "HTTP/ 1.1 \u2014 whitespace inside version token is invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/ 1.1 \u2014 whitespace inside version token is invalid", "scored": true, "durationMs": 50.5882, "rawRequest": "GET / HTTP/ 1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 26\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nHTTP Version Not Supported", "behavioralNote": null}, {"id": "COMP-CONNECTION-CLOSE", "description": "Server must close connection after responding to Connection: close", "category": "Compliance", "rfc": "RFC 9112 \u00a79.3", "verdict": "Pass", "statusCode": 200, "expected": "2xx + close", "got": "200", "connectionState": "ClosedByServer", "reason": "Server must close connection after responding to Connection: close", "scored": true, "durationMs": 50.586, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 4\r\nContent-Type: application/json; charset=utf-8\r\nConnection: close\r\n\r\n\"OK\"", "behavioralNote": null}, {"id": "COMP-HTTP10-DEFAULT-CLOSE", "description": "HTTP/1.0 without keep-alive \u2014 server should close connection after response", "category": "Compliance", "rfc": "RFC 9112 \u00a79.3", "verdict": "Pass", "statusCode": 200, "expected": "2xx + close", "got": "200", "connectionState": "ClosedByServer", "reason": "HTTP/1.0 without keep-alive \u2014 server should close connection after response", "scored": true, "durationMs": 50.6636, "rawRequest": "GET / HTTP/1.0\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 4\r\nContent-Type: application/json; charset=utf-8\r\nConnection: close\r\n\r\n\"OK\"", "behavioralNote": null}, {"id": "COMP-HTTP10-NO-HOST", "description": "HTTP/1.0 without Host header \u2014 valid per HTTP/1.0", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Warn", "statusCode": 200, "expected": "200 or 400", "got": "200", "connectionState": "ClosedByServer", "reason": "HTTP/1.0 without Host header \u2014 valid per HTTP/1.0", "scored": false, "durationMs": 50.5638, "rawRequest": "GET / HTTP/1.0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 4\r\nContent-Type: application/json; charset=utf-8\r\nConnection: close\r\n\r\n\"OK\"", "behavioralNote": null}, {"id": "COMP-HTTP12-VERSION", "description": "HTTP/1.2 \u2014 higher minor version should be accepted as HTTP/1.x compatible", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Fail", "statusCode": 400, "expected": "200 or 505", "got": "400", "connectionState": "ClosedByServer", "reason": "Expected 200 or 505, got 400 \u2014 HTTP/1.2 \u2014 higher minor version should be accepted as HTTP/1.x compatible", "scored": false, "durationMs": 50.704, "rawRequest": "GET / HTTP/1.2\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 26\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nHTTP Version Not Supported", "behavioralNote": null}, {"id": "COMP-TRACE-WITH-BODY", "description": "TRACE with Content-Length body should be rejected", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.8", "verdict": "Fail", "statusCode": 404, "expected": "400/405 or 200", "got": "404", "connectionState": "Open", "reason": "Expected 400/405 or 200, got 404 \u2014 TRACE with Content-Length body should be rejected", "scored": false, "durationMs": 51.7265, "rawRequest": "TRACE / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 404 Not Found\r\nContent-Length: 9\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: keep-alive\r\n\r\nNot Found", "behavioralNote": null}, {"id": "COMP-CHUNKED-TRAILER-VALID", "description": "Valid chunked body with trailer field should be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid chunked body with trailer field should be accepted", "scored": true, "durationMs": 50.4011, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nX-Checksum: abc\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 7\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"hello\"", "behavioralNote": null}, {"id": "COMP-CHUNKED-HEX-UPPERCASE", "description": "Chunk size with uppercase hex (A = 10) should be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": null, "expected": "2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 2xx, got TimedOut \u2014 Chunk size with uppercase hex (A = 10) should be accepted", "scored": true, "durationMs": 5000.6571, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\nA\r\nhelloworld\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CL-TE-BOTH", "description": "Both Content-Length and Transfer-Encoding present \u2014 server MAY reject or process with TE alone", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Both Content-Length and Transfer-Encoding present \u2014 server MAY reject or process with TE alone", "scored": true, "durationMs": 5001.3465, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 6\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-DUPLICATE-CL", "description": "Duplicate Content-Length with different values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Duplicate Content-Length with different values must be rejected", "scored": true, "durationMs": 50.8504, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nContent-Length: 10\r\n\r\nhelloworld", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "SMUG-CL-LEADING-ZEROS", "description": "Content-Length with leading zeros \u2014 valid per 1*DIGIT grammar but may cause parser disagreement", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with leading zeros \u2014 valid per 1*DIGIT grammar but may cause parser disagreement", "scored": true, "durationMs": 50.8372, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 005\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 7\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"hello\"", "behavioralNote": null}, {"id": "SMUG-TE-XCHUNKED", "description": "Transfer-Encoding: xchunked must not be treated as chunked", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Transfer-Encoding: xchunked must not be treated as chunked", "scored": true, "durationMs": 5000.8539, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: xchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-TRAILING-SPACE", "description": "Transfer-Encoding: 'chunked ' (trailing space) must not be treated as chunked", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Transfer-Encoding: 'chunked ' (trailing space) must not be treated as chunked", "scored": true, "durationMs": 5000.5894, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked \r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-SP-BEFORE-COLON", "description": "Transfer-Encoding with space before colon must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with space before colon must be rejected", "scored": true, "durationMs": 50.7873, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding : chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "SMUG-CL-NEGATIVE", "description": "Negative Content-Length must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Negative Content-Length must be rejected", "scored": true, "durationMs": 50.6048, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: -1\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "SMUG-CLTE-PIPELINE", "description": "CL.TE smuggling probe \u2014 follow-up should not receive smuggled response", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or close, got TimedOut \u2014 CL.TE smuggling probe \u2014 follow-up should not receive smuggled response", "scored": true, "durationMs": 4999.5808, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 4\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TECL-PIPELINE", "description": "TE.CL smuggling probe \u2014 TE: chunked + CL: 30 with pipelined GET", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or close, got TimedOut \u2014 TE.CL smuggling probe \u2014 TE: chunked + CL: 30 with pipelined GET", "scored": true, "durationMs": 5000.7047, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nContent-Length: 30\r\n\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CL-TRAILING-SPACE", "description": "Content-Length with trailing space \u2014 OWS trimming is valid per RFC 9110 \u00a75.5", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with trailing space \u2014 OWS trimming is valid per RFC 9110 \u00a75.5", "scored": true, "durationMs": 51.1134, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5 \r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 7\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"hello\"", "behavioralNote": null}, {"id": "SMUG-TE-DOUBLE-CHUNKED", "description": "Transfer-Encoding: chunked, chunked with CL is ambiguous", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Transfer-Encoding: chunked, chunked with CL is ambiguous", "scored": true, "durationMs": 5000.5905, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked, chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CL-EXTRA-LEADING-SP", "description": "Content-Length with extra leading whitespace (double space OWS)", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with extra leading whitespace (double space OWS)", "scored": true, "durationMs": 50.8056, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length:  5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 7\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"hello\"", "behavioralNote": null}, {"id": "SMUG-TE-CASE-MISMATCH", "description": "Transfer-Encoding: Chunked (capital C) with CL \u2014 case-insensitive is valid", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Transfer-Encoding: Chunked (capital C) with CL \u2014 case-insensitive is valid", "scored": true, "durationMs": 5000.5414, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: Chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CL-COMMA-DIFFERENT", "description": "Content-Length with comma-separated different values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with comma-separated different values must be rejected", "scored": true, "durationMs": 50.3412, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5, 10\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "SMUG-TE-NOT-FINAL-CHUNKED", "description": "Transfer-Encoding where chunked is not final \u2014 server MUST respond with 400 (RFC 9112 \u00a76.3)", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.3", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Transfer-Encoding where chunked is not final \u2014 server MUST respond with 400 (RFC 9112 \u00a76.3)", "scored": true, "durationMs": 5000.4343, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked, gzip\r\n\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-HTTP10", "description": "Transfer-Encoding in HTTP/1.0 request must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Transfer-Encoding in HTTP/1.0 request must be rejected", "scored": true, "durationMs": 5000.4789, "rawRequest": "POST / HTTP/1.0\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CHUNK-BARE-SEMICOLON", "description": "Chunk size with bare semicolon and no extension name must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Chunk size with bare semicolon and no extension name must be rejected", "scored": true, "durationMs": 5001.2706, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\r\nhello\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-BARE-CR-HEADER-VALUE", "description": "Bare CR in header value must be rejected or replaced with SP", "category": "Smuggling", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare CR in header value must be rejected or replaced with SP", "scored": true, "durationMs": 50.6385, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nX-Test: val\rue\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "SMUG-CL-OCTAL", "description": "Content-Length with octal prefix (0o5) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with octal prefix (0o5) must be rejected", "scored": true, "durationMs": 50.8375, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0o5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "SMUG-CHUNK-UNDERSCORE", "description": "Chunk size with underscores (1_0) must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size with underscores (1_0) must be rejected", "scored": true, "durationMs": 50.5163, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n1_0\r\nhello world!!!!!\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "SMUG-TE-EMPTY-VALUE", "description": "Transfer-Encoding with empty value must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding with empty value must be rejected", "scored": true, "durationMs": 50.6487, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 7\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"hello\"", "behavioralNote": "Body: \"hello\""}, {"id": "SMUG-TE-LEADING-COMMA", "description": "Transfer-Encoding with leading comma (, chunked) \u2014 RFC says empty list elements MUST be ignored", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.6.1", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Transfer-Encoding with leading comma (, chunked) \u2014 RFC says empty list elements MUST be ignored", "scored": true, "durationMs": 5000.7187, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: , chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-DUPLICATE-HEADERS", "description": "Two Transfer-Encoding headers with CL present \u2014 ambiguous framing", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Two Transfer-Encoding headers with CL present \u2014 ambiguous framing", "scored": true, "durationMs": 5000.2481, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nTransfer-Encoding: identity\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CHUNK-HEX-PREFIX", "description": "Chunk size with 0x prefix must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size with 0x prefix must be rejected", "scored": true, "durationMs": 50.703, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n0x5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "SMUG-CL-HEX-PREFIX", "description": "Content-Length with hex prefix (0x5) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with hex prefix (0x5) must be rejected", "scored": true, "durationMs": 50.4826, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0x5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "SMUG-CL-INTERNAL-SPACE", "description": "Content-Length with internal space (1 0) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with internal space (1 0) must be rejected", "scored": true, "durationMs": 50.4152, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 1 0\r\n\r\nhello12345", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "SMUG-CHUNK-LEADING-SP", "description": "Chunk size with leading space must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Chunk size with leading space must be rejected", "scored": true, "durationMs": 5000.3738, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n 5\r\nhello\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CHUNK-MISSING-TRAILING-CRLF", "description": "Chunk data without trailing CRLF must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 500, "expected": "400 or close", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 500 \u2014 Chunk data without trailing CRLF must be rejected", "scored": true, "durationMs": 50.4431, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello0\r\n\r\n", "rawResponse": "HTTP/1.1 500 Internal Server Error\r\nContent-Length: 21\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInternal Server Error", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-LF", "description": "Bare LF in chunk extension \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Bare LF in chunk extension \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 4999.7736, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\nhello\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CHUNK-SPILL", "description": "Chunk declares size 5 but sends 7 bytes \u2014 oversized chunk data must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 500, "expected": "400 or close", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 500 \u2014 Chunk declares size 5 but sends 7 bytes \u2014 oversized chunk data must be rejected", "scored": true, "durationMs": 50.8345, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello!!\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 500 Internal Server Error\r\nContent-Length: 21\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInternal Server Error", "behavioralNote": null}, {"id": "SMUG-CHUNK-LF-TERM", "description": "Bare LF as chunk data terminator \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 500, "expected": "400 or 2xx", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or 2xx, got 500 \u2014 Bare LF as chunk data terminator \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 50.5986, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\n0\r\n\r\n", "rawResponse": "HTTP/1.1 500 Internal Server Error\r\nContent-Length: 21\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInternal Server Error", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-CTRL", "description": "NUL byte in chunk extension must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "NUL byte in chunk extension must be rejected", "scored": true, "durationMs": 5000.2352, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\u0000ext\r\nhello\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-CR", "description": "Bare CR (not CRLF) in chunk extension \u2014 some parsers treat CR alone as line ending", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Bare CR (not CRLF) in chunk extension \u2014 some parsers treat CR alone as line ending", "scored": true, "durationMs": 5000.4682, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;a\rX\r\nhello\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-VTAB", "description": "Vertical tab before 'chunked' in TE value \u2014 control char obfuscation vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Vertical tab before 'chunked' in TE value \u2014 control char obfuscation vector", "scored": true, "durationMs": 5000.4096, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \u000bchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-FORMFEED", "description": "Form feed before 'chunked' in TE value \u2014 control char obfuscation vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Form feed before 'chunked' in TE value \u2014 control char obfuscation vector", "scored": true, "durationMs": 5000.4962, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \fchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-NULL", "description": "NUL byte appended to 'chunked' in TE value \u2014 C-string truncation attack", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "NUL byte appended to 'chunked' in TE value \u2014 C-string truncation attack", "scored": true, "durationMs": 5000.5818, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\u0000\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CHUNK-LF-TRAILER", "description": "Bare LF in chunked trailer termination \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Bare LF in chunked trailer termination \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 5000.5806, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-IDENTITY", "description": "Transfer-Encoding: identity (deprecated) with CL must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding: identity (deprecated) with CL must be rejected", "scored": true, "durationMs": 50.8429, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: identity\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 7\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"hello\"", "behavioralNote": "Body: \"hello\""}, {"id": "SMUG-CHUNK-NEGATIVE", "description": "Negative chunk size must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Negative chunk size must be rejected", "scored": true, "durationMs": 50.6868, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n-1\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "SMUG-TRANSFER_ENCODING", "description": "Transfer_Encoding (underscore) header with CL \u2014 not a valid header but some parsers accept", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer_Encoding (underscore) header with CL \u2014 not a valid header but some parsers accept", "scored": false, "durationMs": 50.6299, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer_Encoding: chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 7\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"hello\"", "behavioralNote": "Body: \"hello\""}, {"id": "SMUG-CL-COMMA-SAME", "description": "Content-Length with comma-separated identical values \u2014 some servers merge", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with comma-separated identical values \u2014 some servers merge", "scored": false, "durationMs": 50.4452, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5, 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "SMUG-CHUNKED-WITH-PARAMS", "description": "Transfer-Encoding: chunked;ext=val \u2014 parameters on chunked encoding", "category": "Smuggling", "rfc": "RFC 9112 \u00a77", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Transfer-Encoding: chunked;ext=val \u2014 parameters on chunked encoding", "scored": true, "durationMs": 5000.5383, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked;ext=val\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-EXPECT-100-CL", "description": "Expect: 100-continue with Content-Length \u2014 server should send 100 then read body", "category": "Smuggling", "rfc": "RFC 9110 \u00a710.1.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Expect: 100-continue with Content-Length \u2014 server should send 100 then read body", "scored": false, "durationMs": 50.5004, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nExpect: 100-continue\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 7\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"hello\"", "behavioralNote": null}, {"id": "SMUG-TRAILER-CL", "description": "Content-Length in chunked trailers must be ignored \u2014 prohibited trailer field", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length in chunked trailers must be ignored \u2014 prohibited trailer field", "scored": false, "durationMs": 50.6207, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nContent-Length: 50\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 7\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"hello\"", "behavioralNote": null}, {"id": "SMUG-TRAILER-TE", "description": "Transfer-Encoding in chunked trailers must be ignored \u2014 prohibited trailer field", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer-Encoding in chunked trailers must be ignored \u2014 prohibited trailer field", "scored": false, "durationMs": 50.4815, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nTransfer-Encoding: chunked\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 7\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"hello\"", "behavioralNote": null}, {"id": "SMUG-TRAILER-HOST", "description": "Host header in chunked trailers must not be used for routing", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Host header in chunked trailers must not be used for routing", "scored": false, "durationMs": 50.6271, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nHost: evil.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 7\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"hello\"", "behavioralNote": null}, {"id": "SMUG-TRAILER-AUTH", "description": "Authorization header in chunked trailers \u2014 prohibited per RFC 9110 \u00a76.5.1", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Authorization header in chunked trailers \u2014 prohibited per RFC 9110 \u00a76.5.1", "scored": false, "durationMs": 50.5334, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nAuthorization: Bearer evil\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 7\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"hello\"", "behavioralNote": null}, {"id": "SMUG-HEAD-CL-BODY", "description": "HEAD request with Content-Length and body \u2014 server must not leave body on connection", "category": "Smuggling", "rfc": "RFC 9110 \u00a79.3.2", "verdict": "Fail", "statusCode": 404, "expected": "400 or 2xx", "got": "404", "connectionState": "Open", "reason": "Expected 400 or 2xx, got 404 \u2014 HEAD request with Content-Length and body \u2014 server must not leave body on connection", "scored": false, "durationMs": 51.5928, "rawRequest": "HEAD / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 404 Not Found\r\nContent-Length: 9\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: keep-alive\r\n\r\nNot Found", "behavioralNote": null}, {"id": "SMUG-OPTIONS-CL-BODY", "description": "OPTIONS with Content-Length and body \u2014 server should consume or reject body", "category": "Smuggling", "rfc": "RFC 9110 \u00a79.3.7", "verdict": "Fail", "statusCode": 404, "expected": "400 or 2xx", "got": "404", "connectionState": "Open", "reason": "Expected 400 or 2xx, got 404 \u2014 OPTIONS with Content-Length and body \u2014 server should consume or reject body", "scored": false, "durationMs": 51.4409, "rawRequest": "OPTIONS / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 404 Not Found\r\nContent-Length: 9\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: keep-alive\r\n\r\nNot Found", "behavioralNote": null}, {"id": "SMUG-CL-UNDERSCORE", "description": "Content-Length with underscore digit separator (1_0) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with underscore digit separator (1_0) must be rejected", "scored": true, "durationMs": 50.4351, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 1_0\r\n\r\nhelloworld", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "SMUG-CL-NEGATIVE-ZERO", "description": "Content-Length: -0 must be rejected \u2014 not valid 1*DIGIT", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length: -0 must be rejected \u2014 not valid 1*DIGIT", "scored": true, "durationMs": 50.614, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: -0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "SMUG-CL-DOUBLE-ZERO", "description": "Content-Length: 00 \u2014 matches 1*DIGIT but leading zero ambiguity", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length: 00 \u2014 matches 1*DIGIT but leading zero ambiguity", "scored": true, "durationMs": 51.077, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 00\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 2\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"\"", "behavioralNote": null}, {"id": "SMUG-CL-LEADING-ZEROS-OCTAL", "description": "Content-Length: 0200 \u2014 octal 128 vs decimal 200, parser disagreement vector", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length: 0200 \u2014 octal 128 vs decimal 200, parser disagreement vector", "scored": true, "durationMs": 51.3181, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0200\r\n\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 202\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\"", "behavioralNote": null}, {"id": "SMUG-TE-OBS-FOLD", "description": "Transfer-Encoding with obs-fold line wrapping must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a75.1", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with obs-fold line wrapping must be rejected", "scored": true, "durationMs": 50.412, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding:\r\n chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "SMUG-TE-TRAILING-COMMA", "description": "Transfer-Encoding: chunked, \u2014 trailing comma produces empty list element", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.6.1", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Transfer-Encoding: chunked, \u2014 trailing comma produces empty list element", "scored": true, "durationMs": 5000.7837, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked,\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-TAB-BEFORE-VALUE", "description": "Transfer-Encoding with tab as OWS before value", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Transfer-Encoding with tab as OWS before value", "scored": false, "durationMs": 5000.7768, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding:\tchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-ABSOLUTE-URI-HOST-MISMATCH", "description": "Absolute-form URI with different Host header \u2014 routing confusion vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a73.2.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Absolute-form URI with different Host header \u2014 routing confusion vector", "scored": false, "durationMs": 50.7373, "rawRequest": "GET http://other.example.com/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "SMUG-MULTIPLE-HOST-COMMA", "description": "Host header with comma-separated values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a77.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Host header with comma-separated values must be rejected", "scored": true, "durationMs": 50.5219, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080, other.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 4\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"OK\"", "behavioralNote": null}, {"id": "SMUG-CHUNK-BARE-CR-TERM", "description": "Chunk size line terminated by bare CR \u2014 not a valid line terminator", "category": "Smuggling", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size line terminated by bare CR \u2014 not a valid line terminator", "scored": true, "durationMs": 50.6452, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\rhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "SMUG-TRAILER-CONTENT-TYPE", "description": "Content-Type in chunked trailer \u2014 prohibited per RFC 9110 \u00a76.5.1", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Type in chunked trailer \u2014 prohibited per RFC 9110 \u00a76.5.1", "scored": false, "durationMs": 50.6824, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nContent-Type: text/evil\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 7\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"hello\"", "behavioralNote": null}, {"id": "MAL-BINARY-GARBAGE", "description": "Random binary garbage should be rejected or connection closed", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "Random binary garbage should be rejected or connection closed", "scored": true, "durationMs": 50.6282, "rawRequest": ">\u0017???\u0004?;???V???:o?M%U\u0017]?n?\t\u0014W??6??(\u000b??\u0007???p??\u0005\tngk??\rF?'??'\"?????g?\u001a?????rvc??7i??????)??\u0000Q?????\u000eq\u0005-~????>B??u?8???`\u000b?J\u0017>?\u001d?b?\t???T5{\n????\u0006t|????\u0018\u0010?D??\u0015'????dQ%5w\tN K???\r?\u0011????D?\u0003I?(?\u0011??\r?\u001bi?L???\u0005?kg4Ze\f6??\"QT><<`\u0007u\f????=1?jMah\u0012??+?-??J\u001cP??\u001d?7?,???j2\u0014????(", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "MAL-LONG-URL", "description": "100KB URL should be rejected with 414 URI Too Long", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 413, "expected": "400/414/431 or close", "got": "413", "connectionState": "ClosedByServer", "reason": "Expected 400/414/431 or close, got 413 \u2014 100KB URL should be rejected with 414 URI Too Long", "scored": true, "durationMs": 51.3174, "rawRequest": "GET /AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 413 Payload Too Large\r\nContent-Length: 17\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nPayload Too Large", "behavioralNote": null}, {"id": "MAL-LONG-HEADER-VALUE", "description": "100KB header value should be rejected with 431", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 413, "expected": "400/431 or close", "got": "413", "connectionState": "ClosedByServer", "reason": "Expected 400/431 or close, got 413 \u2014 100KB header value should be rejected with 431", "scored": true, "durationMs": 50.9704, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Big: BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB", "rawResponse": "HTTP/1.1 413 Payload Too Large\r\nContent-Length: 17\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nPayload Too Large", "behavioralNote": null}, {"id": "MAL-MANY-HEADERS", "description": "10,000 headers should be rejected with 431", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 413, "expected": "400/431 or close", "got": "413", "connectionState": "ClosedByServer", "reason": "Expected 400/431 or close, got 413 \u2014 10,000 headers should be rejected with 431", "scored": true, "durationMs": 51.5718, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-H-0: value\r\nX-H-1: value\r\nX-H-2: value\r\nX-H-3: value\r\nX-H-4: value\r\nX-H-5: value\r\nX-H-6: value\r\nX-H-7: value\r\nX-H-8: value\r\nX-H-9: value\r\nX-H-10: value\r\nX-H-11: value\r\nX-H-12: value\r\nX-H-13: value\r\nX-H-14: value\r\nX-H-15: value\r\nX-H-16: value\r\nX-H-17: value\r\nX-H-18: value\r\nX-H-19: value\r\nX-H-20: value\r\nX-H-21: value\r\nX-H-22: value\r\nX-H-23: value\r\nX-H-24: value\r\nX-H-25: value\r\nX-H-26: value\r\nX-H-27: value\r\nX-H-28: value\r\nX-H-29: value\r\nX-H-30: value\r\nX-H-31: value\r\nX-H-32: value\r\nX-H-33: value\r\nX-H-34: value\r\nX-H-35: value\r\nX-H-36: value\r\nX-H-37: value\r\nX-H-38: value\r\nX-H-39: value\r\nX-H-40: value\r\nX-H-41: value\r\nX-H-42: value\r\nX-H-43: value\r\nX-H-44: value\r\nX-H-45: value\r\nX-H-46: value\r\nX-H-47: value\r\nX-H-48: value\r\nX-H-49: value\r\nX-H-50: value\r\nX-H-51: value\r\nX-H-52: value\r\nX-H-53: value\r\nX-H-54: value\r\nX-H-55: value\r\nX-H-56: value\r\nX-H-57: value\r\nX-H-58: value\r\nX-H-59: value\r\nX-H-60: value\r\nX-H-61: value\r\nX-H-62: value\r\nX-H-63: value\r\nX-H-64: value\r\nX-H-65: value\r\nX-H-66: value\r\nX-H-67: value\r\nX-H-68: value\r\nX-H-69: value\r\nX-H-70: value\r\nX-H-71: value\r\nX-H-72: value\r\nX-H-73: value\r\nX-H-74: value\r\nX-H-75: value\r\nX-H-76: value\r\nX-H-77: value\r\nX-H-78: value\r\nX-H-79: value\r\nX-H-80: value\r\nX-H-81: value\r\nX-H-82: value\r\nX-H-83: value\r\nX-H-84: value\r\nX-H-85: value\r\nX-H-86: value\r\nX-H-87: value\r\nX-H-88: value\r\nX-H-89: value\r\nX-H-90: value\r\nX-H-91: value\r\nX-H-92: value\r\nX-H-93: value\r\nX-H-94: value\r\nX-H-95: value\r\nX-H-96: value\r\nX-H-97: value\r\nX-H-98: value\r\nX-H-99: value\r\nX-H-100: value\r\nX-H-101: value\r\nX-H-102: value\r\nX-H-103: value\r\nX-H-104: value\r\nX-H-105: value\r\nX-H-106: value\r\nX-H-107: value\r\nX-H-108: value\r\nX-H-109: value\r\nX-H-110: value\r\nX-H-111: value\r\nX-H-112: value\r\nX-H-113: value\r\nX-H-114: value\r\nX-H-115: value\r\nX-H-116: value\r\nX-H-117: value\r\nX-H-118: value\r\nX-H-119: value\r\nX-H-120: value\r\nX-H-121: value\r\nX-H-122: value\r\nX-H-123: value\r\nX-H-124: value\r\nX-H-125: value\r\nX-H-126: value\r\nX-H-127: value\r\nX-H-128: value\r\nX-H-129: value\r\nX-H-130: value\r\nX-H-131: value\r\nX-H-132: value\r\nX-H-133: value\r\nX-H-134: value\r\nX-H-135: value\r\nX-H-136: value\r\nX-H-137: value\r\nX-H-138: value\r\nX-H-139: value\r\nX-H-140: value\r\nX-H-141: value\r\nX-H-142: value\r\nX-H-143: value\r\nX-H-144: value\r\nX-H-145: value\r\nX-H-146: value\r\nX-H-147: value\r\nX-H-148: value\r\nX-H-149: value\r\nX-H-150: value\r\nX-H-151: value\r\nX-H-152: value\r\nX-H-153: value\r\nX-H-154: value\r\nX-H-155: value\r\nX-H-156: value\r\nX-H-157: value\r\nX-H-158: value\r\nX-H-159: value\r\nX-H-160: value\r\nX-H-161: value\r\nX-H-162: value\r\nX-H-163: value\r\nX-H-164: value\r\nX-H-165: value\r\nX-H-166: value\r\nX-H-167: value\r\nX-H-168: value\r\nX-H-169: value\r\nX-H-170: value\r\nX-H-171: value\r\nX-H-172: value\r\nX-H-173: value\r\nX-H-174: value\r\nX-H-175: value\r\nX-H-176: value\r\nX-H-177: value\r\nX-H-178: value\r\nX-H-179: value\r\nX-H-180: value\r\nX-H-181: value\r\nX-H-182: value\r\nX-H-183: value\r\nX-H-184: value\r\nX-H-185: value\r\nX-H-186: value\r\nX-H-187: value\r\nX-H-188: value\r\nX-H-189: value\r\nX-H-190: value\r\nX-H-191: value\r\nX-H-192: value\r\nX-H-193: value\r\nX-H-194: value\r\nX-H-195: value\r\nX-H-196: value\r\nX-H-197: value\r\nX-H-198: value\r\nX-H-199: value\r\nX-H-200: value\r\nX-H-201: value\r\nX-H-202: value\r\nX-H-203: value\r\nX-H-204: value\r\nX-H-205: value\r\nX-H-206: value\r\nX-H-207: value\r\nX-H-208: value\r\nX-H-209: value\r\nX-H-210: value\r\nX-H-211: value\r\nX-H-212: value\r\nX-H-213: value\r\nX-H-214: value\r\nX-H-215: value\r\nX-H-216: value\r\nX-H-217: value\r\nX-H-218: value\r\nX-H-219: value\r\nX-H-220: value\r\nX-H-221: value\r\nX-H-222: value\r\nX-H-223: value\r\nX-H-224: value\r\nX-H-225: value\r\nX-H-226: value\r\nX-H-227: value\r\nX-H-228: value\r\nX-H-229: value\r\nX-H-230: value\r\nX-H-231: value\r\nX-H-232: value\r\nX-H-233: value\r\nX-H-234: value\r\nX-H-235: value\r\nX-H-236: value\r\nX-H-237: value\r\nX-H-238: value\r\nX-H-239: value\r\nX-H-240: value\r\nX-H-241: value\r\nX-H-242: value\r\nX-H-243: value\r\nX-H-244: value\r\nX-H-245: value\r\nX-H-246: value\r\nX-H-247: value\r\nX-H-248: value\r\nX-H-249: value\r\nX-H-250: value\r\nX-H-251: value\r\nX-H-252: value\r\nX-H-253: value\r\nX-H-254: value\r\nX-H-255: value\r\nX-H-256: value\r\nX-H-257: value\r\nX-H-258: value\r\nX-H-259: value\r\nX-H-260: value\r\nX-H-261: value\r\nX-H-262: value\r\nX-H-263: value\r\nX-H-264: value\r\nX-H-265: value\r\nX-H-266: value\r\nX-H-267: value\r\nX-H-268: value\r\nX-H-269: value\r\nX-H-270: value\r\nX-H-271: value\r\nX-H-272: value\r\nX-H-273: value\r\nX-H-274: value\r\nX-H-275: value\r\nX-H-276: value\r\nX-H-277: value\r\nX-H-278: value\r\nX-H-279: value\r\nX-H-280: value\r\nX-H-281: value\r\nX-H-282: value\r\nX-H-283: value\r\nX-H-284: value\r\nX-H-285: value\r\nX-H-286: value\r\nX-H-287: value\r\nX-H-288: value\r\nX-H-289: value\r\nX-H-290: value\r\nX-H-291: value\r\nX-H-292: value\r\nX-H-293: value\r\nX-H-294: value\r\nX-H-295: value\r\nX-H-296: value\r\nX-H-297: value\r\nX-H-298: value\r\nX-H-299: value\r\nX-H-300: value\r\nX-H-301: value\r\nX-H-302: value\r\nX-H-303: value\r\nX-H-304: value\r\nX-H-305: value\r\nX-H-306: value\r\nX-H-307: value\r\nX-H-308: value\r\nX-H-309: value\r\nX-H-310: value\r\nX-H-311: value\r\nX-H-312: value\r\nX-H-313: value\r\nX-H-314: value\r\nX-H-315: value\r\nX-H-316: value\r\nX-H-317: value\r\nX-H-318: value\r\nX-H-319: value\r\nX-H-320: value\r\nX-H-321: value\r\nX-H-322: value\r\nX-H-323: value\r\nX-H-324: value\r\nX-H-325: value\r\nX-H-326: value\r\nX-H-327: value\r\nX-H-328: value\r\nX-H-329: value\r\nX-H-330: value\r\nX-H-331: value\r\nX-H-332: value\r\nX-H-333: value\r\nX-H-334: value\r\nX-H-335: value\r\nX-H-336: value\r\nX-H-337: value\r\nX-H-338: value\r\nX-H-339: value\r\nX-H-340: value\r\nX-H-341: value\r\nX-H-342: value\r\nX-H-343: value\r\nX-H-344: value\r\nX-H-345: value\r\nX-H-346: value\r\nX-H-347: value\r\nX-H-348: value\r\nX-H-349: value\r\nX-H-350: value\r\nX-H-351: value\r\nX-H-352: value\r\nX-H-353: value\r\nX-H-354: value\r\nX-H-355: value\r\nX-H-356: value\r\nX-H-357: value\r\nX-H-358: value\r\nX-H-359: value\r\nX-H-360: value\r\nX-H-361: value\r\nX-H-362: value\r\nX-H-363: value\r\nX-H-364: value\r\nX-H-365: value\r\nX-H-366: value\r\nX-H-367: value\r\nX-H-368: value\r\nX-H-369: value\r\nX-H-370: value\r\nX-H-371: value\r\nX-H-372: value\r\nX-H-373: value\r\nX-H-374: value\r\nX-H-375: value\r\nX-H-376: value\r\nX-H-377: value\r\nX-H-378: value\r\nX-H-379: value\r\nX-H-380: value\r\nX-H-381: value\r\nX-H-382: value\r\nX-H-383: value\r\nX-H-384: value\r\nX-H-385: value\r\nX-H-386: value\r\nX-H-387: value\r\nX-H-388: value\r\nX-H-389: value\r\nX-H-390: value\r\nX-H-391: value\r\nX-H-392: value\r\nX-H-393: value\r\nX-H-394: value\r\nX-H-395: value\r\nX-H-396: value\r\nX-H-397: value\r\nX-H-398: value\r\nX-H-399: value\r\nX-H-400: value\r\nX-H-401: value\r\nX-H-402: value\r\nX-H-403: value\r\nX-H-404: value\r\nX-H-405: value\r\nX-H-406: value\r\nX-H-407: value\r\nX-H-408: value\r\nX-H-409: value\r\nX-H-410: value\r\nX-H-411: value\r\nX-H-412: value\r\nX-H-413: value\r\nX-H-414: value\r\nX-H-415: value\r\nX-H-416: value\r\nX-H-417: value\r\nX-H-418: value\r\nX-H-419: value\r\nX-H-420: value\r\nX-H-421: value\r\nX-H-422: value\r\nX-H-423: value\r\nX-H-424: value\r\nX-H-425: value\r\nX-H-426: value\r\nX-H-427: value\r\nX-H-428: value\r\nX-H-429: value\r\nX-H-430: value\r\nX-H-431: value\r\nX-H-432: value\r\nX-H-433: value\r\nX-H-434: value\r\nX-H-435: value\r\nX-H-436: value\r\nX-H-437: value\r\nX-H-438: value\r\nX-H-439: value\r\nX-H-440: value\r\nX-H-441: value\r\nX-H-442: value\r\nX-H-443: value\r\nX-H-444: value\r\nX-H-445: value\r\nX-H-446: value\r\nX-H-447: value\r\nX-H-448: value\r\nX-H-449: value\r\nX-H-450: value\r\nX-H-451: value\r\nX-H-452: value\r\nX-H-453: value\r\nX-H-454: value\r\nX-H-455: value\r\nX-H-456: value\r\nX-H-457: value\r\nX-H-458: value\r\nX-H-459: value\r\nX-H-460: value\r\nX-H-461: value\r\nX-H-462: value\r\nX-H-463: value\r\nX-H-464: value\r\nX-H-465: value\r\nX-H-466: value\r\nX-H-467: value\r\nX-H-468: value\r\nX-H-469: value\r\nX-H-470: value\r\nX-H-471: value\r\nX-H-472: value\r\nX-H-473: value\r\nX-H-474: value\r\nX-H-475: value\r\nX-H-476: value\r\nX-H-477: value\r\nX-H-478: value\r\nX-H-479: value\r\nX-H-480: value\r\nX-H-481: value\r\nX-H-482: value\r\nX-H-483: value\r\nX-H-484: value\r\nX-H-485: value\r\nX-H-486: value\r\nX-H-487: value\r\nX-H-488: value\r\nX-H-489: value\r\nX-H-490: value\r\nX-H-491: value\r\nX-H-492: value\r\nX-H-493: value\r\nX-H-494: value\r\nX-H-495: value\r\nX-H-496: value\r\nX-H-497: value\r\nX-H-498: value\r\nX-H-499: value\r\nX-H-500: value\r\nX-H-501: value\r\nX-H-502: value\r\nX-H-503: value\r\nX-H-504: value\r\nX-H-505: value\r\nX-H-506: value\r\nX-H-507: value\r\nX-H-508: value\r\nX-H-509: value\r\nX-H-510: value\r\nX-H-511: value\r\nX-H-512: value\r\nX-H-513: value\r\nX-H-514: value\r\nX-H-515: value\r\nX-H-516:", "rawResponse": "HTTP/1.1 413 Payload Too Large\r\nContent-Length: 17\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nPayload Too Large", "behavioralNote": null}, {"id": "MAL-NUL-IN-URL", "description": "NUL byte in URL should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 404, "expected": "400 or close", "got": "404", "connectionState": "Open", "reason": "Expected 400 or close, got 404 \u2014 NUL byte in URL should be rejected", "scored": true, "durationMs": 51.5093, "rawRequest": "GET /\u0000test HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nContent-Length: 9\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: keep-alive\r\n\r\nNot Found", "behavioralNote": null}, {"id": "MAL-CONTROL-CHARS-HEADER", "description": "Control characters in header value should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Control characters in header value should be rejected", "scored": true, "durationMs": 50.3983, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: abc\u0007\b?f\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 4\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"OK\"", "behavioralNote": null}, {"id": "MAL-INCOMPLETE-REQUEST", "description": "Partial HTTP request \u2014 request-line and headers but no final CRLF", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Partial HTTP request \u2014 request-line and headers but no final CRLF", "scored": true, "durationMs": 5000.5762, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: value", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-EMPTY-REQUEST", "description": "Zero bytes \u2014 TCP connection established without sending any data", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Zero bytes \u2014 TCP connection established without sending any data", "scored": true, "durationMs": 5000.4175, "rawRequest": "", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-LONG-HEADER-NAME", "description": "100KB header name should be rejected with 400/431", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 413, "expected": "400/431 or close", "got": "413", "connectionState": "ClosedByServer", "reason": "Expected 400/431 or close, got 413 \u2014 100KB header name should be rejected with 400/431", "scored": true, "durationMs": 51.1875, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 413 Payload Too Large\r\nContent-Length: 17\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nPayload Too Large", "behavioralNote": null}, {"id": "MAL-LONG-METHOD", "description": "100KB method name should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 413, "expected": "400 or close", "got": "413", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 413 \u2014 100KB method name should be rejected", "scored": true, "durationMs": 51.8841, "rawRequest": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 413 Payload Too Large\r\nContent-Length: 17\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nPayload Too Large", "behavioralNote": null}, {"id": "MAL-NON-ASCII-HEADER-NAME", "description": "Non-ASCII bytes (UTF-8 \u00eb) in header name must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Non-ASCII bytes (UTF-8 \u00eb) in header name must be rejected", "scored": true, "durationMs": 50.6163, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-T??st: value\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "MAL-NON-ASCII-URL", "description": "Non-ASCII bytes (UTF-8 \u00e9) in URL must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 404, "expected": "400 or close", "got": "404", "connectionState": "Open", "reason": "Expected 400 or close, got 404 \u2014 Non-ASCII bytes (UTF-8 \u00e9) in URL must be rejected", "scored": true, "durationMs": 52.1939, "rawRequest": "GET /caf?? HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nContent-Length: 9\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: keep-alive\r\n\r\nNot Found", "behavioralNote": null}, {"id": "MAL-CL-OVERFLOW", "description": "Content-Length with integer overflow value must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with integer overflow value must be rejected", "scored": true, "durationMs": 50.4251, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 99999999999999999999\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "MAL-WHITESPACE-ONLY-LINE", "description": "Whitespace-only request line should be rejected or timeout", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "Whitespace-only request line should be rejected or timeout", "scored": true, "durationMs": 50.6313, "rawRequest": "   \r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "MAL-NUL-IN-HEADER-VALUE", "description": "NUL byte in header value should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 NUL byte in header value should be rejected", "scored": true, "durationMs": 50.3623, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: val\u0000ue\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 4\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"OK\"", "behavioralNote": null}, {"id": "MAL-CHUNK-SIZE-OVERFLOW", "description": "Chunk size with integer overflow must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 500, "expected": "400 or close", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 500 \u2014 Chunk size with integer overflow must be rejected", "scored": true, "durationMs": 51.228, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\nFFFFFFFFFFFFFFFF0\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 500 Internal Server Error\r\nContent-Length: 21\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInternal Server Error", "behavioralNote": null}, {"id": "MAL-H2-PREFACE", "description": "HTTP/2 connection preface sent to HTTP/1.1 server must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/505/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/2 connection preface sent to HTTP/1.1 server must be rejected", "scored": true, "durationMs": 50.5707, "rawRequest": "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "MAL-CL-EMPTY", "description": "Empty Content-Length value must be rejected", "category": "MalformedInput", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Empty Content-Length value must be rejected", "scored": true, "durationMs": 50.4358, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: \r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nContent-Length: 11\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nBad Request", "behavioralNote": null}, {"id": "MAL-CL-TAB-BEFORE-VALUE", "description": "Content-Length with tab as OWS \u2014 valid per RFC but unusual", "category": "MalformedInput", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with tab as OWS \u2014 valid per RFC but unusual", "scored": true, "durationMs": 50.4959, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length:\t5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 7\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"hello\"", "behavioralNote": null}, {"id": "MAL-URL-BACKSLASH", "description": "Backslash in URL path \u2014 not valid URI character, some servers normalize to /", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 404, "expected": "400 or 2xx/404", "got": "404", "connectionState": "Open", "reason": "Backslash in URL path \u2014 not valid URI character, some servers normalize to /", "scored": true, "durationMs": 51.4402, "rawRequest": "GET /path\\file HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nContent-Length: 9\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: keep-alive\r\n\r\nNot Found", "behavioralNote": null}, {"id": "MAL-URL-OVERLONG-UTF8", "description": "Overlong UTF-8 encoding of / (0xC0 0xAF) in URL must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 404, "expected": "400 or close", "got": "404", "connectionState": "Open", "reason": "Expected 400 or close, got 404 \u2014 Overlong UTF-8 encoding of / (0xC0 0xAF) in URL must be rejected", "scored": true, "durationMs": 51.3093, "rawRequest": "GET /?? HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nContent-Length: 9\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: keep-alive\r\n\r\nNot Found", "behavioralNote": null}, {"id": "MAL-URL-PERCENT-NULL", "description": "Percent-encoded NUL byte (%00) in URL \u2014 security risk from null byte injection", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 404, "expected": "400 or 2xx/404", "got": "404", "connectionState": "Open", "reason": "Percent-encoded NUL byte (%00) in URL \u2014 security risk from null byte injection", "scored": true, "durationMs": 51.4646, "rawRequest": "GET /path%00.html HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nContent-Length: 9\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: keep-alive\r\n\r\nNot Found", "behavioralNote": null}, {"id": "MAL-URL-PERCENT-CRLF", "description": "Percent-encoded CRLF (%0d%0a) in URL \u2014 header injection if server decodes during parsing", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 404, "expected": "400 or 2xx/404", "got": "404", "connectionState": "Open", "reason": "Percent-encoded CRLF (%0d%0a) in URL \u2014 header injection if server decodes during parsing", "scored": true, "durationMs": 51.418, "rawRequest": "GET /path%0d%0aX-Injected:%20true HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nContent-Length: 9\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: keep-alive\r\n\r\nNot Found", "behavioralNote": null}, {"id": "MAL-CHUNK-EXT-64K", "description": "64KB chunk extension \u2014 tests extension length limits (CVE-2023-39326 class)", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 64KB chunk extension \u2014 tests extension length limits (CVE-2023-39326 class)", "scored": true, "durationMs": 5001.5014, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;ext=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-RANGE-OVERLAPPING", "description": "1000 overlapping Range values \u2014 resource exhaustion vector (CVE-2011-3192 class)", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "200/206/400/416", "got": "200", "connectionState": "Open", "reason": "1000 overlapping Range values \u2014 resource exhaustion vector (CVE-2011-3192 class)", "scored": false, "durationMs": 51.2636, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nRange: bytes=0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Length: 4\r\nContent-Type: application/json; charset=utf-8\r\nConnection: keep-alive\r\n\r\n\"OK\"", "behavioralNote": null}, {"id": "MAL-POST-CL-HUGE-NO-BODY", "description": "POST with Content-Length: 999999999 but no body \u2014 tests timeout vs memory allocation", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 413, "expected": "400/close/timeout", "got": "413", "connectionState": "ClosedByServer", "reason": "POST with Content-Length: 999999999 but no body \u2014 tests timeout vs memory allocation", "scored": true, "durationMs": 50.4371, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 999999999\r\n\r\n", "rawResponse": "HTTP/1.1 413 Payload Too Large\r\nContent-Length: 17\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nPayload Too Large", "behavioralNote": null}], "name": "SimpleW", "language": "C#"}, {"summary": {"total": 143, "scored": 125, "passed": 47, "failed": 59, "warnings": 19, "unscored": 18}, "results": [{"id": "COMP-BASELINE", "description": "Valid GET request \u2014 confirms server is reachable", "category": "Compliance", "rfc": null, "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid GET request \u2014 confirms server is reachable", "scored": true, "durationMs": 66.2604, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:46 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 2\r\nETag: \"1979081074\"\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-2.2-BARE-LF-REQUEST-LINE", "description": "Bare LF in request line should be rejected, but MAY be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close (pass), 2xx (warn)", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare LF in request line should be rejected, but MAY be accepted", "scored": true, "durationMs": 51.7703, "rawRequest": "GET / HTTP/1.1\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:46 GMT\r\nConnection: Close\r\nContent-Length: 54\r\n\r\nHTTP protocol version expected (got: 'HTTP/1.1\nHost:')", "behavioralNote": null}, {"id": "RFC9112-2.2-BARE-LF-HEADER", "description": "Bare LF in header should be rejected, but MAY be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or close (pass), 2xx (warn)", "got": "200", "connectionState": "Open", "reason": "Bare LF in header should be rejected, but MAY be accepted", "scored": true, "durationMs": 50.5597, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\nX-Test: value\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:46 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 2\r\nETag: \"1979081074\"\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-5.1-OBS-FOLD", "description": "Obs-fold (line folding) in headers should be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75.1", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400, got 200 \u2014 Obs-fold (line folding) in headers should be rejected", "scored": true, "durationMs": 51.7091, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: value\r\n continued\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:46 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 2\r\nETag: \"1979081074\"\r\n\r\nOKHTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:46 GMT\r\nConnection: Close\r\nContent-Length: 41\r\n\r\nUnexpected token while parsing path: None", "behavioralNote": null}, {"id": "RFC9110-5.6.2-SP-BEFORE-COLON", "description": "Whitespace between header name and colon must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "Open", "reason": "Expected 400, got 200 \u2014 Whitespace between header name and colon must be rejected", "scored": true, "durationMs": 50.6933, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test : value\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:46 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 2\r\nETag: \"1979081074\"\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-3-MULTI-SP-REQUEST-LINE", "description": "Multiple spaces between request-line components \u2014 SHOULD reject but MAY parse leniently", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Multiple spaces between request-line components \u2014 SHOULD reject but MAY parse leniently", "scored": true, "durationMs": 51.0538, "rawRequest": "GET  / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:46 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 2\r\nETag: \"1979081074\"\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-7.1-MISSING-HOST", "description": "Request without Host header must be rejected with 400", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Request without Host header must be rejected with 400", "scored": true, "durationMs": 50.5462, "rawRequest": "GET / HTTP/1.1\r\n\r\n", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:46 GMT\r\nConnection: Close\r\nContent-Length: 51\r\n\r\nMandatory 'Host' header is missing from the request", "behavioralNote": null}, {"id": "RFC9112-2.3-INVALID-VERSION", "description": "Invalid HTTP version must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400/505 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Invalid HTTP version must be rejected", "scored": true, "durationMs": 50.6558, "rawRequest": "GET / HTTP/9.9\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:46 GMT\r\nConnection: Close\r\nContent-Length: 33\r\n\r\nUnexpected protocol version '9.9'", "behavioralNote": null}, {"id": "RFC9112-5-EMPTY-HEADER-NAME", "description": "Empty header name (leading colon) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Empty header name (leading colon) must be rejected", "scored": true, "durationMs": 50.7642, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\n: empty-name\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:46 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 2\r\nETag: \"1979081074\"\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-3-CR-ONLY-LINE-ENDING", "description": "CR without LF as line ending must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "CR without LF as line ending must be rejected", "scored": true, "durationMs": 50.4536, "rawRequest": "GET / HTTP/1.1\rHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:46 GMT\r\nConnection: Close\r\nContent-Length: 51\r\n\r\nMandatory 'Host' header is missing from the request", "behavioralNote": null}, {"id": "RFC9112-3-MISSING-TARGET", "description": "Request line with no target (space but no path) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Request line with no target (space but no path) must be rejected", "scored": true, "durationMs": 50.5232, "rawRequest": "GET HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:46 GMT\r\nConnection: Close\r\nContent-Length: 41\r\n\r\nUnexpected token while parsing path: None", "behavioralNote": null}, {"id": "RFC9112-3.2-FRAGMENT-IN-TARGET", "description": "Fragment (#) in request-target \u2014 not part of origin-form grammar", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 404, "expected": "400 or 2xx", "got": "404", "connectionState": "Open", "reason": "Expected 400 or 2xx, got 404 \u2014 Fragment (#) in request-target \u2014 not part of origin-form grammar", "scored": true, "durationMs": 60.7928, "rawRequest": "GET /path#frag HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:46 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nETag: \"18446744071584333603\"\r\n\r\n4F\r\n{\"status\":404,\"message\":\"The requested resource does not exist on this server\"}\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-2.3-HTTP09-REQUEST", "description": "HTTP/0.9 request (no version) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/0.9 request (no version) must be rejected", "scored": true, "durationMs": 50.5491, "rawRequest": "GET /\r\n", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:47 GMT\r\nConnection: Close\r\nContent-Length: 41\r\n\r\nUnexpected token while parsing path: None", "behavioralNote": null}, {"id": "RFC9112-5-INVALID-HEADER-NAME", "description": "Header name with invalid characters (brackets) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Header name with invalid characters (brackets) must be rejected", "scored": true, "durationMs": 50.5167, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nBad[Name: value\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:47 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 2\r\nETag: \"1979081074\"\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-5-HEADER-NO-COLON", "description": "Header line without colon must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Header line without colon must be rejected", "scored": true, "durationMs": 50.5865, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nNoColonHere\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:47 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 2\r\nETag: \"1979081074\"\r\n\r\nOKHTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:47 GMT\r\nConnection: Close\r\nContent-Length: 41\r\n\r\nUnexpected token while parsing path: None", "behavioralNote": null}, {"id": "RFC9110-5.4-DUPLICATE-HOST", "description": "Duplicate Host headers with different values must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "Open", "reason": "Expected 400, got 200 \u2014 Duplicate Host headers with different values must be rejected", "scored": true, "durationMs": 50.5164, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nHost: other.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:47 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 2\r\nETag: \"1979081074\"\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-6.1-CL-NON-NUMERIC", "description": "Non-numeric Content-Length must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Non-numeric Content-Length must be rejected", "scored": true, "durationMs": 50.4892, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: abc\r\n\r\n", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:47 GMT\r\nConnection: Close\r\nContent-Length: 55\r\n\r\nContent-Length header is expected to be a numeric value", "behavioralNote": null}, {"id": "RFC9112-6.1-CL-PLUS-SIGN", "description": "Content-Length with plus sign must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Content-Length with plus sign must be rejected", "scored": true, "durationMs": 51.6871, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: +5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:47 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-WHITESPACE-BEFORE-HEADERS", "description": "Whitespace before first header line must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Whitespace before first header line must be rejected", "scored": true, "durationMs": 50.6326, "rawRequest": "GET / HTTP/1.1\r\n \r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:47 GMT\r\nConnection: Close\r\nContent-Length: 51\r\n\r\nMandatory 'Host' header is missing from the request", "behavioralNote": null}, {"id": "COMP-DUPLICATE-HOST-SAME", "description": "Duplicate Host headers with identical values must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "Open", "reason": "Expected 400, got 200 \u2014 Duplicate Host headers with identical values must be rejected", "scored": true, "durationMs": 50.6653, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:47 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 2\r\nETag: \"1979081074\"\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HOST-WITH-USERINFO", "description": "Host header with userinfo (user@host) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Host header with userinfo (user@host) must be rejected", "scored": true, "durationMs": 50.4756, "rawRequest": "GET / HTTP/1.1\r\nHost: user@localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:47 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 2\r\nETag: \"1979081074\"\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HOST-WITH-PATH", "description": "Host header with path component must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Host header with path component must be rejected", "scored": true, "durationMs": 50.4789, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080/path\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:47 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 2\r\nETag: \"1979081074\"\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-ASTERISK-WITH-GET", "description": "Asterisk-form (*) request-target with GET must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.4", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Asterisk-form (*) request-target with GET must be rejected", "scored": true, "durationMs": 50.3781, "rawRequest": "GET * HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:47 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 2\r\nETag: \"1979081074\"\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-OPTIONS-STAR", "description": "OPTIONS * is the only valid asterisk-form request", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.4", "verdict": "Fail", "statusCode": 405, "expected": "2xx", "got": "405", "connectionState": "Open", "reason": "Expected 2xx, got 405 \u2014 OPTIONS * is the only valid asterisk-form request", "scored": true, "durationMs": 51.0982, "rawRequest": "OPTIONS * HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 405 Method Not Allowed\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:47 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\n\r\n48\r\n{\"status\":405,\"message\":\"There is no method of a matching request type\"}\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-UNKNOWN-TE-501", "description": "Unknown Transfer-Encoding without CL should be rejected with 501", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400/501 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400/501 or close, got 200 \u2014 Unknown Transfer-Encoding without CL should be rejected with 501", "scored": true, "durationMs": 50.7198, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: gzip\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:47 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-LEADING-CRLF", "description": "Leading CRLF before request-line \u2014 server may ignore per RFC", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Leading CRLF before request-line \u2014 server may ignore per RFC", "scored": true, "durationMs": 50.6956, "rawRequest": "\r\n\r\nGET / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:47 GMT\r\nConnection: Close\r\nContent-Length: 41\r\n\r\nUnexpected token while parsing path: None", "behavioralNote": null}, {"id": "COMP-ABSOLUTE-FORM", "description": "Absolute-form request-target \u2014 server should accept per RFC", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.2", "verdict": "Fail", "statusCode": 404, "expected": "400 or 2xx", "got": "404", "connectionState": "Open", "reason": "Expected 400 or 2xx, got 404 \u2014 Absolute-form request-target \u2014 server should accept per RFC", "scored": true, "durationMs": 50.7514, "rawRequest": "GET http://localhost:8080/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:47 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nETag: \"18446744071584333603\"\r\n\r\n4F\r\n{\"status\":404,\"message\":\"The requested resource does not exist on this server\"}\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-METHOD-CASE", "description": "Lowercase method 'get' \u2014 methods are case-sensitive per RFC", "category": "Compliance", "rfc": "RFC 9110 \u00a79.1", "verdict": "Warn", "statusCode": 200, "expected": "400/405/501 or 2xx", "got": "200", "connectionState": "Open", "reason": "Lowercase method 'get' \u2014 methods are case-sensitive per RFC", "scored": true, "durationMs": 50.6361, "rawRequest": "get / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:47 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 2\r\nETag: \"1979081074\"\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-POST-CL-BODY", "description": "POST with Content-Length and matching body must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "POST with Content-Length and matching body must be accepted", "scored": true, "durationMs": 50.4244, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:47 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-POST-CL-ZERO", "description": "POST with Content-Length: 0 and no body must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "POST with Content-Length: 0 and no body must be accepted", "scored": true, "durationMs": 50.5143, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:47 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-POST-NO-CL-NO-TE", "description": "POST with neither Content-Length nor Transfer-Encoding \u2014 implicit zero-length body", "category": "Compliance", "rfc": "RFC 9112 \u00a76.3", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "POST with neither Content-Length nor Transfer-Encoding \u2014 implicit zero-length body", "scored": true, "durationMs": 50.4565, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:47 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-POST-CL-UNDERSEND", "description": "POST with Content-Length: 10 but only 5 bytes sent \u2014 incomplete body", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "POST with Content-Length: 10 but only 5 bytes sent \u2014 incomplete body", "scored": true, "durationMs": 5000.8595, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 10\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-CHUNKED-BODY", "description": "Valid single-chunk POST must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid single-chunk POST must be accepted", "scored": true, "durationMs": 57.2396, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:53 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-CHUNKED-MULTI", "description": "Valid multi-chunk POST must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid multi-chunk POST must be accepted", "scored": true, "durationMs": 52.5418, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n6\r\n world\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:53 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 11\r\n\r\nhello world", "behavioralNote": null}, {"id": "COMP-CHUNKED-EMPTY", "description": "Zero-length chunked body (just terminator) must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "Zero-length chunked body (just terminator) must be accepted", "scored": true, "durationMs": 52.2898, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:53 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-NO-FINAL", "description": "Chunked body without zero terminator \u2014 incomplete transfer", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Chunked body without zero terminator \u2014 incomplete transfer", "scored": true, "durationMs": 5000.83, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-UPGRADE-POST", "description": "WebSocket upgrade via POST must not be accepted", "category": "Compliance", "rfc": "RFC 6455 \u00a74.1", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "ClosedByServer", "reason": "WebSocket upgrade via POST must not be accepted", "scored": true, "durationMs": 50.7663, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 13\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:58 GMT\r\nConnection: Close\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-UPGRADE-MISSING-CONN", "description": "Upgrade header without Connection: Upgrade must not trigger protocol switch", "category": "Compliance", "rfc": "RFC 9110 \u00a77.8", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "Upgrade header without Connection: Upgrade must not trigger protocol switch", "scored": true, "durationMs": 50.7136, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 13\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:58 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 2\r\nETag: \"1979081074\"\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-UPGRADE-UNKNOWN", "description": "Upgrade to unknown protocol must not return 101", "category": "Compliance", "rfc": "RFC 9110 \u00a77.8", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "ClosedByServer", "reason": "Upgrade to unknown protocol must not return 101", "scored": true, "durationMs": 50.6393, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: totally-made-up/1.0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:58 GMT\r\nConnection: Close\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 2\r\nETag: \"1979081074\"\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-METHOD-CONNECT", "description": "CONNECT to an origin server must be rejected", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.6", "verdict": "Fail", "statusCode": 404, "expected": "400/405/501 or close", "got": "404", "connectionState": "Open", "reason": "Expected 400/405/501 or close, got 404 \u2014 CONNECT to an origin server must be rejected", "scored": true, "durationMs": 50.6147, "rawRequest": "CONNECT example.com:443 HTTP/1.1\r\nHost: example.com:443\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:58 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\n\r\n4F\r\n{\"status\":404,\"message\":\"The requested resource does not exist on this server\"}\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-EXPECT-UNKNOWN", "description": "Unknown Expect value should be rejected with 417", "category": "Compliance", "rfc": "RFC 9110 \u00a710.1.1", "verdict": "Warn", "statusCode": 200, "expected": "417 or 2xx", "got": "200", "connectionState": "Open", "reason": "Unknown Expect value should be rejected with 417", "scored": true, "durationMs": 50.6065, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nExpect: 200-ok\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:58 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 2\r\nETag: \"1979081074\"\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-GET-WITH-CL-BODY", "description": "GET with Content-Length and body \u2014 semantically unusual", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "GET with Content-Length and body \u2014 semantically unusual", "scored": false, "durationMs": 50.5171, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:58 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 2\r\nETag: \"1979081074\"\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-CHUNKED-EXTENSION", "description": "Chunk extension (valid per RFC) \u2014 server should accept or may reject", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": 500, "expected": "2xx or 400", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 2xx or 400, got 500 \u2014 Chunk extension (valid per RFC) \u2014 server should accept or may reject", "scored": true, "durationMs": 51.588, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;ext=value\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.0 500 Internal Server Error\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:58 GMT\r\nConnection: Close\r\nContent-Length: 59\r\n\r\nThe input string '5;ext=value' was not in a correct format.", "behavioralNote": null}, {"id": "COMP-UPGRADE-INVALID-VER", "description": "WebSocket upgrade with unsupported version \u2014 should return 426", "category": "Compliance", "rfc": "RFC 6455 \u00a74.4", "verdict": "Warn", "statusCode": 200, "expected": "426 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "WebSocket upgrade with unsupported version \u2014 should return 426", "scored": true, "durationMs": 50.6835, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 99\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:58 GMT\r\nConnection: Close\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 2\r\nETag: \"1979081074\"\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-METHOD-TRACE", "description": "TRACE request \u2014 should be disabled in production", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.8", "verdict": "Pass", "statusCode": 405, "expected": "405/501 or 2xx", "got": "405", "connectionState": "Open", "reason": "TRACE request \u2014 should be disabled in production", "scored": false, "durationMs": 50.7191, "rawRequest": "TRACE / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 405 Method Not Allowed\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:58 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\n\r\n48\r\n{\"status\":405,\"message\":\"There is no method of a matching request type\"}\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-HOST-EMPTY-VALUE", "description": "Empty Host header value must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Empty Host header value must be rejected", "scored": true, "durationMs": 50.4585, "rawRequest": "GET / HTTP/1.1\r\nHost: \r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:58 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 2\r\nETag: \"1979081074\"\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-REQUEST-LINE-TAB", "description": "Tab as request-line delimiter \u2014 SHOULD reject but MAY parse on whitespace", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Tab as request-line delimiter \u2014 SHOULD reject but MAY parse on whitespace", "scored": true, "durationMs": 50.8047, "rawRequest": "GET\t/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:58 GMT\r\nConnection: Close\r\nContent-Length: 41\r\n\r\nUnexpected token while parsing path: None", "behavioralNote": null}, {"id": "COMP-VERSION-MISSING-MINOR", "description": "HTTP/1 with no minor version digit is invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/1 with no minor version digit is invalid", "scored": true, "durationMs": 50.5112, "rawRequest": "GET / HTTP/1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:58 GMT\r\nConnection: Close\r\nContent-Length: 46\r\n\r\nHTTP protocol version expected (got: 'HTTP/1')", "behavioralNote": null}, {"id": "COMP-VERSION-LEADING-ZEROS", "description": "HTTP/01.01 \u2014 leading zeros in version digits are invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/01.01 \u2014 leading zeros in version digits are invalid", "scored": true, "durationMs": 50.4363, "rawRequest": "GET / HTTP/01.01\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:58 GMT\r\nConnection: Close\r\nContent-Length: 50\r\n\r\nHTTP protocol version expected (got: 'HTTP/01.01')", "behavioralNote": null}, {"id": "COMP-VERSION-WHITESPACE", "description": "HTTP/ 1.1 \u2014 whitespace inside version token is invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/ 1.1 \u2014 whitespace inside version token is invalid", "scored": true, "durationMs": 50.518, "rawRequest": "GET / HTTP/ 1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:58 GMT\r\nConnection: Close\r\nContent-Length: 45\r\n\r\nHTTP protocol version expected (got: 'HTTP/')", "behavioralNote": null}, {"id": "COMP-CONNECTION-CLOSE", "description": "Server must close connection after responding to Connection: close", "category": "Compliance", "rfc": "RFC 9112 \u00a79.3", "verdict": "Pass", "statusCode": 200, "expected": "2xx + close", "got": "200", "connectionState": "ClosedByServer", "reason": "Server must close connection after responding to Connection: close", "scored": true, "durationMs": 50.7123, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:58 GMT\r\nConnection: Close\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 2\r\nETag: \"1979081074\"\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HTTP10-DEFAULT-CLOSE", "description": "HTTP/1.0 without keep-alive \u2014 server should close connection after response", "category": "Compliance", "rfc": "RFC 9112 \u00a79.3", "verdict": "Pass", "statusCode": 200, "expected": "2xx + close", "got": "200", "connectionState": "ClosedByServer", "reason": "HTTP/1.0 without keep-alive \u2014 server should close connection after response", "scored": true, "durationMs": 50.6471, "rawRequest": "GET / HTTP/1.0\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.0 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:58 GMT\r\nConnection: Close\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 2\r\nETag: \"1979081074\"\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HTTP10-NO-HOST", "description": "HTTP/1.0 without Host header \u2014 valid per HTTP/1.0", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Pass", "statusCode": 400, "expected": "200 or 400", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/1.0 without Host header \u2014 valid per HTTP/1.0", "scored": false, "durationMs": 50.482, "rawRequest": "GET / HTTP/1.0\r\n\r\n", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:58 GMT\r\nConnection: Close\r\nContent-Length: 51\r\n\r\nMandatory 'Host' header is missing from the request", "behavioralNote": null}, {"id": "COMP-HTTP12-VERSION", "description": "HTTP/1.2 \u2014 higher minor version should be accepted as HTTP/1.x compatible", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Fail", "statusCode": 400, "expected": "200 or 505", "got": "400", "connectionState": "ClosedByServer", "reason": "Expected 200 or 505, got 400 \u2014 HTTP/1.2 \u2014 higher minor version should be accepted as HTTP/1.x compatible", "scored": false, "durationMs": 49.6991, "rawRequest": "GET / HTTP/1.2\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:59 GMT\r\nConnection: Close\r\nContent-Length: 33\r\n\r\nUnexpected protocol version '1.2'", "behavioralNote": null}, {"id": "COMP-TRACE-WITH-BODY", "description": "TRACE with Content-Length body should be rejected", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.8", "verdict": "Pass", "statusCode": 405, "expected": "400/405 or 200", "got": "405", "connectionState": "Open", "reason": "TRACE with Content-Length body should be rejected", "scored": false, "durationMs": 50.5504, "rawRequest": "TRACE / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 405 Method Not Allowed\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:59 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\n\r\n48\r\n{\"status\":405,\"message\":\"There is no method of a matching request type\"}\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-TRAILER-VALID", "description": "Valid chunked body with trailer field should be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Valid chunked body with trailer field should be accepted", "scored": true, "durationMs": 50.6543, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nX-Checksum: abc\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:59 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhelloHTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:59 GMT\r\nConnection: Close\r\nContent-Length: 41\r\n\r\nUnexpected token while parsing path: None", "behavioralNote": null}, {"id": "COMP-CHUNKED-HEX-UPPERCASE", "description": "Chunk size with uppercase hex (A = 10) should be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Chunk size with uppercase hex (A = 10) should be accepted", "scored": true, "durationMs": 50.6917, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\nA\r\nhelloworld\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:20:59 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 10\r\n\r\nhelloworld", "behavioralNote": null}, {"id": "SMUG-CL-TE-BOTH", "description": "Both Content-Length and Transfer-Encoding present \u2014 server MAY reject or process with TE alone", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Both Content-Length and Transfer-Encoding present \u2014 server MAY reject or process with TE alone", "scored": true, "durationMs": 5000.8313, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 6\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-DUPLICATE-CL", "description": "Duplicate Content-Length with different values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Duplicate Content-Length with different values must be rejected", "scored": true, "durationMs": 50.8999, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nContent-Length: 10\r\n\r\nhelloworld", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:04 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 10\r\n\r\nhelloworld", "behavioralNote": "Used second CL (10 bytes)"}, {"id": "SMUG-CL-LEADING-ZEROS", "description": "Content-Length with leading zeros \u2014 valid per 1*DIGIT grammar but may cause parser disagreement", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with leading zeros \u2014 valid per 1*DIGIT grammar but may cause parser disagreement", "scored": true, "durationMs": 50.5409, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 005\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:04 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TE-XCHUNKED", "description": "Transfer-Encoding: xchunked must not be treated as chunked", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding: xchunked must not be treated as chunked", "scored": true, "durationMs": 50.735, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: xchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:04 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-TE-TRAILING-SPACE", "description": "Transfer-Encoding: 'chunked ' (trailing space) must not be treated as chunked", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding: 'chunked ' (trailing space) must not be treated as chunked", "scored": true, "durationMs": 50.4658, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked \r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:04 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-TE-SP-BEFORE-COLON", "description": "Transfer-Encoding with space before colon must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a75", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding with space before colon must be rejected", "scored": true, "durationMs": 50.4284, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding : chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:04 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-CL-NEGATIVE", "description": "Negative Content-Length must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Negative Content-Length must be rejected", "scored": true, "durationMs": 50.5226, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: -1\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:04 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CLTE-PIPELINE", "description": "CL.TE smuggling probe \u2014 follow-up should not receive smuggled response", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "CL.TE smuggling probe \u2014 follow-up should not receive smuggled response", "scored": true, "durationMs": 0.5688, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 4\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:04 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 4\r\n\r\n0\r\n\rHTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:04 GMT\r\nConnection: Close\r\nContent-Length: 43\r\n\r\nUnable to read HTTP verb from request line.", "behavioralNote": null}, {"id": "SMUG-TECL-PIPELINE", "description": "TE.CL smuggling probe \u2014 TE: chunked + CL: 30 with pipelined GET", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or close, got TimedOut \u2014 TE.CL smuggling probe \u2014 TE: chunked + CL: 30 with pipelined GET", "scored": true, "durationMs": 5000.5441, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nContent-Length: 30\r\n\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CL-TRAILING-SPACE", "description": "Content-Length with trailing space \u2014 OWS trimming is valid per RFC 9110 \u00a75.5", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with trailing space \u2014 OWS trimming is valid per RFC 9110 \u00a75.5", "scored": true, "durationMs": 50.571, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5 \r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:09 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TE-DOUBLE-CHUNKED", "description": "Transfer-Encoding: chunked, chunked with CL is ambiguous", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer-Encoding: chunked, chunked with CL is ambiguous", "scored": true, "durationMs": 50.5363, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked, chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:09 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-CL-EXTRA-LEADING-SP", "description": "Content-Length with extra leading whitespace (double space OWS)", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with extra leading whitespace (double space OWS)", "scored": true, "durationMs": 50.629, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length:  5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:09 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TE-CASE-MISMATCH", "description": "Transfer-Encoding: Chunked (capital C) with CL \u2014 case-insensitive is valid", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer-Encoding: Chunked (capital C) with CL \u2014 case-insensitive is valid", "scored": true, "durationMs": 50.6372, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: Chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:09 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-CL-COMMA-DIFFERENT", "description": "Content-Length with comma-separated different values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with comma-separated different values must be rejected", "scored": true, "durationMs": 50.5827, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5, 10\r\n\r\nhello", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:09 GMT\r\nConnection: Close\r\nContent-Length: 55\r\n\r\nContent-Length header is expected to be a numeric value", "behavioralNote": null}, {"id": "SMUG-TE-NOT-FINAL-CHUNKED", "description": "Transfer-Encoding where chunked is not final \u2014 server MUST respond with 400 (RFC 9112 \u00a76.3)", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.3", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding where chunked is not final \u2014 server MUST respond with 400 (RFC 9112 \u00a76.3)", "scored": true, "durationMs": 50.6892, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked, gzip\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:09 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 0\r\n\r\nHTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:09 GMT\r\nConnection: Close\r\nContent-Length: 41\r\n\r\nUnexpected token while parsing path: None", "behavioralNote": null}, {"id": "SMUG-TE-HTTP10", "description": "Transfer-Encoding in HTTP/1.0 request must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding in HTTP/1.0 request must be rejected", "scored": true, "durationMs": 50.4438, "rawRequest": "POST / HTTP/1.0\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.0 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:09 GMT\r\nConnection: Close\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-CHUNK-BARE-SEMICOLON", "description": "Chunk size with bare semicolon and no extension name must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": 500, "expected": "400 or close", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 500 \u2014 Chunk size with bare semicolon and no extension name must be rejected", "scored": true, "durationMs": 51.1015, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.0 500 Internal Server Error\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:09 GMT\r\nConnection: Close\r\nContent-Length: 50\r\n\r\nThe input string '5;' was not in a correct format.", "behavioralNote": null}, {"id": "SMUG-BARE-CR-HEADER-VALUE", "description": "Bare CR in header value must be rejected or replaced with SP", "category": "Smuggling", "rfc": "RFC 9112 \u00a72.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Bare CR in header value must be rejected or replaced with SP", "scored": true, "durationMs": 50.5681, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nX-Test: val\rue\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:09 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\ne\r\n\r\nHTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:09 GMT\r\nConnection: Close\r\nContent-Length: 43\r\n\r\nUnable to read HTTP verb from request line.", "behavioralNote": null}, {"id": "SMUG-CL-OCTAL", "description": "Content-Length with octal prefix (0o5) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with octal prefix (0o5) must be rejected", "scored": true, "durationMs": 49.484, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0o5\r\n\r\nhello", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:09 GMT\r\nConnection: Close\r\nContent-Length: 55\r\n\r\nContent-Length header is expected to be a numeric value", "behavioralNote": null}, {"id": "SMUG-CHUNK-UNDERSCORE", "description": "Chunk size with underscores (1_0) must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 500, "expected": "400 or close", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 500 \u2014 Chunk size with underscores (1_0) must be rejected", "scored": true, "durationMs": 50.5992, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n1_0\r\nhello world!!!!!\r\n0\r\n\r\n", "rawResponse": "HTTP/1.0 500 Internal Server Error\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:10 GMT\r\nConnection: Close\r\nContent-Length: 51\r\n\r\nThe input string '1_0' was not in a correct format.", "behavioralNote": null}, {"id": "SMUG-TE-EMPTY-VALUE", "description": "Transfer-Encoding with empty value must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding with empty value must be rejected", "scored": true, "durationMs": 50.5157, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:10 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-TE-LEADING-COMMA", "description": "Transfer-Encoding with leading comma (, chunked) \u2014 RFC says empty list elements MUST be ignored", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.6.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer-Encoding with leading comma (, chunked) \u2014 RFC says empty list elements MUST be ignored", "scored": true, "durationMs": 50.9025, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: , chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:10 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-TE-DUPLICATE-HEADERS", "description": "Two Transfer-Encoding headers with CL present \u2014 ambiguous framing", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Two Transfer-Encoding headers with CL present \u2014 ambiguous framing", "scored": true, "durationMs": 50.4986, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nTransfer-Encoding: identity\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:10 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-CHUNK-HEX-PREFIX", "description": "Chunk size with 0x prefix must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Chunk size with 0x prefix must be rejected", "scored": true, "durationMs": 50.8361, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n0x5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:10 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 0\r\n\r\nHTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:10 GMT\r\nConnection: Close\r\nContent-Length: 41\r\n\r\nUnexpected token while parsing path: None", "behavioralNote": null}, {"id": "SMUG-CL-HEX-PREFIX", "description": "Content-Length with hex prefix (0x5) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with hex prefix (0x5) must be rejected", "scored": true, "durationMs": 50.5151, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0x5\r\n\r\nhello", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:10 GMT\r\nConnection: Close\r\nContent-Length: 55\r\n\r\nContent-Length header is expected to be a numeric value", "behavioralNote": null}, {"id": "SMUG-CL-INTERNAL-SPACE", "description": "Content-Length with internal space (1 0) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with internal space (1 0) must be rejected", "scored": true, "durationMs": 50.533, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 1 0\r\n\r\nhello12345", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:10 GMT\r\nConnection: Close\r\nContent-Length: 55\r\n\r\nContent-Length header is expected to be a numeric value", "behavioralNote": null}, {"id": "SMUG-CHUNK-LEADING-SP", "description": "Chunk size with leading space must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Chunk size with leading space must be rejected", "scored": true, "durationMs": 50.7602, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n 5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:10 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-CHUNK-MISSING-TRAILING-CRLF", "description": "Chunk data without trailing CRLF must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 500, "expected": "400 or close", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 500 \u2014 Chunk data without trailing CRLF must be rejected", "scored": true, "durationMs": 50.7, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello0\r\n\r\n", "rawResponse": "HTTP/1.0 500 Internal Server Error\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:10 GMT\r\nConnection: Close\r\nContent-Length: 48\r\n\r\nThe input string '' was not in a correct format.", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-LF", "description": "Bare LF in chunk extension \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": 500, "expected": "400 or 2xx", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or 2xx, got 500 \u2014 Bare LF in chunk extension \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 50.8937, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.0 500 Internal Server Error\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:10 GMT\r\nConnection: Close\r\nContent-Length: 56\r\n\r\nThe input string '5;\nhello' was not in a correct format.", "behavioralNote": null}, {"id": "SMUG-CHUNK-SPILL", "description": "Chunk declares size 5 but sends 7 bytes \u2014 oversized chunk data must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 500, "expected": "400 or close", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 500 \u2014 Chunk declares size 5 but sends 7 bytes \u2014 oversized chunk data must be rejected", "scored": true, "durationMs": 50.5938, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello!!\r\n0\r\n\r\n", "rawResponse": "HTTP/1.0 500 Internal Server Error\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:10 GMT\r\nConnection: Close\r\nContent-Length: 48\r\n\r\nThe input string '' was not in a correct format.", "behavioralNote": null}, {"id": "SMUG-CHUNK-LF-TERM", "description": "Bare LF as chunk data terminator \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 500, "expected": "400 or 2xx", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or 2xx, got 500 \u2014 Bare LF as chunk data terminator \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 50.7731, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\n0\r\n\r\n", "rawResponse": "HTTP/1.0 500 Internal Server Error\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:10 GMT\r\nConnection: Close\r\nContent-Length: 48\r\n\r\nThe input string '' was not in a correct format.", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-CTRL", "description": "NUL byte in chunk extension must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": 500, "expected": "400 or close", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 500 \u2014 NUL byte in chunk extension must be rejected", "scored": true, "durationMs": 50.5165, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\u0000ext\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.0 500 Internal Server Error\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:10 GMT\r\nConnection: Close\r\nContent-Length: 54\r\n\r\nThe input string '5;\u0000ext' was not in a correct format.", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-CR", "description": "Bare CR (not CRLF) in chunk extension \u2014 some parsers treat CR alone as line ending", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": 500, "expected": "400 or close", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 500 \u2014 Bare CR (not CRLF) in chunk extension \u2014 some parsers treat CR alone as line ending", "scored": true, "durationMs": 50.6521, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;a\rX\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.0 500 Internal Server Error\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:10 GMT\r\nConnection: Close\r\nContent-Length: 51\r\n\r\nThe input string '5;a' was not in a correct format.", "behavioralNote": null}, {"id": "SMUG-TE-VTAB", "description": "Vertical tab before 'chunked' in TE value \u2014 control char obfuscation vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Vertical tab before 'chunked' in TE value \u2014 control char obfuscation vector", "scored": true, "durationMs": 51.5725, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \u000bchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:10 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-TE-FORMFEED", "description": "Form feed before 'chunked' in TE value \u2014 control char obfuscation vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Form feed before 'chunked' in TE value \u2014 control char obfuscation vector", "scored": true, "durationMs": 50.67, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \fchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:10 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-TE-NULL", "description": "NUL byte appended to 'chunked' in TE value \u2014 C-string truncation attack", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 NUL byte appended to 'chunked' in TE value \u2014 C-string truncation attack", "scored": true, "durationMs": 50.5211, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\u0000\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:10 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-CHUNK-LF-TRAILER", "description": "Bare LF in chunked trailer termination \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 500, "expected": "400 or 2xx", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or 2xx, got 500 \u2014 Bare LF in chunked trailer termination \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 50.8017, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\n", "rawResponse": "HTTP/1.0 500 Internal Server Error\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:10 GMT\r\nConnection: Close\r\nContent-Length: 76\r\n\r\nSpecified argument was out of the range of valid values. (Parameter 'start')", "behavioralNote": null}, {"id": "SMUG-TE-IDENTITY", "description": "Transfer-Encoding: identity (deprecated) with CL must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding: identity (deprecated) with CL must be rejected", "scored": true, "durationMs": 50.3537, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: identity\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:10 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-CHUNK-NEGATIVE", "description": "Negative chunk size must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 500, "expected": "400 or close", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 500 \u2014 Negative chunk size must be rejected", "scored": true, "durationMs": 50.4585, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n-1\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.0 500 Internal Server Error\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:11 GMT\r\nConnection: Close\r\nContent-Length: 50\r\n\r\nThe input string '-1' was not in a correct format.", "behavioralNote": null}, {"id": "SMUG-TRANSFER_ENCODING", "description": "Transfer_Encoding (underscore) header with CL \u2014 not a valid header but some parsers accept", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer_Encoding (underscore) header with CL \u2014 not a valid header but some parsers accept", "scored": false, "durationMs": 50.4807, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer_Encoding: chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:11 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-CL-COMMA-SAME", "description": "Content-Length with comma-separated identical values \u2014 some servers merge", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with comma-separated identical values \u2014 some servers merge", "scored": false, "durationMs": 50.4551, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5, 5\r\n\r\nhello", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:11 GMT\r\nConnection: Close\r\nContent-Length: 55\r\n\r\nContent-Length header is expected to be a numeric value", "behavioralNote": null}, {"id": "SMUG-CHUNKED-WITH-PARAMS", "description": "Transfer-Encoding: chunked;ext=val \u2014 parameters on chunked encoding", "category": "Smuggling", "rfc": "RFC 9112 \u00a77", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer-Encoding: chunked;ext=val \u2014 parameters on chunked encoding", "scored": true, "durationMs": 50.5067, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked;ext=val\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:11 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-EXPECT-100-CL", "description": "Expect: 100-continue with Content-Length \u2014 server should send 100 then read body", "category": "Smuggling", "rfc": "RFC 9110 \u00a710.1.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Expect: 100-continue with Content-Length \u2014 server should send 100 then read body", "scored": false, "durationMs": 50.5884, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nExpect: 100-continue\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:11 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TRAILER-CL", "description": "Content-Length in chunked trailers must be ignored \u2014 prohibited trailer field", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Content-Length in chunked trailers must be ignored \u2014 prohibited trailer field", "scored": false, "durationMs": 50.7916, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nContent-Length: 50\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:11 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhelloHTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:11 GMT\r\nConnection: Close\r\nContent-Length: 41\r\n\r\nUnexpected token while parsing path: None", "behavioralNote": null}, {"id": "SMUG-TRAILER-TE", "description": "Transfer-Encoding in chunked trailers must be ignored \u2014 prohibited trailer field", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding in chunked trailers must be ignored \u2014 prohibited trailer field", "scored": false, "durationMs": 50.7363, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nTransfer-Encoding: chunked\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:11 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhelloHTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:11 GMT\r\nConnection: Close\r\nContent-Length: 41\r\n\r\nUnexpected token while parsing path: None", "behavioralNote": null}, {"id": "SMUG-TRAILER-HOST", "description": "Host header in chunked trailers must not be used for routing", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Host header in chunked trailers must not be used for routing", "scored": false, "durationMs": 50.6439, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nHost: evil.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:11 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhelloHTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:11 GMT\r\nConnection: Close\r\nContent-Length: 41\r\n\r\nUnexpected token while parsing path: None", "behavioralNote": null}, {"id": "SMUG-TRAILER-AUTH", "description": "Authorization header in chunked trailers \u2014 prohibited per RFC 9110 \u00a76.5.1", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Authorization header in chunked trailers \u2014 prohibited per RFC 9110 \u00a76.5.1", "scored": false, "durationMs": 50.7511, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nAuthorization: Bearer evil\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:11 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhelloHTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:11 GMT\r\nConnection: Close\r\nContent-Length: 44\r\n\r\nHTTP protocol version expected (got: 'evil')", "behavioralNote": null}, {"id": "SMUG-HEAD-CL-BODY", "description": "HEAD request with Content-Length and body \u2014 server must not leave body on connection", "category": "Smuggling", "rfc": "RFC 9110 \u00a79.3.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "HEAD request with Content-Length and body \u2014 server must not leave body on connection", "scored": false, "durationMs": 50.4799, "rawRequest": "HEAD / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:11 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 2\r\nETag: \"1979081074\"\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-OPTIONS-CL-BODY", "description": "OPTIONS with Content-Length and body \u2014 server should consume or reject body", "category": "Smuggling", "rfc": "RFC 9110 \u00a79.3.7", "verdict": "Fail", "statusCode": 405, "expected": "400 or 2xx", "got": "405", "connectionState": "Open", "reason": "Expected 400 or 2xx, got 405 \u2014 OPTIONS with Content-Length and body \u2014 server should consume or reject body", "scored": false, "durationMs": 50.6573, "rawRequest": "OPTIONS / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 405 Method Not Allowed\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:11 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\n\r\n48\r\n{\"status\":405,\"message\":\"There is no method of a matching request type\"}\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-UNDERSCORE", "description": "Content-Length with underscore digit separator (1_0) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with underscore digit separator (1_0) must be rejected", "scored": true, "durationMs": 50.4615, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 1_0\r\n\r\nhelloworld", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:11 GMT\r\nConnection: Close\r\nContent-Length: 55\r\n\r\nContent-Length header is expected to be a numeric value", "behavioralNote": null}, {"id": "SMUG-CL-NEGATIVE-ZERO", "description": "Content-Length: -0 must be rejected \u2014 not valid 1*DIGIT", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Content-Length: -0 must be rejected \u2014 not valid 1*DIGIT", "scored": true, "durationMs": 50.471, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: -0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:11 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-DOUBLE-ZERO", "description": "Content-Length: 00 \u2014 matches 1*DIGIT but leading zero ambiguity", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length: 00 \u2014 matches 1*DIGIT but leading zero ambiguity", "scored": true, "durationMs": 50.7718, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 00\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:11 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-LEADING-ZEROS-OCTAL", "description": "Content-Length: 0200 \u2014 octal 128 vs decimal 200, parser disagreement vector", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length: 0200 \u2014 octal 128 vs decimal 200, parser disagreement vector", "scored": true, "durationMs": 50.5014, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0200\r\n\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:11 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 200\r\n\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "behavioralNote": null}, {"id": "SMUG-TE-OBS-FOLD", "description": "Transfer-Encoding with obs-fold line wrapping must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a75.1", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "Open", "reason": "Expected 400, got 200 \u2014 Transfer-Encoding with obs-fold line wrapping must be rejected", "scored": true, "durationMs": 49.2783, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding:\r\n chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:11 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-TE-TRAILING-COMMA", "description": "Transfer-Encoding: chunked, \u2014 trailing comma produces empty list element", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.6.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer-Encoding: chunked, \u2014 trailing comma produces empty list element", "scored": true, "durationMs": 50.5091, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked,\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:11 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-TE-TAB-BEFORE-VALUE", "description": "Transfer-Encoding with tab as OWS before value", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer-Encoding with tab as OWS before value", "scored": false, "durationMs": 50.428, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding:\tchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:11 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-ABSOLUTE-URI-HOST-MISMATCH", "description": "Absolute-form URI with different Host header \u2014 routing confusion vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a73.2.2", "verdict": "Fail", "statusCode": 404, "expected": "400 or 2xx", "got": "404", "connectionState": "Open", "reason": "Expected 400 or 2xx, got 404 \u2014 Absolute-form URI with different Host header \u2014 routing confusion vector", "scored": false, "durationMs": 50.6142, "rawRequest": "GET http://other.example.com/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:11 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nETag: \"18446744071584333603\"\r\n\r\n4F\r\n{\"status\":404,\"message\":\"The requested resource does not exist on this server\"}\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-MULTIPLE-HOST-COMMA", "description": "Host header with comma-separated values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a77.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Host header with comma-separated values must be rejected", "scored": true, "durationMs": 50.4935, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080, other.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:11 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 2\r\nETag: \"1979081074\"\r\n\r\nOK", "behavioralNote": null}, {"id": "SMUG-CHUNK-BARE-CR-TERM", "description": "Chunk size line terminated by bare CR \u2014 not a valid line terminator", "category": "Smuggling", "rfc": "RFC 9112 \u00a72.2", "verdict": "Fail", "statusCode": 500, "expected": "400 or close", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 500 \u2014 Chunk size line terminated by bare CR \u2014 not a valid line terminator", "scored": true, "durationMs": 50.6737, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\rhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.0 500 Internal Server Error\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:12 GMT\r\nConnection: Close\r\nContent-Length: 48\r\n\r\nThe input string '' was not in a correct format.", "behavioralNote": null}, {"id": "SMUG-TRAILER-CONTENT-TYPE", "description": "Content-Type in chunked trailer \u2014 prohibited per RFC 9110 \u00a76.5.1", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Content-Type in chunked trailer \u2014 prohibited per RFC 9110 \u00a76.5.1", "scored": false, "durationMs": 50.7068, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nContent-Type: text/evil\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:12 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhelloHTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:12 GMT\r\nConnection: Close\r\nContent-Length: 41\r\n\r\nUnexpected token while parsing path: None", "behavioralNote": null}, {"id": "MAL-BINARY-GARBAGE", "description": "Random binary garbage should be rejected or connection closed", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "Random binary garbage should be rejected or connection closed", "scored": true, "durationMs": 50.6494, "rawRequest": ">\u0017???\u0004?;???V???:o?M%U\u0017]?n?\t\u0014W??6??(\u000b??\u0007???p??\u0005\tngk??\rF?'??'\"?????g?\u001a?????rvc??7i??????)??\u0000Q?????\u000eq\u0005-~????>B??u?8???`\u000b?J\u0017>?\u001d?b?\t???T5{\n????\u0006t|????\u0018\u0010?D??\u0015'????dQ%5w\tN K???\r?\u0011????D?\u0003I?(?\u0011??\r?\u001bi?L???\u0005?kg4Ze\f6??\"QT><<`\u0007u\f????=1?jMah\u0012??+?-??J\u001cP??\u001d?7?,???j2\u0014????(", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:12 GMT\r\nConnection: Close\r\nContent-Length: 44\r\n\r\nHTTP protocol version expected (got: 'K???')", "behavioralNote": null}, {"id": "MAL-LONG-URL", "description": "100KB URL should be rejected with 414 URI Too Long", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/414/431 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "100KB URL should be rejected with 414 URI Too Long", "scored": true, "durationMs": 50.9511, "rawRequest": "GET /AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:12 GMT\r\nConnection: Close\r\nContent-Length: 41\r\n\r\nUnexpected token while parsing path: None", "behavioralNote": null}, {"id": "MAL-LONG-HEADER-VALUE", "description": "100KB header value should be rejected with 431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/431 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "100KB header value should be rejected with 431", "scored": true, "durationMs": 50.88, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Big: BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:12 GMT\r\nConnection: Close\r\nContent-Length: 41\r\n\r\nUnexpected token 'None' (expected 'Word')", "behavioralNote": null}, {"id": "MAL-MANY-HEADERS", "description": "10,000 headers should be rejected with 431", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 500, "expected": "400/431 or close", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400/431 or close, got 500 \u2014 10,000 headers should be rejected with 431", "scored": true, "durationMs": 52.1064, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-H-0: value\r\nX-H-1: value\r\nX-H-2: value\r\nX-H-3: value\r\nX-H-4: value\r\nX-H-5: value\r\nX-H-6: value\r\nX-H-7: value\r\nX-H-8: value\r\nX-H-9: value\r\nX-H-10: value\r\nX-H-11: value\r\nX-H-12: value\r\nX-H-13: value\r\nX-H-14: value\r\nX-H-15: value\r\nX-H-16: value\r\nX-H-17: value\r\nX-H-18: value\r\nX-H-19: value\r\nX-H-20: value\r\nX-H-21: value\r\nX-H-22: value\r\nX-H-23: value\r\nX-H-24: value\r\nX-H-25: value\r\nX-H-26: value\r\nX-H-27: value\r\nX-H-28: value\r\nX-H-29: value\r\nX-H-30: value\r\nX-H-31: value\r\nX-H-32: value\r\nX-H-33: value\r\nX-H-34: value\r\nX-H-35: value\r\nX-H-36: value\r\nX-H-37: value\r\nX-H-38: value\r\nX-H-39: value\r\nX-H-40: value\r\nX-H-41: value\r\nX-H-42: value\r\nX-H-43: value\r\nX-H-44: value\r\nX-H-45: value\r\nX-H-46: value\r\nX-H-47: value\r\nX-H-48: value\r\nX-H-49: value\r\nX-H-50: value\r\nX-H-51: value\r\nX-H-52: value\r\nX-H-53: value\r\nX-H-54: value\r\nX-H-55: value\r\nX-H-56: value\r\nX-H-57: value\r\nX-H-58: value\r\nX-H-59: value\r\nX-H-60: value\r\nX-H-61: value\r\nX-H-62: value\r\nX-H-63: value\r\nX-H-64: value\r\nX-H-65: value\r\nX-H-66: value\r\nX-H-67: value\r\nX-H-68: value\r\nX-H-69: value\r\nX-H-70: value\r\nX-H-71: value\r\nX-H-72: value\r\nX-H-73: value\r\nX-H-74: value\r\nX-H-75: value\r\nX-H-76: value\r\nX-H-77: value\r\nX-H-78: value\r\nX-H-79: value\r\nX-H-80: value\r\nX-H-81: value\r\nX-H-82: value\r\nX-H-83: value\r\nX-H-84: value\r\nX-H-85: value\r\nX-H-86: value\r\nX-H-87: value\r\nX-H-88: value\r\nX-H-89: value\r\nX-H-90: value\r\nX-H-91: value\r\nX-H-92: value\r\nX-H-93: value\r\nX-H-94: value\r\nX-H-95: value\r\nX-H-96: value\r\nX-H-97: value\r\nX-H-98: value\r\nX-H-99: value\r\nX-H-100: value\r\nX-H-101: value\r\nX-H-102: value\r\nX-H-103: value\r\nX-H-104: value\r\nX-H-105: value\r\nX-H-106: value\r\nX-H-107: value\r\nX-H-108: value\r\nX-H-109: value\r\nX-H-110: value\r\nX-H-111: value\r\nX-H-112: value\r\nX-H-113: value\r\nX-H-114: value\r\nX-H-115: value\r\nX-H-116: value\r\nX-H-117: value\r\nX-H-118: value\r\nX-H-119: value\r\nX-H-120: value\r\nX-H-121: value\r\nX-H-122: value\r\nX-H-123: value\r\nX-H-124: value\r\nX-H-125: value\r\nX-H-126: value\r\nX-H-127: value\r\nX-H-128: value\r\nX-H-129: value\r\nX-H-130: value\r\nX-H-131: value\r\nX-H-132: value\r\nX-H-133: value\r\nX-H-134: value\r\nX-H-135: value\r\nX-H-136: value\r\nX-H-137: value\r\nX-H-138: value\r\nX-H-139: value\r\nX-H-140: value\r\nX-H-141: value\r\nX-H-142: value\r\nX-H-143: value\r\nX-H-144: value\r\nX-H-145: value\r\nX-H-146: value\r\nX-H-147: value\r\nX-H-148: value\r\nX-H-149: value\r\nX-H-150: value\r\nX-H-151: value\r\nX-H-152: value\r\nX-H-153: value\r\nX-H-154: value\r\nX-H-155: value\r\nX-H-156: value\r\nX-H-157: value\r\nX-H-158: value\r\nX-H-159: value\r\nX-H-160: value\r\nX-H-161: value\r\nX-H-162: value\r\nX-H-163: value\r\nX-H-164: value\r\nX-H-165: value\r\nX-H-166: value\r\nX-H-167: value\r\nX-H-168: value\r\nX-H-169: value\r\nX-H-170: value\r\nX-H-171: value\r\nX-H-172: value\r\nX-H-173: value\r\nX-H-174: value\r\nX-H-175: value\r\nX-H-176: value\r\nX-H-177: value\r\nX-H-178: value\r\nX-H-179: value\r\nX-H-180: value\r\nX-H-181: value\r\nX-H-182: value\r\nX-H-183: value\r\nX-H-184: value\r\nX-H-185: value\r\nX-H-186: value\r\nX-H-187: value\r\nX-H-188: value\r\nX-H-189: value\r\nX-H-190: value\r\nX-H-191: value\r\nX-H-192: value\r\nX-H-193: value\r\nX-H-194: value\r\nX-H-195: value\r\nX-H-196: value\r\nX-H-197: value\r\nX-H-198: value\r\nX-H-199: value\r\nX-H-200: value\r\nX-H-201: value\r\nX-H-202: value\r\nX-H-203: value\r\nX-H-204: value\r\nX-H-205: value\r\nX-H-206: value\r\nX-H-207: value\r\nX-H-208: value\r\nX-H-209: value\r\nX-H-210: value\r\nX-H-211: value\r\nX-H-212: value\r\nX-H-213: value\r\nX-H-214: value\r\nX-H-215: value\r\nX-H-216: value\r\nX-H-217: value\r\nX-H-218: value\r\nX-H-219: value\r\nX-H-220: value\r\nX-H-221: value\r\nX-H-222: value\r\nX-H-223: value\r\nX-H-224: value\r\nX-H-225: value\r\nX-H-226: value\r\nX-H-227: value\r\nX-H-228: value\r\nX-H-229: value\r\nX-H-230: value\r\nX-H-231: value\r\nX-H-232: value\r\nX-H-233: value\r\nX-H-234: value\r\nX-H-235: value\r\nX-H-236: value\r\nX-H-237: value\r\nX-H-238: value\r\nX-H-239: value\r\nX-H-240: value\r\nX-H-241: value\r\nX-H-242: value\r\nX-H-243: value\r\nX-H-244: value\r\nX-H-245: value\r\nX-H-246: value\r\nX-H-247: value\r\nX-H-248: value\r\nX-H-249: value\r\nX-H-250: value\r\nX-H-251: value\r\nX-H-252: value\r\nX-H-253: value\r\nX-H-254: value\r\nX-H-255: value\r\nX-H-256: value\r\nX-H-257: value\r\nX-H-258: value\r\nX-H-259: value\r\nX-H-260: value\r\nX-H-261: value\r\nX-H-262: value\r\nX-H-263: value\r\nX-H-264: value\r\nX-H-265: value\r\nX-H-266: value\r\nX-H-267: value\r\nX-H-268: value\r\nX-H-269: value\r\nX-H-270: value\r\nX-H-271: value\r\nX-H-272: value\r\nX-H-273: value\r\nX-H-274: value\r\nX-H-275: value\r\nX-H-276: value\r\nX-H-277: value\r\nX-H-278: value\r\nX-H-279: value\r\nX-H-280: value\r\nX-H-281: value\r\nX-H-282: value\r\nX-H-283: value\r\nX-H-284: value\r\nX-H-285: value\r\nX-H-286: value\r\nX-H-287: value\r\nX-H-288: value\r\nX-H-289: value\r\nX-H-290: value\r\nX-H-291: value\r\nX-H-292: value\r\nX-H-293: value\r\nX-H-294: value\r\nX-H-295: value\r\nX-H-296: value\r\nX-H-297: value\r\nX-H-298: value\r\nX-H-299: value\r\nX-H-300: value\r\nX-H-301: value\r\nX-H-302: value\r\nX-H-303: value\r\nX-H-304: value\r\nX-H-305: value\r\nX-H-306: value\r\nX-H-307: value\r\nX-H-308: value\r\nX-H-309: value\r\nX-H-310: value\r\nX-H-311: value\r\nX-H-312: value\r\nX-H-313: value\r\nX-H-314: value\r\nX-H-315: value\r\nX-H-316: value\r\nX-H-317: value\r\nX-H-318: value\r\nX-H-319: value\r\nX-H-320: value\r\nX-H-321: value\r\nX-H-322: value\r\nX-H-323: value\r\nX-H-324: value\r\nX-H-325: value\r\nX-H-326: value\r\nX-H-327: value\r\nX-H-328: value\r\nX-H-329: value\r\nX-H-330: value\r\nX-H-331: value\r\nX-H-332: value\r\nX-H-333: value\r\nX-H-334: value\r\nX-H-335: value\r\nX-H-336: value\r\nX-H-337: value\r\nX-H-338: value\r\nX-H-339: value\r\nX-H-340: value\r\nX-H-341: value\r\nX-H-342: value\r\nX-H-343: value\r\nX-H-344: value\r\nX-H-345: value\r\nX-H-346: value\r\nX-H-347: value\r\nX-H-348: value\r\nX-H-349: value\r\nX-H-350: value\r\nX-H-351: value\r\nX-H-352: value\r\nX-H-353: value\r\nX-H-354: value\r\nX-H-355: value\r\nX-H-356: value\r\nX-H-357: value\r\nX-H-358: value\r\nX-H-359: value\r\nX-H-360: value\r\nX-H-361: value\r\nX-H-362: value\r\nX-H-363: value\r\nX-H-364: value\r\nX-H-365: value\r\nX-H-366: value\r\nX-H-367: value\r\nX-H-368: value\r\nX-H-369: value\r\nX-H-370: value\r\nX-H-371: value\r\nX-H-372: value\r\nX-H-373: value\r\nX-H-374: value\r\nX-H-375: value\r\nX-H-376: value\r\nX-H-377: value\r\nX-H-378: value\r\nX-H-379: value\r\nX-H-380: value\r\nX-H-381: value\r\nX-H-382: value\r\nX-H-383: value\r\nX-H-384: value\r\nX-H-385: value\r\nX-H-386: value\r\nX-H-387: value\r\nX-H-388: value\r\nX-H-389: value\r\nX-H-390: value\r\nX-H-391: value\r\nX-H-392: value\r\nX-H-393: value\r\nX-H-394: value\r\nX-H-395: value\r\nX-H-396: value\r\nX-H-397: value\r\nX-H-398: value\r\nX-H-399: value\r\nX-H-400: value\r\nX-H-401: value\r\nX-H-402: value\r\nX-H-403: value\r\nX-H-404: value\r\nX-H-405: value\r\nX-H-406: value\r\nX-H-407: value\r\nX-H-408: value\r\nX-H-409: value\r\nX-H-410: value\r\nX-H-411: value\r\nX-H-412: value\r\nX-H-413: value\r\nX-H-414: value\r\nX-H-415: value\r\nX-H-416: value\r\nX-H-417: value\r\nX-H-418: value\r\nX-H-419: value\r\nX-H-420: value\r\nX-H-421: value\r\nX-H-422: value\r\nX-H-423: value\r\nX-H-424: value\r\nX-H-425: value\r\nX-H-426: value\r\nX-H-427: value\r\nX-H-428: value\r\nX-H-429: value\r\nX-H-430: value\r\nX-H-431: value\r\nX-H-432: value\r\nX-H-433: value\r\nX-H-434: value\r\nX-H-435: value\r\nX-H-436: value\r\nX-H-437: value\r\nX-H-438: value\r\nX-H-439: value\r\nX-H-440: value\r\nX-H-441: value\r\nX-H-442: value\r\nX-H-443: value\r\nX-H-444: value\r\nX-H-445: value\r\nX-H-446: value\r\nX-H-447: value\r\nX-H-448: value\r\nX-H-449: value\r\nX-H-450: value\r\nX-H-451: value\r\nX-H-452: value\r\nX-H-453: value\r\nX-H-454: value\r\nX-H-455: value\r\nX-H-456: value\r\nX-H-457: value\r\nX-H-458: value\r\nX-H-459: value\r\nX-H-460: value\r\nX-H-461: value\r\nX-H-462: value\r\nX-H-463: value\r\nX-H-464: value\r\nX-H-465: value\r\nX-H-466: value\r\nX-H-467: value\r\nX-H-468: value\r\nX-H-469: value\r\nX-H-470: value\r\nX-H-471: value\r\nX-H-472: value\r\nX-H-473: value\r\nX-H-474: value\r\nX-H-475: value\r\nX-H-476: value\r\nX-H-477: value\r\nX-H-478: value\r\nX-H-479: value\r\nX-H-480: value\r\nX-H-481: value\r\nX-H-482: value\r\nX-H-483: value\r\nX-H-484: value\r\nX-H-485: value\r\nX-H-486: value\r\nX-H-487: value\r\nX-H-488: value\r\nX-H-489: value\r\nX-H-490: value\r\nX-H-491: value\r\nX-H-492: value\r\nX-H-493: value\r\nX-H-494: value\r\nX-H-495: value\r\nX-H-496: value\r\nX-H-497: value\r\nX-H-498: value\r\nX-H-499: value\r\nX-H-500: value\r\nX-H-501: value\r\nX-H-502: value\r\nX-H-503: value\r\nX-H-504: value\r\nX-H-505: value\r\nX-H-506: value\r\nX-H-507: value\r\nX-H-508: value\r\nX-H-509: value\r\nX-H-510: value\r\nX-H-511: value\r\nX-H-512: value\r\nX-H-513: value\r\nX-H-514: value\r\nX-H-515: value\r\nX-H-516:", "rawResponse": "HTTP/1.0 500 Internal Server Error\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:12 GMT\r\nConnection: Close\r\nContent-Length: 76\r\n\r\nSpecified argument was out of the range of valid values. (Parameter 'start')", "behavioralNote": null}, {"id": "MAL-NUL-IN-URL", "description": "NUL byte in URL should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 404, "expected": "400 or close", "got": "404", "connectionState": "Open", "reason": "Expected 400 or close, got 404 \u2014 NUL byte in URL should be rejected", "scored": true, "durationMs": 50.4389, "rawRequest": "GET /\u0000test HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:12 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nETag: \"18446744071584333603\"\r\n\r\n4F\r\n{\"status\":404,\"message\":\"The requested resource does not exist on this server\"}\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-CONTROL-CHARS-HEADER", "description": "Control characters in header value should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Control characters in header value should be rejected", "scored": true, "durationMs": 50.3938, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: abc\u0007\b?f\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:12 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 2\r\nETag: \"1979081074\"\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-INCOMPLETE-REQUEST", "description": "Partial HTTP request \u2014 request-line and headers but no final CRLF", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "Partial HTTP request \u2014 request-line and headers but no final CRLF", "scored": true, "durationMs": 50.4967, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: value", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:12 GMT\r\nConnection: Close\r\nContent-Length: 41\r\n\r\nUnexpected token 'None' (expected 'Word')", "behavioralNote": null}, {"id": "MAL-EMPTY-REQUEST", "description": "Zero bytes \u2014 TCP connection established without sending any data", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Zero bytes \u2014 TCP connection established without sending any data", "scored": true, "durationMs": 5000.5901, "rawRequest": "", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-LONG-HEADER-NAME", "description": "100KB header name should be rejected with 400/431", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400/431 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400/431 or close, got 200 \u2014 100KB header name should be rejected with 400/431", "scored": true, "durationMs": 51.0465, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:17 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 2\r\nETag: \"1979081074\"\r\n\r\nOKHTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:17 GMT\r\nConnection: Close\r\nContent-Length: 43\r\n\r\nUnable to read HTTP verb from request line.", "behavioralNote": null}, {"id": "MAL-LONG-METHOD", "description": "100KB method name should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "100KB method name should be rejected", "scored": true, "durationMs": 50.8501, "rawRequest": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:17 GMT\r\nConnection: Close\r\nContent-Length: 43\r\n\r\nUnable to read HTTP verb from request line.", "behavioralNote": null}, {"id": "MAL-NON-ASCII-HEADER-NAME", "description": "Non-ASCII bytes (UTF-8 \u00eb) in header name must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Non-ASCII bytes (UTF-8 \u00eb) in header name must be rejected", "scored": true, "durationMs": 50.5093, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-T??st: value\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:17 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 2\r\nETag: \"1979081074\"\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-NON-ASCII-URL", "description": "Non-ASCII bytes (UTF-8 \u00e9) in URL must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 404, "expected": "400 or close", "got": "404", "connectionState": "Open", "reason": "Expected 400 or close, got 404 \u2014 Non-ASCII bytes (UTF-8 \u00e9) in URL must be rejected", "scored": true, "durationMs": 50.6117, "rawRequest": "GET /caf?? HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:17 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nETag: \"18446744071584333603\"\r\n\r\n4F\r\n{\"status\":404,\"message\":\"The requested resource does not exist on this server\"}\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-CL-OVERFLOW", "description": "Content-Length with integer overflow value must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with integer overflow value must be rejected", "scored": true, "durationMs": 50.4384, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 99999999999999999999\r\n\r\n", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:17 GMT\r\nConnection: Close\r\nContent-Length: 55\r\n\r\nContent-Length header is expected to be a numeric value", "behavioralNote": null}, {"id": "MAL-WHITESPACE-ONLY-LINE", "description": "Whitespace-only request line should be rejected or timeout", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "Whitespace-only request line should be rejected or timeout", "scored": true, "durationMs": 50.5321, "rawRequest": "   \r\n\r\n", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:17 GMT\r\nConnection: Close\r\nContent-Length: 41\r\n\r\nUnexpected token while parsing path: None", "behavioralNote": null}, {"id": "MAL-NUL-IN-HEADER-VALUE", "description": "NUL byte in header value should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 NUL byte in header value should be rejected", "scored": true, "durationMs": 50.3839, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: val\u0000ue\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:17 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 2\r\nETag: \"1979081074\"\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-CHUNK-SIZE-OVERFLOW", "description": "Chunk size with integer overflow must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 500, "expected": "400 or close", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 500 \u2014 Chunk size with integer overflow must be rejected", "scored": true, "durationMs": 51.0058, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\nFFFFFFFFFFFFFFFF0\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.0 500 Internal Server Error\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:17 GMT\r\nConnection: Close\r\nContent-Length: 53\r\n\r\nValue was either too large or too small for an Int64.", "behavioralNote": null}, {"id": "MAL-H2-PREFACE", "description": "HTTP/2 connection preface sent to HTTP/1.1 server must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/505/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/2 connection preface sent to HTTP/1.1 server must be rejected", "scored": true, "durationMs": 50.5406, "rawRequest": "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:17 GMT\r\nConnection: Close\r\nContent-Length: 33\r\n\r\nUnexpected protocol version '2.0'", "behavioralNote": null}, {"id": "MAL-CL-EMPTY", "description": "Empty Content-Length value must be rejected", "category": "MalformedInput", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Empty Content-Length value must be rejected", "scored": true, "durationMs": 50.4564, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: \r\n\r\n", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:17 GMT\r\nConnection: Close\r\nContent-Length: 55\r\n\r\nContent-Length header is expected to be a numeric value", "behavioralNote": null}, {"id": "MAL-CL-TAB-BEFORE-VALUE", "description": "Content-Length with tab as OWS \u2014 valid per RFC but unusual", "category": "MalformedInput", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with tab as OWS \u2014 valid per RFC but unusual", "scored": true, "durationMs": 50.5792, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length:\t5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:17 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 5\r\n\r\nhello", "behavioralNote": null}, {"id": "MAL-URL-BACKSLASH", "description": "Backslash in URL path \u2014 not valid URI character, some servers normalize to /", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 404, "expected": "400 or 2xx/404", "got": "404", "connectionState": "Open", "reason": "Backslash in URL path \u2014 not valid URI character, some servers normalize to /", "scored": true, "durationMs": 50.4555, "rawRequest": "GET /path\\file HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:18 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nETag: \"18446744071584333603\"\r\n\r\n4F\r\n{\"status\":404,\"message\":\"The requested resource does not exist on this server\"}\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-URL-OVERLONG-UTF8", "description": "Overlong UTF-8 encoding of / (0xC0 0xAF) in URL must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 404, "expected": "400 or close", "got": "404", "connectionState": "Open", "reason": "Expected 400 or close, got 404 \u2014 Overlong UTF-8 encoding of / (0xC0 0xAF) in URL must be rejected", "scored": true, "durationMs": 50.5266, "rawRequest": "GET /?? HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:18 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nETag: \"18446744071584333603\"\r\n\r\n4F\r\n{\"status\":404,\"message\":\"The requested resource does not exist on this server\"}\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-URL-PERCENT-NULL", "description": "Percent-encoded NUL byte (%00) in URL \u2014 security risk from null byte injection", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 404, "expected": "400 or 2xx/404", "got": "404", "connectionState": "Open", "reason": "Percent-encoded NUL byte (%00) in URL \u2014 security risk from null byte injection", "scored": true, "durationMs": 50.5749, "rawRequest": "GET /path%00.html HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:18 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nETag: \"18446744071584333603\"\r\n\r\n4F\r\n{\"status\":404,\"message\":\"The requested resource does not exist on this server\"}\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-URL-PERCENT-CRLF", "description": "Percent-encoded CRLF (%0d%0a) in URL \u2014 header injection if server decodes during parsing", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 404, "expected": "400 or 2xx/404", "got": "404", "connectionState": "Open", "reason": "Percent-encoded CRLF (%0d%0a) in URL \u2014 header injection if server decodes during parsing", "scored": true, "durationMs": 50.5162, "rawRequest": "GET /path%0d%0aX-Injected:%20true HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:18 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nETag: \"18446744071584333603\"\r\n\r\n4F\r\n{\"status\":404,\"message\":\"The requested resource does not exist on this server\"}\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-CHUNK-EXT-64K", "description": "64KB chunk extension \u2014 tests extension length limits (CVE-2023-39326 class)", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "64KB chunk extension \u2014 tests extension length limits (CVE-2023-39326 class)", "scored": true, "durationMs": 51.7402, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;ext=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "rawResponse": "HTTP/1.0 400 Bad Request\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:18 GMT\r\nConnection: Close\r\nContent-Length: 19\r\n\r\nChunk size expected", "behavioralNote": null}, {"id": "MAL-RANGE-OVERLAPPING", "description": "1000 overlapping Range values \u2014 resource exhaustion vector (CVE-2011-3192 class)", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "200/206/400/416", "got": "200", "connectionState": "Open", "reason": "1000 overlapping Range values \u2014 resource exhaustion vector (CVE-2011-3192 class)", "scored": false, "durationMs": 51.9884, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nRange: bytes=0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: GenHTTP/10.4.2.0\r\nDate: Thu, 12 Feb 2026 21:21:18 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 2\r\nETag: \"1979081074\"\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-POST-CL-HUGE-NO-BODY", "description": "POST with Content-Length: 999999999 but no body \u2014 tests timeout vs memory allocation", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "POST with Content-Length: 999999999 but no body \u2014 tests timeout vs memory allocation", "scored": true, "durationMs": 5000.7971, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 999999999\r\n\r\n", "rawResponse": null, "behavioralNote": null}], "name": "GenHTTP", "language": "C#"}, {"summary": {"total": 143, "scored": 125, "passed": 93, "failed": 16, "warnings": 16, "unscored": 18}, "results": [{"id": "COMP-BASELINE", "description": "Valid GET request \u2014 confirms server is reachable", "category": "Compliance", "rfc": null, "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid GET request \u2014 confirms server is reachable", "scored": true, "durationMs": 64.6484, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:26 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-2.2-BARE-LF-REQUEST-LINE", "description": "Bare LF in request line should be rejected, but MAY be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or close (pass), 2xx (warn)", "got": "200", "connectionState": "Open", "reason": "Bare LF in request line should be rejected, but MAY be accepted", "scored": true, "durationMs": 51.8297, "rawRequest": "GET / HTTP/1.1\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:26 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-2.2-BARE-LF-HEADER", "description": "Bare LF in header should be rejected, but MAY be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close (pass), 2xx (warn)", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare LF in header should be rejected, but MAY be accepted", "scored": true, "durationMs": 51.0005, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\nX-Test: value\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-5.1-OBS-FOLD", "description": "Obs-fold (line folding) in headers should be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75.1", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "Open", "reason": "Expected 400, got 200 \u2014 Obs-fold (line folding) in headers should be rejected", "scored": true, "durationMs": 50.6841, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: value\r\n continued\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:26 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "RFC9110-5.6.2-SP-BEFORE-COLON", "description": "Whitespace between header name and colon must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "Open", "reason": "Expected 400, got 200 \u2014 Whitespace between header name and colon must be rejected", "scored": true, "durationMs": 50.6348, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test : value\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:26 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-3-MULTI-SP-REQUEST-LINE", "description": "Multiple spaces between request-line components \u2014 SHOULD reject but MAY parse leniently", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Multiple spaces between request-line components \u2014 SHOULD reject but MAY parse leniently", "scored": true, "durationMs": 50.7369, "rawRequest": "GET  / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:26 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-7.1-MISSING-HOST", "description": "Request without Host header must be rejected with 400", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "Open", "reason": "Expected 400, got 200 \u2014 Request without Host header must be rejected with 400", "scored": true, "durationMs": 50.5551, "rawRequest": "GET / HTTP/1.1\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:26 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-2.3-INVALID-VERSION", "description": "Invalid HTTP version must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400/505 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Invalid HTTP version must be rejected", "scored": true, "durationMs": 50.6366, "rawRequest": "GET / HTTP/9.9\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-5-EMPTY-HEADER-NAME", "description": "Empty header name (leading colon) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Empty header name (leading colon) must be rejected", "scored": true, "durationMs": 50.5245, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\n: empty-name\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:27 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-3-CR-ONLY-LINE-ENDING", "description": "CR without LF as line ending must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "CR without LF as line ending must be rejected", "scored": true, "durationMs": 50.453, "rawRequest": "GET / HTTP/1.1\rHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-3-MISSING-TARGET", "description": "Request line with no target (space but no path) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Request line with no target (space but no path) must be rejected", "scored": true, "durationMs": 50.5609, "rawRequest": "GET HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-3.2-FRAGMENT-IN-TARGET", "description": "Fragment (#) in request-target \u2014 not part of origin-form grammar", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Fragment (#) in request-target \u2014 not part of origin-form grammar", "scored": true, "durationMs": 50.7386, "rawRequest": "GET /path#frag HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:27 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-2.3-HTTP09-REQUEST", "description": "HTTP/0.9 request (no version) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "HTTP/0.9 request (no version) must be rejected", "scored": true, "durationMs": 5001.6214, "rawRequest": "GET /\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "RFC9112-5-INVALID-HEADER-NAME", "description": "Header name with invalid characters (brackets) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Header name with invalid characters (brackets) must be rejected", "scored": true, "durationMs": 50.8197, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nBad[Name: value\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-5-HEADER-NO-COLON", "description": "Header line without colon must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Header line without colon must be rejected", "scored": true, "durationMs": 50.5, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nNoColonHere\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "RFC9110-5.4-DUPLICATE-HOST", "description": "Duplicate Host headers with different values must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "Open", "reason": "Expected 400, got 200 \u2014 Duplicate Host headers with different values must be rejected", "scored": true, "durationMs": 50.5977, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nHost: other.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:32 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-6.1-CL-NON-NUMERIC", "description": "Non-numeric Content-Length must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Non-numeric Content-Length must be rejected", "scored": true, "durationMs": 50.5943, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: abc\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-6.1-CL-PLUS-SIGN", "description": "Content-Length with plus sign must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with plus sign must be rejected", "scored": true, "durationMs": 50.546, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: +5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "COMP-WHITESPACE-BEFORE-HEADERS", "description": "Whitespace before first header line must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Whitespace before first header line must be rejected", "scored": true, "durationMs": 50.592, "rawRequest": "GET / HTTP/1.1\r\n \r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "COMP-DUPLICATE-HOST-SAME", "description": "Duplicate Host headers with identical values must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "Open", "reason": "Expected 400, got 200 \u2014 Duplicate Host headers with identical values must be rejected", "scored": true, "durationMs": 50.8565, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:32 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-HOST-WITH-USERINFO", "description": "Host header with userinfo (user@host) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Host header with userinfo (user@host) must be rejected", "scored": true, "durationMs": 50.5896, "rawRequest": "GET / HTTP/1.1\r\nHost: user@localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:32 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-HOST-WITH-PATH", "description": "Host header with path component must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Host header with path component must be rejected", "scored": true, "durationMs": 50.6118, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080/path\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:32 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-ASTERISK-WITH-GET", "description": "Asterisk-form (*) request-target with GET must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.4", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Asterisk-form (*) request-target with GET must be rejected", "scored": true, "durationMs": 50.501, "rawRequest": "GET * HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:32 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-OPTIONS-STAR", "description": "OPTIONS * is the only valid asterisk-form request", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.4", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "OPTIONS * is the only valid asterisk-form request", "scored": true, "durationMs": 50.4324, "rawRequest": "OPTIONS * HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:32 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-UNKNOWN-TE-501", "description": "Unknown Transfer-Encoding without CL should be rejected with 501", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400/501 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Unknown Transfer-Encoding without CL should be rejected with 501", "scored": true, "durationMs": 50.6672, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: gzip\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "COMP-LEADING-CRLF", "description": "Leading CRLF before request-line \u2014 server may ignore per RFC", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Leading CRLF before request-line \u2014 server may ignore per RFC", "scored": true, "durationMs": 50.6934, "rawRequest": "\r\n\r\nGET / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:32 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-ABSOLUTE-FORM", "description": "Absolute-form request-target \u2014 server should accept per RFC", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Absolute-form request-target \u2014 server should accept per RFC", "scored": true, "durationMs": 50.6295, "rawRequest": "GET http://localhost:8080/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:32 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-METHOD-CASE", "description": "Lowercase method 'get' \u2014 methods are case-sensitive per RFC", "category": "Compliance", "rfc": "RFC 9110 \u00a79.1", "verdict": "Pass", "statusCode": 400, "expected": "400/405/501 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Lowercase method 'get' \u2014 methods are case-sensitive per RFC", "scored": true, "durationMs": 50.6157, "rawRequest": "get / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "COMP-POST-CL-BODY", "description": "POST with Content-Length and matching body must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "POST with Content-Length and matching body must be accepted", "scored": true, "durationMs": 50.9981, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:33 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-POST-CL-ZERO", "description": "POST with Content-Length: 0 and no body must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "POST with Content-Length: 0 and no body must be accepted", "scored": true, "durationMs": 50.7705, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:33 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-POST-NO-CL-NO-TE", "description": "POST with neither Content-Length nor Transfer-Encoding \u2014 implicit zero-length body", "category": "Compliance", "rfc": "RFC 9112 \u00a76.3", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "POST with neither Content-Length nor Transfer-Encoding \u2014 implicit zero-length body", "scored": true, "durationMs": 50.572, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:33 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-POST-CL-UNDERSEND", "description": "POST with Content-Length: 10 but only 5 bytes sent \u2014 incomplete body", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "POST with Content-Length: 10 but only 5 bytes sent \u2014 incomplete body", "scored": true, "durationMs": 5000.6292, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 10\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-CHUNKED-BODY", "description": "Valid single-chunk POST must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid single-chunk POST must be accepted", "scored": true, "durationMs": 50.6623, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:38 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-MULTI", "description": "Valid multi-chunk POST must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid multi-chunk POST must be accepted", "scored": true, "durationMs": 50.7012, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n6\r\n world\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:38 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\nb\r\nhello world\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-EMPTY", "description": "Zero-length chunked body (just terminator) must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "Zero-length chunked body (just terminator) must be accepted", "scored": true, "durationMs": 50.5963, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:38 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-NO-FINAL", "description": "Chunked body without zero terminator \u2014 incomplete transfer", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Chunked body without zero terminator \u2014 incomplete transfer", "scored": true, "durationMs": 5000.7364, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-UPGRADE-POST", "description": "WebSocket upgrade via POST must not be accepted", "category": "Compliance", "rfc": "RFC 6455 \u00a74.1", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "WebSocket upgrade via POST must not be accepted", "scored": true, "durationMs": 50.9231, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 13\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:43 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-UPGRADE-MISSING-CONN", "description": "Upgrade header without Connection: Upgrade must not trigger protocol switch", "category": "Compliance", "rfc": "RFC 9110 \u00a77.8", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "Upgrade header without Connection: Upgrade must not trigger protocol switch", "scored": true, "durationMs": 50.7796, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 13\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:43 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-UPGRADE-UNKNOWN", "description": "Upgrade to unknown protocol must not return 101", "category": "Compliance", "rfc": "RFC 9110 \u00a77.8", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "Upgrade to unknown protocol must not return 101", "scored": true, "durationMs": 50.678, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: totally-made-up/1.0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:43 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-METHOD-CONNECT", "description": "CONNECT to an origin server must be rejected", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.6", "verdict": "Pass", "statusCode": null, "expected": "400/405/501 or close", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "CONNECT to an origin server must be rejected", "scored": true, "durationMs": 0.7167, "rawRequest": "CONNECT example.com:443 HTTP/1.1\r\nHost: example.com:443\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-EXPECT-UNKNOWN", "description": "Unknown Expect value should be rejected with 417", "category": "Compliance", "rfc": "RFC 9110 \u00a710.1.1", "verdict": "Pass", "statusCode": 417, "expected": "417 or 2xx", "got": "417", "connectionState": "Open", "reason": "Unknown Expect value should be rejected with 417", "scored": true, "durationMs": 50.6444, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nExpect: 200-ok\r\n\r\n", "rawResponse": "HTTP/1.1 417 Expectation Failed\r\nDate: Thu, 12 Feb 2026 21:21:43 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-GET-WITH-CL-BODY", "description": "GET with Content-Length and body \u2014 semantically unusual", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "GET with Content-Length and body \u2014 semantically unusual", "scored": false, "durationMs": 50.7066, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:43 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-EXTENSION", "description": "Chunk extension (valid per RFC) \u2014 server should accept or may reject", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx or 400", "got": "200", "connectionState": "Open", "reason": "Chunk extension (valid per RFC) \u2014 server should accept or may reject", "scored": true, "durationMs": 50.6394, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;ext=value\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:43 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-UPGRADE-INVALID-VER", "description": "WebSocket upgrade with unsupported version \u2014 should return 426", "category": "Compliance", "rfc": "RFC 6455 \u00a74.4", "verdict": "Warn", "statusCode": 200, "expected": "426 or 2xx", "got": "200", "connectionState": "Open", "reason": "WebSocket upgrade with unsupported version \u2014 should return 426", "scored": true, "durationMs": 50.7276, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 99\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:43 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-METHOD-TRACE", "description": "TRACE request \u2014 should be disabled in production", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.8", "verdict": "Warn", "statusCode": 200, "expected": "405/501 or 2xx", "got": "200", "connectionState": "Open", "reason": "TRACE request \u2014 should be disabled in production", "scored": false, "durationMs": 50.5623, "rawRequest": "TRACE / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:43 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-HOST-EMPTY-VALUE", "description": "Empty Host header value must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Empty Host header value must be rejected", "scored": true, "durationMs": 50.4932, "rawRequest": "GET / HTTP/1.1\r\nHost: \r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:43 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-REQUEST-LINE-TAB", "description": "Tab as request-line delimiter \u2014 SHOULD reject but MAY parse on whitespace", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Tab as request-line delimiter \u2014 SHOULD reject but MAY parse on whitespace", "scored": true, "durationMs": 50.5577, "rawRequest": "GET\t/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "COMP-VERSION-MISSING-MINOR", "description": "HTTP/1 with no minor version digit is invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/1 with no minor version digit is invalid", "scored": true, "durationMs": 50.4082, "rawRequest": "GET / HTTP/1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "COMP-VERSION-LEADING-ZEROS", "description": "HTTP/01.01 \u2014 leading zeros in version digits are invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/01.01 \u2014 leading zeros in version digits are invalid", "scored": true, "durationMs": 50.63, "rawRequest": "GET / HTTP/01.01\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "COMP-VERSION-WHITESPACE", "description": "HTTP/ 1.1 \u2014 whitespace inside version token is invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/ 1.1 \u2014 whitespace inside version token is invalid", "scored": true, "durationMs": 50.4301, "rawRequest": "GET / HTTP/ 1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CONNECTION-CLOSE", "description": "Server must close connection after responding to Connection: close", "category": "Compliance", "rfc": "RFC 9112 \u00a79.3", "verdict": "Pass", "statusCode": 200, "expected": "2xx + close", "got": "200", "connectionState": "ClosedByServer", "reason": "Server must close connection after responding to Connection: close", "scored": true, "durationMs": 50.7356, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:44 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-HTTP10-DEFAULT-CLOSE", "description": "HTTP/1.0 without keep-alive \u2014 server should close connection after response", "category": "Compliance", "rfc": "RFC 9112 \u00a79.3", "verdict": "Pass", "statusCode": 200, "expected": "2xx + close", "got": "200", "connectionState": "ClosedByServer", "reason": "HTTP/1.0 without keep-alive \u2014 server should close connection after response", "scored": true, "durationMs": 51.2459, "rawRequest": "GET / HTTP/1.0\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:44 GMT\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HTTP10-NO-HOST", "description": "HTTP/1.0 without Host header \u2014 valid per HTTP/1.0", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Warn", "statusCode": 200, "expected": "200 or 400", "got": "200", "connectionState": "ClosedByServer", "reason": "HTTP/1.0 without Host header \u2014 valid per HTTP/1.0", "scored": false, "durationMs": 50.7033, "rawRequest": "GET / HTTP/1.0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:44 GMT\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HTTP12-VERSION", "description": "HTTP/1.2 \u2014 higher minor version should be accepted as HTTP/1.x compatible", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Fail", "statusCode": 400, "expected": "200 or 505", "got": "400", "connectionState": "ClosedByServer", "reason": "Expected 200 or 505, got 400 \u2014 HTTP/1.2 \u2014 higher minor version should be accepted as HTTP/1.x compatible", "scored": false, "durationMs": 50.5458, "rawRequest": "GET / HTTP/1.2\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "COMP-TRACE-WITH-BODY", "description": "TRACE with Content-Length body should be rejected", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.8", "verdict": "Warn", "statusCode": 200, "expected": "400/405 or 200", "got": "200", "connectionState": "Open", "reason": "TRACE with Content-Length body should be rejected", "scored": false, "durationMs": 50.7148, "rawRequest": "TRACE / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:44 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-TRAILER-VALID", "description": "Valid chunked body with trailer field should be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid chunked body with trailer field should be accepted", "scored": true, "durationMs": 51.0362, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nX-Checksum: abc\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:44 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-HEX-UPPERCASE", "description": "Chunk size with uppercase hex (A = 10) should be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Chunk size with uppercase hex (A = 10) should be accepted", "scored": true, "durationMs": 50.7144, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\nA\r\nhelloworld\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:44 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\na\r\nhelloworld\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-TE-BOTH", "description": "Both Content-Length and Transfer-Encoding present \u2014 server MAY reject or process with TE alone", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Both Content-Length and Transfer-Encoding present \u2014 server MAY reject or process with TE alone", "scored": true, "durationMs": 50.873, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 6\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-DUPLICATE-CL", "description": "Duplicate Content-Length with different values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Duplicate Content-Length with different values must be rejected", "scored": true, "durationMs": 50.9324, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nContent-Length: 10\r\n\r\nhelloworld", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-LEADING-ZEROS", "description": "Content-Length with leading zeros \u2014 valid per 1*DIGIT grammar but may cause parser disagreement", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with leading zeros \u2014 valid per 1*DIGIT grammar but may cause parser disagreement", "scored": true, "durationMs": 50.9295, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 005\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:44 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-XCHUNKED", "description": "Transfer-Encoding: xchunked must not be treated as chunked", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: xchunked must not be treated as chunked", "scored": true, "durationMs": 50.6252, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: xchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-TRAILING-SPACE", "description": "Transfer-Encoding: 'chunked ' (trailing space) must not be treated as chunked", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: 'chunked ' (trailing space) must not be treated as chunked", "scored": true, "durationMs": 50.5194, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked \r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-SP-BEFORE-COLON", "description": "Transfer-Encoding with space before colon must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with space before colon must be rejected", "scored": true, "durationMs": 50.6993, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding : chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-NEGATIVE", "description": "Negative Content-Length must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Negative Content-Length must be rejected", "scored": true, "durationMs": 50.6332, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: -1\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CLTE-PIPELINE", "description": "CL.TE smuggling probe \u2014 follow-up should not receive smuggled response", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "CL.TE smuggling probe \u2014 follow-up should not receive smuggled response", "scored": true, "durationMs": 0.6537, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 4\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TECL-PIPELINE", "description": "TE.CL smuggling probe \u2014 TE: chunked + CL: 30 with pipelined GET", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "TE.CL smuggling probe \u2014 TE: chunked + CL: 30 with pipelined GET", "scored": true, "durationMs": 0.5155, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nContent-Length: 30\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-TRAILING-SPACE", "description": "Content-Length with trailing space \u2014 OWS trimming is valid per RFC 9110 \u00a75.5", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with trailing space \u2014 OWS trimming is valid per RFC 9110 \u00a75.5", "scored": true, "durationMs": 50.4891, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5 \r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:44 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-DOUBLE-CHUNKED", "description": "Transfer-Encoding: chunked, chunked with CL is ambiguous", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: chunked, chunked with CL is ambiguous", "scored": true, "durationMs": 50.6381, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked, chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-EXTRA-LEADING-SP", "description": "Content-Length with extra leading whitespace (double space OWS)", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with extra leading whitespace (double space OWS)", "scored": true, "durationMs": 50.9601, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length:  5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:44 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-CASE-MISMATCH", "description": "Transfer-Encoding: Chunked (capital C) with CL \u2014 case-insensitive is valid", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: Chunked (capital C) with CL \u2014 case-insensitive is valid", "scored": true, "durationMs": 50.6626, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: Chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-COMMA-DIFFERENT", "description": "Content-Length with comma-separated different values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with comma-separated different values must be rejected", "scored": true, "durationMs": 50.4656, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5, 10\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-NOT-FINAL-CHUNKED", "description": "Transfer-Encoding where chunked is not final \u2014 server MUST respond with 400 (RFC 9112 \u00a76.3)", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding where chunked is not final \u2014 server MUST respond with 400 (RFC 9112 \u00a76.3)", "scored": true, "durationMs": 50.4504, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked, gzip\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-HTTP10", "description": "Transfer-Encoding in HTTP/1.0 request must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding in HTTP/1.0 request must be rejected", "scored": true, "durationMs": 50.4561, "rawRequest": "POST / HTTP/1.0\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-BARE-SEMICOLON", "description": "Chunk size with bare semicolon and no extension name must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Chunk size with bare semicolon and no extension name must be rejected", "scored": true, "durationMs": 50.7708, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:45 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-BARE-CR-HEADER-VALUE", "description": "Bare CR in header value must be rejected or replaced with SP", "category": "Smuggling", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare CR in header value must be rejected or replaced with SP", "scored": true, "durationMs": 50.5966, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nX-Test: val\rue\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-OCTAL", "description": "Content-Length with octal prefix (0o5) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with octal prefix (0o5) must be rejected", "scored": true, "durationMs": 50.5203, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0o5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-UNDERSCORE", "description": "Chunk size with underscores (1_0) must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size with underscores (1_0) must be rejected", "scored": true, "durationMs": 50.6234, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n1_0\r\nhello world!!!!!\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-EMPTY-VALUE", "description": "Transfer-Encoding with empty value must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding with empty value must be rejected", "scored": true, "durationMs": 50.6327, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:45 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": "Body: 5\r\nhello\r\n0"}, {"id": "SMUG-TE-LEADING-COMMA", "description": "Transfer-Encoding with leading comma (, chunked) \u2014 RFC says empty list elements MUST be ignored", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.6.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with leading comma (, chunked) \u2014 RFC says empty list elements MUST be ignored", "scored": true, "durationMs": 50.4681, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: , chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-DUPLICATE-HEADERS", "description": "Two Transfer-Encoding headers with CL present \u2014 ambiguous framing", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Two Transfer-Encoding headers with CL present \u2014 ambiguous framing", "scored": true, "durationMs": 50.4368, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nTransfer-Encoding: identity\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-HEX-PREFIX", "description": "Chunk size with 0x prefix must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size with 0x prefix must be rejected", "scored": true, "durationMs": 50.5234, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n0x5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-HEX-PREFIX", "description": "Content-Length with hex prefix (0x5) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with hex prefix (0x5) must be rejected", "scored": true, "durationMs": 50.4144, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0x5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-INTERNAL-SPACE", "description": "Content-Length with internal space (1 0) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with internal space (1 0) must be rejected", "scored": true, "durationMs": 50.3506, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 1 0\r\n\r\nhello12345", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-LEADING-SP", "description": "Chunk size with leading space must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size with leading space must be rejected", "scored": true, "durationMs": 50.4362, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n 5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-MISSING-TRAILING-CRLF", "description": "Chunk data without trailing CRLF must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk data without trailing CRLF must be rejected", "scored": true, "durationMs": 50.5271, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-LF", "description": "Bare LF in chunk extension \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare LF in chunk extension \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 50.602, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-SPILL", "description": "Chunk declares size 5 but sends 7 bytes \u2014 oversized chunk data must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk declares size 5 but sends 7 bytes \u2014 oversized chunk data must be rejected", "scored": true, "durationMs": 50.4697, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello!!\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-LF-TERM", "description": "Bare LF as chunk data terminator \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare LF as chunk data terminator \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 50.6501, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-CTRL", "description": "NUL byte in chunk extension must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "NUL byte in chunk extension must be rejected", "scored": true, "durationMs": 50.4874, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\u0000ext\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-CR", "description": "Bare CR (not CRLF) in chunk extension \u2014 some parsers treat CR alone as line ending", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare CR (not CRLF) in chunk extension \u2014 some parsers treat CR alone as line ending", "scored": true, "durationMs": 50.5505, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;a\rX\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-VTAB", "description": "Vertical tab before 'chunked' in TE value \u2014 control char obfuscation vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Vertical tab before 'chunked' in TE value \u2014 control char obfuscation vector", "scored": true, "durationMs": 50.3761, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \u000bchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-FORMFEED", "description": "Form feed before 'chunked' in TE value \u2014 control char obfuscation vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Form feed before 'chunked' in TE value \u2014 control char obfuscation vector", "scored": true, "durationMs": 50.46, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \fchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-NULL", "description": "NUL byte appended to 'chunked' in TE value \u2014 C-string truncation attack", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "NUL byte appended to 'chunked' in TE value \u2014 C-string truncation attack", "scored": true, "durationMs": 50.5705, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\u0000\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-LF-TRAILER", "description": "Bare LF in chunked trailer termination \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Bare LF in chunked trailer termination \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 50.7627, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:46 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-IDENTITY", "description": "Transfer-Encoding: identity (deprecated) with CL must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: identity (deprecated) with CL must be rejected", "scored": true, "durationMs": 50.4691, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: identity\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-NEGATIVE", "description": "Negative chunk size must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Negative chunk size must be rejected", "scored": true, "durationMs": 50.559, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n-1\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRANSFER_ENCODING", "description": "Transfer_Encoding (underscore) header with CL \u2014 not a valid header but some parsers accept", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer_Encoding (underscore) header with CL \u2014 not a valid header but some parsers accept", "scored": false, "durationMs": 50.694, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer_Encoding: chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:46 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": "Body: 5\r\nhello\r\n0"}, {"id": "SMUG-CL-COMMA-SAME", "description": "Content-Length with comma-separated identical values \u2014 some servers merge", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with comma-separated identical values \u2014 some servers merge", "scored": false, "durationMs": 50.588, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5, 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNKED-WITH-PARAMS", "description": "Transfer-Encoding: chunked;ext=val \u2014 parameters on chunked encoding", "category": "Smuggling", "rfc": "RFC 9112 \u00a77", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: chunked;ext=val \u2014 parameters on chunked encoding", "scored": true, "durationMs": 50.5987, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked;ext=val\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-EXPECT-100-CL", "description": "Expect: 100-continue with Content-Length \u2014 server should send 100 then read body", "category": "Smuggling", "rfc": "RFC 9110 \u00a710.1.1", "verdict": "Fail", "statusCode": 100, "expected": "400 or 2xx", "got": "100", "connectionState": "Open", "reason": "Expected 400 or 2xx, got 100 \u2014 Expect: 100-continue with Content-Length \u2014 server should send 100 then read body", "scored": false, "durationMs": 50.8377, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nExpect: 100-continue\r\n\r\nhello", "rawResponse": "HTTP/1.1 100 Continue\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-CL", "description": "Content-Length in chunked trailers must be ignored \u2014 prohibited trailer field", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length in chunked trailers must be ignored \u2014 prohibited trailer field", "scored": false, "durationMs": 50.7368, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nContent-Length: 50\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:46 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-TE", "description": "Transfer-Encoding in chunked trailers must be ignored \u2014 prohibited trailer field", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding in chunked trailers must be ignored \u2014 prohibited trailer field", "scored": false, "durationMs": 50.5185, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nTransfer-Encoding: chunked\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-HOST", "description": "Host header in chunked trailers must not be used for routing", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Host header in chunked trailers must not be used for routing", "scored": false, "durationMs": 50.6865, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nHost: evil.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:46 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-AUTH", "description": "Authorization header in chunked trailers \u2014 prohibited per RFC 9110 \u00a76.5.1", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Authorization header in chunked trailers \u2014 prohibited per RFC 9110 \u00a76.5.1", "scored": false, "durationMs": 50.6587, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nAuthorization: Bearer evil\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:46 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-HEAD-CL-BODY", "description": "HEAD request with Content-Length and body \u2014 server must not leave body on connection", "category": "Smuggling", "rfc": "RFC 9110 \u00a79.3.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "HEAD request with Content-Length and body \u2014 server must not leave body on connection", "scored": false, "durationMs": 50.6829, "rawRequest": "HEAD / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:46 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-OPTIONS-CL-BODY", "description": "OPTIONS with Content-Length and body \u2014 server should consume or reject body", "category": "Smuggling", "rfc": "RFC 9110 \u00a79.3.7", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "OPTIONS with Content-Length and body \u2014 server should consume or reject body", "scored": false, "durationMs": 50.6338, "rawRequest": "OPTIONS / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:46 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-UNDERSCORE", "description": "Content-Length with underscore digit separator (1_0) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with underscore digit separator (1_0) must be rejected", "scored": true, "durationMs": 50.5511, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 1_0\r\n\r\nhelloworld", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-NEGATIVE-ZERO", "description": "Content-Length: -0 must be rejected \u2014 not valid 1*DIGIT", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length: -0 must be rejected \u2014 not valid 1*DIGIT", "scored": true, "durationMs": 50.6602, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: -0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-DOUBLE-ZERO", "description": "Content-Length: 00 \u2014 matches 1*DIGIT but leading zero ambiguity", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length: 00 \u2014 matches 1*DIGIT but leading zero ambiguity", "scored": true, "durationMs": 50.915, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 00\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:46 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-LEADING-ZEROS-OCTAL", "description": "Content-Length: 0200 \u2014 octal 128 vs decimal 200, parser disagreement vector", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length: 0200 \u2014 octal 128 vs decimal 200, parser disagreement vector", "scored": true, "durationMs": 50.7828, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0200\r\n\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:46 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\nc8\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-OBS-FOLD", "description": "Transfer-Encoding with obs-fold line wrapping must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a75.1", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with obs-fold line wrapping must be rejected", "scored": true, "durationMs": 50.572, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding:\r\n chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-TRAILING-COMMA", "description": "Transfer-Encoding: chunked, \u2014 trailing comma produces empty list element", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.6.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: chunked, \u2014 trailing comma produces empty list element", "scored": true, "durationMs": 50.6026, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked,\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-TAB-BEFORE-VALUE", "description": "Transfer-Encoding with tab as OWS before value", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with tab as OWS before value", "scored": false, "durationMs": 50.6711, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding:\tchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-ABSOLUTE-URI-HOST-MISMATCH", "description": "Absolute-form URI with different Host header \u2014 routing confusion vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a73.2.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Absolute-form URI with different Host header \u2014 routing confusion vector", "scored": false, "durationMs": 50.7558, "rawRequest": "GET http://other.example.com/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:47 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-MULTIPLE-HOST-COMMA", "description": "Host header with comma-separated values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a77.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Host header with comma-separated values must be rejected", "scored": true, "durationMs": 50.537, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080, other.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:47 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-BARE-CR-TERM", "description": "Chunk size line terminated by bare CR \u2014 not a valid line terminator", "category": "Smuggling", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size line terminated by bare CR \u2014 not a valid line terminator", "scored": true, "durationMs": 50.6954, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\rhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-CONTENT-TYPE", "description": "Content-Type in chunked trailer \u2014 prohibited per RFC 9110 \u00a76.5.1", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Type in chunked trailer \u2014 prohibited per RFC 9110 \u00a76.5.1", "scored": false, "durationMs": 50.8122, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nContent-Type: text/evil\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:47 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-BINARY-GARBAGE", "description": "Random binary garbage should be rejected or connection closed", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "Random binary garbage should be rejected or connection closed", "scored": true, "durationMs": 50.8293, "rawRequest": ">\u0017???\u0004?;???V???:o?M%U\u0017]?n?\t\u0014W??6??(\u000b??\u0007???p??\u0005\tngk??\rF?'??'\"?????g?\u001a?????rvc??7i??????)??\u0000Q?????\u000eq\u0005-~????>B??u?8???`\u000b?J\u0017>?\u001d?b?\t???T5{\n????\u0006t|????\u0018\u0010?D??\u0015'????dQ%5w\tN K???\r?\u0011????D?\u0003I?(?\u0011??\r?\u001bi?L???\u0005?kg4Ze\f6??\"QT><<`\u0007u\f????=1?jMah\u0012??+?-??J\u001cP??\u001d?7?,???j2\u0014????(", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-LONG-URL", "description": "100KB URL should be rejected with 414 URI Too Long", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 431, "expected": "400/414/431 or close", "got": "431", "connectionState": "ClosedByServer", "reason": "100KB URL should be rejected with 414 URI Too Long", "scored": true, "durationMs": 52.7912, "rawRequest": "GET /AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 431 Request Header Fields Too Large\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-LONG-HEADER-VALUE", "description": "100KB header value should be rejected with 431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 431, "expected": "400/431 or close", "got": "431", "connectionState": "ClosedByServer", "reason": "100KB header value should be rejected with 431", "scored": true, "durationMs": 51.2137, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Big: BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB", "rawResponse": "HTTP/1.1 431 Request Header Fields Too Large\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-MANY-HEADERS", "description": "10,000 headers should be rejected with 431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 431, "expected": "400/431 or close", "got": "431", "connectionState": "ClosedByServer", "reason": "10,000 headers should be rejected with 431", "scored": true, "durationMs": 51.6279, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-H-0: value\r\nX-H-1: value\r\nX-H-2: value\r\nX-H-3: value\r\nX-H-4: value\r\nX-H-5: value\r\nX-H-6: value\r\nX-H-7: value\r\nX-H-8: value\r\nX-H-9: value\r\nX-H-10: value\r\nX-H-11: value\r\nX-H-12: value\r\nX-H-13: value\r\nX-H-14: value\r\nX-H-15: value\r\nX-H-16: value\r\nX-H-17: value\r\nX-H-18: value\r\nX-H-19: value\r\nX-H-20: value\r\nX-H-21: value\r\nX-H-22: value\r\nX-H-23: value\r\nX-H-24: value\r\nX-H-25: value\r\nX-H-26: value\r\nX-H-27: value\r\nX-H-28: value\r\nX-H-29: value\r\nX-H-30: value\r\nX-H-31: value\r\nX-H-32: value\r\nX-H-33: value\r\nX-H-34: value\r\nX-H-35: value\r\nX-H-36: value\r\nX-H-37: value\r\nX-H-38: value\r\nX-H-39: value\r\nX-H-40: value\r\nX-H-41: value\r\nX-H-42: value\r\nX-H-43: value\r\nX-H-44: value\r\nX-H-45: value\r\nX-H-46: value\r\nX-H-47: value\r\nX-H-48: value\r\nX-H-49: value\r\nX-H-50: value\r\nX-H-51: value\r\nX-H-52: value\r\nX-H-53: value\r\nX-H-54: value\r\nX-H-55: value\r\nX-H-56: value\r\nX-H-57: value\r\nX-H-58: value\r\nX-H-59: value\r\nX-H-60: value\r\nX-H-61: value\r\nX-H-62: value\r\nX-H-63: value\r\nX-H-64: value\r\nX-H-65: value\r\nX-H-66: value\r\nX-H-67: value\r\nX-H-68: value\r\nX-H-69: value\r\nX-H-70: value\r\nX-H-71: value\r\nX-H-72: value\r\nX-H-73: value\r\nX-H-74: value\r\nX-H-75: value\r\nX-H-76: value\r\nX-H-77: value\r\nX-H-78: value\r\nX-H-79: value\r\nX-H-80: value\r\nX-H-81: value\r\nX-H-82: value\r\nX-H-83: value\r\nX-H-84: value\r\nX-H-85: value\r\nX-H-86: value\r\nX-H-87: value\r\nX-H-88: value\r\nX-H-89: value\r\nX-H-90: value\r\nX-H-91: value\r\nX-H-92: value\r\nX-H-93: value\r\nX-H-94: value\r\nX-H-95: value\r\nX-H-96: value\r\nX-H-97: value\r\nX-H-98: value\r\nX-H-99: value\r\nX-H-100: value\r\nX-H-101: value\r\nX-H-102: value\r\nX-H-103: value\r\nX-H-104: value\r\nX-H-105: value\r\nX-H-106: value\r\nX-H-107: value\r\nX-H-108: value\r\nX-H-109: value\r\nX-H-110: value\r\nX-H-111: value\r\nX-H-112: value\r\nX-H-113: value\r\nX-H-114: value\r\nX-H-115: value\r\nX-H-116: value\r\nX-H-117: value\r\nX-H-118: value\r\nX-H-119: value\r\nX-H-120: value\r\nX-H-121: value\r\nX-H-122: value\r\nX-H-123: value\r\nX-H-124: value\r\nX-H-125: value\r\nX-H-126: value\r\nX-H-127: value\r\nX-H-128: value\r\nX-H-129: value\r\nX-H-130: value\r\nX-H-131: value\r\nX-H-132: value\r\nX-H-133: value\r\nX-H-134: value\r\nX-H-135: value\r\nX-H-136: value\r\nX-H-137: value\r\nX-H-138: value\r\nX-H-139: value\r\nX-H-140: value\r\nX-H-141: value\r\nX-H-142: value\r\nX-H-143: value\r\nX-H-144: value\r\nX-H-145: value\r\nX-H-146: value\r\nX-H-147: value\r\nX-H-148: value\r\nX-H-149: value\r\nX-H-150: value\r\nX-H-151: value\r\nX-H-152: value\r\nX-H-153: value\r\nX-H-154: value\r\nX-H-155: value\r\nX-H-156: value\r\nX-H-157: value\r\nX-H-158: value\r\nX-H-159: value\r\nX-H-160: value\r\nX-H-161: value\r\nX-H-162: value\r\nX-H-163: value\r\nX-H-164: value\r\nX-H-165: value\r\nX-H-166: value\r\nX-H-167: value\r\nX-H-168: value\r\nX-H-169: value\r\nX-H-170: value\r\nX-H-171: value\r\nX-H-172: value\r\nX-H-173: value\r\nX-H-174: value\r\nX-H-175: value\r\nX-H-176: value\r\nX-H-177: value\r\nX-H-178: value\r\nX-H-179: value\r\nX-H-180: value\r\nX-H-181: value\r\nX-H-182: value\r\nX-H-183: value\r\nX-H-184: value\r\nX-H-185: value\r\nX-H-186: value\r\nX-H-187: value\r\nX-H-188: value\r\nX-H-189: value\r\nX-H-190: value\r\nX-H-191: value\r\nX-H-192: value\r\nX-H-193: value\r\nX-H-194: value\r\nX-H-195: value\r\nX-H-196: value\r\nX-H-197: value\r\nX-H-198: value\r\nX-H-199: value\r\nX-H-200: value\r\nX-H-201: value\r\nX-H-202: value\r\nX-H-203: value\r\nX-H-204: value\r\nX-H-205: value\r\nX-H-206: value\r\nX-H-207: value\r\nX-H-208: value\r\nX-H-209: value\r\nX-H-210: value\r\nX-H-211: value\r\nX-H-212: value\r\nX-H-213: value\r\nX-H-214: value\r\nX-H-215: value\r\nX-H-216: value\r\nX-H-217: value\r\nX-H-218: value\r\nX-H-219: value\r\nX-H-220: value\r\nX-H-221: value\r\nX-H-222: value\r\nX-H-223: value\r\nX-H-224: value\r\nX-H-225: value\r\nX-H-226: value\r\nX-H-227: value\r\nX-H-228: value\r\nX-H-229: value\r\nX-H-230: value\r\nX-H-231: value\r\nX-H-232: value\r\nX-H-233: value\r\nX-H-234: value\r\nX-H-235: value\r\nX-H-236: value\r\nX-H-237: value\r\nX-H-238: value\r\nX-H-239: value\r\nX-H-240: value\r\nX-H-241: value\r\nX-H-242: value\r\nX-H-243: value\r\nX-H-244: value\r\nX-H-245: value\r\nX-H-246: value\r\nX-H-247: value\r\nX-H-248: value\r\nX-H-249: value\r\nX-H-250: value\r\nX-H-251: value\r\nX-H-252: value\r\nX-H-253: value\r\nX-H-254: value\r\nX-H-255: value\r\nX-H-256: value\r\nX-H-257: value\r\nX-H-258: value\r\nX-H-259: value\r\nX-H-260: value\r\nX-H-261: value\r\nX-H-262: value\r\nX-H-263: value\r\nX-H-264: value\r\nX-H-265: value\r\nX-H-266: value\r\nX-H-267: value\r\nX-H-268: value\r\nX-H-269: value\r\nX-H-270: value\r\nX-H-271: value\r\nX-H-272: value\r\nX-H-273: value\r\nX-H-274: value\r\nX-H-275: value\r\nX-H-276: value\r\nX-H-277: value\r\nX-H-278: value\r\nX-H-279: value\r\nX-H-280: value\r\nX-H-281: value\r\nX-H-282: value\r\nX-H-283: value\r\nX-H-284: value\r\nX-H-285: value\r\nX-H-286: value\r\nX-H-287: value\r\nX-H-288: value\r\nX-H-289: value\r\nX-H-290: value\r\nX-H-291: value\r\nX-H-292: value\r\nX-H-293: value\r\nX-H-294: value\r\nX-H-295: value\r\nX-H-296: value\r\nX-H-297: value\r\nX-H-298: value\r\nX-H-299: value\r\nX-H-300: value\r\nX-H-301: value\r\nX-H-302: value\r\nX-H-303: value\r\nX-H-304: value\r\nX-H-305: value\r\nX-H-306: value\r\nX-H-307: value\r\nX-H-308: value\r\nX-H-309: value\r\nX-H-310: value\r\nX-H-311: value\r\nX-H-312: value\r\nX-H-313: value\r\nX-H-314: value\r\nX-H-315: value\r\nX-H-316: value\r\nX-H-317: value\r\nX-H-318: value\r\nX-H-319: value\r\nX-H-320: value\r\nX-H-321: value\r\nX-H-322: value\r\nX-H-323: value\r\nX-H-324: value\r\nX-H-325: value\r\nX-H-326: value\r\nX-H-327: value\r\nX-H-328: value\r\nX-H-329: value\r\nX-H-330: value\r\nX-H-331: value\r\nX-H-332: value\r\nX-H-333: value\r\nX-H-334: value\r\nX-H-335: value\r\nX-H-336: value\r\nX-H-337: value\r\nX-H-338: value\r\nX-H-339: value\r\nX-H-340: value\r\nX-H-341: value\r\nX-H-342: value\r\nX-H-343: value\r\nX-H-344: value\r\nX-H-345: value\r\nX-H-346: value\r\nX-H-347: value\r\nX-H-348: value\r\nX-H-349: value\r\nX-H-350: value\r\nX-H-351: value\r\nX-H-352: value\r\nX-H-353: value\r\nX-H-354: value\r\nX-H-355: value\r\nX-H-356: value\r\nX-H-357: value\r\nX-H-358: value\r\nX-H-359: value\r\nX-H-360: value\r\nX-H-361: value\r\nX-H-362: value\r\nX-H-363: value\r\nX-H-364: value\r\nX-H-365: value\r\nX-H-366: value\r\nX-H-367: value\r\nX-H-368: value\r\nX-H-369: value\r\nX-H-370: value\r\nX-H-371: value\r\nX-H-372: value\r\nX-H-373: value\r\nX-H-374: value\r\nX-H-375: value\r\nX-H-376: value\r\nX-H-377: value\r\nX-H-378: value\r\nX-H-379: value\r\nX-H-380: value\r\nX-H-381: value\r\nX-H-382: value\r\nX-H-383: value\r\nX-H-384: value\r\nX-H-385: value\r\nX-H-386: value\r\nX-H-387: value\r\nX-H-388: value\r\nX-H-389: value\r\nX-H-390: value\r\nX-H-391: value\r\nX-H-392: value\r\nX-H-393: value\r\nX-H-394: value\r\nX-H-395: value\r\nX-H-396: value\r\nX-H-397: value\r\nX-H-398: value\r\nX-H-399: value\r\nX-H-400: value\r\nX-H-401: value\r\nX-H-402: value\r\nX-H-403: value\r\nX-H-404: value\r\nX-H-405: value\r\nX-H-406: value\r\nX-H-407: value\r\nX-H-408: value\r\nX-H-409: value\r\nX-H-410: value\r\nX-H-411: value\r\nX-H-412: value\r\nX-H-413: value\r\nX-H-414: value\r\nX-H-415: value\r\nX-H-416: value\r\nX-H-417: value\r\nX-H-418: value\r\nX-H-419: value\r\nX-H-420: value\r\nX-H-421: value\r\nX-H-422: value\r\nX-H-423: value\r\nX-H-424: value\r\nX-H-425: value\r\nX-H-426: value\r\nX-H-427: value\r\nX-H-428: value\r\nX-H-429: value\r\nX-H-430: value\r\nX-H-431: value\r\nX-H-432: value\r\nX-H-433: value\r\nX-H-434: value\r\nX-H-435: value\r\nX-H-436: value\r\nX-H-437: value\r\nX-H-438: value\r\nX-H-439: value\r\nX-H-440: value\r\nX-H-441: value\r\nX-H-442: value\r\nX-H-443: value\r\nX-H-444: value\r\nX-H-445: value\r\nX-H-446: value\r\nX-H-447: value\r\nX-H-448: value\r\nX-H-449: value\r\nX-H-450: value\r\nX-H-451: value\r\nX-H-452: value\r\nX-H-453: value\r\nX-H-454: value\r\nX-H-455: value\r\nX-H-456: value\r\nX-H-457: value\r\nX-H-458: value\r\nX-H-459: value\r\nX-H-460: value\r\nX-H-461: value\r\nX-H-462: value\r\nX-H-463: value\r\nX-H-464: value\r\nX-H-465: value\r\nX-H-466: value\r\nX-H-467: value\r\nX-H-468: value\r\nX-H-469: value\r\nX-H-470: value\r\nX-H-471: value\r\nX-H-472: value\r\nX-H-473: value\r\nX-H-474: value\r\nX-H-475: value\r\nX-H-476: value\r\nX-H-477: value\r\nX-H-478: value\r\nX-H-479: value\r\nX-H-480: value\r\nX-H-481: value\r\nX-H-482: value\r\nX-H-483: value\r\nX-H-484: value\r\nX-H-485: value\r\nX-H-486: value\r\nX-H-487: value\r\nX-H-488: value\r\nX-H-489: value\r\nX-H-490: value\r\nX-H-491: value\r\nX-H-492: value\r\nX-H-493: value\r\nX-H-494: value\r\nX-H-495: value\r\nX-H-496: value\r\nX-H-497: value\r\nX-H-498: value\r\nX-H-499: value\r\nX-H-500: value\r\nX-H-501: value\r\nX-H-502: value\r\nX-H-503: value\r\nX-H-504: value\r\nX-H-505: value\r\nX-H-506: value\r\nX-H-507: value\r\nX-H-508: value\r\nX-H-509: value\r\nX-H-510: value\r\nX-H-511: value\r\nX-H-512: value\r\nX-H-513: value\r\nX-H-514: value\r\nX-H-515: value\r\nX-H-516:", "rawResponse": "HTTP/1.1 431 Request Header Fields Too Large\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-NUL-IN-URL", "description": "NUL byte in URL should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "NUL byte in URL should be rejected", "scored": true, "durationMs": 50.3974, "rawRequest": "GET /\u0000test HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-CONTROL-CHARS-HEADER", "description": "Control characters in header value should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Control characters in header value should be rejected", "scored": true, "durationMs": 50.4214, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: abc\u0007\b?f\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-INCOMPLETE-REQUEST", "description": "Partial HTTP request \u2014 request-line and headers but no final CRLF", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Partial HTTP request \u2014 request-line and headers but no final CRLF", "scored": true, "durationMs": 5000.5739, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: value", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-EMPTY-REQUEST", "description": "Zero bytes \u2014 TCP connection established without sending any data", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Zero bytes \u2014 TCP connection established without sending any data", "scored": true, "durationMs": 5000.3686, "rawRequest": "", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-LONG-HEADER-NAME", "description": "100KB header name should be rejected with 400/431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 431, "expected": "400/431 or close", "got": "431", "connectionState": "ClosedByServer", "reason": "100KB header name should be rejected with 400/431", "scored": true, "durationMs": 51.3496, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 431 Request Header Fields Too Large\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-LONG-METHOD", "description": "100KB method name should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "100KB method name should be rejected", "scored": true, "durationMs": 50.9727, "rawRequest": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-NON-ASCII-HEADER-NAME", "description": "Non-ASCII bytes (UTF-8 \u00eb) in header name must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Non-ASCII bytes (UTF-8 \u00eb) in header name must be rejected", "scored": true, "durationMs": 50.5403, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-T??st: value\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-NON-ASCII-URL", "description": "Non-ASCII bytes (UTF-8 \u00e9) in URL must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Non-ASCII bytes (UTF-8 \u00e9) in URL must be rejected", "scored": true, "durationMs": 50.7459, "rawRequest": "GET /caf?? HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:57 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-CL-OVERFLOW", "description": "Content-Length with integer overflow value must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with integer overflow value must be rejected", "scored": true, "durationMs": 50.5161, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 99999999999999999999\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-WHITESPACE-ONLY-LINE", "description": "Whitespace-only request line should be rejected or timeout", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "Whitespace-only request line should be rejected or timeout", "scored": true, "durationMs": 50.7649, "rawRequest": "   \r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-NUL-IN-HEADER-VALUE", "description": "NUL byte in header value should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "NUL byte in header value should be rejected", "scored": true, "durationMs": 50.6501, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: val\u0000ue\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-CHUNK-SIZE-OVERFLOW", "description": "Chunk size with integer overflow must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size with integer overflow must be rejected", "scored": true, "durationMs": 50.5715, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\nFFFFFFFFFFFFFFFF0\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-H2-PREFACE", "description": "HTTP/2 connection preface sent to HTTP/1.1 server must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/505/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/2 connection preface sent to HTTP/1.1 server must be rejected", "scored": true, "durationMs": 50.671, "rawRequest": "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-CL-EMPTY", "description": "Empty Content-Length value must be rejected", "category": "MalformedInput", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Empty Content-Length value must be rejected", "scored": true, "durationMs": 50.6155, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: \r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-CL-TAB-BEFORE-VALUE", "description": "Content-Length with tab as OWS \u2014 valid per RFC but unusual", "category": "MalformedInput", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with tab as OWS \u2014 valid per RFC but unusual", "scored": true, "durationMs": 50.8027, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length:\t5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:58 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-URL-BACKSLASH", "description": "Backslash in URL path \u2014 not valid URI character, some servers normalize to /", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx/404", "got": "200", "connectionState": "Open", "reason": "Backslash in URL path \u2014 not valid URI character, some servers normalize to /", "scored": true, "durationMs": 50.6406, "rawRequest": "GET /path\\file HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:58 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-URL-OVERLONG-UTF8", "description": "Overlong UTF-8 encoding of / (0xC0 0xAF) in URL must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Overlong UTF-8 encoding of / (0xC0 0xAF) in URL must be rejected", "scored": true, "durationMs": 50.5769, "rawRequest": "GET /?? HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:58 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-URL-PERCENT-NULL", "description": "Percent-encoded NUL byte (%00) in URL \u2014 security risk from null byte injection", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx/404", "got": "200", "connectionState": "Open", "reason": "Percent-encoded NUL byte (%00) in URL \u2014 security risk from null byte injection", "scored": true, "durationMs": 50.5369, "rawRequest": "GET /path%00.html HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:58 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-URL-PERCENT-CRLF", "description": "Percent-encoded CRLF (%0d%0a) in URL \u2014 header injection if server decodes during parsing", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx/404", "got": "200", "connectionState": "Open", "reason": "Percent-encoded CRLF (%0d%0a) in URL \u2014 header injection if server decodes during parsing", "scored": true, "durationMs": 50.6145, "rawRequest": "GET /path%0d%0aX-Injected:%20true HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:58 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-CHUNK-EXT-64K", "description": "64KB chunk extension \u2014 tests extension length limits (CVE-2023-39326 class)", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 413, "expected": "400 or 2xx", "got": "413", "connectionState": "ClosedByServer", "reason": "Expected 400 or 2xx, got 413 \u2014 64KB chunk extension \u2014 tests extension length limits (CVE-2023-39326 class)", "scored": true, "durationMs": 51.4966, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;ext=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "rawResponse": "HTTP/1.1 413 Payload Too Large\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-RANGE-OVERLAPPING", "description": "1000 overlapping Range values \u2014 resource exhaustion vector (CVE-2011-3192 class)", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "200/206/400/416", "got": "200", "connectionState": "Open", "reason": "1000 overlapping Range values \u2014 resource exhaustion vector (CVE-2011-3192 class)", "scored": false, "durationMs": 50.3643, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nRange: bytes=0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\nDate: Thu, 12 Feb 2026 21:21:58 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-POST-CL-HUGE-NO-BODY", "description": "POST with Content-Length: 999999999 but no body \u2014 tests timeout vs memory allocation", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "POST with Content-Length: 999999999 but no body \u2014 tests timeout vs memory allocation", "scored": true, "durationMs": 5000.9877, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 999999999\r\n\r\n", "rawResponse": null, "behavioralNote": null}], "name": "Node.js HTTP", "language": "JavaScript"}, {"summary": {"total": 143, "scored": 125, "passed": 92, "failed": 18, "warnings": 15, "unscored": 18}, "results": [{"id": "COMP-BASELINE", "description": "Valid GET request \u2014 confirms server is reachable", "category": "Compliance", "rfc": null, "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid GET request \u2014 confirms server is reachable", "scored": true, "durationMs": 63.37, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nETag: W/\"2-nOO9QiTIwXgNtWtBJezz8kv3SLc\"\r\nDate: Thu, 12 Feb 2026 21:23:37 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-2.2-BARE-LF-REQUEST-LINE", "description": "Bare LF in request line should be rejected, but MAY be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or close (pass), 2xx (warn)", "got": "200", "connectionState": "Open", "reason": "Bare LF in request line should be rejected, but MAY be accepted", "scored": true, "durationMs": 51.0953, "rawRequest": "GET / HTTP/1.1\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nETag: W/\"2-nOO9QiTIwXgNtWtBJezz8kv3SLc\"\r\nDate: Thu, 12 Feb 2026 21:23:37 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-2.2-BARE-LF-HEADER", "description": "Bare LF in header should be rejected, but MAY be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close (pass), 2xx (warn)", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare LF in header should be rejected, but MAY be accepted", "scored": true, "durationMs": 50.8883, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\nX-Test: value\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-5.1-OBS-FOLD", "description": "Obs-fold (line folding) in headers should be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75.1", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "Open", "reason": "Expected 400, got 200 \u2014 Obs-fold (line folding) in headers should be rejected", "scored": true, "durationMs": 50.9017, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: value\r\n continued\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nETag: W/\"2-nOO9QiTIwXgNtWtBJezz8kv3SLc\"\r\nDate: Thu, 12 Feb 2026 21:23:37 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9110-5.6.2-SP-BEFORE-COLON", "description": "Whitespace between header name and colon must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "Open", "reason": "Expected 400, got 200 \u2014 Whitespace between header name and colon must be rejected", "scored": true, "durationMs": 51.1526, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test : value\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nETag: W/\"2-nOO9QiTIwXgNtWtBJezz8kv3SLc\"\r\nDate: Thu, 12 Feb 2026 21:23:37 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-3-MULTI-SP-REQUEST-LINE", "description": "Multiple spaces between request-line components \u2014 SHOULD reject but MAY parse leniently", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Multiple spaces between request-line components \u2014 SHOULD reject but MAY parse leniently", "scored": true, "durationMs": 51.0697, "rawRequest": "GET  / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nETag: W/\"2-nOO9QiTIwXgNtWtBJezz8kv3SLc\"\r\nDate: Thu, 12 Feb 2026 21:23:37 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-7.1-MISSING-HOST", "description": "Request without Host header must be rejected with 400", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "Open", "reason": "Expected 400, got 200 \u2014 Request without Host header must be rejected with 400", "scored": true, "durationMs": 50.8575, "rawRequest": "GET / HTTP/1.1\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nETag: W/\"2-nOO9QiTIwXgNtWtBJezz8kv3SLc\"\r\nDate: Thu, 12 Feb 2026 21:23:37 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-2.3-INVALID-VERSION", "description": "Invalid HTTP version must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400/505 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Invalid HTTP version must be rejected", "scored": true, "durationMs": 51.0255, "rawRequest": "GET / HTTP/9.9\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-5-EMPTY-HEADER-NAME", "description": "Empty header name (leading colon) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Empty header name (leading colon) must be rejected", "scored": true, "durationMs": 50.8396, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\n: empty-name\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nETag: W/\"2-nOO9QiTIwXgNtWtBJezz8kv3SLc\"\r\nDate: Thu, 12 Feb 2026 21:23:37 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-3-CR-ONLY-LINE-ENDING", "description": "CR without LF as line ending must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "CR without LF as line ending must be rejected", "scored": true, "durationMs": 50.5573, "rawRequest": "GET / HTTP/1.1\rHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-3-MISSING-TARGET", "description": "Request line with no target (space but no path) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Request line with no target (space but no path) must be rejected", "scored": true, "durationMs": 50.5865, "rawRequest": "GET HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-3.2-FRAGMENT-IN-TARGET", "description": "Fragment (#) in request-target \u2014 not part of origin-form grammar", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 404, "expected": "400 or 2xx", "got": "404", "connectionState": "Open", "reason": "Expected 400 or 2xx, got 404 \u2014 Fragment (#) in request-target \u2014 not part of origin-form grammar", "scored": true, "durationMs": 53.6657, "rawRequest": "GET /path#frag HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nX-Powered-By: Express\r\nContent-Security-Policy: default-src 'none'\r\nX-Content-Type-Options: nosniff\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 143\r\nDate: Thu, 12 Feb 2026 21:23:37 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\n<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n<meta charset=\"utf-8\">\n<title>Error</title>\n</head>\n<body>\n<pre>Cannot GET /path</pre>\n</body>\n</html>\n", "behavioralNote": null}, {"id": "RFC9112-2.3-HTTP09-REQUEST", "description": "HTTP/0.9 request (no version) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "HTTP/0.9 request (no version) must be rejected", "scored": true, "durationMs": 5001.1242, "rawRequest": "GET /\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "RFC9112-5-INVALID-HEADER-NAME", "description": "Header name with invalid characters (brackets) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Header name with invalid characters (brackets) must be rejected", "scored": true, "durationMs": 50.6979, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nBad[Name: value\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-5-HEADER-NO-COLON", "description": "Header line without colon must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Header line without colon must be rejected", "scored": true, "durationMs": 50.6634, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nNoColonHere\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "RFC9110-5.4-DUPLICATE-HOST", "description": "Duplicate Host headers with different values must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "Open", "reason": "Expected 400, got 200 \u2014 Duplicate Host headers with different values must be rejected", "scored": true, "durationMs": 51.6926, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nHost: other.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nETag: W/\"2-nOO9QiTIwXgNtWtBJezz8kv3SLc\"\r\nDate: Thu, 12 Feb 2026 21:23:42 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-6.1-CL-NON-NUMERIC", "description": "Non-numeric Content-Length must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Non-numeric Content-Length must be rejected", "scored": true, "durationMs": 50.8487, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: abc\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-6.1-CL-PLUS-SIGN", "description": "Content-Length with plus sign must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with plus sign must be rejected", "scored": true, "durationMs": 51.0356, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: +5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "COMP-WHITESPACE-BEFORE-HEADERS", "description": "Whitespace before first header line must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Whitespace before first header line must be rejected", "scored": true, "durationMs": 51.2123, "rawRequest": "GET / HTTP/1.1\r\n \r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "COMP-DUPLICATE-HOST-SAME", "description": "Duplicate Host headers with identical values must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "Open", "reason": "Expected 400, got 200 \u2014 Duplicate Host headers with identical values must be rejected", "scored": true, "durationMs": 51.5242, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nETag: W/\"2-nOO9QiTIwXgNtWtBJezz8kv3SLc\"\r\nDate: Thu, 12 Feb 2026 21:23:42 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HOST-WITH-USERINFO", "description": "Host header with userinfo (user@host) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Host header with userinfo (user@host) must be rejected", "scored": true, "durationMs": 51.3682, "rawRequest": "GET / HTTP/1.1\r\nHost: user@localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nETag: W/\"2-nOO9QiTIwXgNtWtBJezz8kv3SLc\"\r\nDate: Thu, 12 Feb 2026 21:23:42 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HOST-WITH-PATH", "description": "Host header with path component must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Host header with path component must be rejected", "scored": true, "durationMs": 51.4255, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080/path\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nETag: W/\"2-nOO9QiTIwXgNtWtBJezz8kv3SLc\"\r\nDate: Thu, 12 Feb 2026 21:23:43 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-ASTERISK-WITH-GET", "description": "Asterisk-form (*) request-target with GET must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.4", "verdict": "Fail", "statusCode": 404, "expected": "400 or close", "got": "404", "connectionState": "Open", "reason": "Expected 400 or close, got 404 \u2014 Asterisk-form (*) request-target with GET must be rejected", "scored": true, "durationMs": 50.4704, "rawRequest": "GET * HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nX-Powered-By: Express\r\nContent-Security-Policy: default-src 'none'\r\nX-Content-Type-Options: nosniff\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 139\r\nDate: Thu, 12 Feb 2026 21:23:43 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\n<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n<meta charset=\"utf-8\">\n<title>Error</title>\n</head>\n<body>\n<pre>Cannot GET *</pre>\n</body>\n</html>\n", "behavioralNote": null}, {"id": "COMP-OPTIONS-STAR", "description": "OPTIONS * is the only valid asterisk-form request", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.4", "verdict": "Fail", "statusCode": 404, "expected": "2xx", "got": "404", "connectionState": "Open", "reason": "Expected 2xx, got 404 \u2014 OPTIONS * is the only valid asterisk-form request", "scored": true, "durationMs": 51.3717, "rawRequest": "OPTIONS * HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nX-Powered-By: Express\r\nContent-Security-Policy: default-src 'none'\r\nX-Content-Type-Options: nosniff\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 143\r\nDate: Thu, 12 Feb 2026 21:23:43 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\n<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n<meta charset=\"utf-8\">\n<title>Error</title>\n</head>\n<body>\n<pre>Cannot OPTIONS *</pre>\n</body>\n</html>\n", "behavioralNote": null}, {"id": "COMP-UNKNOWN-TE-501", "description": "Unknown Transfer-Encoding without CL should be rejected with 501", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400/501 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Unknown Transfer-Encoding without CL should be rejected with 501", "scored": true, "durationMs": 51.2451, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: gzip\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "COMP-LEADING-CRLF", "description": "Leading CRLF before request-line \u2014 server may ignore per RFC", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Leading CRLF before request-line \u2014 server may ignore per RFC", "scored": true, "durationMs": 51.5222, "rawRequest": "\r\n\r\nGET / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nETag: W/\"2-nOO9QiTIwXgNtWtBJezz8kv3SLc\"\r\nDate: Thu, 12 Feb 2026 21:23:43 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-ABSOLUTE-FORM", "description": "Absolute-form request-target \u2014 server should accept per RFC", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Absolute-form request-target \u2014 server should accept per RFC", "scored": true, "durationMs": 50.7465, "rawRequest": "GET http://localhost:8080/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nETag: W/\"2-nOO9QiTIwXgNtWtBJezz8kv3SLc\"\r\nDate: Thu, 12 Feb 2026 21:23:43 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-METHOD-CASE", "description": "Lowercase method 'get' \u2014 methods are case-sensitive per RFC", "category": "Compliance", "rfc": "RFC 9110 \u00a79.1", "verdict": "Pass", "statusCode": 400, "expected": "400/405/501 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Lowercase method 'get' \u2014 methods are case-sensitive per RFC", "scored": true, "durationMs": 50.707, "rawRequest": "get / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "COMP-POST-CL-BODY", "description": "POST with Content-Length and matching body must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "POST with Content-Length and matching body must be accepted", "scored": true, "durationMs": 51.0053, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: application/octet-stream\r\nContent-Length: 5\r\nETag: W/\"5-qvTGHdzF6KLavt4PO0gs2a6pQ00\"\r\nDate: Thu, 12 Feb 2026 21:23:43 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-POST-CL-ZERO", "description": "POST with Content-Length: 0 and no body must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "POST with Content-Length: 0 and no body must be accepted", "scored": true, "durationMs": 50.691, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: application/octet-stream\r\nContent-Length: 0\r\nETag: W/\"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk\"\r\nDate: Thu, 12 Feb 2026 21:23:43 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\n", "behavioralNote": null}, {"id": "COMP-POST-NO-CL-NO-TE", "description": "POST with neither Content-Length nor Transfer-Encoding \u2014 implicit zero-length body", "category": "Compliance", "rfc": "RFC 9112 \u00a76.3", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "POST with neither Content-Length nor Transfer-Encoding \u2014 implicit zero-length body", "scored": true, "durationMs": 50.8111, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: application/octet-stream\r\nContent-Length: 0\r\nETag: W/\"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk\"\r\nDate: Thu, 12 Feb 2026 21:23:43 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\n", "behavioralNote": null}, {"id": "COMP-POST-CL-UNDERSEND", "description": "POST with Content-Length: 10 but only 5 bytes sent \u2014 incomplete body", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "POST with Content-Length: 10 but only 5 bytes sent \u2014 incomplete body", "scored": true, "durationMs": 5001.0059, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 10\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-CHUNKED-BODY", "description": "Valid single-chunk POST must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid single-chunk POST must be accepted", "scored": true, "durationMs": 51.2161, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: application/octet-stream\r\nContent-Length: 5\r\nETag: W/\"5-qvTGHdzF6KLavt4PO0gs2a6pQ00\"\r\nDate: Thu, 12 Feb 2026 21:23:48 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-CHUNKED-MULTI", "description": "Valid multi-chunk POST must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid multi-chunk POST must be accepted", "scored": true, "durationMs": 51.3143, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n6\r\n world\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: application/octet-stream\r\nContent-Length: 11\r\nETag: W/\"b-Kq5sNclPz7QV2+lfQIuc6R7oRu0\"\r\nDate: Thu, 12 Feb 2026 21:23:48 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nhello world", "behavioralNote": null}, {"id": "COMP-CHUNKED-EMPTY", "description": "Zero-length chunked body (just terminator) must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "Zero-length chunked body (just terminator) must be accepted", "scored": true, "durationMs": 51.1874, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: application/octet-stream\r\nContent-Length: 0\r\nETag: W/\"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk\"\r\nDate: Thu, 12 Feb 2026 21:23:48 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-NO-FINAL", "description": "Chunked body without zero terminator \u2014 incomplete transfer", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Chunked body without zero terminator \u2014 incomplete transfer", "scored": true, "durationMs": 5001.4548, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-UPGRADE-POST", "description": "WebSocket upgrade via POST must not be accepted", "category": "Compliance", "rfc": "RFC 6455 \u00a74.1", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "WebSocket upgrade via POST must not be accepted", "scored": true, "durationMs": 51.6302, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 13\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: application/octet-stream\r\nContent-Length: 0\r\nETag: W/\"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk\"\r\nDate: Thu, 12 Feb 2026 21:23:53 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\n", "behavioralNote": null}, {"id": "COMP-UPGRADE-MISSING-CONN", "description": "Upgrade header without Connection: Upgrade must not trigger protocol switch", "category": "Compliance", "rfc": "RFC 9110 \u00a77.8", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "Upgrade header without Connection: Upgrade must not trigger protocol switch", "scored": true, "durationMs": 51.2674, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 13\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nETag: W/\"2-nOO9QiTIwXgNtWtBJezz8kv3SLc\"\r\nDate: Thu, 12 Feb 2026 21:23:53 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-UPGRADE-UNKNOWN", "description": "Upgrade to unknown protocol must not return 101", "category": "Compliance", "rfc": "RFC 9110 \u00a77.8", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "Upgrade to unknown protocol must not return 101", "scored": true, "durationMs": 51.5506, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: totally-made-up/1.0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nETag: W/\"2-nOO9QiTIwXgNtWtBJezz8kv3SLc\"\r\nDate: Thu, 12 Feb 2026 21:23:53 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-METHOD-CONNECT", "description": "CONNECT to an origin server must be rejected", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.6", "verdict": "Pass", "statusCode": null, "expected": "400/405/501 or close", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "CONNECT to an origin server must be rejected", "scored": true, "durationMs": 0.7334, "rawRequest": "CONNECT example.com:443 HTTP/1.1\r\nHost: example.com:443\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-EXPECT-UNKNOWN", "description": "Unknown Expect value should be rejected with 417", "category": "Compliance", "rfc": "RFC 9110 \u00a710.1.1", "verdict": "Pass", "statusCode": 417, "expected": "417 or 2xx", "got": "417", "connectionState": "Open", "reason": "Unknown Expect value should be rejected with 417", "scored": true, "durationMs": 50.9382, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nExpect: 200-ok\r\n\r\n", "rawResponse": "HTTP/1.1 417 Expectation Failed\r\nDate: Thu, 12 Feb 2026 21:23:53 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-GET-WITH-CL-BODY", "description": "GET with Content-Length and body \u2014 semantically unusual", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "GET with Content-Length and body \u2014 semantically unusual", "scored": false, "durationMs": 50.9575, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nETag: W/\"2-nOO9QiTIwXgNtWtBJezz8kv3SLc\"\r\nDate: Thu, 12 Feb 2026 21:23:53 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-CHUNKED-EXTENSION", "description": "Chunk extension (valid per RFC) \u2014 server should accept or may reject", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx or 400", "got": "200", "connectionState": "Open", "reason": "Chunk extension (valid per RFC) \u2014 server should accept or may reject", "scored": true, "durationMs": 51.1366, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;ext=value\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: application/octet-stream\r\nContent-Length: 5\r\nETag: W/\"5-qvTGHdzF6KLavt4PO0gs2a6pQ00\"\r\nDate: Thu, 12 Feb 2026 21:23:53 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-UPGRADE-INVALID-VER", "description": "WebSocket upgrade with unsupported version \u2014 should return 426", "category": "Compliance", "rfc": "RFC 6455 \u00a74.4", "verdict": "Warn", "statusCode": 200, "expected": "426 or 2xx", "got": "200", "connectionState": "Open", "reason": "WebSocket upgrade with unsupported version \u2014 should return 426", "scored": true, "durationMs": 51.3889, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 99\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nETag: W/\"2-nOO9QiTIwXgNtWtBJezz8kv3SLc\"\r\nDate: Thu, 12 Feb 2026 21:23:54 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-METHOD-TRACE", "description": "TRACE request \u2014 should be disabled in production", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.8", "verdict": "Fail", "statusCode": 404, "expected": "405/501 or 2xx", "got": "404", "connectionState": "Open", "reason": "Expected 405/501 or 2xx, got 404 \u2014 TRACE request \u2014 should be disabled in production", "scored": false, "durationMs": 51.4814, "rawRequest": "TRACE / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nX-Powered-By: Express\r\nContent-Security-Policy: default-src 'none'\r\nX-Content-Type-Options: nosniff\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 141\r\nDate: Thu, 12 Feb 2026 21:23:54 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\n<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n<meta charset=\"utf-8\">\n<title>Error</title>\n</head>\n<body>\n<pre>Cannot TRACE /</pre>\n</body>\n</html>\n", "behavioralNote": null}, {"id": "COMP-HOST-EMPTY-VALUE", "description": "Empty Host header value must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Empty Host header value must be rejected", "scored": true, "durationMs": 51.0979, "rawRequest": "GET / HTTP/1.1\r\nHost: \r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nETag: W/\"2-nOO9QiTIwXgNtWtBJezz8kv3SLc\"\r\nDate: Thu, 12 Feb 2026 21:23:54 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-REQUEST-LINE-TAB", "description": "Tab as request-line delimiter \u2014 SHOULD reject but MAY parse on whitespace", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Tab as request-line delimiter \u2014 SHOULD reject but MAY parse on whitespace", "scored": true, "durationMs": 50.6573, "rawRequest": "GET\t/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "COMP-VERSION-MISSING-MINOR", "description": "HTTP/1 with no minor version digit is invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/1 with no minor version digit is invalid", "scored": true, "durationMs": 50.5622, "rawRequest": "GET / HTTP/1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "COMP-VERSION-LEADING-ZEROS", "description": "HTTP/01.01 \u2014 leading zeros in version digits are invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/01.01 \u2014 leading zeros in version digits are invalid", "scored": true, "durationMs": 50.5099, "rawRequest": "GET / HTTP/01.01\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "COMP-VERSION-WHITESPACE", "description": "HTTP/ 1.1 \u2014 whitespace inside version token is invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/ 1.1 \u2014 whitespace inside version token is invalid", "scored": true, "durationMs": 50.4268, "rawRequest": "GET / HTTP/ 1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CONNECTION-CLOSE", "description": "Server must close connection after responding to Connection: close", "category": "Compliance", "rfc": "RFC 9112 \u00a79.3", "verdict": "Pass", "statusCode": 200, "expected": "2xx + close", "got": "200", "connectionState": "ClosedByServer", "reason": "Server must close connection after responding to Connection: close", "scored": true, "durationMs": 50.8559, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nETag: W/\"2-nOO9QiTIwXgNtWtBJezz8kv3SLc\"\r\nDate: Thu, 12 Feb 2026 21:23:54 GMT\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HTTP10-DEFAULT-CLOSE", "description": "HTTP/1.0 without keep-alive \u2014 server should close connection after response", "category": "Compliance", "rfc": "RFC 9112 \u00a79.3", "verdict": "Pass", "statusCode": 200, "expected": "2xx + close", "got": "200", "connectionState": "ClosedByServer", "reason": "HTTP/1.0 without keep-alive \u2014 server should close connection after response", "scored": true, "durationMs": 50.9114, "rawRequest": "GET / HTTP/1.0\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nETag: W/\"2-nOO9QiTIwXgNtWtBJezz8kv3SLc\"\r\nDate: Thu, 12 Feb 2026 21:23:54 GMT\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HTTP10-NO-HOST", "description": "HTTP/1.0 without Host header \u2014 valid per HTTP/1.0", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Warn", "statusCode": 200, "expected": "200 or 400", "got": "200", "connectionState": "ClosedByServer", "reason": "HTTP/1.0 without Host header \u2014 valid per HTTP/1.0", "scored": false, "durationMs": 50.9263, "rawRequest": "GET / HTTP/1.0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nETag: W/\"2-nOO9QiTIwXgNtWtBJezz8kv3SLc\"\r\nDate: Thu, 12 Feb 2026 21:23:54 GMT\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HTTP12-VERSION", "description": "HTTP/1.2 \u2014 higher minor version should be accepted as HTTP/1.x compatible", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Fail", "statusCode": 400, "expected": "200 or 505", "got": "400", "connectionState": "ClosedByServer", "reason": "Expected 200 or 505, got 400 \u2014 HTTP/1.2 \u2014 higher minor version should be accepted as HTTP/1.x compatible", "scored": false, "durationMs": 50.6584, "rawRequest": "GET / HTTP/1.2\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "COMP-TRACE-WITH-BODY", "description": "TRACE with Content-Length body should be rejected", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.8", "verdict": "Fail", "statusCode": 404, "expected": "400/405 or 200", "got": "404", "connectionState": "Open", "reason": "Expected 400/405 or 200, got 404 \u2014 TRACE with Content-Length body should be rejected", "scored": false, "durationMs": 50.8889, "rawRequest": "TRACE / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 404 Not Found\r\nX-Powered-By: Express\r\nContent-Security-Policy: default-src 'none'\r\nX-Content-Type-Options: nosniff\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 141\r\nDate: Thu, 12 Feb 2026 21:23:54 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\n<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n<meta charset=\"utf-8\">\n<title>Error</title>\n</head>\n<body>\n<pre>Cannot TRACE /</pre>\n</body>\n</html>\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-TRAILER-VALID", "description": "Valid chunked body with trailer field should be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid chunked body with trailer field should be accepted", "scored": true, "durationMs": 50.9379, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nX-Checksum: abc\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: application/octet-stream\r\nContent-Length: 5\r\nETag: W/\"5-qvTGHdzF6KLavt4PO0gs2a6pQ00\"\r\nDate: Thu, 12 Feb 2026 21:23:54 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-CHUNKED-HEX-UPPERCASE", "description": "Chunk size with uppercase hex (A = 10) should be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Chunk size with uppercase hex (A = 10) should be accepted", "scored": true, "durationMs": 50.7925, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\nA\r\nhelloworld\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: application/octet-stream\r\nContent-Length: 10\r\nETag: W/\"a-at+xg6SiyUovktq1redipHiJpaE\"\r\nDate: Thu, 12 Feb 2026 21:23:54 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nhelloworld", "behavioralNote": null}, {"id": "SMUG-CL-TE-BOTH", "description": "Both Content-Length and Transfer-Encoding present \u2014 server MAY reject or process with TE alone", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Both Content-Length and Transfer-Encoding present \u2014 server MAY reject or process with TE alone", "scored": true, "durationMs": 49.8195, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 6\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-DUPLICATE-CL", "description": "Duplicate Content-Length with different values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Duplicate Content-Length with different values must be rejected", "scored": true, "durationMs": 50.7988, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nContent-Length: 10\r\n\r\nhelloworld", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-LEADING-ZEROS", "description": "Content-Length with leading zeros \u2014 valid per 1*DIGIT grammar but may cause parser disagreement", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with leading zeros \u2014 valid per 1*DIGIT grammar but may cause parser disagreement", "scored": true, "durationMs": 49.965, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 005\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: application/octet-stream\r\nContent-Length: 5\r\nETag: W/\"5-qvTGHdzF6KLavt4PO0gs2a6pQ00\"\r\nDate: Thu, 12 Feb 2026 21:23:54 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TE-XCHUNKED", "description": "Transfer-Encoding: xchunked must not be treated as chunked", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: xchunked must not be treated as chunked", "scored": true, "durationMs": 50.5897, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: xchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-TRAILING-SPACE", "description": "Transfer-Encoding: 'chunked ' (trailing space) must not be treated as chunked", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: 'chunked ' (trailing space) must not be treated as chunked", "scored": true, "durationMs": 50.5539, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked \r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-SP-BEFORE-COLON", "description": "Transfer-Encoding with space before colon must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with space before colon must be rejected", "scored": true, "durationMs": 50.5574, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding : chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-NEGATIVE", "description": "Negative Content-Length must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Negative Content-Length must be rejected", "scored": true, "durationMs": 50.6232, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: -1\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CLTE-PIPELINE", "description": "CL.TE smuggling probe \u2014 follow-up should not receive smuggled response", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "CL.TE smuggling probe \u2014 follow-up should not receive smuggled response", "scored": true, "durationMs": 0.5162, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 4\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TECL-PIPELINE", "description": "TE.CL smuggling probe \u2014 TE: chunked + CL: 30 with pipelined GET", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "TE.CL smuggling probe \u2014 TE: chunked + CL: 30 with pipelined GET", "scored": true, "durationMs": 0.2708, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nContent-Length: 30\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-TRAILING-SPACE", "description": "Content-Length with trailing space \u2014 OWS trimming is valid per RFC 9110 \u00a75.5", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with trailing space \u2014 OWS trimming is valid per RFC 9110 \u00a75.5", "scored": true, "durationMs": 50.8814, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5 \r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: application/octet-stream\r\nContent-Length: 5\r\nETag: W/\"5-qvTGHdzF6KLavt4PO0gs2a6pQ00\"\r\nDate: Thu, 12 Feb 2026 21:23:55 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TE-DOUBLE-CHUNKED", "description": "Transfer-Encoding: chunked, chunked with CL is ambiguous", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: chunked, chunked with CL is ambiguous", "scored": true, "durationMs": 49.7716, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked, chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-EXTRA-LEADING-SP", "description": "Content-Length with extra leading whitespace (double space OWS)", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with extra leading whitespace (double space OWS)", "scored": true, "durationMs": 49.8863, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length:  5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: application/octet-stream\r\nContent-Length: 5\r\nETag: W/\"5-qvTGHdzF6KLavt4PO0gs2a6pQ00\"\r\nDate: Thu, 12 Feb 2026 21:23:55 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TE-CASE-MISMATCH", "description": "Transfer-Encoding: Chunked (capital C) with CL \u2014 case-insensitive is valid", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: Chunked (capital C) with CL \u2014 case-insensitive is valid", "scored": true, "durationMs": 50.6845, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: Chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-COMMA-DIFFERENT", "description": "Content-Length with comma-separated different values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with comma-separated different values must be rejected", "scored": true, "durationMs": 50.7436, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5, 10\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-NOT-FINAL-CHUNKED", "description": "Transfer-Encoding where chunked is not final \u2014 server MUST respond with 400 (RFC 9112 \u00a76.3)", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding where chunked is not final \u2014 server MUST respond with 400 (RFC 9112 \u00a76.3)", "scored": true, "durationMs": 50.8198, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked, gzip\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-HTTP10", "description": "Transfer-Encoding in HTTP/1.0 request must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding in HTTP/1.0 request must be rejected", "scored": true, "durationMs": 50.7059, "rawRequest": "POST / HTTP/1.0\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-BARE-SEMICOLON", "description": "Chunk size with bare semicolon and no extension name must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Chunk size with bare semicolon and no extension name must be rejected", "scored": true, "durationMs": 50.8265, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: application/octet-stream\r\nContent-Length: 5\r\nETag: W/\"5-qvTGHdzF6KLavt4PO0gs2a6pQ00\"\r\nDate: Thu, 12 Feb 2026 21:23:55 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-BARE-CR-HEADER-VALUE", "description": "Bare CR in header value must be rejected or replaced with SP", "category": "Smuggling", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare CR in header value must be rejected or replaced with SP", "scored": true, "durationMs": 50.6293, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nX-Test: val\rue\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-OCTAL", "description": "Content-Length with octal prefix (0o5) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with octal prefix (0o5) must be rejected", "scored": true, "durationMs": 51.1325, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0o5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-UNDERSCORE", "description": "Chunk size with underscores (1_0) must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size with underscores (1_0) must be rejected", "scored": true, "durationMs": 50.7666, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n1_0\r\nhello world!!!!!\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-EMPTY-VALUE", "description": "Transfer-Encoding with empty value must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding with empty value must be rejected", "scored": true, "durationMs": 50.8017, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: application/octet-stream\r\nContent-Length: 5\r\nETag: W/\"5-qvTGHdzF6KLavt4PO0gs2a6pQ00\"\r\nDate: Thu, 12 Feb 2026 21:23:55 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-TE-LEADING-COMMA", "description": "Transfer-Encoding with leading comma (, chunked) \u2014 RFC says empty list elements MUST be ignored", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.6.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with leading comma (, chunked) \u2014 RFC says empty list elements MUST be ignored", "scored": true, "durationMs": 50.7531, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: , chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-DUPLICATE-HEADERS", "description": "Two Transfer-Encoding headers with CL present \u2014 ambiguous framing", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Two Transfer-Encoding headers with CL present \u2014 ambiguous framing", "scored": true, "durationMs": 50.7167, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nTransfer-Encoding: identity\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-HEX-PREFIX", "description": "Chunk size with 0x prefix must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size with 0x prefix must be rejected", "scored": true, "durationMs": 49.7896, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n0x5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-HEX-PREFIX", "description": "Content-Length with hex prefix (0x5) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with hex prefix (0x5) must be rejected", "scored": true, "durationMs": 50.5865, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0x5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-INTERNAL-SPACE", "description": "Content-Length with internal space (1 0) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with internal space (1 0) must be rejected", "scored": true, "durationMs": 50.553, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 1 0\r\n\r\nhello12345", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-LEADING-SP", "description": "Chunk size with leading space must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size with leading space must be rejected", "scored": true, "durationMs": 49.7451, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n 5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-MISSING-TRAILING-CRLF", "description": "Chunk data without trailing CRLF must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk data without trailing CRLF must be rejected", "scored": true, "durationMs": 50.7151, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-LF", "description": "Bare LF in chunk extension \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare LF in chunk extension \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 50.8975, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-SPILL", "description": "Chunk declares size 5 but sends 7 bytes \u2014 oversized chunk data must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk declares size 5 but sends 7 bytes \u2014 oversized chunk data must be rejected", "scored": true, "durationMs": 50.7527, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello!!\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-LF-TERM", "description": "Bare LF as chunk data terminator \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare LF as chunk data terminator \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 50.8634, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-CTRL", "description": "NUL byte in chunk extension must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "NUL byte in chunk extension must be rejected", "scored": true, "durationMs": 50.727, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\u0000ext\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-CR", "description": "Bare CR (not CRLF) in chunk extension \u2014 some parsers treat CR alone as line ending", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare CR (not CRLF) in chunk extension \u2014 some parsers treat CR alone as line ending", "scored": true, "durationMs": 49.7211, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;a\rX\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-VTAB", "description": "Vertical tab before 'chunked' in TE value \u2014 control char obfuscation vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Vertical tab before 'chunked' in TE value \u2014 control char obfuscation vector", "scored": true, "durationMs": 50.7109, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \u000bchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-FORMFEED", "description": "Form feed before 'chunked' in TE value \u2014 control char obfuscation vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Form feed before 'chunked' in TE value \u2014 control char obfuscation vector", "scored": true, "durationMs": 50.6598, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \fchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-NULL", "description": "NUL byte appended to 'chunked' in TE value \u2014 C-string truncation attack", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "NUL byte appended to 'chunked' in TE value \u2014 C-string truncation attack", "scored": true, "durationMs": 50.6701, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\u0000\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-LF-TRAILER", "description": "Bare LF in chunked trailer termination \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Bare LF in chunked trailer termination \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 51.0029, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: application/octet-stream\r\nContent-Length: 5\r\nETag: W/\"5-qvTGHdzF6KLavt4PO0gs2a6pQ00\"\r\nDate: Thu, 12 Feb 2026 21:23:56 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TE-IDENTITY", "description": "Transfer-Encoding: identity (deprecated) with CL must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: identity (deprecated) with CL must be rejected", "scored": true, "durationMs": 49.7351, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: identity\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-NEGATIVE", "description": "Negative chunk size must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Negative chunk size must be rejected", "scored": true, "durationMs": 50.8031, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n-1\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRANSFER_ENCODING", "description": "Transfer_Encoding (underscore) header with CL \u2014 not a valid header but some parsers accept", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer_Encoding (underscore) header with CL \u2014 not a valid header but some parsers accept", "scored": false, "durationMs": 51.0884, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer_Encoding: chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: application/octet-stream\r\nContent-Length: 5\r\nETag: W/\"5-qvTGHdzF6KLavt4PO0gs2a6pQ00\"\r\nDate: Thu, 12 Feb 2026 21:23:56 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-CL-COMMA-SAME", "description": "Content-Length with comma-separated identical values \u2014 some servers merge", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with comma-separated identical values \u2014 some servers merge", "scored": false, "durationMs": 50.8647, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5, 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNKED-WITH-PARAMS", "description": "Transfer-Encoding: chunked;ext=val \u2014 parameters on chunked encoding", "category": "Smuggling", "rfc": "RFC 9112 \u00a77", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: chunked;ext=val \u2014 parameters on chunked encoding", "scored": true, "durationMs": 50.6935, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked;ext=val\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-EXPECT-100-CL", "description": "Expect: 100-continue with Content-Length \u2014 server should send 100 then read body", "category": "Smuggling", "rfc": "RFC 9110 \u00a710.1.1", "verdict": "Fail", "statusCode": 100, "expected": "400 or 2xx", "got": "100", "connectionState": "Open", "reason": "Expected 400 or 2xx, got 100 \u2014 Expect: 100-continue with Content-Length \u2014 server should send 100 then read body", "scored": false, "durationMs": 50.7274, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nExpect: 100-continue\r\n\r\nhello", "rawResponse": "HTTP/1.1 100 Continue\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-CL", "description": "Content-Length in chunked trailers must be ignored \u2014 prohibited trailer field", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length in chunked trailers must be ignored \u2014 prohibited trailer field", "scored": false, "durationMs": 50.6979, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nContent-Length: 50\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: application/octet-stream\r\nContent-Length: 5\r\nETag: W/\"5-qvTGHdzF6KLavt4PO0gs2a6pQ00\"\r\nDate: Thu, 12 Feb 2026 21:23:56 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TRAILER-TE", "description": "Transfer-Encoding in chunked trailers must be ignored \u2014 prohibited trailer field", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding in chunked trailers must be ignored \u2014 prohibited trailer field", "scored": false, "durationMs": 50.8383, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nTransfer-Encoding: chunked\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-HOST", "description": "Host header in chunked trailers must not be used for routing", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Host header in chunked trailers must not be used for routing", "scored": false, "durationMs": 50.8704, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nHost: evil.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: application/octet-stream\r\nContent-Length: 5\r\nETag: W/\"5-qvTGHdzF6KLavt4PO0gs2a6pQ00\"\r\nDate: Thu, 12 Feb 2026 21:23:56 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TRAILER-AUTH", "description": "Authorization header in chunked trailers \u2014 prohibited per RFC 9110 \u00a76.5.1", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Authorization header in chunked trailers \u2014 prohibited per RFC 9110 \u00a76.5.1", "scored": false, "durationMs": 50.9114, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nAuthorization: Bearer evil\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: application/octet-stream\r\nContent-Length: 5\r\nETag: W/\"5-qvTGHdzF6KLavt4PO0gs2a6pQ00\"\r\nDate: Thu, 12 Feb 2026 21:23:56 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-HEAD-CL-BODY", "description": "HEAD request with Content-Length and body \u2014 server must not leave body on connection", "category": "Smuggling", "rfc": "RFC 9110 \u00a79.3.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "HEAD request with Content-Length and body \u2014 server must not leave body on connection", "scored": false, "durationMs": 50.8266, "rawRequest": "HEAD / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nETag: W/\"2-nOO9QiTIwXgNtWtBJezz8kv3SLc\"\r\nDate: Thu, 12 Feb 2026 21:23:57 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-OPTIONS-CL-BODY", "description": "OPTIONS with Content-Length and body \u2014 server should consume or reject body", "category": "Smuggling", "rfc": "RFC 9110 \u00a79.3.7", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "OPTIONS with Content-Length and body \u2014 server should consume or reject body", "scored": false, "durationMs": 51.0243, "rawRequest": "OPTIONS / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nAllow: GET,HEAD,POST\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 13\r\nETag: W/\"d-bMedpZYGrVt1nR4x+qdNZ2GqyRo\"\r\nDate: Thu, 12 Feb 2026 21:23:57 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nGET,HEAD,POST", "behavioralNote": null}, {"id": "SMUG-CL-UNDERSCORE", "description": "Content-Length with underscore digit separator (1_0) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with underscore digit separator (1_0) must be rejected", "scored": true, "durationMs": 50.5776, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 1_0\r\n\r\nhelloworld", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-NEGATIVE-ZERO", "description": "Content-Length: -0 must be rejected \u2014 not valid 1*DIGIT", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length: -0 must be rejected \u2014 not valid 1*DIGIT", "scored": true, "durationMs": 50.5957, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: -0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-DOUBLE-ZERO", "description": "Content-Length: 00 \u2014 matches 1*DIGIT but leading zero ambiguity", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length: 00 \u2014 matches 1*DIGIT but leading zero ambiguity", "scored": true, "durationMs": 50.8385, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 00\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: application/octet-stream\r\nContent-Length: 0\r\nETag: W/\"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk\"\r\nDate: Thu, 12 Feb 2026 21:23:57 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-LEADING-ZEROS-OCTAL", "description": "Content-Length: 0200 \u2014 octal 128 vs decimal 200, parser disagreement vector", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length: 0200 \u2014 octal 128 vs decimal 200, parser disagreement vector", "scored": true, "durationMs": 49.9557, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0200\r\n\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: application/octet-stream\r\nContent-Length: 200\r\nETag: W/\"c8-KcGVM93JXf68/JJNjkF5IIKlj94\"\r\nDate: Thu, 12 Feb 2026 21:23:57 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "behavioralNote": null}, {"id": "SMUG-TE-OBS-FOLD", "description": "Transfer-Encoding with obs-fold line wrapping must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a75.1", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with obs-fold line wrapping must be rejected", "scored": true, "durationMs": 50.6159, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding:\r\n chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-TRAILING-COMMA", "description": "Transfer-Encoding: chunked, \u2014 trailing comma produces empty list element", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.6.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: chunked, \u2014 trailing comma produces empty list element", "scored": true, "durationMs": 50.7455, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked,\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-TAB-BEFORE-VALUE", "description": "Transfer-Encoding with tab as OWS before value", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with tab as OWS before value", "scored": false, "durationMs": 50.9782, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding:\tchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-ABSOLUTE-URI-HOST-MISMATCH", "description": "Absolute-form URI with different Host header \u2014 routing confusion vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a73.2.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Absolute-form URI with different Host header \u2014 routing confusion vector", "scored": false, "durationMs": 51.2105, "rawRequest": "GET http://other.example.com/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nETag: W/\"2-nOO9QiTIwXgNtWtBJezz8kv3SLc\"\r\nDate: Thu, 12 Feb 2026 21:23:57 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nOK", "behavioralNote": null}, {"id": "SMUG-MULTIPLE-HOST-COMMA", "description": "Host header with comma-separated values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a77.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Host header with comma-separated values must be rejected", "scored": true, "durationMs": 50.8591, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080, other.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nETag: W/\"2-nOO9QiTIwXgNtWtBJezz8kv3SLc\"\r\nDate: Thu, 12 Feb 2026 21:23:57 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nOK", "behavioralNote": null}, {"id": "SMUG-CHUNK-BARE-CR-TERM", "description": "Chunk size line terminated by bare CR \u2014 not a valid line terminator", "category": "Smuggling", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size line terminated by bare CR \u2014 not a valid line terminator", "scored": true, "durationMs": 50.6624, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\rhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-CONTENT-TYPE", "description": "Content-Type in chunked trailer \u2014 prohibited per RFC 9110 \u00a76.5.1", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Type in chunked trailer \u2014 prohibited per RFC 9110 \u00a76.5.1", "scored": false, "durationMs": 50.9695, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nContent-Type: text/evil\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: application/octet-stream\r\nContent-Length: 5\r\nETag: W/\"5-qvTGHdzF6KLavt4PO0gs2a6pQ00\"\r\nDate: Thu, 12 Feb 2026 21:23:57 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nhello", "behavioralNote": null}, {"id": "MAL-BINARY-GARBAGE", "description": "Random binary garbage should be rejected or connection closed", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "Random binary garbage should be rejected or connection closed", "scored": true, "durationMs": 50.7601, "rawRequest": ">\u0017???\u0004?;???V???:o?M%U\u0017]?n?\t\u0014W??6??(\u000b??\u0007???p??\u0005\tngk??\rF?'??'\"?????g?\u001a?????rvc??7i??????)??\u0000Q?????\u000eq\u0005-~????>B??u?8???`\u000b?J\u0017>?\u001d?b?\t???T5{\n????\u0006t|????\u0018\u0010?D??\u0015'????dQ%5w\tN K???\r?\u0011????D?\u0003I?(?\u0011??\r?\u001bi?L???\u0005?kg4Ze\f6??\"QT><<`\u0007u\f????=1?jMah\u0012??+?-??J\u001cP??\u001d?7?,???j2\u0014????(", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-LONG-URL", "description": "100KB URL should be rejected with 414 URI Too Long", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 431, "expected": "400/414/431 or close", "got": "431", "connectionState": "ClosedByServer", "reason": "100KB URL should be rejected with 414 URI Too Long", "scored": true, "durationMs": 52.2013, "rawRequest": "GET /AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 431 Request Header Fields Too Large\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-LONG-HEADER-VALUE", "description": "100KB header value should be rejected with 431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 431, "expected": "400/431 or close", "got": "431", "connectionState": "ClosedByServer", "reason": "100KB header value should be rejected with 431", "scored": true, "durationMs": 51.2139, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Big: BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB", "rawResponse": "HTTP/1.1 431 Request Header Fields Too Large\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-MANY-HEADERS", "description": "10,000 headers should be rejected with 431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 431, "expected": "400/431 or close", "got": "431", "connectionState": "ClosedByServer", "reason": "10,000 headers should be rejected with 431", "scored": true, "durationMs": 51.3963, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-H-0: value\r\nX-H-1: value\r\nX-H-2: value\r\nX-H-3: value\r\nX-H-4: value\r\nX-H-5: value\r\nX-H-6: value\r\nX-H-7: value\r\nX-H-8: value\r\nX-H-9: value\r\nX-H-10: value\r\nX-H-11: value\r\nX-H-12: value\r\nX-H-13: value\r\nX-H-14: value\r\nX-H-15: value\r\nX-H-16: value\r\nX-H-17: value\r\nX-H-18: value\r\nX-H-19: value\r\nX-H-20: value\r\nX-H-21: value\r\nX-H-22: value\r\nX-H-23: value\r\nX-H-24: value\r\nX-H-25: value\r\nX-H-26: value\r\nX-H-27: value\r\nX-H-28: value\r\nX-H-29: value\r\nX-H-30: value\r\nX-H-31: value\r\nX-H-32: value\r\nX-H-33: value\r\nX-H-34: value\r\nX-H-35: value\r\nX-H-36: value\r\nX-H-37: value\r\nX-H-38: value\r\nX-H-39: value\r\nX-H-40: value\r\nX-H-41: value\r\nX-H-42: value\r\nX-H-43: value\r\nX-H-44: value\r\nX-H-45: value\r\nX-H-46: value\r\nX-H-47: value\r\nX-H-48: value\r\nX-H-49: value\r\nX-H-50: value\r\nX-H-51: value\r\nX-H-52: value\r\nX-H-53: value\r\nX-H-54: value\r\nX-H-55: value\r\nX-H-56: value\r\nX-H-57: value\r\nX-H-58: value\r\nX-H-59: value\r\nX-H-60: value\r\nX-H-61: value\r\nX-H-62: value\r\nX-H-63: value\r\nX-H-64: value\r\nX-H-65: value\r\nX-H-66: value\r\nX-H-67: value\r\nX-H-68: value\r\nX-H-69: value\r\nX-H-70: value\r\nX-H-71: value\r\nX-H-72: value\r\nX-H-73: value\r\nX-H-74: value\r\nX-H-75: value\r\nX-H-76: value\r\nX-H-77: value\r\nX-H-78: value\r\nX-H-79: value\r\nX-H-80: value\r\nX-H-81: value\r\nX-H-82: value\r\nX-H-83: value\r\nX-H-84: value\r\nX-H-85: value\r\nX-H-86: value\r\nX-H-87: value\r\nX-H-88: value\r\nX-H-89: value\r\nX-H-90: value\r\nX-H-91: value\r\nX-H-92: value\r\nX-H-93: value\r\nX-H-94: value\r\nX-H-95: value\r\nX-H-96: value\r\nX-H-97: value\r\nX-H-98: value\r\nX-H-99: value\r\nX-H-100: value\r\nX-H-101: value\r\nX-H-102: value\r\nX-H-103: value\r\nX-H-104: value\r\nX-H-105: value\r\nX-H-106: value\r\nX-H-107: value\r\nX-H-108: value\r\nX-H-109: value\r\nX-H-110: value\r\nX-H-111: value\r\nX-H-112: value\r\nX-H-113: value\r\nX-H-114: value\r\nX-H-115: value\r\nX-H-116: value\r\nX-H-117: value\r\nX-H-118: value\r\nX-H-119: value\r\nX-H-120: value\r\nX-H-121: value\r\nX-H-122: value\r\nX-H-123: value\r\nX-H-124: value\r\nX-H-125: value\r\nX-H-126: value\r\nX-H-127: value\r\nX-H-128: value\r\nX-H-129: value\r\nX-H-130: value\r\nX-H-131: value\r\nX-H-132: value\r\nX-H-133: value\r\nX-H-134: value\r\nX-H-135: value\r\nX-H-136: value\r\nX-H-137: value\r\nX-H-138: value\r\nX-H-139: value\r\nX-H-140: value\r\nX-H-141: value\r\nX-H-142: value\r\nX-H-143: value\r\nX-H-144: value\r\nX-H-145: value\r\nX-H-146: value\r\nX-H-147: value\r\nX-H-148: value\r\nX-H-149: value\r\nX-H-150: value\r\nX-H-151: value\r\nX-H-152: value\r\nX-H-153: value\r\nX-H-154: value\r\nX-H-155: value\r\nX-H-156: value\r\nX-H-157: value\r\nX-H-158: value\r\nX-H-159: value\r\nX-H-160: value\r\nX-H-161: value\r\nX-H-162: value\r\nX-H-163: value\r\nX-H-164: value\r\nX-H-165: value\r\nX-H-166: value\r\nX-H-167: value\r\nX-H-168: value\r\nX-H-169: value\r\nX-H-170: value\r\nX-H-171: value\r\nX-H-172: value\r\nX-H-173: value\r\nX-H-174: value\r\nX-H-175: value\r\nX-H-176: value\r\nX-H-177: value\r\nX-H-178: value\r\nX-H-179: value\r\nX-H-180: value\r\nX-H-181: value\r\nX-H-182: value\r\nX-H-183: value\r\nX-H-184: value\r\nX-H-185: value\r\nX-H-186: value\r\nX-H-187: value\r\nX-H-188: value\r\nX-H-189: value\r\nX-H-190: value\r\nX-H-191: value\r\nX-H-192: value\r\nX-H-193: value\r\nX-H-194: value\r\nX-H-195: value\r\nX-H-196: value\r\nX-H-197: value\r\nX-H-198: value\r\nX-H-199: value\r\nX-H-200: value\r\nX-H-201: value\r\nX-H-202: value\r\nX-H-203: value\r\nX-H-204: value\r\nX-H-205: value\r\nX-H-206: value\r\nX-H-207: value\r\nX-H-208: value\r\nX-H-209: value\r\nX-H-210: value\r\nX-H-211: value\r\nX-H-212: value\r\nX-H-213: value\r\nX-H-214: value\r\nX-H-215: value\r\nX-H-216: value\r\nX-H-217: value\r\nX-H-218: value\r\nX-H-219: value\r\nX-H-220: value\r\nX-H-221: value\r\nX-H-222: value\r\nX-H-223: value\r\nX-H-224: value\r\nX-H-225: value\r\nX-H-226: value\r\nX-H-227: value\r\nX-H-228: value\r\nX-H-229: value\r\nX-H-230: value\r\nX-H-231: value\r\nX-H-232: value\r\nX-H-233: value\r\nX-H-234: value\r\nX-H-235: value\r\nX-H-236: value\r\nX-H-237: value\r\nX-H-238: value\r\nX-H-239: value\r\nX-H-240: value\r\nX-H-241: value\r\nX-H-242: value\r\nX-H-243: value\r\nX-H-244: value\r\nX-H-245: value\r\nX-H-246: value\r\nX-H-247: value\r\nX-H-248: value\r\nX-H-249: value\r\nX-H-250: value\r\nX-H-251: value\r\nX-H-252: value\r\nX-H-253: value\r\nX-H-254: value\r\nX-H-255: value\r\nX-H-256: value\r\nX-H-257: value\r\nX-H-258: value\r\nX-H-259: value\r\nX-H-260: value\r\nX-H-261: value\r\nX-H-262: value\r\nX-H-263: value\r\nX-H-264: value\r\nX-H-265: value\r\nX-H-266: value\r\nX-H-267: value\r\nX-H-268: value\r\nX-H-269: value\r\nX-H-270: value\r\nX-H-271: value\r\nX-H-272: value\r\nX-H-273: value\r\nX-H-274: value\r\nX-H-275: value\r\nX-H-276: value\r\nX-H-277: value\r\nX-H-278: value\r\nX-H-279: value\r\nX-H-280: value\r\nX-H-281: value\r\nX-H-282: value\r\nX-H-283: value\r\nX-H-284: value\r\nX-H-285: value\r\nX-H-286: value\r\nX-H-287: value\r\nX-H-288: value\r\nX-H-289: value\r\nX-H-290: value\r\nX-H-291: value\r\nX-H-292: value\r\nX-H-293: value\r\nX-H-294: value\r\nX-H-295: value\r\nX-H-296: value\r\nX-H-297: value\r\nX-H-298: value\r\nX-H-299: value\r\nX-H-300: value\r\nX-H-301: value\r\nX-H-302: value\r\nX-H-303: value\r\nX-H-304: value\r\nX-H-305: value\r\nX-H-306: value\r\nX-H-307: value\r\nX-H-308: value\r\nX-H-309: value\r\nX-H-310: value\r\nX-H-311: value\r\nX-H-312: value\r\nX-H-313: value\r\nX-H-314: value\r\nX-H-315: value\r\nX-H-316: value\r\nX-H-317: value\r\nX-H-318: value\r\nX-H-319: value\r\nX-H-320: value\r\nX-H-321: value\r\nX-H-322: value\r\nX-H-323: value\r\nX-H-324: value\r\nX-H-325: value\r\nX-H-326: value\r\nX-H-327: value\r\nX-H-328: value\r\nX-H-329: value\r\nX-H-330: value\r\nX-H-331: value\r\nX-H-332: value\r\nX-H-333: value\r\nX-H-334: value\r\nX-H-335: value\r\nX-H-336: value\r\nX-H-337: value\r\nX-H-338: value\r\nX-H-339: value\r\nX-H-340: value\r\nX-H-341: value\r\nX-H-342: value\r\nX-H-343: value\r\nX-H-344: value\r\nX-H-345: value\r\nX-H-346: value\r\nX-H-347: value\r\nX-H-348: value\r\nX-H-349: value\r\nX-H-350: value\r\nX-H-351: value\r\nX-H-352: value\r\nX-H-353: value\r\nX-H-354: value\r\nX-H-355: value\r\nX-H-356: value\r\nX-H-357: value\r\nX-H-358: value\r\nX-H-359: value\r\nX-H-360: value\r\nX-H-361: value\r\nX-H-362: value\r\nX-H-363: value\r\nX-H-364: value\r\nX-H-365: value\r\nX-H-366: value\r\nX-H-367: value\r\nX-H-368: value\r\nX-H-369: value\r\nX-H-370: value\r\nX-H-371: value\r\nX-H-372: value\r\nX-H-373: value\r\nX-H-374: value\r\nX-H-375: value\r\nX-H-376: value\r\nX-H-377: value\r\nX-H-378: value\r\nX-H-379: value\r\nX-H-380: value\r\nX-H-381: value\r\nX-H-382: value\r\nX-H-383: value\r\nX-H-384: value\r\nX-H-385: value\r\nX-H-386: value\r\nX-H-387: value\r\nX-H-388: value\r\nX-H-389: value\r\nX-H-390: value\r\nX-H-391: value\r\nX-H-392: value\r\nX-H-393: value\r\nX-H-394: value\r\nX-H-395: value\r\nX-H-396: value\r\nX-H-397: value\r\nX-H-398: value\r\nX-H-399: value\r\nX-H-400: value\r\nX-H-401: value\r\nX-H-402: value\r\nX-H-403: value\r\nX-H-404: value\r\nX-H-405: value\r\nX-H-406: value\r\nX-H-407: value\r\nX-H-408: value\r\nX-H-409: value\r\nX-H-410: value\r\nX-H-411: value\r\nX-H-412: value\r\nX-H-413: value\r\nX-H-414: value\r\nX-H-415: value\r\nX-H-416: value\r\nX-H-417: value\r\nX-H-418: value\r\nX-H-419: value\r\nX-H-420: value\r\nX-H-421: value\r\nX-H-422: value\r\nX-H-423: value\r\nX-H-424: value\r\nX-H-425: value\r\nX-H-426: value\r\nX-H-427: value\r\nX-H-428: value\r\nX-H-429: value\r\nX-H-430: value\r\nX-H-431: value\r\nX-H-432: value\r\nX-H-433: value\r\nX-H-434: value\r\nX-H-435: value\r\nX-H-436: value\r\nX-H-437: value\r\nX-H-438: value\r\nX-H-439: value\r\nX-H-440: value\r\nX-H-441: value\r\nX-H-442: value\r\nX-H-443: value\r\nX-H-444: value\r\nX-H-445: value\r\nX-H-446: value\r\nX-H-447: value\r\nX-H-448: value\r\nX-H-449: value\r\nX-H-450: value\r\nX-H-451: value\r\nX-H-452: value\r\nX-H-453: value\r\nX-H-454: value\r\nX-H-455: value\r\nX-H-456: value\r\nX-H-457: value\r\nX-H-458: value\r\nX-H-459: value\r\nX-H-460: value\r\nX-H-461: value\r\nX-H-462: value\r\nX-H-463: value\r\nX-H-464: value\r\nX-H-465: value\r\nX-H-466: value\r\nX-H-467: value\r\nX-H-468: value\r\nX-H-469: value\r\nX-H-470: value\r\nX-H-471: value\r\nX-H-472: value\r\nX-H-473: value\r\nX-H-474: value\r\nX-H-475: value\r\nX-H-476: value\r\nX-H-477: value\r\nX-H-478: value\r\nX-H-479: value\r\nX-H-480: value\r\nX-H-481: value\r\nX-H-482: value\r\nX-H-483: value\r\nX-H-484: value\r\nX-H-485: value\r\nX-H-486: value\r\nX-H-487: value\r\nX-H-488: value\r\nX-H-489: value\r\nX-H-490: value\r\nX-H-491: value\r\nX-H-492: value\r\nX-H-493: value\r\nX-H-494: value\r\nX-H-495: value\r\nX-H-496: value\r\nX-H-497: value\r\nX-H-498: value\r\nX-H-499: value\r\nX-H-500: value\r\nX-H-501: value\r\nX-H-502: value\r\nX-H-503: value\r\nX-H-504: value\r\nX-H-505: value\r\nX-H-506: value\r\nX-H-507: value\r\nX-H-508: value\r\nX-H-509: value\r\nX-H-510: value\r\nX-H-511: value\r\nX-H-512: value\r\nX-H-513: value\r\nX-H-514: value\r\nX-H-515: value\r\nX-H-516:", "rawResponse": "HTTP/1.1 431 Request Header Fields Too Large\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-NUL-IN-URL", "description": "NUL byte in URL should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "NUL byte in URL should be rejected", "scored": true, "durationMs": 49.7666, "rawRequest": "GET /\u0000test HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-CONTROL-CHARS-HEADER", "description": "Control characters in header value should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Control characters in header value should be rejected", "scored": true, "durationMs": 50.7887, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: abc\u0007\b?f\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-INCOMPLETE-REQUEST", "description": "Partial HTTP request \u2014 request-line and headers but no final CRLF", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Partial HTTP request \u2014 request-line and headers but no final CRLF", "scored": true, "durationMs": 5001.5034, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: value", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-EMPTY-REQUEST", "description": "Zero bytes \u2014 TCP connection established without sending any data", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Zero bytes \u2014 TCP connection established without sending any data", "scored": true, "durationMs": 5000.6057, "rawRequest": "", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-LONG-HEADER-NAME", "description": "100KB header name should be rejected with 400/431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 431, "expected": "400/431 or close", "got": "431", "connectionState": "ClosedByServer", "reason": "100KB header name should be rejected with 400/431", "scored": true, "durationMs": 51.1108, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 431 Request Header Fields Too Large\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-LONG-METHOD", "description": "100KB method name should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "100KB method name should be rejected", "scored": true, "durationMs": 50.9935, "rawRequest": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-NON-ASCII-HEADER-NAME", "description": "Non-ASCII bytes (UTF-8 \u00eb) in header name must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Non-ASCII bytes (UTF-8 \u00eb) in header name must be rejected", "scored": true, "durationMs": 50.5539, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-T??st: value\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-NON-ASCII-URL", "description": "Non-ASCII bytes (UTF-8 \u00e9) in URL must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 404, "expected": "400 or close", "got": "404", "connectionState": "Open", "reason": "Expected 400 or close, got 404 \u2014 Non-ASCII bytes (UTF-8 \u00e9) in URL must be rejected", "scored": true, "durationMs": 50.7677, "rawRequest": "GET /caf?? HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nX-Powered-By: Express\r\nContent-Security-Policy: default-src 'none'\r\nX-Content-Type-Options: nosniff\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 154\r\nDate: Thu, 12 Feb 2026 21:24:08 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\n<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n<meta charset=\"utf-8\">\n<title>Error</title>\n</head>\n<body>\n<pre>Cannot GET /caf%C3%83%C2%A9</pre>\n</body>\n</html>\n", "behavioralNote": null}, {"id": "MAL-CL-OVERFLOW", "description": "Content-Length with integer overflow value must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with integer overflow value must be rejected", "scored": true, "durationMs": 50.4495, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 99999999999999999999\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-WHITESPACE-ONLY-LINE", "description": "Whitespace-only request line should be rejected or timeout", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "Whitespace-only request line should be rejected or timeout", "scored": true, "durationMs": 50.5111, "rawRequest": "   \r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-NUL-IN-HEADER-VALUE", "description": "NUL byte in header value should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "NUL byte in header value should be rejected", "scored": true, "durationMs": 50.4034, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: val\u0000ue\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-CHUNK-SIZE-OVERFLOW", "description": "Chunk size with integer overflow must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size with integer overflow must be rejected", "scored": true, "durationMs": 50.4494, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\nFFFFFFFFFFFFFFFF0\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-H2-PREFACE", "description": "HTTP/2 connection preface sent to HTTP/1.1 server must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/505/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/2 connection preface sent to HTTP/1.1 server must be rejected", "scored": true, "durationMs": 50.522, "rawRequest": "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-CL-EMPTY", "description": "Empty Content-Length value must be rejected", "category": "MalformedInput", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Empty Content-Length value must be rejected", "scored": true, "durationMs": 50.3537, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: \r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-CL-TAB-BEFORE-VALUE", "description": "Content-Length with tab as OWS \u2014 valid per RFC but unusual", "category": "MalformedInput", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with tab as OWS \u2014 valid per RFC but unusual", "scored": true, "durationMs": 50.7905, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length:\t5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: application/octet-stream\r\nContent-Length: 5\r\nETag: W/\"5-qvTGHdzF6KLavt4PO0gs2a6pQ00\"\r\nDate: Thu, 12 Feb 2026 21:24:08 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nhello", "behavioralNote": null}, {"id": "MAL-URL-BACKSLASH", "description": "Backslash in URL path \u2014 not valid URI character, some servers normalize to /", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 404, "expected": "400 or 2xx/404", "got": "404", "connectionState": "Open", "reason": "Backslash in URL path \u2014 not valid URI character, some servers normalize to /", "scored": true, "durationMs": 50.6927, "rawRequest": "GET /path\\file HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nX-Powered-By: Express\r\nContent-Security-Policy: default-src 'none'\r\nX-Content-Type-Options: nosniff\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 148\r\nDate: Thu, 12 Feb 2026 21:24:08 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\n<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n<meta charset=\"utf-8\">\n<title>Error</title>\n</head>\n<body>\n<pre>Cannot GET /path\\file</pre>\n</body>\n</html>\n", "behavioralNote": null}, {"id": "MAL-URL-OVERLONG-UTF8", "description": "Overlong UTF-8 encoding of / (0xC0 0xAF) in URL must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 404, "expected": "400 or close", "got": "404", "connectionState": "Open", "reason": "Expected 400 or close, got 404 \u2014 Overlong UTF-8 encoding of / (0xC0 0xAF) in URL must be rejected", "scored": true, "durationMs": 50.5365, "rawRequest": "GET /?? HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nX-Powered-By: Express\r\nContent-Security-Policy: default-src 'none'\r\nX-Content-Type-Options: nosniff\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 151\r\nDate: Thu, 12 Feb 2026 21:24:08 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\n<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n<meta charset=\"utf-8\">\n<title>Error</title>\n</head>\n<body>\n<pre>Cannot GET /%C3%80%C2%AF</pre>\n</body>\n</html>\n", "behavioralNote": null}, {"id": "MAL-URL-PERCENT-NULL", "description": "Percent-encoded NUL byte (%00) in URL \u2014 security risk from null byte injection", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 404, "expected": "400 or 2xx/404", "got": "404", "connectionState": "Open", "reason": "Percent-encoded NUL byte (%00) in URL \u2014 security risk from null byte injection", "scored": true, "durationMs": 50.9791, "rawRequest": "GET /path%00.html HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nX-Powered-By: Express\r\nContent-Security-Policy: default-src 'none'\r\nX-Content-Type-Options: nosniff\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 151\r\nDate: Thu, 12 Feb 2026 21:24:08 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\n<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n<meta charset=\"utf-8\">\n<title>Error</title>\n</head>\n<body>\n<pre>Cannot GET /path%00.html</pre>\n</body>\n</html>\n", "behavioralNote": null}, {"id": "MAL-URL-PERCENT-CRLF", "description": "Percent-encoded CRLF (%0d%0a) in URL \u2014 header injection if server decodes during parsing", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 404, "expected": "400 or 2xx/404", "got": "404", "connectionState": "Open", "reason": "Percent-encoded CRLF (%0d%0a) in URL \u2014 header injection if server decodes during parsing", "scored": true, "durationMs": 50.7585, "rawRequest": "GET /path%0d%0aX-Injected:%20true HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 Not Found\r\nX-Powered-By: Express\r\nContent-Security-Policy: default-src 'none'\r\nX-Content-Type-Options: nosniff\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 167\r\nDate: Thu, 12 Feb 2026 21:24:08 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\n<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n<meta charset=\"utf-8\">\n<title>Error</title>\n</head>\n<body>\n<pre>Cannot GET /path%0d%0aX-Injected:%20true</pre>\n</body>\n</html>\n", "behavioralNote": null}, {"id": "MAL-CHUNK-EXT-64K", "description": "64KB chunk extension \u2014 tests extension length limits (CVE-2023-39326 class)", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 413, "expected": "400 or 2xx", "got": "413", "connectionState": "ClosedByServer", "reason": "Expected 400 or 2xx, got 413 \u2014 64KB chunk extension \u2014 tests extension length limits (CVE-2023-39326 class)", "scored": true, "durationMs": 52.1877, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;ext=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "rawResponse": "HTTP/1.1 413 Payload Too Large\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-RANGE-OVERLAPPING", "description": "1000 overlapping Range values \u2014 resource exhaustion vector (CVE-2011-3192 class)", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "200/206/400/416", "got": "200", "connectionState": "Open", "reason": "1000 overlapping Range values \u2014 resource exhaustion vector (CVE-2011-3192 class)", "scored": false, "durationMs": 52.5594, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nRange: bytes=0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nETag: W/\"2-nOO9QiTIwXgNtWtBJezz8kv3SLc\"\r\nDate: Thu, 12 Feb 2026 21:24:08 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-POST-CL-HUGE-NO-BODY", "description": "POST with Content-Length: 999999999 but no body \u2014 tests timeout vs memory allocation", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "POST with Content-Length: 999999999 but no body \u2014 tests timeout vs memory allocation", "scored": true, "durationMs": 5000.5129, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 999999999\r\n\r\n", "rawResponse": null, "behavioralNote": null}], "name": "Express", "language": "JavaScript"}, {"summary": {"total": 143, "scored": 125, "passed": 38, "failed": 63, "warnings": 24, "unscored": 18}, "results": [{"id": "COMP-BASELINE", "description": "Valid GET request \u2014 confirms server is reachable", "category": "Compliance", "rfc": null, "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Valid GET request \u2014 confirms server is reachable", "scored": true, "durationMs": 64.1275, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:41 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-2.2-BARE-LF-REQUEST-LINE", "description": "Bare LF in request line should be rejected, but MAY be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or close (pass), 2xx (warn)", "got": "200", "connectionState": "ClosedByServer", "reason": "Bare LF in request line should be rejected, but MAY be accepted", "scored": true, "durationMs": 51.5278, "rawRequest": "GET / HTTP/1.1\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:41 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-2.2-BARE-LF-HEADER", "description": "Bare LF in header should be rejected, but MAY be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or close (pass), 2xx (warn)", "got": "200", "connectionState": "ClosedByServer", "reason": "Bare LF in header should be rejected, but MAY be accepted", "scored": true, "durationMs": 51.1228, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\nX-Test: value\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:41 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-5.1-OBS-FOLD", "description": "Obs-fold (line folding) in headers should be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75.1", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400, got 200 \u2014 Obs-fold (line folding) in headers should be rejected", "scored": true, "durationMs": 50.9901, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: value\r\n continued\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:42 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9110-5.6.2-SP-BEFORE-COLON", "description": "Whitespace between header name and colon must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400, got 200 \u2014 Whitespace between header name and colon must be rejected", "scored": true, "durationMs": 51.3224, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test : value\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:42 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-3-MULTI-SP-REQUEST-LINE", "description": "Multiple spaces between request-line components \u2014 SHOULD reject but MAY parse leniently", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Multiple spaces between request-line components \u2014 SHOULD reject but MAY parse leniently", "scored": true, "durationMs": 51.0584, "rawRequest": "GET  / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:42 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-7.1-MISSING-HOST", "description": "Request without Host header must be rejected with 400", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400, got 200 \u2014 Request without Host header must be rejected with 400", "scored": true, "durationMs": 51.1509, "rawRequest": "GET / HTTP/1.1\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:42 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-2.3-INVALID-VERSION", "description": "Invalid HTTP version must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": null, "expected": "400/505 or close", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "Invalid HTTP version must be rejected", "scored": true, "durationMs": 0.8707, "rawRequest": "GET / HTTP/9.9\r\nHost: localhost:8080\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "RFC9112-5-EMPTY-HEADER-NAME", "description": "Empty header name (leading colon) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Empty header name (leading colon) must be rejected", "scored": true, "durationMs": 51.087, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\n: empty-name\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:42 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-3-CR-ONLY-LINE-ENDING", "description": "CR without LF as line ending must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Fail", "statusCode": null, "expected": "400", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "Expected 400, got ClosedByServer \u2014 CR without LF as line ending must be rejected", "scored": true, "durationMs": 0.8828, "rawRequest": "GET / HTTP/1.1\rHost: localhost:8080\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "RFC9112-3-MISSING-TARGET", "description": "Request line with no target (space but no path) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "Request line with no target (space but no path) must be rejected", "scored": true, "durationMs": 11.2157, "rawRequest": "GET HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "RFC9112-3.2-FRAGMENT-IN-TARGET", "description": "Fragment (#) in request-target \u2014 not part of origin-form grammar", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Fragment (#) in request-target \u2014 not part of origin-form grammar", "scored": true, "durationMs": 51.1402, "rawRequest": "GET /path#frag HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:42 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-2.3-HTTP09-REQUEST", "description": "HTTP/0.9 request (no version) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "HTTP/0.9 request (no version) must be rejected", "scored": true, "durationMs": 5001.4755, "rawRequest": "GET /\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "RFC9112-5-INVALID-HEADER-NAME", "description": "Header name with invalid characters (brackets) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Header name with invalid characters (brackets) must be rejected", "scored": true, "durationMs": 50.3884, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nBad[Name: value\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:47 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-5-HEADER-NO-COLON", "description": "Header line without colon must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Header line without colon must be rejected", "scored": true, "durationMs": 50.9732, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nNoColonHere\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:47 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9110-5.4-DUPLICATE-HOST", "description": "Duplicate Host headers with different values must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400, got 200 \u2014 Duplicate Host headers with different values must be rejected", "scored": true, "durationMs": 50.7464, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nHost: other.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:47 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "RFC9112-6.1-CL-NON-NUMERIC", "description": "Non-numeric Content-Length must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Non-numeric Content-Length must be rejected", "scored": true, "durationMs": 51.0015, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: abc\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:47 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 0\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-6.1-CL-PLUS-SIGN", "description": "Content-Length with plus sign must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Content-Length with plus sign must be rejected", "scored": true, "durationMs": 51.0586, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: +5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:47 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 0\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "COMP-WHITESPACE-BEFORE-HEADERS", "description": "Whitespace before first header line must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Whitespace before first header line must be rejected", "scored": true, "durationMs": 51.0661, "rawRequest": "GET / HTTP/1.1\r\n \r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:47 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-DUPLICATE-HOST-SAME", "description": "Duplicate Host headers with identical values must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400, got 200 \u2014 Duplicate Host headers with identical values must be rejected", "scored": true, "durationMs": 50.9032, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:47 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HOST-WITH-USERINFO", "description": "Host header with userinfo (user@host) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Host header with userinfo (user@host) must be rejected", "scored": true, "durationMs": 51.169, "rawRequest": "GET / HTTP/1.1\r\nHost: user@localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:47 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HOST-WITH-PATH", "description": "Host header with path component must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Host header with path component must be rejected", "scored": true, "durationMs": 51.0055, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080/path\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:47 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-ASTERISK-WITH-GET", "description": "Asterisk-form (*) request-target with GET must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.4", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Asterisk-form (*) request-target with GET must be rejected", "scored": true, "durationMs": 51.1805, "rawRequest": "GET * HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:47 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-OPTIONS-STAR", "description": "OPTIONS * is the only valid asterisk-form request", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.4", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "OPTIONS * is the only valid asterisk-form request", "scored": true, "durationMs": 51.0511, "rawRequest": "OPTIONS * HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:47 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-UNKNOWN-TE-501", "description": "Unknown Transfer-Encoding without CL should be rejected with 501", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400/501 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400/501 or close, got 200 \u2014 Unknown Transfer-Encoding without CL should be rejected with 501", "scored": true, "durationMs": 51.1108, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: gzip\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:47 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 0\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "COMP-LEADING-CRLF", "description": "Leading CRLF before request-line \u2014 server may ignore per RFC", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": null, "expected": "400 or 2xx", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "Leading CRLF before request-line \u2014 server may ignore per RFC", "scored": true, "durationMs": 0.3919, "rawRequest": "\r\n\r\nGET / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-ABSOLUTE-FORM", "description": "Absolute-form request-target \u2014 server should accept per RFC", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Absolute-form request-target \u2014 server should accept per RFC", "scored": true, "durationMs": 51.1408, "rawRequest": "GET http://localhost:8080/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:47 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-METHOD-CASE", "description": "Lowercase method 'get' \u2014 methods are case-sensitive per RFC", "category": "Compliance", "rfc": "RFC 9110 \u00a79.1", "verdict": "Warn", "statusCode": 200, "expected": "400/405/501 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Lowercase method 'get' \u2014 methods are case-sensitive per RFC", "scored": true, "durationMs": 51.0866, "rawRequest": "get / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:48 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-POST-CL-BODY", "description": "POST with Content-Length and matching body must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "POST with Content-Length and matching body must be accepted", "scored": true, "durationMs": 51.0159, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:48 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 5\r\nConnection: close\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-POST-CL-ZERO", "description": "POST with Content-Length: 0 and no body must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "ClosedByServer", "reason": "POST with Content-Length: 0 and no body must be accepted", "scored": true, "durationMs": 51.0346, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:48 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 0\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "COMP-POST-NO-CL-NO-TE", "description": "POST with neither Content-Length nor Transfer-Encoding \u2014 implicit zero-length body", "category": "Compliance", "rfc": "RFC 9112 \u00a76.3", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "ClosedByServer", "reason": "POST with neither Content-Length nor Transfer-Encoding \u2014 implicit zero-length body", "scored": true, "durationMs": 51.0915, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:48 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 0\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "COMP-POST-CL-UNDERSEND", "description": "POST with Content-Length: 10 but only 5 bytes sent \u2014 incomplete body", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "POST with Content-Length: 10 but only 5 bytes sent \u2014 incomplete body", "scored": true, "durationMs": 5000.8786, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 10\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-CHUNKED-BODY", "description": "Valid single-chunk POST must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Valid single-chunk POST must be accepted", "scored": true, "durationMs": 51.7321, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:53 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 5\r\nConnection: close\r\n\r\nhello", "behavioralNote": null}, {"id": "COMP-CHUNKED-MULTI", "description": "Valid multi-chunk POST must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Valid multi-chunk POST must be accepted", "scored": true, "durationMs": 51.0045, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n6\r\n world\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:53 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 11\r\nConnection: close\r\n\r\nhello world", "behavioralNote": null}, {"id": "COMP-CHUNKED-EMPTY", "description": "Zero-length chunked body (just terminator) must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Zero-length chunked body (just terminator) must be accepted", "scored": true, "durationMs": 50.8687, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:53 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 0\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-NO-FINAL", "description": "Chunked body without zero terminator \u2014 incomplete transfer", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Chunked body without zero terminator \u2014 incomplete transfer", "scored": true, "durationMs": 5000.3863, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-UPGRADE-POST", "description": "WebSocket upgrade via POST must not be accepted", "category": "Compliance", "rfc": "RFC 6455 \u00a74.1", "verdict": "Pass", "statusCode": 400, "expected": "!101", "got": "400", "connectionState": "ClosedByServer", "reason": "WebSocket upgrade via POST must not be accepted", "scored": true, "durationMs": 51.2851, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 13\r\n\r\n", "rawResponse": "HTTP/1.1 400 BAD REQUEST\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:58 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 167\r\nConnection: close\r\n\r\n<!doctype html>\n<html lang=en>\n<title>400 Bad Request</title>\n<h1>Bad Request</h1>\n<p>The browser (or proxy) sent a request that this server could not understand.</p>\n", "behavioralNote": null}, {"id": "COMP-UPGRADE-MISSING-CONN", "description": "Upgrade header without Connection: Upgrade must not trigger protocol switch", "category": "Compliance", "rfc": "RFC 9110 \u00a77.8", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "ClosedByServer", "reason": "Upgrade header without Connection: Upgrade must not trigger protocol switch", "scored": true, "durationMs": 51.0085, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 13\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:58 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-UPGRADE-UNKNOWN", "description": "Upgrade to unknown protocol must not return 101", "category": "Compliance", "rfc": "RFC 9110 \u00a77.8", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "ClosedByServer", "reason": "Upgrade to unknown protocol must not return 101", "scored": true, "durationMs": 51.0268, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: totally-made-up/1.0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:58 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-METHOD-CONNECT", "description": "CONNECT to an origin server must be rejected", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.6", "verdict": "Fail", "statusCode": 200, "expected": "400/405/501 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400/405/501 or close, got 200 \u2014 CONNECT to an origin server must be rejected", "scored": true, "durationMs": 51.0958, "rawRequest": "CONNECT example.com:443 HTTP/1.1\r\nHost: example.com:443\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:58 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-EXPECT-UNKNOWN", "description": "Unknown Expect value should be rejected with 417", "category": "Compliance", "rfc": "RFC 9110 \u00a710.1.1", "verdict": "Warn", "statusCode": 200, "expected": "417 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Unknown Expect value should be rejected with 417", "scored": true, "durationMs": 51.1795, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nExpect: 200-ok\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:58 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-GET-WITH-CL-BODY", "description": "GET with Content-Length and body \u2014 semantically unusual", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "GET with Content-Length and body \u2014 semantically unusual", "scored": false, "durationMs": 50.881, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:58 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-CHUNKED-EXTENSION", "description": "Chunk extension (valid per RFC) \u2014 server should accept or may reject", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": 500, "expected": "2xx or 400", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 2xx or 400, got 500 \u2014 Chunk extension (valid per RFC) \u2014 server should accept or may reject", "scored": true, "durationMs": 51.3861, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;ext=value\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 500 INTERNAL SERVER ERROR\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:58 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 265\r\nConnection: close\r\n\r\n<!doctype html>\n<html lang=en>\n<title>500 Internal Server Error</title>\n<h1>Internal Server Error</h1>\n<p>The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.</p>\n", "behavioralNote": null}, {"id": "COMP-UPGRADE-INVALID-VER", "description": "WebSocket upgrade with unsupported version \u2014 should return 426", "category": "Compliance", "rfc": "RFC 6455 \u00a74.4", "verdict": "Fail", "statusCode": 400, "expected": "426 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Expected 426 or 2xx, got 400 \u2014 WebSocket upgrade with unsupported version \u2014 should return 426", "scored": true, "durationMs": 51.0216, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 99\r\n\r\n", "rawResponse": "HTTP/1.1 400 BAD REQUEST\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:58 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 167\r\nConnection: close\r\n\r\n<!doctype html>\n<html lang=en>\n<title>400 Bad Request</title>\n<h1>Bad Request</h1>\n<p>The browser (or proxy) sent a request that this server could not understand.</p>\n", "behavioralNote": null}, {"id": "COMP-METHOD-TRACE", "description": "TRACE request \u2014 should be disabled in production", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.8", "verdict": "Warn", "statusCode": 200, "expected": "405/501 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "TRACE request \u2014 should be disabled in production", "scored": false, "durationMs": 50.9237, "rawRequest": "TRACE / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:58 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HOST-EMPTY-VALUE", "description": "Empty Host header value must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Empty Host header value must be rejected", "scored": true, "durationMs": 51.0373, "rawRequest": "GET / HTTP/1.1\r\nHost: \r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:58 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-REQUEST-LINE-TAB", "description": "Tab as request-line delimiter \u2014 SHOULD reject but MAY parse on whitespace", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Tab as request-line delimiter \u2014 SHOULD reject but MAY parse on whitespace", "scored": true, "durationMs": 50.9836, "rawRequest": "GET\t/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:58 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-VERSION-MISSING-MINOR", "description": "HTTP/1 with no minor version digit is invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "HTTP/1 with no minor version digit is invalid", "scored": true, "durationMs": 0.6404, "rawRequest": "GET / HTTP/1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-VERSION-LEADING-ZEROS", "description": "HTTP/01.01 \u2014 leading zeros in version digits are invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 HTTP/01.01 \u2014 leading zeros in version digits are invalid", "scored": true, "durationMs": 50.5053, "rawRequest": "GET / HTTP/01.01\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:58 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-VERSION-WHITESPACE", "description": "HTTP/ 1.1 \u2014 whitespace inside version token is invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "HTTP/ 1.1 \u2014 whitespace inside version token is invalid", "scored": true, "durationMs": 0.6198, "rawRequest": "GET / HTTP/ 1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-CONNECTION-CLOSE", "description": "Server must close connection after responding to Connection: close", "category": "Compliance", "rfc": "RFC 9112 \u00a79.3", "verdict": "Pass", "statusCode": 200, "expected": "2xx + close", "got": "200", "connectionState": "ClosedByServer", "reason": "Server must close connection after responding to Connection: close", "scored": true, "durationMs": 50.8372, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:58 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HTTP10-DEFAULT-CLOSE", "description": "HTTP/1.0 without keep-alive \u2014 server should close connection after response", "category": "Compliance", "rfc": "RFC 9112 \u00a79.3", "verdict": "Pass", "statusCode": 200, "expected": "2xx + close", "got": "200", "connectionState": "ClosedByServer", "reason": "HTTP/1.0 without keep-alive \u2014 server should close connection after response", "scored": true, "durationMs": 51.1858, "rawRequest": "GET / HTTP/1.0\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:59 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HTTP10-NO-HOST", "description": "HTTP/1.0 without Host header \u2014 valid per HTTP/1.0", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Warn", "statusCode": 200, "expected": "200 or 400", "got": "200", "connectionState": "ClosedByServer", "reason": "HTTP/1.0 without Host header \u2014 valid per HTTP/1.0", "scored": false, "durationMs": 51.0315, "rawRequest": "GET / HTTP/1.0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:59 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HTTP12-VERSION", "description": "HTTP/1.2 \u2014 higher minor version should be accepted as HTTP/1.x compatible", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Warn", "statusCode": 200, "expected": "200 or 505", "got": "200", "connectionState": "ClosedByServer", "reason": "HTTP/1.2 \u2014 higher minor version should be accepted as HTTP/1.x compatible", "scored": false, "durationMs": 51.1331, "rawRequest": "GET / HTTP/1.2\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:59 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-TRACE-WITH-BODY", "description": "TRACE with Content-Length body should be rejected", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.8", "verdict": "Warn", "statusCode": 200, "expected": "400/405 or 200", "got": "200", "connectionState": "ClosedByServer", "reason": "TRACE with Content-Length body should be rejected", "scored": false, "durationMs": 51.4576, "rawRequest": "TRACE / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:59 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-CHUNKED-TRAILER-VALID", "description": "Valid chunked body with trailer field should be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1.2", "verdict": "Fail", "statusCode": 500, "expected": "2xx", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 2xx, got 500 \u2014 Valid chunked body with trailer field should be accepted", "scored": true, "durationMs": 51.7031, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nX-Checksum: abc\r\n\r\n", "rawResponse": "HTTP/1.1 500 INTERNAL SERVER ERROR\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:59 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 265\r\nConnection: close\r\n\r\n<!doctype html>\n<html lang=en>\n<title>500 Internal Server Error</title>\n<h1>Internal Server Error</h1>\n<p>The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.</p>\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-HEX-UPPERCASE", "description": "Chunk size with uppercase hex (A = 10) should be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Chunk size with uppercase hex (A = 10) should be accepted", "scored": true, "durationMs": 51.091, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\nA\r\nhelloworld\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:59 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 10\r\nConnection: close\r\n\r\nhelloworld", "behavioralNote": null}, {"id": "SMUG-CL-TE-BOTH", "description": "Both Content-Length and Transfer-Encoding present \u2014 server MAY reject or process with TE alone", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Both Content-Length and Transfer-Encoding present \u2014 server MAY reject or process with TE alone", "scored": true, "durationMs": 51.1471, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 6\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:59 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 0\r\nConnection: close\r\n\r\n", "behavioralNote": "Used TE (chunked 0-length \u2192 empty body)"}, {"id": "SMUG-DUPLICATE-CL", "description": "Duplicate Content-Length with different values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Duplicate Content-Length with different values must be rejected", "scored": true, "durationMs": 51.1806, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nContent-Length: 10\r\n\r\nhelloworld", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:59 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 10\r\nConnection: close\r\n\r\nhelloworld", "behavioralNote": "Used second CL (10 bytes)"}, {"id": "SMUG-CL-LEADING-ZEROS", "description": "Content-Length with leading zeros \u2014 valid per 1*DIGIT grammar but may cause parser disagreement", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Content-Length with leading zeros \u2014 valid per 1*DIGIT grammar but may cause parser disagreement", "scored": true, "durationMs": 50.9098, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 005\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:59 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 5\r\nConnection: close\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TE-XCHUNKED", "description": "Transfer-Encoding: xchunked must not be treated as chunked", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding: xchunked must not be treated as chunked", "scored": true, "durationMs": 51.1161, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: xchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:45:59 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 5\r\nConnection: close\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-TE-TRAILING-SPACE", "description": "Transfer-Encoding: 'chunked ' (trailing space) must not be treated as chunked", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Transfer-Encoding: 'chunked ' (trailing space) must not be treated as chunked", "scored": true, "durationMs": 4999.7948, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked \r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-SP-BEFORE-COLON", "description": "Transfer-Encoding with space before colon must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a75", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding with space before colon must be rejected", "scored": true, "durationMs": 51.7129, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding : chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:04 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 0\r\nConnection: close\r\n\r\n", "behavioralNote": "Used TE (treated as chunked)"}, {"id": "SMUG-CL-NEGATIVE", "description": "Negative Content-Length must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Negative Content-Length must be rejected", "scored": true, "durationMs": 50.82, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: -1\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:04 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 0\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CLTE-PIPELINE", "description": "CL.TE smuggling probe \u2014 follow-up should not receive smuggled response", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "TimedOut", "reason": "Expected 400 or close, got 200 \u2014 CL.TE smuggling probe \u2014 follow-up should not receive smuggled response", "scored": true, "durationMs": 5001.2088, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 4\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:04 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 0\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TECL-PIPELINE", "description": "TE.CL smuggling probe \u2014 TE: chunked + CL: 30 with pipelined GET", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "TimedOut", "reason": "Expected 400 or close, got 200 \u2014 TE.CL smuggling probe \u2014 TE: chunked + CL: 30 with pipelined GET", "scored": true, "durationMs": 5001.7333, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nContent-Length: 30\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:09 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 0\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-TRAILING-SPACE", "description": "Content-Length with trailing space \u2014 OWS trimming is valid per RFC 9110 \u00a75.5", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Content-Length with trailing space \u2014 OWS trimming is valid per RFC 9110 \u00a75.5", "scored": true, "durationMs": 51.2029, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5 \r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:14 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 5\r\nConnection: close\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TE-DOUBLE-CHUNKED", "description": "Transfer-Encoding: chunked, chunked with CL is ambiguous", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: chunked, chunked with CL is ambiguous", "scored": true, "durationMs": 51.2511, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked, chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:14 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 5\r\nConnection: close\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-CL-EXTRA-LEADING-SP", "description": "Content-Length with extra leading whitespace (double space OWS)", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Content-Length with extra leading whitespace (double space OWS)", "scored": true, "durationMs": 50.8585, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length:  5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:14 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 5\r\nConnection: close\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TE-CASE-MISMATCH", "description": "Transfer-Encoding: Chunked (capital C) with CL \u2014 case-insensitive is valid", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Transfer-Encoding: Chunked (capital C) with CL \u2014 case-insensitive is valid", "scored": true, "durationMs": 5000.9371, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: Chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CL-COMMA-DIFFERENT", "description": "Content-Length with comma-separated different values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Content-Length with comma-separated different values must be rejected", "scored": true, "durationMs": 51.7009, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5, 10\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:19 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 0\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-NOT-FINAL-CHUNKED", "description": "Transfer-Encoding where chunked is not final \u2014 server MUST respond with 400 (RFC 9112 \u00a76.3)", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.3", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding where chunked is not final \u2014 server MUST respond with 400 (RFC 9112 \u00a76.3)", "scored": true, "durationMs": 51.0149, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked, gzip\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:19 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 0\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-HTTP10", "description": "Transfer-Encoding in HTTP/1.0 request must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Transfer-Encoding in HTTP/1.0 request must be rejected", "scored": true, "durationMs": 5000.431, "rawRequest": "POST / HTTP/1.0\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CHUNK-BARE-SEMICOLON", "description": "Chunk size with bare semicolon and no extension name must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": 500, "expected": "400 or close", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 500 \u2014 Chunk size with bare semicolon and no extension name must be rejected", "scored": true, "durationMs": 51.8681, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 500 INTERNAL SERVER ERROR\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:24 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 265\r\nConnection: close\r\n\r\n<!doctype html>\n<html lang=en>\n<title>500 Internal Server Error</title>\n<h1>Internal Server Error</h1>\n<p>The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.</p>\n", "behavioralNote": null}, {"id": "SMUG-BARE-CR-HEADER-VALUE", "description": "Bare CR in header value must be rejected or replaced with SP", "category": "Smuggling", "rfc": "RFC 9112 \u00a72.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Bare CR in header value must be rejected or replaced with SP", "scored": true, "durationMs": 50.9615, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nX-Test: val\rue\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:24 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 5\r\nConnection: close\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-CL-OCTAL", "description": "Content-Length with octal prefix (0o5) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Content-Length with octal prefix (0o5) must be rejected", "scored": true, "durationMs": 51.0222, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0o5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:25 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 0\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-UNDERSCORE", "description": "Chunk size with underscores (1_0) must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Chunk size with underscores (1_0) must be rejected", "scored": true, "durationMs": 50.9653, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n1_0\r\nhello world!!!!!\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:25 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 16\r\nConnection: close\r\n\r\nhello world!!!!!", "behavioralNote": null}, {"id": "SMUG-TE-EMPTY-VALUE", "description": "Transfer-Encoding with empty value must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding with empty value must be rejected", "scored": true, "durationMs": 50.9303, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:25 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 5\r\nConnection: close\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-TE-LEADING-COMMA", "description": "Transfer-Encoding with leading comma (, chunked) \u2014 RFC says empty list elements MUST be ignored", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.6.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with leading comma (, chunked) \u2014 RFC says empty list elements MUST be ignored", "scored": true, "durationMs": 51.0064, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: , chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:25 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 5\r\nConnection: close\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-TE-DUPLICATE-HEADERS", "description": "Two Transfer-Encoding headers with CL present \u2014 ambiguous framing", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Two Transfer-Encoding headers with CL present \u2014 ambiguous framing", "scored": true, "durationMs": 51.2549, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nTransfer-Encoding: identity\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:25 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 5\r\nConnection: close\r\n\r\n", "behavioralNote": "Used TE (treated as chunked)"}, {"id": "SMUG-CHUNK-HEX-PREFIX", "description": "Chunk size with 0x prefix must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Chunk size with 0x prefix must be rejected", "scored": true, "durationMs": 50.8914, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n0x5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:25 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 5\r\nConnection: close\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-CL-HEX-PREFIX", "description": "Content-Length with hex prefix (0x5) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Content-Length with hex prefix (0x5) must be rejected", "scored": true, "durationMs": 49.9664, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0x5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:25 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 0\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-INTERNAL-SPACE", "description": "Content-Length with internal space (1 0) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Content-Length with internal space (1 0) must be rejected", "scored": true, "durationMs": 51.2946, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 1 0\r\n\r\nhello12345", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:25 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 0\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-LEADING-SP", "description": "Chunk size with leading space must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Chunk size with leading space must be rejected", "scored": true, "durationMs": 51.1973, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n 5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:25 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 5\r\nConnection: close\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-CHUNK-MISSING-TRAILING-CRLF", "description": "Chunk data without trailing CRLF must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 500, "expected": "400 or close", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 500 \u2014 Chunk data without trailing CRLF must be rejected", "scored": true, "durationMs": 51.7241, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello0\r\n\r\n", "rawResponse": "HTTP/1.1 500 INTERNAL SERVER ERROR\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:25 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 265\r\nConnection: close\r\n\r\n<!doctype html>\n<html lang=en>\n<title>500 Internal Server Error</title>\n<h1>Internal Server Error</h1>\n<p>The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.</p>\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-LF", "description": "Bare LF in chunk extension \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": 500, "expected": "400 or 2xx", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or 2xx, got 500 \u2014 Bare LF in chunk extension \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 51.8133, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 500 INTERNAL SERVER ERROR\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:25 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 265\r\nConnection: close\r\n\r\n<!doctype html>\n<html lang=en>\n<title>500 Internal Server Error</title>\n<h1>Internal Server Error</h1>\n<p>The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.</p>\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-SPILL", "description": "Chunk declares size 5 but sends 7 bytes \u2014 oversized chunk data must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 500, "expected": "400 or close", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 500 \u2014 Chunk declares size 5 but sends 7 bytes \u2014 oversized chunk data must be rejected", "scored": true, "durationMs": 51.2511, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello!!\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 500 INTERNAL SERVER ERROR\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:25 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 265\r\nConnection: close\r\n\r\n<!doctype html>\n<html lang=en>\n<title>500 Internal Server Error</title>\n<h1>Internal Server Error</h1>\n<p>The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.</p>\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-LF-TERM", "description": "Bare LF as chunk data terminator \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Bare LF as chunk data terminator \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 51.068, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:25 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 5\r\nConnection: close\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-CTRL", "description": "NUL byte in chunk extension must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": 500, "expected": "400 or close", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 500 \u2014 NUL byte in chunk extension must be rejected", "scored": true, "durationMs": 51.3776, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\u0000ext\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 500 INTERNAL SERVER ERROR\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:25 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 265\r\nConnection: close\r\n\r\n<!doctype html>\n<html lang=en>\n<title>500 Internal Server Error</title>\n<h1>Internal Server Error</h1>\n<p>The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.</p>\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-CR", "description": "Bare CR (not CRLF) in chunk extension \u2014 some parsers treat CR alone as line ending", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": 500, "expected": "400 or close", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 500 \u2014 Bare CR (not CRLF) in chunk extension \u2014 some parsers treat CR alone as line ending", "scored": true, "durationMs": 51.1065, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;a\rX\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 500 INTERNAL SERVER ERROR\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:25 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 265\r\nConnection: close\r\n\r\n<!doctype html>\n<html lang=en>\n<title>500 Internal Server Error</title>\n<h1>Internal Server Error</h1>\n<p>The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.</p>\n", "behavioralNote": null}, {"id": "SMUG-TE-VTAB", "description": "Vertical tab before 'chunked' in TE value \u2014 control char obfuscation vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Vertical tab before 'chunked' in TE value \u2014 control char obfuscation vector", "scored": true, "durationMs": 5000.3472, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \u000bchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-FORMFEED", "description": "Form feed before 'chunked' in TE value \u2014 control char obfuscation vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Form feed before 'chunked' in TE value \u2014 control char obfuscation vector", "scored": true, "durationMs": 5000.8455, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \fchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-NULL", "description": "NUL byte appended to 'chunked' in TE value \u2014 C-string truncation attack", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 NUL byte appended to 'chunked' in TE value \u2014 C-string truncation attack", "scored": true, "durationMs": 51.5911, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\u0000\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:35 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 5\r\nConnection: close\r\n\r\n", "behavioralNote": "Used TE (treated as chunked)"}, {"id": "SMUG-CHUNK-LF-TRAILER", "description": "Bare LF in chunked trailer termination \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Bare LF in chunked trailer termination \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 51.0847, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:35 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 5\r\nConnection: close\r\n\r\nhello", "behavioralNote": null}, {"id": "SMUG-TE-IDENTITY", "description": "Transfer-Encoding: identity (deprecated) with CL must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding: identity (deprecated) with CL must be rejected", "scored": true, "durationMs": 51.1059, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: identity\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:35 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 5\r\nConnection: close\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-CHUNK-NEGATIVE", "description": "Negative chunk size must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 500, "expected": "400 or close", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 500 \u2014 Negative chunk size must be rejected", "scored": true, "durationMs": 50.4409, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n-1\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 500 INTERNAL SERVER ERROR\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:35 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 265\r\nConnection: close\r\n\r\n<!doctype html>\n<html lang=en>\n<title>500 Internal Server Error</title>\n<h1>Internal Server Error</h1>\n<p>The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.</p>\n", "behavioralNote": null}, {"id": "SMUG-TRANSFER_ENCODING", "description": "Transfer_Encoding (underscore) header with CL \u2014 not a valid header but some parsers accept", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Transfer_Encoding (underscore) header with CL \u2014 not a valid header but some parsers accept", "scored": false, "durationMs": 50.9811, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer_Encoding: chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:35 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 5\r\nConnection: close\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-CL-COMMA-SAME", "description": "Content-Length with comma-separated identical values \u2014 some servers merge", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Content-Length with comma-separated identical values \u2014 some servers merge", "scored": false, "durationMs": 50.088, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5, 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:36 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 0\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNKED-WITH-PARAMS", "description": "Transfer-Encoding: chunked;ext=val \u2014 parameters on chunked encoding", "category": "Smuggling", "rfc": "RFC 9112 \u00a77", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: chunked;ext=val \u2014 parameters on chunked encoding", "scored": true, "durationMs": 50.9237, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked;ext=val\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:36 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 5\r\nConnection: close\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-EXPECT-100-CL", "description": "Expect: 100-continue with Content-Length \u2014 server should send 100 then read body", "category": "Smuggling", "rfc": "RFC 9110 \u00a710.1.1", "verdict": "Fail", "statusCode": 100, "expected": "400 or 2xx", "got": "100", "connectionState": "Open", "reason": "Expected 400 or 2xx, got 100 \u2014 Expect: 100-continue with Content-Length \u2014 server should send 100 then read body", "scored": false, "durationMs": 50.765, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nExpect: 100-continue\r\n\r\nhello", "rawResponse": "HTTP/1.1 100 Continue\r\n\r\nHTTP/1.1 100 Continue\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-CL", "description": "Content-Length in chunked trailers must be ignored \u2014 prohibited trailer field", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Fail", "statusCode": 500, "expected": "400 or 2xx", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or 2xx, got 500 \u2014 Content-Length in chunked trailers must be ignored \u2014 prohibited trailer field", "scored": false, "durationMs": 51.5309, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nContent-Length: 50\r\n\r\n", "rawResponse": "HTTP/1.1 500 INTERNAL SERVER ERROR\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:36 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 265\r\nConnection: close\r\n\r\n<!doctype html>\n<html lang=en>\n<title>500 Internal Server Error</title>\n<h1>Internal Server Error</h1>\n<p>The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.</p>\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-TE", "description": "Transfer-Encoding in chunked trailers must be ignored \u2014 prohibited trailer field", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Fail", "statusCode": 500, "expected": "400 or 2xx", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or 2xx, got 500 \u2014 Transfer-Encoding in chunked trailers must be ignored \u2014 prohibited trailer field", "scored": false, "durationMs": 51.2781, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nTransfer-Encoding: chunked\r\n\r\n", "rawResponse": "HTTP/1.1 500 INTERNAL SERVER ERROR\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:36 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 265\r\nConnection: close\r\n\r\n<!doctype html>\n<html lang=en>\n<title>500 Internal Server Error</title>\n<h1>Internal Server Error</h1>\n<p>The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.</p>\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-HOST", "description": "Host header in chunked trailers must not be used for routing", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.2", "verdict": "Fail", "statusCode": 500, "expected": "400 or 2xx", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or 2xx, got 500 \u2014 Host header in chunked trailers must not be used for routing", "scored": false, "durationMs": 51.2714, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nHost: evil.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 500 INTERNAL SERVER ERROR\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:36 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 265\r\nConnection: close\r\n\r\n<!doctype html>\n<html lang=en>\n<title>500 Internal Server Error</title>\n<h1>Internal Server Error</h1>\n<p>The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.</p>\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-AUTH", "description": "Authorization header in chunked trailers \u2014 prohibited per RFC 9110 \u00a76.5.1", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Fail", "statusCode": 500, "expected": "400 or 2xx", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or 2xx, got 500 \u2014 Authorization header in chunked trailers \u2014 prohibited per RFC 9110 \u00a76.5.1", "scored": false, "durationMs": 51.3456, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nAuthorization: Bearer evil\r\n\r\n", "rawResponse": "HTTP/1.1 500 INTERNAL SERVER ERROR\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:36 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 265\r\nConnection: close\r\n\r\n<!doctype html>\n<html lang=en>\n<title>500 Internal Server Error</title>\n<h1>Internal Server Error</h1>\n<p>The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.</p>\n", "behavioralNote": null}, {"id": "SMUG-HEAD-CL-BODY", "description": "HEAD request with Content-Length and body \u2014 server must not leave body on connection", "category": "Smuggling", "rfc": "RFC 9110 \u00a79.3.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "HEAD request with Content-Length and body \u2014 server must not leave body on connection", "scored": false, "durationMs": 50.9902, "rawRequest": "HEAD / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:36 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-OPTIONS-CL-BODY", "description": "OPTIONS with Content-Length and body \u2014 server should consume or reject body", "category": "Smuggling", "rfc": "RFC 9110 \u00a79.3.7", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "OPTIONS with Content-Length and body \u2014 server should consume or reject body", "scored": false, "durationMs": 51.1384, "rawRequest": "OPTIONS / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:36 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "SMUG-CL-UNDERSCORE", "description": "Content-Length with underscore digit separator (1_0) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Content-Length with underscore digit separator (1_0) must be rejected", "scored": true, "durationMs": 50.916, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 1_0\r\n\r\nhelloworld", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:36 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 0\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-NEGATIVE-ZERO", "description": "Content-Length: -0 must be rejected \u2014 not valid 1*DIGIT", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Content-Length: -0 must be rejected \u2014 not valid 1*DIGIT", "scored": true, "durationMs": 50.9624, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: -0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:36 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 0\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-DOUBLE-ZERO", "description": "Content-Length: 00 \u2014 matches 1*DIGIT but leading zero ambiguity", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Content-Length: 00 \u2014 matches 1*DIGIT but leading zero ambiguity", "scored": true, "durationMs": 51.3054, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 00\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:36 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 0\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-LEADING-ZEROS-OCTAL", "description": "Content-Length: 0200 \u2014 octal 128 vs decimal 200, parser disagreement vector", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Content-Length: 0200 \u2014 octal 128 vs decimal 200, parser disagreement vector", "scored": true, "durationMs": 51.2977, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0200\r\n\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:36 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 200\r\nConnection: close\r\n\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "behavioralNote": null}, {"id": "SMUG-TE-OBS-FOLD", "description": "Transfer-Encoding with obs-fold line wrapping must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a75.1", "verdict": "Fail", "statusCode": null, "expected": "400", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400, got TimedOut \u2014 Transfer-Encoding with obs-fold line wrapping must be rejected", "scored": true, "durationMs": 5000.441, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding:\r\n chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-TRAILING-COMMA", "description": "Transfer-Encoding: chunked, \u2014 trailing comma produces empty list element", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.6.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: chunked, \u2014 trailing comma produces empty list element", "scored": true, "durationMs": 51.7338, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked,\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:41 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 5\r\nConnection: close\r\n\r\nhello", "behavioralNote": "Used CL (ignored TE variant)"}, {"id": "SMUG-TE-TAB-BEFORE-VALUE", "description": "Transfer-Encoding with tab as OWS before value", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Transfer-Encoding with tab as OWS before value", "scored": false, "durationMs": 5000.6487, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding:\tchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-ABSOLUTE-URI-HOST-MISMATCH", "description": "Absolute-form URI with different Host header \u2014 routing confusion vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a73.2.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Absolute-form URI with different Host header \u2014 routing confusion vector", "scored": false, "durationMs": 51.8785, "rawRequest": "GET http://other.example.com/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:46 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "SMUG-MULTIPLE-HOST-COMMA", "description": "Host header with comma-separated values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a77.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Host header with comma-separated values must be rejected", "scored": true, "durationMs": 51.031, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080, other.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:46 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "SMUG-CHUNK-BARE-CR-TERM", "description": "Chunk size line terminated by bare CR \u2014 not a valid line terminator", "category": "Smuggling", "rfc": "RFC 9112 \u00a72.2", "verdict": "Fail", "statusCode": 500, "expected": "400 or close", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 500 \u2014 Chunk size line terminated by bare CR \u2014 not a valid line terminator", "scored": true, "durationMs": 51.7973, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\rhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 500 INTERNAL SERVER ERROR\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:46 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 265\r\nConnection: close\r\n\r\n<!doctype html>\n<html lang=en>\n<title>500 Internal Server Error</title>\n<h1>Internal Server Error</h1>\n<p>The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.</p>\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-CONTENT-TYPE", "description": "Content-Type in chunked trailer \u2014 prohibited per RFC 9110 \u00a76.5.1", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Fail", "statusCode": 500, "expected": "400 or 2xx", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or 2xx, got 500 \u2014 Content-Type in chunked trailer \u2014 prohibited per RFC 9110 \u00a76.5.1", "scored": false, "durationMs": 51.6488, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nContent-Type: text/evil\r\n\r\n", "rawResponse": "HTTP/1.1 500 INTERNAL SERVER ERROR\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:46 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 265\r\nConnection: close\r\n\r\n<!doctype html>\n<html lang=en>\n<title>500 Internal Server Error</title>\n<h1>Internal Server Error</h1>\n<p>The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.</p>\n", "behavioralNote": null}, {"id": "MAL-BINARY-GARBAGE", "description": "Random binary garbage should be rejected or connection closed", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "Random binary garbage should be rejected or connection closed", "scored": true, "durationMs": 0.9069, "rawRequest": ">\u0017???\u0004?;???V???:o?M%U\u0017]?n?\t\u0014W??6??(\u000b??\u0007???p??\u0005\tngk??\rF?'??'\"?????g?\u001a?????rvc??7i??????)??\u0000Q?????\u000eq\u0005-~????>B??u?8???`\u000b?J\u0017>?\u001d?b?\t???T5{\n????\u0006t|????\u0018\u0010?D??\u0015'????dQ%5w\tN K???\r?\u0011????D?\u0003I?(?\u0011??\r?\u001bi?L???\u0005?kg4Ze\f6??\"QT><<`\u0007u\f????=1?jMah\u0012??+?-??J\u001cP??\u001d?7?,???j2\u0014????(", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-LONG-URL", "description": "100KB URL should be rejected with 414 URI Too Long", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 414, "expected": "400/414/431 or close", "got": "414", "connectionState": "ClosedByServer", "reason": "100KB URL should be rejected with 414 URI Too Long", "scored": true, "durationMs": 50.8257, "rawRequest": "GET /AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 414 Request-URI Too Long\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:46 GMT\r\nConnection: close\r\nContent-Type: text/html;charset=utf-8\r\nContent-Length: 327\r\n\r\n<!DOCTYPE HTML>\n<html lang=\"en\">\n    <head>\n        <meta charset=\"utf-8\">\n        <title>Error response</title>\n    </head>\n    <body>\n        <h1>Error response</h1>\n        <p>Error code: 414</p>\n        <p>Message: Request-URI Too Long.</p>\n        <p>Error code explanation: 414 - URI is too long.</p>\n    </body>\n</html>\n", "behavioralNote": null}, {"id": "MAL-LONG-HEADER-VALUE", "description": "100KB header value should be rejected with 431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 431, "expected": "400/431 or close", "got": "431", "connectionState": "ClosedByServer", "reason": "100KB header value should be rejected with 431", "scored": true, "durationMs": 50.9053, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Big: BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB", "rawResponse": "HTTP/1.1 431 Line too long\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:47 GMT\r\nConnection: close\r\nContent-Type: text/html;charset=utf-8\r\nContent-Length: 355\r\n\r\n<!DOCTYPE HTML>\n<html lang=\"en\">\n    <head>\n        <meta charset=\"utf-8\">\n        <title>Error response</title>\n    </head>\n    <body>\n        <h1>Error response</h1>\n        <p>Error code: 431</p>\n        <p>Message: Line too long.</p>\n        <p>Error code explanation: 431 - got more than 65536 bytes when reading header line.</p>\n    </body>\n</html>\n", "behavioralNote": null}, {"id": "MAL-MANY-HEADERS", "description": "10,000 headers should be rejected with 431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 431, "expected": "400/431 or close", "got": "431", "connectionState": "ClosedByServer", "reason": "10,000 headers should be rejected with 431", "scored": true, "durationMs": 51.3725, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-H-0: value\r\nX-H-1: value\r\nX-H-2: value\r\nX-H-3: value\r\nX-H-4: value\r\nX-H-5: value\r\nX-H-6: value\r\nX-H-7: value\r\nX-H-8: value\r\nX-H-9: value\r\nX-H-10: value\r\nX-H-11: value\r\nX-H-12: value\r\nX-H-13: value\r\nX-H-14: value\r\nX-H-15: value\r\nX-H-16: value\r\nX-H-17: value\r\nX-H-18: value\r\nX-H-19: value\r\nX-H-20: value\r\nX-H-21: value\r\nX-H-22: value\r\nX-H-23: value\r\nX-H-24: value\r\nX-H-25: value\r\nX-H-26: value\r\nX-H-27: value\r\nX-H-28: value\r\nX-H-29: value\r\nX-H-30: value\r\nX-H-31: value\r\nX-H-32: value\r\nX-H-33: value\r\nX-H-34: value\r\nX-H-35: value\r\nX-H-36: value\r\nX-H-37: value\r\nX-H-38: value\r\nX-H-39: value\r\nX-H-40: value\r\nX-H-41: value\r\nX-H-42: value\r\nX-H-43: value\r\nX-H-44: value\r\nX-H-45: value\r\nX-H-46: value\r\nX-H-47: value\r\nX-H-48: value\r\nX-H-49: value\r\nX-H-50: value\r\nX-H-51: value\r\nX-H-52: value\r\nX-H-53: value\r\nX-H-54: value\r\nX-H-55: value\r\nX-H-56: value\r\nX-H-57: value\r\nX-H-58: value\r\nX-H-59: value\r\nX-H-60: value\r\nX-H-61: value\r\nX-H-62: value\r\nX-H-63: value\r\nX-H-64: value\r\nX-H-65: value\r\nX-H-66: value\r\nX-H-67: value\r\nX-H-68: value\r\nX-H-69: value\r\nX-H-70: value\r\nX-H-71: value\r\nX-H-72: value\r\nX-H-73: value\r\nX-H-74: value\r\nX-H-75: value\r\nX-H-76: value\r\nX-H-77: value\r\nX-H-78: value\r\nX-H-79: value\r\nX-H-80: value\r\nX-H-81: value\r\nX-H-82: value\r\nX-H-83: value\r\nX-H-84: value\r\nX-H-85: value\r\nX-H-86: value\r\nX-H-87: value\r\nX-H-88: value\r\nX-H-89: value\r\nX-H-90: value\r\nX-H-91: value\r\nX-H-92: value\r\nX-H-93: value\r\nX-H-94: value\r\nX-H-95: value\r\nX-H-96: value\r\nX-H-97: value\r\nX-H-98: value\r\nX-H-99: value\r\nX-H-100: value\r\nX-H-101: value\r\nX-H-102: value\r\nX-H-103: value\r\nX-H-104: value\r\nX-H-105: value\r\nX-H-106: value\r\nX-H-107: value\r\nX-H-108: value\r\nX-H-109: value\r\nX-H-110: value\r\nX-H-111: value\r\nX-H-112: value\r\nX-H-113: value\r\nX-H-114: value\r\nX-H-115: value\r\nX-H-116: value\r\nX-H-117: value\r\nX-H-118: value\r\nX-H-119: value\r\nX-H-120: value\r\nX-H-121: value\r\nX-H-122: value\r\nX-H-123: value\r\nX-H-124: value\r\nX-H-125: value\r\nX-H-126: value\r\nX-H-127: value\r\nX-H-128: value\r\nX-H-129: value\r\nX-H-130: value\r\nX-H-131: value\r\nX-H-132: value\r\nX-H-133: value\r\nX-H-134: value\r\nX-H-135: value\r\nX-H-136: value\r\nX-H-137: value\r\nX-H-138: value\r\nX-H-139: value\r\nX-H-140: value\r\nX-H-141: value\r\nX-H-142: value\r\nX-H-143: value\r\nX-H-144: value\r\nX-H-145: value\r\nX-H-146: value\r\nX-H-147: value\r\nX-H-148: value\r\nX-H-149: value\r\nX-H-150: value\r\nX-H-151: value\r\nX-H-152: value\r\nX-H-153: value\r\nX-H-154: value\r\nX-H-155: value\r\nX-H-156: value\r\nX-H-157: value\r\nX-H-158: value\r\nX-H-159: value\r\nX-H-160: value\r\nX-H-161: value\r\nX-H-162: value\r\nX-H-163: value\r\nX-H-164: value\r\nX-H-165: value\r\nX-H-166: value\r\nX-H-167: value\r\nX-H-168: value\r\nX-H-169: value\r\nX-H-170: value\r\nX-H-171: value\r\nX-H-172: value\r\nX-H-173: value\r\nX-H-174: value\r\nX-H-175: value\r\nX-H-176: value\r\nX-H-177: value\r\nX-H-178: value\r\nX-H-179: value\r\nX-H-180: value\r\nX-H-181: value\r\nX-H-182: value\r\nX-H-183: value\r\nX-H-184: value\r\nX-H-185: value\r\nX-H-186: value\r\nX-H-187: value\r\nX-H-188: value\r\nX-H-189: value\r\nX-H-190: value\r\nX-H-191: value\r\nX-H-192: value\r\nX-H-193: value\r\nX-H-194: value\r\nX-H-195: value\r\nX-H-196: value\r\nX-H-197: value\r\nX-H-198: value\r\nX-H-199: value\r\nX-H-200: value\r\nX-H-201: value\r\nX-H-202: value\r\nX-H-203: value\r\nX-H-204: value\r\nX-H-205: value\r\nX-H-206: value\r\nX-H-207: value\r\nX-H-208: value\r\nX-H-209: value\r\nX-H-210: value\r\nX-H-211: value\r\nX-H-212: value\r\nX-H-213: value\r\nX-H-214: value\r\nX-H-215: value\r\nX-H-216: value\r\nX-H-217: value\r\nX-H-218: value\r\nX-H-219: value\r\nX-H-220: value\r\nX-H-221: value\r\nX-H-222: value\r\nX-H-223: value\r\nX-H-224: value\r\nX-H-225: value\r\nX-H-226: value\r\nX-H-227: value\r\nX-H-228: value\r\nX-H-229: value\r\nX-H-230: value\r\nX-H-231: value\r\nX-H-232: value\r\nX-H-233: value\r\nX-H-234: value\r\nX-H-235: value\r\nX-H-236: value\r\nX-H-237: value\r\nX-H-238: value\r\nX-H-239: value\r\nX-H-240: value\r\nX-H-241: value\r\nX-H-242: value\r\nX-H-243: value\r\nX-H-244: value\r\nX-H-245: value\r\nX-H-246: value\r\nX-H-247: value\r\nX-H-248: value\r\nX-H-249: value\r\nX-H-250: value\r\nX-H-251: value\r\nX-H-252: value\r\nX-H-253: value\r\nX-H-254: value\r\nX-H-255: value\r\nX-H-256: value\r\nX-H-257: value\r\nX-H-258: value\r\nX-H-259: value\r\nX-H-260: value\r\nX-H-261: value\r\nX-H-262: value\r\nX-H-263: value\r\nX-H-264: value\r\nX-H-265: value\r\nX-H-266: value\r\nX-H-267: value\r\nX-H-268: value\r\nX-H-269: value\r\nX-H-270: value\r\nX-H-271: value\r\nX-H-272: value\r\nX-H-273: value\r\nX-H-274: value\r\nX-H-275: value\r\nX-H-276: value\r\nX-H-277: value\r\nX-H-278: value\r\nX-H-279: value\r\nX-H-280: value\r\nX-H-281: value\r\nX-H-282: value\r\nX-H-283: value\r\nX-H-284: value\r\nX-H-285: value\r\nX-H-286: value\r\nX-H-287: value\r\nX-H-288: value\r\nX-H-289: value\r\nX-H-290: value\r\nX-H-291: value\r\nX-H-292: value\r\nX-H-293: value\r\nX-H-294: value\r\nX-H-295: value\r\nX-H-296: value\r\nX-H-297: value\r\nX-H-298: value\r\nX-H-299: value\r\nX-H-300: value\r\nX-H-301: value\r\nX-H-302: value\r\nX-H-303: value\r\nX-H-304: value\r\nX-H-305: value\r\nX-H-306: value\r\nX-H-307: value\r\nX-H-308: value\r\nX-H-309: value\r\nX-H-310: value\r\nX-H-311: value\r\nX-H-312: value\r\nX-H-313: value\r\nX-H-314: value\r\nX-H-315: value\r\nX-H-316: value\r\nX-H-317: value\r\nX-H-318: value\r\nX-H-319: value\r\nX-H-320: value\r\nX-H-321: value\r\nX-H-322: value\r\nX-H-323: value\r\nX-H-324: value\r\nX-H-325: value\r\nX-H-326: value\r\nX-H-327: value\r\nX-H-328: value\r\nX-H-329: value\r\nX-H-330: value\r\nX-H-331: value\r\nX-H-332: value\r\nX-H-333: value\r\nX-H-334: value\r\nX-H-335: value\r\nX-H-336: value\r\nX-H-337: value\r\nX-H-338: value\r\nX-H-339: value\r\nX-H-340: value\r\nX-H-341: value\r\nX-H-342: value\r\nX-H-343: value\r\nX-H-344: value\r\nX-H-345: value\r\nX-H-346: value\r\nX-H-347: value\r\nX-H-348: value\r\nX-H-349: value\r\nX-H-350: value\r\nX-H-351: value\r\nX-H-352: value\r\nX-H-353: value\r\nX-H-354: value\r\nX-H-355: value\r\nX-H-356: value\r\nX-H-357: value\r\nX-H-358: value\r\nX-H-359: value\r\nX-H-360: value\r\nX-H-361: value\r\nX-H-362: value\r\nX-H-363: value\r\nX-H-364: value\r\nX-H-365: value\r\nX-H-366: value\r\nX-H-367: value\r\nX-H-368: value\r\nX-H-369: value\r\nX-H-370: value\r\nX-H-371: value\r\nX-H-372: value\r\nX-H-373: value\r\nX-H-374: value\r\nX-H-375: value\r\nX-H-376: value\r\nX-H-377: value\r\nX-H-378: value\r\nX-H-379: value\r\nX-H-380: value\r\nX-H-381: value\r\nX-H-382: value\r\nX-H-383: value\r\nX-H-384: value\r\nX-H-385: value\r\nX-H-386: value\r\nX-H-387: value\r\nX-H-388: value\r\nX-H-389: value\r\nX-H-390: value\r\nX-H-391: value\r\nX-H-392: value\r\nX-H-393: value\r\nX-H-394: value\r\nX-H-395: value\r\nX-H-396: value\r\nX-H-397: value\r\nX-H-398: value\r\nX-H-399: value\r\nX-H-400: value\r\nX-H-401: value\r\nX-H-402: value\r\nX-H-403: value\r\nX-H-404: value\r\nX-H-405: value\r\nX-H-406: value\r\nX-H-407: value\r\nX-H-408: value\r\nX-H-409: value\r\nX-H-410: value\r\nX-H-411: value\r\nX-H-412: value\r\nX-H-413: value\r\nX-H-414: value\r\nX-H-415: value\r\nX-H-416: value\r\nX-H-417: value\r\nX-H-418: value\r\nX-H-419: value\r\nX-H-420: value\r\nX-H-421: value\r\nX-H-422: value\r\nX-H-423: value\r\nX-H-424: value\r\nX-H-425: value\r\nX-H-426: value\r\nX-H-427: value\r\nX-H-428: value\r\nX-H-429: value\r\nX-H-430: value\r\nX-H-431: value\r\nX-H-432: value\r\nX-H-433: value\r\nX-H-434: value\r\nX-H-435: value\r\nX-H-436: value\r\nX-H-437: value\r\nX-H-438: value\r\nX-H-439: value\r\nX-H-440: value\r\nX-H-441: value\r\nX-H-442: value\r\nX-H-443: value\r\nX-H-444: value\r\nX-H-445: value\r\nX-H-446: value\r\nX-H-447: value\r\nX-H-448: value\r\nX-H-449: value\r\nX-H-450: value\r\nX-H-451: value\r\nX-H-452: value\r\nX-H-453: value\r\nX-H-454: value\r\nX-H-455: value\r\nX-H-456: value\r\nX-H-457: value\r\nX-H-458: value\r\nX-H-459: value\r\nX-H-460: value\r\nX-H-461: value\r\nX-H-462: value\r\nX-H-463: value\r\nX-H-464: value\r\nX-H-465: value\r\nX-H-466: value\r\nX-H-467: value\r\nX-H-468: value\r\nX-H-469: value\r\nX-H-470: value\r\nX-H-471: value\r\nX-H-472: value\r\nX-H-473: value\r\nX-H-474: value\r\nX-H-475: value\r\nX-H-476: value\r\nX-H-477: value\r\nX-H-478: value\r\nX-H-479: value\r\nX-H-480: value\r\nX-H-481: value\r\nX-H-482: value\r\nX-H-483: value\r\nX-H-484: value\r\nX-H-485: value\r\nX-H-486: value\r\nX-H-487: value\r\nX-H-488: value\r\nX-H-489: value\r\nX-H-490: value\r\nX-H-491: value\r\nX-H-492: value\r\nX-H-493: value\r\nX-H-494: value\r\nX-H-495: value\r\nX-H-496: value\r\nX-H-497: value\r\nX-H-498: value\r\nX-H-499: value\r\nX-H-500: value\r\nX-H-501: value\r\nX-H-502: value\r\nX-H-503: value\r\nX-H-504: value\r\nX-H-505: value\r\nX-H-506: value\r\nX-H-507: value\r\nX-H-508: value\r\nX-H-509: value\r\nX-H-510: value\r\nX-H-511: value\r\nX-H-512: value\r\nX-H-513: value\r\nX-H-514: value\r\nX-H-515: value\r\nX-H-516:", "rawResponse": "HTTP/1.1 431 Too many headers\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:47 GMT\r\nConnection: close\r\nContent-Type: text/html;charset=utf-8\r\nContent-Length: 333\r\n\r\n<!DOCTYPE HTML>\n<html lang=\"en\">\n    <head>\n        <meta charset=\"utf-8\">\n        <title>Error response</title>\n    </head>\n    <body>\n        <h1>Error response</h1>\n        <p>Error code: 431</p>\n        <p>Message: Too many headers.</p>\n        <p>Error code explanation: 431 - got more than 100 headers.</p>\n    </body>\n</html>\n", "behavioralNote": null}, {"id": "MAL-NUL-IN-URL", "description": "NUL byte in URL should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 NUL byte in URL should be rejected", "scored": true, "durationMs": 50.9945, "rawRequest": "GET /\u0000test HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:47 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-CONTROL-CHARS-HEADER", "description": "Control characters in header value should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Control characters in header value should be rejected", "scored": true, "durationMs": 50.8824, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: abc\u0007\b?f\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:47 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-INCOMPLETE-REQUEST", "description": "Partial HTTP request \u2014 request-line and headers but no final CRLF", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Partial HTTP request \u2014 request-line and headers but no final CRLF", "scored": true, "durationMs": 5000.6172, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: value", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-EMPTY-REQUEST", "description": "Zero bytes \u2014 TCP connection established without sending any data", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Zero bytes \u2014 TCP connection established without sending any data", "scored": true, "durationMs": 5000.6772, "rawRequest": "", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-LONG-HEADER-NAME", "description": "100KB header name should be rejected with 400/431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 431, "expected": "400/431 or close", "got": "431", "connectionState": "ClosedByServer", "reason": "100KB header name should be rejected with 400/431", "scored": true, "durationMs": 50.7563, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 431 Line too long\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:57 GMT\r\nConnection: close\r\nContent-Type: text/html;charset=utf-8\r\nContent-Length: 355\r\n\r\n<!DOCTYPE HTML>\n<html lang=\"en\">\n    <head>\n        <meta charset=\"utf-8\">\n        <title>Error response</title>\n    </head>\n    <body>\n        <h1>Error response</h1>\n        <p>Error code: 431</p>\n        <p>Message: Line too long.</p>\n        <p>Error code explanation: 431 - got more than 65536 bytes when reading header line.</p>\n    </body>\n</html>\n", "behavioralNote": null}, {"id": "MAL-LONG-METHOD", "description": "100KB method name should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 414, "expected": "400 or close", "got": "414", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 414 \u2014 100KB method name should be rejected", "scored": true, "durationMs": 51.0386, "rawRequest": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 414 Request-URI Too Long\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:57 GMT\r\nConnection: close\r\nContent-Type: text/html;charset=utf-8\r\nContent-Length: 327\r\n\r\n<!DOCTYPE HTML>\n<html lang=\"en\">\n    <head>\n        <meta charset=\"utf-8\">\n        <title>Error response</title>\n    </head>\n    <body>\n        <h1>Error response</h1>\n        <p>Error code: 414</p>\n        <p>Message: Request-URI Too Long.</p>\n        <p>Error code explanation: 414 - URI is too long.</p>\n    </body>\n</html>\n", "behavioralNote": null}, {"id": "MAL-NON-ASCII-HEADER-NAME", "description": "Non-ASCII bytes (UTF-8 \u00eb) in header name must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Non-ASCII bytes (UTF-8 \u00eb) in header name must be rejected", "scored": true, "durationMs": 50.9741, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-T??st: value\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:57 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-NON-ASCII-URL", "description": "Non-ASCII bytes (UTF-8 \u00e9) in URL must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Non-ASCII bytes (UTF-8 \u00e9) in URL must be rejected", "scored": true, "durationMs": 50.9207, "rawRequest": "GET /caf?? HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:46:57 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-CL-OVERFLOW", "description": "Content-Length with integer overflow value must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Content-Length with integer overflow value must be rejected", "scored": true, "durationMs": 5000.5928, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 99999999999999999999\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-WHITESPACE-ONLY-LINE", "description": "Whitespace-only request line should be rejected or timeout", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "Whitespace-only request line should be rejected or timeout", "scored": true, "durationMs": 0.8114, "rawRequest": "   \r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-NUL-IN-HEADER-VALUE", "description": "NUL byte in header value should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 NUL byte in header value should be rejected", "scored": true, "durationMs": 50.9623, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: val\u0000ue\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:47:02 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-CHUNK-SIZE-OVERFLOW", "description": "Chunk size with integer overflow must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Chunk size with integer overflow must be rejected", "scored": true, "durationMs": 5000.197, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\nFFFFFFFFFFFFFFFF0\r\nhello\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-H2-PREFACE", "description": "HTTP/2 connection preface sent to HTTP/1.1 server must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/505/close/timeout", "got": "ClosedByServer", "connectionState": "ClosedByServer", "reason": "HTTP/2 connection preface sent to HTTP/1.1 server must be rejected", "scored": true, "durationMs": 2.5621, "rawRequest": "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-CL-EMPTY", "description": "Empty Content-Length value must be rejected", "category": "MalformedInput", "rfc": "RFC 9110 \u00a78.6", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Empty Content-Length value must be rejected", "scored": true, "durationMs": 54.1712, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: \r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:47:07 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 0\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-CL-TAB-BEFORE-VALUE", "description": "Content-Length with tab as OWS \u2014 valid per RFC but unusual", "category": "MalformedInput", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with tab as OWS \u2014 valid per RFC but unusual", "scored": true, "durationMs": 52.5457, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length:\t5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:47:07 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 5\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-URL-BACKSLASH", "description": "Backslash in URL path \u2014 not valid URI character, some servers normalize to /", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx/404", "got": "200", "connectionState": "ClosedByServer", "reason": "Backslash in URL path \u2014 not valid URI character, some servers normalize to /", "scored": true, "durationMs": 56.0703, "rawRequest": "GET /path\\file HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:47:07 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-URL-OVERLONG-UTF8", "description": "Overlong UTF-8 encoding of / (0xC0 0xAF) in URL must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Overlong UTF-8 encoding of / (0xC0 0xAF) in URL must be rejected", "scored": true, "durationMs": 60.2127, "rawRequest": "GET /?? HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:47:07 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-URL-PERCENT-NULL", "description": "Percent-encoded NUL byte (%00) in URL \u2014 security risk from null byte injection", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx/404", "got": "200", "connectionState": "ClosedByServer", "reason": "Percent-encoded NUL byte (%00) in URL \u2014 security risk from null byte injection", "scored": true, "durationMs": 55.8076, "rawRequest": "GET /path%00.html HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:47:07 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-URL-PERCENT-CRLF", "description": "Percent-encoded CRLF (%0d%0a) in URL \u2014 header injection if server decodes during parsing", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 404, "expected": "400 or 2xx/404", "got": "404", "connectionState": "Open", "reason": "Percent-encoded CRLF (%0d%0a) in URL \u2014 header injection if server decodes during parsing", "scored": true, "durationMs": 59.0245, "rawRequest": "GET /path%0d%0aX-Injected:%20true HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 404 NOT FOUND\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:47:07 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 207\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-CHUNK-EXT-64K", "description": "64KB chunk extension \u2014 tests extension length limits (CVE-2023-39326 class)", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 500, "expected": "400 or 2xx", "got": "500", "connectionState": "ClosedByServer", "reason": "Expected 400 or 2xx, got 500 \u2014 64KB chunk extension \u2014 tests extension length limits (CVE-2023-39326 class)", "scored": true, "durationMs": 62.2175, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;ext=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "rawResponse": "HTTP/1.1 500 INTERNAL SERVER ERROR\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:47:07 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 265\r\nConnection: close\r\n\r\n<!doctype html>\n<html lang=en>\n<title>500 Internal Server Error</title>\n<h1>Internal Server Error</h1>\n<p>The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.</p>\n", "behavioralNote": null}, {"id": "MAL-RANGE-OVERLAPPING", "description": "1000 overlapping Range values \u2014 resource exhaustion vector (CVE-2011-3192 class)", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "200/206/400/416", "got": "200", "connectionState": "Open", "reason": "1000 overlapping Range values \u2014 resource exhaustion vector (CVE-2011-3192 class)", "scored": false, "durationMs": 68.5472, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nRange: bytes=0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: Werkzeug/3.1.5 Python/3.12.3\r\nDate: Thu, 12 Feb 2026 21:47:07 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2\r\nConnection: close\r\n\r\nOK", "behavioralNote": null}, {"id": "MAL-POST-CL-HUGE-NO-BODY", "description": "POST with Content-Length: 999999999 but no body \u2014 tests timeout vs memory allocation", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "POST with Content-Length: 999999999 but no body \u2014 tests timeout vs memory allocation", "scored": true, "durationMs": 5000.6755, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 999999999\r\n\r\n", "rawResponse": null, "behavioralNote": null}], "name": "Flask", "language": "Python"}, {"summary": {"total": 143, "scored": 125, "passed": 78, "failed": 31, "warnings": 16, "unscored": 18}, "results": [{"id": "COMP-BASELINE", "description": "Valid GET request \u2014 confirms server is reachable", "category": "Compliance", "rfc": null, "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Valid GET request \u2014 confirms server is reachable", "scored": true, "durationMs": 63.2272, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:28 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-2.2-BARE-LF-REQUEST-LINE", "description": "Bare LF in request line should be rejected, but MAY be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close (pass), 2xx (warn)", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare LF in request line should be rejected, but MAY be accepted", "scored": true, "durationMs": 51.417, "rawRequest": "GET / HTTP/1.1\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 218\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Version &#x27;Invalid HTTP Version: &#x27;HTTP/1.1\\nHost: localhost:8080&#x27;&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "RFC9112-2.2-BARE-LF-HEADER", "description": "Bare LF in header should be rejected, but MAY be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close (pass), 2xx (warn)", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare LF in header should be rejected, but MAY be accepted", "scored": true, "durationMs": 50.571, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\nX-Test: value\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 158\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27;HOST&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "RFC9112-5.1-OBS-FOLD", "description": "Obs-fold (line folding) in headers should be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75.1", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Obs-fold (line folding) in headers should be rejected", "scored": true, "durationMs": 50.558, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: value\r\n continued\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 178\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Obsolete line folding is unacceptable: &#x27;X-TEST&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "RFC9110-5.6.2-SP-BEFORE-COLON", "description": "Whitespace between header name and colon must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Whitespace between header name and colon must be rejected", "scored": true, "durationMs": 50.369, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test : value\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 166\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP header name: &#x27;X-Test &#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "RFC9112-3-MULTI-SP-REQUEST-LINE", "description": "Multiple spaces between request-line components \u2014 SHOULD reject but MAY parse leniently", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Multiple spaces between request-line components \u2014 SHOULD reject but MAY parse leniently", "scored": true, "durationMs": 50.5926, "rawRequest": "GET  / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 208\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid Request Line &#x27;Invalid HTTP request line: &#x27;GET  / HTTP/1.1&#x27;&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "RFC9112-7.1-MISSING-HOST", "description": "Request without Host header must be rejected with 400", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "Open", "reason": "Expected 400, got 200 \u2014 Request without Host header must be rejected with 400", "scored": true, "durationMs": 50.5195, "rawRequest": "GET / HTTP/1.1\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:29 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-2.3-INVALID-VERSION", "description": "Invalid HTTP version must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400/505 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Invalid HTTP version must be rejected", "scored": true, "durationMs": 50.5395, "rawRequest": "GET / HTTP/9.9\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 182\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Version &#x27;Invalid HTTP Version: (9, 9)&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "RFC9112-5-EMPTY-HEADER-NAME", "description": "Empty header name (leading colon) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Empty header name (leading colon) must be rejected", "scored": true, "durationMs": 50.4506, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\n: empty-name\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 166\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27;: empty-name&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "RFC9112-3-CR-ONLY-LINE-ENDING", "description": "CR without LF as line ending must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "CR without LF as line ending must be rejected", "scored": true, "durationMs": 50.4133, "rawRequest": "GET / HTTP/1.1\rHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 218\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Version &#x27;Invalid HTTP Version: &#x27;HTTP/1.1\\rHost: localhost:8080&#x27;&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "RFC9112-3-MISSING-TARGET", "description": "Request line with no target (space but no path) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Request line with no target (space but no path) must be rejected", "scored": true, "durationMs": 50.5105, "rawRequest": "GET HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 205\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid Request Line &#x27;Invalid HTTP request line: &#x27;GET HTTP/1.1&#x27;&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "RFC9112-3.2-FRAGMENT-IN-TARGET", "description": "Fragment (#) in request-target \u2014 not part of origin-form grammar", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Fragment (#) in request-target \u2014 not part of origin-form grammar", "scored": true, "durationMs": 50.6666, "rawRequest": "GET /path#frag HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:29 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n2\r\nOK\r\n", "behavioralNote": null}, {"id": "RFC9112-2.3-HTTP09-REQUEST", "description": "HTTP/0.9 request (no version) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/0.9 request (no version) must be rejected", "scored": true, "durationMs": 50.5421, "rawRequest": "GET /\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 198\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid Request Line &#x27;Invalid HTTP request line: &#x27;GET /&#x27;&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "RFC9112-5-INVALID-HEADER-NAME", "description": "Header name with invalid characters (brackets) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Header name with invalid characters (brackets) must be rejected", "scored": true, "durationMs": 50.5051, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nBad[Name: value\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 167\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP header name: &#x27;Bad[Name&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "RFC9112-5-HEADER-NO-COLON", "description": "Header line without colon must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Header line without colon must be rejected", "scored": true, "durationMs": 50.3649, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nNoColonHere\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 165\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27;NoColonHere&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "RFC9110-5.4-DUPLICATE-HOST", "description": "Duplicate Host headers with different values must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400, got 200 \u2014 Duplicate Host headers with different values must be rejected", "scored": true, "durationMs": 50.5603, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nHost: other.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:29 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-6.1-CL-NON-NUMERIC", "description": "Non-numeric Content-Length must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Non-numeric Content-Length must be rejected", "scored": true, "durationMs": 50.4725, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: abc\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 168\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27;CONTENT-LENGTH&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "RFC9112-6.1-CL-PLUS-SIGN", "description": "Content-Length with plus sign must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with plus sign must be rejected", "scored": true, "durationMs": 50.5542, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: +5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 168\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27;CONTENT-LENGTH&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "COMP-WHITESPACE-BEFORE-HEADERS", "description": "Whitespace before first header line must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Whitespace before first header line must be rejected", "scored": true, "durationMs": 50.569, "rawRequest": "GET / HTTP/1.1\r\n \r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 155\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27; &#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "COMP-DUPLICATE-HOST-SAME", "description": "Duplicate Host headers with identical values must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "Open", "reason": "Expected 400, got 200 \u2014 Duplicate Host headers with identical values must be rejected", "scored": true, "durationMs": 50.756, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:29 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n2\r\nOK\r\n", "behavioralNote": null}, {"id": "COMP-HOST-WITH-USERINFO", "description": "Host header with userinfo (user@host) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Host header with userinfo (user@host) must be rejected", "scored": true, "durationMs": 50.6329, "rawRequest": "GET / HTTP/1.1\r\nHost: user@localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:30 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-HOST-WITH-PATH", "description": "Host header with path component must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Host header with path component must be rejected", "scored": true, "durationMs": 50.7391, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080/path\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:30 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-ASTERISK-WITH-GET", "description": "Asterisk-form (*) request-target with GET must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.4", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Asterisk-form (*) request-target with GET must be rejected", "scored": true, "durationMs": 50.7021, "rawRequest": "GET * HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:30 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n", "behavioralNote": null}, {"id": "COMP-OPTIONS-STAR", "description": "OPTIONS * is the only valid asterisk-form request", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.4", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "OPTIONS * is the only valid asterisk-form request", "scored": true, "durationMs": 50.5281, "rawRequest": "OPTIONS * HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:30 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n", "behavioralNote": null}, {"id": "COMP-UNKNOWN-TE-501", "description": "Unknown Transfer-Encoding without CL should be rejected with 501", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400/501 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400/501 or close, got 200 \u2014 Unknown Transfer-Encoding without CL should be rejected with 501", "scored": true, "durationMs": 50.7119, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: gzip\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:30 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-LEADING-CRLF", "description": "Leading CRLF before request-line \u2014 server may ignore per RFC", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Leading CRLF before request-line \u2014 server may ignore per RFC", "scored": true, "durationMs": 50.6874, "rawRequest": "\r\n\r\nGET / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 193\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid Request Line &#x27;Invalid HTTP request line: &#x27;&#x27;&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "COMP-ABSOLUTE-FORM", "description": "Absolute-form request-target \u2014 server should accept per RFC", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Absolute-form request-target \u2014 server should accept per RFC", "scored": true, "durationMs": 50.6224, "rawRequest": "GET http://localhost:8080/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:30 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n", "behavioralNote": null}, {"id": "COMP-METHOD-CASE", "description": "Lowercase method 'get' \u2014 methods are case-sensitive per RFC", "category": "Compliance", "rfc": "RFC 9110 \u00a79.1", "verdict": "Pass", "statusCode": 400, "expected": "400/405/501 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Lowercase method 'get' \u2014 methods are case-sensitive per RFC", "scored": true, "durationMs": 50.6706, "rawRequest": "get / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 184\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid Method &#x27;Invalid HTTP method: &#x27;get&#x27;&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "COMP-POST-CL-BODY", "description": "POST with Content-Length and matching body must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "POST with Content-Length and matching body must be accepted", "scored": true, "durationMs": 50.617, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:30 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n", "behavioralNote": null}, {"id": "COMP-POST-CL-ZERO", "description": "POST with Content-Length: 0 and no body must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "POST with Content-Length: 0 and no body must be accepted", "scored": true, "durationMs": 50.5424, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:30 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n", "behavioralNote": null}, {"id": "COMP-POST-NO-CL-NO-TE", "description": "POST with neither Content-Length nor Transfer-Encoding \u2014 implicit zero-length body", "category": "Compliance", "rfc": "RFC 9112 \u00a76.3", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "POST with neither Content-Length nor Transfer-Encoding \u2014 implicit zero-length body", "scored": true, "durationMs": 50.5661, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:30 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n", "behavioralNote": null}, {"id": "COMP-POST-CL-UNDERSEND", "description": "POST with Content-Length: 10 but only 5 bytes sent \u2014 incomplete body", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "POST with Content-Length: 10 but only 5 bytes sent \u2014 incomplete body", "scored": true, "durationMs": 5001.7343, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 10\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-CHUNKED-BODY", "description": "Valid single-chunk POST must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Valid single-chunk POST must be accepted", "scored": true, "durationMs": 50.5848, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:35 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-MULTI", "description": "Valid multi-chunk POST must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid multi-chunk POST must be accepted", "scored": true, "durationMs": 50.5404, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n6\r\n world\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:35 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-EMPTY", "description": "Zero-length chunked body (just terminator) must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Zero-length chunked body (just terminator) must be accepted", "scored": true, "durationMs": 50.5389, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:35 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-NO-FINAL", "description": "Chunked body without zero terminator \u2014 incomplete transfer", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "400/close/timeout", "got": "200", "connectionState": "ClosedByServer", "reason": "Chunked body without zero terminator \u2014 incomplete transfer", "scored": true, "durationMs": 50.7832, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:35 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-UPGRADE-POST", "description": "WebSocket upgrade via POST must not be accepted", "category": "Compliance", "rfc": "RFC 6455 \u00a74.1", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "WebSocket upgrade via POST must not be accepted", "scored": true, "durationMs": 50.6355, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 13\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:35 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n", "behavioralNote": null}, {"id": "COMP-UPGRADE-MISSING-CONN", "description": "Upgrade header without Connection: Upgrade must not trigger protocol switch", "category": "Compliance", "rfc": "RFC 9110 \u00a77.8", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "ClosedByServer", "reason": "Upgrade header without Connection: Upgrade must not trigger protocol switch", "scored": true, "durationMs": 50.7589, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 13\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:35 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-UPGRADE-UNKNOWN", "description": "Upgrade to unknown protocol must not return 101", "category": "Compliance", "rfc": "RFC 9110 \u00a77.8", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "Upgrade to unknown protocol must not return 101", "scored": true, "durationMs": 50.6903, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: totally-made-up/1.0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:35 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n", "behavioralNote": null}, {"id": "COMP-METHOD-CONNECT", "description": "CONNECT to an origin server must be rejected", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.6", "verdict": "Fail", "statusCode": 200, "expected": "400/405/501 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400/405/501 or close, got 200 \u2014 CONNECT to an origin server must be rejected", "scored": true, "durationMs": 50.6098, "rawRequest": "CONNECT example.com:443 HTTP/1.1\r\nHost: example.com:443\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:35 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n", "behavioralNote": null}, {"id": "COMP-EXPECT-UNKNOWN", "description": "Unknown Expect value should be rejected with 417", "category": "Compliance", "rfc": "RFC 9110 \u00a710.1.1", "verdict": "Pass", "statusCode": 417, "expected": "417 or 2xx", "got": "417", "connectionState": "ClosedByServer", "reason": "Unknown Expect value should be rejected with 417", "scored": true, "durationMs": 50.758, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nExpect: 200-ok\r\n\r\n", "rawResponse": "HTTP/1.1 417 Expectation Failed\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 188\r\n\r\n<html>\n  <head>\n    <title>Expectation Failed</title>\n  </head>\n  <body>\n    <h1><p>Expectation Failed</p></h1>\n    Unable to comply with expectation: &#x27;200-ok&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "COMP-GET-WITH-CL-BODY", "description": "GET with Content-Length and body \u2014 semantically unusual", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "GET with Content-Length and body \u2014 semantically unusual", "scored": false, "durationMs": 50.7496, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:36 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-EXTENSION", "description": "Chunk extension (valid per RFC) \u2014 server should accept or may reject", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx or 400", "got": "200", "connectionState": "Open", "reason": "Chunk extension (valid per RFC) \u2014 server should accept or may reject", "scored": true, "durationMs": 50.688, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;ext=value\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:36 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n", "behavioralNote": null}, {"id": "COMP-UPGRADE-INVALID-VER", "description": "WebSocket upgrade with unsupported version \u2014 should return 426", "category": "Compliance", "rfc": "RFC 6455 \u00a74.4", "verdict": "Warn", "statusCode": 200, "expected": "426 or 2xx", "got": "200", "connectionState": "Open", "reason": "WebSocket upgrade with unsupported version \u2014 should return 426", "scored": true, "durationMs": 50.8859, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 99\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:36 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n", "behavioralNote": null}, {"id": "COMP-METHOD-TRACE", "description": "TRACE request \u2014 should be disabled in production", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.8", "verdict": "Warn", "statusCode": 200, "expected": "405/501 or 2xx", "got": "200", "connectionState": "Open", "reason": "TRACE request \u2014 should be disabled in production", "scored": false, "durationMs": 50.579, "rawRequest": "TRACE / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:36 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n2\r\nOK\r\n", "behavioralNote": null}, {"id": "COMP-HOST-EMPTY-VALUE", "description": "Empty Host header value must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Empty Host header value must be rejected", "scored": true, "durationMs": 50.4682, "rawRequest": "GET / HTTP/1.1\r\nHost: \r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:36 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n2\r\nOK\r\n", "behavioralNote": null}, {"id": "COMP-REQUEST-LINE-TAB", "description": "Tab as request-line delimiter \u2014 SHOULD reject but MAY parse on whitespace", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Tab as request-line delimiter \u2014 SHOULD reject but MAY parse on whitespace", "scored": true, "durationMs": 51.8408, "rawRequest": "GET\t/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 208\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid Request Line &#x27;Invalid HTTP request line: &#x27;GET\\t/ HTTP/1.1&#x27;&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "COMP-VERSION-MISSING-MINOR", "description": "HTTP/1 with no minor version digit is invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/1 with no minor version digit is invalid", "scored": true, "durationMs": 50.5515, "rawRequest": "GET / HTTP/1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 194\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Version &#x27;Invalid HTTP Version: &#x27;HTTP/1&#x27;&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "COMP-VERSION-LEADING-ZEROS", "description": "HTTP/01.01 \u2014 leading zeros in version digits are invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/01.01 \u2014 leading zeros in version digits are invalid", "scored": true, "durationMs": 50.7971, "rawRequest": "GET / HTTP/01.01\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 198\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Version &#x27;Invalid HTTP Version: &#x27;HTTP/01.01&#x27;&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "COMP-VERSION-WHITESPACE", "description": "HTTP/ 1.1 \u2014 whitespace inside version token is invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/ 1.1 \u2014 whitespace inside version token is invalid", "scored": true, "durationMs": 50.7982, "rawRequest": "GET / HTTP/ 1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 197\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Version &#x27;Invalid HTTP Version: &#x27;HTTP/ 1.1&#x27;&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "COMP-CONNECTION-CLOSE", "description": "Server must close connection after responding to Connection: close", "category": "Compliance", "rfc": "RFC 9112 \u00a79.3", "verdict": "Pass", "statusCode": 200, "expected": "2xx + close", "got": "200", "connectionState": "ClosedByServer", "reason": "Server must close connection after responding to Connection: close", "scored": true, "durationMs": 50.904, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:36 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-HTTP10-DEFAULT-CLOSE", "description": "HTTP/1.0 without keep-alive \u2014 server should close connection after response", "category": "Compliance", "rfc": "RFC 9112 \u00a79.3", "verdict": "Pass", "statusCode": 200, "expected": "2xx + close", "got": "200", "connectionState": "ClosedByServer", "reason": "HTTP/1.0 without keep-alive \u2014 server should close connection after response", "scored": true, "durationMs": 50.7442, "rawRequest": "GET / HTTP/1.0\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.0 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:36 GMT\r\nConnection: close\r\nContent-Type: text/plain\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HTTP10-NO-HOST", "description": "HTTP/1.0 without Host header \u2014 valid per HTTP/1.0", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Warn", "statusCode": 200, "expected": "200 or 400", "got": "200", "connectionState": "ClosedByServer", "reason": "HTTP/1.0 without Host header \u2014 valid per HTTP/1.0", "scored": false, "durationMs": 50.6616, "rawRequest": "GET / HTTP/1.0\r\n\r\n", "rawResponse": "HTTP/1.0 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:36 GMT\r\nConnection: close\r\nContent-Type: text/plain\r\n\r\nOK", "behavioralNote": null}, {"id": "COMP-HTTP12-VERSION", "description": "HTTP/1.2 \u2014 higher minor version should be accepted as HTTP/1.x compatible", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Warn", "statusCode": 200, "expected": "200 or 505", "got": "200", "connectionState": "ClosedByServer", "reason": "HTTP/1.2 \u2014 higher minor version should be accepted as HTTP/1.x compatible", "scored": false, "durationMs": 50.7509, "rawRequest": "GET / HTTP/1.2\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.2 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:36 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-TRACE-WITH-BODY", "description": "TRACE with Content-Length body should be rejected", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.8", "verdict": "Warn", "statusCode": 200, "expected": "400/405 or 200", "got": "200", "connectionState": "Open", "reason": "TRACE with Content-Length body should be rejected", "scored": false, "durationMs": 50.642, "rawRequest": "TRACE / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:36 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n2\r\nOK\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-TRAILER-VALID", "description": "Valid chunked body with trailer field should be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Valid chunked body with trailer field should be accepted", "scored": true, "durationMs": 50.6925, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nX-Checksum: abc\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:36 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-HEX-UPPERCASE", "description": "Chunk size with uppercase hex (A = 10) should be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Chunk size with uppercase hex (A = 10) should be accepted", "scored": true, "durationMs": 50.5888, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\nA\r\nhelloworld\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:36 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-TE-BOTH", "description": "Both Content-Length and Transfer-Encoding present \u2014 server MAY reject or process with TE alone", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Both Content-Length and Transfer-Encoding present \u2014 server MAY reject or process with TE alone", "scored": true, "durationMs": 50.9641, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 6\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 168\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27;CONTENT-LENGTH&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "SMUG-DUPLICATE-CL", "description": "Duplicate Content-Length with different values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Duplicate Content-Length with different values must be rejected", "scored": true, "durationMs": 50.6354, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nContent-Length: 10\r\n\r\nhelloworld", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 168\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27;CONTENT-LENGTH&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "SMUG-CL-LEADING-ZEROS", "description": "Content-Length with leading zeros \u2014 valid per 1*DIGIT grammar but may cause parser disagreement", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with leading zeros \u2014 valid per 1*DIGIT grammar but may cause parser disagreement", "scored": true, "durationMs": 50.5931, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 005\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:36 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n5\r\nhello\r\n", "behavioralNote": null}, {"id": "SMUG-TE-XCHUNKED", "description": "Transfer-Encoding: xchunked must not be treated as chunked", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 501, "expected": "400 or close", "got": "501", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 501 \u2014 Transfer-Encoding: xchunked must not be treated as chunked", "scored": true, "durationMs": 50.7664, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: xchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 501 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 170\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Unsupported transfer coding: &#x27;xchunked&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "SMUG-TE-TRAILING-SPACE", "description": "Transfer-Encoding: 'chunked ' (trailing space) must not be treated as chunked", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: 'chunked ' (trailing space) must not be treated as chunked", "scored": true, "durationMs": 50.9132, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked \r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 168\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27;CONTENT-LENGTH&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "SMUG-TE-SP-BEFORE-COLON", "description": "Transfer-Encoding with space before colon must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with space before colon must be rejected", "scored": true, "durationMs": 50.6107, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding : chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 177\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP header name: &#x27;Transfer-Encoding &#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "SMUG-CL-NEGATIVE", "description": "Negative Content-Length must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Negative Content-Length must be rejected", "scored": true, "durationMs": 50.7714, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: -1\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 168\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27;CONTENT-LENGTH&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "SMUG-CLTE-PIPELINE", "description": "CL.TE smuggling probe \u2014 follow-up should not receive smuggled response", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "CL.TE smuggling probe \u2014 follow-up should not receive smuggled response", "scored": true, "durationMs": 0.5704, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 4\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 168\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27;CONTENT-LENGTH&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "SMUG-TECL-PIPELINE", "description": "TE.CL smuggling probe \u2014 TE: chunked + CL: 30 with pipelined GET", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "TE.CL smuggling probe \u2014 TE: chunked + CL: 30 with pipelined GET", "scored": true, "durationMs": 0.3664, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nContent-Length: 30\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 168\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27;CONTENT-LENGTH&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "SMUG-CL-TRAILING-SPACE", "description": "Content-Length with trailing space \u2014 OWS trimming is valid per RFC 9110 \u00a75.5", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Content-Length with trailing space \u2014 OWS trimming is valid per RFC 9110 \u00a75.5", "scored": true, "durationMs": 50.7751, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5 \r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:37 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-DOUBLE-CHUNKED", "description": "Transfer-Encoding: chunked, chunked with CL is ambiguous", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: chunked, chunked with CL is ambiguous", "scored": true, "durationMs": 50.8504, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked, chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 171\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27;TRANSFER-ENCODING&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "SMUG-CL-EXTRA-LEADING-SP", "description": "Content-Length with extra leading whitespace (double space OWS)", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with extra leading whitespace (double space OWS)", "scored": true, "durationMs": 50.7259, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length:  5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:37 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n5\r\nhello\r\n", "behavioralNote": null}, {"id": "SMUG-TE-CASE-MISMATCH", "description": "Transfer-Encoding: Chunked (capital C) with CL \u2014 case-insensitive is valid", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: Chunked (capital C) with CL \u2014 case-insensitive is valid", "scored": true, "durationMs": 50.8226, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: Chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 168\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27;CONTENT-LENGTH&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "SMUG-CL-COMMA-DIFFERENT", "description": "Content-Length with comma-separated different values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with comma-separated different values must be rejected", "scored": true, "durationMs": 50.5625, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5, 10\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 168\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27;CONTENT-LENGTH&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "SMUG-TE-NOT-FINAL-CHUNKED", "description": "Transfer-Encoding where chunked is not final \u2014 server MUST respond with 400 (RFC 9112 \u00a76.3)", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding where chunked is not final \u2014 server MUST respond with 400 (RFC 9112 \u00a76.3)", "scored": true, "durationMs": 50.5705, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked, gzip\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 171\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27;TRANSFER-ENCODING&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "SMUG-TE-HTTP10", "description": "Transfer-Encoding in HTTP/1.0 request must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding in HTTP/1.0 request must be rejected", "scored": true, "durationMs": 50.4617, "rawRequest": "POST / HTTP/1.0\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 171\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27;TRANSFER-ENCODING&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-BARE-SEMICOLON", "description": "Chunk size with bare semicolon and no extension name must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Chunk size with bare semicolon and no extension name must be rejected", "scored": true, "durationMs": 50.5737, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:37 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-BARE-CR-HEADER-VALUE", "description": "Bare CR in header value must be rejected or replaced with SP", "category": "Smuggling", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare CR in header value must be rejected or replaced with SP", "scored": true, "durationMs": 50.5369, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nX-Test: val\rue\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 160\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27;X-TEST&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "SMUG-CL-OCTAL", "description": "Content-Length with octal prefix (0o5) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with octal prefix (0o5) must be rejected", "scored": true, "durationMs": 50.566, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0o5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 168\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27;CONTENT-LENGTH&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-UNDERSCORE", "description": "Chunk size with underscores (1_0) must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Chunk size with underscores (1_0) must be rejected", "scored": true, "durationMs": 50.538, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n1_0\r\nhello world!!!!!\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:37 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-EMPTY-VALUE", "description": "Transfer-Encoding with empty value must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 501, "expected": "400 or close", "got": "501", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 501 \u2014 Transfer-Encoding with empty value must be rejected", "scored": true, "durationMs": 50.5948, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 501 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 162\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Unsupported transfer coding: &#x27;&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "SMUG-TE-LEADING-COMMA", "description": "Transfer-Encoding with leading comma (, chunked) \u2014 RFC says empty list elements MUST be ignored", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.6.1", "verdict": "Fail", "statusCode": 501, "expected": "400 or 2xx", "got": "501", "connectionState": "ClosedByServer", "reason": "Expected 400 or 2xx, got 501 \u2014 Transfer-Encoding with leading comma (, chunked) \u2014 RFC says empty list elements MUST be ignored", "scored": true, "durationMs": 50.6851, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: , chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 501 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 171\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Unsupported transfer coding: &#x27;, chunked&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "SMUG-TE-DUPLICATE-HEADERS", "description": "Two Transfer-Encoding headers with CL present \u2014 ambiguous framing", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Two Transfer-Encoding headers with CL present \u2014 ambiguous framing", "scored": true, "durationMs": 50.6045, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nTransfer-Encoding: identity\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 171\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27;TRANSFER-ENCODING&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-HEX-PREFIX", "description": "Chunk size with 0x prefix must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Chunk size with 0x prefix must be rejected", "scored": true, "durationMs": 50.6085, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n0x5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:37 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-HEX-PREFIX", "description": "Content-Length with hex prefix (0x5) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with hex prefix (0x5) must be rejected", "scored": true, "durationMs": 50.7532, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0x5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 168\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27;CONTENT-LENGTH&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "SMUG-CL-INTERNAL-SPACE", "description": "Content-Length with internal space (1 0) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with internal space (1 0) must be rejected", "scored": true, "durationMs": 50.5955, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 1 0\r\n\r\nhello12345", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 168\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27;CONTENT-LENGTH&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-LEADING-SP", "description": "Chunk size with leading space must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Chunk size with leading space must be rejected", "scored": true, "durationMs": 50.6996, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n 5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:38 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-MISSING-TRAILING-CRLF", "description": "Chunk data without trailing CRLF must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Chunk data without trailing CRLF must be rejected", "scored": true, "durationMs": 50.4792, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:38 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-LF", "description": "Bare LF in chunk extension \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Bare LF in chunk extension \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 50.5769, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:38 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-SPILL", "description": "Chunk declares size 5 but sends 7 bytes \u2014 oversized chunk data must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Chunk declares size 5 but sends 7 bytes \u2014 oversized chunk data must be rejected", "scored": true, "durationMs": 50.4709, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello!!\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:38 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-LF-TERM", "description": "Bare LF as chunk data terminator \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Bare LF as chunk data terminator \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 50.7422, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:38 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-CTRL", "description": "NUL byte in chunk extension must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 NUL byte in chunk extension must be rejected", "scored": true, "durationMs": 50.6551, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\u0000ext\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:38 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-CR", "description": "Bare CR (not CRLF) in chunk extension \u2014 some parsers treat CR alone as line ending", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Bare CR (not CRLF) in chunk extension \u2014 some parsers treat CR alone as line ending", "scored": true, "durationMs": 50.6842, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;a\rX\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:38 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-VTAB", "description": "Vertical tab before 'chunked' in TE value \u2014 control char obfuscation vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Vertical tab before 'chunked' in TE value \u2014 control char obfuscation vector", "scored": true, "durationMs": 50.7172, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \u000bchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 168\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27;CONTENT-LENGTH&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "SMUG-TE-FORMFEED", "description": "Form feed before 'chunked' in TE value \u2014 control char obfuscation vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Form feed before 'chunked' in TE value \u2014 control char obfuscation vector", "scored": true, "durationMs": 50.5901, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \fchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 168\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27;CONTENT-LENGTH&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "SMUG-TE-NULL", "description": "NUL byte appended to 'chunked' in TE value \u2014 C-string truncation attack", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "NUL byte appended to 'chunked' in TE value \u2014 C-string truncation attack", "scored": true, "durationMs": 49.7134, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\u0000\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 171\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27;TRANSFER-ENCODING&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-LF-TRAILER", "description": "Bare LF in chunked trailer termination \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Bare LF in chunked trailer termination \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 50.729, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:38 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-IDENTITY", "description": "Transfer-Encoding: identity (deprecated) with CL must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Transfer-Encoding: identity (deprecated) with CL must be rejected", "scored": true, "durationMs": 50.9367, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: identity\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:38 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": "Body: 5\r\nhello\r\n0"}, {"id": "SMUG-CHUNK-NEGATIVE", "description": "Negative chunk size must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Negative chunk size must be rejected", "scored": true, "durationMs": 50.4684, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n-1\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:38 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRANSFER_ENCODING", "description": "Transfer_Encoding (underscore) header with CL \u2014 not a valid header but some parsers accept", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Transfer_Encoding (underscore) header with CL \u2014 not a valid header but some parsers accept", "scored": false, "durationMs": 50.7366, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer_Encoding: chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:38 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": "Body: 5\r\nhello\r\n0"}, {"id": "SMUG-CL-COMMA-SAME", "description": "Content-Length with comma-separated identical values \u2014 some servers merge", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with comma-separated identical values \u2014 some servers merge", "scored": false, "durationMs": 50.8333, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5, 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 168\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27;CONTENT-LENGTH&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "SMUG-CHUNKED-WITH-PARAMS", "description": "Transfer-Encoding: chunked;ext=val \u2014 parameters on chunked encoding", "category": "Smuggling", "rfc": "RFC 9112 \u00a77", "verdict": "Fail", "statusCode": 501, "expected": "400 or 2xx", "got": "501", "connectionState": "ClosedByServer", "reason": "Expected 400 or 2xx, got 501 \u2014 Transfer-Encoding: chunked;ext=val \u2014 parameters on chunked encoding", "scored": true, "durationMs": 50.5365, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked;ext=val\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 501 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 177\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Unsupported transfer coding: &#x27;chunked;ext=val&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "SMUG-EXPECT-100-CL", "description": "Expect: 100-continue with Content-Length \u2014 server should send 100 then read body", "category": "Smuggling", "rfc": "RFC 9110 \u00a710.1.1", "verdict": "Fail", "statusCode": 100, "expected": "400 or 2xx", "got": "100", "connectionState": "Open", "reason": "Expected 400 or 2xx, got 100 \u2014 Expect: 100-continue with Content-Length \u2014 server should send 100 then read body", "scored": false, "durationMs": 50.5493, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nExpect: 100-continue\r\n\r\nhello", "rawResponse": "HTTP/1.1 100 Continue\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-CL", "description": "Content-Length in chunked trailers must be ignored \u2014 prohibited trailer field", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Content-Length in chunked trailers must be ignored \u2014 prohibited trailer field", "scored": false, "durationMs": 50.5505, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nContent-Length: 50\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:38 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-TE", "description": "Transfer-Encoding in chunked trailers must be ignored \u2014 prohibited trailer field", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding in chunked trailers must be ignored \u2014 prohibited trailer field", "scored": false, "durationMs": 50.6186, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nTransfer-Encoding: chunked\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:38 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-HOST", "description": "Host header in chunked trailers must not be used for routing", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Host header in chunked trailers must not be used for routing", "scored": false, "durationMs": 50.5122, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nHost: evil.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:39 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-AUTH", "description": "Authorization header in chunked trailers \u2014 prohibited per RFC 9110 \u00a76.5.1", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Authorization header in chunked trailers \u2014 prohibited per RFC 9110 \u00a76.5.1", "scored": false, "durationMs": 50.5891, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nAuthorization: Bearer evil\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:39 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-HEAD-CL-BODY", "description": "HEAD request with Content-Length and body \u2014 server must not leave body on connection", "category": "Smuggling", "rfc": "RFC 9110 \u00a79.3.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "HEAD request with Content-Length and body \u2014 server must not leave body on connection", "scored": false, "durationMs": 50.826, "rawRequest": "HEAD / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:39 GMT\r\nConnection: close\r\nContent-Type: text/plain\r\n\r\nOK", "behavioralNote": null}, {"id": "SMUG-OPTIONS-CL-BODY", "description": "OPTIONS with Content-Length and body \u2014 server should consume or reject body", "category": "Smuggling", "rfc": "RFC 9110 \u00a79.3.7", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "OPTIONS with Content-Length and body \u2014 server should consume or reject body", "scored": false, "durationMs": 50.6553, "rawRequest": "OPTIONS / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:39 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-UNDERSCORE", "description": "Content-Length with underscore digit separator (1_0) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with underscore digit separator (1_0) must be rejected", "scored": true, "durationMs": 50.4851, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 1_0\r\n\r\nhelloworld", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 168\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27;CONTENT-LENGTH&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "SMUG-CL-NEGATIVE-ZERO", "description": "Content-Length: -0 must be rejected \u2014 not valid 1*DIGIT", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length: -0 must be rejected \u2014 not valid 1*DIGIT", "scored": true, "durationMs": 50.6086, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: -0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 168\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27;CONTENT-LENGTH&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "SMUG-CL-DOUBLE-ZERO", "description": "Content-Length: 00 \u2014 matches 1*DIGIT but leading zero ambiguity", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length: 00 \u2014 matches 1*DIGIT but leading zero ambiguity", "scored": true, "durationMs": 50.6501, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 00\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:39 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-LEADING-ZEROS-OCTAL", "description": "Content-Length: 0200 \u2014 octal 128 vs decimal 200, parser disagreement vector", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length: 0200 \u2014 octal 128 vs decimal 200, parser disagreement vector", "scored": true, "durationMs": 50.7093, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0200\r\n\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:39 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-OBS-FOLD", "description": "Transfer-Encoding with obs-fold line wrapping must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a75.1", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with obs-fold line wrapping must be rejected", "scored": true, "durationMs": 50.5078, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding:\r\n chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 189\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Obsolete line folding is unacceptable: &#x27;TRANSFER-ENCODING&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "SMUG-TE-TRAILING-COMMA", "description": "Transfer-Encoding: chunked, \u2014 trailing comma produces empty list element", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.6.1", "verdict": "Fail", "statusCode": 501, "expected": "400 or 2xx", "got": "501", "connectionState": "ClosedByServer", "reason": "Expected 400 or 2xx, got 501 \u2014 Transfer-Encoding: chunked, \u2014 trailing comma produces empty list element", "scored": true, "durationMs": 51.0751, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked,\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 501 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 170\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Unsupported transfer coding: &#x27;chunked,&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "SMUG-TE-TAB-BEFORE-VALUE", "description": "Transfer-Encoding with tab as OWS before value", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding with tab as OWS before value", "scored": false, "durationMs": 51.1137, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding:\tchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 168\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27;CONTENT-LENGTH&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "SMUG-ABSOLUTE-URI-HOST-MISMATCH", "description": "Absolute-form URI with different Host header \u2014 routing confusion vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a73.2.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "Absolute-form URI with different Host header \u2014 routing confusion vector", "scored": false, "durationMs": 51.0542, "rawRequest": "GET http://other.example.com/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:39 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-MULTIPLE-HOST-COMMA", "description": "Host header with comma-separated values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a77.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Host header with comma-separated values must be rejected", "scored": true, "durationMs": 50.8514, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080, other.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:39 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-BARE-CR-TERM", "description": "Chunk size line terminated by bare CR \u2014 not a valid line terminator", "category": "Smuggling", "rfc": "RFC 9112 \u00a72.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Chunk size line terminated by bare CR \u2014 not a valid line terminator", "scored": true, "durationMs": 50.6342, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\rhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:39 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-CONTENT-TYPE", "description": "Content-Type in chunked trailer \u2014 prohibited per RFC 9110 \u00a76.5.1", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Type in chunked trailer \u2014 prohibited per RFC 9110 \u00a76.5.1", "scored": false, "durationMs": 50.681, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nContent-Type: text/evil\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:39 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n", "behavioralNote": null}, {"id": "MAL-BINARY-GARBAGE", "description": "Random binary garbage should be rejected or connection closed", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Random binary garbage should be rejected or connection closed", "scored": true, "durationMs": 5000.5685, "rawRequest": ">\u0017???\u0004?;???V???:o?M%U\u0017]?n?\t\u0014W??6??(\u000b??\u0007???p??\u0005\tngk??\rF?'??'\"?????g?\u001a?????rvc??7i??????)??\u0000Q?????\u000eq\u0005-~????>B??u?8???`\u000b?J\u0017>?\u001d?b?\t???T5{\n????\u0006t|????\u0018\u0010?D??\u0015'????dQ%5w\tN K???\r?\u0011????D?\u0003I?(?\u0011??\r?\u001bi?L???\u0005?kg4Ze\f6??\"QT><<`\u0007u\f????=1?jMah\u0012??+?-??J\u001cP??\u001d?7?,???j2\u0014????(", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-LONG-URL", "description": "100KB URL should be rejected with 414 URI Too Long", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/414/431 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "100KB URL should be rejected with 414 URI Too Long", "scored": true, "durationMs": 51.4053, "rawRequest": "GET /AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 163\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Request Line is too large (8192 &gt; 4094)\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "MAL-LONG-HEADER-VALUE", "description": "100KB header value should be rejected with 431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 431, "expected": "400/431 or close", "got": "431", "connectionState": "ClosedByServer", "reason": "100KB header value should be rejected with 431", "scored": true, "durationMs": 51.9932, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Big: BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB", "rawResponse": "HTTP/1.1 431 Request Header Fields Too Large\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 229\r\n\r\n<html>\n  <head>\n    <title>Request Header Fields Too Large</title>\n  </head>\n  <body>\n    <h1><p>Request Header Fields Too Large</p></h1>\n    Error parsing headers: &#x27;limit request headers fields size&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "MAL-MANY-HEADERS", "description": "10,000 headers should be rejected with 431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 431, "expected": "400/431 or close", "got": "431", "connectionState": "ClosedByServer", "reason": "10,000 headers should be rejected with 431", "scored": true, "durationMs": 52.9644, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-H-0: value\r\nX-H-1: value\r\nX-H-2: value\r\nX-H-3: value\r\nX-H-4: value\r\nX-H-5: value\r\nX-H-6: value\r\nX-H-7: value\r\nX-H-8: value\r\nX-H-9: value\r\nX-H-10: value\r\nX-H-11: value\r\nX-H-12: value\r\nX-H-13: value\r\nX-H-14: value\r\nX-H-15: value\r\nX-H-16: value\r\nX-H-17: value\r\nX-H-18: value\r\nX-H-19: value\r\nX-H-20: value\r\nX-H-21: value\r\nX-H-22: value\r\nX-H-23: value\r\nX-H-24: value\r\nX-H-25: value\r\nX-H-26: value\r\nX-H-27: value\r\nX-H-28: value\r\nX-H-29: value\r\nX-H-30: value\r\nX-H-31: value\r\nX-H-32: value\r\nX-H-33: value\r\nX-H-34: value\r\nX-H-35: value\r\nX-H-36: value\r\nX-H-37: value\r\nX-H-38: value\r\nX-H-39: value\r\nX-H-40: value\r\nX-H-41: value\r\nX-H-42: value\r\nX-H-43: value\r\nX-H-44: value\r\nX-H-45: value\r\nX-H-46: value\r\nX-H-47: value\r\nX-H-48: value\r\nX-H-49: value\r\nX-H-50: value\r\nX-H-51: value\r\nX-H-52: value\r\nX-H-53: value\r\nX-H-54: value\r\nX-H-55: value\r\nX-H-56: value\r\nX-H-57: value\r\nX-H-58: value\r\nX-H-59: value\r\nX-H-60: value\r\nX-H-61: value\r\nX-H-62: value\r\nX-H-63: value\r\nX-H-64: value\r\nX-H-65: value\r\nX-H-66: value\r\nX-H-67: value\r\nX-H-68: value\r\nX-H-69: value\r\nX-H-70: value\r\nX-H-71: value\r\nX-H-72: value\r\nX-H-73: value\r\nX-H-74: value\r\nX-H-75: value\r\nX-H-76: value\r\nX-H-77: value\r\nX-H-78: value\r\nX-H-79: value\r\nX-H-80: value\r\nX-H-81: value\r\nX-H-82: value\r\nX-H-83: value\r\nX-H-84: value\r\nX-H-85: value\r\nX-H-86: value\r\nX-H-87: value\r\nX-H-88: value\r\nX-H-89: value\r\nX-H-90: value\r\nX-H-91: value\r\nX-H-92: value\r\nX-H-93: value\r\nX-H-94: value\r\nX-H-95: value\r\nX-H-96: value\r\nX-H-97: value\r\nX-H-98: value\r\nX-H-99: value\r\nX-H-100: value\r\nX-H-101: value\r\nX-H-102: value\r\nX-H-103: value\r\nX-H-104: value\r\nX-H-105: value\r\nX-H-106: value\r\nX-H-107: value\r\nX-H-108: value\r\nX-H-109: value\r\nX-H-110: value\r\nX-H-111: value\r\nX-H-112: value\r\nX-H-113: value\r\nX-H-114: value\r\nX-H-115: value\r\nX-H-116: value\r\nX-H-117: value\r\nX-H-118: value\r\nX-H-119: value\r\nX-H-120: value\r\nX-H-121: value\r\nX-H-122: value\r\nX-H-123: value\r\nX-H-124: value\r\nX-H-125: value\r\nX-H-126: value\r\nX-H-127: value\r\nX-H-128: value\r\nX-H-129: value\r\nX-H-130: value\r\nX-H-131: value\r\nX-H-132: value\r\nX-H-133: value\r\nX-H-134: value\r\nX-H-135: value\r\nX-H-136: value\r\nX-H-137: value\r\nX-H-138: value\r\nX-H-139: value\r\nX-H-140: value\r\nX-H-141: value\r\nX-H-142: value\r\nX-H-143: value\r\nX-H-144: value\r\nX-H-145: value\r\nX-H-146: value\r\nX-H-147: value\r\nX-H-148: value\r\nX-H-149: value\r\nX-H-150: value\r\nX-H-151: value\r\nX-H-152: value\r\nX-H-153: value\r\nX-H-154: value\r\nX-H-155: value\r\nX-H-156: value\r\nX-H-157: value\r\nX-H-158: value\r\nX-H-159: value\r\nX-H-160: value\r\nX-H-161: value\r\nX-H-162: value\r\nX-H-163: value\r\nX-H-164: value\r\nX-H-165: value\r\nX-H-166: value\r\nX-H-167: value\r\nX-H-168: value\r\nX-H-169: value\r\nX-H-170: value\r\nX-H-171: value\r\nX-H-172: value\r\nX-H-173: value\r\nX-H-174: value\r\nX-H-175: value\r\nX-H-176: value\r\nX-H-177: value\r\nX-H-178: value\r\nX-H-179: value\r\nX-H-180: value\r\nX-H-181: value\r\nX-H-182: value\r\nX-H-183: value\r\nX-H-184: value\r\nX-H-185: value\r\nX-H-186: value\r\nX-H-187: value\r\nX-H-188: value\r\nX-H-189: value\r\nX-H-190: value\r\nX-H-191: value\r\nX-H-192: value\r\nX-H-193: value\r\nX-H-194: value\r\nX-H-195: value\r\nX-H-196: value\r\nX-H-197: value\r\nX-H-198: value\r\nX-H-199: value\r\nX-H-200: value\r\nX-H-201: value\r\nX-H-202: value\r\nX-H-203: value\r\nX-H-204: value\r\nX-H-205: value\r\nX-H-206: value\r\nX-H-207: value\r\nX-H-208: value\r\nX-H-209: value\r\nX-H-210: value\r\nX-H-211: value\r\nX-H-212: value\r\nX-H-213: value\r\nX-H-214: value\r\nX-H-215: value\r\nX-H-216: value\r\nX-H-217: value\r\nX-H-218: value\r\nX-H-219: value\r\nX-H-220: value\r\nX-H-221: value\r\nX-H-222: value\r\nX-H-223: value\r\nX-H-224: value\r\nX-H-225: value\r\nX-H-226: value\r\nX-H-227: value\r\nX-H-228: value\r\nX-H-229: value\r\nX-H-230: value\r\nX-H-231: value\r\nX-H-232: value\r\nX-H-233: value\r\nX-H-234: value\r\nX-H-235: value\r\nX-H-236: value\r\nX-H-237: value\r\nX-H-238: value\r\nX-H-239: value\r\nX-H-240: value\r\nX-H-241: value\r\nX-H-242: value\r\nX-H-243: value\r\nX-H-244: value\r\nX-H-245: value\r\nX-H-246: value\r\nX-H-247: value\r\nX-H-248: value\r\nX-H-249: value\r\nX-H-250: value\r\nX-H-251: value\r\nX-H-252: value\r\nX-H-253: value\r\nX-H-254: value\r\nX-H-255: value\r\nX-H-256: value\r\nX-H-257: value\r\nX-H-258: value\r\nX-H-259: value\r\nX-H-260: value\r\nX-H-261: value\r\nX-H-262: value\r\nX-H-263: value\r\nX-H-264: value\r\nX-H-265: value\r\nX-H-266: value\r\nX-H-267: value\r\nX-H-268: value\r\nX-H-269: value\r\nX-H-270: value\r\nX-H-271: value\r\nX-H-272: value\r\nX-H-273: value\r\nX-H-274: value\r\nX-H-275: value\r\nX-H-276: value\r\nX-H-277: value\r\nX-H-278: value\r\nX-H-279: value\r\nX-H-280: value\r\nX-H-281: value\r\nX-H-282: value\r\nX-H-283: value\r\nX-H-284: value\r\nX-H-285: value\r\nX-H-286: value\r\nX-H-287: value\r\nX-H-288: value\r\nX-H-289: value\r\nX-H-290: value\r\nX-H-291: value\r\nX-H-292: value\r\nX-H-293: value\r\nX-H-294: value\r\nX-H-295: value\r\nX-H-296: value\r\nX-H-297: value\r\nX-H-298: value\r\nX-H-299: value\r\nX-H-300: value\r\nX-H-301: value\r\nX-H-302: value\r\nX-H-303: value\r\nX-H-304: value\r\nX-H-305: value\r\nX-H-306: value\r\nX-H-307: value\r\nX-H-308: value\r\nX-H-309: value\r\nX-H-310: value\r\nX-H-311: value\r\nX-H-312: value\r\nX-H-313: value\r\nX-H-314: value\r\nX-H-315: value\r\nX-H-316: value\r\nX-H-317: value\r\nX-H-318: value\r\nX-H-319: value\r\nX-H-320: value\r\nX-H-321: value\r\nX-H-322: value\r\nX-H-323: value\r\nX-H-324: value\r\nX-H-325: value\r\nX-H-326: value\r\nX-H-327: value\r\nX-H-328: value\r\nX-H-329: value\r\nX-H-330: value\r\nX-H-331: value\r\nX-H-332: value\r\nX-H-333: value\r\nX-H-334: value\r\nX-H-335: value\r\nX-H-336: value\r\nX-H-337: value\r\nX-H-338: value\r\nX-H-339: value\r\nX-H-340: value\r\nX-H-341: value\r\nX-H-342: value\r\nX-H-343: value\r\nX-H-344: value\r\nX-H-345: value\r\nX-H-346: value\r\nX-H-347: value\r\nX-H-348: value\r\nX-H-349: value\r\nX-H-350: value\r\nX-H-351: value\r\nX-H-352: value\r\nX-H-353: value\r\nX-H-354: value\r\nX-H-355: value\r\nX-H-356: value\r\nX-H-357: value\r\nX-H-358: value\r\nX-H-359: value\r\nX-H-360: value\r\nX-H-361: value\r\nX-H-362: value\r\nX-H-363: value\r\nX-H-364: value\r\nX-H-365: value\r\nX-H-366: value\r\nX-H-367: value\r\nX-H-368: value\r\nX-H-369: value\r\nX-H-370: value\r\nX-H-371: value\r\nX-H-372: value\r\nX-H-373: value\r\nX-H-374: value\r\nX-H-375: value\r\nX-H-376: value\r\nX-H-377: value\r\nX-H-378: value\r\nX-H-379: value\r\nX-H-380: value\r\nX-H-381: value\r\nX-H-382: value\r\nX-H-383: value\r\nX-H-384: value\r\nX-H-385: value\r\nX-H-386: value\r\nX-H-387: value\r\nX-H-388: value\r\nX-H-389: value\r\nX-H-390: value\r\nX-H-391: value\r\nX-H-392: value\r\nX-H-393: value\r\nX-H-394: value\r\nX-H-395: value\r\nX-H-396: value\r\nX-H-397: value\r\nX-H-398: value\r\nX-H-399: value\r\nX-H-400: value\r\nX-H-401: value\r\nX-H-402: value\r\nX-H-403: value\r\nX-H-404: value\r\nX-H-405: value\r\nX-H-406: value\r\nX-H-407: value\r\nX-H-408: value\r\nX-H-409: value\r\nX-H-410: value\r\nX-H-411: value\r\nX-H-412: value\r\nX-H-413: value\r\nX-H-414: value\r\nX-H-415: value\r\nX-H-416: value\r\nX-H-417: value\r\nX-H-418: value\r\nX-H-419: value\r\nX-H-420: value\r\nX-H-421: value\r\nX-H-422: value\r\nX-H-423: value\r\nX-H-424: value\r\nX-H-425: value\r\nX-H-426: value\r\nX-H-427: value\r\nX-H-428: value\r\nX-H-429: value\r\nX-H-430: value\r\nX-H-431: value\r\nX-H-432: value\r\nX-H-433: value\r\nX-H-434: value\r\nX-H-435: value\r\nX-H-436: value\r\nX-H-437: value\r\nX-H-438: value\r\nX-H-439: value\r\nX-H-440: value\r\nX-H-441: value\r\nX-H-442: value\r\nX-H-443: value\r\nX-H-444: value\r\nX-H-445: value\r\nX-H-446: value\r\nX-H-447: value\r\nX-H-448: value\r\nX-H-449: value\r\nX-H-450: value\r\nX-H-451: value\r\nX-H-452: value\r\nX-H-453: value\r\nX-H-454: value\r\nX-H-455: value\r\nX-H-456: value\r\nX-H-457: value\r\nX-H-458: value\r\nX-H-459: value\r\nX-H-460: value\r\nX-H-461: value\r\nX-H-462: value\r\nX-H-463: value\r\nX-H-464: value\r\nX-H-465: value\r\nX-H-466: value\r\nX-H-467: value\r\nX-H-468: value\r\nX-H-469: value\r\nX-H-470: value\r\nX-H-471: value\r\nX-H-472: value\r\nX-H-473: value\r\nX-H-474: value\r\nX-H-475: value\r\nX-H-476: value\r\nX-H-477: value\r\nX-H-478: value\r\nX-H-479: value\r\nX-H-480: value\r\nX-H-481: value\r\nX-H-482: value\r\nX-H-483: value\r\nX-H-484: value\r\nX-H-485: value\r\nX-H-486: value\r\nX-H-487: value\r\nX-H-488: value\r\nX-H-489: value\r\nX-H-490: value\r\nX-H-491: value\r\nX-H-492: value\r\nX-H-493: value\r\nX-H-494: value\r\nX-H-495: value\r\nX-H-496: value\r\nX-H-497: value\r\nX-H-498: value\r\nX-H-499: value\r\nX-H-500: value\r\nX-H-501: value\r\nX-H-502: value\r\nX-H-503: value\r\nX-H-504: value\r\nX-H-505: value\r\nX-H-506: value\r\nX-H-507: value\r\nX-H-508: value\r\nX-H-509: value\r\nX-H-510: value\r\nX-H-511: value\r\nX-H-512: value\r\nX-H-513: value\r\nX-H-514: value\r\nX-H-515: value\r\nX-H-516:", "rawResponse": "HTTP/1.1 431 Request Header Fields Too Large\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 224\r\n\r\n<html>\n  <head>\n    <title>Request Header Fields Too Large</title>\n  </head>\n  <body>\n    <h1><p>Request Header Fields Too Large</p></h1>\n    Error parsing headers: &#x27;limit request headers fields&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "MAL-NUL-IN-URL", "description": "NUL byte in URL should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 NUL byte in URL should be rejected", "scored": true, "durationMs": 50.5559, "rawRequest": "GET /\u0000test HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:44 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n2\r\nOK\r\n", "behavioralNote": null}, {"id": "MAL-CONTROL-CHARS-HEADER", "description": "Control characters in header value should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Control characters in header value should be rejected", "scored": true, "durationMs": 50.4982, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: abc\u0007\b?f\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:44 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-INCOMPLETE-REQUEST", "description": "Partial HTTP request \u2014 request-line and headers but no final CRLF", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Partial HTTP request \u2014 request-line and headers but no final CRLF", "scored": true, "durationMs": 4999.6057, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: value", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-EMPTY-REQUEST", "description": "Zero bytes \u2014 TCP connection established without sending any data", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Zero bytes \u2014 TCP connection established without sending any data", "scored": true, "durationMs": 5000.9109, "rawRequest": "", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-LONG-HEADER-NAME", "description": "100KB header name should be rejected with 400/431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 431, "expected": "400/431 or close", "got": "431", "connectionState": "ClosedByServer", "reason": "100KB header name should be rejected with 400/431", "scored": true, "durationMs": 51.017, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 431 Request Header Fields Too Large\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 229\r\n\r\n<html>\n  <head>\n    <title>Request Header Fields Too Large</title>\n  </head>\n  <body>\n    <h1><p>Request Header Fields Too Large</p></h1>\n    Error parsing headers: &#x27;limit request headers fields size&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "MAL-LONG-METHOD", "description": "100KB method name should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "100KB method name should be rejected", "scored": true, "durationMs": 50.8706, "rawRequest": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 163\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Request Line is too large (8192 &gt; 4094)\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "MAL-NON-ASCII-HEADER-NAME", "description": "Non-ASCII bytes (UTF-8 \u00eb) in header name must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Non-ASCII bytes (UTF-8 \u00eb) in header name must be rejected", "scored": true, "durationMs": 50.527, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-T??st: value\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 166\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP header name: &#x27;X-T??st&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "MAL-NON-ASCII-URL", "description": "Non-ASCII bytes (UTF-8 \u00e9) in URL must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Non-ASCII bytes (UTF-8 \u00e9) in URL must be rejected", "scored": true, "durationMs": 50.6108, "rawRequest": "GET /caf?? HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:47:55 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-CL-OVERFLOW", "description": "Content-Length with integer overflow value must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Content-Length with integer overflow value must be rejected", "scored": true, "durationMs": 5000.3473, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 99999999999999999999\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-WHITESPACE-ONLY-LINE", "description": "Whitespace-only request line should be rejected or timeout", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "Whitespace-only request line should be rejected or timeout", "scored": true, "durationMs": 50.5651, "rawRequest": "   \r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 181\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid Method &#x27;Invalid HTTP method: &#x27;&#x27;&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "MAL-NUL-IN-HEADER-VALUE", "description": "NUL byte in header value should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "NUL byte in header value should be rejected", "scored": true, "durationMs": 50.381, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: val\u0000ue\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 160\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27;X-TEST&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "MAL-CHUNK-SIZE-OVERFLOW", "description": "Chunk size with integer overflow must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Chunk size with integer overflow must be rejected", "scored": true, "durationMs": 50.4732, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\nFFFFFFFFFFFFFFFF0\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:48:00 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-H2-PREFACE", "description": "HTTP/2 connection preface sent to HTTP/1.1 server must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/505/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/2 connection preface sent to HTTP/1.1 server must be rejected", "scored": true, "durationMs": 50.6012, "rawRequest": "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 182\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Version &#x27;Invalid HTTP Version: (2, 0)&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "MAL-CL-EMPTY", "description": "Empty Content-Length value must be rejected", "category": "MalformedInput", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Empty Content-Length value must be rejected", "scored": true, "durationMs": 50.3478, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: \r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 168\r\n\r\n<html>\n  <head>\n    <title>Bad Request</title>\n  </head>\n  <body>\n    <h1><p>Bad Request</p></h1>\n    Invalid HTTP Header: &#x27;CONTENT-LENGTH&#x27;\n  </body>\n</html>\n", "behavioralNote": null}, {"id": "MAL-CL-TAB-BEFORE-VALUE", "description": "Content-Length with tab as OWS \u2014 valid per RFC but unusual", "category": "MalformedInput", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with tab as OWS \u2014 valid per RFC but unusual", "scored": true, "durationMs": 50.479, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length:\t5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:48:00 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n5\r\nhello\r\n", "behavioralNote": null}, {"id": "MAL-URL-BACKSLASH", "description": "Backslash in URL path \u2014 not valid URI character, some servers normalize to /", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx/404", "got": "200", "connectionState": "ClosedByServer", "reason": "Backslash in URL path \u2014 not valid URI character, some servers normalize to /", "scored": true, "durationMs": 50.4149, "rawRequest": "GET /path\\file HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:48:00 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-URL-OVERLONG-UTF8", "description": "Overlong UTF-8 encoding of / (0xC0 0xAF) in URL must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400 or close, got 200 \u2014 Overlong UTF-8 encoding of / (0xC0 0xAF) in URL must be rejected", "scored": true, "durationMs": 50.5768, "rawRequest": "GET /?? HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:48:00 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-URL-PERCENT-NULL", "description": "Percent-encoded NUL byte (%00) in URL \u2014 security risk from null byte injection", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx/404", "got": "200", "connectionState": "ClosedByServer", "reason": "Percent-encoded NUL byte (%00) in URL \u2014 security risk from null byte injection", "scored": true, "durationMs": 50.7562, "rawRequest": "GET /path%00.html HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:48:00 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-URL-PERCENT-CRLF", "description": "Percent-encoded CRLF (%0d%0a) in URL \u2014 header injection if server decodes during parsing", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx/404", "got": "200", "connectionState": "Open", "reason": "Percent-encoded CRLF (%0d%0a) in URL \u2014 header injection if server decodes during parsing", "scored": true, "durationMs": 50.523, "rawRequest": "GET /path%0d%0aX-Injected:%20true HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:48:00 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n2\r\nOK\r\n", "behavioralNote": null}, {"id": "MAL-CHUNK-EXT-64K", "description": "64KB chunk extension \u2014 tests extension length limits (CVE-2023-39326 class)", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "ClosedByServer", "reason": "64KB chunk extension \u2014 tests extension length limits (CVE-2023-39326 class)", "scored": true, "durationMs": 51.5823, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;ext=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:48:00 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-RANGE-OVERLAPPING", "description": "1000 overlapping Range values \u2014 resource exhaustion vector (CVE-2011-3192 class)", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "200/206/400/416", "got": "200", "connectionState": "ClosedByServer", "reason": "1000 overlapping Range values \u2014 resource exhaustion vector (CVE-2011-3192 class)", "scored": false, "durationMs": 51.4276, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nRange: bytes=0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\nServer: gunicorn\r\nDate: Thu, 12 Feb 2026 21:48:00 GMT\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-POST-CL-HUGE-NO-BODY", "description": "POST with Content-Length: 999999999 but no body \u2014 tests timeout vs memory allocation", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "POST with Content-Length: 999999999 but no body \u2014 tests timeout vs memory allocation", "scored": true, "durationMs": 5000.599, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 999999999\r\n\r\n", "rawResponse": null, "behavioralNote": null}], "name": "Gunicorn", "language": "Python"}, {"summary": {"total": 143, "scored": 125, "passed": 85, "failed": 20, "warnings": 20, "unscored": 18}, "results": [{"id": "COMP-BASELINE", "description": "Valid GET request \u2014 confirms server is reachable", "category": "Compliance", "rfc": null, "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid GET request \u2014 confirms server is reachable", "scored": true, "durationMs": 62.3402, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:25 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-2.2-BARE-LF-REQUEST-LINE", "description": "Bare LF in request line should be rejected, but MAY be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or close (pass), 2xx (warn)", "got": "200", "connectionState": "Open", "reason": "Bare LF in request line should be rejected, but MAY be accepted", "scored": true, "durationMs": 51.7448, "rawRequest": "GET / HTTP/1.1\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:25 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n", "behavioralNote": null}, {"id": "RFC9112-2.2-BARE-LF-HEADER", "description": "Bare LF in header should be rejected, but MAY be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or close (pass), 2xx (warn)", "got": "200", "connectionState": "Open", "reason": "Bare LF in header should be rejected, but MAY be accepted", "scored": true, "durationMs": 50.9861, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\nX-Test: value\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:25 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-5.1-OBS-FOLD", "description": "Obs-fold (line folding) in headers should be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75.1", "verdict": "Fail", "statusCode": 200, "expected": "400", "got": "200", "connectionState": "Open", "reason": "Expected 400, got 200 \u2014 Obs-fold (line folding) in headers should be rejected", "scored": true, "durationMs": 50.9678, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: value\r\n continued\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:25 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "RFC9110-5.6.2-SP-BEFORE-COLON", "description": "Whitespace between header name and colon must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Whitespace between header name and colon must be rejected", "scored": true, "durationMs": 50.7578, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test : value\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInvalid HTTP request received.", "behavioralNote": null}, {"id": "RFC9112-3-MULTI-SP-REQUEST-LINE", "description": "Multiple spaces between request-line components \u2014 SHOULD reject but MAY parse leniently", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "ClosedByServer", "reason": "Multiple spaces between request-line components \u2014 SHOULD reject but MAY parse leniently", "scored": true, "durationMs": 50.9517, "rawRequest": "GET  / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInvalid HTTP request received.", "behavioralNote": null}, {"id": "RFC9112-7.1-MISSING-HOST", "description": "Request without Host header must be rejected with 400", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Request without Host header must be rejected with 400", "scored": true, "durationMs": 50.7915, "rawRequest": "GET / HTTP/1.1\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInvalid HTTP request received.", "behavioralNote": null}, {"id": "RFC9112-2.3-INVALID-VERSION", "description": "Invalid HTTP version must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Fail", "statusCode": 200, "expected": "400/505 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400/505 or close, got 200 \u2014 Invalid HTTP version must be rejected", "scored": true, "durationMs": 50.9502, "rawRequest": "GET / HTTP/9.9\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:25 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-5-EMPTY-HEADER-NAME", "description": "Empty header name (leading colon) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Empty header name (leading colon) must be rejected", "scored": true, "durationMs": 50.8482, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\n: empty-name\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInvalid HTTP request received.", "behavioralNote": null}, {"id": "RFC9112-3-CR-ONLY-LINE-ENDING", "description": "CR without LF as line ending must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "CR without LF as line ending must be rejected", "scored": true, "durationMs": 50.7359, "rawRequest": "GET / HTTP/1.1\rHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInvalid HTTP request received.", "behavioralNote": null}, {"id": "RFC9112-3-MISSING-TARGET", "description": "Request line with no target (space but no path) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Request line with no target (space but no path) must be rejected", "scored": true, "durationMs": 50.6041, "rawRequest": "GET HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInvalid HTTP request received.", "behavioralNote": null}, {"id": "RFC9112-3.2-FRAGMENT-IN-TARGET", "description": "Fragment (#) in request-target \u2014 not part of origin-form grammar", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Fragment (#) in request-target \u2014 not part of origin-form grammar", "scored": true, "durationMs": 49.9003, "rawRequest": "GET /path#frag HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:25 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-2.3-HTTP09-REQUEST", "description": "HTTP/0.9 request (no version) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "HTTP/0.9 request (no version) must be rejected", "scored": true, "durationMs": 5001.6638, "rawRequest": "GET /\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "RFC9112-5-INVALID-HEADER-NAME", "description": "Header name with invalid characters (brackets) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Header name with invalid characters (brackets) must be rejected", "scored": true, "durationMs": 50.6074, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nBad[Name: value\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInvalid HTTP request received.", "behavioralNote": null}, {"id": "RFC9112-5-HEADER-NO-COLON", "description": "Header line without colon must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "Open", "reason": "Header line without colon must be rejected", "scored": true, "durationMs": 50.9886, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nNoColonHere\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "RFC9110-5.4-DUPLICATE-HOST", "description": "Duplicate Host headers with different values must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "Open", "reason": "Duplicate Host headers with different values must be rejected", "scored": true, "durationMs": 50.9107, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nHost: other.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-6.1-CL-NON-NUMERIC", "description": "Non-numeric Content-Length must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "Open", "reason": "Non-numeric Content-Length must be rejected", "scored": true, "durationMs": 50.9071, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: abc\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "RFC9112-6.1-CL-PLUS-SIGN", "description": "Content-Length with plus sign must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with plus sign must be rejected", "scored": true, "durationMs": 51.3316, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: +5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInvalid HTTP request received.", "behavioralNote": null}, {"id": "COMP-WHITESPACE-BEFORE-HEADERS", "description": "Whitespace before first header line must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Whitespace before first header line must be rejected", "scored": true, "durationMs": 50.9102, "rawRequest": "GET / HTTP/1.1\r\n \r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInvalid HTTP request received.", "behavioralNote": null}, {"id": "COMP-DUPLICATE-HOST-SAME", "description": "Duplicate Host headers with identical values must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Pass", "statusCode": 400, "expected": "400", "got": "400", "connectionState": "ClosedByServer", "reason": "Duplicate Host headers with identical values must be rejected", "scored": true, "durationMs": 50.7826, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInvalid HTTP request received.", "behavioralNote": null}, {"id": "COMP-HOST-WITH-USERINFO", "description": "Host header with userinfo (user@host) must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Host header with userinfo (user@host) must be rejected", "scored": true, "durationMs": 50.8792, "rawRequest": "GET / HTTP/1.1\r\nHost: user@localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:31 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-HOST-WITH-PATH", "description": "Host header with path component must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Host header with path component must be rejected", "scored": true, "durationMs": 50.8227, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080/path\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:31 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n", "behavioralNote": null}, {"id": "COMP-ASTERISK-WITH-GET", "description": "Asterisk-form (*) request-target with GET must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.4", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Asterisk-form (*) request-target with GET must be rejected", "scored": true, "durationMs": 50.74, "rawRequest": "GET * HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:31 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "COMP-OPTIONS-STAR", "description": "OPTIONS * is the only valid asterisk-form request", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.4", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "OPTIONS * is the only valid asterisk-form request", "scored": true, "durationMs": 50.6152, "rawRequest": "OPTIONS * HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:31 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "COMP-UNKNOWN-TE-501", "description": "Unknown Transfer-Encoding without CL should be rejected with 501", "category": "Compliance", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400/501 or close", "got": "400", "connectionState": "Open", "reason": "Unknown Transfer-Encoding without CL should be rejected with 501", "scored": true, "durationMs": 50.5608, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: gzip\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "COMP-LEADING-CRLF", "description": "Leading CRLF before request-line \u2014 server may ignore per RFC", "category": "Compliance", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "Open", "reason": "Leading CRLF before request-line \u2014 server may ignore per RFC", "scored": true, "durationMs": 50.7038, "rawRequest": "\r\n\r\nGET / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "COMP-ABSOLUTE-FORM", "description": "Absolute-form request-target \u2014 server should accept per RFC", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Absolute-form request-target \u2014 server should accept per RFC", "scored": true, "durationMs": 51.0306, "rawRequest": "GET http://localhost:8080/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:31 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "COMP-METHOD-CASE", "description": "Lowercase method 'get' \u2014 methods are case-sensitive per RFC", "category": "Compliance", "rfc": "RFC 9110 \u00a79.1", "verdict": "Warn", "statusCode": 200, "expected": "400/405/501 or 2xx", "got": "200", "connectionState": "Open", "reason": "Lowercase method 'get' \u2014 methods are case-sensitive per RFC", "scored": true, "durationMs": 50.7818, "rawRequest": "get / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:31 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "COMP-POST-CL-BODY", "description": "POST with Content-Length and matching body must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "POST with Content-Length and matching body must be accepted", "scored": true, "durationMs": 50.7804, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:31 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "COMP-POST-CL-ZERO", "description": "POST with Content-Length: 0 and no body must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "POST with Content-Length: 0 and no body must be accepted", "scored": true, "durationMs": 50.9257, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:31 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-POST-NO-CL-NO-TE", "description": "POST with neither Content-Length nor Transfer-Encoding \u2014 implicit zero-length body", "category": "Compliance", "rfc": "RFC 9112 \u00a76.3", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "POST with neither Content-Length nor Transfer-Encoding \u2014 implicit zero-length body", "scored": true, "durationMs": 50.7413, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:31 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-POST-CL-UNDERSEND", "description": "POST with Content-Length: 10 but only 5 bytes sent \u2014 incomplete body", "category": "Compliance", "rfc": "RFC 9112 \u00a76.2", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "POST with Content-Length: 10 but only 5 bytes sent \u2014 incomplete body", "scored": true, "durationMs": 5001.0503, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 10\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-CHUNKED-BODY", "description": "Valid single-chunk POST must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid single-chunk POST must be accepted", "scored": true, "durationMs": 50.7019, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:36 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-MULTI", "description": "Valid multi-chunk POST must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid multi-chunk POST must be accepted", "scored": true, "durationMs": 50.571, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n6\r\n world\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:36 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-EMPTY", "description": "Zero-length chunked body (just terminator) must be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx or close", "got": "200", "connectionState": "Open", "reason": "Zero-length chunked body (just terminator) must be accepted", "scored": true, "durationMs": 50.628, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:36 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-NO-FINAL", "description": "Chunked body without zero terminator \u2014 incomplete transfer", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Chunked body without zero terminator \u2014 incomplete transfer", "scored": true, "durationMs": 5000.5766, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "COMP-UPGRADE-POST", "description": "WebSocket upgrade via POST must not be accepted", "category": "Compliance", "rfc": "RFC 6455 \u00a74.1", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "WebSocket upgrade via POST must not be accepted", "scored": true, "durationMs": 50.8872, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 13\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:42 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "COMP-UPGRADE-MISSING-CONN", "description": "Upgrade header without Connection: Upgrade must not trigger protocol switch", "category": "Compliance", "rfc": "RFC 9110 \u00a77.8", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "Upgrade header without Connection: Upgrade must not trigger protocol switch", "scored": true, "durationMs": 50.7074, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 13\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:42 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-UPGRADE-UNKNOWN", "description": "Upgrade to unknown protocol must not return 101", "category": "Compliance", "rfc": "RFC 9110 \u00a77.8", "verdict": "Pass", "statusCode": 200, "expected": "!101", "got": "200", "connectionState": "Open", "reason": "Upgrade to unknown protocol must not return 101", "scored": true, "durationMs": 50.7407, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: totally-made-up/1.0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:42 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "COMP-METHOD-CONNECT", "description": "CONNECT to an origin server must be rejected", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.6", "verdict": "Fail", "statusCode": 200, "expected": "400/405/501 or close", "got": "200", "connectionState": "ClosedByServer", "reason": "Expected 400/405/501 or close, got 200 \u2014 CONNECT to an origin server must be rejected", "scored": true, "durationMs": 50.9229, "rawRequest": "CONNECT example.com:443 HTTP/1.1\r\nHost: example.com:443\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:42 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\n\r\n", "behavioralNote": null}, {"id": "COMP-EXPECT-UNKNOWN", "description": "Unknown Expect value should be rejected with 417", "category": "Compliance", "rfc": "RFC 9110 \u00a710.1.1", "verdict": "Warn", "statusCode": 200, "expected": "417 or 2xx", "got": "200", "connectionState": "Open", "reason": "Unknown Expect value should be rejected with 417", "scored": true, "durationMs": 50.8266, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nExpect: 200-ok\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:42 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "COMP-GET-WITH-CL-BODY", "description": "GET with Content-Length and body \u2014 semantically unusual", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "GET with Content-Length and body \u2014 semantically unusual", "scored": false, "durationMs": 50.6728, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:42 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-EXTENSION", "description": "Chunk extension (valid per RFC) \u2014 server should accept or may reject", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx or 400", "got": "200", "connectionState": "Open", "reason": "Chunk extension (valid per RFC) \u2014 server should accept or may reject", "scored": true, "durationMs": 50.7213, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;ext=value\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:42 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "COMP-UPGRADE-INVALID-VER", "description": "WebSocket upgrade with unsupported version \u2014 should return 426", "category": "Compliance", "rfc": "RFC 6455 \u00a74.4", "verdict": "Warn", "statusCode": 200, "expected": "426 or 2xx", "got": "200", "connectionState": "Open", "reason": "WebSocket upgrade with unsupported version \u2014 should return 426", "scored": true, "durationMs": 50.6581, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: Upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 99\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:42 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "COMP-METHOD-TRACE", "description": "TRACE request \u2014 should be disabled in production", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.8", "verdict": "Warn", "statusCode": 200, "expected": "405/501 or 2xx", "got": "200", "connectionState": "Open", "reason": "TRACE request \u2014 should be disabled in production", "scored": false, "durationMs": 50.669, "rawRequest": "TRACE / HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:42 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-HOST-EMPTY-VALUE", "description": "Empty Host header value must be rejected", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Empty Host header value must be rejected", "scored": true, "durationMs": 50.6745, "rawRequest": "GET / HTTP/1.1\r\nHost: \r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:42 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-REQUEST-LINE-TAB", "description": "Tab as request-line delimiter \u2014 SHOULD reject but MAY parse on whitespace", "category": "Compliance", "rfc": "RFC 9112 \u00a73", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "Open", "reason": "Tab as request-line delimiter \u2014 SHOULD reject but MAY parse on whitespace", "scored": true, "durationMs": 50.5793, "rawRequest": "GET\t/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "COMP-VERSION-MISSING-MINOR", "description": "HTTP/1 with no minor version digit is invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/1 with no minor version digit is invalid", "scored": true, "durationMs": 50.4651, "rawRequest": "GET / HTTP/1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInvalid HTTP request received.", "behavioralNote": null}, {"id": "COMP-VERSION-LEADING-ZEROS", "description": "HTTP/01.01 \u2014 leading zeros in version digits are invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/01.01 \u2014 leading zeros in version digits are invalid", "scored": true, "durationMs": 50.5344, "rawRequest": "GET / HTTP/01.01\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInvalid HTTP request received.", "behavioralNote": null}, {"id": "COMP-VERSION-WHITESPACE", "description": "HTTP/ 1.1 \u2014 whitespace inside version token is invalid", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "HTTP/ 1.1 \u2014 whitespace inside version token is invalid", "scored": true, "durationMs": 50.6245, "rawRequest": "GET / HTTP/ 1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInvalid HTTP request received.", "behavioralNote": null}, {"id": "COMP-CONNECTION-CLOSE", "description": "Server must close connection after responding to Connection: close", "category": "Compliance", "rfc": "RFC 9112 \u00a79.3", "verdict": "Fail", "statusCode": 200, "expected": "2xx + close", "got": "200", "connectionState": "Open", "reason": "Expected 2xx + close, got 200 \u2014 Server must close connection after responding to Connection: close", "scored": true, "durationMs": 50.7503, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nConnection: close\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:42 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "COMP-HTTP10-DEFAULT-CLOSE", "description": "HTTP/1.0 without keep-alive \u2014 server should close connection after response", "category": "Compliance", "rfc": "RFC 9112 \u00a79.3", "verdict": "Warn", "statusCode": 200, "expected": "2xx + close", "got": "200", "connectionState": "Open", "reason": "HTTP/1.0 without keep-alive \u2014 server should close connection after response", "scored": true, "durationMs": 50.7274, "rawRequest": "GET / HTTP/1.0\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:42 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "COMP-HTTP10-NO-HOST", "description": "HTTP/1.0 without Host header \u2014 valid per HTTP/1.0", "category": "Compliance", "rfc": "RFC 9112 \u00a73.2", "verdict": "Warn", "statusCode": 200, "expected": "200 or 400", "got": "200", "connectionState": "Open", "reason": "HTTP/1.0 without Host header \u2014 valid per HTTP/1.0", "scored": false, "durationMs": 50.7014, "rawRequest": "GET / HTTP/1.0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:42 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "COMP-HTTP12-VERSION", "description": "HTTP/1.2 \u2014 higher minor version should be accepted as HTTP/1.x compatible", "category": "Compliance", "rfc": "RFC 9112 \u00a72.3", "verdict": "Warn", "statusCode": 200, "expected": "200 or 505", "got": "200", "connectionState": "Open", "reason": "HTTP/1.2 \u2014 higher minor version should be accepted as HTTP/1.x compatible", "scored": false, "durationMs": 50.7373, "rawRequest": "GET / HTTP/1.2\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:42 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "COMP-TRACE-WITH-BODY", "description": "TRACE with Content-Length body should be rejected", "category": "Compliance", "rfc": "RFC 9110 \u00a79.3.8", "verdict": "Warn", "statusCode": 200, "expected": "400/405 or 200", "got": "200", "connectionState": "Open", "reason": "TRACE with Content-Length body should be rejected", "scored": false, "durationMs": 50.9078, "rawRequest": "TRACE / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:42 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-TRAILER-VALID", "description": "Valid chunked body with trailer field should be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1.2", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Valid chunked body with trailer field should be accepted", "scored": true, "durationMs": 50.6654, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nX-Checksum: abc\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:42 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "COMP-CHUNKED-HEX-UPPERCASE", "description": "Chunk size with uppercase hex (A = 10) should be accepted", "category": "Compliance", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 200, "expected": "2xx", "got": "200", "connectionState": "Open", "reason": "Chunk size with uppercase hex (A = 10) should be accepted", "scored": true, "durationMs": 50.5743, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\nA\r\nhelloworld\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:43 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-TE-BOTH", "description": "Both Content-Length and Transfer-Encoding present \u2014 server MAY reject or process with TE alone", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Both Content-Length and Transfer-Encoding present \u2014 server MAY reject or process with TE alone", "scored": true, "durationMs": 50.8954, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 6\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:43 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": "Used TE (chunked 0-length \u2192 empty body)"}, {"id": "SMUG-DUPLICATE-CL", "description": "Duplicate Content-Length with different values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "Open", "reason": "Duplicate Content-Length with different values must be rejected", "scored": true, "durationMs": 50.7197, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nContent-Length: 10\r\n\r\nhelloworld", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-LEADING-ZEROS", "description": "Content-Length with leading zeros \u2014 valid per 1*DIGIT grammar but may cause parser disagreement", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with leading zeros \u2014 valid per 1*DIGIT grammar but may cause parser disagreement", "scored": true, "durationMs": 50.7336, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 005\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:43 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-XCHUNKED", "description": "Transfer-Encoding: xchunked must not be treated as chunked", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "Open", "reason": "Transfer-Encoding: xchunked must not be treated as chunked", "scored": true, "durationMs": 50.6049, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: xchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-TRAILING-SPACE", "description": "Transfer-Encoding: 'chunked ' (trailing space) must not be treated as chunked", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Transfer-Encoding: 'chunked ' (trailing space) must not be treated as chunked", "scored": true, "durationMs": 5000.019, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked \r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-SP-BEFORE-COLON", "description": "Transfer-Encoding with space before colon must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a75", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "Open", "reason": "Transfer-Encoding with space before colon must be rejected", "scored": true, "durationMs": 50.5502, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding : chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-NEGATIVE", "description": "Negative Content-Length must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "Open", "reason": "Negative Content-Length must be rejected", "scored": true, "durationMs": 50.5137, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: -1\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CLTE-PIPELINE", "description": "CL.TE smuggling probe \u2014 follow-up should not receive smuggled response", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 CL.TE smuggling probe \u2014 follow-up should not receive smuggled response", "scored": true, "durationMs": 0.621, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 4\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:48 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TECL-PIPELINE", "description": "TE.CL smuggling probe \u2014 TE: chunked + CL: 30 with pipelined GET", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 TE.CL smuggling probe \u2014 TE: chunked + CL: 30 with pipelined GET", "scored": true, "durationMs": 0.4612, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nContent-Length: 30\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:48 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-TRAILING-SPACE", "description": "Content-Length with trailing space \u2014 OWS trimming is valid per RFC 9110 \u00a75.5", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with trailing space \u2014 OWS trimming is valid per RFC 9110 \u00a75.5", "scored": true, "durationMs": 50.4525, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5 \r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:48 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-DOUBLE-CHUNKED", "description": "Transfer-Encoding: chunked, chunked with CL is ambiguous", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "Open", "reason": "Transfer-Encoding: chunked, chunked with CL is ambiguous", "scored": true, "durationMs": 50.5739, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked, chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-EXTRA-LEADING-SP", "description": "Content-Length with extra leading whitespace (double space OWS)", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with extra leading whitespace (double space OWS)", "scored": true, "durationMs": 50.6447, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length:  5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:48 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-CASE-MISMATCH", "description": "Transfer-Encoding: Chunked (capital C) with CL \u2014 case-insensitive is valid", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Transfer-Encoding: Chunked (capital C) with CL \u2014 case-insensitive is valid", "scored": true, "durationMs": 5000.7292, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: Chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CL-COMMA-DIFFERENT", "description": "Content-Length with comma-separated different values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with comma-separated different values must be rejected", "scored": true, "durationMs": 50.6604, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5, 10\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInvalid HTTP request received.", "behavioralNote": null}, {"id": "SMUG-TE-NOT-FINAL-CHUNKED", "description": "Transfer-Encoding where chunked is not final \u2014 server MUST respond with 400 (RFC 9112 \u00a76.3)", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.3", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding where chunked is not final \u2014 server MUST respond with 400 (RFC 9112 \u00a76.3)", "scored": true, "durationMs": 50.4817, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked, gzip\r\n\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInvalid HTTP request received.", "behavioralNote": null}, {"id": "SMUG-TE-HTTP10", "description": "Transfer-Encoding in HTTP/1.0 request must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Transfer-Encoding in HTTP/1.0 request must be rejected", "scored": true, "durationMs": 5000.3278, "rawRequest": "POST / HTTP/1.0\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-CHUNK-BARE-SEMICOLON", "description": "Chunk size with bare semicolon and no extension name must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Chunk size with bare semicolon and no extension name must be rejected", "scored": true, "durationMs": 50.9338, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:58 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-BARE-CR-HEADER-VALUE", "description": "Bare CR in header value must be rejected or replaced with SP", "category": "Smuggling", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Bare CR in header value must be rejected or replaced with SP", "scored": true, "durationMs": 50.8606, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nX-Test: val\rue\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInvalid HTTP request received.", "behavioralNote": null}, {"id": "SMUG-CL-OCTAL", "description": "Content-Length with octal prefix (0o5) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "Open", "reason": "Content-Length with octal prefix (0o5) must be rejected", "scored": true, "durationMs": 50.6604, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0o5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-UNDERSCORE", "description": "Chunk size with underscores (1_0) must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size with underscores (1_0) must be rejected", "scored": true, "durationMs": 50.6999, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n1_0\r\nhello world!!!!!\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nconnection: close\r\nTransfer-Encoding: chunked\r\n\r\n1e\r\nInvalid HTTP request received.\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-EMPTY-VALUE", "description": "Transfer-Encoding with empty value must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "Open", "reason": "Transfer-Encoding with empty value must be rejected", "scored": true, "durationMs": 50.6741, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-LEADING-COMMA", "description": "Transfer-Encoding with leading comma (, chunked) \u2014 RFC says empty list elements MUST be ignored", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.6.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "Open", "reason": "Transfer-Encoding with leading comma (, chunked) \u2014 RFC says empty list elements MUST be ignored", "scored": true, "durationMs": 50.6842, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: , chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-DUPLICATE-HEADERS", "description": "Two Transfer-Encoding headers with CL present \u2014 ambiguous framing", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "Open", "reason": "Two Transfer-Encoding headers with CL present \u2014 ambiguous framing", "scored": true, "durationMs": 50.5305, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\nTransfer-Encoding: identity\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-HEX-PREFIX", "description": "Chunk size with 0x prefix must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size with 0x prefix must be rejected", "scored": true, "durationMs": 50.5334, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n0x5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nconnection: close\r\nTransfer-Encoding: chunked\r\n\r\n1e\r\nInvalid HTTP request received.\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-HEX-PREFIX", "description": "Content-Length with hex prefix (0x5) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "Open", "reason": "Content-Length with hex prefix (0x5) must be rejected", "scored": true, "durationMs": 50.5695, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0x5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-INTERNAL-SPACE", "description": "Content-Length with internal space (1 0) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length with internal space (1 0) must be rejected", "scored": true, "durationMs": 50.9582, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 1 0\r\n\r\nhello12345", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInvalid HTTP request received.", "behavioralNote": null}, {"id": "SMUG-CHUNK-LEADING-SP", "description": "Chunk size with leading space must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "Open", "reason": "Chunk size with leading space must be rejected", "scored": true, "durationMs": 50.6812, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n 5\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nconnection: close\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-MISSING-TRAILING-CRLF", "description": "Chunk data without trailing CRLF must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "Open", "reason": "Chunk data without trailing CRLF must be rejected", "scored": true, "durationMs": 50.6774, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nconnection: close\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-LF", "description": "Bare LF in chunk extension \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "Open", "reason": "Bare LF in chunk extension \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 50.9612, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nconnection: close\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-SPILL", "description": "Chunk declares size 5 but sends 7 bytes \u2014 oversized chunk data must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "Open", "reason": "Chunk declares size 5 but sends 7 bytes \u2014 oversized chunk data must be rejected", "scored": true, "durationMs": 50.5894, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello!!\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nconnection: close\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-LF-TERM", "description": "Bare LF as chunk data terminator \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "Open", "reason": "Bare LF as chunk data terminator \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 50.8065, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nconnection: close\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-CTRL", "description": "NUL byte in chunk extension must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 NUL byte in chunk extension must be rejected", "scored": true, "durationMs": 51.0225, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;\u0000ext\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:59 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-EXT-CR", "description": "Bare CR (not CRLF) in chunk extension \u2014 some parsers treat CR alone as line ending", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1.1", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Bare CR (not CRLF) in chunk extension \u2014 some parsers treat CR alone as line ending", "scored": true, "durationMs": 51.1376, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;a\rX\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:59 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-VTAB", "description": "Vertical tab before 'chunked' in TE value \u2014 control char obfuscation vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Vertical tab before 'chunked' in TE value \u2014 control char obfuscation vector", "scored": true, "durationMs": 50.9521, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \u000bchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInvalid HTTP request received.", "behavioralNote": null}, {"id": "SMUG-TE-FORMFEED", "description": "Form feed before 'chunked' in TE value \u2014 control char obfuscation vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Form feed before 'chunked' in TE value \u2014 control char obfuscation vector", "scored": true, "durationMs": 50.9862, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: \fchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInvalid HTTP request received.", "behavioralNote": null}, {"id": "SMUG-TE-NULL", "description": "NUL byte appended to 'chunked' in TE value \u2014 C-string truncation attack", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "Open", "reason": "NUL byte appended to 'chunked' in TE value \u2014 C-string truncation attack", "scored": true, "durationMs": 50.6127, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\u0000\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-LF-TRAILER", "description": "Bare LF in chunked trailer termination \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Bare LF in chunked trailer termination \u2014 server MAY accept bare LF per RFC 9112 \u00a72.2", "scored": true, "durationMs": 51.0549, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:59 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-IDENTITY", "description": "Transfer-Encoding: identity (deprecated) with CL must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Transfer-Encoding: identity (deprecated) with CL must be rejected", "scored": true, "durationMs": 50.6084, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: identity\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInvalid HTTP request received.", "behavioralNote": null}, {"id": "SMUG-CHUNK-NEGATIVE", "description": "Negative chunk size must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a77.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "Open", "reason": "Negative chunk size must be rejected", "scored": true, "durationMs": 50.6757, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n-1\r\nhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nconnection: close\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRANSFER_ENCODING", "description": "Transfer_Encoding (underscore) header with CL \u2014 not a valid header but some parsers accept", "category": "Smuggling", "rfc": "RFC 9112 \u00a76.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer_Encoding (underscore) header with CL \u2014 not a valid header but some parsers accept", "scored": false, "durationMs": 50.0967, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer_Encoding: chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:59 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": "Used TE (treated as chunked)"}, {"id": "SMUG-CL-COMMA-SAME", "description": "Content-Length with comma-separated identical values \u2014 some servers merge", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with comma-separated identical values \u2014 some servers merge", "scored": false, "durationMs": 49.9302, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5, 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:59 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNKED-WITH-PARAMS", "description": "Transfer-Encoding: chunked;ext=val \u2014 parameters on chunked encoding", "category": "Smuggling", "rfc": "RFC 9112 \u00a77", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "Open", "reason": "Transfer-Encoding: chunked;ext=val \u2014 parameters on chunked encoding", "scored": true, "durationMs": 50.7447, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked;ext=val\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-EXPECT-100-CL", "description": "Expect: 100-continue with Content-Length \u2014 server should send 100 then read body", "category": "Smuggling", "rfc": "RFC 9110 \u00a710.1.1", "verdict": "Fail", "statusCode": 100, "expected": "400 or 2xx", "got": "100", "connectionState": "Open", "reason": "Expected 400 or 2xx, got 100 \u2014 Expect: 100-continue with Content-Length \u2014 server should send 100 then read body", "scored": false, "durationMs": 50.7851, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\nExpect: 100-continue\r\n\r\nhello", "rawResponse": "HTTP/1.1 100 Continue\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-CL", "description": "Content-Length in chunked trailers must be ignored \u2014 prohibited trailer field", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length in chunked trailers must be ignored \u2014 prohibited trailer field", "scored": false, "durationMs": 50.848, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nContent-Length: 50\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:59 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-TE", "description": "Transfer-Encoding in chunked trailers must be ignored \u2014 prohibited trailer field", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Transfer-Encoding in chunked trailers must be ignored \u2014 prohibited trailer field", "scored": false, "durationMs": 50.8771, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nTransfer-Encoding: chunked\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:48:59 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-HOST", "description": "Host header in chunked trailers must not be used for routing", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Host header in chunked trailers must not be used for routing", "scored": false, "durationMs": 50.9973, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nHost: evil.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:49:00 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-AUTH", "description": "Authorization header in chunked trailers \u2014 prohibited per RFC 9110 \u00a76.5.1", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Authorization header in chunked trailers \u2014 prohibited per RFC 9110 \u00a76.5.1", "scored": false, "durationMs": 50.8673, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nAuthorization: Bearer evil\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:49:00 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-HEAD-CL-BODY", "description": "HEAD request with Content-Length and body \u2014 server must not leave body on connection", "category": "Smuggling", "rfc": "RFC 9110 \u00a79.3.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "HEAD request with Content-Length and body \u2014 server must not leave body on connection", "scored": false, "durationMs": 50.787, "rawRequest": "HEAD / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:49:00 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-OPTIONS-CL-BODY", "description": "OPTIONS with Content-Length and body \u2014 server should consume or reject body", "category": "Smuggling", "rfc": "RFC 9110 \u00a79.3.7", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "OPTIONS with Content-Length and body \u2014 server should consume or reject body", "scored": false, "durationMs": 50.556, "rawRequest": "OPTIONS / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:49:00 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-UNDERSCORE", "description": "Content-Length with underscore digit separator (1_0) must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "Open", "reason": "Content-Length with underscore digit separator (1_0) must be rejected", "scored": true, "durationMs": 50.4388, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 1_0\r\n\r\nhelloworld", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-NEGATIVE-ZERO", "description": "Content-Length: -0 must be rejected \u2014 not valid 1*DIGIT", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Content-Length: -0 must be rejected \u2014 not valid 1*DIGIT", "scored": true, "durationMs": 50.6022, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: -0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInvalid HTTP request received.", "behavioralNote": null}, {"id": "SMUG-CL-DOUBLE-ZERO", "description": "Content-Length: 00 \u2014 matches 1*DIGIT but leading zero ambiguity", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length: 00 \u2014 matches 1*DIGIT but leading zero ambiguity", "scored": true, "durationMs": 50.8023, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 00\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:49:00 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CL-LEADING-ZEROS-OCTAL", "description": "Content-Length: 0200 \u2014 octal 128 vs decimal 200, parser disagreement vector", "category": "Smuggling", "rfc": "RFC 9110 \u00a78.6", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length: 0200 \u2014 octal 128 vs decimal 200, parser disagreement vector", "scored": true, "durationMs": 50.8786, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 0200\r\n\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:49:00 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\nc8\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-OBS-FOLD", "description": "Transfer-Encoding with obs-fold line wrapping must be rejected", "category": "Smuggling", "rfc": "RFC 9112 \u00a75.1", "verdict": "Fail", "statusCode": null, "expected": "400", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400, got TimedOut \u2014 Transfer-Encoding with obs-fold line wrapping must be rejected", "scored": true, "durationMs": 5000.9378, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding:\r\n chunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-TE-TRAILING-COMMA", "description": "Transfer-Encoding: chunked, \u2014 trailing comma produces empty list element", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.6.1", "verdict": "Pass", "statusCode": 400, "expected": "400 or 2xx", "got": "400", "connectionState": "Open", "reason": "Transfer-Encoding: chunked, \u2014 trailing comma produces empty list element", "scored": true, "durationMs": 50.6344, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked,\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TE-TAB-BEFORE-VALUE", "description": "Transfer-Encoding with tab as OWS before value", "category": "Smuggling", "rfc": "RFC 9110 \u00a75.5", "verdict": "Fail", "statusCode": null, "expected": "400 or 2xx", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Expected 400 or 2xx, got TimedOut \u2014 Transfer-Encoding with tab as OWS before value", "scored": false, "durationMs": 5000.6603, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding:\tchunked\r\nContent-Length: 5\r\n\r\nhello", "rawResponse": null, "behavioralNote": null}, {"id": "SMUG-ABSOLUTE-URI-HOST-MISMATCH", "description": "Absolute-form URI with different Host header \u2014 routing confusion vector", "category": "Smuggling", "rfc": "RFC 9112 \u00a73.2.2", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Absolute-form URI with different Host header \u2014 routing confusion vector", "scored": false, "durationMs": 50.8371, "rawRequest": "GET http://other.example.com/ HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:49:10 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-MULTIPLE-HOST-COMMA", "description": "Host header with comma-separated values must be rejected", "category": "Smuggling", "rfc": "RFC 9110 \u00a77.2", "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Host header with comma-separated values must be rejected", "scored": true, "durationMs": 49.6981, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080, other.example.com\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:49:10 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-CHUNK-BARE-CR-TERM", "description": "Chunk size line terminated by bare CR \u2014 not a valid line terminator", "category": "Smuggling", "rfc": "RFC 9112 \u00a72.2", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Chunk size line terminated by bare CR \u2014 not a valid line terminator", "scored": true, "durationMs": 50.6379, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\rhello\r\n0\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nconnection: close\r\nTransfer-Encoding: chunked\r\n\r\n1e\r\nInvalid HTTP request received.\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "SMUG-TRAILER-CONTENT-TYPE", "description": "Content-Type in chunked trailer \u2014 prohibited per RFC 9110 \u00a76.5.1", "category": "Smuggling", "rfc": "RFC 9110 \u00a76.5.1", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Type in chunked trailer \u2014 prohibited per RFC 9110 \u00a76.5.1", "scored": false, "durationMs": 50.7183, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\nContent-Type: text/evil\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:49:10 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-BINARY-GARBAGE", "description": "Random binary garbage should be rejected or connection closed", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Random binary garbage should be rejected or connection closed", "scored": true, "durationMs": 5000.6595, "rawRequest": ">\u0017???\u0004?;???V???:o?M%U\u0017]?n?\t\u0014W??6??(\u000b??\u0007???p??\u0005\tngk??\rF?'??'\"?????g?\u001a?????rvc??7i??????)??\u0000Q?????\u000eq\u0005-~????>B??u?8???`\u000b?J\u0017>?\u001d?b?\t???T5{\n????\u0006t|????\u0018\u0010?D??\u0015'????dQ%5w\tN K???\r?\u0011????D?\u0003I?(?\u0011??\r?\u001bi?L???\u0005?kg4Ze\f6??\"QT><<`\u0007u\f????=1?jMah\u0012??+?-??J\u001cP??\u001d?7?,???j2\u0014????(", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-LONG-URL", "description": "100KB URL should be rejected with 414 URI Too Long", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400/414/431 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400/414/431 or close, got 200 \u2014 100KB URL should be rejected with 414 URI Too Long", "scored": true, "durationMs": 52.5619, "rawRequest": "GET /AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:49:15 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-LONG-HEADER-VALUE", "description": "100KB header value should be rejected with 431", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400/431 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400/431 or close, got 200 \u2014 100KB header value should be rejected with 431", "scored": true, "durationMs": 51.9558, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Big: BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:49:15 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-MANY-HEADERS", "description": "10,000 headers should be rejected with 431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/431 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "10,000 headers should be rejected with 431", "scored": true, "durationMs": 54.4389, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-H-0: value\r\nX-H-1: value\r\nX-H-2: value\r\nX-H-3: value\r\nX-H-4: value\r\nX-H-5: value\r\nX-H-6: value\r\nX-H-7: value\r\nX-H-8: value\r\nX-H-9: value\r\nX-H-10: value\r\nX-H-11: value\r\nX-H-12: value\r\nX-H-13: value\r\nX-H-14: value\r\nX-H-15: value\r\nX-H-16: value\r\nX-H-17: value\r\nX-H-18: value\r\nX-H-19: value\r\nX-H-20: value\r\nX-H-21: value\r\nX-H-22: value\r\nX-H-23: value\r\nX-H-24: value\r\nX-H-25: value\r\nX-H-26: value\r\nX-H-27: value\r\nX-H-28: value\r\nX-H-29: value\r\nX-H-30: value\r\nX-H-31: value\r\nX-H-32: value\r\nX-H-33: value\r\nX-H-34: value\r\nX-H-35: value\r\nX-H-36: value\r\nX-H-37: value\r\nX-H-38: value\r\nX-H-39: value\r\nX-H-40: value\r\nX-H-41: value\r\nX-H-42: value\r\nX-H-43: value\r\nX-H-44: value\r\nX-H-45: value\r\nX-H-46: value\r\nX-H-47: value\r\nX-H-48: value\r\nX-H-49: value\r\nX-H-50: value\r\nX-H-51: value\r\nX-H-52: value\r\nX-H-53: value\r\nX-H-54: value\r\nX-H-55: value\r\nX-H-56: value\r\nX-H-57: value\r\nX-H-58: value\r\nX-H-59: value\r\nX-H-60: value\r\nX-H-61: value\r\nX-H-62: value\r\nX-H-63: value\r\nX-H-64: value\r\nX-H-65: value\r\nX-H-66: value\r\nX-H-67: value\r\nX-H-68: value\r\nX-H-69: value\r\nX-H-70: value\r\nX-H-71: value\r\nX-H-72: value\r\nX-H-73: value\r\nX-H-74: value\r\nX-H-75: value\r\nX-H-76: value\r\nX-H-77: value\r\nX-H-78: value\r\nX-H-79: value\r\nX-H-80: value\r\nX-H-81: value\r\nX-H-82: value\r\nX-H-83: value\r\nX-H-84: value\r\nX-H-85: value\r\nX-H-86: value\r\nX-H-87: value\r\nX-H-88: value\r\nX-H-89: value\r\nX-H-90: value\r\nX-H-91: value\r\nX-H-92: value\r\nX-H-93: value\r\nX-H-94: value\r\nX-H-95: value\r\nX-H-96: value\r\nX-H-97: value\r\nX-H-98: value\r\nX-H-99: value\r\nX-H-100: value\r\nX-H-101: value\r\nX-H-102: value\r\nX-H-103: value\r\nX-H-104: value\r\nX-H-105: value\r\nX-H-106: value\r\nX-H-107: value\r\nX-H-108: value\r\nX-H-109: value\r\nX-H-110: value\r\nX-H-111: value\r\nX-H-112: value\r\nX-H-113: value\r\nX-H-114: value\r\nX-H-115: value\r\nX-H-116: value\r\nX-H-117: value\r\nX-H-118: value\r\nX-H-119: value\r\nX-H-120: value\r\nX-H-121: value\r\nX-H-122: value\r\nX-H-123: value\r\nX-H-124: value\r\nX-H-125: value\r\nX-H-126: value\r\nX-H-127: value\r\nX-H-128: value\r\nX-H-129: value\r\nX-H-130: value\r\nX-H-131: value\r\nX-H-132: value\r\nX-H-133: value\r\nX-H-134: value\r\nX-H-135: value\r\nX-H-136: value\r\nX-H-137: value\r\nX-H-138: value\r\nX-H-139: value\r\nX-H-140: value\r\nX-H-141: value\r\nX-H-142: value\r\nX-H-143: value\r\nX-H-144: value\r\nX-H-145: value\r\nX-H-146: value\r\nX-H-147: value\r\nX-H-148: value\r\nX-H-149: value\r\nX-H-150: value\r\nX-H-151: value\r\nX-H-152: value\r\nX-H-153: value\r\nX-H-154: value\r\nX-H-155: value\r\nX-H-156: value\r\nX-H-157: value\r\nX-H-158: value\r\nX-H-159: value\r\nX-H-160: value\r\nX-H-161: value\r\nX-H-162: value\r\nX-H-163: value\r\nX-H-164: value\r\nX-H-165: value\r\nX-H-166: value\r\nX-H-167: value\r\nX-H-168: value\r\nX-H-169: value\r\nX-H-170: value\r\nX-H-171: value\r\nX-H-172: value\r\nX-H-173: value\r\nX-H-174: value\r\nX-H-175: value\r\nX-H-176: value\r\nX-H-177: value\r\nX-H-178: value\r\nX-H-179: value\r\nX-H-180: value\r\nX-H-181: value\r\nX-H-182: value\r\nX-H-183: value\r\nX-H-184: value\r\nX-H-185: value\r\nX-H-186: value\r\nX-H-187: value\r\nX-H-188: value\r\nX-H-189: value\r\nX-H-190: value\r\nX-H-191: value\r\nX-H-192: value\r\nX-H-193: value\r\nX-H-194: value\r\nX-H-195: value\r\nX-H-196: value\r\nX-H-197: value\r\nX-H-198: value\r\nX-H-199: value\r\nX-H-200: value\r\nX-H-201: value\r\nX-H-202: value\r\nX-H-203: value\r\nX-H-204: value\r\nX-H-205: value\r\nX-H-206: value\r\nX-H-207: value\r\nX-H-208: value\r\nX-H-209: value\r\nX-H-210: value\r\nX-H-211: value\r\nX-H-212: value\r\nX-H-213: value\r\nX-H-214: value\r\nX-H-215: value\r\nX-H-216: value\r\nX-H-217: value\r\nX-H-218: value\r\nX-H-219: value\r\nX-H-220: value\r\nX-H-221: value\r\nX-H-222: value\r\nX-H-223: value\r\nX-H-224: value\r\nX-H-225: value\r\nX-H-226: value\r\nX-H-227: value\r\nX-H-228: value\r\nX-H-229: value\r\nX-H-230: value\r\nX-H-231: value\r\nX-H-232: value\r\nX-H-233: value\r\nX-H-234: value\r\nX-H-235: value\r\nX-H-236: value\r\nX-H-237: value\r\nX-H-238: value\r\nX-H-239: value\r\nX-H-240: value\r\nX-H-241: value\r\nX-H-242: value\r\nX-H-243: value\r\nX-H-244: value\r\nX-H-245: value\r\nX-H-246: value\r\nX-H-247: value\r\nX-H-248: value\r\nX-H-249: value\r\nX-H-250: value\r\nX-H-251: value\r\nX-H-252: value\r\nX-H-253: value\r\nX-H-254: value\r\nX-H-255: value\r\nX-H-256: value\r\nX-H-257: value\r\nX-H-258: value\r\nX-H-259: value\r\nX-H-260: value\r\nX-H-261: value\r\nX-H-262: value\r\nX-H-263: value\r\nX-H-264: value\r\nX-H-265: value\r\nX-H-266: value\r\nX-H-267: value\r\nX-H-268: value\r\nX-H-269: value\r\nX-H-270: value\r\nX-H-271: value\r\nX-H-272: value\r\nX-H-273: value\r\nX-H-274: value\r\nX-H-275: value\r\nX-H-276: value\r\nX-H-277: value\r\nX-H-278: value\r\nX-H-279: value\r\nX-H-280: value\r\nX-H-281: value\r\nX-H-282: value\r\nX-H-283: value\r\nX-H-284: value\r\nX-H-285: value\r\nX-H-286: value\r\nX-H-287: value\r\nX-H-288: value\r\nX-H-289: value\r\nX-H-290: value\r\nX-H-291: value\r\nX-H-292: value\r\nX-H-293: value\r\nX-H-294: value\r\nX-H-295: value\r\nX-H-296: value\r\nX-H-297: value\r\nX-H-298: value\r\nX-H-299: value\r\nX-H-300: value\r\nX-H-301: value\r\nX-H-302: value\r\nX-H-303: value\r\nX-H-304: value\r\nX-H-305: value\r\nX-H-306: value\r\nX-H-307: value\r\nX-H-308: value\r\nX-H-309: value\r\nX-H-310: value\r\nX-H-311: value\r\nX-H-312: value\r\nX-H-313: value\r\nX-H-314: value\r\nX-H-315: value\r\nX-H-316: value\r\nX-H-317: value\r\nX-H-318: value\r\nX-H-319: value\r\nX-H-320: value\r\nX-H-321: value\r\nX-H-322: value\r\nX-H-323: value\r\nX-H-324: value\r\nX-H-325: value\r\nX-H-326: value\r\nX-H-327: value\r\nX-H-328: value\r\nX-H-329: value\r\nX-H-330: value\r\nX-H-331: value\r\nX-H-332: value\r\nX-H-333: value\r\nX-H-334: value\r\nX-H-335: value\r\nX-H-336: value\r\nX-H-337: value\r\nX-H-338: value\r\nX-H-339: value\r\nX-H-340: value\r\nX-H-341: value\r\nX-H-342: value\r\nX-H-343: value\r\nX-H-344: value\r\nX-H-345: value\r\nX-H-346: value\r\nX-H-347: value\r\nX-H-348: value\r\nX-H-349: value\r\nX-H-350: value\r\nX-H-351: value\r\nX-H-352: value\r\nX-H-353: value\r\nX-H-354: value\r\nX-H-355: value\r\nX-H-356: value\r\nX-H-357: value\r\nX-H-358: value\r\nX-H-359: value\r\nX-H-360: value\r\nX-H-361: value\r\nX-H-362: value\r\nX-H-363: value\r\nX-H-364: value\r\nX-H-365: value\r\nX-H-366: value\r\nX-H-367: value\r\nX-H-368: value\r\nX-H-369: value\r\nX-H-370: value\r\nX-H-371: value\r\nX-H-372: value\r\nX-H-373: value\r\nX-H-374: value\r\nX-H-375: value\r\nX-H-376: value\r\nX-H-377: value\r\nX-H-378: value\r\nX-H-379: value\r\nX-H-380: value\r\nX-H-381: value\r\nX-H-382: value\r\nX-H-383: value\r\nX-H-384: value\r\nX-H-385: value\r\nX-H-386: value\r\nX-H-387: value\r\nX-H-388: value\r\nX-H-389: value\r\nX-H-390: value\r\nX-H-391: value\r\nX-H-392: value\r\nX-H-393: value\r\nX-H-394: value\r\nX-H-395: value\r\nX-H-396: value\r\nX-H-397: value\r\nX-H-398: value\r\nX-H-399: value\r\nX-H-400: value\r\nX-H-401: value\r\nX-H-402: value\r\nX-H-403: value\r\nX-H-404: value\r\nX-H-405: value\r\nX-H-406: value\r\nX-H-407: value\r\nX-H-408: value\r\nX-H-409: value\r\nX-H-410: value\r\nX-H-411: value\r\nX-H-412: value\r\nX-H-413: value\r\nX-H-414: value\r\nX-H-415: value\r\nX-H-416: value\r\nX-H-417: value\r\nX-H-418: value\r\nX-H-419: value\r\nX-H-420: value\r\nX-H-421: value\r\nX-H-422: value\r\nX-H-423: value\r\nX-H-424: value\r\nX-H-425: value\r\nX-H-426: value\r\nX-H-427: value\r\nX-H-428: value\r\nX-H-429: value\r\nX-H-430: value\r\nX-H-431: value\r\nX-H-432: value\r\nX-H-433: value\r\nX-H-434: value\r\nX-H-435: value\r\nX-H-436: value\r\nX-H-437: value\r\nX-H-438: value\r\nX-H-439: value\r\nX-H-440: value\r\nX-H-441: value\r\nX-H-442: value\r\nX-H-443: value\r\nX-H-444: value\r\nX-H-445: value\r\nX-H-446: value\r\nX-H-447: value\r\nX-H-448: value\r\nX-H-449: value\r\nX-H-450: value\r\nX-H-451: value\r\nX-H-452: value\r\nX-H-453: value\r\nX-H-454: value\r\nX-H-455: value\r\nX-H-456: value\r\nX-H-457: value\r\nX-H-458: value\r\nX-H-459: value\r\nX-H-460: value\r\nX-H-461: value\r\nX-H-462: value\r\nX-H-463: value\r\nX-H-464: value\r\nX-H-465: value\r\nX-H-466: value\r\nX-H-467: value\r\nX-H-468: value\r\nX-H-469: value\r\nX-H-470: value\r\nX-H-471: value\r\nX-H-472: value\r\nX-H-473: value\r\nX-H-474: value\r\nX-H-475: value\r\nX-H-476: value\r\nX-H-477: value\r\nX-H-478: value\r\nX-H-479: value\r\nX-H-480: value\r\nX-H-481: value\r\nX-H-482: value\r\nX-H-483: value\r\nX-H-484: value\r\nX-H-485: value\r\nX-H-486: value\r\nX-H-487: value\r\nX-H-488: value\r\nX-H-489: value\r\nX-H-490: value\r\nX-H-491: value\r\nX-H-492: value\r\nX-H-493: value\r\nX-H-494: value\r\nX-H-495: value\r\nX-H-496: value\r\nX-H-497: value\r\nX-H-498: value\r\nX-H-499: value\r\nX-H-500: value\r\nX-H-501: value\r\nX-H-502: value\r\nX-H-503: value\r\nX-H-504: value\r\nX-H-505: value\r\nX-H-506: value\r\nX-H-507: value\r\nX-H-508: value\r\nX-H-509: value\r\nX-H-510: value\r\nX-H-511: value\r\nX-H-512: value\r\nX-H-513: value\r\nX-H-514: value\r\nX-H-515: value\r\nX-H-516:", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInvalid HTTP request received.", "behavioralNote": null}, {"id": "MAL-NUL-IN-URL", "description": "NUL byte in URL should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "NUL byte in URL should be rejected", "scored": true, "durationMs": 50.8348, "rawRequest": "GET /\u0000test HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInvalid HTTP request received.", "behavioralNote": null}, {"id": "MAL-CONTROL-CHARS-HEADER", "description": "Control characters in header value should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400 or close", "got": "200", "connectionState": "Open", "reason": "Expected 400 or close, got 200 \u2014 Control characters in header value should be rejected", "scored": true, "durationMs": 50.7822, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: abc\u0007\b?f\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:49:15 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-INCOMPLETE-REQUEST", "description": "Partial HTTP request \u2014 request-line and headers but no final CRLF", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Partial HTTP request \u2014 request-line and headers but no final CRLF", "scored": true, "durationMs": 5000.3577, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: value", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-EMPTY-REQUEST", "description": "Zero bytes \u2014 TCP connection established without sending any data", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Zero bytes \u2014 TCP connection established without sending any data", "scored": true, "durationMs": 5000.7272, "rawRequest": "", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-LONG-HEADER-NAME", "description": "100KB header name should be rejected with 400/431", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/431 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "100KB header name should be rejected with 400/431", "scored": true, "durationMs": 50.7142, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInvalid HTTP request received.", "behavioralNote": null}, {"id": "MAL-LONG-METHOD", "description": "100KB method name should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "100KB method name should be rejected", "scored": true, "durationMs": 51.2156, "rawRequest": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInvalid HTTP request received.", "behavioralNote": null}, {"id": "MAL-NON-ASCII-HEADER-NAME", "description": "Non-ASCII bytes (UTF-8 \u00eb) in header name must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "Open", "reason": "Non-ASCII bytes (UTF-8 \u00eb) in header name must be rejected", "scored": true, "durationMs": 50.626, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-T??st: value\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\n", "behavioralNote": null}, {"id": "MAL-NON-ASCII-URL", "description": "Non-ASCII bytes (UTF-8 \u00e9) in URL must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Non-ASCII bytes (UTF-8 \u00e9) in URL must be rejected", "scored": true, "durationMs": 50.7771, "rawRequest": "GET /caf?? HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInvalid HTTP request received.", "behavioralNote": null}, {"id": "MAL-CL-OVERFLOW", "description": "Content-Length with integer overflow value must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Content-Length with integer overflow value must be rejected", "scored": true, "durationMs": 5000.5008, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 99999999999999999999\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-WHITESPACE-ONLY-LINE", "description": "Whitespace-only request line should be rejected or timeout", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400/close/timeout", "got": "400", "connectionState": "ClosedByServer", "reason": "Whitespace-only request line should be rejected or timeout", "scored": true, "durationMs": 51.0287, "rawRequest": "   \r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInvalid HTTP request received.", "behavioralNote": null}, {"id": "MAL-NUL-IN-HEADER-VALUE", "description": "NUL byte in header value should be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "NUL byte in header value should be rejected", "scored": true, "durationMs": 50.8133, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nX-Test: val\u0000ue\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInvalid HTTP request received.", "behavioralNote": null}, {"id": "MAL-CHUNK-SIZE-OVERFLOW", "description": "Chunk size with integer overflow must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400 or close", "got": "TimedOut", "connectionState": "TimedOut", "reason": "Chunk size with integer overflow must be rejected", "scored": true, "durationMs": 5001.2099, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\nFFFFFFFFFFFFFFFF0\r\nhello\r\n0\r\n\r\n", "rawResponse": null, "behavioralNote": null}, {"id": "MAL-H2-PREFACE", "description": "HTTP/2 connection preface sent to HTTP/1.1 server must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Fail", "statusCode": 200, "expected": "400/505/close/timeout", "got": "200", "connectionState": "Open", "reason": "Expected 400/505/close/timeout, got 200 \u2014 HTTP/2 connection preface sent to HTTP/1.1 server must be rejected", "scored": true, "durationMs": 51.1767, "rawRequest": "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:49:36 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-CL-EMPTY", "description": "Empty Content-Length value must be rejected", "category": "MalformedInput", "rfc": "RFC 9110 \u00a78.6", "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Empty Content-Length value must be rejected", "scored": true, "durationMs": 50.8716, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: \r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInvalid HTTP request received.", "behavioralNote": null}, {"id": "MAL-CL-TAB-BEFORE-VALUE", "description": "Content-Length with tab as OWS \u2014 valid per RFC but unusual", "category": "MalformedInput", "rfc": "RFC 9110 \u00a75.5", "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "Content-Length with tab as OWS \u2014 valid per RFC but unusual", "scored": true, "durationMs": 50.4443, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length:\t5\r\n\r\nhello", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:49:36 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-URL-BACKSLASH", "description": "Backslash in URL path \u2014 not valid URI character, some servers normalize to /", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx/404", "got": "200", "connectionState": "Open", "reason": "Backslash in URL path \u2014 not valid URI character, some servers normalize to /", "scored": true, "durationMs": 51.0135, "rawRequest": "GET /path\\file HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:49:36 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n", "behavioralNote": null}, {"id": "MAL-URL-OVERLONG-UTF8", "description": "Overlong UTF-8 encoding of / (0xC0 0xAF) in URL must be rejected", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": 400, "expected": "400 or close", "got": "400", "connectionState": "ClosedByServer", "reason": "Overlong UTF-8 encoding of / (0xC0 0xAF) in URL must be rejected", "scored": true, "durationMs": 50.9902, "rawRequest": "GET /?? HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 400 Bad Request\r\ncontent-type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\nInvalid HTTP request received.", "behavioralNote": null}, {"id": "MAL-URL-PERCENT-NULL", "description": "Percent-encoded NUL byte (%00) in URL \u2014 security risk from null byte injection", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx/404", "got": "200", "connectionState": "Open", "reason": "Percent-encoded NUL byte (%00) in URL \u2014 security risk from null byte injection", "scored": true, "durationMs": 51.2808, "rawRequest": "GET /path%00.html HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:49:36 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-URL-PERCENT-CRLF", "description": "Percent-encoded CRLF (%0d%0a) in URL \u2014 header injection if server decodes during parsing", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx/404", "got": "200", "connectionState": "Open", "reason": "Percent-encoded CRLF (%0d%0a) in URL \u2014 header injection if server decodes during parsing", "scored": true, "durationMs": 51.1843, "rawRequest": "GET /path%0d%0aX-Injected:%20true HTTP/1.1\r\nHost: localhost:8080\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:49:36 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-CHUNK-EXT-64K", "description": "64KB chunk extension \u2014 tests extension length limits (CVE-2023-39326 class)", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "400 or 2xx", "got": "200", "connectionState": "Open", "reason": "64KB chunk extension \u2014 tests extension length limits (CVE-2023-39326 class)", "scored": true, "durationMs": 52.5252, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nTransfer-Encoding: chunked\r\n\r\n5;ext=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:49:36 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-RANGE-OVERLAPPING", "description": "1000 overlapping Range values \u2014 resource exhaustion vector (CVE-2011-3192 class)", "category": "MalformedInput", "rfc": null, "verdict": "Warn", "statusCode": 200, "expected": "200/206/400/416", "got": "200", "connectionState": "Open", "reason": "1000 overlapping Range values \u2014 resource exhaustion vector (CVE-2011-3192 class)", "scored": false, "durationMs": 52.642, "rawRequest": "GET / HTTP/1.1\r\nHost: localhost:8080\r\nRange: bytes=0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-\r\n\r\n", "rawResponse": "HTTP/1.1 200 OK\r\ndate: Thu, 12 Feb 2026 21:49:36 GMT\r\nserver: uvicorn\r\ncontent-type: text/plain\r\nTransfer-Encoding: chunked\r\n\r\n2\r\nOK\r\n0\r\n\r\n", "behavioralNote": null}, {"id": "MAL-POST-CL-HUGE-NO-BODY", "description": "POST with Content-Length: 999999999 but no body \u2014 tests timeout vs memory allocation", "category": "MalformedInput", "rfc": null, "verdict": "Pass", "statusCode": null, "expected": "400/close/timeout", "got": "TimedOut", "connectionState": "TimedOut", "reason": "POST with Content-Length: 999999999 but no body \u2014 tests timeout vs memory allocation", "scored": true, "durationMs": 5000.6612, "rawRequest": "POST / HTTP/1.1\r\nHost: localhost:8080\r\nContent-Length: 999999999\r\n\r\n", "rawResponse": null, "behavioralNote": null}], "name": "Uvicorn", "language": "Python"}]};
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/.bin/mime b/src/Servers/ExpressServer/node_modules/.bin/mime
deleted file mode 120000
index fbb7ee0..0000000
--- a/src/Servers/ExpressServer/node_modules/.bin/mime
+++ /dev/null
@@ -1 +0,0 @@
-../mime/cli.js
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/.package-lock.json b/src/Servers/ExpressServer/node_modules/.package-lock.json
deleted file mode 100644
index e5bcf5f..0000000
--- a/src/Servers/ExpressServer/node_modules/.package-lock.json
+++ /dev/null
@@ -1,751 +0,0 @@
-{
-  "name": "express-server",
-  "lockfileVersion": 3,
-  "requires": true,
-  "packages": {
-    "node_modules/accepts": {
-      "version": "1.3.8",
-      "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz",
-      "integrity": "sha512-PYAthTa2m2VKxuvSD3DPC/Gy+U+sOA1LAuT8mkmRuvw+NACSaeXEQ+NHcVF7rONl6qcaxV3Uuemwawk+7+SJLw==",
-      "dependencies": {
-        "mime-types": "~2.1.34",
-        "negotiator": "0.6.3"
-      },
-      "engines": {
-        "node": ">= 0.6"
-      }
-    },
-    "node_modules/array-flatten": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz",
-      "integrity": "sha512-PCVAQswWemu6UdxsDFFX/+gVeYqKAod3D3UVm91jHwynguOwAvYPhx8nNlM++NqRcK6CxxpUafjmhIdKiHibqg=="
-    },
-    "node_modules/body-parser": {
-      "version": "1.20.4",
-      "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.4.tgz",
-      "integrity": "sha512-ZTgYYLMOXY9qKU/57FAo8F+HA2dGX7bqGc71txDRC1rS4frdFI5R7NhluHxH6M0YItAP0sHB4uqAOcYKxO6uGA==",
-      "dependencies": {
-        "bytes": "~3.1.2",
-        "content-type": "~1.0.5",
-        "debug": "2.6.9",
-        "depd": "2.0.0",
-        "destroy": "~1.2.0",
-        "http-errors": "~2.0.1",
-        "iconv-lite": "~0.4.24",
-        "on-finished": "~2.4.1",
-        "qs": "~6.14.0",
-        "raw-body": "~2.5.3",
-        "type-is": "~1.6.18",
-        "unpipe": "~1.0.0"
-      },
-      "engines": {
-        "node": ">= 0.8",
-        "npm": "1.2.8000 || >= 1.4.16"
-      }
-    },
-    "node_modules/bytes": {
-      "version": "3.1.2",
-      "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz",
-      "integrity": "sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg==",
-      "engines": {
-        "node": ">= 0.8"
-      }
-    },
-    "node_modules/call-bind-apply-helpers": {
-      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz",
-      "integrity": "sha512-Sp1ablJ0ivDkSzjcaJdxEunN5/XvksFJ2sMBFfq6x0ryhQV/2b/KwFe21cMpmHtPOSij8K99/wSfoEuTObmuMQ==",
-      "dependencies": {
-        "es-errors": "^1.3.0",
-        "function-bind": "^1.1.2"
-      },
-      "engines": {
-        "node": ">= 0.4"
-      }
-    },
-    "node_modules/call-bound": {
-      "version": "1.0.4",
-      "resolved": "https://registry.npmjs.org/call-bound/-/call-bound-1.0.4.tgz",
-      "integrity": "sha512-+ys997U96po4Kx/ABpBCqhA9EuxJaQWDQg7295H4hBphv3IZg0boBKuwYpt4YXp6MZ5AmZQnU/tyMTlRpaSejg==",
-      "dependencies": {
-        "call-bind-apply-helpers": "^1.0.2",
-        "get-intrinsic": "^1.3.0"
-      },
-      "engines": {
-        "node": ">= 0.4"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/ljharb"
-      }
-    },
-    "node_modules/content-disposition": {
-      "version": "0.5.4",
-      "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.4.tgz",
-      "integrity": "sha512-FveZTNuGw04cxlAiWbzi6zTAL/lhehaWbTtgluJh4/E95DqMwTmha3KZN1aAWA8cFIhHzMZUvLevkw5Rqk+tSQ==",
-      "dependencies": {
-        "safe-buffer": "5.2.1"
-      },
-      "engines": {
-        "node": ">= 0.6"
-      }
-    },
-    "node_modules/content-type": {
-      "version": "1.0.5",
-      "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz",
-      "integrity": "sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA==",
-      "engines": {
-        "node": ">= 0.6"
-      }
-    },
-    "node_modules/cookie": {
-      "version": "0.7.2",
-      "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.2.tgz",
-      "integrity": "sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w==",
-      "engines": {
-        "node": ">= 0.6"
-      }
-    },
-    "node_modules/cookie-signature": {
-      "version": "1.0.7",
-      "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.7.tgz",
-      "integrity": "sha512-NXdYc3dLr47pBkpUCHtKSwIOQXLVn8dZEuywboCOJY/osA0wFSLlSawr3KN8qXJEyX66FcONTH8EIlVuK0yyFA=="
-    },
-    "node_modules/debug": {
-      "version": "2.6.9",
-      "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
-      "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==",
-      "dependencies": {
-        "ms": "2.0.0"
-      }
-    },
-    "node_modules/depd": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz",
-      "integrity": "sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw==",
-      "engines": {
-        "node": ">= 0.8"
-      }
-    },
-    "node_modules/destroy": {
-      "version": "1.2.0",
-      "resolved": "https://registry.npmjs.org/destroy/-/destroy-1.2.0.tgz",
-      "integrity": "sha512-2sJGJTaXIIaR1w4iJSNoN0hnMY7Gpc/n8D4qSCJw8QqFWXf7cuAgnEHxBpweaVcPevC2l3KpjYCx3NypQQgaJg==",
-      "engines": {
-        "node": ">= 0.8",
-        "npm": "1.2.8000 || >= 1.4.16"
-      }
-    },
-    "node_modules/dunder-proto": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/dunder-proto/-/dunder-proto-1.0.1.tgz",
-      "integrity": "sha512-KIN/nDJBQRcXw0MLVhZE9iQHmG68qAVIBg9CqmUYjmQIhgij9U5MFvrqkUL5FbtyyzZuOeOt0zdeRe4UY7ct+A==",
-      "dependencies": {
-        "call-bind-apply-helpers": "^1.0.1",
-        "es-errors": "^1.3.0",
-        "gopd": "^1.2.0"
-      },
-      "engines": {
-        "node": ">= 0.4"
-      }
-    },
-    "node_modules/ee-first": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz",
-      "integrity": "sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow=="
-    },
-    "node_modules/encodeurl": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-2.0.0.tgz",
-      "integrity": "sha512-Q0n9HRi4m6JuGIV1eFlmvJB7ZEVxu93IrMyiMsGC0lrMJMWzRgx6WGquyfQgZVb31vhGgXnfmPNNXmxnOkRBrg==",
-      "engines": {
-        "node": ">= 0.8"
-      }
-    },
-    "node_modules/es-define-property": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.1.tgz",
-      "integrity": "sha512-e3nRfgfUZ4rNGL232gUgX06QNyyez04KdjFrF+LTRoOXmrOgFKDg4BCdsjW8EnT69eqdYGmRpJwiPVYNrCaW3g==",
-      "engines": {
-        "node": ">= 0.4"
-      }
-    },
-    "node_modules/es-errors": {
-      "version": "1.3.0",
-      "resolved": "https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz",
-      "integrity": "sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw==",
-      "engines": {
-        "node": ">= 0.4"
-      }
-    },
-    "node_modules/es-object-atoms": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/es-object-atoms/-/es-object-atoms-1.1.1.tgz",
-      "integrity": "sha512-FGgH2h8zKNim9ljj7dankFPcICIK9Cp5bm+c2gQSYePhpaG5+esrLODihIorn+Pe6FGJzWhXQotPv73jTaldXA==",
-      "dependencies": {
-        "es-errors": "^1.3.0"
-      },
-      "engines": {
-        "node": ">= 0.4"
-      }
-    },
-    "node_modules/escape-html": {
-      "version": "1.0.3",
-      "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz",
-      "integrity": "sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow=="
-    },
-    "node_modules/etag": {
-      "version": "1.8.1",
-      "resolved": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz",
-      "integrity": "sha512-aIL5Fx7mawVa300al2BnEE4iNvo1qETxLrPI/o05L7z6go7fCw1J6EQmbK4FmJ2AS7kgVF/KEZWufBfdClMcPg==",
-      "engines": {
-        "node": ">= 0.6"
-      }
-    },
-    "node_modules/express": {
-      "version": "4.22.1",
-      "resolved": "https://registry.npmjs.org/express/-/express-4.22.1.tgz",
-      "integrity": "sha512-F2X8g9P1X7uCPZMA3MVf9wcTqlyNp7IhH5qPCI0izhaOIYXaW9L535tGA3qmjRzpH+bZczqq7hVKxTR4NWnu+g==",
-      "dependencies": {
-        "accepts": "~1.3.8",
-        "array-flatten": "1.1.1",
-        "body-parser": "~1.20.3",
-        "content-disposition": "~0.5.4",
-        "content-type": "~1.0.4",
-        "cookie": "~0.7.1",
-        "cookie-signature": "~1.0.6",
-        "debug": "2.6.9",
-        "depd": "2.0.0",
-        "encodeurl": "~2.0.0",
-        "escape-html": "~1.0.3",
-        "etag": "~1.8.1",
-        "finalhandler": "~1.3.1",
-        "fresh": "~0.5.2",
-        "http-errors": "~2.0.0",
-        "merge-descriptors": "1.0.3",
-        "methods": "~1.1.2",
-        "on-finished": "~2.4.1",
-        "parseurl": "~1.3.3",
-        "path-to-regexp": "~0.1.12",
-        "proxy-addr": "~2.0.7",
-        "qs": "~6.14.0",
-        "range-parser": "~1.2.1",
-        "safe-buffer": "5.2.1",
-        "send": "~0.19.0",
-        "serve-static": "~1.16.2",
-        "setprototypeof": "1.2.0",
-        "statuses": "~2.0.1",
-        "type-is": "~1.6.18",
-        "utils-merge": "1.0.1",
-        "vary": "~1.1.2"
-      },
-      "engines": {
-        "node": ">= 0.10.0"
-      },
-      "funding": {
-        "type": "opencollective",
-        "url": "https://opencollective.com/express"
-      }
-    },
-    "node_modules/finalhandler": {
-      "version": "1.3.2",
-      "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.3.2.tgz",
-      "integrity": "sha512-aA4RyPcd3badbdABGDuTXCMTtOneUCAYH/gxoYRTZlIJdF0YPWuGqiAsIrhNnnqdXGswYk6dGujem4w80UJFhg==",
-      "dependencies": {
-        "debug": "2.6.9",
-        "encodeurl": "~2.0.0",
-        "escape-html": "~1.0.3",
-        "on-finished": "~2.4.1",
-        "parseurl": "~1.3.3",
-        "statuses": "~2.0.2",
-        "unpipe": "~1.0.0"
-      },
-      "engines": {
-        "node": ">= 0.8"
-      }
-    },
-    "node_modules/forwarded": {
-      "version": "0.2.0",
-      "resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz",
-      "integrity": "sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow==",
-      "engines": {
-        "node": ">= 0.6"
-      }
-    },
-    "node_modules/fresh": {
-      "version": "0.5.2",
-      "resolved": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz",
-      "integrity": "sha512-zJ2mQYM18rEFOudeV4GShTGIQ7RbzA7ozbU9I/XBpm7kqgMywgmylMwXHxZJmkVoYkna9d2pVXVXPdYTP9ej8Q==",
-      "engines": {
-        "node": ">= 0.6"
-      }
-    },
-    "node_modules/function-bind": {
-      "version": "1.1.2",
-      "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz",
-      "integrity": "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==",
-      "funding": {
-        "url": "https://github.com/sponsors/ljharb"
-      }
-    },
-    "node_modules/get-intrinsic": {
-      "version": "1.3.0",
-      "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.3.0.tgz",
-      "integrity": "sha512-9fSjSaos/fRIVIp+xSJlE6lfwhES7LNtKaCBIamHsjr2na1BiABJPo0mOjjz8GJDURarmCPGqaiVg5mfjb98CQ==",
-      "dependencies": {
-        "call-bind-apply-helpers": "^1.0.2",
-        "es-define-property": "^1.0.1",
-        "es-errors": "^1.3.0",
-        "es-object-atoms": "^1.1.1",
-        "function-bind": "^1.1.2",
-        "get-proto": "^1.0.1",
-        "gopd": "^1.2.0",
-        "has-symbols": "^1.1.0",
-        "hasown": "^2.0.2",
-        "math-intrinsics": "^1.1.0"
-      },
-      "engines": {
-        "node": ">= 0.4"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/ljharb"
-      }
-    },
-    "node_modules/get-proto": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/get-proto/-/get-proto-1.0.1.tgz",
-      "integrity": "sha512-sTSfBjoXBp89JvIKIefqw7U2CCebsc74kiY6awiGogKtoSGbgjYE/G/+l9sF3MWFPNc9IcoOC4ODfKHfxFmp0g==",
-      "dependencies": {
-        "dunder-proto": "^1.0.1",
-        "es-object-atoms": "^1.0.0"
-      },
-      "engines": {
-        "node": ">= 0.4"
-      }
-    },
-    "node_modules/gopd": {
-      "version": "1.2.0",
-      "resolved": "https://registry.npmjs.org/gopd/-/gopd-1.2.0.tgz",
-      "integrity": "sha512-ZUKRh6/kUFoAiTAtTYPZJ3hw9wNxx+BIBOijnlG9PnrJsCcSjs1wyyD6vJpaYtgnzDrKYRSqf3OO6Rfa93xsRg==",
-      "engines": {
-        "node": ">= 0.4"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/ljharb"
-      }
-    },
-    "node_modules/has-symbols": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.1.0.tgz",
-      "integrity": "sha512-1cDNdwJ2Jaohmb3sg4OmKaMBwuC48sYni5HUw2DvsC8LjGTLK9h+eb1X6RyuOHe4hT0ULCW68iomhjUoKUqlPQ==",
-      "engines": {
-        "node": ">= 0.4"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/ljharb"
-      }
-    },
-    "node_modules/hasown": {
-      "version": "2.0.2",
-      "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz",
-      "integrity": "sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ==",
-      "dependencies": {
-        "function-bind": "^1.1.2"
-      },
-      "engines": {
-        "node": ">= 0.4"
-      }
-    },
-    "node_modules/http-errors": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.1.tgz",
-      "integrity": "sha512-4FbRdAX+bSdmo4AUFuS0WNiPz8NgFt+r8ThgNWmlrjQjt1Q7ZR9+zTlce2859x4KSXrwIsaeTqDoKQmtP8pLmQ==",
-      "dependencies": {
-        "depd": "~2.0.0",
-        "inherits": "~2.0.4",
-        "setprototypeof": "~1.2.0",
-        "statuses": "~2.0.2",
-        "toidentifier": "~1.0.1"
-      },
-      "engines": {
-        "node": ">= 0.8"
-      },
-      "funding": {
-        "type": "opencollective",
-        "url": "https://opencollective.com/express"
-      }
-    },
-    "node_modules/iconv-lite": {
-      "version": "0.4.24",
-      "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz",
-      "integrity": "sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==",
-      "dependencies": {
-        "safer-buffer": ">= 2.1.2 < 3"
-      },
-      "engines": {
-        "node": ">=0.10.0"
-      }
-    },
-    "node_modules/inherits": {
-      "version": "2.0.4",
-      "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz",
-      "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ=="
-    },
-    "node_modules/ipaddr.js": {
-      "version": "1.9.1",
-      "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz",
-      "integrity": "sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==",
-      "engines": {
-        "node": ">= 0.10"
-      }
-    },
-    "node_modules/math-intrinsics": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/math-intrinsics/-/math-intrinsics-1.1.0.tgz",
-      "integrity": "sha512-/IXtbwEk5HTPyEwyKX6hGkYXxM9nbj64B+ilVJnC/R6B0pH5G4V3b0pVbL7DBj4tkhBAppbQUlf6F6Xl9LHu1g==",
-      "engines": {
-        "node": ">= 0.4"
-      }
-    },
-    "node_modules/media-typer": {
-      "version": "0.3.0",
-      "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz",
-      "integrity": "sha512-dq+qelQ9akHpcOl/gUVRTxVIOkAJ1wR3QAvb4RsVjS8oVoFjDGTc679wJYmUmknUF5HwMLOgb5O+a3KxfWapPQ==",
-      "engines": {
-        "node": ">= 0.6"
-      }
-    },
-    "node_modules/merge-descriptors": {
-      "version": "1.0.3",
-      "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.3.tgz",
-      "integrity": "sha512-gaNvAS7TZ897/rVaZ0nMtAyxNyi/pdbjbAwUpFQpN70GqnVfOiXpeUUMKRBmzXaSQ8DdTX4/0ms62r2K+hE6mQ==",
-      "funding": {
-        "url": "https://github.com/sponsors/sindresorhus"
-      }
-    },
-    "node_modules/methods": {
-      "version": "1.1.2",
-      "resolved": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz",
-      "integrity": "sha512-iclAHeNqNm68zFtnZ0e+1L2yUIdvzNoauKU4WBA3VvH/vPFieF7qfRlwUZU+DA9P9bPXIS90ulxoUoCH23sV2w==",
-      "engines": {
-        "node": ">= 0.6"
-      }
-    },
-    "node_modules/mime": {
-      "version": "1.6.0",
-      "resolved": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz",
-      "integrity": "sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg==",
-      "bin": {
-        "mime": "cli.js"
-      },
-      "engines": {
-        "node": ">=4"
-      }
-    },
-    "node_modules/mime-db": {
-      "version": "1.52.0",
-      "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz",
-      "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==",
-      "engines": {
-        "node": ">= 0.6"
-      }
-    },
-    "node_modules/mime-types": {
-      "version": "2.1.35",
-      "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz",
-      "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==",
-      "dependencies": {
-        "mime-db": "1.52.0"
-      },
-      "engines": {
-        "node": ">= 0.6"
-      }
-    },
-    "node_modules/ms": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
-      "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A=="
-    },
-    "node_modules/negotiator": {
-      "version": "0.6.3",
-      "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz",
-      "integrity": "sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg==",
-      "engines": {
-        "node": ">= 0.6"
-      }
-    },
-    "node_modules/object-inspect": {
-      "version": "1.13.4",
-      "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.4.tgz",
-      "integrity": "sha512-W67iLl4J2EXEGTbfeHCffrjDfitvLANg0UlX3wFUUSTx92KXRFegMHUVgSqE+wvhAbi4WqjGg9czysTV2Epbew==",
-      "engines": {
-        "node": ">= 0.4"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/ljharb"
-      }
-    },
-    "node_modules/on-finished": {
-      "version": "2.4.1",
-      "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz",
-      "integrity": "sha512-oVlzkg3ENAhCk2zdv7IJwd/QUD4z2RxRwpkcGY8psCVcCYZNq4wYnVWALHM+brtuJjePWiYF/ClmuDr8Ch5+kg==",
-      "dependencies": {
-        "ee-first": "1.1.1"
-      },
-      "engines": {
-        "node": ">= 0.8"
-      }
-    },
-    "node_modules/parseurl": {
-      "version": "1.3.3",
-      "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz",
-      "integrity": "sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ==",
-      "engines": {
-        "node": ">= 0.8"
-      }
-    },
-    "node_modules/path-to-regexp": {
-      "version": "0.1.12",
-      "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.12.tgz",
-      "integrity": "sha512-RA1GjUVMnvYFxuqovrEqZoxxW5NUZqbwKtYz/Tt7nXerk0LbLblQmrsgdeOxV5SFHf0UDggjS/bSeOZwt1pmEQ=="
-    },
-    "node_modules/proxy-addr": {
-      "version": "2.0.7",
-      "resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz",
-      "integrity": "sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==",
-      "dependencies": {
-        "forwarded": "0.2.0",
-        "ipaddr.js": "1.9.1"
-      },
-      "engines": {
-        "node": ">= 0.10"
-      }
-    },
-    "node_modules/qs": {
-      "version": "6.14.2",
-      "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.2.tgz",
-      "integrity": "sha512-V/yCWTTF7VJ9hIh18Ugr2zhJMP01MY7c5kh4J870L7imm6/DIzBsNLTXzMwUA3yZ5b/KBqLx8Kp3uRvd7xSe3Q==",
-      "dependencies": {
-        "side-channel": "^1.1.0"
-      },
-      "engines": {
-        "node": ">=0.6"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/ljharb"
-      }
-    },
-    "node_modules/range-parser": {
-      "version": "1.2.1",
-      "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz",
-      "integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==",
-      "engines": {
-        "node": ">= 0.6"
-      }
-    },
-    "node_modules/raw-body": {
-      "version": "2.5.3",
-      "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.3.tgz",
-      "integrity": "sha512-s4VSOf6yN0rvbRZGxs8Om5CWj6seneMwK3oDb4lWDH0UPhWcxwOWw5+qk24bxq87szX1ydrwylIOp2uG1ojUpA==",
-      "dependencies": {
-        "bytes": "~3.1.2",
-        "http-errors": "~2.0.1",
-        "iconv-lite": "~0.4.24",
-        "unpipe": "~1.0.0"
-      },
-      "engines": {
-        "node": ">= 0.8"
-      }
-    },
-    "node_modules/safe-buffer": {
-      "version": "5.2.1",
-      "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz",
-      "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==",
-      "funding": [
-        {
-          "type": "github",
-          "url": "https://github.com/sponsors/feross"
-        },
-        {
-          "type": "patreon",
-          "url": "https://www.patreon.com/feross"
-        },
-        {
-          "type": "consulting",
-          "url": "https://feross.org/support"
-        }
-      ]
-    },
-    "node_modules/safer-buffer": {
-      "version": "2.1.2",
-      "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz",
-      "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg=="
-    },
-    "node_modules/send": {
-      "version": "0.19.2",
-      "resolved": "https://registry.npmjs.org/send/-/send-0.19.2.tgz",
-      "integrity": "sha512-VMbMxbDeehAxpOtWJXlcUS5E8iXh6QmN+BkRX1GARS3wRaXEEgzCcB10gTQazO42tpNIya8xIyNx8fll1OFPrg==",
-      "dependencies": {
-        "debug": "2.6.9",
-        "depd": "2.0.0",
-        "destroy": "1.2.0",
-        "encodeurl": "~2.0.0",
-        "escape-html": "~1.0.3",
-        "etag": "~1.8.1",
-        "fresh": "~0.5.2",
-        "http-errors": "~2.0.1",
-        "mime": "1.6.0",
-        "ms": "2.1.3",
-        "on-finished": "~2.4.1",
-        "range-parser": "~1.2.1",
-        "statuses": "~2.0.2"
-      },
-      "engines": {
-        "node": ">= 0.8.0"
-      }
-    },
-    "node_modules/send/node_modules/ms": {
-      "version": "2.1.3",
-      "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
-      "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA=="
-    },
-    "node_modules/serve-static": {
-      "version": "1.16.3",
-      "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-1.16.3.tgz",
-      "integrity": "sha512-x0RTqQel6g5SY7Lg6ZreMmsOzncHFU7nhnRWkKgWuMTu5NN0DR5oruckMqRvacAN9d5w6ARnRBXl9xhDCgfMeA==",
-      "dependencies": {
-        "encodeurl": "~2.0.0",
-        "escape-html": "~1.0.3",
-        "parseurl": "~1.3.3",
-        "send": "~0.19.1"
-      },
-      "engines": {
-        "node": ">= 0.8.0"
-      }
-    },
-    "node_modules/setprototypeof": {
-      "version": "1.2.0",
-      "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz",
-      "integrity": "sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw=="
-    },
-    "node_modules/side-channel": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.1.0.tgz",
-      "integrity": "sha512-ZX99e6tRweoUXqR+VBrslhda51Nh5MTQwou5tnUDgbtyM0dBgmhEDtWGP/xbKn6hqfPRHujUNwz5fy/wbbhnpw==",
-      "dependencies": {
-        "es-errors": "^1.3.0",
-        "object-inspect": "^1.13.3",
-        "side-channel-list": "^1.0.0",
-        "side-channel-map": "^1.0.1",
-        "side-channel-weakmap": "^1.0.2"
-      },
-      "engines": {
-        "node": ">= 0.4"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/ljharb"
-      }
-    },
-    "node_modules/side-channel-list": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/side-channel-list/-/side-channel-list-1.0.0.tgz",
-      "integrity": "sha512-FCLHtRD/gnpCiCHEiJLOwdmFP+wzCmDEkc9y7NsYxeF4u7Btsn1ZuwgwJGxImImHicJArLP4R0yX4c2KCrMrTA==",
-      "dependencies": {
-        "es-errors": "^1.3.0",
-        "object-inspect": "^1.13.3"
-      },
-      "engines": {
-        "node": ">= 0.4"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/ljharb"
-      }
-    },
-    "node_modules/side-channel-map": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/side-channel-map/-/side-channel-map-1.0.1.tgz",
-      "integrity": "sha512-VCjCNfgMsby3tTdo02nbjtM/ewra6jPHmpThenkTYh8pG9ucZ/1P8So4u4FGBek/BjpOVsDCMoLA/iuBKIFXRA==",
-      "dependencies": {
-        "call-bound": "^1.0.2",
-        "es-errors": "^1.3.0",
-        "get-intrinsic": "^1.2.5",
-        "object-inspect": "^1.13.3"
-      },
-      "engines": {
-        "node": ">= 0.4"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/ljharb"
-      }
-    },
-    "node_modules/side-channel-weakmap": {
-      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/side-channel-weakmap/-/side-channel-weakmap-1.0.2.tgz",
-      "integrity": "sha512-WPS/HvHQTYnHisLo9McqBHOJk2FkHO/tlpvldyrnem4aeQp4hai3gythswg6p01oSoTl58rcpiFAjF2br2Ak2A==",
-      "dependencies": {
-        "call-bound": "^1.0.2",
-        "es-errors": "^1.3.0",
-        "get-intrinsic": "^1.2.5",
-        "object-inspect": "^1.13.3",
-        "side-channel-map": "^1.0.1"
-      },
-      "engines": {
-        "node": ">= 0.4"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/ljharb"
-      }
-    },
-    "node_modules/statuses": {
-      "version": "2.0.2",
-      "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.2.tgz",
-      "integrity": "sha512-DvEy55V3DB7uknRo+4iOGT5fP1slR8wQohVdknigZPMpMstaKJQWhwiYBACJE3Ul2pTnATihhBYnRhZQHGBiRw==",
-      "engines": {
-        "node": ">= 0.8"
-      }
-    },
-    "node_modules/toidentifier": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz",
-      "integrity": "sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA==",
-      "engines": {
-        "node": ">=0.6"
-      }
-    },
-    "node_modules/type-is": {
-      "version": "1.6.18",
-      "resolved": "https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz",
-      "integrity": "sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==",
-      "dependencies": {
-        "media-typer": "0.3.0",
-        "mime-types": "~2.1.24"
-      },
-      "engines": {
-        "node": ">= 0.6"
-      }
-    },
-    "node_modules/unpipe": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz",
-      "integrity": "sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ==",
-      "engines": {
-        "node": ">= 0.8"
-      }
-    },
-    "node_modules/utils-merge": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz",
-      "integrity": "sha512-pMZTvIkT1d+TFGvDOqodOclx0QWkkgi6Tdoa8gC8ffGAAqz9pzPTZWAybbsHHoED/ztMtkv/VoYTYyShUn81hA==",
-      "engines": {
-        "node": ">= 0.4.0"
-      }
-    },
-    "node_modules/vary": {
-      "version": "1.1.2",
-      "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz",
-      "integrity": "sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg==",
-      "engines": {
-        "node": ">= 0.8"
-      }
-    }
-  }
-}
diff --git a/src/Servers/ExpressServer/node_modules/accepts/HISTORY.md b/src/Servers/ExpressServer/node_modules/accepts/HISTORY.md
deleted file mode 100644
index cb5990c..0000000
--- a/src/Servers/ExpressServer/node_modules/accepts/HISTORY.md
+++ /dev/null
@@ -1,243 +0,0 @@
-1.3.8 / 2022-02-02
-==================
-
-  * deps: mime-types@~2.1.34
-    - deps: mime-db@~1.51.0
-  * deps: negotiator@0.6.3
-
-1.3.7 / 2019-04-29
-==================
-
-  * deps: negotiator@0.6.2
-    - Fix sorting charset, encoding, and language with extra parameters
-
-1.3.6 / 2019-04-28
-==================
-
-  * deps: mime-types@~2.1.24
-    - deps: mime-db@~1.40.0
-
-1.3.5 / 2018-02-28
-==================
-
-  * deps: mime-types@~2.1.18
-    - deps: mime-db@~1.33.0
-
-1.3.4 / 2017-08-22
-==================
-
-  * deps: mime-types@~2.1.16
-    - deps: mime-db@~1.29.0
-
-1.3.3 / 2016-05-02
-==================
-
-  * deps: mime-types@~2.1.11
-    - deps: mime-db@~1.23.0
-  * deps: negotiator@0.6.1
-    - perf: improve `Accept` parsing speed
-    - perf: improve `Accept-Charset` parsing speed
-    - perf: improve `Accept-Encoding` parsing speed
-    - perf: improve `Accept-Language` parsing speed
-
-1.3.2 / 2016-03-08
-==================
-
-  * deps: mime-types@~2.1.10
-    - Fix extension of `application/dash+xml`
-    - Update primary extension for `audio/mp4`
-    - deps: mime-db@~1.22.0
-
-1.3.1 / 2016-01-19
-==================
-
-  * deps: mime-types@~2.1.9
-    - deps: mime-db@~1.21.0
-
-1.3.0 / 2015-09-29
-==================
-
-  * deps: mime-types@~2.1.7
-    - deps: mime-db@~1.19.0
-  * deps: negotiator@0.6.0
-    - Fix including type extensions in parameters in `Accept` parsing
-    - Fix parsing `Accept` parameters with quoted equals
-    - Fix parsing `Accept` parameters with quoted semicolons
-    - Lazy-load modules from main entry point
-    - perf: delay type concatenation until needed
-    - perf: enable strict mode
-    - perf: hoist regular expressions
-    - perf: remove closures getting spec properties
-    - perf: remove a closure from media type parsing
-    - perf: remove property delete from media type parsing
-
-1.2.13 / 2015-09-06
-===================
-
-  * deps: mime-types@~2.1.6
-    - deps: mime-db@~1.18.0
-
-1.2.12 / 2015-07-30
-===================
-
-  * deps: mime-types@~2.1.4
-    - deps: mime-db@~1.16.0
-
-1.2.11 / 2015-07-16
-===================
-
-  * deps: mime-types@~2.1.3
-    - deps: mime-db@~1.15.0
-
-1.2.10 / 2015-07-01
-===================
-
-  * deps: mime-types@~2.1.2
-    - deps: mime-db@~1.14.0
-
-1.2.9 / 2015-06-08
-==================
-
-  * deps: mime-types@~2.1.1
-    - perf: fix deopt during mapping
-
-1.2.8 / 2015-06-07
-==================
-
-  * deps: mime-types@~2.1.0
-    - deps: mime-db@~1.13.0
-  * perf: avoid argument reassignment & argument slice
-  * perf: avoid negotiator recursive construction
-  * perf: enable strict mode
-  * perf: remove unnecessary bitwise operator
-
-1.2.7 / 2015-05-10
-==================
-
-  * deps: negotiator@0.5.3
-    - Fix media type parameter matching to be case-insensitive
-
-1.2.6 / 2015-05-07
-==================
-
-  * deps: mime-types@~2.0.11
-    - deps: mime-db@~1.9.1
-  * deps: negotiator@0.5.2
-    - Fix comparing media types with quoted values
-    - Fix splitting media types with quoted commas
-
-1.2.5 / 2015-03-13
-==================
-
-  * deps: mime-types@~2.0.10
-    - deps: mime-db@~1.8.0
-
-1.2.4 / 2015-02-14
-==================
-
-  * Support Node.js 0.6
-  * deps: mime-types@~2.0.9
-    - deps: mime-db@~1.7.0
-  * deps: negotiator@0.5.1
-    - Fix preference sorting to be stable for long acceptable lists
-
-1.2.3 / 2015-01-31
-==================
-
-  * deps: mime-types@~2.0.8
-    - deps: mime-db@~1.6.0
-
-1.2.2 / 2014-12-30
-==================
-
-  * deps: mime-types@~2.0.7
-    - deps: mime-db@~1.5.0
-
-1.2.1 / 2014-12-30
-==================
-
-  * deps: mime-types@~2.0.5
-    - deps: mime-db@~1.3.1
-
-1.2.0 / 2014-12-19
-==================
-
-  * deps: negotiator@0.5.0
-    - Fix list return order when large accepted list
-    - Fix missing identity encoding when q=0 exists
-    - Remove dynamic building of Negotiator class
-
-1.1.4 / 2014-12-10
-==================
-
-  * deps: mime-types@~2.0.4
-    - deps: mime-db@~1.3.0
-
-1.1.3 / 2014-11-09
-==================
-
-  * deps: mime-types@~2.0.3
-    - deps: mime-db@~1.2.0
-
-1.1.2 / 2014-10-14
-==================
-
-  * deps: negotiator@0.4.9
-    - Fix error when media type has invalid parameter
-
-1.1.1 / 2014-09-28
-==================
-
-  * deps: mime-types@~2.0.2
-    - deps: mime-db@~1.1.0
-  * deps: negotiator@0.4.8
-    - Fix all negotiations to be case-insensitive
-    - Stable sort preferences of same quality according to client order
-
-1.1.0 / 2014-09-02
-==================
-
-  * update `mime-types`
-
-1.0.7 / 2014-07-04
-==================
-
-  * Fix wrong type returned from `type` when match after unknown extension
-
-1.0.6 / 2014-06-24
-==================
-
-  * deps: negotiator@0.4.7
-
-1.0.5 / 2014-06-20
-==================
-
- * fix crash when unknown extension given
-
-1.0.4 / 2014-06-19
-==================
-
-  * use `mime-types`
-
-1.0.3 / 2014-06-11
-==================
-
-  * deps: negotiator@0.4.6
-    - Order by specificity when quality is the same
-
-1.0.2 / 2014-05-29
-==================
-
-  * Fix interpretation when header not in request
-  * deps: pin negotiator@0.4.5
-
-1.0.1 / 2014-01-18
-==================
-
-  * Identity encoding isn't always acceptable
-  * deps: negotiator@~0.4.0
-
-1.0.0 / 2013-12-27
-==================
-
-  * Genesis
diff --git a/src/Servers/ExpressServer/node_modules/accepts/LICENSE b/src/Servers/ExpressServer/node_modules/accepts/LICENSE
deleted file mode 100644
index 0616607..0000000
--- a/src/Servers/ExpressServer/node_modules/accepts/LICENSE
+++ /dev/null
@@ -1,23 +0,0 @@
-(The MIT License)
-
-Copyright (c) 2014 Jonathan Ong <me@jongleberry.com>
-Copyright (c) 2015 Douglas Christopher Wilson <doug@somethingdoug.com>
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-'Software'), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
-CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
-TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
-SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/accepts/README.md b/src/Servers/ExpressServer/node_modules/accepts/README.md
deleted file mode 100644
index 82680c5..0000000
--- a/src/Servers/ExpressServer/node_modules/accepts/README.md
+++ /dev/null
@@ -1,140 +0,0 @@
-# accepts
-
-[![NPM Version][npm-version-image]][npm-url]
-[![NPM Downloads][npm-downloads-image]][npm-url]
-[![Node.js Version][node-version-image]][node-version-url]
-[![Build Status][github-actions-ci-image]][github-actions-ci-url]
-[![Test Coverage][coveralls-image]][coveralls-url]
-
-Higher level content negotiation based on [negotiator](https://www.npmjs.com/package/negotiator).
-Extracted from [koa](https://www.npmjs.com/package/koa) for general use.
-
-In addition to negotiator, it allows:
-
-- Allows types as an array or arguments list, ie `(['text/html', 'application/json'])`
-  as well as `('text/html', 'application/json')`.
-- Allows type shorthands such as `json`.
-- Returns `false` when no types match
-- Treats non-existent headers as `*`
-
-## Installation
-
-This is a [Node.js](https://nodejs.org/en/) module available through the
-[npm registry](https://www.npmjs.com/). Installation is done using the
-[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
-
-```sh
-$ npm install accepts
-```
-
-## API
-
-```js
-var accepts = require('accepts')
-```
-
-### accepts(req)
-
-Create a new `Accepts` object for the given `req`.
-
-#### .charset(charsets)
-
-Return the first accepted charset. If nothing in `charsets` is accepted,
-then `false` is returned.
-
-#### .charsets()
-
-Return the charsets that the request accepts, in the order of the client's
-preference (most preferred first).
-
-#### .encoding(encodings)
-
-Return the first accepted encoding. If nothing in `encodings` is accepted,
-then `false` is returned.
-
-#### .encodings()
-
-Return the encodings that the request accepts, in the order of the client's
-preference (most preferred first).
-
-#### .language(languages)
-
-Return the first accepted language. If nothing in `languages` is accepted,
-then `false` is returned.
-
-#### .languages()
-
-Return the languages that the request accepts, in the order of the client's
-preference (most preferred first).
-
-#### .type(types)
-
-Return the first accepted type (and it is returned as the same text as what
-appears in the `types` array). If nothing in `types` is accepted, then `false`
-is returned.
-
-The `types` array can contain full MIME types or file extensions. Any value
-that is not a full MIME types is passed to `require('mime-types').lookup`.
-
-#### .types()
-
-Return the types that the request accepts, in the order of the client's
-preference (most preferred first).
-
-## Examples
-
-### Simple type negotiation
-
-This simple example shows how to use `accepts` to return a different typed
-respond body based on what the client wants to accept. The server lists it's
-preferences in order and will get back the best match between the client and
-server.
-
-```js
-var accepts = require('accepts')
-var http = require('http')
-
-function app (req, res) {
-  var accept = accepts(req)
-
-  // the order of this list is significant; should be server preferred order
-  switch (accept.type(['json', 'html'])) {
-    case 'json':
-      res.setHeader('Content-Type', 'application/json')
-      res.write('{"hello":"world!"}')
-      break
-    case 'html':
-      res.setHeader('Content-Type', 'text/html')
-      res.write('<b>hello, world!</b>')
-      break
-    default:
-      // the fallback is text/plain, so no need to specify it above
-      res.setHeader('Content-Type', 'text/plain')
-      res.write('hello, world!')
-      break
-  }
-
-  res.end()
-}
-
-http.createServer(app).listen(3000)
-```
-
-You can test this out with the cURL program:
-```sh
-curl -I -H'Accept: text/html' http://localhost:3000/
-```
-
-## License
-
-[MIT](LICENSE)
-
-[coveralls-image]: https://badgen.net/coveralls/c/github/jshttp/accepts/master
-[coveralls-url]: https://coveralls.io/r/jshttp/accepts?branch=master
-[github-actions-ci-image]: https://badgen.net/github/checks/jshttp/accepts/master?label=ci
-[github-actions-ci-url]: https://github.com/jshttp/accepts/actions/workflows/ci.yml
-[node-version-image]: https://badgen.net/npm/node/accepts
-[node-version-url]: https://nodejs.org/en/download
-[npm-downloads-image]: https://badgen.net/npm/dm/accepts
-[npm-url]: https://npmjs.org/package/accepts
-[npm-version-image]: https://badgen.net/npm/v/accepts
diff --git a/src/Servers/ExpressServer/node_modules/accepts/index.js b/src/Servers/ExpressServer/node_modules/accepts/index.js
deleted file mode 100644
index e9b2f63..0000000
--- a/src/Servers/ExpressServer/node_modules/accepts/index.js
+++ /dev/null
@@ -1,238 +0,0 @@
-/*!
- * accepts
- * Copyright(c) 2014 Jonathan Ong
- * Copyright(c) 2015 Douglas Christopher Wilson
- * MIT Licensed
- */
-
-'use strict'
-
-/**
- * Module dependencies.
- * @private
- */
-
-var Negotiator = require('negotiator')
-var mime = require('mime-types')
-
-/**
- * Module exports.
- * @public
- */
-
-module.exports = Accepts
-
-/**
- * Create a new Accepts object for the given req.
- *
- * @param {object} req
- * @public
- */
-
-function Accepts (req) {
-  if (!(this instanceof Accepts)) {
-    return new Accepts(req)
-  }
-
-  this.headers = req.headers
-  this.negotiator = new Negotiator(req)
-}
-
-/**
- * Check if the given `type(s)` is acceptable, returning
- * the best match when true, otherwise `undefined`, in which
- * case you should respond with 406 "Not Acceptable".
- *
- * The `type` value may be a single mime type string
- * such as "application/json", the extension name
- * such as "json" or an array `["json", "html", "text/plain"]`. When a list
- * or array is given the _best_ match, if any is returned.
- *
- * Examples:
- *
- *     // Accept: text/html
- *     this.types('html');
- *     // => "html"
- *
- *     // Accept: text/*, application/json
- *     this.types('html');
- *     // => "html"
- *     this.types('text/html');
- *     // => "text/html"
- *     this.types('json', 'text');
- *     // => "json"
- *     this.types('application/json');
- *     // => "application/json"
- *
- *     // Accept: text/*, application/json
- *     this.types('image/png');
- *     this.types('png');
- *     // => undefined
- *
- *     // Accept: text/*;q=.5, application/json
- *     this.types(['html', 'json']);
- *     this.types('html', 'json');
- *     // => "json"
- *
- * @param {String|Array} types...
- * @return {String|Array|Boolean}
- * @public
- */
-
-Accepts.prototype.type =
-Accepts.prototype.types = function (types_) {
-  var types = types_
-
-  // support flattened arguments
-  if (types && !Array.isArray(types)) {
-    types = new Array(arguments.length)
-    for (var i = 0; i < types.length; i++) {
-      types[i] = arguments[i]
-    }
-  }
-
-  // no types, return all requested types
-  if (!types || types.length === 0) {
-    return this.negotiator.mediaTypes()
-  }
-
-  // no accept header, return first given type
-  if (!this.headers.accept) {
-    return types[0]
-  }
-
-  var mimes = types.map(extToMime)
-  var accepts = this.negotiator.mediaTypes(mimes.filter(validMime))
-  var first = accepts[0]
-
-  return first
-    ? types[mimes.indexOf(first)]
-    : false
-}
-
-/**
- * Return accepted encodings or best fit based on `encodings`.
- *
- * Given `Accept-Encoding: gzip, deflate`
- * an array sorted by quality is returned:
- *
- *     ['gzip', 'deflate']
- *
- * @param {String|Array} encodings...
- * @return {String|Array}
- * @public
- */
-
-Accepts.prototype.encoding =
-Accepts.prototype.encodings = function (encodings_) {
-  var encodings = encodings_
-
-  // support flattened arguments
-  if (encodings && !Array.isArray(encodings)) {
-    encodings = new Array(arguments.length)
-    for (var i = 0; i < encodings.length; i++) {
-      encodings[i] = arguments[i]
-    }
-  }
-
-  // no encodings, return all requested encodings
-  if (!encodings || encodings.length === 0) {
-    return this.negotiator.encodings()
-  }
-
-  return this.negotiator.encodings(encodings)[0] || false
-}
-
-/**
- * Return accepted charsets or best fit based on `charsets`.
- *
- * Given `Accept-Charset: utf-8, iso-8859-1;q=0.2, utf-7;q=0.5`
- * an array sorted by quality is returned:
- *
- *     ['utf-8', 'utf-7', 'iso-8859-1']
- *
- * @param {String|Array} charsets...
- * @return {String|Array}
- * @public
- */
-
-Accepts.prototype.charset =
-Accepts.prototype.charsets = function (charsets_) {
-  var charsets = charsets_
-
-  // support flattened arguments
-  if (charsets && !Array.isArray(charsets)) {
-    charsets = new Array(arguments.length)
-    for (var i = 0; i < charsets.length; i++) {
-      charsets[i] = arguments[i]
-    }
-  }
-
-  // no charsets, return all requested charsets
-  if (!charsets || charsets.length === 0) {
-    return this.negotiator.charsets()
-  }
-
-  return this.negotiator.charsets(charsets)[0] || false
-}
-
-/**
- * Return accepted languages or best fit based on `langs`.
- *
- * Given `Accept-Language: en;q=0.8, es, pt`
- * an array sorted by quality is returned:
- *
- *     ['es', 'pt', 'en']
- *
- * @param {String|Array} langs...
- * @return {Array|String}
- * @public
- */
-
-Accepts.prototype.lang =
-Accepts.prototype.langs =
-Accepts.prototype.language =
-Accepts.prototype.languages = function (languages_) {
-  var languages = languages_
-
-  // support flattened arguments
-  if (languages && !Array.isArray(languages)) {
-    languages = new Array(arguments.length)
-    for (var i = 0; i < languages.length; i++) {
-      languages[i] = arguments[i]
-    }
-  }
-
-  // no languages, return all requested languages
-  if (!languages || languages.length === 0) {
-    return this.negotiator.languages()
-  }
-
-  return this.negotiator.languages(languages)[0] || false
-}
-
-/**
- * Convert extnames to mime.
- *
- * @param {String} type
- * @return {String}
- * @private
- */
-
-function extToMime (type) {
-  return type.indexOf('/') === -1
-    ? mime.lookup(type)
-    : type
-}
-
-/**
- * Check if mime is valid.
- *
- * @param {String} type
- * @return {String}
- * @private
- */
-
-function validMime (type) {
-  return typeof type === 'string'
-}
diff --git a/src/Servers/ExpressServer/node_modules/accepts/package.json b/src/Servers/ExpressServer/node_modules/accepts/package.json
deleted file mode 100644
index 0f2d15d..0000000
--- a/src/Servers/ExpressServer/node_modules/accepts/package.json
+++ /dev/null
@@ -1,47 +0,0 @@
-{
-  "name": "accepts",
-  "description": "Higher-level content negotiation",
-  "version": "1.3.8",
-  "contributors": [
-    "Douglas Christopher Wilson <doug@somethingdoug.com>",
-    "Jonathan Ong <me@jongleberry.com> (http://jongleberry.com)"
-  ],
-  "license": "MIT",
-  "repository": "jshttp/accepts",
-  "dependencies": {
-    "mime-types": "~2.1.34",
-    "negotiator": "0.6.3"
-  },
-  "devDependencies": {
-    "deep-equal": "1.0.1",
-    "eslint": "7.32.0",
-    "eslint-config-standard": "14.1.1",
-    "eslint-plugin-import": "2.25.4",
-    "eslint-plugin-markdown": "2.2.1",
-    "eslint-plugin-node": "11.1.0",
-    "eslint-plugin-promise": "4.3.1",
-    "eslint-plugin-standard": "4.1.0",
-    "mocha": "9.2.0",
-    "nyc": "15.1.0"
-  },
-  "files": [
-    "LICENSE",
-    "HISTORY.md",
-    "index.js"
-  ],
-  "engines": {
-    "node": ">= 0.6"
-  },
-  "scripts": {
-    "lint": "eslint .",
-    "test": "mocha --reporter spec --check-leaks --bail test/",
-    "test-ci": "nyc --reporter=lcov --reporter=text npm test",
-    "test-cov": "nyc --reporter=html --reporter=text npm test"
-  },
-  "keywords": [
-    "content",
-    "negotiation",
-    "accept",
-    "accepts"
-  ]
-}
diff --git a/src/Servers/ExpressServer/node_modules/array-flatten/LICENSE b/src/Servers/ExpressServer/node_modules/array-flatten/LICENSE
deleted file mode 100644
index 983fbe8..0000000
--- a/src/Servers/ExpressServer/node_modules/array-flatten/LICENSE
+++ /dev/null
@@ -1,21 +0,0 @@
-The MIT License (MIT)
-
-Copyright (c) 2014 Blake Embrey (hello@blakeembrey.com)
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/array-flatten/README.md b/src/Servers/ExpressServer/node_modules/array-flatten/README.md
deleted file mode 100644
index 91fa5b6..0000000
--- a/src/Servers/ExpressServer/node_modules/array-flatten/README.md
+++ /dev/null
@@ -1,43 +0,0 @@
-# Array Flatten
-
-[![NPM version][npm-image]][npm-url]
-[![NPM downloads][downloads-image]][downloads-url]
-[![Build status][travis-image]][travis-url]
-[![Test coverage][coveralls-image]][coveralls-url]
-
-> Flatten an array of nested arrays into a single flat array. Accepts an optional depth.
-
-## Installation
-
-```
-npm install array-flatten --save
-```
-
-## Usage
-
-```javascript
-var flatten = require('array-flatten')
-
-flatten([1, [2, [3, [4, [5], 6], 7], 8], 9])
-//=> [1, 2, 3, 4, 5, 6, 7, 8, 9]
-
-flatten([1, [2, [3, [4, [5], 6], 7], 8], 9], 2)
-//=> [1, 2, 3, [4, [5], 6], 7, 8, 9]
-
-(function () {
-  flatten(arguments) //=> [1, 2, 3]
-})(1, [2, 3])
-```
-
-## License
-
-MIT
-
-[npm-image]: https://img.shields.io/npm/v/array-flatten.svg?style=flat
-[npm-url]: https://npmjs.org/package/array-flatten
-[downloads-image]: https://img.shields.io/npm/dm/array-flatten.svg?style=flat
-[downloads-url]: https://npmjs.org/package/array-flatten
-[travis-image]: https://img.shields.io/travis/blakeembrey/array-flatten.svg?style=flat
-[travis-url]: https://travis-ci.org/blakeembrey/array-flatten
-[coveralls-image]: https://img.shields.io/coveralls/blakeembrey/array-flatten.svg?style=flat
-[coveralls-url]: https://coveralls.io/r/blakeembrey/array-flatten?branch=master
diff --git a/src/Servers/ExpressServer/node_modules/array-flatten/array-flatten.js b/src/Servers/ExpressServer/node_modules/array-flatten/array-flatten.js
deleted file mode 100644
index 089117b..0000000
--- a/src/Servers/ExpressServer/node_modules/array-flatten/array-flatten.js
+++ /dev/null
@@ -1,64 +0,0 @@
-'use strict'
-
-/**
- * Expose `arrayFlatten`.
- */
-module.exports = arrayFlatten
-
-/**
- * Recursive flatten function with depth.
- *
- * @param  {Array}  array
- * @param  {Array}  result
- * @param  {Number} depth
- * @return {Array}
- */
-function flattenWithDepth (array, result, depth) {
-  for (var i = 0; i < array.length; i++) {
-    var value = array[i]
-
-    if (depth > 0 && Array.isArray(value)) {
-      flattenWithDepth(value, result, depth - 1)
-    } else {
-      result.push(value)
-    }
-  }
-
-  return result
-}
-
-/**
- * Recursive flatten function. Omitting depth is slightly faster.
- *
- * @param  {Array} array
- * @param  {Array} result
- * @return {Array}
- */
-function flattenForever (array, result) {
-  for (var i = 0; i < array.length; i++) {
-    var value = array[i]
-
-    if (Array.isArray(value)) {
-      flattenForever(value, result)
-    } else {
-      result.push(value)
-    }
-  }
-
-  return result
-}
-
-/**
- * Flatten an array, with the ability to define a depth.
- *
- * @param  {Array}  array
- * @param  {Number} depth
- * @return {Array}
- */
-function arrayFlatten (array, depth) {
-  if (depth == null) {
-    return flattenForever(array, [])
-  }
-
-  return flattenWithDepth(array, [], depth)
-}
diff --git a/src/Servers/ExpressServer/node_modules/array-flatten/package.json b/src/Servers/ExpressServer/node_modules/array-flatten/package.json
deleted file mode 100644
index 1a24e2a..0000000
--- a/src/Servers/ExpressServer/node_modules/array-flatten/package.json
+++ /dev/null
@@ -1,39 +0,0 @@
-{
-  "name": "array-flatten",
-  "version": "1.1.1",
-  "description": "Flatten an array of nested arrays into a single flat array",
-  "main": "array-flatten.js",
-  "files": [
-    "array-flatten.js",
-    "LICENSE"
-  ],
-  "scripts": {
-    "test": "istanbul cover _mocha -- -R spec"
-  },
-  "repository": {
-    "type": "git",
-    "url": "git://github.com/blakeembrey/array-flatten.git"
-  },
-  "keywords": [
-    "array",
-    "flatten",
-    "arguments",
-    "depth"
-  ],
-  "author": {
-    "name": "Blake Embrey",
-    "email": "hello@blakeembrey.com",
-    "url": "http://blakeembrey.me"
-  },
-  "license": "MIT",
-  "bugs": {
-    "url": "https://github.com/blakeembrey/array-flatten/issues"
-  },
-  "homepage": "https://github.com/blakeembrey/array-flatten",
-  "devDependencies": {
-    "istanbul": "^0.3.13",
-    "mocha": "^2.2.4",
-    "pre-commit": "^1.0.7",
-    "standard": "^3.7.3"
-  }
-}
diff --git a/src/Servers/ExpressServer/node_modules/body-parser/HISTORY.md b/src/Servers/ExpressServer/node_modules/body-parser/HISTORY.md
deleted file mode 100644
index c9b0b5b..0000000
--- a/src/Servers/ExpressServer/node_modules/body-parser/HISTORY.md
+++ /dev/null
@@ -1,680 +0,0 @@
-1.20.4 / 2025-12-01
-===================
-
-  * deps: qs@~6.14.0
-  * deps: use tilde notation for dependencies
-  * deps: http-errors@~2.0.1
-  * deps: raw-body@~2.5.3
-
-1.20.3 / 2024-09-10
-===================
-
-  * deps: qs@6.13.0
-  * add `depth` option to customize the depth level in the parser
-  * IMPORTANT: The default `depth` level for parsing URL-encoded data is now `32` (previously was `Infinity`)
-
-1.20.2 / 2023-02-21
-===================
-
-  * Fix strict json error message on Node.js 19+
-  * deps: content-type@~1.0.5
-    - perf: skip value escaping when unnecessary
-  * deps: raw-body@2.5.2
-
-1.20.1 / 2022-10-06
-===================
-
-  * deps: qs@6.11.0
-  * perf: remove unnecessary object clone
-
-1.20.0 / 2022-04-02
-===================
-
-  * Fix error message for json parse whitespace in `strict`
-  * Fix internal error when inflated body exceeds limit
-  * Prevent loss of async hooks context
-  * Prevent hanging when request already read
-  * deps: depd@2.0.0
-    - Replace internal `eval` usage with `Function` constructor
-    - Use instance methods on `process` to check for listeners
-  * deps: http-errors@2.0.0
-    - deps: depd@2.0.0
-    - deps: statuses@2.0.1
-  * deps: on-finished@2.4.1
-  * deps: qs@6.10.3
-  * deps: raw-body@2.5.1
-    - deps: http-errors@2.0.0
-
-1.19.2 / 2022-02-15
-===================
-
-  * deps: bytes@3.1.2
-  * deps: qs@6.9.7
-    * Fix handling of `__proto__` keys
-  * deps: raw-body@2.4.3
-    - deps: bytes@3.1.2
-
-1.19.1 / 2021-12-10
-===================
-
-  * deps: bytes@3.1.1
-  * deps: http-errors@1.8.1
-    - deps: inherits@2.0.4
-    - deps: toidentifier@1.0.1
-    - deps: setprototypeof@1.2.0
-  * deps: qs@6.9.6
-  * deps: raw-body@2.4.2
-    - deps: bytes@3.1.1
-    - deps: http-errors@1.8.1
-  * deps: safe-buffer@5.2.1
-  * deps: type-is@~1.6.18
-
-1.19.0 / 2019-04-25
-===================
-
-  * deps: bytes@3.1.0
-    - Add petabyte (`pb`) support
-  * deps: http-errors@1.7.2
-    - Set constructor name when possible
-    - deps: setprototypeof@1.1.1
-    - deps: statuses@'>= 1.5.0 < 2'
-  * deps: iconv-lite@0.4.24
-    - Added encoding MIK
-  * deps: qs@6.7.0
-    - Fix parsing array brackets after index
-  * deps: raw-body@2.4.0
-    - deps: bytes@3.1.0
-    - deps: http-errors@1.7.2
-    - deps: iconv-lite@0.4.24
-  * deps: type-is@~1.6.17
-    - deps: mime-types@~2.1.24
-    - perf: prevent internal `throw` on invalid type
-
-1.18.3 / 2018-05-14
-===================
-
-  * Fix stack trace for strict json parse error
-  * deps: depd@~1.1.2
-    - perf: remove argument reassignment
-  * deps: http-errors@~1.6.3
-    - deps: depd@~1.1.2
-    - deps: setprototypeof@1.1.0
-    - deps: statuses@'>= 1.3.1 < 2'
-  * deps: iconv-lite@0.4.23
-    - Fix loading encoding with year appended
-    - Fix deprecation warnings on Node.js 10+
-  * deps: qs@6.5.2
-  * deps: raw-body@2.3.3
-    - deps: http-errors@1.6.3
-    - deps: iconv-lite@0.4.23
-  * deps: type-is@~1.6.16
-    - deps: mime-types@~2.1.18
-
-1.18.2 / 2017-09-22
-===================
-
-  * deps: debug@2.6.9
-  * perf: remove argument reassignment
-
-1.18.1 / 2017-09-12
-===================
-
-  * deps: content-type@~1.0.4
-    - perf: remove argument reassignment
-    - perf: skip parameter parsing when no parameters
-  * deps: iconv-lite@0.4.19
-    - Fix ISO-8859-1 regression
-    - Update Windows-1255
-  * deps: qs@6.5.1
-    - Fix parsing & compacting very deep objects
-  * deps: raw-body@2.3.2
-    - deps: iconv-lite@0.4.19
-
-1.18.0 / 2017-09-08
-===================
-
-  * Fix JSON strict violation error to match native parse error
-  * Include the `body` property on verify errors
-  * Include the `type` property on all generated errors
-  * Use `http-errors` to set status code on errors
-  * deps: bytes@3.0.0
-  * deps: debug@2.6.8
-  * deps: depd@~1.1.1
-    - Remove unnecessary `Buffer` loading
-  * deps: http-errors@~1.6.2
-    - deps: depd@1.1.1
-  * deps: iconv-lite@0.4.18
-    - Add support for React Native
-    - Add a warning if not loaded as utf-8
-    - Fix CESU-8 decoding in Node.js 8
-    - Improve speed of ISO-8859-1 encoding
-  * deps: qs@6.5.0
-  * deps: raw-body@2.3.1
-    - Use `http-errors` for standard emitted errors
-    - deps: bytes@3.0.0
-    - deps: iconv-lite@0.4.18
-    - perf: skip buffer decoding on overage chunk
-  * perf: prevent internal `throw` when missing charset
-
-1.17.2 / 2017-05-17
-===================
-
-  * deps: debug@2.6.7
-    - Fix `DEBUG_MAX_ARRAY_LENGTH`
-    - deps: ms@2.0.0
-  * deps: type-is@~1.6.15
-    - deps: mime-types@~2.1.15
-
-1.17.1 / 2017-03-06
-===================
-
-  * deps: qs@6.4.0
-    - Fix regression parsing keys starting with `[`
-
-1.17.0 / 2017-03-01
-===================
-
-  * deps: http-errors@~1.6.1
-    - Make `message` property enumerable for `HttpError`s
-    - deps: setprototypeof@1.0.3
-  * deps: qs@6.3.1
-    - Fix compacting nested arrays
-
-1.16.1 / 2017-02-10
-===================
-
-  * deps: debug@2.6.1
-    - Fix deprecation messages in WebStorm and other editors
-    - Undeprecate `DEBUG_FD` set to `1` or `2`
-
-1.16.0 / 2017-01-17
-===================
-
-  * deps: debug@2.6.0
-    - Allow colors in workers
-    - Deprecated `DEBUG_FD` environment variable
-    - Fix error when running under React Native
-    - Use same color for same namespace
-    - deps: ms@0.7.2
-  * deps: http-errors@~1.5.1
-    - deps: inherits@2.0.3
-    - deps: setprototypeof@1.0.2
-    - deps: statuses@'>= 1.3.1 < 2'
-  * deps: iconv-lite@0.4.15
-    - Added encoding MS-31J
-    - Added encoding MS-932
-    - Added encoding MS-936
-    - Added encoding MS-949
-    - Added encoding MS-950
-    - Fix GBK/GB18030 handling of Euro character
-  * deps: qs@6.2.1
-    - Fix array parsing from skipping empty values
-  * deps: raw-body@~2.2.0
-    - deps: iconv-lite@0.4.15
-  * deps: type-is@~1.6.14
-    - deps: mime-types@~2.1.13
-
-1.15.2 / 2016-06-19
-===================
-
-  * deps: bytes@2.4.0
-  * deps: content-type@~1.0.2
-    - perf: enable strict mode
-  * deps: http-errors@~1.5.0
-    - Use `setprototypeof` module to replace `__proto__` setting
-    - deps: statuses@'>= 1.3.0 < 2'
-    - perf: enable strict mode
-  * deps: qs@6.2.0
-  * deps: raw-body@~2.1.7
-    - deps: bytes@2.4.0
-    - perf: remove double-cleanup on happy path
-  * deps: type-is@~1.6.13
-    - deps: mime-types@~2.1.11
-
-1.15.1 / 2016-05-05
-===================
-
-  * deps: bytes@2.3.0
-    - Drop partial bytes on all parsed units
-    - Fix parsing byte string that looks like hex
-  * deps: raw-body@~2.1.6
-    - deps: bytes@2.3.0
-  * deps: type-is@~1.6.12
-    - deps: mime-types@~2.1.10
-
-1.15.0 / 2016-02-10
-===================
-
-  * deps: http-errors@~1.4.0
-    - Add `HttpError` export, for `err instanceof createError.HttpError`
-    - deps: inherits@2.0.1
-    - deps: statuses@'>= 1.2.1 < 2'
-  * deps: qs@6.1.0
-  * deps: type-is@~1.6.11
-    - deps: mime-types@~2.1.9
-
-1.14.2 / 2015-12-16
-===================
-
-  * deps: bytes@2.2.0
-  * deps: iconv-lite@0.4.13
-  * deps: qs@5.2.0
-  * deps: raw-body@~2.1.5
-    - deps: bytes@2.2.0
-    - deps: iconv-lite@0.4.13
-  * deps: type-is@~1.6.10
-    - deps: mime-types@~2.1.8
-
-1.14.1 / 2015-09-27
-===================
-
-  * Fix issue where invalid charset results in 400 when `verify` used
-  * deps: iconv-lite@0.4.12
-    - Fix CESU-8 decoding in Node.js 4.x
-  * deps: raw-body@~2.1.4
-    - Fix masking critical errors from `iconv-lite`
-    - deps: iconv-lite@0.4.12
-  * deps: type-is@~1.6.9
-    - deps: mime-types@~2.1.7
-
-1.14.0 / 2015-09-16
-===================
-
-  * Fix JSON strict parse error to match syntax errors
-  * Provide static `require` analysis in `urlencoded` parser
-  * deps: depd@~1.1.0
-    - Support web browser loading
-  * deps: qs@5.1.0
-  * deps: raw-body@~2.1.3
-    - Fix sync callback when attaching data listener causes sync read
-  * deps: type-is@~1.6.8
-    - Fix type error when given invalid type to match against
-    - deps: mime-types@~2.1.6
-
-1.13.3 / 2015-07-31
-===================
-
-  * deps: type-is@~1.6.6
-    - deps: mime-types@~2.1.4
-
-1.13.2 / 2015-07-05
-===================
-
-  * deps: iconv-lite@0.4.11
-  * deps: qs@4.0.0
-    - Fix dropping parameters like `hasOwnProperty`
-    - Fix user-visible incompatibilities from 3.1.0
-    - Fix various parsing edge cases
-  * deps: raw-body@~2.1.2
-    - Fix error stack traces to skip `makeError`
-    - deps: iconv-lite@0.4.11
-  * deps: type-is@~1.6.4
-    - deps: mime-types@~2.1.2
-    - perf: enable strict mode
-    - perf: remove argument reassignment
-
-1.13.1 / 2015-06-16
-===================
-
-  * deps: qs@2.4.2
-    - Downgraded from 3.1.0 because of user-visible incompatibilities
-
-1.13.0 / 2015-06-14
-===================
-
-  * Add `statusCode` property on `Error`s, in addition to `status`
-  * Change `type` default to `application/json` for JSON parser
-  * Change `type` default to `application/x-www-form-urlencoded` for urlencoded parser
-  * Provide static `require` analysis
-  * Use the `http-errors` module to generate errors
-  * deps: bytes@2.1.0
-    - Slight optimizations
-  * deps: iconv-lite@0.4.10
-    - The encoding UTF-16 without BOM now defaults to UTF-16LE when detection fails
-    - Leading BOM is now removed when decoding
-  * deps: on-finished@~2.3.0
-    - Add defined behavior for HTTP `CONNECT` requests
-    - Add defined behavior for HTTP `Upgrade` requests
-    - deps: ee-first@1.1.1
-  * deps: qs@3.1.0
-    - Fix dropping parameters like `hasOwnProperty`
-    - Fix various parsing edge cases
-    - Parsed object now has `null` prototype
-  * deps: raw-body@~2.1.1
-    - Use `unpipe` module for unpiping requests
-    - deps: iconv-lite@0.4.10
-  * deps: type-is@~1.6.3
-    - deps: mime-types@~2.1.1
-    - perf: reduce try block size
-    - perf: remove bitwise operations
-  * perf: enable strict mode
-  * perf: remove argument reassignment
-  * perf: remove delete call
-
-1.12.4 / 2015-05-10
-===================
-
-  * deps: debug@~2.2.0
-  * deps: qs@2.4.2
-    - Fix allowing parameters like `constructor`
-  * deps: on-finished@~2.2.1
-  * deps: raw-body@~2.0.1
-    - Fix a false-positive when unpiping in Node.js 0.8
-    - deps: bytes@2.0.1
-  * deps: type-is@~1.6.2
-    - deps: mime-types@~2.0.11
-
-1.12.3 / 2015-04-15
-===================
-
-  * Slight efficiency improvement when not debugging
-  * deps: depd@~1.0.1
-  * deps: iconv-lite@0.4.8
-    - Add encoding alias UNICODE-1-1-UTF-7
-  * deps: raw-body@1.3.4
-    - Fix hanging callback if request aborts during read
-    - deps: iconv-lite@0.4.8
-
-1.12.2 / 2015-03-16
-===================
-
-  * deps: qs@2.4.1
-    - Fix error when parameter `hasOwnProperty` is present
-
-1.12.1 / 2015-03-15
-===================
-
-  * deps: debug@~2.1.3
-    - Fix high intensity foreground color for bold
-    - deps: ms@0.7.0
-  * deps: type-is@~1.6.1
-    - deps: mime-types@~2.0.10
-
-1.12.0 / 2015-02-13
-===================
-
-  * add `debug` messages
-  * accept a function for the `type` option
-  * use `content-type` to parse `Content-Type` headers
-  * deps: iconv-lite@0.4.7
-    - Gracefully support enumerables on `Object.prototype`
-  * deps: raw-body@1.3.3
-    - deps: iconv-lite@0.4.7
-  * deps: type-is@~1.6.0
-    - fix argument reassignment
-    - fix false-positives in `hasBody` `Transfer-Encoding` check
-    - support wildcard for both type and subtype (`*/*`)
-    - deps: mime-types@~2.0.9
-
-1.11.0 / 2015-01-30
-===================
-
-  * make internal `extended: true` depth limit infinity
-  * deps: type-is@~1.5.6
-    - deps: mime-types@~2.0.8
-
-1.10.2 / 2015-01-20
-===================
-
-  * deps: iconv-lite@0.4.6
-    - Fix rare aliases of single-byte encodings
-  * deps: raw-body@1.3.2
-    - deps: iconv-lite@0.4.6
-
-1.10.1 / 2015-01-01
-===================
-
-  * deps: on-finished@~2.2.0
-  * deps: type-is@~1.5.5
-    - deps: mime-types@~2.0.7
-
-1.10.0 / 2014-12-02
-===================
-
-  * make internal `extended: true` array limit dynamic
-
-1.9.3 / 2014-11-21
-==================
-
-  * deps: iconv-lite@0.4.5
-    - Fix Windows-31J and X-SJIS encoding support
-  * deps: qs@2.3.3
-    - Fix `arrayLimit` behavior
-  * deps: raw-body@1.3.1
-    - deps: iconv-lite@0.4.5
-  * deps: type-is@~1.5.3
-    - deps: mime-types@~2.0.3
-
-1.9.2 / 2014-10-27
-==================
-
-  * deps: qs@2.3.2
-    - Fix parsing of mixed objects and values
-
-1.9.1 / 2014-10-22
-==================
-
-  * deps: on-finished@~2.1.1
-    - Fix handling of pipelined requests
-  * deps: qs@2.3.0
-    - Fix parsing of mixed implicit and explicit arrays
-  * deps: type-is@~1.5.2
-    - deps: mime-types@~2.0.2
-
-1.9.0 / 2014-09-24
-==================
-
-  * include the charset in "unsupported charset" error message
-  * include the encoding in "unsupported content encoding" error message
-  * deps: depd@~1.0.0
-
-1.8.4 / 2014-09-23
-==================
-
-  * fix content encoding to be case-insensitive
-
-1.8.3 / 2014-09-19
-==================
-
-  * deps: qs@2.2.4
-    - Fix issue with object keys starting with numbers truncated
-
-1.8.2 / 2014-09-15
-==================
-
-  * deps: depd@0.4.5
-
-1.8.1 / 2014-09-07
-==================
-
-  * deps: media-typer@0.3.0
-  * deps: type-is@~1.5.1
-
-1.8.0 / 2014-09-05
-==================
-
-  * make empty-body-handling consistent between chunked requests
-    - empty `json` produces `{}`
-    - empty `raw` produces `new Buffer(0)`
-    - empty `text` produces `''`
-    - empty `urlencoded` produces `{}`
-  * deps: qs@2.2.3
-    - Fix issue where first empty value in array is discarded
-  * deps: type-is@~1.5.0
-    - fix `hasbody` to be true for `content-length: 0`
-
-1.7.0 / 2014-09-01
-==================
-
-  * add `parameterLimit` option to `urlencoded` parser
-  * change `urlencoded` extended array limit to 100
-  * respond with 413 when over `parameterLimit` in `urlencoded`
-
-1.6.7 / 2014-08-29
-==================
-
-  * deps: qs@2.2.2
-    - Remove unnecessary cloning
-
-1.6.6 / 2014-08-27
-==================
-
-  * deps: qs@2.2.0
-    - Array parsing fix
-    - Performance improvements
-
-1.6.5 / 2014-08-16
-==================
-
-  * deps: on-finished@2.1.0
-
-1.6.4 / 2014-08-14
-==================
-
-  * deps: qs@1.2.2
-
-1.6.3 / 2014-08-10
-==================
-
-  * deps: qs@1.2.1
-
-1.6.2 / 2014-08-07
-==================
-
-  * deps: qs@1.2.0
-    - Fix parsing array of objects
-
-1.6.1 / 2014-08-06
-==================
-
-  * deps: qs@1.1.0
-    - Accept urlencoded square brackets
-    - Accept empty values in implicit array notation
-
-1.6.0 / 2014-08-05
-==================
-
-  * deps: qs@1.0.2
-    - Complete rewrite
-    - Limits array length to 20
-    - Limits object depth to 5
-    - Limits parameters to 1,000
-
-1.5.2 / 2014-07-27
-==================
-
-  * deps: depd@0.4.4
-    - Work-around v8 generating empty stack traces
-
-1.5.1 / 2014-07-26
-==================
-
-  * deps: depd@0.4.3
-    - Fix exception when global `Error.stackTraceLimit` is too low
-
-1.5.0 / 2014-07-20
-==================
-
-  * deps: depd@0.4.2
-    - Add `TRACE_DEPRECATION` environment variable
-    - Remove non-standard grey color from color output
-    - Support `--no-deprecation` argument
-    - Support `--trace-deprecation` argument
-  * deps: iconv-lite@0.4.4
-    - Added encoding UTF-7
-  * deps: raw-body@1.3.0
-    - deps: iconv-lite@0.4.4
-    - Added encoding UTF-7
-    - Fix `Cannot switch to old mode now` error on Node.js 0.10+
-  * deps: type-is@~1.3.2
-
-1.4.3 / 2014-06-19
-==================
-
-  * deps: type-is@1.3.1
-    - fix global variable leak
-
-1.4.2 / 2014-06-19
-==================
-
-  * deps: type-is@1.3.0
-    - improve type parsing
-
-1.4.1 / 2014-06-19
-==================
-
-  * fix urlencoded extended deprecation message
-
-1.4.0 / 2014-06-19
-==================
-
-  * add `text` parser
-  * add `raw` parser
-  * check accepted charset in content-type (accepts utf-8)
-  * check accepted encoding in content-encoding (accepts identity)
-  * deprecate `bodyParser()` middleware; use `.json()` and `.urlencoded()` as needed
-  * deprecate `urlencoded()` without provided `extended` option
-  * lazy-load urlencoded parsers
-  * parsers split into files for reduced mem usage
-  * support gzip and deflate bodies
-    - set `inflate: false` to turn off
-  * deps: raw-body@1.2.2
-    - Support all encodings from `iconv-lite`
-
-1.3.1 / 2014-06-11
-==================
-
-  * deps: type-is@1.2.1
-    - Switch dependency from mime to mime-types@1.0.0
-
-1.3.0 / 2014-05-31
-==================
-
-  * add `extended` option to urlencoded parser
-
-1.2.2 / 2014-05-27
-==================
-
-  * deps: raw-body@1.1.6
-    - assert stream encoding on node.js 0.8
-    - assert stream encoding on node.js < 0.10.6
-    - deps: bytes@1
-
-1.2.1 / 2014-05-26
-==================
-
-  * invoke `next(err)` after request fully read
-    - prevents hung responses and socket hang ups
-
-1.2.0 / 2014-05-11
-==================
-
-  * add `verify` option
-  * deps: type-is@1.2.0
-    - support suffix matching
-
-1.1.2 / 2014-05-11
-==================
-
-  * improve json parser speed
-
-1.1.1 / 2014-05-11
-==================
-
-  * fix repeated limit parsing with every request
-
-1.1.0 / 2014-05-10
-==================
-
-  * add `type` option
-  * deps: pin for safety and consistency
-
-1.0.2 / 2014-04-14
-==================
-
-  * use `type-is` module
-
-1.0.1 / 2014-03-20
-==================
-
-  * lower default limits to 100kb
diff --git a/src/Servers/ExpressServer/node_modules/body-parser/LICENSE b/src/Servers/ExpressServer/node_modules/body-parser/LICENSE
deleted file mode 100644
index 386b7b6..0000000
--- a/src/Servers/ExpressServer/node_modules/body-parser/LICENSE
+++ /dev/null
@@ -1,23 +0,0 @@
-(The MIT License)
-
-Copyright (c) 2014 Jonathan Ong <me@jongleberry.com>
-Copyright (c) 2014-2015 Douglas Christopher Wilson <doug@somethingdoug.com>
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-'Software'), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
-CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
-TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
-SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/body-parser/README.md b/src/Servers/ExpressServer/node_modules/body-parser/README.md
deleted file mode 100644
index f6661b7..0000000
--- a/src/Servers/ExpressServer/node_modules/body-parser/README.md
+++ /dev/null
@@ -1,476 +0,0 @@
-# body-parser
-
-[![NPM Version][npm-version-image]][npm-url]
-[![NPM Downloads][npm-downloads-image]][npm-url]
-[![Build Status][ci-image]][ci-url]
-[![Test Coverage][coveralls-image]][coveralls-url]
-[![OpenSSF Scorecard Badge][ossf-scorecard-badge]][ossf-scorecard-visualizer]
-
-Node.js body parsing middleware.
-
-Parse incoming request bodies in a middleware before your handlers, available
-under the `req.body` property.
-
-**Note** As `req.body`'s shape is based on user-controlled input, all
-properties and values in this object are untrusted and should be validated
-before trusting. For example, `req.body.foo.toString()` may fail in multiple
-ways, for example the `foo` property may not be there or may not be a string,
-and `toString` may not be a function and instead a string or other user input.
-
-[Learn about the anatomy of an HTTP transaction in Node.js](https://nodejs.org/en/docs/guides/anatomy-of-an-http-transaction/).
-
-_This does not handle multipart bodies_, due to their complex and typically
-large nature. For multipart bodies, you may be interested in the following
-modules:
-
-  * [busboy](https://www.npmjs.org/package/busboy#readme) and
-    [connect-busboy](https://www.npmjs.org/package/connect-busboy#readme)
-  * [multiparty](https://www.npmjs.org/package/multiparty#readme) and
-    [connect-multiparty](https://www.npmjs.org/package/connect-multiparty#readme)
-  * [formidable](https://www.npmjs.org/package/formidable#readme)
-  * [multer](https://www.npmjs.org/package/multer#readme)
-
-This module provides the following parsers:
-
-  * [JSON body parser](#bodyparserjsonoptions)
-  * [Raw body parser](#bodyparserrawoptions)
-  * [Text body parser](#bodyparsertextoptions)
-  * [URL-encoded form body parser](#bodyparserurlencodedoptions)
-
-Other body parsers you might be interested in:
-
-- [body](https://www.npmjs.org/package/body#readme)
-- [co-body](https://www.npmjs.org/package/co-body#readme)
-
-## Installation
-
-```sh
-$ npm install body-parser
-```
-
-## API
-
-```js
-var bodyParser = require('body-parser')
-```
-
-The `bodyParser` object exposes various factories to create middlewares. All
-middlewares will populate the `req.body` property with the parsed body when
-the `Content-Type` request header matches the `type` option, or an empty
-object (`{}`) if there was no body to parse, the `Content-Type` was not matched,
-or an error occurred.
-
-The various errors returned by this module are described in the
-[errors section](#errors).
-
-### bodyParser.json([options])
-
-Returns middleware that only parses `json` and only looks at requests where
-the `Content-Type` header matches the `type` option. This parser accepts any
-Unicode encoding of the body and supports automatic inflation of `gzip` and
-`deflate` encodings.
-
-A new `body` object containing the parsed data is populated on the `request`
-object after the middleware (i.e. `req.body`).
-
-#### Options
-
-The `json` function takes an optional `options` object that may contain any of
-the following keys:
-
-##### inflate
-
-When set to `true`, then deflated (compressed) bodies will be inflated; when
-`false`, deflated bodies are rejected. Defaults to `true`.
-
-##### limit
-
-Controls the maximum request body size. If this is a number, then the value
-specifies the number of bytes; if it is a string, the value is passed to the
-[bytes](https://www.npmjs.com/package/bytes) library for parsing. Defaults
-to `'100kb'`.
-
-##### reviver
-
-The `reviver` option is passed directly to `JSON.parse` as the second
-argument. You can find more information on this argument
-[in the MDN documentation about JSON.parse](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/JSON/parse#Example.3A_Using_the_reviver_parameter).
-
-##### strict
-
-When set to `true`, will only accept arrays and objects; when `false` will
-accept anything `JSON.parse` accepts. Defaults to `true`.
-
-##### type
-
-The `type` option is used to determine what media type the middleware will
-parse. This option can be a string, array of strings, or a function. If not a
-function, `type` option is passed directly to the
-[type-is](https://www.npmjs.org/package/type-is#readme) library and this can
-be an extension name (like `json`), a mime type (like `application/json`), or
-a mime type with a wildcard (like `*/*` or `*/json`). If a function, the `type`
-option is called as `fn(req)` and the request is parsed if it returns a truthy
-value. Defaults to `application/json`.
-
-##### verify
-
-The `verify` option, if supplied, is called as `verify(req, res, buf, encoding)`,
-where `buf` is a `Buffer` of the raw request body and `encoding` is the
-encoding of the request. The parsing can be aborted by throwing an error.
-
-### bodyParser.raw([options])
-
-Returns middleware that parses all bodies as a `Buffer` and only looks at
-requests where the `Content-Type` header matches the `type` option. This
-parser supports automatic inflation of `gzip` and `deflate` encodings.
-
-A new `body` object containing the parsed data is populated on the `request`
-object after the middleware (i.e. `req.body`). This will be a `Buffer` object
-of the body.
-
-#### Options
-
-The `raw` function takes an optional `options` object that may contain any of
-the following keys:
-
-##### inflate
-
-When set to `true`, then deflated (compressed) bodies will be inflated; when
-`false`, deflated bodies are rejected. Defaults to `true`.
-
-##### limit
-
-Controls the maximum request body size. If this is a number, then the value
-specifies the number of bytes; if it is a string, the value is passed to the
-[bytes](https://www.npmjs.com/package/bytes) library for parsing. Defaults
-to `'100kb'`.
-
-##### type
-
-The `type` option is used to determine what media type the middleware will
-parse. This option can be a string, array of strings, or a function.
-If not a function, `type` option is passed directly to the
-[type-is](https://www.npmjs.org/package/type-is#readme) library and this
-can be an extension name (like `bin`), a mime type (like
-`application/octet-stream`), or a mime type with a wildcard (like `*/*` or
-`application/*`). If a function, the `type` option is called as `fn(req)`
-and the request is parsed if it returns a truthy value. Defaults to
-`application/octet-stream`.
-
-##### verify
-
-The `verify` option, if supplied, is called as `verify(req, res, buf, encoding)`,
-where `buf` is a `Buffer` of the raw request body and `encoding` is the
-encoding of the request. The parsing can be aborted by throwing an error.
-
-### bodyParser.text([options])
-
-Returns middleware that parses all bodies as a string and only looks at
-requests where the `Content-Type` header matches the `type` option. This
-parser supports automatic inflation of `gzip` and `deflate` encodings.
-
-A new `body` string containing the parsed data is populated on the `request`
-object after the middleware (i.e. `req.body`). This will be a string of the
-body.
-
-#### Options
-
-The `text` function takes an optional `options` object that may contain any of
-the following keys:
-
-##### defaultCharset
-
-Specify the default character set for the text content if the charset is not
-specified in the `Content-Type` header of the request. Defaults to `utf-8`.
-
-##### inflate
-
-When set to `true`, then deflated (compressed) bodies will be inflated; when
-`false`, deflated bodies are rejected. Defaults to `true`.
-
-##### limit
-
-Controls the maximum request body size. If this is a number, then the value
-specifies the number of bytes; if it is a string, the value is passed to the
-[bytes](https://www.npmjs.com/package/bytes) library for parsing. Defaults
-to `'100kb'`.
-
-##### type
-
-The `type` option is used to determine what media type the middleware will
-parse. This option can be a string, array of strings, or a function. If not
-a function, `type` option is passed directly to the
-[type-is](https://www.npmjs.org/package/type-is#readme) library and this can
-be an extension name (like `txt`), a mime type (like `text/plain`), or a mime
-type with a wildcard (like `*/*` or `text/*`). If a function, the `type`
-option is called as `fn(req)` and the request is parsed if it returns a
-truthy value. Defaults to `text/plain`.
-
-##### verify
-
-The `verify` option, if supplied, is called as `verify(req, res, buf, encoding)`,
-where `buf` is a `Buffer` of the raw request body and `encoding` is the
-encoding of the request. The parsing can be aborted by throwing an error.
-
-### bodyParser.urlencoded([options])
-
-Returns middleware that only parses `urlencoded` bodies and only looks at
-requests where the `Content-Type` header matches the `type` option. This
-parser accepts only UTF-8 encoding of the body and supports automatic
-inflation of `gzip` and `deflate` encodings.
-
-A new `body` object containing the parsed data is populated on the `request`
-object after the middleware (i.e. `req.body`). This object will contain
-key-value pairs, where the value can be a string or array (when `extended` is
-`false`), or any type (when `extended` is `true`).
-
-#### Options
-
-The `urlencoded` function takes an optional `options` object that may contain
-any of the following keys:
-
-##### extended
-
-The `extended` option allows to choose between parsing the URL-encoded data
-with the `querystring` library (when `false`) or the `qs` library (when
-`true`). The "extended" syntax allows for rich objects and arrays to be
-encoded into the URL-encoded format, allowing for a JSON-like experience
-with URL-encoded. For more information, please
-[see the qs library](https://www.npmjs.org/package/qs#readme).
-
-Defaults to `true`, but using the default has been deprecated. Please
-research into the difference between `qs` and `querystring` and choose the
-appropriate setting.
-
-##### inflate
-
-When set to `true`, then deflated (compressed) bodies will be inflated; when
-`false`, deflated bodies are rejected. Defaults to `true`.
-
-##### limit
-
-Controls the maximum request body size. If this is a number, then the value
-specifies the number of bytes; if it is a string, the value is passed to the
-[bytes](https://www.npmjs.com/package/bytes) library for parsing. Defaults
-to `'100kb'`.
-
-##### parameterLimit
-
-The `parameterLimit` option controls the maximum number of parameters that
-are allowed in the URL-encoded data. If a request contains more parameters
-than this value, a 413 will be returned to the client. Defaults to `1000`.
-
-##### type
-
-The `type` option is used to determine what media type the middleware will
-parse. This option can be a string, array of strings, or a function. If not
-a function, `type` option is passed directly to the
-[type-is](https://www.npmjs.org/package/type-is#readme) library and this can
-be an extension name (like `urlencoded`), a mime type (like
-`application/x-www-form-urlencoded`), or a mime type with a wildcard (like
-`*/x-www-form-urlencoded`). If a function, the `type` option is called as
-`fn(req)` and the request is parsed if it returns a truthy value. Defaults
-to `application/x-www-form-urlencoded`.
-
-##### verify
-
-The `verify` option, if supplied, is called as `verify(req, res, buf, encoding)`,
-where `buf` is a `Buffer` of the raw request body and `encoding` is the
-encoding of the request. The parsing can be aborted by throwing an error.
-
-#### depth
-
-The `depth` option is used to configure the maximum depth of the `qs` library when `extended` is `true`. This allows you to limit the amount of keys that are parsed and can be useful to prevent certain types of abuse. Defaults to `32`. It is recommended to keep this value as low as possible.
-
-## Errors
-
-The middlewares provided by this module create errors using the
-[`http-errors` module](https://www.npmjs.com/package/http-errors). The errors
-will typically have a `status`/`statusCode` property that contains the suggested
-HTTP response code, an `expose` property to determine if the `message` property
-should be displayed to the client, a `type` property to determine the type of
-error without matching against the `message`, and a `body` property containing
-the read body, if available.
-
-The following are the common errors created, though any error can come through
-for various reasons.
-
-### content encoding unsupported
-
-This error will occur when the request had a `Content-Encoding` header that
-contained an encoding but the "inflation" option was set to `false`. The
-`status` property is set to `415`, the `type` property is set to
-`'encoding.unsupported'`, and the `charset` property will be set to the
-encoding that is unsupported.
-
-### entity parse failed
-
-This error will occur when the request contained an entity that could not be
-parsed by the middleware. The `status` property is set to `400`, the `type`
-property is set to `'entity.parse.failed'`, and the `body` property is set to
-the entity value that failed parsing.
-
-### entity verify failed
-
-This error will occur when the request contained an entity that could not be
-failed verification by the defined `verify` option. The `status` property is
-set to `403`, the `type` property is set to `'entity.verify.failed'`, and the
-`body` property is set to the entity value that failed verification.
-
-### request aborted
-
-This error will occur when the request is aborted by the client before reading
-the body has finished. The `received` property will be set to the number of
-bytes received before the request was aborted and the `expected` property is
-set to the number of expected bytes. The `status` property is set to `400`
-and `type` property is set to `'request.aborted'`.
-
-### request entity too large
-
-This error will occur when the request body's size is larger than the "limit"
-option. The `limit` property will be set to the byte limit and the `length`
-property will be set to the request body's length. The `status` property is
-set to `413` and the `type` property is set to `'entity.too.large'`.
-
-### request size did not match content length
-
-This error will occur when the request's length did not match the length from
-the `Content-Length` header. This typically occurs when the request is malformed,
-typically when the `Content-Length` header was calculated based on characters
-instead of bytes. The `status` property is set to `400` and the `type` property
-is set to `'request.size.invalid'`.
-
-### stream encoding should not be set
-
-This error will occur when something called the `req.setEncoding` method prior
-to this middleware. This module operates directly on bytes only and you cannot
-call `req.setEncoding` when using this module. The `status` property is set to
-`500` and the `type` property is set to `'stream.encoding.set'`.
-
-### stream is not readable
-
-This error will occur when the request is no longer readable when this middleware
-attempts to read it. This typically means something other than a middleware from
-this module read the request body already and the middleware was also configured to
-read the same request. The `status` property is set to `500` and the `type`
-property is set to `'stream.not.readable'`.
-
-### too many parameters
-
-This error will occur when the content of the request exceeds the configured
-`parameterLimit` for the `urlencoded` parser. The `status` property is set to
-`413` and the `type` property is set to `'parameters.too.many'`.
-
-### unsupported charset "BOGUS"
-
-This error will occur when the request had a charset parameter in the
-`Content-Type` header, but the `iconv-lite` module does not support it OR the
-parser does not support it. The charset is contained in the message as well
-as in the `charset` property. The `status` property is set to `415`, the
-`type` property is set to `'charset.unsupported'`, and the `charset` property
-is set to the charset that is unsupported.
-
-### unsupported content encoding "bogus"
-
-This error will occur when the request had a `Content-Encoding` header that
-contained an unsupported encoding. The encoding is contained in the message
-as well as in the `encoding` property. The `status` property is set to `415`,
-the `type` property is set to `'encoding.unsupported'`, and the `encoding`
-property is set to the encoding that is unsupported.
-
-### The input exceeded the depth
-
-This error occurs when using `bodyParser.urlencoded` with the `extended` property set to `true` and the input exceeds the configured `depth` option. The `status` property is set to `400`. It is recommended to review the `depth` option and evaluate if it requires a higher value. When the `depth` option is set to `32` (default value), the error will not be thrown.
-
-## Examples
-
-### Express/Connect top-level generic
-
-This example demonstrates adding a generic JSON and URL-encoded parser as a
-top-level middleware, which will parse the bodies of all incoming requests.
-This is the simplest setup.
-
-```js
-var express = require('express')
-var bodyParser = require('body-parser')
-
-var app = express()
-
-// parse application/x-www-form-urlencoded
-app.use(bodyParser.urlencoded({ extended: false }))
-
-// parse application/json
-app.use(bodyParser.json())
-
-app.use(function (req, res) {
-  res.setHeader('Content-Type', 'text/plain')
-  res.write('you posted:\n')
-  res.end(JSON.stringify(req.body, null, 2))
-})
-```
-
-### Express route-specific
-
-This example demonstrates adding body parsers specifically to the routes that
-need them. In general, this is the most recommended way to use body-parser with
-Express.
-
-```js
-var express = require('express')
-var bodyParser = require('body-parser')
-
-var app = express()
-
-// create application/json parser
-var jsonParser = bodyParser.json()
-
-// create application/x-www-form-urlencoded parser
-var urlencodedParser = bodyParser.urlencoded({ extended: false })
-
-// POST /login gets urlencoded bodies
-app.post('/login', urlencodedParser, function (req, res) {
-  res.send('welcome, ' + req.body.username)
-})
-
-// POST /api/users gets JSON bodies
-app.post('/api/users', jsonParser, function (req, res) {
-  // create user in req.body
-})
-```
-
-### Change accepted type for parsers
-
-All the parsers accept a `type` option which allows you to change the
-`Content-Type` that the middleware will parse.
-
-```js
-var express = require('express')
-var bodyParser = require('body-parser')
-
-var app = express()
-
-// parse various different custom JSON types as JSON
-app.use(bodyParser.json({ type: 'application/*+json' }))
-
-// parse some custom thing into a Buffer
-app.use(bodyParser.raw({ type: 'application/vnd.custom-type' }))
-
-// parse an HTML body into a string
-app.use(bodyParser.text({ type: 'text/html' }))
-```
-
-## License
-
-[MIT](LICENSE)
-
-[ci-image]: https://badgen.net/github/checks/expressjs/body-parser/master?label=ci
-[ci-url]: https://github.com/expressjs/body-parser/actions/workflows/ci.yml
-[coveralls-image]: https://badgen.net/coveralls/c/github/expressjs/body-parser/master
-[coveralls-url]: https://coveralls.io/r/expressjs/body-parser?branch=master
-[node-version-image]: https://badgen.net/npm/node/body-parser
-[node-version-url]: https://nodejs.org/en/download
-[npm-downloads-image]: https://badgen.net/npm/dm/body-parser
-[npm-url]: https://npmjs.org/package/body-parser
-[npm-version-image]: https://badgen.net/npm/v/body-parser
-[ossf-scorecard-badge]: https://api.scorecard.dev/projects/github.com/expressjs/body-parser/badge
-[ossf-scorecard-visualizer]: https://ossf.github.io/scorecard-visualizer/#/projects/github.com/expressjs/body-parser
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/body-parser/index.js b/src/Servers/ExpressServer/node_modules/body-parser/index.js
deleted file mode 100644
index bb24d73..0000000
--- a/src/Servers/ExpressServer/node_modules/body-parser/index.js
+++ /dev/null
@@ -1,156 +0,0 @@
-/*!
- * body-parser
- * Copyright(c) 2014-2015 Douglas Christopher Wilson
- * MIT Licensed
- */
-
-'use strict'
-
-/**
- * Module dependencies.
- * @private
- */
-
-var deprecate = require('depd')('body-parser')
-
-/**
- * Cache of loaded parsers.
- * @private
- */
-
-var parsers = Object.create(null)
-
-/**
- * @typedef Parsers
- * @type {function}
- * @property {function} json
- * @property {function} raw
- * @property {function} text
- * @property {function} urlencoded
- */
-
-/**
- * Module exports.
- * @type {Parsers}
- */
-
-exports = module.exports = deprecate.function(bodyParser,
-  'bodyParser: use individual json/urlencoded middlewares')
-
-/**
- * JSON parser.
- * @public
- */
-
-Object.defineProperty(exports, 'json', {
-  configurable: true,
-  enumerable: true,
-  get: createParserGetter('json')
-})
-
-/**
- * Raw parser.
- * @public
- */
-
-Object.defineProperty(exports, 'raw', {
-  configurable: true,
-  enumerable: true,
-  get: createParserGetter('raw')
-})
-
-/**
- * Text parser.
- * @public
- */
-
-Object.defineProperty(exports, 'text', {
-  configurable: true,
-  enumerable: true,
-  get: createParserGetter('text')
-})
-
-/**
- * URL-encoded parser.
- * @public
- */
-
-Object.defineProperty(exports, 'urlencoded', {
-  configurable: true,
-  enumerable: true,
-  get: createParserGetter('urlencoded')
-})
-
-/**
- * Create a middleware to parse json and urlencoded bodies.
- *
- * @param {object} [options]
- * @return {function}
- * @deprecated
- * @public
- */
-
-function bodyParser (options) {
-  // use default type for parsers
-  var opts = Object.create(options || null, {
-    type: {
-      configurable: true,
-      enumerable: true,
-      value: undefined,
-      writable: true
-    }
-  })
-
-  var _urlencoded = exports.urlencoded(opts)
-  var _json = exports.json(opts)
-
-  return function bodyParser (req, res, next) {
-    _json(req, res, function (err) {
-      if (err) return next(err)
-      _urlencoded(req, res, next)
-    })
-  }
-}
-
-/**
- * Create a getter for loading a parser.
- * @private
- */
-
-function createParserGetter (name) {
-  return function get () {
-    return loadParser(name)
-  }
-}
-
-/**
- * Load a parser module.
- * @private
- */
-
-function loadParser (parserName) {
-  var parser = parsers[parserName]
-
-  if (parser !== undefined) {
-    return parser
-  }
-
-  // this uses a switch for static require analysis
-  switch (parserName) {
-    case 'json':
-      parser = require('./lib/types/json')
-      break
-    case 'raw':
-      parser = require('./lib/types/raw')
-      break
-    case 'text':
-      parser = require('./lib/types/text')
-      break
-    case 'urlencoded':
-      parser = require('./lib/types/urlencoded')
-      break
-  }
-
-  // store to prevent invoking require()
-  return (parsers[parserName] = parser)
-}
diff --git a/src/Servers/ExpressServer/node_modules/body-parser/lib/read.js b/src/Servers/ExpressServer/node_modules/body-parser/lib/read.js
deleted file mode 100644
index fce6283..0000000
--- a/src/Servers/ExpressServer/node_modules/body-parser/lib/read.js
+++ /dev/null
@@ -1,205 +0,0 @@
-/*!
- * body-parser
- * Copyright(c) 2014-2015 Douglas Christopher Wilson
- * MIT Licensed
- */
-
-'use strict'
-
-/**
- * Module dependencies.
- * @private
- */
-
-var createError = require('http-errors')
-var destroy = require('destroy')
-var getBody = require('raw-body')
-var iconv = require('iconv-lite')
-var onFinished = require('on-finished')
-var unpipe = require('unpipe')
-var zlib = require('zlib')
-
-/**
- * Module exports.
- */
-
-module.exports = read
-
-/**
- * Read a request into a buffer and parse.
- *
- * @param {object} req
- * @param {object} res
- * @param {function} next
- * @param {function} parse
- * @param {function} debug
- * @param {object} options
- * @private
- */
-
-function read (req, res, next, parse, debug, options) {
-  var length
-  var opts = options
-  var stream
-
-  // flag as parsed
-  req._body = true
-
-  // read options
-  var encoding = opts.encoding !== null
-    ? opts.encoding
-    : null
-  var verify = opts.verify
-
-  try {
-    // get the content stream
-    stream = contentstream(req, debug, opts.inflate)
-    length = stream.length
-    stream.length = undefined
-  } catch (err) {
-    return next(err)
-  }
-
-  // set raw-body options
-  opts.length = length
-  opts.encoding = verify
-    ? null
-    : encoding
-
-  // assert charset is supported
-  if (opts.encoding === null && encoding !== null && !iconv.encodingExists(encoding)) {
-    return next(createError(415, 'unsupported charset "' + encoding.toUpperCase() + '"', {
-      charset: encoding.toLowerCase(),
-      type: 'charset.unsupported'
-    }))
-  }
-
-  // read body
-  debug('read body')
-  getBody(stream, opts, function (error, body) {
-    if (error) {
-      var _error
-
-      if (error.type === 'encoding.unsupported') {
-        // echo back charset
-        _error = createError(415, 'unsupported charset "' + encoding.toUpperCase() + '"', {
-          charset: encoding.toLowerCase(),
-          type: 'charset.unsupported'
-        })
-      } else {
-        // set status code on error
-        _error = createError(400, error)
-      }
-
-      // unpipe from stream and destroy
-      if (stream !== req) {
-        unpipe(req)
-        destroy(stream, true)
-      }
-
-      // read off entire request
-      dump(req, function onfinished () {
-        next(createError(400, _error))
-      })
-      return
-    }
-
-    // verify
-    if (verify) {
-      try {
-        debug('verify body')
-        verify(req, res, body, encoding)
-      } catch (err) {
-        next(createError(403, err, {
-          body: body,
-          type: err.type || 'entity.verify.failed'
-        }))
-        return
-      }
-    }
-
-    // parse
-    var str = body
-    try {
-      debug('parse body')
-      str = typeof body !== 'string' && encoding !== null
-        ? iconv.decode(body, encoding)
-        : body
-      req.body = parse(str)
-    } catch (err) {
-      next(createError(400, err, {
-        body: str,
-        type: err.type || 'entity.parse.failed'
-      }))
-      return
-    }
-
-    next()
-  })
-}
-
-/**
- * Get the content stream of the request.
- *
- * @param {object} req
- * @param {function} debug
- * @param {boolean} [inflate=true]
- * @return {object}
- * @api private
- */
-
-function contentstream (req, debug, inflate) {
-  var encoding = (req.headers['content-encoding'] || 'identity').toLowerCase()
-  var length = req.headers['content-length']
-  var stream
-
-  debug('content-encoding "%s"', encoding)
-
-  if (inflate === false && encoding !== 'identity') {
-    throw createError(415, 'content encoding unsupported', {
-      encoding: encoding,
-      type: 'encoding.unsupported'
-    })
-  }
-
-  switch (encoding) {
-    case 'deflate':
-      stream = zlib.createInflate()
-      debug('inflate body')
-      req.pipe(stream)
-      break
-    case 'gzip':
-      stream = zlib.createGunzip()
-      debug('gunzip body')
-      req.pipe(stream)
-      break
-    case 'identity':
-      stream = req
-      stream.length = length
-      break
-    default:
-      throw createError(415, 'unsupported content encoding "' + encoding + '"', {
-        encoding: encoding,
-        type: 'encoding.unsupported'
-      })
-  }
-
-  return stream
-}
-
-/**
- * Dump the contents of a request.
- *
- * @param {object} req
- * @param {function} callback
- * @api private
- */
-
-function dump (req, callback) {
-  if (onFinished.isFinished(req)) {
-    callback(null)
-  } else {
-    onFinished(req, callback)
-    req.resume()
-  }
-}
diff --git a/src/Servers/ExpressServer/node_modules/body-parser/lib/types/json.js b/src/Servers/ExpressServer/node_modules/body-parser/lib/types/json.js
deleted file mode 100644
index 59f3f7e..0000000
--- a/src/Servers/ExpressServer/node_modules/body-parser/lib/types/json.js
+++ /dev/null
@@ -1,247 +0,0 @@
-/*!
- * body-parser
- * Copyright(c) 2014 Jonathan Ong
- * Copyright(c) 2014-2015 Douglas Christopher Wilson
- * MIT Licensed
- */
-
-'use strict'
-
-/**
- * Module dependencies.
- * @private
- */
-
-var bytes = require('bytes')
-var contentType = require('content-type')
-var createError = require('http-errors')
-var debug = require('debug')('body-parser:json')
-var read = require('../read')
-var typeis = require('type-is')
-
-/**
- * Module exports.
- */
-
-module.exports = json
-
-/**
- * RegExp to match the first non-space in a string.
- *
- * Allowed whitespace is defined in RFC 7159:
- *
- *    ws = *(
- *            %x20 /              ; Space
- *            %x09 /              ; Horizontal tab
- *            %x0A /              ; Line feed or New line
- *            %x0D )              ; Carriage return
- */
-
-var FIRST_CHAR_REGEXP = /^[\x20\x09\x0a\x0d]*([^\x20\x09\x0a\x0d])/ // eslint-disable-line no-control-regex
-
-var JSON_SYNTAX_CHAR = '#'
-var JSON_SYNTAX_REGEXP = /#+/g
-
-/**
- * Create a middleware to parse JSON bodies.
- *
- * @param {object} [options]
- * @return {function}
- * @public
- */
-
-function json (options) {
-  var opts = options || {}
-
-  var limit = typeof opts.limit !== 'number'
-    ? bytes.parse(opts.limit || '100kb')
-    : opts.limit
-  var inflate = opts.inflate !== false
-  var reviver = opts.reviver
-  var strict = opts.strict !== false
-  var type = opts.type || 'application/json'
-  var verify = opts.verify || false
-
-  if (verify !== false && typeof verify !== 'function') {
-    throw new TypeError('option verify must be function')
-  }
-
-  // create the appropriate type checking function
-  var shouldParse = typeof type !== 'function'
-    ? typeChecker(type)
-    : type
-
-  function parse (body) {
-    if (body.length === 0) {
-      // special-case empty json body, as it's a common client-side mistake
-      // TODO: maybe make this configurable or part of "strict" option
-      return {}
-    }
-
-    if (strict) {
-      var first = firstchar(body)
-
-      if (first !== '{' && first !== '[') {
-        debug('strict violation')
-        throw createStrictSyntaxError(body, first)
-      }
-    }
-
-    try {
-      debug('parse json')
-      return JSON.parse(body, reviver)
-    } catch (e) {
-      throw normalizeJsonSyntaxError(e, {
-        message: e.message,
-        stack: e.stack
-      })
-    }
-  }
-
-  return function jsonParser (req, res, next) {
-    if (req._body) {
-      debug('body already parsed')
-      next()
-      return
-    }
-
-    req.body = req.body || {}
-
-    // skip requests without bodies
-    if (!typeis.hasBody(req)) {
-      debug('skip empty body')
-      next()
-      return
-    }
-
-    debug('content-type %j', req.headers['content-type'])
-
-    // determine if request should be parsed
-    if (!shouldParse(req)) {
-      debug('skip parsing')
-      next()
-      return
-    }
-
-    // assert charset per RFC 7159 sec 8.1
-    var charset = getCharset(req) || 'utf-8'
-    if (charset.slice(0, 4) !== 'utf-') {
-      debug('invalid charset')
-      next(createError(415, 'unsupported charset "' + charset.toUpperCase() + '"', {
-        charset: charset,
-        type: 'charset.unsupported'
-      }))
-      return
-    }
-
-    // read
-    read(req, res, next, parse, debug, {
-      encoding: charset,
-      inflate: inflate,
-      limit: limit,
-      verify: verify
-    })
-  }
-}
-
-/**
- * Create strict violation syntax error matching native error.
- *
- * @param {string} str
- * @param {string} char
- * @return {Error}
- * @private
- */
-
-function createStrictSyntaxError (str, char) {
-  var index = str.indexOf(char)
-  var partial = ''
-
-  if (index !== -1) {
-    partial = str.substring(0, index) + JSON_SYNTAX_CHAR
-
-    for (var i = index + 1; i < str.length; i++) {
-      partial += JSON_SYNTAX_CHAR
-    }
-  }
-
-  try {
-    JSON.parse(partial); /* istanbul ignore next */ throw new SyntaxError('strict violation')
-  } catch (e) {
-    return normalizeJsonSyntaxError(e, {
-      message: e.message.replace(JSON_SYNTAX_REGEXP, function (placeholder) {
-        return str.substring(index, index + placeholder.length)
-      }),
-      stack: e.stack
-    })
-  }
-}
-
-/**
- * Get the first non-whitespace character in a string.
- *
- * @param {string} str
- * @return {function}
- * @private
- */
-
-function firstchar (str) {
-  var match = FIRST_CHAR_REGEXP.exec(str)
-
-  return match
-    ? match[1]
-    : undefined
-}
-
-/**
- * Get the charset of a request.
- *
- * @param {object} req
- * @api private
- */
-
-function getCharset (req) {
-  try {
-    return (contentType.parse(req).parameters.charset || '').toLowerCase()
-  } catch (e) {
-    return undefined
-  }
-}
-
-/**
- * Normalize a SyntaxError for JSON.parse.
- *
- * @param {SyntaxError} error
- * @param {object} obj
- * @return {SyntaxError}
- */
-
-function normalizeJsonSyntaxError (error, obj) {
-  var keys = Object.getOwnPropertyNames(error)
-
-  for (var i = 0; i < keys.length; i++) {
-    var key = keys[i]
-    if (key !== 'stack' && key !== 'message') {
-      delete error[key]
-    }
-  }
-
-  // replace stack before message for Node.js 0.10 and below
-  error.stack = obj.stack.replace(error.message, obj.message)
-  error.message = obj.message
-
-  return error
-}
-
-/**
- * Get the simple type checker.
- *
- * @param {string} type
- * @return {function}
- */
-
-function typeChecker (type) {
-  return function checkType (req) {
-    return Boolean(typeis(req, type))
-  }
-}
diff --git a/src/Servers/ExpressServer/node_modules/body-parser/lib/types/raw.js b/src/Servers/ExpressServer/node_modules/body-parser/lib/types/raw.js
deleted file mode 100644
index f5d1b67..0000000
--- a/src/Servers/ExpressServer/node_modules/body-parser/lib/types/raw.js
+++ /dev/null
@@ -1,101 +0,0 @@
-/*!
- * body-parser
- * Copyright(c) 2014-2015 Douglas Christopher Wilson
- * MIT Licensed
- */
-
-'use strict'
-
-/**
- * Module dependencies.
- */
-
-var bytes = require('bytes')
-var debug = require('debug')('body-parser:raw')
-var read = require('../read')
-var typeis = require('type-is')
-
-/**
- * Module exports.
- */
-
-module.exports = raw
-
-/**
- * Create a middleware to parse raw bodies.
- *
- * @param {object} [options]
- * @return {function}
- * @api public
- */
-
-function raw (options) {
-  var opts = options || {}
-
-  var inflate = opts.inflate !== false
-  var limit = typeof opts.limit !== 'number'
-    ? bytes.parse(opts.limit || '100kb')
-    : opts.limit
-  var type = opts.type || 'application/octet-stream'
-  var verify = opts.verify || false
-
-  if (verify !== false && typeof verify !== 'function') {
-    throw new TypeError('option verify must be function')
-  }
-
-  // create the appropriate type checking function
-  var shouldParse = typeof type !== 'function'
-    ? typeChecker(type)
-    : type
-
-  function parse (buf) {
-    return buf
-  }
-
-  return function rawParser (req, res, next) {
-    if (req._body) {
-      debug('body already parsed')
-      next()
-      return
-    }
-
-    req.body = req.body || {}
-
-    // skip requests without bodies
-    if (!typeis.hasBody(req)) {
-      debug('skip empty body')
-      next()
-      return
-    }
-
-    debug('content-type %j', req.headers['content-type'])
-
-    // determine if request should be parsed
-    if (!shouldParse(req)) {
-      debug('skip parsing')
-      next()
-      return
-    }
-
-    // read
-    read(req, res, next, parse, debug, {
-      encoding: null,
-      inflate: inflate,
-      limit: limit,
-      verify: verify
-    })
-  }
-}
-
-/**
- * Get the simple type checker.
- *
- * @param {string} type
- * @return {function}
- */
-
-function typeChecker (type) {
-  return function checkType (req) {
-    return Boolean(typeis(req, type))
-  }
-}
diff --git a/src/Servers/ExpressServer/node_modules/body-parser/lib/types/text.js b/src/Servers/ExpressServer/node_modules/body-parser/lib/types/text.js
deleted file mode 100644
index 083a009..0000000
--- a/src/Servers/ExpressServer/node_modules/body-parser/lib/types/text.js
+++ /dev/null
@@ -1,121 +0,0 @@
-/*!
- * body-parser
- * Copyright(c) 2014-2015 Douglas Christopher Wilson
- * MIT Licensed
- */
-
-'use strict'
-
-/**
- * Module dependencies.
- */
-
-var bytes = require('bytes')
-var contentType = require('content-type')
-var debug = require('debug')('body-parser:text')
-var read = require('../read')
-var typeis = require('type-is')
-
-/**
- * Module exports.
- */
-
-module.exports = text
-
-/**
- * Create a middleware to parse text bodies.
- *
- * @param {object} [options]
- * @return {function}
- * @api public
- */
-
-function text (options) {
-  var opts = options || {}
-
-  var defaultCharset = opts.defaultCharset || 'utf-8'
-  var inflate = opts.inflate !== false
-  var limit = typeof opts.limit !== 'number'
-    ? bytes.parse(opts.limit || '100kb')
-    : opts.limit
-  var type = opts.type || 'text/plain'
-  var verify = opts.verify || false
-
-  if (verify !== false && typeof verify !== 'function') {
-    throw new TypeError('option verify must be function')
-  }
-
-  // create the appropriate type checking function
-  var shouldParse = typeof type !== 'function'
-    ? typeChecker(type)
-    : type
-
-  function parse (buf) {
-    return buf
-  }
-
-  return function textParser (req, res, next) {
-    if (req._body) {
-      debug('body already parsed')
-      next()
-      return
-    }
-
-    req.body = req.body || {}
-
-    // skip requests without bodies
-    if (!typeis.hasBody(req)) {
-      debug('skip empty body')
-      next()
-      return
-    }
-
-    debug('content-type %j', req.headers['content-type'])
-
-    // determine if request should be parsed
-    if (!shouldParse(req)) {
-      debug('skip parsing')
-      next()
-      return
-    }
-
-    // get charset
-    var charset = getCharset(req) || defaultCharset
-
-    // read
-    read(req, res, next, parse, debug, {
-      encoding: charset,
-      inflate: inflate,
-      limit: limit,
-      verify: verify
-    })
-  }
-}
-
-/**
- * Get the charset of a request.
- *
- * @param {object} req
- * @api private
- */
-
-function getCharset (req) {
-  try {
-    return (contentType.parse(req).parameters.charset || '').toLowerCase()
-  } catch (e) {
-    return undefined
-  }
-}
-
-/**
- * Get the simple type checker.
- *
- * @param {string} type
- * @return {function}
- */
-
-function typeChecker (type) {
-  return function checkType (req) {
-    return Boolean(typeis(req, type))
-  }
-}
diff --git a/src/Servers/ExpressServer/node_modules/body-parser/lib/types/urlencoded.js b/src/Servers/ExpressServer/node_modules/body-parser/lib/types/urlencoded.js
deleted file mode 100644
index 832992c..0000000
--- a/src/Servers/ExpressServer/node_modules/body-parser/lib/types/urlencoded.js
+++ /dev/null
@@ -1,300 +0,0 @@
-/*!
- * body-parser
- * Copyright(c) 2014 Jonathan Ong
- * Copyright(c) 2014-2015 Douglas Christopher Wilson
- * MIT Licensed
- */
-
-'use strict'
-
-/**
- * Module dependencies.
- * @private
- */
-
-var bytes = require('bytes')
-var contentType = require('content-type')
-var createError = require('http-errors')
-var debug = require('debug')('body-parser:urlencoded')
-var deprecate = require('depd')('body-parser')
-var read = require('../read')
-var typeis = require('type-is')
-
-/**
- * Module exports.
- */
-
-module.exports = urlencoded
-
-/**
- * Cache of parser modules.
- */
-
-var parsers = Object.create(null)
-
-/**
- * Create a middleware to parse urlencoded bodies.
- *
- * @param {object} [options]
- * @return {function}
- * @public
- */
-
-function urlencoded (options) {
-  var opts = options || {}
-
-  // notice because option default will flip in next major
-  if (opts.extended === undefined) {
-    deprecate('undefined extended: provide extended option')
-  }
-
-  var extended = opts.extended !== false
-  var inflate = opts.inflate !== false
-  var limit = typeof opts.limit !== 'number'
-    ? bytes.parse(opts.limit || '100kb')
-    : opts.limit
-  var type = opts.type || 'application/x-www-form-urlencoded'
-  var verify = opts.verify || false
-
-  if (verify !== false && typeof verify !== 'function') {
-    throw new TypeError('option verify must be function')
-  }
-
-  // create the appropriate query parser
-  var queryparse = extended
-    ? extendedparser(opts)
-    : simpleparser(opts)
-
-  // create the appropriate type checking function
-  var shouldParse = typeof type !== 'function'
-    ? typeChecker(type)
-    : type
-
-  function parse (body) {
-    return body.length
-      ? queryparse(body)
-      : {}
-  }
-
-  return function urlencodedParser (req, res, next) {
-    if (req._body) {
-      debug('body already parsed')
-      next()
-      return
-    }
-
-    req.body = req.body || {}
-
-    // skip requests without bodies
-    if (!typeis.hasBody(req)) {
-      debug('skip empty body')
-      next()
-      return
-    }
-
-    debug('content-type %j', req.headers['content-type'])
-
-    // determine if request should be parsed
-    if (!shouldParse(req)) {
-      debug('skip parsing')
-      next()
-      return
-    }
-
-    // assert charset
-    var charset = getCharset(req) || 'utf-8'
-    if (charset !== 'utf-8') {
-      debug('invalid charset')
-      next(createError(415, 'unsupported charset "' + charset.toUpperCase() + '"', {
-        charset: charset,
-        type: 'charset.unsupported'
-      }))
-      return
-    }
-
-    // read
-    read(req, res, next, parse, debug, {
-      debug: debug,
-      encoding: charset,
-      inflate: inflate,
-      limit: limit,
-      verify: verify
-    })
-  }
-}
-
-/**
- * Get the extended query parser.
- *
- * @param {object} options
- */
-
-function extendedparser (options) {
-  var parameterLimit = options.parameterLimit !== undefined
-    ? options.parameterLimit
-    : 1000
-  var depth = options.depth !== undefined ? options.depth : 32
-  var parse = parser('qs')
-
-  if (isNaN(parameterLimit) || parameterLimit < 1) {
-    throw new TypeError('option parameterLimit must be a positive number')
-  }
-
-  if (isNaN(depth) || depth < 0) {
-    throw new TypeError('option depth must be a zero or a positive number')
-  }
-
-  if (isFinite(parameterLimit)) {
-    parameterLimit = parameterLimit | 0
-  }
-
-  return function queryparse (body) {
-    var paramCount = parameterCount(body, parameterLimit)
-
-    if (paramCount === undefined) {
-      debug('too many parameters')
-      throw createError(413, 'too many parameters', {
-        type: 'parameters.too.many'
-      })
-    }
-
-    var arrayLimit = Math.max(100, paramCount)
-
-    debug('parse extended urlencoding')
-    try {
-      return parse(body, {
-        allowPrototypes: true,
-        arrayLimit: arrayLimit,
-        depth: depth,
-        strictDepth: true,
-        parameterLimit: parameterLimit
-      })
-    } catch (err) {
-      if (err instanceof RangeError) {
-        throw createError(400, 'The input exceeded the depth', {
-          type: 'querystring.parse.rangeError'
-        })
-      } else {
-        throw err
-      }
-    }
-  }
-}
-
-/**
- * Get the charset of a request.
- *
- * @param {object} req
- * @api private
- */
-
-function getCharset (req) {
-  try {
-    return (contentType.parse(req).parameters.charset || '').toLowerCase()
-  } catch (e) {
-    return undefined
-  }
-}
-
-/**
- * Count the number of parameters, stopping once limit reached
- *
- * @param {string} body
- * @param {number} limit
- * @api private
- */
-
-function parameterCount (body, limit) {
-  var count = 0
-  var index = 0
-
-  while ((index = body.indexOf('&', index)) !== -1) {
-    count++
-    index++
-
-    if (count === limit) {
-      return undefined
-    }
-  }
-
-  return count
-}
-
-/**
- * Get parser for module name dynamically.
- *
- * @param {string} name
- * @return {function}
- * @api private
- */
-
-function parser (name) {
-  var mod = parsers[name]
-
-  if (mod !== undefined) {
-    return mod.parse
-  }
-
-  // this uses a switch for static require analysis
-  switch (name) {
-    case 'qs':
-      mod = require('qs')
-      break
-    case 'querystring':
-      mod = require('querystring')
-      break
-  }
-
-  // store to prevent invoking require()
-  parsers[name] = mod
-
-  return mod.parse
-}
-
-/**
- * Get the simple query parser.
- *
- * @param {object} options
- */
-
-function simpleparser (options) {
-  var parameterLimit = options.parameterLimit !== undefined
-    ? options.parameterLimit
-    : 1000
-  var parse = parser('querystring')
-
-  if (isNaN(parameterLimit) || parameterLimit < 1) {
-    throw new TypeError('option parameterLimit must be a positive number')
-  }
-
-  if (isFinite(parameterLimit)) {
-    parameterLimit = parameterLimit | 0
-  }
-
-  return function queryparse (body) {
-    var paramCount = parameterCount(body, parameterLimit)
-
-    if (paramCount === undefined) {
-      debug('too many parameters')
-      throw createError(413, 'too many parameters', {
-        type: 'parameters.too.many'
-      })
-    }
-
-    debug('parse urlencoding')
-    return parse(body, undefined, undefined, { maxKeys: parameterLimit })
-  }
-}
-
-/**
- * Get the simple type checker.
- *
- * @param {string} type
- * @return {function}
- */
-
-function typeChecker (type) {
-  return function checkType (req) {
-    return Boolean(typeis(req, type))
-  }
-}
diff --git a/src/Servers/ExpressServer/node_modules/body-parser/package.json b/src/Servers/ExpressServer/node_modules/body-parser/package.json
deleted file mode 100644
index c8e61c1..0000000
--- a/src/Servers/ExpressServer/node_modules/body-parser/package.json
+++ /dev/null
@@ -1,55 +0,0 @@
-{
-  "name": "body-parser",
-  "description": "Node.js body parsing middleware",
-  "version": "1.20.4",
-  "contributors": [
-    "Douglas Christopher Wilson <doug@somethingdoug.com>",
-    "Jonathan Ong <me@jongleberry.com> (http://jongleberry.com)"
-  ],
-  "license": "MIT",
-  "repository": "expressjs/body-parser",
-  "dependencies": {
-    "bytes": "~3.1.2",
-    "content-type": "~1.0.5",
-    "debug": "2.6.9",
-    "depd": "2.0.0",
-    "destroy": "~1.2.0",
-    "http-errors": "~2.0.1",
-    "iconv-lite": "~0.4.24",
-    "on-finished": "~2.4.1",
-    "qs": "~6.14.0",
-    "raw-body": "~2.5.3",
-    "type-is": "~1.6.18",
-    "unpipe": "~1.0.0"
-  },
-  "devDependencies": {
-    "eslint": "8.34.0",
-    "eslint-config-standard": "14.1.1",
-    "eslint-plugin-import": "2.27.5",
-    "eslint-plugin-markdown": "3.0.0",
-    "eslint-plugin-node": "11.1.0",
-    "eslint-plugin-promise": "6.1.1",
-    "eslint-plugin-standard": "4.1.0",
-    "methods": "1.1.2",
-    "mocha": "10.2.0",
-    "nyc": "15.1.0",
-    "safe-buffer": "5.2.1",
-    "supertest": "6.3.3"
-  },
-  "files": [
-    "lib/",
-    "LICENSE",
-    "HISTORY.md",
-    "index.js"
-  ],
-  "engines": {
-    "node": ">= 0.8",
-    "npm": "1.2.8000 || >= 1.4.16"
-  },
-  "scripts": {
-    "lint": "eslint .",
-    "test": "mocha --require test/support/env --reporter spec --check-leaks --bail test/",
-    "test-ci": "nyc --reporter=lcov --reporter=text npm test",
-    "test-cov": "nyc --reporter=html --reporter=text npm test"
-  }
-}
diff --git a/src/Servers/ExpressServer/node_modules/bytes/History.md b/src/Servers/ExpressServer/node_modules/bytes/History.md
deleted file mode 100644
index d60ce0e..0000000
--- a/src/Servers/ExpressServer/node_modules/bytes/History.md
+++ /dev/null
@@ -1,97 +0,0 @@
-3.1.2 / 2022-01-27
-==================
-
-  * Fix return value for un-parsable strings
-
-3.1.1 / 2021-11-15
-==================
-
-  * Fix "thousandsSeparator" incorrecting formatting fractional part
-
-3.1.0 / 2019-01-22
-==================
-
-  * Add petabyte (`pb`) support
-
-3.0.0 / 2017-08-31
-==================
-
-  * Change "kB" to "KB" in format output
-  * Remove support for Node.js 0.6
-  * Remove support for ComponentJS
-
-2.5.0 / 2017-03-24
-==================
-
-  * Add option "unit"
-
-2.4.0 / 2016-06-01
-==================
-
-  * Add option "unitSeparator"
-
-2.3.0 / 2016-02-15
-==================
-
-  * Drop partial bytes on all parsed units
-  * Fix non-finite numbers to `.format` to return `null`
-  * Fix parsing byte string that looks like hex
-  * perf: hoist regular expressions
-
-2.2.0 / 2015-11-13
-==================
-
-  * add option "decimalPlaces"
-  * add option "fixedDecimals"
-
-2.1.0 / 2015-05-21
-==================
-
-  * add `.format` export
-  * add `.parse` export
-
-2.0.2 / 2015-05-20
-==================
-
-  * remove map recreation
-  * remove unnecessary object construction
-
-2.0.1 / 2015-05-07
-==================
-
-  * fix browserify require
-  * remove node.extend dependency
-
-2.0.0 / 2015-04-12
-==================
-
-  * add option "case"
-  * add option "thousandsSeparator"
-  * return "null" on invalid parse input
-  * support proper round-trip: bytes(bytes(num)) === num
-  * units no longer case sensitive when parsing
-
-1.0.0 / 2014-05-05
-==================
-
- * add negative support. fixes #6
-
-0.3.0 / 2014-03-19
-==================
-
- * added terabyte support
-
-0.2.1 / 2013-04-01
-==================
-
-  * add .component
-
-0.2.0 / 2012-10-28
-==================
-
-  * bytes(200).should.eql('200b')
-
-0.1.0 / 2012-07-04
-==================
-
-  * add bytes to string conversion [yields]
diff --git a/src/Servers/ExpressServer/node_modules/bytes/LICENSE b/src/Servers/ExpressServer/node_modules/bytes/LICENSE
deleted file mode 100644
index 63e95a9..0000000
--- a/src/Servers/ExpressServer/node_modules/bytes/LICENSE
+++ /dev/null
@@ -1,23 +0,0 @@
-(The MIT License)
-
-Copyright (c) 2012-2014 TJ Holowaychuk <tj@vision-media.ca>
-Copyright (c) 2015 Jed Watson <jed.watson@me.com>
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-'Software'), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
-CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
-TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
-SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/bytes/Readme.md b/src/Servers/ExpressServer/node_modules/bytes/Readme.md
deleted file mode 100644
index 5790e23..0000000
--- a/src/Servers/ExpressServer/node_modules/bytes/Readme.md
+++ /dev/null
@@ -1,152 +0,0 @@
-# Bytes utility
-
-[![NPM Version][npm-image]][npm-url]
-[![NPM Downloads][downloads-image]][downloads-url]
-[![Build Status][ci-image]][ci-url]
-[![Test Coverage][coveralls-image]][coveralls-url]
-
-Utility to parse a string bytes (ex: `1TB`) to bytes (`1099511627776`) and vice-versa.
-
-## Installation
-
-This is a [Node.js](https://nodejs.org/en/) module available through the
-[npm registry](https://www.npmjs.com/). Installation is done using the
-[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
-
-```bash
-$ npm install bytes
-```
-
-## Usage
-
-```js
-var bytes = require('bytes');
-```
-
-#### bytes(number｜string value, [options]): number｜string｜null
-
-Default export function. Delegates to either `bytes.format` or `bytes.parse` based on the type of `value`.
-
-**Arguments**
-
-| Name    | Type     | Description        |
-|---------|----------|--------------------|
-| value   | `number`｜`string` | Number value to format or string value to parse |
-| options | `Object` | Conversion options for `format` |
-
-**Returns**
-
-| Name    | Type             | Description                                     |
-|---------|------------------|-------------------------------------------------|
-| results | `string`｜`number`｜`null` | Return null upon error. Numeric value in bytes, or string value otherwise. |
-
-**Example**
-
-```js
-bytes(1024);
-// output: '1KB'
-
-bytes('1KB');
-// output: 1024
-```
-
-#### bytes.format(number value, [options]): string｜null
-
-Format the given value in bytes into a string. If the value is negative, it is kept as such. If it is a float, it is
- rounded.
-
-**Arguments**
-
-| Name    | Type     | Description        |
-|---------|----------|--------------------|
-| value   | `number` | Value in bytes     |
-| options | `Object` | Conversion options |
-
-**Options**
-
-| Property          | Type   | Description                                                                             |
-|-------------------|--------|-----------------------------------------------------------------------------------------|
-| decimalPlaces | `number`｜`null` | Maximum number of decimal places to include in output. Default value to `2`. |
-| fixedDecimals | `boolean`｜`null` | Whether to always display the maximum number of decimal places. Default value to `false` |
-| thousandsSeparator | `string`｜`null` | Example of values: `' '`, `','` and `'.'`... Default value to `''`. |
-| unit | `string`｜`null` | The unit in which the result will be returned (B/KB/MB/GB/TB). Default value to `''` (which means auto detect). |
-| unitSeparator | `string`｜`null` | Separator to use between number and unit. Default value to `''`. |
-
-**Returns**
-
-| Name    | Type             | Description                                     |
-|---------|------------------|-------------------------------------------------|
-| results | `string`｜`null` | Return null upon error. String value otherwise. |
-
-**Example**
-
-```js
-bytes.format(1024);
-// output: '1KB'
-
-bytes.format(1000);
-// output: '1000B'
-
-bytes.format(1000, {thousandsSeparator: ' '});
-// output: '1 000B'
-
-bytes.format(1024 * 1.7, {decimalPlaces: 0});
-// output: '2KB'
-
-bytes.format(1024, {unitSeparator: ' '});
-// output: '1 KB'
-```
-
-#### bytes.parse(string｜number value): number｜null
-
-Parse the string value into an integer in bytes. If no unit is given, or `value`
-is a number, it is assumed the value is in bytes.
-
-Supported units and abbreviations are as follows and are case-insensitive:
-
-  * `b` for bytes
-  * `kb` for kilobytes
-  * `mb` for megabytes
-  * `gb` for gigabytes
-  * `tb` for terabytes
-  * `pb` for petabytes
-
-The units are in powers of two, not ten. This means 1kb = 1024b according to this parser.
-
-**Arguments**
-
-| Name          | Type   | Description        |
-|---------------|--------|--------------------|
-| value   | `string`｜`number` | String to parse, or number in bytes.   |
-
-**Returns**
-
-| Name    | Type        | Description             |
-|---------|-------------|-------------------------|
-| results | `number`｜`null` | Return null upon error. Value in bytes otherwise. |
-
-**Example**
-
-```js
-bytes.parse('1KB');
-// output: 1024
-
-bytes.parse('1024');
-// output: 1024
-
-bytes.parse(1024);
-// output: 1024
-```
-
-## License
-
-[MIT](LICENSE)
-
-[ci-image]: https://badgen.net/github/checks/visionmedia/bytes.js/master?label=ci
-[ci-url]: https://github.com/visionmedia/bytes.js/actions?query=workflow%3Aci
-[coveralls-image]: https://badgen.net/coveralls/c/github/visionmedia/bytes.js/master
-[coveralls-url]: https://coveralls.io/r/visionmedia/bytes.js?branch=master
-[downloads-image]: https://badgen.net/npm/dm/bytes
-[downloads-url]: https://npmjs.org/package/bytes
-[npm-image]: https://badgen.net/npm/v/bytes
-[npm-url]: https://npmjs.org/package/bytes
diff --git a/src/Servers/ExpressServer/node_modules/bytes/index.js b/src/Servers/ExpressServer/node_modules/bytes/index.js
deleted file mode 100644
index 6f2d0f8..0000000
--- a/src/Servers/ExpressServer/node_modules/bytes/index.js
+++ /dev/null
@@ -1,170 +0,0 @@
-/*!
- * bytes
- * Copyright(c) 2012-2014 TJ Holowaychuk
- * Copyright(c) 2015 Jed Watson
- * MIT Licensed
- */
-
-'use strict';
-
-/**
- * Module exports.
- * @public
- */
-
-module.exports = bytes;
-module.exports.format = format;
-module.exports.parse = parse;
-
-/**
- * Module variables.
- * @private
- */
-
-var formatThousandsRegExp = /\B(?=(\d{3})+(?!\d))/g;
-
-var formatDecimalsRegExp = /(?:\.0*|(\.[^0]+)0+)$/;
-
-var map = {
-  b:  1,
-  kb: 1 << 10,
-  mb: 1 << 20,
-  gb: 1 << 30,
-  tb: Math.pow(1024, 4),
-  pb: Math.pow(1024, 5),
-};
-
-var parseRegExp = /^((-|\+)?(\d+(?:\.\d+)?)) *(kb|mb|gb|tb|pb)$/i;
-
-/**
- * Convert the given value in bytes into a string or parse to string to an integer in bytes.
- *
- * @param {string|number} value
- * @param {{
- *  case: [string],
- *  decimalPlaces: [number]
- *  fixedDecimals: [boolean]
- *  thousandsSeparator: [string]
- *  unitSeparator: [string]
- *  }} [options] bytes options.
- *
- * @returns {string|number|null}
- */
-
-function bytes(value, options) {
-  if (typeof value === 'string') {
-    return parse(value);
-  }
-
-  if (typeof value === 'number') {
-    return format(value, options);
-  }
-
-  return null;
-}
-
-/**
- * Format the given value in bytes into a string.
- *
- * If the value is negative, it is kept as such. If it is a float,
- * it is rounded.
- *
- * @param {number} value
- * @param {object} [options]
- * @param {number} [options.decimalPlaces=2]
- * @param {number} [options.fixedDecimals=false]
- * @param {string} [options.thousandsSeparator=]
- * @param {string} [options.unit=]
- * @param {string} [options.unitSeparator=]
- *
- * @returns {string|null}
- * @public
- */
-
-function format(value, options) {
-  if (!Number.isFinite(value)) {
-    return null;
-  }
-
-  var mag = Math.abs(value);
-  var thousandsSeparator = (options && options.thousandsSeparator) || '';
-  var unitSeparator = (options && options.unitSeparator) || '';
-  var decimalPlaces = (options && options.decimalPlaces !== undefined) ? options.decimalPlaces : 2;
-  var fixedDecimals = Boolean(options && options.fixedDecimals);
-  var unit = (options && options.unit) || '';
-
-  if (!unit || !map[unit.toLowerCase()]) {
-    if (mag >= map.pb) {
-      unit = 'PB';
-    } else if (mag >= map.tb) {
-      unit = 'TB';
-    } else if (mag >= map.gb) {
-      unit = 'GB';
-    } else if (mag >= map.mb) {
-      unit = 'MB';
-    } else if (mag >= map.kb) {
-      unit = 'KB';
-    } else {
-      unit = 'B';
-    }
-  }
-
-  var val = value / map[unit.toLowerCase()];
-  var str = val.toFixed(decimalPlaces);
-
-  if (!fixedDecimals) {
-    str = str.replace(formatDecimalsRegExp, '$1');
-  }
-
-  if (thousandsSeparator) {
-    str = str.split('.').map(function (s, i) {
-      return i === 0
-        ? s.replace(formatThousandsRegExp, thousandsSeparator)
-        : s
-    }).join('.');
-  }
-
-  return str + unitSeparator + unit;
-}
-
-/**
- * Parse the string value into an integer in bytes.
- *
- * If no unit is given, it is assumed the value is in bytes.
- *
- * @param {number|string} val
- *
- * @returns {number|null}
- * @public
- */
-
-function parse(val) {
-  if (typeof val === 'number' && !isNaN(val)) {
-    return val;
-  }
-
-  if (typeof val !== 'string') {
-    return null;
-  }
-
-  // Test if the string passed is valid
-  var results = parseRegExp.exec(val);
-  var floatValue;
-  var unit = 'b';
-
-  if (!results) {
-    // Nothing could be extracted from the given string
-    floatValue = parseInt(val, 10);
-    unit = 'b'
-  } else {
-    // Retrieve the value and the unit
-    floatValue = parseFloat(results[1]);
-    unit = results[4].toLowerCase();
-  }
-
-  if (isNaN(floatValue)) {
-    return null;
-  }
-
-  return Math.floor(map[unit] * floatValue);
-}
diff --git a/src/Servers/ExpressServer/node_modules/bytes/package.json b/src/Servers/ExpressServer/node_modules/bytes/package.json
deleted file mode 100644
index f2b6a8b..0000000
--- a/src/Servers/ExpressServer/node_modules/bytes/package.json
+++ /dev/null
@@ -1,42 +0,0 @@
-{
-  "name": "bytes",
-  "description": "Utility to parse a string bytes to bytes and vice-versa",
-  "version": "3.1.2",
-  "author": "TJ Holowaychuk <tj@vision-media.ca> (http://tjholowaychuk.com)",
-  "contributors": [
-    "Jed Watson <jed.watson@me.com>",
-    "Théo FIDRY <theo.fidry@gmail.com>"
-  ],
-  "license": "MIT",
-  "keywords": [
-    "byte",
-    "bytes",
-    "utility",
-    "parse",
-    "parser",
-    "convert",
-    "converter"
-  ],
-  "repository": "visionmedia/bytes.js",
-  "devDependencies": {
-    "eslint": "7.32.0",
-    "eslint-plugin-markdown": "2.2.1",
-    "mocha": "9.2.0",
-    "nyc": "15.1.0"
-  },
-  "files": [
-    "History.md",
-    "LICENSE",
-    "Readme.md",
-    "index.js"
-  ],
-  "engines": {
-    "node": ">= 0.8"
-  },
-  "scripts": {
-    "lint": "eslint .",
-    "test": "mocha --check-leaks --reporter spec",
-    "test-ci": "nyc --reporter=lcov --reporter=text npm test",
-    "test-cov": "nyc --reporter=html --reporter=text npm test"
-  }
-}
diff --git a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/.eslintrc b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/.eslintrc
deleted file mode 100644
index 201e859..0000000
--- a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/.eslintrc
+++ /dev/null
@@ -1,17 +0,0 @@
-{
-	"root": true,
-
-	"extends": "@ljharb",
-
-	"rules": {
-		"func-name-matching": 0,
-		"id-length": 0,
-		"new-cap": [2, {
-			"capIsNewExceptions": [
-				"GetIntrinsic",
-			],
-		}],
-		"no-extra-parens": 0,
-		"no-magic-numbers": 0,
-	},
-}
diff --git a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/.github/FUNDING.yml b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/.github/FUNDING.yml
deleted file mode 100644
index 0011e9d..0000000
--- a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/.github/FUNDING.yml
+++ /dev/null
@@ -1,12 +0,0 @@
-# These are supported funding model platforms
-
-github: [ljharb]
-patreon: # Replace with a single Patreon username
-open_collective: # Replace with a single Open Collective username
-ko_fi: # Replace with a single Ko-fi username
-tidelift: npm/call-bind-apply-helpers
-community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
-liberapay: # Replace with a single Liberapay username
-issuehunt: # Replace with a single IssueHunt username
-otechie: # Replace with a single Otechie username
-custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']
diff --git a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/.nycrc b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/.nycrc
deleted file mode 100644
index bdd626c..0000000
--- a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/.nycrc
+++ /dev/null
@@ -1,9 +0,0 @@
-{
-	"all": true,
-	"check-coverage": false,
-	"reporter": ["text-summary", "text", "html", "json"],
-	"exclude": [
-		"coverage",
-		"test"
-	]
-}
diff --git a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/CHANGELOG.md b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/CHANGELOG.md
deleted file mode 100644
index 2484942..0000000
--- a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/CHANGELOG.md
+++ /dev/null
@@ -1,30 +0,0 @@
-# Changelog
-
-All notable changes to this project will be documented in this file.
-
-The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
-and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
-
-## [v1.0.2](https://github.com/ljharb/call-bind-apply-helpers/compare/v1.0.1...v1.0.2) - 2025-02-12
-
-### Commits
-
-- [types] improve inferred types [`e6f9586`](https://github.com/ljharb/call-bind-apply-helpers/commit/e6f95860a3c72879cb861a858cdfb8138fbedec1)
-- [Dev Deps] update `@arethetypeswrong/cli`, `@ljharb/tsconfig`, `@types/tape`, `es-value-fixtures`, `for-each`, `has-strict-mode`, `object-inspect` [`e43d540`](https://github.com/ljharb/call-bind-apply-helpers/commit/e43d5409f97543bfbb11f345d47d8ce4e066d8c1)
-
-## [v1.0.1](https://github.com/ljharb/call-bind-apply-helpers/compare/v1.0.0...v1.0.1) - 2024-12-08
-
-### Commits
-
-- [types] `reflectApply`: fix types [`4efc396`](https://github.com/ljharb/call-bind-apply-helpers/commit/4efc3965351a4f02cc55e836fa391d3d11ef2ef8)
-- [Fix] `reflectApply`: oops, Reflect is not a function [`83cc739`](https://github.com/ljharb/call-bind-apply-helpers/commit/83cc7395de6b79b7730bdf092f1436f0b1263c75)
-- [Dev Deps] update `@arethetypeswrong/cli` [`80bd5d3`](https://github.com/ljharb/call-bind-apply-helpers/commit/80bd5d3ae58b4f6b6995ce439dd5a1bcb178a940)
-
-## v1.0.0 - 2024-12-05
-
-### Commits
-
-- Initial implementation, tests, readme [`7879629`](https://github.com/ljharb/call-bind-apply-helpers/commit/78796290f9b7430c9934d6f33d94ae9bc89fce04)
-- Initial commit [`3f1dc16`](https://github.com/ljharb/call-bind-apply-helpers/commit/3f1dc164afc43285631b114a5f9dd9137b2b952f)
-- npm init [`081df04`](https://github.com/ljharb/call-bind-apply-helpers/commit/081df048c312fcee400922026f6e97281200a603)
-- Only apps should have lockfiles [`5b9ca0f`](https://github.com/ljharb/call-bind-apply-helpers/commit/5b9ca0fe8101ebfaf309c549caac4e0a017ed930)
diff --git a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/LICENSE b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/LICENSE
deleted file mode 100644
index f82f389..0000000
--- a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/LICENSE
+++ /dev/null
@@ -1,21 +0,0 @@
-MIT License
-
-Copyright (c) 2024 Jordan Harband
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/README.md b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/README.md
deleted file mode 100644
index 8fc0dae..0000000
--- a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/README.md
+++ /dev/null
@@ -1,62 +0,0 @@
-# call-bind-apply-helpers <sup>[![Version Badge][npm-version-svg]][package-url]</sup>
-
-[![github actions][actions-image]][actions-url]
-[![coverage][codecov-image]][codecov-url]
-[![dependency status][deps-svg]][deps-url]
-[![dev dependency status][dev-deps-svg]][dev-deps-url]
-[![License][license-image]][license-url]
-[![Downloads][downloads-image]][downloads-url]
-
-[![npm badge][npm-badge-png]][package-url]
-
-Helper functions around Function call/apply/bind, for use in `call-bind`.
-
-The only packages that should likely ever use this package directly are `call-bind` and `get-intrinsic`.
-Please use `call-bind` unless you have a very good reason not to.
-
-## Getting started
-
-```sh
-npm install --save call-bind-apply-helpers
-```
-
-## Usage/Examples
-
-```js
-const assert = require('assert');
-const callBindBasic = require('call-bind-apply-helpers');
-
-function f(a, b) {
-	assert.equal(this, 1);
-	assert.equal(a, 2);
-	assert.equal(b, 3);
-	assert.equal(arguments.length, 2);
-}
-
-const fBound = callBindBasic([f, 1]);
-
-delete Function.prototype.call;
-delete Function.prototype.bind;
-
-fBound(2, 3);
-```
-
-## Tests
-
-Clone the repo, `npm install`, and run `npm test`
-
-[package-url]: https://npmjs.org/package/call-bind-apply-helpers
-[npm-version-svg]: https://versionbadg.es/ljharb/call-bind-apply-helpers.svg
-[deps-svg]: https://david-dm.org/ljharb/call-bind-apply-helpers.svg
-[deps-url]: https://david-dm.org/ljharb/call-bind-apply-helpers
-[dev-deps-svg]: https://david-dm.org/ljharb/call-bind-apply-helpers/dev-status.svg
-[dev-deps-url]: https://david-dm.org/ljharb/call-bind-apply-helpers#info=devDependencies
-[npm-badge-png]: https://nodei.co/npm/call-bind-apply-helpers.png?downloads=true&stars=true
-[license-image]: https://img.shields.io/npm/l/call-bind-apply-helpers.svg
-[license-url]: LICENSE
-[downloads-image]: https://img.shields.io/npm/dm/call-bind-apply-helpers.svg
-[downloads-url]: https://npm-stat.com/charts.html?package=call-bind-apply-helpers
-[codecov-image]: https://codecov.io/gh/ljharb/call-bind-apply-helpers/branch/main/graphs/badge.svg
-[codecov-url]: https://app.codecov.io/gh/ljharb/call-bind-apply-helpers/
-[actions-image]: https://img.shields.io/endpoint?url=https://github-actions-badge-u3jn4tfpocch.runkit.sh/ljharb/call-bind-apply-helpers
-[actions-url]: https://github.com/ljharb/call-bind-apply-helpers/actions
diff --git a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/actualApply.d.ts b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/actualApply.d.ts
deleted file mode 100644
index b87286a..0000000
--- a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/actualApply.d.ts
+++ /dev/null
@@ -1 +0,0 @@
-export = Reflect.apply;
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/actualApply.js b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/actualApply.js
deleted file mode 100644
index ffa5135..0000000
--- a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/actualApply.js
+++ /dev/null
@@ -1,10 +0,0 @@
-'use strict';
-
-var bind = require('function-bind');
-
-var $apply = require('./functionApply');
-var $call = require('./functionCall');
-var $reflectApply = require('./reflectApply');
-
-/** @type {import('./actualApply')} */
-module.exports = $reflectApply || bind.call($call, $apply);
diff --git a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/applyBind.d.ts b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/applyBind.d.ts
deleted file mode 100644
index d176c1a..0000000
--- a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/applyBind.d.ts
+++ /dev/null
@@ -1,19 +0,0 @@
-import actualApply from './actualApply';
-
-type TupleSplitHead<T extends any[], N extends number> = T['length'] extends N
-  ? T
-  : T extends [...infer R, any]
-  ? TupleSplitHead<R, N>
-  : never
-
-type TupleSplitTail<T, N extends number, O extends any[] = []> = O['length'] extends N
-  ? T
-  : T extends [infer F, ...infer R]
-  ? TupleSplitTail<[...R], N, [...O, F]>
-  : never
-
-type TupleSplit<T extends any[], N extends number> = [TupleSplitHead<T, N>, TupleSplitTail<T, N>]
-
-declare function applyBind(...args: TupleSplit<Parameters<typeof actualApply>, 2>[1]): ReturnType<typeof actualApply>;
-
-export = applyBind;
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/applyBind.js b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/applyBind.js
deleted file mode 100644
index d2b7723..0000000
--- a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/applyBind.js
+++ /dev/null
@@ -1,10 +0,0 @@
-'use strict';
-
-var bind = require('function-bind');
-var $apply = require('./functionApply');
-var actualApply = require('./actualApply');
-
-/** @type {import('./applyBind')} */
-module.exports = function applyBind() {
-	return actualApply(bind, $apply, arguments);
-};
diff --git a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/functionApply.d.ts b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/functionApply.d.ts
deleted file mode 100644
index 1f6e11b..0000000
--- a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/functionApply.d.ts
+++ /dev/null
@@ -1 +0,0 @@
-export = Function.prototype.apply;
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/functionApply.js b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/functionApply.js
deleted file mode 100644
index c71df9c..0000000
--- a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/functionApply.js
+++ /dev/null
@@ -1,4 +0,0 @@
-'use strict';
-
-/** @type {import('./functionApply')} */
-module.exports = Function.prototype.apply;
diff --git a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/functionCall.d.ts b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/functionCall.d.ts
deleted file mode 100644
index 15e93df..0000000
--- a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/functionCall.d.ts
+++ /dev/null
@@ -1 +0,0 @@
-export = Function.prototype.call;
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/functionCall.js b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/functionCall.js
deleted file mode 100644
index 7a8d873..0000000
--- a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/functionCall.js
+++ /dev/null
@@ -1,4 +0,0 @@
-'use strict';
-
-/** @type {import('./functionCall')} */
-module.exports = Function.prototype.call;
diff --git a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/index.d.ts b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/index.d.ts
deleted file mode 100644
index 541516b..0000000
--- a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/index.d.ts
+++ /dev/null
@@ -1,64 +0,0 @@
-type RemoveFromTuple<
-  Tuple extends readonly unknown[],
-  RemoveCount extends number,
-  Index extends 1[] = []
-> = Index["length"] extends RemoveCount
-  ? Tuple
-  : Tuple extends [infer First, ...infer Rest]
-  ? RemoveFromTuple<Rest, RemoveCount, [...Index, 1]>
-  : Tuple;
-
-type ConcatTuples<
-  Prefix extends readonly unknown[],
-  Suffix extends readonly unknown[]
-> = [...Prefix, ...Suffix];
-
-type ExtractFunctionParams<T> = T extends (this: infer TThis, ...args: infer P extends readonly unknown[]) => infer R
-  ? { thisArg: TThis; params: P; returnType: R }
-  : never;
-
-type BindFunction<
-  T extends (this: any, ...args: any[]) => any,
-  TThis,
-  TBoundArgs extends readonly unknown[],
-  ReceiverBound extends boolean
-> = ExtractFunctionParams<T> extends {
-  thisArg: infer OrigThis;
-  params: infer P extends readonly unknown[];
-  returnType: infer R;
-}
-  ? ReceiverBound extends true
-    ? (...args: RemoveFromTuple<P, Extract<TBoundArgs["length"], number>>) => R extends [OrigThis, ...infer Rest]
-      ? [TThis, ...Rest] // Replace `this` with `thisArg`
-      : R
-    : <U, RemainingArgs extends RemoveFromTuple<P, Extract<TBoundArgs["length"], number>>>(
-        thisArg: U,
-        ...args: RemainingArgs
-      ) => R extends [OrigThis, ...infer Rest]
-      ? [U, ...ConcatTuples<TBoundArgs, Rest>] // Preserve bound args in return type
-      : R
-  : never;
-
-declare function callBind<
-  const T extends (this: any, ...args: any[]) => any,
-  Extracted extends ExtractFunctionParams<T>,
-  const TBoundArgs extends Partial<Extracted["params"]> & readonly unknown[],
-  const TThis extends Extracted["thisArg"]
->(
-  args: [fn: T, thisArg: TThis, ...boundArgs: TBoundArgs]
-): BindFunction<T, TThis, TBoundArgs, true>;
-
-declare function callBind<
-  const T extends (this: any, ...args: any[]) => any,
-  Extracted extends ExtractFunctionParams<T>,
-  const TBoundArgs extends Partial<Extracted["params"]> & readonly unknown[]
->(
-  args: [fn: T, ...boundArgs: TBoundArgs]
-): BindFunction<T, Extracted["thisArg"], TBoundArgs, false>;
-
-declare function callBind<const TArgs extends readonly unknown[]>(
-  args: [fn: Exclude<TArgs[0], Function>, ...rest: TArgs]
-): never;
-
-// export as namespace callBind;
-export = callBind;
diff --git a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/index.js b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/index.js
deleted file mode 100644
index 2f6dab4..0000000
--- a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/index.js
+++ /dev/null
@@ -1,15 +0,0 @@
-'use strict';
-
-var bind = require('function-bind');
-var $TypeError = require('es-errors/type');
-
-var $call = require('./functionCall');
-var $actualApply = require('./actualApply');
-
-/** @type {(args: [Function, thisArg?: unknown, ...args: unknown[]]) => Function} TODO FIXME, find a way to use import('.') */
-module.exports = function callBindBasic(args) {
-	if (args.length < 1 || typeof args[0] !== 'function') {
-		throw new $TypeError('a function is required');
-	}
-	return $actualApply(bind, $call, args);
-};
diff --git a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/package.json b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/package.json
deleted file mode 100644
index 923b8be..0000000
--- a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/package.json
+++ /dev/null
@@ -1,85 +0,0 @@
-{
-	"name": "call-bind-apply-helpers",
-	"version": "1.0.2",
-	"description": "Helper functions around Function call/apply/bind, for use in `call-bind`",
-	"main": "index.js",
-	"exports": {
-		".": "./index.js",
-		"./actualApply": "./actualApply.js",
-		"./applyBind": "./applyBind.js",
-		"./functionApply": "./functionApply.js",
-		"./functionCall": "./functionCall.js",
-		"./reflectApply": "./reflectApply.js",
-		"./package.json": "./package.json"
-	},
-	"scripts": {
-		"prepack": "npmignore --auto --commentLines=auto",
-		"prepublish": "not-in-publish || npm run prepublishOnly",
-		"prepublishOnly": "safe-publish-latest",
-		"prelint": "evalmd README.md",
-		"lint": "eslint --ext=.js,.mjs .",
-		"postlint": "tsc -p . && attw -P",
-		"pretest": "npm run lint",
-		"tests-only": "nyc tape 'test/**/*.js'",
-		"test": "npm run tests-only",
-		"posttest": "npx npm@'>=10.2' audit --production",
-		"version": "auto-changelog && git add CHANGELOG.md",
-		"postversion": "auto-changelog && git add CHANGELOG.md && git commit --no-edit --amend && git tag -f \"v$(node -e \"console.log(require('./package.json').version)\")\""
-	},
-	"repository": {
-		"type": "git",
-		"url": "git+https://github.com/ljharb/call-bind-apply-helpers.git"
-	},
-	"author": "Jordan Harband <ljharb@gmail.com>",
-	"license": "MIT",
-	"bugs": {
-		"url": "https://github.com/ljharb/call-bind-apply-helpers/issues"
-	},
-	"homepage": "https://github.com/ljharb/call-bind-apply-helpers#readme",
-	"dependencies": {
-		"es-errors": "^1.3.0",
-		"function-bind": "^1.1.2"
-	},
-	"devDependencies": {
-		"@arethetypeswrong/cli": "^0.17.3",
-		"@ljharb/eslint-config": "^21.1.1",
-		"@ljharb/tsconfig": "^0.2.3",
-		"@types/for-each": "^0.3.3",
-		"@types/function-bind": "^1.1.10",
-		"@types/object-inspect": "^1.13.0",
-		"@types/tape": "^5.8.1",
-		"auto-changelog": "^2.5.0",
-		"encoding": "^0.1.13",
-		"es-value-fixtures": "^1.7.1",
-		"eslint": "=8.8.0",
-		"evalmd": "^0.0.19",
-		"for-each": "^0.3.5",
-		"has-strict-mode": "^1.1.0",
-		"in-publish": "^2.0.1",
-		"npmignore": "^0.3.1",
-		"nyc": "^10.3.2",
-		"object-inspect": "^1.13.4",
-		"safe-publish-latest": "^2.0.0",
-		"tape": "^5.9.0",
-		"typescript": "next"
-	},
-	"testling": {
-		"files": "test/index.js"
-	},
-	"auto-changelog": {
-		"output": "CHANGELOG.md",
-		"template": "keepachangelog",
-		"unreleased": false,
-		"commitLimit": false,
-		"backfillLimit": false,
-		"hideCredit": true
-	},
-	"publishConfig": {
-		"ignore": [
-			".github/workflows"
-		]
-	},
-	"engines": {
-		"node": ">= 0.4"
-	}
-}
diff --git a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/reflectApply.d.ts b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/reflectApply.d.ts
deleted file mode 100644
index 6b2ae76..0000000
--- a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/reflectApply.d.ts
+++ /dev/null
@@ -1,3 +0,0 @@
-declare const reflectApply: false | typeof Reflect.apply;
-
-export = reflectApply;
diff --git a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/reflectApply.js b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/reflectApply.js
deleted file mode 100644
index 3d03caa..0000000
--- a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/reflectApply.js
+++ /dev/null
@@ -1,4 +0,0 @@
-'use strict';
-
-/** @type {import('./reflectApply')} */
-module.exports = typeof Reflect !== 'undefined' && Reflect && Reflect.apply;
diff --git a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/test/index.js b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/test/index.js
deleted file mode 100644
index 1cdc89e..0000000
--- a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/test/index.js
+++ /dev/null
@@ -1,63 +0,0 @@
-'use strict';
-
-var callBind = require('../');
-var hasStrictMode = require('has-strict-mode')();
-var forEach = require('for-each');
-var inspect = require('object-inspect');
-var v = require('es-value-fixtures');
-
-var test = require('tape');
-
-test('callBindBasic', function (t) {
-	forEach(v.nonFunctions, function (nonFunction) {
-		t['throws'](
-			// @ts-expect-error
-			function () { callBind([nonFunction]); },
-			TypeError,
-			inspect(nonFunction) + ' is not a function'
-		);
-	});
-
-	var sentinel = { sentinel: true };
-	/** @type {<T, A extends number, B extends number>(this: T, a: A, b: B) => [T | undefined, A, B]} */
-	var func = function (a, b) {
-		// eslint-disable-next-line no-invalid-this
-		return [!hasStrictMode && this === global ? undefined : this, a, b];
-	};
-	t.equal(func.length, 2, 'original function length is 2');
-
-	/** type {(thisArg: unknown, a: number, b: number) => [unknown, number, number]} */
-	var bound = callBind([func]);
-	/** type {((a: number, b: number) => [typeof sentinel, typeof a, typeof b])} */
-	var boundR = callBind([func, sentinel]);
-	/** type {((b: number) => [typeof sentinel, number, typeof b])} */
-	var boundArg = callBind([func, sentinel, /** @type {const} */ (1)]);
-
-	// @ts-expect-error
-	t.deepEqual(bound(), [undefined, undefined, undefined], 'bound func with no args');
-
-	// @ts-expect-error
-	t.deepEqual(func(), [undefined, undefined, undefined], 'unbound func with too few args');
-	// @ts-expect-error
-	t.deepEqual(bound(1, 2), [hasStrictMode ? 1 : Object(1), 2, undefined], 'bound func too few args');
-	// @ts-expect-error
-	t.deepEqual(boundR(), [sentinel, undefined, undefined], 'bound func with receiver, with too few args');
-	// @ts-expect-error
-	t.deepEqual(boundArg(), [sentinel, 1, undefined], 'bound func with receiver and arg, with too few args');
-
-	t.deepEqual(func(1, 2), [undefined, 1, 2], 'unbound func with right args');
-	t.deepEqual(bound(1, 2, 3), [hasStrictMode ? 1 : Object(1), 2, 3], 'bound func with right args');
-	t.deepEqual(boundR(1, 2), [sentinel, 1, 2], 'bound func with receiver, with right args');
-	t.deepEqual(boundArg(2), [sentinel, 1, 2], 'bound func with receiver and arg, with right arg');
-
-	// @ts-expect-error
-	t.deepEqual(func(1, 2, 3), [undefined, 1, 2], 'unbound func with too many args');
-	// @ts-expect-error
-	t.deepEqual(bound(1, 2, 3, 4), [hasStrictMode ? 1 : Object(1), 2, 3], 'bound func with too many args');
-	// @ts-expect-error
-	t.deepEqual(boundR(1, 2, 3), [sentinel, 1, 2], 'bound func with receiver, with too many args');
-	// @ts-expect-error
-	t.deepEqual(boundArg(2, 3), [sentinel, 1, 2], 'bound func with receiver and arg, with too many args');
-
-	t.end();
-});
diff --git a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/tsconfig.json b/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/tsconfig.json
deleted file mode 100644
index aef9993..0000000
--- a/src/Servers/ExpressServer/node_modules/call-bind-apply-helpers/tsconfig.json
+++ /dev/null
@@ -1,9 +0,0 @@
-{
-	"extends": "@ljharb/tsconfig",
-	"compilerOptions": {
-		"target": "es2021",
-	},
-	"exclude": [
-		"coverage",
-	],
-}
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/call-bound/.eslintrc b/src/Servers/ExpressServer/node_modules/call-bound/.eslintrc
deleted file mode 100644
index 2612ed8..0000000
--- a/src/Servers/ExpressServer/node_modules/call-bound/.eslintrc
+++ /dev/null
@@ -1,13 +0,0 @@
-{
-	"root": true,
-
-	"extends": "@ljharb",
-
-	"rules": {
-		"new-cap": [2, {
-			"capIsNewExceptions": [
-				"GetIntrinsic",
-			],
-		}],
-	},
-}
diff --git a/src/Servers/ExpressServer/node_modules/call-bound/.github/FUNDING.yml b/src/Servers/ExpressServer/node_modules/call-bound/.github/FUNDING.yml
deleted file mode 100644
index 2a2a135..0000000
--- a/src/Servers/ExpressServer/node_modules/call-bound/.github/FUNDING.yml
+++ /dev/null
@@ -1,12 +0,0 @@
-# These are supported funding model platforms
-
-github: [ljharb]
-patreon: # Replace with a single Patreon username
-open_collective: # Replace with a single Open Collective username
-ko_fi: # Replace with a single Ko-fi username
-tidelift: npm/call-bound
-community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
-liberapay: # Replace with a single Liberapay username
-issuehunt: # Replace with a single IssueHunt username
-otechie: # Replace with a single Otechie username
-custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']
diff --git a/src/Servers/ExpressServer/node_modules/call-bound/.nycrc b/src/Servers/ExpressServer/node_modules/call-bound/.nycrc
deleted file mode 100644
index bdd626c..0000000
--- a/src/Servers/ExpressServer/node_modules/call-bound/.nycrc
+++ /dev/null
@@ -1,9 +0,0 @@
-{
-	"all": true,
-	"check-coverage": false,
-	"reporter": ["text-summary", "text", "html", "json"],
-	"exclude": [
-		"coverage",
-		"test"
-	]
-}
diff --git a/src/Servers/ExpressServer/node_modules/call-bound/CHANGELOG.md b/src/Servers/ExpressServer/node_modules/call-bound/CHANGELOG.md
deleted file mode 100644
index 8bde4e9..0000000
--- a/src/Servers/ExpressServer/node_modules/call-bound/CHANGELOG.md
+++ /dev/null
@@ -1,42 +0,0 @@
-# Changelog
-
-All notable changes to this project will be documented in this file.
-
-The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
-and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
-
-## [v1.0.4](https://github.com/ljharb/call-bound/compare/v1.0.3...v1.0.4) - 2025-03-03
-
-### Commits
-
-- [types] improve types [`e648922`](https://github.com/ljharb/call-bound/commit/e6489222a9e54f350fbf952ceabe51fd8b6027ff)
-- [Dev Deps] update `@arethetypeswrong/cli`, `@ljharb/tsconfig`, `@types/tape`, `es-value-fixtures`, `for-each`, `has-strict-mode`, `object-inspect` [`a42a5eb`](https://github.com/ljharb/call-bound/commit/a42a5ebe6c1b54fcdc7997c7dc64fdca9e936719)
-- [Deps] update `call-bind-apply-helpers`, `get-intrinsic` [`f529eac`](https://github.com/ljharb/call-bound/commit/f529eac132404c17156bbc23ab2297a25d0f20b8)
-
-## [v1.0.3](https://github.com/ljharb/call-bound/compare/v1.0.2...v1.0.3) - 2024-12-15
-
-### Commits
-
-- [Refactor] use `call-bind-apply-helpers` instead of `call-bind` [`5e0b134`](https://github.com/ljharb/call-bound/commit/5e0b13496df14fb7d05dae9412f088da8d3f75be)
-- [Deps] update `get-intrinsic` [`41fc967`](https://github.com/ljharb/call-bound/commit/41fc96732a22c7b7e8f381f93ccc54bb6293be2e)
-- [readme] fix example [`79a0137`](https://github.com/ljharb/call-bound/commit/79a0137723f7c6d09c9c05452bbf8d5efb5d6e49)
-- [meta] add `sideEffects` flag [`08b07be`](https://github.com/ljharb/call-bound/commit/08b07be7f1c03f67dc6f3cdaf0906259771859f7)
-
-## [v1.0.2](https://github.com/ljharb/call-bound/compare/v1.0.1...v1.0.2) - 2024-12-10
-
-### Commits
-
-- [Dev Deps] update `@arethetypeswrong/cli`, `@ljharb/tsconfig`, `gopd` [`e6a5ffe`](https://github.com/ljharb/call-bound/commit/e6a5ffe849368fe4f74dfd6cdeca1b9baa39e8d5)
-- [Deps] update `call-bind`, `get-intrinsic` [`2aeb5b5`](https://github.com/ljharb/call-bound/commit/2aeb5b521dc2b2683d1345c753ea1161de2d1c14)
-- [types] improve return type [`1a0c9fe`](https://github.com/ljharb/call-bound/commit/1a0c9fe3114471e7ca1f57d104e2efe713bb4871)
-
-## v1.0.1 - 2024-12-05
-
-### Commits
-
-- Initial implementation, tests, readme, types [`6d94121`](https://github.com/ljharb/call-bound/commit/6d94121a9243602e506334069f7a03189fe3363d)
-- Initial commit [`0eae867`](https://github.com/ljharb/call-bound/commit/0eae867334ea025c33e6e91cdecfc9df96680cf9)
-- npm init [`71b2479`](https://github.com/ljharb/call-bound/commit/71b2479c6723e0b7d91a6b663613067e98b7b275)
-- Only apps should have lockfiles [`c3754a9`](https://github.com/ljharb/call-bound/commit/c3754a949b7f9132b47e2d18c1729889736741eb)
-- [actions] skip `npm ls` in node &lt; 10 [`74275a5`](https://github.com/ljharb/call-bound/commit/74275a5186b8caf6309b6b97472bdcb0df4683a8)
-- [Dev Deps] add missing peer dep [`1354de8`](https://github.com/ljharb/call-bound/commit/1354de8679413e4ae9c523d85f76fa7a5e032d97)
diff --git a/src/Servers/ExpressServer/node_modules/call-bound/LICENSE b/src/Servers/ExpressServer/node_modules/call-bound/LICENSE
deleted file mode 100644
index f82f389..0000000
--- a/src/Servers/ExpressServer/node_modules/call-bound/LICENSE
+++ /dev/null
@@ -1,21 +0,0 @@
-MIT License
-
-Copyright (c) 2024 Jordan Harband
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/call-bound/README.md b/src/Servers/ExpressServer/node_modules/call-bound/README.md
deleted file mode 100644
index a44e43e..0000000
--- a/src/Servers/ExpressServer/node_modules/call-bound/README.md
+++ /dev/null
@@ -1,53 +0,0 @@
-# call-bound <sup>[![Version Badge][npm-version-svg]][package-url]</sup>
-
-[![github actions][actions-image]][actions-url]
-[![coverage][codecov-image]][codecov-url]
-[![dependency status][deps-svg]][deps-url]
-[![dev dependency status][dev-deps-svg]][dev-deps-url]
-[![License][license-image]][license-url]
-[![Downloads][downloads-image]][downloads-url]
-
-[![npm badge][npm-badge-png]][package-url]
-
-Robust call-bound JavaScript intrinsics, using `call-bind` and `get-intrinsic`.
-
-## Getting started
-
-```sh
-npm install --save call-bound
-```
-
-## Usage/Examples
-
-```js
-const assert = require('assert');
-const callBound = require('call-bound');
-
-const slice = callBound('Array.prototype.slice');
-
-delete Function.prototype.call;
-delete Function.prototype.bind;
-delete Array.prototype.slice;
-
-assert.deepEqual(slice([1, 2, 3, 4], 1, -1), [2, 3]);
-```
-
-## Tests
-
-Clone the repo, `npm install`, and run `npm test`
-
-[package-url]: https://npmjs.org/package/call-bound
-[npm-version-svg]: https://versionbadg.es/ljharb/call-bound.svg
-[deps-svg]: https://david-dm.org/ljharb/call-bound.svg
-[deps-url]: https://david-dm.org/ljharb/call-bound
-[dev-deps-svg]: https://david-dm.org/ljharb/call-bound/dev-status.svg
-[dev-deps-url]: https://david-dm.org/ljharb/call-bound#info=devDependencies
-[npm-badge-png]: https://nodei.co/npm/call-bound.png?downloads=true&stars=true
-[license-image]: https://img.shields.io/npm/l/call-bound.svg
-[license-url]: LICENSE
-[downloads-image]: https://img.shields.io/npm/dm/call-bound.svg
-[downloads-url]: https://npm-stat.com/charts.html?package=call-bound
-[codecov-image]: https://codecov.io/gh/ljharb/call-bound/branch/main/graphs/badge.svg
-[codecov-url]: https://app.codecov.io/gh/ljharb/call-bound/
-[actions-image]: https://img.shields.io/endpoint?url=https://github-actions-badge-u3jn4tfpocch.runkit.sh/ljharb/call-bound
-[actions-url]: https://github.com/ljharb/call-bound/actions
diff --git a/src/Servers/ExpressServer/node_modules/call-bound/index.d.ts b/src/Servers/ExpressServer/node_modules/call-bound/index.d.ts
deleted file mode 100644
index 5562f00..0000000
--- a/src/Servers/ExpressServer/node_modules/call-bound/index.d.ts
+++ /dev/null
@@ -1,94 +0,0 @@
-type Intrinsic = typeof globalThis;
-
-type IntrinsicName = keyof Intrinsic | `%${keyof Intrinsic}%`;
-
-type IntrinsicPath = IntrinsicName | `${StripPercents<IntrinsicName>}.${string}` | `%${StripPercents<IntrinsicName>}.${string}%`;
-
-type AllowMissing = boolean;
-
-type StripPercents<T extends string> = T extends `%${infer U}%` ? U : T;
-
-type BindMethodPrecise<F> =
-  F extends (this: infer This, ...args: infer Args) => infer R
-  ? (obj: This, ...args: Args) => R
-  : F extends {
-    (this: infer This1, ...args: infer Args1): infer R1;
-    (this: infer This2, ...args: infer Args2): infer R2
-  }
-  ? {
-    (obj: This1, ...args: Args1): R1;
-    (obj: This2, ...args: Args2): R2
-  }
-  : never
-
-// Extract method type from a prototype
-type GetPrototypeMethod<T extends keyof typeof globalThis, M extends string> =
-  (typeof globalThis)[T] extends { prototype: any }
-  ? M extends keyof (typeof globalThis)[T]['prototype']
-  ? (typeof globalThis)[T]['prototype'][M]
-  : never
-  : never
-
-// Get static property/method
-type GetStaticMember<T extends keyof typeof globalThis, P extends string> =
-  P extends keyof (typeof globalThis)[T] ? (typeof globalThis)[T][P] : never
-
-// Type that maps string path to actual bound function or value with better precision
-type BoundIntrinsic<S extends string> =
-  S extends `${infer Obj}.prototype.${infer Method}`
-  ? Obj extends keyof typeof globalThis
-  ? BindMethodPrecise<GetPrototypeMethod<Obj, Method & string>>
-  : unknown
-  : S extends `${infer Obj}.${infer Prop}`
-  ? Obj extends keyof typeof globalThis
-  ? GetStaticMember<Obj, Prop & string>
-  : unknown
-  : unknown
-
-declare function arraySlice<T>(array: readonly T[], start?: number, end?: number): T[];
-declare function arraySlice<T>(array: ArrayLike<T>, start?: number, end?: number): T[];
-declare function arraySlice<T>(array: IArguments, start?: number, end?: number): T[];
-
-// Special cases for methods that need explicit typing
-interface SpecialCases {
-  '%Object.prototype.isPrototypeOf%': (thisArg: {}, obj: unknown) => boolean;
-  '%String.prototype.replace%': {
-    (str: string, searchValue: string | RegExp, replaceValue: string): string;
-    (str: string, searchValue: string | RegExp, replacer: (substring: string, ...args: any[]) => string): string
-  };
-  '%Object.prototype.toString%': (obj: {}) => string;
-  '%Object.prototype.hasOwnProperty%': (obj: {}, v: PropertyKey) => boolean;
-  '%Array.prototype.slice%': typeof arraySlice;
-  '%Array.prototype.map%': <T, U>(array: readonly T[], callbackfn: (value: T, index: number, array: readonly T[]) => U, thisArg?: any) => U[];
-  '%Array.prototype.filter%': <T>(array: readonly T[], predicate: (value: T, index: number, array: readonly T[]) => unknown, thisArg?: any) => T[];
-  '%Array.prototype.indexOf%': <T>(array: readonly T[], searchElement: T, fromIndex?: number) => number;
-  '%Function.prototype.apply%': <T, A extends any[], R>(fn: (...args: A) => R, thisArg: any, args: A) => R;
-  '%Function.prototype.call%': <T, A extends any[], R>(fn: (...args: A) => R, thisArg: any, ...args: A) => R;
-  '%Function.prototype.bind%': <T, A extends any[], R>(fn: (...args: A) => R, thisArg: any, ...args: A) => (...remainingArgs: A) => R;
-  '%Promise.prototype.then%': {
-    <T, R>(promise: Promise<T>, onfulfilled: (value: T) => R | PromiseLike<R>): Promise<R>;
-    <T, R>(promise: Promise<T>, onfulfilled: ((value: T) => R | PromiseLike<R>) | undefined | null, onrejected: (reason: any) => R | PromiseLike<R>): Promise<R>;
-  };
-  '%RegExp.prototype.test%': (regexp: RegExp, str: string) => boolean;
-  '%RegExp.prototype.exec%': (regexp: RegExp, str: string) => RegExpExecArray | null;
-  '%Error.prototype.toString%': (error: Error) => string;
-  '%TypeError.prototype.toString%': (error: TypeError) => string;
-  '%String.prototype.split%': (
-        obj: unknown,
-        splitter: string | RegExp | {
-            [Symbol.split](string: string, limit?: number): string[];
-        },
-        limit?: number | undefined
-    ) => string[];
-}
-
-/**
- * Returns a bound function for a prototype method, or a value for a static property.
- *
- * @param name - The name of the intrinsic (e.g. 'Array.prototype.slice')
- * @param {AllowMissing} [allowMissing] - Whether to allow missing intrinsics (default: false)
- */
-declare function callBound<K extends keyof SpecialCases | StripPercents<keyof SpecialCases>, S extends IntrinsicPath>(name: K, allowMissing?: AllowMissing): SpecialCases[`%${StripPercents<K>}%`];
-declare function callBound<K extends keyof SpecialCases | StripPercents<keyof SpecialCases>, S extends IntrinsicPath>(name: S, allowMissing?: AllowMissing): BoundIntrinsic<S>;
-
-export = callBound;
diff --git a/src/Servers/ExpressServer/node_modules/call-bound/index.js b/src/Servers/ExpressServer/node_modules/call-bound/index.js
deleted file mode 100644
index e9ade74..0000000
--- a/src/Servers/ExpressServer/node_modules/call-bound/index.js
+++ /dev/null
@@ -1,19 +0,0 @@
-'use strict';
-
-var GetIntrinsic = require('get-intrinsic');
-
-var callBindBasic = require('call-bind-apply-helpers');
-
-/** @type {(thisArg: string, searchString: string, position?: number) => number} */
-var $indexOf = callBindBasic([GetIntrinsic('%String.prototype.indexOf%')]);
-
-/** @type {import('.')} */
-module.exports = function callBoundIntrinsic(name, allowMissing) {
-	/* eslint no-extra-parens: 0 */
-
-	var intrinsic = /** @type {(this: unknown, ...args: unknown[]) => unknown} */ (GetIntrinsic(name, !!allowMissing));
-	if (typeof intrinsic === 'function' && $indexOf(name, '.prototype.') > -1) {
-		return callBindBasic(/** @type {const} */ ([intrinsic]));
-	}
-	return intrinsic;
-};
diff --git a/src/Servers/ExpressServer/node_modules/call-bound/package.json b/src/Servers/ExpressServer/node_modules/call-bound/package.json
deleted file mode 100644
index d542db4..0000000
--- a/src/Servers/ExpressServer/node_modules/call-bound/package.json
+++ /dev/null
@@ -1,99 +0,0 @@
-{
-	"name": "call-bound",
-	"version": "1.0.4",
-	"description": "Robust call-bound JavaScript intrinsics, using `call-bind` and `get-intrinsic`.",
-	"main": "index.js",
-	"exports": {
-		".": "./index.js",
-		"./package.json": "./package.json"
-	},
-	"sideEffects": false,
-	"scripts": {
-		"prepack": "npmignore --auto --commentLines=auto",
-		"prepublish": "not-in-publish || npm run prepublishOnly",
-		"prepublishOnly": "safe-publish-latest",
-		"prelint": "evalmd README.md",
-		"lint": "eslint --ext=.js,.mjs .",
-		"postlint": "tsc -p . && attw -P",
-		"pretest": "npm run lint",
-		"tests-only": "nyc tape 'test/**/*.js'",
-		"test": "npm run tests-only",
-		"posttest": "npx npm@'>=10.2' audit --production",
-		"version": "auto-changelog && git add CHANGELOG.md",
-		"postversion": "auto-changelog && git add CHANGELOG.md && git commit --no-edit --amend && git tag -f \"v$(node -e \"console.log(require('./package.json').version)\")\""
-	},
-	"repository": {
-		"type": "git",
-		"url": "git+https://github.com/ljharb/call-bound.git"
-	},
-	"keywords": [
-		"javascript",
-		"ecmascript",
-		"es",
-		"js",
-		"callbind",
-		"callbound",
-		"call",
-		"bind",
-		"bound",
-		"call-bind",
-		"call-bound",
-		"function",
-		"es-abstract"
-	],
-	"author": "Jordan Harband <ljharb@gmail.com>",
-	"funding": {
-		"url": "https://github.com/sponsors/ljharb"
-	},
-	"license": "MIT",
-	"bugs": {
-		"url": "https://github.com/ljharb/call-bound/issues"
-	},
-	"homepage": "https://github.com/ljharb/call-bound#readme",
-	"dependencies": {
-		"call-bind-apply-helpers": "^1.0.2",
-		"get-intrinsic": "^1.3.0"
-	},
-	"devDependencies": {
-		"@arethetypeswrong/cli": "^0.17.4",
-		"@ljharb/eslint-config": "^21.1.1",
-		"@ljharb/tsconfig": "^0.3.0",
-		"@types/call-bind": "^1.0.5",
-		"@types/get-intrinsic": "^1.2.3",
-		"@types/tape": "^5.8.1",
-		"auto-changelog": "^2.5.0",
-		"encoding": "^0.1.13",
-		"es-value-fixtures": "^1.7.1",
-		"eslint": "=8.8.0",
-		"evalmd": "^0.0.19",
-		"for-each": "^0.3.5",
-		"gopd": "^1.2.0",
-		"has-strict-mode": "^1.1.0",
-		"in-publish": "^2.0.1",
-		"npmignore": "^0.3.1",
-		"nyc": "^10.3.2",
-		"object-inspect": "^1.13.4",
-		"safe-publish-latest": "^2.0.0",
-		"tape": "^5.9.0",
-		"typescript": "next"
-	},
-	"testling": {
-		"files": "test/index.js"
-	},
-	"auto-changelog": {
-		"output": "CHANGELOG.md",
-		"template": "keepachangelog",
-		"unreleased": false,
-		"commitLimit": false,
-		"backfillLimit": false,
-		"hideCredit": true
-	},
-	"publishConfig": {
-		"ignore": [
-			".github/workflows"
-		]
-	},
-	"engines": {
-		"node": ">= 0.4"
-	}
-}
diff --git a/src/Servers/ExpressServer/node_modules/call-bound/test/index.js b/src/Servers/ExpressServer/node_modules/call-bound/test/index.js
deleted file mode 100644
index a2fc9f0..0000000
--- a/src/Servers/ExpressServer/node_modules/call-bound/test/index.js
+++ /dev/null
@@ -1,61 +0,0 @@
-'use strict';
-
-var test = require('tape');
-
-var callBound = require('../');
-
-/** @template {true} T @template U @typedef {T extends U ? T : never} AssertType */
-
-test('callBound', function (t) {
-	// static primitive
-	t.equal(callBound('Array.length'), Array.length, 'Array.length yields itself');
-	t.equal(callBound('%Array.length%'), Array.length, '%Array.length% yields itself');
-
-	// static non-function object
-	t.equal(callBound('Array.prototype'), Array.prototype, 'Array.prototype yields itself');
-	t.equal(callBound('%Array.prototype%'), Array.prototype, '%Array.prototype% yields itself');
-	t.equal(callBound('Array.constructor'), Array.constructor, 'Array.constructor yields itself');
-	t.equal(callBound('%Array.constructor%'), Array.constructor, '%Array.constructor% yields itself');
-
-	// static function
-	t.equal(callBound('Date.parse'), Date.parse, 'Date.parse yields itself');
-	t.equal(callBound('%Date.parse%'), Date.parse, '%Date.parse% yields itself');
-
-	// prototype primitive
-	t.equal(callBound('Error.prototype.message'), Error.prototype.message, 'Error.prototype.message yields itself');
-	t.equal(callBound('%Error.prototype.message%'), Error.prototype.message, '%Error.prototype.message% yields itself');
-
-	var x = callBound('Object.prototype.toString');
-	var y = callBound('%Object.prototype.toString%');
-
-	// prototype function
-	t.notEqual(x, Object.prototype.toString, 'Object.prototype.toString does not yield itself');
-	t.notEqual(y, Object.prototype.toString, '%Object.prototype.toString% does not yield itself');
-	t.equal(x(true), Object.prototype.toString.call(true), 'call-bound Object.prototype.toString calls into the original');
-	t.equal(y(true), Object.prototype.toString.call(true), 'call-bound %Object.prototype.toString% calls into the original');
-
-	t['throws'](
-		// @ts-expect-error
-		function () { callBound('does not exist'); },
-		SyntaxError,
-		'nonexistent intrinsic throws'
-	);
-	t['throws'](
-		// @ts-expect-error
-		function () { callBound('does not exist', true); },
-		SyntaxError,
-		'allowMissing arg still throws for unknown intrinsic'
-	);
-
-	t.test('real but absent intrinsic', { skip: typeof WeakRef !== 'undefined' }, function (st) {
-		st['throws'](
-			function () { callBound('WeakRef'); },
-			TypeError,
-			'real but absent intrinsic throws'
-		);
-		st.equal(callBound('WeakRef', true), undefined, 'allowMissing arg avoids exception');
-		st.end();
-	});
-
-	t.end();
-});
diff --git a/src/Servers/ExpressServer/node_modules/call-bound/tsconfig.json b/src/Servers/ExpressServer/node_modules/call-bound/tsconfig.json
deleted file mode 100644
index 8976d98..0000000
--- a/src/Servers/ExpressServer/node_modules/call-bound/tsconfig.json
+++ /dev/null
@@ -1,10 +0,0 @@
-{
-	"extends": "@ljharb/tsconfig",
-	"compilerOptions": {
-		"target": "ESNext",
-		"lib": ["es2024"],
-	},
-	"exclude": [
-		"coverage",
-	],
-}
diff --git a/src/Servers/ExpressServer/node_modules/content-disposition/HISTORY.md b/src/Servers/ExpressServer/node_modules/content-disposition/HISTORY.md
deleted file mode 100644
index 488effa..0000000
--- a/src/Servers/ExpressServer/node_modules/content-disposition/HISTORY.md
+++ /dev/null
@@ -1,60 +0,0 @@
-0.5.4 / 2021-12-10
-==================
-
-  * deps: safe-buffer@5.2.1
-
-0.5.3 / 2018-12-17
-==================
-
-  * Use `safe-buffer` for improved Buffer API
-
-0.5.2 / 2016-12-08
-==================
-
-  * Fix `parse` to accept any linear whitespace character
-
-0.5.1 / 2016-01-17
-==================
-
-  * perf: enable strict mode
-
-0.5.0 / 2014-10-11
-==================
-
-  * Add `parse` function
-
-0.4.0 / 2014-09-21
-==================
-
-  * Expand non-Unicode `filename` to the full ISO-8859-1 charset
-
-0.3.0 / 2014-09-20
-==================
-
-  * Add `fallback` option
-  * Add `type` option
-
-0.2.0 / 2014-09-19
-==================
-
-  * Reduce ambiguity of file names with hex escape in buggy browsers
-
-0.1.2 / 2014-09-19
-==================
-
-  * Fix periodic invalid Unicode filename header
-
-0.1.1 / 2014-09-19
-==================
-
-  * Fix invalid characters appearing in `filename*` parameter
-
-0.1.0 / 2014-09-18
-==================
-
-  * Make the `filename` argument optional
-
-0.0.0 / 2014-09-18
-==================
-
-  * Initial release
diff --git a/src/Servers/ExpressServer/node_modules/content-disposition/LICENSE b/src/Servers/ExpressServer/node_modules/content-disposition/LICENSE
deleted file mode 100644
index 84441fb..0000000
--- a/src/Servers/ExpressServer/node_modules/content-disposition/LICENSE
+++ /dev/null
@@ -1,22 +0,0 @@
-(The MIT License)
-
-Copyright (c) 2014-2017 Douglas Christopher Wilson
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-'Software'), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
-CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
-TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
-SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/content-disposition/README.md b/src/Servers/ExpressServer/node_modules/content-disposition/README.md
deleted file mode 100644
index 3a0bb05..0000000
--- a/src/Servers/ExpressServer/node_modules/content-disposition/README.md
+++ /dev/null
@@ -1,142 +0,0 @@
-# content-disposition
-
-[![NPM Version][npm-image]][npm-url]
-[![NPM Downloads][downloads-image]][downloads-url]
-[![Node.js Version][node-version-image]][node-version-url]
-[![Build Status][github-actions-ci-image]][github-actions-ci-url]
-[![Test Coverage][coveralls-image]][coveralls-url]
-
-Create and parse HTTP `Content-Disposition` header
-
-## Installation
-
-```sh
-$ npm install content-disposition
-```
-
-## API
-
-```js
-var contentDisposition = require('content-disposition')
-```
-
-### contentDisposition(filename, options)
-
-Create an attachment `Content-Disposition` header value using the given file name,
-if supplied. The `filename` is optional and if no file name is desired, but you
-want to specify `options`, set `filename` to `undefined`.
-
-```js
-res.setHeader('Content-Disposition', contentDisposition('∫ maths.pdf'))
-```
-
-**note** HTTP headers are of the ISO-8859-1 character set. If you are writing this
-header through a means different from `setHeader` in Node.js, you'll want to specify
-the `'binary'` encoding in Node.js.
-
-#### Options
-
-`contentDisposition` accepts these properties in the options object.
-
-##### fallback
-
-If the `filename` option is outside ISO-8859-1, then the file name is actually
-stored in a supplemental field for clients that support Unicode file names and
-a ISO-8859-1 version of the file name is automatically generated.
-
-This specifies the ISO-8859-1 file name to override the automatic generation or
-disables the generation all together, defaults to `true`.
-
-  - A string will specify the ISO-8859-1 file name to use in place of automatic
-    generation.
-  - `false` will disable including a ISO-8859-1 file name and only include the
-    Unicode version (unless the file name is already ISO-8859-1).
-  - `true` will enable automatic generation if the file name is outside ISO-8859-1.
-
-If the `filename` option is ISO-8859-1 and this option is specified and has a
-different value, then the `filename` option is encoded in the extended field
-and this set as the fallback field, even though they are both ISO-8859-1.
-
-##### type
-
-Specifies the disposition type, defaults to `"attachment"`. This can also be
-`"inline"`, or any other value (all values except inline are treated like
-`attachment`, but can convey additional information if both parties agree to
-it). The type is normalized to lower-case.
-
-### contentDisposition.parse(string)
-
-```js
-var disposition = contentDisposition.parse('attachment; filename="EURO rates.txt"; filename*=UTF-8\'\'%e2%82%ac%20rates.txt')
-```
-
-Parse a `Content-Disposition` header string. This automatically handles extended
-("Unicode") parameters by decoding them and providing them under the standard
-parameter name. This will return an object with the following properties (examples
-are shown for the string `'attachment; filename="EURO rates.txt"; filename*=UTF-8\'\'%e2%82%ac%20rates.txt'`):
-
- - `type`: The disposition type (always lower case). Example: `'attachment'`
-
- - `parameters`: An object of the parameters in the disposition (name of parameter
-   always lower case and extended versions replace non-extended versions). Example:
-   `{filename: "€ rates.txt"}`
-
-## Examples
-
-### Send a file for download
-
-```js
-var contentDisposition = require('content-disposition')
-var destroy = require('destroy')
-var fs = require('fs')
-var http = require('http')
-var onFinished = require('on-finished')
-
-var filePath = '/path/to/public/plans.pdf'
-
-http.createServer(function onRequest (req, res) {
-  // set headers
-  res.setHeader('Content-Type', 'application/pdf')
-  res.setHeader('Content-Disposition', contentDisposition(filePath))
-
-  // send file
-  var stream = fs.createReadStream(filePath)
-  stream.pipe(res)
-  onFinished(res, function () {
-    destroy(stream)
-  })
-})
-```
-
-## Testing
-
-```sh
-$ npm test
-```
-
-## References
-
-- [RFC 2616: Hypertext Transfer Protocol -- HTTP/1.1][rfc-2616]
-- [RFC 5987: Character Set and Language Encoding for Hypertext Transfer Protocol (HTTP) Header Field Parameters][rfc-5987]
-- [RFC 6266: Use of the Content-Disposition Header Field in the Hypertext Transfer Protocol (HTTP)][rfc-6266]
-- [Test Cases for HTTP Content-Disposition header field (RFC 6266) and the Encodings defined in RFCs 2047, 2231 and 5987][tc-2231]
-
-[rfc-2616]: https://tools.ietf.org/html/rfc2616
-[rfc-5987]: https://tools.ietf.org/html/rfc5987
-[rfc-6266]: https://tools.ietf.org/html/rfc6266
-[tc-2231]: http://greenbytes.de/tech/tc2231/
-
-## License
-
-[MIT](LICENSE)
-
-[npm-image]: https://img.shields.io/npm/v/content-disposition.svg
-[npm-url]: https://npmjs.org/package/content-disposition
-[node-version-image]: https://img.shields.io/node/v/content-disposition.svg
-[node-version-url]: https://nodejs.org/en/download
-[coveralls-image]: https://img.shields.io/coveralls/jshttp/content-disposition.svg
-[coveralls-url]: https://coveralls.io/r/jshttp/content-disposition?branch=master
-[downloads-image]: https://img.shields.io/npm/dm/content-disposition.svg
-[downloads-url]: https://npmjs.org/package/content-disposition
-[github-actions-ci-image]: https://img.shields.io/github/workflow/status/jshttp/content-disposition/ci/master?label=ci
-[github-actions-ci-url]: https://github.com/jshttp/content-disposition?query=workflow%3Aci
diff --git a/src/Servers/ExpressServer/node_modules/content-disposition/index.js b/src/Servers/ExpressServer/node_modules/content-disposition/index.js
deleted file mode 100644
index ecec899..0000000
--- a/src/Servers/ExpressServer/node_modules/content-disposition/index.js
+++ /dev/null
@@ -1,458 +0,0 @@
-/*!
- * content-disposition
- * Copyright(c) 2014-2017 Douglas Christopher Wilson
- * MIT Licensed
- */
-
-'use strict'
-
-/**
- * Module exports.
- * @public
- */
-
-module.exports = contentDisposition
-module.exports.parse = parse
-
-/**
- * Module dependencies.
- * @private
- */
-
-var basename = require('path').basename
-var Buffer = require('safe-buffer').Buffer
-
-/**
- * RegExp to match non attr-char, *after* encodeURIComponent (i.e. not including "%")
- * @private
- */
-
-var ENCODE_URL_ATTR_CHAR_REGEXP = /[\x00-\x20"'()*,/:;<=>?@[\\\]{}\x7f]/g // eslint-disable-line no-control-regex
-
-/**
- * RegExp to match percent encoding escape.
- * @private
- */
-
-var HEX_ESCAPE_REGEXP = /%[0-9A-Fa-f]{2}/
-var HEX_ESCAPE_REPLACE_REGEXP = /%([0-9A-Fa-f]{2})/g
-
-/**
- * RegExp to match non-latin1 characters.
- * @private
- */
-
-var NON_LATIN1_REGEXP = /[^\x20-\x7e\xa0-\xff]/g
-
-/**
- * RegExp to match quoted-pair in RFC 2616
- *
- * quoted-pair = "\" CHAR
- * CHAR        = <any US-ASCII character (octets 0 - 127)>
- * @private
- */
-
-var QESC_REGEXP = /\\([\u0000-\u007f])/g // eslint-disable-line no-control-regex
-
-/**
- * RegExp to match chars that must be quoted-pair in RFC 2616
- * @private
- */
-
-var QUOTE_REGEXP = /([\\"])/g
-
-/**
- * RegExp for various RFC 2616 grammar
- *
- * parameter     = token "=" ( token | quoted-string )
- * token         = 1*<any CHAR except CTLs or separators>
- * separators    = "(" | ")" | "<" | ">" | "@"
- *               | "," | ";" | ":" | "\" | <">
- *               | "/" | "[" | "]" | "?" | "="
- *               | "{" | "}" | SP | HT
- * quoted-string = ( <"> *(qdtext | quoted-pair ) <"> )
- * qdtext        = <any TEXT except <">>
- * quoted-pair   = "\" CHAR
- * CHAR          = <any US-ASCII character (octets 0 - 127)>
- * TEXT          = <any OCTET except CTLs, but including LWS>
- * LWS           = [CRLF] 1*( SP | HT )
- * CRLF          = CR LF
- * CR            = <US-ASCII CR, carriage return (13)>
- * LF            = <US-ASCII LF, linefeed (10)>
- * SP            = <US-ASCII SP, space (32)>
- * HT            = <US-ASCII HT, horizontal-tab (9)>
- * CTL           = <any US-ASCII control character (octets 0 - 31) and DEL (127)>
- * OCTET         = <any 8-bit sequence of data>
- * @private
- */
-
-var PARAM_REGEXP = /;[\x09\x20]*([!#$%&'*+.0-9A-Z^_`a-z|~-]+)[\x09\x20]*=[\x09\x20]*("(?:[\x20!\x23-\x5b\x5d-\x7e\x80-\xff]|\\[\x20-\x7e])*"|[!#$%&'*+.0-9A-Z^_`a-z|~-]+)[\x09\x20]*/g // eslint-disable-line no-control-regex
-var TEXT_REGEXP = /^[\x20-\x7e\x80-\xff]+$/
-var TOKEN_REGEXP = /^[!#$%&'*+.0-9A-Z^_`a-z|~-]+$/
-
-/**
- * RegExp for various RFC 5987 grammar
- *
- * ext-value     = charset  "'" [ language ] "'" value-chars
- * charset       = "UTF-8" / "ISO-8859-1" / mime-charset
- * mime-charset  = 1*mime-charsetc
- * mime-charsetc = ALPHA / DIGIT
- *               / "!" / "#" / "$" / "%" / "&"
- *               / "+" / "-" / "^" / "_" / "`"
- *               / "{" / "}" / "~"
- * language      = ( 2*3ALPHA [ extlang ] )
- *               / 4ALPHA
- *               / 5*8ALPHA
- * extlang       = *3( "-" 3ALPHA )
- * value-chars   = *( pct-encoded / attr-char )
- * pct-encoded   = "%" HEXDIG HEXDIG
- * attr-char     = ALPHA / DIGIT
- *               / "!" / "#" / "$" / "&" / "+" / "-" / "."
- *               / "^" / "_" / "`" / "|" / "~"
- * @private
- */
-
-var EXT_VALUE_REGEXP = /^([A-Za-z0-9!#$%&+\-^_`{}~]+)'(?:[A-Za-z]{2,3}(?:-[A-Za-z]{3}){0,3}|[A-Za-z]{4,8}|)'((?:%[0-9A-Fa-f]{2}|[A-Za-z0-9!#$&+.^_`|~-])+)$/
-
-/**
- * RegExp for various RFC 6266 grammar
- *
- * disposition-type = "inline" | "attachment" | disp-ext-type
- * disp-ext-type    = token
- * disposition-parm = filename-parm | disp-ext-parm
- * filename-parm    = "filename" "=" value
- *                  | "filename*" "=" ext-value
- * disp-ext-parm    = token "=" value
- *                  | ext-token "=" ext-value
- * ext-token        = <the characters in token, followed by "*">
- * @private
- */
-
-var DISPOSITION_TYPE_REGEXP = /^([!#$%&'*+.0-9A-Z^_`a-z|~-]+)[\x09\x20]*(?:$|;)/ // eslint-disable-line no-control-regex
-
-/**
- * Create an attachment Content-Disposition header.
- *
- * @param {string} [filename]
- * @param {object} [options]
- * @param {string} [options.type=attachment]
- * @param {string|boolean} [options.fallback=true]
- * @return {string}
- * @public
- */
-
-function contentDisposition (filename, options) {
-  var opts = options || {}
-
-  // get type
-  var type = opts.type || 'attachment'
-
-  // get parameters
-  var params = createparams(filename, opts.fallback)
-
-  // format into string
-  return format(new ContentDisposition(type, params))
-}
-
-/**
- * Create parameters object from filename and fallback.
- *
- * @param {string} [filename]
- * @param {string|boolean} [fallback=true]
- * @return {object}
- * @private
- */
-
-function createparams (filename, fallback) {
-  if (filename === undefined) {
-    return
-  }
-
-  var params = {}
-
-  if (typeof filename !== 'string') {
-    throw new TypeError('filename must be a string')
-  }
-
-  // fallback defaults to true
-  if (fallback === undefined) {
-    fallback = true
-  }
-
-  if (typeof fallback !== 'string' && typeof fallback !== 'boolean') {
-    throw new TypeError('fallback must be a string or boolean')
-  }
-
-  if (typeof fallback === 'string' && NON_LATIN1_REGEXP.test(fallback)) {
-    throw new TypeError('fallback must be ISO-8859-1 string')
-  }
-
-  // restrict to file base name
-  var name = basename(filename)
-
-  // determine if name is suitable for quoted string
-  var isQuotedString = TEXT_REGEXP.test(name)
-
-  // generate fallback name
-  var fallbackName = typeof fallback !== 'string'
-    ? fallback && getlatin1(name)
-    : basename(fallback)
-  var hasFallback = typeof fallbackName === 'string' && fallbackName !== name
-
-  // set extended filename parameter
-  if (hasFallback || !isQuotedString || HEX_ESCAPE_REGEXP.test(name)) {
-    params['filename*'] = name
-  }
-
-  // set filename parameter
-  if (isQuotedString || hasFallback) {
-    params.filename = hasFallback
-      ? fallbackName
-      : name
-  }
-
-  return params
-}
-
-/**
- * Format object to Content-Disposition header.
- *
- * @param {object} obj
- * @param {string} obj.type
- * @param {object} [obj.parameters]
- * @return {string}
- * @private
- */
-
-function format (obj) {
-  var parameters = obj.parameters
-  var type = obj.type
-
-  if (!type || typeof type !== 'string' || !TOKEN_REGEXP.test(type)) {
-    throw new TypeError('invalid type')
-  }
-
-  // start with normalized type
-  var string = String(type).toLowerCase()
-
-  // append parameters
-  if (parameters && typeof parameters === 'object') {
-    var param
-    var params = Object.keys(parameters).sort()
-
-    for (var i = 0; i < params.length; i++) {
-      param = params[i]
-
-      var val = param.substr(-1) === '*'
-        ? ustring(parameters[param])
-        : qstring(parameters[param])
-
-      string += '; ' + param + '=' + val
-    }
-  }
-
-  return string
-}
-
-/**
- * Decode a RFC 5987 field value (gracefully).
- *
- * @param {string} str
- * @return {string}
- * @private
- */
-
-function decodefield (str) {
-  var match = EXT_VALUE_REGEXP.exec(str)
-
-  if (!match) {
-    throw new TypeError('invalid extended field value')
-  }
-
-  var charset = match[1].toLowerCase()
-  var encoded = match[2]
-  var value
-
-  // to binary string
-  var binary = encoded.replace(HEX_ESCAPE_REPLACE_REGEXP, pdecode)
-
-  switch (charset) {
-    case 'iso-8859-1':
-      value = getlatin1(binary)
-      break
-    case 'utf-8':
-      value = Buffer.from(binary, 'binary').toString('utf8')
-      break
-    default:
-      throw new TypeError('unsupported charset in extended field')
-  }
-
-  return value
-}
-
-/**
- * Get ISO-8859-1 version of string.
- *
- * @param {string} val
- * @return {string}
- * @private
- */
-
-function getlatin1 (val) {
-  // simple Unicode -> ISO-8859-1 transformation
-  return String(val).replace(NON_LATIN1_REGEXP, '?')
-}
-
-/**
- * Parse Content-Disposition header string.
- *
- * @param {string} string
- * @return {object}
- * @public
- */
-
-function parse (string) {
-  if (!string || typeof string !== 'string') {
-    throw new TypeError('argument string is required')
-  }
-
-  var match = DISPOSITION_TYPE_REGEXP.exec(string)
-
-  if (!match) {
-    throw new TypeError('invalid type format')
-  }
-
-  // normalize type
-  var index = match[0].length
-  var type = match[1].toLowerCase()
-
-  var key
-  var names = []
-  var params = {}
-  var value
-
-  // calculate index to start at
-  index = PARAM_REGEXP.lastIndex = match[0].substr(-1) === ';'
-    ? index - 1
-    : index
-
-  // match parameters
-  while ((match = PARAM_REGEXP.exec(string))) {
-    if (match.index !== index) {
-      throw new TypeError('invalid parameter format')
-    }
-
-    index += match[0].length
-    key = match[1].toLowerCase()
-    value = match[2]
-
-    if (names.indexOf(key) !== -1) {
-      throw new TypeError('invalid duplicate parameter')
-    }
-
-    names.push(key)
-
-    if (key.indexOf('*') + 1 === key.length) {
-      // decode extended value
-      key = key.slice(0, -1)
-      value = decodefield(value)
-
-      // overwrite existing value
-      params[key] = value
-      continue
-    }
-
-    if (typeof params[key] === 'string') {
-      continue
-    }
-
-    if (value[0] === '"') {
-      // remove quotes and escapes
-      value = value
-        .substr(1, value.length - 2)
-        .replace(QESC_REGEXP, '$1')
-    }
-
-    params[key] = value
-  }
-
-  if (index !== -1 && index !== string.length) {
-    throw new TypeError('invalid parameter format')
-  }
-
-  return new ContentDisposition(type, params)
-}
-
-/**
- * Percent decode a single character.
- *
- * @param {string} str
- * @param {string} hex
- * @return {string}
- * @private
- */
-
-function pdecode (str, hex) {
-  return String.fromCharCode(parseInt(hex, 16))
-}
-
-/**
- * Percent encode a single character.
- *
- * @param {string} char
- * @return {string}
- * @private
- */
-
-function pencode (char) {
-  return '%' + String(char)
-    .charCodeAt(0)
-    .toString(16)
-    .toUpperCase()
-}
-
-/**
- * Quote a string for HTTP.
- *
- * @param {string} val
- * @return {string}
- * @private
- */
-
-function qstring (val) {
-  var str = String(val)
-
-  return '"' + str.replace(QUOTE_REGEXP, '\\$1') + '"'
-}
-
-/**
- * Encode a Unicode string for HTTP (RFC 5987).
- *
- * @param {string} val
- * @return {string}
- * @private
- */
-
-function ustring (val) {
-  var str = String(val)
-
-  // percent encode as UTF-8
-  var encoded = encodeURIComponent(str)
-    .replace(ENCODE_URL_ATTR_CHAR_REGEXP, pencode)
-
-  return 'UTF-8\'\'' + encoded
-}
-
-/**
- * Class for parsed Content-Disposition header for v8 optimization
- *
- * @public
- * @param {string} type
- * @param {object} parameters
- * @constructor
- */
-
-function ContentDisposition (type, parameters) {
-  this.type = type
-  this.parameters = parameters
-}
diff --git a/src/Servers/ExpressServer/node_modules/content-disposition/package.json b/src/Servers/ExpressServer/node_modules/content-disposition/package.json
deleted file mode 100644
index 43c70ce..0000000
--- a/src/Servers/ExpressServer/node_modules/content-disposition/package.json
+++ /dev/null
@@ -1,44 +0,0 @@
-{
-  "name": "content-disposition",
-  "description": "Create and parse Content-Disposition header",
-  "version": "0.5.4",
-  "author": "Douglas Christopher Wilson <doug@somethingdoug.com>",
-  "license": "MIT",
-  "keywords": [
-    "content-disposition",
-    "http",
-    "rfc6266",
-    "res"
-  ],
-  "repository": "jshttp/content-disposition",
-  "dependencies": {
-    "safe-buffer": "5.2.1"
-  },
-  "devDependencies": {
-    "deep-equal": "1.0.1",
-    "eslint": "7.32.0",
-    "eslint-config-standard": "13.0.1",
-    "eslint-plugin-import": "2.25.3",
-    "eslint-plugin-markdown": "2.2.1",
-    "eslint-plugin-node": "11.1.0",
-    "eslint-plugin-promise": "5.2.0",
-    "eslint-plugin-standard": "4.1.0",
-    "istanbul": "0.4.5",
-    "mocha": "9.1.3"
-  },
-  "files": [
-    "LICENSE",
-    "HISTORY.md",
-    "README.md",
-    "index.js"
-  ],
-  "engines": {
-    "node": ">= 0.6"
-  },
-  "scripts": {
-    "lint": "eslint .",
-    "test": "mocha --reporter spec --bail --check-leaks test/",
-    "test-ci": "istanbul cover node_modules/mocha/bin/_mocha --report lcovonly -- --reporter spec --check-leaks test/",
-    "test-cov": "istanbul cover node_modules/mocha/bin/_mocha -- --reporter dot --check-leaks test/"
-  }
-}
diff --git a/src/Servers/ExpressServer/node_modules/content-type/HISTORY.md b/src/Servers/ExpressServer/node_modules/content-type/HISTORY.md
deleted file mode 100644
index 4583671..0000000
--- a/src/Servers/ExpressServer/node_modules/content-type/HISTORY.md
+++ /dev/null
@@ -1,29 +0,0 @@
-1.0.5 / 2023-01-29
-==================
-
-  * perf: skip value escaping when unnecessary
-
-1.0.4 / 2017-09-11
-==================
-
-  * perf: skip parameter parsing when no parameters
-
-1.0.3 / 2017-09-10
-==================
-
-  * perf: remove argument reassignment
-
-1.0.2 / 2016-05-09
-==================
-
-  * perf: enable strict mode
-
-1.0.1 / 2015-02-13
-==================
-
-  * Improve missing `Content-Type` header error message
-
-1.0.0 / 2015-02-01
-==================
-
-  * Initial implementation, derived from `media-typer@0.3.0`
diff --git a/src/Servers/ExpressServer/node_modules/content-type/LICENSE b/src/Servers/ExpressServer/node_modules/content-type/LICENSE
deleted file mode 100644
index 34b1a2d..0000000
--- a/src/Servers/ExpressServer/node_modules/content-type/LICENSE
+++ /dev/null
@@ -1,22 +0,0 @@
-(The MIT License)
-
-Copyright (c) 2015 Douglas Christopher Wilson
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-'Software'), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
-CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
-TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
-SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/content-type/README.md b/src/Servers/ExpressServer/node_modules/content-type/README.md
deleted file mode 100644
index c1a922a..0000000
--- a/src/Servers/ExpressServer/node_modules/content-type/README.md
+++ /dev/null
@@ -1,94 +0,0 @@
-# content-type
-
-[![NPM Version][npm-version-image]][npm-url]
-[![NPM Downloads][npm-downloads-image]][npm-url]
-[![Node.js Version][node-image]][node-url]
-[![Build Status][ci-image]][ci-url]
-[![Coverage Status][coveralls-image]][coveralls-url]
-
-Create and parse HTTP Content-Type header according to RFC 7231
-
-## Installation
-
-```sh
-$ npm install content-type
-```
-
-## API
-
-```js
-var contentType = require('content-type')
-```
-
-### contentType.parse(string)
-
-```js
-var obj = contentType.parse('image/svg+xml; charset=utf-8')
-```
-
-Parse a `Content-Type` header. This will return an object with the following
-properties (examples are shown for the string `'image/svg+xml; charset=utf-8'`):
-
- - `type`: The media type (the type and subtype, always lower case).
-   Example: `'image/svg+xml'`
-
- - `parameters`: An object of the parameters in the media type (name of parameter
-   always lower case). Example: `{charset: 'utf-8'}`
-
-Throws a `TypeError` if the string is missing or invalid.
-
-### contentType.parse(req)
-
-```js
-var obj = contentType.parse(req)
-```
-
-Parse the `Content-Type` header from the given `req`. Short-cut for
-`contentType.parse(req.headers['content-type'])`.
-
-Throws a `TypeError` if the `Content-Type` header is missing or invalid.
-
-### contentType.parse(res)
-
-```js
-var obj = contentType.parse(res)
-```
-
-Parse the `Content-Type` header set on the given `res`. Short-cut for
-`contentType.parse(res.getHeader('content-type'))`.
-
-Throws a `TypeError` if the `Content-Type` header is missing or invalid.
-
-### contentType.format(obj)
-
-```js
-var str = contentType.format({
-  type: 'image/svg+xml',
-  parameters: { charset: 'utf-8' }
-})
-```
-
-Format an object into a `Content-Type` header. This will return a string of the
-content type for the given object with the following properties (examples are
-shown that produce the string `'image/svg+xml; charset=utf-8'`):
-
- - `type`: The media type (will be lower-cased). Example: `'image/svg+xml'`
-
- - `parameters`: An object of the parameters in the media type (name of the
-   parameter will be lower-cased). Example: `{charset: 'utf-8'}`
-
-Throws a `TypeError` if the object contains an invalid type or parameter names.
-
-## License
-
-[MIT](LICENSE)
-
-[ci-image]: https://badgen.net/github/checks/jshttp/content-type/master?label=ci
-[ci-url]: https://github.com/jshttp/content-type/actions/workflows/ci.yml
-[coveralls-image]: https://badgen.net/coveralls/c/github/jshttp/content-type/master
-[coveralls-url]: https://coveralls.io/r/jshttp/content-type?branch=master
-[node-image]: https://badgen.net/npm/node/content-type
-[node-url]: https://nodejs.org/en/download
-[npm-downloads-image]: https://badgen.net/npm/dm/content-type
-[npm-url]: https://npmjs.org/package/content-type
-[npm-version-image]: https://badgen.net/npm/v/content-type
diff --git a/src/Servers/ExpressServer/node_modules/content-type/index.js b/src/Servers/ExpressServer/node_modules/content-type/index.js
deleted file mode 100644
index 41840e7..0000000
--- a/src/Servers/ExpressServer/node_modules/content-type/index.js
+++ /dev/null
@@ -1,225 +0,0 @@
-/*!
- * content-type
- * Copyright(c) 2015 Douglas Christopher Wilson
- * MIT Licensed
- */
-
-'use strict'
-
-/**
- * RegExp to match *( ";" parameter ) in RFC 7231 sec 3.1.1.1
- *
- * parameter     = token "=" ( token / quoted-string )
- * token         = 1*tchar
- * tchar         = "!" / "#" / "$" / "%" / "&" / "'" / "*"
- *               / "+" / "-" / "." / "^" / "_" / "`" / "|" / "~"
- *               / DIGIT / ALPHA
- *               ; any VCHAR, except delimiters
- * quoted-string = DQUOTE *( qdtext / quoted-pair ) DQUOTE
- * qdtext        = HTAB / SP / %x21 / %x23-5B / %x5D-7E / obs-text
- * obs-text      = %x80-FF
- * quoted-pair   = "\" ( HTAB / SP / VCHAR / obs-text )
- */
-var PARAM_REGEXP = /; *([!#$%&'*+.^_`|~0-9A-Za-z-]+) *= *("(?:[\u000b\u0020\u0021\u0023-\u005b\u005d-\u007e\u0080-\u00ff]|\\[\u000b\u0020-\u00ff])*"|[!#$%&'*+.^_`|~0-9A-Za-z-]+) */g // eslint-disable-line no-control-regex
-var TEXT_REGEXP = /^[\u000b\u0020-\u007e\u0080-\u00ff]+$/ // eslint-disable-line no-control-regex
-var TOKEN_REGEXP = /^[!#$%&'*+.^_`|~0-9A-Za-z-]+$/
-
-/**
- * RegExp to match quoted-pair in RFC 7230 sec 3.2.6
- *
- * quoted-pair = "\" ( HTAB / SP / VCHAR / obs-text )
- * obs-text    = %x80-FF
- */
-var QESC_REGEXP = /\\([\u000b\u0020-\u00ff])/g // eslint-disable-line no-control-regex
-
-/**
- * RegExp to match chars that must be quoted-pair in RFC 7230 sec 3.2.6
- */
-var QUOTE_REGEXP = /([\\"])/g
-
-/**
- * RegExp to match type in RFC 7231 sec 3.1.1.1
- *
- * media-type = type "/" subtype
- * type       = token
- * subtype    = token
- */
-var TYPE_REGEXP = /^[!#$%&'*+.^_`|~0-9A-Za-z-]+\/[!#$%&'*+.^_`|~0-9A-Za-z-]+$/
-
-/**
- * Module exports.
- * @public
- */
-
-exports.format = format
-exports.parse = parse
-
-/**
- * Format object to media type.
- *
- * @param {object} obj
- * @return {string}
- * @public
- */
-
-function format (obj) {
-  if (!obj || typeof obj !== 'object') {
-    throw new TypeError('argument obj is required')
-  }
-
-  var parameters = obj.parameters
-  var type = obj.type
-
-  if (!type || !TYPE_REGEXP.test(type)) {
-    throw new TypeError('invalid type')
-  }
-
-  var string = type
-
-  // append parameters
-  if (parameters && typeof parameters === 'object') {
-    var param
-    var params = Object.keys(parameters).sort()
-
-    for (var i = 0; i < params.length; i++) {
-      param = params[i]
-
-      if (!TOKEN_REGEXP.test(param)) {
-        throw new TypeError('invalid parameter name')
-      }
-
-      string += '; ' + param + '=' + qstring(parameters[param])
-    }
-  }
-
-  return string
-}
-
-/**
- * Parse media type to object.
- *
- * @param {string|object} string
- * @return {Object}
- * @public
- */
-
-function parse (string) {
-  if (!string) {
-    throw new TypeError('argument string is required')
-  }
-
-  // support req/res-like objects as argument
-  var header = typeof string === 'object'
-    ? getcontenttype(string)
-    : string
-
-  if (typeof header !== 'string') {
-    throw new TypeError('argument string is required to be a string')
-  }
-
-  var index = header.indexOf(';')
-  var type = index !== -1
-    ? header.slice(0, index).trim()
-    : header.trim()
-
-  if (!TYPE_REGEXP.test(type)) {
-    throw new TypeError('invalid media type')
-  }
-
-  var obj = new ContentType(type.toLowerCase())
-
-  // parse parameters
-  if (index !== -1) {
-    var key
-    var match
-    var value
-
-    PARAM_REGEXP.lastIndex = index
-
-    while ((match = PARAM_REGEXP.exec(header))) {
-      if (match.index !== index) {
-        throw new TypeError('invalid parameter format')
-      }
-
-      index += match[0].length
-      key = match[1].toLowerCase()
-      value = match[2]
-
-      if (value.charCodeAt(0) === 0x22 /* " */) {
-        // remove quotes
-        value = value.slice(1, -1)
-
-        // remove escapes
-        if (value.indexOf('\\') !== -1) {
-          value = value.replace(QESC_REGEXP, '$1')
-        }
-      }
-
-      obj.parameters[key] = value
-    }
-
-    if (index !== header.length) {
-      throw new TypeError('invalid parameter format')
-    }
-  }
-
-  return obj
-}
-
-/**
- * Get content-type from req/res objects.
- *
- * @param {object}
- * @return {Object}
- * @private
- */
-
-function getcontenttype (obj) {
-  var header
-
-  if (typeof obj.getHeader === 'function') {
-    // res-like
-    header = obj.getHeader('content-type')
-  } else if (typeof obj.headers === 'object') {
-    // req-like
-    header = obj.headers && obj.headers['content-type']
-  }
-
-  if (typeof header !== 'string') {
-    throw new TypeError('content-type header is missing from object')
-  }
-
-  return header
-}
-
-/**
- * Quote a string if necessary.
- *
- * @param {string} val
- * @return {string}
- * @private
- */
-
-function qstring (val) {
-  var str = String(val)
-
-  // no need to quote tokens
-  if (TOKEN_REGEXP.test(str)) {
-    return str
-  }
-
-  if (str.length > 0 && !TEXT_REGEXP.test(str)) {
-    throw new TypeError('invalid parameter value')
-  }
-
-  return '"' + str.replace(QUOTE_REGEXP, '\\$1') + '"'
-}
-
-/**
- * Class to represent a content type.
- * @private
- */
-function ContentType (type) {
-  this.parameters = Object.create(null)
-  this.type = type
-}
diff --git a/src/Servers/ExpressServer/node_modules/content-type/package.json b/src/Servers/ExpressServer/node_modules/content-type/package.json
deleted file mode 100644
index 9db19f6..0000000
--- a/src/Servers/ExpressServer/node_modules/content-type/package.json
+++ /dev/null
@@ -1,42 +0,0 @@
-{
-  "name": "content-type",
-  "description": "Create and parse HTTP Content-Type header",
-  "version": "1.0.5",
-  "author": "Douglas Christopher Wilson <doug@somethingdoug.com>",
-  "license": "MIT",
-  "keywords": [
-    "content-type",
-    "http",
-    "req",
-    "res",
-    "rfc7231"
-  ],
-  "repository": "jshttp/content-type",
-  "devDependencies": {
-    "deep-equal": "1.0.1",
-    "eslint": "8.32.0",
-    "eslint-config-standard": "15.0.1",
-    "eslint-plugin-import": "2.27.5",
-    "eslint-plugin-node": "11.1.0",
-    "eslint-plugin-promise": "6.1.1",
-    "eslint-plugin-standard": "4.1.0",
-    "mocha": "10.2.0",
-    "nyc": "15.1.0"
-  },
-  "files": [
-    "LICENSE",
-    "HISTORY.md",
-    "README.md",
-    "index.js"
-  ],
-  "engines": {
-    "node": ">= 0.6"
-  },
-  "scripts": {
-    "lint": "eslint .",
-    "test": "mocha --reporter spec --check-leaks --bail test/",
-    "test-ci": "nyc --reporter=lcovonly --reporter=text npm test",
-    "test-cov": "nyc --reporter=html --reporter=text npm test",
-    "version": "node scripts/version-history.js && git add HISTORY.md"
-  }
-}
diff --git a/src/Servers/ExpressServer/node_modules/cookie-signature/History.md b/src/Servers/ExpressServer/node_modules/cookie-signature/History.md
deleted file mode 100644
index bcf8cc9..0000000
--- a/src/Servers/ExpressServer/node_modules/cookie-signature/History.md
+++ /dev/null
@@ -1,42 +0,0 @@
-1.0.7 / 2023-04-12
-==================
-
-* backport the buffer support from the 1.2.x release branch (thanks @FadhiliNjagi!)
-
-1.0.6 / 2015-02-03
-==================
-
-* use `npm test` instead of `make test` to run tests
-* clearer assertion messages when checking input
-
-1.0.5 / 2014-09-05
-==================
-
-* add license to package.json
-
-1.0.4 / 2014-06-25
-==================
-
- * corrected avoidance of timing attacks (thanks @tenbits!)
-
-1.0.3 / 2014-01-28
-==================
-
- * [incorrect] fix for timing attacks
-
-1.0.2 / 2014-01-28
-==================
-
- * fix missing repository warning
- * fix typo in test
-
-1.0.1 / 2013-04-15
-==================
-
-  * Revert "Changed underlying HMAC algo. to sha512."
-  * Revert "Fix for timing attacks on MAC verification."
-
-0.0.1 / 2010-01-03
-==================
-
-  * Initial release
diff --git a/src/Servers/ExpressServer/node_modules/cookie-signature/Readme.md b/src/Servers/ExpressServer/node_modules/cookie-signature/Readme.md
deleted file mode 100644
index 2559e84..0000000
--- a/src/Servers/ExpressServer/node_modules/cookie-signature/Readme.md
+++ /dev/null
@@ -1,42 +0,0 @@
-
-# cookie-signature
-
-  Sign and unsign cookies.
-
-## Example
-
-```js
-var cookie = require('cookie-signature');
-
-var val = cookie.sign('hello', 'tobiiscool');
-val.should.equal('hello.DGDUkGlIkCzPz+C0B064FNgHdEjox7ch8tOBGslZ5QI');
-
-var val = cookie.sign('hello', 'tobiiscool');
-cookie.unsign(val, 'tobiiscool').should.equal('hello');
-cookie.unsign(val, 'luna').should.be.false;
-```
-
-## License 
-
-(The MIT License)
-
-Copyright (c) 2012 LearnBoost &lt;tj@learnboost.com&gt;
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-'Software'), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
-CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
-TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
-SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/cookie-signature/index.js b/src/Servers/ExpressServer/node_modules/cookie-signature/index.js
deleted file mode 100644
index 336d487..0000000
--- a/src/Servers/ExpressServer/node_modules/cookie-signature/index.js
+++ /dev/null
@@ -1,51 +0,0 @@
-/**
- * Module dependencies.
- */
-
-var crypto = require('crypto');
-
-/**
- * Sign the given `val` with `secret`.
- *
- * @param {String} val
- * @param {String|NodeJS.ArrayBufferView|crypto.KeyObject} secret
- * @return {String}
- * @api private
- */
-
-exports.sign = function(val, secret){
-  if ('string' !== typeof val) throw new TypeError("Cookie value must be provided as a string.");
-  if (null == secret) throw new TypeError("Secret key must be provided.");
-  return val + '.' + crypto
-    .createHmac('sha256', secret)
-    .update(val)
-    .digest('base64')
-    .replace(/\=+$/, '');
-};
-
-/**
- * Unsign and decode the given `val` with `secret`,
- * returning `false` if the signature is invalid.
- *
- * @param {String} val
- * @param {String|NodeJS.ArrayBufferView|crypto.KeyObject} secret
- * @return {String|Boolean}
- * @api private
- */
-
-exports.unsign = function(val, secret){
-  if ('string' !== typeof val) throw new TypeError("Signed cookie string must be provided.");
-  if (null == secret) throw new TypeError("Secret key must be provided.");
-  var str = val.slice(0, val.lastIndexOf('.'))
-    , mac = exports.sign(str, secret);
-  
-  return sha1(mac) == sha1(val) ? str : false;
-};
-
-/**
- * Private
- */
-
-function sha1(str){
-  return crypto.createHash('sha1').update(str).digest('hex');
-}
diff --git a/src/Servers/ExpressServer/node_modules/cookie-signature/package.json b/src/Servers/ExpressServer/node_modules/cookie-signature/package.json
deleted file mode 100644
index 738487b..0000000
--- a/src/Servers/ExpressServer/node_modules/cookie-signature/package.json
+++ /dev/null
@@ -1,18 +0,0 @@
-{
-  "name": "cookie-signature",
-  "version": "1.0.7",
-  "description": "Sign and unsign cookies",
-  "keywords": ["cookie", "sign", "unsign"],
-  "author": "TJ Holowaychuk <tj@learnboost.com>",
-  "license": "MIT",
-  "repository": { "type": "git", "url": "https://github.com/visionmedia/node-cookie-signature.git"},
-  "dependencies": {},
-  "devDependencies": {
-    "mocha": "*",
-    "should": "*"
-  },
-  "scripts": {
-    "test": "mocha --require should --reporter spec"
-  },
-  "main": "index"
-}
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/cookie/LICENSE b/src/Servers/ExpressServer/node_modules/cookie/LICENSE
deleted file mode 100644
index 058b6b4..0000000
--- a/src/Servers/ExpressServer/node_modules/cookie/LICENSE
+++ /dev/null
@@ -1,24 +0,0 @@
-(The MIT License)
-
-Copyright (c) 2012-2014 Roman Shtylman <shtylman@gmail.com>
-Copyright (c) 2015 Douglas Christopher Wilson <doug@somethingdoug.com>
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-'Software'), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
-CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
-TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
-SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
diff --git a/src/Servers/ExpressServer/node_modules/cookie/README.md b/src/Servers/ExpressServer/node_modules/cookie/README.md
deleted file mode 100644
index 71fdac1..0000000
--- a/src/Servers/ExpressServer/node_modules/cookie/README.md
+++ /dev/null
@@ -1,317 +0,0 @@
-# cookie
-
-[![NPM Version][npm-version-image]][npm-url]
-[![NPM Downloads][npm-downloads-image]][npm-url]
-[![Node.js Version][node-image]][node-url]
-[![Build Status][ci-image]][ci-url]
-[![Coverage Status][coveralls-image]][coveralls-url]
-
-Basic HTTP cookie parser and serializer for HTTP servers.
-
-## Installation
-
-This is a [Node.js](https://nodejs.org/en/) module available through the
-[npm registry](https://www.npmjs.com/). Installation is done using the
-[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
-
-```sh
-$ npm install cookie
-```
-
-## API
-
-```js
-var cookie = require('cookie');
-```
-
-### cookie.parse(str, options)
-
-Parse an HTTP `Cookie` header string and returning an object of all cookie name-value pairs.
-The `str` argument is the string representing a `Cookie` header value and `options` is an
-optional object containing additional parsing options.
-
-```js
-var cookies = cookie.parse('foo=bar; equation=E%3Dmc%5E2');
-// { foo: 'bar', equation: 'E=mc^2' }
-```
-
-#### Options
-
-`cookie.parse` accepts these properties in the options object.
-
-##### decode
-
-Specifies a function that will be used to decode a cookie's value. Since the value of a cookie
-has a limited character set (and must be a simple string), this function can be used to decode
-a previously-encoded cookie value into a JavaScript string or other object.
-
-The default function is the global `decodeURIComponent`, which will decode any URL-encoded
-sequences into their byte representations.
-
-**note** if an error is thrown from this function, the original, non-decoded cookie value will
-be returned as the cookie's value.
-
-### cookie.serialize(name, value, options)
-
-Serialize a cookie name-value pair into a `Set-Cookie` header string. The `name` argument is the
-name for the cookie, the `value` argument is the value to set the cookie to, and the `options`
-argument is an optional object containing additional serialization options.
-
-```js
-var setCookie = cookie.serialize('foo', 'bar');
-// foo=bar
-```
-
-#### Options
-
-`cookie.serialize` accepts these properties in the options object.
-
-##### domain
-
-Specifies the value for the [`Domain` `Set-Cookie` attribute][rfc-6265-5.2.3]. By default, no
-domain is set, and most clients will consider the cookie to apply to only the current domain.
-
-##### encode
-
-Specifies a function that will be used to encode a cookie's value. Since value of a cookie
-has a limited character set (and must be a simple string), this function can be used to encode
-a value into a string suited for a cookie's value.
-
-The default function is the global `encodeURIComponent`, which will encode a JavaScript string
-into UTF-8 byte sequences and then URL-encode any that fall outside of the cookie range.
-
-##### expires
-
-Specifies the `Date` object to be the value for the [`Expires` `Set-Cookie` attribute][rfc-6265-5.2.1].
-By default, no expiration is set, and most clients will consider this a "non-persistent cookie" and
-will delete it on a condition like exiting a web browser application.
-
-**note** the [cookie storage model specification][rfc-6265-5.3] states that if both `expires` and
-`maxAge` are set, then `maxAge` takes precedence, but it is possible not all clients by obey this,
-so if both are set, they should point to the same date and time.
-
-##### httpOnly
-
-Specifies the `boolean` value for the [`HttpOnly` `Set-Cookie` attribute][rfc-6265-5.2.6]. When truthy,
-the `HttpOnly` attribute is set, otherwise it is not. By default, the `HttpOnly` attribute is not set.
-
-**note** be careful when setting this to `true`, as compliant clients will not allow client-side
-JavaScript to see the cookie in `document.cookie`.
-
-##### maxAge
-
-Specifies the `number` (in seconds) to be the value for the [`Max-Age` `Set-Cookie` attribute][rfc-6265-5.2.2].
-The given number will be converted to an integer by rounding down. By default, no maximum age is set.
-
-**note** the [cookie storage model specification][rfc-6265-5.3] states that if both `expires` and
-`maxAge` are set, then `maxAge` takes precedence, but it is possible not all clients by obey this,
-so if both are set, they should point to the same date and time.
-
-##### partitioned
-
-Specifies the `boolean` value for the [`Partitioned` `Set-Cookie`](rfc-cutler-httpbis-partitioned-cookies)
-attribute. When truthy, the `Partitioned` attribute is set, otherwise it is not. By default, the
-`Partitioned` attribute is not set.
-
-**note** This is an attribute that has not yet been fully standardized, and may change in the future.
-This also means many clients may ignore this attribute until they understand it.
-
-More information about can be found in [the proposal](https://github.com/privacycg/CHIPS).
-
-##### path
-
-Specifies the value for the [`Path` `Set-Cookie` attribute][rfc-6265-5.2.4]. By default, the path
-is considered the ["default path"][rfc-6265-5.1.4].
-
-##### priority
-
-Specifies the `string` to be the value for the [`Priority` `Set-Cookie` attribute][rfc-west-cookie-priority-00-4.1].
-
-  - `'low'` will set the `Priority` attribute to `Low`.
-  - `'medium'` will set the `Priority` attribute to `Medium`, the default priority when not set.
-  - `'high'` will set the `Priority` attribute to `High`.
-
-More information about the different priority levels can be found in
-[the specification][rfc-west-cookie-priority-00-4.1].
-
-**note** This is an attribute that has not yet been fully standardized, and may change in the future.
-This also means many clients may ignore this attribute until they understand it.
-
-##### sameSite
-
-Specifies the `boolean` or `string` to be the value for the [`SameSite` `Set-Cookie` attribute][rfc-6265bis-09-5.4.7].
-
-  - `true` will set the `SameSite` attribute to `Strict` for strict same site enforcement.
-  - `false` will not set the `SameSite` attribute.
-  - `'lax'` will set the `SameSite` attribute to `Lax` for lax same site enforcement.
-  - `'none'` will set the `SameSite` attribute to `None` for an explicit cross-site cookie.
-  - `'strict'` will set the `SameSite` attribute to `Strict` for strict same site enforcement.
-
-More information about the different enforcement levels can be found in
-[the specification][rfc-6265bis-09-5.4.7].
-
-**note** This is an attribute that has not yet been fully standardized, and may change in the future.
-This also means many clients may ignore this attribute until they understand it.
-
-##### secure
-
-Specifies the `boolean` value for the [`Secure` `Set-Cookie` attribute][rfc-6265-5.2.5]. When truthy,
-the `Secure` attribute is set, otherwise it is not. By default, the `Secure` attribute is not set.
-
-**note** be careful when setting this to `true`, as compliant clients will not send the cookie back to
-the server in the future if the browser does not have an HTTPS connection.
-
-## Example
-
-The following example uses this module in conjunction with the Node.js core HTTP server
-to prompt a user for their name and display it back on future visits.
-
-```js
-var cookie = require('cookie');
-var escapeHtml = require('escape-html');
-var http = require('http');
-var url = require('url');
-
-function onRequest(req, res) {
-  // Parse the query string
-  var query = url.parse(req.url, true, true).query;
-
-  if (query && query.name) {
-    // Set a new cookie with the name
-    res.setHeader('Set-Cookie', cookie.serialize('name', String(query.name), {
-      httpOnly: true,
-      maxAge: 60 * 60 * 24 * 7 // 1 week
-    }));
-
-    // Redirect back after setting cookie
-    res.statusCode = 302;
-    res.setHeader('Location', req.headers.referer || '/');
-    res.end();
-    return;
-  }
-
-  // Parse the cookies on the request
-  var cookies = cookie.parse(req.headers.cookie || '');
-
-  // Get the visitor name set in the cookie
-  var name = cookies.name;
-
-  res.setHeader('Content-Type', 'text/html; charset=UTF-8');
-
-  if (name) {
-    res.write('<p>Welcome back, <b>' + escapeHtml(name) + '</b>!</p>');
-  } else {
-    res.write('<p>Hello, new visitor!</p>');
-  }
-
-  res.write('<form method="GET">');
-  res.write('<input placeholder="enter your name" name="name"> <input type="submit" value="Set Name">');
-  res.end('</form>');
-}
-
-http.createServer(onRequest).listen(3000);
-```
-
-## Testing
-
-```sh
-$ npm test
-```
-
-## Benchmark
-
-```
-$ npm run bench
-
-> cookie@0.5.0 bench
-> node benchmark/index.js
-
-  node@18.18.2
-  acorn@8.10.0
-  ada@2.6.0
-  ares@1.19.1
-  brotli@1.0.9
-  cldr@43.1
-  icu@73.2
-  llhttp@6.0.11
-  modules@108
-  napi@9
-  nghttp2@1.57.0
-  nghttp3@0.7.0
-  ngtcp2@0.8.1
-  openssl@3.0.10+quic
-  simdutf@3.2.14
-  tz@2023c
-  undici@5.26.3
-  unicode@15.0
-  uv@1.44.2
-  uvwasi@0.0.18
-  v8@10.2.154.26-node.26
-  zlib@1.2.13.1-motley
-
-> node benchmark/parse-top.js
-
-  cookie.parse - top sites
-
-  14 tests completed.
-
-  parse accounts.google.com x 2,588,913 ops/sec ±0.74% (186 runs sampled)
-  parse apple.com           x 2,370,002 ops/sec ±0.69% (186 runs sampled)
-  parse cloudflare.com      x 2,213,102 ops/sec ±0.88% (188 runs sampled)
-  parse docs.google.com     x 2,194,157 ops/sec ±1.03% (184 runs sampled)
-  parse drive.google.com    x 2,265,084 ops/sec ±0.79% (187 runs sampled)
-  parse en.wikipedia.org    x   457,099 ops/sec ±0.81% (186 runs sampled)
-  parse linkedin.com        x   504,407 ops/sec ±0.89% (186 runs sampled)
-  parse maps.google.com     x 1,230,959 ops/sec ±0.98% (186 runs sampled)
-  parse microsoft.com       x   926,294 ops/sec ±0.88% (184 runs sampled)
-  parse play.google.com     x 2,311,338 ops/sec ±0.83% (185 runs sampled)
-  parse support.google.com  x 1,508,850 ops/sec ±0.86% (186 runs sampled)
-  parse www.google.com      x 1,022,582 ops/sec ±1.32% (182 runs sampled)
-  parse youtu.be            x   332,136 ops/sec ±1.02% (185 runs sampled)
-  parse youtube.com         x   323,833 ops/sec ±0.77% (183 runs sampled)
-
-> node benchmark/parse.js
-
-  cookie.parse - generic
-
-  6 tests completed.
-
-  simple      x 3,214,032 ops/sec ±1.61% (183 runs sampled)
-  decode      x   587,237 ops/sec ±1.16% (187 runs sampled)
-  unquote     x 2,954,618 ops/sec ±1.35% (183 runs sampled)
-  duplicates  x   857,008 ops/sec ±0.89% (187 runs sampled)
-  10 cookies  x   292,133 ops/sec ±0.89% (187 runs sampled)
-  100 cookies x    22,610 ops/sec ±0.68% (187 runs sampled)
-```
-
-## References
-
-- [RFC 6265: HTTP State Management Mechanism][rfc-6265]
-- [Same-site Cookies][rfc-6265bis-09-5.4.7]
-
-[rfc-cutler-httpbis-partitioned-cookies]: https://tools.ietf.org/html/draft-cutler-httpbis-partitioned-cookies/
-[rfc-west-cookie-priority-00-4.1]: https://tools.ietf.org/html/draft-west-cookie-priority-00#section-4.1
-[rfc-6265bis-09-5.4.7]: https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-09#section-5.4.7
-[rfc-6265]: https://tools.ietf.org/html/rfc6265
-[rfc-6265-5.1.4]: https://tools.ietf.org/html/rfc6265#section-5.1.4
-[rfc-6265-5.2.1]: https://tools.ietf.org/html/rfc6265#section-5.2.1
-[rfc-6265-5.2.2]: https://tools.ietf.org/html/rfc6265#section-5.2.2
-[rfc-6265-5.2.3]: https://tools.ietf.org/html/rfc6265#section-5.2.3
-[rfc-6265-5.2.4]: https://tools.ietf.org/html/rfc6265#section-5.2.4
-[rfc-6265-5.2.5]: https://tools.ietf.org/html/rfc6265#section-5.2.5
-[rfc-6265-5.2.6]: https://tools.ietf.org/html/rfc6265#section-5.2.6
-[rfc-6265-5.3]: https://tools.ietf.org/html/rfc6265#section-5.3
-
-## License
-
-[MIT](LICENSE)
-
-[ci-image]: https://badgen.net/github/checks/jshttp/cookie/master?label=ci
-[ci-url]: https://github.com/jshttp/cookie/actions/workflows/ci.yml
-[coveralls-image]: https://badgen.net/coveralls/c/github/jshttp/cookie/master
-[coveralls-url]: https://coveralls.io/r/jshttp/cookie?branch=master
-[node-image]: https://badgen.net/npm/node/cookie
-[node-url]: https://nodejs.org/en/download
-[npm-downloads-image]: https://badgen.net/npm/dm/cookie
-[npm-url]: https://npmjs.org/package/cookie
-[npm-version-image]: https://badgen.net/npm/v/cookie
diff --git a/src/Servers/ExpressServer/node_modules/cookie/SECURITY.md b/src/Servers/ExpressServer/node_modules/cookie/SECURITY.md
deleted file mode 100644
index fd4a6c5..0000000
--- a/src/Servers/ExpressServer/node_modules/cookie/SECURITY.md
+++ /dev/null
@@ -1,25 +0,0 @@
-# Security Policies and Procedures
-
-## Reporting a Bug
-
-The `cookie` team and community take all security bugs seriously. Thank
-you for improving the security of the project. We appreciate your efforts and
-responsible disclosure and will make every effort to acknowledge your
-contributions.
-
-Report security bugs by emailing the current owner(s) of `cookie`. This
-information can be found in the npm registry using the command
-`npm owner ls cookie`.
-If unsure or unable to get the information from the above, open an issue
-in the [project issue tracker](https://github.com/jshttp/cookie/issues)
-asking for the current contact information.
-
-To ensure the timely response to your report, please ensure that the entirety
-of the report is contained within the email body and not solely behind a web
-link or an attachment.
-
-At least one owner will acknowledge your email within 48 hours, and will send a
-more detailed response within 48 hours indicating the next steps in handling
-your report. After the initial reply to your report, the owners will
-endeavor to keep you informed of the progress towards a fix and full
-announcement, and may ask for additional information or guidance.
diff --git a/src/Servers/ExpressServer/node_modules/cookie/index.js b/src/Servers/ExpressServer/node_modules/cookie/index.js
deleted file mode 100644
index acd5acd..0000000
--- a/src/Servers/ExpressServer/node_modules/cookie/index.js
+++ /dev/null
@@ -1,335 +0,0 @@
-/*!
- * cookie
- * Copyright(c) 2012-2014 Roman Shtylman
- * Copyright(c) 2015 Douglas Christopher Wilson
- * MIT Licensed
- */
-
-'use strict';
-
-/**
- * Module exports.
- * @public
- */
-
-exports.parse = parse;
-exports.serialize = serialize;
-
-/**
- * Module variables.
- * @private
- */
-
-var __toString = Object.prototype.toString
-var __hasOwnProperty = Object.prototype.hasOwnProperty
-
-/**
- * RegExp to match cookie-name in RFC 6265 sec 4.1.1
- * This refers out to the obsoleted definition of token in RFC 2616 sec 2.2
- * which has been replaced by the token definition in RFC 7230 appendix B.
- *
- * cookie-name       = token
- * token             = 1*tchar
- * tchar             = "!" / "#" / "$" / "%" / "&" / "'" /
- *                     "*" / "+" / "-" / "." / "^" / "_" /
- *                     "`" / "|" / "~" / DIGIT / ALPHA
- */
-
-var cookieNameRegExp = /^[!#$%&'*+\-.^_`|~0-9A-Za-z]+$/;
-
-/**
- * RegExp to match cookie-value in RFC 6265 sec 4.1.1
- *
- * cookie-value      = *cookie-octet / ( DQUOTE *cookie-octet DQUOTE )
- * cookie-octet      = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E
- *                     ; US-ASCII characters excluding CTLs,
- *                     ; whitespace DQUOTE, comma, semicolon,
- *                     ; and backslash
- */
-
-var cookieValueRegExp = /^("?)[\u0021\u0023-\u002B\u002D-\u003A\u003C-\u005B\u005D-\u007E]*\1$/;
-
-/**
- * RegExp to match domain-value in RFC 6265 sec 4.1.1
- *
- * domain-value      = <subdomain>
- *                     ; defined in [RFC1034], Section 3.5, as
- *                     ; enhanced by [RFC1123], Section 2.1
- * <subdomain>       = <label> | <subdomain> "." <label>
- * <label>           = <let-dig> [ [ <ldh-str> ] <let-dig> ]
- *                     Labels must be 63 characters or less.
- *                     'let-dig' not 'letter' in the first char, per RFC1123
- * <ldh-str>         = <let-dig-hyp> | <let-dig-hyp> <ldh-str>
- * <let-dig-hyp>     = <let-dig> | "-"
- * <let-dig>         = <letter> | <digit>
- * <letter>          = any one of the 52 alphabetic characters A through Z in
- *                     upper case and a through z in lower case
- * <digit>           = any one of the ten digits 0 through 9
- *
- * Keep support for leading dot: https://github.com/jshttp/cookie/issues/173
- *
- * > (Note that a leading %x2E ("."), if present, is ignored even though that
- * character is not permitted, but a trailing %x2E ("."), if present, will
- * cause the user agent to ignore the attribute.)
- */
-
-var domainValueRegExp = /^([.]?[a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?)([.][a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?)*$/i;
-
-/**
- * RegExp to match path-value in RFC 6265 sec 4.1.1
- *
- * path-value        = <any CHAR except CTLs or ";">
- * CHAR              = %x01-7F
- *                     ; defined in RFC 5234 appendix B.1
- */
-
-var pathValueRegExp = /^[\u0020-\u003A\u003D-\u007E]*$/;
-
-/**
- * Parse a cookie header.
- *
- * Parse the given cookie header string into an object
- * The object has the various cookies as keys(names) => values
- *
- * @param {string} str
- * @param {object} [opt]
- * @return {object}
- * @public
- */
-
-function parse(str, opt) {
-  if (typeof str !== 'string') {
-    throw new TypeError('argument str must be a string');
-  }
-
-  var obj = {};
-  var len = str.length;
-  // RFC 6265 sec 4.1.1, RFC 2616 2.2 defines a cookie name consists of one char minimum, plus '='.
-  if (len < 2) return obj;
-
-  var dec = (opt && opt.decode) || decode;
-  var index = 0;
-  var eqIdx = 0;
-  var endIdx = 0;
-
-  do {
-    eqIdx = str.indexOf('=', index);
-    if (eqIdx === -1) break; // No more cookie pairs.
-
-    endIdx = str.indexOf(';', index);
-
-    if (endIdx === -1) {
-      endIdx = len;
-    } else if (eqIdx > endIdx) {
-      // backtrack on prior semicolon
-      index = str.lastIndexOf(';', eqIdx - 1) + 1;
-      continue;
-    }
-
-    var keyStartIdx = startIndex(str, index, eqIdx);
-    var keyEndIdx = endIndex(str, eqIdx, keyStartIdx);
-    var key = str.slice(keyStartIdx, keyEndIdx);
-
-    // only assign once
-    if (!__hasOwnProperty.call(obj, key)) {
-      var valStartIdx = startIndex(str, eqIdx + 1, endIdx);
-      var valEndIdx = endIndex(str, endIdx, valStartIdx);
-
-      if (str.charCodeAt(valStartIdx) === 0x22 /* " */ && str.charCodeAt(valEndIdx - 1) === 0x22 /* " */) {
-        valStartIdx++;
-        valEndIdx--;
-      }
-
-      var val = str.slice(valStartIdx, valEndIdx);
-      obj[key] = tryDecode(val, dec);
-    }
-
-    index = endIdx + 1
-  } while (index < len);
-
-  return obj;
-}
-
-function startIndex(str, index, max) {
-  do {
-    var code = str.charCodeAt(index);
-    if (code !== 0x20 /*   */ && code !== 0x09 /* \t */) return index;
-  } while (++index < max);
-  return max;
-}
-
-function endIndex(str, index, min) {
-  while (index > min) {
-    var code = str.charCodeAt(--index);
-    if (code !== 0x20 /*   */ && code !== 0x09 /* \t */) return index + 1;
-  }
-  return min;
-}
-
-/**
- * Serialize data into a cookie header.
- *
- * Serialize a name value pair into a cookie string suitable for
- * http headers. An optional options object specifies cookie parameters.
- *
- * serialize('foo', 'bar', { httpOnly: true })
- *   => "foo=bar; httpOnly"
- *
- * @param {string} name
- * @param {string} val
- * @param {object} [opt]
- * @return {string}
- * @public
- */
-
-function serialize(name, val, opt) {
-  var enc = (opt && opt.encode) || encodeURIComponent;
-
-  if (typeof enc !== 'function') {
-    throw new TypeError('option encode is invalid');
-  }
-
-  if (!cookieNameRegExp.test(name)) {
-    throw new TypeError('argument name is invalid');
-  }
-
-  var value = enc(val);
-
-  if (!cookieValueRegExp.test(value)) {
-    throw new TypeError('argument val is invalid');
-  }
-
-  var str = name + '=' + value;
-  if (!opt) return str;
-
-  if (null != opt.maxAge) {
-    var maxAge = Math.floor(opt.maxAge);
-
-    if (!isFinite(maxAge)) {
-      throw new TypeError('option maxAge is invalid')
-    }
-
-    str += '; Max-Age=' + maxAge;
-  }
-
-  if (opt.domain) {
-    if (!domainValueRegExp.test(opt.domain)) {
-      throw new TypeError('option domain is invalid');
-    }
-
-    str += '; Domain=' + opt.domain;
-  }
-
-  if (opt.path) {
-    if (!pathValueRegExp.test(opt.path)) {
-      throw new TypeError('option path is invalid');
-    }
-
-    str += '; Path=' + opt.path;
-  }
-
-  if (opt.expires) {
-    var expires = opt.expires
-
-    if (!isDate(expires) || isNaN(expires.valueOf())) {
-      throw new TypeError('option expires is invalid');
-    }
-
-    str += '; Expires=' + expires.toUTCString()
-  }
-
-  if (opt.httpOnly) {
-    str += '; HttpOnly';
-  }
-
-  if (opt.secure) {
-    str += '; Secure';
-  }
-
-  if (opt.partitioned) {
-    str += '; Partitioned'
-  }
-
-  if (opt.priority) {
-    var priority = typeof opt.priority === 'string'
-      ? opt.priority.toLowerCase() : opt.priority;
-
-    switch (priority) {
-      case 'low':
-        str += '; Priority=Low'
-        break
-      case 'medium':
-        str += '; Priority=Medium'
-        break
-      case 'high':
-        str += '; Priority=High'
-        break
-      default:
-        throw new TypeError('option priority is invalid')
-    }
-  }
-
-  if (opt.sameSite) {
-    var sameSite = typeof opt.sameSite === 'string'
-      ? opt.sameSite.toLowerCase() : opt.sameSite;
-
-    switch (sameSite) {
-      case true:
-        str += '; SameSite=Strict';
-        break;
-      case 'lax':
-        str += '; SameSite=Lax';
-        break;
-      case 'strict':
-        str += '; SameSite=Strict';
-        break;
-      case 'none':
-        str += '; SameSite=None';
-        break;
-      default:
-        throw new TypeError('option sameSite is invalid');
-    }
-  }
-
-  return str;
-}
-
-/**
- * URL-decode string value. Optimized to skip native call when no %.
- *
- * @param {string} str
- * @returns {string}
- */
-
-function decode (str) {
-  return str.indexOf('%') !== -1
-    ? decodeURIComponent(str)
-    : str
-}
-
-/**
- * Determine if value is a Date.
- *
- * @param {*} val
- * @private
- */
-
-function isDate (val) {
-  return __toString.call(val) === '[object Date]';
-}
-
-/**
- * Try decoding a string using a decoding function.
- *
- * @param {string} str
- * @param {function} decode
- * @private
- */
-
-function tryDecode(str, decode) {
-  try {
-    return decode(str);
-  } catch (e) {
-    return str;
-  }
-}
diff --git a/src/Servers/ExpressServer/node_modules/cookie/package.json b/src/Servers/ExpressServer/node_modules/cookie/package.json
deleted file mode 100644
index 22e3f92..0000000
--- a/src/Servers/ExpressServer/node_modules/cookie/package.json
+++ /dev/null
@@ -1,44 +0,0 @@
-{
-  "name": "cookie",
-  "description": "HTTP server cookie parsing and serialization",
-  "version": "0.7.2",
-  "author": "Roman Shtylman <shtylman@gmail.com>",
-  "contributors": [
-    "Douglas Christopher Wilson <doug@somethingdoug.com>"
-  ],
-  "license": "MIT",
-  "keywords": [
-    "cookie",
-    "cookies"
-  ],
-  "repository": "jshttp/cookie",
-  "devDependencies": {
-    "beautify-benchmark": "0.2.4",
-    "benchmark": "2.1.4",
-    "eslint": "8.53.0",
-    "eslint-plugin-markdown": "3.0.1",
-    "mocha": "10.2.0",
-    "nyc": "15.1.0",
-    "safe-buffer": "5.2.1",
-    "top-sites": "1.1.194"
-  },
-  "files": [
-    "HISTORY.md",
-    "LICENSE",
-    "README.md",
-    "SECURITY.md",
-    "index.js"
-  ],
-  "main": "index.js",
-  "engines": {
-    "node": ">= 0.6"
-  },
-  "scripts": {
-    "bench": "node benchmark/index.js",
-    "lint": "eslint .",
-    "test": "mocha --reporter spec --bail --check-leaks test/",
-    "test-ci": "nyc --reporter=lcov --reporter=text npm test",
-    "test-cov": "nyc --reporter=html --reporter=text npm test",
-    "update-bench": "node scripts/update-benchmark.js"
-  }
-}
diff --git a/src/Servers/ExpressServer/node_modules/depd/History.md b/src/Servers/ExpressServer/node_modules/depd/History.md
deleted file mode 100644
index cd9ebaa..0000000
--- a/src/Servers/ExpressServer/node_modules/depd/History.md
+++ /dev/null
@@ -1,103 +0,0 @@
-2.0.0 / 2018-10-26
-==================
-
-  * Drop support for Node.js 0.6
-  * Replace internal `eval` usage with `Function` constructor
-  * Use instance methods on `process` to check for listeners
-
-1.1.2 / 2018-01-11
-==================
-
-  * perf: remove argument reassignment
-  * Support Node.js 0.6 to 9.x
-
-1.1.1 / 2017-07-27
-==================
-
-  * Remove unnecessary `Buffer` loading
-  * Support Node.js 0.6 to 8.x
-
-1.1.0 / 2015-09-14
-==================
-
-  * Enable strict mode in more places
-  * Support io.js 3.x
-  * Support io.js 2.x
-  * Support web browser loading
-    - Requires bundler like Browserify or webpack
-
-1.0.1 / 2015-04-07
-==================
-
-  * Fix `TypeError`s when under `'use strict'` code
-  * Fix useless type name on auto-generated messages
-  * Support io.js 1.x
-  * Support Node.js 0.12
-
-1.0.0 / 2014-09-17
-==================
-
-  * No changes
-
-0.4.5 / 2014-09-09
-==================
-
-  * Improve call speed to functions using the function wrapper
-  * Support Node.js 0.6
-
-0.4.4 / 2014-07-27
-==================
-
-  * Work-around v8 generating empty stack traces
-
-0.4.3 / 2014-07-26
-==================
-
-  * Fix exception when global `Error.stackTraceLimit` is too low
-
-0.4.2 / 2014-07-19
-==================
-
-  * Correct call site for wrapped functions and properties
-
-0.4.1 / 2014-07-19
-==================
-
-  * Improve automatic message generation for function properties
-
-0.4.0 / 2014-07-19
-==================
-
-  * Add `TRACE_DEPRECATION` environment variable
-  * Remove non-standard grey color from color output
-  * Support `--no-deprecation` argument
-  * Support `--trace-deprecation` argument
-  * Support `deprecate.property(fn, prop, message)`
-
-0.3.0 / 2014-06-16
-==================
-
-  * Add `NO_DEPRECATION` environment variable
-
-0.2.0 / 2014-06-15
-==================
-
-  * Add `deprecate.property(obj, prop, message)`
-  * Remove `supports-color` dependency for node.js 0.8
-
-0.1.0 / 2014-06-15
-==================
-
-  * Add `deprecate.function(fn, message)`
-  * Add `process.on('deprecation', fn)` emitter
-  * Automatically generate message when omitted from `deprecate()`
-
-0.0.1 / 2014-06-15
-==================
-
-  * Fix warning for dynamic calls at singe call site
-
-0.0.0 / 2014-06-15
-==================
-
-  * Initial implementation
diff --git a/src/Servers/ExpressServer/node_modules/depd/LICENSE b/src/Servers/ExpressServer/node_modules/depd/LICENSE
deleted file mode 100644
index 248de7a..0000000
--- a/src/Servers/ExpressServer/node_modules/depd/LICENSE
+++ /dev/null
@@ -1,22 +0,0 @@
-(The MIT License)
-
-Copyright (c) 2014-2018 Douglas Christopher Wilson
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-'Software'), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
-CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
-TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
-SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/depd/Readme.md b/src/Servers/ExpressServer/node_modules/depd/Readme.md
deleted file mode 100644
index 043d1ca..0000000
--- a/src/Servers/ExpressServer/node_modules/depd/Readme.md
+++ /dev/null
@@ -1,280 +0,0 @@
-# depd
-
-[![NPM Version][npm-version-image]][npm-url]
-[![NPM Downloads][npm-downloads-image]][npm-url]
-[![Node.js Version][node-image]][node-url]
-[![Linux Build][travis-image]][travis-url]
-[![Windows Build][appveyor-image]][appveyor-url]
-[![Coverage Status][coveralls-image]][coveralls-url]
-
-Deprecate all the things
-
-> With great modules comes great responsibility; mark things deprecated!
-
-## Install
-
-This module is installed directly using `npm`:
-
-```sh
-$ npm install depd
-```
-
-This module can also be bundled with systems like
-[Browserify](http://browserify.org/) or [webpack](https://webpack.github.io/),
-though by default this module will alter it's API to no longer display or
-track deprecations.
-
-## API
-
-<!-- eslint-disable no-unused-vars -->
-
-```js
-var deprecate = require('depd')('my-module')
-```
-
-This library allows you to display deprecation messages to your users.
-This library goes above and beyond with deprecation warnings by
-introspection of the call stack (but only the bits that it is interested
-in).
-
-Instead of just warning on the first invocation of a deprecated
-function and never again, this module will warn on the first invocation
-of a deprecated function per unique call site, making it ideal to alert
-users of all deprecated uses across the code base, rather than just
-whatever happens to execute first.
-
-The deprecation warnings from this module also include the file and line
-information for the call into the module that the deprecated function was
-in.
-
-**NOTE** this library has a similar interface to the `debug` module, and
-this module uses the calling file to get the boundary for the call stacks,
-so you should always create a new `deprecate` object in each file and not
-within some central file.
-
-### depd(namespace)
-
-Create a new deprecate function that uses the given namespace name in the
-messages and will display the call site prior to the stack entering the
-file this function was called from. It is highly suggested you use the
-name of your module as the namespace.
-
-### deprecate(message)
-
-Call this function from deprecated code to display a deprecation message.
-This message will appear once per unique caller site. Caller site is the
-first call site in the stack in a different file from the caller of this
-function.
-
-If the message is omitted, a message is generated for you based on the site
-of the `deprecate()` call and will display the name of the function called,
-similar to the name displayed in a stack trace.
-
-### deprecate.function(fn, message)
-
-Call this function to wrap a given function in a deprecation message on any
-call to the function. An optional message can be supplied to provide a custom
-message.
-
-### deprecate.property(obj, prop, message)
-
-Call this function to wrap a given property on object in a deprecation message
-on any accessing or setting of the property. An optional message can be supplied
-to provide a custom message.
-
-The method must be called on the object where the property belongs (not
-inherited from the prototype).
-
-If the property is a data descriptor, it will be converted to an accessor
-descriptor in order to display the deprecation message.
-
-### process.on('deprecation', fn)
-
-This module will allow easy capturing of deprecation errors by emitting the
-errors as the type "deprecation" on the global `process`. If there are no
-listeners for this type, the errors are written to STDERR as normal, but if
-there are any listeners, nothing will be written to STDERR and instead only
-emitted. From there, you can write the errors in a different format or to a
-logging source.
-
-The error represents the deprecation and is emitted only once with the same
-rules as writing to STDERR. The error has the following properties:
-
-  - `message` - This is the message given by the library
-  - `name` - This is always `'DeprecationError'`
-  - `namespace` - This is the namespace the deprecation came from
-  - `stack` - This is the stack of the call to the deprecated thing
-
-Example `error.stack` output:
-
-```
-DeprecationError: my-cool-module deprecated oldfunction
-    at Object.<anonymous> ([eval]-wrapper:6:22)
-    at Module._compile (module.js:456:26)
-    at evalScript (node.js:532:25)
-    at startup (node.js:80:7)
-    at node.js:902:3
-```
-
-### process.env.NO_DEPRECATION
-
-As a user of modules that are deprecated, the environment variable `NO_DEPRECATION`
-is provided as a quick solution to silencing deprecation warnings from being
-output. The format of this is similar to that of `DEBUG`:
-
-```sh
-$ NO_DEPRECATION=my-module,othermod node app.js
-```
-
-This will suppress deprecations from being output for "my-module" and "othermod".
-The value is a list of comma-separated namespaces. To suppress every warning
-across all namespaces, use the value `*` for a namespace.
-
-Providing the argument `--no-deprecation` to the `node` executable will suppress
-all deprecations (only available in Node.js 0.8 or higher).
-
-**NOTE** This will not suppress the deperecations given to any "deprecation"
-event listeners, just the output to STDERR.
-
-### process.env.TRACE_DEPRECATION
-
-As a user of modules that are deprecated, the environment variable `TRACE_DEPRECATION`
-is provided as a solution to getting more detailed location information in deprecation
-warnings by including the entire stack trace. The format of this is the same as
-`NO_DEPRECATION`:
-
-```sh
-$ TRACE_DEPRECATION=my-module,othermod node app.js
-```
-
-This will include stack traces for deprecations being output for "my-module" and
-"othermod". The value is a list of comma-separated namespaces. To trace every
-warning across all namespaces, use the value `*` for a namespace.
-
-Providing the argument `--trace-deprecation` to the `node` executable will trace
-all deprecations (only available in Node.js 0.8 or higher).
-
-**NOTE** This will not trace the deperecations silenced by `NO_DEPRECATION`.
-
-## Display
-
-![message](files/message.png)
-
-When a user calls a function in your library that you mark deprecated, they
-will see the following written to STDERR (in the given colors, similar colors
-and layout to the `debug` module):
-
-```
-bright cyan    bright yellow
-|              |          reset       cyan
-|              |          |           |
-▼              ▼          ▼           ▼
-my-cool-module deprecated oldfunction [eval]-wrapper:6:22
-▲              ▲          ▲           ▲
-|              |          |           |
-namespace      |          |           location of mycoolmod.oldfunction() call
-               |          deprecation message
-               the word "deprecated"
-```
-
-If the user redirects their STDERR to a file or somewhere that does not support
-colors, they see (similar layout to the `debug` module):
-
-```
-Sun, 15 Jun 2014 05:21:37 GMT my-cool-module deprecated oldfunction at [eval]-wrapper:6:22
-▲                             ▲              ▲          ▲              ▲
-|                             |              |          |              |
-timestamp of message          namespace      |          |             location of mycoolmod.oldfunction() call
-                                             |          deprecation message
-                                             the word "deprecated"
-```
-
-## Examples
-
-### Deprecating all calls to a function
-
-This will display a deprecated message about "oldfunction" being deprecated
-from "my-module" on STDERR.
-
-```js
-var deprecate = require('depd')('my-cool-module')
-
-// message automatically derived from function name
-// Object.oldfunction
-exports.oldfunction = deprecate.function(function oldfunction () {
-  // all calls to function are deprecated
-})
-
-// specific message
-exports.oldfunction = deprecate.function(function () {
-  // all calls to function are deprecated
-}, 'oldfunction')
-```
-
-### Conditionally deprecating a function call
-
-This will display a deprecated message about "weirdfunction" being deprecated
-from "my-module" on STDERR when called with less than 2 arguments.
-
-```js
-var deprecate = require('depd')('my-cool-module')
-
-exports.weirdfunction = function () {
-  if (arguments.length < 2) {
-    // calls with 0 or 1 args are deprecated
-    deprecate('weirdfunction args < 2')
-  }
-}
-```
-
-When calling `deprecate` as a function, the warning is counted per call site
-within your own module, so you can display different deprecations depending
-on different situations and the users will still get all the warnings:
-
-```js
-var deprecate = require('depd')('my-cool-module')
-
-exports.weirdfunction = function () {
-  if (arguments.length < 2) {
-    // calls with 0 or 1 args are deprecated
-    deprecate('weirdfunction args < 2')
-  } else if (typeof arguments[0] !== 'string') {
-    // calls with non-string first argument are deprecated
-    deprecate('weirdfunction non-string first arg')
-  }
-}
-```
-
-### Deprecating property access
-
-This will display a deprecated message about "oldprop" being deprecated
-from "my-module" on STDERR when accessed. A deprecation will be displayed
-when setting the value and when getting the value.
-
-```js
-var deprecate = require('depd')('my-cool-module')
-
-exports.oldprop = 'something'
-
-// message automatically derives from property name
-deprecate.property(exports, 'oldprop')
-
-// explicit message
-deprecate.property(exports, 'oldprop', 'oldprop >= 0.10')
-```
-
-## License
-
-[MIT](LICENSE)
-
-[appveyor-image]: https://badgen.net/appveyor/ci/dougwilson/nodejs-depd/master?label=windows
-[appveyor-url]: https://ci.appveyor.com/project/dougwilson/nodejs-depd
-[coveralls-image]: https://badgen.net/coveralls/c/github/dougwilson/nodejs-depd/master
-[coveralls-url]: https://coveralls.io/r/dougwilson/nodejs-depd?branch=master
-[node-image]: https://badgen.net/npm/node/depd
-[node-url]: https://nodejs.org/en/download/
-[npm-downloads-image]: https://badgen.net/npm/dm/depd
-[npm-url]: https://npmjs.org/package/depd
-[npm-version-image]: https://badgen.net/npm/v/depd
-[travis-image]: https://badgen.net/travis/dougwilson/nodejs-depd/master?label=linux
-[travis-url]: https://travis-ci.org/dougwilson/nodejs-depd
diff --git a/src/Servers/ExpressServer/node_modules/depd/index.js b/src/Servers/ExpressServer/node_modules/depd/index.js
deleted file mode 100644
index 1bf2fcf..0000000
--- a/src/Servers/ExpressServer/node_modules/depd/index.js
+++ /dev/null
@@ -1,538 +0,0 @@
-/*!
- * depd
- * Copyright(c) 2014-2018 Douglas Christopher Wilson
- * MIT Licensed
- */
-
-/**
- * Module dependencies.
- */
-
-var relative = require('path').relative
-
-/**
- * Module exports.
- */
-
-module.exports = depd
-
-/**
- * Get the path to base files on.
- */
-
-var basePath = process.cwd()
-
-/**
- * Determine if namespace is contained in the string.
- */
-
-function containsNamespace (str, namespace) {
-  var vals = str.split(/[ ,]+/)
-  var ns = String(namespace).toLowerCase()
-
-  for (var i = 0; i < vals.length; i++) {
-    var val = vals[i]
-
-    // namespace contained
-    if (val && (val === '*' || val.toLowerCase() === ns)) {
-      return true
-    }
-  }
-
-  return false
-}
-
-/**
- * Convert a data descriptor to accessor descriptor.
- */
-
-function convertDataDescriptorToAccessor (obj, prop, message) {
-  var descriptor = Object.getOwnPropertyDescriptor(obj, prop)
-  var value = descriptor.value
-
-  descriptor.get = function getter () { return value }
-
-  if (descriptor.writable) {
-    descriptor.set = function setter (val) { return (value = val) }
-  }
-
-  delete descriptor.value
-  delete descriptor.writable
-
-  Object.defineProperty(obj, prop, descriptor)
-
-  return descriptor
-}
-
-/**
- * Create arguments string to keep arity.
- */
-
-function createArgumentsString (arity) {
-  var str = ''
-
-  for (var i = 0; i < arity; i++) {
-    str += ', arg' + i
-  }
-
-  return str.substr(2)
-}
-
-/**
- * Create stack string from stack.
- */
-
-function createStackString (stack) {
-  var str = this.name + ': ' + this.namespace
-
-  if (this.message) {
-    str += ' deprecated ' + this.message
-  }
-
-  for (var i = 0; i < stack.length; i++) {
-    str += '\n    at ' + stack[i].toString()
-  }
-
-  return str
-}
-
-/**
- * Create deprecate for namespace in caller.
- */
-
-function depd (namespace) {
-  if (!namespace) {
-    throw new TypeError('argument namespace is required')
-  }
-
-  var stack = getStack()
-  var site = callSiteLocation(stack[1])
-  var file = site[0]
-
-  function deprecate (message) {
-    // call to self as log
-    log.call(deprecate, message)
-  }
-
-  deprecate._file = file
-  deprecate._ignored = isignored(namespace)
-  deprecate._namespace = namespace
-  deprecate._traced = istraced(namespace)
-  deprecate._warned = Object.create(null)
-
-  deprecate.function = wrapfunction
-  deprecate.property = wrapproperty
-
-  return deprecate
-}
-
-/**
- * Determine if event emitter has listeners of a given type.
- *
- * The way to do this check is done three different ways in Node.js >= 0.8
- * so this consolidates them into a minimal set using instance methods.
- *
- * @param {EventEmitter} emitter
- * @param {string} type
- * @returns {boolean}
- * @private
- */
-
-function eehaslisteners (emitter, type) {
-  var count = typeof emitter.listenerCount !== 'function'
-    ? emitter.listeners(type).length
-    : emitter.listenerCount(type)
-
-  return count > 0
-}
-
-/**
- * Determine if namespace is ignored.
- */
-
-function isignored (namespace) {
-  if (process.noDeprecation) {
-    // --no-deprecation support
-    return true
-  }
-
-  var str = process.env.NO_DEPRECATION || ''
-
-  // namespace ignored
-  return containsNamespace(str, namespace)
-}
-
-/**
- * Determine if namespace is traced.
- */
-
-function istraced (namespace) {
-  if (process.traceDeprecation) {
-    // --trace-deprecation support
-    return true
-  }
-
-  var str = process.env.TRACE_DEPRECATION || ''
-
-  // namespace traced
-  return containsNamespace(str, namespace)
-}
-
-/**
- * Display deprecation message.
- */
-
-function log (message, site) {
-  var haslisteners = eehaslisteners(process, 'deprecation')
-
-  // abort early if no destination
-  if (!haslisteners && this._ignored) {
-    return
-  }
-
-  var caller
-  var callFile
-  var callSite
-  var depSite
-  var i = 0
-  var seen = false
-  var stack = getStack()
-  var file = this._file
-
-  if (site) {
-    // provided site
-    depSite = site
-    callSite = callSiteLocation(stack[1])
-    callSite.name = depSite.name
-    file = callSite[0]
-  } else {
-    // get call site
-    i = 2
-    depSite = callSiteLocation(stack[i])
-    callSite = depSite
-  }
-
-  // get caller of deprecated thing in relation to file
-  for (; i < stack.length; i++) {
-    caller = callSiteLocation(stack[i])
-    callFile = caller[0]
-
-    if (callFile === file) {
-      seen = true
-    } else if (callFile === this._file) {
-      file = this._file
-    } else if (seen) {
-      break
-    }
-  }
-
-  var key = caller
-    ? depSite.join(':') + '__' + caller.join(':')
-    : undefined
-
-  if (key !== undefined && key in this._warned) {
-    // already warned
-    return
-  }
-
-  this._warned[key] = true
-
-  // generate automatic message from call site
-  var msg = message
-  if (!msg) {
-    msg = callSite === depSite || !callSite.name
-      ? defaultMessage(depSite)
-      : defaultMessage(callSite)
-  }
-
-  // emit deprecation if listeners exist
-  if (haslisteners) {
-    var err = DeprecationError(this._namespace, msg, stack.slice(i))
-    process.emit('deprecation', err)
-    return
-  }
-
-  // format and write message
-  var format = process.stderr.isTTY
-    ? formatColor
-    : formatPlain
-  var output = format.call(this, msg, caller, stack.slice(i))
-  process.stderr.write(output + '\n', 'utf8')
-}
-
-/**
- * Get call site location as array.
- */
-
-function callSiteLocation (callSite) {
-  var file = callSite.getFileName() || '<anonymous>'
-  var line = callSite.getLineNumber()
-  var colm = callSite.getColumnNumber()
-
-  if (callSite.isEval()) {
-    file = callSite.getEvalOrigin() + ', ' + file
-  }
-
-  var site = [file, line, colm]
-
-  site.callSite = callSite
-  site.name = callSite.getFunctionName()
-
-  return site
-}
-
-/**
- * Generate a default message from the site.
- */
-
-function defaultMessage (site) {
-  var callSite = site.callSite
-  var funcName = site.name
-
-  // make useful anonymous name
-  if (!funcName) {
-    funcName = '<anonymous@' + formatLocation(site) + '>'
-  }
-
-  var context = callSite.getThis()
-  var typeName = context && callSite.getTypeName()
-
-  // ignore useless type name
-  if (typeName === 'Object') {
-    typeName = undefined
-  }
-
-  // make useful type name
-  if (typeName === 'Function') {
-    typeName = context.name || typeName
-  }
-
-  return typeName && callSite.getMethodName()
-    ? typeName + '.' + funcName
-    : funcName
-}
-
-/**
- * Format deprecation message without color.
- */
-
-function formatPlain (msg, caller, stack) {
-  var timestamp = new Date().toUTCString()
-
-  var formatted = timestamp +
-    ' ' + this._namespace +
-    ' deprecated ' + msg
-
-  // add stack trace
-  if (this._traced) {
-    for (var i = 0; i < stack.length; i++) {
-      formatted += '\n    at ' + stack[i].toString()
-    }
-
-    return formatted
-  }
-
-  if (caller) {
-    formatted += ' at ' + formatLocation(caller)
-  }
-
-  return formatted
-}
-
-/**
- * Format deprecation message with color.
- */
-
-function formatColor (msg, caller, stack) {
-  var formatted = '\x1b[36;1m' + this._namespace + '\x1b[22;39m' + // bold cyan
-    ' \x1b[33;1mdeprecated\x1b[22;39m' + // bold yellow
-    ' \x1b[0m' + msg + '\x1b[39m' // reset
-
-  // add stack trace
-  if (this._traced) {
-    for (var i = 0; i < stack.length; i++) {
-      formatted += '\n    \x1b[36mat ' + stack[i].toString() + '\x1b[39m' // cyan
-    }
-
-    return formatted
-  }
-
-  if (caller) {
-    formatted += ' \x1b[36m' + formatLocation(caller) + '\x1b[39m' // cyan
-  }
-
-  return formatted
-}
-
-/**
- * Format call site location.
- */
-
-function formatLocation (callSite) {
-  return relative(basePath, callSite[0]) +
-    ':' + callSite[1] +
-    ':' + callSite[2]
-}
-
-/**
- * Get the stack as array of call sites.
- */
-
-function getStack () {
-  var limit = Error.stackTraceLimit
-  var obj = {}
-  var prep = Error.prepareStackTrace
-
-  Error.prepareStackTrace = prepareObjectStackTrace
-  Error.stackTraceLimit = Math.max(10, limit)
-
-  // capture the stack
-  Error.captureStackTrace(obj)
-
-  // slice this function off the top
-  var stack = obj.stack.slice(1)
-
-  Error.prepareStackTrace = prep
-  Error.stackTraceLimit = limit
-
-  return stack
-}
-
-/**
- * Capture call site stack from v8.
- */
-
-function prepareObjectStackTrace (obj, stack) {
-  return stack
-}
-
-/**
- * Return a wrapped function in a deprecation message.
- */
-
-function wrapfunction (fn, message) {
-  if (typeof fn !== 'function') {
-    throw new TypeError('argument fn must be a function')
-  }
-
-  var args = createArgumentsString(fn.length)
-  var stack = getStack()
-  var site = callSiteLocation(stack[1])
-
-  site.name = fn.name
-
-  // eslint-disable-next-line no-new-func
-  var deprecatedfn = new Function('fn', 'log', 'deprecate', 'message', 'site',
-    '"use strict"\n' +
-    'return function (' + args + ') {' +
-    'log.call(deprecate, message, site)\n' +
-    'return fn.apply(this, arguments)\n' +
-    '}')(fn, log, this, message, site)
-
-  return deprecatedfn
-}
-
-/**
- * Wrap property in a deprecation message.
- */
-
-function wrapproperty (obj, prop, message) {
-  if (!obj || (typeof obj !== 'object' && typeof obj !== 'function')) {
-    throw new TypeError('argument obj must be object')
-  }
-
-  var descriptor = Object.getOwnPropertyDescriptor(obj, prop)
-
-  if (!descriptor) {
-    throw new TypeError('must call property on owner object')
-  }
-
-  if (!descriptor.configurable) {
-    throw new TypeError('property must be configurable')
-  }
-
-  var deprecate = this
-  var stack = getStack()
-  var site = callSiteLocation(stack[1])
-
-  // set site name
-  site.name = prop
-
-  // convert data descriptor
-  if ('value' in descriptor) {
-    descriptor = convertDataDescriptorToAccessor(obj, prop, message)
-  }
-
-  var get = descriptor.get
-  var set = descriptor.set
-
-  // wrap getter
-  if (typeof get === 'function') {
-    descriptor.get = function getter () {
-      log.call(deprecate, message, site)
-      return get.apply(this, arguments)
-    }
-  }
-
-  // wrap setter
-  if (typeof set === 'function') {
-    descriptor.set = function setter () {
-      log.call(deprecate, message, site)
-      return set.apply(this, arguments)
-    }
-  }
-
-  Object.defineProperty(obj, prop, descriptor)
-}
-
-/**
- * Create DeprecationError for deprecation
- */
-
-function DeprecationError (namespace, message, stack) {
-  var error = new Error()
-  var stackString
-
-  Object.defineProperty(error, 'constructor', {
-    value: DeprecationError
-  })
-
-  Object.defineProperty(error, 'message', {
-    configurable: true,
-    enumerable: false,
-    value: message,
-    writable: true
-  })
-
-  Object.defineProperty(error, 'name', {
-    enumerable: false,
-    configurable: true,
-    value: 'DeprecationError',
-    writable: true
-  })
-
-  Object.defineProperty(error, 'namespace', {
-    configurable: true,
-    enumerable: false,
-    value: namespace,
-    writable: true
-  })
-
-  Object.defineProperty(error, 'stack', {
-    configurable: true,
-    enumerable: false,
-    get: function () {
-      if (stackString !== undefined) {
-        return stackString
-      }
-
-      // prepare stack trace
-      return (stackString = createStackString.call(this, stack))
-    },
-    set: function setter (val) {
-      stackString = val
-    }
-  })
-
-  return error
-}
diff --git a/src/Servers/ExpressServer/node_modules/depd/lib/browser/index.js b/src/Servers/ExpressServer/node_modules/depd/lib/browser/index.js
deleted file mode 100644
index 6be45cc..0000000
--- a/src/Servers/ExpressServer/node_modules/depd/lib/browser/index.js
+++ /dev/null
@@ -1,77 +0,0 @@
-/*!
- * depd
- * Copyright(c) 2015 Douglas Christopher Wilson
- * MIT Licensed
- */
-
-'use strict'
-
-/**
- * Module exports.
- * @public
- */
-
-module.exports = depd
-
-/**
- * Create deprecate for namespace in caller.
- */
-
-function depd (namespace) {
-  if (!namespace) {
-    throw new TypeError('argument namespace is required')
-  }
-
-  function deprecate (message) {
-    // no-op in browser
-  }
-
-  deprecate._file = undefined
-  deprecate._ignored = true
-  deprecate._namespace = namespace
-  deprecate._traced = false
-  deprecate._warned = Object.create(null)
-
-  deprecate.function = wrapfunction
-  deprecate.property = wrapproperty
-
-  return deprecate
-}
-
-/**
- * Return a wrapped function in a deprecation message.
- *
- * This is a no-op version of the wrapper, which does nothing but call
- * validation.
- */
-
-function wrapfunction (fn, message) {
-  if (typeof fn !== 'function') {
-    throw new TypeError('argument fn must be a function')
-  }
-
-  return fn
-}
-
-/**
- * Wrap property in a deprecation message.
- *
- * This is a no-op version of the wrapper, which does nothing but call
- * validation.
- */
-
-function wrapproperty (obj, prop, message) {
-  if (!obj || (typeof obj !== 'object' && typeof obj !== 'function')) {
-    throw new TypeError('argument obj must be object')
-  }
-
-  var descriptor = Object.getOwnPropertyDescriptor(obj, prop)
-
-  if (!descriptor) {
-    throw new TypeError('must call property on owner object')
-  }
-
-  if (!descriptor.configurable) {
-    throw new TypeError('property must be configurable')
-  }
-}
diff --git a/src/Servers/ExpressServer/node_modules/depd/package.json b/src/Servers/ExpressServer/node_modules/depd/package.json
deleted file mode 100644
index 3857e19..0000000
--- a/src/Servers/ExpressServer/node_modules/depd/package.json
+++ /dev/null
@@ -1,45 +0,0 @@
-{
-  "name": "depd",
-  "description": "Deprecate all the things",
-  "version": "2.0.0",
-  "author": "Douglas Christopher Wilson <doug@somethingdoug.com>",
-  "license": "MIT",
-  "keywords": [
-    "deprecate",
-    "deprecated"
-  ],
-  "repository": "dougwilson/nodejs-depd",
-  "browser": "lib/browser/index.js",
-  "devDependencies": {
-    "benchmark": "2.1.4",
-    "beautify-benchmark": "0.2.4",
-    "eslint": "5.7.0",
-    "eslint-config-standard": "12.0.0",
-    "eslint-plugin-import": "2.14.0",
-    "eslint-plugin-markdown": "1.0.0-beta.7",
-    "eslint-plugin-node": "7.0.1",
-    "eslint-plugin-promise": "4.0.1",
-    "eslint-plugin-standard": "4.0.0",
-    "istanbul": "0.4.5",
-    "mocha": "5.2.0",
-    "safe-buffer": "5.1.2",
-    "uid-safe": "2.1.5"
-  },
-  "files": [
-    "lib/",
-    "History.md",
-    "LICENSE",
-    "index.js",
-    "Readme.md"
-  ],
-  "engines": {
-    "node": ">= 0.8"
-  },
-  "scripts": {
-    "bench": "node benchmark/index.js",
-    "lint": "eslint --plugin markdown --ext js,md .",
-    "test": "mocha --reporter spec --bail test/",
-    "test-ci": "istanbul cover --print=none node_modules/mocha/bin/_mocha -- --reporter spec test/ && istanbul report lcovonly text-summary",
-    "test-cov": "istanbul cover --print=none node_modules/mocha/bin/_mocha -- --reporter dot test/ && istanbul report lcov text-summary"
-  }
-}
diff --git a/src/Servers/ExpressServer/node_modules/destroy/LICENSE b/src/Servers/ExpressServer/node_modules/destroy/LICENSE
deleted file mode 100644
index 0e2c35f..0000000
--- a/src/Servers/ExpressServer/node_modules/destroy/LICENSE
+++ /dev/null
@@ -1,23 +0,0 @@
-
-The MIT License (MIT)
-
-Copyright (c) 2014 Jonathan Ong me@jongleberry.com
-Copyright (c) 2015-2022 Douglas Christopher Wilson doug@somethingdoug.com
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/destroy/README.md b/src/Servers/ExpressServer/node_modules/destroy/README.md
deleted file mode 100644
index e7701ae..0000000
--- a/src/Servers/ExpressServer/node_modules/destroy/README.md
+++ /dev/null
@@ -1,63 +0,0 @@
-# destroy
-
-[![NPM version][npm-image]][npm-url]
-[![Build Status][github-actions-ci-image]][github-actions-ci-url]
-[![Test coverage][coveralls-image]][coveralls-url]
-[![License][license-image]][license-url]
-[![Downloads][downloads-image]][downloads-url]
-
-Destroy a stream.
-
-This module is meant to ensure a stream gets destroyed, handling different APIs
-and Node.js bugs.
-
-## API
-
-```js
-var destroy = require('destroy')
-```
-
-### destroy(stream [, suppress])
-
-Destroy the given stream, and optionally suppress any future `error` events.
-
-In most cases, this is identical to a simple `stream.destroy()` call. The rules
-are as follows for a given stream:
-
-  1. If the `stream` is an instance of `ReadStream`, then call `stream.destroy()`
-     and add a listener to the `open` event to call `stream.close()` if it is
-     fired. This is for a Node.js bug that will leak a file descriptor if
-     `.destroy()` is called before `open`.
-  2. If the `stream` is an instance of a zlib stream, then call `stream.destroy()`
-     and close the underlying zlib handle if open, otherwise call `stream.close()`.
-     This is for consistency across Node.js versions and a Node.js bug that will
-     leak a native zlib handle.
-  3. If the `stream` is not an instance of `Stream`, then nothing happens.
-  4. If the `stream` has a `.destroy()` method, then call it.
-
-The function returns the `stream` passed in as the argument.
-
-## Example
-
-```js
-var destroy = require('destroy')
-
-var fs = require('fs')
-var stream = fs.createReadStream('package.json')
-
-// ... and later
-destroy(stream)
-```
-
-[npm-image]: https://img.shields.io/npm/v/destroy.svg?style=flat-square
-[npm-url]: https://npmjs.org/package/destroy
-[github-tag]: http://img.shields.io/github/tag/stream-utils/destroy.svg?style=flat-square
-[github-url]: https://github.com/stream-utils/destroy/tags
-[coveralls-image]: https://img.shields.io/coveralls/stream-utils/destroy.svg?style=flat-square
-[coveralls-url]: https://coveralls.io/r/stream-utils/destroy?branch=master
-[license-image]: http://img.shields.io/npm/l/destroy.svg?style=flat-square
-[license-url]: LICENSE.md
-[downloads-image]: http://img.shields.io/npm/dm/destroy.svg?style=flat-square
-[downloads-url]: https://npmjs.org/package/destroy
-[github-actions-ci-image]: https://img.shields.io/github/workflow/status/stream-utils/destroy/ci/master?label=ci&style=flat-square
-[github-actions-ci-url]: https://github.com/stream-utils/destroy/actions/workflows/ci.yml
diff --git a/src/Servers/ExpressServer/node_modules/destroy/index.js b/src/Servers/ExpressServer/node_modules/destroy/index.js
deleted file mode 100644
index 7fd5c09..0000000
--- a/src/Servers/ExpressServer/node_modules/destroy/index.js
+++ /dev/null
@@ -1,209 +0,0 @@
-/*!
- * destroy
- * Copyright(c) 2014 Jonathan Ong
- * Copyright(c) 2015-2022 Douglas Christopher Wilson
- * MIT Licensed
- */
-
-'use strict'
-
-/**
- * Module dependencies.
- * @private
- */
-
-var EventEmitter = require('events').EventEmitter
-var ReadStream = require('fs').ReadStream
-var Stream = require('stream')
-var Zlib = require('zlib')
-
-/**
- * Module exports.
- * @public
- */
-
-module.exports = destroy
-
-/**
- * Destroy the given stream, and optionally suppress any future `error` events.
- *
- * @param {object} stream
- * @param {boolean} suppress
- * @public
- */
-
-function destroy (stream, suppress) {
-  if (isFsReadStream(stream)) {
-    destroyReadStream(stream)
-  } else if (isZlibStream(stream)) {
-    destroyZlibStream(stream)
-  } else if (hasDestroy(stream)) {
-    stream.destroy()
-  }
-
-  if (isEventEmitter(stream) && suppress) {
-    stream.removeAllListeners('error')
-    stream.addListener('error', noop)
-  }
-
-  return stream
-}
-
-/**
- * Destroy a ReadStream.
- *
- * @param {object} stream
- * @private
- */
-
-function destroyReadStream (stream) {
-  stream.destroy()
-
-  if (typeof stream.close === 'function') {
-    // node.js core bug work-around
-    stream.on('open', onOpenClose)
-  }
-}
-
-/**
- * Close a Zlib stream.
- *
- * Zlib streams below Node.js 4.5.5 have a buggy implementation
- * of .close() when zlib encountered an error.
- *
- * @param {object} stream
- * @private
- */
-
-function closeZlibStream (stream) {
-  if (stream._hadError === true) {
-    var prop = stream._binding === null
-      ? '_binding'
-      : '_handle'
-
-    stream[prop] = {
-      close: function () { this[prop] = null }
-    }
-  }
-
-  stream.close()
-}
-
-/**
- * Destroy a Zlib stream.
- *
- * Zlib streams don't have a destroy function in Node.js 6. On top of that
- * simply calling destroy on a zlib stream in Node.js 8+ will result in a
- * memory leak. So until that is fixed, we need to call both close AND destroy.
- *
- * PR to fix memory leak: https://github.com/nodejs/node/pull/23734
- *
- * In Node.js 6+8, it's important that destroy is called before close as the
- * stream would otherwise emit the error 'zlib binding closed'.
- *
- * @param {object} stream
- * @private
- */
-
-function destroyZlibStream (stream) {
-  if (typeof stream.destroy === 'function') {
-    // node.js core bug work-around
-    // istanbul ignore if: node.js 0.8
-    if (stream._binding) {
-      // node.js < 0.10.0
-      stream.destroy()
-      if (stream._processing) {
-        stream._needDrain = true
-        stream.once('drain', onDrainClearBinding)
-      } else {
-        stream._binding.clear()
-      }
-    } else if (stream._destroy && stream._destroy !== Stream.Transform.prototype._destroy) {
-      // node.js >= 12, ^11.1.0, ^10.15.1
-      stream.destroy()
-    } else if (stream._destroy && typeof stream.close === 'function') {
-      // node.js 7, 8
-      stream.destroyed = true
-      stream.close()
-    } else {
-      // fallback
-      // istanbul ignore next
-      stream.destroy()
-    }
-  } else if (typeof stream.close === 'function') {
-    // node.js < 8 fallback
-    closeZlibStream(stream)
-  }
-}
-
-/**
- * Determine if stream has destroy.
- * @private
- */
-
-function hasDestroy (stream) {
-  return stream instanceof Stream &&
-    typeof stream.destroy === 'function'
-}
-
-/**
- * Determine if val is EventEmitter.
- * @private
- */
-
-function isEventEmitter (val) {
-  return val instanceof EventEmitter
-}
-
-/**
- * Determine if stream is fs.ReadStream stream.
- * @private
- */
-
-function isFsReadStream (stream) {
-  return stream instanceof ReadStream
-}
-
-/**
- * Determine if stream is Zlib stream.
- * @private
- */
-
-function isZlibStream (stream) {
-  return stream instanceof Zlib.Gzip ||
-    stream instanceof Zlib.Gunzip ||
-    stream instanceof Zlib.Deflate ||
-    stream instanceof Zlib.DeflateRaw ||
-    stream instanceof Zlib.Inflate ||
-    stream instanceof Zlib.InflateRaw ||
-    stream instanceof Zlib.Unzip
-}
-
-/**
- * No-op function.
- * @private
- */
-
-function noop () {}
-
-/**
- * On drain handler to clear binding.
- * @private
- */
-
-// istanbul ignore next: node.js 0.8
-function onDrainClearBinding () {
-  this._binding.clear()
-}
-
-/**
- * On open handler to close stream.
- * @private
- */
-
-function onOpenClose () {
-  if (typeof this.fd === 'number') {
-    // actually close down the fd
-    this.close()
-  }
-}
diff --git a/src/Servers/ExpressServer/node_modules/destroy/package.json b/src/Servers/ExpressServer/node_modules/destroy/package.json
deleted file mode 100644
index c85e438..0000000
--- a/src/Servers/ExpressServer/node_modules/destroy/package.json
+++ /dev/null
@@ -1,48 +0,0 @@
-{
-  "name": "destroy",
-  "description": "destroy a stream if possible",
-  "version": "1.2.0",
-  "author": {
-    "name": "Jonathan Ong",
-    "email": "me@jongleberry.com",
-    "url": "http://jongleberry.com",
-    "twitter": "https://twitter.com/jongleberry"
-  },
-  "contributors": [
-    "Douglas Christopher Wilson <doug@somethingdoug.com>"
-  ],
-  "license": "MIT",
-  "repository": "stream-utils/destroy",
-  "devDependencies": {
-    "eslint": "7.32.0",
-    "eslint-config-standard": "14.1.1",
-    "eslint-plugin-import": "2.25.4",
-    "eslint-plugin-node": "11.1.0",
-    "eslint-plugin-promise": "5.2.0",
-    "eslint-plugin-standard": "4.1.0",
-    "mocha": "9.2.2",
-    "nyc": "15.1.0"
-  },
-  "engines": {
-    "node": ">= 0.8",
-    "npm": "1.2.8000 || >= 1.4.16"
-  },
-  "scripts": {
-    "lint": "eslint .",
-    "test": "mocha --reporter spec",
-    "test-ci": "nyc --reporter=lcovonly --reporter=text npm test",
-    "test-cov": "nyc --reporter=html --reporter=text npm test"
-  },
-  "files": [
-    "index.js",
-    "LICENSE"
-  ],
-  "keywords": [
-    "stream",
-    "streams",
-    "destroy",
-    "cleanup",
-    "leak",
-    "fd"
-  ]
-}
diff --git a/src/Servers/ExpressServer/node_modules/dunder-proto/.eslintrc b/src/Servers/ExpressServer/node_modules/dunder-proto/.eslintrc
deleted file mode 100644
index 3b5d9e9..0000000
--- a/src/Servers/ExpressServer/node_modules/dunder-proto/.eslintrc
+++ /dev/null
@@ -1,5 +0,0 @@
-{
-	"root": true,
-
-	"extends": "@ljharb",
-}
diff --git a/src/Servers/ExpressServer/node_modules/dunder-proto/.github/FUNDING.yml b/src/Servers/ExpressServer/node_modules/dunder-proto/.github/FUNDING.yml
deleted file mode 100644
index 8a1d7b0..0000000
--- a/src/Servers/ExpressServer/node_modules/dunder-proto/.github/FUNDING.yml
+++ /dev/null
@@ -1,12 +0,0 @@
-# These are supported funding model platforms
-
-github: [ljharb]
-patreon: # Replace with a single Patreon username
-open_collective: # Replace with a single Open Collective username
-ko_fi: # Replace with a single Ko-fi username
-tidelift: npm/dunder-proto
-community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
-liberapay: # Replace with a single Liberapay username
-issuehunt: # Replace with a single IssueHunt username
-otechie: # Replace with a single Otechie username
-custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']
diff --git a/src/Servers/ExpressServer/node_modules/dunder-proto/.nycrc b/src/Servers/ExpressServer/node_modules/dunder-proto/.nycrc
deleted file mode 100644
index 1826526..0000000
--- a/src/Servers/ExpressServer/node_modules/dunder-proto/.nycrc
+++ /dev/null
@@ -1,13 +0,0 @@
-{
-	"all": true,
-	"check-coverage": false,
-	"reporter": ["text-summary", "text", "html", "json"],
-	"lines": 86,
-	"statements": 85.93,
-	"functions": 82.43,
-	"branches": 76.06,
-	"exclude": [
-		"coverage",
-		"test"
-	]
-}
diff --git a/src/Servers/ExpressServer/node_modules/dunder-proto/CHANGELOG.md b/src/Servers/ExpressServer/node_modules/dunder-proto/CHANGELOG.md
deleted file mode 100644
index 9b8b2f8..0000000
--- a/src/Servers/ExpressServer/node_modules/dunder-proto/CHANGELOG.md
+++ /dev/null
@@ -1,24 +0,0 @@
-# Changelog
-
-All notable changes to this project will be documented in this file.
-
-The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
-and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
-
-## [v1.0.1](https://github.com/es-shims/dunder-proto/compare/v1.0.0...v1.0.1) - 2024-12-16
-
-### Commits
-
-- [Fix] do not crash when `--disable-proto=throw` [`6c367d9`](https://github.com/es-shims/dunder-proto/commit/6c367d919bc1604778689a297bbdbfea65752847)
-- [Tests] ensure noproto tests only use the current version of dunder-proto [`b02365b`](https://github.com/es-shims/dunder-proto/commit/b02365b9cf889c4a2cac7be0c3cfc90a789af36c)
-- [Dev Deps] update `@arethetypeswrong/cli`, `@types/tape` [`e3c5c3b`](https://github.com/es-shims/dunder-proto/commit/e3c5c3bd81cf8cef7dff2eca19e558f0e307f666)
-- [Deps] update `call-bind-apply-helpers` [`19f1da0`](https://github.com/es-shims/dunder-proto/commit/19f1da028b8dd0d05c85bfd8f7eed2819b686450)
-
-## v1.0.0 - 2024-12-06
-
-### Commits
-
-- Initial implementation, tests, readme, types [`a5b74b0`](https://github.com/es-shims/dunder-proto/commit/a5b74b0082f5270cb0905cd9a2e533cee7498373)
-- Initial commit [`73fb5a3`](https://github.com/es-shims/dunder-proto/commit/73fb5a353b51ac2ab00c9fdeb0114daffd4c07a8)
-- npm init [`80152dc`](https://github.com/es-shims/dunder-proto/commit/80152dc98155da4eb046d9f67a87ed96e8280a1d)
-- Only apps should have lockfiles [`03e6660`](https://github.com/es-shims/dunder-proto/commit/03e6660a1d70dc401f3e217a031475ec537243dd)
diff --git a/src/Servers/ExpressServer/node_modules/dunder-proto/LICENSE b/src/Servers/ExpressServer/node_modules/dunder-proto/LICENSE
deleted file mode 100644
index 34995e7..0000000
--- a/src/Servers/ExpressServer/node_modules/dunder-proto/LICENSE
+++ /dev/null
@@ -1,21 +0,0 @@
-MIT License
-
-Copyright (c) 2024 ECMAScript Shims
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/dunder-proto/README.md b/src/Servers/ExpressServer/node_modules/dunder-proto/README.md
deleted file mode 100644
index 44b80a2..0000000
--- a/src/Servers/ExpressServer/node_modules/dunder-proto/README.md
+++ /dev/null
@@ -1,54 +0,0 @@
-# dunder-proto <sup>[![Version Badge][npm-version-svg]][package-url]</sup>
-
-[![github actions][actions-image]][actions-url]
-[![coverage][codecov-image]][codecov-url]
-[![License][license-image]][license-url]
-[![Downloads][downloads-image]][downloads-url]
-
-[![npm badge][npm-badge-png]][package-url]
-
-If available, the `Object.prototype.__proto__` accessor and mutator, call-bound.
-
-## Getting started
-
-```sh
-npm install --save dunder-proto
-```
-
-## Usage/Examples
-
-```js
-const assert = require('assert');
-const getDunder = require('dunder-proto/get');
-const setDunder = require('dunder-proto/set');
-
-const obj = {};
-
-assert.equal('toString' in obj, true);
-assert.equal(getDunder(obj), Object.prototype);
-
-setDunder(obj, null);
-
-assert.equal('toString' in obj, false);
-assert.equal(getDunder(obj), null);
-```
-
-## Tests
-
-Clone the repo, `npm install`, and run `npm test`
-
-[package-url]: https://npmjs.org/package/dunder-proto
-[npm-version-svg]: https://versionbadg.es/es-shims/dunder-proto.svg
-[deps-svg]: https://david-dm.org/es-shims/dunder-proto.svg
-[deps-url]: https://david-dm.org/es-shims/dunder-proto
-[dev-deps-svg]: https://david-dm.org/es-shims/dunder-proto/dev-status.svg
-[dev-deps-url]: https://david-dm.org/es-shims/dunder-proto#info=devDependencies
-[npm-badge-png]: https://nodei.co/npm/dunder-proto.png?downloads=true&stars=true
-[license-image]: https://img.shields.io/npm/l/dunder-proto.svg
-[license-url]: LICENSE
-[downloads-image]: https://img.shields.io/npm/dm/dunder-proto.svg
-[downloads-url]: https://npm-stat.com/charts.html?package=dunder-proto
-[codecov-image]: https://codecov.io/gh/es-shims/dunder-proto/branch/main/graphs/badge.svg
-[codecov-url]: https://app.codecov.io/gh/es-shims/dunder-proto/
-[actions-image]: https://img.shields.io/endpoint?url=https://github-actions-badge-u3jn4tfpocch.runkit.sh/es-shims/dunder-proto
-[actions-url]: https://github.com/es-shims/dunder-proto/actions
diff --git a/src/Servers/ExpressServer/node_modules/dunder-proto/get.d.ts b/src/Servers/ExpressServer/node_modules/dunder-proto/get.d.ts
deleted file mode 100644
index c7e14d2..0000000
--- a/src/Servers/ExpressServer/node_modules/dunder-proto/get.d.ts
+++ /dev/null
@@ -1,5 +0,0 @@
-declare function getDunderProto(target: {}): object | null;
-
-declare const x: false | typeof getDunderProto;
-
-export = x;
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/dunder-proto/get.js b/src/Servers/ExpressServer/node_modules/dunder-proto/get.js
deleted file mode 100644
index 45093df..0000000
--- a/src/Servers/ExpressServer/node_modules/dunder-proto/get.js
+++ /dev/null
@@ -1,30 +0,0 @@
-'use strict';
-
-var callBind = require('call-bind-apply-helpers');
-var gOPD = require('gopd');
-
-var hasProtoAccessor;
-try {
-	// eslint-disable-next-line no-extra-parens, no-proto
-	hasProtoAccessor = /** @type {{ __proto__?: typeof Array.prototype }} */ ([]).__proto__ === Array.prototype;
-} catch (e) {
-	if (!e || typeof e !== 'object' || !('code' in e) || e.code !== 'ERR_PROTO_ACCESS') {
-		throw e;
-	}
-}
-
-// eslint-disable-next-line no-extra-parens
-var desc = !!hasProtoAccessor && gOPD && gOPD(Object.prototype, /** @type {keyof typeof Object.prototype} */ ('__proto__'));
-
-var $Object = Object;
-var $getPrototypeOf = $Object.getPrototypeOf;
-
-/** @type {import('./get')} */
-module.exports = desc && typeof desc.get === 'function'
-	? callBind([desc.get])
-	: typeof $getPrototypeOf === 'function'
-		? /** @type {import('./get')} */ function getDunder(value) {
-			// eslint-disable-next-line eqeqeq
-			return $getPrototypeOf(value == null ? value : $Object(value));
-		}
-		: false;
diff --git a/src/Servers/ExpressServer/node_modules/dunder-proto/package.json b/src/Servers/ExpressServer/node_modules/dunder-proto/package.json
deleted file mode 100644
index 04a4036..0000000
--- a/src/Servers/ExpressServer/node_modules/dunder-proto/package.json
+++ /dev/null
@@ -1,76 +0,0 @@
-{
-	"name": "dunder-proto",
-	"version": "1.0.1",
-	"description": "If available, the `Object.prototype.__proto__` accessor and mutator, call-bound",
-	"main": false,
-	"exports": {
-		"./get": "./get.js",
-		"./set": "./set.js",
-		"./package.json": "./package.json"
-	},
-	"sideEffects": false,
-	"scripts": {
-		"prepack": "npmignore --auto --commentLines=autogenerated",
-		"prepublish": "not-in-publish || npm run prepublishOnly",
-		"prepublishOnly": "safe-publish-latest",
-		"prelint": "evalmd README.md",
-		"lint": "eslint --ext=.js,.mjs .",
-		"postlint": "tsc -p . && attw -P",
-		"pretest": "npm run lint",
-		"tests-only": "nyc tape 'test/**/*.js'",
-		"test": "npm run tests-only",
-		"posttest": "npx npm@'>= 10.2' audit --production",
-		"version": "auto-changelog && git add CHANGELOG.md",
-		"postversion": "auto-changelog && git add CHANGELOG.md && git commit --no-edit --amend && git tag -f \"v$(node -e \"console.log(require('./package.json').version)\")\""
-	},
-	"repository": {
-		"type": "git",
-		"url": "git+https://github.com/es-shims/dunder-proto.git"
-	},
-	"author": "Jordan Harband <ljharb@gmail.com>",
-	"license": "MIT",
-	"bugs": {
-		"url": "https://github.com/es-shims/dunder-proto/issues"
-	},
-	"homepage": "https://github.com/es-shims/dunder-proto#readme",
-	"dependencies": {
-		"call-bind-apply-helpers": "^1.0.1",
-		"es-errors": "^1.3.0",
-		"gopd": "^1.2.0"
-	},
-	"devDependencies": {
-		"@arethetypeswrong/cli": "^0.17.1",
-		"@ljharb/eslint-config": "^21.1.1",
-		"@ljharb/tsconfig": "^0.2.2",
-		"@types/tape": "^5.7.0",
-		"auto-changelog": "^2.5.0",
-		"encoding": "^0.1.13",
-		"eslint": "=8.8.0",
-		"evalmd": "^0.0.19",
-		"in-publish": "^2.0.1",
-		"npmignore": "^0.3.1",
-		"nyc": "^10.3.2",
-		"safe-publish-latest": "^2.0.0",
-		"tape": "^5.9.0",
-		"typescript": "next"
-	},
-	"auto-changelog": {
-		"output": "CHANGELOG.md",
-		"template": "keepachangelog",
-		"unreleased": false,
-		"commitLimit": false,
-		"backfillLimit": false,
-		"hideCredit": true
-	},
-	"testling": {
-		"files": "test/index.js"
-	},
-	"publishConfig": {
-		"ignore": [
-			".github/workflows"
-		]
-	},
-	"engines": {
-		"node": ">= 0.4"
-	}
-}
diff --git a/src/Servers/ExpressServer/node_modules/dunder-proto/set.d.ts b/src/Servers/ExpressServer/node_modules/dunder-proto/set.d.ts
deleted file mode 100644
index 16bfdfe..0000000
--- a/src/Servers/ExpressServer/node_modules/dunder-proto/set.d.ts
+++ /dev/null
@@ -1,5 +0,0 @@
-declare function setDunderProto<P extends null | object>(target: {}, proto: P): P;
-
-declare const x: false | typeof setDunderProto;
-
-export = x;
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/dunder-proto/set.js b/src/Servers/ExpressServer/node_modules/dunder-proto/set.js
deleted file mode 100644
index 6085b6e..0000000
--- a/src/Servers/ExpressServer/node_modules/dunder-proto/set.js
+++ /dev/null
@@ -1,35 +0,0 @@
-'use strict';
-
-var callBind = require('call-bind-apply-helpers');
-var gOPD = require('gopd');
-var $TypeError = require('es-errors/type');
-
-/** @type {{ __proto__?: object | null }} */
-var obj = {};
-try {
-	obj.__proto__ = null; // eslint-disable-line no-proto
-} catch (e) {
-	if (!e || typeof e !== 'object' || !('code' in e) || e.code !== 'ERR_PROTO_ACCESS') {
-		throw e;
-	}
-}
-
-var hasProtoMutator = !('toString' in obj);
-
-// eslint-disable-next-line no-extra-parens
-var desc = gOPD && gOPD(Object.prototype, /** @type {keyof typeof Object.prototype} */ ('__proto__'));
-
-/** @type {import('./set')} */
-module.exports = hasProtoMutator && (
-// eslint-disable-next-line no-extra-parens
-	(!!desc && typeof desc.set === 'function' && /** @type {import('./set')} */ (callBind([desc.set])))
-	|| /** @type {import('./set')} */ function setDunder(object, proto) {
-		// this is node v0.10 or older, which doesn't have Object.setPrototypeOf and has undeniable __proto__
-		if (object == null) { // eslint-disable-line eqeqeq
-			throw new $TypeError('set Object.prototype.__proto__ called on null or undefined');
-		}
-		// eslint-disable-next-line no-proto, no-param-reassign, no-extra-parens
-		/** @type {{ __proto__?: object | null }} */ (object).__proto__ = proto;
-		return proto;
-	}
-);
diff --git a/src/Servers/ExpressServer/node_modules/dunder-proto/test/get.js b/src/Servers/ExpressServer/node_modules/dunder-proto/test/get.js
deleted file mode 100644
index 253f183..0000000
--- a/src/Servers/ExpressServer/node_modules/dunder-proto/test/get.js
+++ /dev/null
@@ -1,34 +0,0 @@
-'use strict';
-
-var test = require('tape');
-
-var getDunderProto = require('../get');
-
-test('getDunderProto', { skip: !getDunderProto }, function (t) {
-	if (!getDunderProto) {
-		throw 'should never happen; this is just for type narrowing'; // eslint-disable-line no-throw-literal
-	}
-
-	// @ts-expect-error
-	t['throws'](function () { getDunderProto(); }, TypeError, 'throws if no argument');
-	// @ts-expect-error
-	t['throws'](function () { getDunderProto(undefined); }, TypeError, 'throws with undefined');
-	// @ts-expect-error
-	t['throws'](function () { getDunderProto(null); }, TypeError, 'throws with null');
-
-	t.equal(getDunderProto({}), Object.prototype);
-	t.equal(getDunderProto([]), Array.prototype);
-	t.equal(getDunderProto(function () {}), Function.prototype);
-	t.equal(getDunderProto(/./g), RegExp.prototype);
-	t.equal(getDunderProto(42), Number.prototype);
-	t.equal(getDunderProto(true), Boolean.prototype);
-	t.equal(getDunderProto('foo'), String.prototype);
-
-	t.end();
-});
-
-test('no dunder proto', { skip: !!getDunderProto }, function (t) {
-	t.notOk('__proto__' in Object.prototype, 'no __proto__ in Object.prototype');
-
-	t.end();
-});
diff --git a/src/Servers/ExpressServer/node_modules/dunder-proto/test/index.js b/src/Servers/ExpressServer/node_modules/dunder-proto/test/index.js
deleted file mode 100644
index 08ff36f..0000000
--- a/src/Servers/ExpressServer/node_modules/dunder-proto/test/index.js
+++ /dev/null
@@ -1,4 +0,0 @@
-'use strict';
-
-require('./get');
-require('./set');
diff --git a/src/Servers/ExpressServer/node_modules/dunder-proto/test/set.js b/src/Servers/ExpressServer/node_modules/dunder-proto/test/set.js
deleted file mode 100644
index c3bfe4d..0000000
--- a/src/Servers/ExpressServer/node_modules/dunder-proto/test/set.js
+++ /dev/null
@@ -1,50 +0,0 @@
-'use strict';
-
-var test = require('tape');
-
-var setDunderProto = require('../set');
-
-test('setDunderProto', { skip: !setDunderProto }, function (t) {
-	if (!setDunderProto) {
-		throw 'should never happen; this is just for type narrowing'; // eslint-disable-line no-throw-literal
-	}
-
-	// @ts-expect-error
-	t['throws'](function () { setDunderProto(); }, TypeError, 'throws if no arguments');
-	// @ts-expect-error
-	t['throws'](function () { setDunderProto(undefined); }, TypeError, 'throws with undefined and nothing');
-	// @ts-expect-error
-	t['throws'](function () { setDunderProto(undefined, undefined); }, TypeError, 'throws with undefined and undefined');
-	// @ts-expect-error
-	t['throws'](function () { setDunderProto(null); }, TypeError, 'throws with null and undefined');
-	// @ts-expect-error
-	t['throws'](function () { setDunderProto(null, undefined); }, TypeError, 'throws with null and undefined');
-
-	/** @type {{ inherited?: boolean }} */
-	var obj = {};
-	t.ok('toString' in obj, 'object initially has toString');
-
-	setDunderProto(obj, null);
-	t.notOk('toString' in obj, 'object no longer has toString');
-
-	t.notOk('inherited' in obj, 'object lacks inherited property');
-	setDunderProto(obj, { inherited: true });
-	t.equal(obj.inherited, true, 'object has inherited property');
-
-	t.end();
-});
-
-test('no dunder proto', { skip: !!setDunderProto }, function (t) {
-	if ('__proto__' in Object.prototype) {
-		t['throws'](
-			// @ts-expect-error
-			function () { ({}).__proto__ = null; }, // eslint-disable-line no-proto
-			Error,
-			'throws when setting Object.prototype.__proto__'
-		);
-	} else {
-		t.notOk('__proto__' in Object.prototype, 'no __proto__ in Object.prototype');
-	}
-
-	t.end();
-});
diff --git a/src/Servers/ExpressServer/node_modules/dunder-proto/tsconfig.json b/src/Servers/ExpressServer/node_modules/dunder-proto/tsconfig.json
deleted file mode 100644
index dabbe23..0000000
--- a/src/Servers/ExpressServer/node_modules/dunder-proto/tsconfig.json
+++ /dev/null
@@ -1,9 +0,0 @@
-{
-	"extends": "@ljharb/tsconfig",
-	"compilerOptions": {
-		"target": "ES2021",
-	},
-	"exclude": [
-		"coverage",
-	],
-}
diff --git a/src/Servers/ExpressServer/node_modules/ee-first/LICENSE b/src/Servers/ExpressServer/node_modules/ee-first/LICENSE
deleted file mode 100644
index a7ae8ee..0000000
--- a/src/Servers/ExpressServer/node_modules/ee-first/LICENSE
+++ /dev/null
@@ -1,22 +0,0 @@
-
-The MIT License (MIT)
-
-Copyright (c) 2014 Jonathan Ong me@jongleberry.com
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/ee-first/README.md b/src/Servers/ExpressServer/node_modules/ee-first/README.md
deleted file mode 100644
index cbd2478..0000000
--- a/src/Servers/ExpressServer/node_modules/ee-first/README.md
+++ /dev/null
@@ -1,80 +0,0 @@
-# EE First
-
-[![NPM version][npm-image]][npm-url]
-[![Build status][travis-image]][travis-url]
-[![Test coverage][coveralls-image]][coveralls-url]
-[![License][license-image]][license-url]
-[![Downloads][downloads-image]][downloads-url]
-[![Gittip][gittip-image]][gittip-url]
-
-Get the first event in a set of event emitters and event pairs,
-then clean up after itself.
-
-## Install
-
-```sh
-$ npm install ee-first
-```
-
-## API
-
-```js
-var first = require('ee-first')
-```
-
-### first(arr, listener)
-
-Invoke `listener` on the first event from the list specified in `arr`. `arr` is
-an array of arrays, with each array in the format `[ee, ...event]`. `listener`
-will be called only once, the first time any of the given events are emitted. If
-`error` is one of the listened events, then if that fires first, the `listener`
-will be given the `err` argument.
-
-The `listener` is invoked as `listener(err, ee, event, args)`, where `err` is the
-first argument emitted from an `error` event, if applicable; `ee` is the event
-emitter that fired; `event` is the string event name that fired; and `args` is an
-array of the arguments that were emitted on the event.
-
-```js
-var ee1 = new EventEmitter()
-var ee2 = new EventEmitter()
-
-first([
-  [ee1, 'close', 'end', 'error'],
-  [ee2, 'error']
-], function (err, ee, event, args) {
-  // listener invoked
-})
-```
-
-#### .cancel()
-
-The group of listeners can be cancelled before being invoked and have all the event
-listeners removed from the underlying event emitters.
-
-```js
-var thunk = first([
-  [ee1, 'close', 'end', 'error'],
-  [ee2, 'error']
-], function (err, ee, event, args) {
-  // listener invoked
-})
-
-// cancel and clean up
-thunk.cancel()
-```
-
-[npm-image]: https://img.shields.io/npm/v/ee-first.svg?style=flat-square
-[npm-url]: https://npmjs.org/package/ee-first
-[github-tag]: http://img.shields.io/github/tag/jonathanong/ee-first.svg?style=flat-square
-[github-url]: https://github.com/jonathanong/ee-first/tags
-[travis-image]: https://img.shields.io/travis/jonathanong/ee-first.svg?style=flat-square
-[travis-url]: https://travis-ci.org/jonathanong/ee-first
-[coveralls-image]: https://img.shields.io/coveralls/jonathanong/ee-first.svg?style=flat-square
-[coveralls-url]: https://coveralls.io/r/jonathanong/ee-first?branch=master
-[license-image]: http://img.shields.io/npm/l/ee-first.svg?style=flat-square
-[license-url]: LICENSE.md
-[downloads-image]: http://img.shields.io/npm/dm/ee-first.svg?style=flat-square
-[downloads-url]: https://npmjs.org/package/ee-first
-[gittip-image]: https://img.shields.io/gittip/jonathanong.svg?style=flat-square
-[gittip-url]: https://www.gittip.com/jonathanong/
diff --git a/src/Servers/ExpressServer/node_modules/ee-first/index.js b/src/Servers/ExpressServer/node_modules/ee-first/index.js
deleted file mode 100644
index 501287c..0000000
--- a/src/Servers/ExpressServer/node_modules/ee-first/index.js
+++ /dev/null
@@ -1,95 +0,0 @@
-/*!
- * ee-first
- * Copyright(c) 2014 Jonathan Ong
- * MIT Licensed
- */
-
-'use strict'
-
-/**
- * Module exports.
- * @public
- */
-
-module.exports = first
-
-/**
- * Get the first event in a set of event emitters and event pairs.
- *
- * @param {array} stuff
- * @param {function} done
- * @public
- */
-
-function first(stuff, done) {
-  if (!Array.isArray(stuff))
-    throw new TypeError('arg must be an array of [ee, events...] arrays')
-
-  var cleanups = []
-
-  for (var i = 0; i < stuff.length; i++) {
-    var arr = stuff[i]
-
-    if (!Array.isArray(arr) || arr.length < 2)
-      throw new TypeError('each array member must be [ee, events...]')
-
-    var ee = arr[0]
-
-    for (var j = 1; j < arr.length; j++) {
-      var event = arr[j]
-      var fn = listener(event, callback)
-
-      // listen to the event
-      ee.on(event, fn)
-      // push this listener to the list of cleanups
-      cleanups.push({
-        ee: ee,
-        event: event,
-        fn: fn,
-      })
-    }
-  }
-
-  function callback() {
-    cleanup()
-    done.apply(null, arguments)
-  }
-
-  function cleanup() {
-    var x
-    for (var i = 0; i < cleanups.length; i++) {
-      x = cleanups[i]
-      x.ee.removeListener(x.event, x.fn)
-    }
-  }
-
-  function thunk(fn) {
-    done = fn
-  }
-
-  thunk.cancel = cleanup
-
-  return thunk
-}
-
-/**
- * Create the event listener.
- * @private
- */
-
-function listener(event, done) {
-  return function onevent(arg1) {
-    var args = new Array(arguments.length)
-    var ee = this
-    var err = event === 'error'
-      ? arg1
-      : null
-
-    // copy args to prevent arguments escaping scope
-    for (var i = 0; i < args.length; i++) {
-      args[i] = arguments[i]
-    }
-
-    done(err, ee, event, args)
-  }
-}
diff --git a/src/Servers/ExpressServer/node_modules/ee-first/package.json b/src/Servers/ExpressServer/node_modules/ee-first/package.json
deleted file mode 100644
index b6d0b7d..0000000
--- a/src/Servers/ExpressServer/node_modules/ee-first/package.json
+++ /dev/null
@@ -1,29 +0,0 @@
-{
-  "name": "ee-first",
-  "description": "return the first event in a set of ee/event pairs",
-  "version": "1.1.1",
-  "author": {
-    "name": "Jonathan Ong",
-    "email": "me@jongleberry.com",
-    "url": "http://jongleberry.com",
-    "twitter": "https://twitter.com/jongleberry"
-  },
-  "contributors": [
-    "Douglas Christopher Wilson <doug@somethingdoug.com>"
-  ],
-  "license": "MIT",
-  "repository": "jonathanong/ee-first",
-  "devDependencies": {
-    "istanbul": "0.3.9",
-    "mocha": "2.2.5"
-  },
-  "files": [
-    "index.js",
-    "LICENSE"
-  ],
-  "scripts": {
-    "test": "mocha --reporter spec --bail --check-leaks test/",
-    "test-cov": "istanbul cover node_modules/mocha/bin/_mocha -- --reporter dot --check-leaks test/",
-    "test-travis": "istanbul cover node_modules/mocha/bin/_mocha --report lcovonly -- --reporter spec --check-leaks test/"
-  }
-}
diff --git a/src/Servers/ExpressServer/node_modules/encodeurl/LICENSE b/src/Servers/ExpressServer/node_modules/encodeurl/LICENSE
deleted file mode 100644
index 8812229..0000000
--- a/src/Servers/ExpressServer/node_modules/encodeurl/LICENSE
+++ /dev/null
@@ -1,22 +0,0 @@
-(The MIT License)
-
-Copyright (c) 2016 Douglas Christopher Wilson
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-'Software'), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
-CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
-TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
-SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/encodeurl/README.md b/src/Servers/ExpressServer/node_modules/encodeurl/README.md
deleted file mode 100644
index 3842493..0000000
--- a/src/Servers/ExpressServer/node_modules/encodeurl/README.md
+++ /dev/null
@@ -1,109 +0,0 @@
-# Encode URL
-
-Encode a URL to a percent-encoded form, excluding already-encoded sequences.
-
-## Installation
-
-```sh
-npm install encodeurl
-```
-
-## API
-
-```js
-var encodeUrl = require('encodeurl')
-```
-
-### encodeUrl(url)
-
-Encode a URL to a percent-encoded form, excluding already-encoded sequences.
-
-This function accepts a URL and encodes all the non-URL code points (as UTF-8 byte sequences). It will not encode the "%" character unless it is not part of a valid sequence (`%20` will be left as-is, but `%foo` will be encoded as `%25foo`).
-
-This encode is meant to be "safe" and does not throw errors. It will try as hard as it can to properly encode the given URL, including replacing any raw, unpaired surrogate pairs with the Unicode replacement character prior to encoding.
-
-## Examples
-
-### Encode a URL containing user-controlled data
-
-```js
-var encodeUrl = require('encodeurl')
-var escapeHtml = require('escape-html')
-
-http.createServer(function onRequest (req, res) {
-  // get encoded form of inbound url
-  var url = encodeUrl(req.url)
-
-  // create html message
-  var body = '<p>Location ' + escapeHtml(url) + ' not found</p>'
-
-  // send a 404
-  res.statusCode = 404
-  res.setHeader('Content-Type', 'text/html; charset=UTF-8')
-  res.setHeader('Content-Length', String(Buffer.byteLength(body, 'utf-8')))
-  res.end(body, 'utf-8')
-})
-```
-
-### Encode a URL for use in a header field
-
-```js
-var encodeUrl = require('encodeurl')
-var escapeHtml = require('escape-html')
-var url = require('url')
-
-http.createServer(function onRequest (req, res) {
-  // parse inbound url
-  var href = url.parse(req)
-
-  // set new host for redirect
-  href.host = 'localhost'
-  href.protocol = 'https:'
-  href.slashes = true
-
-  // create location header
-  var location = encodeUrl(url.format(href))
-
-  // create html message
-  var body = '<p>Redirecting to new site: ' + escapeHtml(location) + '</p>'
-
-  // send a 301
-  res.statusCode = 301
-  res.setHeader('Content-Type', 'text/html; charset=UTF-8')
-  res.setHeader('Content-Length', String(Buffer.byteLength(body, 'utf-8')))
-  res.setHeader('Location', location)
-  res.end(body, 'utf-8')
-})
-```
-
-## Similarities
-
-This function is _similar_ to the intrinsic function `encodeURI`. However, it will not encode:
-
-* The `\`, `^`, or `|` characters
-* The `%` character when it's part of a valid sequence
-* `[` and `]` (for IPv6 hostnames)
-* Replaces raw, unpaired surrogate pairs with the Unicode replacement character
-
-As a result, the encoding aligns closely with the behavior in the [WHATWG URL specification][whatwg-url]. However, this package only encodes strings and does not do any URL parsing or formatting.
-
-It is expected that any output from `new URL(url)` will not change when used with this package, as the output has already been encoded. Additionally, if we were to encode before `new URL(url)`, we do not expect the before and after encoded formats to be parsed any differently.
-
-## Testing
-
-```sh
-$ npm test
-$ npm run lint
-```
-
-## References
-
-- [RFC 3986: Uniform Resource Identifier (URI): Generic Syntax][rfc-3986]
-- [WHATWG URL Living Standard][whatwg-url]
-
-[rfc-3986]: https://tools.ietf.org/html/rfc3986
-[whatwg-url]: https://url.spec.whatwg.org/
-
-## License
-
-[MIT](LICENSE)
diff --git a/src/Servers/ExpressServer/node_modules/encodeurl/index.js b/src/Servers/ExpressServer/node_modules/encodeurl/index.js
deleted file mode 100644
index a49ee5a..0000000
--- a/src/Servers/ExpressServer/node_modules/encodeurl/index.js
+++ /dev/null
@@ -1,60 +0,0 @@
-/*!
- * encodeurl
- * Copyright(c) 2016 Douglas Christopher Wilson
- * MIT Licensed
- */
-
-'use strict'
-
-/**
- * Module exports.
- * @public
- */
-
-module.exports = encodeUrl
-
-/**
- * RegExp to match non-URL code points, *after* encoding (i.e. not including "%")
- * and including invalid escape sequences.
- * @private
- */
-
-var ENCODE_CHARS_REGEXP = /(?:[^\x21\x23-\x3B\x3D\x3F-\x5F\x61-\x7A\x7C\x7E]|%(?:[^0-9A-Fa-f]|[0-9A-Fa-f][^0-9A-Fa-f]|$))+/g
-
-/**
- * RegExp to match unmatched surrogate pair.
- * @private
- */
-
-var UNMATCHED_SURROGATE_PAIR_REGEXP = /(^|[^\uD800-\uDBFF])[\uDC00-\uDFFF]|[\uD800-\uDBFF]([^\uDC00-\uDFFF]|$)/g
-
-/**
- * String to replace unmatched surrogate pair with.
- * @private
- */
-
-var UNMATCHED_SURROGATE_PAIR_REPLACE = '$1\uFFFD$2'
-
-/**
- * Encode a URL to a percent-encoded form, excluding already-encoded sequences.
- *
- * This function will take an already-encoded URL and encode all the non-URL
- * code points. This function will not encode the "%" character unless it is
- * not part of a valid sequence (`%20` will be left as-is, but `%foo` will
- * be encoded as `%25foo`).
- *
- * This encode is meant to be "safe" and does not throw errors. It will try as
- * hard as it can to properly encode the given URL, including replacing any raw,
- * unpaired surrogate pairs with the Unicode replacement character prior to
- * encoding.
- *
- * @param {string} url
- * @return {string}
- * @public
- */
-
-function encodeUrl (url) {
-  return String(url)
-    .replace(UNMATCHED_SURROGATE_PAIR_REGEXP, UNMATCHED_SURROGATE_PAIR_REPLACE)
-    .replace(ENCODE_CHARS_REGEXP, encodeURI)
-}
diff --git a/src/Servers/ExpressServer/node_modules/encodeurl/package.json b/src/Servers/ExpressServer/node_modules/encodeurl/package.json
deleted file mode 100644
index 3133822..0000000
--- a/src/Servers/ExpressServer/node_modules/encodeurl/package.json
+++ /dev/null
@@ -1,40 +0,0 @@
-{
-  "name": "encodeurl",
-  "description": "Encode a URL to a percent-encoded form, excluding already-encoded sequences",
-  "version": "2.0.0",
-  "contributors": [
-    "Douglas Christopher Wilson <doug@somethingdoug.com>"
-  ],
-  "license": "MIT",
-  "keywords": [
-    "encode",
-    "encodeurl",
-    "url"
-  ],
-  "repository": "pillarjs/encodeurl",
-  "devDependencies": {
-    "eslint": "5.11.1",
-    "eslint-config-standard": "12.0.0",
-    "eslint-plugin-import": "2.14.0",
-    "eslint-plugin-node": "7.0.1",
-    "eslint-plugin-promise": "4.0.1",
-    "eslint-plugin-standard": "4.0.0",
-    "istanbul": "0.4.5",
-    "mocha": "2.5.3"
-  },
-  "files": [
-    "LICENSE",
-    "HISTORY.md",
-    "README.md",
-    "index.js"
-  ],
-  "engines": {
-    "node": ">= 0.8"
-  },
-  "scripts": {
-    "lint": "eslint .",
-    "test": "mocha --reporter spec --bail --check-leaks test/",
-    "test-cov": "istanbul cover node_modules/mocha/bin/_mocha -- --reporter dot --check-leaks test/",
-    "test-travis": "istanbul cover node_modules/mocha/bin/_mocha --report lcovonly -- --reporter spec --check-leaks test/"
-  }
-}
diff --git a/src/Servers/ExpressServer/node_modules/es-define-property/.eslintrc b/src/Servers/ExpressServer/node_modules/es-define-property/.eslintrc
deleted file mode 100644
index 46f3b12..0000000
--- a/src/Servers/ExpressServer/node_modules/es-define-property/.eslintrc
+++ /dev/null
@@ -1,13 +0,0 @@
-{
-	"root": true,
-
-	"extends": "@ljharb",
-
-	"rules": {
-		"new-cap": ["error", {
-			"capIsNewExceptions": [
-				"GetIntrinsic",
-			],
-		}],
-	},
-}
diff --git a/src/Servers/ExpressServer/node_modules/es-define-property/.github/FUNDING.yml b/src/Servers/ExpressServer/node_modules/es-define-property/.github/FUNDING.yml
deleted file mode 100644
index 4445451..0000000
--- a/src/Servers/ExpressServer/node_modules/es-define-property/.github/FUNDING.yml
+++ /dev/null
@@ -1,12 +0,0 @@
-# These are supported funding model platforms
-
-github: [ljharb]
-patreon: # Replace with a single Patreon username
-open_collective: # Replace with a single Open Collective username
-ko_fi: # Replace with a single Ko-fi username
-tidelift: npm/es-define-property
-community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
-liberapay: # Replace with a single Liberapay username
-issuehunt: # Replace with a single IssueHunt username
-otechie: # Replace with a single Otechie username
-custom: # Replace with a single custom sponsorship URL
diff --git a/src/Servers/ExpressServer/node_modules/es-define-property/.nycrc b/src/Servers/ExpressServer/node_modules/es-define-property/.nycrc
deleted file mode 100644
index bdd626c..0000000
--- a/src/Servers/ExpressServer/node_modules/es-define-property/.nycrc
+++ /dev/null
@@ -1,9 +0,0 @@
-{
-	"all": true,
-	"check-coverage": false,
-	"reporter": ["text-summary", "text", "html", "json"],
-	"exclude": [
-		"coverage",
-		"test"
-	]
-}
diff --git a/src/Servers/ExpressServer/node_modules/es-define-property/CHANGELOG.md b/src/Servers/ExpressServer/node_modules/es-define-property/CHANGELOG.md
deleted file mode 100644
index 5f60cc0..0000000
--- a/src/Servers/ExpressServer/node_modules/es-define-property/CHANGELOG.md
+++ /dev/null
@@ -1,29 +0,0 @@
-# Changelog
-
-All notable changes to this project will be documented in this file.
-
-The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
-and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
-
-## [v1.0.1](https://github.com/ljharb/es-define-property/compare/v1.0.0...v1.0.1) - 2024-12-06
-
-### Commits
-
-- [types] use shared tsconfig [`954a663`](https://github.com/ljharb/es-define-property/commit/954a66360326e508a0e5daa4b07493d58f5e110e)
-- [actions] split out node 10-20, and 20+ [`3a8e84b`](https://github.com/ljharb/es-define-property/commit/3a8e84b23883f26ff37b3e82ff283834228e18c6)
-- [Dev Deps] update `@ljharb/eslint-config`, `@ljharb/tsconfig`, `@types/get-intrinsic`, `@types/tape`, `auto-changelog`, `gopd`, `tape` [`86ae27b`](https://github.com/ljharb/es-define-property/commit/86ae27bb8cc857b23885136fad9cbe965ae36612)
-- [Refactor] avoid using `get-intrinsic` [`02480c0`](https://github.com/ljharb/es-define-property/commit/02480c0353ef6118965282977c3864aff53d98b1)
-- [Tests] replace `aud` with `npm audit` [`f6093ff`](https://github.com/ljharb/es-define-property/commit/f6093ff74ab51c98015c2592cd393bd42478e773)
-- [Tests] configure testling [`7139e66`](https://github.com/ljharb/es-define-property/commit/7139e66959247a56086d9977359caef27c6849e7)
-- [Dev Deps] update `tape` [`b901b51`](https://github.com/ljharb/es-define-property/commit/b901b511a75e001a40ce1a59fef7d9ffcfc87482)
-- [Tests] fix types in tests [`469d269`](https://github.com/ljharb/es-define-property/commit/469d269fd141b1e773ec053a9fa35843493583e0)
-- [Dev Deps] add missing peer dep [`733acfb`](https://github.com/ljharb/es-define-property/commit/733acfb0c4c96edf337e470b89a25a5b3724c352)
-
-## v1.0.0 - 2024-02-12
-
-### Commits
-
-- Initial implementation, tests, readme, types [`3e154e1`](https://github.com/ljharb/es-define-property/commit/3e154e11a2fee09127220f5e503bf2c0a31dd480)
-- Initial commit [`07d98de`](https://github.com/ljharb/es-define-property/commit/07d98de34a4dc31ff5e83a37c0c3f49e0d85cd50)
-- npm init [`c4eb634`](https://github.com/ljharb/es-define-property/commit/c4eb6348b0d3886aac36cef34ad2ee0665ea6f3e)
-- Only apps should have lockfiles [`7af86ec`](https://github.com/ljharb/es-define-property/commit/7af86ec1d311ec0b17fdfe616a25f64276903856)
diff --git a/src/Servers/ExpressServer/node_modules/es-define-property/LICENSE b/src/Servers/ExpressServer/node_modules/es-define-property/LICENSE
deleted file mode 100644
index f82f389..0000000
--- a/src/Servers/ExpressServer/node_modules/es-define-property/LICENSE
+++ /dev/null
@@ -1,21 +0,0 @@
-MIT License
-
-Copyright (c) 2024 Jordan Harband
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/es-define-property/README.md b/src/Servers/ExpressServer/node_modules/es-define-property/README.md
deleted file mode 100644
index 9b291bd..0000000
--- a/src/Servers/ExpressServer/node_modules/es-define-property/README.md
+++ /dev/null
@@ -1,49 +0,0 @@
-# es-define-property <sup>[![Version Badge][npm-version-svg]][package-url]</sup>
-
-[![github actions][actions-image]][actions-url]
-[![coverage][codecov-image]][codecov-url]
-[![License][license-image]][license-url]
-[![Downloads][downloads-image]][downloads-url]
-
-[![npm badge][npm-badge-png]][package-url]
-
-`Object.defineProperty`, but not IE 8's broken one.
-
-## Example
-
-```js
-const assert = require('assert');
-
-const $defineProperty = require('es-define-property');
-
-if ($defineProperty) {
-    assert.equal($defineProperty, Object.defineProperty);
-} else if (Object.defineProperty) {
-    assert.equal($defineProperty, false, 'this is IE 8');
-} else {
-    assert.equal($defineProperty, false, 'this is an ES3 engine');
-}
-```
-
-## Tests
-Simply clone the repo, `npm install`, and run `npm test`
-
-## Security
-
-Please email [@ljharb](https://github.com/ljharb) or see https://tidelift.com/security if you have a potential security vulnerability to report.
-
-[package-url]: https://npmjs.org/package/es-define-property
-[npm-version-svg]: https://versionbadg.es/ljharb/es-define-property.svg
-[deps-svg]: https://david-dm.org/ljharb/es-define-property.svg
-[deps-url]: https://david-dm.org/ljharb/es-define-property
-[dev-deps-svg]: https://david-dm.org/ljharb/es-define-property/dev-status.svg
-[dev-deps-url]: https://david-dm.org/ljharb/es-define-property#info=devDependencies
-[npm-badge-png]: https://nodei.co/npm/es-define-property.png?downloads=true&stars=true
-[license-image]: https://img.shields.io/npm/l/es-define-property.svg
-[license-url]: LICENSE
-[downloads-image]: https://img.shields.io/npm/dm/es-define-property.svg
-[downloads-url]: https://npm-stat.com/charts.html?package=es-define-property
-[codecov-image]: https://codecov.io/gh/ljharb/es-define-property/branch/main/graphs/badge.svg
-[codecov-url]: https://app.codecov.io/gh/ljharb/es-define-property/
-[actions-image]: https://img.shields.io/endpoint?url=https://github-actions-badge-u3jn4tfpocch.runkit.sh/ljharb/es-define-property
-[actions-url]: https://github.com/ljharb/es-define-property/actions
diff --git a/src/Servers/ExpressServer/node_modules/es-define-property/index.d.ts b/src/Servers/ExpressServer/node_modules/es-define-property/index.d.ts
deleted file mode 100644
index 6012247..0000000
--- a/src/Servers/ExpressServer/node_modules/es-define-property/index.d.ts
+++ /dev/null
@@ -1,3 +0,0 @@
-declare const defineProperty: false | typeof Object.defineProperty;
-
-export = defineProperty;
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/es-define-property/index.js b/src/Servers/ExpressServer/node_modules/es-define-property/index.js
deleted file mode 100644
index e0a2925..0000000
--- a/src/Servers/ExpressServer/node_modules/es-define-property/index.js
+++ /dev/null
@@ -1,14 +0,0 @@
-'use strict';
-
-/** @type {import('.')} */
-var $defineProperty = Object.defineProperty || false;
-if ($defineProperty) {
-	try {
-		$defineProperty({}, 'a', { value: 1 });
-	} catch (e) {
-		// IE 8 has a broken defineProperty
-		$defineProperty = false;
-	}
-}
-
-module.exports = $defineProperty;
diff --git a/src/Servers/ExpressServer/node_modules/es-define-property/package.json b/src/Servers/ExpressServer/node_modules/es-define-property/package.json
deleted file mode 100644
index fbed187..0000000
--- a/src/Servers/ExpressServer/node_modules/es-define-property/package.json
+++ /dev/null
@@ -1,81 +0,0 @@
-{
-	"name": "es-define-property",
-	"version": "1.0.1",
-	"description": "`Object.defineProperty`, but not IE 8's broken one.",
-	"main": "index.js",
-	"types": "./index.d.ts",
-	"exports": {
-		".": "./index.js",
-		"./package.json": "./package.json"
-	},
-	"sideEffects": false,
-	"scripts": {
-		"prepack": "npmignore --auto --commentLines=autogenerated",
-		"prepublish": "not-in-publish || npm run prepublishOnly",
-		"prepublishOnly": "safe-publish-latest",
-		"prelint": "evalmd README.md",
-		"lint": "eslint --ext=js,mjs .",
-		"postlint": "tsc -p .",
-		"pretest": "npm run lint",
-		"tests-only": "nyc tape 'test/**/*.js'",
-		"test": "npm run tests-only",
-		"posttest": "npx npm@'>= 10.2' audit --production",
-		"version": "auto-changelog && git add CHANGELOG.md",
-		"postversion": "auto-changelog && git add CHANGELOG.md && git commit --no-edit --amend && git tag -f \"v$(node -e \"console.log(require('./package.json').version)\")\""
-	},
-	"repository": {
-		"type": "git",
-		"url": "git+https://github.com/ljharb/es-define-property.git"
-	},
-	"keywords": [
-		"javascript",
-		"ecmascript",
-		"object",
-		"define",
-		"property",
-		"defineProperty",
-		"Object.defineProperty"
-	],
-	"author": "Jordan Harband <ljharb@gmail.com>",
-	"license": "MIT",
-	"bugs": {
-		"url": "https://github.com/ljharb/es-define-property/issues"
-	},
-	"homepage": "https://github.com/ljharb/es-define-property#readme",
-	"devDependencies": {
-		"@ljharb/eslint-config": "^21.1.1",
-		"@ljharb/tsconfig": "^0.2.2",
-		"@types/gopd": "^1.0.3",
-		"@types/tape": "^5.6.5",
-		"auto-changelog": "^2.5.0",
-		"encoding": "^0.1.13",
-		"eslint": "^8.8.0",
-		"evalmd": "^0.0.19",
-		"gopd": "^1.2.0",
-		"in-publish": "^2.0.1",
-		"npmignore": "^0.3.1",
-		"nyc": "^10.3.2",
-		"safe-publish-latest": "^2.0.0",
-		"tape": "^5.9.0",
-		"typescript": "next"
-	},
-	"engines": {
-		"node": ">= 0.4"
-	},
-	"testling": {
-		"files": "test/index.js"
-	},
-	"auto-changelog": {
-		"output": "CHANGELOG.md",
-		"template": "keepachangelog",
-		"unreleased": false,
-		"commitLimit": false,
-		"backfillLimit": false,
-		"hideCredit": true
-	},
-	"publishConfig": {
-		"ignore": [
-			".github/workflows"
-		]
-	}
-}
diff --git a/src/Servers/ExpressServer/node_modules/es-define-property/test/index.js b/src/Servers/ExpressServer/node_modules/es-define-property/test/index.js
deleted file mode 100644
index b4b4688..0000000
--- a/src/Servers/ExpressServer/node_modules/es-define-property/test/index.js
+++ /dev/null
@@ -1,56 +0,0 @@
-'use strict';
-
-var $defineProperty = require('../');
-
-var test = require('tape');
-var gOPD = require('gopd');
-
-test('defineProperty: supported', { skip: !$defineProperty }, function (t) {
-	t.plan(4);
-
-	t.equal(typeof $defineProperty, 'function', 'defineProperty is supported');
-	if ($defineProperty && gOPD) { // this `if` check is just to shut TS up
-		/** @type {{ a: number, b?: number, c?: number }} */
-		var o = { a: 1 };
-
-		$defineProperty(o, 'b', { enumerable: true, value: 2 });
-		t.deepEqual(
-			gOPD(o, 'b'),
-			{
-				configurable: false,
-				enumerable: true,
-				value: 2,
-				writable: false
-			},
-			'property descriptor is as expected'
-		);
-
-		$defineProperty(o, 'c', { enumerable: false, value: 3, writable: true });
-		t.deepEqual(
-			gOPD(o, 'c'),
-			{
-				configurable: false,
-				enumerable: false,
-				value: 3,
-				writable: true
-			},
-			'property descriptor is as expected'
-		);
-	}
-
-	t.equal($defineProperty, Object.defineProperty, 'defineProperty is Object.defineProperty');
-
-	t.end();
-});
-
-test('defineProperty: not supported', { skip: !!$defineProperty }, function (t) {
-	t.notOk($defineProperty, 'defineProperty is not supported');
-
-	t.match(
-		typeof $defineProperty,
-		/^(?:undefined|boolean)$/,
-		'`typeof defineProperty` is `undefined` or `boolean`'
-	);
-
-	t.end();
-});
diff --git a/src/Servers/ExpressServer/node_modules/es-define-property/tsconfig.json b/src/Servers/ExpressServer/node_modules/es-define-property/tsconfig.json
deleted file mode 100644
index 5a49992..0000000
--- a/src/Servers/ExpressServer/node_modules/es-define-property/tsconfig.json
+++ /dev/null
@@ -1,10 +0,0 @@
-{
-	"extends": "@ljharb/tsconfig",
-	"compilerOptions": {
-		"target": "es2022",
-	},
-	"exclude": [
-		"coverage",
-		"test/list-exports"
-	],
-}
diff --git a/src/Servers/ExpressServer/node_modules/es-errors/.eslintrc b/src/Servers/ExpressServer/node_modules/es-errors/.eslintrc
deleted file mode 100644
index 3b5d9e9..0000000
--- a/src/Servers/ExpressServer/node_modules/es-errors/.eslintrc
+++ /dev/null
@@ -1,5 +0,0 @@
-{
-	"root": true,
-
-	"extends": "@ljharb",
-}
diff --git a/src/Servers/ExpressServer/node_modules/es-errors/.github/FUNDING.yml b/src/Servers/ExpressServer/node_modules/es-errors/.github/FUNDING.yml
deleted file mode 100644
index f1b8805..0000000
--- a/src/Servers/ExpressServer/node_modules/es-errors/.github/FUNDING.yml
+++ /dev/null
@@ -1,12 +0,0 @@
-# These are supported funding model platforms
-
-github: [ljharb]
-patreon: # Replace with a single Patreon username
-open_collective: # Replace with a single Open Collective username
-ko_fi: # Replace with a single Ko-fi username
-tidelift: npm/es-errors
-community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
-liberapay: # Replace with a single Liberapay username
-issuehunt: # Replace with a single IssueHunt username
-otechie: # Replace with a single Otechie username
-custom: # Replace with a single custom sponsorship URL
diff --git a/src/Servers/ExpressServer/node_modules/es-errors/CHANGELOG.md b/src/Servers/ExpressServer/node_modules/es-errors/CHANGELOG.md
deleted file mode 100644
index 204a9e9..0000000
--- a/src/Servers/ExpressServer/node_modules/es-errors/CHANGELOG.md
+++ /dev/null
@@ -1,40 +0,0 @@
-# Changelog
-
-All notable changes to this project will be documented in this file.
-
-The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
-and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
-
-## [v1.3.0](https://github.com/ljharb/es-errors/compare/v1.2.1...v1.3.0) - 2024-02-05
-
-### Commits
-
-- [New] add `EvalError` and `URIError` [`1927627`](https://github.com/ljharb/es-errors/commit/1927627ba68cb6c829d307231376c967db53acdf)
-
-## [v1.2.1](https://github.com/ljharb/es-errors/compare/v1.2.0...v1.2.1) - 2024-02-04
-
-### Commits
-
-- [Fix] add missing `exports` entry [`5bb5f28`](https://github.com/ljharb/es-errors/commit/5bb5f280f98922701109d6ebb82eea2257cecc7e)
-
-## [v1.2.0](https://github.com/ljharb/es-errors/compare/v1.1.0...v1.2.0) - 2024-02-04
-
-### Commits
-
-- [New] add `ReferenceError` [`6d8cf5b`](https://github.com/ljharb/es-errors/commit/6d8cf5bbb6f3f598d02cf6f30e468ba2caa8e143)
-
-## [v1.1.0](https://github.com/ljharb/es-errors/compare/v1.0.0...v1.1.0) - 2024-02-04
-
-### Commits
-
-- [New] add base Error [`2983ab6`](https://github.com/ljharb/es-errors/commit/2983ab65f7bc5441276cb021dc3aa03c78881698)
-
-## v1.0.0 - 2024-02-03
-
-### Commits
-
-- Initial implementation, tests, readme, type [`8f47631`](https://github.com/ljharb/es-errors/commit/8f476317e9ad76f40ad648081829b1a1a3a1288b)
-- Initial commit [`ea5d099`](https://github.com/ljharb/es-errors/commit/ea5d099ef18e550509ab9e2be000526afd81c385)
-- npm init [`6f5ebf9`](https://github.com/ljharb/es-errors/commit/6f5ebf9cead474dadd72b9e63dad315820a089ae)
-- Only apps should have lockfiles [`e1a0aeb`](https://github.com/ljharb/es-errors/commit/e1a0aeb7b80f5cfc56be54d6b2100e915d47def8)
-- [meta] add `sideEffects` flag [`a9c7d46`](https://github.com/ljharb/es-errors/commit/a9c7d460a492f1d8a241c836bc25a322a19cc043)
diff --git a/src/Servers/ExpressServer/node_modules/es-errors/LICENSE b/src/Servers/ExpressServer/node_modules/es-errors/LICENSE
deleted file mode 100644
index f82f389..0000000
--- a/src/Servers/ExpressServer/node_modules/es-errors/LICENSE
+++ /dev/null
@@ -1,21 +0,0 @@
-MIT License
-
-Copyright (c) 2024 Jordan Harband
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/es-errors/README.md b/src/Servers/ExpressServer/node_modules/es-errors/README.md
deleted file mode 100644
index 8dbfacf..0000000
--- a/src/Servers/ExpressServer/node_modules/es-errors/README.md
+++ /dev/null
@@ -1,55 +0,0 @@
-# es-errors <sup>[![Version Badge][npm-version-svg]][package-url]</sup>
-
-[![github actions][actions-image]][actions-url]
-[![coverage][codecov-image]][codecov-url]
-[![License][license-image]][license-url]
-[![Downloads][downloads-image]][downloads-url]
-
-[![npm badge][npm-badge-png]][package-url]
-
-A simple cache for a few of the JS Error constructors.
-
-## Example
-
-```js
-const assert = require('assert');
-
-const Base = require('es-errors');
-const Eval = require('es-errors/eval');
-const Range = require('es-errors/range');
-const Ref = require('es-errors/ref');
-const Syntax = require('es-errors/syntax');
-const Type = require('es-errors/type');
-const URI = require('es-errors/uri');
-
-assert.equal(Base, Error);
-assert.equal(Eval, EvalError);
-assert.equal(Range, RangeError);
-assert.equal(Ref, ReferenceError);
-assert.equal(Syntax, SyntaxError);
-assert.equal(Type, TypeError);
-assert.equal(URI, URIError);
-```
-
-## Tests
-Simply clone the repo, `npm install`, and run `npm test`
-
-## Security
-
-Please email [@ljharb](https://github.com/ljharb) or see https://tidelift.com/security if you have a potential security vulnerability to report.
-
-[package-url]: https://npmjs.org/package/es-errors
-[npm-version-svg]: https://versionbadg.es/ljharb/es-errors.svg
-[deps-svg]: https://david-dm.org/ljharb/es-errors.svg
-[deps-url]: https://david-dm.org/ljharb/es-errors
-[dev-deps-svg]: https://david-dm.org/ljharb/es-errors/dev-status.svg
-[dev-deps-url]: https://david-dm.org/ljharb/es-errors#info=devDependencies
-[npm-badge-png]: https://nodei.co/npm/es-errors.png?downloads=true&stars=true
-[license-image]: https://img.shields.io/npm/l/es-errors.svg
-[license-url]: LICENSE
-[downloads-image]: https://img.shields.io/npm/dm/es-errors.svg
-[downloads-url]: https://npm-stat.com/charts.html?package=es-errors
-[codecov-image]: https://codecov.io/gh/ljharb/es-errors/branch/main/graphs/badge.svg
-[codecov-url]: https://app.codecov.io/gh/ljharb/es-errors/
-[actions-image]: https://img.shields.io/endpoint?url=https://github-actions-badge-u3jn4tfpocch.runkit.sh/ljharb/es-errors
-[actions-url]: https://github.com/ljharb/es-errors/actions
diff --git a/src/Servers/ExpressServer/node_modules/es-errors/eval.d.ts b/src/Servers/ExpressServer/node_modules/es-errors/eval.d.ts
deleted file mode 100644
index e4210e0..0000000
--- a/src/Servers/ExpressServer/node_modules/es-errors/eval.d.ts
+++ /dev/null
@@ -1,3 +0,0 @@
-declare const EvalError: EvalErrorConstructor;
-
-export = EvalError;
diff --git a/src/Servers/ExpressServer/node_modules/es-errors/eval.js b/src/Servers/ExpressServer/node_modules/es-errors/eval.js
deleted file mode 100644
index 725ccb6..0000000
--- a/src/Servers/ExpressServer/node_modules/es-errors/eval.js
+++ /dev/null
@@ -1,4 +0,0 @@
-'use strict';
-
-/** @type {import('./eval')} */
-module.exports = EvalError;
diff --git a/src/Servers/ExpressServer/node_modules/es-errors/index.d.ts b/src/Servers/ExpressServer/node_modules/es-errors/index.d.ts
deleted file mode 100644
index 69bdbc9..0000000
--- a/src/Servers/ExpressServer/node_modules/es-errors/index.d.ts
+++ /dev/null
@@ -1,3 +0,0 @@
-declare const Error: ErrorConstructor;
-
-export = Error;
diff --git a/src/Servers/ExpressServer/node_modules/es-errors/index.js b/src/Servers/ExpressServer/node_modules/es-errors/index.js
deleted file mode 100644
index cc0c521..0000000
--- a/src/Servers/ExpressServer/node_modules/es-errors/index.js
+++ /dev/null
@@ -1,4 +0,0 @@
-'use strict';
-
-/** @type {import('.')} */
-module.exports = Error;
diff --git a/src/Servers/ExpressServer/node_modules/es-errors/package.json b/src/Servers/ExpressServer/node_modules/es-errors/package.json
deleted file mode 100644
index ff8c2a5..0000000
--- a/src/Servers/ExpressServer/node_modules/es-errors/package.json
+++ /dev/null
@@ -1,80 +0,0 @@
-{
-	"name": "es-errors",
-	"version": "1.3.0",
-	"description": "A simple cache for a few of the JS Error constructors.",
-	"main": "index.js",
-	"exports": {
-		".": "./index.js",
-		"./eval": "./eval.js",
-		"./range": "./range.js",
-		"./ref": "./ref.js",
-		"./syntax": "./syntax.js",
-		"./type": "./type.js",
-		"./uri": "./uri.js",
-		"./package.json": "./package.json"
-	},
-	"sideEffects": false,
-	"scripts": {
-		"prepack": "npmignore --auto --commentLines=autogenerated",
-		"prepublishOnly": "safe-publish-latest",
-		"prepublish": "not-in-publish || npm run prepublishOnly",
-		"pretest": "npm run lint",
-		"test": "npm run tests-only",
-		"tests-only": "nyc tape 'test/**/*.js'",
-		"posttest": "aud --production",
-		"prelint": "evalmd README.md",
-		"lint": "eslint --ext=js,mjs .",
-		"postlint": "tsc -p . && eclint check $(git ls-files | xargs find 2> /dev/null | grep -vE 'node_modules|\\.git' | grep -v dist/)",
-		"version": "auto-changelog && git add CHANGELOG.md",
-		"postversion": "auto-changelog && git add CHANGELOG.md && git commit --no-edit --amend && git tag -f \"v$(node -e \"console.log(require('./package.json').version)\")\""
-	},
-	"repository": {
-		"type": "git",
-		"url": "git+https://github.com/ljharb/es-errors.git"
-	},
-	"keywords": [
-		"javascript",
-		"ecmascript",
-		"error",
-		"typeerror",
-		"syntaxerror",
-		"rangeerror"
-	],
-	"author": "Jordan Harband <ljharb@gmail.com>",
-	"license": "MIT",
-	"bugs": {
-		"url": "https://github.com/ljharb/es-errors/issues"
-	},
-	"homepage": "https://github.com/ljharb/es-errors#readme",
-	"devDependencies": {
-		"@ljharb/eslint-config": "^21.1.0",
-		"@types/tape": "^5.6.4",
-		"aud": "^2.0.4",
-		"auto-changelog": "^2.4.0",
-		"eclint": "^2.8.1",
-		"eslint": "^8.8.0",
-		"evalmd": "^0.0.19",
-		"in-publish": "^2.0.1",
-		"npmignore": "^0.3.1",
-		"nyc": "^10.3.2",
-		"safe-publish-latest": "^2.0.0",
-		"tape": "^5.7.4",
-		"typescript": "next"
-	},
-	"auto-changelog": {
-		"output": "CHANGELOG.md",
-		"template": "keepachangelog",
-		"unreleased": false,
-		"commitLimit": false,
-		"backfillLimit": false,
-		"hideCredit": true
-	},
-	"publishConfig": {
-		"ignore": [
-			".github/workflows"
-		]
-	},
-	"engines": {
-		"node": ">= 0.4"
-	}
-}
diff --git a/src/Servers/ExpressServer/node_modules/es-errors/range.d.ts b/src/Servers/ExpressServer/node_modules/es-errors/range.d.ts
deleted file mode 100644
index 3a12e86..0000000
--- a/src/Servers/ExpressServer/node_modules/es-errors/range.d.ts
+++ /dev/null
@@ -1,3 +0,0 @@
-declare const RangeError: RangeErrorConstructor;
-
-export = RangeError;
diff --git a/src/Servers/ExpressServer/node_modules/es-errors/range.js b/src/Servers/ExpressServer/node_modules/es-errors/range.js
deleted file mode 100644
index 2044fe0..0000000
--- a/src/Servers/ExpressServer/node_modules/es-errors/range.js
+++ /dev/null
@@ -1,4 +0,0 @@
-'use strict';
-
-/** @type {import('./range')} */
-module.exports = RangeError;
diff --git a/src/Servers/ExpressServer/node_modules/es-errors/ref.d.ts b/src/Servers/ExpressServer/node_modules/es-errors/ref.d.ts
deleted file mode 100644
index a13107e..0000000
--- a/src/Servers/ExpressServer/node_modules/es-errors/ref.d.ts
+++ /dev/null
@@ -1,3 +0,0 @@
-declare const ReferenceError: ReferenceErrorConstructor;
-
-export = ReferenceError;
diff --git a/src/Servers/ExpressServer/node_modules/es-errors/ref.js b/src/Servers/ExpressServer/node_modules/es-errors/ref.js
deleted file mode 100644
index d7c430f..0000000
--- a/src/Servers/ExpressServer/node_modules/es-errors/ref.js
+++ /dev/null
@@ -1,4 +0,0 @@
-'use strict';
-
-/** @type {import('./ref')} */
-module.exports = ReferenceError;
diff --git a/src/Servers/ExpressServer/node_modules/es-errors/syntax.d.ts b/src/Servers/ExpressServer/node_modules/es-errors/syntax.d.ts
deleted file mode 100644
index 6a0c53c..0000000
--- a/src/Servers/ExpressServer/node_modules/es-errors/syntax.d.ts
+++ /dev/null
@@ -1,3 +0,0 @@
-declare const SyntaxError: SyntaxErrorConstructor;
-
-export = SyntaxError;
diff --git a/src/Servers/ExpressServer/node_modules/es-errors/syntax.js b/src/Servers/ExpressServer/node_modules/es-errors/syntax.js
deleted file mode 100644
index 5f5fdde..0000000
--- a/src/Servers/ExpressServer/node_modules/es-errors/syntax.js
+++ /dev/null
@@ -1,4 +0,0 @@
-'use strict';
-
-/** @type {import('./syntax')} */
-module.exports = SyntaxError;
diff --git a/src/Servers/ExpressServer/node_modules/es-errors/test/index.js b/src/Servers/ExpressServer/node_modules/es-errors/test/index.js
deleted file mode 100644
index 1ff0277..0000000
--- a/src/Servers/ExpressServer/node_modules/es-errors/test/index.js
+++ /dev/null
@@ -1,19 +0,0 @@
-'use strict';
-
-var test = require('tape');
-
-var E = require('../');
-var R = require('../range');
-var Ref = require('../ref');
-var S = require('../syntax');
-var T = require('../type');
-
-test('errors', function (t) {
-	t.equal(E, Error);
-	t.equal(R, RangeError);
-	t.equal(Ref, ReferenceError);
-	t.equal(S, SyntaxError);
-	t.equal(T, TypeError);
-
-	t.end();
-});
diff --git a/src/Servers/ExpressServer/node_modules/es-errors/tsconfig.json b/src/Servers/ExpressServer/node_modules/es-errors/tsconfig.json
deleted file mode 100644
index 99dfeb6..0000000
--- a/src/Servers/ExpressServer/node_modules/es-errors/tsconfig.json
+++ /dev/null
@@ -1,49 +0,0 @@
-{
-	"compilerOptions": {
-		/* Visit https://aka.ms/tsconfig.json to read more about this file */
-
-		/* Projects */
-
-		/* Language and Environment */
-		"target": "es5",																	/* Set the JavaScript language version for emitted JavaScript and include compatible library declarations. */
-		// "lib": [],																				/* Specify a set of bundled library declaration files that describe the target runtime environment. */
-		// "noLib": true,																		/* Disable including any library files, including the default lib.d.ts. */
-		"useDefineForClassFields": true,										 /* Emit ECMAScript-standard-compliant class fields. */
-		// "moduleDetection": "auto",												/* Control what method is used to detect module-format JS files. */
-
-		/* Modules */
-		"module": "commonjs",																/* Specify what module code is generated. */
-		// "rootDir": "./",																	/* Specify the root folder within your source files. */
-		// "moduleResolution": "node",											 /* Specify how TypeScript looks up a file from a given module specifier. */
-		// "baseUrl": "./",																	/* Specify the base directory to resolve non-relative module names. */
-		// "paths": {},																			/* Specify a set of entries that re-map imports to additional lookup locations. */
-		// "rootDirs": [],																	 /* Allow multiple folders to be treated as one when resolving modules. */
-		// "typeRoots": ["types"],													 /* Specify multiple folders that act like `./node_modules/@types`. */
-		"resolveJsonModule": true,													 /* Enable importing .json files. */
-		// "allowArbitraryExtensions": true,								 /* Enable importing files with any extension, provided a declaration file is present. */
-
-		/* JavaScript Support */
-		"allowJs": true,																		 /* Allow JavaScript files to be a part of your program. Use the `checkJS` option to get errors from these files. */
-		"checkJs": true,																		 /* Enable error reporting in type-checked JavaScript files. */
-		"maxNodeModuleJsDepth": 1,													 /* Specify the maximum folder depth used for checking JavaScript files from `node_modules`. Only applicable with `allowJs`. */
-
-		/* Emit */
-		"declaration": true,																 /* Generate .d.ts files from TypeScript and JavaScript files in your project. */
-		"declarationMap": true,															/* Create sourcemaps for d.ts files. */
-		"noEmit": true,																			/* Disable emitting files from a compilation. */
-
-		/* Interop Constraints */
-		"allowSyntheticDefaultImports": true,								/* Allow `import x from y` when a module doesn't have a default export. */
-		"esModuleInterop": true,														 /* Emit additional JavaScript to ease support for importing CommonJS modules. This enables `allowSyntheticDefaultImports` for type compatibility. */
-		"forceConsistentCasingInFileNames": true,						/* Ensure that casing is correct in imports. */
-
-		/* Type Checking */
-		"strict": true,																			/* Enable all strict type-checking options. */
-
-		/* Completeness */
-		// "skipLibCheck": true															/* Skip type checking all .d.ts files. */
-	},
-	"exclude": [
-		"coverage",
-	],
-}
diff --git a/src/Servers/ExpressServer/node_modules/es-errors/type.d.ts b/src/Servers/ExpressServer/node_modules/es-errors/type.d.ts
deleted file mode 100644
index 576fb51..0000000
--- a/src/Servers/ExpressServer/node_modules/es-errors/type.d.ts
+++ /dev/null
@@ -1,3 +0,0 @@
-declare const TypeError: TypeErrorConstructor
-
-export = TypeError;
diff --git a/src/Servers/ExpressServer/node_modules/es-errors/type.js b/src/Servers/ExpressServer/node_modules/es-errors/type.js
deleted file mode 100644
index 9769e44..0000000
--- a/src/Servers/ExpressServer/node_modules/es-errors/type.js
+++ /dev/null
@@ -1,4 +0,0 @@
-'use strict';
-
-/** @type {import('./type')} */
-module.exports = TypeError;
diff --git a/src/Servers/ExpressServer/node_modules/es-errors/uri.d.ts b/src/Servers/ExpressServer/node_modules/es-errors/uri.d.ts
deleted file mode 100644
index c3261c9..0000000
--- a/src/Servers/ExpressServer/node_modules/es-errors/uri.d.ts
+++ /dev/null
@@ -1,3 +0,0 @@
-declare const URIError: URIErrorConstructor;
-
-export = URIError;
diff --git a/src/Servers/ExpressServer/node_modules/es-errors/uri.js b/src/Servers/ExpressServer/node_modules/es-errors/uri.js
deleted file mode 100644
index e9cd1c7..0000000
--- a/src/Servers/ExpressServer/node_modules/es-errors/uri.js
+++ /dev/null
@@ -1,4 +0,0 @@
-'use strict';
-
-/** @type {import('./uri')} */
-module.exports = URIError;
diff --git a/src/Servers/ExpressServer/node_modules/es-object-atoms/.eslintrc b/src/Servers/ExpressServer/node_modules/es-object-atoms/.eslintrc
deleted file mode 100644
index d90a1bc..0000000
--- a/src/Servers/ExpressServer/node_modules/es-object-atoms/.eslintrc
+++ /dev/null
@@ -1,16 +0,0 @@
-{
-	"root": true,
-
-	"extends": "@ljharb",
-
-	"rules": {
-		"eqeqeq": ["error", "allow-null"],
-		"id-length": "off",
-		"new-cap": ["error", {
-			"capIsNewExceptions": [
-				"RequireObjectCoercible",
-				"ToObject",
-			],
-		}],
-	},
-}
diff --git a/src/Servers/ExpressServer/node_modules/es-object-atoms/.github/FUNDING.yml b/src/Servers/ExpressServer/node_modules/es-object-atoms/.github/FUNDING.yml
deleted file mode 100644
index 352bfda..0000000
--- a/src/Servers/ExpressServer/node_modules/es-object-atoms/.github/FUNDING.yml
+++ /dev/null
@@ -1,12 +0,0 @@
-# These are supported funding model platforms
-
-github: [ljharb]
-patreon: # Replace with a single Patreon username
-open_collective: # Replace with a single Open Collective username
-ko_fi: # Replace with a single Ko-fi username
-tidelift: npm/es-object
-community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
-liberapay: # Replace with a single Liberapay username
-issuehunt: # Replace with a single IssueHunt username
-otechie: # Replace with a single Otechie username
-custom: # Replace with a single custom sponsorship URL
diff --git a/src/Servers/ExpressServer/node_modules/es-object-atoms/CHANGELOG.md b/src/Servers/ExpressServer/node_modules/es-object-atoms/CHANGELOG.md
deleted file mode 100644
index fdd2abe..0000000
--- a/src/Servers/ExpressServer/node_modules/es-object-atoms/CHANGELOG.md
+++ /dev/null
@@ -1,37 +0,0 @@
-# Changelog
-
-All notable changes to this project will be documented in this file.
-
-The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
-and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
-
-## [v1.1.1](https://github.com/ljharb/es-object-atoms/compare/v1.1.0...v1.1.1) - 2025-01-14
-
-### Commits
-
-- [types] `ToObject`: improve types [`cfe8c8a`](https://github.com/ljharb/es-object-atoms/commit/cfe8c8a105c44820cb22e26f62d12ef0ad9715c8)
-
-## [v1.1.0](https://github.com/ljharb/es-object-atoms/compare/v1.0.1...v1.1.0) - 2025-01-14
-
-### Commits
-
-- [New] add `isObject` [`51e4042`](https://github.com/ljharb/es-object-atoms/commit/51e4042df722eb3165f40dc5f4bf33d0197ecb07)
-
-## [v1.0.1](https://github.com/ljharb/es-object-atoms/compare/v1.0.0...v1.0.1) - 2025-01-13
-
-### Commits
-
-- [Dev Deps] update `@ljharb/eslint-config`, `@ljharb/tsconfig`, `@types/tape`, `auto-changelog`, `tape` [`38ab9eb`](https://github.com/ljharb/es-object-atoms/commit/38ab9eb00b62c2f4668644f5e513d9b414ebd595)
-- [types] improve types [`7d1beb8`](https://github.com/ljharb/es-object-atoms/commit/7d1beb887958b78b6a728a210a1c8370ab7e2aa1)
-- [Tests] replace `aud` with `npm audit` [`25863ba`](https://github.com/ljharb/es-object-atoms/commit/25863baf99178f1d1ad33d1120498db28631907e)
-- [Dev Deps] add missing peer dep [`c012309`](https://github.com/ljharb/es-object-atoms/commit/c0123091287e6132d6f4240496340c427433df28)
-
-## v1.0.0 - 2024-03-16
-
-### Commits
-
-- Initial implementation, tests, readme, types [`f1499db`](https://github.com/ljharb/es-object-atoms/commit/f1499db7d3e1741e64979c61d645ab3137705e82)
-- Initial commit [`99eedc7`](https://github.com/ljharb/es-object-atoms/commit/99eedc7b5fde38a50a28d3c8b724706e3e4c5f6a)
-- [meta] rename repo [`fc851fa`](https://github.com/ljharb/es-object-atoms/commit/fc851fa70616d2d182aaf0bd02c2ed7084dea8fa)
-- npm init [`b909377`](https://github.com/ljharb/es-object-atoms/commit/b909377c50049bd0ec575562d20b0f9ebae8947f)
-- Only apps should have lockfiles [`7249edd`](https://github.com/ljharb/es-object-atoms/commit/7249edd2178c1b9ddfc66ffcc6d07fdf0d28efc1)
diff --git a/src/Servers/ExpressServer/node_modules/es-object-atoms/LICENSE b/src/Servers/ExpressServer/node_modules/es-object-atoms/LICENSE
deleted file mode 100644
index f82f389..0000000
--- a/src/Servers/ExpressServer/node_modules/es-object-atoms/LICENSE
+++ /dev/null
@@ -1,21 +0,0 @@
-MIT License
-
-Copyright (c) 2024 Jordan Harband
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/es-object-atoms/README.md b/src/Servers/ExpressServer/node_modules/es-object-atoms/README.md
deleted file mode 100644
index 447695b..0000000
--- a/src/Servers/ExpressServer/node_modules/es-object-atoms/README.md
+++ /dev/null
@@ -1,63 +0,0 @@
-# es-object-atoms <sup>[![Version Badge][npm-version-svg]][package-url]</sup>
-
-[![github actions][actions-image]][actions-url]
-[![coverage][codecov-image]][codecov-url]
-[![License][license-image]][license-url]
-[![Downloads][downloads-image]][downloads-url]
-
-[![npm badge][npm-badge-png]][package-url]
-
-ES Object-related atoms: Object, ToObject, RequireObjectCoercible.
-
-## Example
-
-```js
-const assert = require('assert');
-
-const $Object = require('es-object-atoms');
-const isObject = require('es-object-atoms/isObject');
-const ToObject = require('es-object-atoms/ToObject');
-const RequireObjectCoercible = require('es-object-atoms/RequireObjectCoercible');
-
-assert.equal($Object, Object);
-assert.throws(() => ToObject(null), TypeError);
-assert.throws(() => ToObject(undefined), TypeError);
-assert.throws(() => RequireObjectCoercible(null), TypeError);
-assert.throws(() => RequireObjectCoercible(undefined), TypeError);
-
-assert.equal(isObject(undefined), false);
-assert.equal(isObject(null), false);
-assert.equal(isObject({}), true);
-assert.equal(isObject([]), true);
-assert.equal(isObject(function () {}), true);
-
-assert.deepEqual(RequireObjectCoercible(true), true);
-assert.deepEqual(ToObject(true), Object(true));
-
-const obj = {};
-assert.equal(RequireObjectCoercible(obj), obj);
-assert.equal(ToObject(obj), obj);
-```
-
-## Tests
-Simply clone the repo, `npm install`, and run `npm test`
-
-## Security
-
-Please email [@ljharb](https://github.com/ljharb) or see https://tidelift.com/security if you have a potential security vulnerability to report.
-
-[package-url]: https://npmjs.org/package/es-object-atoms
-[npm-version-svg]: https://versionbadg.es/ljharb/es-object-atoms.svg
-[deps-svg]: https://david-dm.org/ljharb/es-object-atoms.svg
-[deps-url]: https://david-dm.org/ljharb/es-object-atoms
-[dev-deps-svg]: https://david-dm.org/ljharb/es-object-atoms/dev-status.svg
-[dev-deps-url]: https://david-dm.org/ljharb/es-object-atoms#info=devDependencies
-[npm-badge-png]: https://nodei.co/npm/es-object-atoms.png?downloads=true&stars=true
-[license-image]: https://img.shields.io/npm/l/es-object-atoms.svg
-[license-url]: LICENSE
-[downloads-image]: https://img.shields.io/npm/dm/es-object.svg
-[downloads-url]: https://npm-stat.com/charts.html?package=es-object-atoms
-[codecov-image]: https://codecov.io/gh/ljharb/es-object-atoms/branch/main/graphs/badge.svg
-[codecov-url]: https://app.codecov.io/gh/ljharb/es-object-atoms/
-[actions-image]: https://img.shields.io/endpoint?url=https://github-actions-badge-u3jn4tfpocch.runkit.sh/ljharb/es-object-atoms
-[actions-url]: https://github.com/ljharb/es-object-atoms/actions
diff --git a/src/Servers/ExpressServer/node_modules/es-object-atoms/RequireObjectCoercible.d.ts b/src/Servers/ExpressServer/node_modules/es-object-atoms/RequireObjectCoercible.d.ts
deleted file mode 100644
index 7e26c45..0000000
--- a/src/Servers/ExpressServer/node_modules/es-object-atoms/RequireObjectCoercible.d.ts
+++ /dev/null
@@ -1,3 +0,0 @@
-declare function RequireObjectCoercible<T extends {}>(value: T, optMessage?: string): T;
-
-export = RequireObjectCoercible;
diff --git a/src/Servers/ExpressServer/node_modules/es-object-atoms/RequireObjectCoercible.js b/src/Servers/ExpressServer/node_modules/es-object-atoms/RequireObjectCoercible.js
deleted file mode 100644
index 8e191c6..0000000
--- a/src/Servers/ExpressServer/node_modules/es-object-atoms/RequireObjectCoercible.js
+++ /dev/null
@@ -1,11 +0,0 @@
-'use strict';
-
-var $TypeError = require('es-errors/type');
-
-/** @type {import('./RequireObjectCoercible')} */
-module.exports = function RequireObjectCoercible(value) {
-	if (value == null) {
-		throw new $TypeError((arguments.length > 0 && arguments[1]) || ('Cannot call method on ' + value));
-	}
-	return value;
-};
diff --git a/src/Servers/ExpressServer/node_modules/es-object-atoms/ToObject.d.ts b/src/Servers/ExpressServer/node_modules/es-object-atoms/ToObject.d.ts
deleted file mode 100644
index d6dd302..0000000
--- a/src/Servers/ExpressServer/node_modules/es-object-atoms/ToObject.d.ts
+++ /dev/null
@@ -1,7 +0,0 @@
-declare function ToObject<T extends object>(value: number): Number;
-declare function ToObject<T extends object>(value: boolean): Boolean;
-declare function ToObject<T extends object>(value: string): String;
-declare function ToObject<T extends object>(value: bigint): BigInt;
-declare function ToObject<T extends object>(value: T): T;
-
-export = ToObject;
diff --git a/src/Servers/ExpressServer/node_modules/es-object-atoms/ToObject.js b/src/Servers/ExpressServer/node_modules/es-object-atoms/ToObject.js
deleted file mode 100644
index 2b99a7d..0000000
--- a/src/Servers/ExpressServer/node_modules/es-object-atoms/ToObject.js
+++ /dev/null
@@ -1,10 +0,0 @@
-'use strict';
-
-var $Object = require('./');
-var RequireObjectCoercible = require('./RequireObjectCoercible');
-
-/** @type {import('./ToObject')} */
-module.exports = function ToObject(value) {
-	RequireObjectCoercible(value);
-	return $Object(value);
-};
diff --git a/src/Servers/ExpressServer/node_modules/es-object-atoms/index.d.ts b/src/Servers/ExpressServer/node_modules/es-object-atoms/index.d.ts
deleted file mode 100644
index 8bdbfc8..0000000
--- a/src/Servers/ExpressServer/node_modules/es-object-atoms/index.d.ts
+++ /dev/null
@@ -1,3 +0,0 @@
-declare const Object: ObjectConstructor;
-
-export = Object;
diff --git a/src/Servers/ExpressServer/node_modules/es-object-atoms/index.js b/src/Servers/ExpressServer/node_modules/es-object-atoms/index.js
deleted file mode 100644
index 1d33cef..0000000
--- a/src/Servers/ExpressServer/node_modules/es-object-atoms/index.js
+++ /dev/null
@@ -1,4 +0,0 @@
-'use strict';
-
-/** @type {import('.')} */
-module.exports = Object;
diff --git a/src/Servers/ExpressServer/node_modules/es-object-atoms/isObject.d.ts b/src/Servers/ExpressServer/node_modules/es-object-atoms/isObject.d.ts
deleted file mode 100644
index 43bee3b..0000000
--- a/src/Servers/ExpressServer/node_modules/es-object-atoms/isObject.d.ts
+++ /dev/null
@@ -1,3 +0,0 @@
-declare function isObject(x: unknown): x is object;
-
-export = isObject;
diff --git a/src/Servers/ExpressServer/node_modules/es-object-atoms/isObject.js b/src/Servers/ExpressServer/node_modules/es-object-atoms/isObject.js
deleted file mode 100644
index ec49bf1..0000000
--- a/src/Servers/ExpressServer/node_modules/es-object-atoms/isObject.js
+++ /dev/null
@@ -1,6 +0,0 @@
-'use strict';
-
-/** @type {import('./isObject')} */
-module.exports = function isObject(x) {
-	return !!x && (typeof x === 'function' || typeof x === 'object');
-};
diff --git a/src/Servers/ExpressServer/node_modules/es-object-atoms/package.json b/src/Servers/ExpressServer/node_modules/es-object-atoms/package.json
deleted file mode 100644
index f4cec71..0000000
--- a/src/Servers/ExpressServer/node_modules/es-object-atoms/package.json
+++ /dev/null
@@ -1,80 +0,0 @@
-{
-	"name": "es-object-atoms",
-	"version": "1.1.1",
-	"description": "ES Object-related atoms: Object, ToObject, RequireObjectCoercible",
-	"main": "index.js",
-	"exports": {
-		".": "./index.js",
-		"./RequireObjectCoercible": "./RequireObjectCoercible.js",
-		"./isObject": "./isObject.js",
-		"./ToObject": "./ToObject.js",
-		"./package.json": "./package.json"
-	},
-	"sideEffects": false,
-	"scripts": {
-		"prepack": "npmignore --auto --commentLines=autogenerated",
-		"prepublishOnly": "safe-publish-latest",
-		"prepublish": "not-in-publish || npm run prepublishOnly",
-		"pretest": "npm run lint",
-		"test": "npm run tests-only",
-		"tests-only": "nyc tape 'test/**/*.js'",
-		"posttest": "npx npm@\">= 10.2\" audit --production",
-		"prelint": "evalmd README.md",
-		"lint": "eslint --ext=js,mjs .",
-		"postlint": "tsc -p . && eclint check $(git ls-files | xargs find 2> /dev/null | grep -vE 'node_modules|\\.git' | grep -v dist/)",
-		"version": "auto-changelog && git add CHANGELOG.md",
-		"postversion": "auto-changelog && git add CHANGELOG.md && git commit --no-edit --amend && git tag -f \"v$(node -e \"console.log(require('./package.json').version)\")\""
-	},
-	"repository": {
-		"type": "git",
-		"url": "git+https://github.com/ljharb/es-object-atoms.git"
-	},
-	"keywords": [
-		"javascript",
-		"ecmascript",
-		"object",
-		"toobject",
-		"coercible"
-	],
-	"author": "Jordan Harband <ljharb@gmail.com>",
-	"license": "MIT",
-	"bugs": {
-		"url": "https://github.com/ljharb/es-object-atoms/issues"
-	},
-	"homepage": "https://github.com/ljharb/es-object-atoms#readme",
-	"dependencies": {
-		"es-errors": "^1.3.0"
-	},
-	"devDependencies": {
-		"@ljharb/eslint-config": "^21.1.1",
-		"@ljharb/tsconfig": "^0.2.3",
-		"@types/tape": "^5.8.1",
-		"auto-changelog": "^2.5.0",
-		"eclint": "^2.8.1",
-		"encoding": "^0.1.13",
-		"eslint": "^8.8.0",
-		"evalmd": "^0.0.19",
-		"in-publish": "^2.0.1",
-		"npmignore": "^0.3.1",
-		"nyc": "^10.3.2",
-		"safe-publish-latest": "^2.0.0",
-		"tape": "^5.9.0",
-		"typescript": "next"
-	},
-	"auto-changelog": {
-		"output": "CHANGELOG.md",
-		"template": "keepachangelog",
-		"unreleased": false,
-		"commitLimit": false,
-		"backfillLimit": false,
-		"hideCredit": true
-	},
-	"publishConfig": {
-		"ignore": [
-			".github/workflows"
-		]
-	},
-	"engines": {
-		"node": ">= 0.4"
-	}
-}
diff --git a/src/Servers/ExpressServer/node_modules/es-object-atoms/test/index.js b/src/Servers/ExpressServer/node_modules/es-object-atoms/test/index.js
deleted file mode 100644
index 430b705..0000000
--- a/src/Servers/ExpressServer/node_modules/es-object-atoms/test/index.js
+++ /dev/null
@@ -1,38 +0,0 @@
-'use strict';
-
-var test = require('tape');
-
-var $Object = require('../');
-var isObject = require('../isObject');
-var ToObject = require('../ToObject');
-var RequireObjectCoercible = require('..//RequireObjectCoercible');
-
-test('errors', function (t) {
-	t.equal($Object, Object);
-	// @ts-expect-error
-	t['throws'](function () { ToObject(null); }, TypeError);
-	// @ts-expect-error
-	t['throws'](function () { ToObject(undefined); }, TypeError);
-	// @ts-expect-error
-	t['throws'](function () { RequireObjectCoercible(null); }, TypeError);
-	// @ts-expect-error
-	t['throws'](function () { RequireObjectCoercible(undefined); }, TypeError);
-
-	t.deepEqual(RequireObjectCoercible(true), true);
-	t.deepEqual(ToObject(true), Object(true));
-	t.deepEqual(ToObject(42), Object(42));
-	var f = function () {};
-	t.equal(ToObject(f), f);
-
-	t.equal(isObject(undefined), false);
-	t.equal(isObject(null), false);
-	t.equal(isObject({}), true);
-	t.equal(isObject([]), true);
-	t.equal(isObject(function () {}), true);
-
-	var obj = {};
-	t.equal(RequireObjectCoercible(obj), obj);
-	t.equal(ToObject(obj), obj);
-
-	t.end();
-});
diff --git a/src/Servers/ExpressServer/node_modules/es-object-atoms/tsconfig.json b/src/Servers/ExpressServer/node_modules/es-object-atoms/tsconfig.json
deleted file mode 100644
index 1f73cb7..0000000
--- a/src/Servers/ExpressServer/node_modules/es-object-atoms/tsconfig.json
+++ /dev/null
@@ -1,6 +0,0 @@
-{
-	"extends": "@ljharb/tsconfig",
-	"compilerOptions": {
-		"target": "es5",
-	},
-}
diff --git a/src/Servers/ExpressServer/node_modules/escape-html/LICENSE b/src/Servers/ExpressServer/node_modules/escape-html/LICENSE
deleted file mode 100644
index 2e70de9..0000000
--- a/src/Servers/ExpressServer/node_modules/escape-html/LICENSE
+++ /dev/null
@@ -1,24 +0,0 @@
-(The MIT License)
-
-Copyright (c) 2012-2013 TJ Holowaychuk
-Copyright (c) 2015 Andreas Lubbe
-Copyright (c) 2015 Tiancheng "Timothy" Gu
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-'Software'), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
-CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
-TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
-SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/escape-html/Readme.md b/src/Servers/ExpressServer/node_modules/escape-html/Readme.md
deleted file mode 100644
index 653d9ea..0000000
--- a/src/Servers/ExpressServer/node_modules/escape-html/Readme.md
+++ /dev/null
@@ -1,43 +0,0 @@
-
-# escape-html
-
-  Escape string for use in HTML
-
-## Example
-
-```js
-var escape = require('escape-html');
-var html = escape('foo & bar');
-// -> foo &amp; bar
-```
-
-## Benchmark
-
-```
-$ npm run-script bench
-
-> escape-html@1.0.3 bench nodejs-escape-html
-> node benchmark/index.js
-
-
-  http_parser@1.0
-  node@0.10.33
-  v8@3.14.5.9
-  ares@1.9.0-DEV
-  uv@0.10.29
-  zlib@1.2.3
-  modules@11
-  openssl@1.0.1j
-
-  1 test completed.
-  2 tests completed.
-  3 tests completed.
-
-  no special characters    x 19,435,271 ops/sec ±0.85% (187 runs sampled)
-  single special character x  6,132,421 ops/sec ±0.67% (194 runs sampled)
-  many special characters  x  3,175,826 ops/sec ±0.65% (193 runs sampled)
-```
-
-## License
-
-  MIT
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/escape-html/index.js b/src/Servers/ExpressServer/node_modules/escape-html/index.js
deleted file mode 100644
index bf9e226..0000000
--- a/src/Servers/ExpressServer/node_modules/escape-html/index.js
+++ /dev/null
@@ -1,78 +0,0 @@
-/*!
- * escape-html
- * Copyright(c) 2012-2013 TJ Holowaychuk
- * Copyright(c) 2015 Andreas Lubbe
- * Copyright(c) 2015 Tiancheng "Timothy" Gu
- * MIT Licensed
- */
-
-'use strict';
-
-/**
- * Module variables.
- * @private
- */
-
-var matchHtmlRegExp = /["'&<>]/;
-
-/**
- * Module exports.
- * @public
- */
-
-module.exports = escapeHtml;
-
-/**
- * Escape special characters in the given string of html.
- *
- * @param  {string} string The string to escape for inserting into HTML
- * @return {string}
- * @public
- */
-
-function escapeHtml(string) {
-  var str = '' + string;
-  var match = matchHtmlRegExp.exec(str);
-
-  if (!match) {
-    return str;
-  }
-
-  var escape;
-  var html = '';
-  var index = 0;
-  var lastIndex = 0;
-
-  for (index = match.index; index < str.length; index++) {
-    switch (str.charCodeAt(index)) {
-      case 34: // "
-        escape = '&quot;';
-        break;
-      case 38: // &
-        escape = '&amp;';
-        break;
-      case 39: // '
-        escape = '&#39;';
-        break;
-      case 60: // <
-        escape = '&lt;';
-        break;
-      case 62: // >
-        escape = '&gt;';
-        break;
-      default:
-        continue;
-    }
-
-    if (lastIndex !== index) {
-      html += str.substring(lastIndex, index);
-    }
-
-    lastIndex = index + 1;
-    html += escape;
-  }
-
-  return lastIndex !== index
-    ? html + str.substring(lastIndex, index)
-    : html;
-}
diff --git a/src/Servers/ExpressServer/node_modules/escape-html/package.json b/src/Servers/ExpressServer/node_modules/escape-html/package.json
deleted file mode 100644
index 57ec7bd..0000000
--- a/src/Servers/ExpressServer/node_modules/escape-html/package.json
+++ /dev/null
@@ -1,24 +0,0 @@
-{
-  "name": "escape-html",
-  "description": "Escape string for use in HTML",
-  "version": "1.0.3",
-  "license": "MIT",
-  "keywords": [
-    "escape",
-    "html",
-    "utility"
-  ],
-  "repository": "component/escape-html",
-  "devDependencies": {
-    "benchmark": "1.0.0",
-    "beautify-benchmark": "0.2.4"
-  },
-  "files": [
-    "LICENSE",
-    "Readme.md",
-    "index.js"
-  ],
-  "scripts": {
-    "bench": "node benchmark/index.js"
-  }
-}
diff --git a/src/Servers/ExpressServer/node_modules/etag/HISTORY.md b/src/Servers/ExpressServer/node_modules/etag/HISTORY.md
deleted file mode 100644
index 222b293..0000000
--- a/src/Servers/ExpressServer/node_modules/etag/HISTORY.md
+++ /dev/null
@@ -1,83 +0,0 @@
-1.8.1 / 2017-09-12
-==================
-
-  * perf: replace regular expression with substring
-
-1.8.0 / 2017-02-18
-==================
-
-  * Use SHA1 instead of MD5 for ETag hashing
-    - Improves performance for larger entities
-    - Works with FIPS 140-2 OpenSSL configuration
-
-1.7.0 / 2015-06-08
-==================
-
-  * Always include entity length in ETags for hash length extensions
-  * Generate non-Stats ETags using MD5 only (no longer CRC32)
-  * Improve stat performance by removing hashing
-  * Remove base64 padding in ETags to shorten
-  * Use MD5 instead of MD4 in weak ETags over 1KB
-
-1.6.0 / 2015-05-10
-==================
-
-  * Improve support for JXcore
-  * Remove requirement of `atime` in the stats object
-  * Support "fake" stats objects in environments without `fs`
-
-1.5.1 / 2014-11-19
-==================
-
-  * deps: crc@3.2.1
-    - Minor fixes
-
-1.5.0 / 2014-10-14
-==================
-
-  * Improve string performance
-  * Slightly improve speed for weak ETags over 1KB
-
-1.4.0 / 2014-09-21
-==================
-
-  * Support "fake" stats objects
-  * Support Node.js 0.6
-
-1.3.1 / 2014-09-14
-==================
-
-  * Use the (new and improved) `crc` for crc32
-
-1.3.0 / 2014-08-29
-==================
-
-  * Default strings to strong ETags
-  * Improve speed for weak ETags over 1KB
-
-1.2.1 / 2014-08-29
-==================
-
-  * Use the (much faster) `buffer-crc32` for crc32
-
-1.2.0 / 2014-08-24
-==================
-
-  * Add support for file stat objects
-
-1.1.0 / 2014-08-24
-==================
-
-  * Add fast-path for empty entity
-  * Add weak ETag generation
-  * Shrink size of generated ETags
-
-1.0.1 / 2014-08-24
-==================
-
-  * Fix behavior of string containing Unicode
-
-1.0.0 / 2014-05-18
-==================
-
-  * Initial release
diff --git a/src/Servers/ExpressServer/node_modules/etag/LICENSE b/src/Servers/ExpressServer/node_modules/etag/LICENSE
deleted file mode 100644
index cab251c..0000000
--- a/src/Servers/ExpressServer/node_modules/etag/LICENSE
+++ /dev/null
@@ -1,22 +0,0 @@
-(The MIT License)
-
-Copyright (c) 2014-2016 Douglas Christopher Wilson
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-'Software'), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
-CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
-TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
-SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/etag/README.md b/src/Servers/ExpressServer/node_modules/etag/README.md
deleted file mode 100644
index 09c2169..0000000
--- a/src/Servers/ExpressServer/node_modules/etag/README.md
+++ /dev/null
@@ -1,159 +0,0 @@
-# etag
-
-[![NPM Version][npm-image]][npm-url]
-[![NPM Downloads][downloads-image]][downloads-url]
-[![Node.js Version][node-version-image]][node-version-url]
-[![Build Status][travis-image]][travis-url]
-[![Test Coverage][coveralls-image]][coveralls-url]
-
-Create simple HTTP ETags
-
-This module generates HTTP ETags (as defined in RFC 7232) for use in
-HTTP responses.
-
-## Installation
-
-This is a [Node.js](https://nodejs.org/en/) module available through the
-[npm registry](https://www.npmjs.com/). Installation is done using the
-[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
-
-```sh
-$ npm install etag
-```
-
-## API
-
-<!-- eslint-disable no-unused-vars -->
-
-```js
-var etag = require('etag')
-```
-
-### etag(entity, [options])
-
-Generate a strong ETag for the given entity. This should be the complete
-body of the entity. Strings, `Buffer`s, and `fs.Stats` are accepted. By
-default, a strong ETag is generated except for `fs.Stats`, which will
-generate a weak ETag (this can be overwritten by `options.weak`).
-
-<!-- eslint-disable no-undef -->
-
-```js
-res.setHeader('ETag', etag(body))
-```
-
-#### Options
-
-`etag` accepts these properties in the options object.
-
-##### weak
-
-Specifies if the generated ETag will include the weak validator mark (that
-is, the leading `W/`). The actual entity tag is the same. The default value
-is `false`, unless the `entity` is `fs.Stats`, in which case it is `true`.
-
-## Testing
-
-```sh
-$ npm test
-```
-
-## Benchmark
-
-```bash
-$ npm run-script bench
-
-> etag@1.8.1 bench nodejs-etag
-> node benchmark/index.js
-
-  http_parser@2.7.0
-  node@6.11.1
-  v8@5.1.281.103
-  uv@1.11.0
-  zlib@1.2.11
-  ares@1.10.1-DEV
-  icu@58.2
-  modules@48
-  openssl@1.0.2k
-
-> node benchmark/body0-100b.js
-
-  100B body
-
-  4 tests completed.
-
-  buffer - strong x 258,647 ops/sec ±1.07% (180 runs sampled)
-  buffer - weak   x 263,812 ops/sec ±0.61% (184 runs sampled)
-  string - strong x 259,955 ops/sec ±1.19% (185 runs sampled)
-  string - weak   x 264,356 ops/sec ±1.09% (184 runs sampled)
-
-> node benchmark/body1-1kb.js
-
-  1KB body
-
-  4 tests completed.
-
-  buffer - strong x 189,018 ops/sec ±1.12% (182 runs sampled)
-  buffer - weak   x 190,586 ops/sec ±0.81% (186 runs sampled)
-  string - strong x 144,272 ops/sec ±0.96% (188 runs sampled)
-  string - weak   x 145,380 ops/sec ±1.43% (187 runs sampled)
-
-> node benchmark/body2-5kb.js
-
-  5KB body
-
-  4 tests completed.
-
-  buffer - strong x 92,435 ops/sec ±0.42% (188 runs sampled)
-  buffer - weak   x 92,373 ops/sec ±0.58% (189 runs sampled)
-  string - strong x 48,850 ops/sec ±0.56% (186 runs sampled)
-  string - weak   x 49,380 ops/sec ±0.56% (190 runs sampled)
-
-> node benchmark/body3-10kb.js
-
-  10KB body
-
-  4 tests completed.
-
-  buffer - strong x 55,989 ops/sec ±0.93% (188 runs sampled)
-  buffer - weak   x 56,148 ops/sec ±0.55% (190 runs sampled)
-  string - strong x 27,345 ops/sec ±0.43% (188 runs sampled)
-  string - weak   x 27,496 ops/sec ±0.45% (190 runs sampled)
-
-> node benchmark/body4-100kb.js
-
-  100KB body
-
-  4 tests completed.
-
-  buffer - strong x 7,083 ops/sec ±0.22% (190 runs sampled)
-  buffer - weak   x 7,115 ops/sec ±0.26% (191 runs sampled)
-  string - strong x 3,068 ops/sec ±0.34% (190 runs sampled)
-  string - weak   x 3,096 ops/sec ±0.35% (190 runs sampled)
-
-> node benchmark/stats.js
-
-  stat
-
-  4 tests completed.
-
-  real - strong x 871,642 ops/sec ±0.34% (189 runs sampled)
-  real - weak   x 867,613 ops/sec ±0.39% (190 runs sampled)
-  fake - strong x 401,051 ops/sec ±0.40% (189 runs sampled)
-  fake - weak   x 400,100 ops/sec ±0.47% (188 runs sampled)
-```
-
-## License
-
-[MIT](LICENSE)
-
-[npm-image]: https://img.shields.io/npm/v/etag.svg
-[npm-url]: https://npmjs.org/package/etag
-[node-version-image]: https://img.shields.io/node/v/etag.svg
-[node-version-url]: https://nodejs.org/en/download/
-[travis-image]: https://img.shields.io/travis/jshttp/etag/master.svg
-[travis-url]: https://travis-ci.org/jshttp/etag
-[coveralls-image]: https://img.shields.io/coveralls/jshttp/etag/master.svg
-[coveralls-url]: https://coveralls.io/r/jshttp/etag?branch=master
-[downloads-image]: https://img.shields.io/npm/dm/etag.svg
-[downloads-url]: https://npmjs.org/package/etag
diff --git a/src/Servers/ExpressServer/node_modules/etag/index.js b/src/Servers/ExpressServer/node_modules/etag/index.js
deleted file mode 100644
index 2a585c9..0000000
--- a/src/Servers/ExpressServer/node_modules/etag/index.js
+++ /dev/null
@@ -1,131 +0,0 @@
-/*!
- * etag
- * Copyright(c) 2014-2016 Douglas Christopher Wilson
- * MIT Licensed
- */
-
-'use strict'
-
-/**
- * Module exports.
- * @public
- */
-
-module.exports = etag
-
-/**
- * Module dependencies.
- * @private
- */
-
-var crypto = require('crypto')
-var Stats = require('fs').Stats
-
-/**
- * Module variables.
- * @private
- */
-
-var toString = Object.prototype.toString
-
-/**
- * Generate an entity tag.
- *
- * @param {Buffer|string} entity
- * @return {string}
- * @private
- */
-
-function entitytag (entity) {
-  if (entity.length === 0) {
-    // fast-path empty
-    return '"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"'
-  }
-
-  // compute hash of entity
-  var hash = crypto
-    .createHash('sha1')
-    .update(entity, 'utf8')
-    .digest('base64')
-    .substring(0, 27)
-
-  // compute length of entity
-  var len = typeof entity === 'string'
-    ? Buffer.byteLength(entity, 'utf8')
-    : entity.length
-
-  return '"' + len.toString(16) + '-' + hash + '"'
-}
-
-/**
- * Create a simple ETag.
- *
- * @param {string|Buffer|Stats} entity
- * @param {object} [options]
- * @param {boolean} [options.weak]
- * @return {String}
- * @public
- */
-
-function etag (entity, options) {
-  if (entity == null) {
-    throw new TypeError('argument entity is required')
-  }
-
-  // support fs.Stats object
-  var isStats = isstats(entity)
-  var weak = options && typeof options.weak === 'boolean'
-    ? options.weak
-    : isStats
-
-  // validate argument
-  if (!isStats && typeof entity !== 'string' && !Buffer.isBuffer(entity)) {
-    throw new TypeError('argument entity must be string, Buffer, or fs.Stats')
-  }
-
-  // generate entity tag
-  var tag = isStats
-    ? stattag(entity)
-    : entitytag(entity)
-
-  return weak
-    ? 'W/' + tag
-    : tag
-}
-
-/**
- * Determine if object is a Stats object.
- *
- * @param {object} obj
- * @return {boolean}
- * @api private
- */
-
-function isstats (obj) {
-  // genuine fs.Stats
-  if (typeof Stats === 'function' && obj instanceof Stats) {
-    return true
-  }
-
-  // quack quack
-  return obj && typeof obj === 'object' &&
-    'ctime' in obj && toString.call(obj.ctime) === '[object Date]' &&
-    'mtime' in obj && toString.call(obj.mtime) === '[object Date]' &&
-    'ino' in obj && typeof obj.ino === 'number' &&
-    'size' in obj && typeof obj.size === 'number'
-}
-
-/**
- * Generate a tag for a stat.
- *
- * @param {object} stat
- * @return {string}
- * @private
- */
-
-function stattag (stat) {
-  var mtime = stat.mtime.getTime().toString(16)
-  var size = stat.size.toString(16)
-
-  return '"' + size + '-' + mtime + '"'
-}
diff --git a/src/Servers/ExpressServer/node_modules/etag/package.json b/src/Servers/ExpressServer/node_modules/etag/package.json
deleted file mode 100644
index b06ab80..0000000
--- a/src/Servers/ExpressServer/node_modules/etag/package.json
+++ /dev/null
@@ -1,47 +0,0 @@
-{
-  "name": "etag",
-  "description": "Create simple HTTP ETags",
-  "version": "1.8.1",
-  "contributors": [
-    "Douglas Christopher Wilson <doug@somethingdoug.com>",
-    "David Björklund <david.bjorklund@gmail.com>"
-  ],
-  "license": "MIT",
-  "keywords": [
-    "etag",
-    "http",
-    "res"
-  ],
-  "repository": "jshttp/etag",
-  "devDependencies": {
-    "beautify-benchmark": "0.2.4",
-    "benchmark": "2.1.4",
-    "eslint": "3.19.0",
-    "eslint-config-standard": "10.2.1",
-    "eslint-plugin-import": "2.7.0",
-    "eslint-plugin-markdown": "1.0.0-beta.6",
-    "eslint-plugin-node": "5.1.1",
-    "eslint-plugin-promise": "3.5.0",
-    "eslint-plugin-standard": "3.0.1",
-    "istanbul": "0.4.5",
-    "mocha": "1.21.5",
-    "safe-buffer": "5.1.1",
-    "seedrandom": "2.4.3"
-  },
-  "files": [
-    "LICENSE",
-    "HISTORY.md",
-    "README.md",
-    "index.js"
-  ],
-  "engines": {
-    "node": ">= 0.6"
-  },
-  "scripts": {
-    "bench": "node benchmark/index.js",
-    "lint": "eslint --plugin markdown --ext js,md .",
-    "test": "mocha --reporter spec --bail --check-leaks test/",
-    "test-cov": "istanbul cover node_modules/mocha/bin/_mocha -- --reporter dot --check-leaks test/",
-    "test-travis": "istanbul cover node_modules/mocha/bin/_mocha --report lcovonly -- --reporter spec --check-leaks test/"
-  }
-}
diff --git a/src/Servers/ExpressServer/node_modules/express/History.md b/src/Servers/ExpressServer/node_modules/express/History.md
deleted file mode 100644
index 150c2ab..0000000
--- a/src/Servers/ExpressServer/node_modules/express/History.md
+++ /dev/null
@@ -1,3667 +0,0 @@
-4.22.1 / 2025-12-01
-==========
-
-  * Revert security fix for [CVE-2024-51999](https://www.cve.org/CVERecord?id=CVE-2024-51999) ([GHSA-pj86-cfqh-vqx6](https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6))
-
-4.22.0 / 2025-12-01
-==========
-  * Security fix for [CVE-2024-51999](https://www.cve.org/CVERecord?id=CVE-2024-51999) ([GHSA-pj86-cfqh-vqx6](https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6))
-  * deps: use tilde notation for dependencies
-  * deps: qs@6.14.0
-
-4.21.2 / 2024-11-06
-==========
-
-  * deps: path-to-regexp@0.1.12
-    - Fix backtracking protection
-  * deps: path-to-regexp@0.1.11
-    - Throws an error on invalid path values
-
-4.21.1 / 2024-10-08
-==========
-
-  * Backported a fix for [CVE-2024-47764](https://nvd.nist.gov/vuln/detail/CVE-2024-47764)
-
-
-4.21.0 / 2024-09-11
-==========
-
-  * Deprecate `res.location("back")` and `res.redirect("back")` magic string
-  * deps: serve-static@1.16.2
-    * includes send@0.19.0
-  * deps: finalhandler@1.3.1
-  * deps: qs@6.13.0
-
-4.20.0 / 2024-09-10
-==========
-  * deps: serve-static@0.16.0
-    * Remove link renderization in html while redirecting
-  * deps: send@0.19.0
-    * Remove link renderization in html while redirecting
-  * deps: body-parser@0.6.0
-    * add `depth` option to customize the depth level in the parser
-    * IMPORTANT: The default `depth` level for parsing URL-encoded data is now `32` (previously was `Infinity`)
-  * Remove link renderization in html while using `res.redirect`
-  * deps: path-to-regexp@0.1.10
-    - Adds support for named matching groups in the routes using a regex
-    - Adds backtracking protection to parameters without regexes defined
-  * deps: encodeurl@~2.0.0
-    - Removes encoding of `\`, `|`, and `^` to align better with URL spec
-  * Deprecate passing `options.maxAge` and `options.expires` to `res.clearCookie`
-    - Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie
-
-4.19.2 / 2024-03-25
-==========
-
-  * Improved fix for open redirect allow list bypass
-
-4.19.1 / 2024-03-20
-==========
-
-  * Allow passing non-strings to res.location with new encoding handling checks
-
-4.19.0 / 2024-03-20
-==========
-
-  * Prevent open redirect allow list bypass due to encodeurl
-  * deps: cookie@0.6.0
-
-4.18.3 / 2024-02-29
-==========
-
-  * Fix routing requests without method
-  * deps: body-parser@1.20.2
-    - Fix strict json error message on Node.js 19+
-    - deps: content-type@~1.0.5
-    - deps: raw-body@2.5.2
-  * deps: cookie@0.6.0
-    - Add `partitioned` option
-
-4.18.2 / 2022-10-08
-===================
-
-  * Fix regression routing a large stack in a single route
-  * deps: body-parser@1.20.1
-    - deps: qs@6.11.0
-    - perf: remove unnecessary object clone
-  * deps: qs@6.11.0
-
-4.18.1 / 2022-04-29
-===================
-
-  * Fix hanging on large stack of sync routes
-
-4.18.0 / 2022-04-25
-===================
-
-  * Add "root" option to `res.download`
-  * Allow `options` without `filename` in `res.download`
-  * Deprecate string and non-integer arguments to `res.status`
-  * Fix behavior of `null`/`undefined` as `maxAge` in `res.cookie`
-  * Fix handling very large stacks of sync middleware
-  * Ignore `Object.prototype` values in settings through `app.set`/`app.get`
-  * Invoke `default` with same arguments as types in `res.format`
-  * Support proper 205 responses using `res.send`
-  * Use `http-errors` for `res.format` error
-  * deps: body-parser@1.20.0
-    - Fix error message for json parse whitespace in `strict`
-    - Fix internal error when inflated body exceeds limit
-    - Prevent loss of async hooks context
-    - Prevent hanging when request already read
-    - deps: depd@2.0.0
-    - deps: http-errors@2.0.0
-    - deps: on-finished@2.4.1
-    - deps: qs@6.10.3
-    - deps: raw-body@2.5.1
-  * deps: cookie@0.5.0
-    - Add `priority` option
-    - Fix `expires` option to reject invalid dates
-  * deps: depd@2.0.0
-    - Replace internal `eval` usage with `Function` constructor
-    - Use instance methods on `process` to check for listeners
-  * deps: finalhandler@1.2.0
-    - Remove set content headers that break response
-    - deps: on-finished@2.4.1
-    - deps: statuses@2.0.1
-  * deps: on-finished@2.4.1
-    - Prevent loss of async hooks context
-  * deps: qs@6.10.3
-  * deps: send@0.18.0
-    - Fix emitted 416 error missing headers property
-    - Limit the headers removed for 304 response
-    - deps: depd@2.0.0
-    - deps: destroy@1.2.0
-    - deps: http-errors@2.0.0
-    - deps: on-finished@2.4.1
-    - deps: statuses@2.0.1
-  * deps: serve-static@1.15.0
-    - deps: send@0.18.0
-  * deps: statuses@2.0.1
-    - Remove code 306
-    - Rename `425 Unordered Collection` to standard `425 Too Early`
-
-4.17.3 / 2022-02-16
-===================
-
-  * deps: accepts@~1.3.8
-    - deps: mime-types@~2.1.34
-    - deps: negotiator@0.6.3
-  * deps: body-parser@1.19.2
-    - deps: bytes@3.1.2
-    - deps: qs@6.9.7
-    - deps: raw-body@2.4.3
-  * deps: cookie@0.4.2
-  * deps: qs@6.9.7
-    * Fix handling of `__proto__` keys
-  * pref: remove unnecessary regexp for trust proxy
-
-4.17.2 / 2021-12-16
-===================
-
-  * Fix handling of `undefined` in `res.jsonp`
-  * Fix handling of `undefined` when `"json escape"` is enabled
-  * Fix incorrect middleware execution with unanchored `RegExp`s
-  * Fix `res.jsonp(obj, status)` deprecation message
-  * Fix typo in `res.is` JSDoc
-  * deps: body-parser@1.19.1
-    - deps: bytes@3.1.1
-    - deps: http-errors@1.8.1
-    - deps: qs@6.9.6
-    - deps: raw-body@2.4.2
-    - deps: safe-buffer@5.2.1
-    - deps: type-is@~1.6.18
-  * deps: content-disposition@0.5.4
-    - deps: safe-buffer@5.2.1
-  * deps: cookie@0.4.1
-    - Fix `maxAge` option to reject invalid values
-  * deps: proxy-addr@~2.0.7
-    - Use `req.socket` over deprecated `req.connection`
-    - deps: forwarded@0.2.0
-    - deps: ipaddr.js@1.9.1
-  * deps: qs@6.9.6
-  * deps: safe-buffer@5.2.1
-  * deps: send@0.17.2
-    - deps: http-errors@1.8.1
-    - deps: ms@2.1.3
-    - pref: ignore empty http tokens
-  * deps: serve-static@1.14.2
-    - deps: send@0.17.2
-  * deps: setprototypeof@1.2.0
-
-4.17.1 / 2019-05-25
-===================
-
-  * Revert "Improve error message for `null`/`undefined` to `res.status`"
-
-4.17.0 / 2019-05-16
-===================
-
-  * Add `express.raw` to parse bodies into `Buffer`
-  * Add `express.text` to parse bodies into string
-  * Improve error message for non-strings to `res.sendFile`
-  * Improve error message for `null`/`undefined` to `res.status`
-  * Support multiple hosts in `X-Forwarded-Host`
-  * deps: accepts@~1.3.7
-  * deps: body-parser@1.19.0
-    - Add encoding MIK
-    - Add petabyte (`pb`) support
-    - Fix parsing array brackets after index
-    - deps: bytes@3.1.0
-    - deps: http-errors@1.7.2
-    - deps: iconv-lite@0.4.24
-    - deps: qs@6.7.0
-    - deps: raw-body@2.4.0
-    - deps: type-is@~1.6.17
-  * deps: content-disposition@0.5.3
-  * deps: cookie@0.4.0
-    - Add `SameSite=None` support
-  * deps: finalhandler@~1.1.2
-    - Set stricter `Content-Security-Policy` header
-    - deps: parseurl@~1.3.3
-    - deps: statuses@~1.5.0
-  * deps: parseurl@~1.3.3
-  * deps: proxy-addr@~2.0.5
-    - deps: ipaddr.js@1.9.0
-  * deps: qs@6.7.0
-    - Fix parsing array brackets after index
-  * deps: range-parser@~1.2.1
-  * deps: send@0.17.1
-    - Set stricter CSP header in redirect & error responses
-    - deps: http-errors@~1.7.2
-    - deps: mime@1.6.0
-    - deps: ms@2.1.1
-    - deps: range-parser@~1.2.1
-    - deps: statuses@~1.5.0
-    - perf: remove redundant `path.normalize` call
-  * deps: serve-static@1.14.1
-    - Set stricter CSP header in redirect response
-    - deps: parseurl@~1.3.3
-    - deps: send@0.17.1
-  * deps: setprototypeof@1.1.1
-  * deps: statuses@~1.5.0
-    - Add `103 Early Hints`
-  * deps: type-is@~1.6.18
-    - deps: mime-types@~2.1.24
-    - perf: prevent internal `throw` on invalid type
-
-4.16.4 / 2018-10-10
-===================
-
-  * Fix issue where `"Request aborted"` may be logged in `res.sendfile`
-  * Fix JSDoc for `Router` constructor
-  * deps: body-parser@1.18.3
-    - Fix deprecation warnings on Node.js 10+
-    - Fix stack trace for strict json parse error
-    - deps: depd@~1.1.2
-    - deps: http-errors@~1.6.3
-    - deps: iconv-lite@0.4.23
-    - deps: qs@6.5.2
-    - deps: raw-body@2.3.3
-    - deps: type-is@~1.6.16
-  * deps: proxy-addr@~2.0.4
-    - deps: ipaddr.js@1.8.0
-  * deps: qs@6.5.2
-  * deps: safe-buffer@5.1.2
-
-4.16.3 / 2018-03-12
-===================
-
-  * deps: accepts@~1.3.5
-    - deps: mime-types@~2.1.18
-  * deps: depd@~1.1.2
-    - perf: remove argument reassignment
-  * deps: encodeurl@~1.0.2
-    - Fix encoding `%` as last character
-  * deps: finalhandler@1.1.1
-    - Fix 404 output for bad / missing pathnames
-    - deps: encodeurl@~1.0.2
-    - deps: statuses@~1.4.0
-  * deps: proxy-addr@~2.0.3
-    - deps: ipaddr.js@1.6.0
-  * deps: send@0.16.2
-    - Fix incorrect end tag in default error & redirects
-    - deps: depd@~1.1.2
-    - deps: encodeurl@~1.0.2
-    - deps: statuses@~1.4.0
-  * deps: serve-static@1.13.2
-    - Fix incorrect end tag in redirects
-    - deps: encodeurl@~1.0.2
-    - deps: send@0.16.2
-  * deps: statuses@~1.4.0
-  * deps: type-is@~1.6.16
-    - deps: mime-types@~2.1.18
-
-4.16.2 / 2017-10-09
-===================
-
-  * Fix `TypeError` in `res.send` when given `Buffer` and `ETag` header set
-  * perf: skip parsing of entire `X-Forwarded-Proto` header
-
-4.16.1 / 2017-09-29
-===================
-
-  * deps: send@0.16.1
-  * deps: serve-static@1.13.1
-    - Fix regression when `root` is incorrectly set to a file
-    - deps: send@0.16.1
-
-4.16.0 / 2017-09-28
-===================
-
-  * Add `"json escape"` setting for `res.json` and `res.jsonp`
-  * Add `express.json` and `express.urlencoded` to parse bodies
-  * Add `options` argument to `res.download`
-  * Improve error message when autoloading invalid view engine
-  * Improve error messages when non-function provided as middleware
-  * Skip `Buffer` encoding when not generating ETag for small response
-  * Use `safe-buffer` for improved Buffer API
-  * deps: accepts@~1.3.4
-    - deps: mime-types@~2.1.16
-  * deps: content-type@~1.0.4
-    - perf: remove argument reassignment
-    - perf: skip parameter parsing when no parameters
-  * deps: etag@~1.8.1
-    - perf: replace regular expression with substring
-  * deps: finalhandler@1.1.0
-    - Use `res.headersSent` when available
-  * deps: parseurl@~1.3.2
-    - perf: reduce overhead for full URLs
-    - perf: unroll the "fast-path" `RegExp`
-  * deps: proxy-addr@~2.0.2
-    - Fix trimming leading / trailing OWS in `X-Forwarded-For`
-    - deps: forwarded@~0.1.2
-    - deps: ipaddr.js@1.5.2
-    - perf: reduce overhead when no `X-Forwarded-For` header
-  * deps: qs@6.5.1
-    - Fix parsing & compacting very deep objects
-  * deps: send@0.16.0
-    - Add 70 new types for file extensions
-    - Add `immutable` option
-    - Fix missing `</html>` in default error & redirects
-    - Set charset as "UTF-8" for .js and .json
-    - Use instance methods on steam to check for listeners
-    - deps: mime@1.4.1
-    - perf: improve path validation speed
-  * deps: serve-static@1.13.0
-    - Add 70 new types for file extensions
-    - Add `immutable` option
-    - Set charset as "UTF-8" for .js and .json
-    - deps: send@0.16.0
-  * deps: setprototypeof@1.1.0
-  * deps: utils-merge@1.0.1
-  * deps: vary@~1.1.2
-    - perf: improve header token parsing speed
-  * perf: re-use options object when generating ETags
-  * perf: remove dead `.charset` set in `res.jsonp`
-
-4.15.5 / 2017-09-24
-===================
-
-  * deps: debug@2.6.9
-  * deps: finalhandler@~1.0.6
-    - deps: debug@2.6.9
-    - deps: parseurl@~1.3.2
-  * deps: fresh@0.5.2
-    - Fix handling of modified headers with invalid dates
-    - perf: improve ETag match loop
-    - perf: improve `If-None-Match` token parsing
-  * deps: send@0.15.6
-    - Fix handling of modified headers with invalid dates
-    - deps: debug@2.6.9
-    - deps: etag@~1.8.1
-    - deps: fresh@0.5.2
-    - perf: improve `If-Match` token parsing
-  * deps: serve-static@1.12.6
-    - deps: parseurl@~1.3.2
-    - deps: send@0.15.6
-    - perf: improve slash collapsing
-
-4.15.4 / 2017-08-06
-===================
-
-  * deps: debug@2.6.8
-  * deps: depd@~1.1.1
-    - Remove unnecessary `Buffer` loading
-  * deps: finalhandler@~1.0.4
-    - deps: debug@2.6.8
-  * deps: proxy-addr@~1.1.5
-    - Fix array argument being altered
-    - deps: ipaddr.js@1.4.0
-  * deps: qs@6.5.0
-  * deps: send@0.15.4
-    - deps: debug@2.6.8
-    - deps: depd@~1.1.1
-    - deps: http-errors@~1.6.2
-  * deps: serve-static@1.12.4
-    - deps: send@0.15.4
-
-4.15.3 / 2017-05-16
-===================
-
-  * Fix error when `res.set` cannot add charset to `Content-Type`
-  * deps: debug@2.6.7
-    - Fix `DEBUG_MAX_ARRAY_LENGTH`
-    - deps: ms@2.0.0
-  * deps: finalhandler@~1.0.3
-    - Fix missing `</html>` in HTML document
-    - deps: debug@2.6.7
-  * deps: proxy-addr@~1.1.4
-    - deps: ipaddr.js@1.3.0
-  * deps: send@0.15.3
-    - deps: debug@2.6.7
-    - deps: ms@2.0.0
-  * deps: serve-static@1.12.3
-    - deps: send@0.15.3
-  * deps: type-is@~1.6.15
-    - deps: mime-types@~2.1.15
-  * deps: vary@~1.1.1
-    - perf: hoist regular expression
-
-4.15.2 / 2017-03-06
-===================
-
-  * deps: qs@6.4.0
-    - Fix regression parsing keys starting with `[`
-
-4.15.1 / 2017-03-05
-===================
-
-  * deps: send@0.15.1
-    - Fix issue when `Date.parse` does not return `NaN` on invalid date
-    - Fix strict violation in broken environments
-  * deps: serve-static@1.12.1
-    - Fix issue when `Date.parse` does not return `NaN` on invalid date
-    - deps: send@0.15.1
-
-4.15.0 / 2017-03-01
-===================
-
-  * Add debug message when loading view engine
-  * Add `next("router")` to exit from router
-  * Fix case where `router.use` skipped requests routes did not
-  * Remove usage of `res._headers` private field
-    - Improves compatibility with Node.js 8 nightly
-  * Skip routing when `req.url` is not set
-  * Use `%o` in path debug to tell types apart
-  * Use `Object.create` to setup request & response prototypes
-  * Use `setprototypeof` module to replace `__proto__` setting
-  * Use `statuses` instead of `http` module for status messages
-  * deps: debug@2.6.1
-    - Allow colors in workers
-    - Deprecated `DEBUG_FD` environment variable set to `3` or higher
-    - Fix error when running under React Native
-    - Use same color for same namespace
-    - deps: ms@0.7.2
-  * deps: etag@~1.8.0
-    - Use SHA1 instead of MD5 for ETag hashing
-    - Works with FIPS 140-2 OpenSSL configuration
-  * deps: finalhandler@~1.0.0
-    - Fix exception when `err` cannot be converted to a string
-    - Fully URL-encode the pathname in the 404
-    - Only include the pathname in the 404 message
-    - Send complete HTML document
-    - Set `Content-Security-Policy: default-src 'self'` header
-    - deps: debug@2.6.1
-  * deps: fresh@0.5.0
-    - Fix false detection of `no-cache` request directive
-    - Fix incorrect result when `If-None-Match` has both `*` and ETags
-    - Fix weak `ETag` matching to match spec
-    - perf: delay reading header values until needed
-    - perf: enable strict mode
-    - perf: hoist regular expressions
-    - perf: remove duplicate conditional
-    - perf: remove unnecessary boolean coercions
-    - perf: skip checking modified time if ETag check failed
-    - perf: skip parsing `If-None-Match` when no `ETag` header
-    - perf: use `Date.parse` instead of `new Date`
-  * deps: qs@6.3.1
-    - Fix array parsing from skipping empty values
-    - Fix compacting nested arrays
-  * deps: send@0.15.0
-    - Fix false detection of `no-cache` request directive
-    - Fix incorrect result when `If-None-Match` has both `*` and ETags
-    - Fix weak `ETag` matching to match spec
-    - Remove usage of `res._headers` private field
-    - Support `If-Match` and `If-Unmodified-Since` headers
-    - Use `res.getHeaderNames()` when available
-    - Use `res.headersSent` when available
-    - deps: debug@2.6.1
-    - deps: etag@~1.8.0
-    - deps: fresh@0.5.0
-    - deps: http-errors@~1.6.1
-  * deps: serve-static@1.12.0
-    - Fix false detection of `no-cache` request directive
-    - Fix incorrect result when `If-None-Match` has both `*` and ETags
-    - Fix weak `ETag` matching to match spec
-    - Remove usage of `res._headers` private field
-    - Send complete HTML document in redirect response
-    - Set default CSP header in redirect response
-    - Support `If-Match` and `If-Unmodified-Since` headers
-    - Use `res.getHeaderNames()` when available
-    - Use `res.headersSent` when available
-    - deps: send@0.15.0
-  * perf: add fast match path for `*` route
-  * perf: improve `req.ips` performance
-
-4.14.1 / 2017-01-28
-===================
-
-  * deps: content-disposition@0.5.2
-  * deps: finalhandler@0.5.1
-    - Fix exception when `err.headers` is not an object
-    - deps: statuses@~1.3.1
-    - perf: hoist regular expressions
-    - perf: remove duplicate validation path
-  * deps: proxy-addr@~1.1.3
-    - deps: ipaddr.js@1.2.0
-  * deps: send@0.14.2
-    - deps: http-errors@~1.5.1
-    - deps: ms@0.7.2
-    - deps: statuses@~1.3.1
-  * deps: serve-static@~1.11.2
-    - deps: send@0.14.2
-  * deps: type-is@~1.6.14
-    - deps: mime-types@~2.1.13
-
-4.14.0 / 2016-06-16
-===================
-
-  * Add `acceptRanges` option to `res.sendFile`/`res.sendfile`
-  * Add `cacheControl` option to `res.sendFile`/`res.sendfile`
-  * Add `options` argument to `req.range`
-    - Includes the `combine` option
-  * Encode URL in `res.location`/`res.redirect` if not already encoded
-  * Fix some redirect handling in `res.sendFile`/`res.sendfile`
-  * Fix Windows absolute path check using forward slashes
-  * Improve error with invalid arguments to `req.get()`
-  * Improve performance for `res.json`/`res.jsonp` in most cases
-  * Improve `Range` header handling in `res.sendFile`/`res.sendfile`
-  * deps: accepts@~1.3.3
-    - Fix including type extensions in parameters in `Accept` parsing
-    - Fix parsing `Accept` parameters with quoted equals
-    - Fix parsing `Accept` parameters with quoted semicolons
-    - Many performance improvements
-    - deps: mime-types@~2.1.11
-    - deps: negotiator@0.6.1
-  * deps: content-type@~1.0.2
-    - perf: enable strict mode
-  * deps: cookie@0.3.1
-    - Add `sameSite` option
-    - Fix cookie `Max-Age` to never be a floating point number
-    - Improve error message when `encode` is not a function
-    - Improve error message when `expires` is not a `Date`
-    - Throw better error for invalid argument to parse
-    - Throw on invalid values provided to `serialize`
-    - perf: enable strict mode
-    - perf: hoist regular expression
-    - perf: use for loop in parse
-    - perf: use string concatenation for serialization
-  * deps: finalhandler@0.5.0
-    - Change invalid or non-numeric status code to 500
-    - Overwrite status message to match set status code
-    - Prefer `err.statusCode` if `err.status` is invalid
-    - Set response headers from `err.headers` object
-    - Use `statuses` instead of `http` module for status messages
-  * deps: proxy-addr@~1.1.2
-    - Fix accepting various invalid netmasks
-    - Fix IPv6-mapped IPv4 validation edge cases
-    - IPv4 netmasks must be contiguous
-    - IPv6 addresses cannot be used as a netmask
-    - deps: ipaddr.js@1.1.1
-  * deps: qs@6.2.0
-    - Add `decoder` option in `parse` function
-  * deps: range-parser@~1.2.0
-    - Add `combine` option to combine overlapping ranges
-    - Fix incorrectly returning -1 when there is at least one valid range
-    - perf: remove internal function
-  * deps: send@0.14.1
-    - Add `acceptRanges` option
-    - Add `cacheControl` option
-    - Attempt to combine multiple ranges into single range
-    - Correctly inherit from `Stream` class
-    - Fix `Content-Range` header in 416 responses when using `start`/`end` options
-    - Fix `Content-Range` header missing from default 416 responses
-    - Fix redirect error when `path` contains raw non-URL characters
-    - Fix redirect when `path` starts with multiple forward slashes
-    - Ignore non-byte `Range` headers
-    - deps: http-errors@~1.5.0
-    - deps: range-parser@~1.2.0
-    - deps: statuses@~1.3.0
-    - perf: remove argument reassignment
-  * deps: serve-static@~1.11.1
-    - Add `acceptRanges` option
-    - Add `cacheControl` option
-    - Attempt to combine multiple ranges into single range
-    - Fix redirect error when `req.url` contains raw non-URL characters
-    - Ignore non-byte `Range` headers
-    - Use status code 301 for redirects
-    - deps: send@0.14.1
-  * deps: type-is@~1.6.13
-    - Fix type error when given invalid type to match against
-    - deps: mime-types@~2.1.11
-  * deps: vary@~1.1.0
-    - Only accept valid field names in the `field` argument
-  * perf: use strict equality when possible
-
-4.13.4 / 2016-01-21
-===================
-
-  * deps: content-disposition@0.5.1
-    - perf: enable strict mode
-  * deps: cookie@0.1.5
-    - Throw on invalid values provided to `serialize`
-  * deps: depd@~1.1.0
-    - Support web browser loading
-    - perf: enable strict mode
-  * deps: escape-html@~1.0.3
-    - perf: enable strict mode
-    - perf: optimize string replacement
-    - perf: use faster string coercion
-  * deps: finalhandler@0.4.1
-    - deps: escape-html@~1.0.3
-  * deps: merge-descriptors@1.0.1
-    - perf: enable strict mode
-  * deps: methods@~1.1.2
-    - perf: enable strict mode
-  * deps: parseurl@~1.3.1
-    - perf: enable strict mode
-  * deps: proxy-addr@~1.0.10
-    - deps: ipaddr.js@1.0.5
-    - perf: enable strict mode
-  * deps: range-parser@~1.0.3
-    - perf: enable strict mode
-  * deps: send@0.13.1
-    - deps: depd@~1.1.0
-    - deps: destroy@~1.0.4
-    - deps: escape-html@~1.0.3
-    - deps: range-parser@~1.0.3
-  * deps: serve-static@~1.10.2
-    - deps: escape-html@~1.0.3
-    - deps: parseurl@~1.3.0
-    - deps: send@0.13.1
-
-4.13.3 / 2015-08-02
-===================
-
-  * Fix infinite loop condition using `mergeParams: true`
-  * Fix inner numeric indices incorrectly altering parent `req.params`
-
-4.13.2 / 2015-07-31
-===================
-
-  * deps: accepts@~1.2.12
-    - deps: mime-types@~2.1.4
-  * deps: array-flatten@1.1.1
-    - perf: enable strict mode
-  * deps: path-to-regexp@0.1.7
-    - Fix regression with escaped round brackets and matching groups
-  * deps: type-is@~1.6.6
-    - deps: mime-types@~2.1.4
-
-4.13.1 / 2015-07-05
-===================
-
-  * deps: accepts@~1.2.10
-    - deps: mime-types@~2.1.2
-  * deps: qs@4.0.0
-    - Fix dropping parameters like `hasOwnProperty`
-    - Fix various parsing edge cases
-  * deps: type-is@~1.6.4
-    - deps: mime-types@~2.1.2
-    - perf: enable strict mode
-    - perf: remove argument reassignment
-
-4.13.0 / 2015-06-20
-===================
-
-  * Add settings to debug output
-  * Fix `res.format` error when only `default` provided
-  * Fix issue where `next('route')` in `app.param` would incorrectly skip values
-  * Fix hiding platform issues with `decodeURIComponent`
-    - Only `URIError`s are a 400
-  * Fix using `*` before params in routes
-  * Fix using capture groups before params in routes
-  * Simplify `res.cookie` to call `res.append`
-  * Use `array-flatten` module for flattening arrays
-  * deps: accepts@~1.2.9
-    - deps: mime-types@~2.1.1
-    - perf: avoid argument reassignment & argument slice
-    - perf: avoid negotiator recursive construction
-    - perf: enable strict mode
-    - perf: remove unnecessary bitwise operator
-  * deps: cookie@0.1.3
-    - perf: deduce the scope of try-catch deopt
-    - perf: remove argument reassignments
-  * deps: escape-html@1.0.2
-  * deps: etag@~1.7.0
-    - Always include entity length in ETags for hash length extensions
-    - Generate non-Stats ETags using MD5 only (no longer CRC32)
-    - Improve stat performance by removing hashing
-    - Improve support for JXcore
-    - Remove base64 padding in ETags to shorten
-    - Support "fake" stats objects in environments without fs
-    - Use MD5 instead of MD4 in weak ETags over 1KB
-  * deps: finalhandler@0.4.0
-    - Fix a false-positive when unpiping in Node.js 0.8
-    - Support `statusCode` property on `Error` objects
-    - Use `unpipe` module for unpiping requests
-    - deps: escape-html@1.0.2
-    - deps: on-finished@~2.3.0
-    - perf: enable strict mode
-    - perf: remove argument reassignment
-  * deps: fresh@0.3.0
-    - Add weak `ETag` matching support
-  * deps: on-finished@~2.3.0
-    - Add defined behavior for HTTP `CONNECT` requests
-    - Add defined behavior for HTTP `Upgrade` requests
-    - deps: ee-first@1.1.1
-  * deps: path-to-regexp@0.1.6
-  * deps: send@0.13.0
-    - Allow Node.js HTTP server to set `Date` response header
-    - Fix incorrectly removing `Content-Location` on 304 response
-    - Improve the default redirect response headers
-    - Send appropriate headers on default error response
-    - Use `http-errors` for standard emitted errors
-    - Use `statuses` instead of `http` module for status messages
-    - deps: escape-html@1.0.2
-    - deps: etag@~1.7.0
-    - deps: fresh@0.3.0
-    - deps: on-finished@~2.3.0
-    - perf: enable strict mode
-    - perf: remove unnecessary array allocations
-  * deps: serve-static@~1.10.0
-    - Add `fallthrough` option
-    - Fix reading options from options prototype
-    - Improve the default redirect response headers
-    - Malformed URLs now `next()` instead of 400
-    - deps: escape-html@1.0.2
-    - deps: send@0.13.0
-    - perf: enable strict mode
-    - perf: remove argument reassignment
-  * deps: type-is@~1.6.3
-    - deps: mime-types@~2.1.1
-    - perf: reduce try block size
-    - perf: remove bitwise operations
-  * perf: enable strict mode
-  * perf: isolate `app.render` try block
-  * perf: remove argument reassignments in application
-  * perf: remove argument reassignments in request prototype
-  * perf: remove argument reassignments in response prototype
-  * perf: remove argument reassignments in routing
-  * perf: remove argument reassignments in `View`
-  * perf: skip attempting to decode zero length string
-  * perf: use saved reference to `http.STATUS_CODES`
-
-4.12.4 / 2015-05-17
-===================
-
-  * deps: accepts@~1.2.7
-    - deps: mime-types@~2.0.11
-    - deps: negotiator@0.5.3
-  * deps: debug@~2.2.0
-    - deps: ms@0.7.1
-  * deps: depd@~1.0.1
-  * deps: etag@~1.6.0
-    - Improve support for JXcore
-    - Support "fake" stats objects in environments without `fs`
-  * deps: finalhandler@0.3.6
-    - deps: debug@~2.2.0
-    - deps: on-finished@~2.2.1
-  * deps: on-finished@~2.2.1
-    - Fix `isFinished(req)` when data buffered
-  * deps: proxy-addr@~1.0.8
-    - deps: ipaddr.js@1.0.1
-  * deps: qs@2.4.2
-   - Fix allowing parameters like `constructor`
-  * deps: send@0.12.3
-    - deps: debug@~2.2.0
-    - deps: depd@~1.0.1
-    - deps: etag@~1.6.0
-    - deps: ms@0.7.1
-    - deps: on-finished@~2.2.1
-  * deps: serve-static@~1.9.3
-    - deps: send@0.12.3
-  * deps: type-is@~1.6.2
-    - deps: mime-types@~2.0.11
-
-4.12.3 / 2015-03-17
-===================
-
-  * deps: accepts@~1.2.5
-    - deps: mime-types@~2.0.10
-  * deps: debug@~2.1.3
-    - Fix high intensity foreground color for bold
-    - deps: ms@0.7.0
-  * deps: finalhandler@0.3.4
-    - deps: debug@~2.1.3
-  * deps: proxy-addr@~1.0.7
-    - deps: ipaddr.js@0.1.9
-  * deps: qs@2.4.1
-    - Fix error when parameter `hasOwnProperty` is present
-  * deps: send@0.12.2
-    - Throw errors early for invalid `extensions` or `index` options
-    - deps: debug@~2.1.3
-  * deps: serve-static@~1.9.2
-    - deps: send@0.12.2
-  * deps: type-is@~1.6.1
-    - deps: mime-types@~2.0.10
-
-4.12.2 / 2015-03-02
-===================
-
-  * Fix regression where `"Request aborted"` is logged using `res.sendFile`
-
-4.12.1 / 2015-03-01
-===================
-
-  * Fix constructing application with non-configurable prototype properties
-  * Fix `ECONNRESET` errors from `res.sendFile` usage
-  * Fix `req.host` when using "trust proxy" hops count
-  * Fix `req.protocol`/`req.secure` when using "trust proxy" hops count
-  * Fix wrong `code` on aborted connections from `res.sendFile`
-  * deps: merge-descriptors@1.0.0
-
-4.12.0 / 2015-02-23
-===================
-
-  * Fix `"trust proxy"` setting to inherit when app is mounted
-  * Generate `ETag`s for all request responses
-    - No longer restricted to only responses for `GET` and `HEAD` requests
-  * Use `content-type` to parse `Content-Type` headers
-  * deps: accepts@~1.2.4
-    - Fix preference sorting to be stable for long acceptable lists
-    - deps: mime-types@~2.0.9
-    - deps: negotiator@0.5.1
-  * deps: cookie-signature@1.0.6
-  * deps: send@0.12.1
-    - Always read the stat size from the file
-    - Fix mutating passed-in `options`
-    - deps: mime@1.3.4
-  * deps: serve-static@~1.9.1
-    - deps: send@0.12.1
-  * deps: type-is@~1.6.0
-    - fix argument reassignment
-    - fix false-positives in `hasBody` `Transfer-Encoding` check
-    - support wildcard for both type and subtype (`*/*`)
-    - deps: mime-types@~2.0.9
-
-4.11.2 / 2015-02-01
-===================
-
-  * Fix `res.redirect` double-calling `res.end` for `HEAD` requests
-  * deps: accepts@~1.2.3
-    - deps: mime-types@~2.0.8
-  * deps: proxy-addr@~1.0.6
-    - deps: ipaddr.js@0.1.8
-  * deps: type-is@~1.5.6
-    - deps: mime-types@~2.0.8
-
-4.11.1 / 2015-01-20
-===================
-
-  * deps: send@0.11.1
-    - Fix root path disclosure
-  * deps: serve-static@~1.8.1
-    - Fix redirect loop in Node.js 0.11.14
-    - Fix root path disclosure
-    - deps: send@0.11.1
-
-4.11.0 / 2015-01-13
-===================
-
-  * Add `res.append(field, val)` to append headers
-  * Deprecate leading `:` in `name` for `app.param(name, fn)`
-  * Deprecate `req.param()` -- use `req.params`, `req.body`, or `req.query` instead
-  * Deprecate `app.param(fn)`
-  * Fix `OPTIONS` responses to include the `HEAD` method properly
-  * Fix `res.sendFile` not always detecting aborted connection
-  * Match routes iteratively to prevent stack overflows
-  * deps: accepts@~1.2.2
-    - deps: mime-types@~2.0.7
-    - deps: negotiator@0.5.0
-  * deps: send@0.11.0
-    - deps: debug@~2.1.1
-    - deps: etag@~1.5.1
-    - deps: ms@0.7.0
-    - deps: on-finished@~2.2.0
-  * deps: serve-static@~1.8.0
-    - deps: send@0.11.0
-
-4.10.8 / 2015-01-13
-===================
-
-  * Fix crash from error within `OPTIONS` response handler
-  * deps: proxy-addr@~1.0.5
-    - deps: ipaddr.js@0.1.6
-
-4.10.7 / 2015-01-04
-===================
-
-  * Fix `Allow` header for `OPTIONS` to not contain duplicate methods
-  * Fix incorrect "Request aborted" for `res.sendFile` when `HEAD` or 304
-  * deps: debug@~2.1.1
-  * deps: finalhandler@0.3.3
-    - deps: debug@~2.1.1
-    - deps: on-finished@~2.2.0
-  * deps: methods@~1.1.1
-  * deps: on-finished@~2.2.0
-  * deps: serve-static@~1.7.2
-    - Fix potential open redirect when mounted at root
-  * deps: type-is@~1.5.5
-    - deps: mime-types@~2.0.7
-
-4.10.6 / 2014-12-12
-===================
-
-  * Fix exception in `req.fresh`/`req.stale` without response headers
-
-4.10.5 / 2014-12-10
-===================
-
-  * Fix `res.send` double-calling `res.end` for `HEAD` requests
-  * deps: accepts@~1.1.4
-    - deps: mime-types@~2.0.4
-  * deps: type-is@~1.5.4
-    - deps: mime-types@~2.0.4
-
-4.10.4 / 2014-11-24
-===================
-
-  * Fix `res.sendfile` logging standard write errors
-
-4.10.3 / 2014-11-23
-===================
-
-  * Fix `res.sendFile` logging standard write errors
-  * deps: etag@~1.5.1
-  * deps: proxy-addr@~1.0.4
-    - deps: ipaddr.js@0.1.5
-  * deps: qs@2.3.3
-    - Fix `arrayLimit` behavior
-
-4.10.2 / 2014-11-09
-===================
-
-  * Correctly invoke async router callback asynchronously
-  * deps: accepts@~1.1.3
-    - deps: mime-types@~2.0.3
-  * deps: type-is@~1.5.3
-    - deps: mime-types@~2.0.3
-
-4.10.1 / 2014-10-28
-===================
-
-  * Fix handling of URLs containing `://` in the path
-  * deps: qs@2.3.2
-    - Fix parsing of mixed objects and values
-
-4.10.0 / 2014-10-23
-===================
-
-  * Add support for `app.set('views', array)`
-    - Views are looked up in sequence in array of directories
-  * Fix `res.send(status)` to mention `res.sendStatus(status)`
-  * Fix handling of invalid empty URLs
-  * Use `content-disposition` module for `res.attachment`/`res.download`
-    - Sends standards-compliant `Content-Disposition` header
-    - Full Unicode support
-  * Use `path.resolve` in view lookup
-  * deps: debug@~2.1.0
-    - Implement `DEBUG_FD` env variable support
-  * deps: depd@~1.0.0
-  * deps: etag@~1.5.0
-    - Improve string performance
-    - Slightly improve speed for weak ETags over 1KB
-  * deps: finalhandler@0.3.2
-    - Terminate in progress response only on error
-    - Use `on-finished` to determine request status
-    - deps: debug@~2.1.0
-    - deps: on-finished@~2.1.1
-  * deps: on-finished@~2.1.1
-    - Fix handling of pipelined requests
-  * deps: qs@2.3.0
-    - Fix parsing of mixed implicit and explicit arrays
-  * deps: send@0.10.1
-    - deps: debug@~2.1.0
-    - deps: depd@~1.0.0
-    - deps: etag@~1.5.0
-    - deps: on-finished@~2.1.1
-  * deps: serve-static@~1.7.1
-    - deps: send@0.10.1
-
-4.9.8 / 2014-10-17
-==================
-
-  * Fix `res.redirect` body when redirect status specified
-  * deps: accepts@~1.1.2
-    - Fix error when media type has invalid parameter
-    - deps: negotiator@0.4.9
-
-4.9.7 / 2014-10-10
-==================
-
-  * Fix using same param name in array of paths
-
-4.9.6 / 2014-10-08
-==================
-
-  * deps: accepts@~1.1.1
-    - deps: mime-types@~2.0.2
-    - deps: negotiator@0.4.8
-  * deps: serve-static@~1.6.4
-    - Fix redirect loop when index file serving disabled
-  * deps: type-is@~1.5.2
-    - deps: mime-types@~2.0.2
-
-4.9.5 / 2014-09-24
-==================
-
-  * deps: etag@~1.4.0
-  * deps: proxy-addr@~1.0.3
-    - Use `forwarded` npm module
-  * deps: send@0.9.3
-    - deps: etag@~1.4.0
-  * deps: serve-static@~1.6.3
-    - deps: send@0.9.3
-
-4.9.4 / 2014-09-19
-==================
-
-  * deps: qs@2.2.4
-    - Fix issue with object keys starting with numbers truncated
-
-4.9.3 / 2014-09-18
-==================
-
-  * deps: proxy-addr@~1.0.2
-    - Fix a global leak when multiple subnets are trusted
-    - deps: ipaddr.js@0.1.3
-
-4.9.2 / 2014-09-17
-==================
-
-  * Fix regression for empty string `path` in `app.use`
-  * Fix `router.use` to accept array of middleware without path
-  * Improve error message for bad `app.use` arguments
-
-4.9.1 / 2014-09-16
-==================
-
-  * Fix `app.use` to accept array of middleware without path
-  * deps: depd@0.4.5
-  * deps: etag@~1.3.1
-  * deps: send@0.9.2
-    - deps: depd@0.4.5
-    - deps: etag@~1.3.1
-    - deps: range-parser@~1.0.2
-  * deps: serve-static@~1.6.2
-    - deps: send@0.9.2
-
-4.9.0 / 2014-09-08
-==================
-
-  * Add `res.sendStatus`
-  * Invoke callback for sendfile when client aborts
-    - Applies to `res.sendFile`, `res.sendfile`, and `res.download`
-    - `err` will be populated with request aborted error
-  * Support IP address host in `req.subdomains`
-  * Use `etag` to generate `ETag` headers
-  * deps: accepts@~1.1.0
-    - update `mime-types`
-  * deps: cookie-signature@1.0.5
-  * deps: debug@~2.0.0
-  * deps: finalhandler@0.2.0
-    - Set `X-Content-Type-Options: nosniff` header
-    - deps: debug@~2.0.0
-  * deps: fresh@0.2.4
-  * deps: media-typer@0.3.0
-    - Throw error when parameter format invalid on parse
-  * deps: qs@2.2.3
-    - Fix issue where first empty value in array is discarded
-  * deps: range-parser@~1.0.2
-  * deps: send@0.9.1
-    - Add `lastModified` option
-    - Use `etag` to generate `ETag` header
-    - deps: debug@~2.0.0
-    - deps: fresh@0.2.4
-  * deps: serve-static@~1.6.1
-    - Add `lastModified` option
-    - deps: send@0.9.1
-  * deps: type-is@~1.5.1
-    - fix `hasbody` to be true for `content-length: 0`
-    - deps: media-typer@0.3.0
-    - deps: mime-types@~2.0.1
-  * deps: vary@~1.0.0
-    - Accept valid `Vary` header string as `field`
-
-4.8.8 / 2014-09-04
-==================
-
-  * deps: send@0.8.5
-    - Fix a path traversal issue when using `root`
-    - Fix malicious path detection for empty string path
-  * deps: serve-static@~1.5.4
-    - deps: send@0.8.5
-
-4.8.7 / 2014-08-29
-==================
-
-  * deps: qs@2.2.2
-    - Remove unnecessary cloning
-
-4.8.6 / 2014-08-27
-==================
-
-  * deps: qs@2.2.0
-    - Array parsing fix
-    - Performance improvements
-
-4.8.5 / 2014-08-18
-==================
-
-  * deps: send@0.8.3
-    - deps: destroy@1.0.3
-    - deps: on-finished@2.1.0
-  * deps: serve-static@~1.5.3
-    - deps: send@0.8.3
-
-4.8.4 / 2014-08-14
-==================
-
-  * deps: qs@1.2.2
-  * deps: send@0.8.2
-    - Work around `fd` leak in Node.js 0.10 for `fs.ReadStream`
-  * deps: serve-static@~1.5.2
-    - deps: send@0.8.2
-
-4.8.3 / 2014-08-10
-==================
-
-  * deps: parseurl@~1.3.0
-  * deps: qs@1.2.1
-  * deps: serve-static@~1.5.1
-    - Fix parsing of weird `req.originalUrl` values
-    - deps: parseurl@~1.3.0
-    - deps: utils-merge@1.0.0
-
-4.8.2 / 2014-08-07
-==================
-
-  * deps: qs@1.2.0
-    - Fix parsing array of objects
-
-4.8.1 / 2014-08-06
-==================
-
-  * fix incorrect deprecation warnings on `res.download`
-  * deps: qs@1.1.0
-    - Accept urlencoded square brackets
-    - Accept empty values in implicit array notation
-
-4.8.0 / 2014-08-05
-==================
-
-  * add `res.sendFile`
-    - accepts a file system path instead of a URL
-    - requires an absolute path or `root` option specified
-  * deprecate `res.sendfile` -- use `res.sendFile` instead
-  * support mounted app as any argument to `app.use()`
-  * deps: qs@1.0.2
-    - Complete rewrite
-    - Limits array length to 20
-    - Limits object depth to 5
-    - Limits parameters to 1,000
-  * deps: send@0.8.1
-    - Add `extensions` option
-  * deps: serve-static@~1.5.0
-    - Add `extensions` option
-    - deps: send@0.8.1
-
-4.7.4 / 2014-08-04
-==================
-
-  * fix `res.sendfile` regression for serving directory index files
-  * deps: send@0.7.4
-    - Fix incorrect 403 on Windows and Node.js 0.11
-    - Fix serving index files without root dir
-  * deps: serve-static@~1.4.4
-    - deps: send@0.7.4
-
-4.7.3 / 2014-08-04
-==================
-
-  * deps: send@0.7.3
-    - Fix incorrect 403 on Windows and Node.js 0.11
-  * deps: serve-static@~1.4.3
-    - Fix incorrect 403 on Windows and Node.js 0.11
-    - deps: send@0.7.3
-
-4.7.2 / 2014-07-27
-==================
-
-  * deps: depd@0.4.4
-    - Work-around v8 generating empty stack traces
-  * deps: send@0.7.2
-    - deps: depd@0.4.4
-  * deps: serve-static@~1.4.2
-
-4.7.1 / 2014-07-26
-==================
-
-  * deps: depd@0.4.3
-    - Fix exception when global `Error.stackTraceLimit` is too low
-  * deps: send@0.7.1
-    - deps: depd@0.4.3
-  * deps: serve-static@~1.4.1
-
-4.7.0 / 2014-07-25
-==================
-
-  * fix `req.protocol` for proxy-direct connections
-  * configurable query parser with `app.set('query parser', parser)`
-    - `app.set('query parser', 'extended')` parse with "qs" module
-    - `app.set('query parser', 'simple')` parse with "querystring" core module
-    - `app.set('query parser', false)` disable query string parsing
-    - `app.set('query parser', true)` enable simple parsing
-  * deprecate `res.json(status, obj)` -- use `res.status(status).json(obj)` instead
-  * deprecate `res.jsonp(status, obj)` -- use `res.status(status).jsonp(obj)` instead
-  * deprecate `res.send(status, body)` -- use `res.status(status).send(body)` instead
-  * deps: debug@1.0.4
-  * deps: depd@0.4.2
-    - Add `TRACE_DEPRECATION` environment variable
-    - Remove non-standard grey color from color output
-    - Support `--no-deprecation` argument
-    - Support `--trace-deprecation` argument
-  * deps: finalhandler@0.1.0
-    - Respond after request fully read
-    - deps: debug@1.0.4
-  * deps: parseurl@~1.2.0
-    - Cache URLs based on original value
-    - Remove no-longer-needed URL mis-parse work-around
-    - Simplify the "fast-path" `RegExp`
-  * deps: send@0.7.0
-    - Add `dotfiles` option
-    - Cap `maxAge` value to 1 year
-    - deps: debug@1.0.4
-    - deps: depd@0.4.2
-  * deps: serve-static@~1.4.0
-    - deps: parseurl@~1.2.0
-    - deps: send@0.7.0
-  * perf: prevent multiple `Buffer` creation in `res.send`
-
-4.6.1 / 2014-07-12
-==================
-
-  * fix `subapp.mountpath` regression for `app.use(subapp)`
-
-4.6.0 / 2014-07-11
-==================
-
-  * accept multiple callbacks to `app.use()`
-  * add explicit "Rosetta Flash JSONP abuse" protection
-    - previous versions are not vulnerable; this is just explicit protection
-  * catch errors in multiple `req.param(name, fn)` handlers
-  * deprecate `res.redirect(url, status)` -- use `res.redirect(status, url)` instead
-  * fix `res.send(status, num)` to send `num` as json (not error)
-  * remove unnecessary escaping when `res.jsonp` returns JSON response
-  * support non-string `path` in `app.use(path, fn)`
-    - supports array of paths
-    - supports `RegExp`
-  * router: fix optimization on router exit
-  * router: refactor location of `try` blocks
-  * router: speed up standard `app.use(fn)`
-  * deps: debug@1.0.3
-    - Add support for multiple wildcards in namespaces
-  * deps: finalhandler@0.0.3
-    - deps: debug@1.0.3
-  * deps: methods@1.1.0
-    - add `CONNECT`
-  * deps: parseurl@~1.1.3
-    - faster parsing of href-only URLs
-  * deps: path-to-regexp@0.1.3
-  * deps: send@0.6.0
-    - deps: debug@1.0.3
-  * deps: serve-static@~1.3.2
-    - deps: parseurl@~1.1.3
-    - deps: send@0.6.0
-  * perf: fix arguments reassign deopt in some `res` methods
-
-4.5.1 / 2014-07-06
-==================
-
- * fix routing regression when altering `req.method`
-
-4.5.0 / 2014-07-04
-==================
-
- * add deprecation message to non-plural `req.accepts*`
- * add deprecation message to `res.send(body, status)`
- * add deprecation message to `res.vary()`
- * add `headers` option to `res.sendfile`
-   - use to set headers on successful file transfer
- * add `mergeParams` option to `Router`
-   - merges `req.params` from parent routes
- * add `req.hostname` -- correct name for what `req.host` returns
- * deprecate things with `depd` module
- * deprecate `req.host` -- use `req.hostname` instead
- * fix behavior when handling request without routes
- * fix handling when `route.all` is only route
- * invoke `router.param()` only when route matches
- * restore `req.params` after invoking router
- * use `finalhandler` for final response handling
- * use `media-typer` to alter content-type charset
- * deps: accepts@~1.0.7
- * deps: send@0.5.0
-   - Accept string for `maxage` (converted by `ms`)
-   - Include link in default redirect response
- * deps: serve-static@~1.3.0
-   - Accept string for `maxAge` (converted by `ms`)
-   - Add `setHeaders` option
-   - Include HTML link in redirect response
-   - deps: send@0.5.0
- * deps: type-is@~1.3.2
-
-4.4.5 / 2014-06-26
-==================
-
- * deps: cookie-signature@1.0.4
-   - fix for timing attacks
-
-4.4.4 / 2014-06-20
-==================
-
- * fix `res.attachment` Unicode filenames in Safari
- * fix "trim prefix" debug message in `express:router`
- * deps: accepts@~1.0.5
- * deps: buffer-crc32@0.2.3
-
-4.4.3 / 2014-06-11
-==================
-
- * fix persistence of modified `req.params[name]` from `app.param()`
- * deps: accepts@1.0.3
-   - deps: negotiator@0.4.6
- * deps: debug@1.0.2
- * deps: send@0.4.3
-   - Do not throw uncatchable error on file open race condition
-   - Use `escape-html` for HTML escaping
-   - deps: debug@1.0.2
-   - deps: finished@1.2.2
-   - deps: fresh@0.2.2
- * deps: serve-static@1.2.3
-   - Do not throw uncatchable error on file open race condition
-   - deps: send@0.4.3
-
-4.4.2 / 2014-06-09
-==================
-
- * fix catching errors from top-level handlers
- * use `vary` module for `res.vary`
- * deps: debug@1.0.1
- * deps: proxy-addr@1.0.1
- * deps: send@0.4.2
-   - fix "event emitter leak" warnings
-   - deps: debug@1.0.1
-   - deps: finished@1.2.1
- * deps: serve-static@1.2.2
-   - fix "event emitter leak" warnings
-   - deps: send@0.4.2
- * deps: type-is@1.2.1
-
-4.4.1 / 2014-06-02
-==================
-
- * deps: methods@1.0.1
- * deps: send@0.4.1
-   - Send `max-age` in `Cache-Control` in correct format
- * deps: serve-static@1.2.1
-   - use `escape-html` for escaping
-   - deps: send@0.4.1
-
-4.4.0 / 2014-05-30
-==================
-
- * custom etag control with `app.set('etag', val)`
-   - `app.set('etag', function(body, encoding){ return '"etag"' })` custom etag generation
-   - `app.set('etag', 'weak')` weak tag
-   - `app.set('etag', 'strong')` strong etag
-   - `app.set('etag', false)` turn off
-   - `app.set('etag', true)` standard etag
- * mark `res.send` ETag as weak and reduce collisions
- * update accepts to 1.0.2
-   - Fix interpretation when header not in request
- * update send to 0.4.0
-   - Calculate ETag with md5 for reduced collisions
-   - Ignore stream errors after request ends
-   - deps: debug@0.8.1
- * update serve-static to 1.2.0
-   - Calculate ETag with md5 for reduced collisions
-   - Ignore stream errors after request ends
-   - deps: send@0.4.0
-
-4.3.2 / 2014-05-28
-==================
-
- * fix handling of errors from `router.param()` callbacks
-
-4.3.1 / 2014-05-23
-==================
-
- * revert "fix behavior of multiple `app.VERB` for the same path"
-   - this caused a regression in the order of route execution
-
-4.3.0 / 2014-05-21
-==================
-
- * add `req.baseUrl` to access the path stripped from `req.url` in routes
- * fix behavior of multiple `app.VERB` for the same path
- * fix issue routing requests among sub routers
- * invoke `router.param()` only when necessary instead of every match
- * proper proxy trust with `app.set('trust proxy', trust)`
-   - `app.set('trust proxy', 1)` trust first hop
-   - `app.set('trust proxy', 'loopback')` trust loopback addresses
-   - `app.set('trust proxy', '10.0.0.1')` trust single IP
-   - `app.set('trust proxy', '10.0.0.1/16')` trust subnet
-   - `app.set('trust proxy', '10.0.0.1, 10.0.0.2')` trust list
-   - `app.set('trust proxy', false)` turn off
-   - `app.set('trust proxy', true)` trust everything
- * set proper `charset` in `Content-Type` for `res.send`
- * update type-is to 1.2.0
-   - support suffix matching
-
-4.2.0 / 2014-05-11
-==================
-
- * deprecate `app.del()` -- use `app.delete()` instead
- * deprecate `res.json(obj, status)` -- use `res.json(status, obj)` instead
-   - the edge-case `res.json(status, num)` requires `res.status(status).json(num)`
- * deprecate `res.jsonp(obj, status)` -- use `res.jsonp(status, obj)` instead
-   - the edge-case `res.jsonp(status, num)` requires `res.status(status).jsonp(num)`
- * fix `req.next` when inside router instance
- * include `ETag` header in `HEAD` requests
- * keep previous `Content-Type` for `res.jsonp`
- * support PURGE method
-   - add `app.purge`
-   - add `router.purge`
-   - include PURGE in `app.all`
- * update debug to 0.8.0
-   - add `enable()` method
-   - change from stderr to stdout
- * update methods to 1.0.0
-   - add PURGE
-
-4.1.2 / 2014-05-08
-==================
-
- * fix `req.host` for IPv6 literals
- * fix `res.jsonp` error if callback param is object
-
-4.1.1 / 2014-04-27
-==================
-
- * fix package.json to reflect supported node version
-
-4.1.0 / 2014-04-24
-==================
-
- * pass options from `res.sendfile` to `send`
- * preserve casing of headers in `res.header` and `res.set`
- * support unicode file names in `res.attachment` and `res.download`
- * update accepts to 1.0.1
-   - deps: negotiator@0.4.0
- * update cookie to 0.1.2
-   - Fix for maxAge == 0
-   - made compat with expires field
- * update send to 0.3.0
-   - Accept API options in options object
-   - Coerce option types
-   - Control whether to generate etags
-   - Default directory access to 403 when index disabled
-   - Fix sending files with dots without root set
-   - Include file path in etag
-   - Make "Can't set headers after they are sent." catchable
-   - Send full entity-body for multi range requests
-   - Set etags to "weak"
-   - Support "If-Range" header
-   - Support multiple index paths
-   - deps: mime@1.2.11
- * update serve-static to 1.1.0
-   - Accept options directly to `send` module
-   - Resolve relative paths at middleware setup
-   - Use parseurl to parse the URL from request
-   - deps: send@0.3.0
- * update type-is to 1.1.0
-   - add non-array values support
-   - add `multipart` as a shorthand
-
-4.0.0 / 2014-04-09
-==================
-
- * remove:
-   - node 0.8 support
-   - connect and connect's patches except for charset handling
-   - express(1) - moved to [express-generator](https://github.com/expressjs/generator)
-   - `express.createServer()` - it has been deprecated for a long time. Use `express()`
-   - `app.configure` - use logic in your own app code
-   - `app.router` - is removed
-   - `req.auth` - use `basic-auth` instead
-   - `req.accepted*` - use `req.accepts*()` instead
-   - `res.location` - relative URL resolution is removed
-   - `res.charset` - include the charset in the content type when using `res.set()`
-   - all bundled middleware except `static`
- * change:
-   - `app.route` -> `app.mountpath` when mounting an express app in another express app
-   - `json spaces` no longer enabled by default in development
-   - `req.accepts*` -> `req.accepts*s` - i.e. `req.acceptsEncoding` -> `req.acceptsEncodings`
-   - `req.params` is now an object instead of an array
-   - `res.locals` is no longer a function. It is a plain js object. Treat it as such.
-   - `res.headerSent` -> `res.headersSent` to match node.js ServerResponse object
- * refactor:
-   - `req.accepts*` with [accepts](https://github.com/expressjs/accepts)
-   - `req.is` with [type-is](https://github.com/expressjs/type-is)
-   - [path-to-regexp](https://github.com/component/path-to-regexp)
- * add:
-   - `app.router()` - returns the app Router instance
-   - `app.route()` - Proxy to the app's `Router#route()` method to create a new route
-   - Router & Route - public API
-
-3.21.2 / 2015-07-31
-===================
-
-  * deps: connect@2.30.2
-    - deps: body-parser@~1.13.3
-    - deps: compression@~1.5.2
-    - deps: errorhandler@~1.4.2
-    - deps: method-override@~2.3.5
-    - deps: serve-index@~1.7.2
-    - deps: type-is@~1.6.6
-    - deps: vhost@~3.0.1
-  * deps: vary@~1.0.1
-    - Fix setting empty header from empty `field`
-    - perf: enable strict mode
-    - perf: remove argument reassignments
-
-3.21.1 / 2015-07-05
-===================
-
-  * deps: basic-auth@~1.0.3
-  * deps: connect@2.30.1
-    - deps: body-parser@~1.13.2
-    - deps: compression@~1.5.1
-    - deps: errorhandler@~1.4.1
-    - deps: morgan@~1.6.1
-    - deps: pause@0.1.0
-    - deps: qs@4.0.0
-    - deps: serve-index@~1.7.1
-    - deps: type-is@~1.6.4
-
-3.21.0 / 2015-06-18
-===================
-
-  * deps: basic-auth@1.0.2
-    - perf: enable strict mode
-    - perf: hoist regular expression
-    - perf: parse with regular expressions
-    - perf: remove argument reassignment
-  * deps: connect@2.30.0
-    - deps: body-parser@~1.13.1
-    - deps: bytes@2.1.0
-    - deps: compression@~1.5.0
-    - deps: cookie@0.1.3
-    - deps: cookie-parser@~1.3.5
-    - deps: csurf@~1.8.3
-    - deps: errorhandler@~1.4.0
-    - deps: express-session@~1.11.3
-    - deps: finalhandler@0.4.0
-    - deps: fresh@0.3.0
-    - deps: morgan@~1.6.0
-    - deps: serve-favicon@~2.3.0
-    - deps: serve-index@~1.7.0
-    - deps: serve-static@~1.10.0
-    - deps: type-is@~1.6.3
-  * deps: cookie@0.1.3
-    - perf: deduce the scope of try-catch deopt
-    - perf: remove argument reassignments
-  * deps: escape-html@1.0.2
-  * deps: etag@~1.7.0
-    - Always include entity length in ETags for hash length extensions
-    - Generate non-Stats ETags using MD5 only (no longer CRC32)
-    - Improve stat performance by removing hashing
-    - Improve support for JXcore
-    - Remove base64 padding in ETags to shorten
-    - Support "fake" stats objects in environments without fs
-    - Use MD5 instead of MD4 in weak ETags over 1KB
-  * deps: fresh@0.3.0
-    - Add weak `ETag` matching support
-  * deps: mkdirp@0.5.1
-    - Work in global strict mode
-  * deps: send@0.13.0
-    - Allow Node.js HTTP server to set `Date` response header
-    - Fix incorrectly removing `Content-Location` on 304 response
-    - Improve the default redirect response headers
-    - Send appropriate headers on default error response
-    - Use `http-errors` for standard emitted errors
-    - Use `statuses` instead of `http` module for status messages
-    - deps: escape-html@1.0.2
-    - deps: etag@~1.7.0
-    - deps: fresh@0.3.0
-    - deps: on-finished@~2.3.0
-    - perf: enable strict mode
-    - perf: remove unnecessary array allocations
-
-3.20.3 / 2015-05-17
-===================
-
-  * deps: connect@2.29.2
-    - deps: body-parser@~1.12.4
-    - deps: compression@~1.4.4
-    - deps: connect-timeout@~1.6.2
-    - deps: debug@~2.2.0
-    - deps: depd@~1.0.1
-    - deps: errorhandler@~1.3.6
-    - deps: finalhandler@0.3.6
-    - deps: method-override@~2.3.3
-    - deps: morgan@~1.5.3
-    - deps: qs@2.4.2
-    - deps: response-time@~2.3.1
-    - deps: serve-favicon@~2.2.1
-    - deps: serve-index@~1.6.4
-    - deps: serve-static@~1.9.3
-    - deps: type-is@~1.6.2
-  * deps: debug@~2.2.0
-    - deps: ms@0.7.1
-  * deps: depd@~1.0.1
-  * deps: proxy-addr@~1.0.8
-    - deps: ipaddr.js@1.0.1
-  * deps: send@0.12.3
-    - deps: debug@~2.2.0
-    - deps: depd@~1.0.1
-    - deps: etag@~1.6.0
-    - deps: ms@0.7.1
-    - deps: on-finished@~2.2.1
-
-3.20.2 / 2015-03-16
-===================
-
-  * deps: connect@2.29.1
-    - deps: body-parser@~1.12.2
-    - deps: compression@~1.4.3
-    - deps: connect-timeout@~1.6.1
-    - deps: debug@~2.1.3
-    - deps: errorhandler@~1.3.5
-    - deps: express-session@~1.10.4
-    - deps: finalhandler@0.3.4
-    - deps: method-override@~2.3.2
-    - deps: morgan@~1.5.2
-    - deps: qs@2.4.1
-    - deps: serve-index@~1.6.3
-    - deps: serve-static@~1.9.2
-    - deps: type-is@~1.6.1
-  * deps: debug@~2.1.3
-    - Fix high intensity foreground color for bold
-    - deps: ms@0.7.0
-  * deps: merge-descriptors@1.0.0
-  * deps: proxy-addr@~1.0.7
-    - deps: ipaddr.js@0.1.9
-  * deps: send@0.12.2
-    - Throw errors early for invalid `extensions` or `index` options
-    - deps: debug@~2.1.3
-
-3.20.1 / 2015-02-28
-===================
-
-  * Fix `req.host` when using "trust proxy" hops count
-  * Fix `req.protocol`/`req.secure` when using "trust proxy" hops count
-
-3.20.0 / 2015-02-18
-===================
-
-  * Fix `"trust proxy"` setting to inherit when app is mounted
-  * Generate `ETag`s for all request responses
-    - No longer restricted to only responses for `GET` and `HEAD` requests
-  * Use `content-type` to parse `Content-Type` headers
-  * deps: connect@2.29.0
-    - Use `content-type` to parse `Content-Type` headers
-    - deps: body-parser@~1.12.0
-    - deps: compression@~1.4.1
-    - deps: connect-timeout@~1.6.0
-    - deps: cookie-parser@~1.3.4
-    - deps: cookie-signature@1.0.6
-    - deps: csurf@~1.7.0
-    - deps: errorhandler@~1.3.4
-    - deps: express-session@~1.10.3
-    - deps: http-errors@~1.3.1
-    - deps: response-time@~2.3.0
-    - deps: serve-index@~1.6.2
-    - deps: serve-static@~1.9.1
-    - deps: type-is@~1.6.0
-  * deps: cookie-signature@1.0.6
-  * deps: send@0.12.1
-    - Always read the stat size from the file
-    - Fix mutating passed-in `options`
-    - deps: mime@1.3.4
-
-3.19.2 / 2015-02-01
-===================
-
-  * deps: connect@2.28.3
-    - deps: compression@~1.3.1
-    - deps: csurf@~1.6.6
-    - deps: errorhandler@~1.3.3
-    - deps: express-session@~1.10.2
-    - deps: serve-index@~1.6.1
-    - deps: type-is@~1.5.6
-  * deps: proxy-addr@~1.0.6
-    - deps: ipaddr.js@0.1.8
-
-3.19.1 / 2015-01-20
-===================
-
-  * deps: connect@2.28.2
-    - deps: body-parser@~1.10.2
-    - deps: serve-static@~1.8.1
-  * deps: send@0.11.1
-    - Fix root path disclosure
-
-3.19.0 / 2015-01-09
-===================
-
-  * Fix `OPTIONS` responses to include the `HEAD` method property
-  * Use `readline` for prompt in `express(1)`
-  * deps: commander@2.6.0
-  * deps: connect@2.28.1
-    - deps: body-parser@~1.10.1
-    - deps: compression@~1.3.0
-    - deps: connect-timeout@~1.5.0
-    - deps: csurf@~1.6.4
-    - deps: debug@~2.1.1
-    - deps: errorhandler@~1.3.2
-    - deps: express-session@~1.10.1
-    - deps: finalhandler@0.3.3
-    - deps: method-override@~2.3.1
-    - deps: morgan@~1.5.1
-    - deps: serve-favicon@~2.2.0
-    - deps: serve-index@~1.6.0
-    - deps: serve-static@~1.8.0
-    - deps: type-is@~1.5.5
-  * deps: debug@~2.1.1
-  * deps: methods@~1.1.1
-  * deps: proxy-addr@~1.0.5
-    - deps: ipaddr.js@0.1.6
-  * deps: send@0.11.0
-    - deps: debug@~2.1.1
-    - deps: etag@~1.5.1
-    - deps: ms@0.7.0
-    - deps: on-finished@~2.2.0
-
-3.18.6 / 2014-12-12
-===================
-
-  * Fix exception in `req.fresh`/`req.stale` without response headers
-
-3.18.5 / 2014-12-11
-===================
-
-  * deps: connect@2.27.6
-    - deps: compression@~1.2.2
-    - deps: express-session@~1.9.3
-    - deps: http-errors@~1.2.8
-    - deps: serve-index@~1.5.3
-    - deps: type-is@~1.5.4
-
-3.18.4 / 2014-11-23
-===================
-
-  * deps: connect@2.27.4
-    - deps: body-parser@~1.9.3
-    - deps: compression@~1.2.1
-    - deps: errorhandler@~1.2.3
-    - deps: express-session@~1.9.2
-    - deps: qs@2.3.3
-    - deps: serve-favicon@~2.1.7
-    - deps: serve-static@~1.5.1
-    - deps: type-is@~1.5.3
-  * deps: etag@~1.5.1
-  * deps: proxy-addr@~1.0.4
-    - deps: ipaddr.js@0.1.5
-
-3.18.3 / 2014-11-09
-===================
-
-  * deps: connect@2.27.3
-    - Correctly invoke async callback asynchronously
-    - deps: csurf@~1.6.3
-
-3.18.2 / 2014-10-28
-===================
-
-  * deps: connect@2.27.2
-    - Fix handling of URLs containing `://` in the path
-    - deps: body-parser@~1.9.2
-    - deps: qs@2.3.2
-
-3.18.1 / 2014-10-22
-===================
-
-  * Fix internal `utils.merge` deprecation warnings
-  * deps: connect@2.27.1
-    - deps: body-parser@~1.9.1
-    - deps: express-session@~1.9.1
-    - deps: finalhandler@0.3.2
-    - deps: morgan@~1.4.1
-    - deps: qs@2.3.0
-    - deps: serve-static@~1.7.1
-  * deps: send@0.10.1
-    - deps: on-finished@~2.1.1
-
-3.18.0 / 2014-10-17
-===================
-
-  * Use `content-disposition` module for `res.attachment`/`res.download`
-    - Sends standards-compliant `Content-Disposition` header
-    - Full Unicode support
-  * Use `etag` module to generate `ETag` headers
-  * deps: connect@2.27.0
-    - Use `http-errors` module for creating errors
-    - Use `utils-merge` module for merging objects
-    - deps: body-parser@~1.9.0
-    - deps: compression@~1.2.0
-    - deps: connect-timeout@~1.4.0
-    - deps: debug@~2.1.0
-    - deps: depd@~1.0.0
-    - deps: express-session@~1.9.0
-    - deps: finalhandler@0.3.1
-    - deps: method-override@~2.3.0
-    - deps: morgan@~1.4.0
-    - deps: response-time@~2.2.0
-    - deps: serve-favicon@~2.1.6
-    - deps: serve-index@~1.5.0
-    - deps: serve-static@~1.7.0
-  * deps: debug@~2.1.0
-    - Implement `DEBUG_FD` env variable support
-  * deps: depd@~1.0.0
-  * deps: send@0.10.0
-    - deps: debug@~2.1.0
-    - deps: depd@~1.0.0
-    - deps: etag@~1.5.0
-
-3.17.8 / 2014-10-15
-===================
-
-  * deps: connect@2.26.6
-    - deps: compression@~1.1.2
-    - deps: csurf@~1.6.2
-    - deps: errorhandler@~1.2.2
-
-3.17.7 / 2014-10-08
-===================
-
-  * deps: connect@2.26.5
-    - Fix accepting non-object arguments to `logger`
-    - deps: serve-static@~1.6.4
-
-3.17.6 / 2014-10-02
-===================
-
-  * deps: connect@2.26.4
-    - deps: morgan@~1.3.2
-    - deps: type-is@~1.5.2
-
-3.17.5 / 2014-09-24
-===================
-
-  * deps: connect@2.26.3
-    - deps: body-parser@~1.8.4
-    - deps: serve-favicon@~2.1.5
-    - deps: serve-static@~1.6.3
-  * deps: proxy-addr@~1.0.3
-    - Use `forwarded` npm module
-  * deps: send@0.9.3
-    - deps: etag@~1.4.0
-
-3.17.4 / 2014-09-19
-===================
-
-  * deps: connect@2.26.2
-    - deps: body-parser@~1.8.3
-    - deps: qs@2.2.4
-
-3.17.3 / 2014-09-18
-===================
-
-  * deps: proxy-addr@~1.0.2
-    - Fix a global leak when multiple subnets are trusted
-    - deps: ipaddr.js@0.1.3
-
-3.17.2 / 2014-09-15
-===================
-
-  * Use `crc` instead of `buffer-crc32` for speed
-  * deps: connect@2.26.1
-    - deps: body-parser@~1.8.2
-    - deps: depd@0.4.5
-    - deps: express-session@~1.8.2
-    - deps: morgan@~1.3.1
-    - deps: serve-favicon@~2.1.3
-    - deps: serve-static@~1.6.2
-  * deps: depd@0.4.5
-  * deps: send@0.9.2
-    - deps: depd@0.4.5
-    - deps: etag@~1.3.1
-    - deps: range-parser@~1.0.2
-
-3.17.1 / 2014-09-08
-===================
-
-  * Fix error in `req.subdomains` on empty host
-
-3.17.0 / 2014-09-08
-===================
-
-  * Support `X-Forwarded-Host` in `req.subdomains`
-  * Support IP address host in `req.subdomains`
-  * deps: connect@2.26.0
-    - deps: body-parser@~1.8.1
-    - deps: compression@~1.1.0
-    - deps: connect-timeout@~1.3.0
-    - deps: cookie-parser@~1.3.3
-    - deps: cookie-signature@1.0.5
-    - deps: csurf@~1.6.1
-    - deps: debug@~2.0.0
-    - deps: errorhandler@~1.2.0
-    - deps: express-session@~1.8.1
-    - deps: finalhandler@0.2.0
-    - deps: fresh@0.2.4
-    - deps: media-typer@0.3.0
-    - deps: method-override@~2.2.0
-    - deps: morgan@~1.3.0
-    - deps: qs@2.2.3
-    - deps: serve-favicon@~2.1.3
-    - deps: serve-index@~1.2.1
-    - deps: serve-static@~1.6.1
-    - deps: type-is@~1.5.1
-    - deps: vhost@~3.0.0
-  * deps: cookie-signature@1.0.5
-  * deps: debug@~2.0.0
-  * deps: fresh@0.2.4
-  * deps: media-typer@0.3.0
-    - Throw error when parameter format invalid on parse
-  * deps: range-parser@~1.0.2
-  * deps: send@0.9.1
-    - Add `lastModified` option
-    - Use `etag` to generate `ETag` header
-    - deps: debug@~2.0.0
-    - deps: fresh@0.2.4
-  * deps: vary@~1.0.0
-    - Accept valid `Vary` header string as `field`
-
-3.16.10 / 2014-09-04
-====================
-
-  * deps: connect@2.25.10
-    - deps: serve-static@~1.5.4
-  * deps: send@0.8.5
-    - Fix a path traversal issue when using `root`
-    - Fix malicious path detection for empty string path
-
-3.16.9 / 2014-08-29
-===================
-
-  * deps: connect@2.25.9
-    - deps: body-parser@~1.6.7
-    - deps: qs@2.2.2
-
-3.16.8 / 2014-08-27
-===================
-
-  * deps: connect@2.25.8
-    - deps: body-parser@~1.6.6
-    - deps: csurf@~1.4.1
-    - deps: qs@2.2.0
-
-3.16.7 / 2014-08-18
-===================
-
-  * deps: connect@2.25.7
-    - deps: body-parser@~1.6.5
-    - deps: express-session@~1.7.6
-    - deps: morgan@~1.2.3
-    - deps: serve-static@~1.5.3
-  * deps: send@0.8.3
-    - deps: destroy@1.0.3
-    - deps: on-finished@2.1.0
-
-3.16.6 / 2014-08-14
-===================
-
-  * deps: connect@2.25.6
-    - deps: body-parser@~1.6.4
-    - deps: qs@1.2.2
-    - deps: serve-static@~1.5.2
-  * deps: send@0.8.2
-    - Work around `fd` leak in Node.js 0.10 for `fs.ReadStream`
-
-3.16.5 / 2014-08-11
-===================
-
-  * deps: connect@2.25.5
-    - Fix backwards compatibility in `logger`
-
-3.16.4 / 2014-08-10
-===================
-
-  * Fix original URL parsing in `res.location`
-  * deps: connect@2.25.4
-    - Fix `query` middleware breaking with argument
-    - deps: body-parser@~1.6.3
-    - deps: compression@~1.0.11
-    - deps: connect-timeout@~1.2.2
-    - deps: express-session@~1.7.5
-    - deps: method-override@~2.1.3
-    - deps: on-headers@~1.0.0
-    - deps: parseurl@~1.3.0
-    - deps: qs@1.2.1
-    - deps: response-time@~2.0.1
-    - deps: serve-index@~1.1.6
-    - deps: serve-static@~1.5.1
-  * deps: parseurl@~1.3.0
-
-3.16.3 / 2014-08-07
-===================
-
-  * deps: connect@2.25.3
-    - deps: multiparty@3.3.2
-
-3.16.2 / 2014-08-07
-===================
-
-  * deps: connect@2.25.2
-    - deps: body-parser@~1.6.2
-    - deps: qs@1.2.0
-
-3.16.1 / 2014-08-06
-===================
-
-  * deps: connect@2.25.1
-    - deps: body-parser@~1.6.1
-    - deps: qs@1.1.0
-
-3.16.0 / 2014-08-05
-===================
-
-  * deps: connect@2.25.0
-    - deps: body-parser@~1.6.0
-    - deps: compression@~1.0.10
-    - deps: csurf@~1.4.0
-    - deps: express-session@~1.7.4
-    - deps: qs@1.0.2
-    - deps: serve-static@~1.5.0
-  * deps: send@0.8.1
-    - Add `extensions` option
-
-3.15.3 / 2014-08-04
-===================
-
-  * fix `res.sendfile` regression for serving directory index files
-  * deps: connect@2.24.3
-    - deps: serve-index@~1.1.5
-    - deps: serve-static@~1.4.4
-  * deps: send@0.7.4
-    - Fix incorrect 403 on Windows and Node.js 0.11
-    - Fix serving index files without root dir
-
-3.15.2 / 2014-07-27
-===================
-
-  * deps: connect@2.24.2
-    - deps: body-parser@~1.5.2
-    - deps: depd@0.4.4
-    - deps: express-session@~1.7.2
-    - deps: morgan@~1.2.2
-    - deps: serve-static@~1.4.2
-  * deps: depd@0.4.4
-    - Work-around v8 generating empty stack traces
-  * deps: send@0.7.2
-    - deps: depd@0.4.4
-
-3.15.1 / 2014-07-26
-===================
-
-  * deps: connect@2.24.1
-    - deps: body-parser@~1.5.1
-    - deps: depd@0.4.3
-    - deps: express-session@~1.7.1
-    - deps: morgan@~1.2.1
-    - deps: serve-index@~1.1.4
-    - deps: serve-static@~1.4.1
-  * deps: depd@0.4.3
-    - Fix exception when global `Error.stackTraceLimit` is too low
-  * deps: send@0.7.1
-    - deps: depd@0.4.3
-
-3.15.0 / 2014-07-22
-===================
-
-  * Fix `req.protocol` for proxy-direct connections
-  * Pass options from `res.sendfile` to `send`
-  * deps: connect@2.24.0
-    - deps: body-parser@~1.5.0
-    - deps: compression@~1.0.9
-    - deps: connect-timeout@~1.2.1
-    - deps: debug@1.0.4
-    - deps: depd@0.4.2
-    - deps: express-session@~1.7.0
-    - deps: finalhandler@0.1.0
-    - deps: method-override@~2.1.2
-    - deps: morgan@~1.2.0
-    - deps: multiparty@3.3.1
-    - deps: parseurl@~1.2.0
-    - deps: serve-static@~1.4.0
-  * deps: debug@1.0.4
-  * deps: depd@0.4.2
-    - Add `TRACE_DEPRECATION` environment variable
-    - Remove non-standard grey color from color output
-    - Support `--no-deprecation` argument
-    - Support `--trace-deprecation` argument
-  * deps: parseurl@~1.2.0
-    - Cache URLs based on original value
-    - Remove no-longer-needed URL mis-parse work-around
-    - Simplify the "fast-path" `RegExp`
-  * deps: send@0.7.0
-    - Add `dotfiles` option
-    - Cap `maxAge` value to 1 year
-    - deps: debug@1.0.4
-    - deps: depd@0.4.2
-
-3.14.0 / 2014-07-11
-===================
-
- * add explicit "Rosetta Flash JSONP abuse" protection
-   - previous versions are not vulnerable; this is just explicit protection
- * deprecate `res.redirect(url, status)` -- use `res.redirect(status, url)` instead
- * fix `res.send(status, num)` to send `num` as json (not error)
- * remove unnecessary escaping when `res.jsonp` returns JSON response
- * deps: basic-auth@1.0.0
-   - support empty password
-   - support empty username
- * deps: connect@2.23.0
-   - deps: debug@1.0.3
-   - deps: express-session@~1.6.4
-   - deps: method-override@~2.1.0
-   - deps: parseurl@~1.1.3
-   - deps: serve-static@~1.3.1
-  * deps: debug@1.0.3
-    - Add support for multiple wildcards in namespaces
-  * deps: methods@1.1.0
-    - add `CONNECT`
-  * deps: parseurl@~1.1.3
-    - faster parsing of href-only URLs
-
-3.13.0 / 2014-07-03
-===================
-
- * add deprecation message to `app.configure`
- * add deprecation message to `req.auth`
- * use `basic-auth` to parse `Authorization` header
- * deps: connect@2.22.0
-   - deps: csurf@~1.3.0
-   - deps: express-session@~1.6.1
-   - deps: multiparty@3.3.0
-   - deps: serve-static@~1.3.0
- * deps: send@0.5.0
-   - Accept string for `maxage` (converted by `ms`)
-   - Include link in default redirect response
-
-3.12.1 / 2014-06-26
-===================
-
- * deps: connect@2.21.1
-   - deps: cookie-parser@1.3.2
-   - deps: cookie-signature@1.0.4
-   - deps: express-session@~1.5.2
-   - deps: type-is@~1.3.2
- * deps: cookie-signature@1.0.4
-   - fix for timing attacks
-
-3.12.0 / 2014-06-21
-===================
-
- * use `media-typer` to alter content-type charset
- * deps: connect@2.21.0
-   - deprecate `connect(middleware)` -- use `app.use(middleware)` instead
-   - deprecate `connect.createServer()` -- use `connect()` instead
-   - fix `res.setHeader()` patch to work with get -> append -> set pattern
-   - deps: compression@~1.0.8
-   - deps: errorhandler@~1.1.1
-   - deps: express-session@~1.5.0
-   - deps: serve-index@~1.1.3
-
-3.11.0 / 2014-06-19
-===================
-
- * deprecate things with `depd` module
- * deps: buffer-crc32@0.2.3
- * deps: connect@2.20.2
-   - deprecate `verify` option to `json` -- use `body-parser` npm module instead
-   - deprecate `verify` option to `urlencoded` -- use `body-parser` npm module instead
-   - deprecate things with `depd` module
-   - use `finalhandler` for final response handling
-   - use `media-typer` to parse `content-type` for charset
-   - deps: body-parser@1.4.3
-   - deps: connect-timeout@1.1.1
-   - deps: cookie-parser@1.3.1
-   - deps: csurf@1.2.2
-   - deps: errorhandler@1.1.0
-   - deps: express-session@1.4.0
-   - deps: multiparty@3.2.9
-   - deps: serve-index@1.1.2
-   - deps: type-is@1.3.1
-   - deps: vhost@2.0.0
-
-3.10.5 / 2014-06-11
-===================
-
- * deps: connect@2.19.6
-   - deps: body-parser@1.3.1
-   - deps: compression@1.0.7
-   - deps: debug@1.0.2
-   - deps: serve-index@1.1.1
-   - deps: serve-static@1.2.3
- * deps: debug@1.0.2
- * deps: send@0.4.3
-   - Do not throw uncatchable error on file open race condition
-   - Use `escape-html` for HTML escaping
-   - deps: debug@1.0.2
-   - deps: finished@1.2.2
-   - deps: fresh@0.2.2
-
-3.10.4 / 2014-06-09
-===================
-
- * deps: connect@2.19.5
-   - fix "event emitter leak" warnings
-   - deps: csurf@1.2.1
-   - deps: debug@1.0.1
-   - deps: serve-static@1.2.2
-   - deps: type-is@1.2.1
- * deps: debug@1.0.1
- * deps: send@0.4.2
-   - fix "event emitter leak" warnings
-   - deps: finished@1.2.1
-   - deps: debug@1.0.1
-
-3.10.3 / 2014-06-05
-===================
-
- * use `vary` module for `res.vary`
- * deps: connect@2.19.4
-   - deps: errorhandler@1.0.2
-   - deps: method-override@2.0.2
-   - deps: serve-favicon@2.0.1
- * deps: debug@1.0.0
-
-3.10.2 / 2014-06-03
-===================
-
- * deps: connect@2.19.3
-   - deps: compression@1.0.6
-
-3.10.1 / 2014-06-03
-===================
-
- * deps: connect@2.19.2
-   - deps: compression@1.0.4
- * deps: proxy-addr@1.0.1
-
-3.10.0 / 2014-06-02
-===================
-
- * deps: connect@2.19.1
-   - deprecate `methodOverride()` -- use `method-override` npm module instead
-   - deps: body-parser@1.3.0
-   - deps: method-override@2.0.1
-   - deps: multiparty@3.2.8
-   - deps: response-time@2.0.0
-   - deps: serve-static@1.2.1
- * deps: methods@1.0.1
- * deps: send@0.4.1
-   - Send `max-age` in `Cache-Control` in correct format
-
-3.9.0 / 2014-05-30
-==================
-
- * custom etag control with `app.set('etag', val)`
-   - `app.set('etag', function(body, encoding){ return '"etag"' })` custom etag generation
-   - `app.set('etag', 'weak')` weak tag
-   - `app.set('etag', 'strong')` strong etag
-   - `app.set('etag', false)` turn off
-   - `app.set('etag', true)` standard etag
- * Include ETag in HEAD requests
- * mark `res.send` ETag as weak and reduce collisions
- * update connect to 2.18.0
-   - deps: compression@1.0.3
-   - deps: serve-index@1.1.0
-   - deps: serve-static@1.2.0
- * update send to 0.4.0
-   - Calculate ETag with md5 for reduced collisions
-   - Ignore stream errors after request ends
-   - deps: debug@0.8.1
-
-3.8.1 / 2014-05-27
-==================
-
- * update connect to 2.17.3
-   - deps: body-parser@1.2.2
-   - deps: express-session@1.2.1
-   - deps: method-override@1.0.2
-
-3.8.0 / 2014-05-21
-==================
-
- * keep previous `Content-Type` for `res.jsonp`
- * set proper `charset` in `Content-Type` for `res.send`
- * update connect to 2.17.1
-   - fix `res.charset` appending charset when `content-type` has one
-   - deps: express-session@1.2.0
-   - deps: morgan@1.1.1
-   - deps: serve-index@1.0.3
-
-3.7.0 / 2014-05-18
-==================
-
- * proper proxy trust with `app.set('trust proxy', trust)`
-   - `app.set('trust proxy', 1)` trust first hop
-   - `app.set('trust proxy', 'loopback')` trust loopback addresses
-   - `app.set('trust proxy', '10.0.0.1')` trust single IP
-   - `app.set('trust proxy', '10.0.0.1/16')` trust subnet
-   - `app.set('trust proxy', '10.0.0.1, 10.0.0.2')` trust list
-   - `app.set('trust proxy', false)` turn off
-   - `app.set('trust proxy', true)` trust everything
- * update connect to 2.16.2
-   - deprecate `res.headerSent` -- use `res.headersSent`
-   - deprecate `res.on("header")` -- use on-headers module instead
-   - fix edge-case in `res.appendHeader` that would append in wrong order
-   - json: use body-parser
-   - urlencoded: use body-parser
-   - dep: bytes@1.0.0
-   - dep: cookie-parser@1.1.0
-   - dep: csurf@1.2.0
-   - dep: express-session@1.1.0
-   - dep: method-override@1.0.1
-
-3.6.0 / 2014-05-09
-==================
-
- * deprecate `app.del()` -- use `app.delete()` instead
- * deprecate `res.json(obj, status)` -- use `res.json(status, obj)` instead
-   - the edge-case `res.json(status, num)` requires `res.status(status).json(num)`
- * deprecate `res.jsonp(obj, status)` -- use `res.jsonp(status, obj)` instead
-   - the edge-case `res.jsonp(status, num)` requires `res.status(status).jsonp(num)`
- * support PURGE method
-   - add `app.purge`
-   - add `router.purge`
-   - include PURGE in `app.all`
- * update connect to 2.15.0
-   * Add `res.appendHeader`
-   * Call error stack even when response has been sent
-   * Patch `res.headerSent` to return Boolean
-   * Patch `res.headersSent` for node.js 0.8
-   * Prevent default 404 handler after response sent
-   * dep: compression@1.0.2
-   * dep: connect-timeout@1.1.0
-   * dep: debug@^0.8.0
-   * dep: errorhandler@1.0.1
-   * dep: express-session@1.0.4
-   * dep: morgan@1.0.1
-   * dep: serve-favicon@2.0.0
-   * dep: serve-index@1.0.2
- * update debug to 0.8.0
-   * add `enable()` method
-   * change from stderr to stdout
- * update methods to 1.0.0
-   - add PURGE
- * update mkdirp to 0.5.0
-
-3.5.3 / 2014-05-08
-==================
-
- * fix `req.host` for IPv6 literals
- * fix `res.jsonp` error if callback param is object
-
-3.5.2 / 2014-04-24
-==================
-
- * update connect to 2.14.5
- * update cookie to 0.1.2
- * update mkdirp to 0.4.0
- * update send to 0.3.0
-
-3.5.1 / 2014-03-25
-==================
-
- * pin less-middleware in generated app
-
-3.5.0 / 2014-03-06
-==================
-
- * bump deps
-
-3.4.8 / 2014-01-13
-==================
-
- * prevent incorrect automatic OPTIONS responses #1868 @dpatti
- * update binary and examples for jade 1.0 #1876 @yossi, #1877 @reqshark, #1892 @matheusazzi
- * throw 400 in case of malformed paths @rlidwka
-
-3.4.7 / 2013-12-10
-==================
-
- * update connect
-
-3.4.6 / 2013-12-01
-==================
-
- * update connect (raw-body)
-
-3.4.5 / 2013-11-27
-==================
-
- * update connect
- * res.location: remove leading ./ #1802 @kapouer
- * res.redirect: fix `res.redirect('toString') #1829 @michaelficarra
- * res.send: always send ETag when content-length > 0
- * router: add Router.all() method
-
-3.4.4 / 2013-10-29
-==================
-
- * update connect
- * update supertest
- * update methods
- * express(1): replace bodyParser() with urlencoded() and json() #1795 @chirag04
-
-3.4.3 / 2013-10-23
-==================
-
- * update connect
-
-3.4.2 / 2013-10-18
-==================
-
- * update connect
- * downgrade commander
-
-3.4.1 / 2013-10-15
-==================
-
- * update connect
- * update commander
- * jsonp: check if callback is a function
- * router: wrap encodeURIComponent in a try/catch #1735 (@lxe)
- * res.format: now includes charset @1747 (@sorribas)
- * res.links: allow multiple calls @1746 (@sorribas)
-
-3.4.0 / 2013-09-07
-==================
-
- * add res.vary(). Closes #1682
- * update connect
-
-3.3.8 / 2013-09-02
-==================
-
- * update connect
-
-3.3.7 / 2013-08-28
-==================
-
- * update connect
-
-3.3.6 / 2013-08-27
-==================
-
- * Revert "remove charset from json responses. Closes #1631" (causes issues in some clients)
- * add: req.accepts take an argument list
-
-3.3.4 / 2013-07-08
-==================
-
- * update send and connect
-
-3.3.3 / 2013-07-04
-==================
-
- * update connect
-
-3.3.2 / 2013-07-03
-==================
-
- * update connect
- * update send
- * remove .version export
-
-3.3.1 / 2013-06-27
-==================
-
- * update connect
-
-3.3.0 / 2013-06-26
-==================
-
- * update connect
- * add support for multiple X-Forwarded-Proto values. Closes #1646
- * change: remove charset from json responses. Closes #1631
- * change: return actual booleans from req.accept* functions
- * fix jsonp callback array throw
-
-3.2.6 / 2013-06-02
-==================
-
- * update connect
-
-3.2.5 / 2013-05-21
-==================
-
- * update connect
- * update node-cookie
- * add: throw a meaningful error when there is no default engine
- * change generation of ETags with res.send() to GET requests only. Closes #1619
-
-3.2.4 / 2013-05-09
-==================
-
-  * fix `req.subdomains` when no Host is present
-  * fix `req.host` when no Host is present, return undefined
-
-3.2.3 / 2013-05-07
-==================
-
-  * update connect / qs
-
-3.2.2 / 2013-05-03
-==================
-
-  * update qs
-
-3.2.1 / 2013-04-29
-==================
-
-  * add app.VERB() paths array deprecation warning
-  * update connect
-  * update qs and remove all ~ semver crap
-  * fix: accept number as value of Signed Cookie
-
-3.2.0 / 2013-04-15
-==================
-
-  * add "view" constructor setting to override view behaviour
-  * add req.acceptsEncoding(name)
-  * add req.acceptedEncodings
-  * revert cookie signature change causing session race conditions
-  * fix sorting of Accept values of the same quality
-
-3.1.2 / 2013-04-12
-==================
-
-  * add support for custom Accept parameters
-  * update cookie-signature
-
-3.1.1 / 2013-04-01
-==================
-
-  * add X-Forwarded-Host support to `req.host`
-  * fix relative redirects
-  * update mkdirp
-  * update buffer-crc32
-  * remove legacy app.configure() method from app template.
-
-3.1.0 / 2013-01-25
-==================
-
-  * add support for leading "." in "view engine" setting
-  * add array support to `res.set()`
-  * add node 0.8.x to travis.yml
-  * add "subdomain offset" setting for tweaking `req.subdomains`
-  * add `res.location(url)` implementing `res.redirect()`-like setting of Location
-  * use app.get() for x-powered-by setting for inheritance
-  * fix colons in passwords for `req.auth`
-
-3.0.6 / 2013-01-04
-==================
-
-  * add http verb methods to Router
-  * update connect
-  * fix mangling of the `res.cookie()` options object
-  * fix jsonp whitespace escape. Closes #1132
-
-3.0.5 / 2012-12-19
-==================
-
-  * add throwing when a non-function is passed to a route
-  * fix: explicitly remove Transfer-Encoding header from 204 and 304 responses
-  * revert "add 'etag' option"
-
-3.0.4 / 2012-12-05
-==================
-
-  * add 'etag' option to disable `res.send()` Etags
-  * add escaping of urls in text/plain in `res.redirect()`
-    for old browsers interpreting as html
-  * change crc32 module for a more liberal license
-  * update connect
-
-3.0.3 / 2012-11-13
-==================
-
-  * update connect
-  * update cookie module
-  * fix cookie max-age
-
-3.0.2 / 2012-11-08
-==================
-
-  * add OPTIONS to cors example. Closes #1398
-  * fix route chaining regression. Closes #1397
-
-3.0.1 / 2012-11-01
-==================
-
-  * update connect
-
-3.0.0 / 2012-10-23
-==================
-
-  * add `make clean`
-  * add "Basic" check to req.auth
-  * add `req.auth` test coverage
-  * add cb && cb(payload) to `res.jsonp()`. Closes #1374
-  * add backwards compat for `res.redirect()` status. Closes #1336
-  * add support for `res.json()` to retain previously defined Content-Types. Closes #1349
-  * update connect
-  * change `res.redirect()` to utilize a pathname-relative Location again. Closes #1382
-  * remove non-primitive string support for `res.send()`
-  * fix view-locals example. Closes #1370
-  * fix route-separation example
-
-3.0.0rc5 / 2012-09-18
-==================
-
-  * update connect
-  * add redis search example
-  * add static-files example
-  * add "x-powered-by" setting (`app.disable('x-powered-by')`)
-  * add "application/octet-stream" redirect Accept test case. Closes #1317
-
-3.0.0rc4 / 2012-08-30
-==================
-
-  * add `res.jsonp()`. Closes #1307
-  * add "verbose errors" option to error-pages example
-  * add another route example to express(1) so people are not so confused
-  * add redis online user activity tracking example
-  * update connect dep
-  * fix etag quoting. Closes #1310
-  * fix error-pages 404 status
-  * fix jsonp callback char restrictions
-  * remove old OPTIONS default response
-
-3.0.0rc3 / 2012-08-13
-==================
-
-  * update connect dep
-  * fix signed cookies to work with `connect.cookieParser()` ("s:" prefix was missing) [tnydwrds]
-  * fix `res.render()` clobbering of "locals"
-
-3.0.0rc2 / 2012-08-03
-==================
-
-  * add CORS example
-  * update connect dep
-  * deprecate `.createServer()` & remove old stale examples
-  * fix: escape `res.redirect()` link
-  * fix vhost example
-
-3.0.0rc1 / 2012-07-24
-==================
-
-  * add more examples to view-locals
-  * add scheme-relative redirects (`res.redirect("//foo.com")`) support
-  * update cookie dep
-  * update connect dep
-  * update send dep
-  * fix `express(1)` -h flag, use -H for hogan. Closes #1245
-  * fix `res.sendfile()` socket error handling regression
-
-3.0.0beta7 / 2012-07-16
-==================
-
-  * update connect dep for `send()` root normalization regression
-
-3.0.0beta6 / 2012-07-13
-==================
-
-  * add `err.view` property for view errors. Closes #1226
-  * add "jsonp callback name" setting
-  * add support for "/foo/:bar*" non-greedy matches
-  * change `res.sendfile()` to use `send()` module
-  * change `res.send` to use "response-send" module
-  * remove `app.locals.use` and `res.locals.use`, use regular middleware
-
-3.0.0beta5 / 2012-07-03
-==================
-
-  * add "make check" support
-  * add route-map example
-  * add `res.json(obj, status)` support back for BC
-  * add "methods" dep, remove internal methods module
-  * update connect dep
-  * update auth example to utilize cores pbkdf2
-  * updated tests to use "supertest"
-
-3.0.0beta4 / 2012-06-25
-==================
-
-  * Added `req.auth`
-  * Added `req.range(size)`
-  * Added `res.links(obj)`
-  * Added `res.send(body, status)` support back for backwards compat
-  * Added `.default()` support to `res.format()`
-  * Added 2xx / 304 check to `req.fresh`
-  * Revert "Added + support to the router"
-  * Fixed `res.send()` freshness check, respect res.statusCode
-
-3.0.0beta3 / 2012-06-15
-==================
-
-  * Added hogan `--hjs` to express(1) [nullfirm]
-  * Added another example to content-negotiation
-  * Added `fresh` dep
-  * Changed: `res.send()` always checks freshness
-  * Fixed: expose connects mime module. Closes #1165
-
-3.0.0beta2 / 2012-06-06
-==================
-
-  * Added `+` support to the router
-  * Added `req.host`
-  * Changed `req.param()` to check route first
-  * Update connect dep
-
-3.0.0beta1 / 2012-06-01
-==================
-
-  * Added `res.format()` callback to override default 406 behaviour
-  * Fixed `res.redirect()` 406. Closes #1154
-
-3.0.0alpha5 / 2012-05-30
-==================
-
-  * Added `req.ip`
-  * Added `{ signed: true }` option to `res.cookie()`
-  * Removed `res.signedCookie()`
-  * Changed: dont reverse `req.ips`
-  * Fixed "trust proxy" setting check for `req.ips`
-
-3.0.0alpha4 / 2012-05-09
-==================
-
-  * Added: allow `[]` in jsonp callback. Closes #1128
-  * Added `PORT` env var support in generated template. Closes #1118 [benatkin]
-  * Updated: connect 2.2.2
-
-3.0.0alpha3 / 2012-05-04
-==================
-
-  * Added public `app.routes`. Closes #887
-  * Added _view-locals_ example
-  * Added _mvc_ example
-  * Added `res.locals.use()`. Closes #1120
-  * Added conditional-GET support to `res.send()`
-  * Added: coerce `res.set()` values to strings
-  * Changed: moved `static()` in generated apps below router
-  * Changed: `res.send()` only set ETag when not previously set
-  * Changed connect 2.2.1 dep
-  * Changed: `make test` now runs unit / acceptance tests
-  * Fixed req/res proto inheritance
-
-3.0.0alpha2 / 2012-04-26
-==================
-
-  * Added `make benchmark` back
-  * Added `res.send()` support for `String` objects
-  * Added client-side data exposing example
-  * Added `res.header()` and `req.header()` aliases for BC
-  * Added `express.createServer()` for BC
-  * Perf: memoize parsed urls
-  * Perf: connect 2.2.0 dep
-  * Changed: make `expressInit()` middleware self-aware
-  * Fixed: use app.get() for all core settings
-  * Fixed redis session example
-  * Fixed session example. Closes #1105
-  * Fixed generated express dep. Closes #1078
-
-3.0.0alpha1 / 2012-04-15
-==================
-
-  * Added `app.locals.use(callback)`
-  * Added `app.locals` object
-  * Added `app.locals(obj)`
-  * Added `res.locals` object
-  * Added `res.locals(obj)`
-  * Added `res.format()` for content-negotiation
-  * Added `app.engine()`
-  * Added `res.cookie()` JSON cookie support
-  * Added "trust proxy" setting
-  * Added `req.subdomains`
-  * Added `req.protocol`
-  * Added `req.secure`
-  * Added `req.path`
-  * Added `req.ips`
-  * Added `req.fresh`
-  * Added `req.stale`
-  * Added comma-delimited / array support for `req.accepts()`
-  * Added debug instrumentation
-  * Added `res.set(obj)`
-  * Added `res.set(field, value)`
-  * Added `res.get(field)`
-  * Added `app.get(setting)`. Closes #842
-  * Added `req.acceptsLanguage()`
-  * Added `req.acceptsCharset()`
-  * Added `req.accepted`
-  * Added `req.acceptedLanguages`
-  * Added `req.acceptedCharsets`
-  * Added "json replacer" setting
-  * Added "json spaces" setting
-  * Added X-Forwarded-Proto support to `res.redirect()`. Closes #92
-  * Added `--less` support to express(1)
-  * Added `express.response` prototype
-  * Added `express.request` prototype
-  * Added `express.application` prototype
-  * Added `app.path()`
-  * Added `app.render()`
-  * Added `res.type()` to replace `res.contentType()`
-  * Changed: `res.redirect()` to add relative support
-  * Changed: enable "jsonp callback" by default
-  * Changed: renamed "case sensitive routes" to "case sensitive routing"
-  * Rewrite of all tests with mocha
-  * Removed "root" setting
-  * Removed `res.redirect('home')` support
-  * Removed `req.notify()`
-  * Removed `app.register()`
-  * Removed `app.redirect()`
-  * Removed `app.is()`
-  * Removed `app.helpers()`
-  * Removed `app.dynamicHelpers()`
-  * Fixed `res.sendfile()` with non-GET. Closes #723
-  * Fixed express(1) public dir for windows. Closes #866
-
-2.5.9/ 2012-04-02
-==================
-
-  * Added support for PURGE request method [pbuyle]
-  * Fixed `express(1)` generated app `app.address()` before `listening` [mmalecki]
-
-2.5.8 / 2012-02-08
-==================
-
-  * Update mkdirp dep. Closes #991
-
-2.5.7 / 2012-02-06
-==================
-
-  * Fixed `app.all` duplicate DELETE requests [mscdex]
-
-2.5.6 / 2012-01-13
-==================
-
-  * Updated hamljs dev dep. Closes #953
-
-2.5.5 / 2012-01-08
-==================
-
-  * Fixed: set `filename` on cached templates [matthewleon]
-
-2.5.4 / 2012-01-02
-==================
-
-  * Fixed `express(1)` eol on 0.4.x. Closes #947
-
-2.5.3 / 2011-12-30
-==================
-
-  * Fixed `req.is()` when a charset is present
-
-2.5.2 / 2011-12-10
-==================
-
-  * Fixed: express(1) LF -> CRLF for windows
-
-2.5.1 / 2011-11-17
-==================
-
-  * Changed: updated connect to 1.8.x
-  * Removed sass.js support from express(1)
-
-2.5.0 / 2011-10-24
-==================
-
-  * Added ./routes dir for generated app by default
-  * Added npm install reminder to express(1) app gen
-  * Added 0.5.x support
-  * Removed `make test-cov` since it wont work with node 0.5.x
-  * Fixed express(1) public dir for windows. Closes #866
-
-2.4.7 / 2011-10-05
-==================
-
-  * Added mkdirp to express(1). Closes #795
-  * Added simple _json-config_ example
-  * Added  shorthand for the parsed request's pathname via `req.path`
-  * Changed connect dep to 1.7.x to fix npm issue...
-  * Fixed `res.redirect()` __HEAD__ support. [reported by xerox]
-  * Fixed `req.flash()`, only escape args
-  * Fixed absolute path checking on windows. Closes #829 [reported by andrewpmckenzie]
-
-2.4.6 / 2011-08-22
-==================
-
-  * Fixed multiple param callback regression. Closes #824 [reported by TroyGoode]
-
-2.4.5 / 2011-08-19
-==================
-
-  * Added support for routes to handle errors. Closes #809
-  * Added `app.routes.all()`. Closes #803
-  * Added "basepath" setting to work in conjunction with reverse proxies etc.
-  * Refactored `Route` to use a single array of callbacks
-  * Added support for multiple callbacks for `app.param()`. Closes #801
-Closes #805
-  * Changed: removed .call(self) for route callbacks
-  * Dependency: `qs >= 0.3.1`
-  * Fixed `res.redirect()` on windows due to `join()` usage. Closes #808
-
-2.4.4 / 2011-08-05
-==================
-
-  * Fixed `res.header()` intention of a set, even when `undefined`
-  * Fixed `*`, value no longer required
-  * Fixed `res.send(204)` support. Closes #771
-
-2.4.3 / 2011-07-14
-==================
-
-  * Added docs for `status` option special-case. Closes #739
-  * Fixed `options.filename`, exposing the view path to template engines
-
-2.4.2. / 2011-07-06
-==================
-
-  * Revert "removed jsonp stripping" for XSS
-
-2.4.1 / 2011-07-06
-==================
-
-  * Added `res.json()` JSONP support. Closes #737
-  * Added _extending-templates_ example. Closes #730
-  * Added "strict routing" setting for trailing slashes
-  * Added support for multiple envs in `app.configure()` calls. Closes #735
-  * Changed: `res.send()` using `res.json()`
-  * Changed: when cookie `path === null` don't default it
-  * Changed; default cookie path to "home" setting. Closes #731
-  * Removed _pids/logs_ creation from express(1)
-
-2.4.0 / 2011-06-28
-==================
-
-  * Added chainable `res.status(code)`
-  * Added `res.json()`, an explicit version of `res.send(obj)`
-  * Added simple web-service example
-
-2.3.12 / 2011-06-22
-==================
-
-  * \#express is now on freenode! come join!
-  * Added `req.get(field, param)`
-  * Added links to Japanese documentation, thanks @hideyukisaito!
-  * Added; the `express(1)` generated app outputs the env
-  * Added `content-negotiation` example
-  * Dependency: connect >= 1.5.1 < 2.0.0
-  * Fixed view layout bug. Closes #720
-  * Fixed; ignore body on 304. Closes #701
-
-2.3.11 / 2011-06-04
-==================
-
-  * Added `npm test`
-  * Removed generation of dummy test file from `express(1)`
-  * Fixed; `express(1)` adds express as a dep
-  * Fixed; prune on `prepublish`
-
-2.3.10 / 2011-05-27
-==================
-
-  * Added `req.route`, exposing the current route
-  * Added _package.json_ generation support to `express(1)`
-  * Fixed call to `app.param()` function for optional params. Closes #682
-
-2.3.9 / 2011-05-25
-==================
-
-  * Fixed bug-ish with `../' in `res.partial()` calls
-
-2.3.8 / 2011-05-24
-==================
-
-  * Fixed `app.options()`
-
-2.3.7 / 2011-05-23
-==================
-
-  * Added route `Collection`, ex: `app.get('/user/:id').remove();`
-  * Added support for `app.param(fn)` to define param logic
-  * Removed `app.param()` support for callback with return value
-  * Removed module.parent check from express(1) generated app. Closes #670
-  * Refactored router. Closes #639
-
-2.3.6 / 2011-05-20
-==================
-
-  * Changed; using devDependencies instead of git submodules
-  * Fixed redis session example
-  * Fixed markdown example
-  * Fixed view caching, should not be enabled in development
-
-2.3.5 / 2011-05-20
-==================
-
-  * Added export `.view` as alias for `.View`
-
-2.3.4 / 2011-05-08
-==================
-
-  * Added `./examples/say`
-  * Fixed `res.sendfile()` bug preventing the transfer of files with spaces
-
-2.3.3 / 2011-05-03
-==================
-
-  * Added "case sensitive routes" option.
-  * Changed; split methods supported per rfc [slaskis]
-  * Fixed route-specific middleware when using the same callback function several times
-
-2.3.2 / 2011-04-27
-==================
-
-  * Fixed view hints
-
-2.3.1 / 2011-04-26
-==================
-
-  * Added `app.match()` as `app.match.all()`
-  * Added `app.lookup()` as `app.lookup.all()`
-  * Added `app.remove()` for `app.remove.all()`
-  * Added `app.remove.VERB()`
-  * Fixed template caching collision issue. Closes #644
-  * Moved router over from connect and started refactor
-
-2.3.0 / 2011-04-25
-==================
-
-  * Added options support to `res.clearCookie()`
-  * Added `res.helpers()` as alias of `res.locals()`
-  * Added; json defaults to UTF-8 with `res.send()`. Closes #632. [Daniel   * Dependency `connect >= 1.4.0`
-  * Changed; auto set Content-Type in res.attachement [Aaron Heckmann]
-  * Renamed "cache views" to "view cache". Closes #628
-  * Fixed caching of views when using several apps. Closes #637
-  * Fixed gotcha invoking `app.param()` callbacks once per route middleware.
-Closes #638
-  * Fixed partial lookup precedence. Closes #631
-Shaw]
-
-2.2.2 / 2011-04-12
-==================
-
-  * Added second callback support for `res.download()` connection errors
-  * Fixed `filename` option passing to template engine
-
-2.2.1 / 2011-04-04
-==================
-
-  * Added `layout(path)` helper to change the layout within a view. Closes #610
-  * Fixed `partial()` collection object support.
-    Previously only anything with `.length` would work.
-    When `.length` is present one must still be aware of holes,
-    however now `{ collection: {foo: 'bar'}}` is valid, exposes
-    `keyInCollection` and `keysInCollection`.
-
-  * Performance improved with better view caching
-  * Removed `request` and `response` locals
-  * Changed; errorHandler page title is now `Express` instead of `Connect`
-
-2.2.0 / 2011-03-30
-==================
-
-  * Added `app.lookup.VERB()`, ex `app.lookup.put('/user/:id')`. Closes #606
-  * Added `app.match.VERB()`, ex `app.match.put('/user/12')`. Closes #606
-  * Added `app.VERB(path)` as alias of `app.lookup.VERB()`.
-  * Dependency `connect >= 1.2.0`
-
-2.1.1 / 2011-03-29
-==================
-
-  * Added; expose `err.view` object when failing to locate a view
-  * Fixed `res.partial()` call `next(err)` when no callback is given [reported by aheckmann]
-  * Fixed; `res.send(undefined)` responds with 204 [aheckmann]
-
-2.1.0 / 2011-03-24
-==================
-
-  * Added `<root>/_?<name>` partial lookup support. Closes #447
-  * Added `request`, `response`, and `app` local variables
-  * Added `settings` local variable, containing the app's settings
-  * Added `req.flash()` exception if `req.session` is not available
-  * Added `res.send(bool)` support (json response)
-  * Fixed stylus example for latest version
-  * Fixed; wrap try/catch around `res.render()`
-
-2.0.0 / 2011-03-17
-==================
-
-  * Fixed up index view path alternative.
-  * Changed; `res.locals()` without object returns the locals
-
-2.0.0rc3 / 2011-03-17
-==================
-
-  * Added `res.locals(obj)` to compliment `res.local(key, val)`
-  * Added `res.partial()` callback support
-  * Fixed recursive error reporting issue in `res.render()`
-
-2.0.0rc2 / 2011-03-17
-==================
-
-  * Changed; `partial()` "locals" are now optional
-  * Fixed `SlowBuffer` support. Closes #584 [reported by tyrda01]
-  * Fixed .filename view engine option [reported by drudge]
-  * Fixed blog example
-  * Fixed `{req,res}.app` reference when mounting [Ben Weaver]
-
-2.0.0rc / 2011-03-14
-==================
-
-  * Fixed; expose `HTTPSServer` constructor
-  * Fixed express(1) default test charset. Closes #579 [reported by secoif]
-  * Fixed; default charset to utf-8 instead of utf8 for lame IE [reported by NickP]
-
-2.0.0beta3 / 2011-03-09
-==================
-
-  * Added support for `res.contentType()` literal
-    The original `res.contentType('.json')`,
-    `res.contentType('application/json')`, and `res.contentType('json')`
-    will work now.
-  * Added `res.render()` status option support back
-  * Added charset option for `res.render()`
-  * Added `.charset` support (via connect 1.0.4)
-  * Added view resolution hints when in development and a lookup fails
-  * Added layout lookup support relative to the page view.
-    For example while rendering `./views/user/index.jade` if you create
-    `./views/user/layout.jade` it will be used in favour of the root layout.
-  * Fixed `res.redirect()`. RFC states absolute url [reported by unlink]
-  * Fixed; default `res.send()` string charset to utf8
-  * Removed `Partial` constructor (not currently used)
-
-2.0.0beta2 / 2011-03-07
-==================
-
-  * Added res.render() `.locals` support back to aid in migration process
-  * Fixed flash example
-
-2.0.0beta / 2011-03-03
-==================
-
-  * Added HTTPS support
-  * Added `res.cookie()` maxAge support
-  * Added `req.header()` _Referrer_ / _Referer_ special-case, either works
-  * Added mount support for `res.redirect()`, now respects the mount-point
-  * Added `union()` util, taking place of `merge(clone())` combo
-  * Added stylus support to express(1) generated app
-  * Added secret to session middleware used in examples and generated app
-  * Added `res.local(name, val)` for progressive view locals
-  * Added default param support to `req.param(name, default)`
-  * Added `app.disabled()` and `app.enabled()`
-  * Added `app.register()` support for omitting leading ".", either works
-  * Added `res.partial()`, using the same interface as `partial()` within a view. Closes #539
-  * Added `app.param()` to map route params to async/sync logic
-  * Added; aliased `app.helpers()` as `app.locals()`. Closes #481
-  * Added extname with no leading "." support to `res.contentType()`
-  * Added `cache views` setting, defaulting to enabled in "production" env
-  * Added index file partial resolution, eg: partial('user') may try _views/user/index.jade_.
-  * Added `req.accepts()` support for extensions
-  * Changed; `res.download()` and `res.sendfile()` now utilize Connect's
-    static file server `connect.static.send()`.
-  * Changed; replaced `connect.utils.mime()` with npm _mime_ module
-  * Changed; allow `req.query` to be pre-defined (via middleware or other parent
-  * Changed view partial resolution, now relative to parent view
-  * Changed view engine signature. no longer `engine.render(str, options, callback)`, now `engine.compile(str, options) -> Function`, the returned function accepts `fn(locals)`.
-  * Fixed `req.param()` bug returning Array.prototype methods. Closes #552
-  * Fixed; using `Stream#pipe()` instead of `sys.pump()` in `res.sendfile()`
-  * Fixed; using _qs_ module instead of _querystring_
-  * Fixed; strip unsafe chars from jsonp callbacks
-  * Removed "stream threshold" setting
-
-1.0.8 / 2011-03-01
-==================
-
-  * Allow `req.query` to be pre-defined (via middleware or other parent app)
-  * "connect": ">= 0.5.0 < 1.0.0". Closes #547
-  * Removed the long deprecated __EXPRESS_ENV__ support
-
-1.0.7 / 2011-02-07
-==================
-
-  * Fixed `render()` setting inheritance.
-    Mounted apps would not inherit "view engine"
-
-1.0.6 / 2011-02-07
-==================
-
-  * Fixed `view engine` setting bug when period is in dirname
-
-1.0.5 / 2011-02-05
-==================
-
-  * Added secret to generated app `session()` call
-
-1.0.4 / 2011-02-05
-==================
-
-  * Added `qs` dependency to _package.json_
-  * Fixed namespaced `require()`s for latest connect support
-
-1.0.3 / 2011-01-13
-==================
-
-  * Remove unsafe characters from JSONP callback names [Ryan Grove]
-
-1.0.2 / 2011-01-10
-==================
-
-  * Removed nested require, using `connect.router`
-
-1.0.1 / 2010-12-29
-==================
-
-  * Fixed for middleware stacked via `createServer()`
-    previously the `foo` middleware passed to `createServer(foo)`
-    would not have access to Express methods such as `res.send()`
-    or props like `req.query` etc.
-
-1.0.0 / 2010-11-16
-==================
-
-  * Added; deduce partial object names from the last segment.
-    For example by default `partial('forum/post', postObject)` will
-    give you the _post_ object, providing a meaningful default.
-  * Added http status code string representation to `res.redirect()` body
-  * Added; `res.redirect()` supporting _text/plain_ and _text/html_ via __Accept__.
-  * Added `req.is()` to aid in content negotiation
-  * Added partial local inheritance [suggested by masylum]. Closes #102
-    providing access to parent template locals.
-  * Added _-s, --session[s]_ flag to express(1) to add session related middleware
-  * Added _--template_ flag to express(1) to specify the
-    template engine to use.
-  * Added _--css_ flag to express(1) to specify the
-    stylesheet engine to use (or just plain css by default).
-  * Added `app.all()` support [thanks aheckmann]
-  * Added partial direct object support.
-    You may now `partial('user', user)` providing the "user" local,
-    vs previously `partial('user', { object: user })`.
-  * Added _route-separation_ example since many people question ways
-    to do this with CommonJS modules. Also view the _blog_ example for
-    an alternative.
-  * Performance; caching view path derived partial object names
-  * Fixed partial local inheritance precedence. [reported by Nick Poulden] Closes #454
-  * Fixed jsonp support; _text/javascript_ as per mailinglist discussion
-
-1.0.0rc4 / 2010-10-14
-==================
-
-  * Added _NODE_ENV_ support, _EXPRESS_ENV_ is deprecated and will be removed in 1.0.0
-  * Added route-middleware support (very helpful, see the [docs](http://expressjs.com/guide.html#Route-Middleware))
-  * Added _jsonp callback_ setting to enable/disable jsonp autowrapping [Dav Glass]
-  * Added callback query check on response.send to autowrap JSON objects for simple webservice implementations [Dav Glass]
-  * Added `partial()` support for array-like collections. Closes #434
-  * Added support for swappable querystring parsers
-  * Added session usage docs. Closes #443
-  * Added dynamic helper caching. Closes #439 [suggested by maritz]
-  * Added authentication example
-  * Added basic Range support to `res.sendfile()` (and `res.download()` etc)
-  * Changed; `express(1)` generated app using 2 spaces instead of 4
-  * Default env to "development" again [aheckmann]
-  * Removed _context_ option is no more, use "scope"
-  * Fixed; exposing _./support_ libs to examples so they can run without installs
-  * Fixed mvc example
-
-1.0.0rc3 / 2010-09-20
-==================
-
-  * Added confirmation for `express(1)` app generation. Closes #391
-  * Added extending of flash formatters via `app.flashFormatters`
-  * Added flash formatter support. Closes #411
-  * Added streaming support to `res.sendfile()` using `sys.pump()` when >= "stream threshold"
-  * Added _stream threshold_ setting for `res.sendfile()`
-  * Added `res.send()` __HEAD__ support
-  * Added `res.clearCookie()`
-  * Added `res.cookie()`
-  * Added `res.render()` headers option
-  * Added `res.redirect()` response bodies
-  * Added `res.render()` status option support. Closes #425 [thanks aheckmann]
-  * Fixed `res.sendfile()` responding with 403 on malicious path
-  * Fixed `res.download()` bug; when an error occurs remove _Content-Disposition_
-  * Fixed; mounted apps settings now inherit from parent app [aheckmann]
-  * Fixed; stripping Content-Length / Content-Type when 204
-  * Fixed `res.send()` 204. Closes #419
-  * Fixed multiple _Set-Cookie_ headers via `res.header()`. Closes #402
-  * Fixed bug messing with error handlers when `listenFD()` is called instead of `listen()`. [thanks guillermo]
-
-
-1.0.0rc2 / 2010-08-17
-==================
-
-  * Added `app.register()` for template engine mapping. Closes #390
-  * Added `res.render()` callback support as second argument (no options)
-  * Added callback support to `res.download()`
-  * Added callback support for `res.sendfile()`
-  * Added support for middleware access via `express.middlewareName()` vs `connect.middlewareName()`
-  * Added "partials" setting to docs
-  * Added default expresso tests to `express(1)` generated app. Closes #384
-  * Fixed `res.sendfile()` error handling, defer via `next()`
-  * Fixed `res.render()` callback when a layout is used [thanks guillermo]
-  * Fixed; `make install` creating ~/.node_libraries when not present
-  * Fixed issue preventing error handlers from being defined anywhere. Closes #387
-
-1.0.0rc / 2010-07-28
-==================
-
-  * Added mounted hook. Closes #369
-  * Added connect dependency to _package.json_
-
-  * Removed "reload views" setting and support code
-    development env never caches, production always caches.
-
-  * Removed _param_ in route callbacks, signature is now
-    simply (req, res, next), previously (req, res, params, next).
-    Use _req.params_ for path captures, _req.query_ for GET params.
-
-  * Fixed "home" setting
-  * Fixed middleware/router precedence issue. Closes #366
-  * Fixed; _configure()_ callbacks called immediately. Closes #368
-
-1.0.0beta2 / 2010-07-23
-==================
-
-  * Added more examples
-  * Added; exporting `Server` constructor
-  * Added `Server#helpers()` for view locals
-  * Added `Server#dynamicHelpers()` for dynamic view locals. Closes #349
-  * Added support for absolute view paths
-  * Added; _home_ setting defaults to `Server#route` for mounted apps. Closes #363
-  * Added Guillermo Rauch to the contributor list
-  * Added support for "as" for non-collection partials. Closes #341
-  * Fixed _install.sh_, ensuring _~/.node_libraries_ exists. Closes #362 [thanks jf]
-  * Fixed `res.render()` exceptions, now passed to `next()` when no callback is given [thanks guillermo]
-  * Fixed instanceof `Array` checks, now `Array.isArray()`
-  * Fixed express(1) expansion of public dirs. Closes #348
-  * Fixed middleware precedence. Closes #345
-  * Fixed view watcher, now async [thanks aheckmann]
-
-1.0.0beta / 2010-07-15
-==================
-
-  * Re-write
-    - much faster
-    - much lighter
-    - Check [ExpressJS.com](http://expressjs.com) for migration guide and updated docs
-
-0.14.0 / 2010-06-15
-==================
-
-  * Utilize relative requires
-  * Added Static bufferSize option [aheckmann]
-  * Fixed caching of view and partial subdirectories [aheckmann]
-  * Fixed mime.type() comments now that ".ext" is not supported
-  * Updated haml submodule
-  * Updated class submodule
-  * Removed bin/express
-
-0.13.0 / 2010-06-01
-==================
-
-  * Added node v0.1.97 compatibility
-  * Added support for deleting cookies via Request#cookie('key', null)
-  * Updated haml submodule
-  * Fixed not-found page, now using charset utf-8
-  * Fixed show-exceptions page, now using charset utf-8
-  * Fixed view support due to fs.readFile Buffers
-  * Changed; mime.type() no longer accepts ".type" due to node extname() changes
-
-0.12.0 / 2010-05-22
-==================
-
-  * Added node v0.1.96 compatibility
-  * Added view `helpers` export which act as additional local variables
-  * Updated haml submodule
-  * Changed ETag; removed inode, modified time only
-  * Fixed LF to CRLF for setting multiple cookies
-  * Fixed cookie compilation; values are now urlencoded
-  * Fixed cookies parsing; accepts quoted values and url escaped cookies
-
-0.11.0 / 2010-05-06
-==================
-
-  * Added support for layouts using different engines
-    - this.render('page.html.haml', { layout: 'super-cool-layout.html.ejs' })
-    - this.render('page.html.haml', { layout: 'foo' }) // assumes 'foo.html.haml'
-    - this.render('page.html.haml', { layout: false }) // no layout
-  * Updated ext submodule
-  * Updated haml submodule
-  * Fixed EJS partial support by passing along the context. Issue #307
-
-0.10.1 / 2010-05-03
-==================
-
-  * Fixed binary uploads.
-
-0.10.0 / 2010-04-30
-==================
-
-  * Added charset support via Request#charset (automatically assigned to 'UTF-8' when respond()'s
-    encoding is set to 'utf8' or 'utf-8').
-  * Added "encoding" option to Request#render(). Closes #299
-  * Added "dump exceptions" setting, which is enabled by default.
-  * Added simple ejs template engine support
-  * Added error response support for text/plain, application/json. Closes #297
-  * Added callback function param to Request#error()
-  * Added Request#sendHead()
-  * Added Request#stream()
-  * Added support for Request#respond(304, null) for empty response bodies
-  * Added ETag support to Request#sendfile()
-  * Added options to Request#sendfile(), passed to fs.createReadStream()
-  * Added filename arg to Request#download()
-  * Performance enhanced due to pre-reversing plugins so that plugins.reverse() is not called on each request
-  * Performance enhanced by preventing several calls to toLowerCase() in Router#match()
-  * Changed; Request#sendfile() now streams
-  * Changed; Renamed Request#halt() to Request#respond(). Closes #289
-  * Changed; Using sys.inspect() instead of JSON.encode() for error output
-  * Changed; run() returns the http.Server instance. Closes #298
-  * Changed; Defaulting Server#host to null (INADDR_ANY)
-  * Changed; Logger "common" format scale of 0.4f
-  * Removed Logger "request" format
-  * Fixed; Catching ENOENT in view caching, preventing error when "views/partials" is not found
-  * Fixed several issues with http client
-  * Fixed Logger Content-Length output
-  * Fixed bug preventing Opera from retaining the generated session id. Closes #292
-
-0.9.0 / 2010-04-14
-==================
-
-  * Added DSL level error() route support
-  * Added DSL level notFound() route support
-  * Added Request#error()
-  * Added Request#notFound()
-  * Added Request#render() callback function. Closes #258
-  * Added "max upload size" setting
-  * Added "magic" variables to collection partials (\_\_index\_\_, \_\_length\_\_, \_\_isFirst\_\_, \_\_isLast\_\_). Closes #254
-  * Added [haml.js](http://github.com/visionmedia/haml.js) submodule; removed haml-js
-  * Added callback function support to Request#halt() as 3rd/4th arg
-  * Added preprocessing of route param wildcards using param(). Closes #251
-  * Added view partial support (with collections etc.)
-  * Fixed bug preventing falsey params (such as ?page=0). Closes #286
-  * Fixed setting of multiple cookies. Closes #199
-  * Changed; view naming convention is now NAME.TYPE.ENGINE (for example page.html.haml)
-  * Changed; session cookie is now httpOnly
-  * Changed; Request is no longer global
-  * Changed; Event is no longer global
-  * Changed; "sys" module is no longer global
-  * Changed; moved Request#download to Static plugin where it belongs
-  * Changed; Request instance created before body parsing. Closes #262
-  * Changed; Pre-caching views in memory when "cache view contents" is enabled. Closes #253
-  * Changed; Pre-caching view partials in memory when "cache view partials" is enabled
-  * Updated support to node --version 0.1.90
-  * Updated dependencies
-  * Removed set("session cookie") in favour of use(Session, { cookie: { ... }})
-  * Removed utils.mixin(); use Object#mergeDeep()
-
-0.8.0 / 2010-03-19
-==================
-
-  * Added coffeescript example app. Closes #242
-  * Changed; cache api now async friendly. Closes #240
-  * Removed deprecated 'express/static' support. Use 'express/plugins/static'
-
-0.7.6 / 2010-03-19
-==================
-
-  * Added Request#isXHR. Closes #229
-  * Added `make install` (for the executable)
-  * Added `express` executable for setting up simple app templates
-  * Added "GET /public/*" to Static plugin, defaulting to <root>/public
-  * Added Static plugin
-  * Fixed; Request#render() only calls cache.get() once
-  * Fixed; Namespacing View caches with "view:"
-  * Fixed; Namespacing Static caches with "static:"
-  * Fixed; Both example apps now use the Static plugin
-  * Fixed set("views"). Closes #239
-  * Fixed missing space for combined log format
-  * Deprecated Request#sendfile() and 'express/static'
-  * Removed Server#running
-
-0.7.5 / 2010-03-16
-==================
-
-  * Added Request#flash() support without args, now returns all flashes
-  * Updated ext submodule
-
-0.7.4 / 2010-03-16
-==================
-
-  * Fixed session reaper
-  * Changed; class.js replacing js-oo Class implementation (quite a bit faster, no browser cruft)
-
-0.7.3 / 2010-03-16
-==================
-
-  * Added package.json
-  * Fixed requiring of haml / sass due to kiwi removal
-
-0.7.2 / 2010-03-16
-==================
-
-  * Fixed GIT submodules (HAH!)
-
-0.7.1 / 2010-03-16
-==================
-
-  * Changed; Express now using submodules again until a PM is adopted
-  * Changed; chat example using millisecond conversions from ext
-
-0.7.0 / 2010-03-15
-==================
-
-  * Added Request#pass() support (finds the next matching route, or the given path)
-  * Added Logger plugin (default "common" format replaces CommonLogger)
-  * Removed Profiler plugin
-  * Removed CommonLogger plugin
-
-0.6.0 / 2010-03-11
-==================
-
-  * Added seed.yml for kiwi package management support
-  * Added HTTP client query string support when method is GET. Closes #205
-
-  * Added support for arbitrary view engines.
-    For example "foo.engine.html" will now require('engine'),
-    the exports from this module are cached after the first require().
-
-  * Added async plugin support
-
-  * Removed usage of RESTful route funcs as http client
-    get() etc, use http.get() and friends
-
-  * Removed custom exceptions
-
-0.5.0 / 2010-03-10
-==================
-
-  * Added ext dependency (library of js extensions)
-  * Removed extname() / basename() utils. Use path module
-  * Removed toArray() util. Use arguments.values
-  * Removed escapeRegexp() util. Use RegExp.escape()
-  * Removed process.mixin() dependency. Use utils.mixin()
-  * Removed Collection
-  * Removed ElementCollection
-  * Shameless self promotion of ebook "Advanced JavaScript" (http://dev-mag.com)  ;)
-
-0.4.0 / 2010-02-11
-==================
-
-  * Added flash() example to sample upload app
-  * Added high level restful http client module (express/http)
-  * Changed; RESTful route functions double as HTTP clients. Closes #69
-  * Changed; throwing error when routes are added at runtime
-  * Changed; defaulting render() context to the current Request. Closes #197
-  * Updated haml submodule
-
-0.3.0 / 2010-02-11
-==================
-
-  * Updated haml / sass submodules. Closes #200
-  * Added flash message support. Closes #64
-  * Added accepts() now allows multiple args. fixes #117
-  * Added support for plugins to halt. Closes #189
-  * Added alternate layout support. Closes #119
-  * Removed Route#run(). Closes #188
-  * Fixed broken specs due to use(Cookie) missing
-
-0.2.1 / 2010-02-05
-==================
-
-  * Added "plot" format option for Profiler (for gnuplot processing)
-  * Added request number to Profiler plugin
-  * Fixed binary encoding for multipart file uploads, was previously defaulting to UTF8
-  * Fixed issue with routes not firing when not files are present. Closes #184
-  * Fixed process.Promise -> events.Promise
-
-0.2.0 / 2010-02-03
-==================
-
-  * Added parseParam() support for name[] etc. (allows for file inputs with "multiple" attr) Closes #180
-  * Added Both Cache and Session option "reapInterval" may be "reapEvery". Closes #174
-  * Added expiration support to cache api with reaper. Closes #133
-  * Added cache Store.Memory#reap()
-  * Added Cache; cache api now uses first class Cache instances
-  * Added abstract session Store. Closes #172
-  * Changed; cache Memory.Store#get() utilizing Collection
-  * Renamed MemoryStore -> Store.Memory
-  * Fixed use() of the same plugin several time will always use latest options. Closes #176
-
-0.1.0 / 2010-02-03
-==================
-
-  * Changed; Hooks (before / after) pass request as arg as well as evaluated in their context
-  * Updated node support to 0.1.27 Closes #169
-  * Updated dirname(__filename) -> __dirname
-  * Updated libxmljs support to v0.2.0
-  * Added session support with memory store / reaping
-  * Added quick uid() helper
-  * Added multi-part upload support
-  * Added Sass.js support / submodule
-  * Added production env caching view contents and static files
-  * Added static file caching. Closes #136
-  * Added cache plugin with memory stores
-  * Added support to StaticFile so that it works with non-textual files.
-  * Removed dirname() helper
-  * Removed several globals (now their modules must be required)
-
-0.0.2 / 2010-01-10
-==================
-
-  * Added view benchmarks; currently haml vs ejs
-  * Added Request#attachment() specs. Closes #116
-  * Added use of node's parseQuery() util. Closes #123
-  * Added `make init` for submodules
-  * Updated Haml
-  * Updated sample chat app to show messages on load
-  * Updated libxmljs parseString -> parseHtmlString
-  * Fixed `make init` to work with older versions of git
-  * Fixed specs can now run independent specs for those who can't build deps. Closes #127
-  * Fixed issues introduced by the node url module changes. Closes 126.
-  * Fixed two assertions failing due to Collection#keys() returning strings
-  * Fixed faulty Collection#toArray() spec due to keys() returning strings
-  * Fixed `make test` now builds libxmljs.node before testing
-
-0.0.1 / 2010-01-03
-==================
-
-  * Initial release
diff --git a/src/Servers/ExpressServer/node_modules/express/LICENSE b/src/Servers/ExpressServer/node_modules/express/LICENSE
deleted file mode 100644
index aa927e4..0000000
--- a/src/Servers/ExpressServer/node_modules/express/LICENSE
+++ /dev/null
@@ -1,24 +0,0 @@
-(The MIT License)
-
-Copyright (c) 2009-2014 TJ Holowaychuk <tj@vision-media.ca>
-Copyright (c) 2013-2014 Roman Shtylman <shtylman+expressjs@gmail.com>
-Copyright (c) 2014-2015 Douglas Christopher Wilson <doug@somethingdoug.com>
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-'Software'), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
-CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
-TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
-SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/express/Readme.md b/src/Servers/ExpressServer/node_modules/express/Readme.md
deleted file mode 100644
index bc108d5..0000000
--- a/src/Servers/ExpressServer/node_modules/express/Readme.md
+++ /dev/null
@@ -1,260 +0,0 @@
-[![Express Logo](https://i.cloudup.com/zfY6lL7eFa-3000x3000.png)](http://expressjs.com/)
-
-**Fast, unopinionated, minimalist web framework for [Node.js](http://nodejs.org).**
-
-**This project has a [Code of Conduct][].**
-
-## Table of contents
-
-* [Installation](#Installation)
-* [Features](#Features)
-* [Docs & Community](#docs--community)
-* [Quick Start](#Quick-Start)
-* [Running Tests](#Running-Tests)
-* [Philosophy](#Philosophy)
-* [Examples](#Examples)
-* [Contributing to Express](#Contributing)
-* [TC (Technical Committee)](#tc-technical-committee)
-* [Triagers](#triagers)
-* [License](#license)
-
-
-[![NPM Version][npm-version-image]][npm-url]
-[![NPM Install Size][npm-install-size-image]][npm-install-size-url]
-[![NPM Downloads][npm-downloads-image]][npm-downloads-url]
-[![OpenSSF Scorecard Badge][ossf-scorecard-badge]][ossf-scorecard-visualizer]
-
-
-```js
-const express = require('express')
-const app = express()
-
-app.get('/', function (req, res) {
-  res.send('Hello World')
-})
-
-app.listen(3000)
-```
-
-## Installation
-
-This is a [Node.js](https://nodejs.org/en/) module available through the
-[npm registry](https://www.npmjs.com/).
-
-Before installing, [download and install Node.js](https://nodejs.org/en/download/).
-Node.js 0.10 or higher is required.
-
-If this is a brand new project, make sure to create a `package.json` first with
-the [`npm init` command](https://docs.npmjs.com/creating-a-package-json-file).
-
-Installation is done using the
-[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
-
-```console
-$ npm install express
-```
-
-Follow [our installing guide](http://expressjs.com/en/starter/installing.html)
-for more information.
-
-## Features
-
-  * Robust routing
-  * Focus on high performance
-  * Super-high test coverage
-  * HTTP helpers (redirection, caching, etc)
-  * View system supporting 14+ template engines
-  * Content negotiation
-  * Executable for generating applications quickly
-
-## Docs & Community
-
-  * [Website and Documentation](http://expressjs.com/) - [[website repo](https://github.com/expressjs/expressjs.com)]
-  * [#express](https://web.libera.chat/#express) on [Libera Chat](https://libera.chat) IRC
-  * [GitHub Organization](https://github.com/expressjs) for Official Middleware & Modules
-  * Visit the [Wiki](https://github.com/expressjs/express/wiki)
-  * [Google Group](https://groups.google.com/group/express-js) for discussion
-  * [Gitter](https://gitter.im/expressjs/express) for support and discussion
-
-**PROTIP** Be sure to read [Migrating from 3.x to 4.x](https://github.com/expressjs/express/wiki/Migrating-from-3.x-to-4.x) as well as [New features in 4.x](https://github.com/expressjs/express/wiki/New-features-in-4.x).
-
-## Quick Start
-
-  The quickest way to get started with express is to utilize the executable [`express(1)`](https://github.com/expressjs/generator) to generate an application as shown below:
-
-  Install the executable. The executable's major version will match Express's:
-
-```console
-$ npm install -g express-generator@4
-```
-
-  Create the app:
-
-```console
-$ express /tmp/foo && cd /tmp/foo
-```
-
-  Install dependencies:
-
-```console
-$ npm install
-```
-
-  Start the server:
-
-```console
-$ npm start
-```
-
-  View the website at: http://localhost:3000
-
-## Philosophy
-
-  The Express philosophy is to provide small, robust tooling for HTTP servers, making
-  it a great solution for single page applications, websites, hybrids, or public
-  HTTP APIs.
-
-  Express does not force you to use any specific ORM or template engine. With support for over
-  14 template engines via [Consolidate.js](https://github.com/tj/consolidate.js),
-  you can quickly craft your perfect framework.
-
-## Examples
-
-  To view the examples, clone the Express repo and install the dependencies:
-
-```console
-$ git clone https://github.com/expressjs/express.git --depth 1
-$ cd express
-$ npm install
-```
-
-  Then run whichever example you want:
-
-```console
-$ node examples/content-negotiation
-```
-
-## Contributing
-
-  [![Linux Build][github-actions-ci-image]][github-actions-ci-url]
-  [![Windows Build][appveyor-image]][appveyor-url]
-  [![Test Coverage][coveralls-image]][coveralls-url]
-
-The Express.js project welcomes all constructive contributions. Contributions take many forms,
-from code for bug fixes and enhancements, to additions and fixes to documentation, additional
-tests, triaging incoming pull requests and issues, and more!
-
-See the [Contributing Guide](Contributing.md) for more technical details on contributing.
-
-### Security Issues
-
-If you discover a security vulnerability in Express, please see [Security Policies and Procedures](Security.md).
-
-### Running Tests
-
-To run the test suite, first install the dependencies, then run `npm test`:
-
-```console
-$ npm install
-$ npm test
-```
-
-## People
-
-The original author of Express is [TJ Holowaychuk](https://github.com/tj)
-
-[List of all contributors](https://github.com/expressjs/express/graphs/contributors)
-
-### TC (Technical Committee)
-
-* [UlisesGascon](https://github.com/UlisesGascon) - **Ulises Gascón** (he/him)
-* [jonchurch](https://github.com/jonchurch) - **Jon Church**
-* [wesleytodd](https://github.com/wesleytodd) - **Wes Todd**
-* [LinusU](https://github.com/LinusU) - **Linus Unnebäck**
-* [blakeembrey](https://github.com/blakeembrey) - **Blake Embrey**
-* [sheplu](https://github.com/sheplu) - **Jean Burellier**
-* [crandmck](https://github.com/crandmck) - **Rand McKinney**
-* [ctcpip](https://github.com/ctcpip) - **Chris de Almeida**
-
-<details>
-<summary>TC emeriti members</summary>
-
-#### TC emeriti members
-
-  * [dougwilson](https://github.com/dougwilson) - **Douglas Wilson**
-  * [hacksparrow](https://github.com/hacksparrow) - **Hage Yaapa**
-  * [jonathanong](https://github.com/jonathanong) - **jongleberry**
-  * [niftylettuce](https://github.com/niftylettuce) - **niftylettuce**
-  * [troygoode](https://github.com/troygoode) - **Troy Goode**
-</details>
-
-
-### Triagers
-
-* [aravindvnair99](https://github.com/aravindvnair99) - **Aravind Nair**
-* [carpasse](https://github.com/carpasse) - **Carlos Serrano**
-* [CBID2](https://github.com/CBID2) - **Christine Belzie**
-* [enyoghasim](https://github.com/enyoghasim) - **David Enyoghasim**
-* [UlisesGascon](https://github.com/UlisesGascon) - **Ulises Gascón** (he/him)
-* [mertcanaltin](https://github.com/mertcanaltin) - **Mert Can Altin**
-* [0ss](https://github.com/0ss) - **Salah**
-* [import-brain](https://github.com/import-brain) - **Eric Cheng** (he/him)
-* [3imed-jaberi](https://github.com/3imed-jaberi) - **Imed Jaberi**
-* [dakshkhetan](https://github.com/dakshkhetan) - **Daksh Khetan** (he/him)
-* [lucasraziel](https://github.com/lucasraziel) - **Lucas Soares Do Rego**
-* [IamLizu](https://github.com/IamLizu) - **S M Mahmudul Hasan** (he/him)
-* [Sushmeet](https://github.com/Sushmeet) - **Sushmeet Sunger**
-
-<details>
-<summary>Triagers emeriti members</summary>
-
-#### Emeritus Triagers
-
-  * [AuggieH](https://github.com/AuggieH) - **Auggie Hudak**
-  * [G-Rath](https://github.com/G-Rath) - **Gareth Jones**
-  * [MohammadXroid](https://github.com/MohammadXroid) - **Mohammad Ayashi**
-  * [NawafSwe](https://github.com/NawafSwe) - **Nawaf Alsharqi**
-  * [NotMoni](https://github.com/NotMoni) - **Moni**
-  * [VigneshMurugan](https://github.com/VigneshMurugan) - **Vignesh Murugan**
-  * [davidmashe](https://github.com/davidmashe) - **David Ashe**
-  * [digitaIfabric](https://github.com/digitaIfabric) - **David**
-  * [e-l-i-s-e](https://github.com/e-l-i-s-e) - **Elise Bonner**
-  * [fed135](https://github.com/fed135) - **Frederic Charette**
-  * [firmanJS](https://github.com/firmanJS) - **Firman Abdul Hakim**
-  * [getspooky](https://github.com/getspooky) - **Yasser Ameur**
-  * [ghinks](https://github.com/ghinks) - **Glenn**
-  * [ghousemohamed](https://github.com/ghousemohamed) - **Ghouse Mohamed**
-  * [gireeshpunathil](https://github.com/gireeshpunathil) - **Gireesh Punathil**
-  * [jake32321](https://github.com/jake32321) - **Jake Reed**
-  * [jonchurch](https://github.com/jonchurch) - **Jon Church**
-  * [lekanikotun](https://github.com/lekanikotun) - **Troy Goode**
-  * [marsonya](https://github.com/marsonya) - **Lekan Ikotun**
-  * [mastermatt](https://github.com/mastermatt) - **Matt R. Wilson**
-  * [maxakuru](https://github.com/maxakuru) - **Max Edell**
-  * [mlrawlings](https://github.com/mlrawlings) - **Michael Rawlings**
-  * [rodion-arr](https://github.com/rodion-arr) - **Rodion Abdurakhimov**
-  * [sheplu](https://github.com/sheplu) - **Jean Burellier**
-  * [tarunyadav1](https://github.com/tarunyadav1) - **Tarun yadav**
-  * [tunniclm](https://github.com/tunniclm) - **Mike Tunnicliffe**
-</details>
-
-
-## License
-
-  [MIT](LICENSE)
-
-[appveyor-image]: https://badgen.net/appveyor/ci/dougwilson/express/master?label=windows
-[appveyor-url]: https://ci.appveyor.com/project/dougwilson/express
-[coveralls-image]: https://badgen.net/coveralls/c/github/expressjs/express/master
-[coveralls-url]: https://coveralls.io/r/expressjs/express?branch=master
-[github-actions-ci-image]: https://badgen.net/github/checks/expressjs/express/master?label=linux
-[github-actions-ci-url]: https://github.com/expressjs/express/actions/workflows/ci.yml
-[npm-downloads-image]: https://badgen.net/npm/dm/express
-[npm-downloads-url]: https://npmcharts.com/compare/express?minimal=true
-[npm-install-size-image]: https://badgen.net/packagephobia/install/express
-[npm-install-size-url]: https://packagephobia.com/result?p=express
-[npm-url]: https://npmjs.org/package/express
-[npm-version-image]: https://badgen.net/npm/v/express
-[ossf-scorecard-badge]: https://api.scorecard.dev/projects/github.com/expressjs/express/badge
-[ossf-scorecard-visualizer]: https://ossf.github.io/scorecard-visualizer/#/projects/github.com/expressjs/express
-[Code of Conduct]: https://github.com/expressjs/express/blob/master/Code-Of-Conduct.md
diff --git a/src/Servers/ExpressServer/node_modules/express/index.js b/src/Servers/ExpressServer/node_modules/express/index.js
deleted file mode 100644
index d219b0c..0000000
--- a/src/Servers/ExpressServer/node_modules/express/index.js
+++ /dev/null
@@ -1,11 +0,0 @@
-/*!
- * express
- * Copyright(c) 2009-2013 TJ Holowaychuk
- * Copyright(c) 2013 Roman Shtylman
- * Copyright(c) 2014-2015 Douglas Christopher Wilson
- * MIT Licensed
- */
-
-'use strict';
-
-module.exports = require('./lib/express');
diff --git a/src/Servers/ExpressServer/node_modules/express/lib/application.js b/src/Servers/ExpressServer/node_modules/express/lib/application.js
deleted file mode 100644
index ebb30b5..0000000
--- a/src/Servers/ExpressServer/node_modules/express/lib/application.js
+++ /dev/null
@@ -1,661 +0,0 @@
-/*!
- * express
- * Copyright(c) 2009-2013 TJ Holowaychuk
- * Copyright(c) 2013 Roman Shtylman
- * Copyright(c) 2014-2015 Douglas Christopher Wilson
- * MIT Licensed
- */
-
-'use strict';
-
-/**
- * Module dependencies.
- * @private
- */
-
-var finalhandler = require('finalhandler');
-var Router = require('./router');
-var methods = require('methods');
-var middleware = require('./middleware/init');
-var query = require('./middleware/query');
-var debug = require('debug')('express:application');
-var View = require('./view');
-var http = require('http');
-var compileETag = require('./utils').compileETag;
-var compileQueryParser = require('./utils').compileQueryParser;
-var compileTrust = require('./utils').compileTrust;
-var deprecate = require('depd')('express');
-var flatten = require('array-flatten');
-var merge = require('utils-merge');
-var resolve = require('path').resolve;
-var setPrototypeOf = require('setprototypeof')
-
-/**
- * Module variables.
- * @private
- */
-
-var hasOwnProperty = Object.prototype.hasOwnProperty
-var slice = Array.prototype.slice;
-
-/**
- * Application prototype.
- */
-
-var app = exports = module.exports = {};
-
-/**
- * Variable for trust proxy inheritance back-compat
- * @private
- */
-
-var trustProxyDefaultSymbol = '@@symbol:trust_proxy_default';
-
-/**
- * Initialize the server.
- *
- *   - setup default configuration
- *   - setup default middleware
- *   - setup route reflection methods
- *
- * @private
- */
-
-app.init = function init() {
-  this.cache = {};
-  this.engines = {};
-  this.settings = {};
-
-  this.defaultConfiguration();
-};
-
-/**
- * Initialize application configuration.
- * @private
- */
-
-app.defaultConfiguration = function defaultConfiguration() {
-  var env = process.env.NODE_ENV || 'development';
-
-  // default settings
-  this.enable('x-powered-by');
-  this.set('etag', 'weak');
-  this.set('env', env);
-  this.set('query parser', 'extended');
-  this.set('subdomain offset', 2);
-  this.set('trust proxy', false);
-
-  // trust proxy inherit back-compat
-  Object.defineProperty(this.settings, trustProxyDefaultSymbol, {
-    configurable: true,
-    value: true
-  });
-
-  debug('booting in %s mode', env);
-
-  this.on('mount', function onmount(parent) {
-    // inherit trust proxy
-    if (this.settings[trustProxyDefaultSymbol] === true
-      && typeof parent.settings['trust proxy fn'] === 'function') {
-      delete this.settings['trust proxy'];
-      delete this.settings['trust proxy fn'];
-    }
-
-    // inherit protos
-    setPrototypeOf(this.request, parent.request)
-    setPrototypeOf(this.response, parent.response)
-    setPrototypeOf(this.engines, parent.engines)
-    setPrototypeOf(this.settings, parent.settings)
-  });
-
-  // setup locals
-  this.locals = Object.create(null);
-
-  // top-most app is mounted at /
-  this.mountpath = '/';
-
-  // default locals
-  this.locals.settings = this.settings;
-
-  // default configuration
-  this.set('view', View);
-  this.set('views', resolve('views'));
-  this.set('jsonp callback name', 'callback');
-
-  if (env === 'production') {
-    this.enable('view cache');
-  }
-
-  Object.defineProperty(this, 'router', {
-    get: function() {
-      throw new Error('\'app.router\' is deprecated!\nPlease see the 3.x to 4.x migration guide for details on how to update your app.');
-    }
-  });
-};
-
-/**
- * lazily adds the base router if it has not yet been added.
- *
- * We cannot add the base router in the defaultConfiguration because
- * it reads app settings which might be set after that has run.
- *
- * @private
- */
-app.lazyrouter = function lazyrouter() {
-  if (!this._router) {
-    this._router = new Router({
-      caseSensitive: this.enabled('case sensitive routing'),
-      strict: this.enabled('strict routing')
-    });
-
-    this._router.use(query(this.get('query parser fn')));
-    this._router.use(middleware.init(this));
-  }
-};
-
-/**
- * Dispatch a req, res pair into the application. Starts pipeline processing.
- *
- * If no callback is provided, then default error handlers will respond
- * in the event of an error bubbling through the stack.
- *
- * @private
- */
-
-app.handle = function handle(req, res, callback) {
-  var router = this._router;
-
-  // final handler
-  var done = callback || finalhandler(req, res, {
-    env: this.get('env'),
-    onerror: logerror.bind(this)
-  });
-
-  // no routes
-  if (!router) {
-    debug('no routes defined on app');
-    done();
-    return;
-  }
-
-  router.handle(req, res, done);
-};
-
-/**
- * Proxy `Router#use()` to add middleware to the app router.
- * See Router#use() documentation for details.
- *
- * If the _fn_ parameter is an express app, then it will be
- * mounted at the _route_ specified.
- *
- * @public
- */
-
-app.use = function use(fn) {
-  var offset = 0;
-  var path = '/';
-
-  // default path to '/'
-  // disambiguate app.use([fn])
-  if (typeof fn !== 'function') {
-    var arg = fn;
-
-    while (Array.isArray(arg) && arg.length !== 0) {
-      arg = arg[0];
-    }
-
-    // first arg is the path
-    if (typeof arg !== 'function') {
-      offset = 1;
-      path = fn;
-    }
-  }
-
-  var fns = flatten(slice.call(arguments, offset));
-
-  if (fns.length === 0) {
-    throw new TypeError('app.use() requires a middleware function')
-  }
-
-  // setup router
-  this.lazyrouter();
-  var router = this._router;
-
-  fns.forEach(function (fn) {
-    // non-express app
-    if (!fn || !fn.handle || !fn.set) {
-      return router.use(path, fn);
-    }
-
-    debug('.use app under %s', path);
-    fn.mountpath = path;
-    fn.parent = this;
-
-    // restore .app property on req and res
-    router.use(path, function mounted_app(req, res, next) {
-      var orig = req.app;
-      fn.handle(req, res, function (err) {
-        setPrototypeOf(req, orig.request)
-        setPrototypeOf(res, orig.response)
-        next(err);
-      });
-    });
-
-    // mounted an app
-    fn.emit('mount', this);
-  }, this);
-
-  return this;
-};
-
-/**
- * Proxy to the app `Router#route()`
- * Returns a new `Route` instance for the _path_.
- *
- * Routes are isolated middleware stacks for specific paths.
- * See the Route api docs for details.
- *
- * @public
- */
-
-app.route = function route(path) {
-  this.lazyrouter();
-  return this._router.route(path);
-};
-
-/**
- * Register the given template engine callback `fn`
- * as `ext`.
- *
- * By default will `require()` the engine based on the
- * file extension. For example if you try to render
- * a "foo.ejs" file Express will invoke the following internally:
- *
- *     app.engine('ejs', require('ejs').__express);
- *
- * For engines that do not provide `.__express` out of the box,
- * or if you wish to "map" a different extension to the template engine
- * you may use this method. For example mapping the EJS template engine to
- * ".html" files:
- *
- *     app.engine('html', require('ejs').renderFile);
- *
- * In this case EJS provides a `.renderFile()` method with
- * the same signature that Express expects: `(path, options, callback)`,
- * though note that it aliases this method as `ejs.__express` internally
- * so if you're using ".ejs" extensions you don't need to do anything.
- *
- * Some template engines do not follow this convention, the
- * [Consolidate.js](https://github.com/tj/consolidate.js)
- * library was created to map all of node's popular template
- * engines to follow this convention, thus allowing them to
- * work seamlessly within Express.
- *
- * @param {String} ext
- * @param {Function} fn
- * @return {app} for chaining
- * @public
- */
-
-app.engine = function engine(ext, fn) {
-  if (typeof fn !== 'function') {
-    throw new Error('callback function required');
-  }
-
-  // get file extension
-  var extension = ext[0] !== '.'
-    ? '.' + ext
-    : ext;
-
-  // store engine
-  this.engines[extension] = fn;
-
-  return this;
-};
-
-/**
- * Proxy to `Router#param()` with one added api feature. The _name_ parameter
- * can be an array of names.
- *
- * See the Router#param() docs for more details.
- *
- * @param {String|Array} name
- * @param {Function} fn
- * @return {app} for chaining
- * @public
- */
-
-app.param = function param(name, fn) {
-  this.lazyrouter();
-
-  if (Array.isArray(name)) {
-    for (var i = 0; i < name.length; i++) {
-      this.param(name[i], fn);
-    }
-
-    return this;
-  }
-
-  this._router.param(name, fn);
-
-  return this;
-};
-
-/**
- * Assign `setting` to `val`, or return `setting`'s value.
- *
- *    app.set('foo', 'bar');
- *    app.set('foo');
- *    // => "bar"
- *
- * Mounted servers inherit their parent server's settings.
- *
- * @param {String} setting
- * @param {*} [val]
- * @return {Server} for chaining
- * @public
- */
-
-app.set = function set(setting, val) {
-  if (arguments.length === 1) {
-    // app.get(setting)
-    var settings = this.settings
-
-    while (settings && settings !== Object.prototype) {
-      if (hasOwnProperty.call(settings, setting)) {
-        return settings[setting]
-      }
-
-      settings = Object.getPrototypeOf(settings)
-    }
-
-    return undefined
-  }
-
-  debug('set "%s" to %o', setting, val);
-
-  // set value
-  this.settings[setting] = val;
-
-  // trigger matched settings
-  switch (setting) {
-    case 'etag':
-      this.set('etag fn', compileETag(val));
-      break;
-    case 'query parser':
-      this.set('query parser fn', compileQueryParser(val));
-      break;
-    case 'trust proxy':
-      this.set('trust proxy fn', compileTrust(val));
-
-      // trust proxy inherit back-compat
-      Object.defineProperty(this.settings, trustProxyDefaultSymbol, {
-        configurable: true,
-        value: false
-      });
-
-      break;
-  }
-
-  return this;
-};
-
-/**
- * Return the app's absolute pathname
- * based on the parent(s) that have
- * mounted it.
- *
- * For example if the application was
- * mounted as "/admin", which itself
- * was mounted as "/blog" then the
- * return value would be "/blog/admin".
- *
- * @return {String}
- * @private
- */
-
-app.path = function path() {
-  return this.parent
-    ? this.parent.path() + this.mountpath
-    : '';
-};
-
-/**
- * Check if `setting` is enabled (truthy).
- *
- *    app.enabled('foo')
- *    // => false
- *
- *    app.enable('foo')
- *    app.enabled('foo')
- *    // => true
- *
- * @param {String} setting
- * @return {Boolean}
- * @public
- */
-
-app.enabled = function enabled(setting) {
-  return Boolean(this.set(setting));
-};
-
-/**
- * Check if `setting` is disabled.
- *
- *    app.disabled('foo')
- *    // => true
- *
- *    app.enable('foo')
- *    app.disabled('foo')
- *    // => false
- *
- * @param {String} setting
- * @return {Boolean}
- * @public
- */
-
-app.disabled = function disabled(setting) {
-  return !this.set(setting);
-};
-
-/**
- * Enable `setting`.
- *
- * @param {String} setting
- * @return {app} for chaining
- * @public
- */
-
-app.enable = function enable(setting) {
-  return this.set(setting, true);
-};
-
-/**
- * Disable `setting`.
- *
- * @param {String} setting
- * @return {app} for chaining
- * @public
- */
-
-app.disable = function disable(setting) {
-  return this.set(setting, false);
-};
-
-/**
- * Delegate `.VERB(...)` calls to `router.VERB(...)`.
- */
-
-methods.forEach(function(method){
-  app[method] = function(path){
-    if (method === 'get' && arguments.length === 1) {
-      // app.get(setting)
-      return this.set(path);
-    }
-
-    this.lazyrouter();
-
-    var route = this._router.route(path);
-    route[method].apply(route, slice.call(arguments, 1));
-    return this;
-  };
-});
-
-/**
- * Special-cased "all" method, applying the given route `path`,
- * middleware, and callback to _every_ HTTP method.
- *
- * @param {String} path
- * @param {Function} ...
- * @return {app} for chaining
- * @public
- */
-
-app.all = function all(path) {
-  this.lazyrouter();
-
-  var route = this._router.route(path);
-  var args = slice.call(arguments, 1);
-
-  for (var i = 0; i < methods.length; i++) {
-    route[methods[i]].apply(route, args);
-  }
-
-  return this;
-};
-
-// del -> delete alias
-
-app.del = deprecate.function(app.delete, 'app.del: Use app.delete instead');
-
-/**
- * Render the given view `name` name with `options`
- * and a callback accepting an error and the
- * rendered template string.
- *
- * Example:
- *
- *    app.render('email', { name: 'Tobi' }, function(err, html){
- *      // ...
- *    })
- *
- * @param {String} name
- * @param {Object|Function} options or fn
- * @param {Function} callback
- * @public
- */
-
-app.render = function render(name, options, callback) {
-  var cache = this.cache;
-  var done = callback;
-  var engines = this.engines;
-  var opts = options;
-  var renderOptions = {};
-  var view;
-
-  // support callback function as second arg
-  if (typeof options === 'function') {
-    done = options;
-    opts = {};
-  }
-
-  // merge app.locals
-  merge(renderOptions, this.locals);
-
-  // merge options._locals
-  if (opts._locals) {
-    merge(renderOptions, opts._locals);
-  }
-
-  // merge options
-  merge(renderOptions, opts);
-
-  // set .cache unless explicitly provided
-  if (renderOptions.cache == null) {
-    renderOptions.cache = this.enabled('view cache');
-  }
-
-  // primed cache
-  if (renderOptions.cache) {
-    view = cache[name];
-  }
-
-  // view
-  if (!view) {
-    var View = this.get('view');
-
-    view = new View(name, {
-      defaultEngine: this.get('view engine'),
-      root: this.get('views'),
-      engines: engines
-    });
-
-    if (!view.path) {
-      var dirs = Array.isArray(view.root) && view.root.length > 1
-        ? 'directories "' + view.root.slice(0, -1).join('", "') + '" or "' + view.root[view.root.length - 1] + '"'
-        : 'directory "' + view.root + '"'
-      var err = new Error('Failed to lookup view "' + name + '" in views ' + dirs);
-      err.view = view;
-      return done(err);
-    }
-
-    // prime the cache
-    if (renderOptions.cache) {
-      cache[name] = view;
-    }
-  }
-
-  // render
-  tryRender(view, renderOptions, done);
-};
-
-/**
- * Listen for connections.
- *
- * A node `http.Server` is returned, with this
- * application (which is a `Function`) as its
- * callback. If you wish to create both an HTTP
- * and HTTPS server you may do so with the "http"
- * and "https" modules as shown here:
- *
- *    var http = require('http')
- *      , https = require('https')
- *      , express = require('express')
- *      , app = express();
- *
- *    http.createServer(app).listen(80);
- *    https.createServer({ ... }, app).listen(443);
- *
- * @return {http.Server}
- * @public
- */
-
-app.listen = function listen() {
-  var server = http.createServer(this);
-  return server.listen.apply(server, arguments);
-};
-
-/**
- * Log error using console.error.
- *
- * @param {Error} err
- * @private
- */
-
-function logerror(err) {
-  /* istanbul ignore next */
-  if (this.get('env') !== 'test') console.error(err.stack || err.toString());
-}
-
-/**
- * Try rendering a view.
- * @private
- */
-
-function tryRender(view, options, callback) {
-  try {
-    view.render(options, callback);
-  } catch (err) {
-    callback(err);
-  }
-}
diff --git a/src/Servers/ExpressServer/node_modules/express/lib/express.js b/src/Servers/ExpressServer/node_modules/express/lib/express.js
deleted file mode 100644
index d188a16..0000000
--- a/src/Servers/ExpressServer/node_modules/express/lib/express.js
+++ /dev/null
@@ -1,116 +0,0 @@
-/*!
- * express
- * Copyright(c) 2009-2013 TJ Holowaychuk
- * Copyright(c) 2013 Roman Shtylman
- * Copyright(c) 2014-2015 Douglas Christopher Wilson
- * MIT Licensed
- */
-
-'use strict';
-
-/**
- * Module dependencies.
- */
-
-var bodyParser = require('body-parser')
-var EventEmitter = require('events').EventEmitter;
-var mixin = require('merge-descriptors');
-var proto = require('./application');
-var Route = require('./router/route');
-var Router = require('./router');
-var req = require('./request');
-var res = require('./response');
-
-/**
- * Expose `createApplication()`.
- */
-
-exports = module.exports = createApplication;
-
-/**
- * Create an express application.
- *
- * @return {Function}
- * @api public
- */
-
-function createApplication() {
-  var app = function(req, res, next) {
-    app.handle(req, res, next);
-  };
-
-  mixin(app, EventEmitter.prototype, false);
-  mixin(app, proto, false);
-
-  // expose the prototype that will get set on requests
-  app.request = Object.create(req, {
-    app: { configurable: true, enumerable: true, writable: true, value: app }
-  })
-
-  // expose the prototype that will get set on responses
-  app.response = Object.create(res, {
-    app: { configurable: true, enumerable: true, writable: true, value: app }
-  })
-
-  app.init();
-  return app;
-}
-
-/**
- * Expose the prototypes.
- */
-
-exports.application = proto;
-exports.request = req;
-exports.response = res;
-
-/**
- * Expose constructors.
- */
-
-exports.Route = Route;
-exports.Router = Router;
-
-/**
- * Expose middleware
- */
-
-exports.json = bodyParser.json
-exports.query = require('./middleware/query');
-exports.raw = bodyParser.raw
-exports.static = require('serve-static');
-exports.text = bodyParser.text
-exports.urlencoded = bodyParser.urlencoded
-
-/**
- * Replace removed middleware with an appropriate error message.
- */
-
-var removedMiddlewares = [
-  'bodyParser',
-  'compress',
-  'cookieSession',
-  'session',
-  'logger',
-  'cookieParser',
-  'favicon',
-  'responseTime',
-  'errorHandler',
-  'timeout',
-  'methodOverride',
-  'vhost',
-  'csrf',
-  'directory',
-  'limit',
-  'multipart',
-  'staticCache'
-]
-
-removedMiddlewares.forEach(function (name) {
-  Object.defineProperty(exports, name, {
-    get: function () {
-      throw new Error('Most middleware (like ' + name + ') is no longer bundled with Express and must be installed separately. Please see https://github.com/senchalabs/connect#middleware.');
-    },
-    configurable: true
-  });
-});
diff --git a/src/Servers/ExpressServer/node_modules/express/lib/middleware/init.js b/src/Servers/ExpressServer/node_modules/express/lib/middleware/init.js
deleted file mode 100644
index dfd0427..0000000
--- a/src/Servers/ExpressServer/node_modules/express/lib/middleware/init.js
+++ /dev/null
@@ -1,43 +0,0 @@
-/*!
- * express
- * Copyright(c) 2009-2013 TJ Holowaychuk
- * Copyright(c) 2013 Roman Shtylman
- * Copyright(c) 2014-2015 Douglas Christopher Wilson
- * MIT Licensed
- */
-
-'use strict';
-
-/**
- * Module dependencies.
- * @private
- */
-
-var setPrototypeOf = require('setprototypeof')
-
-/**
- * Initialization middleware, exposing the
- * request and response to each other, as well
- * as defaulting the X-Powered-By header field.
- *
- * @param {Function} app
- * @return {Function}
- * @api private
- */
-
-exports.init = function(app){
-  return function expressInit(req, res, next){
-    if (app.enabled('x-powered-by')) res.setHeader('X-Powered-By', 'Express');
-    req.res = res;
-    res.req = req;
-    req.next = next;
-
-    setPrototypeOf(req, app.request)
-    setPrototypeOf(res, app.response)
-
-    res.locals = res.locals || Object.create(null);
-
-    next();
-  };
-};
-
diff --git a/src/Servers/ExpressServer/node_modules/express/lib/middleware/query.js b/src/Servers/ExpressServer/node_modules/express/lib/middleware/query.js
deleted file mode 100644
index 7e91669..0000000
--- a/src/Servers/ExpressServer/node_modules/express/lib/middleware/query.js
+++ /dev/null
@@ -1,47 +0,0 @@
-/*!
- * express
- * Copyright(c) 2009-2013 TJ Holowaychuk
- * Copyright(c) 2013 Roman Shtylman
- * Copyright(c) 2014-2015 Douglas Christopher Wilson
- * MIT Licensed
- */
-
-'use strict';
-
-/**
- * Module dependencies.
- */
-
-var merge = require('utils-merge')
-var parseUrl = require('parseurl');
-var qs = require('qs');
-
-/**
- * @param {Object} options
- * @return {Function}
- * @api public
- */
-
-module.exports = function query(options) {
-  var opts = merge({}, options)
-  var queryparse = qs.parse;
-
-  if (typeof options === 'function') {
-    queryparse = options;
-    opts = undefined;
-  }
-
-  if (opts !== undefined && opts.allowPrototypes === undefined) {
-    // back-compat for qs module
-    opts.allowPrototypes = true;
-  }
-
-  return function query(req, res, next){
-    if (!req.query) {
-      var val = parseUrl(req).query;
-      req.query = queryparse(val, opts);
-    }
-
-    next();
-  };
-};
diff --git a/src/Servers/ExpressServer/node_modules/express/lib/request.js b/src/Servers/ExpressServer/node_modules/express/lib/request.js
deleted file mode 100644
index 3f1eeca..0000000
--- a/src/Servers/ExpressServer/node_modules/express/lib/request.js
+++ /dev/null
@@ -1,525 +0,0 @@
-/*!
- * express
- * Copyright(c) 2009-2013 TJ Holowaychuk
- * Copyright(c) 2013 Roman Shtylman
- * Copyright(c) 2014-2015 Douglas Christopher Wilson
- * MIT Licensed
- */
-
-'use strict';
-
-/**
- * Module dependencies.
- * @private
- */
-
-var accepts = require('accepts');
-var deprecate = require('depd')('express');
-var isIP = require('net').isIP;
-var typeis = require('type-is');
-var http = require('http');
-var fresh = require('fresh');
-var parseRange = require('range-parser');
-var parse = require('parseurl');
-var proxyaddr = require('proxy-addr');
-
-/**
- * Request prototype.
- * @public
- */
-
-var req = Object.create(http.IncomingMessage.prototype)
-
-/**
- * Module exports.
- * @public
- */
-
-module.exports = req
-
-/**
- * Return request header.
- *
- * The `Referrer` header field is special-cased,
- * both `Referrer` and `Referer` are interchangeable.
- *
- * Examples:
- *
- *     req.get('Content-Type');
- *     // => "text/plain"
- *
- *     req.get('content-type');
- *     // => "text/plain"
- *
- *     req.get('Something');
- *     // => undefined
- *
- * Aliased as `req.header()`.
- *
- * @param {String} name
- * @return {String}
- * @public
- */
-
-req.get =
-req.header = function header(name) {
-  if (!name) {
-    throw new TypeError('name argument is required to req.get');
-  }
-
-  if (typeof name !== 'string') {
-    throw new TypeError('name must be a string to req.get');
-  }
-
-  var lc = name.toLowerCase();
-
-  switch (lc) {
-    case 'referer':
-    case 'referrer':
-      return this.headers.referrer
-        || this.headers.referer;
-    default:
-      return this.headers[lc];
-  }
-};
-
-/**
- * To do: update docs.
- *
- * Check if the given `type(s)` is acceptable, returning
- * the best match when true, otherwise `undefined`, in which
- * case you should respond with 406 "Not Acceptable".
- *
- * The `type` value may be a single MIME type string
- * such as "application/json", an extension name
- * such as "json", a comma-delimited list such as "json, html, text/plain",
- * an argument list such as `"json", "html", "text/plain"`,
- * or an array `["json", "html", "text/plain"]`. When a list
- * or array is given, the _best_ match, if any is returned.
- *
- * Examples:
- *
- *     // Accept: text/html
- *     req.accepts('html');
- *     // => "html"
- *
- *     // Accept: text/*, application/json
- *     req.accepts('html');
- *     // => "html"
- *     req.accepts('text/html');
- *     // => "text/html"
- *     req.accepts('json, text');
- *     // => "json"
- *     req.accepts('application/json');
- *     // => "application/json"
- *
- *     // Accept: text/*, application/json
- *     req.accepts('image/png');
- *     req.accepts('png');
- *     // => undefined
- *
- *     // Accept: text/*;q=.5, application/json
- *     req.accepts(['html', 'json']);
- *     req.accepts('html', 'json');
- *     req.accepts('html, json');
- *     // => "json"
- *
- * @param {String|Array} type(s)
- * @return {String|Array|Boolean}
- * @public
- */
-
-req.accepts = function(){
-  var accept = accepts(this);
-  return accept.types.apply(accept, arguments);
-};
-
-/**
- * Check if the given `encoding`s are accepted.
- *
- * @param {String} ...encoding
- * @return {String|Array}
- * @public
- */
-
-req.acceptsEncodings = function(){
-  var accept = accepts(this);
-  return accept.encodings.apply(accept, arguments);
-};
-
-req.acceptsEncoding = deprecate.function(req.acceptsEncodings,
-  'req.acceptsEncoding: Use acceptsEncodings instead');
-
-/**
- * Check if the given `charset`s are acceptable,
- * otherwise you should respond with 406 "Not Acceptable".
- *
- * @param {String} ...charset
- * @return {String|Array}
- * @public
- */
-
-req.acceptsCharsets = function(){
-  var accept = accepts(this);
-  return accept.charsets.apply(accept, arguments);
-};
-
-req.acceptsCharset = deprecate.function(req.acceptsCharsets,
-  'req.acceptsCharset: Use acceptsCharsets instead');
-
-/**
- * Check if the given `lang`s are acceptable,
- * otherwise you should respond with 406 "Not Acceptable".
- *
- * @param {String} ...lang
- * @return {String|Array}
- * @public
- */
-
-req.acceptsLanguages = function(){
-  var accept = accepts(this);
-  return accept.languages.apply(accept, arguments);
-};
-
-req.acceptsLanguage = deprecate.function(req.acceptsLanguages,
-  'req.acceptsLanguage: Use acceptsLanguages instead');
-
-/**
- * Parse Range header field, capping to the given `size`.
- *
- * Unspecified ranges such as "0-" require knowledge of your resource length. In
- * the case of a byte range this is of course the total number of bytes. If the
- * Range header field is not given `undefined` is returned, `-1` when unsatisfiable,
- * and `-2` when syntactically invalid.
- *
- * When ranges are returned, the array has a "type" property which is the type of
- * range that is required (most commonly, "bytes"). Each array element is an object
- * with a "start" and "end" property for the portion of the range.
- *
- * The "combine" option can be set to `true` and overlapping & adjacent ranges
- * will be combined into a single range.
- *
- * NOTE: remember that ranges are inclusive, so for example "Range: users=0-3"
- * should respond with 4 users when available, not 3.
- *
- * @param {number} size
- * @param {object} [options]
- * @param {boolean} [options.combine=false]
- * @return {number|array}
- * @public
- */
-
-req.range = function range(size, options) {
-  var range = this.get('Range');
-  if (!range) return;
-  return parseRange(size, range, options);
-};
-
-/**
- * Return the value of param `name` when present or `defaultValue`.
- *
- *  - Checks route placeholders, ex: _/user/:id_
- *  - Checks body params, ex: id=12, {"id":12}
- *  - Checks query string params, ex: ?id=12
- *
- * To utilize request bodies, `req.body`
- * should be an object. This can be done by using
- * the `bodyParser()` middleware.
- *
- * @param {String} name
- * @param {Mixed} [defaultValue]
- * @return {String}
- * @public
- */
-
-req.param = function param(name, defaultValue) {
-  var params = this.params || {};
-  var body = this.body || {};
-  var query = this.query || {};
-
-  var args = arguments.length === 1
-    ? 'name'
-    : 'name, default';
-  deprecate('req.param(' + args + '): Use req.params, req.body, or req.query instead');
-
-  if (null != params[name] && params.hasOwnProperty(name)) return params[name];
-  if (null != body[name]) return body[name];
-  if (null != query[name]) return query[name];
-
-  return defaultValue;
-};
-
-/**
- * Check if the incoming request contains the "Content-Type"
- * header field, and it contains the given mime `type`.
- *
- * Examples:
- *
- *      // With Content-Type: text/html; charset=utf-8
- *      req.is('html');
- *      req.is('text/html');
- *      req.is('text/*');
- *      // => true
- *
- *      // When Content-Type is application/json
- *      req.is('json');
- *      req.is('application/json');
- *      req.is('application/*');
- *      // => true
- *
- *      req.is('html');
- *      // => false
- *
- * @param {String|Array} types...
- * @return {String|false|null}
- * @public
- */
-
-req.is = function is(types) {
-  var arr = types;
-
-  // support flattened arguments
-  if (!Array.isArray(types)) {
-    arr = new Array(arguments.length);
-    for (var i = 0; i < arr.length; i++) {
-      arr[i] = arguments[i];
-    }
-  }
-
-  return typeis(this, arr);
-};
-
-/**
- * Return the protocol string "http" or "https"
- * when requested with TLS. When the "trust proxy"
- * setting trusts the socket address, the
- * "X-Forwarded-Proto" header field will be trusted
- * and used if present.
- *
- * If you're running behind a reverse proxy that
- * supplies https for you this may be enabled.
- *
- * @return {String}
- * @public
- */
-
-defineGetter(req, 'protocol', function protocol(){
-  var proto = this.connection.encrypted
-    ? 'https'
-    : 'http';
-  var trust = this.app.get('trust proxy fn');
-
-  if (!trust(this.connection.remoteAddress, 0)) {
-    return proto;
-  }
-
-  // Note: X-Forwarded-Proto is normally only ever a
-  //       single value, but this is to be safe.
-  var header = this.get('X-Forwarded-Proto') || proto
-  var index = header.indexOf(',')
-
-  return index !== -1
-    ? header.substring(0, index).trim()
-    : header.trim()
-});
-
-/**
- * Short-hand for:
- *
- *    req.protocol === 'https'
- *
- * @return {Boolean}
- * @public
- */
-
-defineGetter(req, 'secure', function secure(){
-  return this.protocol === 'https';
-});
-
-/**
- * Return the remote address from the trusted proxy.
- *
- * The is the remote address on the socket unless
- * "trust proxy" is set.
- *
- * @return {String}
- * @public
- */
-
-defineGetter(req, 'ip', function ip(){
-  var trust = this.app.get('trust proxy fn');
-  return proxyaddr(this, trust);
-});
-
-/**
- * When "trust proxy" is set, trusted proxy addresses + client.
- *
- * For example if the value were "client, proxy1, proxy2"
- * you would receive the array `["client", "proxy1", "proxy2"]`
- * where "proxy2" is the furthest down-stream and "proxy1" and
- * "proxy2" were trusted.
- *
- * @return {Array}
- * @public
- */
-
-defineGetter(req, 'ips', function ips() {
-  var trust = this.app.get('trust proxy fn');
-  var addrs = proxyaddr.all(this, trust);
-
-  // reverse the order (to farthest -> closest)
-  // and remove socket address
-  addrs.reverse().pop()
-
-  return addrs
-});
-
-/**
- * Return subdomains as an array.
- *
- * Subdomains are the dot-separated parts of the host before the main domain of
- * the app. By default, the domain of the app is assumed to be the last two
- * parts of the host. This can be changed by setting "subdomain offset".
- *
- * For example, if the domain is "tobi.ferrets.example.com":
- * If "subdomain offset" is not set, req.subdomains is `["ferrets", "tobi"]`.
- * If "subdomain offset" is 3, req.subdomains is `["tobi"]`.
- *
- * @return {Array}
- * @public
- */
-
-defineGetter(req, 'subdomains', function subdomains() {
-  var hostname = this.hostname;
-
-  if (!hostname) return [];
-
-  var offset = this.app.get('subdomain offset');
-  var subdomains = !isIP(hostname)
-    ? hostname.split('.').reverse()
-    : [hostname];
-
-  return subdomains.slice(offset);
-});
-
-/**
- * Short-hand for `url.parse(req.url).pathname`.
- *
- * @return {String}
- * @public
- */
-
-defineGetter(req, 'path', function path() {
-  return parse(this).pathname;
-});
-
-/**
- * Parse the "Host" header field to a hostname.
- *
- * When the "trust proxy" setting trusts the socket
- * address, the "X-Forwarded-Host" header field will
- * be trusted.
- *
- * @return {String}
- * @public
- */
-
-defineGetter(req, 'hostname', function hostname(){
-  var trust = this.app.get('trust proxy fn');
-  var host = this.get('X-Forwarded-Host');
-
-  if (!host || !trust(this.connection.remoteAddress, 0)) {
-    host = this.get('Host');
-  } else if (host.indexOf(',') !== -1) {
-    // Note: X-Forwarded-Host is normally only ever a
-    //       single value, but this is to be safe.
-    host = host.substring(0, host.indexOf(',')).trimRight()
-  }
-
-  if (!host) return;
-
-  // IPv6 literal support
-  var offset = host[0] === '['
-    ? host.indexOf(']') + 1
-    : 0;
-  var index = host.indexOf(':', offset);
-
-  return index !== -1
-    ? host.substring(0, index)
-    : host;
-});
-
-// TODO: change req.host to return host in next major
-
-defineGetter(req, 'host', deprecate.function(function host(){
-  return this.hostname;
-}, 'req.host: Use req.hostname instead'));
-
-/**
- * Check if the request is fresh, aka
- * Last-Modified and/or the ETag
- * still match.
- *
- * @return {Boolean}
- * @public
- */
-
-defineGetter(req, 'fresh', function(){
-  var method = this.method;
-  var res = this.res
-  var status = res.statusCode
-
-  // GET or HEAD for weak freshness validation only
-  if ('GET' !== method && 'HEAD' !== method) return false;
-
-  // 2xx or 304 as per rfc2616 14.26
-  if ((status >= 200 && status < 300) || 304 === status) {
-    return fresh(this.headers, {
-      'etag': res.get('ETag'),
-      'last-modified': res.get('Last-Modified')
-    })
-  }
-
-  return false;
-});
-
-/**
- * Check if the request is stale, aka
- * "Last-Modified" and / or the "ETag" for the
- * resource has changed.
- *
- * @return {Boolean}
- * @public
- */
-
-defineGetter(req, 'stale', function stale(){
-  return !this.fresh;
-});
-
-/**
- * Check if the request was an _XMLHttpRequest_.
- *
- * @return {Boolean}
- * @public
- */
-
-defineGetter(req, 'xhr', function xhr(){
-  var val = this.get('X-Requested-With') || '';
-  return val.toLowerCase() === 'xmlhttprequest';
-});
-
-/**
- * Helper function for creating a getter on an object.
- *
- * @param {Object} obj
- * @param {String} name
- * @param {Function} getter
- * @private
- */
-function defineGetter(obj, name, getter) {
-  Object.defineProperty(obj, name, {
-    configurable: true,
-    enumerable: true,
-    get: getter
-  });
-}
diff --git a/src/Servers/ExpressServer/node_modules/express/lib/response.js b/src/Servers/ExpressServer/node_modules/express/lib/response.js
deleted file mode 100644
index 2b654f4..0000000
--- a/src/Servers/ExpressServer/node_modules/express/lib/response.js
+++ /dev/null
@@ -1,1179 +0,0 @@
-/*!
- * express
- * Copyright(c) 2009-2013 TJ Holowaychuk
- * Copyright(c) 2014-2015 Douglas Christopher Wilson
- * MIT Licensed
- */
-
-'use strict';
-
-/**
- * Module dependencies.
- * @private
- */
-
-var Buffer = require('safe-buffer').Buffer
-var contentDisposition = require('content-disposition');
-var createError = require('http-errors')
-var deprecate = require('depd')('express');
-var encodeUrl = require('encodeurl');
-var escapeHtml = require('escape-html');
-var http = require('http');
-var isAbsolute = require('./utils').isAbsolute;
-var onFinished = require('on-finished');
-var path = require('path');
-var statuses = require('statuses')
-var merge = require('utils-merge');
-var sign = require('cookie-signature').sign;
-var normalizeType = require('./utils').normalizeType;
-var normalizeTypes = require('./utils').normalizeTypes;
-var setCharset = require('./utils').setCharset;
-var cookie = require('cookie');
-var send = require('send');
-var extname = path.extname;
-var mime = send.mime;
-var resolve = path.resolve;
-var vary = require('vary');
-
-/**
- * Response prototype.
- * @public
- */
-
-var res = Object.create(http.ServerResponse.prototype)
-
-/**
- * Module exports.
- * @public
- */
-
-module.exports = res
-
-/**
- * Module variables.
- * @private
- */
-
-var charsetRegExp = /;\s*charset\s*=/;
-
-/**
- * Set status `code`.
- *
- * @param {Number} code
- * @return {ServerResponse}
- * @public
- */
-
-res.status = function status(code) {
-  if ((typeof code === 'string' || Math.floor(code) !== code) && code > 99 && code < 1000) {
-    deprecate('res.status(' + JSON.stringify(code) + '): use res.status(' + Math.floor(code) + ') instead')
-  }
-  this.statusCode = code;
-  return this;
-};
-
-/**
- * Set Link header field with the given `links`.
- *
- * Examples:
- *
- *    res.links({
- *      next: 'http://api.example.com/users?page=2',
- *      last: 'http://api.example.com/users?page=5'
- *    });
- *
- * @param {Object} links
- * @return {ServerResponse}
- * @public
- */
-
-res.links = function(links){
-  var link = this.get('Link') || '';
-  if (link) link += ', ';
-  return this.set('Link', link + Object.keys(links).map(function(rel){
-    return '<' + links[rel] + '>; rel="' + rel + '"';
-  }).join(', '));
-};
-
-/**
- * Send a response.
- *
- * Examples:
- *
- *     res.send(Buffer.from('wahoo'));
- *     res.send({ some: 'json' });
- *     res.send('<p>some html</p>');
- *
- * @param {string|number|boolean|object|Buffer} body
- * @public
- */
-
-res.send = function send(body) {
-  var chunk = body;
-  var encoding;
-  var req = this.req;
-  var type;
-
-  // settings
-  var app = this.app;
-
-  // allow status / body
-  if (arguments.length === 2) {
-    // res.send(body, status) backwards compat
-    if (typeof arguments[0] !== 'number' && typeof arguments[1] === 'number') {
-      deprecate('res.send(body, status): Use res.status(status).send(body) instead');
-      this.statusCode = arguments[1];
-    } else {
-      deprecate('res.send(status, body): Use res.status(status).send(body) instead');
-      this.statusCode = arguments[0];
-      chunk = arguments[1];
-    }
-  }
-
-  // disambiguate res.send(status) and res.send(status, num)
-  if (typeof chunk === 'number' && arguments.length === 1) {
-    // res.send(status) will set status message as text string
-    if (!this.get('Content-Type')) {
-      this.type('txt');
-    }
-
-    deprecate('res.send(status): Use res.sendStatus(status) instead');
-    this.statusCode = chunk;
-    chunk = statuses.message[chunk]
-  }
-
-  switch (typeof chunk) {
-    // string defaulting to html
-    case 'string':
-      if (!this.get('Content-Type')) {
-        this.type('html');
-      }
-      break;
-    case 'boolean':
-    case 'number':
-    case 'object':
-      if (chunk === null) {
-        chunk = '';
-      } else if (Buffer.isBuffer(chunk)) {
-        if (!this.get('Content-Type')) {
-          this.type('bin');
-        }
-      } else {
-        return this.json(chunk);
-      }
-      break;
-  }
-
-  // write strings in utf-8
-  if (typeof chunk === 'string') {
-    encoding = 'utf8';
-    type = this.get('Content-Type');
-
-    // reflect this in content-type
-    if (typeof type === 'string') {
-      this.set('Content-Type', setCharset(type, 'utf-8'));
-    }
-  }
-
-  // determine if ETag should be generated
-  var etagFn = app.get('etag fn')
-  var generateETag = !this.get('ETag') && typeof etagFn === 'function'
-
-  // populate Content-Length
-  var len
-  if (chunk !== undefined) {
-    if (Buffer.isBuffer(chunk)) {
-      // get length of Buffer
-      len = chunk.length
-    } else if (!generateETag && chunk.length < 1000) {
-      // just calculate length when no ETag + small chunk
-      len = Buffer.byteLength(chunk, encoding)
-    } else {
-      // convert chunk to Buffer and calculate
-      chunk = Buffer.from(chunk, encoding)
-      encoding = undefined;
-      len = chunk.length
-    }
-
-    this.set('Content-Length', len);
-  }
-
-  // populate ETag
-  var etag;
-  if (generateETag && len !== undefined) {
-    if ((etag = etagFn(chunk, encoding))) {
-      this.set('ETag', etag);
-    }
-  }
-
-  // freshness
-  if (req.fresh) this.statusCode = 304;
-
-  // strip irrelevant headers
-  if (204 === this.statusCode || 304 === this.statusCode) {
-    this.removeHeader('Content-Type');
-    this.removeHeader('Content-Length');
-    this.removeHeader('Transfer-Encoding');
-    chunk = '';
-  }
-
-  // alter headers for 205
-  if (this.statusCode === 205) {
-    this.set('Content-Length', '0')
-    this.removeHeader('Transfer-Encoding')
-    chunk = ''
-  }
-
-  if (req.method === 'HEAD') {
-    // skip body for HEAD
-    this.end();
-  } else {
-    // respond
-    this.end(chunk, encoding);
-  }
-
-  return this;
-};
-
-/**
- * Send JSON response.
- *
- * Examples:
- *
- *     res.json(null);
- *     res.json({ user: 'tj' });
- *
- * @param {string|number|boolean|object} obj
- * @public
- */
-
-res.json = function json(obj) {
-  var val = obj;
-
-  // allow status / body
-  if (arguments.length === 2) {
-    // res.json(body, status) backwards compat
-    if (typeof arguments[1] === 'number') {
-      deprecate('res.json(obj, status): Use res.status(status).json(obj) instead');
-      this.statusCode = arguments[1];
-    } else {
-      deprecate('res.json(status, obj): Use res.status(status).json(obj) instead');
-      this.statusCode = arguments[0];
-      val = arguments[1];
-    }
-  }
-
-  // settings
-  var app = this.app;
-  var escape = app.get('json escape')
-  var replacer = app.get('json replacer');
-  var spaces = app.get('json spaces');
-  var body = stringify(val, replacer, spaces, escape)
-
-  // content-type
-  if (!this.get('Content-Type')) {
-    this.set('Content-Type', 'application/json');
-  }
-
-  return this.send(body);
-};
-
-/**
- * Send JSON response with JSONP callback support.
- *
- * Examples:
- *
- *     res.jsonp(null);
- *     res.jsonp({ user: 'tj' });
- *
- * @param {string|number|boolean|object} obj
- * @public
- */
-
-res.jsonp = function jsonp(obj) {
-  var val = obj;
-
-  // allow status / body
-  if (arguments.length === 2) {
-    // res.jsonp(body, status) backwards compat
-    if (typeof arguments[1] === 'number') {
-      deprecate('res.jsonp(obj, status): Use res.status(status).jsonp(obj) instead');
-      this.statusCode = arguments[1];
-    } else {
-      deprecate('res.jsonp(status, obj): Use res.status(status).jsonp(obj) instead');
-      this.statusCode = arguments[0];
-      val = arguments[1];
-    }
-  }
-
-  // settings
-  var app = this.app;
-  var escape = app.get('json escape')
-  var replacer = app.get('json replacer');
-  var spaces = app.get('json spaces');
-  var body = stringify(val, replacer, spaces, escape)
-  var callback = this.req.query[app.get('jsonp callback name')];
-
-  // content-type
-  if (!this.get('Content-Type')) {
-    this.set('X-Content-Type-Options', 'nosniff');
-    this.set('Content-Type', 'application/json');
-  }
-
-  // fixup callback
-  if (Array.isArray(callback)) {
-    callback = callback[0];
-  }
-
-  // jsonp
-  if (typeof callback === 'string' && callback.length !== 0) {
-    this.set('X-Content-Type-Options', 'nosniff');
-    this.set('Content-Type', 'text/javascript');
-
-    // restrict callback charset
-    callback = callback.replace(/[^\[\]\w$.]/g, '');
-
-    if (body === undefined) {
-      // empty argument
-      body = ''
-    } else if (typeof body === 'string') {
-      // replace chars not allowed in JavaScript that are in JSON
-      body = body
-        .replace(/\u2028/g, '\\u2028')
-        .replace(/\u2029/g, '\\u2029')
-    }
-
-    // the /**/ is a specific security mitigation for "Rosetta Flash JSONP abuse"
-    // the typeof check is just to reduce client error noise
-    body = '/**/ typeof ' + callback + ' === \'function\' && ' + callback + '(' + body + ');';
-  }
-
-  return this.send(body);
-};
-
-/**
- * Send given HTTP status code.
- *
- * Sets the response status to `statusCode` and the body of the
- * response to the standard description from node's http.STATUS_CODES
- * or the statusCode number if no description.
- *
- * Examples:
- *
- *     res.sendStatus(200);
- *
- * @param {number} statusCode
- * @public
- */
-
-res.sendStatus = function sendStatus(statusCode) {
-  var body = statuses.message[statusCode] || String(statusCode)
-
-  this.statusCode = statusCode;
-  this.type('txt');
-
-  return this.send(body);
-};
-
-/**
- * Transfer the file at the given `path`.
- *
- * Automatically sets the _Content-Type_ response header field.
- * The callback `callback(err)` is invoked when the transfer is complete
- * or when an error occurs. Be sure to check `res.headersSent`
- * if you wish to attempt responding, as the header and some data
- * may have already been transferred.
- *
- * Options:
- *
- *   - `maxAge`   defaulting to 0 (can be string converted by `ms`)
- *   - `root`     root directory for relative filenames
- *   - `headers`  object of headers to serve with file
- *   - `dotfiles` serve dotfiles, defaulting to false; can be `"allow"` to send them
- *
- * Other options are passed along to `send`.
- *
- * Examples:
- *
- *  The following example illustrates how `res.sendFile()` may
- *  be used as an alternative for the `static()` middleware for
- *  dynamic situations. The code backing `res.sendFile()` is actually
- *  the same code, so HTTP cache support etc is identical.
- *
- *     app.get('/user/:uid/photos/:file', function(req, res){
- *       var uid = req.params.uid
- *         , file = req.params.file;
- *
- *       req.user.mayViewFilesFrom(uid, function(yes){
- *         if (yes) {
- *           res.sendFile('/uploads/' + uid + '/' + file);
- *         } else {
- *           res.send(403, 'Sorry! you cant see that.');
- *         }
- *       });
- *     });
- *
- * @public
- */
-
-res.sendFile = function sendFile(path, options, callback) {
-  var done = callback;
-  var req = this.req;
-  var res = this;
-  var next = req.next;
-  var opts = options || {};
-
-  if (!path) {
-    throw new TypeError('path argument is required to res.sendFile');
-  }
-
-  if (typeof path !== 'string') {
-    throw new TypeError('path must be a string to res.sendFile')
-  }
-
-  // support function as second arg
-  if (typeof options === 'function') {
-    done = options;
-    opts = {};
-  }
-
-  if (!opts.root && !isAbsolute(path)) {
-    throw new TypeError('path must be absolute or specify root to res.sendFile');
-  }
-
-  // create file stream
-  var pathname = encodeURI(path);
-  var file = send(req, pathname, opts);
-
-  // transfer
-  sendfile(res, file, opts, function (err) {
-    if (done) return done(err);
-    if (err && err.code === 'EISDIR') return next();
-
-    // next() all but write errors
-    if (err && err.code !== 'ECONNABORTED' && err.syscall !== 'write') {
-      next(err);
-    }
-  });
-};
-
-/**
- * Transfer the file at the given `path`.
- *
- * Automatically sets the _Content-Type_ response header field.
- * The callback `callback(err)` is invoked when the transfer is complete
- * or when an error occurs. Be sure to check `res.headersSent`
- * if you wish to attempt responding, as the header and some data
- * may have already been transferred.
- *
- * Options:
- *
- *   - `maxAge`   defaulting to 0 (can be string converted by `ms`)
- *   - `root`     root directory for relative filenames
- *   - `headers`  object of headers to serve with file
- *   - `dotfiles` serve dotfiles, defaulting to false; can be `"allow"` to send them
- *
- * Other options are passed along to `send`.
- *
- * Examples:
- *
- *  The following example illustrates how `res.sendfile()` may
- *  be used as an alternative for the `static()` middleware for
- *  dynamic situations. The code backing `res.sendfile()` is actually
- *  the same code, so HTTP cache support etc is identical.
- *
- *     app.get('/user/:uid/photos/:file', function(req, res){
- *       var uid = req.params.uid
- *         , file = req.params.file;
- *
- *       req.user.mayViewFilesFrom(uid, function(yes){
- *         if (yes) {
- *           res.sendfile('/uploads/' + uid + '/' + file);
- *         } else {
- *           res.send(403, 'Sorry! you cant see that.');
- *         }
- *       });
- *     });
- *
- * @public
- */
-
-res.sendfile = function (path, options, callback) {
-  var done = callback;
-  var req = this.req;
-  var res = this;
-  var next = req.next;
-  var opts = options || {};
-
-  // support function as second arg
-  if (typeof options === 'function') {
-    done = options;
-    opts = {};
-  }
-
-  // create file stream
-  var file = send(req, path, opts);
-
-  // transfer
-  sendfile(res, file, opts, function (err) {
-    if (done) return done(err);
-    if (err && err.code === 'EISDIR') return next();
-
-    // next() all but write errors
-    if (err && err.code !== 'ECONNABORTED' && err.syscall !== 'write') {
-      next(err);
-    }
-  });
-};
-
-res.sendfile = deprecate.function(res.sendfile,
-  'res.sendfile: Use res.sendFile instead');
-
-/**
- * Transfer the file at the given `path` as an attachment.
- *
- * Optionally providing an alternate attachment `filename`,
- * and optional callback `callback(err)`. The callback is invoked
- * when the data transfer is complete, or when an error has
- * occurred. Be sure to check `res.headersSent` if you plan to respond.
- *
- * Optionally providing an `options` object to use with `res.sendFile()`.
- * This function will set the `Content-Disposition` header, overriding
- * any `Content-Disposition` header passed as header options in order
- * to set the attachment and filename.
- *
- * This method uses `res.sendFile()`.
- *
- * @public
- */
-
-res.download = function download (path, filename, options, callback) {
-  var done = callback;
-  var name = filename;
-  var opts = options || null
-
-  // support function as second or third arg
-  if (typeof filename === 'function') {
-    done = filename;
-    name = null;
-    opts = null
-  } else if (typeof options === 'function') {
-    done = options
-    opts = null
-  }
-
-  // support optional filename, where options may be in it's place
-  if (typeof filename === 'object' &&
-    (typeof options === 'function' || options === undefined)) {
-    name = null
-    opts = filename
-  }
-
-  // set Content-Disposition when file is sent
-  var headers = {
-    'Content-Disposition': contentDisposition(name || path)
-  };
-
-  // merge user-provided headers
-  if (opts && opts.headers) {
-    var keys = Object.keys(opts.headers)
-    for (var i = 0; i < keys.length; i++) {
-      var key = keys[i]
-      if (key.toLowerCase() !== 'content-disposition') {
-        headers[key] = opts.headers[key]
-      }
-    }
-  }
-
-  // merge user-provided options
-  opts = Object.create(opts)
-  opts.headers = headers
-
-  // Resolve the full path for sendFile
-  var fullPath = !opts.root
-    ? resolve(path)
-    : path
-
-  // send file
-  return this.sendFile(fullPath, opts, done)
-};
-
-/**
- * Set _Content-Type_ response header with `type` through `mime.lookup()`
- * when it does not contain "/", or set the Content-Type to `type` otherwise.
- *
- * Examples:
- *
- *     res.type('.html');
- *     res.type('html');
- *     res.type('json');
- *     res.type('application/json');
- *     res.type('png');
- *
- * @param {String} type
- * @return {ServerResponse} for chaining
- * @public
- */
-
-res.contentType =
-res.type = function contentType(type) {
-  var ct = type.indexOf('/') === -1
-    ? mime.lookup(type)
-    : type;
-
-  return this.set('Content-Type', ct);
-};
-
-/**
- * Respond to the Acceptable formats using an `obj`
- * of mime-type callbacks.
- *
- * This method uses `req.accepted`, an array of
- * acceptable types ordered by their quality values.
- * When "Accept" is not present the _first_ callback
- * is invoked, otherwise the first match is used. When
- * no match is performed the server responds with
- * 406 "Not Acceptable".
- *
- * Content-Type is set for you, however if you choose
- * you may alter this within the callback using `res.type()`
- * or `res.set('Content-Type', ...)`.
- *
- *    res.format({
- *      'text/plain': function(){
- *        res.send('hey');
- *      },
- *
- *      'text/html': function(){
- *        res.send('<p>hey</p>');
- *      },
- *
- *      'application/json': function () {
- *        res.send({ message: 'hey' });
- *      }
- *    });
- *
- * In addition to canonicalized MIME types you may
- * also use extnames mapped to these types:
- *
- *    res.format({
- *      text: function(){
- *        res.send('hey');
- *      },
- *
- *      html: function(){
- *        res.send('<p>hey</p>');
- *      },
- *
- *      json: function(){
- *        res.send({ message: 'hey' });
- *      }
- *    });
- *
- * By default Express passes an `Error`
- * with a `.status` of 406 to `next(err)`
- * if a match is not made. If you provide
- * a `.default` callback it will be invoked
- * instead.
- *
- * @param {Object} obj
- * @return {ServerResponse} for chaining
- * @public
- */
-
-res.format = function(obj){
-  var req = this.req;
-  var next = req.next;
-
-  var keys = Object.keys(obj)
-    .filter(function (v) { return v !== 'default' })
-
-  var key = keys.length > 0
-    ? req.accepts(keys)
-    : false;
-
-  this.vary("Accept");
-
-  if (key) {
-    this.set('Content-Type', normalizeType(key).value);
-    obj[key](req, this, next);
-  } else if (obj.default) {
-    obj.default(req, this, next)
-  } else {
-    next(createError(406, {
-      types: normalizeTypes(keys).map(function (o) { return o.value })
-    }))
-  }
-
-  return this;
-};
-
-/**
- * Set _Content-Disposition_ header to _attachment_ with optional `filename`.
- *
- * @param {String} filename
- * @return {ServerResponse}
- * @public
- */
-
-res.attachment = function attachment(filename) {
-  if (filename) {
-    this.type(extname(filename));
-  }
-
-  this.set('Content-Disposition', contentDisposition(filename));
-
-  return this;
-};
-
-/**
- * Append additional header `field` with value `val`.
- *
- * Example:
- *
- *    res.append('Link', ['<http://localhost/>', '<http://localhost:3000/>']);
- *    res.append('Set-Cookie', 'foo=bar; Path=/; HttpOnly');
- *    res.append('Warning', '199 Miscellaneous warning');
- *
- * @param {String} field
- * @param {String|Array} val
- * @return {ServerResponse} for chaining
- * @public
- */
-
-res.append = function append(field, val) {
-  var prev = this.get(field);
-  var value = val;
-
-  if (prev) {
-    // concat the new and prev vals
-    value = Array.isArray(prev) ? prev.concat(val)
-      : Array.isArray(val) ? [prev].concat(val)
-        : [prev, val]
-  }
-
-  return this.set(field, value);
-};
-
-/**
- * Set header `field` to `val`, or pass
- * an object of header fields.
- *
- * Examples:
- *
- *    res.set('Foo', ['bar', 'baz']);
- *    res.set('Accept', 'application/json');
- *    res.set({ Accept: 'text/plain', 'X-API-Key': 'tobi' });
- *
- * Aliased as `res.header()`.
- *
- * @param {String|Object} field
- * @param {String|Array} val
- * @return {ServerResponse} for chaining
- * @public
- */
-
-res.set =
-res.header = function header(field, val) {
-  if (arguments.length === 2) {
-    var value = Array.isArray(val)
-      ? val.map(String)
-      : String(val);
-
-    // add charset to content-type
-    if (field.toLowerCase() === 'content-type') {
-      if (Array.isArray(value)) {
-        throw new TypeError('Content-Type cannot be set to an Array');
-      }
-      if (!charsetRegExp.test(value)) {
-        var charset = mime.charsets.lookup(value.split(';')[0]);
-        if (charset) value += '; charset=' + charset.toLowerCase();
-      }
-    }
-
-    this.setHeader(field, value);
-  } else {
-    for (var key in field) {
-      this.set(key, field[key]);
-    }
-  }
-  return this;
-};
-
-/**
- * Get value for header `field`.
- *
- * @param {String} field
- * @return {String}
- * @public
- */
-
-res.get = function(field){
-  return this.getHeader(field);
-};
-
-/**
- * Clear cookie `name`.
- *
- * @param {String} name
- * @param {Object} [options]
- * @return {ServerResponse} for chaining
- * @public
- */
-
-res.clearCookie = function clearCookie(name, options) {
-  if (options) {
-    if (options.maxAge) {
-      deprecate('res.clearCookie: Passing "options.maxAge" is deprecated. In v5.0.0 of Express, this option will be ignored, as res.clearCookie will automatically set cookies to expire immediately. Please update your code to omit this option.');
-    }
-    if (options.expires) {
-      deprecate('res.clearCookie: Passing "options.expires" is deprecated. In v5.0.0 of Express, this option will be ignored, as res.clearCookie will automatically set cookies to expire immediately. Please update your code to omit this option.');
-    }
-  }
-  var opts = merge({ expires: new Date(1), path: '/' }, options);
-
-  return this.cookie(name, '', opts);
-};
-
-/**
- * Set cookie `name` to `value`, with the given `options`.
- *
- * Options:
- *
- *    - `maxAge`   max-age in milliseconds, converted to `expires`
- *    - `signed`   sign the cookie
- *    - `path`     defaults to "/"
- *
- * Examples:
- *
- *    // "Remember Me" for 15 minutes
- *    res.cookie('rememberme', '1', { expires: new Date(Date.now() + 900000), httpOnly: true });
- *
- *    // same as above
- *    res.cookie('rememberme', '1', { maxAge: 900000, httpOnly: true })
- *
- * @param {String} name
- * @param {String|Object} value
- * @param {Object} [options]
- * @return {ServerResponse} for chaining
- * @public
- */
-
-res.cookie = function (name, value, options) {
-  var opts = merge({}, options);
-  var secret = this.req.secret;
-  var signed = opts.signed;
-
-  if (signed && !secret) {
-    throw new Error('cookieParser("secret") required for signed cookies');
-  }
-
-  var val = typeof value === 'object'
-    ? 'j:' + JSON.stringify(value)
-    : String(value);
-
-  if (signed) {
-    val = 's:' + sign(val, secret);
-  }
-
-  if (opts.maxAge != null) {
-    var maxAge = opts.maxAge - 0
-
-    if (!isNaN(maxAge)) {
-      opts.expires = new Date(Date.now() + maxAge)
-      opts.maxAge = Math.floor(maxAge / 1000)
-    }
-  }
-
-  if (opts.path == null) {
-    opts.path = '/';
-  }
-
-  this.append('Set-Cookie', cookie.serialize(name, String(val), opts));
-
-  return this;
-};
-
-/**
- * Set the location header to `url`.
- *
- * The given `url` can also be "back", which redirects
- * to the _Referrer_ or _Referer_ headers or "/".
- *
- * Examples:
- *
- *    res.location('/foo/bar').;
- *    res.location('http://example.com');
- *    res.location('../login');
- *
- * @param {String} url
- * @return {ServerResponse} for chaining
- * @public
- */
-
-res.location = function location(url) {
-  var loc;
-
-  // "back" is an alias for the referrer
-  if (url === 'back') {
-    deprecate('res.location("back"): use res.location(req.get("Referrer") || "/") and refer to https://dub.sh/security-redirect for best practices');
-    loc = this.req.get('Referrer') || '/';
-  } else {
-    loc = String(url);
-  }
-
-  return this.set('Location', encodeUrl(loc));
-};
-
-/**
- * Redirect to the given `url` with optional response `status`
- * defaulting to 302.
- *
- * The resulting `url` is determined by `res.location()`, so
- * it will play nicely with mounted apps, relative paths,
- * `"back"` etc.
- *
- * Examples:
- *
- *    res.redirect('/foo/bar');
- *    res.redirect('http://example.com');
- *    res.redirect(301, 'http://example.com');
- *    res.redirect('../login'); // /blog/post/1 -> /blog/login
- *
- * @public
- */
-
-res.redirect = function redirect(url) {
-  var address = url;
-  var body;
-  var status = 302;
-
-  // allow status / url
-  if (arguments.length === 2) {
-    if (typeof arguments[0] === 'number') {
-      status = arguments[0];
-      address = arguments[1];
-    } else {
-      deprecate('res.redirect(url, status): Use res.redirect(status, url) instead');
-      status = arguments[1];
-    }
-  }
-
-  // Set location header
-  address = this.location(address).get('Location');
-
-  // Support text/{plain,html} by default
-  this.format({
-    text: function(){
-      body = statuses.message[status] + '. Redirecting to ' + address
-    },
-
-    html: function(){
-      var u = escapeHtml(address);
-      body = '<p>' + statuses.message[status] + '. Redirecting to ' + u + '</p>'
-    },
-
-    default: function(){
-      body = '';
-    }
-  });
-
-  // Respond
-  this.statusCode = status;
-  this.set('Content-Length', Buffer.byteLength(body));
-
-  if (this.req.method === 'HEAD') {
-    this.end();
-  } else {
-    this.end(body);
-  }
-};
-
-/**
- * Add `field` to Vary. If already present in the Vary set, then
- * this call is simply ignored.
- *
- * @param {Array|String} field
- * @return {ServerResponse} for chaining
- * @public
- */
-
-res.vary = function(field){
-  // checks for back-compat
-  if (!field || (Array.isArray(field) && !field.length)) {
-    deprecate('res.vary(): Provide a field name');
-    return this;
-  }
-
-  vary(this, field);
-
-  return this;
-};
-
-/**
- * Render `view` with the given `options` and optional callback `fn`.
- * When a callback function is given a response will _not_ be made
- * automatically, otherwise a response of _200_ and _text/html_ is given.
- *
- * Options:
- *
- *  - `cache`     boolean hinting to the engine it should cache
- *  - `filename`  filename of the view being rendered
- *
- * @public
- */
-
-res.render = function render(view, options, callback) {
-  var app = this.req.app;
-  var done = callback;
-  var opts = options || {};
-  var req = this.req;
-  var self = this;
-
-  // support callback function as second arg
-  if (typeof options === 'function') {
-    done = options;
-    opts = {};
-  }
-
-  // merge res.locals
-  opts._locals = self.locals;
-
-  // default callback to respond
-  done = done || function (err, str) {
-    if (err) return req.next(err);
-    self.send(str);
-  };
-
-  // render
-  app.render(view, opts, done);
-};
-
-// pipe the send file stream
-function sendfile(res, file, options, callback) {
-  var done = false;
-  var streaming;
-
-  // request aborted
-  function onaborted() {
-    if (done) return;
-    done = true;
-
-    var err = new Error('Request aborted');
-    err.code = 'ECONNABORTED';
-    callback(err);
-  }
-
-  // directory
-  function ondirectory() {
-    if (done) return;
-    done = true;
-
-    var err = new Error('EISDIR, read');
-    err.code = 'EISDIR';
-    callback(err);
-  }
-
-  // errors
-  function onerror(err) {
-    if (done) return;
-    done = true;
-    callback(err);
-  }
-
-  // ended
-  function onend() {
-    if (done) return;
-    done = true;
-    callback();
-  }
-
-  // file
-  function onfile() {
-    streaming = false;
-  }
-
-  // finished
-  function onfinish(err) {
-    if (err && err.code === 'ECONNRESET') return onaborted();
-    if (err) return onerror(err);
-    if (done) return;
-
-    setImmediate(function () {
-      if (streaming !== false && !done) {
-        onaborted();
-        return;
-      }
-
-      if (done) return;
-      done = true;
-      callback();
-    });
-  }
-
-  // streaming
-  function onstream() {
-    streaming = true;
-  }
-
-  file.on('directory', ondirectory);
-  file.on('end', onend);
-  file.on('error', onerror);
-  file.on('file', onfile);
-  file.on('stream', onstream);
-  onFinished(res, onfinish);
-
-  if (options.headers) {
-    // set headers on successful transfer
-    file.on('headers', function headers(res) {
-      var obj = options.headers;
-      var keys = Object.keys(obj);
-
-      for (var i = 0; i < keys.length; i++) {
-        var k = keys[i];
-        res.setHeader(k, obj[k]);
-      }
-    });
-  }
-
-  // pipe
-  file.pipe(res);
-}
-
-/**
- * Stringify JSON, like JSON.stringify, but v8 optimized, with the
- * ability to escape characters that can trigger HTML sniffing.
- *
- * @param {*} value
- * @param {function} replacer
- * @param {number} spaces
- * @param {boolean} escape
- * @returns {string}
- * @private
- */
-
-function stringify (value, replacer, spaces, escape) {
-  // v8 checks arguments.length for optimizing simple call
-  // https://bugs.chromium.org/p/v8/issues/detail?id=4730
-  var json = replacer || spaces
-    ? JSON.stringify(value, replacer, spaces)
-    : JSON.stringify(value);
-
-  if (escape && typeof json === 'string') {
-    json = json.replace(/[<>&]/g, function (c) {
-      switch (c.charCodeAt(0)) {
-        case 0x3c:
-          return '\\u003c'
-        case 0x3e:
-          return '\\u003e'
-        case 0x26:
-          return '\\u0026'
-        /* istanbul ignore next: unreachable default */
-        default:
-          return c
-      }
-    })
-  }
-
-  return json
-}
diff --git a/src/Servers/ExpressServer/node_modules/express/lib/router/index.js b/src/Servers/ExpressServer/node_modules/express/lib/router/index.js
deleted file mode 100644
index abb3a6f..0000000
--- a/src/Servers/ExpressServer/node_modules/express/lib/router/index.js
+++ /dev/null
@@ -1,673 +0,0 @@
-/*!
- * express
- * Copyright(c) 2009-2013 TJ Holowaychuk
- * Copyright(c) 2013 Roman Shtylman
- * Copyright(c) 2014-2015 Douglas Christopher Wilson
- * MIT Licensed
- */
-
-'use strict';
-
-/**
- * Module dependencies.
- * @private
- */
-
-var Route = require('./route');
-var Layer = require('./layer');
-var methods = require('methods');
-var mixin = require('utils-merge');
-var debug = require('debug')('express:router');
-var deprecate = require('depd')('express');
-var flatten = require('array-flatten');
-var parseUrl = require('parseurl');
-var setPrototypeOf = require('setprototypeof')
-
-/**
- * Module variables.
- * @private
- */
-
-var objectRegExp = /^\[object (\S+)\]$/;
-var slice = Array.prototype.slice;
-var toString = Object.prototype.toString;
-
-/**
- * Initialize a new `Router` with the given `options`.
- *
- * @param {Object} [options]
- * @return {Router} which is a callable function
- * @public
- */
-
-var proto = module.exports = function(options) {
-  var opts = options || {};
-
-  function router(req, res, next) {
-    router.handle(req, res, next);
-  }
-
-  // mixin Router class functions
-  setPrototypeOf(router, proto)
-
-  router.params = {};
-  router._params = [];
-  router.caseSensitive = opts.caseSensitive;
-  router.mergeParams = opts.mergeParams;
-  router.strict = opts.strict;
-  router.stack = [];
-
-  return router;
-};
-
-/**
- * Map the given param placeholder `name`(s) to the given callback.
- *
- * Parameter mapping is used to provide pre-conditions to routes
- * which use normalized placeholders. For example a _:user_id_ parameter
- * could automatically load a user's information from the database without
- * any additional code,
- *
- * The callback uses the same signature as middleware, the only difference
- * being that the value of the placeholder is passed, in this case the _id_
- * of the user. Once the `next()` function is invoked, just like middleware
- * it will continue on to execute the route, or subsequent parameter functions.
- *
- * Just like in middleware, you must either respond to the request or call next
- * to avoid stalling the request.
- *
- *  app.param('user_id', function(req, res, next, id){
- *    User.find(id, function(err, user){
- *      if (err) {
- *        return next(err);
- *      } else if (!user) {
- *        return next(new Error('failed to load user'));
- *      }
- *      req.user = user;
- *      next();
- *    });
- *  });
- *
- * @param {String} name
- * @param {Function} fn
- * @return {app} for chaining
- * @public
- */
-
-proto.param = function param(name, fn) {
-  // param logic
-  if (typeof name === 'function') {
-    deprecate('router.param(fn): Refactor to use path params');
-    this._params.push(name);
-    return;
-  }
-
-  // apply param functions
-  var params = this._params;
-  var len = params.length;
-  var ret;
-
-  if (name[0] === ':') {
-    deprecate('router.param(' + JSON.stringify(name) + ', fn): Use router.param(' + JSON.stringify(name.slice(1)) + ', fn) instead')
-    name = name.slice(1)
-  }
-
-  for (var i = 0; i < len; ++i) {
-    if (ret = params[i](name, fn)) {
-      fn = ret;
-    }
-  }
-
-  // ensure we end up with a
-  // middleware function
-  if ('function' !== typeof fn) {
-    throw new Error('invalid param() call for ' + name + ', got ' + fn);
-  }
-
-  (this.params[name] = this.params[name] || []).push(fn);
-  return this;
-};
-
-/**
- * Dispatch a req, res into the router.
- * @private
- */
-
-proto.handle = function handle(req, res, out) {
-  var self = this;
-
-  debug('dispatching %s %s', req.method, req.url);
-
-  var idx = 0;
-  var protohost = getProtohost(req.url) || ''
-  var removed = '';
-  var slashAdded = false;
-  var sync = 0
-  var paramcalled = {};
-
-  // store options for OPTIONS request
-  // only used if OPTIONS request
-  var options = [];
-
-  // middleware and routes
-  var stack = self.stack;
-
-  // manage inter-router variables
-  var parentParams = req.params;
-  var parentUrl = req.baseUrl || '';
-  var done = restore(out, req, 'baseUrl', 'next', 'params');
-
-  // setup next layer
-  req.next = next;
-
-  // for options requests, respond with a default if nothing else responds
-  if (req.method === 'OPTIONS') {
-    done = wrap(done, function(old, err) {
-      if (err || options.length === 0) return old(err);
-      sendOptionsResponse(res, options, old);
-    });
-  }
-
-  // setup basic req values
-  req.baseUrl = parentUrl;
-  req.originalUrl = req.originalUrl || req.url;
-
-  next();
-
-  function next(err) {
-    var layerError = err === 'route'
-      ? null
-      : err;
-
-    // remove added slash
-    if (slashAdded) {
-      req.url = req.url.slice(1)
-      slashAdded = false;
-    }
-
-    // restore altered req.url
-    if (removed.length !== 0) {
-      req.baseUrl = parentUrl;
-      req.url = protohost + removed + req.url.slice(protohost.length)
-      removed = '';
-    }
-
-    // signal to exit router
-    if (layerError === 'router') {
-      setImmediate(done, null)
-      return
-    }
-
-    // no more matching layers
-    if (idx >= stack.length) {
-      setImmediate(done, layerError);
-      return;
-    }
-
-    // max sync stack
-    if (++sync > 100) {
-      return setImmediate(next, err)
-    }
-
-    // get pathname of request
-    var path = getPathname(req);
-
-    if (path == null) {
-      return done(layerError);
-    }
-
-    // find next matching layer
-    var layer;
-    var match;
-    var route;
-
-    while (match !== true && idx < stack.length) {
-      layer = stack[idx++];
-      match = matchLayer(layer, path);
-      route = layer.route;
-
-      if (typeof match !== 'boolean') {
-        // hold on to layerError
-        layerError = layerError || match;
-      }
-
-      if (match !== true) {
-        continue;
-      }
-
-      if (!route) {
-        // process non-route handlers normally
-        continue;
-      }
-
-      if (layerError) {
-        // routes do not match with a pending error
-        match = false;
-        continue;
-      }
-
-      var method = req.method;
-      var has_method = route._handles_method(method);
-
-      // build up automatic options response
-      if (!has_method && method === 'OPTIONS') {
-        appendMethods(options, route._options());
-      }
-
-      // don't even bother matching route
-      if (!has_method && method !== 'HEAD') {
-        match = false;
-      }
-    }
-
-    // no match
-    if (match !== true) {
-      return done(layerError);
-    }
-
-    // store route for dispatch on change
-    if (route) {
-      req.route = route;
-    }
-
-    // Capture one-time layer values
-    req.params = self.mergeParams
-      ? mergeParams(layer.params, parentParams)
-      : layer.params;
-    var layerPath = layer.path;
-
-    // this should be done for the layer
-    self.process_params(layer, paramcalled, req, res, function (err) {
-      if (err) {
-        next(layerError || err)
-      } else if (route) {
-        layer.handle_request(req, res, next)
-      } else {
-        trim_prefix(layer, layerError, layerPath, path)
-      }
-
-      sync = 0
-    });
-  }
-
-  function trim_prefix(layer, layerError, layerPath, path) {
-    if (layerPath.length !== 0) {
-      // Validate path is a prefix match
-      if (layerPath !== path.slice(0, layerPath.length)) {
-        next(layerError)
-        return
-      }
-
-      // Validate path breaks on a path separator
-      var c = path[layerPath.length]
-      if (c && c !== '/' && c !== '.') return next(layerError)
-
-      // Trim off the part of the url that matches the route
-      // middleware (.use stuff) needs to have the path stripped
-      debug('trim prefix (%s) from url %s', layerPath, req.url);
-      removed = layerPath;
-      req.url = protohost + req.url.slice(protohost.length + removed.length)
-
-      // Ensure leading slash
-      if (!protohost && req.url[0] !== '/') {
-        req.url = '/' + req.url;
-        slashAdded = true;
-      }
-
-      // Setup base URL (no trailing slash)
-      req.baseUrl = parentUrl + (removed[removed.length - 1] === '/'
-        ? removed.substring(0, removed.length - 1)
-        : removed);
-    }
-
-    debug('%s %s : %s', layer.name, layerPath, req.originalUrl);
-
-    if (layerError) {
-      layer.handle_error(layerError, req, res, next);
-    } else {
-      layer.handle_request(req, res, next);
-    }
-  }
-};
-
-/**
- * Process any parameters for the layer.
- * @private
- */
-
-proto.process_params = function process_params(layer, called, req, res, done) {
-  var params = this.params;
-
-  // captured parameters from the layer, keys and values
-  var keys = layer.keys;
-
-  // fast track
-  if (!keys || keys.length === 0) {
-    return done();
-  }
-
-  var i = 0;
-  var name;
-  var paramIndex = 0;
-  var key;
-  var paramVal;
-  var paramCallbacks;
-  var paramCalled;
-
-  // process params in order
-  // param callbacks can be async
-  function param(err) {
-    if (err) {
-      return done(err);
-    }
-
-    if (i >= keys.length ) {
-      return done();
-    }
-
-    paramIndex = 0;
-    key = keys[i++];
-    name = key.name;
-    paramVal = req.params[name];
-    paramCallbacks = params[name];
-    paramCalled = called[name];
-
-    if (paramVal === undefined || !paramCallbacks) {
-      return param();
-    }
-
-    // param previously called with same value or error occurred
-    if (paramCalled && (paramCalled.match === paramVal
-      || (paramCalled.error && paramCalled.error !== 'route'))) {
-      // restore value
-      req.params[name] = paramCalled.value;
-
-      // next param
-      return param(paramCalled.error);
-    }
-
-    called[name] = paramCalled = {
-      error: null,
-      match: paramVal,
-      value: paramVal
-    };
-
-    paramCallback();
-  }
-
-  // single param callbacks
-  function paramCallback(err) {
-    var fn = paramCallbacks[paramIndex++];
-
-    // store updated value
-    paramCalled.value = req.params[key.name];
-
-    if (err) {
-      // store error
-      paramCalled.error = err;
-      param(err);
-      return;
-    }
-
-    if (!fn) return param();
-
-    try {
-      fn(req, res, paramCallback, paramVal, key.name);
-    } catch (e) {
-      paramCallback(e);
-    }
-  }
-
-  param();
-};
-
-/**
- * Use the given middleware function, with optional path, defaulting to "/".
- *
- * Use (like `.all`) will run for any http METHOD, but it will not add
- * handlers for those methods so OPTIONS requests will not consider `.use`
- * functions even if they could respond.
- *
- * The other difference is that _route_ path is stripped and not visible
- * to the handler function. The main effect of this feature is that mounted
- * handlers can operate without any code changes regardless of the "prefix"
- * pathname.
- *
- * @public
- */
-
-proto.use = function use(fn) {
-  var offset = 0;
-  var path = '/';
-
-  // default path to '/'
-  // disambiguate router.use([fn])
-  if (typeof fn !== 'function') {
-    var arg = fn;
-
-    while (Array.isArray(arg) && arg.length !== 0) {
-      arg = arg[0];
-    }
-
-    // first arg is the path
-    if (typeof arg !== 'function') {
-      offset = 1;
-      path = fn;
-    }
-  }
-
-  var callbacks = flatten(slice.call(arguments, offset));
-
-  if (callbacks.length === 0) {
-    throw new TypeError('Router.use() requires a middleware function')
-  }
-
-  for (var i = 0; i < callbacks.length; i++) {
-    var fn = callbacks[i];
-
-    if (typeof fn !== 'function') {
-      throw new TypeError('Router.use() requires a middleware function but got a ' + gettype(fn))
-    }
-
-    // add the middleware
-    debug('use %o %s', path, fn.name || '<anonymous>')
-
-    var layer = new Layer(path, {
-      sensitive: this.caseSensitive,
-      strict: false,
-      end: false
-    }, fn);
-
-    layer.route = undefined;
-
-    this.stack.push(layer);
-  }
-
-  return this;
-};
-
-/**
- * Create a new Route for the given path.
- *
- * Each route contains a separate middleware stack and VERB handlers.
- *
- * See the Route api documentation for details on adding handlers
- * and middleware to routes.
- *
- * @param {String} path
- * @return {Route}
- * @public
- */
-
-proto.route = function route(path) {
-  var route = new Route(path);
-
-  var layer = new Layer(path, {
-    sensitive: this.caseSensitive,
-    strict: this.strict,
-    end: true
-  }, route.dispatch.bind(route));
-
-  layer.route = route;
-
-  this.stack.push(layer);
-  return route;
-};
-
-// create Router#VERB functions
-methods.concat('all').forEach(function(method){
-  proto[method] = function(path){
-    var route = this.route(path)
-    route[method].apply(route, slice.call(arguments, 1));
-    return this;
-  };
-});
-
-// append methods to a list of methods
-function appendMethods(list, addition) {
-  for (var i = 0; i < addition.length; i++) {
-    var method = addition[i];
-    if (list.indexOf(method) === -1) {
-      list.push(method);
-    }
-  }
-}
-
-// get pathname of request
-function getPathname(req) {
-  try {
-    return parseUrl(req).pathname;
-  } catch (err) {
-    return undefined;
-  }
-}
-
-// Get get protocol + host for a URL
-function getProtohost(url) {
-  if (typeof url !== 'string' || url.length === 0 || url[0] === '/') {
-    return undefined
-  }
-
-  var searchIndex = url.indexOf('?')
-  var pathLength = searchIndex !== -1
-    ? searchIndex
-    : url.length
-  var fqdnIndex = url.slice(0, pathLength).indexOf('://')
-
-  return fqdnIndex !== -1
-    ? url.substring(0, url.indexOf('/', 3 + fqdnIndex))
-    : undefined
-}
-
-// get type for error message
-function gettype(obj) {
-  var type = typeof obj;
-
-  if (type !== 'object') {
-    return type;
-  }
-
-  // inspect [[Class]] for objects
-  return toString.call(obj)
-    .replace(objectRegExp, '$1');
-}
-
-/**
- * Match path to a layer.
- *
- * @param {Layer} layer
- * @param {string} path
- * @private
- */
-
-function matchLayer(layer, path) {
-  try {
-    return layer.match(path);
-  } catch (err) {
-    return err;
-  }
-}
-
-// merge params with parent params
-function mergeParams(params, parent) {
-  if (typeof parent !== 'object' || !parent) {
-    return params;
-  }
-
-  // make copy of parent for base
-  var obj = mixin({}, parent);
-
-  // simple non-numeric merging
-  if (!(0 in params) || !(0 in parent)) {
-    return mixin(obj, params);
-  }
-
-  var i = 0;
-  var o = 0;
-
-  // determine numeric gaps
-  while (i in params) {
-    i++;
-  }
-
-  while (o in parent) {
-    o++;
-  }
-
-  // offset numeric indices in params before merge
-  for (i--; i >= 0; i--) {
-    params[i + o] = params[i];
-
-    // create holes for the merge when necessary
-    if (i < o) {
-      delete params[i];
-    }
-  }
-
-  return mixin(obj, params);
-}
-
-// restore obj props after function
-function restore(fn, obj) {
-  var props = new Array(arguments.length - 2);
-  var vals = new Array(arguments.length - 2);
-
-  for (var i = 0; i < props.length; i++) {
-    props[i] = arguments[i + 2];
-    vals[i] = obj[props[i]];
-  }
-
-  return function () {
-    // restore vals
-    for (var i = 0; i < props.length; i++) {
-      obj[props[i]] = vals[i];
-    }
-
-    return fn.apply(this, arguments);
-  };
-}
-
-// send an OPTIONS response
-function sendOptionsResponse(res, options, next) {
-  try {
-    var body = options.join(',');
-    res.set('Allow', body);
-    res.send(body);
-  } catch (err) {
-    next(err);
-  }
-}
-
-// wrap a function
-function wrap(old, fn) {
-  return function proxy() {
-    var args = new Array(arguments.length + 1);
-
-    args[0] = old;
-    for (var i = 0, len = arguments.length; i < len; i++) {
-      args[i + 1] = arguments[i];
-    }
-
-    fn.apply(this, args);
-  };
-}
diff --git a/src/Servers/ExpressServer/node_modules/express/lib/router/layer.js b/src/Servers/ExpressServer/node_modules/express/lib/router/layer.js
deleted file mode 100644
index 4dc8e86..0000000
--- a/src/Servers/ExpressServer/node_modules/express/lib/router/layer.js
+++ /dev/null
@@ -1,181 +0,0 @@
-/*!
- * express
- * Copyright(c) 2009-2013 TJ Holowaychuk
- * Copyright(c) 2013 Roman Shtylman
- * Copyright(c) 2014-2015 Douglas Christopher Wilson
- * MIT Licensed
- */
-
-'use strict';
-
-/**
- * Module dependencies.
- * @private
- */
-
-var pathRegexp = require('path-to-regexp');
-var debug = require('debug')('express:router:layer');
-
-/**
- * Module variables.
- * @private
- */
-
-var hasOwnProperty = Object.prototype.hasOwnProperty;
-
-/**
- * Module exports.
- * @public
- */
-
-module.exports = Layer;
-
-function Layer(path, options, fn) {
-  if (!(this instanceof Layer)) {
-    return new Layer(path, options, fn);
-  }
-
-  debug('new %o', path)
-  var opts = options || {};
-
-  this.handle = fn;
-  this.name = fn.name || '<anonymous>';
-  this.params = undefined;
-  this.path = undefined;
-  this.regexp = pathRegexp(path, this.keys = [], opts);
-
-  // set fast path flags
-  this.regexp.fast_star = path === '*'
-  this.regexp.fast_slash = path === '/' && opts.end === false
-}
-
-/**
- * Handle the error for the layer.
- *
- * @param {Error} error
- * @param {Request} req
- * @param {Response} res
- * @param {function} next
- * @api private
- */
-
-Layer.prototype.handle_error = function handle_error(error, req, res, next) {
-  var fn = this.handle;
-
-  if (fn.length !== 4) {
-    // not a standard error handler
-    return next(error);
-  }
-
-  try {
-    fn(error, req, res, next);
-  } catch (err) {
-    next(err);
-  }
-};
-
-/**
- * Handle the request for the layer.
- *
- * @param {Request} req
- * @param {Response} res
- * @param {function} next
- * @api private
- */
-
-Layer.prototype.handle_request = function handle(req, res, next) {
-  var fn = this.handle;
-
-  if (fn.length > 3) {
-    // not a standard request handler
-    return next();
-  }
-
-  try {
-    fn(req, res, next);
-  } catch (err) {
-    next(err);
-  }
-};
-
-/**
- * Check if this route matches `path`, if so
- * populate `.params`.
- *
- * @param {String} path
- * @return {Boolean}
- * @api private
- */
-
-Layer.prototype.match = function match(path) {
-  var match
-
-  if (path != null) {
-    // fast path non-ending match for / (any path matches)
-    if (this.regexp.fast_slash) {
-      this.params = {}
-      this.path = ''
-      return true
-    }
-
-    // fast path for * (everything matched in a param)
-    if (this.regexp.fast_star) {
-      this.params = {'0': decode_param(path)}
-      this.path = path
-      return true
-    }
-
-    // match the path
-    match = this.regexp.exec(path)
-  }
-
-  if (!match) {
-    this.params = undefined;
-    this.path = undefined;
-    return false;
-  }
-
-  // store values
-  this.params = {};
-  this.path = match[0]
-
-  var keys = this.keys;
-  var params = this.params;
-
-  for (var i = 1; i < match.length; i++) {
-    var key = keys[i - 1];
-    var prop = key.name;
-    var val = decode_param(match[i])
-
-    if (val !== undefined || !(hasOwnProperty.call(params, prop))) {
-      params[prop] = val;
-    }
-  }
-
-  return true;
-};
-
-/**
- * Decode param value.
- *
- * @param {string} val
- * @return {string}
- * @private
- */
-
-function decode_param(val) {
-  if (typeof val !== 'string' || val.length === 0) {
-    return val;
-  }
-
-  try {
-    return decodeURIComponent(val);
-  } catch (err) {
-    if (err instanceof URIError) {
-      err.message = 'Failed to decode param \'' + val + '\'';
-      err.status = err.statusCode = 400;
-    }
-
-    throw err;
-  }
-}
diff --git a/src/Servers/ExpressServer/node_modules/express/lib/router/route.js b/src/Servers/ExpressServer/node_modules/express/lib/router/route.js
deleted file mode 100644
index a65756d..0000000
--- a/src/Servers/ExpressServer/node_modules/express/lib/router/route.js
+++ /dev/null
@@ -1,230 +0,0 @@
-/*!
- * express
- * Copyright(c) 2009-2013 TJ Holowaychuk
- * Copyright(c) 2013 Roman Shtylman
- * Copyright(c) 2014-2015 Douglas Christopher Wilson
- * MIT Licensed
- */
-
-'use strict';
-
-/**
- * Module dependencies.
- * @private
- */
-
-var debug = require('debug')('express:router:route');
-var flatten = require('array-flatten');
-var Layer = require('./layer');
-var methods = require('methods');
-
-/**
- * Module variables.
- * @private
- */
-
-var slice = Array.prototype.slice;
-var toString = Object.prototype.toString;
-
-/**
- * Module exports.
- * @public
- */
-
-module.exports = Route;
-
-/**
- * Initialize `Route` with the given `path`,
- *
- * @param {String} path
- * @public
- */
-
-function Route(path) {
-  this.path = path;
-  this.stack = [];
-
-  debug('new %o', path)
-
-  // route handlers for various http methods
-  this.methods = {};
-}
-
-/**
- * Determine if the route handles a given method.
- * @private
- */
-
-Route.prototype._handles_method = function _handles_method(method) {
-  if (this.methods._all) {
-    return true;
-  }
-
-  // normalize name
-  var name = typeof method === 'string'
-    ? method.toLowerCase()
-    : method
-
-  if (name === 'head' && !this.methods['head']) {
-    name = 'get';
-  }
-
-  return Boolean(this.methods[name]);
-};
-
-/**
- * @return {Array} supported HTTP methods
- * @private
- */
-
-Route.prototype._options = function _options() {
-  var methods = Object.keys(this.methods);
-
-  // append automatic head
-  if (this.methods.get && !this.methods.head) {
-    methods.push('head');
-  }
-
-  for (var i = 0; i < methods.length; i++) {
-    // make upper case
-    methods[i] = methods[i].toUpperCase();
-  }
-
-  return methods;
-};
-
-/**
- * dispatch req, res into this route
- * @private
- */
-
-Route.prototype.dispatch = function dispatch(req, res, done) {
-  var idx = 0;
-  var stack = this.stack;
-  var sync = 0
-
-  if (stack.length === 0) {
-    return done();
-  }
-  var method = typeof req.method === 'string'
-    ? req.method.toLowerCase()
-    : req.method
-
-  if (method === 'head' && !this.methods['head']) {
-    method = 'get';
-  }
-
-  req.route = this;
-
-  next();
-
-  function next(err) {
-    // signal to exit route
-    if (err && err === 'route') {
-      return done();
-    }
-
-    // signal to exit router
-    if (err && err === 'router') {
-      return done(err)
-    }
-
-    // max sync stack
-    if (++sync > 100) {
-      return setImmediate(next, err)
-    }
-
-    var layer = stack[idx++]
-
-    // end of layers
-    if (!layer) {
-      return done(err)
-    }
-
-    if (layer.method && layer.method !== method) {
-      next(err)
-    } else if (err) {
-      layer.handle_error(err, req, res, next);
-    } else {
-      layer.handle_request(req, res, next);
-    }
-
-    sync = 0
-  }
-};
-
-/**
- * Add a handler for all HTTP verbs to this route.
- *
- * Behaves just like middleware and can respond or call `next`
- * to continue processing.
- *
- * You can use multiple `.all` call to add multiple handlers.
- *
- *   function check_something(req, res, next){
- *     next();
- *   };
- *
- *   function validate_user(req, res, next){
- *     next();
- *   };
- *
- *   route
- *   .all(validate_user)
- *   .all(check_something)
- *   .get(function(req, res, next){
- *     res.send('hello world');
- *   });
- *
- * @param {function} handler
- * @return {Route} for chaining
- * @api public
- */
-
-Route.prototype.all = function all() {
-  var handles = flatten(slice.call(arguments));
-
-  for (var i = 0; i < handles.length; i++) {
-    var handle = handles[i];
-
-    if (typeof handle !== 'function') {
-      var type = toString.call(handle);
-      var msg = 'Route.all() requires a callback function but got a ' + type
-      throw new TypeError(msg);
-    }
-
-    var layer = Layer('/', {}, handle);
-    layer.method = undefined;
-
-    this.methods._all = true;
-    this.stack.push(layer);
-  }
-
-  return this;
-};
-
-methods.forEach(function(method){
-  Route.prototype[method] = function(){
-    var handles = flatten(slice.call(arguments));
-
-    for (var i = 0; i < handles.length; i++) {
-      var handle = handles[i];
-
-      if (typeof handle !== 'function') {
-        var type = toString.call(handle);
-        var msg = 'Route.' + method + '() requires a callback function but got a ' + type
-        throw new Error(msg);
-      }
-
-      debug('%s %o', method, this.path)
-
-      var layer = Layer('/', {}, handle);
-      layer.method = method;
-
-      this.methods[method] = true;
-      this.stack.push(layer);
-    }
-
-    return this;
-  };
-});
diff --git a/src/Servers/ExpressServer/node_modules/express/lib/utils.js b/src/Servers/ExpressServer/node_modules/express/lib/utils.js
deleted file mode 100644
index 56e12b9..0000000
--- a/src/Servers/ExpressServer/node_modules/express/lib/utils.js
+++ /dev/null
@@ -1,303 +0,0 @@
-/*!
- * express
- * Copyright(c) 2009-2013 TJ Holowaychuk
- * Copyright(c) 2014-2015 Douglas Christopher Wilson
- * MIT Licensed
- */
-
-'use strict';
-
-/**
- * Module dependencies.
- * @api private
- */
-
-var Buffer = require('safe-buffer').Buffer
-var contentDisposition = require('content-disposition');
-var contentType = require('content-type');
-var deprecate = require('depd')('express');
-var flatten = require('array-flatten');
-var mime = require('send').mime;
-var etag = require('etag');
-var proxyaddr = require('proxy-addr');
-var qs = require('qs');
-var querystring = require('querystring');
-
-/**
- * Return strong ETag for `body`.
- *
- * @param {String|Buffer} body
- * @param {String} [encoding]
- * @return {String}
- * @api private
- */
-
-exports.etag = createETagGenerator({ weak: false })
-
-/**
- * Return weak ETag for `body`.
- *
- * @param {String|Buffer} body
- * @param {String} [encoding]
- * @return {String}
- * @api private
- */
-
-exports.wetag = createETagGenerator({ weak: true })
-
-/**
- * Check if `path` looks absolute.
- *
- * @param {String} path
- * @return {Boolean}
- * @api private
- */
-
-exports.isAbsolute = function(path){
-  if ('/' === path[0]) return true;
-  if (':' === path[1] && ('\\' === path[2] || '/' === path[2])) return true; // Windows device path
-  if ('\\\\' === path.substring(0, 2)) return true; // Microsoft Azure absolute path
-};
-
-/**
- * Flatten the given `arr`.
- *
- * @param {Array} arr
- * @return {Array}
- * @api private
- */
-
-exports.flatten = deprecate.function(flatten,
-  'utils.flatten: use array-flatten npm module instead');
-
-/**
- * Normalize the given `type`, for example "html" becomes "text/html".
- *
- * @param {String} type
- * @return {Object}
- * @api private
- */
-
-exports.normalizeType = function(type){
-  return ~type.indexOf('/')
-    ? acceptParams(type)
-    : { value: mime.lookup(type), params: {} };
-};
-
-/**
- * Normalize `types`, for example "html" becomes "text/html".
- *
- * @param {Array} types
- * @return {Array}
- * @api private
- */
-
-exports.normalizeTypes = function(types){
-  var ret = [];
-
-  for (var i = 0; i < types.length; ++i) {
-    ret.push(exports.normalizeType(types[i]));
-  }
-
-  return ret;
-};
-
-/**
- * Generate Content-Disposition header appropriate for the filename.
- * non-ascii filenames are urlencoded and a filename* parameter is added
- *
- * @param {String} filename
- * @return {String}
- * @api private
- */
-
-exports.contentDisposition = deprecate.function(contentDisposition,
-  'utils.contentDisposition: use content-disposition npm module instead');
-
-/**
- * Parse accept params `str` returning an
- * object with `.value`, `.quality` and `.params`.
- *
- * @param {String} str
- * @return {Object}
- * @api private
- */
-
-function acceptParams (str) {
-  var parts = str.split(/ *; */);
-  var ret = { value: parts[0], quality: 1, params: {} }
-
-  for (var i = 1; i < parts.length; ++i) {
-    var pms = parts[i].split(/ *= */);
-    if ('q' === pms[0]) {
-      ret.quality = parseFloat(pms[1]);
-    } else {
-      ret.params[pms[0]] = pms[1];
-    }
-  }
-
-  return ret;
-}
-
-/**
- * Compile "etag" value to function.
- *
- * @param  {Boolean|String|Function} val
- * @return {Function}
- * @api private
- */
-
-exports.compileETag = function(val) {
-  var fn;
-
-  if (typeof val === 'function') {
-    return val;
-  }
-
-  switch (val) {
-    case true:
-    case 'weak':
-      fn = exports.wetag;
-      break;
-    case false:
-      break;
-    case 'strong':
-      fn = exports.etag;
-      break;
-    default:
-      throw new TypeError('unknown value for etag function: ' + val);
-  }
-
-  return fn;
-}
-
-/**
- * Compile "query parser" value to function.
- *
- * @param  {String|Function} val
- * @return {Function}
- * @api private
- */
-
-exports.compileQueryParser = function compileQueryParser(val) {
-  var fn;
-
-  if (typeof val === 'function') {
-    return val;
-  }
-
-  switch (val) {
-    case true:
-    case 'simple':
-      fn = querystring.parse;
-      break;
-    case false:
-      fn = newObject;
-      break;
-    case 'extended':
-      fn = parseExtendedQueryString;
-      break;
-    default:
-      throw new TypeError('unknown value for query parser function: ' + val);
-  }
-
-  return fn;
-}
-
-/**
- * Compile "proxy trust" value to function.
- *
- * @param  {Boolean|String|Number|Array|Function} val
- * @return {Function}
- * @api private
- */
-
-exports.compileTrust = function(val) {
-  if (typeof val === 'function') return val;
-
-  if (val === true) {
-    // Support plain true/false
-    return function(){ return true };
-  }
-
-  if (typeof val === 'number') {
-    // Support trusting hop count
-    return function(a, i){ return i < val };
-  }
-
-  if (typeof val === 'string') {
-    // Support comma-separated values
-    val = val.split(',')
-      .map(function (v) { return v.trim() })
-  }
-
-  return proxyaddr.compile(val || []);
-}
-
-/**
- * Set the charset in a given Content-Type string.
- *
- * @param {String} type
- * @param {String} charset
- * @return {String}
- * @api private
- */
-
-exports.setCharset = function setCharset(type, charset) {
-  if (!type || !charset) {
-    return type;
-  }
-
-  // parse type
-  var parsed = contentType.parse(type);
-
-  // set charset
-  parsed.parameters.charset = charset;
-
-  // format type
-  return contentType.format(parsed);
-};
-
-/**
- * Create an ETag generator function, generating ETags with
- * the given options.
- *
- * @param {object} options
- * @return {function}
- * @private
- */
-
-function createETagGenerator (options) {
-  return function generateETag (body, encoding) {
-    var buf = !Buffer.isBuffer(body)
-      ? Buffer.from(body, encoding)
-      : body
-
-    return etag(buf, options)
-  }
-}
-
-/**
- * Parse an extended query string with qs.
- *
- * @param {String} str
- * @return {Object}
- * @private
- */
-
-function parseExtendedQueryString(str) {
-  return qs.parse(str, {
-    allowPrototypes: true
-  });
-}
-
-/**
- * Return new empty object.
- *
- * @return {Object}
- * @api private
- */
-
-function newObject() {
-  return {};
-}
diff --git a/src/Servers/ExpressServer/node_modules/express/lib/view.js b/src/Servers/ExpressServer/node_modules/express/lib/view.js
deleted file mode 100644
index c08ab4d..0000000
--- a/src/Servers/ExpressServer/node_modules/express/lib/view.js
+++ /dev/null
@@ -1,182 +0,0 @@
-/*!
- * express
- * Copyright(c) 2009-2013 TJ Holowaychuk
- * Copyright(c) 2013 Roman Shtylman
- * Copyright(c) 2014-2015 Douglas Christopher Wilson
- * MIT Licensed
- */
-
-'use strict';
-
-/**
- * Module dependencies.
- * @private
- */
-
-var debug = require('debug')('express:view');
-var path = require('path');
-var fs = require('fs');
-
-/**
- * Module variables.
- * @private
- */
-
-var dirname = path.dirname;
-var basename = path.basename;
-var extname = path.extname;
-var join = path.join;
-var resolve = path.resolve;
-
-/**
- * Module exports.
- * @public
- */
-
-module.exports = View;
-
-/**
- * Initialize a new `View` with the given `name`.
- *
- * Options:
- *
- *   - `defaultEngine` the default template engine name
- *   - `engines` template engine require() cache
- *   - `root` root path for view lookup
- *
- * @param {string} name
- * @param {object} options
- * @public
- */
-
-function View(name, options) {
-  var opts = options || {};
-
-  this.defaultEngine = opts.defaultEngine;
-  this.ext = extname(name);
-  this.name = name;
-  this.root = opts.root;
-
-  if (!this.ext && !this.defaultEngine) {
-    throw new Error('No default engine was specified and no extension was provided.');
-  }
-
-  var fileName = name;
-
-  if (!this.ext) {
-    // get extension from default engine name
-    this.ext = this.defaultEngine[0] !== '.'
-      ? '.' + this.defaultEngine
-      : this.defaultEngine;
-
-    fileName += this.ext;
-  }
-
-  if (!opts.engines[this.ext]) {
-    // load engine
-    var mod = this.ext.slice(1)
-    debug('require "%s"', mod)
-
-    // default engine export
-    var fn = require(mod).__express
-
-    if (typeof fn !== 'function') {
-      throw new Error('Module "' + mod + '" does not provide a view engine.')
-    }
-
-    opts.engines[this.ext] = fn
-  }
-
-  // store loaded engine
-  this.engine = opts.engines[this.ext];
-
-  // lookup path
-  this.path = this.lookup(fileName);
-}
-
-/**
- * Lookup view by the given `name`
- *
- * @param {string} name
- * @private
- */
-
-View.prototype.lookup = function lookup(name) {
-  var path;
-  var roots = [].concat(this.root);
-
-  debug('lookup "%s"', name);
-
-  for (var i = 0; i < roots.length && !path; i++) {
-    var root = roots[i];
-
-    // resolve the path
-    var loc = resolve(root, name);
-    var dir = dirname(loc);
-    var file = basename(loc);
-
-    // resolve the file
-    path = this.resolve(dir, file);
-  }
-
-  return path;
-};
-
-/**
- * Render with the given options.
- *
- * @param {object} options
- * @param {function} callback
- * @private
- */
-
-View.prototype.render = function render(options, callback) {
-  debug('render "%s"', this.path);
-  this.engine(this.path, options, callback);
-};
-
-/**
- * Resolve the file within the given directory.
- *
- * @param {string} dir
- * @param {string} file
- * @private
- */
-
-View.prototype.resolve = function resolve(dir, file) {
-  var ext = this.ext;
-
-  // <path>.<ext>
-  var path = join(dir, file);
-  var stat = tryStat(path);
-
-  if (stat && stat.isFile()) {
-    return path;
-  }
-
-  // <path>/index.<ext>
-  path = join(dir, basename(file, ext), 'index' + ext);
-  stat = tryStat(path);
-
-  if (stat && stat.isFile()) {
-    return path;
-  }
-};
-
-/**
- * Return a stat, maybe.
- *
- * @param {string} path
- * @return {fs.Stats}
- * @private
- */
-
-function tryStat(path) {
-  debug('stat "%s"', path);
-
-  try {
-    return fs.statSync(path);
-  } catch (e) {
-    return undefined;
-  }
-}
diff --git a/src/Servers/ExpressServer/node_modules/express/package.json b/src/Servers/ExpressServer/node_modules/express/package.json
deleted file mode 100644
index 4322f1a..0000000
--- a/src/Servers/ExpressServer/node_modules/express/package.json
+++ /dev/null
@@ -1,102 +0,0 @@
-{
-  "name": "express",
-  "description": "Fast, unopinionated, minimalist web framework",
-  "version": "4.22.1",
-  "author": "TJ Holowaychuk <tj@vision-media.ca>",
-  "contributors": [
-    "Aaron Heckmann <aaron.heckmann+github@gmail.com>",
-    "Ciaran Jessup <ciaranj@gmail.com>",
-    "Douglas Christopher Wilson <doug@somethingdoug.com>",
-    "Guillermo Rauch <rauchg@gmail.com>",
-    "Jonathan Ong <me@jongleberry.com>",
-    "Roman Shtylman <shtylman+expressjs@gmail.com>",
-    "Young Jae Sim <hanul@hanul.me>"
-  ],
-  "license": "MIT",
-  "repository": "expressjs/express",
-  "homepage": "http://expressjs.com/",
-  "funding": {
-    "type": "opencollective",
-    "url": "https://opencollective.com/express"
-  },
-  "keywords": [
-    "express",
-    "framework",
-    "sinatra",
-    "web",
-    "http",
-    "rest",
-    "restful",
-    "router",
-    "app",
-    "api"
-  ],
-  "dependencies": {
-    "accepts": "~1.3.8",
-    "array-flatten": "1.1.1",
-    "body-parser": "~1.20.3",
-    "content-disposition": "~0.5.4",
-    "content-type": "~1.0.4",
-    "cookie": "~0.7.1",
-    "cookie-signature": "~1.0.6",
-    "debug": "2.6.9",
-    "depd": "2.0.0",
-    "encodeurl": "~2.0.0",
-    "escape-html": "~1.0.3",
-    "etag": "~1.8.1",
-    "finalhandler": "~1.3.1",
-    "fresh": "~0.5.2",
-    "http-errors": "~2.0.0",
-    "merge-descriptors": "1.0.3",
-    "methods": "~1.1.2",
-    "on-finished": "~2.4.1",
-    "parseurl": "~1.3.3",
-    "path-to-regexp": "~0.1.12",
-    "proxy-addr": "~2.0.7",
-    "qs": "~6.14.0",
-    "range-parser": "~1.2.1",
-    "safe-buffer": "5.2.1",
-    "send": "~0.19.0",
-    "serve-static": "~1.16.2",
-    "setprototypeof": "1.2.0",
-    "statuses": "~2.0.1",
-    "type-is": "~1.6.18",
-    "utils-merge": "1.0.1",
-    "vary": "~1.1.2"
-  },
-  "devDependencies": {
-    "after": "0.8.2",
-    "connect-redis": "3.4.2",
-    "cookie-parser": "1.4.6",
-    "cookie-session": "2.0.0",
-    "ejs": "3.1.9",
-    "eslint": "8.47.0",
-    "express-session": "1.17.2",
-    "hbs": "4.2.0",
-    "marked": "0.7.0",
-    "method-override": "3.0.0",
-    "mocha": "^6.2.2",
-    "morgan": "1.10.0",
-    "nyc": "^14.1.1",
-    "pbkdf2-password": "1.2.1",
-    "supertest": "^6.1.6",
-    "vhost": "~3.0.2"
-  },
-  "engines": {
-    "node": ">= 0.10.0"
-  },
-  "files": [
-    "LICENSE",
-    "History.md",
-    "Readme.md",
-    "index.js",
-    "lib/"
-  ],
-  "scripts": {
-    "lint": "eslint .",
-    "test": "mocha --require test/support/env --reporter spec --bail --check-leaks test/ test/acceptance/",
-    "test-ci": "nyc --exclude examples --exclude test --exclude benchmarks --reporter=lcovonly --reporter=text npm test",
-    "test-cov": "nyc --exclude examples --exclude test --exclude benchmarks --reporter=html --reporter=text npm test",
-    "test-tap": "mocha --require test/support/env --reporter tap --check-leaks test/ test/acceptance/"
-  }
-}
diff --git a/src/Servers/ExpressServer/node_modules/finalhandler/HISTORY.md b/src/Servers/ExpressServer/node_modules/finalhandler/HISTORY.md
deleted file mode 100644
index 77ce54d..0000000
--- a/src/Servers/ExpressServer/node_modules/finalhandler/HISTORY.md
+++ /dev/null
@@ -1,216 +0,0 @@
-v1.3.2 / 2025-12-01
-==================
-
-  * deps: use tilde notation for dependencies
-  * deps: statuses@~2.0.2
-
-v1.3.1 / 2024-09-11
-==================
-
-  * deps: encodeurl@~2.0.0
-
-v1.3.0 / 2024-09-03
-==================
-
-  * ignore status message for HTTP/2 (#53)
-
-v1.2.1 / 2024-09-02
-==================
-
-  * Gracefully handle when handling an error and socket is null
-
-1.2.0 / 2022-03-22
-==================
-
-  * Remove set content headers that break response
-  * deps: on-finished@2.4.1
-  * deps: statuses@2.0.1
-    - Rename `425 Unordered Collection` to standard `425 Too Early`
-
-1.1.2 / 2019-05-09
-==================
-
-  * Set stricter `Content-Security-Policy` header
-  * deps: parseurl@~1.3.3
-  * deps: statuses@~1.5.0
-
-1.1.1 / 2018-03-06
-==================
-
-  * Fix 404 output for bad / missing pathnames
-  * deps: encodeurl@~1.0.2
-    - Fix encoding `%` as last character
-  * deps: statuses@~1.4.0
-
-1.1.0 / 2017-09-24
-==================
-
-  * Use `res.headersSent` when available
-
-1.0.6 / 2017-09-22
-==================
-
-  * deps: debug@2.6.9
-
-1.0.5 / 2017-09-15
-==================
-
-  * deps: parseurl@~1.3.2
-    - perf: reduce overhead for full URLs
-    - perf: unroll the "fast-path" `RegExp`
-
-1.0.4 / 2017-08-03
-==================
-
-  * deps: debug@2.6.8
-
-1.0.3 / 2017-05-16
-==================
-
-  * deps: debug@2.6.7
-    - deps: ms@2.0.0
-
-1.0.2 / 2017-04-22
-==================
-
-  * deps: debug@2.6.4
-    - deps: ms@0.7.3
-
-1.0.1 / 2017-03-21
-==================
-
-  * Fix missing `</html>` in HTML document
-  * deps: debug@2.6.3
-    - Fix: `DEBUG_MAX_ARRAY_LENGTH`
-
-1.0.0 / 2017-02-15
-==================
-
-  * Fix exception when `err` cannot be converted to a string
-  * Fully URL-encode the pathname in the 404 message
-  * Only include the pathname in the 404 message
-  * Send complete HTML document
-  * Set `Content-Security-Policy: default-src 'self'` header
-  * deps: debug@2.6.1
-    - Allow colors in workers
-    - Deprecated `DEBUG_FD` environment variable set to `3` or higher
-    - Fix error when running under React Native
-    - Use same color for same namespace
-    - deps: ms@0.7.2
-
-0.5.1 / 2016-11-12
-==================
-
-  * Fix exception when `err.headers` is not an object
-  * deps: statuses@~1.3.1
-  * perf: hoist regular expressions
-  * perf: remove duplicate validation path
-
-0.5.0 / 2016-06-15
-==================
-
-  * Change invalid or non-numeric status code to 500
-  * Overwrite status message to match set status code
-  * Prefer `err.statusCode` if `err.status` is invalid
-  * Set response headers from `err.headers` object
-  * Use `statuses` instead of `http` module for status messages
-    - Includes all defined status messages
-
-0.4.1 / 2015-12-02
-==================
-
-  * deps: escape-html@~1.0.3
-    - perf: enable strict mode
-    - perf: optimize string replacement
-    - perf: use faster string coercion
-
-0.4.0 / 2015-06-14
-==================
-
-  * Fix a false-positive when unpiping in Node.js 0.8
-  * Support `statusCode` property on `Error` objects
-  * Use `unpipe` module for unpiping requests
-  * deps: escape-html@1.0.2
-  * deps: on-finished@~2.3.0
-    - Add defined behavior for HTTP `CONNECT` requests
-    - Add defined behavior for HTTP `Upgrade` requests
-    - deps: ee-first@1.1.1
-  * perf: enable strict mode
-  * perf: remove argument reassignment
-
-0.3.6 / 2015-05-11
-==================
-
-  * deps: debug@~2.2.0
-    - deps: ms@0.7.1
-
-0.3.5 / 2015-04-22
-==================
-
-  * deps: on-finished@~2.2.1
-    - Fix `isFinished(req)` when data buffered
-
-0.3.4 / 2015-03-15
-==================
-
-  * deps: debug@~2.1.3
-    - Fix high intensity foreground color for bold
-    - deps: ms@0.7.0
-
-0.3.3 / 2015-01-01
-==================
-
-  * deps: debug@~2.1.1
-  * deps: on-finished@~2.2.0
-
-0.3.2 / 2014-10-22
-==================
-
-  * deps: on-finished@~2.1.1
-    - Fix handling of pipelined requests
-
-0.3.1 / 2014-10-16
-==================
-
-  * deps: debug@~2.1.0
-    - Implement `DEBUG_FD` env variable support
-
-0.3.0 / 2014-09-17
-==================
-
-  * Terminate in progress response only on error
-  * Use `on-finished` to determine request status
-
-0.2.0 / 2014-09-03
-==================
-
-  * Set `X-Content-Type-Options: nosniff` header
-  * deps: debug@~2.0.0
-
-0.1.0 / 2014-07-16
-==================
-
-  * Respond after request fully read
-    - prevents hung responses and socket hang ups
-  * deps: debug@1.0.4
-
-0.0.3 / 2014-07-11
-==================
-
-  * deps: debug@1.0.3
-    - Add support for multiple wildcards in namespaces
-
-0.0.2 / 2014-06-19
-==================
-
-  * Handle invalid status codes
-
-0.0.1 / 2014-06-05
-==================
-
-  * deps: debug@1.0.2
-
-0.0.0 / 2014-06-05
-==================
-
-  * Extracted from connect/express
diff --git a/src/Servers/ExpressServer/node_modules/finalhandler/LICENSE b/src/Servers/ExpressServer/node_modules/finalhandler/LICENSE
deleted file mode 100644
index 6022106..0000000
--- a/src/Servers/ExpressServer/node_modules/finalhandler/LICENSE
+++ /dev/null
@@ -1,22 +0,0 @@
-(The MIT License)
-
-Copyright (c) 2014-2022 Douglas Christopher Wilson <doug@somethingdoug.com>
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-'Software'), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
-CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
-TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
-SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/finalhandler/README.md b/src/Servers/ExpressServer/node_modules/finalhandler/README.md
deleted file mode 100644
index 6244a13..0000000
--- a/src/Servers/ExpressServer/node_modules/finalhandler/README.md
+++ /dev/null
@@ -1,147 +0,0 @@
-# finalhandler
-
-[![NPM Version][npm-image]][npm-url]
-[![NPM Downloads][downloads-image]][downloads-url]
-[![Node.js Version][node-image]][node-url]
-[![Build Status][github-actions-ci-image]][github-actions-ci-url]
-[![Test Coverage][coveralls-image]][coveralls-url]
-
-Node.js function to invoke as the final step to respond to HTTP request.
-
-## Installation
-
-This is a [Node.js](https://nodejs.org/en/) module available through the
-[npm registry](https://www.npmjs.com/). Installation is done using the
-[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
-
-```sh
-$ npm install finalhandler
-```
-
-## API
-
-```js
-var finalhandler = require('finalhandler')
-```
-
-### finalhandler(req, res, [options])
-
-Returns function to be invoked as the final step for the given `req` and `res`.
-This function is to be invoked as `fn(err)`. If `err` is falsy, the handler will
-write out a 404 response to the `res`. If it is truthy, an error response will
-be written out to the `res` or `res` will be terminated if a response has already
-started.
-
-When an error is written, the following information is added to the response:
-
-  * The `res.statusCode` is set from `err.status` (or `err.statusCode`). If
-    this value is outside the 4xx or 5xx range, it will be set to 500.
-  * The `res.statusMessage` is set according to the status code.
-  * The body will be the HTML of the status code message if `env` is
-    `'production'`, otherwise will be `err.stack`.
-  * Any headers specified in an `err.headers` object.
-
-The final handler will also unpipe anything from `req` when it is invoked.
-
-#### options.env
-
-By default, the environment is determined by `NODE_ENV` variable, but it can be
-overridden by this option.
-
-#### options.onerror
-
-Provide a function to be called with the `err` when it exists. Can be used for
-writing errors to a central location without excessive function generation. Called
-as `onerror(err, req, res)`.
-
-## Examples
-
-### always 404
-
-```js
-var finalhandler = require('finalhandler')
-var http = require('http')
-
-var server = http.createServer(function (req, res) {
-  var done = finalhandler(req, res)
-  done()
-})
-
-server.listen(3000)
-```
-
-### perform simple action
-
-```js
-var finalhandler = require('finalhandler')
-var fs = require('fs')
-var http = require('http')
-
-var server = http.createServer(function (req, res) {
-  var done = finalhandler(req, res)
-
-  fs.readFile('index.html', function (err, buf) {
-    if (err) return done(err)
-    res.setHeader('Content-Type', 'text/html')
-    res.end(buf)
-  })
-})
-
-server.listen(3000)
-```
-
-### use with middleware-style functions
-
-```js
-var finalhandler = require('finalhandler')
-var http = require('http')
-var serveStatic = require('serve-static')
-
-var serve = serveStatic('public')
-
-var server = http.createServer(function (req, res) {
-  var done = finalhandler(req, res)
-  serve(req, res, done)
-})
-
-server.listen(3000)
-```
-
-### keep log of all errors
-
-```js
-var finalhandler = require('finalhandler')
-var fs = require('fs')
-var http = require('http')
-
-var server = http.createServer(function (req, res) {
-  var done = finalhandler(req, res, { onerror: logerror })
-
-  fs.readFile('index.html', function (err, buf) {
-    if (err) return done(err)
-    res.setHeader('Content-Type', 'text/html')
-    res.end(buf)
-  })
-})
-
-server.listen(3000)
-
-function logerror (err) {
-  console.error(err.stack || err.toString())
-}
-```
-
-## License
-
-[MIT](LICENSE)
-
-[npm-image]: https://img.shields.io/npm/v/finalhandler.svg
-[npm-url]: https://npmjs.org/package/finalhandler
-[node-image]: https://img.shields.io/node/v/finalhandler.svg
-[node-url]: https://nodejs.org/en/download
-[coveralls-image]: https://img.shields.io/coveralls/pillarjs/finalhandler.svg
-[coveralls-url]: https://coveralls.io/r/pillarjs/finalhandler?branch=master
-[downloads-image]: https://img.shields.io/npm/dm/finalhandler.svg
-[downloads-url]: https://npmjs.org/package/finalhandler
-[github-actions-ci-image]: https://github.com/pillarjs/finalhandler/actions/workflows/ci.yml/badge.svg
-[github-actions-ci-url]: https://github.com/pillarjs/finalhandler/actions/workflows/ci.yml
diff --git a/src/Servers/ExpressServer/node_modules/finalhandler/SECURITY.md b/src/Servers/ExpressServer/node_modules/finalhandler/SECURITY.md
deleted file mode 100644
index 6e23249..0000000
--- a/src/Servers/ExpressServer/node_modules/finalhandler/SECURITY.md
+++ /dev/null
@@ -1,25 +0,0 @@
-# Security Policies and Procedures
-
-## Reporting a Bug
-
-The `finalhandler` team and community take all security bugs seriously. Thank
-you for improving the security of Express. We appreciate your efforts and
-responsible disclosure and will make every effort to acknowledge your
-contributions.
-
-Report security bugs by emailing the current owner(s) of `finalhandler`. This
-information can be found in the npm registry using the command
-`npm owner ls finalhandler`.
-If unsure or unable to get the information from the above, open an issue
-in the [project issue tracker](https://github.com/pillarjs/finalhandler/issues)
-asking for the current contact information.
-
-To ensure the timely response to your report, please ensure that the entirety
-of the report is contained within the email body and not solely behind a web
-link or an attachment.
-
-At least one owner will acknowledge your email within 48 hours, and will send a
-more detailed response within 48 hours indicating the next steps in handling
-your report. After the initial reply to your report, the owners will
-endeavor to keep you informed of the progress towards a fix and full
-announcement, and may ask for additional information or guidance.
diff --git a/src/Servers/ExpressServer/node_modules/finalhandler/index.js b/src/Servers/ExpressServer/node_modules/finalhandler/index.js
deleted file mode 100644
index ec34be9..0000000
--- a/src/Servers/ExpressServer/node_modules/finalhandler/index.js
+++ /dev/null
@@ -1,341 +0,0 @@
-/*!
- * finalhandler
- * Copyright(c) 2014-2022 Douglas Christopher Wilson
- * MIT Licensed
- */
-
-'use strict'
-
-/**
- * Module dependencies.
- * @private
- */
-
-var debug = require('debug')('finalhandler')
-var encodeUrl = require('encodeurl')
-var escapeHtml = require('escape-html')
-var onFinished = require('on-finished')
-var parseUrl = require('parseurl')
-var statuses = require('statuses')
-var unpipe = require('unpipe')
-
-/**
- * Module variables.
- * @private
- */
-
-var DOUBLE_SPACE_REGEXP = /\x20{2}/g
-var NEWLINE_REGEXP = /\n/g
-
-/* istanbul ignore next */
-var defer = typeof setImmediate === 'function'
-  ? setImmediate
-  : function (fn) { process.nextTick(fn.bind.apply(fn, arguments)) }
-var isFinished = onFinished.isFinished
-
-/**
- * Create a minimal HTML document.
- *
- * @param {string} message
- * @private
- */
-
-function createHtmlDocument (message) {
-  var body = escapeHtml(message)
-    .replace(NEWLINE_REGEXP, '<br>')
-    .replace(DOUBLE_SPACE_REGEXP, ' &nbsp;')
-
-  return '<!DOCTYPE html>\n' +
-    '<html lang="en">\n' +
-    '<head>\n' +
-    '<meta charset="utf-8">\n' +
-    '<title>Error</title>\n' +
-    '</head>\n' +
-    '<body>\n' +
-    '<pre>' + body + '</pre>\n' +
-    '</body>\n' +
-    '</html>\n'
-}
-
-/**
- * Module exports.
- * @public
- */
-
-module.exports = finalhandler
-
-/**
- * Create a function to handle the final response.
- *
- * @param {Request} req
- * @param {Response} res
- * @param {Object} [options]
- * @return {Function}
- * @public
- */
-
-function finalhandler (req, res, options) {
-  var opts = options || {}
-
-  // get environment
-  var env = opts.env || process.env.NODE_ENV || 'development'
-
-  // get error callback
-  var onerror = opts.onerror
-
-  return function (err) {
-    var headers
-    var msg
-    var status
-
-    // ignore 404 on in-flight response
-    if (!err && headersSent(res)) {
-      debug('cannot 404 after headers sent')
-      return
-    }
-
-    // unhandled error
-    if (err) {
-      // respect status code from error
-      status = getErrorStatusCode(err)
-
-      if (status === undefined) {
-        // fallback to status code on response
-        status = getResponseStatusCode(res)
-      } else {
-        // respect headers from error
-        headers = getErrorHeaders(err)
-      }
-
-      // get error message
-      msg = getErrorMessage(err, status, env)
-    } else {
-      // not found
-      status = 404
-      msg = 'Cannot ' + req.method + ' ' + encodeUrl(getResourceName(req))
-    }
-
-    debug('default %s', status)
-
-    // schedule onerror callback
-    if (err && onerror) {
-      defer(onerror, err, req, res)
-    }
-
-    // cannot actually respond
-    if (headersSent(res)) {
-      debug('cannot %d after headers sent', status)
-      if (req.socket) {
-        req.socket.destroy()
-      }
-      return
-    }
-
-    // send response
-    send(req, res, status, headers, msg)
-  }
-}
-
-/**
- * Get headers from Error object.
- *
- * @param {Error} err
- * @return {object}
- * @private
- */
-
-function getErrorHeaders (err) {
-  if (!err.headers || typeof err.headers !== 'object') {
-    return undefined
-  }
-
-  var headers = Object.create(null)
-  var keys = Object.keys(err.headers)
-
-  for (var i = 0; i < keys.length; i++) {
-    var key = keys[i]
-    headers[key] = err.headers[key]
-  }
-
-  return headers
-}
-
-/**
- * Get message from Error object, fallback to status message.
- *
- * @param {Error} err
- * @param {number} status
- * @param {string} env
- * @return {string}
- * @private
- */
-
-function getErrorMessage (err, status, env) {
-  var msg
-
-  if (env !== 'production') {
-    // use err.stack, which typically includes err.message
-    msg = err.stack
-
-    // fallback to err.toString() when possible
-    if (!msg && typeof err.toString === 'function') {
-      msg = err.toString()
-    }
-  }
-
-  return msg || statuses.message[status]
-}
-
-/**
- * Get status code from Error object.
- *
- * @param {Error} err
- * @return {number}
- * @private
- */
-
-function getErrorStatusCode (err) {
-  // check err.status
-  if (typeof err.status === 'number' && err.status >= 400 && err.status < 600) {
-    return err.status
-  }
-
-  // check err.statusCode
-  if (typeof err.statusCode === 'number' && err.statusCode >= 400 && err.statusCode < 600) {
-    return err.statusCode
-  }
-
-  return undefined
-}
-
-/**
- * Get resource name for the request.
- *
- * This is typically just the original pathname of the request
- * but will fallback to "resource" is that cannot be determined.
- *
- * @param {IncomingMessage} req
- * @return {string}
- * @private
- */
-
-function getResourceName (req) {
-  try {
-    return parseUrl.original(req).pathname
-  } catch (e) {
-    return 'resource'
-  }
-}
-
-/**
- * Get status code from response.
- *
- * @param {OutgoingMessage} res
- * @return {number}
- * @private
- */
-
-function getResponseStatusCode (res) {
-  var status = res.statusCode
-
-  // default status code to 500 if outside valid range
-  if (typeof status !== 'number' || status < 400 || status > 599) {
-    status = 500
-  }
-
-  return status
-}
-
-/**
- * Determine if the response headers have been sent.
- *
- * @param {object} res
- * @returns {boolean}
- * @private
- */
-
-function headersSent (res) {
-  return typeof res.headersSent !== 'boolean'
-    ? Boolean(res._header)
-    : res.headersSent
-}
-
-/**
- * Send response.
- *
- * @param {IncomingMessage} req
- * @param {OutgoingMessage} res
- * @param {number} status
- * @param {object} headers
- * @param {string} message
- * @private
- */
-
-function send (req, res, status, headers, message) {
-  function write () {
-    // response body
-    var body = createHtmlDocument(message)
-
-    // response status
-    res.statusCode = status
-
-    if (req.httpVersionMajor < 2) {
-      res.statusMessage = statuses.message[status]
-    }
-
-    // remove any content headers
-    res.removeHeader('Content-Encoding')
-    res.removeHeader('Content-Language')
-    res.removeHeader('Content-Range')
-
-    // response headers
-    setHeaders(res, headers)
-
-    // security headers
-    res.setHeader('Content-Security-Policy', "default-src 'none'")
-    res.setHeader('X-Content-Type-Options', 'nosniff')
-
-    // standard headers
-    res.setHeader('Content-Type', 'text/html; charset=utf-8')
-    res.setHeader('Content-Length', Buffer.byteLength(body, 'utf8'))
-
-    if (req.method === 'HEAD') {
-      res.end()
-      return
-    }
-
-    res.end(body, 'utf8')
-  }
-
-  if (isFinished(req)) {
-    write()
-    return
-  }
-
-  // unpipe everything from the request
-  unpipe(req)
-
-  // flush the request
-  onFinished(req, write)
-  req.resume()
-}
-
-/**
- * Set response headers from an object.
- *
- * @param {OutgoingMessage} res
- * @param {object} headers
- * @private
- */
-
-function setHeaders (res, headers) {
-  if (!headers) {
-    return
-  }
-
-  var keys = Object.keys(headers)
-  for (var i = 0; i < keys.length; i++) {
-    var key = keys[i]
-    res.setHeader(key, headers[key])
-  }
-}
diff --git a/src/Servers/ExpressServer/node_modules/finalhandler/package.json b/src/Servers/ExpressServer/node_modules/finalhandler/package.json
deleted file mode 100644
index ce618dc..0000000
--- a/src/Servers/ExpressServer/node_modules/finalhandler/package.json
+++ /dev/null
@@ -1,47 +0,0 @@
-{
-  "name": "finalhandler",
-  "description": "Node.js final http responder",
-  "version": "1.3.2",
-  "author": "Douglas Christopher Wilson <doug@somethingdoug.com>",
-  "license": "MIT",
-  "repository": "pillarjs/finalhandler",
-  "dependencies": {
-    "debug": "2.6.9",
-    "encodeurl": "~2.0.0",
-    "escape-html": "~1.0.3",
-    "on-finished": "~2.4.1",
-    "parseurl": "~1.3.3",
-    "statuses": "~2.0.2",
-    "unpipe": "~1.0.0"
-  },
-  "devDependencies": {
-    "eslint": "7.32.0",
-    "eslint-config-standard": "14.1.1",
-    "eslint-plugin-import": "2.26.0",
-    "eslint-plugin-markdown": "2.2.1",
-    "eslint-plugin-node": "11.1.0",
-    "eslint-plugin-promise": "5.2.0",
-    "eslint-plugin-standard": "4.1.0",
-    "mocha": "10.0.0",
-    "nyc": "15.1.0",
-    "readable-stream": "2.3.6",
-    "safe-buffer": "5.2.1",
-    "supertest": "6.2.4"
-  },
-  "files": [
-    "LICENSE",
-    "HISTORY.md",
-    "SECURITY.md",
-    "index.js"
-  ],
-  "engines": {
-    "node": ">= 0.8"
-  },
-  "scripts": {
-    "lint": "eslint .",
-    "test": "mocha --reporter spec --check-leaks test/",
-    "test-ci": "nyc --reporter=lcovonly --reporter=text npm test",
-    "test-cov": "nyc --reporter=html --reporter=text npm test",
-    "test-inspect": "mocha --reporter spec --inspect --inspect-brk test/"
-  }
-}
diff --git a/src/Servers/ExpressServer/node_modules/forwarded/HISTORY.md b/src/Servers/ExpressServer/node_modules/forwarded/HISTORY.md
deleted file mode 100644
index 381e6aa..0000000
--- a/src/Servers/ExpressServer/node_modules/forwarded/HISTORY.md
+++ /dev/null
@@ -1,21 +0,0 @@
-0.2.0 / 2021-05-31
-==================
-
-  * Use `req.socket` over deprecated `req.connection`
-
-0.1.2 / 2017-09-14
-==================
-
-  * perf: improve header parsing
-  * perf: reduce overhead when no `X-Forwarded-For` header
-
-0.1.1 / 2017-09-10
-==================
-
-  * Fix trimming leading / trailing OWS
-  * perf: hoist regular expression
-
-0.1.0 / 2014-09-21
-==================
-
-  * Initial release
diff --git a/src/Servers/ExpressServer/node_modules/forwarded/LICENSE b/src/Servers/ExpressServer/node_modules/forwarded/LICENSE
deleted file mode 100644
index 84441fb..0000000
--- a/src/Servers/ExpressServer/node_modules/forwarded/LICENSE
+++ /dev/null
@@ -1,22 +0,0 @@
-(The MIT License)
-
-Copyright (c) 2014-2017 Douglas Christopher Wilson
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-'Software'), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
-CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
-TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
-SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/forwarded/README.md b/src/Servers/ExpressServer/node_modules/forwarded/README.md
deleted file mode 100644
index fdd220b..0000000
--- a/src/Servers/ExpressServer/node_modules/forwarded/README.md
+++ /dev/null
@@ -1,57 +0,0 @@
-# forwarded
-
-[![NPM Version][npm-image]][npm-url]
-[![NPM Downloads][downloads-image]][downloads-url]
-[![Node.js Version][node-version-image]][node-version-url]
-[![Build Status][ci-image]][ci-url]
-[![Test Coverage][coveralls-image]][coveralls-url]
-
-Parse HTTP X-Forwarded-For header
-
-## Installation
-
-This is a [Node.js](https://nodejs.org/en/) module available through the
-[npm registry](https://www.npmjs.com/). Installation is done using the
-[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
-
-```sh
-$ npm install forwarded
-```
-
-## API
-
-```js
-var forwarded = require('forwarded')
-```
-
-### forwarded(req)
-
-```js
-var addresses = forwarded(req)
-```
-
-Parse the `X-Forwarded-For` header from the request. Returns an array
-of the addresses, including the socket address for the `req`, in reverse
-order (i.e. index `0` is the socket address and the last index is the
-furthest address, typically the end-user).
-
-## Testing
-
-```sh
-$ npm test
-```
-
-## License
-
-[MIT](LICENSE)
-
-[ci-image]: https://badgen.net/github/checks/jshttp/forwarded/master?label=ci
-[ci-url]: https://github.com/jshttp/forwarded/actions?query=workflow%3Aci
-[npm-image]: https://img.shields.io/npm/v/forwarded.svg
-[npm-url]: https://npmjs.org/package/forwarded
-[node-version-image]: https://img.shields.io/node/v/forwarded.svg
-[node-version-url]: https://nodejs.org/en/download/
-[coveralls-image]: https://img.shields.io/coveralls/jshttp/forwarded/master.svg
-[coveralls-url]: https://coveralls.io/r/jshttp/forwarded?branch=master
-[downloads-image]: https://img.shields.io/npm/dm/forwarded.svg
-[downloads-url]: https://npmjs.org/package/forwarded
diff --git a/src/Servers/ExpressServer/node_modules/forwarded/index.js b/src/Servers/ExpressServer/node_modules/forwarded/index.js
deleted file mode 100644
index b2b6bdd..0000000
--- a/src/Servers/ExpressServer/node_modules/forwarded/index.js
+++ /dev/null
@@ -1,90 +0,0 @@
-/*!
- * forwarded
- * Copyright(c) 2014-2017 Douglas Christopher Wilson
- * MIT Licensed
- */
-
-'use strict'
-
-/**
- * Module exports.
- * @public
- */
-
-module.exports = forwarded
-
-/**
- * Get all addresses in the request, using the `X-Forwarded-For` header.
- *
- * @param {object} req
- * @return {array}
- * @public
- */
-
-function forwarded (req) {
-  if (!req) {
-    throw new TypeError('argument req is required')
-  }
-
-  // simple header parsing
-  var proxyAddrs = parse(req.headers['x-forwarded-for'] || '')
-  var socketAddr = getSocketAddr(req)
-  var addrs = [socketAddr].concat(proxyAddrs)
-
-  // return all addresses
-  return addrs
-}
-
-/**
- * Get the socket address for a request.
- *
- * @param {object} req
- * @return {string}
- * @private
- */
-
-function getSocketAddr (req) {
-  return req.socket
-    ? req.socket.remoteAddress
-    : req.connection.remoteAddress
-}
-
-/**
- * Parse the X-Forwarded-For header.
- *
- * @param {string} header
- * @private
- */
-
-function parse (header) {
-  var end = header.length
-  var list = []
-  var start = header.length
-
-  // gather addresses, backwards
-  for (var i = header.length - 1; i >= 0; i--) {
-    switch (header.charCodeAt(i)) {
-      case 0x20: /*   */
-        if (start === end) {
-          start = end = i
-        }
-        break
-      case 0x2c: /* , */
-        if (start !== end) {
-          list.push(header.substring(start, end))
-        }
-        start = end = i
-        break
-      default:
-        start = i
-        break
-    }
-  }
-
-  // final address
-  if (start !== end) {
-    list.push(header.substring(start, end))
-  }
-
-  return list
-}
diff --git a/src/Servers/ExpressServer/node_modules/forwarded/package.json b/src/Servers/ExpressServer/node_modules/forwarded/package.json
deleted file mode 100644
index bf9c7d6..0000000
--- a/src/Servers/ExpressServer/node_modules/forwarded/package.json
+++ /dev/null
@@ -1,45 +0,0 @@
-{
-  "name": "forwarded",
-  "description": "Parse HTTP X-Forwarded-For header",
-  "version": "0.2.0",
-  "contributors": [
-    "Douglas Christopher Wilson <doug@somethingdoug.com>"
-  ],
-  "license": "MIT",
-  "keywords": [
-    "x-forwarded-for",
-    "http",
-    "req"
-  ],
-  "repository": "jshttp/forwarded",
-  "devDependencies": {
-    "beautify-benchmark": "0.2.4",
-    "benchmark": "2.1.4",
-    "deep-equal": "1.0.1",
-    "eslint": "7.27.0",
-    "eslint-config-standard": "14.1.1",
-    "eslint-plugin-import": "2.23.4",
-    "eslint-plugin-node": "11.1.0",
-    "eslint-plugin-promise": "4.3.1",
-    "eslint-plugin-standard": "4.1.0",
-    "mocha": "8.4.0",
-    "nyc": "15.1.0"
-  },
-  "files": [
-    "LICENSE",
-    "HISTORY.md",
-    "README.md",
-    "index.js"
-  ],
-  "engines": {
-    "node": ">= 0.6"
-  },
-  "scripts": {
-    "bench": "node benchmark/index.js",
-    "lint": "eslint .",
-    "test": "mocha --reporter spec --bail --check-leaks test/",
-    "test-ci": "nyc --reporter=lcov --reporter=text npm test",
-    "test-cov": "nyc --reporter=html --reporter=text npm test",
-    "version": "node scripts/version-history.js && git add HISTORY.md"
-  }
-}
diff --git a/src/Servers/ExpressServer/node_modules/fresh/HISTORY.md b/src/Servers/ExpressServer/node_modules/fresh/HISTORY.md
deleted file mode 100644
index 4586996..0000000
--- a/src/Servers/ExpressServer/node_modules/fresh/HISTORY.md
+++ /dev/null
@@ -1,70 +0,0 @@
-0.5.2 / 2017-09-13
-==================
-
-  * Fix regression matching multiple ETags in `If-None-Match`
-  * perf: improve `If-None-Match` token parsing
-
-0.5.1 / 2017-09-11
-==================
-
-  * Fix handling of modified headers with invalid dates
-  * perf: improve ETag match loop
-
-0.5.0 / 2017-02-21
-==================
-
-  * Fix incorrect result when `If-None-Match` has both `*` and ETags
-  * Fix weak `ETag` matching to match spec
-  * perf: delay reading header values until needed
-  * perf: skip checking modified time if ETag check failed
-  * perf: skip parsing `If-None-Match` when no `ETag` header
-  * perf: use `Date.parse` instead of `new Date`
-
-0.4.0 / 2017-02-05
-==================
-
-  * Fix false detection of `no-cache` request directive
-  * perf: enable strict mode
-  * perf: hoist regular expressions
-  * perf: remove duplicate conditional
-  * perf: remove unnecessary boolean coercions
-
-0.3.0 / 2015-05-12
-==================
-
-  * Add weak `ETag` matching support
-
-0.2.4 / 2014-09-07
-==================
-
-  * Support Node.js 0.6
-
-0.2.3 / 2014-09-07
-==================
-
-  * Move repository to jshttp
-
-0.2.2 / 2014-02-19
-==================
-
-  * Revert "Fix for blank page on Safari reload"
-
-0.2.1 / 2014-01-29
-==================
-
-  * Fix for blank page on Safari reload
-
-0.2.0 / 2013-08-11
-==================
-
-  * Return stale for `Cache-Control: no-cache`
-
-0.1.0 / 2012-06-15
-==================
-
-  * Add `If-None-Match: *` support
-
-0.0.1 / 2012-06-10
-==================
-
-  * Initial release
diff --git a/src/Servers/ExpressServer/node_modules/fresh/LICENSE b/src/Servers/ExpressServer/node_modules/fresh/LICENSE
deleted file mode 100644
index 1434ade..0000000
--- a/src/Servers/ExpressServer/node_modules/fresh/LICENSE
+++ /dev/null
@@ -1,23 +0,0 @@
-(The MIT License)
-
-Copyright (c) 2012 TJ Holowaychuk <tj@vision-media.ca>
-Copyright (c) 2016-2017 Douglas Christopher Wilson <doug@somethingdoug.com>
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-'Software'), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
-CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
-TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
-SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/fresh/README.md b/src/Servers/ExpressServer/node_modules/fresh/README.md
deleted file mode 100644
index 1c1c680..0000000
--- a/src/Servers/ExpressServer/node_modules/fresh/README.md
+++ /dev/null
@@ -1,119 +0,0 @@
-# fresh
-
-[![NPM Version][npm-image]][npm-url]
-[![NPM Downloads][downloads-image]][downloads-url]
-[![Node.js Version][node-version-image]][node-version-url]
-[![Build Status][travis-image]][travis-url]
-[![Test Coverage][coveralls-image]][coveralls-url]
-
-HTTP response freshness testing
-
-## Installation
-
-This is a [Node.js](https://nodejs.org/en/) module available through the
-[npm registry](https://www.npmjs.com/). Installation is done using the
-[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
-
-```
-$ npm install fresh
-```
-
-## API
-
-<!-- eslint-disable no-unused-vars -->
-
-```js
-var fresh = require('fresh')
-```
-
-### fresh(reqHeaders, resHeaders)
-
-Check freshness of the response using request and response headers.
-
-When the response is still "fresh" in the client's cache `true` is
-returned, otherwise `false` is returned to indicate that the client
-cache is now stale and the full response should be sent.
-
-When a client sends the `Cache-Control: no-cache` request header to
-indicate an end-to-end reload request, this module will return `false`
-to make handling these requests transparent.
-
-## Known Issues
-
-This module is designed to only follow the HTTP specifications, not
-to work-around all kinda of client bugs (especially since this module
-typically does not recieve enough information to understand what the
-client actually is).
-
-There is a known issue that in certain versions of Safari, Safari
-will incorrectly make a request that allows this module to validate
-freshness of the resource even when Safari does not have a
-representation of the resource in the cache. The module
-[jumanji](https://www.npmjs.com/package/jumanji) can be used in
-an Express application to work-around this issue and also provides
-links to further reading on this Safari bug.
-
-## Example
-
-### API usage
-
-<!-- eslint-disable no-redeclare, no-undef -->
-
-```js
-var reqHeaders = { 'if-none-match': '"foo"' }
-var resHeaders = { 'etag': '"bar"' }
-fresh(reqHeaders, resHeaders)
-// => false
-
-var reqHeaders = { 'if-none-match': '"foo"' }
-var resHeaders = { 'etag': '"foo"' }
-fresh(reqHeaders, resHeaders)
-// => true
-```
-
-### Using with Node.js http server
-
-```js
-var fresh = require('fresh')
-var http = require('http')
-
-var server = http.createServer(function (req, res) {
-  // perform server logic
-  // ... including adding ETag / Last-Modified response headers
-
-  if (isFresh(req, res)) {
-    // client has a fresh copy of resource
-    res.statusCode = 304
-    res.end()
-    return
-  }
-
-  // send the resource
-  res.statusCode = 200
-  res.end('hello, world!')
-})
-
-function isFresh (req, res) {
-  return fresh(req.headers, {
-    'etag': res.getHeader('ETag'),
-    'last-modified': res.getHeader('Last-Modified')
-  })
-}
-
-server.listen(3000)
-```
-
-## License
-
-[MIT](LICENSE)
-
-[npm-image]: https://img.shields.io/npm/v/fresh.svg
-[npm-url]: https://npmjs.org/package/fresh
-[node-version-image]: https://img.shields.io/node/v/fresh.svg
-[node-version-url]: https://nodejs.org/en/
-[travis-image]: https://img.shields.io/travis/jshttp/fresh/master.svg
-[travis-url]: https://travis-ci.org/jshttp/fresh
-[coveralls-image]: https://img.shields.io/coveralls/jshttp/fresh/master.svg
-[coveralls-url]: https://coveralls.io/r/jshttp/fresh?branch=master
-[downloads-image]: https://img.shields.io/npm/dm/fresh.svg
-[downloads-url]: https://npmjs.org/package/fresh
diff --git a/src/Servers/ExpressServer/node_modules/fresh/index.js b/src/Servers/ExpressServer/node_modules/fresh/index.js
deleted file mode 100644
index d154f5a..0000000
--- a/src/Servers/ExpressServer/node_modules/fresh/index.js
+++ /dev/null
@@ -1,137 +0,0 @@
-/*!
- * fresh
- * Copyright(c) 2012 TJ Holowaychuk
- * Copyright(c) 2016-2017 Douglas Christopher Wilson
- * MIT Licensed
- */
-
-'use strict'
-
-/**
- * RegExp to check for no-cache token in Cache-Control.
- * @private
- */
-
-var CACHE_CONTROL_NO_CACHE_REGEXP = /(?:^|,)\s*?no-cache\s*?(?:,|$)/
-
-/**
- * Module exports.
- * @public
- */
-
-module.exports = fresh
-
-/**
- * Check freshness of the response using request and response headers.
- *
- * @param {Object} reqHeaders
- * @param {Object} resHeaders
- * @return {Boolean}
- * @public
- */
-
-function fresh (reqHeaders, resHeaders) {
-  // fields
-  var modifiedSince = reqHeaders['if-modified-since']
-  var noneMatch = reqHeaders['if-none-match']
-
-  // unconditional request
-  if (!modifiedSince && !noneMatch) {
-    return false
-  }
-
-  // Always return stale when Cache-Control: no-cache
-  // to support end-to-end reload requests
-  // https://tools.ietf.org/html/rfc2616#section-14.9.4
-  var cacheControl = reqHeaders['cache-control']
-  if (cacheControl && CACHE_CONTROL_NO_CACHE_REGEXP.test(cacheControl)) {
-    return false
-  }
-
-  // if-none-match
-  if (noneMatch && noneMatch !== '*') {
-    var etag = resHeaders['etag']
-
-    if (!etag) {
-      return false
-    }
-
-    var etagStale = true
-    var matches = parseTokenList(noneMatch)
-    for (var i = 0; i < matches.length; i++) {
-      var match = matches[i]
-      if (match === etag || match === 'W/' + etag || 'W/' + match === etag) {
-        etagStale = false
-        break
-      }
-    }
-
-    if (etagStale) {
-      return false
-    }
-  }
-
-  // if-modified-since
-  if (modifiedSince) {
-    var lastModified = resHeaders['last-modified']
-    var modifiedStale = !lastModified || !(parseHttpDate(lastModified) <= parseHttpDate(modifiedSince))
-
-    if (modifiedStale) {
-      return false
-    }
-  }
-
-  return true
-}
-
-/**
- * Parse an HTTP Date into a number.
- *
- * @param {string} date
- * @private
- */
-
-function parseHttpDate (date) {
-  var timestamp = date && Date.parse(date)
-
-  // istanbul ignore next: guard against date.js Date.parse patching
-  return typeof timestamp === 'number'
-    ? timestamp
-    : NaN
-}
-
-/**
- * Parse a HTTP token list.
- *
- * @param {string} str
- * @private
- */
-
-function parseTokenList (str) {
-  var end = 0
-  var list = []
-  var start = 0
-
-  // gather tokens
-  for (var i = 0, len = str.length; i < len; i++) {
-    switch (str.charCodeAt(i)) {
-      case 0x20: /*   */
-        if (start === end) {
-          start = end = i + 1
-        }
-        break
-      case 0x2c: /* , */
-        list.push(str.substring(start, end))
-        start = end = i + 1
-        break
-      default:
-        end = i + 1
-        break
-    }
-  }
-
-  // final token
-  list.push(str.substring(start, end))
-
-  return list
-}
diff --git a/src/Servers/ExpressServer/node_modules/fresh/package.json b/src/Servers/ExpressServer/node_modules/fresh/package.json
deleted file mode 100644
index c2fa0f4..0000000
--- a/src/Servers/ExpressServer/node_modules/fresh/package.json
+++ /dev/null
@@ -1,46 +0,0 @@
-{
-  "name": "fresh",
-  "description": "HTTP response freshness testing",
-  "version": "0.5.2",
-  "author": "TJ Holowaychuk <tj@vision-media.ca> (http://tjholowaychuk.com)",
-  "contributors": [
-    "Douglas Christopher Wilson <doug@somethingdoug.com>",
-    "Jonathan Ong <me@jongleberry.com> (http://jongleberry.com)"
-  ],
-  "license": "MIT",
-  "keywords": [
-    "fresh",
-    "http",
-    "conditional",
-    "cache"
-  ],
-  "repository": "jshttp/fresh",
-  "devDependencies": {
-    "beautify-benchmark": "0.2.4",
-    "benchmark": "2.1.4",
-    "eslint": "3.19.0",
-    "eslint-config-standard": "10.2.1",
-    "eslint-plugin-import": "2.7.0",
-    "eslint-plugin-markdown": "1.0.0-beta.6",
-    "eslint-plugin-node": "5.1.1",
-    "eslint-plugin-promise": "3.5.0",
-    "eslint-plugin-standard": "3.0.1",
-    "istanbul": "0.4.5",
-    "mocha": "1.21.5"
-  },
-  "files": [
-    "HISTORY.md",
-    "LICENSE",
-    "index.js"
-  ],
-  "engines": {
-    "node": ">= 0.6"
-  },
-  "scripts": {
-    "bench": "node benchmark/index.js",
-    "lint": "eslint --plugin markdown --ext js,md .",
-    "test": "mocha --reporter spec --bail --check-leaks test/",
-    "test-cov": "istanbul cover node_modules/mocha/bin/_mocha -- --reporter dot --check-leaks test/",
-    "test-travis": "istanbul cover node_modules/mocha/bin/_mocha --report lcovonly -- --reporter spec --check-leaks test/"
-  }
-}
diff --git a/src/Servers/ExpressServer/node_modules/function-bind/.eslintrc b/src/Servers/ExpressServer/node_modules/function-bind/.eslintrc
deleted file mode 100644
index 71a054f..0000000
--- a/src/Servers/ExpressServer/node_modules/function-bind/.eslintrc
+++ /dev/null
@@ -1,21 +0,0 @@
-{
-	"root": true,
-
-	"extends": "@ljharb",
-
-	"rules": {
-		"func-name-matching": 0,
-		"indent": [2, 4],
-		"no-new-func": [1],
-	},
-
-	"overrides": [
-		{
-			"files": "test/**",
-			"rules": {
-				"max-lines-per-function": 0,
-				"strict": [0]
-			},
-		},
-	],
-}
diff --git a/src/Servers/ExpressServer/node_modules/function-bind/.github/FUNDING.yml b/src/Servers/ExpressServer/node_modules/function-bind/.github/FUNDING.yml
deleted file mode 100644
index 7448219..0000000
--- a/src/Servers/ExpressServer/node_modules/function-bind/.github/FUNDING.yml
+++ /dev/null
@@ -1,12 +0,0 @@
-# These are supported funding model platforms
-
-github: [ljharb]
-patreon: # Replace with a single Patreon username
-open_collective: # Replace with a single Open Collective username
-ko_fi: # Replace with a single Ko-fi username
-tidelift: npm/function-bind
-community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
-liberapay: # Replace with a single Liberapay username
-issuehunt: # Replace with a single IssueHunt username
-otechie: # Replace with a single Otechie username
-custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']
diff --git a/src/Servers/ExpressServer/node_modules/function-bind/.github/SECURITY.md b/src/Servers/ExpressServer/node_modules/function-bind/.github/SECURITY.md
deleted file mode 100644
index 82e4285..0000000
--- a/src/Servers/ExpressServer/node_modules/function-bind/.github/SECURITY.md
+++ /dev/null
@@ -1,3 +0,0 @@
-# Security
-
-Please email [@ljharb](https://github.com/ljharb) or see https://tidelift.com/security if you have a potential security vulnerability to report.
diff --git a/src/Servers/ExpressServer/node_modules/function-bind/.nycrc b/src/Servers/ExpressServer/node_modules/function-bind/.nycrc
deleted file mode 100644
index 1826526..0000000
--- a/src/Servers/ExpressServer/node_modules/function-bind/.nycrc
+++ /dev/null
@@ -1,13 +0,0 @@
-{
-	"all": true,
-	"check-coverage": false,
-	"reporter": ["text-summary", "text", "html", "json"],
-	"lines": 86,
-	"statements": 85.93,
-	"functions": 82.43,
-	"branches": 76.06,
-	"exclude": [
-		"coverage",
-		"test"
-	]
-}
diff --git a/src/Servers/ExpressServer/node_modules/function-bind/CHANGELOG.md b/src/Servers/ExpressServer/node_modules/function-bind/CHANGELOG.md
deleted file mode 100644
index f9e6cc0..0000000
--- a/src/Servers/ExpressServer/node_modules/function-bind/CHANGELOG.md
+++ /dev/null
@@ -1,136 +0,0 @@
-# Changelog
-
-All notable changes to this project will be documented in this file.
-
-The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
-and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
-
-## [v1.1.2](https://github.com/ljharb/function-bind/compare/v1.1.1...v1.1.2) - 2023-10-12
-
-### Merged
-
-- Point to the correct file [`#16`](https://github.com/ljharb/function-bind/pull/16)
-
-### Commits
-
-- [Tests] migrate tests to Github Actions [`4f8b57c`](https://github.com/ljharb/function-bind/commit/4f8b57c02f2011fe9ae353d5e74e8745f0988af8)
-- [Tests] remove `jscs` [`90eb2ed`](https://github.com/ljharb/function-bind/commit/90eb2edbeefd5b76cd6c3a482ea3454db169b31f)
-- [meta] update `.gitignore` [`53fcdc3`](https://github.com/ljharb/function-bind/commit/53fcdc371cd66634d6e9b71c836a50f437e89fed)
-- [Tests] up to `node` `v11.10`, `v10.15`, `v9.11`, `v8.15`, `v6.16`, `v4.9`; use `nvm install-latest-npm`; run audit script in tests [`1fe8f6e`](https://github.com/ljharb/function-bind/commit/1fe8f6e9aed0dfa8d8b3cdbd00c7f5ea0cd2b36e)
-- [meta] add `auto-changelog` [`1921fcb`](https://github.com/ljharb/function-bind/commit/1921fcb5b416b63ffc4acad051b6aad5722f777d)
-- [Robustness] remove runtime dependency on all builtins except `.apply` [`f743e61`](https://github.com/ljharb/function-bind/commit/f743e61aa6bb2360358c04d4884c9db853d118b7)
-- Docs: enable badges; update wording [`503cb12`](https://github.com/ljharb/function-bind/commit/503cb12d998b5f91822776c73332c7adcd6355dd)
-- [readme] update badges [`290c5db`](https://github.com/ljharb/function-bind/commit/290c5dbbbda7264efaeb886552a374b869a4bb48)
-- [Tests] switch to nyc for coverage [`ea360ba`](https://github.com/ljharb/function-bind/commit/ea360ba907fc2601ed18d01a3827fa2d3533cdf8)
-- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `tape` [`cae5e9e`](https://github.com/ljharb/function-bind/commit/cae5e9e07a5578dc6df26c03ee22851ce05b943c)
-- [meta] add `funding` field; create FUNDING.yml [`c9f4274`](https://github.com/ljharb/function-bind/commit/c9f4274aa80ea3aae9657a3938fdba41a3b04ca6)
-- [Tests] fix eslint errors from #15 [`f69aaa2`](https://github.com/ljharb/function-bind/commit/f69aaa2beb2fdab4415bfb885760a699d0b9c964)
-- [actions] fix permissions [`99a0cd9`](https://github.com/ljharb/function-bind/commit/99a0cd9f3b5bac223a0d572f081834cd73314be7)
-- [meta] use `npmignore` to autogenerate an npmignore file [`f03b524`](https://github.com/ljharb/function-bind/commit/f03b524ca91f75a109a5d062f029122c86ecd1ae)
-- [Dev Deps] update `@ljharb/eslint‑config`, `eslint`, `tape` [`7af9300`](https://github.com/ljharb/function-bind/commit/7af930023ae2ce7645489532821e4fbbcd7a2280)
-- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `covert`, `tape` [`64a9127`](https://github.com/ljharb/function-bind/commit/64a9127ab0bd331b93d6572eaf6e9971967fc08c)
-- [Tests] use `aud` instead of `npm audit` [`e75069c`](https://github.com/ljharb/function-bind/commit/e75069c50010a8fcce2a9ce2324934c35fdb4386)
-- [Dev Deps] update `@ljharb/eslint-config`, `aud`, `tape` [`d03555c`](https://github.com/ljharb/function-bind/commit/d03555ca59dea3b71ce710045e4303b9e2619e28)
-- [meta] add `safe-publish-latest` [`9c8f809`](https://github.com/ljharb/function-bind/commit/9c8f8092aed027d7e80c94f517aa892385b64f09)
-- [Dev Deps] update `@ljharb/eslint-config`, `tape` [`baf6893`](https://github.com/ljharb/function-bind/commit/baf6893e27f5b59abe88bc1995e6f6ed1e527397)
-- [meta] create SECURITY.md [`4db1779`](https://github.com/ljharb/function-bind/commit/4db17799f1f28ae294cb95e0081ca2b591c3911b)
-- [Tests] add `npm run audit` [`c8b38ec`](https://github.com/ljharb/function-bind/commit/c8b38ec40ed3f85dabdee40ed4148f1748375bc2)
-- Revert "Point to the correct file" [`05cdf0f`](https://github.com/ljharb/function-bind/commit/05cdf0fa205c6a3c5ba40bbedd1dfa9874f915c9)
-
-## [v1.1.1](https://github.com/ljharb/function-bind/compare/v1.1.0...v1.1.1) - 2017-08-28
-
-### Commits
-
-- [Tests] up to `node` `v8`; newer npm breaks on older node; fix scripts [`817f7d2`](https://github.com/ljharb/function-bind/commit/817f7d28470fdbff8ef608d4d565dd4d1430bc5e)
-- [Dev Deps] update `eslint`, `jscs`, `tape`, `@ljharb/eslint-config` [`854288b`](https://github.com/ljharb/function-bind/commit/854288b1b6f5c555f89aceb9eff1152510262084)
-- [Dev Deps] update `tape`, `jscs`, `eslint`, `@ljharb/eslint-config` [`83e639f`](https://github.com/ljharb/function-bind/commit/83e639ff74e6cd6921285bccec22c1bcf72311bd)
-- Only apps should have lockfiles [`5ed97f5`](https://github.com/ljharb/function-bind/commit/5ed97f51235c17774e0832e122abda0f3229c908)
-- Use a SPDX-compliant “license” field. [`5feefea`](https://github.com/ljharb/function-bind/commit/5feefea0dc0193993e83e5df01ded424403a5381)
-
-## [v1.1.0](https://github.com/ljharb/function-bind/compare/v1.0.2...v1.1.0) - 2016-02-14
-
-### Commits
-
-- Update `eslint`, `tape`; use my personal shared `eslint` config [`9c9062a`](https://github.com/ljharb/function-bind/commit/9c9062abbe9dd70b59ea2c3a3c3a81f29b457097)
-- Add `npm run eslint` [`dd96c56`](https://github.com/ljharb/function-bind/commit/dd96c56720034a3c1ffee10b8a59a6f7c53e24ad)
-- [New] return the native `bind` when available. [`82186e0`](https://github.com/ljharb/function-bind/commit/82186e03d73e580f95ff167e03f3582bed90ed72)
-- [Dev Deps] update `tape`, `jscs`, `eslint`, `@ljharb/eslint-config` [`a3dd767`](https://github.com/ljharb/function-bind/commit/a3dd76720c795cb7f4586b0544efabf8aa107b8b)
-- Update `eslint` [`3dae2f7`](https://github.com/ljharb/function-bind/commit/3dae2f7423de30a2d20313ddb1edc19660142fe9)
-- Update `tape`, `covert`, `jscs` [`a181eee`](https://github.com/ljharb/function-bind/commit/a181eee0cfa24eb229c6e843a971f36e060a2f6a)
-- [Tests] up to `node` `v5.6`, `v4.3` [`964929a`](https://github.com/ljharb/function-bind/commit/964929a6a4ddb36fb128de2bcc20af5e4f22e1ed)
-- Test up to `io.js` `v2.1` [`2be7310`](https://github.com/ljharb/function-bind/commit/2be7310f2f74886a7124ca925be411117d41d5ea)
-- Update `tape`, `jscs`, `eslint`, `@ljharb/eslint-config` [`45f3d68`](https://github.com/ljharb/function-bind/commit/45f3d6865c6ca93726abcef54febe009087af101)
-- [Dev Deps] update `tape`, `jscs` [`6e1340d`](https://github.com/ljharb/function-bind/commit/6e1340d94642deaecad3e717825db641af4f8b1f)
-- [Tests] up to `io.js` `v3.3`, `node` `v4.1` [`d9bad2b`](https://github.com/ljharb/function-bind/commit/d9bad2b778b1b3a6dd2876087b88b3acf319f8cc)
-- Update `eslint` [`935590c`](https://github.com/ljharb/function-bind/commit/935590caa024ab356102e4858e8fc315b2ccc446)
-- [Dev Deps] update `jscs`, `eslint`, `@ljharb/eslint-config` [`8c9a1ef`](https://github.com/ljharb/function-bind/commit/8c9a1efd848e5167887aa8501857a0940a480c57)
-- Test on `io.js` `v2.2` [`9a3a38c`](https://github.com/ljharb/function-bind/commit/9a3a38c92013aed6e108666e7bd40969b84ac86e)
-- Run `travis-ci` tests on `iojs` and `node` v0.12; speed up builds; allow 0.8 failures. [`69afc26`](https://github.com/ljharb/function-bind/commit/69afc2617405b147dd2a8d8ae73ca9e9283f18b4)
-- [Dev Deps] Update `tape`, `eslint` [`36c1be0`](https://github.com/ljharb/function-bind/commit/36c1be0ab12b45fe5df6b0fdb01a5d5137fd0115)
-- Update `tape`, `jscs` [`98d8303`](https://github.com/ljharb/function-bind/commit/98d8303cd5ca1c6b8f985469f86b0d44d7d45f6e)
-- Update `jscs` [`9633a4e`](https://github.com/ljharb/function-bind/commit/9633a4e9fbf82051c240855166e468ba8ba0846f)
-- Update `tape`, `jscs` [`c80ef0f`](https://github.com/ljharb/function-bind/commit/c80ef0f46efc9791e76fa50de4414092ac147831)
-- Test up to `io.js` `v3.0` [`7e2c853`](https://github.com/ljharb/function-bind/commit/7e2c8537d52ab9cf5a655755561d8917684c0df4)
-- Test on `io.js` `v2.4` [`5a199a2`](https://github.com/ljharb/function-bind/commit/5a199a27ba46795ba5eaf0845d07d4b8232895c9)
-- Test on `io.js` `v2.3` [`a511b88`](https://github.com/ljharb/function-bind/commit/a511b8896de0bddf3b56862daa416c701f4d0453)
-- Fixing a typo from 822b4e1938db02dc9584aa434fd3a45cb20caf43 [`732d6b6`](https://github.com/ljharb/function-bind/commit/732d6b63a9b33b45230e630dbcac7a10855d3266)
-- Update `jscs` [`da52a48`](https://github.com/ljharb/function-bind/commit/da52a4886c06d6490f46ae30b15e4163ba08905d)
-- Lock covert to v1.0.0. [`d6150fd`](https://github.com/ljharb/function-bind/commit/d6150fda1e6f486718ebdeff823333d9e48e7430)
-
-## [v1.0.2](https://github.com/ljharb/function-bind/compare/v1.0.1...v1.0.2) - 2014-10-04
-
-## [v1.0.1](https://github.com/ljharb/function-bind/compare/v1.0.0...v1.0.1) - 2014-10-03
-
-### Merged
-
-- make CI build faster [`#3`](https://github.com/ljharb/function-bind/pull/3)
-
-### Commits
-
-- Using my standard jscs.json [`d8ee94c`](https://github.com/ljharb/function-bind/commit/d8ee94c993eff0a84cf5744fe6a29627f5cffa1a)
-- Adding `npm run lint` [`7571ab7`](https://github.com/ljharb/function-bind/commit/7571ab7dfdbd99b25a1dbb2d232622bd6f4f9c10)
-- Using consistent indentation [`e91a1b1`](https://github.com/ljharb/function-bind/commit/e91a1b13a61e99ec1e530e299b55508f74218a95)
-- Updating jscs [`7e17892`](https://github.com/ljharb/function-bind/commit/7e1789284bc629bc9c1547a61c9b227bbd8c7a65)
-- Using consistent quotes [`c50b57f`](https://github.com/ljharb/function-bind/commit/c50b57fcd1c5ec38320979c837006069ebe02b77)
-- Adding keywords [`cb94631`](https://github.com/ljharb/function-bind/commit/cb946314eed35f21186a25fb42fc118772f9ee00)
-- Directly export a function expression instead of using a declaration, and relying on hoisting. [`5a33c5f`](https://github.com/ljharb/function-bind/commit/5a33c5f45642de180e0d207110bf7d1843ceb87c)
-- Naming npm URL and badge in README; use SVG [`2aef8fc`](https://github.com/ljharb/function-bind/commit/2aef8fcb79d54e63a58ae557c4e60949e05d5e16)
-- Naming deps URLs in README [`04228d7`](https://github.com/ljharb/function-bind/commit/04228d766670ee45ca24e98345c1f6a7621065b5)
-- Naming travis-ci URLs in README; using SVG [`62c810c`](https://github.com/ljharb/function-bind/commit/62c810c2f54ced956cd4d4ab7b793055addfe36e)
-- Make sure functions are invoked correctly (also passing coverage tests) [`2b289b4`](https://github.com/ljharb/function-bind/commit/2b289b4dfbf037ffcfa4dc95eb540f6165e9e43a)
-- Removing the strict mode pragmas; they make tests fail. [`1aa701d`](https://github.com/ljharb/function-bind/commit/1aa701d199ddc3782476e8f7eef82679be97b845)
-- Adding myself as a contributor [`85fd57b`](https://github.com/ljharb/function-bind/commit/85fd57b0860e5a7af42de9a287f3f265fc6d72fc)
-- Adding strict mode pragmas [`915b08e`](https://github.com/ljharb/function-bind/commit/915b08e084c86a722eafe7245e21db74aa21ca4c)
-- Adding devDeps URLs to README [`4ccc731`](https://github.com/ljharb/function-bind/commit/4ccc73112c1769859e4ca3076caf4086b3cba2cd)
-- Fixing the description. [`a7a472c`](https://github.com/ljharb/function-bind/commit/a7a472cf649af515c635cf560fc478fbe48999c8)
-- Using a function expression instead of a function declaration. [`b5d3e4e`](https://github.com/ljharb/function-bind/commit/b5d3e4ea6aaffc63888953eeb1fbc7ff45f1fa14)
-- Updating tape [`f086be6`](https://github.com/ljharb/function-bind/commit/f086be6029fb56dde61a258c1340600fa174d1e0)
-- Updating jscs [`5f9bdb3`](https://github.com/ljharb/function-bind/commit/5f9bdb375ab13ba48f30852aab94029520c54d71)
-- Updating jscs [`9b409ba`](https://github.com/ljharb/function-bind/commit/9b409ba6118e23395a4e5d83ef39152aab9d3bfc)
-- Run coverage as part of tests. [`8e1b6d4`](https://github.com/ljharb/function-bind/commit/8e1b6d459f047d1bd4fee814e01247c984c80bd0)
-- Run linter as part of tests [`c1ca83f`](https://github.com/ljharb/function-bind/commit/c1ca83f832df94587d09e621beba682fabfaa987)
-- Updating covert [`701e837`](https://github.com/ljharb/function-bind/commit/701e83774b57b4d3ef631e1948143f43a72f4bb9)
-
-## [v1.0.0](https://github.com/ljharb/function-bind/compare/v0.2.0...v1.0.0) - 2014-08-09
-
-### Commits
-
-- Make sure old and unstable nodes don't fail Travis [`27adca3`](https://github.com/ljharb/function-bind/commit/27adca34a4ab6ad67b6dfde43942a1b103ce4d75)
-- Fixing an issue when the bound function is called as a constructor in ES3. [`e20122d`](https://github.com/ljharb/function-bind/commit/e20122d267d92ce553859b280cbbea5d27c07731)
-- Adding `npm run coverage` [`a2e29c4`](https://github.com/ljharb/function-bind/commit/a2e29c4ecaef9e2f6cd1603e868c139073375502)
-- Updating tape [`b741168`](https://github.com/ljharb/function-bind/commit/b741168b12b235b1717ff696087645526b69213c)
-- Upgrading tape [`63631a0`](https://github.com/ljharb/function-bind/commit/63631a04c7fbe97cc2fa61829cc27246d6986f74)
-- Updating tape [`363cb46`](https://github.com/ljharb/function-bind/commit/363cb46dafb23cb3e347729a22f9448051d78464)
-
-## v0.2.0 - 2014-03-23
-
-### Commits
-
-- Updating test coverage to match es5-shim. [`aa94d44`](https://github.com/ljharb/function-bind/commit/aa94d44b8f9d7f69f10e060db7709aa7a694e5d4)
-- initial [`942ee07`](https://github.com/ljharb/function-bind/commit/942ee07e94e542d91798137bc4b80b926137e066)
-- Setting the bound function's length properly. [`079f46a`](https://github.com/ljharb/function-bind/commit/079f46a2d3515b7c0b308c2c13fceb641f97ca25)
-- Ensuring that some older browsers will throw when given a regex. [`36ac55b`](https://github.com/ljharb/function-bind/commit/36ac55b87f460d4330253c92870aa26fbfe8227f)
-- Removing npm scripts that don't have dependencies [`9d2be60`](https://github.com/ljharb/function-bind/commit/9d2be600002cb8bc8606f8f3585ad3e05868c750)
-- Updating tape [`297a4ac`](https://github.com/ljharb/function-bind/commit/297a4acc5464db381940aafb194d1c88f4e678f3)
-- Skipping length tests for now. [`d9891ea`](https://github.com/ljharb/function-bind/commit/d9891ea4d2aaffa69f408339cdd61ff740f70565)
-- don't take my tea [`dccd930`](https://github.com/ljharb/function-bind/commit/dccd930bfd60ea10cb178d28c97550c3bc8c1e07)
diff --git a/src/Servers/ExpressServer/node_modules/function-bind/LICENSE b/src/Servers/ExpressServer/node_modules/function-bind/LICENSE
deleted file mode 100644
index 62d6d23..0000000
--- a/src/Servers/ExpressServer/node_modules/function-bind/LICENSE
+++ /dev/null
@@ -1,20 +0,0 @@
-Copyright (c) 2013 Raynos.
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
-
diff --git a/src/Servers/ExpressServer/node_modules/function-bind/README.md b/src/Servers/ExpressServer/node_modules/function-bind/README.md
deleted file mode 100644
index 814c20b..0000000
--- a/src/Servers/ExpressServer/node_modules/function-bind/README.md
+++ /dev/null
@@ -1,46 +0,0 @@
-# function-bind <sup>[![Version Badge][npm-version-svg]][package-url]</sup>
-
-[![github actions][actions-image]][actions-url]
-<!--[![coverage][codecov-image]][codecov-url]-->
-[![dependency status][deps-svg]][deps-url]
-[![dev dependency status][dev-deps-svg]][dev-deps-url]
-[![License][license-image]][license-url]
-[![Downloads][downloads-image]][downloads-url]
-
-[![npm badge][npm-badge-png]][package-url]
-
-Implementation of function.prototype.bind
-
-Old versions of phantomjs, Internet Explorer < 9, and node < 0.6 don't support `Function.prototype.bind`.
-
-## Example
-
-```js
-Function.prototype.bind = require("function-bind")
-```
-
-## Installation
-
-`npm install function-bind`
-
-## Contributors
-
- - Raynos
-
-## MIT Licenced
-
-[package-url]: https://npmjs.org/package/function-bind
-[npm-version-svg]: https://versionbadg.es/Raynos/function-bind.svg
-[deps-svg]: https://david-dm.org/Raynos/function-bind.svg
-[deps-url]: https://david-dm.org/Raynos/function-bind
-[dev-deps-svg]: https://david-dm.org/Raynos/function-bind/dev-status.svg
-[dev-deps-url]: https://david-dm.org/Raynos/function-bind#info=devDependencies
-[npm-badge-png]: https://nodei.co/npm/function-bind.png?downloads=true&stars=true
-[license-image]: https://img.shields.io/npm/l/function-bind.svg
-[license-url]: LICENSE
-[downloads-image]: https://img.shields.io/npm/dm/function-bind.svg
-[downloads-url]: https://npm-stat.com/charts.html?package=function-bind
-[codecov-image]: https://codecov.io/gh/Raynos/function-bind/branch/main/graphs/badge.svg
-[codecov-url]: https://app.codecov.io/gh/Raynos/function-bind/
-[actions-image]: https://img.shields.io/endpoint?url=https://github-actions-badge-u3jn4tfpocch.runkit.sh/Raynos/function-bind
-[actions-url]: https://github.com/Raynos/function-bind/actions
diff --git a/src/Servers/ExpressServer/node_modules/function-bind/implementation.js b/src/Servers/ExpressServer/node_modules/function-bind/implementation.js
deleted file mode 100644
index fd4384c..0000000
--- a/src/Servers/ExpressServer/node_modules/function-bind/implementation.js
+++ /dev/null
@@ -1,84 +0,0 @@
-'use strict';
-
-/* eslint no-invalid-this: 1 */
-
-var ERROR_MESSAGE = 'Function.prototype.bind called on incompatible ';
-var toStr = Object.prototype.toString;
-var max = Math.max;
-var funcType = '[object Function]';
-
-var concatty = function concatty(a, b) {
-    var arr = [];
-
-    for (var i = 0; i < a.length; i += 1) {
-        arr[i] = a[i];
-    }
-    for (var j = 0; j < b.length; j += 1) {
-        arr[j + a.length] = b[j];
-    }
-
-    return arr;
-};
-
-var slicy = function slicy(arrLike, offset) {
-    var arr = [];
-    for (var i = offset || 0, j = 0; i < arrLike.length; i += 1, j += 1) {
-        arr[j] = arrLike[i];
-    }
-    return arr;
-};
-
-var joiny = function (arr, joiner) {
-    var str = '';
-    for (var i = 0; i < arr.length; i += 1) {
-        str += arr[i];
-        if (i + 1 < arr.length) {
-            str += joiner;
-        }
-    }
-    return str;
-};
-
-module.exports = function bind(that) {
-    var target = this;
-    if (typeof target !== 'function' || toStr.apply(target) !== funcType) {
-        throw new TypeError(ERROR_MESSAGE + target);
-    }
-    var args = slicy(arguments, 1);
-
-    var bound;
-    var binder = function () {
-        if (this instanceof bound) {
-            var result = target.apply(
-                this,
-                concatty(args, arguments)
-            );
-            if (Object(result) === result) {
-                return result;
-            }
-            return this;
-        }
-        return target.apply(
-            that,
-            concatty(args, arguments)
-        );
-
-    };
-
-    var boundLength = max(0, target.length - args.length);
-    var boundArgs = [];
-    for (var i = 0; i < boundLength; i++) {
-        boundArgs[i] = '$' + i;
-    }
-
-    bound = Function('binder', 'return function (' + joiny(boundArgs, ',') + '){ return binder.apply(this,arguments); }')(binder);
-
-    if (target.prototype) {
-        var Empty = function Empty() {};
-        Empty.prototype = target.prototype;
-        bound.prototype = new Empty();
-        Empty.prototype = null;
-    }
-
-    return bound;
-};
diff --git a/src/Servers/ExpressServer/node_modules/function-bind/index.js b/src/Servers/ExpressServer/node_modules/function-bind/index.js
deleted file mode 100644
index 3bb6b96..0000000
--- a/src/Servers/ExpressServer/node_modules/function-bind/index.js
+++ /dev/null
@@ -1,5 +0,0 @@
-'use strict';
-
-var implementation = require('./implementation');
-
-module.exports = Function.prototype.bind || implementation;
diff --git a/src/Servers/ExpressServer/node_modules/function-bind/package.json b/src/Servers/ExpressServer/node_modules/function-bind/package.json
deleted file mode 100644
index 6185963..0000000
--- a/src/Servers/ExpressServer/node_modules/function-bind/package.json
+++ /dev/null
@@ -1,87 +0,0 @@
-{
-  "name": "function-bind",
-  "version": "1.1.2",
-  "description": "Implementation of Function.prototype.bind",
-  "keywords": [
-    "function",
-    "bind",
-    "shim",
-    "es5"
-  ],
-  "author": "Raynos <raynos2@gmail.com>",
-  "repository": {
-    "type": "git",
-    "url": "https://github.com/Raynos/function-bind.git"
-  },
-  "funding": {
-    "url": "https://github.com/sponsors/ljharb"
-  },
-  "main": "index",
-  "homepage": "https://github.com/Raynos/function-bind",
-  "contributors": [
-    {
-      "name": "Raynos"
-    },
-    {
-      "name": "Jordan Harband",
-      "url": "https://github.com/ljharb"
-    }
-  ],
-  "bugs": {
-    "url": "https://github.com/Raynos/function-bind/issues",
-    "email": "raynos2@gmail.com"
-  },
-  "devDependencies": {
-    "@ljharb/eslint-config": "^21.1.0",
-    "aud": "^2.0.3",
-    "auto-changelog": "^2.4.0",
-    "eslint": "=8.8.0",
-    "in-publish": "^2.0.1",
-    "npmignore": "^0.3.0",
-    "nyc": "^10.3.2",
-    "safe-publish-latest": "^2.0.0",
-    "tape": "^5.7.1"
-  },
-  "license": "MIT",
-  "scripts": {
-    "prepublishOnly": "safe-publish-latest",
-    "prepublish": "not-in-publish || npm run prepublishOnly",
-    "prepack": "npmignore --auto --commentLines=autogenerated",
-    "pretest": "npm run lint",
-    "test": "npm run tests-only",
-    "posttest": "aud --production",
-    "tests-only": "nyc tape 'test/**/*.js'",
-    "lint": "eslint --ext=js,mjs .",
-    "version": "auto-changelog && git add CHANGELOG.md",
-    "postversion": "auto-changelog && git add CHANGELOG.md && git commit --no-edit --amend && git tag -f \"v$(node -e \"console.log(require('./package.json').version)\")\""
-  },
-  "testling": {
-    "files": "test/index.js",
-    "browsers": [
-      "ie/8..latest",
-      "firefox/16..latest",
-      "firefox/nightly",
-      "chrome/22..latest",
-      "chrome/canary",
-      "opera/12..latest",
-      "opera/next",
-      "safari/5.1..latest",
-      "ipad/6.0..latest",
-      "iphone/6.0..latest",
-      "android-browser/4.2..latest"
-    ]
-  },
-  "auto-changelog": {
-    "output": "CHANGELOG.md",
-    "template": "keepachangelog",
-    "unreleased": false,
-    "commitLimit": false,
-    "backfillLimit": false,
-    "hideCredit": true
-  },
-  "publishConfig": {
-    "ignore": [
-      ".github/workflows"
-    ]
-  }
-}
diff --git a/src/Servers/ExpressServer/node_modules/function-bind/test/.eslintrc b/src/Servers/ExpressServer/node_modules/function-bind/test/.eslintrc
deleted file mode 100644
index 8a56d5b..0000000
--- a/src/Servers/ExpressServer/node_modules/function-bind/test/.eslintrc
+++ /dev/null
@@ -1,9 +0,0 @@
-{
-	"rules": {
-		"array-bracket-newline": 0,
-		"array-element-newline": 0,
-		"max-statements-per-line": [2, { "max": 2 }],
-		"no-invalid-this": 0,
-		"no-magic-numbers": 0,
-	}
-}
diff --git a/src/Servers/ExpressServer/node_modules/function-bind/test/index.js b/src/Servers/ExpressServer/node_modules/function-bind/test/index.js
deleted file mode 100644
index 2edecce..0000000
--- a/src/Servers/ExpressServer/node_modules/function-bind/test/index.js
+++ /dev/null
@@ -1,252 +0,0 @@
-// jscs:disable requireUseStrict
-
-var test = require('tape');
-
-var functionBind = require('../implementation');
-var getCurrentContext = function () { return this; };
-
-test('functionBind is a function', function (t) {
-    t.equal(typeof functionBind, 'function');
-    t.end();
-});
-
-test('non-functions', function (t) {
-    var nonFunctions = [true, false, [], {}, 42, 'foo', NaN, /a/g];
-    t.plan(nonFunctions.length);
-    for (var i = 0; i < nonFunctions.length; ++i) {
-        try { functionBind.call(nonFunctions[i]); } catch (ex) {
-            t.ok(ex instanceof TypeError, 'throws when given ' + String(nonFunctions[i]));
-        }
-    }
-    t.end();
-});
-
-test('without a context', function (t) {
-    t.test('binds properly', function (st) {
-        var args, context;
-        var namespace = {
-            func: functionBind.call(function () {
-                args = Array.prototype.slice.call(arguments);
-                context = this;
-            })
-        };
-        namespace.func(1, 2, 3);
-        st.deepEqual(args, [1, 2, 3]);
-        st.equal(context, getCurrentContext.call());
-        st.end();
-    });
-
-    t.test('binds properly, and still supplies bound arguments', function (st) {
-        var args, context;
-        var namespace = {
-            func: functionBind.call(function () {
-                args = Array.prototype.slice.call(arguments);
-                context = this;
-            }, undefined, 1, 2, 3)
-        };
-        namespace.func(4, 5, 6);
-        st.deepEqual(args, [1, 2, 3, 4, 5, 6]);
-        st.equal(context, getCurrentContext.call());
-        st.end();
-    });
-
-    t.test('returns properly', function (st) {
-        var args;
-        var namespace = {
-            func: functionBind.call(function () {
-                args = Array.prototype.slice.call(arguments);
-                return this;
-            }, null)
-        };
-        var context = namespace.func(1, 2, 3);
-        st.equal(context, getCurrentContext.call(), 'returned context is namespaced context');
-        st.deepEqual(args, [1, 2, 3], 'passed arguments are correct');
-        st.end();
-    });
-
-    t.test('returns properly with bound arguments', function (st) {
-        var args;
-        var namespace = {
-            func: functionBind.call(function () {
-                args = Array.prototype.slice.call(arguments);
-                return this;
-            }, null, 1, 2, 3)
-        };
-        var context = namespace.func(4, 5, 6);
-        st.equal(context, getCurrentContext.call(), 'returned context is namespaced context');
-        st.deepEqual(args, [1, 2, 3, 4, 5, 6], 'passed arguments are correct');
-        st.end();
-    });
-
-    t.test('called as a constructor', function (st) {
-        var thunkify = function (value) {
-            return function () { return value; };
-        };
-        st.test('returns object value', function (sst) {
-            var expectedReturnValue = [1, 2, 3];
-            var Constructor = functionBind.call(thunkify(expectedReturnValue), null);
-            var result = new Constructor();
-            sst.equal(result, expectedReturnValue);
-            sst.end();
-        });
-
-        st.test('does not return primitive value', function (sst) {
-            var Constructor = functionBind.call(thunkify(42), null);
-            var result = new Constructor();
-            sst.notEqual(result, 42);
-            sst.end();
-        });
-
-        st.test('object from bound constructor is instance of original and bound constructor', function (sst) {
-            var A = function (x) {
-                this.name = x || 'A';
-            };
-            var B = functionBind.call(A, null, 'B');
-
-            var result = new B();
-            sst.ok(result instanceof B, 'result is instance of bound constructor');
-            sst.ok(result instanceof A, 'result is instance of original constructor');
-            sst.end();
-        });
-
-        st.end();
-    });
-
-    t.end();
-});
-
-test('with a context', function (t) {
-    t.test('with no bound arguments', function (st) {
-        var args, context;
-        var boundContext = {};
-        var namespace = {
-            func: functionBind.call(function () {
-                args = Array.prototype.slice.call(arguments);
-                context = this;
-            }, boundContext)
-        };
-        namespace.func(1, 2, 3);
-        st.equal(context, boundContext, 'binds a context properly');
-        st.deepEqual(args, [1, 2, 3], 'supplies passed arguments');
-        st.end();
-    });
-
-    t.test('with bound arguments', function (st) {
-        var args, context;
-        var boundContext = {};
-        var namespace = {
-            func: functionBind.call(function () {
-                args = Array.prototype.slice.call(arguments);
-                context = this;
-            }, boundContext, 1, 2, 3)
-        };
-        namespace.func(4, 5, 6);
-        st.equal(context, boundContext, 'binds a context properly');
-        st.deepEqual(args, [1, 2, 3, 4, 5, 6], 'supplies bound and passed arguments');
-        st.end();
-    });
-
-    t.test('returns properly', function (st) {
-        var boundContext = {};
-        var args;
-        var namespace = {
-            func: functionBind.call(function () {
-                args = Array.prototype.slice.call(arguments);
-                return this;
-            }, boundContext)
-        };
-        var context = namespace.func(1, 2, 3);
-        st.equal(context, boundContext, 'returned context is bound context');
-        st.notEqual(context, getCurrentContext.call(), 'returned context is not lexical context');
-        st.deepEqual(args, [1, 2, 3], 'passed arguments are correct');
-        st.end();
-    });
-
-    t.test('returns properly with bound arguments', function (st) {
-        var boundContext = {};
-        var args;
-        var namespace = {
-            func: functionBind.call(function () {
-                args = Array.prototype.slice.call(arguments);
-                return this;
-            }, boundContext, 1, 2, 3)
-        };
-        var context = namespace.func(4, 5, 6);
-        st.equal(context, boundContext, 'returned context is bound context');
-        st.notEqual(context, getCurrentContext.call(), 'returned context is not lexical context');
-        st.deepEqual(args, [1, 2, 3, 4, 5, 6], 'passed arguments are correct');
-        st.end();
-    });
-
-    t.test('passes the correct arguments when called as a constructor', function (st) {
-        var expected = { name: 'Correct' };
-        var namespace = {
-            Func: functionBind.call(function (arg) {
-                return arg;
-            }, { name: 'Incorrect' })
-        };
-        var returned = new namespace.Func(expected);
-        st.equal(returned, expected, 'returns the right arg when called as a constructor');
-        st.end();
-    });
-
-    t.test('has the new instance\'s context when called as a constructor', function (st) {
-        var actualContext;
-        var expectedContext = { foo: 'bar' };
-        var namespace = {
-            Func: functionBind.call(function () {
-                actualContext = this;
-            }, expectedContext)
-        };
-        var result = new namespace.Func();
-        st.equal(result instanceof namespace.Func, true);
-        st.notEqual(actualContext, expectedContext);
-        st.end();
-    });
-
-    t.end();
-});
-
-test('bound function length', function (t) {
-    t.test('sets a correct length without thisArg', function (st) {
-        var subject = functionBind.call(function (a, b, c) { return a + b + c; });
-        st.equal(subject.length, 3);
-        st.equal(subject(1, 2, 3), 6);
-        st.end();
-    });
-
-    t.test('sets a correct length with thisArg', function (st) {
-        var subject = functionBind.call(function (a, b, c) { return a + b + c; }, {});
-        st.equal(subject.length, 3);
-        st.equal(subject(1, 2, 3), 6);
-        st.end();
-    });
-
-    t.test('sets a correct length without thisArg and first argument', function (st) {
-        var subject = functionBind.call(function (a, b, c) { return a + b + c; }, undefined, 1);
-        st.equal(subject.length, 2);
-        st.equal(subject(2, 3), 6);
-        st.end();
-    });
-
-    t.test('sets a correct length with thisArg and first argument', function (st) {
-        var subject = functionBind.call(function (a, b, c) { return a + b + c; }, {}, 1);
-        st.equal(subject.length, 2);
-        st.equal(subject(2, 3), 6);
-        st.end();
-    });
-
-    t.test('sets a correct length without thisArg and too many arguments', function (st) {
-        var subject = functionBind.call(function (a, b, c) { return a + b + c; }, undefined, 1, 2, 3, 4);
-        st.equal(subject.length, 0);
-        st.equal(subject(), 6);
-        st.end();
-    });
-
-    t.test('sets a correct length with thisArg and too many arguments', function (st) {
-        var subject = functionBind.call(function (a, b, c) { return a + b + c; }, {}, 1, 2, 3, 4);
-        st.equal(subject.length, 0);
-        st.equal(subject(), 6);
-        st.end();
-    });
-});
diff --git a/src/Servers/ExpressServer/node_modules/get-intrinsic/.eslintrc b/src/Servers/ExpressServer/node_modules/get-intrinsic/.eslintrc
deleted file mode 100644
index 235fb79..0000000
--- a/src/Servers/ExpressServer/node_modules/get-intrinsic/.eslintrc
+++ /dev/null
@@ -1,42 +0,0 @@
-{
-	"root": true,
-
-	"extends": "@ljharb",
-
-	"env": {
-		"es6": true,
-		"es2017": true,
-		"es2020": true,
-		"es2021": true,
-		"es2022": true,
-	},
-
-	"globals": {
-		"Float16Array": false,
-	},
-
-	"rules": {
-		"array-bracket-newline": 0,
-		"complexity": 0,
-		"eqeqeq": [2, "allow-null"],
-		"func-name-matching": 0,
-		"id-length": 0,
-		"max-lines": 0,
-		"max-lines-per-function": [2, 90],
-		"max-params": [2, 4],
-		"max-statements": 0,
-		"max-statements-per-line": [2, { "max": 2 }],
-		"multiline-comment-style": 0,
-		"no-magic-numbers": 0,
-		"sort-keys": 0,
-	},
-
-	"overrides": [
-		{
-			"files": "test/**",
-			"rules": {
-				"new-cap": 0,
-			},
-		},
-	],
-}
diff --git a/src/Servers/ExpressServer/node_modules/get-intrinsic/.github/FUNDING.yml b/src/Servers/ExpressServer/node_modules/get-intrinsic/.github/FUNDING.yml
deleted file mode 100644
index 8e8da0d..0000000
--- a/src/Servers/ExpressServer/node_modules/get-intrinsic/.github/FUNDING.yml
+++ /dev/null
@@ -1,12 +0,0 @@
-# These are supported funding model platforms
-
-github: [ljharb]
-patreon: # Replace with a single Patreon username
-open_collective: # Replace with a single Open Collective username
-ko_fi: # Replace with a single Ko-fi username
-tidelift: npm/get-intrinsic
-community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
-liberapay: # Replace with a single Liberapay username
-issuehunt: # Replace with a single IssueHunt username
-otechie: # Replace with a single Otechie username
-custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']
diff --git a/src/Servers/ExpressServer/node_modules/get-intrinsic/.nycrc b/src/Servers/ExpressServer/node_modules/get-intrinsic/.nycrc
deleted file mode 100644
index bdd626c..0000000
--- a/src/Servers/ExpressServer/node_modules/get-intrinsic/.nycrc
+++ /dev/null
@@ -1,9 +0,0 @@
-{
-	"all": true,
-	"check-coverage": false,
-	"reporter": ["text-summary", "text", "html", "json"],
-	"exclude": [
-		"coverage",
-		"test"
-	]
-}
diff --git a/src/Servers/ExpressServer/node_modules/get-intrinsic/CHANGELOG.md b/src/Servers/ExpressServer/node_modules/get-intrinsic/CHANGELOG.md
deleted file mode 100644
index ce1dd98..0000000
--- a/src/Servers/ExpressServer/node_modules/get-intrinsic/CHANGELOG.md
+++ /dev/null
@@ -1,186 +0,0 @@
-# Changelog
-
-All notable changes to this project will be documented in this file.
-
-The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
-and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
-
-## [v1.3.0](https://github.com/ljharb/get-intrinsic/compare/v1.2.7...v1.3.0) - 2025-02-22
-
-### Commits
-
-- [Dev Deps] update `es-abstract`, `es-value-fixtures`, `for-each`, `object-inspect` [`9b61553`](https://github.com/ljharb/get-intrinsic/commit/9b61553c587f1c1edbd435597e88c7d387da97dd)
-- [Deps] update `call-bind-apply-helpers`, `es-object-atoms`, `get-proto` [`a341fee`](https://github.com/ljharb/get-intrinsic/commit/a341fee0f39a403b0f0069e82c97642d5eb11043)
-- [New] add `Float16Array` [`de22116`](https://github.com/ljharb/get-intrinsic/commit/de22116b492fb989a0341bceb6e573abfaed73dc)
-
-## [v1.2.7](https://github.com/ljharb/get-intrinsic/compare/v1.2.6...v1.2.7) - 2025-01-02
-
-### Commits
-
-- [Refactor] use `get-proto` directly [`00ab955`](https://github.com/ljharb/get-intrinsic/commit/00ab95546a0980c8ad42a84253daaa8d2adcedf9)
-- [Deps] update `math-intrinsics` [`c716cdd`](https://github.com/ljharb/get-intrinsic/commit/c716cdd6bbe36b438057025561b8bb5a879ac8a0)
-- [Dev Deps] update `call-bound`, `es-abstract` [`dc648a6`](https://github.com/ljharb/get-intrinsic/commit/dc648a67eb359037dff8d8619bfa71d86debccb1)
-
-## [v1.2.6](https://github.com/ljharb/get-intrinsic/compare/v1.2.5...v1.2.6) - 2024-12-11
-
-### Commits
-
-- [Refactor] use `math-intrinsics` [`841be86`](https://github.com/ljharb/get-intrinsic/commit/841be8641a9254c4c75483b30c8871b5d5065926)
-- [Refactor] use `es-object-atoms` [`42057df`](https://github.com/ljharb/get-intrinsic/commit/42057dfa16f66f64787e66482af381cc6f31d2c1)
-- [Deps] update `call-bind-apply-helpers` [`45afa24`](https://github.com/ljharb/get-intrinsic/commit/45afa24a9ee4d6d3c172db1f555b16cb27843ef4)
-- [Dev Deps] update `call-bound` [`9cba9c6`](https://github.com/ljharb/get-intrinsic/commit/9cba9c6e70212bc163b7a5529cb25df46071646f)
-
-## [v1.2.5](https://github.com/ljharb/get-intrinsic/compare/v1.2.4...v1.2.5) - 2024-12-06
-
-### Commits
-
-- [actions] split out node 10-20, and 20+ [`6e2b9dd`](https://github.com/ljharb/get-intrinsic/commit/6e2b9dd23902665681ebe453256ccfe21d7966f0)
-- [Refactor] use `dunder-proto` and `call-bind-apply-helpers` instead of `has-proto` [`c095d17`](https://github.com/ljharb/get-intrinsic/commit/c095d179ad0f4fbfff20c8a3e0cb4fe668018998)
-- [Refactor] use `gopd` [`9841d5b`](https://github.com/ljharb/get-intrinsic/commit/9841d5b35f7ab4fd2d193f0c741a50a077920e90)
-- [Dev Deps] update `@ljharb/eslint-config`, `auto-changelog`, `es-abstract`, `es-value-fixtures`, `gopd`, `mock-property`, `object-inspect`, `tape` [`2d07e01`](https://github.com/ljharb/get-intrinsic/commit/2d07e01310cee2cbaedfead6903df128b1f5d425)
-- [Deps] update `gopd`, `has-proto`, `has-symbols`, `hasown` [`974d8bf`](https://github.com/ljharb/get-intrinsic/commit/974d8bf5baad7939eef35c25cc1dd88c10a30fa6)
-- [Dev Deps] update `call-bind`, `es-abstract`, `tape` [`df9dde1`](https://github.com/ljharb/get-intrinsic/commit/df9dde178186631ab8a3165ede056549918ce4bc)
-- [Refactor] cache `es-define-property` as well [`43ef543`](https://github.com/ljharb/get-intrinsic/commit/43ef543cb02194401420e3a914a4ca9168691926)
-- [Deps] update `has-proto`, `has-symbols`, `hasown` [`ad4949d`](https://github.com/ljharb/get-intrinsic/commit/ad4949d5467316505aad89bf75f9417ed782f7af)
-- [Tests] use `call-bound` directly [`ad5c406`](https://github.com/ljharb/get-intrinsic/commit/ad5c4069774bfe90e520a35eead5fe5ca9d69e80)
-- [Deps] update `has-proto`, `hasown` [`45414ca`](https://github.com/ljharb/get-intrinsic/commit/45414caa312333a2798953682c68f85c550627dd)
-- [Tests] replace `aud` with `npm audit` [`18d3509`](https://github.com/ljharb/get-intrinsic/commit/18d3509f79460e7924da70409ee81e5053087523)
-- [Deps] update `es-define-property` [`aadaa3b`](https://github.com/ljharb/get-intrinsic/commit/aadaa3b2188d77ad9bff394ce5d4249c49eb21f5)
-- [Dev Deps] add missing peer dep [`c296a16`](https://github.com/ljharb/get-intrinsic/commit/c296a16246d0c9a5981944f4cc5cf61fbda0cf6a)
-
-## [v1.2.4](https://github.com/ljharb/get-intrinsic/compare/v1.2.3...v1.2.4) - 2024-02-05
-
-### Commits
-
-- [Refactor] use all 7 &lt;+ ES6 Errors from `es-errors` [`bcac811`](https://github.com/ljharb/get-intrinsic/commit/bcac811abdc1c982e12abf848a410d6aae148d14)
-
-## [v1.2.3](https://github.com/ljharb/get-intrinsic/compare/v1.2.2...v1.2.3) - 2024-02-03
-
-### Commits
-
-- [Refactor] use `es-errors`, so things that only need those do not need `get-intrinsic` [`f11db9c`](https://github.com/ljharb/get-intrinsic/commit/f11db9c4fb97d87bbd53d3c73ac6b3db3613ad3b)
-- [Dev Deps] update `aud`, `es-abstract`, `mock-property`, `npmignore` [`b7ac7d1`](https://github.com/ljharb/get-intrinsic/commit/b7ac7d1616fefb03877b1aed0c8f8d61aad32b6c)
-- [meta] simplify `exports` [`faa0cc6`](https://github.com/ljharb/get-intrinsic/commit/faa0cc618e2830ffb51a8202490b0c215d965cbc)
-- [meta] add missing `engines.node` [`774dd0b`](https://github.com/ljharb/get-intrinsic/commit/774dd0b3e8f741c3f05a6322d124d6087f146af1)
-- [Dev Deps] update `tape` [`5828e8e`](https://github.com/ljharb/get-intrinsic/commit/5828e8e4a04e69312e87a36c0ea39428a7a4c3d8)
-- [Robustness] use null objects for lookups [`eb9a11f`](https://github.com/ljharb/get-intrinsic/commit/eb9a11fa9eb3e13b193fcc05a7fb814341b1a7b7)
-- [meta] add `sideEffects` flag [`89bcc7a`](https://github.com/ljharb/get-intrinsic/commit/89bcc7a42e19bf07b7c21e3094d5ab177109e6d2)
-
-## [v1.2.2](https://github.com/ljharb/get-intrinsic/compare/v1.2.1...v1.2.2) - 2023-10-20
-
-### Commits
-
-- [Dev Deps] update `@ljharb/eslint-config`, `aud`, `call-bind`, `es-abstract`, `mock-property`, `object-inspect`, `tape` [`f51bcf2`](https://github.com/ljharb/get-intrinsic/commit/f51bcf26412d58d17ce17c91c9afd0ad271f0762)
-- [Refactor] use `hasown` instead of `has` [`18d14b7`](https://github.com/ljharb/get-intrinsic/commit/18d14b799bea6b5765e1cec91890830cbcdb0587)
-- [Deps] update `function-bind` [`6e109c8`](https://github.com/ljharb/get-intrinsic/commit/6e109c81e03804cc5e7824fb64353cdc3d8ee2c7)
-
-## [v1.2.1](https://github.com/ljharb/get-intrinsic/compare/v1.2.0...v1.2.1) - 2023-05-13
-
-### Commits
-
-- [Fix] avoid a crash in envs without `__proto__` [`7bad8d0`](https://github.com/ljharb/get-intrinsic/commit/7bad8d061bf8721733b58b73a2565af2b6756b64)
-- [Dev Deps] update `es-abstract` [`c60e6b7`](https://github.com/ljharb/get-intrinsic/commit/c60e6b7b4cf9660c7f27ed970970fd55fac48dc5)
-
-## [v1.2.0](https://github.com/ljharb/get-intrinsic/compare/v1.1.3...v1.2.0) - 2023-01-19
-
-### Commits
-
-- [actions] update checkout action [`ca6b12f`](https://github.com/ljharb/get-intrinsic/commit/ca6b12f31eaacea4ea3b055e744cd61623385ffb)
-- [Dev Deps] update `@ljharb/eslint-config`, `es-abstract`, `object-inspect`, `tape` [`41a3727`](https://github.com/ljharb/get-intrinsic/commit/41a3727d0026fa04273ae216a5f8e12eefd72da8)
-- [Fix] ensure `Error.prototype` is undeniable [`c511e97`](https://github.com/ljharb/get-intrinsic/commit/c511e97ae99c764c4524b540dee7a70757af8da3)
-- [Dev Deps] update `aud`, `es-abstract`, `tape` [`1bef8a8`](https://github.com/ljharb/get-intrinsic/commit/1bef8a8fd439ebb80863199b6189199e0851ac67)
-- [Dev Deps] update `aud`, `es-abstract` [`0d41f16`](https://github.com/ljharb/get-intrinsic/commit/0d41f16bcd500bc28b7bfc98043ebf61ea081c26)
-- [New] add `BigInt64Array` and `BigUint64Array` [`a6cca25`](https://github.com/ljharb/get-intrinsic/commit/a6cca25f29635889b7e9bd669baf9e04be90e48c)
-- [Tests] use `gopd` [`ecf7722`](https://github.com/ljharb/get-intrinsic/commit/ecf7722240d15cfd16edda06acf63359c10fb9bd)
-
-## [v1.1.3](https://github.com/ljharb/get-intrinsic/compare/v1.1.2...v1.1.3) - 2022-09-12
-
-### Commits
-
-- [Dev Deps] update `es-abstract`, `es-value-fixtures`, `tape` [`07ff291`](https://github.com/ljharb/get-intrinsic/commit/07ff291816406ebe5a12d7f16965bde0942dd688)
-- [Fix] properly check for % signs [`50ac176`](https://github.com/ljharb/get-intrinsic/commit/50ac1760fe99c227e64eabde76e9c0e44cd881b5)
-
-## [v1.1.2](https://github.com/ljharb/get-intrinsic/compare/v1.1.1...v1.1.2) - 2022-06-08
-
-### Fixed
-
-- [Fix] properly validate against extra % signs [`#16`](https://github.com/ljharb/get-intrinsic/issues/16)
-
-### Commits
-
-- [actions] reuse common workflows [`0972547`](https://github.com/ljharb/get-intrinsic/commit/0972547efd0abc863fe4c445a6ca7eb4f8c6901d)
-- [meta] use `npmignore` to autogenerate an npmignore file [`5ba0b51`](https://github.com/ljharb/get-intrinsic/commit/5ba0b51d8d8d4f1c31d426d74abc0770fd106bad)
-- [actions] use `node/install` instead of `node/run`; use `codecov` action [`c364492`](https://github.com/ljharb/get-intrinsic/commit/c364492af4af51333e6f81c0bf21fd3d602c3661)
-- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `aud`, `auto-changelog`, `es-abstract`, `object-inspect`, `tape` [`dc04dad`](https://github.com/ljharb/get-intrinsic/commit/dc04dad86f6e5608775a2640cb0db5927ae29ed9)
-- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `es-abstract`, `object-inspect`, `safe-publish-latest`, `tape` [`1c14059`](https://github.com/ljharb/get-intrinsic/commit/1c1405984e86dd2dc9366c15d8a0294a96a146a5)
-- [Tests] use `mock-property` [`b396ef0`](https://github.com/ljharb/get-intrinsic/commit/b396ef05bb73b1d699811abd64b0d9b97997fdda)
-- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `aud`, `auto-changelog`, `object-inspect`, `tape` [`c2c758d`](https://github.com/ljharb/get-intrinsic/commit/c2c758d3b90af4fef0a76910d8d3c292ec8d1d3e)
-- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `aud`, `es-abstract`, `es-value-fixtures`, `object-inspect`, `tape` [`29e3c09`](https://github.com/ljharb/get-intrinsic/commit/29e3c091c2bf3e17099969847e8729d0e46896de)
-- [actions] update codecov uploader [`8cbc141`](https://github.com/ljharb/get-intrinsic/commit/8cbc1418940d7a8941f3a7985cbc4ac095c5e13d)
-- [Dev Deps] update `@ljharb/eslint-config`, `es-abstract`, `es-value-fixtures`, `object-inspect`, `tape` [`10b6f5c`](https://github.com/ljharb/get-intrinsic/commit/10b6f5c02593fb3680c581d696ac124e30652932)
-- [readme] add github actions/codecov badges [`4e25400`](https://github.com/ljharb/get-intrinsic/commit/4e25400d9f51ae9eb059cbe22d9144e70ea214e8)
-- [Tests] use `for-each` instead of `foreach` [`c05b957`](https://github.com/ljharb/get-intrinsic/commit/c05b957ad9a7bc7721af7cc9e9be1edbfe057496)
-- [Dev Deps] update `es-abstract` [`29b05ae`](https://github.com/ljharb/get-intrinsic/commit/29b05aec3e7330e9ad0b8e0f685a9112c20cdd97)
-- [meta] use `prepublishOnly` script for npm 7+ [`95c285d`](https://github.com/ljharb/get-intrinsic/commit/95c285da810516057d3bbfa871176031af38f05d)
-- [Deps] update `has-symbols` [`593cb4f`](https://github.com/ljharb/get-intrinsic/commit/593cb4fb38e7922e40e42c183f45274b636424cd)
-- [readme] fix repo URLs [`1c8305b`](https://github.com/ljharb/get-intrinsic/commit/1c8305b5365827c9b6fc785434aac0e1328ff2f5)
-- [Deps] update `has-symbols` [`c7138b6`](https://github.com/ljharb/get-intrinsic/commit/c7138b6c6d73132d859471fb8c13304e1e7c8b20)
-- [Dev Deps] remove unused `has-bigints` [`bd63aff`](https://github.com/ljharb/get-intrinsic/commit/bd63aff6ad8f3a986c557fcda2914187bdaab359)
-
-## [v1.1.1](https://github.com/ljharb/get-intrinsic/compare/v1.1.0...v1.1.1) - 2021-02-03
-
-### Fixed
-
-- [meta] export `./package.json` [`#9`](https://github.com/ljharb/get-intrinsic/issues/9)
-
-### Commits
-
-- [readme] flesh out the readme; use `evalmd` [`d12f12c`](https://github.com/ljharb/get-intrinsic/commit/d12f12c15345a0a0772cc65a7c64369529abd614)
-- [eslint] set up proper globals config [`5a8c098`](https://github.com/ljharb/get-intrinsic/commit/5a8c0984e3319d1ac0e64b102f8ec18b64e79f36)
-- [Dev Deps] update `eslint` [`7b9a5c0`](https://github.com/ljharb/get-intrinsic/commit/7b9a5c0d31a90ca1a1234181c74988fb046701cd)
-
-## [v1.1.0](https://github.com/ljharb/get-intrinsic/compare/v1.0.2...v1.1.0) - 2021-01-25
-
-### Fixed
-
-- [Refactor] delay `Function` eval until syntax-derived values are requested [`#3`](https://github.com/ljharb/get-intrinsic/issues/3)
-
-### Commits
-
-- [Tests] migrate tests to Github Actions [`2ab762b`](https://github.com/ljharb/get-intrinsic/commit/2ab762b48164aea8af37a40ba105bbc8246ab8c4)
-- [meta] do not publish github action workflow files [`5e7108e`](https://github.com/ljharb/get-intrinsic/commit/5e7108e4768b244d48d9567ba4f8a6cab9c65b8e)
-- [Tests] add some coverage [`01ac7a8`](https://github.com/ljharb/get-intrinsic/commit/01ac7a87ac29738567e8524cd8c9e026b1fa8cb3)
-- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `call-bind`, `es-abstract`, `tape`; add `call-bind` [`911b672`](https://github.com/ljharb/get-intrinsic/commit/911b672fbffae433a96924c6ce013585e425f4b7)
-- [Refactor] rearrange evalled constructors a bit [`7e7e4bf`](https://github.com/ljharb/get-intrinsic/commit/7e7e4bf583f3799c8ac1c6c5e10d2cb553957347)
-- [meta] add Automatic Rebase and Require Allow Edits workflows [`0199968`](https://github.com/ljharb/get-intrinsic/commit/01999687a263ffce0a3cb011dfbcb761754aedbc)
-
-## [v1.0.2](https://github.com/ljharb/get-intrinsic/compare/v1.0.1...v1.0.2) - 2020-12-17
-
-### Commits
-
-- [Fix] Throw for non‑existent intrinsics [`68f873b`](https://github.com/ljharb/get-intrinsic/commit/68f873b013c732a05ad6f5fc54f697e55515461b)
-- [Fix] Throw for non‑existent segments in the intrinsic path [`8325dee`](https://github.com/ljharb/get-intrinsic/commit/8325deee43128f3654d3399aa9591741ebe17b21)
-- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `aud`, `has-bigints`, `object-inspect` [`0c227a7`](https://github.com/ljharb/get-intrinsic/commit/0c227a7d8b629166f25715fd242553892e458525)
-- [meta] do not lint coverage output [`70d2419`](https://github.com/ljharb/get-intrinsic/commit/70d24199b620043cd9110fc5f426d214ebe21dc9)
-
-## [v1.0.1](https://github.com/ljharb/get-intrinsic/compare/v1.0.0...v1.0.1) - 2020-10-30
-
-### Commits
-
-- [Tests] gather coverage data on every job [`d1d280d`](https://github.com/ljharb/get-intrinsic/commit/d1d280dec714e3f0519cc877dbcb193057d9cac6)
-- [Fix] add missing dependencies [`5031771`](https://github.com/ljharb/get-intrinsic/commit/5031771bb1095b38be88ce7c41d5de88718e432e)
-- [Tests] use `es-value-fixtures` [`af48765`](https://github.com/ljharb/get-intrinsic/commit/af48765a23c5323fb0b6b38dbf00eb5099c7bebc)
-
-## v1.0.0 - 2020-10-29
-
-### Commits
-
-- Implementation [`bbce57c`](https://github.com/ljharb/get-intrinsic/commit/bbce57c6f33d05b2d8d3efa273ceeb3ee01127bb)
-- Tests [`17b4f0d`](https://github.com/ljharb/get-intrinsic/commit/17b4f0d56dea6b4059b56fc30ef3ee4d9500ebc2)
-- Initial commit [`3153294`](https://github.com/ljharb/get-intrinsic/commit/31532948de363b0a27dd9fd4649e7b7028ec4b44)
-- npm init [`fb326c4`](https://github.com/ljharb/get-intrinsic/commit/fb326c4d2817c8419ec31de1295f06bb268a7902)
-- [meta] add Automatic Rebase and Require Allow Edits workflows [`48862fb`](https://github.com/ljharb/get-intrinsic/commit/48862fb2508c8f6a57968e6d08b7c883afc9d550)
-- [meta] add `auto-changelog` [`5f28ad0`](https://github.com/ljharb/get-intrinsic/commit/5f28ad019e060a353d8028f9f2591a9cc93074a1)
-- [meta] add "funding"; create `FUNDING.yml` [`c2bbdde`](https://github.com/ljharb/get-intrinsic/commit/c2bbddeba73a875be61484ee4680b129a6d4e0a1)
-- [Tests] add `npm run lint` [`0a84b98`](https://github.com/ljharb/get-intrinsic/commit/0a84b98b22b7cf7a748666f705b0003a493c35fd)
-- Only apps should have lockfiles [`9586c75`](https://github.com/ljharb/get-intrinsic/commit/9586c75866c1ee678e4d5d4dbbdef6997e511b05)
diff --git a/src/Servers/ExpressServer/node_modules/get-intrinsic/LICENSE b/src/Servers/ExpressServer/node_modules/get-intrinsic/LICENSE
deleted file mode 100644
index 48f05d0..0000000
--- a/src/Servers/ExpressServer/node_modules/get-intrinsic/LICENSE
+++ /dev/null
@@ -1,21 +0,0 @@
-MIT License
-
-Copyright (c) 2020 Jordan Harband
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/get-intrinsic/README.md b/src/Servers/ExpressServer/node_modules/get-intrinsic/README.md
deleted file mode 100644
index 3aa0bba..0000000
--- a/src/Servers/ExpressServer/node_modules/get-intrinsic/README.md
+++ /dev/null
@@ -1,71 +0,0 @@
-# get-intrinsic <sup>[![Version Badge][npm-version-svg]][package-url]</sup>
-
-[![github actions][actions-image]][actions-url]
-[![coverage][codecov-image]][codecov-url]
-[![dependency status][deps-svg]][deps-url]
-[![dev dependency status][dev-deps-svg]][dev-deps-url]
-[![License][license-image]][license-url]
-[![Downloads][downloads-image]][downloads-url]
-
-[![npm badge][npm-badge-png]][package-url]
-
-Get and robustly cache all JS language-level intrinsics at first require time.
-
-See the syntax described [in the JS spec](https://tc39.es/ecma262/#sec-well-known-intrinsic-objects) for reference.
-
-## Example
-
-```js
-var GetIntrinsic = require('get-intrinsic');
-var assert = require('assert');
-
-// static methods
-assert.equal(GetIntrinsic('%Math.pow%'), Math.pow);
-assert.equal(Math.pow(2, 3), 8);
-assert.equal(GetIntrinsic('%Math.pow%')(2, 3), 8);
-delete Math.pow;
-assert.equal(GetIntrinsic('%Math.pow%')(2, 3), 8);
-
-// instance methods
-var arr = [1];
-assert.equal(GetIntrinsic('%Array.prototype.push%'), Array.prototype.push);
-assert.deepEqual(arr, [1]);
-
-arr.push(2);
-assert.deepEqual(arr, [1, 2]);
-
-GetIntrinsic('%Array.prototype.push%').call(arr, 3);
-assert.deepEqual(arr, [1, 2, 3]);
-
-delete Array.prototype.push;
-GetIntrinsic('%Array.prototype.push%').call(arr, 4);
-assert.deepEqual(arr, [1, 2, 3, 4]);
-
-// missing features
-delete JSON.parse; // to simulate a real intrinsic that is missing in the environment
-assert.throws(() => GetIntrinsic('%JSON.parse%'));
-assert.equal(undefined, GetIntrinsic('%JSON.parse%', true));
-```
-
-## Tests
-Simply clone the repo, `npm install`, and run `npm test`
-
-## Security
-
-Please email [@ljharb](https://github.com/ljharb) or see https://tidelift.com/security if you have a potential security vulnerability to report.
-
-[package-url]: https://npmjs.org/package/get-intrinsic
-[npm-version-svg]: https://versionbadg.es/ljharb/get-intrinsic.svg
-[deps-svg]: https://david-dm.org/ljharb/get-intrinsic.svg
-[deps-url]: https://david-dm.org/ljharb/get-intrinsic
-[dev-deps-svg]: https://david-dm.org/ljharb/get-intrinsic/dev-status.svg
-[dev-deps-url]: https://david-dm.org/ljharb/get-intrinsic#info=devDependencies
-[npm-badge-png]: https://nodei.co/npm/get-intrinsic.png?downloads=true&stars=true
-[license-image]: https://img.shields.io/npm/l/get-intrinsic.svg
-[license-url]: LICENSE
-[downloads-image]: https://img.shields.io/npm/dm/get-intrinsic.svg
-[downloads-url]: https://npm-stat.com/charts.html?package=get-intrinsic
-[codecov-image]: https://codecov.io/gh/ljharb/get-intrinsic/branch/main/graphs/badge.svg
-[codecov-url]: https://app.codecov.io/gh/ljharb/get-intrinsic/
-[actions-image]: https://img.shields.io/endpoint?url=https://github-actions-badge-u3jn4tfpocch.runkit.sh/ljharb/get-intrinsic
-[actions-url]: https://github.com/ljharb/get-intrinsic/actions
diff --git a/src/Servers/ExpressServer/node_modules/get-intrinsic/index.js b/src/Servers/ExpressServer/node_modules/get-intrinsic/index.js
deleted file mode 100644
index bd1d94b..0000000
--- a/src/Servers/ExpressServer/node_modules/get-intrinsic/index.js
+++ /dev/null
@@ -1,378 +0,0 @@
-'use strict';
-
-var undefined;
-
-var $Object = require('es-object-atoms');
-
-var $Error = require('es-errors');
-var $EvalError = require('es-errors/eval');
-var $RangeError = require('es-errors/range');
-var $ReferenceError = require('es-errors/ref');
-var $SyntaxError = require('es-errors/syntax');
-var $TypeError = require('es-errors/type');
-var $URIError = require('es-errors/uri');
-
-var abs = require('math-intrinsics/abs');
-var floor = require('math-intrinsics/floor');
-var max = require('math-intrinsics/max');
-var min = require('math-intrinsics/min');
-var pow = require('math-intrinsics/pow');
-var round = require('math-intrinsics/round');
-var sign = require('math-intrinsics/sign');
-
-var $Function = Function;
-
-// eslint-disable-next-line consistent-return
-var getEvalledConstructor = function (expressionSyntax) {
-	try {
-		return $Function('"use strict"; return (' + expressionSyntax + ').constructor;')();
-	} catch (e) {}
-};
-
-var $gOPD = require('gopd');
-var $defineProperty = require('es-define-property');
-
-var throwTypeError = function () {
-	throw new $TypeError();
-};
-var ThrowTypeError = $gOPD
-	? (function () {
-		try {
-			// eslint-disable-next-line no-unused-expressions, no-caller, no-restricted-properties
-			arguments.callee; // IE 8 does not throw here
-			return throwTypeError;
-		} catch (calleeThrows) {
-			try {
-				// IE 8 throws on Object.getOwnPropertyDescriptor(arguments, '')
-				return $gOPD(arguments, 'callee').get;
-			} catch (gOPDthrows) {
-				return throwTypeError;
-			}
-		}
-	}())
-	: throwTypeError;
-
-var hasSymbols = require('has-symbols')();
-
-var getProto = require('get-proto');
-var $ObjectGPO = require('get-proto/Object.getPrototypeOf');
-var $ReflectGPO = require('get-proto/Reflect.getPrototypeOf');
-
-var $apply = require('call-bind-apply-helpers/functionApply');
-var $call = require('call-bind-apply-helpers/functionCall');
-
-var needsEval = {};
-
-var TypedArray = typeof Uint8Array === 'undefined' || !getProto ? undefined : getProto(Uint8Array);
-
-var INTRINSICS = {
-	__proto__: null,
-	'%AggregateError%': typeof AggregateError === 'undefined' ? undefined : AggregateError,
-	'%Array%': Array,
-	'%ArrayBuffer%': typeof ArrayBuffer === 'undefined' ? undefined : ArrayBuffer,
-	'%ArrayIteratorPrototype%': hasSymbols && getProto ? getProto([][Symbol.iterator]()) : undefined,
-	'%AsyncFromSyncIteratorPrototype%': undefined,
-	'%AsyncFunction%': needsEval,
-	'%AsyncGenerator%': needsEval,
-	'%AsyncGeneratorFunction%': needsEval,
-	'%AsyncIteratorPrototype%': needsEval,
-	'%Atomics%': typeof Atomics === 'undefined' ? undefined : Atomics,
-	'%BigInt%': typeof BigInt === 'undefined' ? undefined : BigInt,
-	'%BigInt64Array%': typeof BigInt64Array === 'undefined' ? undefined : BigInt64Array,
-	'%BigUint64Array%': typeof BigUint64Array === 'undefined' ? undefined : BigUint64Array,
-	'%Boolean%': Boolean,
-	'%DataView%': typeof DataView === 'undefined' ? undefined : DataView,
-	'%Date%': Date,
-	'%decodeURI%': decodeURI,
-	'%decodeURIComponent%': decodeURIComponent,
-	'%encodeURI%': encodeURI,
-	'%encodeURIComponent%': encodeURIComponent,
-	'%Error%': $Error,
-	'%eval%': eval, // eslint-disable-line no-eval
-	'%EvalError%': $EvalError,
-	'%Float16Array%': typeof Float16Array === 'undefined' ? undefined : Float16Array,
-	'%Float32Array%': typeof Float32Array === 'undefined' ? undefined : Float32Array,
-	'%Float64Array%': typeof Float64Array === 'undefined' ? undefined : Float64Array,
-	'%FinalizationRegistry%': typeof FinalizationRegistry === 'undefined' ? undefined : FinalizationRegistry,
-	'%Function%': $Function,
-	'%GeneratorFunction%': needsEval,
-	'%Int8Array%': typeof Int8Array === 'undefined' ? undefined : Int8Array,
-	'%Int16Array%': typeof Int16Array === 'undefined' ? undefined : Int16Array,
-	'%Int32Array%': typeof Int32Array === 'undefined' ? undefined : Int32Array,
-	'%isFinite%': isFinite,
-	'%isNaN%': isNaN,
-	'%IteratorPrototype%': hasSymbols && getProto ? getProto(getProto([][Symbol.iterator]())) : undefined,
-	'%JSON%': typeof JSON === 'object' ? JSON : undefined,
-	'%Map%': typeof Map === 'undefined' ? undefined : Map,
-	'%MapIteratorPrototype%': typeof Map === 'undefined' || !hasSymbols || !getProto ? undefined : getProto(new Map()[Symbol.iterator]()),
-	'%Math%': Math,
-	'%Number%': Number,
-	'%Object%': $Object,
-	'%Object.getOwnPropertyDescriptor%': $gOPD,
-	'%parseFloat%': parseFloat,
-	'%parseInt%': parseInt,
-	'%Promise%': typeof Promise === 'undefined' ? undefined : Promise,
-	'%Proxy%': typeof Proxy === 'undefined' ? undefined : Proxy,
-	'%RangeError%': $RangeError,
-	'%ReferenceError%': $ReferenceError,
-	'%Reflect%': typeof Reflect === 'undefined' ? undefined : Reflect,
-	'%RegExp%': RegExp,
-	'%Set%': typeof Set === 'undefined' ? undefined : Set,
-	'%SetIteratorPrototype%': typeof Set === 'undefined' || !hasSymbols || !getProto ? undefined : getProto(new Set()[Symbol.iterator]()),
-	'%SharedArrayBuffer%': typeof SharedArrayBuffer === 'undefined' ? undefined : SharedArrayBuffer,
-	'%String%': String,
-	'%StringIteratorPrototype%': hasSymbols && getProto ? getProto(''[Symbol.iterator]()) : undefined,
-	'%Symbol%': hasSymbols ? Symbol : undefined,
-	'%SyntaxError%': $SyntaxError,
-	'%ThrowTypeError%': ThrowTypeError,
-	'%TypedArray%': TypedArray,
-	'%TypeError%': $TypeError,
-	'%Uint8Array%': typeof Uint8Array === 'undefined' ? undefined : Uint8Array,
-	'%Uint8ClampedArray%': typeof Uint8ClampedArray === 'undefined' ? undefined : Uint8ClampedArray,
-	'%Uint16Array%': typeof Uint16Array === 'undefined' ? undefined : Uint16Array,
-	'%Uint32Array%': typeof Uint32Array === 'undefined' ? undefined : Uint32Array,
-	'%URIError%': $URIError,
-	'%WeakMap%': typeof WeakMap === 'undefined' ? undefined : WeakMap,
-	'%WeakRef%': typeof WeakRef === 'undefined' ? undefined : WeakRef,
-	'%WeakSet%': typeof WeakSet === 'undefined' ? undefined : WeakSet,
-
-	'%Function.prototype.call%': $call,
-	'%Function.prototype.apply%': $apply,
-	'%Object.defineProperty%': $defineProperty,
-	'%Object.getPrototypeOf%': $ObjectGPO,
-	'%Math.abs%': abs,
-	'%Math.floor%': floor,
-	'%Math.max%': max,
-	'%Math.min%': min,
-	'%Math.pow%': pow,
-	'%Math.round%': round,
-	'%Math.sign%': sign,
-	'%Reflect.getPrototypeOf%': $ReflectGPO
-};
-
-if (getProto) {
-	try {
-		null.error; // eslint-disable-line no-unused-expressions
-	} catch (e) {
-		// https://github.com/tc39/proposal-shadowrealm/pull/384#issuecomment-1364264229
-		var errorProto = getProto(getProto(e));
-		INTRINSICS['%Error.prototype%'] = errorProto;
-	}
-}
-
-var doEval = function doEval(name) {
-	var value;
-	if (name === '%AsyncFunction%') {
-		value = getEvalledConstructor('async function () {}');
-	} else if (name === '%GeneratorFunction%') {
-		value = getEvalledConstructor('function* () {}');
-	} else if (name === '%AsyncGeneratorFunction%') {
-		value = getEvalledConstructor('async function* () {}');
-	} else if (name === '%AsyncGenerator%') {
-		var fn = doEval('%AsyncGeneratorFunction%');
-		if (fn) {
-			value = fn.prototype;
-		}
-	} else if (name === '%AsyncIteratorPrototype%') {
-		var gen = doEval('%AsyncGenerator%');
-		if (gen && getProto) {
-			value = getProto(gen.prototype);
-		}
-	}
-
-	INTRINSICS[name] = value;
-
-	return value;
-};
-
-var LEGACY_ALIASES = {
-	__proto__: null,
-	'%ArrayBufferPrototype%': ['ArrayBuffer', 'prototype'],
-	'%ArrayPrototype%': ['Array', 'prototype'],
-	'%ArrayProto_entries%': ['Array', 'prototype', 'entries'],
-	'%ArrayProto_forEach%': ['Array', 'prototype', 'forEach'],
-	'%ArrayProto_keys%': ['Array', 'prototype', 'keys'],
-	'%ArrayProto_values%': ['Array', 'prototype', 'values'],
-	'%AsyncFunctionPrototype%': ['AsyncFunction', 'prototype'],
-	'%AsyncGenerator%': ['AsyncGeneratorFunction', 'prototype'],
-	'%AsyncGeneratorPrototype%': ['AsyncGeneratorFunction', 'prototype', 'prototype'],
-	'%BooleanPrototype%': ['Boolean', 'prototype'],
-	'%DataViewPrototype%': ['DataView', 'prototype'],
-	'%DatePrototype%': ['Date', 'prototype'],
-	'%ErrorPrototype%': ['Error', 'prototype'],
-	'%EvalErrorPrototype%': ['EvalError', 'prototype'],
-	'%Float32ArrayPrototype%': ['Float32Array', 'prototype'],
-	'%Float64ArrayPrototype%': ['Float64Array', 'prototype'],
-	'%FunctionPrototype%': ['Function', 'prototype'],
-	'%Generator%': ['GeneratorFunction', 'prototype'],
-	'%GeneratorPrototype%': ['GeneratorFunction', 'prototype', 'prototype'],
-	'%Int8ArrayPrototype%': ['Int8Array', 'prototype'],
-	'%Int16ArrayPrototype%': ['Int16Array', 'prototype'],
-	'%Int32ArrayPrototype%': ['Int32Array', 'prototype'],
-	'%JSONParse%': ['JSON', 'parse'],
-	'%JSONStringify%': ['JSON', 'stringify'],
-	'%MapPrototype%': ['Map', 'prototype'],
-	'%NumberPrototype%': ['Number', 'prototype'],
-	'%ObjectPrototype%': ['Object', 'prototype'],
-	'%ObjProto_toString%': ['Object', 'prototype', 'toString'],
-	'%ObjProto_valueOf%': ['Object', 'prototype', 'valueOf'],
-	'%PromisePrototype%': ['Promise', 'prototype'],
-	'%PromiseProto_then%': ['Promise', 'prototype', 'then'],
-	'%Promise_all%': ['Promise', 'all'],
-	'%Promise_reject%': ['Promise', 'reject'],
-	'%Promise_resolve%': ['Promise', 'resolve'],
-	'%RangeErrorPrototype%': ['RangeError', 'prototype'],
-	'%ReferenceErrorPrototype%': ['ReferenceError', 'prototype'],
-	'%RegExpPrototype%': ['RegExp', 'prototype'],
-	'%SetPrototype%': ['Set', 'prototype'],
-	'%SharedArrayBufferPrototype%': ['SharedArrayBuffer', 'prototype'],
-	'%StringPrototype%': ['String', 'prototype'],
-	'%SymbolPrototype%': ['Symbol', 'prototype'],
-	'%SyntaxErrorPrototype%': ['SyntaxError', 'prototype'],
-	'%TypedArrayPrototype%': ['TypedArray', 'prototype'],
-	'%TypeErrorPrototype%': ['TypeError', 'prototype'],
-	'%Uint8ArrayPrototype%': ['Uint8Array', 'prototype'],
-	'%Uint8ClampedArrayPrototype%': ['Uint8ClampedArray', 'prototype'],
-	'%Uint16ArrayPrototype%': ['Uint16Array', 'prototype'],
-	'%Uint32ArrayPrototype%': ['Uint32Array', 'prototype'],
-	'%URIErrorPrototype%': ['URIError', 'prototype'],
-	'%WeakMapPrototype%': ['WeakMap', 'prototype'],
-	'%WeakSetPrototype%': ['WeakSet', 'prototype']
-};
-
-var bind = require('function-bind');
-var hasOwn = require('hasown');
-var $concat = bind.call($call, Array.prototype.concat);
-var $spliceApply = bind.call($apply, Array.prototype.splice);
-var $replace = bind.call($call, String.prototype.replace);
-var $strSlice = bind.call($call, String.prototype.slice);
-var $exec = bind.call($call, RegExp.prototype.exec);
-
-/* adapted from https://github.com/lodash/lodash/blob/4.17.15/dist/lodash.js#L6735-L6744 */
-var rePropName = /[^%.[\]]+|\[(?:(-?\d+(?:\.\d+)?)|(["'])((?:(?!\2)[^\\]|\\.)*?)\2)\]|(?=(?:\.|\[\])(?:\.|\[\]|%$))/g;
-var reEscapeChar = /\\(\\)?/g; /** Used to match backslashes in property paths. */
-var stringToPath = function stringToPath(string) {
-	var first = $strSlice(string, 0, 1);
-	var last = $strSlice(string, -1);
-	if (first === '%' && last !== '%') {
-		throw new $SyntaxError('invalid intrinsic syntax, expected closing `%`');
-	} else if (last === '%' && first !== '%') {
-		throw new $SyntaxError('invalid intrinsic syntax, expected opening `%`');
-	}
-	var result = [];
-	$replace(string, rePropName, function (match, number, quote, subString) {
-		result[result.length] = quote ? $replace(subString, reEscapeChar, '$1') : number || match;
-	});
-	return result;
-};
-/* end adaptation */
-
-var getBaseIntrinsic = function getBaseIntrinsic(name, allowMissing) {
-	var intrinsicName = name;
-	var alias;
-	if (hasOwn(LEGACY_ALIASES, intrinsicName)) {
-		alias = LEGACY_ALIASES[intrinsicName];
-		intrinsicName = '%' + alias[0] + '%';
-	}
-
-	if (hasOwn(INTRINSICS, intrinsicName)) {
-		var value = INTRINSICS[intrinsicName];
-		if (value === needsEval) {
-			value = doEval(intrinsicName);
-		}
-		if (typeof value === 'undefined' && !allowMissing) {
-			throw new $TypeError('intrinsic ' + name + ' exists, but is not available. Please file an issue!');
-		}
-
-		return {
-			alias: alias,
-			name: intrinsicName,
-			value: value
-		};
-	}
-
-	throw new $SyntaxError('intrinsic ' + name + ' does not exist!');
-};
-
-module.exports = function GetIntrinsic(name, allowMissing) {
-	if (typeof name !== 'string' || name.length === 0) {
-		throw new $TypeError('intrinsic name must be a non-empty string');
-	}
-	if (arguments.length > 1 && typeof allowMissing !== 'boolean') {
-		throw new $TypeError('"allowMissing" argument must be a boolean');
-	}
-
-	if ($exec(/^%?[^%]*%?$/, name) === null) {
-		throw new $SyntaxError('`%` may not be present anywhere but at the beginning and end of the intrinsic name');
-	}
-	var parts = stringToPath(name);
-	var intrinsicBaseName = parts.length > 0 ? parts[0] : '';
-
-	var intrinsic = getBaseIntrinsic('%' + intrinsicBaseName + '%', allowMissing);
-	var intrinsicRealName = intrinsic.name;
-	var value = intrinsic.value;
-	var skipFurtherCaching = false;
-
-	var alias = intrinsic.alias;
-	if (alias) {
-		intrinsicBaseName = alias[0];
-		$spliceApply(parts, $concat([0, 1], alias));
-	}
-
-	for (var i = 1, isOwn = true; i < parts.length; i += 1) {
-		var part = parts[i];
-		var first = $strSlice(part, 0, 1);
-		var last = $strSlice(part, -1);
-		if (
-			(
-				(first === '"' || first === "'" || first === '`')
-				|| (last === '"' || last === "'" || last === '`')
-			)
-			&& first !== last
-		) {
-			throw new $SyntaxError('property names with quotes must have matching quotes');
-		}
-		if (part === 'constructor' || !isOwn) {
-			skipFurtherCaching = true;
-		}
-
-		intrinsicBaseName += '.' + part;
-		intrinsicRealName = '%' + intrinsicBaseName + '%';
-
-		if (hasOwn(INTRINSICS, intrinsicRealName)) {
-			value = INTRINSICS[intrinsicRealName];
-		} else if (value != null) {
-			if (!(part in value)) {
-				if (!allowMissing) {
-					throw new $TypeError('base intrinsic for ' + name + ' exists, but the property is not available.');
-				}
-				return void undefined;
-			}
-			if ($gOPD && (i + 1) >= parts.length) {
-				var desc = $gOPD(value, part);
-				isOwn = !!desc;
-
-				// By convention, when a data property is converted to an accessor
-				// property to emulate a data property that does not suffer from
-				// the override mistake, that accessor's getter is marked with
-				// an `originalValue` property. Here, when we detect this, we
-				// uphold the illusion by pretending to see that original data
-				// property, i.e., returning the value rather than the getter
-				// itself.
-				if (isOwn && 'get' in desc && !('originalValue' in desc.get)) {
-					value = desc.get;
-				} else {
-					value = value[part];
-				}
-			} else {
-				isOwn = hasOwn(value, part);
-				value = value[part];
-			}
-
-			if (isOwn && !skipFurtherCaching) {
-				INTRINSICS[intrinsicRealName] = value;
-			}
-		}
-	}
-	return value;
-};
diff --git a/src/Servers/ExpressServer/node_modules/get-intrinsic/package.json b/src/Servers/ExpressServer/node_modules/get-intrinsic/package.json
deleted file mode 100644
index 2828e73..0000000
--- a/src/Servers/ExpressServer/node_modules/get-intrinsic/package.json
+++ /dev/null
@@ -1,97 +0,0 @@
-{
-	"name": "get-intrinsic",
-	"version": "1.3.0",
-	"description": "Get and robustly cache all JS language-level intrinsics at first require time",
-	"main": "index.js",
-	"exports": {
-		".": "./index.js",
-		"./package.json": "./package.json"
-	},
-	"sideEffects": false,
-	"scripts": {
-		"prepack": "npmignore --auto --commentLines=autogenerated",
-		"prepublish": "not-in-publish || npm run prepublishOnly",
-		"prepublishOnly": "safe-publish-latest",
-		"prelint": "evalmd README.md",
-		"lint": "eslint --ext=.js,.mjs .",
-		"pretest": "npm run lint",
-		"tests-only": "nyc tape 'test/**/*.js'",
-		"test": "npm run tests-only",
-		"posttest": "npx npm@'>= 10.2' audit --production",
-		"version": "auto-changelog && git add CHANGELOG.md",
-		"postversion": "auto-changelog && git add CHANGELOG.md && git commit --no-edit --amend && git tag -f \"v$(node -e \"console.log(require('./package.json').version)\")\""
-	},
-	"repository": {
-		"type": "git",
-		"url": "git+https://github.com/ljharb/get-intrinsic.git"
-	},
-	"keywords": [
-		"javascript",
-		"ecmascript",
-		"es",
-		"js",
-		"intrinsic",
-		"getintrinsic",
-		"es-abstract"
-	],
-	"author": "Jordan Harband <ljharb@gmail.com>",
-	"funding": {
-		"url": "https://github.com/sponsors/ljharb"
-	},
-	"license": "MIT",
-	"bugs": {
-		"url": "https://github.com/ljharb/get-intrinsic/issues"
-	},
-	"homepage": "https://github.com/ljharb/get-intrinsic#readme",
-	"dependencies": {
-		"call-bind-apply-helpers": "^1.0.2",
-		"es-define-property": "^1.0.1",
-		"es-errors": "^1.3.0",
-		"es-object-atoms": "^1.1.1",
-		"function-bind": "^1.1.2",
-		"get-proto": "^1.0.1",
-		"gopd": "^1.2.0",
-		"has-symbols": "^1.1.0",
-		"hasown": "^2.0.2",
-		"math-intrinsics": "^1.1.0"
-	},
-	"devDependencies": {
-		"@ljharb/eslint-config": "^21.1.1",
-		"auto-changelog": "^2.5.0",
-		"call-bound": "^1.0.3",
-		"encoding": "^0.1.13",
-		"es-abstract": "^1.23.9",
-		"es-value-fixtures": "^1.7.1",
-		"eslint": "=8.8.0",
-		"evalmd": "^0.0.19",
-		"for-each": "^0.3.5",
-		"make-async-function": "^1.0.0",
-		"make-async-generator-function": "^1.0.0",
-		"make-generator-function": "^2.0.0",
-		"mock-property": "^1.1.0",
-		"npmignore": "^0.3.1",
-		"nyc": "^10.3.2",
-		"object-inspect": "^1.13.4",
-		"safe-publish-latest": "^2.0.0",
-		"tape": "^5.9.0"
-	},
-	"auto-changelog": {
-		"output": "CHANGELOG.md",
-		"template": "keepachangelog",
-		"unreleased": false,
-		"commitLimit": false,
-		"backfillLimit": false,
-		"hideCredit": true
-	},
-	"testling": {
-		"files": "test/GetIntrinsic.js"
-	},
-	"publishConfig": {
-		"ignore": [
-			".github/workflows"
-		]
-	},
-	"engines": {
-		"node": ">= 0.4"
-	}
-}
diff --git a/src/Servers/ExpressServer/node_modules/get-intrinsic/test/GetIntrinsic.js b/src/Servers/ExpressServer/node_modules/get-intrinsic/test/GetIntrinsic.js
deleted file mode 100644
index d9c0f30..0000000
--- a/src/Servers/ExpressServer/node_modules/get-intrinsic/test/GetIntrinsic.js
+++ /dev/null
@@ -1,274 +0,0 @@
-'use strict';
-
-var GetIntrinsic = require('../');
-
-var test = require('tape');
-var forEach = require('for-each');
-var debug = require('object-inspect');
-var generatorFns = require('make-generator-function')();
-var asyncFns = require('make-async-function').list();
-var asyncGenFns = require('make-async-generator-function')();
-var mockProperty = require('mock-property');
-
-var callBound = require('call-bound');
-var v = require('es-value-fixtures');
-var $gOPD = require('gopd');
-var DefinePropertyOrThrow = require('es-abstract/2023/DefinePropertyOrThrow');
-
-var $isProto = callBound('%Object.prototype.isPrototypeOf%');
-
-test('export', function (t) {
-	t.equal(typeof GetIntrinsic, 'function', 'it is a function');
-	t.equal(GetIntrinsic.length, 2, 'function has length of 2');
-
-	t.end();
-});
-
-test('throws', function (t) {
-	t['throws'](
-		function () { GetIntrinsic('not an intrinsic'); },
-		SyntaxError,
-		'nonexistent intrinsic throws a syntax error'
-	);
-
-	t['throws'](
-		function () { GetIntrinsic(''); },
-		TypeError,
-		'empty string intrinsic throws a type error'
-	);
-
-	t['throws'](
-		function () { GetIntrinsic('.'); },
-		SyntaxError,
-		'"just a dot" intrinsic throws a syntax error'
-	);
-
-	t['throws'](
-		function () { GetIntrinsic('%String'); },
-		SyntaxError,
-		'Leading % without trailing % throws a syntax error'
-	);
-
-	t['throws'](
-		function () { GetIntrinsic('String%'); },
-		SyntaxError,
-		'Trailing % without leading % throws a syntax error'
-	);
-
-	t['throws'](
-		function () { GetIntrinsic("String['prototype]"); },
-		SyntaxError,
-		'Dynamic property access is disallowed for intrinsics (unterminated string)'
-	);
-
-	t['throws'](
-		function () { GetIntrinsic('%Proxy.prototype.undefined%'); },
-		TypeError,
-		"Throws when middle part doesn't exist (%Proxy.prototype.undefined%)"
-	);
-
-	t['throws'](
-		function () { GetIntrinsic('%Array.prototype%garbage%'); },
-		SyntaxError,
-		'Throws with extra percent signs'
-	);
-
-	t['throws'](
-		function () { GetIntrinsic('%Array.prototype%push%'); },
-		SyntaxError,
-		'Throws with extra percent signs, even on an existing intrinsic'
-	);
-
-	forEach(v.nonStrings, function (nonString) {
-		t['throws'](
-			function () { GetIntrinsic(nonString); },
-			TypeError,
-			debug(nonString) + ' is not a String'
-		);
-	});
-
-	forEach(v.nonBooleans, function (nonBoolean) {
-		t['throws'](
-			function () { GetIntrinsic('%', nonBoolean); },
-			TypeError,
-			debug(nonBoolean) + ' is not a Boolean'
-		);
-	});
-
-	forEach([
-		'toString',
-		'propertyIsEnumerable',
-		'hasOwnProperty'
-	], function (objectProtoMember) {
-		t['throws'](
-			function () { GetIntrinsic(objectProtoMember); },
-			SyntaxError,
-			debug(objectProtoMember) + ' is not an intrinsic'
-		);
-	});
-
-	t.end();
-});
-
-test('base intrinsics', function (t) {
-	t.equal(GetIntrinsic('%Object%'), Object, '%Object% yields Object');
-	t.equal(GetIntrinsic('Object'), Object, 'Object yields Object');
-	t.equal(GetIntrinsic('%Array%'), Array, '%Array% yields Array');
-	t.equal(GetIntrinsic('Array'), Array, 'Array yields Array');
-
-	t.end();
-});
-
-test('dotted paths', function (t) {
-	t.equal(GetIntrinsic('%Object.prototype.toString%'), Object.prototype.toString, '%Object.prototype.toString% yields Object.prototype.toString');
-	t.equal(GetIntrinsic('Object.prototype.toString'), Object.prototype.toString, 'Object.prototype.toString yields Object.prototype.toString');
-	t.equal(GetIntrinsic('%Array.prototype.push%'), Array.prototype.push, '%Array.prototype.push% yields Array.prototype.push');
-	t.equal(GetIntrinsic('Array.prototype.push'), Array.prototype.push, 'Array.prototype.push yields Array.prototype.push');
-
-	test('underscore paths are aliases for dotted paths', { skip: !Object.isFrozen || Object.isFrozen(Object.prototype) }, function (st) {
-		var original = GetIntrinsic('%ObjProto_toString%');
-
-		forEach([
-			'%Object.prototype.toString%',
-			'Object.prototype.toString',
-			'%ObjectPrototype.toString%',
-			'ObjectPrototype.toString',
-			'%ObjProto_toString%',
-			'ObjProto_toString'
-		], function (name) {
-			DefinePropertyOrThrow(Object.prototype, 'toString', {
-				'[[Value]]': function toString() {
-					return original.apply(this, arguments);
-				}
-			});
-			st.equal(GetIntrinsic(name), original, name + ' yields original Object.prototype.toString');
-		});
-
-		DefinePropertyOrThrow(Object.prototype, 'toString', { '[[Value]]': original });
-		st.end();
-	});
-
-	test('dotted paths cache', { skip: !Object.isFrozen || Object.isFrozen(Object.prototype) }, function (st) {
-		var original = GetIntrinsic('%Object.prototype.propertyIsEnumerable%');
-
-		forEach([
-			'%Object.prototype.propertyIsEnumerable%',
-			'Object.prototype.propertyIsEnumerable',
-			'%ObjectPrototype.propertyIsEnumerable%',
-			'ObjectPrototype.propertyIsEnumerable'
-		], function (name) {
-			var restore = mockProperty(Object.prototype, 'propertyIsEnumerable', {
-				value: function propertyIsEnumerable() {
-					return original.apply(this, arguments);
-				}
-			});
-			st.equal(GetIntrinsic(name), original, name + ' yields cached Object.prototype.propertyIsEnumerable');
-
-			restore();
-		});
-
-		st.end();
-	});
-
-	test('dotted path reports correct error', function (st) {
-		st['throws'](function () {
-			GetIntrinsic('%NonExistentIntrinsic.prototype.property%');
-		}, /%NonExistentIntrinsic%/, 'The base intrinsic of %NonExistentIntrinsic.prototype.property% is %NonExistentIntrinsic%');
-
-		st['throws'](function () {
-			GetIntrinsic('%NonExistentIntrinsicPrototype.property%');
-		}, /%NonExistentIntrinsicPrototype%/, 'The base intrinsic of %NonExistentIntrinsicPrototype.property% is %NonExistentIntrinsicPrototype%');
-
-		st.end();
-	});
-
-	t.end();
-});
-
-test('accessors', { skip: !$gOPD || typeof Map !== 'function' }, function (t) {
-	var actual = $gOPD(Map.prototype, 'size');
-	t.ok(actual, 'Map.prototype.size has a descriptor');
-	t.equal(typeof actual.get, 'function', 'Map.prototype.size has a getter function');
-	t.equal(GetIntrinsic('%Map.prototype.size%'), actual.get, '%Map.prototype.size% yields the getter for it');
-	t.equal(GetIntrinsic('Map.prototype.size'), actual.get, 'Map.prototype.size yields the getter for it');
-
-	t.end();
-});
-
-test('generator functions', { skip: !generatorFns.length }, function (t) {
-	var $GeneratorFunction = GetIntrinsic('%GeneratorFunction%');
-	var $GeneratorFunctionPrototype = GetIntrinsic('%Generator%');
-	var $GeneratorPrototype = GetIntrinsic('%GeneratorPrototype%');
-
-	forEach(generatorFns, function (genFn) {
-		var fnName = genFn.name;
-		fnName = fnName ? "'" + fnName + "'" : 'genFn';
-
-		t.ok(genFn instanceof $GeneratorFunction, fnName + ' instanceof %GeneratorFunction%');
-		t.ok($isProto($GeneratorFunctionPrototype, genFn), '%Generator% is prototype of ' + fnName);
-		t.ok($isProto($GeneratorPrototype, genFn.prototype), '%GeneratorPrototype% is prototype of ' + fnName + '.prototype');
-	});
-
-	t.end();
-});
-
-test('async functions', { skip: !asyncFns.length }, function (t) {
-	var $AsyncFunction = GetIntrinsic('%AsyncFunction%');
-	var $AsyncFunctionPrototype = GetIntrinsic('%AsyncFunctionPrototype%');
-
-	forEach(asyncFns, function (asyncFn) {
-		var fnName = asyncFn.name;
-		fnName = fnName ? "'" + fnName + "'" : 'asyncFn';
-
-		t.ok(asyncFn instanceof $AsyncFunction, fnName + ' instanceof %AsyncFunction%');
-		t.ok($isProto($AsyncFunctionPrototype, asyncFn), '%AsyncFunctionPrototype% is prototype of ' + fnName);
-	});
-
-	t.end();
-});
-
-test('async generator functions', { skip: asyncGenFns.length === 0 }, function (t) {
-	var $AsyncGeneratorFunction = GetIntrinsic('%AsyncGeneratorFunction%');
-	var $AsyncGeneratorFunctionPrototype = GetIntrinsic('%AsyncGenerator%');
-	var $AsyncGeneratorPrototype = GetIntrinsic('%AsyncGeneratorPrototype%');
-
-	forEach(asyncGenFns, function (asyncGenFn) {
-		var fnName = asyncGenFn.name;
-		fnName = fnName ? "'" + fnName + "'" : 'asyncGenFn';
-
-		t.ok(asyncGenFn instanceof $AsyncGeneratorFunction, fnName + ' instanceof %AsyncGeneratorFunction%');
-		t.ok($isProto($AsyncGeneratorFunctionPrototype, asyncGenFn), '%AsyncGenerator% is prototype of ' + fnName);
-		t.ok($isProto($AsyncGeneratorPrototype, asyncGenFn.prototype), '%AsyncGeneratorPrototype% is prototype of ' + fnName + '.prototype');
-	});
-
-	t.end();
-});
-
-test('%ThrowTypeError%', function (t) {
-	var $ThrowTypeError = GetIntrinsic('%ThrowTypeError%');
-
-	t.equal(typeof $ThrowTypeError, 'function', 'is a function');
-	t['throws'](
-		$ThrowTypeError,
-		TypeError,
-		'%ThrowTypeError% throws a TypeError'
-	);
-
-	t.end();
-});
-
-test('allowMissing', { skip: asyncGenFns.length > 0 }, function (t) {
-	t['throws'](
-		function () { GetIntrinsic('%AsyncGeneratorPrototype%'); },
-		TypeError,
-		'throws when missing'
-	);
-
-	t.equal(
-		GetIntrinsic('%AsyncGeneratorPrototype%', true),
-		undefined,
-		'does not throw when allowMissing'
-	);
-
-	t.end();
-});
diff --git a/src/Servers/ExpressServer/node_modules/get-proto/.eslintrc b/src/Servers/ExpressServer/node_modules/get-proto/.eslintrc
deleted file mode 100644
index 1d21a8a..0000000
--- a/src/Servers/ExpressServer/node_modules/get-proto/.eslintrc
+++ /dev/null
@@ -1,10 +0,0 @@
-{
-	"root": true,
-
-	"extends": "@ljharb",
-
-	"rules": {
-		"id-length": "off",
-		"sort-keys": "off",
-	},
-}
diff --git a/src/Servers/ExpressServer/node_modules/get-proto/.github/FUNDING.yml b/src/Servers/ExpressServer/node_modules/get-proto/.github/FUNDING.yml
deleted file mode 100644
index 93183ef..0000000
--- a/src/Servers/ExpressServer/node_modules/get-proto/.github/FUNDING.yml
+++ /dev/null
@@ -1,12 +0,0 @@
-# These are supported funding model platforms
-
-github: [ljharb]
-patreon: # Replace with a single Patreon username
-open_collective: # Replace with a single Open Collective username
-ko_fi: # Replace with a single Ko-fi username
-tidelift: npm/get-proto
-community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
-liberapay: # Replace with a single Liberapay username
-issuehunt: # Replace with a single IssueHunt username
-otechie: # Replace with a single Otechie username
-custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']
diff --git a/src/Servers/ExpressServer/node_modules/get-proto/.nycrc b/src/Servers/ExpressServer/node_modules/get-proto/.nycrc
deleted file mode 100644
index bdd626c..0000000
--- a/src/Servers/ExpressServer/node_modules/get-proto/.nycrc
+++ /dev/null
@@ -1,9 +0,0 @@
-{
-	"all": true,
-	"check-coverage": false,
-	"reporter": ["text-summary", "text", "html", "json"],
-	"exclude": [
-		"coverage",
-		"test"
-	]
-}
diff --git a/src/Servers/ExpressServer/node_modules/get-proto/CHANGELOG.md b/src/Servers/ExpressServer/node_modules/get-proto/CHANGELOG.md
deleted file mode 100644
index 5860229..0000000
--- a/src/Servers/ExpressServer/node_modules/get-proto/CHANGELOG.md
+++ /dev/null
@@ -1,21 +0,0 @@
-# Changelog
-
-All notable changes to this project will be documented in this file.
-
-The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
-and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
-
-## [v1.0.1](https://github.com/ljharb/get-proto/compare/v1.0.0...v1.0.1) - 2025-01-02
-
-### Commits
-
-- [Fix] for the `Object.getPrototypeOf` window, throw for non-objects [`7fe6508`](https://github.com/ljharb/get-proto/commit/7fe6508b71419ebe1976bedb86001d1feaeaa49a)
-
-## v1.0.0 - 2025-01-01
-
-### Commits
-
-- Initial implementation, tests, readme, types [`5c70775`](https://github.com/ljharb/get-proto/commit/5c707751e81c3deeb2cf980d185fc7fd43611415)
-- Initial commit [`7c65c2a`](https://github.com/ljharb/get-proto/commit/7c65c2ad4e33d5dae2f219ebe1a046ae2256972c)
-- npm init [`0b8cf82`](https://github.com/ljharb/get-proto/commit/0b8cf824c9634e4a34ef7dd2a2cdc5be6ac79518)
-- Only apps should have lockfiles [`a6d1bff`](https://github.com/ljharb/get-proto/commit/a6d1bffc364f5828377cea7194558b2dbef7aea2)
diff --git a/src/Servers/ExpressServer/node_modules/get-proto/LICENSE b/src/Servers/ExpressServer/node_modules/get-proto/LICENSE
deleted file mode 100644
index eeabd1c..0000000
--- a/src/Servers/ExpressServer/node_modules/get-proto/LICENSE
+++ /dev/null
@@ -1,21 +0,0 @@
-MIT License
-
-Copyright (c) 2025 Jordan Harband
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/get-proto/Object.getPrototypeOf.d.ts b/src/Servers/ExpressServer/node_modules/get-proto/Object.getPrototypeOf.d.ts
deleted file mode 100644
index 028b3ff..0000000
--- a/src/Servers/ExpressServer/node_modules/get-proto/Object.getPrototypeOf.d.ts
+++ /dev/null
@@ -1,5 +0,0 @@
-declare function getProto<O extends object>(object: O): object | null;
-
-declare const x: typeof getProto | null;
-
-export = x;
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/get-proto/Object.getPrototypeOf.js b/src/Servers/ExpressServer/node_modules/get-proto/Object.getPrototypeOf.js
deleted file mode 100644
index c2cbbdf..0000000
--- a/src/Servers/ExpressServer/node_modules/get-proto/Object.getPrototypeOf.js
+++ /dev/null
@@ -1,6 +0,0 @@
-'use strict';
-
-var $Object = require('es-object-atoms');
-
-/** @type {import('./Object.getPrototypeOf')} */
-module.exports = $Object.getPrototypeOf || null;
diff --git a/src/Servers/ExpressServer/node_modules/get-proto/README.md b/src/Servers/ExpressServer/node_modules/get-proto/README.md
deleted file mode 100644
index f8b4cce..0000000
--- a/src/Servers/ExpressServer/node_modules/get-proto/README.md
+++ /dev/null
@@ -1,50 +0,0 @@
-# get-proto <sup>[![Version Badge][npm-version-svg]][package-url]</sup>
-
-[![github actions][actions-image]][actions-url]
-[![coverage][codecov-image]][codecov-url]
-[![License][license-image]][license-url]
-[![Downloads][downloads-image]][downloads-url]
-
-[![npm badge][npm-badge-png]][package-url]
-
-Robustly get the [[Prototype]] of an object. Uses the best available method.
-
-## Getting started
-
-```sh
-npm install --save get-proto
-```
-
-## Usage/Examples
-
-```js
-const assert = require('assert');
-const getProto = require('get-proto');
-
-const a = { a: 1, b: 2, [Symbol.toStringTag]: 'foo' };
-const b = { c: 3, __proto__: a };
-
-assert.equal(getProto(b), a);
-assert.equal(getProto(a), Object.prototype);
-assert.equal(getProto({ __proto__: null }), null);
-```
-
-## Tests
-
-Clone the repo, `npm install`, and run `npm test`
-
-[package-url]: https://npmjs.org/package/get-proto
-[npm-version-svg]: https://versionbadg.es/ljharb/get-proto.svg
-[deps-svg]: https://david-dm.org/ljharb/get-proto.svg
-[deps-url]: https://david-dm.org/ljharb/get-proto
-[dev-deps-svg]: https://david-dm.org/ljharb/get-proto/dev-status.svg
-[dev-deps-url]: https://david-dm.org/ljharb/get-proto#info=devDependencies
-[npm-badge-png]: https://nodei.co/npm/get-proto.png?downloads=true&stars=true
-[license-image]: https://img.shields.io/npm/l/get-proto.svg
-[license-url]: LICENSE
-[downloads-image]: https://img.shields.io/npm/dm/get-proto.svg
-[downloads-url]: https://npm-stat.com/charts.html?package=get-proto
-[codecov-image]: https://codecov.io/gh/ljharb/get-proto/branch/main/graphs/badge.svg
-[codecov-url]: https://app.codecov.io/gh/ljharb/get-proto/
-[actions-image]: https://img.shields.io/endpoint?url=https://github-actions-badge-u3jn4tfpocch.runkit.sh/ljharb/get-proto
-[actions-url]: https://github.com/ljharb/get-proto/actions
diff --git a/src/Servers/ExpressServer/node_modules/get-proto/Reflect.getPrototypeOf.d.ts b/src/Servers/ExpressServer/node_modules/get-proto/Reflect.getPrototypeOf.d.ts
deleted file mode 100644
index 2388fe0..0000000
--- a/src/Servers/ExpressServer/node_modules/get-proto/Reflect.getPrototypeOf.d.ts
+++ /dev/null
@@ -1,3 +0,0 @@
-declare const x: typeof Reflect.getPrototypeOf | null;
-
-export = x;
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/get-proto/Reflect.getPrototypeOf.js b/src/Servers/ExpressServer/node_modules/get-proto/Reflect.getPrototypeOf.js
deleted file mode 100644
index e6c51be..0000000
--- a/src/Servers/ExpressServer/node_modules/get-proto/Reflect.getPrototypeOf.js
+++ /dev/null
@@ -1,4 +0,0 @@
-'use strict';
-
-/** @type {import('./Reflect.getPrototypeOf')} */
-module.exports = (typeof Reflect !== 'undefined' && Reflect.getPrototypeOf) || null;
diff --git a/src/Servers/ExpressServer/node_modules/get-proto/index.d.ts b/src/Servers/ExpressServer/node_modules/get-proto/index.d.ts
deleted file mode 100644
index 2c021f3..0000000
--- a/src/Servers/ExpressServer/node_modules/get-proto/index.d.ts
+++ /dev/null
@@ -1,5 +0,0 @@
-declare function getProto<O extends object>(object: O): object | null;
-
-declare const x: typeof getProto | null;
-
-export = x;
diff --git a/src/Servers/ExpressServer/node_modules/get-proto/index.js b/src/Servers/ExpressServer/node_modules/get-proto/index.js
deleted file mode 100644
index 7e5747b..0000000
--- a/src/Servers/ExpressServer/node_modules/get-proto/index.js
+++ /dev/null
@@ -1,27 +0,0 @@
-'use strict';
-
-var reflectGetProto = require('./Reflect.getPrototypeOf');
-var originalGetProto = require('./Object.getPrototypeOf');
-
-var getDunderProto = require('dunder-proto/get');
-
-/** @type {import('.')} */
-module.exports = reflectGetProto
-	? function getProto(O) {
-		// @ts-expect-error TS can't narrow inside a closure, for some reason
-		return reflectGetProto(O);
-	}
-	: originalGetProto
-		? function getProto(O) {
-			if (!O || (typeof O !== 'object' && typeof O !== 'function')) {
-				throw new TypeError('getProto: not an object');
-			}
-			// @ts-expect-error TS can't narrow inside a closure, for some reason
-			return originalGetProto(O);
-		}
-		: getDunderProto
-			? function getProto(O) {
-				// @ts-expect-error TS can't narrow inside a closure, for some reason
-				return getDunderProto(O);
-			}
-			: null;
diff --git a/src/Servers/ExpressServer/node_modules/get-proto/package.json b/src/Servers/ExpressServer/node_modules/get-proto/package.json
deleted file mode 100644
index 9c35cec..0000000
--- a/src/Servers/ExpressServer/node_modules/get-proto/package.json
+++ /dev/null
@@ -1,81 +0,0 @@
-{
-	"name": "get-proto",
-	"version": "1.0.1",
-	"description": "Robustly get the [[Prototype]] of an object",
-	"main": "index.js",
-	"exports": {
-		".": "./index.js",
-		"./Reflect.getPrototypeOf": "./Reflect.getPrototypeOf.js",
-		"./Object.getPrototypeOf": "./Object.getPrototypeOf.js",
-		"./package.json": "./package.json"
-	},
-	"scripts": {
-		"prepack": "npmignore --auto --commentLines=autogenerated",
-		"prepublish": "not-in-publish || npm run prepublishOnly",
-		"prepublishOnly": "safe-publish-latest",
-		"pretest": "npm run --silent lint",
-		"test": "npm run tests-only",
-		"posttest": "npx npm@\">=10.2\" audit --production",
-		"tests-only": "nyc tape 'test/**/*.js'",
-		"prelint": "evalmd README.md",
-		"lint": "eslint --ext=js,mjs .",
-		"postlint": "tsc && attw -P",
-		"version": "auto-changelog && git add CHANGELOG.md",
-		"postversion": "auto-changelog && git add CHANGELOG.md && git commit --no-edit --amend && git tag -f \"v$(node -e \"console.log(require('./package.json').version)\")\""
-	},
-	"repository": {
-		"type": "git",
-		"url": "git+https://github.com/ljharb/get-proto.git"
-	},
-	"keywords": [
-		"get",
-		"proto",
-		"prototype",
-		"getPrototypeOf",
-		"[[Prototype]]"
-	],
-	"author": "Jordan Harband <ljharb@gmail.com>",
-	"license": "MIT",
-	"bugs": {
-		"url": "https://github.com/ljharb/get-proto/issues"
-	},
-	"homepage": "https://github.com/ljharb/get-proto#readme",
-	"dependencies": {
-		"dunder-proto": "^1.0.1",
-		"es-object-atoms": "^1.0.0"
-	},
-	"devDependencies": {
-		"@arethetypeswrong/cli": "^0.17.2",
-		"@ljharb/eslint-config": "^21.1.1",
-		"@ljharb/tsconfig": "^0.2.3",
-		"@types/tape": "^5.8.0",
-		"auto-changelog": "^2.5.0",
-		"eslint": "=8.8.0",
-		"evalmd": "^0.0.19",
-		"in-publish": "^2.0.1",
-		"npmignore": "^0.3.1",
-		"nyc": "^10.3.2",
-		"safe-publish-latest": "^2.0.0",
-		"tape": "^5.9.0",
-		"typescript": "next"
-	},
-	"engines": {
-		"node": ">= 0.4"
-	},
-	"auto-changelog": {
-		"output": "CHANGELOG.md",
-		"template": "keepachangelog",
-		"unreleased": false,
-		"commitLimit": false,
-		"backfillLimit": false,
-		"hideCredit": true
-	},
-	"publishConfig": {
-		"ignore": [
-			".github/workflows"
-		]
-	},
-	"testling": {
-		"files": "test/index.js"
-	}
-}
diff --git a/src/Servers/ExpressServer/node_modules/get-proto/test/index.js b/src/Servers/ExpressServer/node_modules/get-proto/test/index.js
deleted file mode 100644
index 5a2ece2..0000000
--- a/src/Servers/ExpressServer/node_modules/get-proto/test/index.js
+++ /dev/null
@@ -1,68 +0,0 @@
-'use strict';
-
-var test = require('tape');
-
-var getProto = require('../');
-
-test('getProto', function (t) {
-	t.equal(typeof getProto, 'function', 'is a function');
-
-	t.test('can get', { skip: !getProto }, function (st) {
-		if (getProto) { // TS doesn't understand tape's skip
-			var proto = { b: 2 };
-			st.equal(getProto(proto), Object.prototype, 'proto: returns the [[Prototype]]');
-
-			st.test('nullish value', function (s2t) {
-			// @ts-expect-error
-				s2t['throws'](function () { return getProto(undefined); }, TypeError, 'undefined is not an object');
-				// @ts-expect-error
-				s2t['throws'](function () { return getProto(null); }, TypeError, 'null is not an object');
-				s2t.end();
-			});
-
-			// @ts-expect-error
-			st['throws'](function () { getProto(true); }, 'throws for true');
-			// @ts-expect-error
-			st['throws'](function () { getProto(false); }, 'throws for false');
-			// @ts-expect-error
-			st['throws'](function () { getProto(42); }, 'throws for 42');
-			// @ts-expect-error
-			st['throws'](function () { getProto(NaN); }, 'throws for NaN');
-			// @ts-expect-error
-			st['throws'](function () { getProto(0); }, 'throws for +0');
-			// @ts-expect-error
-			st['throws'](function () { getProto(-0); }, 'throws for -0');
-			// @ts-expect-error
-			st['throws'](function () { getProto(Infinity); }, 'throws for ∞');
-			// @ts-expect-error
-			st['throws'](function () { getProto(-Infinity); }, 'throws for -∞');
-			// @ts-expect-error
-			st['throws'](function () { getProto(''); }, 'throws for empty string');
-			// @ts-expect-error
-			st['throws'](function () { getProto('foo'); }, 'throws for non-empty string');
-			st.equal(getProto(/a/g), RegExp.prototype);
-			st.equal(getProto(new Date()), Date.prototype);
-			st.equal(getProto(function () {}), Function.prototype);
-			st.equal(getProto([]), Array.prototype);
-			st.equal(getProto({}), Object.prototype);
-
-			var nullObject = { __proto__: null };
-			if ('toString' in nullObject) {
-				st.comment('no null objects in this engine');
-				st.equal(getProto(nullObject), Object.prototype, '"null" object has Object.prototype as [[Prototype]]');
-			} else {
-				st.equal(getProto(nullObject), null, 'null object has null [[Prototype]]');
-			}
-		}
-
-		st.end();
-	});
-
-	t.test('can not get', { skip: !!getProto }, function (st) {
-		st.equal(getProto, null);
-
-		st.end();
-	});
-
-	t.end();
-});
diff --git a/src/Servers/ExpressServer/node_modules/get-proto/tsconfig.json b/src/Servers/ExpressServer/node_modules/get-proto/tsconfig.json
deleted file mode 100644
index 60fb90e..0000000
--- a/src/Servers/ExpressServer/node_modules/get-proto/tsconfig.json
+++ /dev/null
@@ -1,9 +0,0 @@
-{
-	"extends": "@ljharb/tsconfig",
-	"compilerOptions": {
-		//"target": "es2021",
-	},
-	"exclude": [
-		"coverage",
-	],
-}
diff --git a/src/Servers/ExpressServer/node_modules/gopd/.eslintrc b/src/Servers/ExpressServer/node_modules/gopd/.eslintrc
deleted file mode 100644
index e2550c0..0000000
--- a/src/Servers/ExpressServer/node_modules/gopd/.eslintrc
+++ /dev/null
@@ -1,16 +0,0 @@
-{
-	"root": true,
-
-	"extends": "@ljharb",
-
-	"rules": {
-		"func-style": [2, "declaration"],
-		"id-length": 0,
-		"multiline-comment-style": 0,
-		"new-cap": [2, {
-			"capIsNewExceptions": [
-				"GetIntrinsic",
-			],
-		}],
-	},
-}
diff --git a/src/Servers/ExpressServer/node_modules/gopd/.github/FUNDING.yml b/src/Servers/ExpressServer/node_modules/gopd/.github/FUNDING.yml
deleted file mode 100644
index 94a44a8..0000000
--- a/src/Servers/ExpressServer/node_modules/gopd/.github/FUNDING.yml
+++ /dev/null
@@ -1,12 +0,0 @@
-# These are supported funding model platforms
-
-github: [ljharb]
-patreon: # Replace with a single Patreon username
-open_collective: # Replace with a single Open Collective username
-ko_fi: # Replace with a single Ko-fi username
-tidelift: npm/gopd
-community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
-liberapay: # Replace with a single Liberapay username
-issuehunt: # Replace with a single IssueHunt username
-otechie: # Replace with a single Otechie username
-custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']
diff --git a/src/Servers/ExpressServer/node_modules/gopd/CHANGELOG.md b/src/Servers/ExpressServer/node_modules/gopd/CHANGELOG.md
deleted file mode 100644
index 87f5727..0000000
--- a/src/Servers/ExpressServer/node_modules/gopd/CHANGELOG.md
+++ /dev/null
@@ -1,45 +0,0 @@
-# Changelog
-
-All notable changes to this project will be documented in this file.
-
-The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
-and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
-
-## [v1.2.0](https://github.com/ljharb/gopd/compare/v1.1.0...v1.2.0) - 2024-12-03
-
-### Commits
-
-- [New] add `gOPD` entry point; remove `get-intrinsic` [`5b61232`](https://github.com/ljharb/gopd/commit/5b61232dedea4591a314bcf16101b1961cee024e)
-
-## [v1.1.0](https://github.com/ljharb/gopd/compare/v1.0.1...v1.1.0) - 2024-11-29
-
-### Commits
-
-- [New] add types [`f585e39`](https://github.com/ljharb/gopd/commit/f585e397886d270e4ba84e53d226e4f9ca2eb0e6)
-- [Dev Deps] update `@ljharb/eslint-config`, `auto-changelog`, `tape` [`0b8e4fd`](https://github.com/ljharb/gopd/commit/0b8e4fded64397a7726a9daa144a6cc9a5e2edfa)
-- [Dev Deps] update `aud`, `npmignore`, `tape` [`48378b2`](https://github.com/ljharb/gopd/commit/48378b2443f09a4f7efbd0fb6c3ee845a6cabcf3)
-- [Dev Deps] update `@ljharb/eslint-config`, `aud`, `tape` [`78099ee`](https://github.com/ljharb/gopd/commit/78099eeed41bfdc134c912280483689cc8861c31)
-- [Tests] replace `aud` with `npm audit` [`4e0d0ac`](https://github.com/ljharb/gopd/commit/4e0d0ac47619d24a75318a8e1f543ee04b2a2632)
-- [meta] add missing `engines.node` [`1443316`](https://github.com/ljharb/gopd/commit/14433165d07835c680155b3dfd62d9217d735eca)
-- [Deps] update `get-intrinsic` [`eee5f51`](https://github.com/ljharb/gopd/commit/eee5f51769f3dbaf578b70e2a3199116b01aa670)
-- [Deps] update `get-intrinsic` [`550c378`](https://github.com/ljharb/gopd/commit/550c3780e3a9c77b62565712a001b4ed64ea61f5)
-- [Dev Deps] add missing peer dep [`8c2ecf8`](https://github.com/ljharb/gopd/commit/8c2ecf848122e4e30abfc5b5086fb48b390dce75)
-
-## [v1.0.1](https://github.com/ljharb/gopd/compare/v1.0.0...v1.0.1) - 2022-11-01
-
-### Commits
-
-- [Fix] actually export gOPD instead of dP [`4b624bf`](https://github.com/ljharb/gopd/commit/4b624bfbeff788c5e3ff16d9443a83627847234f)
-
-## v1.0.0 - 2022-11-01
-
-### Commits
-
-- Initial implementation, tests, readme [`0911e01`](https://github.com/ljharb/gopd/commit/0911e012cd642092bd88b732c161c58bf4f20bea)
-- Initial commit [`b84e33f`](https://github.com/ljharb/gopd/commit/b84e33f5808a805ac57ff88d4247ad935569acbe)
-- [actions] add reusable workflows [`12ae28a`](https://github.com/ljharb/gopd/commit/12ae28ae5f50f86e750215b6e2188901646d0119)
-- npm init [`280118b`](https://github.com/ljharb/gopd/commit/280118badb45c80b4483836b5cb5315bddf6e582)
-- [meta] add `auto-changelog` [`bb78de5`](https://github.com/ljharb/gopd/commit/bb78de5639a180747fb290c28912beaaf1615709)
-- [meta] create FUNDING.yml; add `funding` in package.json [`11c22e6`](https://github.com/ljharb/gopd/commit/11c22e6355bb01f24e7fac4c9bb3055eb5b25002)
-- [meta] use `npmignore` to autogenerate an npmignore file [`4f4537a`](https://github.com/ljharb/gopd/commit/4f4537a843b39f698c52f072845092e6fca345bb)
-- Only apps should have lockfiles [`c567022`](https://github.com/ljharb/gopd/commit/c567022a18573aa7951cf5399445d9840e23e98b)
diff --git a/src/Servers/ExpressServer/node_modules/gopd/LICENSE b/src/Servers/ExpressServer/node_modules/gopd/LICENSE
deleted file mode 100644
index 6abfe14..0000000
--- a/src/Servers/ExpressServer/node_modules/gopd/LICENSE
+++ /dev/null
@@ -1,21 +0,0 @@
-MIT License
-
-Copyright (c) 2022 Jordan Harband
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/gopd/README.md b/src/Servers/ExpressServer/node_modules/gopd/README.md
deleted file mode 100644
index 784e56a..0000000
--- a/src/Servers/ExpressServer/node_modules/gopd/README.md
+++ /dev/null
@@ -1,40 +0,0 @@
-# gopd <sup>[![Version Badge][npm-version-svg]][package-url]</sup>
-
-[![github actions][actions-image]][actions-url]
-[![coverage][codecov-image]][codecov-url]
-[![License][license-image]][license-url]
-[![Downloads][downloads-image]][downloads-url]
-
-[![npm badge][npm-badge-png]][package-url]
-
-`Object.getOwnPropertyDescriptor`, but accounts for IE's broken implementation.
-
-## Usage
-
-```javascript
-var gOPD = require('gopd');
-var assert = require('assert');
-
-if (gOPD) {
-	assert.equal(typeof gOPD, 'function', 'descriptors supported');
-	// use gOPD like Object.getOwnPropertyDescriptor here
-} else {
-	assert.ok(!gOPD, 'descriptors not supported');
-}
-```
-
-[package-url]: https://npmjs.org/package/gopd
-[npm-version-svg]: https://versionbadg.es/ljharb/gopd.svg
-[deps-svg]: https://david-dm.org/ljharb/gopd.svg
-[deps-url]: https://david-dm.org/ljharb/gopd
-[dev-deps-svg]: https://david-dm.org/ljharb/gopd/dev-status.svg
-[dev-deps-url]: https://david-dm.org/ljharb/gopd#info=devDependencies
-[npm-badge-png]: https://nodei.co/npm/gopd.png?downloads=true&stars=true
-[license-image]: https://img.shields.io/npm/l/gopd.svg
-[license-url]: LICENSE
-[downloads-image]: https://img.shields.io/npm/dm/gopd.svg
-[downloads-url]: https://npm-stat.com/charts.html?package=gopd
-[codecov-image]: https://codecov.io/gh/ljharb/gopd/branch/main/graphs/badge.svg
-[codecov-url]: https://app.codecov.io/gh/ljharb/gopd/
-[actions-image]: https://img.shields.io/endpoint?url=https://github-actions-badge-u3jn4tfpocch.runkit.sh/ljharb/gopd
-[actions-url]: https://github.com/ljharb/gopd/actions
diff --git a/src/Servers/ExpressServer/node_modules/gopd/gOPD.d.ts b/src/Servers/ExpressServer/node_modules/gopd/gOPD.d.ts
deleted file mode 100644
index def48a3..0000000
--- a/src/Servers/ExpressServer/node_modules/gopd/gOPD.d.ts
+++ /dev/null
@@ -1 +0,0 @@
-export = Object.getOwnPropertyDescriptor;
diff --git a/src/Servers/ExpressServer/node_modules/gopd/gOPD.js b/src/Servers/ExpressServer/node_modules/gopd/gOPD.js
deleted file mode 100644
index cf9616c..0000000
--- a/src/Servers/ExpressServer/node_modules/gopd/gOPD.js
+++ /dev/null
@@ -1,4 +0,0 @@
-'use strict';
-
-/** @type {import('./gOPD')} */
-module.exports = Object.getOwnPropertyDescriptor;
diff --git a/src/Servers/ExpressServer/node_modules/gopd/index.d.ts b/src/Servers/ExpressServer/node_modules/gopd/index.d.ts
deleted file mode 100644
index e228065..0000000
--- a/src/Servers/ExpressServer/node_modules/gopd/index.d.ts
+++ /dev/null
@@ -1,5 +0,0 @@
-declare function gOPD<O extends object, K extends keyof O>(obj: O, prop: K): PropertyDescriptor | undefined;
-
-declare const fn: typeof gOPD | undefined | null;
-
-export = fn;
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/gopd/index.js b/src/Servers/ExpressServer/node_modules/gopd/index.js
deleted file mode 100644
index a4081b0..0000000
--- a/src/Servers/ExpressServer/node_modules/gopd/index.js
+++ /dev/null
@@ -1,15 +0,0 @@
-'use strict';
-
-/** @type {import('.')} */
-var $gOPD = require('./gOPD');
-
-if ($gOPD) {
-	try {
-		$gOPD([], 'length');
-	} catch (e) {
-		// IE 8 has a broken gOPD
-		$gOPD = null;
-	}
-}
-
-module.exports = $gOPD;
diff --git a/src/Servers/ExpressServer/node_modules/gopd/package.json b/src/Servers/ExpressServer/node_modules/gopd/package.json
deleted file mode 100644
index 01c5ffa..0000000
--- a/src/Servers/ExpressServer/node_modules/gopd/package.json
+++ /dev/null
@@ -1,77 +0,0 @@
-{
-	"name": "gopd",
-	"version": "1.2.0",
-	"description": "`Object.getOwnPropertyDescriptor`, but accounts for IE's broken implementation.",
-	"main": "index.js",
-	"exports": {
-		".": "./index.js",
-		"./gOPD": "./gOPD.js",
-		"./package.json": "./package.json"
-	},
-	"sideEffects": false,
-	"scripts": {
-		"prepack": "npmignore --auto --commentLines=autogenerated",
-		"prepublishOnly": "safe-publish-latest",
-		"prepublish": "not-in-publish || npm run prepublishOnly",
-		"prelint": "tsc -p . && attw -P",
-		"lint": "eslint --ext=js,mjs .",
-		"postlint": "evalmd README.md",
-		"pretest": "npm run lint",
-		"tests-only": "tape 'test/**/*.js'",
-		"test": "npm run tests-only",
-		"posttest": "npx npm@'>=10.2' audit --production",
-		"version": "auto-changelog && git add CHANGELOG.md",
-		"postversion": "auto-changelog && git add CHANGELOG.md && git commit --no-edit --amend && git tag -f \"v$(node -e \"console.log(require('./package.json').version)\")\""
-	},
-	"repository": {
-		"type": "git",
-		"url": "git+https://github.com/ljharb/gopd.git"
-	},
-	"keywords": [
-		"ecmascript",
-		"javascript",
-		"getownpropertydescriptor",
-		"property",
-		"descriptor"
-	],
-	"author": "Jordan Harband <ljharb@gmail.com>",
-	"funding": {
-		"url": "https://github.com/sponsors/ljharb"
-	},
-	"license": "MIT",
-	"bugs": {
-		"url": "https://github.com/ljharb/gopd/issues"
-	},
-	"homepage": "https://github.com/ljharb/gopd#readme",
-	"devDependencies": {
-		"@arethetypeswrong/cli": "^0.17.0",
-		"@ljharb/eslint-config": "^21.1.1",
-		"@ljharb/tsconfig": "^0.2.0",
-		"@types/tape": "^5.6.5",
-		"auto-changelog": "^2.5.0",
-		"encoding": "^0.1.13",
-		"eslint": "=8.8.0",
-		"evalmd": "^0.0.19",
-		"in-publish": "^2.0.1",
-		"npmignore": "^0.3.1",
-		"safe-publish-latest": "^2.0.0",
-		"tape": "^5.9.0",
-		"typescript": "next"
-	},
-	"auto-changelog": {
-		"output": "CHANGELOG.md",
-		"template": "keepachangelog",
-		"unreleased": false,
-		"commitLimit": false,
-		"backfillLimit": false,
-		"hideCredit": true
-	},
-	"publishConfig": {
-		"ignore": [
-			".github/workflows"
-		]
-	},
-	"engines": {
-		"node": ">= 0.4"
-	}
-}
diff --git a/src/Servers/ExpressServer/node_modules/gopd/test/index.js b/src/Servers/ExpressServer/node_modules/gopd/test/index.js
deleted file mode 100644
index 6f43453..0000000
--- a/src/Servers/ExpressServer/node_modules/gopd/test/index.js
+++ /dev/null
@@ -1,36 +0,0 @@
-'use strict';
-
-var test = require('tape');
-var gOPD = require('../');
-
-test('gOPD', function (t) {
-	t.test('supported', { skip: !gOPD }, function (st) {
-		st.equal(typeof gOPD, 'function', 'is a function');
-
-		var obj = { x: 1 };
-		st.ok('x' in obj, 'property exists');
-
-		// @ts-expect-error TS can't figure out narrowing from `skip`
-		var desc = gOPD(obj, 'x');
-		st.deepEqual(
-			desc,
-			{
-				configurable: true,
-				enumerable: true,
-				value: 1,
-				writable: true
-			},
-			'descriptor is as expected'
-		);
-
-		st.end();
-	});
-
-	t.test('not supported', { skip: !!gOPD }, function (st) {
-		st.notOk(gOPD, 'is falsy');
-
-		st.end();
-	});
-
-	t.end();
-});
diff --git a/src/Servers/ExpressServer/node_modules/gopd/tsconfig.json b/src/Servers/ExpressServer/node_modules/gopd/tsconfig.json
deleted file mode 100644
index d9a6668..0000000
--- a/src/Servers/ExpressServer/node_modules/gopd/tsconfig.json
+++ /dev/null
@@ -1,9 +0,0 @@
-{
-	"extends": "@ljharb/tsconfig",
-	"compilerOptions": {
-		"target": "es2021",
-	},
-	"exclude": [
-		"coverage",
-	],
-}
diff --git a/src/Servers/ExpressServer/node_modules/has-symbols/.eslintrc b/src/Servers/ExpressServer/node_modules/has-symbols/.eslintrc
deleted file mode 100644
index 2d9a66a..0000000
--- a/src/Servers/ExpressServer/node_modules/has-symbols/.eslintrc
+++ /dev/null
@@ -1,11 +0,0 @@
-{
-	"root": true,
-
-	"extends": "@ljharb",
-
-	"rules": {
-		"max-statements-per-line": [2, { "max": 2 }],
-		"no-magic-numbers": 0,
-		"multiline-comment-style": 0,
-	}
-}
diff --git a/src/Servers/ExpressServer/node_modules/has-symbols/.github/FUNDING.yml b/src/Servers/ExpressServer/node_modules/has-symbols/.github/FUNDING.yml
deleted file mode 100644
index 04cf87e..0000000
--- a/src/Servers/ExpressServer/node_modules/has-symbols/.github/FUNDING.yml
+++ /dev/null
@@ -1,12 +0,0 @@
-# These are supported funding model platforms
-
-github: [ljharb]
-patreon: # Replace with a single Patreon username
-open_collective: # Replace with a single Open Collective username
-ko_fi: # Replace with a single Ko-fi username
-tidelift: npm/has-symbols
-community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
-liberapay: # Replace with a single Liberapay username
-issuehunt: # Replace with a single IssueHunt username
-otechie: # Replace with a single Otechie username
-custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']
diff --git a/src/Servers/ExpressServer/node_modules/has-symbols/.nycrc b/src/Servers/ExpressServer/node_modules/has-symbols/.nycrc
deleted file mode 100644
index bdd626c..0000000
--- a/src/Servers/ExpressServer/node_modules/has-symbols/.nycrc
+++ /dev/null
@@ -1,9 +0,0 @@
-{
-	"all": true,
-	"check-coverage": false,
-	"reporter": ["text-summary", "text", "html", "json"],
-	"exclude": [
-		"coverage",
-		"test"
-	]
-}
diff --git a/src/Servers/ExpressServer/node_modules/has-symbols/CHANGELOG.md b/src/Servers/ExpressServer/node_modules/has-symbols/CHANGELOG.md
deleted file mode 100644
index cc3cf83..0000000
--- a/src/Servers/ExpressServer/node_modules/has-symbols/CHANGELOG.md
+++ /dev/null
@@ -1,91 +0,0 @@
-# Changelog
-
-All notable changes to this project will be documented in this file.
-
-The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
-and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
-
-## [v1.1.0](https://github.com/inspect-js/has-symbols/compare/v1.0.3...v1.1.0) - 2024-12-02
-
-### Commits
-
-- [actions] update workflows [`548c0bf`](https://github.com/inspect-js/has-symbols/commit/548c0bf8c9b1235458df7a1c0490b0064647a282)
-- [actions] further shard; update action deps [`bec56bb`](https://github.com/inspect-js/has-symbols/commit/bec56bb0fb44b43a786686b944875a3175cf3ff3)
-- [meta] use `npmignore` to autogenerate an npmignore file [`ac81032`](https://github.com/inspect-js/has-symbols/commit/ac81032809157e0a079e5264e9ce9b6f1275777e)
-- [New] add types [`6469cbf`](https://github.com/inspect-js/has-symbols/commit/6469cbff1866cfe367b2b3d181d9296ec14b2a3d)
-- [actions] update rebase action to use reusable workflow [`9c9d4d0`](https://github.com/inspect-js/has-symbols/commit/9c9d4d0d8938e4b267acdf8e421f4e92d1716d72)
-- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `aud`, `tape` [`adb5887`](https://github.com/inspect-js/has-symbols/commit/adb5887ca9444849b08beb5caaa9e1d42320cdfb)
-- [Dev Deps] update `@ljharb/eslint-config`, `aud`, `tape` [`13ec198`](https://github.com/inspect-js/has-symbols/commit/13ec198ec80f1993a87710af1606a1970b22c7cb)
-- [Dev Deps] update `auto-changelog`, `core-js`, `tape` [`941be52`](https://github.com/inspect-js/has-symbols/commit/941be5248387cab1da72509b22acf3fdb223f057)
-- [Tests] replace `aud` with `npm audit` [`74f49e9`](https://github.com/inspect-js/has-symbols/commit/74f49e9a9d17a443020784234a1c53ce765b3559)
-- [Dev Deps] update `npmignore` [`9c0ac04`](https://github.com/inspect-js/has-symbols/commit/9c0ac0452a834f4c2a4b54044f2d6a89f17e9a70)
-- [Dev Deps] add missing peer dep [`52337a5`](https://github.com/inspect-js/has-symbols/commit/52337a5621cced61f846f2afdab7707a8132cc12)
-
-## [v1.0.3](https://github.com/inspect-js/has-symbols/compare/v1.0.2...v1.0.3) - 2022-03-01
-
-### Commits
-
-- [actions] use `node/install` instead of `node/run`; use `codecov` action [`518b28f`](https://github.com/inspect-js/has-symbols/commit/518b28f6c5a516cbccae30794e40aa9f738b1693)
-- [meta] add `bugs` and `homepage` fields; reorder package.json [`c480b13`](https://github.com/inspect-js/has-symbols/commit/c480b13fd6802b557e1cef9749872cb5fdeef744)
-- [actions] reuse common workflows [`01d0ee0`](https://github.com/inspect-js/has-symbols/commit/01d0ee0a8d97c0947f5edb73eb722027a77b2b07)
-- [actions] update codecov uploader [`6424ebe`](https://github.com/inspect-js/has-symbols/commit/6424ebe86b2c9c7c3d2e9bd4413a4e4f168cb275)
-- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `aud`, `auto-changelog`, `tape` [`dfa7e7f`](https://github.com/inspect-js/has-symbols/commit/dfa7e7ff38b594645d8c8222aab895157fa7e282)
-- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `safe-publish-latest`, `tape` [`0c8d436`](https://github.com/inspect-js/has-symbols/commit/0c8d43685c45189cea9018191d4fd7eca91c9d02)
-- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `aud`, `tape` [`9026554`](https://github.com/inspect-js/has-symbols/commit/902655442a1bf88e72b42345494ef0c60f5d36ab)
-- [readme] add actions and codecov badges [`eaa9682`](https://github.com/inspect-js/has-symbols/commit/eaa9682f990f481d3acf7a1c7600bec36f7b3adc)
-- [Dev Deps] update `eslint`, `tape` [`bc7a3ba`](https://github.com/inspect-js/has-symbols/commit/bc7a3ba46f27b7743f8a2579732d59d1b9ac791e)
-- [Dev Deps] update `eslint`, `auto-changelog` [`0ace00a`](https://github.com/inspect-js/has-symbols/commit/0ace00af08a88cdd1e6ce0d60357d941c60c2d9f)
-- [meta] use `prepublishOnly` script for npm 7+ [`093f72b`](https://github.com/inspect-js/has-symbols/commit/093f72bc2b0ed00c781f444922a5034257bf561d)
-- [Tests] test on all 16 minors [`9b80d3d`](https://github.com/inspect-js/has-symbols/commit/9b80d3d9102529f04c20ec5b1fcc6e38426c6b03)
-
-## [v1.0.2](https://github.com/inspect-js/has-symbols/compare/v1.0.1...v1.0.2) - 2021-02-27
-
-### Fixed
-
-- [Fix] use a universal way to get the original Symbol [`#11`](https://github.com/inspect-js/has-symbols/issues/11)
-
-### Commits
-
-- [Tests] migrate tests to Github Actions [`90ae798`](https://github.com/inspect-js/has-symbols/commit/90ae79820bdfe7bc703d67f5f3c5e205f98556d3)
-- [meta] do not publish github action workflow files [`29e60a1`](https://github.com/inspect-js/has-symbols/commit/29e60a1b7c25c7f1acf7acff4a9320d0d10c49b4)
-- [Tests] run `nyc` on all tests [`8476b91`](https://github.com/inspect-js/has-symbols/commit/8476b915650d360915abe2522505abf4b0e8f0ae)
-- [readme] fix repo URLs, remove defunct badges [`126288e`](https://github.com/inspect-js/has-symbols/commit/126288ecc1797c0a40247a6b78bcb2e0bc5d7036)
-- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `aud`, `auto-changelog`, `core-js`, `get-own-property-symbols` [`d84bdfa`](https://github.com/inspect-js/has-symbols/commit/d84bdfa48ac5188abbb4904b42614cd6c030940a)
-- [Tests] fix linting errors [`0df3070`](https://github.com/inspect-js/has-symbols/commit/0df3070b981b6c9f2ee530c09189a7f5c6def839)
-- [actions] add "Allow Edits" workflow [`1e6bc29`](https://github.com/inspect-js/has-symbols/commit/1e6bc29b188f32b9648657b07eda08504be5aa9c)
-- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `tape` [`36cea2a`](https://github.com/inspect-js/has-symbols/commit/36cea2addd4e6ec435f35a2656b4e9ef82498e9b)
-- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `aud`, `tape` [`1278338`](https://github.com/inspect-js/has-symbols/commit/127833801865fbc2cc8979beb9ca869c7bfe8222)
-- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `aud`, `tape` [`1493254`](https://github.com/inspect-js/has-symbols/commit/1493254eda13db5fb8fc5e4a3e8324b3d196029d)
-- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `core-js` [`b090bf2`](https://github.com/inspect-js/has-symbols/commit/b090bf214d3679a30edc1e2d729d466ab5183e1d)
-- [actions] switch Automatic Rebase workflow to `pull_request_target` event [`4addb7a`](https://github.com/inspect-js/has-symbols/commit/4addb7ab4dc73f927ae99928d68817554fc21dc0)
-- [Dev Deps] update `auto-changelog`, `tape` [`81d0baf`](https://github.com/inspect-js/has-symbols/commit/81d0baf3816096a89a8558e8043895f7a7d10d8b)
-- [Dev Deps] update `auto-changelog`; add `aud` [`1a4e561`](https://github.com/inspect-js/has-symbols/commit/1a4e5612c25d91c3a03d509721d02630bc4fe3da)
-- [readme] remove unused testling URLs [`3000941`](https://github.com/inspect-js/has-symbols/commit/3000941f958046e923ed8152edb1ef4a599e6fcc)
-- [Tests] only audit prod deps [`692e974`](https://github.com/inspect-js/has-symbols/commit/692e9743c912410e9440207631a643a34b4741a1)
-- [Dev Deps] update `@ljharb/eslint-config` [`51c946c`](https://github.com/inspect-js/has-symbols/commit/51c946c7f6baa793ec5390bb5a45cdce16b4ba76)
-
-## [v1.0.1](https://github.com/inspect-js/has-symbols/compare/v1.0.0...v1.0.1) - 2019-11-16
-
-### Commits
-
-- [Tests] use shared travis-ci configs [`ce396c9`](https://github.com/inspect-js/has-symbols/commit/ce396c9419ff11c43d0da5d05cdbb79f7fb42229)
-- [Tests] up to `node` `v12.4`, `v11.15`, `v10.15`, `v9.11`, `v8.15`, `v7.10`, `v6.17`, `v4.9`; use `nvm install-latest-npm` [`0690732`](https://github.com/inspect-js/has-symbols/commit/0690732801f47ab429f39ba1962f522d5c462d6b)
-- [meta] add `auto-changelog` [`2163d0b`](https://github.com/inspect-js/has-symbols/commit/2163d0b7f36343076b8f947cd1667dd1750f26fc)
-- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `core-js`, `safe-publish-latest`, `tape` [`8e0951f`](https://github.com/inspect-js/has-symbols/commit/8e0951f1a7a2e52068222b7bb73511761e6e4d9c)
-- [actions] add automatic rebasing / merge commit blocking [`b09cdb7`](https://github.com/inspect-js/has-symbols/commit/b09cdb7cd7ee39e7a769878f56e2d6066f5ccd1d)
-- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `safe-publish-latest`, `core-js`, `get-own-property-symbols`, `tape` [`1dd42cd`](https://github.com/inspect-js/has-symbols/commit/1dd42cd86183ed0c50f99b1062345c458babca91)
-- [meta] create FUNDING.yml [`aa57a17`](https://github.com/inspect-js/has-symbols/commit/aa57a17b19708906d1927f821ea8e73394d84ca4)
-- Only apps should have lockfiles [`a2d8bea`](https://github.com/inspect-js/has-symbols/commit/a2d8bea23a97d15c09eaf60f5b107fcf9a4d57aa)
-- [Tests] use `npx aud` instead of `nsp` or `npm audit` with hoops [`9e96cb7`](https://github.com/inspect-js/has-symbols/commit/9e96cb783746cbed0c10ef78e599a8eaa7ebe193)
-- [meta] add `funding` field [`a0b32cf`](https://github.com/inspect-js/has-symbols/commit/a0b32cf68e803f963c1639b6d47b0a9d6440bab0)
-- [Dev Deps] update `safe-publish-latest` [`cb9f0a5`](https://github.com/inspect-js/has-symbols/commit/cb9f0a521a3a1790f1064d437edd33bb6c3d6af0)
-
-## v1.0.0 - 2016-09-19
-
-### Commits
-
-- Tests. [`ecb6eb9`](https://github.com/inspect-js/has-symbols/commit/ecb6eb934e4883137f3f93b965ba5e0a98df430d)
-- package.json [`88a337c`](https://github.com/inspect-js/has-symbols/commit/88a337cee0864a0da35f5d19e69ff0ef0150e46a)
-- Initial commit [`42e1e55`](https://github.com/inspect-js/has-symbols/commit/42e1e5502536a2b8ac529c9443984acd14836b1c)
-- Initial implementation. [`33f5cc6`](https://github.com/inspect-js/has-symbols/commit/33f5cc6cdff86e2194b081ee842bfdc63caf43fb)
-- read me [`01f1170`](https://github.com/inspect-js/has-symbols/commit/01f1170188ff7cb1558aa297f6ba5b516c6d7b0c)
diff --git a/src/Servers/ExpressServer/node_modules/has-symbols/LICENSE b/src/Servers/ExpressServer/node_modules/has-symbols/LICENSE
deleted file mode 100644
index df31cbf..0000000
--- a/src/Servers/ExpressServer/node_modules/has-symbols/LICENSE
+++ /dev/null
@@ -1,21 +0,0 @@
-MIT License
-
-Copyright (c) 2016 Jordan Harband
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/has-symbols/README.md b/src/Servers/ExpressServer/node_modules/has-symbols/README.md
deleted file mode 100644
index 33905f0..0000000
--- a/src/Servers/ExpressServer/node_modules/has-symbols/README.md
+++ /dev/null
@@ -1,46 +0,0 @@
-# has-symbols <sup>[![Version Badge][2]][1]</sup>
-
-[![github actions][actions-image]][actions-url]
-[![coverage][codecov-image]][codecov-url]
-[![dependency status][5]][6]
-[![dev dependency status][7]][8]
-[![License][license-image]][license-url]
-[![Downloads][downloads-image]][downloads-url]
-
-[![npm badge][11]][1]
-
-Determine if the JS environment has Symbol support. Supports spec, or shams.
-
-## Example
-
-```js
-var hasSymbols = require('has-symbols');
-
-hasSymbols() === true; // if the environment has native Symbol support. Not polyfillable, not forgeable.
-
-var hasSymbolsKinda = require('has-symbols/shams');
-hasSymbolsKinda() === true; // if the environment has a Symbol sham that mostly follows the spec.
-```
-
-## Supported Symbol shams
- - get-own-property-symbols [npm](https://www.npmjs.com/package/get-own-property-symbols) | [github](https://github.com/WebReflection/get-own-property-symbols)
- - core-js [npm](https://www.npmjs.com/package/core-js) | [github](https://github.com/zloirock/core-js)
-
-## Tests
-Simply clone the repo, `npm install`, and run `npm test`
-
-[1]: https://npmjs.org/package/has-symbols
-[2]: https://versionbadg.es/inspect-js/has-symbols.svg
-[5]: https://david-dm.org/inspect-js/has-symbols.svg
-[6]: https://david-dm.org/inspect-js/has-symbols
-[7]: https://david-dm.org/inspect-js/has-symbols/dev-status.svg
-[8]: https://david-dm.org/inspect-js/has-symbols#info=devDependencies
-[11]: https://nodei.co/npm/has-symbols.png?downloads=true&stars=true
-[license-image]: https://img.shields.io/npm/l/has-symbols.svg
-[license-url]: LICENSE
-[downloads-image]: https://img.shields.io/npm/dm/has-symbols.svg
-[downloads-url]: https://npm-stat.com/charts.html?package=has-symbols
-[codecov-image]: https://codecov.io/gh/inspect-js/has-symbols/branch/main/graphs/badge.svg
-[codecov-url]: https://app.codecov.io/gh/inspect-js/has-symbols/
-[actions-image]: https://img.shields.io/endpoint?url=https://github-actions-badge-u3jn4tfpocch.runkit.sh/inspect-js/has-symbols
-[actions-url]: https://github.com/inspect-js/has-symbols/actions
diff --git a/src/Servers/ExpressServer/node_modules/has-symbols/index.d.ts b/src/Servers/ExpressServer/node_modules/has-symbols/index.d.ts
deleted file mode 100644
index 9b98595..0000000
--- a/src/Servers/ExpressServer/node_modules/has-symbols/index.d.ts
+++ /dev/null
@@ -1,3 +0,0 @@
-declare function hasNativeSymbols(): boolean;
-
-export = hasNativeSymbols;
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/has-symbols/index.js b/src/Servers/ExpressServer/node_modules/has-symbols/index.js
deleted file mode 100644
index fa65265..0000000
--- a/src/Servers/ExpressServer/node_modules/has-symbols/index.js
+++ /dev/null
@@ -1,14 +0,0 @@
-'use strict';
-
-var origSymbol = typeof Symbol !== 'undefined' && Symbol;
-var hasSymbolSham = require('./shams');
-
-/** @type {import('.')} */
-module.exports = function hasNativeSymbols() {
-	if (typeof origSymbol !== 'function') { return false; }
-	if (typeof Symbol !== 'function') { return false; }
-	if (typeof origSymbol('foo') !== 'symbol') { return false; }
-	if (typeof Symbol('bar') !== 'symbol') { return false; }
-
-	return hasSymbolSham();
-};
diff --git a/src/Servers/ExpressServer/node_modules/has-symbols/package.json b/src/Servers/ExpressServer/node_modules/has-symbols/package.json
deleted file mode 100644
index d835e20..0000000
--- a/src/Servers/ExpressServer/node_modules/has-symbols/package.json
+++ /dev/null
@@ -1,111 +0,0 @@
-{
-	"name": "has-symbols",
-	"version": "1.1.0",
-	"description": "Determine if the JS environment has Symbol support. Supports spec, or shams.",
-	"main": "index.js",
-	"scripts": {
-		"prepack": "npmignore --auto --commentLines=autogenerated",
-		"prepublishOnly": "safe-publish-latest",
-		"prepublish": "not-in-publish || npm run prepublishOnly",
-		"pretest": "npm run --silent lint",
-		"test": "npm run tests-only",
-		"posttest": "npx npm@'>=10.2' audit --production",
-		"tests-only": "npm run test:stock && npm run test:shams",
-		"test:stock": "nyc node test",
-		"test:staging": "nyc node --harmony --es-staging test",
-		"test:shams": "npm run --silent test:shams:getownpropertysymbols && npm run --silent test:shams:corejs",
-		"test:shams:corejs": "nyc node test/shams/core-js.js",
-		"test:shams:getownpropertysymbols": "nyc node test/shams/get-own-property-symbols.js",
-		"lint": "eslint --ext=js,mjs .",
-		"postlint": "tsc -p . && attw -P",
-		"version": "auto-changelog && git add CHANGELOG.md",
-		"postversion": "auto-changelog && git add CHANGELOG.md && git commit --no-edit --amend && git tag -f \"v$(node -e \"console.log(require('./package.json').version)\")\""
-	},
-	"repository": {
-		"type": "git",
-		"url": "git://github.com/inspect-js/has-symbols.git"
-	},
-	"keywords": [
-		"Symbol",
-		"symbols",
-		"typeof",
-		"sham",
-		"polyfill",
-		"native",
-		"core-js",
-		"ES6"
-	],
-	"author": {
-		"name": "Jordan Harband",
-		"email": "ljharb@gmail.com",
-		"url": "http://ljharb.codes"
-	},
-	"contributors": [
-		{
-			"name": "Jordan Harband",
-			"email": "ljharb@gmail.com",
-			"url": "http://ljharb.codes"
-		}
-	],
-	"funding": {
-		"url": "https://github.com/sponsors/ljharb"
-	},
-	"license": "MIT",
-	"bugs": {
-		"url": "https://github.com/ljharb/has-symbols/issues"
-	},
-	"homepage": "https://github.com/ljharb/has-symbols#readme",
-	"devDependencies": {
-		"@arethetypeswrong/cli": "^0.17.0",
-		"@ljharb/eslint-config": "^21.1.1",
-		"@ljharb/tsconfig": "^0.2.0",
-		"@types/core-js": "^2.5.8",
-		"@types/tape": "^5.6.5",
-		"auto-changelog": "^2.5.0",
-		"core-js": "^2.6.12",
-		"encoding": "^0.1.13",
-		"eslint": "=8.8.0",
-		"get-own-property-symbols": "^0.9.5",
-		"in-publish": "^2.0.1",
-		"npmignore": "^0.3.1",
-		"nyc": "^10.3.2",
-		"safe-publish-latest": "^2.0.0",
-		"tape": "^5.9.0",
-		"typescript": "next"
-	},
-	"testling": {
-		"files": "test/index.js",
-		"browsers": [
-			"iexplore/6.0..latest",
-			"firefox/3.0..6.0",
-			"firefox/15.0..latest",
-			"firefox/nightly",
-			"chrome/4.0..10.0",
-			"chrome/20.0..latest",
-			"chrome/canary",
-			"opera/10.0..latest",
-			"opera/next",
-			"safari/4.0..latest",
-			"ipad/6.0..latest",
-			"iphone/6.0..latest",
-			"android-browser/4.2"
-		]
-	},
-	"engines": {
-		"node": ">= 0.4"
-	},
-	"auto-changelog": {
-		"output": "CHANGELOG.md",
-		"template": "keepachangelog",
-		"unreleased": false,
-		"commitLimit": false,
-		"backfillLimit": false,
-		"hideCredit": true
-	},
-	"publishConfig": {
-		"ignore": [
-			".github/workflows",
-			"types"
-		]
-	}
-}
diff --git a/src/Servers/ExpressServer/node_modules/has-symbols/shams.d.ts b/src/Servers/ExpressServer/node_modules/has-symbols/shams.d.ts
deleted file mode 100644
index 8d0bf24..0000000
--- a/src/Servers/ExpressServer/node_modules/has-symbols/shams.d.ts
+++ /dev/null
@@ -1,3 +0,0 @@
-declare function hasSymbolShams(): boolean;
-
-export = hasSymbolShams;
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/has-symbols/shams.js b/src/Servers/ExpressServer/node_modules/has-symbols/shams.js
deleted file mode 100644
index f97b474..0000000
--- a/src/Servers/ExpressServer/node_modules/has-symbols/shams.js
+++ /dev/null
@@ -1,45 +0,0 @@
-'use strict';
-
-/** @type {import('./shams')} */
-/* eslint complexity: [2, 18], max-statements: [2, 33] */
-module.exports = function hasSymbols() {
-	if (typeof Symbol !== 'function' || typeof Object.getOwnPropertySymbols !== 'function') { return false; }
-	if (typeof Symbol.iterator === 'symbol') { return true; }
-
-	/** @type {{ [k in symbol]?: unknown }} */
-	var obj = {};
-	var sym = Symbol('test');
-	var symObj = Object(sym);
-	if (typeof sym === 'string') { return false; }
-
-	if (Object.prototype.toString.call(sym) !== '[object Symbol]') { return false; }
-	if (Object.prototype.toString.call(symObj) !== '[object Symbol]') { return false; }
-
-	// temp disabled per https://github.com/ljharb/object.assign/issues/17
-	// if (sym instanceof Symbol) { return false; }
-	// temp disabled per https://github.com/WebReflection/get-own-property-symbols/issues/4
-	// if (!(symObj instanceof Symbol)) { return false; }
-
-	// if (typeof Symbol.prototype.toString !== 'function') { return false; }
-	// if (String(sym) !== Symbol.prototype.toString.call(sym)) { return false; }
-
-	var symVal = 42;
-	obj[sym] = symVal;
-	for (var _ in obj) { return false; } // eslint-disable-line no-restricted-syntax, no-unreachable-loop
-	if (typeof Object.keys === 'function' && Object.keys(obj).length !== 0) { return false; }
-
-	if (typeof Object.getOwnPropertyNames === 'function' && Object.getOwnPropertyNames(obj).length !== 0) { return false; }
-
-	var syms = Object.getOwnPropertySymbols(obj);
-	if (syms.length !== 1 || syms[0] !== sym) { return false; }
-
-	if (!Object.prototype.propertyIsEnumerable.call(obj, sym)) { return false; }
-
-	if (typeof Object.getOwnPropertyDescriptor === 'function') {
-		// eslint-disable-next-line no-extra-parens
-		var descriptor = /** @type {PropertyDescriptor} */ (Object.getOwnPropertyDescriptor(obj, sym));
-		if (descriptor.value !== symVal || descriptor.enumerable !== true) { return false; }
-	}
-
-	return true;
-};
diff --git a/src/Servers/ExpressServer/node_modules/has-symbols/test/index.js b/src/Servers/ExpressServer/node_modules/has-symbols/test/index.js
deleted file mode 100644
index 352129c..0000000
--- a/src/Servers/ExpressServer/node_modules/has-symbols/test/index.js
+++ /dev/null
@@ -1,22 +0,0 @@
-'use strict';
-
-var test = require('tape');
-var hasSymbols = require('../');
-var runSymbolTests = require('./tests');
-
-test('interface', function (t) {
-	t.equal(typeof hasSymbols, 'function', 'is a function');
-	t.equal(typeof hasSymbols(), 'boolean', 'returns a boolean');
-	t.end();
-});
-
-test('Symbols are supported', { skip: !hasSymbols() }, function (t) {
-	runSymbolTests(t);
-	t.end();
-});
-
-test('Symbols are not supported', { skip: hasSymbols() }, function (t) {
-	t.equal(typeof Symbol, 'undefined', 'global Symbol is undefined');
-	t.equal(typeof Object.getOwnPropertySymbols, 'undefined', 'Object.getOwnPropertySymbols does not exist');
-	t.end();
-});
diff --git a/src/Servers/ExpressServer/node_modules/has-symbols/test/shams/core-js.js b/src/Servers/ExpressServer/node_modules/has-symbols/test/shams/core-js.js
deleted file mode 100644
index 1a29024..0000000
--- a/src/Servers/ExpressServer/node_modules/has-symbols/test/shams/core-js.js
+++ /dev/null
@@ -1,29 +0,0 @@
-'use strict';
-
-var test = require('tape');
-
-if (typeof Symbol === 'function' && typeof Symbol() === 'symbol') {
-	test('has native Symbol support', function (t) {
-		t.equal(typeof Symbol, 'function');
-		t.equal(typeof Symbol(), 'symbol');
-		t.end();
-	});
-	// @ts-expect-error TS is stupid and doesn't know about top level return
-	return;
-}
-
-var hasSymbols = require('../../shams');
-
-test('polyfilled Symbols', function (t) {
-	/* eslint-disable global-require */
-	t.equal(hasSymbols(), false, 'hasSymbols is false before polyfilling');
-	require('core-js/fn/symbol');
-	require('core-js/fn/symbol/to-string-tag');
-
-	require('../tests')(t);
-
-	var hasSymbolsAfter = hasSymbols();
-	t.equal(hasSymbolsAfter, true, 'hasSymbols is true after polyfilling');
-	/* eslint-enable global-require */
-	t.end();
-});
diff --git a/src/Servers/ExpressServer/node_modules/has-symbols/test/shams/get-own-property-symbols.js b/src/Servers/ExpressServer/node_modules/has-symbols/test/shams/get-own-property-symbols.js
deleted file mode 100644
index e0296f8..0000000
--- a/src/Servers/ExpressServer/node_modules/has-symbols/test/shams/get-own-property-symbols.js
+++ /dev/null
@@ -1,29 +0,0 @@
-'use strict';
-
-var test = require('tape');
-
-if (typeof Symbol === 'function' && typeof Symbol() === 'symbol') {
-	test('has native Symbol support', function (t) {
-		t.equal(typeof Symbol, 'function');
-		t.equal(typeof Symbol(), 'symbol');
-		t.end();
-	});
-	// @ts-expect-error TS is stupid and doesn't know about top level return
-	return;
-}
-
-var hasSymbols = require('../../shams');
-
-test('polyfilled Symbols', function (t) {
-	/* eslint-disable global-require */
-	t.equal(hasSymbols(), false, 'hasSymbols is false before polyfilling');
-
-	require('get-own-property-symbols');
-
-	require('../tests')(t);
-
-	var hasSymbolsAfter = hasSymbols();
-	t.equal(hasSymbolsAfter, true, 'hasSymbols is true after polyfilling');
-	/* eslint-enable global-require */
-	t.end();
-});
diff --git a/src/Servers/ExpressServer/node_modules/has-symbols/test/tests.js b/src/Servers/ExpressServer/node_modules/has-symbols/test/tests.js
deleted file mode 100644
index 66a2cb8..0000000
--- a/src/Servers/ExpressServer/node_modules/has-symbols/test/tests.js
+++ /dev/null
@@ -1,58 +0,0 @@
-'use strict';
-
-/** @type {(t: import('tape').Test) => false | void} */
-// eslint-disable-next-line consistent-return
-module.exports = function runSymbolTests(t) {
-	t.equal(typeof Symbol, 'function', 'global Symbol is a function');
-
-	if (typeof Symbol !== 'function') { return false; }
-
-	t.notEqual(Symbol(), Symbol(), 'two symbols are not equal');
-
-	/*
-	t.equal(
-		Symbol.prototype.toString.call(Symbol('foo')),
-		Symbol.prototype.toString.call(Symbol('foo')),
-		'two symbols with the same description stringify the same'
-	);
-	*/
-
-	/*
-	var foo = Symbol('foo');
-
-	t.notEqual(
-		String(foo),
-		String(Symbol('bar')),
-		'two symbols with different descriptions do not stringify the same'
-	);
-	*/
-
-	t.equal(typeof Symbol.prototype.toString, 'function', 'Symbol#toString is a function');
-	// t.equal(String(foo), Symbol.prototype.toString.call(foo), 'Symbol#toString equals String of the same symbol');
-
-	t.equal(typeof Object.getOwnPropertySymbols, 'function', 'Object.getOwnPropertySymbols is a function');
-
-	/** @type {{ [k in symbol]?: unknown }} */
-	var obj = {};
-	var sym = Symbol('test');
-	var symObj = Object(sym);
-	t.notEqual(typeof sym, 'string', 'Symbol is not a string');
-	t.equal(Object.prototype.toString.call(sym), '[object Symbol]', 'symbol primitive Object#toStrings properly');
-	t.equal(Object.prototype.toString.call(symObj), '[object Symbol]', 'symbol primitive Object#toStrings properly');
-
-	var symVal = 42;
-	obj[sym] = symVal;
-	// eslint-disable-next-line no-restricted-syntax, no-unused-vars
-	for (var _ in obj) { t.fail('symbol property key was found in for..in of object'); }
-
-	t.deepEqual(Object.keys(obj), [], 'no enumerable own keys on symbol-valued object');
-	t.deepEqual(Object.getOwnPropertyNames(obj), [], 'no own names on symbol-valued object');
-	t.deepEqual(Object.getOwnPropertySymbols(obj), [sym], 'one own symbol on symbol-valued object');
-	t.equal(Object.prototype.propertyIsEnumerable.call(obj, sym), true, 'symbol is enumerable');
-	t.deepEqual(Object.getOwnPropertyDescriptor(obj, sym), {
-		configurable: true,
-		enumerable: true,
-		value: 42,
-		writable: true
-	}, 'property descriptor is correct');
-};
diff --git a/src/Servers/ExpressServer/node_modules/has-symbols/tsconfig.json b/src/Servers/ExpressServer/node_modules/has-symbols/tsconfig.json
deleted file mode 100644
index ba99af4..0000000
--- a/src/Servers/ExpressServer/node_modules/has-symbols/tsconfig.json
+++ /dev/null
@@ -1,10 +0,0 @@
-{
-	"extends": "@ljharb/tsconfig",
-	"compilerOptions": {
-		"target": "ES2021",
-		"maxNodeModuleJsDepth": 0,
-	},
-	"exclude": [
-		"coverage"
-	]
-}
diff --git a/src/Servers/ExpressServer/node_modules/hasown/.eslintrc b/src/Servers/ExpressServer/node_modules/hasown/.eslintrc
deleted file mode 100644
index 3b5d9e9..0000000
--- a/src/Servers/ExpressServer/node_modules/hasown/.eslintrc
+++ /dev/null
@@ -1,5 +0,0 @@
-{
-	"root": true,
-
-	"extends": "@ljharb",
-}
diff --git a/src/Servers/ExpressServer/node_modules/hasown/.github/FUNDING.yml b/src/Servers/ExpressServer/node_modules/hasown/.github/FUNDING.yml
deleted file mode 100644
index d68c8b7..0000000
--- a/src/Servers/ExpressServer/node_modules/hasown/.github/FUNDING.yml
+++ /dev/null
@@ -1,12 +0,0 @@
-# These are supported funding model platforms
-
-github: [ljharb]
-patreon: # Replace with a single Patreon username
-open_collective: # Replace with a single Open Collective username
-ko_fi: # Replace with a single Ko-fi username
-tidelift: npm/hasown
-community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
-liberapay: # Replace with a single Liberapay username
-issuehunt: # Replace with a single IssueHunt username
-otechie: # Replace with a single Otechie username
-custom: # Replace with a single custom sponsorship URL
diff --git a/src/Servers/ExpressServer/node_modules/hasown/.nycrc b/src/Servers/ExpressServer/node_modules/hasown/.nycrc
deleted file mode 100644
index 1826526..0000000
--- a/src/Servers/ExpressServer/node_modules/hasown/.nycrc
+++ /dev/null
@@ -1,13 +0,0 @@
-{
-	"all": true,
-	"check-coverage": false,
-	"reporter": ["text-summary", "text", "html", "json"],
-	"lines": 86,
-	"statements": 85.93,
-	"functions": 82.43,
-	"branches": 76.06,
-	"exclude": [
-		"coverage",
-		"test"
-	]
-}
diff --git a/src/Servers/ExpressServer/node_modules/hasown/CHANGELOG.md b/src/Servers/ExpressServer/node_modules/hasown/CHANGELOG.md
deleted file mode 100644
index 2b0a980..0000000
--- a/src/Servers/ExpressServer/node_modules/hasown/CHANGELOG.md
+++ /dev/null
@@ -1,40 +0,0 @@
-# Changelog
-
-All notable changes to this project will be documented in this file.
-
-The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
-and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
-
-## [v2.0.2](https://github.com/inspect-js/hasOwn/compare/v2.0.1...v2.0.2) - 2024-03-10
-
-### Commits
-
-- [types] use shared config [`68e9d4d`](https://github.com/inspect-js/hasOwn/commit/68e9d4dab6facb4f05f02c6baea94a3f2a4e44b2)
-- [actions] remove redundant finisher; use reusable workflow [`241a68e`](https://github.com/inspect-js/hasOwn/commit/241a68e13ea1fe52bec5ba7f74144befc31fae7b)
-- [Tests] increase coverage [`4125c0d`](https://github.com/inspect-js/hasOwn/commit/4125c0d6121db56ae30e38346dfb0c000b04f0a7)
-- [Tests] skip `npm ls` in old node due to TS [`01b9282`](https://github.com/inspect-js/hasOwn/commit/01b92822f9971dea031eafdd14767df41d61c202)
-- [types] improve predicate type [`d340f85`](https://github.com/inspect-js/hasOwn/commit/d340f85ce02e286ef61096cbbb6697081d40a12b)
-- [Dev Deps] update `tape` [`70089fc`](https://github.com/inspect-js/hasOwn/commit/70089fcf544e64acc024cbe60f5a9b00acad86de)
-- [Tests] use `@arethetypeswrong/cli` [`50b272c`](https://github.com/inspect-js/hasOwn/commit/50b272c829f40d053a3dd91c9796e0ac0b2af084)
-
-## [v2.0.1](https://github.com/inspect-js/hasOwn/compare/v2.0.0...v2.0.1) - 2024-02-10
-
-### Commits
-
-- [types] use a handwritten d.ts file; fix exported type [`012b989`](https://github.com/inspect-js/hasOwn/commit/012b9898ccf91dc441e2ebf594ff70270a5fda58)
-- [Dev Deps] update `@types/function-bind`, `@types/mock-property`, `@types/tape`, `aud`, `mock-property`, `npmignore`, `tape`, `typescript` [`977a56f`](https://github.com/inspect-js/hasOwn/commit/977a56f51a1f8b20566f3c471612137894644025)
-- [meta] add `sideEffects` flag [`3a60b7b`](https://github.com/inspect-js/hasOwn/commit/3a60b7bf42fccd8c605e5f145a6fcc83b13cb46f)
-
-## [v2.0.0](https://github.com/inspect-js/hasOwn/compare/v1.0.1...v2.0.0) - 2023-10-19
-
-### Commits
-
-- revamped implementation, tests, readme [`72bf8b3`](https://github.com/inspect-js/hasOwn/commit/72bf8b338e77a638f0a290c63ffaed18339c36b4)
-- [meta] revamp package.json [`079775f`](https://github.com/inspect-js/hasOwn/commit/079775fb1ec72c1c6334069593617a0be3847458)
-- Only apps should have lockfiles [`6640e23`](https://github.com/inspect-js/hasOwn/commit/6640e233d1bb8b65260880f90787637db157d215)
-
-## v1.0.1 - 2023-10-10
-
-### Commits
-
-- Initial commit [`8dbfde6`](https://github.com/inspect-js/hasOwn/commit/8dbfde6e8fb0ebb076fab38d138f2984eb340a62)
diff --git a/src/Servers/ExpressServer/node_modules/hasown/LICENSE b/src/Servers/ExpressServer/node_modules/hasown/LICENSE
deleted file mode 100644
index 0314929..0000000
--- a/src/Servers/ExpressServer/node_modules/hasown/LICENSE
+++ /dev/null
@@ -1,21 +0,0 @@
-MIT License
-
-Copyright (c) Jordan Harband and contributors
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/hasown/README.md b/src/Servers/ExpressServer/node_modules/hasown/README.md
deleted file mode 100644
index f759b8a..0000000
--- a/src/Servers/ExpressServer/node_modules/hasown/README.md
+++ /dev/null
@@ -1,40 +0,0 @@
-# hasown <sup>[![Version Badge][npm-version-svg]][package-url]</sup>
-
-[![github actions][actions-image]][actions-url]
-[![coverage][codecov-image]][codecov-url]
-[![License][license-image]][license-url]
-[![Downloads][downloads-image]][downloads-url]
-
-[![npm badge][npm-badge-png]][package-url]
-
-A robust, ES3 compatible, "has own property" predicate.
-
-## Example
-
-```js
-const assert = require('assert');
-const hasOwn = require('hasown');
-
-assert.equal(hasOwn({}, 'toString'), false);
-assert.equal(hasOwn([], 'length'), true);
-assert.equal(hasOwn({ a: 42 }, 'a'), true);
-```
-
-## Tests
-Simply clone the repo, `npm install`, and run `npm test`
-
-[package-url]: https://npmjs.org/package/hasown
-[npm-version-svg]: https://versionbadg.es/inspect-js/hasown.svg
-[deps-svg]: https://david-dm.org/inspect-js/hasOwn.svg
-[deps-url]: https://david-dm.org/inspect-js/hasOwn
-[dev-deps-svg]: https://david-dm.org/inspect-js/hasOwn/dev-status.svg
-[dev-deps-url]: https://david-dm.org/inspect-js/hasOwn#info=devDependencies
-[npm-badge-png]: https://nodei.co/npm/hasown.png?downloads=true&stars=true
-[license-image]: https://img.shields.io/npm/l/hasown.svg
-[license-url]: LICENSE
-[downloads-image]: https://img.shields.io/npm/dm/hasown.svg
-[downloads-url]: https://npm-stat.com/charts.html?package=hasown
-[codecov-image]: https://codecov.io/gh/inspect-js/hasOwn/branch/main/graphs/badge.svg
-[codecov-url]: https://app.codecov.io/gh/inspect-js/hasOwn/
-[actions-image]: https://img.shields.io/endpoint?url=https://github-actions-badge-u3jn4tfpocch.runkit.sh/inspect-js/hasOwn
-[actions-url]: https://github.com/inspect-js/hasOwn/actions
diff --git a/src/Servers/ExpressServer/node_modules/hasown/index.d.ts b/src/Servers/ExpressServer/node_modules/hasown/index.d.ts
deleted file mode 100644
index aafdf3b..0000000
--- a/src/Servers/ExpressServer/node_modules/hasown/index.d.ts
+++ /dev/null
@@ -1,3 +0,0 @@
-declare function hasOwn<O, K extends PropertyKey, V = unknown>(o: O, p: K): o is O & Record<K, V>;
-
-export = hasOwn;
diff --git a/src/Servers/ExpressServer/node_modules/hasown/index.js b/src/Servers/ExpressServer/node_modules/hasown/index.js
deleted file mode 100644
index 34e6059..0000000
--- a/src/Servers/ExpressServer/node_modules/hasown/index.js
+++ /dev/null
@@ -1,8 +0,0 @@
-'use strict';
-
-var call = Function.prototype.call;
-var $hasOwn = Object.prototype.hasOwnProperty;
-var bind = require('function-bind');
-
-/** @type {import('.')} */
-module.exports = bind.call(call, $hasOwn);
diff --git a/src/Servers/ExpressServer/node_modules/hasown/package.json b/src/Servers/ExpressServer/node_modules/hasown/package.json
deleted file mode 100644
index 8502e13..0000000
--- a/src/Servers/ExpressServer/node_modules/hasown/package.json
+++ /dev/null
@@ -1,92 +0,0 @@
-{
-	"name": "hasown",
-	"version": "2.0.2",
-	"description": "A robust, ES3 compatible, \"has own property\" predicate.",
-	"main": "index.js",
-	"exports": {
-		".": "./index.js",
-		"./package.json": "./package.json"
-	},
-	"types": "index.d.ts",
-	"sideEffects": false,
-	"scripts": {
-		"prepack": "npmignore --auto --commentLines=autogenerated",
-		"prepublish": "not-in-publish || npm run prepublishOnly",
-		"prepublishOnly": "safe-publish-latest",
-		"prelint": "evalmd README.md",
-		"lint": "eslint --ext=js,mjs .",
-		"postlint": "npm run tsc",
-		"pretest": "npm run lint",
-		"tsc": "tsc -p .",
-		"posttsc": "attw -P",
-		"tests-only": "nyc tape 'test/**/*.js'",
-		"test": "npm run tests-only",
-		"posttest": "aud --production",
-		"version": "auto-changelog && git add CHANGELOG.md",
-		"postversion": "auto-changelog && git add CHANGELOG.md && git commit --no-edit --amend && git tag -f \"v$(node -e \"console.log(require('./package.json').version)\")\""
-	},
-	"repository": {
-		"type": "git",
-		"url": "git+https://github.com/inspect-js/hasOwn.git"
-	},
-	"keywords": [
-		"has",
-		"hasOwnProperty",
-		"hasOwn",
-		"has-own",
-		"own",
-		"has",
-		"property",
-		"in",
-		"javascript",
-		"ecmascript"
-	],
-	"author": "Jordan Harband <ljharb@gmail.com>",
-	"license": "MIT",
-	"bugs": {
-		"url": "https://github.com/inspect-js/hasOwn/issues"
-	},
-	"homepage": "https://github.com/inspect-js/hasOwn#readme",
-	"dependencies": {
-		"function-bind": "^1.1.2"
-	},
-	"devDependencies": {
-		"@arethetypeswrong/cli": "^0.15.1",
-		"@ljharb/eslint-config": "^21.1.0",
-		"@ljharb/tsconfig": "^0.2.0",
-		"@types/function-bind": "^1.1.10",
-		"@types/mock-property": "^1.0.2",
-		"@types/tape": "^5.6.4",
-		"aud": "^2.0.4",
-		"auto-changelog": "^2.4.0",
-		"eslint": "=8.8.0",
-		"evalmd": "^0.0.19",
-		"in-publish": "^2.0.1",
-		"mock-property": "^1.0.3",
-		"npmignore": "^0.3.1",
-		"nyc": "^10.3.2",
-		"safe-publish-latest": "^2.0.0",
-		"tape": "^5.7.5",
-		"typescript": "next"
-	},
-	"engines": {
-		"node": ">= 0.4"
-	},
-	"testling": {
-		"files": "test/index.js"
-	},
-	"auto-changelog": {
-		"output": "CHANGELOG.md",
-		"template": "keepachangelog",
-		"unreleased": false,
-		"commitLimit": false,
-		"backfillLimit": false,
-		"hideCredit": true
-	},
-	"publishConfig": {
-		"ignore": [
-			".github/workflows",
-			"test"
-		]
-	}
-}
diff --git a/src/Servers/ExpressServer/node_modules/hasown/tsconfig.json b/src/Servers/ExpressServer/node_modules/hasown/tsconfig.json
deleted file mode 100644
index 0930c56..0000000
--- a/src/Servers/ExpressServer/node_modules/hasown/tsconfig.json
+++ /dev/null
@@ -1,6 +0,0 @@
-{
-  "extends": "@ljharb/tsconfig",
-  "exclude": [
-    "coverage",
-  ],
-}
diff --git a/src/Servers/ExpressServer/node_modules/http-errors/HISTORY.md b/src/Servers/ExpressServer/node_modules/http-errors/HISTORY.md
deleted file mode 100644
index 3d81d26..0000000
--- a/src/Servers/ExpressServer/node_modules/http-errors/HISTORY.md
+++ /dev/null
@@ -1,186 +0,0 @@
-2.0.1 / 2025-11-20
-==================
-
-  * deps: use tilde notation for dependencies
-  * deps: update statuses to 2.0.2
-
-2.0.0 / 2021-12-17
-==================
-
-  * Drop support for Node.js 0.6
-  * Remove `I'mateapot` export; use `ImATeapot` instead
-  * Remove support for status being non-first argument
-  * Rename `UnorderedCollection` constructor to `TooEarly`
-  * deps: depd@2.0.0
-    - Replace internal `eval` usage with `Function` constructor
-    - Use instance methods on `process` to check for listeners
-  * deps: statuses@2.0.1
-    - Fix messaging casing of `418 I'm a Teapot`
-    - Remove code 306
-    - Rename `425 Unordered Collection` to standard `425 Too Early`
-
-2021-11-14 / 1.8.1
-==================
-
-  * deps: toidentifier@1.0.1
-
-2020-06-29 / 1.8.0
-==================
-
-  * Add `isHttpError` export to determine if value is an HTTP error
-  * deps: setprototypeof@1.2.0
-
-2019-06-24 / 1.7.3
-==================
-
-  * deps: inherits@2.0.4
-
-2019-02-18 / 1.7.2
-==================
-
-  * deps: setprototypeof@1.1.1
-
-2018-09-08 / 1.7.1
-==================
-
-  * Fix error creating objects in some environments
-
-2018-07-30 / 1.7.0
-==================
-
-  * Set constructor name when possible
-  * Use `toidentifier` module to make class names
-  * deps: statuses@'>= 1.5.0 < 2'
-
-2018-03-29 / 1.6.3
-==================
-
-  * deps: depd@~1.1.2
-    - perf: remove argument reassignment
-  * deps: setprototypeof@1.1.0
-  * deps: statuses@'>= 1.4.0 < 2'
-
-2017-08-04 / 1.6.2
-==================
-
-  * deps: depd@1.1.1
-    - Remove unnecessary `Buffer` loading
-
-2017-02-20 / 1.6.1
-==================
-
-  * deps: setprototypeof@1.0.3
-    - Fix shim for old browsers
-
-2017-02-14 / 1.6.0
-==================
-
-  * Accept custom 4xx and 5xx status codes in factory
-  * Add deprecation message to `"I'mateapot"` export
-  * Deprecate passing status code as anything except first argument in factory
-  * Deprecate using non-error status codes
-  * Make `message` property enumerable for `HttpError`s
-
-2016-11-16 / 1.5.1
-==================
-
-  * deps: inherits@2.0.3
-    - Fix issue loading in browser
-  * deps: setprototypeof@1.0.2
-  * deps: statuses@'>= 1.3.1 < 2'
-
-2016-05-18 / 1.5.0
-==================
-
-  * Support new code `421 Misdirected Request`
-  * Use `setprototypeof` module to replace `__proto__` setting
-  * deps: statuses@'>= 1.3.0 < 2'
-    - Add `421 Misdirected Request`
-    - perf: enable strict mode
-  * perf: enable strict mode
-
-2016-01-28 / 1.4.0
-==================
-
-  * Add `HttpError` export, for `err instanceof createError.HttpError`
-  * deps: inherits@2.0.1
-  * deps: statuses@'>= 1.2.1 < 2'
-    - Fix message for status 451
-    - Remove incorrect nginx status code
-
-2015-02-02 / 1.3.1
-==================
-
-  * Fix regression where status can be overwritten in `createError` `props`
-
-2015-02-01 / 1.3.0
-==================
-
-  * Construct errors using defined constructors from `createError`
-  * Fix error names that are not identifiers
-    - `createError["I'mateapot"]` is now `createError.ImATeapot`
-  * Set a meaningful `name` property on constructed errors
-
-2014-12-09 / 1.2.8
-==================
-
-  * Fix stack trace from exported function
-  * Remove `arguments.callee` usage
-
-2014-10-14 / 1.2.7
-==================
-
-  * Remove duplicate line
-
-2014-10-02 / 1.2.6
-==================
-
-  * Fix `expose` to be `true` for `ClientError` constructor
-
-2014-09-28 / 1.2.5
-==================
-
-  * deps: statuses@1
-
-2014-09-21 / 1.2.4
-==================
-
-  * Fix dependency version to work with old `npm`s
-
-2014-09-21 / 1.2.3
-==================
-
-  * deps: statuses@~1.1.0
-
-2014-09-21 / 1.2.2
-==================
-
-  * Fix publish error
-
-2014-09-21 / 1.2.1
-==================
-
-  * Support Node.js 0.6
-  * Use `inherits` instead of `util`
-
-2014-09-09 / 1.2.0
-==================
-
-  * Fix the way inheriting functions
-  * Support `expose` being provided in properties argument
-
-2014-09-08 / 1.1.0
-==================
-
-  * Default status to 500
-  * Support provided `error` to extend
-
-2014-09-08 / 1.0.1
-==================
-
-  * Fix accepting string message
-
-2014-09-08 / 1.0.0
-==================
-
-  * Initial release
diff --git a/src/Servers/ExpressServer/node_modules/http-errors/LICENSE b/src/Servers/ExpressServer/node_modules/http-errors/LICENSE
deleted file mode 100644
index 82af4df..0000000
--- a/src/Servers/ExpressServer/node_modules/http-errors/LICENSE
+++ /dev/null
@@ -1,23 +0,0 @@
-
-The MIT License (MIT)
-
-Copyright (c) 2014 Jonathan Ong me@jongleberry.com
-Copyright (c) 2016 Douglas Christopher Wilson doug@somethingdoug.com
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/http-errors/README.md b/src/Servers/ExpressServer/node_modules/http-errors/README.md
deleted file mode 100644
index a8b7330..0000000
--- a/src/Servers/ExpressServer/node_modules/http-errors/README.md
+++ /dev/null
@@ -1,169 +0,0 @@
-# http-errors
-
-[![NPM Version][npm-version-image]][npm-url]
-[![NPM Downloads][npm-downloads-image]][node-url]
-[![Node.js Version][node-image]][node-url]
-[![Build Status][ci-image]][ci-url]
-[![Test Coverage][coveralls-image]][coveralls-url]
-
-Create HTTP errors for Express, Koa, Connect, etc. with ease.
-
-## Install
-
-This is a [Node.js](https://nodejs.org/en/) module available through the
-[npm registry](https://www.npmjs.com/). Installation is done using the
-[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
-
-```console
-$ npm install http-errors
-```
-
-## Example
-
-```js
-var createError = require('http-errors')
-var express = require('express')
-var app = express()
-
-app.use(function (req, res, next) {
-  if (!req.user) return next(createError(401, 'Please login to view this page.'))
-  next()
-})
-```
-
-## API
-
-This is the current API, currently extracted from Koa and subject to change.
-
-### Error Properties
-
-- `expose` - can be used to signal if `message` should be sent to the client,
-  defaulting to `false` when `status` >= 500
-- `headers` - can be an object of header names to values to be sent to the
-  client, defaulting to `undefined`. When defined, the key names should all
-  be lower-cased
-- `message` - the traditional error message, which should be kept short and all
-  single line
-- `status` - the status code of the error, mirroring `statusCode` for general
-  compatibility
-- `statusCode` - the status code of the error, defaulting to `500`
-
-### createError([status], [message], [properties])
-
-Create a new error object with the given message `msg`.
-The error object inherits from `createError.HttpError`.
-
-```js
-var err = createError(404, 'This video does not exist!')
-```
-
-- `status: 500` - the status code as a number
-- `message` - the message of the error, defaulting to node's text for that status code.
-- `properties` - custom properties to attach to the object
-
-### createError([status], [error], [properties])
-
-Extend the given `error` object with `createError.HttpError`
-properties. This will not alter the inheritance of the given
-`error` object, and the modified `error` object is the
-return value.
-
-<!-- eslint-disable no-redeclare -->
-
-```js
-fs.readFile('foo.txt', function (err, buf) {
-  if (err) {
-    if (err.code === 'ENOENT') {
-      var httpError = createError(404, err, { expose: false })
-    } else {
-      var httpError = createError(500, err)
-    }
-  }
-})
-```
-
-- `status` - the status code as a number
-- `error` - the error object to extend
-- `properties` - custom properties to attach to the object
-
-### createError.isHttpError(val)
-
-Determine if the provided `val` is an `HttpError`. This will return `true`
-if the error inherits from the `HttpError` constructor of this module or
-matches the "duck type" for an error this module creates. All outputs from
-the `createError` factory will return `true` for this function, including
-if an non-`HttpError` was passed into the factory.
-
-### new createError\[code || name\](\[msg]\))
-
-Create a new error object with the given message `msg`.
-The error object inherits from `createError.HttpError`.
-
-```js
-var err = new createError.NotFound()
-```
-
-- `code` - the status code as a number
-- `name` - the name of the error as a "bumpy case", i.e. `NotFound` or `InternalServerError`.
-
-#### List of all constructors
-
-|Status Code|Constructor Name             |
-|-----------|-----------------------------|
-|400        |BadRequest                   |
-|401        |Unauthorized                 |
-|402        |PaymentRequired              |
-|403        |Forbidden                    |
-|404        |NotFound                     |
-|405        |MethodNotAllowed             |
-|406        |NotAcceptable                |
-|407        |ProxyAuthenticationRequired  |
-|408        |RequestTimeout               |
-|409        |Conflict                     |
-|410        |Gone                         |
-|411        |LengthRequired               |
-|412        |PreconditionFailed           |
-|413        |PayloadTooLarge              |
-|414        |URITooLong                   |
-|415        |UnsupportedMediaType         |
-|416        |RangeNotSatisfiable          |
-|417        |ExpectationFailed            |
-|418        |ImATeapot                    |
-|421        |MisdirectedRequest           |
-|422        |UnprocessableEntity          |
-|423        |Locked                       |
-|424        |FailedDependency             |
-|425        |TooEarly                     |
-|426        |UpgradeRequired              |
-|428        |PreconditionRequired         |
-|429        |TooManyRequests              |
-|431        |RequestHeaderFieldsTooLarge  |
-|451        |UnavailableForLegalReasons   |
-|500        |InternalServerError          |
-|501        |NotImplemented               |
-|502        |BadGateway                   |
-|503        |ServiceUnavailable           |
-|504        |GatewayTimeout               |
-|505        |HTTPVersionNotSupported      |
-|506        |VariantAlsoNegotiates        |
-|507        |InsufficientStorage          |
-|508        |LoopDetected                 |
-|509        |BandwidthLimitExceeded       |
-|510        |NotExtended                  |
-|511        |NetworkAuthenticationRequired|
-
-## License
-
-[MIT](LICENSE)
-
-[ci-image]: https://badgen.net/github/checks/jshttp/http-errors/master?label=ci
-[ci-url]: https://github.com/jshttp/http-errors/actions?query=workflow%3Aci
-[coveralls-image]: https://badgen.net/coveralls/c/github/jshttp/http-errors/master
-[coveralls-url]: https://coveralls.io/r/jshttp/http-errors?branch=master
-[node-image]: https://badgen.net/npm/node/http-errors
-[node-url]: https://nodejs.org/en/download
-[npm-downloads-image]: https://badgen.net/npm/dm/http-errors
-[npm-url]: https://npmjs.org/package/http-errors
-[npm-version-image]: https://badgen.net/npm/v/http-errors
-[travis-image]: https://badgen.net/travis/jshttp/http-errors/master
-[travis-url]: https://travis-ci.org/jshttp/http-errors
diff --git a/src/Servers/ExpressServer/node_modules/http-errors/index.js b/src/Servers/ExpressServer/node_modules/http-errors/index.js
deleted file mode 100644
index 82271f6..0000000
--- a/src/Servers/ExpressServer/node_modules/http-errors/index.js
+++ /dev/null
@@ -1,290 +0,0 @@
-/*!
- * http-errors
- * Copyright(c) 2014 Jonathan Ong
- * Copyright(c) 2016 Douglas Christopher Wilson
- * MIT Licensed
- */
-
-'use strict'
-
-/**
- * Module dependencies.
- * @private
- */
-
-var deprecate = require('depd')('http-errors')
-var setPrototypeOf = require('setprototypeof')
-var statuses = require('statuses')
-var inherits = require('inherits')
-var toIdentifier = require('toidentifier')
-
-/**
- * Module exports.
- * @public
- */
-
-module.exports = createError
-module.exports.HttpError = createHttpErrorConstructor()
-module.exports.isHttpError = createIsHttpErrorFunction(module.exports.HttpError)
-
-// Populate exports for all constructors
-populateConstructorExports(module.exports, statuses.codes, module.exports.HttpError)
-
-/**
- * Get the code class of a status code.
- * @private
- */
-
-function codeClass (status) {
-  return Number(String(status).charAt(0) + '00')
-}
-
-/**
- * Create a new HTTP Error.
- *
- * @returns {Error}
- * @public
- */
-
-function createError () {
-  // so much arity going on ~_~
-  var err
-  var msg
-  var status = 500
-  var props = {}
-  for (var i = 0; i < arguments.length; i++) {
-    var arg = arguments[i]
-    var type = typeof arg
-    if (type === 'object' && arg instanceof Error) {
-      err = arg
-      status = err.status || err.statusCode || status
-    } else if (type === 'number' && i === 0) {
-      status = arg
-    } else if (type === 'string') {
-      msg = arg
-    } else if (type === 'object') {
-      props = arg
-    } else {
-      throw new TypeError('argument #' + (i + 1) + ' unsupported type ' + type)
-    }
-  }
-
-  if (typeof status === 'number' && (status < 400 || status >= 600)) {
-    deprecate('non-error status code; use only 4xx or 5xx status codes')
-  }
-
-  if (typeof status !== 'number' ||
-    (!statuses.message[status] && (status < 400 || status >= 600))) {
-    status = 500
-  }
-
-  // constructor
-  var HttpError = createError[status] || createError[codeClass(status)]
-
-  if (!err) {
-    // create error
-    err = HttpError
-      ? new HttpError(msg)
-      : new Error(msg || statuses.message[status])
-    Error.captureStackTrace(err, createError)
-  }
-
-  if (!HttpError || !(err instanceof HttpError) || err.status !== status) {
-    // add properties to generic error
-    err.expose = status < 500
-    err.status = err.statusCode = status
-  }
-
-  for (var key in props) {
-    if (key !== 'status' && key !== 'statusCode') {
-      err[key] = props[key]
-    }
-  }
-
-  return err
-}
-
-/**
- * Create HTTP error abstract base class.
- * @private
- */
-
-function createHttpErrorConstructor () {
-  function HttpError () {
-    throw new TypeError('cannot construct abstract class')
-  }
-
-  inherits(HttpError, Error)
-
-  return HttpError
-}
-
-/**
- * Create a constructor for a client error.
- * @private
- */
-
-function createClientErrorConstructor (HttpError, name, code) {
-  var className = toClassName(name)
-
-  function ClientError (message) {
-    // create the error object
-    var msg = message != null ? message : statuses.message[code]
-    var err = new Error(msg)
-
-    // capture a stack trace to the construction point
-    Error.captureStackTrace(err, ClientError)
-
-    // adjust the [[Prototype]]
-    setPrototypeOf(err, ClientError.prototype)
-
-    // redefine the error message
-    Object.defineProperty(err, 'message', {
-      enumerable: true,
-      configurable: true,
-      value: msg,
-      writable: true
-    })
-
-    // redefine the error name
-    Object.defineProperty(err, 'name', {
-      enumerable: false,
-      configurable: true,
-      value: className,
-      writable: true
-    })
-
-    return err
-  }
-
-  inherits(ClientError, HttpError)
-  nameFunc(ClientError, className)
-
-  ClientError.prototype.status = code
-  ClientError.prototype.statusCode = code
-  ClientError.prototype.expose = true
-
-  return ClientError
-}
-
-/**
- * Create function to test is a value is a HttpError.
- * @private
- */
-
-function createIsHttpErrorFunction (HttpError) {
-  return function isHttpError (val) {
-    if (!val || typeof val !== 'object') {
-      return false
-    }
-
-    if (val instanceof HttpError) {
-      return true
-    }
-
-    return val instanceof Error &&
-      typeof val.expose === 'boolean' &&
-      typeof val.statusCode === 'number' && val.status === val.statusCode
-  }
-}
-
-/**
- * Create a constructor for a server error.
- * @private
- */
-
-function createServerErrorConstructor (HttpError, name, code) {
-  var className = toClassName(name)
-
-  function ServerError (message) {
-    // create the error object
-    var msg = message != null ? message : statuses.message[code]
-    var err = new Error(msg)
-
-    // capture a stack trace to the construction point
-    Error.captureStackTrace(err, ServerError)
-
-    // adjust the [[Prototype]]
-    setPrototypeOf(err, ServerError.prototype)
-
-    // redefine the error message
-    Object.defineProperty(err, 'message', {
-      enumerable: true,
-      configurable: true,
-      value: msg,
-      writable: true
-    })
-
-    // redefine the error name
-    Object.defineProperty(err, 'name', {
-      enumerable: false,
-      configurable: true,
-      value: className,
-      writable: true
-    })
-
-    return err
-  }
-
-  inherits(ServerError, HttpError)
-  nameFunc(ServerError, className)
-
-  ServerError.prototype.status = code
-  ServerError.prototype.statusCode = code
-  ServerError.prototype.expose = false
-
-  return ServerError
-}
-
-/**
- * Set the name of a function, if possible.
- * @private
- */
-
-function nameFunc (func, name) {
-  var desc = Object.getOwnPropertyDescriptor(func, 'name')
-
-  if (desc && desc.configurable) {
-    desc.value = name
-    Object.defineProperty(func, 'name', desc)
-  }
-}
-
-/**
- * Populate the exports object with constructors for every error class.
- * @private
- */
-
-function populateConstructorExports (exports, codes, HttpError) {
-  codes.forEach(function forEachCode (code) {
-    var CodeError
-    var name = toIdentifier(statuses.message[code])
-
-    switch (codeClass(code)) {
-      case 400:
-        CodeError = createClientErrorConstructor(HttpError, name, code)
-        break
-      case 500:
-        CodeError = createServerErrorConstructor(HttpError, name, code)
-        break
-    }
-
-    if (CodeError) {
-      // export the constructor
-      exports[code] = CodeError
-      exports[name] = CodeError
-    }
-  })
-}
-
-/**
- * Get a class name from a name identifier.
- *
- * @param {string} name
- * @returns {string}
- * @private
- */
-
-function toClassName (name) {
-  return name.slice(-5) === 'Error' ? name : name + 'Error'
-}
diff --git a/src/Servers/ExpressServer/node_modules/http-errors/package.json b/src/Servers/ExpressServer/node_modules/http-errors/package.json
deleted file mode 100644
index 4b46d62..0000000
--- a/src/Servers/ExpressServer/node_modules/http-errors/package.json
+++ /dev/null
@@ -1,54 +0,0 @@
-{
-  "name": "http-errors",
-  "description": "Create HTTP error objects",
-  "version": "2.0.1",
-  "author": "Jonathan Ong <me@jongleberry.com> (http://jongleberry.com)",
-  "contributors": [
-    "Alan Plum <me@pluma.io>",
-    "Douglas Christopher Wilson <doug@somethingdoug.com>"
-  ],
-  "license": "MIT",
-  "repository": "jshttp/http-errors",
-  "funding": {
-    "type": "opencollective",
-    "url": "https://opencollective.com/express"
-  },
-  "dependencies": {
-    "depd": "~2.0.0",
-    "inherits": "~2.0.4",
-    "setprototypeof": "~1.2.0",
-    "statuses": "~2.0.2",
-    "toidentifier": "~1.0.1"
-  },
-  "devDependencies": {
-    "eslint": "7.32.0",
-    "eslint-config-standard": "14.1.1",
-    "eslint-plugin-import": "2.32.0",
-    "eslint-plugin-markdown": "2.2.1",
-    "eslint-plugin-node": "11.1.0",
-    "eslint-plugin-promise": "5.2.0",
-    "eslint-plugin-standard": "4.1.0",
-    "mocha": "9.1.3",
-    "nyc": "15.1.0"
-  },
-  "engines": {
-    "node": ">= 0.8"
-  },
-  "scripts": {
-    "lint": "eslint . && node ./scripts/lint-readme-list.js",
-    "test": "mocha --reporter spec",
-    "test-ci": "nyc --reporter=lcov --reporter=text npm test",
-    "test-cov": "nyc --reporter=html --reporter=text npm test",
-    "version": "node scripts/version-history.js && git add HISTORY.md"
-  },
-  "keywords": [
-    "http",
-    "error"
-  ],
-  "files": [
-    "index.js",
-    "HISTORY.md",
-    "LICENSE",
-    "README.md"
-  ]
-}
diff --git a/src/Servers/ExpressServer/node_modules/iconv-lite/Changelog.md b/src/Servers/ExpressServer/node_modules/iconv-lite/Changelog.md
deleted file mode 100644
index f252313..0000000
--- a/src/Servers/ExpressServer/node_modules/iconv-lite/Changelog.md
+++ /dev/null
@@ -1,162 +0,0 @@
-# 0.4.24 / 2018-08-22
-
-  * Added MIK encoding (#196, by @Ivan-Kalatchev)
-
-
-# 0.4.23 / 2018-05-07
-
-  * Fix deprecation warning in Node v10 due to the last usage of `new Buffer` (#185, by @felixbuenemann)
-  * Switched from NodeBuffer to Buffer in typings (#155 by @felixfbecker, #186 by @larssn)
-
-
-# 0.4.22 / 2018-05-05
-
-  * Use older semver style for dependencies to be compatible with Node version 0.10 (#182, by @dougwilson)
-  * Fix tests to accomodate fixes in Node v10 (#182, by @dougwilson)
-
-
-# 0.4.21 / 2018-04-06
-
-  * Fix encoding canonicalization (#156)
-  * Fix the paths in the "browser" field in package.json (#174 by @LMLB)
-  * Removed "contributors" section in package.json - see Git history instead.
-
-
-# 0.4.20 / 2018-04-06
-
-  * Updated `new Buffer()` usages with recommended replacements as it's being deprecated in Node v10 (#176, #178 by @ChALkeR)
-
-
-# 0.4.19 / 2017-09-09
-
-  * Fixed iso8859-1 codec regression in handling untranslatable characters (#162, caused by #147)
-  * Re-generated windows1255 codec, because it was updated in iconv project
-  * Fixed grammar in error message when iconv-lite is loaded with encoding other than utf8
-
-
-# 0.4.18 / 2017-06-13
-
-  * Fixed CESU-8 regression in Node v8.
-
-
-# 0.4.17 / 2017-04-22
-
- * Updated typescript definition file to support Angular 2 AoT mode (#153 by @larssn)
-
-
-# 0.4.16 / 2017-04-22
-
- * Added support for React Native (#150)
- * Changed iso8859-1 encoding to usine internal 'binary' encoding, as it's the same thing (#147 by @mscdex)
- * Fixed typo in Readme (#138 by @jiangzhuo)
- * Fixed build for Node v6.10+ by making correct version comparison
- * Added a warning if iconv-lite is loaded not as utf-8 (see #142)
-
-
-# 0.4.15 / 2016-11-21
-
- * Fixed typescript type definition (#137)
-
-
-# 0.4.14 / 2016-11-20
-
- * Preparation for v1.0
- * Added Node v6 and latest Node versions to Travis CI test rig
- * Deprecated Node v0.8 support
- * Typescript typings (@larssn)
- * Fix encoding of Euro character in GB 18030 (inspired by @lygstate)
- * Add ms prefix to dbcs windows encodings (@rokoroku)
-
-
-# 0.4.13 / 2015-10-01
-
- * Fix silly mistake in deprecation notice.
-
-
-# 0.4.12 / 2015-09-26
-
- * Node v4 support:
-   * Added CESU-8 decoding (#106)
-   * Added deprecation notice for `extendNodeEncodings`
-   * Added Travis tests for Node v4 and io.js latest (#105 by @Mithgol)
-
-
-# 0.4.11 / 2015-07-03
-
- * Added CESU-8 encoding.
-
-
-# 0.4.10 / 2015-05-26
-
- * Changed UTF-16 endianness heuristic to take into account any ASCII chars, not
-   just spaces. This should minimize the importance of "default" endianness.
-
-
-# 0.4.9 / 2015-05-24
-
- * Streamlined BOM handling: strip BOM by default, add BOM when encoding if 
-   addBOM: true. Added docs to Readme.
- * UTF16 now uses UTF16-LE by default.
- * Fixed minor issue with big5 encoding.
- * Added io.js testing on Travis; updated node-iconv version to test against.
-   Now we just skip testing SBCS encodings that node-iconv doesn't support.
- * (internal refactoring) Updated codec interface to use classes.
- * Use strict mode in all files.
-
-
-# 0.4.8 / 2015-04-14
- 
- * added alias UNICODE-1-1-UTF-7 for UTF-7 encoding (#94)
-
-
-# 0.4.7 / 2015-02-05
-
- * stop official support of Node.js v0.8. Should still work, but no guarantees.
-   reason: Packages needed for testing are hard to get on Travis CI.
- * work in environment where Object.prototype is monkey patched with enumerable 
-   props (#89).
-
-
-# 0.4.6 / 2015-01-12
- 
- * fix rare aliases of single-byte encodings (thanks @mscdex)
- * double the timeout for dbcs tests to make them less flaky on travis
-
-
-# 0.4.5 / 2014-11-20
-
- * fix windows-31j and x-sjis encoding support (@nleush)
- * minor fix: undefined variable reference when internal error happens
-
-
-# 0.4.4 / 2014-07-16
-
- * added encodings UTF-7 (RFC2152) and UTF-7-IMAP (RFC3501 Section 5.1.3)
- * fixed streaming base64 encoding
-
-
-# 0.4.3 / 2014-06-14
-
- * added encodings UTF-16BE and UTF-16 with BOM
-
-
-# 0.4.2 / 2014-06-12
-
- * don't throw exception if `extendNodeEncodings()` is called more than once
-
-
-# 0.4.1 / 2014-06-11
-
- * codepage 808 added
-
-
-# 0.4.0 / 2014-06-10
-
- * code is rewritten from scratch
- * all widespread encodings are supported
- * streaming interface added
- * browserify compatibility added
- * (optional) extend core primitive encodings to make usage even simpler
- * moved from vows to mocha as the testing framework
-
-
diff --git a/src/Servers/ExpressServer/node_modules/iconv-lite/LICENSE b/src/Servers/ExpressServer/node_modules/iconv-lite/LICENSE
deleted file mode 100644
index d518d83..0000000
--- a/src/Servers/ExpressServer/node_modules/iconv-lite/LICENSE
+++ /dev/null
@@ -1,21 +0,0 @@
-Copyright (c) 2011 Alexander Shtuchkin
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-"Software"), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
diff --git a/src/Servers/ExpressServer/node_modules/iconv-lite/README.md b/src/Servers/ExpressServer/node_modules/iconv-lite/README.md
deleted file mode 100644
index c981c37..0000000
--- a/src/Servers/ExpressServer/node_modules/iconv-lite/README.md
+++ /dev/null
@@ -1,156 +0,0 @@
-## Pure JS character encoding conversion [![Build Status](https://travis-ci.org/ashtuchkin/iconv-lite.svg?branch=master)](https://travis-ci.org/ashtuchkin/iconv-lite)
-
- * Doesn't need native code compilation. Works on Windows and in sandboxed environments like [Cloud9](http://c9.io).
- * Used in popular projects like [Express.js (body_parser)](https://github.com/expressjs/body-parser), 
-   [Grunt](http://gruntjs.com/), [Nodemailer](http://www.nodemailer.com/), [Yeoman](http://yeoman.io/) and others.
- * Faster than [node-iconv](https://github.com/bnoordhuis/node-iconv) (see below for performance comparison).
- * Intuitive encode/decode API
- * Streaming support for Node v0.10+
- * [Deprecated] Can extend Node.js primitives (buffers, streams) to support all iconv-lite encodings.
- * In-browser usage via [Browserify](https://github.com/substack/node-browserify) (~180k gzip compressed with Buffer shim included).
- * Typescript [type definition file](https://github.com/ashtuchkin/iconv-lite/blob/master/lib/index.d.ts) included.
- * React Native is supported (need to explicitly `npm install` two more modules: `buffer` and `stream`).
- * License: MIT.
-
-[![NPM Stats](https://nodei.co/npm/iconv-lite.png?downloads=true&downloadRank=true)](https://npmjs.org/packages/iconv-lite/)
-
-## Usage
-### Basic API
-```javascript
-var iconv = require('iconv-lite');
-
-// Convert from an encoded buffer to js string.
-str = iconv.decode(Buffer.from([0x68, 0x65, 0x6c, 0x6c, 0x6f]), 'win1251');
-
-// Convert from js string to an encoded buffer.
-buf = iconv.encode("Sample input string", 'win1251');
-
-// Check if encoding is supported
-iconv.encodingExists("us-ascii")
-```
-
-### Streaming API (Node v0.10+)
-```javascript
-
-// Decode stream (from binary stream to js strings)
-http.createServer(function(req, res) {
-    var converterStream = iconv.decodeStream('win1251');
-    req.pipe(converterStream);
-
-    converterStream.on('data', function(str) {
-        console.log(str); // Do something with decoded strings, chunk-by-chunk.
-    });
-});
-
-// Convert encoding streaming example
-fs.createReadStream('file-in-win1251.txt')
-    .pipe(iconv.decodeStream('win1251'))
-    .pipe(iconv.encodeStream('ucs2'))
-    .pipe(fs.createWriteStream('file-in-ucs2.txt'));
-
-// Sugar: all encode/decode streams have .collect(cb) method to accumulate data.
-http.createServer(function(req, res) {
-    req.pipe(iconv.decodeStream('win1251')).collect(function(err, body) {
-        assert(typeof body == 'string');
-        console.log(body); // full request body string
-    });
-});
-```
-
-### [Deprecated] Extend Node.js own encodings
-> NOTE: This doesn't work on latest Node versions. See [details](https://github.com/ashtuchkin/iconv-lite/wiki/Node-v4-compatibility).
-
-```javascript
-// After this call all Node basic primitives will understand iconv-lite encodings.
-iconv.extendNodeEncodings();
-
-// Examples:
-buf = new Buffer(str, 'win1251');
-buf.write(str, 'gbk');
-str = buf.toString('latin1');
-assert(Buffer.isEncoding('iso-8859-15'));
-Buffer.byteLength(str, 'us-ascii');
-
-http.createServer(function(req, res) {
-    req.setEncoding('big5');
-    req.collect(function(err, body) {
-        console.log(body);
-    });
-});
-
-fs.createReadStream("file.txt", "shift_jis");
-
-// External modules are also supported (if they use Node primitives, which they probably do).
-request = require('request');
-request({
-    url: "http://github.com/", 
-    encoding: "cp932"
-});
-
-// To remove extensions
-iconv.undoExtendNodeEncodings();
-```
-
-## Supported encodings
-
- *  All node.js native encodings: utf8, ucs2 / utf16-le, ascii, binary, base64, hex.
- *  Additional unicode encodings: utf16, utf16-be, utf-7, utf-7-imap.
- *  All widespread singlebyte encodings: Windows 125x family, ISO-8859 family, 
-    IBM/DOS codepages, Macintosh family, KOI8 family, all others supported by iconv library. 
-    Aliases like 'latin1', 'us-ascii' also supported.
- *  All widespread multibyte encodings: CP932, CP936, CP949, CP950, GB2312, GBK, GB18030, Big5, Shift_JIS, EUC-JP.
-
-See [all supported encodings on wiki](https://github.com/ashtuchkin/iconv-lite/wiki/Supported-Encodings).
-
-Most singlebyte encodings are generated automatically from [node-iconv](https://github.com/bnoordhuis/node-iconv). Thank you Ben Noordhuis and libiconv authors!
-
-Multibyte encodings are generated from [Unicode.org mappings](http://www.unicode.org/Public/MAPPINGS/) and [WHATWG Encoding Standard mappings](http://encoding.spec.whatwg.org/). Thank you, respective authors!
-
-
-## Encoding/decoding speed
-
-Comparison with node-iconv module (1000x256kb, on MacBook Pro, Core i5/2.6 GHz, Node v0.12.0). 
-Note: your results may vary, so please always check on your hardware.
-
-    operation             iconv@2.1.4   iconv-lite@0.4.7
-    ----------------------------------------------------------
-    encode('win1251')     ~96 Mb/s      ~320 Mb/s
-    decode('win1251')     ~95 Mb/s      ~246 Mb/s
-
-## BOM handling
-
- * Decoding: BOM is stripped by default, unless overridden by passing `stripBOM: false` in options
-   (f.ex. `iconv.decode(buf, enc, {stripBOM: false})`).
-   A callback might also be given as a `stripBOM` parameter - it'll be called if BOM character was actually found.
- * If you want to detect UTF-8 BOM when decoding other encodings, use [node-autodetect-decoder-stream](https://github.com/danielgindi/node-autodetect-decoder-stream) module.
- * Encoding: No BOM added, unless overridden by `addBOM: true` option.
-
-## UTF-16 Encodings
-
-This library supports UTF-16LE, UTF-16BE and UTF-16 encodings. First two are straightforward, but UTF-16 is trying to be
-smart about endianness in the following ways:
- * Decoding: uses BOM and 'spaces heuristic' to determine input endianness. Default is UTF-16LE, but can be 
-   overridden with `defaultEncoding: 'utf-16be'` option. Strips BOM unless `stripBOM: false`.
- * Encoding: uses UTF-16LE and writes BOM by default. Use `addBOM: false` to override.
-
-## Other notes
-
-When decoding, be sure to supply a Buffer to decode() method, otherwise [bad things usually happen](https://github.com/ashtuchkin/iconv-lite/wiki/Use-Buffers-when-decoding).  
-Untranslatable characters are set to � or ?. No transliteration is currently supported.  
-Node versions 0.10.31 and 0.11.13 are buggy, don't use them (see #65, #77).  
-
-## Testing
-
-```bash
-$ git clone git@github.com:ashtuchkin/iconv-lite.git
-$ cd iconv-lite
-$ npm install
-$ npm test
-    
-$ # To view performance:
-$ node test/performance.js
-
-$ # To view test coverage:
-$ npm run coverage
-$ open coverage/lcov-report/index.html
-```
diff --git a/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/dbcs-codec.js b/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/dbcs-codec.js
deleted file mode 100644
index 1fe3e16..0000000
--- a/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/dbcs-codec.js
+++ /dev/null
@@ -1,555 +0,0 @@
-"use strict";
-var Buffer = require("safer-buffer").Buffer;
-
-// Multibyte codec. In this scheme, a character is represented by 1 or more bytes.
-// Our codec supports UTF-16 surrogates, extensions for GB18030 and unicode sequences.
-// To save memory and loading time, we read table files only when requested.
-
-exports._dbcs = DBCSCodec;
-
-var UNASSIGNED = -1,
-    GB18030_CODE = -2,
-    SEQ_START  = -10,
-    NODE_START = -1000,
-    UNASSIGNED_NODE = new Array(0x100),
-    DEF_CHAR = -1;
-
-for (var i = 0; i < 0x100; i++)
-    UNASSIGNED_NODE[i] = UNASSIGNED;
-
-
-// Class DBCSCodec reads and initializes mapping tables.
-function DBCSCodec(codecOptions, iconv) {
-    this.encodingName = codecOptions.encodingName;
-    if (!codecOptions)
-        throw new Error("DBCS codec is called without the data.")
-    if (!codecOptions.table)
-        throw new Error("Encoding '" + this.encodingName + "' has no data.");
-
-    // Load tables.
-    var mappingTable = codecOptions.table();
-
-
-    // Decode tables: MBCS -> Unicode.
-
-    // decodeTables is a trie, encoded as an array of arrays of integers. Internal arrays are trie nodes and all have len = 256.
-    // Trie root is decodeTables[0].
-    // Values: >=  0 -> unicode character code. can be > 0xFFFF
-    //         == UNASSIGNED -> unknown/unassigned sequence.
-    //         == GB18030_CODE -> this is the end of a GB18030 4-byte sequence.
-    //         <= NODE_START -> index of the next node in our trie to process next byte.
-    //         <= SEQ_START  -> index of the start of a character code sequence, in decodeTableSeq.
-    this.decodeTables = [];
-    this.decodeTables[0] = UNASSIGNED_NODE.slice(0); // Create root node.
-
-    // Sometimes a MBCS char corresponds to a sequence of unicode chars. We store them as arrays of integers here. 
-    this.decodeTableSeq = [];
-
-    // Actual mapping tables consist of chunks. Use them to fill up decode tables.
-    for (var i = 0; i < mappingTable.length; i++)
-        this._addDecodeChunk(mappingTable[i]);
-
-    this.defaultCharUnicode = iconv.defaultCharUnicode;
-
-    
-    // Encode tables: Unicode -> DBCS.
-
-    // `encodeTable` is array mapping from unicode char to encoded char. All its values are integers for performance.
-    // Because it can be sparse, it is represented as array of buckets by 256 chars each. Bucket can be null.
-    // Values: >=  0 -> it is a normal char. Write the value (if <=256 then 1 byte, if <=65536 then 2 bytes, etc.).
-    //         == UNASSIGNED -> no conversion found. Output a default char.
-    //         <= SEQ_START  -> it's an index in encodeTableSeq, see below. The character starts a sequence.
-    this.encodeTable = [];
-    
-    // `encodeTableSeq` is used when a sequence of unicode characters is encoded as a single code. We use a tree of
-    // objects where keys correspond to characters in sequence and leafs are the encoded dbcs values. A special DEF_CHAR key
-    // means end of sequence (needed when one sequence is a strict subsequence of another).
-    // Objects are kept separately from encodeTable to increase performance.
-    this.encodeTableSeq = [];
-
-    // Some chars can be decoded, but need not be encoded.
-    var skipEncodeChars = {};
-    if (codecOptions.encodeSkipVals)
-        for (var i = 0; i < codecOptions.encodeSkipVals.length; i++) {
-            var val = codecOptions.encodeSkipVals[i];
-            if (typeof val === 'number')
-                skipEncodeChars[val] = true;
-            else
-                for (var j = val.from; j <= val.to; j++)
-                    skipEncodeChars[j] = true;
-        }
-        
-    // Use decode trie to recursively fill out encode tables.
-    this._fillEncodeTable(0, 0, skipEncodeChars);
-
-    // Add more encoding pairs when needed.
-    if (codecOptions.encodeAdd) {
-        for (var uChar in codecOptions.encodeAdd)
-            if (Object.prototype.hasOwnProperty.call(codecOptions.encodeAdd, uChar))
-                this._setEncodeChar(uChar.charCodeAt(0), codecOptions.encodeAdd[uChar]);
-    }
-
-    this.defCharSB  = this.encodeTable[0][iconv.defaultCharSingleByte.charCodeAt(0)];
-    if (this.defCharSB === UNASSIGNED) this.defCharSB = this.encodeTable[0]['?'];
-    if (this.defCharSB === UNASSIGNED) this.defCharSB = "?".charCodeAt(0);
-
-
-    // Load & create GB18030 tables when needed.
-    if (typeof codecOptions.gb18030 === 'function') {
-        this.gb18030 = codecOptions.gb18030(); // Load GB18030 ranges.
-
-        // Add GB18030 decode tables.
-        var thirdByteNodeIdx = this.decodeTables.length;
-        var thirdByteNode = this.decodeTables[thirdByteNodeIdx] = UNASSIGNED_NODE.slice(0);
-
-        var fourthByteNodeIdx = this.decodeTables.length;
-        var fourthByteNode = this.decodeTables[fourthByteNodeIdx] = UNASSIGNED_NODE.slice(0);
-
-        for (var i = 0x81; i <= 0xFE; i++) {
-            var secondByteNodeIdx = NODE_START - this.decodeTables[0][i];
-            var secondByteNode = this.decodeTables[secondByteNodeIdx];
-            for (var j = 0x30; j <= 0x39; j++)
-                secondByteNode[j] = NODE_START - thirdByteNodeIdx;
-        }
-        for (var i = 0x81; i <= 0xFE; i++)
-            thirdByteNode[i] = NODE_START - fourthByteNodeIdx;
-        for (var i = 0x30; i <= 0x39; i++)
-            fourthByteNode[i] = GB18030_CODE
-    }        
-}
-
-DBCSCodec.prototype.encoder = DBCSEncoder;
-DBCSCodec.prototype.decoder = DBCSDecoder;
-
-// Decoder helpers
-DBCSCodec.prototype._getDecodeTrieNode = function(addr) {
-    var bytes = [];
-    for (; addr > 0; addr >>= 8)
-        bytes.push(addr & 0xFF);
-    if (bytes.length == 0)
-        bytes.push(0);
-
-    var node = this.decodeTables[0];
-    for (var i = bytes.length-1; i > 0; i--) { // Traverse nodes deeper into the trie.
-        var val = node[bytes[i]];
-
-        if (val == UNASSIGNED) { // Create new node.
-            node[bytes[i]] = NODE_START - this.decodeTables.length;
-            this.decodeTables.push(node = UNASSIGNED_NODE.slice(0));
-        }
-        else if (val <= NODE_START) { // Existing node.
-            node = this.decodeTables[NODE_START - val];
-        }
-        else
-            throw new Error("Overwrite byte in " + this.encodingName + ", addr: " + addr.toString(16));
-    }
-    return node;
-}
-
-
-DBCSCodec.prototype._addDecodeChunk = function(chunk) {
-    // First element of chunk is the hex mbcs code where we start.
-    var curAddr = parseInt(chunk[0], 16);
-
-    // Choose the decoding node where we'll write our chars.
-    var writeTable = this._getDecodeTrieNode(curAddr);
-    curAddr = curAddr & 0xFF;
-
-    // Write all other elements of the chunk to the table.
-    for (var k = 1; k < chunk.length; k++) {
-        var part = chunk[k];
-        if (typeof part === "string") { // String, write as-is.
-            for (var l = 0; l < part.length;) {
-                var code = part.charCodeAt(l++);
-                if (0xD800 <= code && code < 0xDC00) { // Decode surrogate
-                    var codeTrail = part.charCodeAt(l++);
-                    if (0xDC00 <= codeTrail && codeTrail < 0xE000)
-                        writeTable[curAddr++] = 0x10000 + (code - 0xD800) * 0x400 + (codeTrail - 0xDC00);
-                    else
-                        throw new Error("Incorrect surrogate pair in "  + this.encodingName + " at chunk " + chunk[0]);
-                }
-                else if (0x0FF0 < code && code <= 0x0FFF) { // Character sequence (our own encoding used)
-                    var len = 0xFFF - code + 2;
-                    var seq = [];
-                    for (var m = 0; m < len; m++)
-                        seq.push(part.charCodeAt(l++)); // Simple variation: don't support surrogates or subsequences in seq.
-
-                    writeTable[curAddr++] = SEQ_START - this.decodeTableSeq.length;
-                    this.decodeTableSeq.push(seq);
-                }
-                else
-                    writeTable[curAddr++] = code; // Basic char
-            }
-        } 
-        else if (typeof part === "number") { // Integer, meaning increasing sequence starting with prev character.
-            var charCode = writeTable[curAddr - 1] + 1;
-            for (var l = 0; l < part; l++)
-                writeTable[curAddr++] = charCode++;
-        }
-        else
-            throw new Error("Incorrect type '" + typeof part + "' given in "  + this.encodingName + " at chunk " + chunk[0]);
-    }
-    if (curAddr > 0xFF)
-        throw new Error("Incorrect chunk in "  + this.encodingName + " at addr " + chunk[0] + ": too long" + curAddr);
-}
-
-// Encoder helpers
-DBCSCodec.prototype._getEncodeBucket = function(uCode) {
-    var high = uCode >> 8; // This could be > 0xFF because of astral characters.
-    if (this.encodeTable[high] === undefined)
-        this.encodeTable[high] = UNASSIGNED_NODE.slice(0); // Create bucket on demand.
-    return this.encodeTable[high];
-}
-
-DBCSCodec.prototype._setEncodeChar = function(uCode, dbcsCode) {
-    var bucket = this._getEncodeBucket(uCode);
-    var low = uCode & 0xFF;
-    if (bucket[low] <= SEQ_START)
-        this.encodeTableSeq[SEQ_START-bucket[low]][DEF_CHAR] = dbcsCode; // There's already a sequence, set a single-char subsequence of it.
-    else if (bucket[low] == UNASSIGNED)
-        bucket[low] = dbcsCode;
-}
-
-DBCSCodec.prototype._setEncodeSequence = function(seq, dbcsCode) {
-    
-    // Get the root of character tree according to first character of the sequence.
-    var uCode = seq[0];
-    var bucket = this._getEncodeBucket(uCode);
-    var low = uCode & 0xFF;
-
-    var node;
-    if (bucket[low] <= SEQ_START) {
-        // There's already a sequence with  - use it.
-        node = this.encodeTableSeq[SEQ_START-bucket[low]];
-    }
-    else {
-        // There was no sequence object - allocate a new one.
-        node = {};
-        if (bucket[low] !== UNASSIGNED) node[DEF_CHAR] = bucket[low]; // If a char was set before - make it a single-char subsequence.
-        bucket[low] = SEQ_START - this.encodeTableSeq.length;
-        this.encodeTableSeq.push(node);
-    }
-
-    // Traverse the character tree, allocating new nodes as needed.
-    for (var j = 1; j < seq.length-1; j++) {
-        var oldVal = node[uCode];
-        if (typeof oldVal === 'object')
-            node = oldVal;
-        else {
-            node = node[uCode] = {}
-            if (oldVal !== undefined)
-                node[DEF_CHAR] = oldVal
-        }
-    }
-
-    // Set the leaf to given dbcsCode.
-    uCode = seq[seq.length-1];
-    node[uCode] = dbcsCode;
-}
-
-DBCSCodec.prototype._fillEncodeTable = function(nodeIdx, prefix, skipEncodeChars) {
-    var node = this.decodeTables[nodeIdx];
-    for (var i = 0; i < 0x100; i++) {
-        var uCode = node[i];
-        var mbCode = prefix + i;
-        if (skipEncodeChars[mbCode])
-            continue;
-
-        if (uCode >= 0)
-            this._setEncodeChar(uCode, mbCode);
-        else if (uCode <= NODE_START)
-            this._fillEncodeTable(NODE_START - uCode, mbCode << 8, skipEncodeChars);
-        else if (uCode <= SEQ_START)
-            this._setEncodeSequence(this.decodeTableSeq[SEQ_START - uCode], mbCode);
-    }
-}
-
-
-
-// == Encoder ==================================================================
-
-function DBCSEncoder(options, codec) {
-    // Encoder state
-    this.leadSurrogate = -1;
-    this.seqObj = undefined;
-    
-    // Static data
-    this.encodeTable = codec.encodeTable;
-    this.encodeTableSeq = codec.encodeTableSeq;
-    this.defaultCharSingleByte = codec.defCharSB;
-    this.gb18030 = codec.gb18030;
-}
-
-DBCSEncoder.prototype.write = function(str) {
-    var newBuf = Buffer.alloc(str.length * (this.gb18030 ? 4 : 3)),
-        leadSurrogate = this.leadSurrogate,
-        seqObj = this.seqObj, nextChar = -1,
-        i = 0, j = 0;
-
-    while (true) {
-        // 0. Get next character.
-        if (nextChar === -1) {
-            if (i == str.length) break;
-            var uCode = str.charCodeAt(i++);
-        }
-        else {
-            var uCode = nextChar;
-            nextChar = -1;    
-        }
-
-        // 1. Handle surrogates.
-        if (0xD800 <= uCode && uCode < 0xE000) { // Char is one of surrogates.
-            if (uCode < 0xDC00) { // We've got lead surrogate.
-                if (leadSurrogate === -1) {
-                    leadSurrogate = uCode;
-                    continue;
-                } else {
-                    leadSurrogate = uCode;
-                    // Double lead surrogate found.
-                    uCode = UNASSIGNED;
-                }
-            } else { // We've got trail surrogate.
-                if (leadSurrogate !== -1) {
-                    uCode = 0x10000 + (leadSurrogate - 0xD800) * 0x400 + (uCode - 0xDC00);
-                    leadSurrogate = -1;
-                } else {
-                    // Incomplete surrogate pair - only trail surrogate found.
-                    uCode = UNASSIGNED;
-                }
-                
-            }
-        }
-        else if (leadSurrogate !== -1) {
-            // Incomplete surrogate pair - only lead surrogate found.
-            nextChar = uCode; uCode = UNASSIGNED; // Write an error, then current char.
-            leadSurrogate = -1;
-        }
-
-        // 2. Convert uCode character.
-        var dbcsCode = UNASSIGNED;
-        if (seqObj !== undefined && uCode != UNASSIGNED) { // We are in the middle of the sequence
-            var resCode = seqObj[uCode];
-            if (typeof resCode === 'object') { // Sequence continues.
-                seqObj = resCode;
-                continue;
-
-            } else if (typeof resCode == 'number') { // Sequence finished. Write it.
-                dbcsCode = resCode;
-
-            } else if (resCode == undefined) { // Current character is not part of the sequence.
-
-                // Try default character for this sequence
-                resCode = seqObj[DEF_CHAR];
-                if (resCode !== undefined) {
-                    dbcsCode = resCode; // Found. Write it.
-                    nextChar = uCode; // Current character will be written too in the next iteration.
-
-                } else {
-                    // TODO: What if we have no default? (resCode == undefined)
-                    // Then, we should write first char of the sequence as-is and try the rest recursively.
-                    // Didn't do it for now because no encoding has this situation yet.
-                    // Currently, just skip the sequence and write current char.
-                }
-            }
-            seqObj = undefined;
-        }
-        else if (uCode >= 0) {  // Regular character
-            var subtable = this.encodeTable[uCode >> 8];
-            if (subtable !== undefined)
-                dbcsCode = subtable[uCode & 0xFF];
-            
-            if (dbcsCode <= SEQ_START) { // Sequence start
-                seqObj = this.encodeTableSeq[SEQ_START-dbcsCode];
-                continue;
-            }
-
-            if (dbcsCode == UNASSIGNED && this.gb18030) {
-                // Use GB18030 algorithm to find character(s) to write.
-                var idx = findIdx(this.gb18030.uChars, uCode);
-                if (idx != -1) {
-                    var dbcsCode = this.gb18030.gbChars[idx] + (uCode - this.gb18030.uChars[idx]);
-                    newBuf[j++] = 0x81 + Math.floor(dbcsCode / 12600); dbcsCode = dbcsCode % 12600;
-                    newBuf[j++] = 0x30 + Math.floor(dbcsCode / 1260); dbcsCode = dbcsCode % 1260;
-                    newBuf[j++] = 0x81 + Math.floor(dbcsCode / 10); dbcsCode = dbcsCode % 10;
-                    newBuf[j++] = 0x30 + dbcsCode;
-                    continue;
-                }
-            }
-        }
-
-        // 3. Write dbcsCode character.
-        if (dbcsCode === UNASSIGNED)
-            dbcsCode = this.defaultCharSingleByte;
-        
-        if (dbcsCode < 0x100) {
-            newBuf[j++] = dbcsCode;
-        }
-        else if (dbcsCode < 0x10000) {
-            newBuf[j++] = dbcsCode >> 8;   // high byte
-            newBuf[j++] = dbcsCode & 0xFF; // low byte
-        }
-        else {
-            newBuf[j++] = dbcsCode >> 16;
-            newBuf[j++] = (dbcsCode >> 8) & 0xFF;
-            newBuf[j++] = dbcsCode & 0xFF;
-        }
-    }
-
-    this.seqObj = seqObj;
-    this.leadSurrogate = leadSurrogate;
-    return newBuf.slice(0, j);
-}
-
-DBCSEncoder.prototype.end = function() {
-    if (this.leadSurrogate === -1 && this.seqObj === undefined)
-        return; // All clean. Most often case.
-
-    var newBuf = Buffer.alloc(10), j = 0;
-
-    if (this.seqObj) { // We're in the sequence.
-        var dbcsCode = this.seqObj[DEF_CHAR];
-        if (dbcsCode !== undefined) { // Write beginning of the sequence.
-            if (dbcsCode < 0x100) {
-                newBuf[j++] = dbcsCode;
-            }
-            else {
-                newBuf[j++] = dbcsCode >> 8;   // high byte
-                newBuf[j++] = dbcsCode & 0xFF; // low byte
-            }
-        } else {
-            // See todo above.
-        }
-        this.seqObj = undefined;
-    }
-
-    if (this.leadSurrogate !== -1) {
-        // Incomplete surrogate pair - only lead surrogate found.
-        newBuf[j++] = this.defaultCharSingleByte;
-        this.leadSurrogate = -1;
-    }
-    
-    return newBuf.slice(0, j);
-}
-
-// Export for testing
-DBCSEncoder.prototype.findIdx = findIdx;
-
-
-// == Decoder ==================================================================
-
-function DBCSDecoder(options, codec) {
-    // Decoder state
-    this.nodeIdx = 0;
-    this.prevBuf = Buffer.alloc(0);
-
-    // Static data
-    this.decodeTables = codec.decodeTables;
-    this.decodeTableSeq = codec.decodeTableSeq;
-    this.defaultCharUnicode = codec.defaultCharUnicode;
-    this.gb18030 = codec.gb18030;
-}
-
-DBCSDecoder.prototype.write = function(buf) {
-    var newBuf = Buffer.alloc(buf.length*2),
-        nodeIdx = this.nodeIdx, 
-        prevBuf = this.prevBuf, prevBufOffset = this.prevBuf.length,
-        seqStart = -this.prevBuf.length, // idx of the start of current parsed sequence.
-        uCode;
-
-    if (prevBufOffset > 0) // Make prev buf overlap a little to make it easier to slice later.
-        prevBuf = Buffer.concat([prevBuf, buf.slice(0, 10)]);
-    
-    for (var i = 0, j = 0; i < buf.length; i++) {
-        var curByte = (i >= 0) ? buf[i] : prevBuf[i + prevBufOffset];
-
-        // Lookup in current trie node.
-        var uCode = this.decodeTables[nodeIdx][curByte];
-
-        if (uCode >= 0) { 
-            // Normal character, just use it.
-        }
-        else if (uCode === UNASSIGNED) { // Unknown char.
-            // TODO: Callback with seq.
-            //var curSeq = (seqStart >= 0) ? buf.slice(seqStart, i+1) : prevBuf.slice(seqStart + prevBufOffset, i+1 + prevBufOffset);
-            i = seqStart; // Try to parse again, after skipping first byte of the sequence ('i' will be incremented by 'for' cycle).
-            uCode = this.defaultCharUnicode.charCodeAt(0);
-        }
-        else if (uCode === GB18030_CODE) {
-            var curSeq = (seqStart >= 0) ? buf.slice(seqStart, i+1) : prevBuf.slice(seqStart + prevBufOffset, i+1 + prevBufOffset);
-            var ptr = (curSeq[0]-0x81)*12600 + (curSeq[1]-0x30)*1260 + (curSeq[2]-0x81)*10 + (curSeq[3]-0x30);
-            var idx = findIdx(this.gb18030.gbChars, ptr);
-            uCode = this.gb18030.uChars[idx] + ptr - this.gb18030.gbChars[idx];
-        }
-        else if (uCode <= NODE_START) { // Go to next trie node.
-            nodeIdx = NODE_START - uCode;
-            continue;
-        }
-        else if (uCode <= SEQ_START) { // Output a sequence of chars.
-            var seq = this.decodeTableSeq[SEQ_START - uCode];
-            for (var k = 0; k < seq.length - 1; k++) {
-                uCode = seq[k];
-                newBuf[j++] = uCode & 0xFF;
-                newBuf[j++] = uCode >> 8;
-            }
-            uCode = seq[seq.length-1];
-        }
-        else
-            throw new Error("iconv-lite internal error: invalid decoding table value " + uCode + " at " + nodeIdx + "/" + curByte);
-
-        // Write the character to buffer, handling higher planes using surrogate pair.
-        if (uCode > 0xFFFF) { 
-            uCode -= 0x10000;
-            var uCodeLead = 0xD800 + Math.floor(uCode / 0x400);
-            newBuf[j++] = uCodeLead & 0xFF;
-            newBuf[j++] = uCodeLead >> 8;
-
-            uCode = 0xDC00 + uCode % 0x400;
-        }
-        newBuf[j++] = uCode & 0xFF;
-        newBuf[j++] = uCode >> 8;
-
-        // Reset trie node.
-        nodeIdx = 0; seqStart = i+1;
-    }
-
-    this.nodeIdx = nodeIdx;
-    this.prevBuf = (seqStart >= 0) ? buf.slice(seqStart) : prevBuf.slice(seqStart + prevBufOffset);
-    return newBuf.slice(0, j).toString('ucs2');
-}
-
-DBCSDecoder.prototype.end = function() {
-    var ret = '';
-
-    // Try to parse all remaining chars.
-    while (this.prevBuf.length > 0) {
-        // Skip 1 character in the buffer.
-        ret += this.defaultCharUnicode;
-        var buf = this.prevBuf.slice(1);
-
-        // Parse remaining as usual.
-        this.prevBuf = Buffer.alloc(0);
-        this.nodeIdx = 0;
-        if (buf.length > 0)
-            ret += this.write(buf);
-    }
-
-    this.nodeIdx = 0;
-    return ret;
-}
-
-// Binary search for GB18030. Returns largest i such that table[i] <= val.
-function findIdx(table, val) {
-    if (table[0] > val)
-        return -1;
-
-    var l = 0, r = table.length;
-    while (l < r-1) { // always table[l] <= val < table[r]
-        var mid = l + Math.floor((r-l+1)/2);
-        if (table[mid] <= val)
-            l = mid;
-        else
-            r = mid;
-    }
-    return l;
-}
-
diff --git a/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/dbcs-data.js b/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/dbcs-data.js
deleted file mode 100644
index 4b61914..0000000
--- a/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/dbcs-data.js
+++ /dev/null
@@ -1,176 +0,0 @@
-"use strict";
-
-// Description of supported double byte encodings and aliases.
-// Tables are not require()-d until they are needed to speed up library load.
-// require()-s are direct to support Browserify.
-
-module.exports = {
-    
-    // == Japanese/ShiftJIS ====================================================
-    // All japanese encodings are based on JIS X set of standards:
-    // JIS X 0201 - Single-byte encoding of ASCII + ¥ + Kana chars at 0xA1-0xDF.
-    // JIS X 0208 - Main set of 6879 characters, placed in 94x94 plane, to be encoded by 2 bytes. 
-    //              Has several variations in 1978, 1983, 1990 and 1997.
-    // JIS X 0212 - Supplementary plane of 6067 chars in 94x94 plane. 1990. Effectively dead.
-    // JIS X 0213 - Extension and modern replacement of 0208 and 0212. Total chars: 11233.
-    //              2 planes, first is superset of 0208, second - revised 0212.
-    //              Introduced in 2000, revised 2004. Some characters are in Unicode Plane 2 (0x2xxxx)
-
-    // Byte encodings are:
-    //  * Shift_JIS: Compatible with 0201, uses not defined chars in top half as lead bytes for double-byte
-    //               encoding of 0208. Lead byte ranges: 0x81-0x9F, 0xE0-0xEF; Trail byte ranges: 0x40-0x7E, 0x80-0x9E, 0x9F-0xFC.
-    //               Windows CP932 is a superset of Shift_JIS. Some companies added more chars, notably KDDI.
-    //  * EUC-JP:    Up to 3 bytes per character. Used mostly on *nixes.
-    //               0x00-0x7F       - lower part of 0201
-    //               0x8E, 0xA1-0xDF - upper part of 0201
-    //               (0xA1-0xFE)x2   - 0208 plane (94x94).
-    //               0x8F, (0xA1-0xFE)x2 - 0212 plane (94x94).
-    //  * JIS X 208: 7-bit, direct encoding of 0208. Byte ranges: 0x21-0x7E (94 values). Uncommon.
-    //               Used as-is in ISO2022 family.
-    //  * ISO2022-JP: Stateful encoding, with escape sequences to switch between ASCII, 
-    //                0201-1976 Roman, 0208-1978, 0208-1983.
-    //  * ISO2022-JP-1: Adds esc seq for 0212-1990.
-    //  * ISO2022-JP-2: Adds esc seq for GB2313-1980, KSX1001-1992, ISO8859-1, ISO8859-7.
-    //  * ISO2022-JP-3: Adds esc seq for 0201-1976 Kana set, 0213-2000 Planes 1, 2.
-    //  * ISO2022-JP-2004: Adds 0213-2004 Plane 1.
-    //
-    // After JIS X 0213 appeared, Shift_JIS-2004, EUC-JISX0213 and ISO2022-JP-2004 followed, with just changing the planes.
-    //
-    // Overall, it seems that it's a mess :( http://www8.plala.or.jp/tkubota1/unicode-symbols-map2.html
-
-    'shiftjis': {
-        type: '_dbcs',
-        table: function() { return require('./tables/shiftjis.json') },
-        encodeAdd: {'\u00a5': 0x5C, '\u203E': 0x7E},
-        encodeSkipVals: [{from: 0xED40, to: 0xF940}],
-    },
-    'csshiftjis': 'shiftjis',
-    'mskanji': 'shiftjis',
-    'sjis': 'shiftjis',
-    'windows31j': 'shiftjis',
-    'ms31j': 'shiftjis',
-    'xsjis': 'shiftjis',
-    'windows932': 'shiftjis',
-    'ms932': 'shiftjis',
-    '932': 'shiftjis',
-    'cp932': 'shiftjis',
-
-    'eucjp': {
-        type: '_dbcs',
-        table: function() { return require('./tables/eucjp.json') },
-        encodeAdd: {'\u00a5': 0x5C, '\u203E': 0x7E},
-    },
-
-    // TODO: KDDI extension to Shift_JIS
-    // TODO: IBM CCSID 942 = CP932, but F0-F9 custom chars and other char changes.
-    // TODO: IBM CCSID 943 = Shift_JIS = CP932 with original Shift_JIS lower 128 chars.
-
-
-    // == Chinese/GBK ==========================================================
-    // http://en.wikipedia.org/wiki/GBK
-    // We mostly implement W3C recommendation: https://www.w3.org/TR/encoding/#gbk-encoder
-
-    // Oldest GB2312 (1981, ~7600 chars) is a subset of CP936
-    'gb2312': 'cp936',
-    'gb231280': 'cp936',
-    'gb23121980': 'cp936',
-    'csgb2312': 'cp936',
-    'csiso58gb231280': 'cp936',
-    'euccn': 'cp936',
-
-    // Microsoft's CP936 is a subset and approximation of GBK.
-    'windows936': 'cp936',
-    'ms936': 'cp936',
-    '936': 'cp936',
-    'cp936': {
-        type: '_dbcs',
-        table: function() { return require('./tables/cp936.json') },
-    },
-
-    // GBK (~22000 chars) is an extension of CP936 that added user-mapped chars and some other.
-    'gbk': {
-        type: '_dbcs',
-        table: function() { return require('./tables/cp936.json').concat(require('./tables/gbk-added.json')) },
-    },
-    'xgbk': 'gbk',
-    'isoir58': 'gbk',
-
-    // GB18030 is an algorithmic extension of GBK.
-    // Main source: https://www.w3.org/TR/encoding/#gbk-encoder
-    // http://icu-project.org/docs/papers/gb18030.html
-    // http://source.icu-project.org/repos/icu/data/trunk/charset/data/xml/gb-18030-2000.xml
-    // http://www.khngai.com/chinese/charmap/tblgbk.php?page=0
-    'gb18030': {
-        type: '_dbcs',
-        table: function() { return require('./tables/cp936.json').concat(require('./tables/gbk-added.json')) },
-        gb18030: function() { return require('./tables/gb18030-ranges.json') },
-        encodeSkipVals: [0x80],
-        encodeAdd: {'€': 0xA2E3},
-    },
-
-    'chinese': 'gb18030',
-
-
-    // == Korean ===============================================================
-    // EUC-KR, KS_C_5601 and KS X 1001 are exactly the same.
-    'windows949': 'cp949',
-    'ms949': 'cp949',
-    '949': 'cp949',
-    'cp949': {
-        type: '_dbcs',
-        table: function() { return require('./tables/cp949.json') },
-    },
-
-    'cseuckr': 'cp949',
-    'csksc56011987': 'cp949',
-    'euckr': 'cp949',
-    'isoir149': 'cp949',
-    'korean': 'cp949',
-    'ksc56011987': 'cp949',
-    'ksc56011989': 'cp949',
-    'ksc5601': 'cp949',
-
-
-    // == Big5/Taiwan/Hong Kong ================================================
-    // There are lots of tables for Big5 and cp950. Please see the following links for history:
-    // http://moztw.org/docs/big5/  http://www.haible.de/bruno/charsets/conversion-tables/Big5.html
-    // Variations, in roughly number of defined chars:
-    //  * Windows CP 950: Microsoft variant of Big5. Canonical: http://www.unicode.org/Public/MAPPINGS/VENDORS/MICSFT/WINDOWS/CP950.TXT
-    //  * Windows CP 951: Microsoft variant of Big5-HKSCS-2001. Seems to be never public. http://me.abelcheung.org/articles/research/what-is-cp951/
-    //  * Big5-2003 (Taiwan standard) almost superset of cp950.
-    //  * Unicode-at-on (UAO) / Mozilla 1.8. Falling out of use on the Web. Not supported by other browsers.
-    //  * Big5-HKSCS (-2001, -2004, -2008). Hong Kong standard. 
-    //    many unicode code points moved from PUA to Supplementary plane (U+2XXXX) over the years.
-    //    Plus, it has 4 combining sequences.
-    //    Seems that Mozilla refused to support it for 10 yrs. https://bugzilla.mozilla.org/show_bug.cgi?id=162431 https://bugzilla.mozilla.org/show_bug.cgi?id=310299
-    //    because big5-hkscs is the only encoding to include astral characters in non-algorithmic way.
-    //    Implementations are not consistent within browsers; sometimes labeled as just big5.
-    //    MS Internet Explorer switches from big5 to big5-hkscs when a patch applied.
-    //    Great discussion & recap of what's going on https://bugzilla.mozilla.org/show_bug.cgi?id=912470#c31
-    //    In the encoder, it might make sense to support encoding old PUA mappings to Big5 bytes seq-s.
-    //    Official spec: http://www.ogcio.gov.hk/en/business/tech_promotion/ccli/terms/doc/2003cmp_2008.txt
-    //                   http://www.ogcio.gov.hk/tc/business/tech_promotion/ccli/terms/doc/hkscs-2008-big5-iso.txt
-    // 
-    // Current understanding of how to deal with Big5(-HKSCS) is in the Encoding Standard, http://encoding.spec.whatwg.org/#big5-encoder
-    // Unicode mapping (http://www.unicode.org/Public/MAPPINGS/OBSOLETE/EASTASIA/OTHER/BIG5.TXT) is said to be wrong.
-
-    'windows950': 'cp950',
-    'ms950': 'cp950',
-    '950': 'cp950',
-    'cp950': {
-        type: '_dbcs',
-        table: function() { return require('./tables/cp950.json') },
-    },
-
-    // Big5 has many variations and is an extension of cp950. We use Encoding Standard's as a consensus.
-    'big5': 'big5hkscs',
-    'big5hkscs': {
-        type: '_dbcs',
-        table: function() { return require('./tables/cp950.json').concat(require('./tables/big5-added.json')) },
-        encodeSkipVals: [0xa2cc],
-    },
-
-    'cnbig5': 'big5hkscs',
-    'csbig5': 'big5hkscs',
-    'xxbig5': 'big5hkscs',
-};
diff --git a/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/index.js b/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/index.js
deleted file mode 100644
index e304003..0000000
--- a/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/index.js
+++ /dev/null
@@ -1,22 +0,0 @@
-"use strict";
-
-// Update this array if you add/rename/remove files in this directory.
-// We support Browserify by skipping automatic module discovery and requiring modules directly.
-var modules = [
-    require("./internal"),
-    require("./utf16"),
-    require("./utf7"),
-    require("./sbcs-codec"),
-    require("./sbcs-data"),
-    require("./sbcs-data-generated"),
-    require("./dbcs-codec"),
-    require("./dbcs-data"),
-];
-
-// Put all encoding/alias/codec definitions to single object and export it. 
-for (var i = 0; i < modules.length; i++) {
-    var module = modules[i];
-    for (var enc in module)
-        if (Object.prototype.hasOwnProperty.call(module, enc))
-            exports[enc] = module[enc];
-}
diff --git a/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/internal.js b/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/internal.js
deleted file mode 100644
index 05ce38b..0000000
--- a/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/internal.js
+++ /dev/null
@@ -1,188 +0,0 @@
-"use strict";
-var Buffer = require("safer-buffer").Buffer;
-
-// Export Node.js internal encodings.
-
-module.exports = {
-    // Encodings
-    utf8:   { type: "_internal", bomAware: true},
-    cesu8:  { type: "_internal", bomAware: true},
-    unicode11utf8: "utf8",
-
-    ucs2:   { type: "_internal", bomAware: true},
-    utf16le: "ucs2",
-
-    binary: { type: "_internal" },
-    base64: { type: "_internal" },
-    hex:    { type: "_internal" },
-
-    // Codec.
-    _internal: InternalCodec,
-};
-
-//------------------------------------------------------------------------------
-
-function InternalCodec(codecOptions, iconv) {
-    this.enc = codecOptions.encodingName;
-    this.bomAware = codecOptions.bomAware;
-
-    if (this.enc === "base64")
-        this.encoder = InternalEncoderBase64;
-    else if (this.enc === "cesu8") {
-        this.enc = "utf8"; // Use utf8 for decoding.
-        this.encoder = InternalEncoderCesu8;
-
-        // Add decoder for versions of Node not supporting CESU-8
-        if (Buffer.from('eda0bdedb2a9', 'hex').toString() !== '💩') {
-            this.decoder = InternalDecoderCesu8;
-            this.defaultCharUnicode = iconv.defaultCharUnicode;
-        }
-    }
-}
-
-InternalCodec.prototype.encoder = InternalEncoder;
-InternalCodec.prototype.decoder = InternalDecoder;
-
-//------------------------------------------------------------------------------
-
-// We use node.js internal decoder. Its signature is the same as ours.
-var StringDecoder = require('string_decoder').StringDecoder;
-
-if (!StringDecoder.prototype.end) // Node v0.8 doesn't have this method.
-    StringDecoder.prototype.end = function() {};
-
-
-function InternalDecoder(options, codec) {
-    StringDecoder.call(this, codec.enc);
-}
-
-InternalDecoder.prototype = StringDecoder.prototype;
-
-
-//------------------------------------------------------------------------------
-// Encoder is mostly trivial
-
-function InternalEncoder(options, codec) {
-    this.enc = codec.enc;
-}
-
-InternalEncoder.prototype.write = function(str) {
-    return Buffer.from(str, this.enc);
-}
-
-InternalEncoder.prototype.end = function() {
-}
-
-
-//------------------------------------------------------------------------------
-// Except base64 encoder, which must keep its state.
-
-function InternalEncoderBase64(options, codec) {
-    this.prevStr = '';
-}
-
-InternalEncoderBase64.prototype.write = function(str) {
-    str = this.prevStr + str;
-    var completeQuads = str.length - (str.length % 4);
-    this.prevStr = str.slice(completeQuads);
-    str = str.slice(0, completeQuads);
-
-    return Buffer.from(str, "base64");
-}
-
-InternalEncoderBase64.prototype.end = function() {
-    return Buffer.from(this.prevStr, "base64");
-}
-
-
-//------------------------------------------------------------------------------
-// CESU-8 encoder is also special.
-
-function InternalEncoderCesu8(options, codec) {
-}
-
-InternalEncoderCesu8.prototype.write = function(str) {
-    var buf = Buffer.alloc(str.length * 3), bufIdx = 0;
-    for (var i = 0; i < str.length; i++) {
-        var charCode = str.charCodeAt(i);
-        // Naive implementation, but it works because CESU-8 is especially easy
-        // to convert from UTF-16 (which all JS strings are encoded in).
-        if (charCode < 0x80)
-            buf[bufIdx++] = charCode;
-        else if (charCode < 0x800) {
-            buf[bufIdx++] = 0xC0 + (charCode >>> 6);
-            buf[bufIdx++] = 0x80 + (charCode & 0x3f);
-        }
-        else { // charCode will always be < 0x10000 in javascript.
-            buf[bufIdx++] = 0xE0 + (charCode >>> 12);
-            buf[bufIdx++] = 0x80 + ((charCode >>> 6) & 0x3f);
-            buf[bufIdx++] = 0x80 + (charCode & 0x3f);
-        }
-    }
-    return buf.slice(0, bufIdx);
-}
-
-InternalEncoderCesu8.prototype.end = function() {
-}
-
-//------------------------------------------------------------------------------
-// CESU-8 decoder is not implemented in Node v4.0+
-
-function InternalDecoderCesu8(options, codec) {
-    this.acc = 0;
-    this.contBytes = 0;
-    this.accBytes = 0;
-    this.defaultCharUnicode = codec.defaultCharUnicode;
-}
-
-InternalDecoderCesu8.prototype.write = function(buf) {
-    var acc = this.acc, contBytes = this.contBytes, accBytes = this.accBytes, 
-        res = '';
-    for (var i = 0; i < buf.length; i++) {
-        var curByte = buf[i];
-        if ((curByte & 0xC0) !== 0x80) { // Leading byte
-            if (contBytes > 0) { // Previous code is invalid
-                res += this.defaultCharUnicode;
-                contBytes = 0;
-            }
-
-            if (curByte < 0x80) { // Single-byte code
-                res += String.fromCharCode(curByte);
-            } else if (curByte < 0xE0) { // Two-byte code
-                acc = curByte & 0x1F;
-                contBytes = 1; accBytes = 1;
-            } else if (curByte < 0xF0) { // Three-byte code
-                acc = curByte & 0x0F;
-                contBytes = 2; accBytes = 1;
-            } else { // Four or more are not supported for CESU-8.
-                res += this.defaultCharUnicode;
-            }
-        } else { // Continuation byte
-            if (contBytes > 0) { // We're waiting for it.
-                acc = (acc << 6) | (curByte & 0x3f);
-                contBytes--; accBytes++;
-                if (contBytes === 0) {
-                    // Check for overlong encoding, but support Modified UTF-8 (encoding NULL as C0 80)
-                    if (accBytes === 2 && acc < 0x80 && acc > 0)
-                        res += this.defaultCharUnicode;
-                    else if (accBytes === 3 && acc < 0x800)
-                        res += this.defaultCharUnicode;
-                    else
-                        // Actually add character.
-                        res += String.fromCharCode(acc);
-                }
-            } else { // Unexpected continuation byte
-                res += this.defaultCharUnicode;
-            }
-        }
-    }
-    this.acc = acc; this.contBytes = contBytes; this.accBytes = accBytes;
-    return res;
-}
-
-InternalDecoderCesu8.prototype.end = function() {
-    var res = 0;
-    if (this.contBytes > 0)
-        res += this.defaultCharUnicode;
-    return res;
-}
diff --git a/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/sbcs-codec.js b/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/sbcs-codec.js
deleted file mode 100644
index abac5ff..0000000
--- a/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/sbcs-codec.js
+++ /dev/null
@@ -1,72 +0,0 @@
-"use strict";
-var Buffer = require("safer-buffer").Buffer;
-
-// Single-byte codec. Needs a 'chars' string parameter that contains 256 or 128 chars that
-// correspond to encoded bytes (if 128 - then lower half is ASCII). 
-
-exports._sbcs = SBCSCodec;
-function SBCSCodec(codecOptions, iconv) {
-    if (!codecOptions)
-        throw new Error("SBCS codec is called without the data.")
-    
-    // Prepare char buffer for decoding.
-    if (!codecOptions.chars || (codecOptions.chars.length !== 128 && codecOptions.chars.length !== 256))
-        throw new Error("Encoding '"+codecOptions.type+"' has incorrect 'chars' (must be of len 128 or 256)");
-    
-    if (codecOptions.chars.length === 128) {
-        var asciiString = "";
-        for (var i = 0; i < 128; i++)
-            asciiString += String.fromCharCode(i);
-        codecOptions.chars = asciiString + codecOptions.chars;
-    }
-
-    this.decodeBuf = Buffer.from(codecOptions.chars, 'ucs2');
-    
-    // Encoding buffer.
-    var encodeBuf = Buffer.alloc(65536, iconv.defaultCharSingleByte.charCodeAt(0));
-
-    for (var i = 0; i < codecOptions.chars.length; i++)
-        encodeBuf[codecOptions.chars.charCodeAt(i)] = i;
-
-    this.encodeBuf = encodeBuf;
-}
-
-SBCSCodec.prototype.encoder = SBCSEncoder;
-SBCSCodec.prototype.decoder = SBCSDecoder;
-
-
-function SBCSEncoder(options, codec) {
-    this.encodeBuf = codec.encodeBuf;
-}
-
-SBCSEncoder.prototype.write = function(str) {
-    var buf = Buffer.alloc(str.length);
-    for (var i = 0; i < str.length; i++)
-        buf[i] = this.encodeBuf[str.charCodeAt(i)];
-    
-    return buf;
-}
-
-SBCSEncoder.prototype.end = function() {
-}
-
-
-function SBCSDecoder(options, codec) {
-    this.decodeBuf = codec.decodeBuf;
-}
-
-SBCSDecoder.prototype.write = function(buf) {
-    // Strings are immutable in JS -> we use ucs2 buffer to speed up computations.
-    var decodeBuf = this.decodeBuf;
-    var newBuf = Buffer.alloc(buf.length*2);
-    var idx1 = 0, idx2 = 0;
-    for (var i = 0; i < buf.length; i++) {
-        idx1 = buf[i]*2; idx2 = i*2;
-        newBuf[idx2] = decodeBuf[idx1];
-        newBuf[idx2+1] = decodeBuf[idx1+1];
-    }
-    return newBuf.toString('ucs2');
-}
-
-SBCSDecoder.prototype.end = function() {
-}
diff --git a/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/sbcs-data-generated.js b/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/sbcs-data-generated.js
deleted file mode 100644
index 9b48236..0000000
--- a/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/sbcs-data-generated.js
+++ /dev/null
@@ -1,451 +0,0 @@
-"use strict";
-
-// Generated data for sbcs codec. Don't edit manually. Regenerate using generation/gen-sbcs.js script.
-module.exports = {
-  "437": "cp437",
-  "737": "cp737",
-  "775": "cp775",
-  "850": "cp850",
-  "852": "cp852",
-  "855": "cp855",
-  "856": "cp856",
-  "857": "cp857",
-  "858": "cp858",
-  "860": "cp860",
-  "861": "cp861",
-  "862": "cp862",
-  "863": "cp863",
-  "864": "cp864",
-  "865": "cp865",
-  "866": "cp866",
-  "869": "cp869",
-  "874": "windows874",
-  "922": "cp922",
-  "1046": "cp1046",
-  "1124": "cp1124",
-  "1125": "cp1125",
-  "1129": "cp1129",
-  "1133": "cp1133",
-  "1161": "cp1161",
-  "1162": "cp1162",
-  "1163": "cp1163",
-  "1250": "windows1250",
-  "1251": "windows1251",
-  "1252": "windows1252",
-  "1253": "windows1253",
-  "1254": "windows1254",
-  "1255": "windows1255",
-  "1256": "windows1256",
-  "1257": "windows1257",
-  "1258": "windows1258",
-  "28591": "iso88591",
-  "28592": "iso88592",
-  "28593": "iso88593",
-  "28594": "iso88594",
-  "28595": "iso88595",
-  "28596": "iso88596",
-  "28597": "iso88597",
-  "28598": "iso88598",
-  "28599": "iso88599",
-  "28600": "iso885910",
-  "28601": "iso885911",
-  "28603": "iso885913",
-  "28604": "iso885914",
-  "28605": "iso885915",
-  "28606": "iso885916",
-  "windows874": {
-    "type": "_sbcs",
-    "chars": "€����…�����������‘’“”•–—�������� กขฃคฅฆงจฉชซฌญฎฏฐฑฒณดตถทธนบปผฝพฟภมยรฤลฦวศษสหฬอฮฯะัาำิีึืฺุู����฿เแโใไๅๆ็่้๊๋์ํ๎๏๐๑๒๓๔๕๖๗๘๙๚๛����"
-  },
-  "win874": "windows874",
-  "cp874": "windows874",
-  "windows1250": {
-    "type": "_sbcs",
-    "chars": "€�‚�„…†‡�‰Š‹ŚŤŽŹ�‘’“”•–—�™š›śťžź ˇ˘Ł¤Ą¦§¨©Ş«¬­®Ż°±˛ł´µ¶·¸ąş»Ľ˝ľżŔÁÂĂÄĹĆÇČÉĘËĚÍÎĎĐŃŇÓÔŐÖ×ŘŮÚŰÜÝŢßŕáâăäĺćçčéęëěíîďđńňóôőö÷řůúűüýţ˙"
-  },
-  "win1250": "windows1250",
-  "cp1250": "windows1250",
-  "windows1251": {
-    "type": "_sbcs",
-    "chars": "ЂЃ‚ѓ„…†‡€‰Љ‹ЊЌЋЏђ‘’“”•–—�™љ›њќћџ ЎўЈ¤Ґ¦§Ё©Є«¬­®Ї°±Ііґµ¶·ё№є»јЅѕїАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯабвгдежзийклмнопрстуфхцчшщъыьэюя"
-  },
-  "win1251": "windows1251",
-  "cp1251": "windows1251",
-  "windows1252": {
-    "type": "_sbcs",
-    "chars": "€�‚ƒ„…†‡ˆ‰Š‹Œ�Ž��‘’“”•–—˜™š›œ�žŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ"
-  },
-  "win1252": "windows1252",
-  "cp1252": "windows1252",
-  "windows1253": {
-    "type": "_sbcs",
-    "chars": "€�‚ƒ„…†‡�‰�‹�����‘’“”•–—�™�›���� ΅Ά£¤¥¦§¨©�«¬­®―°±²³΄µ¶·ΈΉΊ»Ό½ΎΏΐΑΒΓΔΕΖΗΘΙΚΛΜΝΞΟΠΡ�ΣΤΥΦΧΨΩΪΫάέήίΰαβγδεζηθικλμνξοπρςστυφχψωϊϋόύώ�"
-  },
-  "win1253": "windows1253",
-  "cp1253": "windows1253",
-  "windows1254": {
-    "type": "_sbcs",
-    "chars": "€�‚ƒ„…†‡ˆ‰Š‹Œ����‘’“”•–—˜™š›œ��Ÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏĞÑÒÓÔÕÖ×ØÙÚÛÜİŞßàáâãäåæçèéêëìíîïğñòóôõö÷øùúûüışÿ"
-  },
-  "win1254": "windows1254",
-  "cp1254": "windows1254",
-  "windows1255": {
-    "type": "_sbcs",
-    "chars": "€�‚ƒ„…†‡ˆ‰�‹�����‘’“”•–—˜™�›���� ¡¢£₪¥¦§¨©×«¬­®¯°±²³´µ¶·¸¹÷»¼½¾¿ְֱֲֳִֵֶַָֹֺֻּֽ־ֿ׀ׁׂ׃װױײ׳״�������אבגדהוזחטיךכלםמןנסעףפץצקרשת��‎‏�"
-  },
-  "win1255": "windows1255",
-  "cp1255": "windows1255",
-  "windows1256": {
-    "type": "_sbcs",
-    "chars": "€پ‚ƒ„…†‡ˆ‰ٹ‹Œچژڈگ‘’“”•–—ک™ڑ›œ‌‍ں ،¢£¤¥¦§¨©ھ«¬­®¯°±²³´µ¶·¸¹؛»¼½¾؟ہءآأؤإئابةتثجحخدذرزسشصض×طظعغـفقكàلâمنهوçèéêëىيîïًٌٍَôُِ÷ّùْûü‎‏ے"
-  },
-  "win1256": "windows1256",
-  "cp1256": "windows1256",
-  "windows1257": {
-    "type": "_sbcs",
-    "chars": "€�‚�„…†‡�‰�‹�¨ˇ¸�‘’“”•–—�™�›�¯˛� �¢£¤�¦§Ø©Ŗ«¬­®Æ°±²³´µ¶·ø¹ŗ»¼½¾æĄĮĀĆÄÅĘĒČÉŹĖĢĶĪĻŠŃŅÓŌÕÖ×ŲŁŚŪÜŻŽßąįāćäåęēčéźėģķīļšńņóōõö÷ųłśūüżž˙"
-  },
-  "win1257": "windows1257",
-  "cp1257": "windows1257",
-  "windows1258": {
-    "type": "_sbcs",
-    "chars": "€�‚ƒ„…†‡ˆ‰�‹Œ����‘’“”•–—˜™�›œ��Ÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂĂÄÅÆÇÈÉÊË̀ÍÎÏĐÑ̉ÓÔƠÖ×ØÙÚÛÜỮßàáâăäåæçèéêë́íîïđṇ̃óôơö÷øùúûüư₫ÿ"
-  },
-  "win1258": "windows1258",
-  "cp1258": "windows1258",
-  "iso88591": {
-    "type": "_sbcs",
-    "chars": "€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ"
-  },
-  "cp28591": "iso88591",
-  "iso88592": {
-    "type": "_sbcs",
-    "chars": "€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ Ą˘Ł¤ĽŚ§¨ŠŞŤŹ­ŽŻ°ą˛ł´ľśˇ¸šşťź˝žżŔÁÂĂÄĹĆÇČÉĘËĚÍÎĎĐŃŇÓÔŐÖ×ŘŮÚŰÜÝŢßŕáâăäĺćçčéęëěíîďđńňóôőö÷řůúűüýţ˙"
-  },
-  "cp28592": "iso88592",
-  "iso88593": {
-    "type": "_sbcs",
-    "chars": "€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ Ħ˘£¤�Ĥ§¨İŞĞĴ­�Ż°ħ²³´µĥ·¸ışğĵ½�żÀÁÂ�ÄĊĈÇÈÉÊËÌÍÎÏ�ÑÒÓÔĠÖ×ĜÙÚÛÜŬŜßàáâ�äċĉçèéêëìíîï�ñòóôġö÷ĝùúûüŭŝ˙"
-  },
-  "cp28593": "iso88593",
-  "iso88594": {
-    "type": "_sbcs",
-    "chars": "€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ĄĸŖ¤ĨĻ§¨ŠĒĢŦ­Ž¯°ą˛ŗ´ĩļˇ¸šēģŧŊžŋĀÁÂÃÄÅÆĮČÉĘËĖÍÎĪĐŅŌĶÔÕÖ×ØŲÚÛÜŨŪßāáâãäåæįčéęëėíîīđņōķôõö÷øųúûüũū˙"
-  },
-  "cp28594": "iso88594",
-  "iso88595": {
-    "type": "_sbcs",
-    "chars": "€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ЁЂЃЄЅІЇЈЉЊЋЌ­ЎЏАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯабвгдежзийклмнопрстуфхцчшщъыьэюя№ёђѓєѕіїјљњћќ§ўџ"
-  },
-  "cp28595": "iso88595",
-  "iso88596": {
-    "type": "_sbcs",
-    "chars": "€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ���¤�������،­�������������؛���؟�ءآأؤإئابةتثجحخدذرزسشصضطظعغ�����ـفقكلمنهوىيًٌٍَُِّْ�������������"
-  },
-  "cp28596": "iso88596",
-  "iso88597": {
-    "type": "_sbcs",
-    "chars": "€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ‘’£€₯¦§¨©ͺ«¬­�―°±²³΄΅Ά·ΈΉΊ»Ό½ΎΏΐΑΒΓΔΕΖΗΘΙΚΛΜΝΞΟΠΡ�ΣΤΥΦΧΨΩΪΫάέήίΰαβγδεζηθικλμνξοπρςστυφχψωϊϋόύώ�"
-  },
-  "cp28597": "iso88597",
-  "iso88598": {
-    "type": "_sbcs",
-    "chars": "€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ �¢£¤¥¦§¨©×«¬­®¯°±²³´µ¶·¸¹÷»¼½¾��������������������������������‗אבגדהוזחטיךכלםמןנסעףפץצקרשת��‎‏�"
-  },
-  "cp28598": "iso88598",
-  "iso88599": {
-    "type": "_sbcs",
-    "chars": "€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏĞÑÒÓÔÕÖ×ØÙÚÛÜİŞßàáâãäåæçèéêëìíîïğñòóôõö÷øùúûüışÿ"
-  },
-  "cp28599": "iso88599",
-  "iso885910": {
-    "type": "_sbcs",
-    "chars": "€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ĄĒĢĪĨĶ§ĻĐŠŦŽ­ŪŊ°ąēģīĩķ·ļđšŧž―ūŋĀÁÂÃÄÅÆĮČÉĘËĖÍÎÏÐŅŌÓÔÕÖŨØŲÚÛÜÝÞßāáâãäåæįčéęëėíîïðņōóôõöũøųúûüýþĸ"
-  },
-  "cp28600": "iso885910",
-  "iso885911": {
-    "type": "_sbcs",
-    "chars": "€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ กขฃคฅฆงจฉชซฌญฎฏฐฑฒณดตถทธนบปผฝพฟภมยรฤลฦวศษสหฬอฮฯะัาำิีึืฺุู����฿เแโใไๅๆ็่้๊๋์ํ๎๏๐๑๒๓๔๕๖๗๘๙๚๛����"
-  },
-  "cp28601": "iso885911",
-  "iso885913": {
-    "type": "_sbcs",
-    "chars": "€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ”¢£¤„¦§Ø©Ŗ«¬­®Æ°±²³“µ¶·ø¹ŗ»¼½¾æĄĮĀĆÄÅĘĒČÉŹĖĢĶĪĻŠŃŅÓŌÕÖ×ŲŁŚŪÜŻŽßąįāćäåęēčéźėģķīļšńņóōõö÷ųłśūüżž’"
-  },
-  "cp28603": "iso885913",
-  "iso885914": {
-    "type": "_sbcs",
-    "chars": "€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ Ḃḃ£ĊċḊ§Ẁ©ẂḋỲ­®ŸḞḟĠġṀṁ¶ṖẁṗẃṠỳẄẅṡÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏŴÑÒÓÔÕÖṪØÙÚÛÜÝŶßàáâãäåæçèéêëìíîïŵñòóôõöṫøùúûüýŷÿ"
-  },
-  "cp28604": "iso885914",
-  "iso885915": {
-    "type": "_sbcs",
-    "chars": "€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ¡¢£€¥Š§š©ª«¬­®¯°±²³Žµ¶·ž¹º»ŒœŸ¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ"
-  },
-  "cp28605": "iso885915",
-  "iso885916": {
-    "type": "_sbcs",
-    "chars": "€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ĄąŁ€„Š§š©Ș«Ź­źŻ°±ČłŽ”¶·žčș»ŒœŸżÀÁÂĂÄĆÆÇÈÉÊËÌÍÎÏĐŃÒÓÔŐÖŚŰÙÚÛÜĘȚßàáâăäćæçèéêëìíîïđńòóôőöśűùúûüęțÿ"
-  },
-  "cp28606": "iso885916",
-  "cp437": {
-    "type": "_sbcs",
-    "chars": "ÇüéâäàåçêëèïîìÄÅÉæÆôöòûùÿÖÜ¢£¥₧ƒáíóúñѪº¿⌐¬½¼¡«»░▒▓│┤╡╢╖╕╣║╗╝╜╛┐└┴┬├─┼╞╟╚╔╩╦╠═╬╧╨╤╥╙╘╒╓╫╪┘┌█▄▌▐▀αßΓπΣσµτΦΘΩδ∞φε∩≡±≥≤⌠⌡÷≈°∙·√ⁿ²■ "
-  },
-  "ibm437": "cp437",
-  "csibm437": "cp437",
-  "cp737": {
-    "type": "_sbcs",
-    "chars": "ΑΒΓΔΕΖΗΘΙΚΛΜΝΞΟΠΡΣΤΥΦΧΨΩαβγδεζηθικλμνξοπρσςτυφχψ░▒▓│┤╡╢╖╕╣║╗╝╜╛┐└┴┬├─┼╞╟╚╔╩╦╠═╬╧╨╤╥╙╘╒╓╫╪┘┌█▄▌▐▀ωάέήϊίόύϋώΆΈΉΊΌΎΏ±≥≤ΪΫ÷≈°∙·√ⁿ²■ "
-  },
-  "ibm737": "cp737",
-  "csibm737": "cp737",
-  "cp775": {
-    "type": "_sbcs",
-    "chars": "ĆüéāäģåćłēŖŗīŹÄÅÉæÆōöĢ¢ŚśÖÜø£ØפĀĪóŻżź”¦©®¬½¼Ł«»░▒▓│┤ĄČĘĖ╣║╗╝ĮŠ┐└┴┬├─┼ŲŪ╚╔╩╦╠═╬Žąčęėįšųūž┘┌█▄▌▐▀ÓßŌŃõÕµńĶķĻļņĒŅ’­±“¾¶§÷„°∙·¹³²■ "
-  },
-  "ibm775": "cp775",
-  "csibm775": "cp775",
-  "cp850": {
-    "type": "_sbcs",
-    "chars": "ÇüéâäàåçêëèïîìÄÅÉæÆôöòûùÿÖÜø£Ø׃áíóúñѪº¿®¬½¼¡«»░▒▓│┤ÁÂÀ©╣║╗╝¢¥┐└┴┬├─┼ãÃ╚╔╩╦╠═╬¤ðÐÊËÈıÍÎÏ┘┌█▄¦Ì▀ÓßÔÒõÕµþÞÚÛÙýݯ´­±‗¾¶§÷¸°¨·¹³²■ "
-  },
-  "ibm850": "cp850",
-  "csibm850": "cp850",
-  "cp852": {
-    "type": "_sbcs",
-    "chars": "ÇüéâäůćçłëŐőîŹÄĆÉĹĺôöĽľŚśÖÜŤťŁ×čáíóúĄąŽžĘ꬟Ⱥ«»░▒▓│┤ÁÂĚŞ╣║╗╝Żż┐└┴┬├─┼Ăă╚╔╩╦╠═╬¤đĐĎËďŇÍÎě┘┌█▄ŢŮ▀ÓßÔŃńňŠšŔÚŕŰýÝţ´­˝˛ˇ˘§÷¸°¨˙űŘř■ "
-  },
-  "ibm852": "cp852",
-  "csibm852": "cp852",
-  "cp855": {
-    "type": "_sbcs",
-    "chars": "ђЂѓЃёЁєЄѕЅіІїЇјЈљЉњЊћЋќЌўЎџЏюЮъЪаАбБцЦдДеЕфФгГ«»░▒▓│┤хХиИ╣║╗╝йЙ┐└┴┬├─┼кК╚╔╩╦╠═╬¤лЛмМнНоОп┘┌█▄Пя▀ЯрРсСтТуУжЖвВьЬ№­ыЫзЗшШэЭщЩчЧ§■ "
-  },
-  "ibm855": "cp855",
-  "csibm855": "cp855",
-  "cp856": {
-    "type": "_sbcs",
-    "chars": "אבגדהוזחטיךכלםמןנסעףפץצקרשת�£�×����������®¬½¼�«»░▒▓│┤���©╣║╗╝¢¥┐└┴┬├─┼��╚╔╩╦╠═╬¤���������┘┌█▄¦�▀������µ�������¯´­±‗¾¶§÷¸°¨·¹³²■ "
-  },
-  "ibm856": "cp856",
-  "csibm856": "cp856",
-  "cp857": {
-    "type": "_sbcs",
-    "chars": "ÇüéâäàåçêëèïîıÄÅÉæÆôöòûùİÖÜø£ØŞşáíóúñÑĞ𿮬½¼¡«»░▒▓│┤ÁÂÀ©╣║╗╝¢¥┐└┴┬├─┼ãÃ╚╔╩╦╠═╬¤ºªÊËÈ�ÍÎÏ┘┌█▄¦Ì▀ÓßÔÒõÕµ�×ÚÛÙìÿ¯´­±�¾¶§÷¸°¨·¹³²■ "
-  },
-  "ibm857": "cp857",
-  "csibm857": "cp857",
-  "cp858": {
-    "type": "_sbcs",
-    "chars": "ÇüéâäàåçêëèïîìÄÅÉæÆôöòûùÿÖÜø£Ø׃áíóúñѪº¿®¬½¼¡«»░▒▓│┤ÁÂÀ©╣║╗╝¢¥┐└┴┬├─┼ãÃ╚╔╩╦╠═╬¤ðÐÊËÈ€ÍÎÏ┘┌█▄¦Ì▀ÓßÔÒõÕµþÞÚÛÙýݯ´­±‗¾¶§÷¸°¨·¹³²■ "
-  },
-  "ibm858": "cp858",
-  "csibm858": "cp858",
-  "cp860": {
-    "type": "_sbcs",
-    "chars": "ÇüéâãàÁçêÊèÍÔìÃÂÉÀÈôõòÚùÌÕÜ¢£Ù₧ÓáíóúñѪº¿Ò¬½¼¡«»░▒▓│┤╡╢╖╕╣║╗╝╜╛┐└┴┬├─┼╞╟╚╔╩╦╠═╬╧╨╤╥╙╘╒╓╫╪┘┌█▄▌▐▀αßΓπΣσµτΦΘΩδ∞φε∩≡±≥≤⌠⌡÷≈°∙·√ⁿ²■ "
-  },
-  "ibm860": "cp860",
-  "csibm860": "cp860",
-  "cp861": {
-    "type": "_sbcs",
-    "chars": "ÇüéâäàåçêëèÐðÞÄÅÉæÆôöþûÝýÖÜø£Ø₧ƒáíóúÁÍÓÚ¿⌐¬½¼¡«»░▒▓│┤╡╢╖╕╣║╗╝╜╛┐└┴┬├─┼╞╟╚╔╩╦╠═╬╧╨╤╥╙╘╒╓╫╪┘┌█▄▌▐▀αßΓπΣσµτΦΘΩδ∞φε∩≡±≥≤⌠⌡÷≈°∙·√ⁿ²■ "
-  },
-  "ibm861": "cp861",
-  "csibm861": "cp861",
-  "cp862": {
-    "type": "_sbcs",
-    "chars": "אבגדהוזחטיךכלםמןנסעףפץצקרשת¢£¥₧ƒáíóúñѪº¿⌐¬½¼¡«»░▒▓│┤╡╢╖╕╣║╗╝╜╛┐└┴┬├─┼╞╟╚╔╩╦╠═╬╧╨╤╥╙╘╒╓╫╪┘┌█▄▌▐▀αßΓπΣσµτΦΘΩδ∞φε∩≡±≥≤⌠⌡÷≈°∙·√ⁿ²■ "
-  },
-  "ibm862": "cp862",
-  "csibm862": "cp862",
-  "cp863": {
-    "type": "_sbcs",
-    "chars": "ÇüéâÂà¶çêëèïî‗À§ÉÈÊôËÏûù¤ÔÜ¢£ÙÛƒ¦´óú¨¸³¯Î⌐¬½¼¾«»░▒▓│┤╡╢╖╕╣║╗╝╜╛┐└┴┬├─┼╞╟╚╔╩╦╠═╬╧╨╤╥╙╘╒╓╫╪┘┌█▄▌▐▀αßΓπΣσµτΦΘΩδ∞φε∩≡±≥≤⌠⌡÷≈°∙·√ⁿ²■ "
-  },
-  "ibm863": "cp863",
-  "csibm863": "cp863",
-  "cp864": {
-    "type": "_sbcs",
-    "chars": "\u0000\u0001\u0002\u0003\u0004\u0005\u0006\u0007\b\t\n\u000b\f\r\u000e\u000f\u0010\u0011\u0012\u0013\u0014\u0015\u0016\u0017\u0018\u0019\u001a\u001b\u001c\u001d\u001e\u001f !\"#$٪&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~°·∙√▒─│┼┤┬├┴┐┌└┘β∞φ±½¼≈«»ﻷﻸ��ﻻﻼ� ­ﺂ£¤ﺄ��ﺎﺏﺕﺙ،ﺝﺡﺥ٠١٢٣٤٥٦٧٨٩ﻑ؛ﺱﺵﺹ؟¢ﺀﺁﺃﺅﻊﺋﺍﺑﺓﺗﺛﺟﺣﺧﺩﺫﺭﺯﺳﺷﺻﺿﻁﻅﻋﻏ¦¬÷×ﻉـﻓﻗﻛﻟﻣﻧﻫﻭﻯﻳﺽﻌﻎﻍﻡﹽّﻥﻩﻬﻰﻲﻐﻕﻵﻶﻝﻙﻱ■�"
-  },
-  "ibm864": "cp864",
-  "csibm864": "cp864",
-  "cp865": {
-    "type": "_sbcs",
-    "chars": "ÇüéâäàåçêëèïîìÄÅÉæÆôöòûùÿÖÜø£Ø₧ƒáíóúñѪº¿⌐¬½¼¡«¤░▒▓│┤╡╢╖╕╣║╗╝╜╛┐└┴┬├─┼╞╟╚╔╩╦╠═╬╧╨╤╥╙╘╒╓╫╪┘┌█▄▌▐▀αßΓπΣσµτΦΘΩδ∞φε∩≡±≥≤⌠⌡÷≈°∙·√ⁿ²■ "
-  },
-  "ibm865": "cp865",
-  "csibm865": "cp865",
-  "cp866": {
-    "type": "_sbcs",
-    "chars": "АБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯабвгдежзийклмноп░▒▓│┤╡╢╖╕╣║╗╝╜╛┐└┴┬├─┼╞╟╚╔╩╦╠═╬╧╨╤╥╙╘╒╓╫╪┘┌█▄▌▐▀рстуфхцчшщъыьэюяЁёЄєЇїЎў°∙·√№¤■ "
-  },
-  "ibm866": "cp866",
-  "csibm866": "cp866",
-  "cp869": {
-    "type": "_sbcs",
-    "chars": "������Ά�·¬¦‘’Έ―ΉΊΪΌ��ΎΫ©Ώ²³ά£έήίϊΐόύΑΒΓΔΕΖΗ½ΘΙ«»░▒▓│┤ΚΛΜΝ╣║╗╝ΞΟ┐└┴┬├─┼ΠΡ╚╔╩╦╠═╬ΣΤΥΦΧΨΩαβγ┘┌█▄δε▀ζηθικλμνξοπρσςτ΄­±υφχ§ψ΅°¨ωϋΰώ■ "
-  },
-  "ibm869": "cp869",
-  "csibm869": "cp869",
-  "cp922": {
-    "type": "_sbcs",
-    "chars": "€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ¡¢£¤¥¦§¨©ª«¬­®‾°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏŠÑÒÓÔÕÖ×ØÙÚÛÜÝŽßàáâãäåæçèéêëìíîïšñòóôõö÷øùúûüýžÿ"
-  },
-  "ibm922": "cp922",
-  "csibm922": "cp922",
-  "cp1046": {
-    "type": "_sbcs",
-    "chars": "ﺈ×÷ﹱˆ■│─┐┌└┘ﹹﹻﹽﹿﹷﺊﻰﻳﻲﻎﻏﻐﻶﻸﻺﻼ ¤ﺋﺑﺗﺛﺟﺣ،­ﺧﺳ٠١٢٣٤٥٦٧٨٩ﺷ؛ﺻﺿﻊ؟ﻋءآأؤإئابةتثجحخدذرزسشصضطﻇعغﻌﺂﺄﺎﻓـفقكلمنهوىيًٌٍَُِّْﻗﻛﻟﻵﻷﻹﻻﻣﻧﻬﻩ�"
-  },
-  "ibm1046": "cp1046",
-  "csibm1046": "cp1046",
-  "cp1124": {
-    "type": "_sbcs",
-    "chars": "€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ЁЂҐЄЅІЇЈЉЊЋЌ­ЎЏАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯабвгдежзийклмнопрстуфхцчшщъыьэюя№ёђґєѕіїјљњћќ§ўџ"
-  },
-  "ibm1124": "cp1124",
-  "csibm1124": "cp1124",
-  "cp1125": {
-    "type": "_sbcs",
-    "chars": "АБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯабвгдежзийклмноп░▒▓│┤╡╢╖╕╣║╗╝╜╛┐└┴┬├─┼╞╟╚╔╩╦╠═╬╧╨╤╥╙╘╒╓╫╪┘┌█▄▌▐▀рстуфхцчшщъыьэюяЁёҐґЄєІіЇї·√№¤■ "
-  },
-  "ibm1125": "cp1125",
-  "csibm1125": "cp1125",
-  "cp1129": {
-    "type": "_sbcs",
-    "chars": "€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ¡¢£¤¥¦§œ©ª«¬­®¯°±²³Ÿµ¶·Œ¹º»¼½¾¿ÀÁÂĂÄÅÆÇÈÉÊË̀ÍÎÏĐÑ̉ÓÔƠÖ×ØÙÚÛÜỮßàáâăäåæçèéêë́íîïđṇ̃óôơö÷øùúûüư₫ÿ"
-  },
-  "ibm1129": "cp1129",
-  "csibm1129": "cp1129",
-  "cp1133": {
-    "type": "_sbcs",
-    "chars": "€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ກຂຄງຈສຊຍດຕຖທນບປຜຝພຟມຢຣລວຫອຮ���ຯະາຳິີຶືຸູຼັົຽ���ເແໂໃໄ່້໊໋໌ໍໆ�ໜໝ₭����������������໐໑໒໓໔໕໖໗໘໙��¢¬¦�"
-  },
-  "ibm1133": "cp1133",
-  "csibm1133": "cp1133",
-  "cp1161": {
-    "type": "_sbcs",
-    "chars": "��������������������������������่กขฃคฅฆงจฉชซฌญฎฏฐฑฒณดตถทธนบปผฝพฟภมยรฤลฦวศษสหฬอฮฯะัาำิีึืฺุู้๊๋€฿เแโใไๅๆ็่้๊๋์ํ๎๏๐๑๒๓๔๕๖๗๘๙๚๛¢¬¦ "
-  },
-  "ibm1161": "cp1161",
-  "csibm1161": "cp1161",
-  "cp1162": {
-    "type": "_sbcs",
-    "chars": "€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ กขฃคฅฆงจฉชซฌญฎฏฐฑฒณดตถทธนบปผฝพฟภมยรฤลฦวศษสหฬอฮฯะัาำิีึืฺุู����฿เแโใไๅๆ็่้๊๋์ํ๎๏๐๑๒๓๔๕๖๗๘๙๚๛����"
-  },
-  "ibm1162": "cp1162",
-  "csibm1162": "cp1162",
-  "cp1163": {
-    "type": "_sbcs",
-    "chars": "€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ¡¢£€¥¦§œ©ª«¬­®¯°±²³Ÿµ¶·Œ¹º»¼½¾¿ÀÁÂĂÄÅÆÇÈÉÊË̀ÍÎÏĐÑ̉ÓÔƠÖ×ØÙÚÛÜỮßàáâăäåæçèéêë́íîïđṇ̃óôơö÷øùúûüư₫ÿ"
-  },
-  "ibm1163": "cp1163",
-  "csibm1163": "cp1163",
-  "maccroatian": {
-    "type": "_sbcs",
-    "chars": "ÄÅÇÉÑÖÜáàâäãåçéèêëíìîïñóòôöõúùûü†°¢£§•¶ß®Š™´¨≠ŽØ∞±≤≥∆µ∂∑∏š∫ªºΩžø¿¡¬√ƒ≈Ć«Č… ÀÃÕŒœĐ—“”‘’÷◊�©⁄¤‹›Æ»–·‚„‰ÂćÁčÈÍÎÏÌÓÔđÒÚÛÙıˆ˜¯πË˚¸Êæˇ"
-  },
-  "maccyrillic": {
-    "type": "_sbcs",
-    "chars": "АБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯ†°¢£§•¶І®©™Ђђ≠Ѓѓ∞±≤≥іµ∂ЈЄєЇїЉљЊњјЅ¬√ƒ≈∆«»… ЋћЌќѕ–—“”‘’÷„ЎўЏџ№Ёёяабвгдежзийклмнопрстуфхцчшщъыьэю¤"
-  },
-  "macgreek": {
-    "type": "_sbcs",
-    "chars": "Ĺ²É³ÖÜ΅àâä΄¨çéèê룙î‰ôö¦­ùûü†ΓΔΘΛΞΠß®©ΣΪ§≠°·Α±≤≥¥ΒΕΖΗΙΚΜΦΫΨΩάΝ¬ΟΡ≈Τ«»… ΥΧΆΈœ–―“”‘’÷ΉΊΌΎέήίόΏύαβψδεφγηιξκλμνοπώρστθωςχυζϊϋΐΰ�"
-  },
-  "maciceland": {
-    "type": "_sbcs",
-    "chars": "ÄÅÇÉÑÖÜáàâäãåçéèêëíìîïñóòôöõúùûüÝ°¢£§•¶ß®©™´¨≠ÆØ∞±≤≥¥µ∂∑∏π∫ªºΩæø¿¡¬√ƒ≈∆«»… ÀÃÕŒœ–—“”‘’÷◊ÿŸ⁄¤ÐðÞþý·‚„‰ÂÊÁËÈÍÎÏÌÓÔ�ÒÚÛÙıˆ˜¯˘˙˚¸˝˛ˇ"
-  },
-  "macroman": {
-    "type": "_sbcs",
-    "chars": "ÄÅÇÉÑÖÜáàâäãåçéèêëíìîïñóòôöõúùûü†°¢£§•¶ß®©™´¨≠ÆØ∞±≤≥¥µ∂∑∏π∫ªºΩæø¿¡¬√ƒ≈∆«»… ÀÃÕŒœ–—“”‘’÷◊ÿŸ⁄¤‹›fifl‡·‚„‰ÂÊÁËÈÍÎÏÌÓÔ�ÒÚÛÙıˆ˜¯˘˙˚¸˝˛ˇ"
-  },
-  "macromania": {
-    "type": "_sbcs",
-    "chars": "ÄÅÇÉÑÖÜáàâäãåçéèêëíìîïñóòôöõúùûü†°¢£§•¶ß®©™´¨≠ĂŞ∞±≤≥¥µ∂∑∏π∫ªºΩăş¿¡¬√ƒ≈∆«»… ÀÃÕŒœ–—“”‘’÷◊ÿŸ⁄¤‹›Ţţ‡·‚„‰ÂÊÁËÈÍÎÏÌÓÔ�ÒÚÛÙıˆ˜¯˘˙˚¸˝˛ˇ"
-  },
-  "macthai": {
-    "type": "_sbcs",
-    "chars": "«»…“”�•‘’� กขฃคฅฆงจฉชซฌญฎฏฐฑฒณดตถทธนบปผฝพฟภมยรฤลฦวศษสหฬอฮฯะัาำิีึืฺุู​–—฿เแโใไๅๆ็่้๊๋์ํ™๏๐๑๒๓๔๕๖๗๘๙®©����"
-  },
-  "macturkish": {
-    "type": "_sbcs",
-    "chars": "ÄÅÇÉÑÖÜáàâäãåçéèêëíìîïñóòôöõúùûü†°¢£§•¶ß®©™´¨≠ÆØ∞±≤≥¥µ∂∑∏π∫ªºΩæø¿¡¬√ƒ≈∆«»… ÀÃÕŒœ–—“”‘’÷◊ÿŸĞğİıŞş‡·‚„‰ÂÊÁËÈÍÎÏÌÓÔ�ÒÚÛÙ�ˆ˜¯˘˙˚¸˝˛ˇ"
-  },
-  "macukraine": {
-    "type": "_sbcs",
-    "chars": "АБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯ†°Ґ£§•¶І®©™Ђђ≠Ѓѓ∞±≤≥іµґЈЄєЇїЉљЊњјЅ¬√ƒ≈∆«»… ЋћЌќѕ–—“”‘’÷„ЎўЏџ№Ёёяабвгдежзийклмнопрстуфхцчшщъыьэю¤"
-  },
-  "koi8r": {
-    "type": "_sbcs",
-    "chars": "─│┌┐└┘├┤┬┴┼▀▄█▌▐░▒▓⌠■∙√≈≤≥ ⌡°²·÷═║╒ё╓╔╕╖╗╘╙╚╛╜╝╞╟╠╡Ё╢╣╤╥╦╧╨╩╪╫╬©юабцдефгхийклмнопярстужвьызшэщчъЮАБЦДЕФГХИЙКЛМНОПЯРСТУЖВЬЫЗШЭЩЧЪ"
-  },
-  "koi8u": {
-    "type": "_sbcs",
-    "chars": "─│┌┐└┘├┤┬┴┼▀▄█▌▐░▒▓⌠■∙√≈≤≥ ⌡°²·÷═║╒ёє╔ії╗╘╙╚╛ґ╝╞╟╠╡ЁЄ╣ІЇ╦╧╨╩╪Ґ╬©юабцдефгхийклмнопярстужвьызшэщчъЮАБЦДЕФГХИЙКЛМНОПЯРСТУЖВЬЫЗШЭЩЧЪ"
-  },
-  "koi8ru": {
-    "type": "_sbcs",
-    "chars": "─│┌┐└┘├┤┬┴┼▀▄█▌▐░▒▓⌠■∙√≈≤≥ ⌡°²·÷═║╒ёє╔ії╗╘╙╚╛ґў╞╟╠╡ЁЄ╣ІЇ╦╧╨╩╪ҐЎ©юабцдефгхийклмнопярстужвьызшэщчъЮАБЦДЕФГХИЙКЛМНОПЯРСТУЖВЬЫЗШЭЩЧЪ"
-  },
-  "koi8t": {
-    "type": "_sbcs",
-    "chars": "қғ‚Ғ„…†‡�‰ҳ‹ҲҷҶ�Қ‘’“”•–—�™�›�����ӯӮё¤ӣ¦§���«¬­®�°±²Ё�Ӣ¶·�№�»���©юабцдефгхийклмнопярстужвьызшэщчъЮАБЦДЕФГХИЙКЛМНОПЯРСТУЖВЬЫЗШЭЩЧЪ"
-  },
-  "armscii8": {
-    "type": "_sbcs",
-    "chars": "€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ �և։)(»«—.՝,-֊…՜՛՞ԱաԲբԳգԴդԵեԶզԷէԸըԹթԺժԻիԼլԽխԾծԿկՀհՁձՂղՃճՄմՅյՆնՇշՈոՉչՊպՋջՌռՍսՎվՏտՐրՑցՒւՓփՔքՕօՖֆ՚�"
-  },
-  "rk1048": {
-    "type": "_sbcs",
-    "chars": "ЂЃ‚ѓ„…†‡€‰Љ‹ЊҚҺЏђ‘’“”•–—�™љ›њқһџ ҰұӘ¤Ө¦§Ё©Ғ«¬­®Ү°±Ііөµ¶·ё№ғ»әҢңүАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯабвгдежзийклмнопрстуфхцчшщъыьэюя"
-  },
-  "tcvn": {
-    "type": "_sbcs",
-    "chars": "\u0000ÚỤ\u0003ỪỬỮ\u0007\b\t\n\u000b\f\r\u000e\u000f\u0010ỨỰỲỶỸÝỴ\u0018\u0019\u001a\u001b\u001c\u001d\u001e\u001f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~ÀẢÃÁẠẶẬÈẺẼÉẸỆÌỈĨÍỊÒỎÕÓỌỘỜỞỠỚỢÙỦŨ ĂÂÊÔƠƯĐăâêôơưđẶ̀̀̉̃́àảãáạẲằẳẵắẴẮẦẨẪẤỀặầẩẫấậèỂẻẽéẹềểễếệìỉỄẾỒĩíịòỔỏõóọồổỗốộờởỡớợùỖủũúụừửữứựỳỷỹýỵỐ"
-  },
-  "georgianacademy": {
-    "type": "_sbcs",
-    "chars": "€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿აბგდევზთიკლმნოპჟრსტუფქღყშჩცძწჭხჯჰჱჲჳჴჵჶçèéêëìíîïðñòóôõö÷øùúûüýþÿ"
-  },
-  "georgianps": {
-    "type": "_sbcs",
-    "chars": "€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿აბგდევზჱთიკლმნჲოპჟრსტჳუფქღყშჩცძწჭხჴჯჰჵæçèéêëìíîïðñòóôõö÷øùúûüýþÿ"
-  },
-  "pt154": {
-    "type": "_sbcs",
-    "chars": "ҖҒӮғ„…ҶҮҲүҠӢҢҚҺҸҗ‘’“”•–—ҳҷҡӣңқһҹ ЎўЈӨҘҰ§Ё©Ә«¬ӯ®Ҝ°ұІіҙө¶·ё№ә»јҪҫҝАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯабвгдежзийклмнопрстуфхцчшщъыьэюя"
-  },
-  "viscii": {
-    "type": "_sbcs",
-    "chars": "\u0000\u0001Ẳ\u0003\u0004ẴẪ\u0007\b\t\n\u000b\f\r\u000e\u000f\u0010\u0011\u0012\u0013Ỷ\u0015\u0016\u0017\u0018Ỹ\u001a\u001b\u001c\u001dỴ\u001f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~ẠẮẰẶẤẦẨẬẼẸẾỀỂỄỆỐỒỔỖỘỢỚỜỞỊỎỌỈỦŨỤỲÕắằặấầẩậẽẹếềểễệốồổỗỠƠộờởịỰỨỪỬơớƯÀÁÂÃẢĂẳẵÈÉÊẺÌÍĨỳĐứÒÓÔạỷừửÙÚỹỵÝỡưàáâãảăữẫèéêẻìíĩỉđựòóôõỏọụùúũủýợỮ"
-  },
-  "iso646cn": {
-    "type": "_sbcs",
-    "chars": "\u0000\u0001\u0002\u0003\u0004\u0005\u0006\u0007\b\t\n\u000b\f\r\u000e\u000f\u0010\u0011\u0012\u0013\u0014\u0015\u0016\u0017\u0018\u0019\u001a\u001b\u001c\u001d\u001e\u001f !\"#¥%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}‾��������������������������������������������������������������������������������������������������������������������������������"
-  },
-  "iso646jp": {
-    "type": "_sbcs",
-    "chars": "\u0000\u0001\u0002\u0003\u0004\u0005\u0006\u0007\b\t\n\u000b\f\r\u000e\u000f\u0010\u0011\u0012\u0013\u0014\u0015\u0016\u0017\u0018\u0019\u001a\u001b\u001c\u001d\u001e\u001f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[¥]^_`abcdefghijklmnopqrstuvwxyz{|}‾��������������������������������������������������������������������������������������������������������������������������������"
-  },
-  "hproman8": {
-    "type": "_sbcs",
-    "chars": "€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ÀÂÈÊËÎÏ´ˋˆ¨˜ÙÛ₤¯Ýý°ÇçÑñ¡¿¤£¥§ƒ¢âêôûáéóúàèòùäëöüÅîØÆåíøæÄìÖÜÉïßÔÁÃãÐðÍÌÓÒÕõŠšÚŸÿÞþ·µ¶¾—¼½ªº«■»±�"
-  },
-  "macintosh": {
-    "type": "_sbcs",
-    "chars": "ÄÅÇÉÑÖÜáàâäãåçéèêëíìîïñóòôöõúùûü†°¢£§•¶ß®©™´¨≠ÆØ∞±≤≥¥µ∂∑∏π∫ªºΩæø¿¡¬√ƒ≈∆«»… ÀÃÕŒœ–—“”‘’÷◊ÿŸ⁄¤‹›fifl‡·‚„‰ÂÊÁËÈÍÎÏÌÓÔ�ÒÚÛÙıˆ˜¯˘˙˚¸˝˛ˇ"
-  },
-  "ascii": {
-    "type": "_sbcs",
-    "chars": "��������������������������������������������������������������������������������������������������������������������������������"
-  },
-  "tis620": {
-    "type": "_sbcs",
-    "chars": "���������������������������������กขฃคฅฆงจฉชซฌญฎฏฐฑฒณดตถทธนบปผฝพฟภมยรฤลฦวศษสหฬอฮฯะัาำิีึืฺุู����฿เแโใไๅๆ็่้๊๋์ํ๎๏๐๑๒๓๔๕๖๗๘๙๚๛����"
-  }
-}
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/sbcs-data.js b/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/sbcs-data.js
deleted file mode 100644
index fdb81a3..0000000
--- a/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/sbcs-data.js
+++ /dev/null
@@ -1,174 +0,0 @@
-"use strict";
-
-// Manually added data to be used by sbcs codec in addition to generated one.
-
-module.exports = {
-    // Not supported by iconv, not sure why.
-    "10029": "maccenteuro",
-    "maccenteuro": {
-        "type": "_sbcs",
-        "chars": "ÄĀāÉĄÖÜáąČäčĆć鏟ĎíďĒēĖóėôöõúĚěü†°Ę£§•¶ß®©™ę¨≠ģĮįĪ≤≥īĶ∂∑łĻļĽľĹĺŅņѬ√ńŇ∆«»… ňŐÕőŌ–—“”‘’÷◊ōŔŕŘ‹›řŖŗŠ‚„šŚśÁŤťÍŽžŪÓÔūŮÚůŰűŲųÝýķŻŁżĢˇ"
-    },
-
-    "808": "cp808",
-    "ibm808": "cp808",
-    "cp808": {
-        "type": "_sbcs",
-        "chars": "АБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯабвгдежзийклмноп░▒▓│┤╡╢╖╕╣║╗╝╜╛┐└┴┬├─┼╞╟╚╔╩╦╠═╬╧╨╤╥╙╘╒╓╫╪┘┌█▄▌▐▀рстуфхцчшщъыьэюяЁёЄєЇїЎў°∙·√№€■ "
-    },
-
-    "mik": {
-        "type": "_sbcs",
-        "chars": "АБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯабвгдежзийклмнопрстуфхцчшщъыьэюя└┴┬├─┼╣║╚╔╩╦╠═╬┐░▒▓│┤№§╗╝┘┌█▄▌▐▀αßΓπΣσµτΦΘΩδ∞φε∩≡±≥≤⌠⌡÷≈°∙·√ⁿ²■ "
-    },
-
-    // Aliases of generated encodings.
-    "ascii8bit": "ascii",
-    "usascii": "ascii",
-    "ansix34": "ascii",
-    "ansix341968": "ascii",
-    "ansix341986": "ascii",
-    "csascii": "ascii",
-    "cp367": "ascii",
-    "ibm367": "ascii",
-    "isoir6": "ascii",
-    "iso646us": "ascii",
-    "iso646irv": "ascii",
-    "us": "ascii",
-
-    "latin1": "iso88591",
-    "latin2": "iso88592",
-    "latin3": "iso88593",
-    "latin4": "iso88594",
-    "latin5": "iso88599",
-    "latin6": "iso885910",
-    "latin7": "iso885913",
-    "latin8": "iso885914",
-    "latin9": "iso885915",
-    "latin10": "iso885916",
-
-    "csisolatin1": "iso88591",
-    "csisolatin2": "iso88592",
-    "csisolatin3": "iso88593",
-    "csisolatin4": "iso88594",
-    "csisolatincyrillic": "iso88595",
-    "csisolatinarabic": "iso88596",
-    "csisolatingreek" : "iso88597",
-    "csisolatinhebrew": "iso88598",
-    "csisolatin5": "iso88599",
-    "csisolatin6": "iso885910",
-
-    "l1": "iso88591",
-    "l2": "iso88592",
-    "l3": "iso88593",
-    "l4": "iso88594",
-    "l5": "iso88599",
-    "l6": "iso885910",
-    "l7": "iso885913",
-    "l8": "iso885914",
-    "l9": "iso885915",
-    "l10": "iso885916",
-
-    "isoir14": "iso646jp",
-    "isoir57": "iso646cn",
-    "isoir100": "iso88591",
-    "isoir101": "iso88592",
-    "isoir109": "iso88593",
-    "isoir110": "iso88594",
-    "isoir144": "iso88595",
-    "isoir127": "iso88596",
-    "isoir126": "iso88597",
-    "isoir138": "iso88598",
-    "isoir148": "iso88599",
-    "isoir157": "iso885910",
-    "isoir166": "tis620",
-    "isoir179": "iso885913",
-    "isoir199": "iso885914",
-    "isoir203": "iso885915",
-    "isoir226": "iso885916",
-
-    "cp819": "iso88591",
-    "ibm819": "iso88591",
-
-    "cyrillic": "iso88595",
-
-    "arabic": "iso88596",
-    "arabic8": "iso88596",
-    "ecma114": "iso88596",
-    "asmo708": "iso88596",
-
-    "greek" : "iso88597",
-    "greek8" : "iso88597",
-    "ecma118" : "iso88597",
-    "elot928" : "iso88597",
-
-    "hebrew": "iso88598",
-    "hebrew8": "iso88598",
-
-    "turkish": "iso88599",
-    "turkish8": "iso88599",
-
-    "thai": "iso885911",
-    "thai8": "iso885911",
-
-    "celtic": "iso885914",
-    "celtic8": "iso885914",
-    "isoceltic": "iso885914",
-
-    "tis6200": "tis620",
-    "tis62025291": "tis620",
-    "tis62025330": "tis620",
-
-    "10000": "macroman",
-    "10006": "macgreek",
-    "10007": "maccyrillic",
-    "10079": "maciceland",
-    "10081": "macturkish",
-
-    "cspc8codepage437": "cp437",
-    "cspc775baltic": "cp775",
-    "cspc850multilingual": "cp850",
-    "cspcp852": "cp852",
-    "cspc862latinhebrew": "cp862",
-    "cpgr": "cp869",
-
-    "msee": "cp1250",
-    "mscyrl": "cp1251",
-    "msansi": "cp1252",
-    "msgreek": "cp1253",
-    "msturk": "cp1254",
-    "mshebr": "cp1255",
-    "msarab": "cp1256",
-    "winbaltrim": "cp1257",
-
-    "cp20866": "koi8r",
-    "20866": "koi8r",
-    "ibm878": "koi8r",
-    "cskoi8r": "koi8r",
-
-    "cp21866": "koi8u",
-    "21866": "koi8u",
-    "ibm1168": "koi8u",
-
-    "strk10482002": "rk1048",
-
-    "tcvn5712": "tcvn",
-    "tcvn57121": "tcvn",
-
-    "gb198880": "iso646cn",
-    "cn": "iso646cn",
-
-    "csiso14jisc6220ro": "iso646jp",
-    "jisc62201969ro": "iso646jp",
-    "jp": "iso646jp",
-
-    "cshproman8": "hproman8",
-    "r8": "hproman8",
-    "roman8": "hproman8",
-    "xroman8": "hproman8",
-    "ibm1051": "hproman8",
-
-    "mac": "macintosh",
-    "csmacintosh": "macintosh",
-};
-
diff --git a/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/big5-added.json b/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/big5-added.json
deleted file mode 100644
index 3c3d3c2..0000000
--- a/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/big5-added.json
+++ /dev/null
@@ -1,122 +0,0 @@
-[
-["8740","䏰䰲䘃䖦䕸𧉧䵷䖳𧲱䳢𧳅㮕䜶䝄䱇䱀𤊿𣘗𧍒𦺋𧃒䱗𪍑䝏䗚䲅𧱬䴇䪤䚡𦬣爥𥩔𡩣𣸆𣽡晍囻"],
-["8767","綕夝𨮹㷴霴𧯯寛𡵞媤㘥𩺰嫑宷峼杮薓𩥅瑡璝㡵𡵓𣚞𦀡㻬"],
-["87a1","𥣞㫵竼龗𤅡𨤍𣇪𠪊𣉞䌊蒄龖鐯䤰蘓墖靊鈘秐稲晠権袝瑌篅枂稬剏遆㓦珄𥶹瓆鿇垳䤯呌䄱𣚎堘穲𧭥讏䚮𦺈䆁𥶙箮𢒼鿈𢓁𢓉𢓌鿉蔄𣖻䂴鿊䓡𪷿拁灮鿋"],
-["8840","㇀",4,"𠄌㇅𠃑𠃍㇆㇇𠃋𡿨㇈𠃊㇉㇊㇋㇌𠄎㇍㇎ĀÁǍÀĒÉĚÈŌÓǑÒ࿿Ê̄Ế࿿Ê̌ỀÊāáǎàɑēéěèīíǐìōóǒòūúǔùǖǘǚ"],
-["88a1","ǜü࿿ê̄ế࿿ê̌ềêɡ⏚⏛"],
-["8940","𪎩𡅅"],
-["8943","攊"],
-["8946","丽滝鵎釟"],
-["894c","𧜵撑会伨侨兖兴农凤务动医华发变团声处备夲头学实実岚庆总斉柾栄桥济炼电纤纬纺织经统缆缷艺苏药视设询车轧轮"],
-["89a1","琑糼緍楆竉刧"],
-["89ab","醌碸酞肼"],
-["89b0","贋胶𠧧"],
-["89b5","肟黇䳍鷉鸌䰾𩷶𧀎鸊𪄳㗁"],
-["89c1","溚舾甙"],
-["89c5","䤑马骏龙禇𨑬𡷊𠗐𢫦两亁亀亇亿仫伷㑌侽㹈倃傈㑽㒓㒥円夅凛凼刅争剹劐匧㗇厩㕑厰㕓参吣㕭㕲㚁咓咣咴咹哐哯唘唣唨㖘唿㖥㖿嗗㗅"],
-["8a40","𧶄唥"],
-["8a43","𠱂𠴕𥄫喐𢳆㧬𠍁蹆𤶸𩓥䁓𨂾睺𢰸㨴䟕𨅝𦧲𤷪擝𠵼𠾴𠳕𡃴撍蹾𠺖𠰋𠽤𢲩𨉖𤓓"],
-["8a64","𠵆𩩍𨃩䟴𤺧𢳂骲㩧𩗴㿭㔆𥋇𩟔𧣈𢵄鵮頕"],
-["8a76","䏙𦂥撴哣𢵌𢯊𡁷㧻𡁯"],
-["8aa1","𦛚𦜖𧦠擪𥁒𠱃蹨𢆡𨭌𠜱"],
-["8aac","䠋𠆩㿺塳𢶍"],
-["8ab2","𤗈𠓼𦂗𠽌𠶖啹䂻䎺"],
-["8abb","䪴𢩦𡂝膪飵𠶜捹㧾𢝵跀嚡摼㹃"],
-["8ac9","𪘁𠸉𢫏𢳉"],
-["8ace","𡃈𣧂㦒㨆𨊛㕸𥹉𢃇噒𠼱𢲲𩜠㒼氽𤸻"],
-["8adf","𧕴𢺋𢈈𪙛𨳍𠹺𠰴𦠜羓𡃏𢠃𢤹㗻𥇣𠺌𠾍𠺪㾓𠼰𠵇𡅏𠹌"],
-["8af6","𠺫𠮩𠵈𡃀𡄽㿹𢚖搲𠾭"],
-["8b40","𣏴𧘹𢯎𠵾𠵿𢱑𢱕㨘𠺘𡃇𠼮𪘲𦭐𨳒𨶙𨳊閪哌苄喹"],
-["8b55","𩻃鰦骶𧝞𢷮煀腭胬尜𦕲脴㞗卟𨂽醶𠻺𠸏𠹷𠻻㗝𤷫㘉𠳖嚯𢞵𡃉𠸐𠹸𡁸𡅈𨈇𡑕𠹹𤹐𢶤婔𡀝𡀞𡃵𡃶垜𠸑"],
-["8ba1","𧚔𨋍𠾵𠹻𥅾㜃𠾶𡆀𥋘𪊽𤧚𡠺𤅷𨉼墙剨㘚𥜽箲孨䠀䬬鼧䧧鰟鮍𥭴𣄽嗻㗲嚉丨夂𡯁屮靑𠂆乛亻㔾尣彑忄㣺扌攵歺氵氺灬爫丬犭𤣩罒礻糹罓𦉪㓁"],
-["8bde","𦍋耂肀𦘒𦥑卝衤见𧢲讠贝钅镸长门𨸏韦页风飞饣𩠐鱼鸟黄歯龜丷𠂇阝户钢"],
-["8c40","倻淾𩱳龦㷉袏𤅎灷峵䬠𥇍㕙𥴰愢𨨲辧釶熑朙玺𣊁𪄇㲋𡦀䬐磤琂冮𨜏䀉橣𪊺䈣蘏𠩯稪𩥇𨫪靕灍匤𢁾鏴盙𨧣龧矝亣俰傼丯众龨吴綋墒壐𡶶庒庙忂𢜒斋"],
-["8ca1","𣏹椙橃𣱣泿"],
-["8ca7","爀𤔅玌㻛𤨓嬕璹讃𥲤𥚕窓篬糃繬苸薗龩袐龪躹龫迏蕟駠鈡龬𨶹𡐿䁱䊢娚"],
-["8cc9","顨杫䉶圽"],
-["8cce","藖𤥻芿𧄍䲁𦵴嵻𦬕𦾾龭龮宖龯曧繛湗秊㶈䓃𣉖𢞖䎚䔶"],
-["8ce6","峕𣬚諹屸㴒𣕑嵸龲煗䕘𤃬𡸣䱷㥸㑊𠆤𦱁諌侴𠈹妿腬顖𩣺弻"],
-["8d40","𠮟"],
-["8d42","𢇁𨥭䄂䚻𩁹㼇龳𪆵䃸㟖䛷𦱆䅼𨚲𧏿䕭㣔𥒚䕡䔛䶉䱻䵶䗪㿈𤬏㙡䓞䒽䇭崾嵈嵖㷼㠏嶤嶹㠠㠸幂庽弥徃㤈㤔㤿㥍惗愽峥㦉憷憹懏㦸戬抐拥挘㧸嚱"],
-["8da1","㨃揢揻搇摚㩋擀崕嘡龟㪗斆㪽旿晓㫲暒㬢朖㭂枤栀㭘桊梄㭲㭱㭻椉楃牜楤榟榅㮼槖㯝橥橴橱檂㯬檙㯲檫檵櫔櫶殁毁毪汵沪㳋洂洆洦涁㳯涤涱渕渘温溆𨧀溻滢滚齿滨滩漤漴㵆𣽁澁澾㵪㵵熷岙㶊瀬㶑灐灔灯灿炉𠌥䏁㗱𠻘"],
-["8e40","𣻗垾𦻓焾𥟠㙎榢𨯩孴穉𥣡𩓙穥穽𥦬窻窰竂竃燑𦒍䇊竚竝竪䇯咲𥰁笋筕笩𥌎𥳾箢筯莜𥮴𦱿篐萡箒箸𥴠㶭𥱥蒒篺簆簵𥳁籄粃𤢂粦晽𤕸糉糇糦籴糳糵糎"],
-["8ea1","繧䔝𦹄絝𦻖璍綉綫焵綳緒𤁗𦀩緤㴓緵𡟹緥𨍭縝𦄡𦅚繮纒䌫鑬縧罀罁罇礶𦋐駡羗𦍑羣𡙡𠁨䕜𣝦䔃𨌺翺𦒉者耈耝耨耯𪂇𦳃耻耼聡𢜔䦉𦘦𣷣𦛨朥肧𨩈脇脚墰𢛶汿𦒘𤾸擧𡒊舘𡡞橓𤩥𤪕䑺舩𠬍𦩒𣵾俹𡓽蓢荢𦬊𤦧𣔰𡝳𣷸芪椛芳䇛"],
-["8f40","蕋苐茚𠸖𡞴㛁𣅽𣕚艻苢茘𣺋𦶣𦬅𦮗𣗎㶿茝嗬莅䔋𦶥莬菁菓㑾𦻔橗蕚㒖𦹂𢻯葘𥯤葱㷓䓤檧葊𣲵祘蒨𦮖𦹷𦹃蓞萏莑䒠蒓蓤𥲑䉀𥳀䕃蔴嫲𦺙䔧蕳䔖枿蘖"],
-["8fa1","𨘥𨘻藁𧂈蘂𡖂𧃍䕫䕪蘨㙈𡢢号𧎚虾蝱𪃸蟮𢰧螱蟚蠏噡虬桖䘏衅衆𧗠𣶹𧗤衞袜䙛袴袵揁装睷𧜏覇覊覦覩覧覼𨨥觧𧤤𧪽誜瞓釾誐𧩙竩𧬺𣾏䜓𧬸煼謌謟𥐰𥕥謿譌譍誩𤩺讐讛誯𡛟䘕衏貛𧵔𧶏貫㜥𧵓賖𧶘𧶽贒贃𡤐賛灜贑𤳉㻐起"],
-["9040","趩𨀂𡀔𤦊㭼𨆼𧄌竧躭躶軃鋔輙輭𨍥𨐒辥錃𪊟𠩐辳䤪𨧞𨔽𣶻廸𣉢迹𪀔𨚼𨔁𢌥㦀𦻗逷𨔼𧪾遡𨕬𨘋邨𨜓郄𨛦邮都酧㫰醩釄粬𨤳𡺉鈎沟鉁鉢𥖹銹𨫆𣲛𨬌𥗛"],
-["90a1","𠴱錬鍫𨫡𨯫炏嫃𨫢𨫥䥥鉄𨯬𨰹𨯿鍳鑛躼閅閦鐦閠濶䊹𢙺𨛘𡉼𣸮䧟氜陻隖䅬隣𦻕懚隶磵𨫠隽双䦡𦲸𠉴𦐐𩂯𩃥𤫑𡤕𣌊霱虂霶䨏䔽䖅𤫩灵孁霛靜𩇕靗孊𩇫靟鐥僐𣂷𣂼鞉鞟鞱鞾韀韒韠𥑬韮琜𩐳響韵𩐝𧥺䫑頴頳顋顦㬎𧅵㵑𠘰𤅜"],
-["9140","𥜆飊颷飈飇䫿𦴧𡛓喰飡飦飬鍸餹𤨩䭲𩡗𩤅駵騌騻騐驘𥜥㛄𩂱𩯕髠髢𩬅髴䰎鬔鬭𨘀倴鬴𦦨㣃𣁽魐魀𩴾婅𡡣鮎𤉋鰂鯿鰌𩹨鷔𩾷𪆒𪆫𪃡𪄣𪇟鵾鶃𪄴鸎梈"],
-["91a1","鷄𢅛𪆓𪈠𡤻𪈳鴹𪂹𪊴麐麕麞麢䴴麪麯𤍤黁㭠㧥㴝伲㞾𨰫鼂鼈䮖鐤𦶢鼗鼖鼹嚟嚊齅馸𩂋韲葿齢齩竜龎爖䮾𤥵𤦻煷𤧸𤍈𤩑玞𨯚𡣺禟𨥾𨸶鍩鏳𨩄鋬鎁鏋𨥬𤒹爗㻫睲穃烐𤑳𤏸煾𡟯炣𡢾𣖙㻇𡢅𥐯𡟸㜢𡛻𡠹㛡𡝴𡣑𥽋㜣𡛀坛𤨥𡏾𡊨"],
-["9240","𡏆𡒶蔃𣚦蔃葕𤦔𧅥𣸱𥕜𣻻𧁒䓴𣛮𩦝𦼦柹㜳㰕㷧塬𡤢栐䁗𣜿𤃡𤂋𤄏𦰡哋嚞𦚱嚒𠿟𠮨𠸍鏆𨬓鎜仸儫㠙𤐶亼𠑥𠍿佋侊𥙑婨𠆫𠏋㦙𠌊𠐔㐵伩𠋀𨺳𠉵諚𠈌亘"],
-["92a1","働儍侢伃𤨎𣺊佂倮偬傁俌俥偘僼兙兛兝兞湶𣖕𣸹𣺿浲𡢄𣺉冨凃𠗠䓝𠒣𠒒𠒑赺𨪜𠜎剙劤𠡳勡鍮䙺熌𤎌𠰠𤦬𡃤槑𠸝瑹㻞璙琔瑖玘䮎𤪼𤂍叐㖄爏𤃉喴𠍅响𠯆圝鉝雴鍦埝垍坿㘾壋媙𨩆𡛺𡝯𡜐娬妸銏婾嫏娒𥥆𡧳𡡡𤊕㛵洅瑃娡𥺃"],
-["9340","媁𨯗𠐓鏠璌𡌃焅䥲鐈𨧻鎽㞠尞岞幞幈𡦖𡥼𣫮廍孏𡤃𡤄㜁𡢠㛝𡛾㛓脪𨩇𡶺𣑲𨦨弌弎𡤧𡞫婫𡜻孄蘔𧗽衠恾𢡠𢘫忛㺸𢖯𢖾𩂈𦽳懀𠀾𠁆𢘛憙憘恵𢲛𢴇𤛔𩅍"],
-["93a1","摱𤙥𢭪㨩𢬢𣑐𩣪𢹸挷𪑛撶挱揑𤧣𢵧护𢲡搻敫楲㯴𣂎𣊭𤦉𣊫唍𣋠𡣙𩐿曎𣊉𣆳㫠䆐𥖄𨬢𥖏𡛼𥕛𥐥磮𣄃𡠪𣈴㑤𣈏𣆂𤋉暎𦴤晫䮓昰𧡰𡷫晣𣋒𣋡昞𥡲㣑𣠺𣞼㮙𣞢𣏾瓐㮖枏𤘪梶栞㯄檾㡣𣟕𤒇樳橒櫉欅𡤒攑梘橌㯗橺歗𣿀𣲚鎠鋲𨯪𨫋"],
-["9440","銉𨀞𨧜鑧涥漋𤧬浧𣽿㶏渄𤀼娽渊塇洤硂焻𤌚𤉶烱牐犇犔𤞏𤜥兹𤪤𠗫瑺𣻸𣙟𤩊𤤗𥿡㼆㺱𤫟𨰣𣼵悧㻳瓌琼鎇琷䒟𦷪䕑疃㽣𤳙𤴆㽘畕癳𪗆㬙瑨𨫌𤦫𤦎㫻"],
-["94a1","㷍𤩎㻿𤧅𤣳釺圲鍂𨫣𡡤僟𥈡𥇧睸𣈲眎眏睻𤚗𣞁㩞𤣰琸璛㺿𤪺𤫇䃈𤪖𦆮錇𥖁砞碍碈磒珐祙𧝁𥛣䄎禛蒖禥樭𣻺稺秴䅮𡛦䄲鈵秱𠵌𤦌𠊙𣶺𡝮㖗啫㕰㚪𠇔𠰍竢婙𢛵𥪯𥪜娍𠉛磰娪𥯆竾䇹籝籭䈑𥮳𥺼𥺦糍𤧹𡞰粎籼粮檲緜縇緓罎𦉡"],
-["9540","𦅜𧭈綗𥺂䉪𦭵𠤖柖𠁎𣗏埄𦐒𦏸𤥢翝笧𠠬𥫩𥵃笌𥸎駦虅驣樜𣐿㧢𤧷𦖭騟𦖠蒀𧄧𦳑䓪脷䐂胆脉腂𦞴飃𦩂艢艥𦩑葓𦶧蘐𧈛媆䅿𡡀嬫𡢡嫤𡣘蚠蜨𣶏蠭𧐢娂"],
-["95a1","衮佅袇袿裦襥襍𥚃襔𧞅𧞄𨯵𨯙𨮜𨧹㺭蒣䛵䛏㟲訽訜𩑈彍鈫𤊄旔焩烄𡡅鵭貟賩𧷜妚矃姰䍮㛔踪躧𤰉輰轊䋴汘澻𢌡䢛潹溋𡟚鯩㚵𤤯邻邗啱䤆醻鐄𨩋䁢𨫼鐧𨰝𨰻蓥訫閙閧閗閖𨴴瑅㻂𤣿𤩂𤏪㻧𣈥随𨻧𨹦𨹥㻌𤧭𤩸𣿮琒瑫㻼靁𩂰"],
-["9640","桇䨝𩂓𥟟靝鍨𨦉𨰦𨬯𦎾銺嬑譩䤼珹𤈛鞛靱餸𠼦巁𨯅𤪲頟𩓚鋶𩗗釥䓀𨭐𤩧𨭤飜𨩅㼀鈪䤥萔餻饍𧬆㷽馛䭯馪驜𨭥𥣈檏騡嫾騯𩣱䮐𩥈馼䮽䮗鍽塲𡌂堢𤦸"],
-["96a1","𡓨硄𢜟𣶸棅㵽鑘㤧慐𢞁𢥫愇鱏鱓鱻鰵鰐魿鯏𩸭鮟𪇵𪃾鴡䲮𤄄鸘䲰鴌𪆴𪃭𪃳𩤯鶥蒽𦸒𦿟𦮂藼䔳𦶤𦺄𦷰萠藮𦸀𣟗𦁤秢𣖜𣙀䤭𤧞㵢鏛銾鍈𠊿碹鉷鑍俤㑀遤𥕝砽硔碶硋𡝗𣇉𤥁㚚佲濚濙瀞瀞吔𤆵垻壳垊鴖埗焴㒯𤆬燫𦱀𤾗嬨𡞵𨩉"],
-["9740","愌嫎娋䊼𤒈㜬䭻𨧼鎻鎸𡣖𠼝葲𦳀𡐓𤋺𢰦𤏁妔𣶷𦝁綨𦅛𦂤𤦹𤦋𨧺鋥珢㻩璴𨭣𡢟㻡𤪳櫘珳珻㻖𤨾𤪔𡟙𤩦𠎧𡐤𤧥瑈𤤖炥𤥶銄珦鍟𠓾錱𨫎𨨖鎆𨯧𥗕䤵𨪂煫"],
-["97a1","𤥃𠳿嚤𠘚𠯫𠲸唂秄𡟺緾𡛂𤩐𡡒䔮鐁㜊𨫀𤦭妰𡢿𡢃𧒄媡㛢𣵛㚰鉟婹𨪁𡡢鍴㳍𠪴䪖㦊僴㵩㵌𡎜煵䋻𨈘渏𩃤䓫浗𧹏灧沯㳖𣿭𣸭渂漌㵯𠏵畑㚼㓈䚀㻚䡱姄鉮䤾轁𨰜𦯀堒埈㛖𡑒烾𤍢𤩱𢿣𡊰𢎽梹楧𡎘𣓥𧯴𣛟𨪃𣟖𣏺𤲟樚𣚭𦲷萾䓟䓎"],
-["9840","𦴦𦵑𦲂𦿞漗𧄉茽𡜺菭𦲀𧁓𡟛妉媂𡞳婡婱𡤅𤇼㜭姯𡜼㛇熎鎐暚𤊥婮娫𤊓樫𣻹𧜶𤑛𤋊焝𤉙𨧡侰𦴨峂𤓎𧹍𤎽樌𤉖𡌄炦焳𤏩㶥泟勇𤩏繥姫崯㷳彜𤩝𡟟綤萦"],
-["98a1","咅𣫺𣌀𠈔坾𠣕𠘙㿥𡾞𪊶瀃𩅛嵰玏糓𨩙𩐠俈翧狍猐𧫴猸猹𥛶獁獈㺩𧬘遬燵𤣲珡臶㻊県㻑沢国琙琞琟㻢㻰㻴㻺瓓㼎㽓畂畭畲疍㽼痈痜㿀癍㿗癴㿜発𤽜熈嘣覀塩䀝睃䀹条䁅㗛瞘䁪䁯属瞾矋売砘点砜䂨砹硇硑硦葈𥔵礳栃礲䄃"],
-["9940","䄉禑禙辻稆込䅧窑䆲窼艹䇄竏竛䇏両筢筬筻簒簛䉠䉺类粜䊌粸䊔糭输烀𠳏総緔緐緽羮羴犟䎗耠耥笹耮耱联㷌垴炠肷胩䏭脌猪脎脒畠脔䐁㬹腖腙腚"],
-["99a1","䐓堺腼膄䐥膓䐭膥埯臁臤艔䒏芦艶苊苘苿䒰荗险榊萅烵葤惣蒈䔄蒾蓡蓸蔐蔸蕒䔻蕯蕰藠䕷虲蚒蚲蛯际螋䘆䘗袮裿褤襇覑𧥧訩訸誔誴豑賔賲贜䞘塟跃䟭仮踺嗘坔蹱嗵躰䠷軎転軤軭軲辷迁迊迌逳駄䢭飠鈓䤞鈨鉘鉫銱銮銿"],
-["9a40","鋣鋫鋳鋴鋽鍃鎄鎭䥅䥑麿鐗匁鐝鐭鐾䥪鑔鑹锭関䦧间阳䧥枠䨤靀䨵鞲韂噔䫤惨颹䬙飱塄餎餙冴餜餷饂饝饢䭰駅䮝騼鬏窃魩鮁鯝鯱鯴䱭鰠㝯𡯂鵉鰺"],
-["9aa1","黾噐鶓鶽鷀鷼银辶鹻麬麱麽黆铜黢黱黸竈齄𠂔𠊷𠎠椚铃妬𠓗塀铁㞹𠗕𠘕𠙶𡚺块煳𠫂𠫍𠮿呪吆𠯋咞𠯻𠰻𠱓𠱥𠱼惧𠲍噺𠲵𠳝𠳭𠵯𠶲𠷈楕鰯螥𠸄𠸎𠻗𠾐𠼭𠹳尠𠾼帋𡁜𡁏𡁶朞𡁻𡂈𡂖㙇𡂿𡃓𡄯𡄻卤蒭𡋣𡍵𡌶讁𡕷𡘙𡟃𡟇乸炻𡠭𡥪"],
-["9b40","𡨭𡩅𡰪𡱰𡲬𡻈拃𡻕𡼕熘桕𢁅槩㛈𢉼𢏗𢏺𢜪𢡱𢥏苽𢥧𢦓𢫕覥𢫨辠𢬎鞸𢬿顇骽𢱌"],
-["9b62","𢲈𢲷𥯨𢴈𢴒𢶷𢶕𢹂𢽴𢿌𣀳𣁦𣌟𣏞徱晈暿𧩹𣕧𣗳爁𤦺矗𣘚𣜖纇𠍆墵朎"],
-["9ba1","椘𣪧𧙗𥿢𣸑𣺹𧗾𢂚䣐䪸𤄙𨪚𤋮𤌍𤀻𤌴𤎖𤩅𠗊凒𠘑妟𡺨㮾𣳿𤐄𤓖垈𤙴㦛𤜯𨗨𩧉㝢𢇃譞𨭎駖𤠒𤣻𤨕爉𤫀𠱸奥𤺥𤾆𠝹軚𥀬劏圿煱𥊙𥐙𣽊𤪧喼𥑆𥑮𦭒釔㑳𥔿𧘲𥕞䜘𥕢𥕦𥟇𤤿𥡝偦㓻𣏌惞𥤃䝼𨥈𥪮𥮉𥰆𡶐垡煑澶𦄂𧰒遖𦆲𤾚譢𦐂𦑊"],
-["9c40","嵛𦯷輶𦒄𡤜諪𤧶𦒈𣿯𦔒䯀𦖿𦚵𢜛鑥𥟡憕娧晉侻嚹𤔡𦛼乪𤤴陖涏𦲽㘘襷𦞙𦡮𦐑𦡞營𦣇筂𩃀𠨑𦤦鄄𦤹穅鷰𦧺騦𦨭㙟𦑩𠀡禃𦨴𦭛崬𣔙菏𦮝䛐𦲤画补𦶮墶"],
-["9ca1","㜜𢖍𧁋𧇍㱔𧊀𧊅銁𢅺𧊋錰𧋦𤧐氹钟𧑐𠻸蠧裵𢤦𨑳𡞱溸𤨪𡠠㦤㚹尐秣䔿暶𩲭𩢤襃𧟌𧡘囖䃟𡘊㦡𣜯𨃨𡏅熭荦𧧝𩆨婧䲷𧂯𨦫𧧽𧨊𧬋𧵦𤅺筃祾𨀉澵𪋟樃𨌘厢𦸇鎿栶靝𨅯𨀣𦦵𡏭𣈯𨁈嶅𨰰𨂃圕頣𨥉嶫𤦈斾槕叒𤪥𣾁㰑朶𨂐𨃴𨄮𡾡𨅏"],
-["9d40","𨆉𨆯𨈚𨌆𨌯𨎊㗊𨑨𨚪䣺揦𨥖砈鉕𨦸䏲𨧧䏟𨧨𨭆𨯔姸𨰉輋𨿅𩃬筑𩄐𩄼㷷𩅞𤫊运犏嚋𩓧𩗩𩖰𩖸𩜲𩣑𩥉𩥪𩧃𩨨𩬎𩵚𩶛纟𩻸𩼣䲤镇𪊓熢𪋿䶑递𪗋䶜𠲜达嗁"],
-["9da1","辺𢒰边𤪓䔉繿潖檱仪㓤𨬬𧢝㜺躀𡟵𨀤𨭬𨮙𧨾𦚯㷫𧙕𣲷𥘵𥥖亚𥺁𦉘嚿𠹭踎孭𣺈𤲞揞拐𡟶𡡻攰嘭𥱊吚𥌑㷆𩶘䱽嘢嘞罉𥻘奵𣵀蝰东𠿪𠵉𣚺脗鵞贘瘻鱅癎瞹鍅吲腈苷嘥脲萘肽嗪祢噃吖𠺝㗎嘅嗱曱𨋢㘭甴嗰喺咗啲𠱁𠲖廐𥅈𠹶𢱢"],
-["9e40","𠺢麫絚嗞𡁵抝靭咔賍燶酶揼掹揾啩𢭃鱲𢺳冚㓟𠶧冧呍唞唓癦踭𦢊疱肶蠄螆裇膶萜𡃁䓬猄𤜆宐茋𦢓噻𢛴𧴯𤆣𧵳𦻐𧊶酰𡇙鈈𣳼𪚩𠺬𠻹牦𡲢䝎𤿂𧿹𠿫䃺"],
-["9ea1","鱝攟𢶠䣳𤟠𩵼𠿬𠸊恢𧖣𠿭"],
-["9ead","𦁈𡆇熣纎鵐业丄㕷嬍沲卧㚬㧜卽㚥𤘘墚𤭮舭呋垪𥪕𠥹"],
-["9ec5","㩒𢑥獴𩺬䴉鯭𣳾𩼰䱛𤾩𩖞𩿞葜𣶶𧊲𦞳𣜠挮紥𣻷𣸬㨪逈勌㹴㙺䗩𠒎癀嫰𠺶硺𧼮墧䂿噼鮋嵴癔𪐴麅䳡痹㟻愙𣃚𤏲"],
-["9ef5","噝𡊩垧𤥣𩸆刴𧂮㖭汊鵼"],
-["9f40","籖鬹埞𡝬屓擓𩓐𦌵𧅤蚭𠴨𦴢𤫢𠵱"],
-["9f4f","凾𡼏嶎霃𡷑麁遌笟鬂峑箣扨挵髿篏鬪籾鬮籂粆鰕篼鬉鼗鰛𤤾齚啳寃俽麘俲剠㸆勑坧偖妷帒韈鶫轜呩鞴饀鞺匬愰"],
-["9fa1","椬叚鰊鴂䰻陁榀傦畆𡝭駚剳"],
-["9fae","酙隁酜"],
-["9fb2","酑𨺗捿𦴣櫊嘑醎畺抅𠏼獏籰𥰡𣳽"],
-["9fc1","𤤙盖鮝个𠳔莾衂"],
-["9fc9","届槀僭坺刟巵从氱𠇲伹咜哚劚趂㗾弌㗳"],
-["9fdb","歒酼龥鮗頮颴骺麨麄煺笔"],
-["9fe7","毺蠘罸"],
-["9feb","嘠𪙊蹷齓"],
-["9ff0","跔蹏鸜踁抂𨍽踨蹵竓𤩷稾磘泪詧瘇"],
-["a040","𨩚鼦泎蟖痃𪊲硓咢贌狢獱謭猂瓱賫𤪻蘯徺袠䒷"],
-["a055","𡠻𦸅"],
-["a058","詾𢔛"],
-["a05b","惽癧髗鵄鍮鮏蟵"],
-["a063","蠏賷猬霡鮰㗖犲䰇籑饊𦅙慙䰄麖慽"],
-["a073","坟慯抦戹拎㩜懢厪𣏵捤栂㗒"],
-["a0a1","嵗𨯂迚𨸹"],
-["a0a6","僙𡵆礆匲阸𠼻䁥"],
-["a0ae","矾"],
-["a0b0","糂𥼚糚稭聦聣絍甅瓲覔舚朌聢𧒆聛瓰脃眤覉𦟌畓𦻑螩蟎臈螌詉貭譃眫瓸蓚㘵榲趦"],
-["a0d4","覩瑨涹蟁𤀑瓧㷛煶悤憜㳑煢恷"],
-["a0e2","罱𨬭牐惩䭾删㰘𣳇𥻗𧙖𥔱𡥄𡋾𩤃𦷜𧂭峁𦆭𨨏𣙷𠃮𦡆𤼎䕢嬟𦍌齐麦𦉫"],
-["a3c0","␀",31,"␡"],
-["c6a1","①",9,"⑴",9,"ⅰ",9,"丶丿亅亠冂冖冫勹匸卩厶夊宀巛⼳广廴彐彡攴无疒癶辵隶¨ˆヽヾゝゞ〃仝々〆〇ー［］✽ぁ",23],
-["c740","す",58,"ァアィイ"],
-["c7a1","ゥ",81,"А",5,"ЁЖ",4],
-["c840","Л",26,"ёж",25,"⇧↸↹㇏𠃌乚𠂊刂䒑"],
-["c8a1","龰冈龱𧘇"],
-["c8cd","￢￤＇＂㈱№℡゛゜⺀⺄⺆⺇⺈⺊⺌⺍⺕⺜⺝⺥⺧⺪⺬⺮⺶⺼⺾⻆⻊⻌⻍⻏⻖⻗⻞⻣"],
-["c8f5","ʃɐɛɔɵœøŋʊɪ"],
-["f9fe","￭"],
-["fa40","𠕇鋛𠗟𣿅蕌䊵珯况㙉𤥂𨧤鍄𡧛苮𣳈砼杄拟𤤳𨦪𠊠𦮳𡌅侫𢓭倈𦴩𧪄𣘀𤪱𢔓倩𠍾徤𠎀𠍇滛𠐟偽儁㑺儎顬㝃萖𤦤𠒇兠𣎴兪𠯿𢃼𠋥𢔰𠖎𣈳𡦃宂蝽𠖳𣲙冲冸"],
-["faa1","鴴凉减凑㳜凓𤪦决凢卂凭菍椾𣜭彻刋刦刼劵剗劔効勅簕蕂勠蘍𦬓包𨫞啉滙𣾀𠥔𣿬匳卄𠯢泋𡜦栛珕恊㺪㣌𡛨燝䒢卭却𨚫卾卿𡖖𡘓矦厓𨪛厠厫厮玧𥝲㽙玜叁叅汉义埾叙㪫𠮏叠𣿫𢶣叶𠱷吓灹唫晗浛呭𦭓𠵴啝咏咤䞦𡜍𠻝㶴𠵍"],
-["fb40","𨦼𢚘啇䳭启琗喆喩嘅𡣗𤀺䕒𤐵暳𡂴嘷曍𣊊暤暭噍噏磱囱鞇叾圀囯园𨭦㘣𡉏坆𤆥汮炋坂㚱𦱾埦𡐖堃𡑔𤍣堦𤯵塜墪㕡壠壜𡈼壻寿坃𪅐𤉸鏓㖡够梦㛃湙"],
-["fba1","𡘾娤啓𡚒蔅姉𠵎𦲁𦴪𡟜姙𡟻𡞲𦶦浱𡠨𡛕姹𦹅媫婣㛦𤦩婷㜈媖瑥嫓𦾡𢕔㶅𡤑㜲𡚸広勐孶斈孼𧨎䀄䡝𠈄寕慠𡨴𥧌𠖥寳宝䴐尅𡭄尓珎尔𡲥𦬨屉䣝岅峩峯嶋𡷹𡸷崐崘嵆𡺤岺巗苼㠭𤤁𢁉𢅳芇㠶㯂帮檊幵幺𤒼𠳓厦亷廐厨𡝱帉廴𨒂"],
-["fc40","廹廻㢠廼栾鐛弍𠇁弢㫞䢮𡌺强𦢈𢏐彘𢑱彣鞽𦹮彲鍀𨨶徧嶶㵟𥉐𡽪𧃸𢙨釖𠊞𨨩怱暅𡡷㥣㷇㘹垐𢞴祱㹀悞悤悳𤦂𤦏𧩓璤僡媠慤萤慂慈𦻒憁凴𠙖憇宪𣾷"],
-["fca1","𢡟懓𨮝𩥝懐㤲𢦀𢣁怣慜攞掋𠄘担𡝰拕𢸍捬𤧟㨗搸揸𡎎𡟼撐澊𢸶頔𤂌𥜝擡擥鑻㩦携㩗敍漖𤨨𤨣斅敭敟𣁾斵𤥀䬷旑䃘𡠩无旣忟𣐀昘𣇷𣇸晄𣆤𣆥晋𠹵晧𥇦晳晴𡸽𣈱𨗴𣇈𥌓矅𢣷馤朂𤎜𤨡㬫槺𣟂杞杧杢𤇍𩃭柗䓩栢湐鈼栁𣏦𦶠桝"],
-["fd40","𣑯槡樋𨫟楳棃𣗍椁椀㴲㨁𣘼㮀枬楡𨩊䋼椶榘㮡𠏉荣傐槹𣙙𢄪橅𣜃檝㯳枱櫈𩆜㰍欝𠤣惞欵歴𢟍溵𣫛𠎵𡥘㝀吡𣭚毡𣻼毜氷𢒋𤣱𦭑汚舦汹𣶼䓅𣶽𤆤𤤌𤤀"],
-["fda1","𣳉㛥㳫𠴲鮃𣇹𢒑羏样𦴥𦶡𦷫涖浜湼漄𤥿𤂅𦹲蔳𦽴凇沜渝萮𨬡港𣸯瑓𣾂秌湏媑𣁋濸㜍澝𣸰滺𡒗𤀽䕕鏰潄潜㵎潴𩅰㴻澟𤅄濓𤂑𤅕𤀹𣿰𣾴𤄿凟𤅖𤅗𤅀𦇝灋灾炧炁烌烕烖烟䄄㷨熴熖𤉷焫煅媈煊煮岜𤍥煏鍢𤋁焬𤑚𤨧𤨢熺𨯨炽爎"],
-["fe40","鑂爕夑鑃爤鍁𥘅爮牀𤥴梽牕牗㹕𣁄栍漽犂猪猫𤠣𨠫䣭𨠄猨献珏玪𠰺𦨮珉瑉𤇢𡛧𤨤昣㛅𤦷𤦍𤧻珷琕椃𤨦琹𠗃㻗瑜𢢭瑠𨺲瑇珤瑶莹瑬㜰瑴鏱樬璂䥓𤪌"],
-["fea1","𤅟𤩹𨮏孆𨰃𡢞瓈𡦈甎瓩甞𨻙𡩋寗𨺬鎅畍畊畧畮𤾂㼄𤴓疎瑝疞疴瘂瘬癑癏癯癶𦏵皐臯㟸𦤑𦤎皡皥皷盌𦾟葢𥂝𥅽𡸜眞眦着撯𥈠睘𣊬瞯𨥤𨥨𡛁矴砉𡍶𤨒棊碯磇磓隥礮𥗠磗礴碱𧘌辸袄𨬫𦂃𢘜禆褀椂禀𥡗禝𧬹礼禩渪𧄦㺨秆𩄍秔"]
-]
diff --git a/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/cp936.json b/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/cp936.json
deleted file mode 100644
index 49ddb9a..0000000
--- a/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/cp936.json
+++ /dev/null
@@ -1,264 +0,0 @@
-[
-["0","\u0000",127,"€"],
-["8140","丂丄丅丆丏丒丗丟丠両丣並丩丮丯丱丳丵丷丼乀乁乂乄乆乊乑乕乗乚乛乢乣乤乥乧乨乪",5,"乲乴",9,"乿",6,"亇亊"],
-["8180","亐亖亗亙亜亝亞亣亪亯亰亱亴亶亷亸亹亼亽亾仈仌仏仐仒仚仛仜仠仢仦仧仩仭仮仯仱仴仸仹仺仼仾伀伂",6,"伋伌伒",4,"伜伝伡伣伨伩伬伭伮伱伳伵伷伹伻伾",4,"佄佅佇",5,"佒佔佖佡佢佦佨佪佫佭佮佱佲併佷佸佹佺佽侀侁侂侅來侇侊侌侎侐侒侓侕侖侘侙侚侜侞侟価侢"],
-["8240","侤侫侭侰",4,"侶",8,"俀俁係俆俇俈俉俋俌俍俒",4,"俙俛俠俢俤俥俧俫俬俰俲俴俵俶俷俹俻俼俽俿",11],
-["8280","個倎倐們倓倕倖倗倛倝倞倠倢倣値倧倫倯",10,"倻倽倿偀偁偂偄偅偆偉偊偋偍偐",4,"偖偗偘偙偛偝",7,"偦",5,"偭",8,"偸偹偺偼偽傁傂傃傄傆傇傉傊傋傌傎",20,"傤傦傪傫傭",4,"傳",6,"傼"],
-["8340","傽",17,"僐",5,"僗僘僙僛",10,"僨僩僪僫僯僰僱僲僴僶",4,"僼",9,"儈"],
-["8380","儉儊儌",5,"儓",13,"儢",28,"兂兇兊兌兎兏児兒兓兗兘兙兛兝",4,"兣兤兦內兩兪兯兲兺兾兿冃冄円冇冊冋冎冏冐冑冓冔冘冚冝冞冟冡冣冦",4,"冭冮冴冸冹冺冾冿凁凂凃凅凈凊凍凎凐凒",5],
-["8440","凘凙凚凜凞凟凢凣凥",5,"凬凮凱凲凴凷凾刄刅刉刋刌刏刐刓刔刕刜刞刟刡刢刣別刦刧刪刬刯刱刲刴刵刼刾剄",5,"剋剎剏剒剓剕剗剘"],
-["8480","剙剚剛剝剟剠剢剣剤剦剨剫剬剭剮剰剱剳",9,"剾劀劃",4,"劉",6,"劑劒劔",6,"劜劤劥劦劧劮劯劰労",9,"勀勁勂勄勅勆勈勊勌勍勎勏勑勓勔動勗務",5,"勠勡勢勣勥",10,"勱",7,"勻勼勽匁匂匃匄匇匉匊匋匌匎"],
-["8540","匑匒匓匔匘匛匜匞匟匢匤匥匧匨匩匫匬匭匯",9,"匼匽區卂卄卆卋卌卍卐協単卙卛卝卥卨卪卬卭卲卶卹卻卼卽卾厀厁厃厇厈厊厎厏"],
-["8580","厐",4,"厖厗厙厛厜厞厠厡厤厧厪厫厬厭厯",6,"厷厸厹厺厼厽厾叀參",4,"収叏叐叒叓叕叚叜叝叞叡叢叧叴叺叾叿吀吂吅吇吋吔吘吙吚吜吢吤吥吪吰吳吶吷吺吽吿呁呂呄呅呇呉呌呍呎呏呑呚呝",4,"呣呥呧呩",7,"呴呹呺呾呿咁咃咅咇咈咉咊咍咑咓咗咘咜咞咟咠咡"],
-["8640","咢咥咮咰咲咵咶咷咹咺咼咾哃哅哊哋哖哘哛哠",4,"哫哬哯哰哱哴",5,"哻哾唀唂唃唄唅唈唊",4,"唒唓唕",5,"唜唝唞唟唡唥唦"],
-["8680","唨唩唫唭唲唴唵唶唸唹唺唻唽啀啂啅啇啈啋",4,"啑啒啓啔啗",4,"啝啞啟啠啢啣啨啩啫啯",5,"啹啺啽啿喅喆喌喍喎喐喒喓喕喖喗喚喛喞喠",6,"喨",8,"喲喴営喸喺喼喿",4,"嗆嗇嗈嗊嗋嗎嗏嗐嗕嗗",4,"嗞嗠嗢嗧嗩嗭嗮嗰嗱嗴嗶嗸",4,"嗿嘂嘃嘄嘅"],
-["8740","嘆嘇嘊嘋嘍嘐",7,"嘙嘚嘜嘝嘠嘡嘢嘥嘦嘨嘩嘪嘫嘮嘯嘰嘳嘵嘷嘸嘺嘼嘽嘾噀",11,"噏",4,"噕噖噚噛噝",4],
-["8780","噣噥噦噧噭噮噯噰噲噳噴噵噷噸噹噺噽",7,"嚇",6,"嚐嚑嚒嚔",14,"嚤",10,"嚰",6,"嚸嚹嚺嚻嚽",12,"囋",8,"囕囖囘囙囜団囥",5,"囬囮囯囲図囶囷囸囻囼圀圁圂圅圇國",6],
-["8840","園",9,"圝圞圠圡圢圤圥圦圧圫圱圲圴",4,"圼圽圿坁坃坄坅坆坈坉坋坒",4,"坘坙坢坣坥坧坬坮坰坱坲坴坵坸坹坺坽坾坿垀"],
-["8880","垁垇垈垉垊垍",4,"垔",6,"垜垝垞垟垥垨垪垬垯垰垱垳垵垶垷垹",8,"埄",6,"埌埍埐埑埓埖埗埛埜埞埡埢埣埥",7,"埮埰埱埲埳埵埶執埻埼埾埿堁堃堄堅堈堉堊堌堎堏堐堒堓堔堖堗堘堚堛堜堝堟堢堣堥",4,"堫",4,"報堲堳場堶",7],
-["8940","堾",5,"塅",6,"塎塏塐塒塓塕塖塗塙",4,"塟",5,"塦",4,"塭",16,"塿墂墄墆墇墈墊墋墌"],
-["8980","墍",4,"墔",4,"墛墜墝墠",7,"墪",17,"墽墾墿壀壂壃壄壆",10,"壒壓壔壖",13,"壥",5,"壭壯壱売壴壵壷壸壺",7,"夃夅夆夈",4,"夎夐夑夒夓夗夘夛夝夞夠夡夢夣夦夨夬夰夲夳夵夶夻"],
-["8a40","夽夾夿奀奃奅奆奊奌奍奐奒奓奙奛",4,"奡奣奤奦",12,"奵奷奺奻奼奾奿妀妅妉妋妌妎妏妐妑妔妕妘妚妛妜妝妟妠妡妢妦"],
-["8a80","妧妬妭妰妱妳",5,"妺妼妽妿",6,"姇姈姉姌姍姎姏姕姖姙姛姞",4,"姤姦姧姩姪姫姭",11,"姺姼姽姾娀娂娊娋娍娎娏娐娒娔娕娖娗娙娚娛娝娞娡娢娤娦娧娨娪",6,"娳娵娷",4,"娽娾娿婁",4,"婇婈婋",9,"婖婗婘婙婛",5],
-["8b40","婡婣婤婥婦婨婩婫",8,"婸婹婻婼婽婾媀",17,"媓",6,"媜",13,"媫媬"],
-["8b80","媭",4,"媴媶媷媹",4,"媿嫀嫃",5,"嫊嫋嫍",4,"嫓嫕嫗嫙嫚嫛嫝嫞嫟嫢嫤嫥嫧嫨嫪嫬",4,"嫲",22,"嬊",11,"嬘",25,"嬳嬵嬶嬸",7,"孁",6],
-["8c40","孈",7,"孒孖孞孠孡孧孨孫孭孮孯孲孴孶孷學孹孻孼孾孿宂宆宊宍宎宐宑宒宔宖実宧宨宩宬宭宮宯宱宲宷宺宻宼寀寁寃寈寉寊寋寍寎寏"],
-["8c80","寑寔",8,"寠寢寣實寧審",4,"寯寱",6,"寽対尀専尃尅將專尋尌對導尐尒尓尗尙尛尞尟尠尡尣尦尨尩尪尫尭尮尯尰尲尳尵尶尷屃屄屆屇屌屍屒屓屔屖屗屘屚屛屜屝屟屢層屧",6,"屰屲",6,"屻屼屽屾岀岃",4,"岉岊岋岎岏岒岓岕岝",4,"岤",4],
-["8d40","岪岮岯岰岲岴岶岹岺岻岼岾峀峂峃峅",5,"峌",5,"峓",5,"峚",6,"峢峣峧峩峫峬峮峯峱",9,"峼",4],
-["8d80","崁崄崅崈",5,"崏",4,"崕崗崘崙崚崜崝崟",4,"崥崨崪崫崬崯",4,"崵",7,"崿",7,"嵈嵉嵍",10,"嵙嵚嵜嵞",10,"嵪嵭嵮嵰嵱嵲嵳嵵",12,"嶃",21,"嶚嶛嶜嶞嶟嶠"],
-["8e40","嶡",21,"嶸",12,"巆",6,"巎",12,"巜巟巠巣巤巪巬巭"],
-["8e80","巰巵巶巸",4,"巿帀帄帇帉帊帋帍帎帒帓帗帞",7,"帨",4,"帯帰帲",4,"帹帺帾帿幀幁幃幆",5,"幍",6,"幖",4,"幜幝幟幠幣",14,"幵幷幹幾庁庂広庅庈庉庌庍庎庒庘庛庝庡庢庣庤庨",4,"庮",4,"庴庺庻庼庽庿",6],
-["8f40","廆廇廈廋",5,"廔廕廗廘廙廚廜",11,"廩廫",8,"廵廸廹廻廼廽弅弆弇弉弌弍弎弐弒弔弖弙弚弜弝弞弡弢弣弤"],
-["8f80","弨弫弬弮弰弲",6,"弻弽弾弿彁",14,"彑彔彙彚彛彜彞彟彠彣彥彧彨彫彮彯彲彴彵彶彸彺彽彾彿徃徆徍徎徏徑従徔徖徚徛徝從徟徠徢",5,"復徫徬徯",5,"徶徸徹徺徻徾",4,"忇忈忊忋忎忓忔忕忚忛応忞忟忢忣忥忦忨忩忬忯忰忲忳忴忶忷忹忺忼怇"],
-["9040","怈怉怋怌怐怑怓怗怘怚怞怟怢怣怤怬怭怮怰",4,"怶",4,"怽怾恀恄",6,"恌恎恏恑恓恔恖恗恘恛恜恞恟恠恡恥恦恮恱恲恴恵恷恾悀"],
-["9080","悁悂悅悆悇悈悊悋悎悏悐悑悓悕悗悘悙悜悞悡悢悤悥悧悩悪悮悰悳悵悶悷悹悺悽",7,"惇惈惉惌",4,"惒惓惔惖惗惙惛惞惡",4,"惪惱惲惵惷惸惻",4,"愂愃愄愅愇愊愋愌愐",4,"愖愗愘愙愛愜愝愞愡愢愥愨愩愪愬",18,"慀",6],
-["9140","慇慉態慍慏慐慒慓慔慖",6,"慞慟慠慡慣慤慥慦慩",6,"慱慲慳慴慶慸",18,"憌憍憏",4,"憕"],
-["9180","憖",6,"憞",8,"憪憫憭",9,"憸",5,"憿懀懁懃",4,"應懌",4,"懓懕",16,"懧",13,"懶",8,"戀",5,"戇戉戓戔戙戜戝戞戠戣戦戧戨戩戫戭戯戰戱戲戵戶戸",4,"扂扄扅扆扊"],
-["9240","扏扐払扖扗扙扚扜",6,"扤扥扨扱扲扴扵扷扸扺扻扽抁抂抃抅抆抇抈抋",5,"抔抙抜抝択抣抦抧抩抪抭抮抯抰抲抳抴抶抷抸抺抾拀拁"],
-["9280","拃拋拏拑拕拝拞拠拡拤拪拫拰拲拵拸拹拺拻挀挃挄挅挆挊挋挌挍挏挐挒挓挔挕挗挘挙挜挦挧挩挬挭挮挰挱挳",5,"挻挼挾挿捀捁捄捇捈捊捑捒捓捔捖",7,"捠捤捥捦捨捪捫捬捯捰捲捳捴捵捸捹捼捽捾捿掁掃掄掅掆掋掍掑掓掔掕掗掙",6,"採掤掦掫掯掱掲掵掶掹掻掽掿揀"],
-["9340","揁揂揃揅揇揈揊揋揌揑揓揔揕揗",6,"揟揢揤",4,"揫揬揮揯揰揱揳揵揷揹揺揻揼揾搃搄搆",4,"損搎搑搒搕",5,"搝搟搢搣搤"],
-["9380","搥搧搨搩搫搮",5,"搵",4,"搻搼搾摀摂摃摉摋",6,"摓摕摖摗摙",4,"摟",7,"摨摪摫摬摮",9,"摻",6,"撃撆撈",8,"撓撔撗撘撚撛撜撝撟",4,"撥撦撧撨撪撫撯撱撲撳撴撶撹撻撽撾撿擁擃擄擆",6,"擏擑擓擔擕擖擙據"],
-["9440","擛擜擝擟擠擡擣擥擧",24,"攁",7,"攊",7,"攓",4,"攙",8],
-["9480","攢攣攤攦",4,"攬攭攰攱攲攳攷攺攼攽敀",4,"敆敇敊敋敍敎敐敒敓敔敗敘敚敜敟敠敡敤敥敧敨敩敪敭敮敯敱敳敵敶數",14,"斈斉斊斍斎斏斒斔斕斖斘斚斝斞斠斢斣斦斨斪斬斮斱",7,"斺斻斾斿旀旂旇旈旉旊旍旐旑旓旔旕旘",7,"旡旣旤旪旫"],
-["9540","旲旳旴旵旸旹旻",4,"昁昄昅昇昈昉昋昍昐昑昒昖昗昘昚昛昜昞昡昢昣昤昦昩昪昫昬昮昰昲昳昷",4,"昽昿晀時晄",6,"晍晎晐晑晘"],
-["9580","晙晛晜晝晞晠晢晣晥晧晩",4,"晱晲晳晵晸晹晻晼晽晿暀暁暃暅暆暈暉暊暋暍暎暏暐暒暓暔暕暘",4,"暞",8,"暩",4,"暯",4,"暵暶暷暸暺暻暼暽暿",25,"曚曞",7,"曧曨曪",5,"曱曵曶書曺曻曽朁朂會"],
-["9640","朄朅朆朇朌朎朏朑朒朓朖朘朙朚朜朞朠",5,"朧朩朮朰朲朳朶朷朸朹朻朼朾朿杁杄杅杇杊杋杍杒杔杕杗",4,"杝杢杣杤杦杧杫杬杮東杴杶"],
-["9680","杸杹杺杻杽枀枂枃枅枆枈枊枌枍枎枏枑枒枓枔枖枙枛枟枠枡枤枦枩枬枮枱枲枴枹",7,"柂柅",9,"柕柖柗柛柟柡柣柤柦柧柨柪柫柭柮柲柵",7,"柾栁栂栃栄栆栍栐栒栔栕栘",4,"栞栟栠栢",6,"栫",6,"栴栵栶栺栻栿桇桋桍桏桒桖",5],
-["9740","桜桝桞桟桪桬",7,"桵桸",8,"梂梄梇",7,"梐梑梒梔梕梖梘",9,"梣梤梥梩梪梫梬梮梱梲梴梶梷梸"],
-["9780","梹",6,"棁棃",5,"棊棌棎棏棐棑棓棔棖棗棙棛",4,"棡棢棤",9,"棯棲棳棴棶棷棸棻棽棾棿椀椂椃椄椆",4,"椌椏椑椓",11,"椡椢椣椥",7,"椮椯椱椲椳椵椶椷椸椺椻椼椾楀楁楃",16,"楕楖楘楙楛楜楟"],
-["9840","楡楢楤楥楧楨楩楪楬業楯楰楲",4,"楺楻楽楾楿榁榃榅榊榋榌榎",5,"榖榗榙榚榝",9,"榩榪榬榮榯榰榲榳榵榶榸榹榺榼榽"],
-["9880","榾榿槀槂",7,"構槍槏槑槒槓槕",5,"槜槝槞槡",11,"槮槯槰槱槳",9,"槾樀",9,"樋",11,"標",5,"樠樢",5,"権樫樬樭樮樰樲樳樴樶",6,"樿",4,"橅橆橈",7,"橑",6,"橚"],
-["9940","橜",4,"橢橣橤橦",10,"橲",6,"橺橻橽橾橿檁檂檃檅",8,"檏檒",4,"檘",7,"檡",5],
-["9980","檧檨檪檭",114,"欥欦欨",6],
-["9a40","欯欰欱欳欴欵欶欸欻欼欽欿歀歁歂歄歅歈歊歋歍",11,"歚",7,"歨歩歫",13,"歺歽歾歿殀殅殈"],
-["9a80","殌殎殏殐殑殔殕殗殘殙殜",4,"殢",7,"殫",7,"殶殸",6,"毀毃毄毆",4,"毌毎毐毑毘毚毜",4,"毢",7,"毬毭毮毰毱毲毴毶毷毸毺毻毼毾",6,"氈",4,"氎氒気氜氝氞氠氣氥氫氬氭氱氳氶氷氹氺氻氼氾氿汃汄汅汈汋",4,"汑汒汓汖汘"],
-["9b40","汙汚汢汣汥汦汧汫",4,"汱汳汵汷汸決汻汼汿沀沄沇沊沋沍沎沑沒沕沖沗沘沚沜沝沞沠沢沨沬沯沰沴沵沶沷沺泀況泂泃泆泇泈泋泍泎泏泑泒泘"],
-["9b80","泙泚泜泝泟泤泦泧泩泬泭泲泴泹泿洀洂洃洅洆洈洉洊洍洏洐洑洓洔洕洖洘洜洝洟",5,"洦洨洩洬洭洯洰洴洶洷洸洺洿浀浂浄浉浌浐浕浖浗浘浛浝浟浡浢浤浥浧浨浫浬浭浰浱浲浳浵浶浹浺浻浽",4,"涃涄涆涇涊涋涍涏涐涒涖",4,"涜涢涥涬涭涰涱涳涴涶涷涹",5,"淁淂淃淈淉淊"],
-["9c40","淍淎淏淐淒淓淔淕淗淚淛淜淟淢淣淥淧淨淩淪淭淯淰淲淴淵淶淸淺淽",7,"渆渇済渉渋渏渒渓渕渘渙減渜渞渟渢渦渧渨渪測渮渰渱渳渵"],
-["9c80","渶渷渹渻",7,"湅",7,"湏湐湑湒湕湗湙湚湜湝湞湠",10,"湬湭湯",14,"満溁溂溄溇溈溊",4,"溑",6,"溙溚溛溝溞溠溡溣溤溦溨溩溫溬溭溮溰溳溵溸溹溼溾溿滀滃滄滅滆滈滉滊滌滍滎滐滒滖滘滙滛滜滝滣滧滪",5],
-["9d40","滰滱滲滳滵滶滷滸滺",7,"漃漄漅漇漈漊",4,"漐漑漒漖",9,"漡漢漣漥漦漧漨漬漮漰漲漴漵漷",6,"漿潀潁潂"],
-["9d80","潃潄潅潈潉潊潌潎",9,"潙潚潛潝潟潠潡潣潤潥潧",5,"潯潰潱潳潵潶潷潹潻潽",6,"澅澆澇澊澋澏",12,"澝澞澟澠澢",4,"澨",10,"澴澵澷澸澺",5,"濁濃",5,"濊",6,"濓",10,"濟濢濣濤濥"],
-["9e40","濦",7,"濰",32,"瀒",7,"瀜",6,"瀤",6],
-["9e80","瀫",9,"瀶瀷瀸瀺",17,"灍灎灐",13,"灟",11,"灮灱灲灳灴灷灹灺灻災炁炂炃炄炆炇炈炋炌炍炏炐炑炓炗炘炚炛炞",12,"炰炲炴炵炶為炾炿烄烅烆烇烉烋",12,"烚"],
-["9f40","烜烝烞烠烡烢烣烥烪烮烰",6,"烸烺烻烼烾",10,"焋",4,"焑焒焔焗焛",10,"焧",7,"焲焳焴"],
-["9f80","焵焷",13,"煆煇煈煉煋煍煏",12,"煝煟",4,"煥煩",4,"煯煰煱煴煵煶煷煹煻煼煾",5,"熅",4,"熋熌熍熎熐熑熒熓熕熖熗熚",4,"熡",6,"熩熪熫熭",5,"熴熶熷熸熺",8,"燄",9,"燏",4],
-["a040","燖",9,"燡燢燣燤燦燨",5,"燯",9,"燺",11,"爇",19],
-["a080","爛爜爞",9,"爩爫爭爮爯爲爳爴爺爼爾牀",6,"牉牊牋牎牏牐牑牓牔牕牗牘牚牜牞牠牣牤牥牨牪牫牬牭牰牱牳牴牶牷牸牻牼牽犂犃犅",4,"犌犎犐犑犓",11,"犠",11,"犮犱犲犳犵犺",6,"狅狆狇狉狊狋狌狏狑狓狔狕狖狘狚狛"],
-["a1a1","　、。·ˉˇ¨〃々—～‖…‘’“”〔〕〈",7,"〖〗【】±×÷∶∧∨∑∏∪∩∈∷√⊥∥∠⌒⊙∫∮≡≌≈∽∝≠≮≯≤≥∞∵∴♂♀°′″℃＄¤￠￡‰§№☆★○●◎◇◆□■△▲※→←↑↓〓"],
-["a2a1","ⅰ",9],
-["a2b1","⒈",19,"⑴",19,"①",9],
-["a2e5","㈠",9],
-["a2f1","Ⅰ",11],
-["a3a1","！＂＃￥％",88,"￣"],
-["a4a1","ぁ",82],
-["a5a1","ァ",85],
-["a6a1","Α",16,"Σ",6],
-["a6c1","α",16,"σ",6],
-["a6e0","︵︶︹︺︿﹀︽︾﹁﹂﹃﹄"],
-["a6ee","︻︼︷︸︱"],
-["a6f4","︳︴"],
-["a7a1","А",5,"ЁЖ",25],
-["a7d1","а",5,"ёж",25],
-["a840","ˊˋ˙–―‥‵℅℉↖↗↘↙∕∟∣≒≦≧⊿═",35,"▁",6],
-["a880","█",7,"▓▔▕▼▽◢◣◤◥☉⊕〒〝〞"],
-["a8a1","āáǎàēéěèīíǐìōóǒòūúǔùǖǘǚǜüêɑ"],
-["a8bd","ńň"],
-["a8c0","ɡ"],
-["a8c5","ㄅ",36],
-["a940","〡",8,"㊣㎎㎏㎜㎝㎞㎡㏄㏎㏑㏒㏕︰￢￤"],
-["a959","℡㈱"],
-["a95c","‐"],
-["a960","ー゛゜ヽヾ〆ゝゞ﹉",9,"﹔﹕﹖﹗﹙",8],
-["a980","﹢",4,"﹨﹩﹪﹫"],
-["a996","〇"],
-["a9a4","─",75],
-["aa40","狜狝狟狢",5,"狪狫狵狶狹狽狾狿猀猂猄",5,"猋猌猍猏猐猑猒猔猘猙猚猟猠猣猤猦猧猨猭猯猰猲猳猵猶猺猻猼猽獀",8],
-["aa80","獉獊獋獌獎獏獑獓獔獕獖獘",7,"獡",10,"獮獰獱"],
-["ab40","獲",11,"獿",4,"玅玆玈玊玌玍玏玐玒玓玔玕玗玘玙玚玜玝玞玠玡玣",5,"玪玬玭玱玴玵玶玸玹玼玽玾玿珁珃",4],
-["ab80","珋珌珎珒",6,"珚珛珜珝珟珡珢珣珤珦珨珪珫珬珮珯珰珱珳",4],
-["ac40","珸",10,"琄琇琈琋琌琍琎琑",8,"琜",5,"琣琤琧琩琫琭琯琱琲琷",4,"琽琾琿瑀瑂",11],
-["ac80","瑎",6,"瑖瑘瑝瑠",12,"瑮瑯瑱",4,"瑸瑹瑺"],
-["ad40","瑻瑼瑽瑿璂璄璅璆璈璉璊璌璍璏璑",10,"璝璟",7,"璪",15,"璻",12],
-["ad80","瓈",9,"瓓",8,"瓝瓟瓡瓥瓧",6,"瓰瓱瓲"],
-["ae40","瓳瓵瓸",6,"甀甁甂甃甅",7,"甎甐甒甔甕甖甗甛甝甞甠",4,"甦甧甪甮甴甶甹甼甽甿畁畂畃畄畆畇畉畊畍畐畑畒畓畕畖畗畘"],
-["ae80","畝",7,"畧畨畩畫",6,"畳畵當畷畺",4,"疀疁疂疄疅疇"],
-["af40","疈疉疊疌疍疎疐疓疕疘疛疜疞疢疦",4,"疭疶疷疺疻疿痀痁痆痋痌痎痏痐痑痓痗痙痚痜痝痟痠痡痥痩痬痭痮痯痲痳痵痶痷痸痺痻痽痾瘂瘄瘆瘇"],
-["af80","瘈瘉瘋瘍瘎瘏瘑瘒瘓瘔瘖瘚瘜瘝瘞瘡瘣瘧瘨瘬瘮瘯瘱瘲瘶瘷瘹瘺瘻瘽癁療癄"],
-["b040","癅",6,"癎",5,"癕癗",4,"癝癟癠癡癢癤",6,"癬癭癮癰",7,"癹発發癿皀皁皃皅皉皊皌皍皏皐皒皔皕皗皘皚皛"],
-["b080","皜",7,"皥",8,"皯皰皳皵",9,"盀盁盃啊阿埃挨哎唉哀皑癌蔼矮艾碍爱隘鞍氨安俺按暗岸胺案肮昂盎凹敖熬翱袄傲奥懊澳芭捌扒叭吧笆八疤巴拔跋靶把耙坝霸罢爸白柏百摆佰败拜稗斑班搬扳般颁板版扮拌伴瓣半办绊邦帮梆榜膀绑棒磅蚌镑傍谤苞胞包褒剥"],
-["b140","盄盇盉盋盌盓盕盙盚盜盝盞盠",4,"盦",7,"盰盳盵盶盷盺盻盽盿眀眂眃眅眆眊県眎",10,"眛眜眝眞眡眣眤眥眧眪眫"],
-["b180","眬眮眰",4,"眹眻眽眾眿睂睄睅睆睈",7,"睒",7,"睜薄雹保堡饱宝抱报暴豹鲍爆杯碑悲卑北辈背贝钡倍狈备惫焙被奔苯本笨崩绷甭泵蹦迸逼鼻比鄙笔彼碧蓖蔽毕毙毖币庇痹闭敝弊必辟壁臂避陛鞭边编贬扁便变卞辨辩辫遍标彪膘表鳖憋别瘪彬斌濒滨宾摈兵冰柄丙秉饼炳"],
-["b240","睝睞睟睠睤睧睩睪睭",11,"睺睻睼瞁瞂瞃瞆",5,"瞏瞐瞓",11,"瞡瞣瞤瞦瞨瞫瞭瞮瞯瞱瞲瞴瞶",4],
-["b280","瞼瞾矀",12,"矎",8,"矘矙矚矝",4,"矤病并玻菠播拨钵波博勃搏铂箔伯帛舶脖膊渤泊驳捕卜哺补埠不布步簿部怖擦猜裁材才财睬踩采彩菜蔡餐参蚕残惭惨灿苍舱仓沧藏操糙槽曹草厕策侧册测层蹭插叉茬茶查碴搽察岔差诧拆柴豺搀掺蝉馋谗缠铲产阐颤昌猖"],
-["b340","矦矨矪矯矰矱矲矴矵矷矹矺矻矼砃",5,"砊砋砎砏砐砓砕砙砛砞砠砡砢砤砨砪砫砮砯砱砲砳砵砶砽砿硁硂硃硄硆硈硉硊硋硍硏硑硓硔硘硙硚"],
-["b380","硛硜硞",11,"硯",7,"硸硹硺硻硽",6,"场尝常长偿肠厂敞畅唱倡超抄钞朝嘲潮巢吵炒车扯撤掣彻澈郴臣辰尘晨忱沉陈趁衬撑称城橙成呈乘程惩澄诚承逞骋秤吃痴持匙池迟弛驰耻齿侈尺赤翅斥炽充冲虫崇宠抽酬畴踌稠愁筹仇绸瞅丑臭初出橱厨躇锄雏滁除楚"],
-["b440","碄碅碆碈碊碋碏碐碒碔碕碖碙碝碞碠碢碤碦碨",7,"碵碶碷碸確碻碼碽碿磀磂磃磄磆磇磈磌磍磎磏磑磒磓磖磗磘磚",9],
-["b480","磤磥磦磧磩磪磫磭",4,"磳磵磶磸磹磻",5,"礂礃礄礆",6,"础储矗搐触处揣川穿椽传船喘串疮窗幢床闯创吹炊捶锤垂春椿醇唇淳纯蠢戳绰疵茨磁雌辞慈瓷词此刺赐次聪葱囱匆从丛凑粗醋簇促蹿篡窜摧崔催脆瘁粹淬翠村存寸磋撮搓措挫错搭达答瘩打大呆歹傣戴带殆代贷袋待逮"],
-["b540","礍",5,"礔",9,"礟",4,"礥",14,"礵",4,"礽礿祂祃祄祅祇祊",8,"祔祕祘祙祡祣"],
-["b580","祤祦祩祪祫祬祮祰",6,"祹祻",4,"禂禃禆禇禈禉禋禌禍禎禐禑禒怠耽担丹单郸掸胆旦氮但惮淡诞弹蛋当挡党荡档刀捣蹈倒岛祷导到稻悼道盗德得的蹬灯登等瞪凳邓堤低滴迪敌笛狄涤翟嫡抵底地蒂第帝弟递缔颠掂滇碘点典靛垫电佃甸店惦奠淀殿碉叼雕凋刁掉吊钓调跌爹碟蝶迭谍叠"],
-["b640","禓",6,"禛",11,"禨",10,"禴",4,"禼禿秂秄秅秇秈秊秌秎秏秐秓秔秖秗秙",5,"秠秡秢秥秨秪"],
-["b680","秬秮秱",6,"秹秺秼秾秿稁稄稅稇稈稉稊稌稏",4,"稕稖稘稙稛稜丁盯叮钉顶鼎锭定订丢东冬董懂动栋侗恫冻洞兜抖斗陡豆逗痘都督毒犊独读堵睹赌杜镀肚度渡妒端短锻段断缎堆兑队对墩吨蹲敦顿囤钝盾遁掇哆多夺垛躲朵跺舵剁惰堕蛾峨鹅俄额讹娥恶厄扼遏鄂饿恩而儿耳尔饵洱二"],
-["b740","稝稟稡稢稤",14,"稴稵稶稸稺稾穀",5,"穇",9,"穒",4,"穘",16],
-["b780","穩",6,"穱穲穳穵穻穼穽穾窂窅窇窉窊窋窌窎窏窐窓窔窙窚窛窞窡窢贰发罚筏伐乏阀法珐藩帆番翻樊矾钒繁凡烦反返范贩犯饭泛坊芳方肪房防妨仿访纺放菲非啡飞肥匪诽吠肺废沸费芬酚吩氛分纷坟焚汾粉奋份忿愤粪丰封枫蜂峰锋风疯烽逢冯缝讽奉凤佛否夫敷肤孵扶拂辐幅氟符伏俘服"],
-["b840","窣窤窧窩窪窫窮",4,"窴",10,"竀",10,"竌",9,"竗竘竚竛竜竝竡竢竤竧",5,"竮竰竱竲竳"],
-["b880","竴",4,"竻竼竾笀笁笂笅笇笉笌笍笎笐笒笓笖笗笘笚笜笝笟笡笢笣笧笩笭浮涪福袱弗甫抚辅俯釜斧脯腑府腐赴副覆赋复傅付阜父腹负富讣附妇缚咐噶嘎该改概钙盖溉干甘杆柑竿肝赶感秆敢赣冈刚钢缸肛纲岗港杠篙皋高膏羔糕搞镐稿告哥歌搁戈鸽胳疙割革葛格蛤阁隔铬个各给根跟耕更庚羹"],
-["b940","笯笰笲笴笵笶笷笹笻笽笿",5,"筆筈筊筍筎筓筕筗筙筜筞筟筡筣",10,"筯筰筳筴筶筸筺筼筽筿箁箂箃箄箆",6,"箎箏"],
-["b980","箑箒箓箖箘箙箚箛箞箟箠箣箤箥箮箯箰箲箳箵箶箷箹",7,"篂篃範埂耿梗工攻功恭龚供躬公宫弓巩汞拱贡共钩勾沟苟狗垢构购够辜菇咕箍估沽孤姑鼓古蛊骨谷股故顾固雇刮瓜剐寡挂褂乖拐怪棺关官冠观管馆罐惯灌贯光广逛瑰规圭硅归龟闺轨鬼诡癸桂柜跪贵刽辊滚棍锅郭国果裹过哈"],
-["ba40","篅篈築篊篋篍篎篏篐篒篔",4,"篛篜篞篟篠篢篣篤篧篨篩篫篬篭篯篰篲",4,"篸篹篺篻篽篿",7,"簈簉簊簍簎簐",5,"簗簘簙"],
-["ba80","簚",4,"簠",5,"簨簩簫",12,"簹",5,"籂骸孩海氦亥害骇酣憨邯韩含涵寒函喊罕翰撼捍旱憾悍焊汗汉夯杭航壕嚎豪毫郝好耗号浩呵喝荷菏核禾和何合盒貉阂河涸赫褐鹤贺嘿黑痕很狠恨哼亨横衡恒轰哄烘虹鸿洪宏弘红喉侯猴吼厚候后呼乎忽瑚壶葫胡蝴狐糊湖"],
-["bb40","籃",9,"籎",36,"籵",5,"籾",9],
-["bb80","粈粊",6,"粓粔粖粙粚粛粠粡粣粦粧粨粩粫粬粭粯粰粴",4,"粺粻弧虎唬护互沪户花哗华猾滑画划化话槐徊怀淮坏欢环桓还缓换患唤痪豢焕涣宦幻荒慌黄磺蝗簧皇凰惶煌晃幌恍谎灰挥辉徽恢蛔回毁悔慧卉惠晦贿秽会烩汇讳诲绘荤昏婚魂浑混豁活伙火获或惑霍货祸击圾基机畸稽积箕"],
-["bc40","粿糀糂糃糄糆糉糋糎",6,"糘糚糛糝糞糡",6,"糩",5,"糰",7,"糹糺糼",13,"紋",5],
-["bc80","紑",14,"紡紣紤紥紦紨紩紪紬紭紮細",6,"肌饥迹激讥鸡姬绩缉吉极棘辑籍集及急疾汲即嫉级挤几脊己蓟技冀季伎祭剂悸济寄寂计记既忌际妓继纪嘉枷夹佳家加荚颊贾甲钾假稼价架驾嫁歼监坚尖笺间煎兼肩艰奸缄茧检柬碱硷拣捡简俭剪减荐槛鉴践贱见键箭件"],
-["bd40","紷",54,"絯",7],
-["bd80","絸",32,"健舰剑饯渐溅涧建僵姜将浆江疆蒋桨奖讲匠酱降蕉椒礁焦胶交郊浇骄娇嚼搅铰矫侥脚狡角饺缴绞剿教酵轿较叫窖揭接皆秸街阶截劫节桔杰捷睫竭洁结解姐戒藉芥界借介疥诫届巾筋斤金今津襟紧锦仅谨进靳晋禁近烬浸"],
-["be40","継",12,"綧",6,"綯",42],
-["be80","線",32,"尽劲荆兢茎睛晶鲸京惊精粳经井警景颈静境敬镜径痉靖竟竞净炯窘揪究纠玖韭久灸九酒厩救旧臼舅咎就疚鞠拘狙疽居驹菊局咀矩举沮聚拒据巨具距踞锯俱句惧炬剧捐鹃娟倦眷卷绢撅攫抉掘倔爵觉决诀绝均菌钧军君峻"],
-["bf40","緻",62],
-["bf80","縺縼",4,"繂",4,"繈",21,"俊竣浚郡骏喀咖卡咯开揩楷凯慨刊堪勘坎砍看康慷糠扛抗亢炕考拷烤靠坷苛柯棵磕颗科壳咳可渴克刻客课肯啃垦恳坑吭空恐孔控抠口扣寇枯哭窟苦酷库裤夸垮挎跨胯块筷侩快宽款匡筐狂框矿眶旷况亏盔岿窥葵奎魁傀"],
-["c040","繞",35,"纃",23,"纜纝纞"],
-["c080","纮纴纻纼绖绤绬绹缊缐缞缷缹缻",6,"罃罆",9,"罒罓馈愧溃坤昆捆困括扩廓阔垃拉喇蜡腊辣啦莱来赖蓝婪栏拦篮阑兰澜谰揽览懒缆烂滥琅榔狼廊郎朗浪捞劳牢老佬姥酪烙涝勒乐雷镭蕾磊累儡垒擂肋类泪棱楞冷厘梨犁黎篱狸离漓理李里鲤礼莉荔吏栗丽厉励砾历利傈例俐"],
-["c140","罖罙罛罜罝罞罠罣",4,"罫罬罭罯罰罳罵罶罷罸罺罻罼罽罿羀羂",7,"羋羍羏",4,"羕",4,"羛羜羠羢羣羥羦羨",6,"羱"],
-["c180","羳",4,"羺羻羾翀翂翃翄翆翇翈翉翋翍翏",4,"翖翗翙",5,"翢翣痢立粒沥隶力璃哩俩联莲连镰廉怜涟帘敛脸链恋炼练粮凉梁粱良两辆量晾亮谅撩聊僚疗燎寥辽潦了撂镣廖料列裂烈劣猎琳林磷霖临邻鳞淋凛赁吝拎玲菱零龄铃伶羚凌灵陵岭领另令溜琉榴硫馏留刘瘤流柳六龙聋咙笼窿"],
-["c240","翤翧翨翪翫翬翭翯翲翴",6,"翽翾翿耂耇耈耉耊耎耏耑耓耚耛耝耞耟耡耣耤耫",5,"耲耴耹耺耼耾聀聁聄聅聇聈聉聎聏聐聑聓聕聖聗"],
-["c280","聙聛",13,"聫",5,"聲",11,"隆垄拢陇楼娄搂篓漏陋芦卢颅庐炉掳卤虏鲁麓碌露路赂鹿潞禄录陆戮驴吕铝侣旅履屡缕虑氯律率滤绿峦挛孪滦卵乱掠略抡轮伦仑沦纶论萝螺罗逻锣箩骡裸落洛骆络妈麻玛码蚂马骂嘛吗埋买麦卖迈脉瞒馒蛮满蔓曼慢漫"],
-["c340","聾肁肂肅肈肊肍",5,"肔肕肗肙肞肣肦肧肨肬肰肳肵肶肸肹肻胅胇",4,"胏",6,"胘胟胠胢胣胦胮胵胷胹胻胾胿脀脁脃脄脅脇脈脋"],
-["c380","脌脕脗脙脛脜脝脟",12,"脭脮脰脳脴脵脷脹",4,"脿谩芒茫盲氓忙莽猫茅锚毛矛铆卯茂冒帽貌贸么玫枚梅酶霉煤没眉媒镁每美昧寐妹媚门闷们萌蒙檬盟锰猛梦孟眯醚靡糜迷谜弥米秘觅泌蜜密幂棉眠绵冕免勉娩缅面苗描瞄藐秒渺庙妙蔑灭民抿皿敏悯闽明螟鸣铭名命谬摸"],
-["c440","腀",5,"腇腉腍腎腏腒腖腗腘腛",4,"腡腢腣腤腦腨腪腫腬腯腲腳腵腶腷腸膁膃",4,"膉膋膌膍膎膐膒",5,"膙膚膞",4,"膤膥"],
-["c480","膧膩膫",7,"膴",5,"膼膽膾膿臄臅臇臈臉臋臍",6,"摹蘑模膜磨摩魔抹末莫墨默沫漠寞陌谋牟某拇牡亩姆母墓暮幕募慕木目睦牧穆拿哪呐钠那娜纳氖乃奶耐奈南男难囊挠脑恼闹淖呢馁内嫩能妮霓倪泥尼拟你匿腻逆溺蔫拈年碾撵捻念娘酿鸟尿捏聂孽啮镊镍涅您柠狞凝宁"],
-["c540","臔",14,"臤臥臦臨臩臫臮",4,"臵",5,"臽臿舃與",4,"舎舏舑舓舕",5,"舝舠舤舥舦舧舩舮舲舺舼舽舿"],
-["c580","艀艁艂艃艅艆艈艊艌艍艎艐",7,"艙艛艜艝艞艠",7,"艩拧泞牛扭钮纽脓浓农弄奴努怒女暖虐疟挪懦糯诺哦欧鸥殴藕呕偶沤啪趴爬帕怕琶拍排牌徘湃派攀潘盘磐盼畔判叛乓庞旁耪胖抛咆刨炮袍跑泡呸胚培裴赔陪配佩沛喷盆砰抨烹澎彭蓬棚硼篷膨朋鹏捧碰坯砒霹批披劈琵毗"],
-["c640","艪艫艬艭艱艵艶艷艸艻艼芀芁芃芅芆芇芉芌芐芓芔芕芖芚芛芞芠芢芣芧芲芵芶芺芻芼芿苀苂苃苅苆苉苐苖苙苚苝苢苧苨苩苪苬苭苮苰苲苳苵苶苸"],
-["c680","苺苼",4,"茊茋茍茐茒茓茖茘茙茝",9,"茩茪茮茰茲茷茻茽啤脾疲皮匹痞僻屁譬篇偏片骗飘漂瓢票撇瞥拼频贫品聘乒坪苹萍平凭瓶评屏坡泼颇婆破魄迫粕剖扑铺仆莆葡菩蒲埔朴圃普浦谱曝瀑期欺栖戚妻七凄漆柒沏其棋奇歧畦崎脐齐旗祈祁骑起岂乞企启契砌器气迄弃汽泣讫掐"],
-["c740","茾茿荁荂荄荅荈荊",4,"荓荕",4,"荝荢荰",6,"荹荺荾",6,"莇莈莊莋莌莍莏莐莑莔莕莖莗莙莚莝莟莡",6,"莬莭莮"],
-["c780","莯莵莻莾莿菂菃菄菆菈菉菋菍菎菐菑菒菓菕菗菙菚菛菞菢菣菤菦菧菨菫菬菭恰洽牵扦钎铅千迁签仟谦乾黔钱钳前潜遣浅谴堑嵌欠歉枪呛腔羌墙蔷强抢橇锹敲悄桥瞧乔侨巧鞘撬翘峭俏窍切茄且怯窃钦侵亲秦琴勤芹擒禽寝沁青轻氢倾卿清擎晴氰情顷请庆琼穷秋丘邱球求囚酋泅趋区蛆曲躯屈驱渠"],
-["c840","菮華菳",4,"菺菻菼菾菿萀萂萅萇萈萉萊萐萒",5,"萙萚萛萞",5,"萩",7,"萲",5,"萹萺萻萾",7,"葇葈葉"],
-["c880","葊",6,"葒",4,"葘葝葞葟葠葢葤",4,"葪葮葯葰葲葴葷葹葻葼取娶龋趣去圈颧权醛泉全痊拳犬券劝缺炔瘸却鹊榷确雀裙群然燃冉染瓤壤攘嚷让饶扰绕惹热壬仁人忍韧任认刃妊纫扔仍日戎茸蓉荣融熔溶容绒冗揉柔肉茹蠕儒孺如辱乳汝入褥软阮蕊瑞锐闰润若弱撒洒萨腮鳃塞赛三叁"],
-["c940","葽",4,"蒃蒄蒅蒆蒊蒍蒏",7,"蒘蒚蒛蒝蒞蒟蒠蒢",12,"蒰蒱蒳蒵蒶蒷蒻蒼蒾蓀蓂蓃蓅蓆蓇蓈蓋蓌蓎蓏蓒蓔蓕蓗"],
-["c980","蓘",4,"蓞蓡蓢蓤蓧",4,"蓭蓮蓯蓱",10,"蓽蓾蔀蔁蔂伞散桑嗓丧搔骚扫嫂瑟色涩森僧莎砂杀刹沙纱傻啥煞筛晒珊苫杉山删煽衫闪陕擅赡膳善汕扇缮墒伤商赏晌上尚裳梢捎稍烧芍勺韶少哨邵绍奢赊蛇舌舍赦摄射慑涉社设砷申呻伸身深娠绅神沈审婶甚肾慎渗声生甥牲升绳"],
-["ca40","蔃",8,"蔍蔎蔏蔐蔒蔔蔕蔖蔘蔙蔛蔜蔝蔞蔠蔢",8,"蔭",9,"蔾",4,"蕄蕅蕆蕇蕋",10],
-["ca80","蕗蕘蕚蕛蕜蕝蕟",4,"蕥蕦蕧蕩",8,"蕳蕵蕶蕷蕸蕼蕽蕿薀薁省盛剩胜圣师失狮施湿诗尸虱十石拾时什食蚀实识史矢使屎驶始式示士世柿事拭誓逝势是嗜噬适仕侍释饰氏市恃室视试收手首守寿授售受瘦兽蔬枢梳殊抒输叔舒淑疏书赎孰熟薯暑曙署蜀黍鼠属术述树束戍竖墅庶数漱"],
-["cb40","薂薃薆薈",6,"薐",10,"薝",6,"薥薦薧薩薫薬薭薱",5,"薸薺",6,"藂",6,"藊",4,"藑藒"],
-["cb80","藔藖",5,"藝",6,"藥藦藧藨藪",14,"恕刷耍摔衰甩帅栓拴霜双爽谁水睡税吮瞬顺舜说硕朔烁斯撕嘶思私司丝死肆寺嗣四伺似饲巳松耸怂颂送宋讼诵搜艘擞嗽苏酥俗素速粟僳塑溯宿诉肃酸蒜算虽隋随绥髓碎岁穗遂隧祟孙损笋蓑梭唆缩琐索锁所塌他它她塔"],
-["cc40","藹藺藼藽藾蘀",4,"蘆",10,"蘒蘓蘔蘕蘗",15,"蘨蘪",13,"蘹蘺蘻蘽蘾蘿虀"],
-["cc80","虁",11,"虒虓處",4,"虛虜虝號虠虡虣",7,"獭挞蹋踏胎苔抬台泰酞太态汰坍摊贪瘫滩坛檀痰潭谭谈坦毯袒碳探叹炭汤塘搪堂棠膛唐糖倘躺淌趟烫掏涛滔绦萄桃逃淘陶讨套特藤腾疼誊梯剔踢锑提题蹄啼体替嚏惕涕剃屉天添填田甜恬舔腆挑条迢眺跳贴铁帖厅听烃"],
-["cd40","虭虯虰虲",6,"蚃",6,"蚎",4,"蚔蚖",5,"蚞",4,"蚥蚦蚫蚭蚮蚲蚳蚷蚸蚹蚻",4,"蛁蛂蛃蛅蛈蛌蛍蛒蛓蛕蛖蛗蛚蛜"],
-["cd80","蛝蛠蛡蛢蛣蛥蛦蛧蛨蛪蛫蛬蛯蛵蛶蛷蛺蛻蛼蛽蛿蜁蜄蜅蜆蜋蜌蜎蜏蜐蜑蜔蜖汀廷停亭庭挺艇通桐酮瞳同铜彤童桶捅筒统痛偷投头透凸秃突图徒途涂屠土吐兔湍团推颓腿蜕褪退吞屯臀拖托脱鸵陀驮驼椭妥拓唾挖哇蛙洼娃瓦袜歪外豌弯湾玩顽丸烷完碗挽晚皖惋宛婉万腕汪王亡枉网往旺望忘妄威"],
-["ce40","蜙蜛蜝蜟蜠蜤蜦蜧蜨蜪蜫蜬蜭蜯蜰蜲蜳蜵蜶蜸蜹蜺蜼蜽蝀",6,"蝊蝋蝍蝏蝐蝑蝒蝔蝕蝖蝘蝚",5,"蝡蝢蝦",7,"蝯蝱蝲蝳蝵"],
-["ce80","蝷蝸蝹蝺蝿螀螁螄螆螇螉螊螌螎",4,"螔螕螖螘",6,"螠",4,"巍微危韦违桅围唯惟为潍维苇萎委伟伪尾纬未蔚味畏胃喂魏位渭谓尉慰卫瘟温蚊文闻纹吻稳紊问嗡翁瓮挝蜗涡窝我斡卧握沃巫呜钨乌污诬屋无芜梧吾吴毋武五捂午舞伍侮坞戊雾晤物勿务悟误昔熙析西硒矽晰嘻吸锡牺"],
-["cf40","螥螦螧螩螪螮螰螱螲螴螶螷螸螹螻螼螾螿蟁",4,"蟇蟈蟉蟌",4,"蟔",6,"蟜蟝蟞蟟蟡蟢蟣蟤蟦蟧蟨蟩蟫蟬蟭蟯",9],
-["cf80","蟺蟻蟼蟽蟿蠀蠁蠂蠄",5,"蠋",7,"蠔蠗蠘蠙蠚蠜",4,"蠣稀息希悉膝夕惜熄烯溪汐犀檄袭席习媳喜铣洗系隙戏细瞎虾匣霞辖暇峡侠狭下厦夏吓掀锨先仙鲜纤咸贤衔舷闲涎弦嫌显险现献县腺馅羡宪陷限线相厢镶香箱襄湘乡翔祥详想响享项巷橡像向象萧硝霄削哮嚣销消宵淆晓"],
-["d040","蠤",13,"蠳",5,"蠺蠻蠽蠾蠿衁衂衃衆",5,"衎",5,"衕衖衘衚",6,"衦衧衪衭衯衱衳衴衵衶衸衹衺"],
-["d080","衻衼袀袃袆袇袉袊袌袎袏袐袑袓袔袕袗",4,"袝",4,"袣袥",5,"小孝校肖啸笑效楔些歇蝎鞋协挟携邪斜胁谐写械卸蟹懈泄泻谢屑薪芯锌欣辛新忻心信衅星腥猩惺兴刑型形邢行醒幸杏性姓兄凶胸匈汹雄熊休修羞朽嗅锈秀袖绣墟戌需虚嘘须徐许蓄酗叙旭序畜恤絮婿绪续轩喧宣悬旋玄"],
-["d140","袬袮袯袰袲",4,"袸袹袺袻袽袾袿裀裃裄裇裈裊裋裌裍裏裐裑裓裖裗裚",4,"裠裡裦裧裩",6,"裲裵裶裷裺裻製裿褀褁褃",5],
-["d180","褉褋",4,"褑褔",4,"褜",4,"褢褣褤褦褧褨褩褬褭褮褯褱褲褳褵褷选癣眩绚靴薛学穴雪血勋熏循旬询寻驯巡殉汛训讯逊迅压押鸦鸭呀丫芽牙蚜崖衙涯雅哑亚讶焉咽阉烟淹盐严研蜒岩延言颜阎炎沿奄掩眼衍演艳堰燕厌砚雁唁彦焰宴谚验殃央鸯秧杨扬佯疡羊洋阳氧仰痒养样漾邀腰妖瑶"],
-["d240","褸",8,"襂襃襅",24,"襠",5,"襧",19,"襼"],
-["d280","襽襾覀覂覄覅覇",26,"摇尧遥窑谣姚咬舀药要耀椰噎耶爷野冶也页掖业叶曳腋夜液一壹医揖铱依伊衣颐夷遗移仪胰疑沂宜姨彝椅蚁倚已乙矣以艺抑易邑屹亿役臆逸肄疫亦裔意毅忆义益溢诣议谊译异翼翌绎茵荫因殷音阴姻吟银淫寅饮尹引隐"],
-["d340","覢",30,"觃觍觓觔觕觗觘觙觛觝觟觠觡觢觤觧觨觩觪觬觭觮觰觱觲觴",6],
-["d380","觻",4,"訁",5,"計",21,"印英樱婴鹰应缨莹萤营荧蝇迎赢盈影颖硬映哟拥佣臃痈庸雍踊蛹咏泳涌永恿勇用幽优悠忧尤由邮铀犹油游酉有友右佑釉诱又幼迂淤于盂榆虞愚舆余俞逾鱼愉渝渔隅予娱雨与屿禹宇语羽玉域芋郁吁遇喻峪御愈欲狱育誉"],
-["d440","訞",31,"訿",8,"詉",21],
-["d480","詟",25,"詺",6,"浴寓裕预豫驭鸳渊冤元垣袁原援辕园员圆猿源缘远苑愿怨院曰约越跃钥岳粤月悦阅耘云郧匀陨允运蕴酝晕韵孕匝砸杂栽哉灾宰载再在咱攒暂赞赃脏葬遭糟凿藻枣早澡蚤躁噪造皂灶燥责择则泽贼怎增憎曾赠扎喳渣札轧"],
-["d540","誁",7,"誋",7,"誔",46],
-["d580","諃",32,"铡闸眨栅榨咋乍炸诈摘斋宅窄债寨瞻毡詹粘沾盏斩辗崭展蘸栈占战站湛绽樟章彰漳张掌涨杖丈帐账仗胀瘴障招昭找沼赵照罩兆肇召遮折哲蛰辙者锗蔗这浙珍斟真甄砧臻贞针侦枕疹诊震振镇阵蒸挣睁征狰争怔整拯正政"],
-["d640","諤",34,"謈",27],
-["d680","謤謥謧",30,"帧症郑证芝枝支吱蜘知肢脂汁之织职直植殖执值侄址指止趾只旨纸志挚掷至致置帜峙制智秩稚质炙痔滞治窒中盅忠钟衷终种肿重仲众舟周州洲诌粥轴肘帚咒皱宙昼骤珠株蛛朱猪诸诛逐竹烛煮拄瞩嘱主著柱助蛀贮铸筑"],
-["d740","譆",31,"譧",4,"譭",25],
-["d780","讇",24,"讬讱讻诇诐诪谉谞住注祝驻抓爪拽专砖转撰赚篆桩庄装妆撞壮状椎锥追赘坠缀谆准捉拙卓桌琢茁酌啄着灼浊兹咨资姿滋淄孜紫仔籽滓子自渍字鬃棕踪宗综总纵邹走奏揍租足卒族祖诅阻组钻纂嘴醉最罪尊遵昨左佐柞做作坐座"],
-["d840","谸",8,"豂豃豄豅豈豊豋豍",7,"豖豗豘豙豛",5,"豣",6,"豬",6,"豴豵豶豷豻",6,"貃貄貆貇"],
-["d880","貈貋貍",6,"貕貖貗貙",20,"亍丌兀丐廿卅丕亘丞鬲孬噩丨禺丿匕乇夭爻卮氐囟胤馗毓睾鼗丶亟鼐乜乩亓芈孛啬嘏仄厍厝厣厥厮靥赝匚叵匦匮匾赜卦卣刂刈刎刭刳刿剀剌剞剡剜蒯剽劂劁劐劓冂罔亻仃仉仂仨仡仫仞伛仳伢佤仵伥伧伉伫佞佧攸佚佝"],
-["d940","貮",62],
-["d980","賭",32,"佟佗伲伽佶佴侑侉侃侏佾佻侪佼侬侔俦俨俪俅俚俣俜俑俟俸倩偌俳倬倏倮倭俾倜倌倥倨偾偃偕偈偎偬偻傥傧傩傺僖儆僭僬僦僮儇儋仝氽佘佥俎龠汆籴兮巽黉馘冁夔勹匍訇匐凫夙兕亠兖亳衮袤亵脔裒禀嬴蠃羸冫冱冽冼"],
-["da40","贎",14,"贠赑赒赗赟赥赨赩赪赬赮赯赱赲赸",8,"趂趃趆趇趈趉趌",4,"趒趓趕",9,"趠趡"],
-["da80","趢趤",12,"趲趶趷趹趻趽跀跁跂跅跇跈跉跊跍跐跒跓跔凇冖冢冥讠讦讧讪讴讵讷诂诃诋诏诎诒诓诔诖诘诙诜诟诠诤诨诩诮诰诳诶诹诼诿谀谂谄谇谌谏谑谒谔谕谖谙谛谘谝谟谠谡谥谧谪谫谮谯谲谳谵谶卩卺阝阢阡阱阪阽阼陂陉陔陟陧陬陲陴隈隍隗隰邗邛邝邙邬邡邴邳邶邺"],
-["db40","跕跘跙跜跠跡跢跥跦跧跩跭跮跰跱跲跴跶跼跾",6,"踆踇踈踋踍踎踐踑踒踓踕",7,"踠踡踤",4,"踫踭踰踲踳踴踶踷踸踻踼踾"],
-["db80","踿蹃蹅蹆蹌",4,"蹓",5,"蹚",11,"蹧蹨蹪蹫蹮蹱邸邰郏郅邾郐郄郇郓郦郢郜郗郛郫郯郾鄄鄢鄞鄣鄱鄯鄹酃酆刍奂劢劬劭劾哿勐勖勰叟燮矍廴凵凼鬯厶弁畚巯坌垩垡塾墼壅壑圩圬圪圳圹圮圯坜圻坂坩垅坫垆坼坻坨坭坶坳垭垤垌垲埏垧垴垓垠埕埘埚埙埒垸埴埯埸埤埝"],
-["dc40","蹳蹵蹷",4,"蹽蹾躀躂躃躄躆躈",6,"躑躒躓躕",6,"躝躟",11,"躭躮躰躱躳",6,"躻",7],
-["dc80","軃",10,"軏",21,"堋堍埽埭堀堞堙塄堠塥塬墁墉墚墀馨鼙懿艹艽艿芏芊芨芄芎芑芗芙芫芸芾芰苈苊苣芘芷芮苋苌苁芩芴芡芪芟苄苎芤苡茉苷苤茏茇苜苴苒苘茌苻苓茑茚茆茔茕苠苕茜荑荛荜茈莒茼茴茱莛荞茯荏荇荃荟荀茗荠茭茺茳荦荥"],
-["dd40","軥",62],
-["dd80","輤",32,"荨茛荩荬荪荭荮莰荸莳莴莠莪莓莜莅荼莶莩荽莸荻莘莞莨莺莼菁萁菥菘堇萘萋菝菽菖萜萸萑萆菔菟萏萃菸菹菪菅菀萦菰菡葜葑葚葙葳蒇蒈葺蒉葸萼葆葩葶蒌蒎萱葭蓁蓍蓐蓦蒽蓓蓊蒿蒺蓠蒡蒹蒴蒗蓥蓣蔌甍蔸蓰蔹蔟蔺"],
-["de40","轅",32,"轪辀辌辒辝辠辡辢辤辥辦辧辪辬辭辮辯農辳辴辵辷辸辺辻込辿迀迃迆"],
-["de80","迉",4,"迏迒迖迗迚迠迡迣迧迬迯迱迲迴迵迶迺迻迼迾迿逇逈逌逎逓逕逘蕖蔻蓿蓼蕙蕈蕨蕤蕞蕺瞢蕃蕲蕻薤薨薇薏蕹薮薜薅薹薷薰藓藁藜藿蘧蘅蘩蘖蘼廾弈夼奁耷奕奚奘匏尢尥尬尴扌扪抟抻拊拚拗拮挢拶挹捋捃掭揶捱捺掎掴捭掬掊捩掮掼揲揸揠揿揄揞揎摒揆掾摅摁搋搛搠搌搦搡摞撄摭撖"],
-["df40","這逜連逤逥逧",5,"逰",4,"逷逹逺逽逿遀遃遅遆遈",4,"過達違遖遙遚遜",5,"遤遦遧適遪遫遬遯",4,"遶",6,"遾邁"],
-["df80","還邅邆邇邉邊邌",4,"邒邔邖邘邚邜邞邟邠邤邥邧邨邩邫邭邲邷邼邽邿郀摺撷撸撙撺擀擐擗擤擢攉攥攮弋忒甙弑卟叱叽叩叨叻吒吖吆呋呒呓呔呖呃吡呗呙吣吲咂咔呷呱呤咚咛咄呶呦咝哐咭哂咴哒咧咦哓哔呲咣哕咻咿哌哙哚哜咩咪咤哝哏哞唛哧唠哽唔哳唢唣唏唑唧唪啧喏喵啉啭啁啕唿啐唼"],
-["e040","郂郃郆郈郉郋郌郍郒郔郕郖郘郙郚郞郟郠郣郤郥郩郪郬郮郰郱郲郳郵郶郷郹郺郻郼郿鄀鄁鄃鄅",19,"鄚鄛鄜"],
-["e080","鄝鄟鄠鄡鄤",10,"鄰鄲",6,"鄺",8,"酄唷啖啵啶啷唳唰啜喋嗒喃喱喹喈喁喟啾嗖喑啻嗟喽喾喔喙嗪嗷嗉嘟嗑嗫嗬嗔嗦嗝嗄嗯嗥嗲嗳嗌嗍嗨嗵嗤辔嘞嘈嘌嘁嘤嘣嗾嘀嘧嘭噘嘹噗嘬噍噢噙噜噌噔嚆噤噱噫噻噼嚅嚓嚯囔囗囝囡囵囫囹囿圄圊圉圜帏帙帔帑帱帻帼"],
-["e140","酅酇酈酑酓酔酕酖酘酙酛酜酟酠酦酧酨酫酭酳酺酻酼醀",4,"醆醈醊醎醏醓",6,"醜",5,"醤",5,"醫醬醰醱醲醳醶醷醸醹醻"],
-["e180","醼",10,"釈釋釐釒",9,"針",8,"帷幄幔幛幞幡岌屺岍岐岖岈岘岙岑岚岜岵岢岽岬岫岱岣峁岷峄峒峤峋峥崂崃崧崦崮崤崞崆崛嵘崾崴崽嵬嵛嵯嵝嵫嵋嵊嵩嵴嶂嶙嶝豳嶷巅彳彷徂徇徉後徕徙徜徨徭徵徼衢彡犭犰犴犷犸狃狁狎狍狒狨狯狩狲狴狷猁狳猃狺"],
-["e240","釦",62],
-["e280","鈥",32,"狻猗猓猡猊猞猝猕猢猹猥猬猸猱獐獍獗獠獬獯獾舛夥飧夤夂饣饧",5,"饴饷饽馀馄馇馊馍馐馑馓馔馕庀庑庋庖庥庠庹庵庾庳赓廒廑廛廨廪膺忄忉忖忏怃忮怄忡忤忾怅怆忪忭忸怙怵怦怛怏怍怩怫怊怿怡恸恹恻恺恂"],
-["e340","鉆",45,"鉵",16],
-["e380","銆",7,"銏",24,"恪恽悖悚悭悝悃悒悌悛惬悻悱惝惘惆惚悴愠愦愕愣惴愀愎愫慊慵憬憔憧憷懔懵忝隳闩闫闱闳闵闶闼闾阃阄阆阈阊阋阌阍阏阒阕阖阗阙阚丬爿戕氵汔汜汊沣沅沐沔沌汨汩汴汶沆沩泐泔沭泷泸泱泗沲泠泖泺泫泮沱泓泯泾"],
-["e440","銨",5,"銯",24,"鋉",31],
-["e480","鋩",32,"洹洧洌浃浈洇洄洙洎洫浍洮洵洚浏浒浔洳涑浯涞涠浞涓涔浜浠浼浣渚淇淅淞渎涿淠渑淦淝淙渖涫渌涮渫湮湎湫溲湟溆湓湔渲渥湄滟溱溘滠漭滢溥溧溽溻溷滗溴滏溏滂溟潢潆潇漤漕滹漯漶潋潴漪漉漩澉澍澌潸潲潼潺濑"],
-["e540","錊",51,"錿",10],
-["e580","鍊",31,"鍫濉澧澹澶濂濡濮濞濠濯瀚瀣瀛瀹瀵灏灞宀宄宕宓宥宸甯骞搴寤寮褰寰蹇謇辶迓迕迥迮迤迩迦迳迨逅逄逋逦逑逍逖逡逵逶逭逯遄遑遒遐遨遘遢遛暹遴遽邂邈邃邋彐彗彖彘尻咫屐屙孱屣屦羼弪弩弭艴弼鬻屮妁妃妍妩妪妣"],
-["e640","鍬",34,"鎐",27],
-["e680","鎬",29,"鏋鏌鏍妗姊妫妞妤姒妲妯姗妾娅娆姝娈姣姘姹娌娉娲娴娑娣娓婀婧婊婕娼婢婵胬媪媛婷婺媾嫫媲嫒嫔媸嫠嫣嫱嫖嫦嫘嫜嬉嬗嬖嬲嬷孀尕尜孚孥孳孑孓孢驵驷驸驺驿驽骀骁骅骈骊骐骒骓骖骘骛骜骝骟骠骢骣骥骧纟纡纣纥纨纩"],
-["e740","鏎",7,"鏗",54],
-["e780","鐎",32,"纭纰纾绀绁绂绉绋绌绐绔绗绛绠绡绨绫绮绯绱绲缍绶绺绻绾缁缂缃缇缈缋缌缏缑缒缗缙缜缛缟缡",6,"缪缫缬缭缯",4,"缵幺畿巛甾邕玎玑玮玢玟珏珂珑玷玳珀珉珈珥珙顼琊珩珧珞玺珲琏琪瑛琦琥琨琰琮琬"],
-["e840","鐯",14,"鐿",43,"鑬鑭鑮鑯"],
-["e880","鑰",20,"钑钖钘铇铏铓铔铚铦铻锜锠琛琚瑁瑜瑗瑕瑙瑷瑭瑾璜璎璀璁璇璋璞璨璩璐璧瓒璺韪韫韬杌杓杞杈杩枥枇杪杳枘枧杵枨枞枭枋杷杼柰栉柘栊柩枰栌柙枵柚枳柝栀柃枸柢栎柁柽栲栳桠桡桎桢桄桤梃栝桕桦桁桧桀栾桊桉栩梵梏桴桷梓桫棂楮棼椟椠棹"],
-["e940","锧锳锽镃镈镋镕镚镠镮镴镵長",7,"門",42],
-["e980","閫",32,"椤棰椋椁楗棣椐楱椹楠楂楝榄楫榀榘楸椴槌榇榈槎榉楦楣楹榛榧榻榫榭槔榱槁槊槟榕槠榍槿樯槭樗樘橥槲橄樾檠橐橛樵檎橹樽樨橘橼檑檐檩檗檫猷獒殁殂殇殄殒殓殍殚殛殡殪轫轭轱轲轳轵轶轸轷轹轺轼轾辁辂辄辇辋"],
-["ea40","闌",27,"闬闿阇阓阘阛阞阠阣",6,"阫阬阭阯阰阷阸阹阺阾陁陃陊陎陏陑陒陓陖陗"],
-["ea80","陘陙陚陜陝陞陠陣陥陦陫陭",4,"陳陸",12,"隇隉隊辍辎辏辘辚軎戋戗戛戟戢戡戥戤戬臧瓯瓴瓿甏甑甓攴旮旯旰昊昙杲昃昕昀炅曷昝昴昱昶昵耆晟晔晁晏晖晡晗晷暄暌暧暝暾曛曜曦曩贲贳贶贻贽赀赅赆赈赉赇赍赕赙觇觊觋觌觎觏觐觑牮犟牝牦牯牾牿犄犋犍犏犒挈挲掰"],
-["eb40","隌階隑隒隓隕隖隚際隝",9,"隨",7,"隱隲隴隵隷隸隺隻隿雂雃雈雊雋雐雑雓雔雖",9,"雡",6,"雫"],
-["eb80","雬雭雮雰雱雲雴雵雸雺電雼雽雿霂霃霅霊霋霌霐霑霒霔霕霗",4,"霝霟霠搿擘耄毪毳毽毵毹氅氇氆氍氕氘氙氚氡氩氤氪氲攵敕敫牍牒牖爰虢刖肟肜肓肼朊肽肱肫肭肴肷胧胨胩胪胛胂胄胙胍胗朐胝胫胱胴胭脍脎胲胼朕脒豚脶脞脬脘脲腈腌腓腴腙腚腱腠腩腼腽腭腧塍媵膈膂膑滕膣膪臌朦臊膻"],
-["ec40","霡",8,"霫霬霮霯霱霳",4,"霺霻霼霽霿",18,"靔靕靗靘靚靜靝靟靣靤靦靧靨靪",7],
-["ec80","靲靵靷",4,"靽",7,"鞆",4,"鞌鞎鞏鞐鞓鞕鞖鞗鞙",4,"臁膦欤欷欹歃歆歙飑飒飓飕飙飚殳彀毂觳斐齑斓於旆旄旃旌旎旒旖炀炜炖炝炻烀炷炫炱烨烊焐焓焖焯焱煳煜煨煅煲煊煸煺熘熳熵熨熠燠燔燧燹爝爨灬焘煦熹戾戽扃扈扉礻祀祆祉祛祜祓祚祢祗祠祯祧祺禅禊禚禧禳忑忐"],
-["ed40","鞞鞟鞡鞢鞤",6,"鞬鞮鞰鞱鞳鞵",46],
-["ed80","韤韥韨韮",4,"韴韷",23,"怼恝恚恧恁恙恣悫愆愍慝憩憝懋懑戆肀聿沓泶淼矶矸砀砉砗砘砑斫砭砜砝砹砺砻砟砼砥砬砣砩硎硭硖硗砦硐硇硌硪碛碓碚碇碜碡碣碲碹碥磔磙磉磬磲礅磴礓礤礞礴龛黹黻黼盱眄眍盹眇眈眚眢眙眭眦眵眸睐睑睇睃睚睨"],
-["ee40","頏",62],
-["ee80","顎",32,"睢睥睿瞍睽瞀瞌瞑瞟瞠瞰瞵瞽町畀畎畋畈畛畲畹疃罘罡罟詈罨罴罱罹羁罾盍盥蠲钅钆钇钋钊钌钍钏钐钔钗钕钚钛钜钣钤钫钪钭钬钯钰钲钴钶",4,"钼钽钿铄铈",6,"铐铑铒铕铖铗铙铘铛铞铟铠铢铤铥铧铨铪"],
-["ef40","顯",5,"颋颎颒颕颙颣風",37,"飏飐飔飖飗飛飜飝飠",4],
-["ef80","飥飦飩",30,"铩铫铮铯铳铴铵铷铹铼铽铿锃锂锆锇锉锊锍锎锏锒",4,"锘锛锝锞锟锢锪锫锩锬锱锲锴锶锷锸锼锾锿镂锵镄镅镆镉镌镎镏镒镓镔镖镗镘镙镛镞镟镝镡镢镤",8,"镯镱镲镳锺矧矬雉秕秭秣秫稆嵇稃稂稞稔"],
-["f040","餈",4,"餎餏餑",28,"餯",26],
-["f080","饊",9,"饖",12,"饤饦饳饸饹饻饾馂馃馉稹稷穑黏馥穰皈皎皓皙皤瓞瓠甬鸠鸢鸨",4,"鸲鸱鸶鸸鸷鸹鸺鸾鹁鹂鹄鹆鹇鹈鹉鹋鹌鹎鹑鹕鹗鹚鹛鹜鹞鹣鹦",6,"鹱鹭鹳疒疔疖疠疝疬疣疳疴疸痄疱疰痃痂痖痍痣痨痦痤痫痧瘃痱痼痿瘐瘀瘅瘌瘗瘊瘥瘘瘕瘙"],
-["f140","馌馎馚",10,"馦馧馩",47],
-["f180","駙",32,"瘛瘼瘢瘠癀瘭瘰瘿瘵癃瘾瘳癍癞癔癜癖癫癯翊竦穸穹窀窆窈窕窦窠窬窨窭窳衤衩衲衽衿袂袢裆袷袼裉裢裎裣裥裱褚裼裨裾裰褡褙褓褛褊褴褫褶襁襦襻疋胥皲皴矜耒耔耖耜耠耢耥耦耧耩耨耱耋耵聃聆聍聒聩聱覃顸颀颃"],
-["f240","駺",62],
-["f280","騹",32,"颉颌颍颏颔颚颛颞颟颡颢颥颦虍虔虬虮虿虺虼虻蚨蚍蚋蚬蚝蚧蚣蚪蚓蚩蚶蛄蚵蛎蚰蚺蚱蚯蛉蛏蚴蛩蛱蛲蛭蛳蛐蜓蛞蛴蛟蛘蛑蜃蜇蛸蜈蜊蜍蜉蜣蜻蜞蜥蜮蜚蜾蝈蜴蜱蜩蜷蜿螂蜢蝽蝾蝻蝠蝰蝌蝮螋蝓蝣蝼蝤蝙蝥螓螯螨蟒"],
-["f340","驚",17,"驲骃骉骍骎骔骕骙骦骩",6,"骲骳骴骵骹骻骽骾骿髃髄髆",4,"髍髎髏髐髒體髕髖髗髙髚髛髜"],
-["f380","髝髞髠髢髣髤髥髧髨髩髪髬髮髰",8,"髺髼",6,"鬄鬅鬆蟆螈螅螭螗螃螫蟥螬螵螳蟋蟓螽蟑蟀蟊蟛蟪蟠蟮蠖蠓蟾蠊蠛蠡蠹蠼缶罂罄罅舐竺竽笈笃笄笕笊笫笏筇笸笪笙笮笱笠笥笤笳笾笞筘筚筅筵筌筝筠筮筻筢筲筱箐箦箧箸箬箝箨箅箪箜箢箫箴篑篁篌篝篚篥篦篪簌篾篼簏簖簋"],
-["f440","鬇鬉",5,"鬐鬑鬒鬔",10,"鬠鬡鬢鬤",10,"鬰鬱鬳",7,"鬽鬾鬿魀魆魊魋魌魎魐魒魓魕",5],
-["f480","魛",32,"簟簪簦簸籁籀臾舁舂舄臬衄舡舢舣舭舯舨舫舸舻舳舴舾艄艉艋艏艚艟艨衾袅袈裘裟襞羝羟羧羯羰羲籼敉粑粝粜粞粢粲粼粽糁糇糌糍糈糅糗糨艮暨羿翎翕翥翡翦翩翮翳糸絷綦綮繇纛麸麴赳趄趔趑趱赧赭豇豉酊酐酎酏酤"],
-["f540","魼",62],
-["f580","鮻",32,"酢酡酰酩酯酽酾酲酴酹醌醅醐醍醑醢醣醪醭醮醯醵醴醺豕鹾趸跫踅蹙蹩趵趿趼趺跄跖跗跚跞跎跏跛跆跬跷跸跣跹跻跤踉跽踔踝踟踬踮踣踯踺蹀踹踵踽踱蹉蹁蹂蹑蹒蹊蹰蹶蹼蹯蹴躅躏躔躐躜躞豸貂貊貅貘貔斛觖觞觚觜"],
-["f640","鯜",62],
-["f680","鰛",32,"觥觫觯訾謦靓雩雳雯霆霁霈霏霎霪霭霰霾龀龃龅",5,"龌黾鼋鼍隹隼隽雎雒瞿雠銎銮鋈錾鍪鏊鎏鐾鑫鱿鲂鲅鲆鲇鲈稣鲋鲎鲐鲑鲒鲔鲕鲚鲛鲞",5,"鲥",4,"鲫鲭鲮鲰",7,"鲺鲻鲼鲽鳄鳅鳆鳇鳊鳋"],
-["f740","鰼",62],
-["f780","鱻鱽鱾鲀鲃鲄鲉鲊鲌鲏鲓鲖鲗鲘鲙鲝鲪鲬鲯鲹鲾",4,"鳈鳉鳑鳒鳚鳛鳠鳡鳌",4,"鳓鳔鳕鳗鳘鳙鳜鳝鳟鳢靼鞅鞑鞒鞔鞯鞫鞣鞲鞴骱骰骷鹘骶骺骼髁髀髅髂髋髌髑魅魃魇魉魈魍魑飨餍餮饕饔髟髡髦髯髫髻髭髹鬈鬏鬓鬟鬣麽麾縻麂麇麈麋麒鏖麝麟黛黜黝黠黟黢黩黧黥黪黯鼢鼬鼯鼹鼷鼽鼾齄"],
-["f840","鳣",62],
-["f880","鴢",32],
-["f940","鵃",62],
-["f980","鶂",32],
-["fa40","鶣",62],
-["fa80","鷢",32],
-["fb40","鸃",27,"鸤鸧鸮鸰鸴鸻鸼鹀鹍鹐鹒鹓鹔鹖鹙鹝鹟鹠鹡鹢鹥鹮鹯鹲鹴",9,"麀"],
-["fb80","麁麃麄麅麆麉麊麌",5,"麔",8,"麞麠",5,"麧麨麩麪"],
-["fc40","麫",8,"麵麶麷麹麺麼麿",4,"黅黆黇黈黊黋黌黐黒黓黕黖黗黙黚點黡黣黤黦黨黫黬黭黮黰",8,"黺黽黿",6],
-["fc80","鼆",4,"鼌鼏鼑鼒鼔鼕鼖鼘鼚",5,"鼡鼣",8,"鼭鼮鼰鼱"],
-["fd40","鼲",4,"鼸鼺鼼鼿",4,"齅",10,"齒",38],
-["fd80","齹",5,"龁龂龍",11,"龜龝龞龡",4,"郎凉秊裏隣"],
-["fe40","兀嗀﨎﨏﨑﨓﨔礼﨟蘒﨡﨣﨤﨧﨨﨩"]
-]
diff --git a/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/cp949.json b/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/cp949.json
deleted file mode 100644
index 2022a00..0000000
--- a/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/cp949.json
+++ /dev/null
@@ -1,273 +0,0 @@
-[
-["0","\u0000",127],
-["8141","갂갃갅갆갋",4,"갘갞갟갡갢갣갥",6,"갮갲갳갴"],
-["8161","갵갶갷갺갻갽갾갿걁",9,"걌걎",5,"걕"],
-["8181","걖걗걙걚걛걝",18,"걲걳걵걶걹걻",4,"겂겇겈겍겎겏겑겒겓겕",6,"겞겢",5,"겫겭겮겱",6,"겺겾겿곀곂곃곅곆곇곉곊곋곍",7,"곖곘",7,"곢곣곥곦곩곫곭곮곲곴곷",4,"곾곿괁괂괃괅괇",4,"괎괐괒괓"],
-["8241","괔괕괖괗괙괚괛괝괞괟괡",7,"괪괫괮",5],
-["8261","괶괷괹괺괻괽",6,"굆굈굊",5,"굑굒굓굕굖굗"],
-["8281","굙",7,"굢굤",7,"굮굯굱굲굷굸굹굺굾궀궃",4,"궊궋궍궎궏궑",10,"궞",5,"궥",17,"궸",7,"귂귃귅귆귇귉",6,"귒귔",7,"귝귞귟귡귢귣귥",18],
-["8341","귺귻귽귾긂",5,"긊긌긎",5,"긕",7],
-["8361","긝",18,"긲긳긵긶긹긻긼"],
-["8381","긽긾긿깂깄깇깈깉깋깏깑깒깓깕깗",4,"깞깢깣깤깦깧깪깫깭깮깯깱",6,"깺깾",5,"꺆",5,"꺍",46,"꺿껁껂껃껅",6,"껎껒",5,"껚껛껝",8],
-["8441","껦껧껩껪껬껮",5,"껵껶껷껹껺껻껽",8],
-["8461","꼆꼉꼊꼋꼌꼎꼏꼑",18],
-["8481","꼤",7,"꼮꼯꼱꼳꼵",6,"꼾꽀꽄꽅꽆꽇꽊",5,"꽑",10,"꽞",5,"꽦",18,"꽺",5,"꾁꾂꾃꾅꾆꾇꾉",6,"꾒꾓꾔꾖",5,"꾝",26,"꾺꾻꾽꾾"],
-["8541","꾿꿁",5,"꿊꿌꿏",4,"꿕",6,"꿝",4],
-["8561","꿢",5,"꿪",5,"꿲꿳꿵꿶꿷꿹",6,"뀂뀃"],
-["8581","뀅",6,"뀍뀎뀏뀑뀒뀓뀕",6,"뀞",9,"뀩",26,"끆끇끉끋끍끏끐끑끒끖끘끚끛끜끞",29,"끾끿낁낂낃낅",6,"낎낐낒",5,"낛낝낞낣낤"],
-["8641","낥낦낧낪낰낲낶낷낹낺낻낽",6,"냆냊",5,"냒"],
-["8661","냓냕냖냗냙",6,"냡냢냣냤냦",10],
-["8681","냱",22,"넊넍넎넏넑넔넕넖넗넚넞",4,"넦넧넩넪넫넭",6,"넶넺",5,"녂녃녅녆녇녉",6,"녒녓녖녗녙녚녛녝녞녟녡",22,"녺녻녽녾녿놁놃",4,"놊놌놎놏놐놑놕놖놗놙놚놛놝"],
-["8741","놞",9,"놩",15],
-["8761","놹",18,"뇍뇎뇏뇑뇒뇓뇕"],
-["8781","뇖",5,"뇞뇠",7,"뇪뇫뇭뇮뇯뇱",7,"뇺뇼뇾",5,"눆눇눉눊눍",6,"눖눘눚",5,"눡",18,"눵",6,"눽",26,"뉙뉚뉛뉝뉞뉟뉡",6,"뉪",4],
-["8841","뉯",4,"뉶",5,"뉽",6,"늆늇늈늊",4],
-["8861","늏늒늓늕늖늗늛",4,"늢늤늧늨늩늫늭늮늯늱늲늳늵늶늷"],
-["8881","늸",15,"닊닋닍닎닏닑닓",4,"닚닜닞닟닠닡닣닧닩닪닰닱닲닶닼닽닾댂댃댅댆댇댉",6,"댒댖",5,"댝",54,"덗덙덚덝덠덡덢덣"],
-["8941","덦덨덪덬덭덯덲덳덵덶덷덹",6,"뎂뎆",5,"뎍"],
-["8961","뎎뎏뎑뎒뎓뎕",10,"뎢",5,"뎩뎪뎫뎭"],
-["8981","뎮",21,"돆돇돉돊돍돏돑돒돓돖돘돚돜돞돟돡돢돣돥돦돧돩",18,"돽",18,"됑",6,"됙됚됛됝됞됟됡",6,"됪됬",7,"됵",15],
-["8a41","둅",10,"둒둓둕둖둗둙",6,"둢둤둦"],
-["8a61","둧",4,"둭",18,"뒁뒂"],
-["8a81","뒃",4,"뒉",19,"뒞",5,"뒥뒦뒧뒩뒪뒫뒭",7,"뒶뒸뒺",5,"듁듂듃듅듆듇듉",6,"듑듒듓듔듖",5,"듞듟듡듢듥듧",4,"듮듰듲",5,"듹",26,"딖딗딙딚딝"],
-["8b41","딞",5,"딦딫",4,"딲딳딵딶딷딹",6,"땂땆"],
-["8b61","땇땈땉땊땎땏땑땒땓땕",6,"땞땢",8],
-["8b81","땫",52,"떢떣떥떦떧떩떬떭떮떯떲떶",4,"떾떿뗁뗂뗃뗅",6,"뗎뗒",5,"뗙",18,"뗭",18],
-["8c41","똀",15,"똒똓똕똖똗똙",4],
-["8c61","똞",6,"똦",5,"똭",6,"똵",5],
-["8c81","똻",12,"뙉",26,"뙥뙦뙧뙩",50,"뚞뚟뚡뚢뚣뚥",5,"뚭뚮뚯뚰뚲",16],
-["8d41","뛃",16,"뛕",8],
-["8d61","뛞",17,"뛱뛲뛳뛵뛶뛷뛹뛺"],
-["8d81","뛻",4,"뜂뜃뜄뜆",33,"뜪뜫뜭뜮뜱",6,"뜺뜼",7,"띅띆띇띉띊띋띍",6,"띖",9,"띡띢띣띥띦띧띩",6,"띲띴띶",5,"띾띿랁랂랃랅",6,"랎랓랔랕랚랛랝랞"],
-["8e41","랟랡",6,"랪랮",5,"랶랷랹",8],
-["8e61","럂",4,"럈럊",19],
-["8e81","럞",13,"럮럯럱럲럳럵",6,"럾렂",4,"렊렋렍렎렏렑",6,"렚렜렞",5,"렦렧렩렪렫렭",6,"렶렺",5,"롁롂롃롅",11,"롒롔",7,"롞롟롡롢롣롥",6,"롮롰롲",5,"롹롺롻롽",7],
-["8f41","뢅",7,"뢎",17],
-["8f61","뢠",7,"뢩",6,"뢱뢲뢳뢵뢶뢷뢹",4],
-["8f81","뢾뢿룂룄룆",5,"룍룎룏룑룒룓룕",7,"룞룠룢",5,"룪룫룭룮룯룱",6,"룺룼룾",5,"뤅",18,"뤙",6,"뤡",26,"뤾뤿륁륂륃륅",6,"륍륎륐륒",5],
-["9041","륚륛륝륞륟륡",6,"륪륬륮",5,"륶륷륹륺륻륽"],
-["9061","륾",5,"릆릈릋릌릏",15],
-["9081","릟",12,"릮릯릱릲릳릵",6,"릾맀맂",5,"맊맋맍맓",4,"맚맜맟맠맢맦맧맩맪맫맭",6,"맶맻",4,"먂",5,"먉",11,"먖",33,"먺먻먽먾먿멁멃멄멅멆"],
-["9141","멇멊멌멏멐멑멒멖멗멙멚멛멝",6,"멦멪",5],
-["9161","멲멳멵멶멷멹",9,"몆몈몉몊몋몍",5],
-["9181","몓",20,"몪몭몮몯몱몳",4,"몺몼몾",5,"뫅뫆뫇뫉",14,"뫚",33,"뫽뫾뫿묁묂묃묅",7,"묎묐묒",5,"묙묚묛묝묞묟묡",6],
-["9241","묨묪묬",7,"묷묹묺묿",4,"뭆뭈뭊뭋뭌뭎뭑뭒"],
-["9261","뭓뭕뭖뭗뭙",7,"뭢뭤",7,"뭭",4],
-["9281","뭲",21,"뮉뮊뮋뮍뮎뮏뮑",18,"뮥뮦뮧뮩뮪뮫뮭",6,"뮵뮶뮸",7,"믁믂믃믅믆믇믉",6,"믑믒믔",35,"믺믻믽믾밁"],
-["9341","밃",4,"밊밎밐밒밓밙밚밠밡밢밣밦밨밪밫밬밮밯밲밳밵"],
-["9361","밶밷밹",6,"뱂뱆뱇뱈뱊뱋뱎뱏뱑",8],
-["9381","뱚뱛뱜뱞",37,"벆벇벉벊벍벏",4,"벖벘벛",4,"벢벣벥벦벩",6,"벲벶",5,"벾벿볁볂볃볅",7,"볎볒볓볔볖볗볙볚볛볝",22,"볷볹볺볻볽"],
-["9441","볾",5,"봆봈봊",5,"봑봒봓봕",8],
-["9461","봞",5,"봥",6,"봭",12],
-["9481","봺",5,"뵁",6,"뵊뵋뵍뵎뵏뵑",6,"뵚",9,"뵥뵦뵧뵩",22,"붂붃붅붆붋",4,"붒붔붖붗붘붛붝",6,"붥",10,"붱",6,"붹",24],
-["9541","뷒뷓뷖뷗뷙뷚뷛뷝",11,"뷪",5,"뷱"],
-["9561","뷲뷳뷵뷶뷷뷹",6,"븁븂븄븆",5,"븎븏븑븒븓"],
-["9581","븕",6,"븞븠",35,"빆빇빉빊빋빍빏",4,"빖빘빜빝빞빟빢빣빥빦빧빩빫",4,"빲빶",4,"빾빿뺁뺂뺃뺅",6,"뺎뺒",5,"뺚",13,"뺩",14],
-["9641","뺸",23,"뻒뻓"],
-["9661","뻕뻖뻙",6,"뻡뻢뻦",5,"뻭",8],
-["9681","뻶",10,"뼂",5,"뼊",13,"뼚뼞",33,"뽂뽃뽅뽆뽇뽉",6,"뽒뽓뽔뽖",44],
-["9741","뾃",16,"뾕",8],
-["9761","뾞",17,"뾱",7],
-["9781","뾹",11,"뿆",5,"뿎뿏뿑뿒뿓뿕",6,"뿝뿞뿠뿢",89,"쀽쀾쀿"],
-["9841","쁀",16,"쁒",5,"쁙쁚쁛"],
-["9861","쁝쁞쁟쁡",6,"쁪",15],
-["9881","쁺",21,"삒삓삕삖삗삙",6,"삢삤삦",5,"삮삱삲삷",4,"삾샂샃샄샆샇샊샋샍샎샏샑",6,"샚샞",5,"샦샧샩샪샫샭",6,"샶샸샺",5,"섁섂섃섅섆섇섉",6,"섑섒섓섔섖",5,"섡섢섥섨섩섪섫섮"],
-["9941","섲섳섴섵섷섺섻섽섾섿셁",6,"셊셎",5,"셖셗"],
-["9961","셙셚셛셝",6,"셦셪",5,"셱셲셳셵셶셷셹셺셻"],
-["9981","셼",8,"솆",5,"솏솑솒솓솕솗",4,"솞솠솢솣솤솦솧솪솫솭솮솯솱",11,"솾",5,"쇅쇆쇇쇉쇊쇋쇍",6,"쇕쇖쇙",6,"쇡쇢쇣쇥쇦쇧쇩",6,"쇲쇴",7,"쇾쇿숁숂숃숅",6,"숎숐숒",5,"숚숛숝숞숡숢숣"],
-["9a41","숤숥숦숧숪숬숮숰숳숵",16],
-["9a61","쉆쉇쉉",6,"쉒쉓쉕쉖쉗쉙",6,"쉡쉢쉣쉤쉦"],
-["9a81","쉧",4,"쉮쉯쉱쉲쉳쉵",6,"쉾슀슂",5,"슊",5,"슑",6,"슙슚슜슞",5,"슦슧슩슪슫슮",5,"슶슸슺",33,"싞싟싡싢싥",5,"싮싰싲싳싴싵싷싺싽싾싿쌁",6,"쌊쌋쌎쌏"],
-["9b41","쌐쌑쌒쌖쌗쌙쌚쌛쌝",6,"쌦쌧쌪",8],
-["9b61","쌳",17,"썆",7],
-["9b81","썎",25,"썪썫썭썮썯썱썳",4,"썺썻썾",5,"쎅쎆쎇쎉쎊쎋쎍",50,"쏁",22,"쏚"],
-["9c41","쏛쏝쏞쏡쏣",4,"쏪쏫쏬쏮",5,"쏶쏷쏹",5],
-["9c61","쏿",8,"쐉",6,"쐑",9],
-["9c81","쐛",8,"쐥",6,"쐭쐮쐯쐱쐲쐳쐵",6,"쐾",9,"쑉",26,"쑦쑧쑩쑪쑫쑭",6,"쑶쑷쑸쑺",5,"쒁",18,"쒕",6,"쒝",12],
-["9d41","쒪",13,"쒹쒺쒻쒽",8],
-["9d61","쓆",25],
-["9d81","쓠",8,"쓪",5,"쓲쓳쓵쓶쓷쓹쓻쓼쓽쓾씂",9,"씍씎씏씑씒씓씕",6,"씝",10,"씪씫씭씮씯씱",6,"씺씼씾",5,"앆앇앋앏앐앑앒앖앚앛앜앟앢앣앥앦앧앩",6,"앲앶",5,"앾앿얁얂얃얅얆얈얉얊얋얎얐얒얓얔"],
-["9e41","얖얙얚얛얝얞얟얡",7,"얪",9,"얶"],
-["9e61","얷얺얿",4,"엋엍엏엒엓엕엖엗엙",6,"엢엤엦엧"],
-["9e81","엨엩엪엫엯엱엲엳엵엸엹엺엻옂옃옄옉옊옋옍옎옏옑",6,"옚옝",6,"옦옧옩옪옫옯옱옲옶옸옺옼옽옾옿왂왃왅왆왇왉",6,"왒왖",5,"왞왟왡",10,"왭왮왰왲",5,"왺왻왽왾왿욁",6,"욊욌욎",5,"욖욗욙욚욛욝",6,"욦"],
-["9f41","욨욪",5,"욲욳욵욶욷욻",4,"웂웄웆",5,"웎"],
-["9f61","웏웑웒웓웕",6,"웞웟웢",5,"웪웫웭웮웯웱웲"],
-["9f81","웳",4,"웺웻웼웾",5,"윆윇윉윊윋윍",6,"윖윘윚",5,"윢윣윥윦윧윩",6,"윲윴윶윸윹윺윻윾윿읁읂읃읅",4,"읋읎읐읙읚읛읝읞읟읡",6,"읩읪읬",7,"읶읷읹읺읻읿잀잁잂잆잋잌잍잏잒잓잕잙잛",4,"잢잧",4,"잮잯잱잲잳잵잶잷"],
-["a041","잸잹잺잻잾쟂",5,"쟊쟋쟍쟏쟑",6,"쟙쟚쟛쟜"],
-["a061","쟞",5,"쟥쟦쟧쟩쟪쟫쟭",13],
-["a081","쟻",4,"젂젃젅젆젇젉젋",4,"젒젔젗",4,"젞젟젡젢젣젥",6,"젮젰젲",5,"젹젺젻젽젾젿졁",6,"졊졋졎",5,"졕",26,"졲졳졵졶졷졹졻",4,"좂좄좈좉좊좎",5,"좕",7,"좞좠좢좣좤"],
-["a141","좥좦좧좩",18,"좾좿죀죁"],
-["a161","죂죃죅죆죇죉죊죋죍",6,"죖죘죚",5,"죢죣죥"],
-["a181","죦",14,"죶",5,"죾죿줁줂줃줇",4,"줎　、。·‥…¨〃­―∥＼∼‘’“”〔〕〈",9,"±×÷≠≤≥∞∴°′″℃Å￠￡￥♂♀∠⊥⌒∂∇≡≒§※☆★○●◎◇◆□■△▲▽▼→←↑↓↔〓≪≫√∽∝∵∫∬∈∋⊆⊇⊂⊃∪∩∧∨￢"],
-["a241","줐줒",5,"줙",18],
-["a261","줭",6,"줵",18],
-["a281","쥈",7,"쥒쥓쥕쥖쥗쥙",6,"쥢쥤",7,"쥭쥮쥯⇒⇔∀∃´～ˇ˘˝˚˙¸˛¡¿ː∮∑∏¤℉‰◁◀▷▶♤♠♡♥♧♣⊙◈▣◐◑▒▤▥▨▧▦▩♨☏☎☜☞¶†‡↕↗↙↖↘♭♩♪♬㉿㈜№㏇™㏂㏘℡€®"],
-["a341","쥱쥲쥳쥵",6,"쥽",10,"즊즋즍즎즏"],
-["a361","즑",6,"즚즜즞",16],
-["a381","즯",16,"짂짃짅짆짉짋",4,"짒짔짗짘짛！",58,"￦］",32,"￣"],
-["a441","짞짟짡짣짥짦짨짩짪짫짮짲",5,"짺짻짽짾짿쨁쨂쨃쨄"],
-["a461","쨅쨆쨇쨊쨎",5,"쨕쨖쨗쨙",12],
-["a481","쨦쨧쨨쨪",28,"ㄱ",93],
-["a541","쩇",4,"쩎쩏쩑쩒쩓쩕",6,"쩞쩢",5,"쩩쩪"],
-["a561","쩫",17,"쩾",5,"쪅쪆"],
-["a581","쪇",16,"쪙",14,"ⅰ",9],
-["a5b0","Ⅰ",9],
-["a5c1","Α",16,"Σ",6],
-["a5e1","α",16,"σ",6],
-["a641","쪨",19,"쪾쪿쫁쫂쫃쫅"],
-["a661","쫆",5,"쫎쫐쫒쫔쫕쫖쫗쫚",5,"쫡",6],
-["a681","쫨쫩쫪쫫쫭",6,"쫵",18,"쬉쬊─│┌┐┘└├┬┤┴┼━┃┏┓┛┗┣┳┫┻╋┠┯┨┷┿┝┰┥┸╂┒┑┚┙┖┕┎┍┞┟┡┢┦┧┩┪┭┮┱┲┵┶┹┺┽┾╀╁╃",7],
-["a741","쬋",4,"쬑쬒쬓쬕쬖쬗쬙",6,"쬢",7],
-["a761","쬪",22,"쭂쭃쭄"],
-["a781","쭅쭆쭇쭊쭋쭍쭎쭏쭑",6,"쭚쭛쭜쭞",5,"쭥",7,"㎕㎖㎗ℓ㎘㏄㎣㎤㎥㎦㎙",9,"㏊㎍㎎㎏㏏㎈㎉㏈㎧㎨㎰",9,"㎀",4,"㎺",5,"㎐",4,"Ω㏀㏁㎊㎋㎌㏖㏅㎭㎮㎯㏛㎩㎪㎫㎬㏝㏐㏓㏃㏉㏜㏆"],
-["a841","쭭",10,"쭺",14],
-["a861","쮉",18,"쮝",6],
-["a881","쮤",19,"쮹",11,"ÆЪĦ"],
-["a8a6","IJ"],
-["a8a8","ĿŁØŒºÞŦŊ"],
-["a8b1","㉠",27,"ⓐ",25,"①",14,"½⅓⅔¼¾⅛⅜⅝⅞"],
-["a941","쯅",14,"쯕",10],
-["a961","쯠쯡쯢쯣쯥쯦쯨쯪",18],
-["a981","쯽",14,"찎찏찑찒찓찕",6,"찞찟찠찣찤æđðħıijĸŀłøœßþŧŋʼn㈀",27,"⒜",25,"⑴",14,"¹²³⁴ⁿ₁₂₃₄"],
-["aa41","찥찦찪찫찭찯찱",6,"찺찿",4,"챆챇챉챊챋챍챎"],
-["aa61","챏",4,"챖챚",5,"챡챢챣챥챧챩",6,"챱챲"],
-["aa81","챳챴챶",29,"ぁ",82],
-["ab41","첔첕첖첗첚첛첝첞첟첡",6,"첪첮",5,"첶첷첹"],
-["ab61","첺첻첽",6,"쳆쳈쳊",5,"쳑쳒쳓쳕",5],
-["ab81","쳛",8,"쳥",6,"쳭쳮쳯쳱",12,"ァ",85],
-["ac41","쳾쳿촀촂",5,"촊촋촍촎촏촑",6,"촚촜촞촟촠"],
-["ac61","촡촢촣촥촦촧촩촪촫촭",11,"촺",4],
-["ac81","촿",28,"쵝쵞쵟А",5,"ЁЖ",25],
-["acd1","а",5,"ёж",25],
-["ad41","쵡쵢쵣쵥",6,"쵮쵰쵲",5,"쵹",7],
-["ad61","춁",6,"춉",10,"춖춗춙춚춛춝춞춟"],
-["ad81","춠춡춢춣춦춨춪",5,"춱",18,"췅"],
-["ae41","췆",5,"췍췎췏췑",16],
-["ae61","췢",5,"췩췪췫췭췮췯췱",6,"췺췼췾",4],
-["ae81","츃츅츆츇츉츊츋츍",6,"츕츖츗츘츚",5,"츢츣츥츦츧츩츪츫"],
-["af41","츬츭츮츯츲츴츶",19],
-["af61","칊",13,"칚칛칝칞칢",5,"칪칬"],
-["af81","칮",5,"칶칷칹칺칻칽",6,"캆캈캊",5,"캒캓캕캖캗캙"],
-["b041","캚",5,"캢캦",5,"캮",12],
-["b061","캻",5,"컂",19],
-["b081","컖",13,"컦컧컩컪컭",6,"컶컺",5,"가각간갇갈갉갊감",7,"같",4,"갠갤갬갭갯갰갱갸갹갼걀걋걍걔걘걜거걱건걷걸걺검겁것겄겅겆겉겊겋게겐겔겜겝겟겠겡겨격겪견겯결겸겹겻겼경곁계곈곌곕곗고곡곤곧골곪곬곯곰곱곳공곶과곽관괄괆"],
-["b141","켂켃켅켆켇켉",6,"켒켔켖",5,"켝켞켟켡켢켣"],
-["b161","켥",6,"켮켲",5,"켹",11],
-["b181","콅",14,"콖콗콙콚콛콝",6,"콦콨콪콫콬괌괍괏광괘괜괠괩괬괭괴괵괸괼굄굅굇굉교굔굘굡굣구국군굳굴굵굶굻굼굽굿궁궂궈궉권궐궜궝궤궷귀귁귄귈귐귑귓규균귤그극근귿글긁금급긋긍긔기긱긴긷길긺김깁깃깅깆깊까깍깎깐깔깖깜깝깟깠깡깥깨깩깬깰깸"],
-["b241","콭콮콯콲콳콵콶콷콹",6,"쾁쾂쾃쾄쾆",5,"쾍"],
-["b261","쾎",18,"쾢",5,"쾩"],
-["b281","쾪",5,"쾱",18,"쿅",6,"깹깻깼깽꺄꺅꺌꺼꺽꺾껀껄껌껍껏껐껑께껙껜껨껫껭껴껸껼꼇꼈꼍꼐꼬꼭꼰꼲꼴꼼꼽꼿꽁꽂꽃꽈꽉꽐꽜꽝꽤꽥꽹꾀꾄꾈꾐꾑꾕꾜꾸꾹꾼꿀꿇꿈꿉꿋꿍꿎꿔꿜꿨꿩꿰꿱꿴꿸뀀뀁뀄뀌뀐뀔뀜뀝뀨끄끅끈끊끌끎끓끔끕끗끙"],
-["b341","쿌",19,"쿢쿣쿥쿦쿧쿩"],
-["b361","쿪",5,"쿲쿴쿶",5,"쿽쿾쿿퀁퀂퀃퀅",5],
-["b381","퀋",5,"퀒",5,"퀙",19,"끝끼끽낀낄낌낍낏낑나낙낚난낟날낡낢남납낫",4,"낱낳내낵낸낼냄냅냇냈냉냐냑냔냘냠냥너넉넋넌널넒넓넘넙넛넜넝넣네넥넨넬넴넵넷넸넹녀녁년녈념녑녔녕녘녜녠노녹논놀놂놈놉놋농높놓놔놘놜놨뇌뇐뇔뇜뇝"],
-["b441","퀮",5,"퀶퀷퀹퀺퀻퀽",6,"큆큈큊",5],
-["b461","큑큒큓큕큖큗큙",6,"큡",10,"큮큯"],
-["b481","큱큲큳큵",6,"큾큿킀킂",18,"뇟뇨뇩뇬뇰뇹뇻뇽누눅눈눋눌눔눕눗눙눠눴눼뉘뉜뉠뉨뉩뉴뉵뉼늄늅늉느늑는늘늙늚늠늡늣능늦늪늬늰늴니닉닌닐닒님닙닛닝닢다닥닦단닫",4,"닳담답닷",4,"닿대댁댄댈댐댑댓댔댕댜더덕덖던덛덜덞덟덤덥"],
-["b541","킕",14,"킦킧킩킪킫킭",5],
-["b561","킳킶킸킺",5,"탂탃탅탆탇탊",5,"탒탖",4],
-["b581","탛탞탟탡탢탣탥",6,"탮탲",5,"탹",11,"덧덩덫덮데덱덴델뎀뎁뎃뎄뎅뎌뎐뎔뎠뎡뎨뎬도독돈돋돌돎돐돔돕돗동돛돝돠돤돨돼됐되된될됨됩됫됴두둑둔둘둠둡둣둥둬뒀뒈뒝뒤뒨뒬뒵뒷뒹듀듄듈듐듕드득든듣들듦듬듭듯등듸디딕딘딛딜딤딥딧딨딩딪따딱딴딸"],
-["b641","턅",7,"턎",17],
-["b661","턠",15,"턲턳턵턶턷턹턻턼턽턾"],
-["b681","턿텂텆",5,"텎텏텑텒텓텕",6,"텞텠텢",5,"텩텪텫텭땀땁땃땄땅땋때땍땐땔땜땝땟땠땡떠떡떤떨떪떫떰떱떳떴떵떻떼떽뗀뗄뗌뗍뗏뗐뗑뗘뗬또똑똔똘똥똬똴뙈뙤뙨뚜뚝뚠뚤뚫뚬뚱뛔뛰뛴뛸뜀뜁뜅뜨뜩뜬뜯뜰뜸뜹뜻띄띈띌띔띕띠띤띨띰띱띳띵라락란랄람랍랏랐랑랒랖랗"],
-["b741","텮",13,"텽",6,"톅톆톇톉톊"],
-["b761","톋",20,"톢톣톥톦톧"],
-["b781","톩",6,"톲톴톶톷톸톹톻톽톾톿퇁",14,"래랙랜랠램랩랫랬랭랴략랸럇량러럭런럴럼럽럿렀렁렇레렉렌렐렘렙렛렝려력련렬렴렵렷렸령례롄롑롓로록론롤롬롭롯롱롸롼뢍뢨뢰뢴뢸룀룁룃룅료룐룔룝룟룡루룩룬룰룸룹룻룽뤄뤘뤠뤼뤽륀륄륌륏륑류륙륜률륨륩"],
-["b841","퇐",7,"퇙",17],
-["b861","퇫",8,"퇵퇶퇷퇹",13],
-["b881","툈툊",5,"툑",24,"륫륭르륵른를름릅릇릉릊릍릎리릭린릴림립릿링마막만많",4,"맘맙맛망맞맡맣매맥맨맬맴맵맷맸맹맺먀먁먈먕머먹먼멀멂멈멉멋멍멎멓메멕멘멜멤멥멧멨멩며멱면멸몃몄명몇몌모목몫몬몰몲몸몹못몽뫄뫈뫘뫙뫼"],
-["b941","툪툫툮툯툱툲툳툵",6,"툾퉀퉂",5,"퉉퉊퉋퉌"],
-["b961","퉍",14,"퉝",6,"퉥퉦퉧퉨"],
-["b981","퉩",22,"튂튃튅튆튇튉튊튋튌묀묄묍묏묑묘묜묠묩묫무묵묶문묻물묽묾뭄뭅뭇뭉뭍뭏뭐뭔뭘뭡뭣뭬뮈뮌뮐뮤뮨뮬뮴뮷므믄믈믐믓미믹민믿밀밂밈밉밋밌밍및밑바",4,"받",4,"밤밥밧방밭배백밴밸뱀뱁뱃뱄뱅뱉뱌뱍뱐뱝버벅번벋벌벎범법벗"],
-["ba41","튍튎튏튒튓튔튖",5,"튝튞튟튡튢튣튥",6,"튭"],
-["ba61","튮튯튰튲",5,"튺튻튽튾틁틃",4,"틊틌",5],
-["ba81","틒틓틕틖틗틙틚틛틝",6,"틦",9,"틲틳틵틶틷틹틺벙벚베벡벤벧벨벰벱벳벴벵벼벽변별볍볏볐병볕볘볜보복볶본볼봄봅봇봉봐봔봤봬뵀뵈뵉뵌뵐뵘뵙뵤뵨부북분붇불붉붊붐붑붓붕붙붚붜붤붰붸뷔뷕뷘뷜뷩뷰뷴뷸븀븃븅브븍븐블븜븝븟비빅빈빌빎빔빕빗빙빚빛빠빡빤"],
-["bb41","틻",4,"팂팄팆",5,"팏팑팒팓팕팗",4,"팞팢팣"],
-["bb61","팤팦팧팪팫팭팮팯팱",6,"팺팾",5,"퍆퍇퍈퍉"],
-["bb81","퍊",31,"빨빪빰빱빳빴빵빻빼빽뺀뺄뺌뺍뺏뺐뺑뺘뺙뺨뻐뻑뻔뻗뻘뻠뻣뻤뻥뻬뼁뼈뼉뼘뼙뼛뼜뼝뽀뽁뽄뽈뽐뽑뽕뾔뾰뿅뿌뿍뿐뿔뿜뿟뿡쀼쁑쁘쁜쁠쁨쁩삐삑삔삘삠삡삣삥사삭삯산삳살삵삶삼삽삿샀상샅새색샌샐샘샙샛샜생샤"],
-["bc41","퍪",17,"퍾퍿펁펂펃펅펆펇"],
-["bc61","펈펉펊펋펎펒",5,"펚펛펝펞펟펡",6,"펪펬펮"],
-["bc81","펯",4,"펵펶펷펹펺펻펽",6,"폆폇폊",5,"폑",5,"샥샨샬샴샵샷샹섀섄섈섐섕서",4,"섣설섦섧섬섭섯섰성섶세섹센셀셈셉셋셌셍셔셕션셜셤셥셧셨셩셰셴셸솅소속솎손솔솖솜솝솟송솥솨솩솬솰솽쇄쇈쇌쇔쇗쇘쇠쇤쇨쇰쇱쇳쇼쇽숀숄숌숍숏숑수숙순숟술숨숩숫숭"],
-["bd41","폗폙",7,"폢폤",7,"폮폯폱폲폳폵폶폷"],
-["bd61","폸폹폺폻폾퐀퐂",5,"퐉",13],
-["bd81","퐗",5,"퐞",25,"숯숱숲숴쉈쉐쉑쉔쉘쉠쉥쉬쉭쉰쉴쉼쉽쉿슁슈슉슐슘슛슝스슥슨슬슭슴습슷승시식신싣실싫심십싯싱싶싸싹싻싼쌀쌈쌉쌌쌍쌓쌔쌕쌘쌜쌤쌥쌨쌩썅써썩썬썰썲썸썹썼썽쎄쎈쎌쏀쏘쏙쏜쏟쏠쏢쏨쏩쏭쏴쏵쏸쐈쐐쐤쐬쐰"],
-["be41","퐸",7,"푁푂푃푅",14],
-["be61","푔",7,"푝푞푟푡푢푣푥",7,"푮푰푱푲"],
-["be81","푳",4,"푺푻푽푾풁풃",4,"풊풌풎",5,"풕",8,"쐴쐼쐽쑈쑤쑥쑨쑬쑴쑵쑹쒀쒔쒜쒸쒼쓩쓰쓱쓴쓸쓺쓿씀씁씌씐씔씜씨씩씬씰씸씹씻씽아악안앉않알앍앎앓암압앗았앙앝앞애액앤앨앰앱앳앴앵야약얀얄얇얌얍얏양얕얗얘얜얠얩어억언얹얻얼얽얾엄",6,"엌엎"],
-["bf41","풞",10,"풪",14],
-["bf61","풹",18,"퓍퓎퓏퓑퓒퓓퓕"],
-["bf81","퓖",5,"퓝퓞퓠",7,"퓩퓪퓫퓭퓮퓯퓱",6,"퓹퓺퓼에엑엔엘엠엡엣엥여역엮연열엶엷염",5,"옅옆옇예옌옐옘옙옛옜오옥온올옭옮옰옳옴옵옷옹옻와왁완왈왐왑왓왔왕왜왝왠왬왯왱외왹왼욀욈욉욋욍요욕욘욜욤욥욧용우욱운울욹욺움웁웃웅워웍원월웜웝웠웡웨"],
-["c041","퓾",5,"픅픆픇픉픊픋픍",6,"픖픘",5],
-["c061","픞",25],
-["c081","픸픹픺픻픾픿핁핂핃핅",6,"핎핐핒",5,"핚핛핝핞핟핡핢핣웩웬웰웸웹웽위윅윈윌윔윕윗윙유육윤율윰윱윳융윷으윽은을읊음읍읏응",7,"읜읠읨읫이익인일읽읾잃임입잇있잉잊잎자작잔잖잗잘잚잠잡잣잤장잦재잭잰잴잼잽잿쟀쟁쟈쟉쟌쟎쟐쟘쟝쟤쟨쟬저적전절젊"],
-["c141","핤핦핧핪핬핮",5,"핶핷핹핺핻핽",6,"햆햊햋"],
-["c161","햌햍햎햏햑",19,"햦햧"],
-["c181","햨",31,"점접젓정젖제젝젠젤젬젭젯젱져젼졀졈졉졌졍졔조족존졸졺좀좁좃종좆좇좋좌좍좔좝좟좡좨좼좽죄죈죌죔죕죗죙죠죡죤죵주죽준줄줅줆줌줍줏중줘줬줴쥐쥑쥔쥘쥠쥡쥣쥬쥰쥴쥼즈즉즌즐즘즙즛증지직진짇질짊짐집짓"],
-["c241","헊헋헍헎헏헑헓",4,"헚헜헞",5,"헦헧헩헪헫헭헮"],
-["c261","헯",4,"헶헸헺",5,"혂혃혅혆혇혉",6,"혒"],
-["c281","혖",5,"혝혞혟혡혢혣혥",7,"혮",9,"혺혻징짖짙짚짜짝짠짢짤짧짬짭짯짰짱째짹짼쨀쨈쨉쨋쨌쨍쨔쨘쨩쩌쩍쩐쩔쩜쩝쩟쩠쩡쩨쩽쪄쪘쪼쪽쫀쫄쫌쫍쫏쫑쫓쫘쫙쫠쫬쫴쬈쬐쬔쬘쬠쬡쭁쭈쭉쭌쭐쭘쭙쭝쭤쭸쭹쮜쮸쯔쯤쯧쯩찌찍찐찔찜찝찡찢찧차착찬찮찰참찹찻"],
-["c341","혽혾혿홁홂홃홄홆홇홊홌홎홏홐홒홓홖홗홙홚홛홝",4],
-["c361","홢",4,"홨홪",5,"홲홳홵",11],
-["c381","횁횂횄횆",5,"횎횏횑횒횓횕",7,"횞횠횢",5,"횩횪찼창찾채책챈챌챔챕챗챘챙챠챤챦챨챰챵처척천철첨첩첫첬청체첵첸첼쳄쳅쳇쳉쳐쳔쳤쳬쳰촁초촉촌촐촘촙촛총촤촨촬촹최쵠쵤쵬쵭쵯쵱쵸춈추축춘출춤춥춧충춰췄췌췐취췬췰췸췹췻췽츄츈츌츔츙츠측츤츨츰츱츳층"],
-["c441","횫횭횮횯횱",7,"횺횼",7,"훆훇훉훊훋"],
-["c461","훍훎훏훐훒훓훕훖훘훚",5,"훡훢훣훥훦훧훩",4],
-["c481","훮훯훱훲훳훴훶",5,"훾훿휁휂휃휅",11,"휒휓휔치칙친칟칠칡침칩칫칭카칵칸칼캄캅캇캉캐캑캔캘캠캡캣캤캥캬캭컁커컥컨컫컬컴컵컷컸컹케켁켄켈켐켑켓켕켜켠켤켬켭켯켰켱켸코콕콘콜콤콥콧콩콰콱콴콸쾀쾅쾌쾡쾨쾰쿄쿠쿡쿤쿨쿰쿱쿳쿵쿼퀀퀄퀑퀘퀭퀴퀵퀸퀼"],
-["c541","휕휖휗휚휛휝휞휟휡",6,"휪휬휮",5,"휶휷휹"],
-["c561","휺휻휽",6,"흅흆흈흊",5,"흒흓흕흚",4],
-["c581","흟흢흤흦흧흨흪흫흭흮흯흱흲흳흵",6,"흾흿힀힂",5,"힊힋큄큅큇큉큐큔큘큠크큭큰클큼큽킁키킥킨킬킴킵킷킹타탁탄탈탉탐탑탓탔탕태택탠탤탬탭탯탰탱탸턍터턱턴털턺텀텁텃텄텅테텍텐텔템텝텟텡텨텬텼톄톈토톡톤톨톰톱톳통톺톼퇀퇘퇴퇸툇툉툐투툭툰툴툼툽툿퉁퉈퉜"],
-["c641","힍힎힏힑",6,"힚힜힞",5],
-["c6a1","퉤튀튁튄튈튐튑튕튜튠튤튬튱트특튼튿틀틂틈틉틋틔틘틜틤틥티틱틴틸팀팁팃팅파팍팎판팔팖팜팝팟팠팡팥패팩팬팰팸팹팻팼팽퍄퍅퍼퍽펀펄펌펍펏펐펑페펙펜펠펨펩펫펭펴편펼폄폅폈평폐폘폡폣포폭폰폴폼폽폿퐁"],
-["c7a1","퐈퐝푀푄표푠푤푭푯푸푹푼푿풀풂품풉풋풍풔풩퓌퓐퓔퓜퓟퓨퓬퓰퓸퓻퓽프픈플픔픕픗피픽핀필핌핍핏핑하학한할핥함합핫항해핵핸핼햄햅햇했행햐향허헉헌헐헒험헙헛헝헤헥헨헬헴헵헷헹혀혁현혈혐협혓혔형혜혠"],
-["c8a1","혤혭호혹혼홀홅홈홉홋홍홑화확환활홧황홰홱홴횃횅회획횐횔횝횟횡효횬횰횹횻후훅훈훌훑훔훗훙훠훤훨훰훵훼훽휀휄휑휘휙휜휠휨휩휫휭휴휵휸휼흄흇흉흐흑흔흖흗흘흙흠흡흣흥흩희흰흴흼흽힁히힉힌힐힘힙힛힝"],
-["caa1","伽佳假價加可呵哥嘉嫁家暇架枷柯歌珂痂稼苛茄街袈訶賈跏軻迦駕刻却各恪慤殼珏脚覺角閣侃刊墾奸姦干幹懇揀杆柬桿澗癎看磵稈竿簡肝艮艱諫間乫喝曷渴碣竭葛褐蝎鞨勘坎堪嵌感憾戡敢柑橄減甘疳監瞰紺邯鑑鑒龕"],
-["cba1","匣岬甲胛鉀閘剛堈姜岡崗康强彊慷江畺疆糠絳綱羌腔舡薑襁講鋼降鱇介价個凱塏愷愾慨改槪漑疥皆盖箇芥蓋豈鎧開喀客坑更粳羹醵倨去居巨拒据據擧渠炬祛距踞車遽鉅鋸乾件健巾建愆楗腱虔蹇鍵騫乞傑杰桀儉劍劒檢"],
-["cca1","瞼鈐黔劫怯迲偈憩揭擊格檄激膈覡隔堅牽犬甄絹繭肩見譴遣鵑抉決潔結缺訣兼慊箝謙鉗鎌京俓倞傾儆勁勍卿坰境庚徑慶憬擎敬景暻更梗涇炅烱璟璥瓊痙硬磬竟競絅經耕耿脛莖警輕逕鏡頃頸驚鯨係啓堺契季屆悸戒桂械"],
-["cda1","棨溪界癸磎稽系繫繼計誡谿階鷄古叩告呱固姑孤尻庫拷攷故敲暠枯槁沽痼皐睾稿羔考股膏苦苽菰藁蠱袴誥賈辜錮雇顧高鼓哭斛曲梏穀谷鵠困坤崑昆梱棍滾琨袞鯤汨滑骨供公共功孔工恐恭拱控攻珙空蚣貢鞏串寡戈果瓜"],
-["cea1","科菓誇課跨過鍋顆廓槨藿郭串冠官寬慣棺款灌琯瓘管罐菅觀貫關館刮恝括适侊光匡壙廣曠洸炚狂珖筐胱鑛卦掛罫乖傀塊壞怪愧拐槐魁宏紘肱轟交僑咬喬嬌嶠巧攪敎校橋狡皎矯絞翹膠蕎蛟較轎郊餃驕鮫丘久九仇俱具勾"],
-["cfa1","區口句咎嘔坵垢寇嶇廐懼拘救枸柩構歐毆毬求溝灸狗玖球瞿矩究絿耉臼舅舊苟衢謳購軀逑邱鉤銶駒驅鳩鷗龜國局菊鞠鞫麴君窘群裙軍郡堀屈掘窟宮弓穹窮芎躬倦券勸卷圈拳捲權淃眷厥獗蕨蹶闕机櫃潰詭軌饋句晷歸貴"],
-["d0a1","鬼龜叫圭奎揆槻珪硅窺竅糾葵規赳逵閨勻均畇筠菌鈞龜橘克剋劇戟棘極隙僅劤勤懃斤根槿瑾筋芹菫覲謹近饉契今妗擒昑檎琴禁禽芩衾衿襟金錦伋及急扱汲級給亘兢矜肯企伎其冀嗜器圻基埼夔奇妓寄岐崎己幾忌技旗旣"],
-["d1a1","朞期杞棋棄機欺氣汽沂淇玘琦琪璂璣畸畿碁磯祁祇祈祺箕紀綺羈耆耭肌記譏豈起錡錤飢饑騎騏驥麒緊佶吉拮桔金喫儺喇奈娜懦懶拏拿癩",5,"那樂",4,"諾酪駱亂卵暖欄煖爛蘭難鸞捏捺南嵐枏楠湳濫男藍襤拉"],
-["d2a1","納臘蠟衲囊娘廊",4,"乃來內奈柰耐冷女年撚秊念恬拈捻寧寗努勞奴弩怒擄櫓爐瑙盧",5,"駑魯",10,"濃籠聾膿農惱牢磊腦賂雷尿壘",7,"嫩訥杻紐勒",5,"能菱陵尼泥匿溺多茶"],
-["d3a1","丹亶但單團壇彖斷旦檀段湍短端簞緞蛋袒鄲鍛撻澾獺疸達啖坍憺擔曇淡湛潭澹痰聃膽蕁覃談譚錟沓畓答踏遝唐堂塘幢戇撞棠當糖螳黨代垈坮大對岱帶待戴擡玳臺袋貸隊黛宅德悳倒刀到圖堵塗導屠島嶋度徒悼挑掉搗桃"],
-["d4a1","棹櫂淘渡滔濤燾盜睹禱稻萄覩賭跳蹈逃途道都鍍陶韜毒瀆牘犢獨督禿篤纛讀墩惇敦旽暾沌焞燉豚頓乭突仝冬凍動同憧東桐棟洞潼疼瞳童胴董銅兜斗杜枓痘竇荳讀豆逗頭屯臀芚遁遯鈍得嶝橙燈登等藤謄鄧騰喇懶拏癩羅"],
-["d5a1","蘿螺裸邏樂洛烙珞絡落諾酪駱丹亂卵欄欒瀾爛蘭鸞剌辣嵐擥攬欖濫籃纜藍襤覽拉臘蠟廊朗浪狼琅瑯螂郞來崍徠萊冷掠略亮倆兩凉梁樑粮粱糧良諒輛量侶儷勵呂廬慮戾旅櫚濾礪藜蠣閭驢驪麗黎力曆歷瀝礫轢靂憐戀攣漣"],
-["d6a1","煉璉練聯蓮輦連鍊冽列劣洌烈裂廉斂殮濂簾獵令伶囹寧岺嶺怜玲笭羚翎聆逞鈴零靈領齡例澧禮醴隷勞怒撈擄櫓潞瀘爐盧老蘆虜路輅露魯鷺鹵碌祿綠菉錄鹿麓論壟弄朧瀧瓏籠聾儡瀨牢磊賂賚賴雷了僚寮廖料燎療瞭聊蓼"],
-["d7a1","遼鬧龍壘婁屢樓淚漏瘻累縷蔞褸鏤陋劉旒柳榴流溜瀏琉瑠留瘤硫謬類六戮陸侖倫崙淪綸輪律慄栗率隆勒肋凜凌楞稜綾菱陵俚利厘吏唎履悧李梨浬犁狸理璃異痢籬罹羸莉裏裡里釐離鯉吝潾燐璘藺躪隣鱗麟林淋琳臨霖砬"],
-["d8a1","立笠粒摩瑪痲碼磨馬魔麻寞幕漠膜莫邈万卍娩巒彎慢挽晩曼滿漫灣瞞萬蔓蠻輓饅鰻唜抹末沫茉襪靺亡妄忘忙望網罔芒茫莽輞邙埋妹媒寐昧枚梅每煤罵買賣邁魅脈貊陌驀麥孟氓猛盲盟萌冪覓免冕勉棉沔眄眠綿緬面麵滅"],
-["d9a1","蔑冥名命明暝椧溟皿瞑茗蓂螟酩銘鳴袂侮冒募姆帽慕摸摹暮某模母毛牟牡瑁眸矛耗芼茅謀謨貌木沐牧目睦穆鶩歿沒夢朦蒙卯墓妙廟描昴杳渺猫竗苗錨務巫憮懋戊拇撫无楙武毋無珷畝繆舞茂蕪誣貿霧鵡墨默們刎吻問文"],
-["daa1","汶紊紋聞蚊門雯勿沕物味媚尾嵋彌微未梶楣渼湄眉米美薇謎迷靡黴岷悶愍憫敏旻旼民泯玟珉緡閔密蜜謐剝博拍搏撲朴樸泊珀璞箔粕縛膊舶薄迫雹駁伴半反叛拌搬攀斑槃泮潘班畔瘢盤盼磐磻礬絆般蟠返頒飯勃拔撥渤潑"],
-["dba1","發跋醱鉢髮魃倣傍坊妨尨幇彷房放方旁昉枋榜滂磅紡肪膀舫芳蒡蚌訪謗邦防龐倍俳北培徘拜排杯湃焙盃背胚裴裵褙賠輩配陪伯佰帛柏栢白百魄幡樊煩燔番磻繁蕃藩飜伐筏罰閥凡帆梵氾汎泛犯範范法琺僻劈壁擘檗璧癖"],
-["dca1","碧蘗闢霹便卞弁變辨辯邊別瞥鱉鼈丙倂兵屛幷昞昺柄棅炳甁病秉竝輧餠騈保堡報寶普步洑湺潽珤甫菩補褓譜輔伏僕匐卜宓復服福腹茯蔔複覆輹輻馥鰒本乶俸奉封峯峰捧棒烽熢琫縫蓬蜂逢鋒鳳不付俯傅剖副否咐埠夫婦"],
-["dda1","孚孵富府復扶敷斧浮溥父符簿缶腐腑膚艀芙莩訃負賦賻赴趺部釜阜附駙鳧北分吩噴墳奔奮忿憤扮昐汾焚盆粉糞紛芬賁雰不佛弗彿拂崩朋棚硼繃鵬丕備匕匪卑妃婢庇悲憊扉批斐枇榧比毖毗毘沸泌琵痺砒碑秕秘粃緋翡肥"],
-["dea1","脾臂菲蜚裨誹譬費鄙非飛鼻嚬嬪彬斌檳殯浜濱瀕牝玭貧賓頻憑氷聘騁乍事些仕伺似使俟僿史司唆嗣四士奢娑寫寺射巳師徙思捨斜斯柶査梭死沙泗渣瀉獅砂社祀祠私篩紗絲肆舍莎蓑蛇裟詐詞謝賜赦辭邪飼駟麝削數朔索"],
-["dfa1","傘刪山散汕珊産疝算蒜酸霰乷撒殺煞薩三參杉森渗芟蔘衫揷澁鈒颯上傷像償商喪嘗孀尙峠常床庠廂想桑橡湘爽牀狀相祥箱翔裳觴詳象賞霜塞璽賽嗇塞穡索色牲生甥省笙墅壻嶼序庶徐恕抒捿敍暑曙書栖棲犀瑞筮絮緖署"],
-["e0a1","胥舒薯西誓逝鋤黍鼠夕奭席惜昔晳析汐淅潟石碩蓆釋錫仙僊先善嬋宣扇敾旋渲煽琁瑄璇璿癬禪線繕羨腺膳船蘚蟬詵跣選銑鐥饍鮮卨屑楔泄洩渫舌薛褻設說雪齧剡暹殲纖蟾贍閃陝攝涉燮葉城姓宬性惺成星晟猩珹盛省筬"],
-["e1a1","聖聲腥誠醒世勢歲洗稅笹細說貰召嘯塑宵小少巢所掃搔昭梳沼消溯瀟炤燒甦疏疎瘙笑篠簫素紹蔬蕭蘇訴逍遡邵銷韶騷俗屬束涑粟續謖贖速孫巽損蓀遜飡率宋悚松淞訟誦送頌刷殺灑碎鎖衰釗修受嗽囚垂壽嫂守岫峀帥愁"],
-["e2a1","戍手授搜收數樹殊水洙漱燧狩獸琇璲瘦睡秀穗竪粹綏綬繡羞脩茱蒐蓚藪袖誰讐輸遂邃酬銖銹隋隧隨雖需須首髓鬚叔塾夙孰宿淑潚熟琡璹肅菽巡徇循恂旬栒楯橓殉洵淳珣盾瞬筍純脣舜荀蓴蕣詢諄醇錞順馴戌術述鉥崇崧"],
-["e3a1","嵩瑟膝蝨濕拾習褶襲丞乘僧勝升承昇繩蠅陞侍匙嘶始媤尸屎屍市弑恃施是時枾柴猜矢示翅蒔蓍視試詩諡豕豺埴寔式息拭植殖湜熄篒蝕識軾食飾伸侁信呻娠宸愼新晨燼申神紳腎臣莘薪藎蜃訊身辛辰迅失室實悉審尋心沁"],
-["e4a1","沈深瀋甚芯諶什十拾雙氏亞俄兒啞娥峨我牙芽莪蛾衙訝阿雅餓鴉鵝堊岳嶽幄惡愕握樂渥鄂鍔顎鰐齷安岸按晏案眼雁鞍顔鮟斡謁軋閼唵岩巖庵暗癌菴闇壓押狎鴨仰央怏昻殃秧鴦厓哀埃崖愛曖涯碍艾隘靄厄扼掖液縊腋額"],
-["e5a1","櫻罌鶯鸚也倻冶夜惹揶椰爺耶若野弱掠略約若葯蒻藥躍亮佯兩凉壤孃恙揚攘敭暘梁楊樣洋瀁煬痒瘍禳穰糧羊良襄諒讓釀陽量養圄御於漁瘀禦語馭魚齬億憶抑檍臆偃堰彦焉言諺孼蘖俺儼嚴奄掩淹嶪業円予余勵呂女如廬"],
-["e6a1","旅歟汝濾璵礖礪與艅茹輿轝閭餘驪麗黎亦力域役易曆歷疫繹譯轢逆驛嚥堧姸娟宴年延憐戀捐挻撚椽沇沿涎涓淵演漣烟然煙煉燃燕璉硏硯秊筵緣練縯聯衍軟輦蓮連鉛鍊鳶列劣咽悅涅烈熱裂說閱厭廉念捻染殮炎焰琰艶苒"],
-["e7a1","簾閻髥鹽曄獵燁葉令囹塋寧嶺嶸影怜映暎楹榮永泳渶潁濚瀛瀯煐營獰玲瑛瑩瓔盈穎纓羚聆英詠迎鈴鍈零霙靈領乂倪例刈叡曳汭濊猊睿穢芮藝蘂禮裔詣譽豫醴銳隸霓預五伍俉傲午吾吳嗚塢墺奧娛寤悟惡懊敖旿晤梧汚澳"],
-["e8a1","烏熬獒筽蜈誤鰲鼇屋沃獄玉鈺溫瑥瘟穩縕蘊兀壅擁瓮甕癰翁邕雍饔渦瓦窩窪臥蛙蝸訛婉完宛梡椀浣玩琓琬碗緩翫脘腕莞豌阮頑曰往旺枉汪王倭娃歪矮外嵬巍猥畏了僚僥凹堯夭妖姚寥寮尿嶢拗搖撓擾料曜樂橈燎燿瑤療"],
-["e9a1","窈窯繇繞耀腰蓼蟯要謠遙遼邀饒慾欲浴縟褥辱俑傭冗勇埇墉容庸慂榕涌湧溶熔瑢用甬聳茸蓉踊鎔鏞龍于佑偶優又友右宇寓尤愚憂旴牛玗瑀盂祐禑禹紆羽芋藕虞迂遇郵釪隅雨雩勖彧旭昱栯煜稶郁頊云暈橒殞澐熉耘芸蕓"],
-["eaa1","運隕雲韻蔚鬱亐熊雄元原員圓園垣媛嫄寃怨愿援沅洹湲源爰猿瑗苑袁轅遠阮院願鴛月越鉞位偉僞危圍委威尉慰暐渭爲瑋緯胃萎葦蔿蝟衛褘謂違韋魏乳侑儒兪劉唯喩孺宥幼幽庾悠惟愈愉揄攸有杻柔柚柳楡楢油洧流游溜"],
-["eba1","濡猶猷琉瑜由留癒硫紐維臾萸裕誘諛諭踰蹂遊逾遺酉釉鍮類六堉戮毓肉育陸倫允奫尹崙淪潤玧胤贇輪鈗閏律慄栗率聿戎瀜絨融隆垠恩慇殷誾銀隱乙吟淫蔭陰音飮揖泣邑凝應膺鷹依倚儀宜意懿擬椅毅疑矣義艤薏蟻衣誼"],
-["eca1","議醫二以伊利吏夷姨履已弛彛怡易李梨泥爾珥理異痍痢移罹而耳肄苡荑裏裡貽貳邇里離飴餌匿溺瀷益翊翌翼謚人仁刃印吝咽因姻寅引忍湮燐璘絪茵藺蚓認隣靭靷鱗麟一佚佾壹日溢逸鎰馹任壬妊姙恁林淋稔臨荏賃入卄"],
-["eda1","立笠粒仍剩孕芿仔刺咨姉姿子字孜恣慈滋炙煮玆瓷疵磁紫者自茨蔗藉諮資雌作勺嚼斫昨灼炸爵綽芍酌雀鵲孱棧殘潺盞岑暫潛箴簪蠶雜丈仗匠場墻壯奬將帳庄張掌暲杖樟檣欌漿牆狀獐璋章粧腸臟臧莊葬蔣薔藏裝贓醬長"],
-["eea1","障再哉在宰才材栽梓渽滓災縡裁財載齋齎爭箏諍錚佇低儲咀姐底抵杵楮樗沮渚狙猪疽箸紵苧菹著藷詛貯躇這邸雎齟勣吊嫡寂摘敵滴狄炙的積笛籍績翟荻謫賊赤跡蹟迪迹適鏑佃佺傳全典前剪塡塼奠專展廛悛戰栓殿氈澱"],
-["efa1","煎琠田甸畑癲筌箋箭篆纏詮輾轉鈿銓錢鐫電顚顫餞切截折浙癤竊節絶占岾店漸点粘霑鮎點接摺蝶丁井亭停偵呈姃定幀庭廷征情挺政整旌晶晸柾楨檉正汀淀淨渟湞瀞炡玎珽町睛碇禎程穽精綎艇訂諪貞鄭酊釘鉦鋌錠霆靖"],
-["f0a1","靜頂鼎制劑啼堤帝弟悌提梯濟祭第臍薺製諸蹄醍除際霽題齊俎兆凋助嘲弔彫措操早晁曺曹朝條棗槽漕潮照燥爪璪眺祖祚租稠窕粗糟組繰肇藻蚤詔調趙躁造遭釣阻雕鳥族簇足鏃存尊卒拙猝倧宗從悰慫棕淙琮種終綜縱腫"],
-["f1a1","踪踵鍾鐘佐坐左座挫罪主住侏做姝胄呪周嗾奏宙州廚晝朱柱株注洲湊澍炷珠疇籌紂紬綢舟蛛註誅走躊輳週酎酒鑄駐竹粥俊儁准埈寯峻晙樽浚準濬焌畯竣蠢逡遵雋駿茁中仲衆重卽櫛楫汁葺增憎曾拯烝甑症繒蒸證贈之只"],
-["f2a1","咫地址志持指摯支旨智枝枳止池沚漬知砥祉祗紙肢脂至芝芷蜘誌識贄趾遲直稙稷織職唇嗔塵振搢晉晋桭榛殄津溱珍瑨璡畛疹盡眞瞋秦縉縝臻蔯袗診賑軫辰進鎭陣陳震侄叱姪嫉帙桎瓆疾秩窒膣蛭質跌迭斟朕什執潗緝輯"],
-["f3a1","鏶集徵懲澄且侘借叉嗟嵯差次此磋箚茶蹉車遮捉搾着窄錯鑿齪撰澯燦璨瓚竄簒纂粲纘讚贊鑽餐饌刹察擦札紮僭參塹慘慙懺斬站讒讖倉倡創唱娼廠彰愴敞昌昶暢槍滄漲猖瘡窓脹艙菖蒼債埰寀寨彩採砦綵菜蔡采釵冊柵策"],
-["f4a1","責凄妻悽處倜刺剔尺慽戚拓擲斥滌瘠脊蹠陟隻仟千喘天川擅泉淺玔穿舛薦賤踐遷釧闡阡韆凸哲喆徹撤澈綴輟轍鐵僉尖沾添甛瞻簽籤詹諂堞妾帖捷牒疊睫諜貼輒廳晴淸聽菁請靑鯖切剃替涕滯締諦逮遞體初剿哨憔抄招梢"],
-["f5a1","椒楚樵炒焦硝礁礎秒稍肖艸苕草蕉貂超酢醋醮促囑燭矗蜀觸寸忖村邨叢塚寵悤憁摠總聰蔥銃撮催崔最墜抽推椎楸樞湫皺秋芻萩諏趨追鄒酋醜錐錘鎚雛騶鰍丑畜祝竺筑築縮蓄蹙蹴軸逐春椿瑃出朮黜充忠沖蟲衝衷悴膵萃"],
-["f6a1","贅取吹嘴娶就炊翠聚脆臭趣醉驟鷲側仄厠惻測層侈値嗤峙幟恥梔治淄熾痔痴癡稚穉緇緻置致蚩輜雉馳齒則勅飭親七柒漆侵寢枕沈浸琛砧針鍼蟄秤稱快他咤唾墮妥惰打拖朶楕舵陀馱駝倬卓啄坼度托拓擢晫柝濁濯琢琸託"],
-["f7a1","鐸呑嘆坦彈憚歎灘炭綻誕奪脫探眈耽貪塔搭榻宕帑湯糖蕩兌台太怠態殆汰泰笞胎苔跆邰颱宅擇澤撑攄兎吐土討慟桶洞痛筒統通堆槌腿褪退頹偸套妬投透鬪慝特闖坡婆巴把播擺杷波派爬琶破罷芭跛頗判坂板版瓣販辦鈑"],
-["f8a1","阪八叭捌佩唄悖敗沛浿牌狽稗覇貝彭澎烹膨愎便偏扁片篇編翩遍鞭騙貶坪平枰萍評吠嬖幣廢弊斃肺蔽閉陛佈包匍匏咆哺圃布怖抛抱捕暴泡浦疱砲胞脯苞葡蒲袍褒逋鋪飽鮑幅暴曝瀑爆輻俵剽彪慓杓標漂瓢票表豹飇飄驃"],
-["f9a1","品稟楓諷豊風馮彼披疲皮被避陂匹弼必泌珌畢疋筆苾馝乏逼下何厦夏廈昰河瑕荷蝦賀遐霞鰕壑學虐謔鶴寒恨悍旱汗漢澣瀚罕翰閑閒限韓割轄函含咸啣喊檻涵緘艦銜陷鹹合哈盒蛤閤闔陜亢伉姮嫦巷恒抗杭桁沆港缸肛航"],
-["faa1","行降項亥偕咳垓奚孩害懈楷海瀣蟹解該諧邂駭骸劾核倖幸杏荇行享向嚮珦鄕響餉饗香噓墟虛許憲櫶獻軒歇險驗奕爀赫革俔峴弦懸晛泫炫玄玹現眩睍絃絢縣舷衒見賢鉉顯孑穴血頁嫌俠協夾峽挾浹狹脅脇莢鋏頰亨兄刑型"],
-["fba1","形泂滎瀅灐炯熒珩瑩荊螢衡逈邢鎣馨兮彗惠慧暳蕙蹊醯鞋乎互呼壕壺好岵弧戶扈昊晧毫浩淏湖滸澔濠濩灝狐琥瑚瓠皓祜糊縞胡芦葫蒿虎號蝴護豪鎬頀顥惑或酷婚昏混渾琿魂忽惚笏哄弘汞泓洪烘紅虹訌鴻化和嬅樺火畵"],
-["fca1","禍禾花華話譁貨靴廓擴攫確碻穫丸喚奐宦幻患換歡晥桓渙煥環紈還驩鰥活滑猾豁闊凰幌徨恍惶愰慌晃晄榥況湟滉潢煌璜皇篁簧荒蝗遑隍黃匯回廻徊恢悔懷晦會檜淮澮灰獪繪膾茴蛔誨賄劃獲宖橫鐄哮嚆孝效斅曉梟涍淆"],
-["fda1","爻肴酵驍侯候厚后吼喉嗅帿後朽煦珝逅勛勳塤壎焄熏燻薰訓暈薨喧暄煊萱卉喙毁彙徽揮暉煇諱輝麾休携烋畦虧恤譎鷸兇凶匈洶胸黑昕欣炘痕吃屹紇訖欠欽歆吸恰洽翕興僖凞喜噫囍姬嬉希憙憘戱晞曦熙熹熺犧禧稀羲詰"]
-]
diff --git a/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/cp950.json b/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/cp950.json
deleted file mode 100644
index d8bc871..0000000
--- a/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/cp950.json
+++ /dev/null
@@ -1,177 +0,0 @@
-[
-["0","\u0000",127],
-["a140","　，、。．‧；：？！︰…‥﹐﹑﹒·﹔﹕﹖﹗｜–︱—︳╴︴﹏（）︵︶｛｝︷︸〔〕︹︺【】︻︼《》︽︾〈〉︿﹀「」﹁﹂『』﹃﹄﹙﹚"],
-["a1a1","﹛﹜﹝﹞‘’“”〝〞‵′＃＆＊※§〃○●△▲◎☆★◇◆□■▽▼㊣℅¯￣＿ˍ﹉﹊﹍﹎﹋﹌﹟﹠﹡＋－×÷±√＜＞＝≦≧≠∞≒≡﹢",4,"～∩∪⊥∠∟⊿㏒㏑∫∮∵∴♀♂⊕⊙↑↓←→↖↗↙↘∥∣／"],
-["a240","＼∕﹨＄￥〒￠￡％＠℃℉﹩﹪﹫㏕㎜㎝㎞㏎㎡㎎㎏㏄°兙兛兞兝兡兣嗧瓩糎▁",7,"▏▎▍▌▋▊▉┼┴┬┤├▔─│▕┌┐└┘╭"],
-["a2a1","╮╰╯═╞╪╡◢◣◥◤╱╲╳０",9,"Ⅰ",9,"〡",8,"十卄卅Ａ",25,"ａ",21],
-["a340","ｗｘｙｚΑ",16,"Σ",6,"α",16,"σ",6,"ㄅ",10],
-["a3a1","ㄐ",25,"˙ˉˊˇˋ"],
-["a3e1","€"],
-["a440","一乙丁七乃九了二人儿入八几刀刁力匕十卜又三下丈上丫丸凡久么也乞于亡兀刃勺千叉口土士夕大女子孑孓寸小尢尸山川工己已巳巾干廾弋弓才"],
-["a4a1","丑丐不中丰丹之尹予云井互五亢仁什仃仆仇仍今介仄元允內六兮公冗凶分切刈勻勾勿化匹午升卅卞厄友及反壬天夫太夭孔少尤尺屯巴幻廿弔引心戈戶手扎支文斗斤方日曰月木欠止歹毋比毛氏水火爪父爻片牙牛犬王丙"],
-["a540","世丕且丘主乍乏乎以付仔仕他仗代令仙仞充兄冉冊冬凹出凸刊加功包匆北匝仟半卉卡占卯卮去可古右召叮叩叨叼司叵叫另只史叱台句叭叻四囚外"],
-["a5a1","央失奴奶孕它尼巨巧左市布平幼弁弘弗必戊打扔扒扑斥旦朮本未末札正母民氐永汁汀氾犯玄玉瓜瓦甘生用甩田由甲申疋白皮皿目矛矢石示禾穴立丞丟乒乓乩亙交亦亥仿伉伙伊伕伍伐休伏仲件任仰仳份企伋光兇兆先全"],
-["a640","共再冰列刑划刎刖劣匈匡匠印危吉吏同吊吐吁吋各向名合吃后吆吒因回囝圳地在圭圬圯圩夙多夷夸妄奸妃好她如妁字存宇守宅安寺尖屹州帆并年"],
-["a6a1","式弛忙忖戎戌戍成扣扛托收早旨旬旭曲曳有朽朴朱朵次此死氖汝汗汙江池汐汕污汛汍汎灰牟牝百竹米糸缶羊羽老考而耒耳聿肉肋肌臣自至臼舌舛舟艮色艾虫血行衣西阡串亨位住佇佗佞伴佛何估佐佑伽伺伸佃佔似但佣"],
-["a740","作你伯低伶余佝佈佚兌克免兵冶冷別判利刪刨劫助努劬匣即卵吝吭吞吾否呎吧呆呃吳呈呂君吩告吹吻吸吮吵吶吠吼呀吱含吟听囪困囤囫坊坑址坍"],
-["a7a1","均坎圾坐坏圻壯夾妝妒妨妞妣妙妖妍妤妓妊妥孝孜孚孛完宋宏尬局屁尿尾岐岑岔岌巫希序庇床廷弄弟彤形彷役忘忌志忍忱快忸忪戒我抄抗抖技扶抉扭把扼找批扳抒扯折扮投抓抑抆改攻攸旱更束李杏材村杜杖杞杉杆杠"],
-["a840","杓杗步每求汞沙沁沈沉沅沛汪決沐汰沌汨沖沒汽沃汲汾汴沆汶沍沔沘沂灶灼災灸牢牡牠狄狂玖甬甫男甸皂盯矣私秀禿究系罕肖肓肝肘肛肚育良芒"],
-["a8a1","芋芍見角言谷豆豕貝赤走足身車辛辰迂迆迅迄巡邑邢邪邦那酉釆里防阮阱阪阬並乖乳事些亞享京佯依侍佳使佬供例來侃佰併侈佩佻侖佾侏侑佺兔兒兕兩具其典冽函刻券刷刺到刮制剁劾劻卒協卓卑卦卷卸卹取叔受味呵"],
-["a940","咖呸咕咀呻呷咄咒咆呼咐呱呶和咚呢周咋命咎固垃坷坪坩坡坦坤坼夜奉奇奈奄奔妾妻委妹妮姑姆姐姍始姓姊妯妳姒姅孟孤季宗定官宜宙宛尚屈居"],
-["a9a1","屆岷岡岸岩岫岱岳帘帚帖帕帛帑幸庚店府底庖延弦弧弩往征彿彼忝忠忽念忿怏怔怯怵怖怪怕怡性怩怫怛或戕房戾所承拉拌拄抿拂抹拒招披拓拔拋拈抨抽押拐拙拇拍抵拚抱拘拖拗拆抬拎放斧於旺昔易昌昆昂明昀昏昕昊"],
-["aa40","昇服朋杭枋枕東果杳杷枇枝林杯杰板枉松析杵枚枓杼杪杲欣武歧歿氓氛泣注泳沱泌泥河沽沾沼波沫法泓沸泄油況沮泗泅泱沿治泡泛泊沬泯泜泖泠"],
-["aaa1","炕炎炒炊炙爬爭爸版牧物狀狎狙狗狐玩玨玟玫玥甽疝疙疚的盂盲直知矽社祀祁秉秈空穹竺糾罔羌羋者肺肥肢肱股肫肩肴肪肯臥臾舍芳芝芙芭芽芟芹花芬芥芯芸芣芰芾芷虎虱初表軋迎返近邵邸邱邶采金長門阜陀阿阻附"],
-["ab40","陂隹雨青非亟亭亮信侵侯便俠俑俏保促侶俘俟俊俗侮俐俄係俚俎俞侷兗冒冑冠剎剃削前剌剋則勇勉勃勁匍南卻厚叛咬哀咨哎哉咸咦咳哇哂咽咪品"],
-["aba1","哄哈咯咫咱咻咩咧咿囿垂型垠垣垢城垮垓奕契奏奎奐姜姘姿姣姨娃姥姪姚姦威姻孩宣宦室客宥封屎屏屍屋峙峒巷帝帥帟幽庠度建弈弭彥很待徊律徇後徉怒思怠急怎怨恍恰恨恢恆恃恬恫恪恤扁拜挖按拼拭持拮拽指拱拷"],
-["ac40","拯括拾拴挑挂政故斫施既春昭映昧是星昨昱昤曷柿染柱柔某柬架枯柵柩柯柄柑枴柚查枸柏柞柳枰柙柢柝柒歪殃殆段毒毗氟泉洋洲洪流津洌洱洞洗"],
-["aca1","活洽派洶洛泵洹洧洸洩洮洵洎洫炫為炳炬炯炭炸炮炤爰牲牯牴狩狠狡玷珊玻玲珍珀玳甚甭畏界畎畋疫疤疥疢疣癸皆皇皈盈盆盃盅省盹相眉看盾盼眇矜砂研砌砍祆祉祈祇禹禺科秒秋穿突竿竽籽紂紅紀紉紇約紆缸美羿耄"],
-["ad40","耐耍耑耶胖胥胚胃胄背胡胛胎胞胤胝致舢苧范茅苣苛苦茄若茂茉苒苗英茁苜苔苑苞苓苟苯茆虐虹虻虺衍衫要觔計訂訃貞負赴赳趴軍軌述迦迢迪迥"],
-["ada1","迭迫迤迨郊郎郁郃酋酊重閂限陋陌降面革韋韭音頁風飛食首香乘亳倌倍倣俯倦倥俸倩倖倆值借倚倒們俺倀倔倨俱倡個候倘俳修倭倪俾倫倉兼冤冥冢凍凌准凋剖剜剔剛剝匪卿原厝叟哨唐唁唷哼哥哲唆哺唔哩哭員唉哮哪"],
-["ae40","哦唧唇哽唏圃圄埂埔埋埃堉夏套奘奚娑娘娜娟娛娓姬娠娣娩娥娌娉孫屘宰害家宴宮宵容宸射屑展屐峭峽峻峪峨峰島崁峴差席師庫庭座弱徒徑徐恙"],
-["aea1","恣恥恐恕恭恩息悄悟悚悍悔悌悅悖扇拳挈拿捎挾振捕捂捆捏捉挺捐挽挪挫挨捍捌效敉料旁旅時晉晏晃晒晌晅晁書朔朕朗校核案框桓根桂桔栩梳栗桌桑栽柴桐桀格桃株桅栓栘桁殊殉殷氣氧氨氦氤泰浪涕消涇浦浸海浙涓"],
-["af40","浬涉浮浚浴浩涌涊浹涅浥涔烊烘烤烙烈烏爹特狼狹狽狸狷玆班琉珮珠珪珞畔畝畜畚留疾病症疲疳疽疼疹痂疸皋皰益盍盎眩真眠眨矩砰砧砸砝破砷"],
-["afa1","砥砭砠砟砲祕祐祠祟祖神祝祗祚秤秣秧租秦秩秘窄窈站笆笑粉紡紗紋紊素索純紐紕級紜納紙紛缺罟羔翅翁耆耘耕耙耗耽耿胱脂胰脅胭胴脆胸胳脈能脊胼胯臭臬舀舐航舫舨般芻茫荒荔荊茸荐草茵茴荏茲茹茶茗荀茱茨荃"],
-["b040","虔蚊蚪蚓蚤蚩蚌蚣蚜衰衷袁袂衽衹記訐討訌訕訊託訓訖訏訑豈豺豹財貢起躬軒軔軏辱送逆迷退迺迴逃追逅迸邕郡郝郢酒配酌釘針釗釜釙閃院陣陡"],
-["b0a1","陛陝除陘陞隻飢馬骨高鬥鬲鬼乾偺偽停假偃偌做偉健偶偎偕偵側偷偏倏偯偭兜冕凰剪副勒務勘動匐匏匙匿區匾參曼商啪啦啄啞啡啃啊唱啖問啕唯啤唸售啜唬啣唳啁啗圈國圉域堅堊堆埠埤基堂堵執培夠奢娶婁婉婦婪婀"],
-["b140","娼婢婚婆婊孰寇寅寄寂宿密尉專將屠屜屝崇崆崎崛崖崢崑崩崔崙崤崧崗巢常帶帳帷康庸庶庵庾張強彗彬彩彫得徙從徘御徠徜恿患悉悠您惋悴惦悽"],
-["b1a1","情悻悵惜悼惘惕惆惟悸惚惇戚戛扈掠控捲掖探接捷捧掘措捱掩掉掃掛捫推掄授掙採掬排掏掀捻捩捨捺敝敖救教敗啟敏敘敕敔斜斛斬族旋旌旎晝晚晤晨晦晞曹勗望梁梯梢梓梵桿桶梱梧梗械梃棄梭梆梅梔條梨梟梡梂欲殺"],
-["b240","毫毬氫涎涼淳淙液淡淌淤添淺清淇淋涯淑涮淞淹涸混淵淅淒渚涵淚淫淘淪深淮淨淆淄涪淬涿淦烹焉焊烽烯爽牽犁猜猛猖猓猙率琅琊球理現琍瓠瓶"],
-["b2a1","瓷甜產略畦畢異疏痔痕疵痊痍皎盔盒盛眷眾眼眶眸眺硫硃硎祥票祭移窒窕笠笨笛第符笙笞笮粒粗粕絆絃統紮紹紼絀細紳組累終紲紱缽羞羚翌翎習耜聊聆脯脖脣脫脩脰脤舂舵舷舶船莎莞莘荸莢莖莽莫莒莊莓莉莠荷荻荼"],
-["b340","莆莧處彪蛇蛀蚶蛄蚵蛆蛋蚱蚯蛉術袞袈被袒袖袍袋覓規訪訝訣訥許設訟訛訢豉豚販責貫貨貪貧赧赦趾趺軛軟這逍通逗連速逝逐逕逞造透逢逖逛途"],
-["b3a1","部郭都酗野釵釦釣釧釭釩閉陪陵陳陸陰陴陶陷陬雀雪雩章竟頂頃魚鳥鹵鹿麥麻傢傍傅備傑傀傖傘傚最凱割剴創剩勞勝勛博厥啻喀喧啼喊喝喘喂喜喪喔喇喋喃喳單喟唾喲喚喻喬喱啾喉喫喙圍堯堪場堤堰報堡堝堠壹壺奠"],
-["b440","婷媚婿媒媛媧孳孱寒富寓寐尊尋就嵌嵐崴嵇巽幅帽幀幃幾廊廁廂廄弼彭復循徨惑惡悲悶惠愜愣惺愕惰惻惴慨惱愎惶愉愀愒戟扉掣掌描揀揩揉揆揍"],
-["b4a1","插揣提握揖揭揮捶援揪換摒揚揹敞敦敢散斑斐斯普晰晴晶景暑智晾晷曾替期朝棺棕棠棘棗椅棟棵森棧棹棒棲棣棋棍植椒椎棉棚楮棻款欺欽殘殖殼毯氮氯氬港游湔渡渲湧湊渠渥渣減湛湘渤湖湮渭渦湯渴湍渺測湃渝渾滋"],
-["b540","溉渙湎湣湄湲湩湟焙焚焦焰無然煮焜牌犄犀猶猥猴猩琺琪琳琢琥琵琶琴琯琛琦琨甥甦畫番痢痛痣痙痘痞痠登發皖皓皴盜睏短硝硬硯稍稈程稅稀窘"],
-["b5a1","窗窖童竣等策筆筐筒答筍筋筏筑粟粥絞結絨絕紫絮絲絡給絢絰絳善翔翕耋聒肅腕腔腋腑腎脹腆脾腌腓腴舒舜菩萃菸萍菠菅萋菁華菱菴著萊菰萌菌菽菲菊萸萎萄菜萇菔菟虛蛟蛙蛭蛔蛛蛤蛐蛞街裁裂袱覃視註詠評詞証詁"],
-["b640","詔詛詐詆訴診訶詖象貂貯貼貳貽賁費賀貴買貶貿貸越超趁跎距跋跚跑跌跛跆軻軸軼辜逮逵週逸進逶鄂郵鄉郾酣酥量鈔鈕鈣鈉鈞鈍鈐鈇鈑閔閏開閑"],
-["b6a1","間閒閎隊階隋陽隅隆隍陲隄雁雅雄集雇雯雲韌項順須飧飪飯飩飲飭馮馭黃黍黑亂傭債傲傳僅傾催傷傻傯僇剿剷剽募勦勤勢勣匯嗟嗨嗓嗦嗎嗜嗇嗑嗣嗤嗯嗚嗡嗅嗆嗥嗉園圓塞塑塘塗塚塔填塌塭塊塢塒塋奧嫁嫉嫌媾媽媼"],
-["b740","媳嫂媲嵩嵯幌幹廉廈弒彙徬微愚意慈感想愛惹愁愈慎慌慄慍愾愴愧愍愆愷戡戢搓搾搞搪搭搽搬搏搜搔損搶搖搗搆敬斟新暗暉暇暈暖暄暘暍會榔業"],
-["b7a1","楚楷楠楔極椰概楊楨楫楞楓楹榆楝楣楛歇歲毀殿毓毽溢溯滓溶滂源溝滇滅溥溘溼溺溫滑準溜滄滔溪溧溴煎煙煩煤煉照煜煬煦煌煥煞煆煨煖爺牒猷獅猿猾瑯瑚瑕瑟瑞瑁琿瑙瑛瑜當畸瘀痰瘁痲痱痺痿痴痳盞盟睛睫睦睞督"],
-["b840","睹睪睬睜睥睨睢矮碎碰碗碘碌碉硼碑碓硿祺祿禁萬禽稜稚稠稔稟稞窟窠筷節筠筮筧粱粳粵經絹綑綁綏絛置罩罪署義羨群聖聘肆肄腱腰腸腥腮腳腫"],
-["b8a1","腹腺腦舅艇蒂葷落萱葵葦葫葉葬葛萼萵葡董葩葭葆虞虜號蛹蜓蜈蜇蜀蛾蛻蜂蜃蜆蜊衙裟裔裙補裘裝裡裊裕裒覜解詫該詳試詩詰誇詼詣誠話誅詭詢詮詬詹詻訾詨豢貊貉賊資賈賄貲賃賂賅跡跟跨路跳跺跪跤跦躲較載軾輊"],
-["b940","辟農運遊道遂達逼違遐遇遏過遍遑逾遁鄒鄗酬酪酩釉鈷鉗鈸鈽鉀鈾鉛鉋鉤鉑鈴鉉鉍鉅鈹鈿鉚閘隘隔隕雍雋雉雊雷電雹零靖靴靶預頑頓頊頒頌飼飴"],
-["b9a1","飽飾馳馱馴髡鳩麂鼎鼓鼠僧僮僥僖僭僚僕像僑僱僎僩兢凳劃劂匱厭嗾嘀嘛嘗嗽嘔嘆嘉嘍嘎嗷嘖嘟嘈嘐嗶團圖塵塾境墓墊塹墅塽壽夥夢夤奪奩嫡嫦嫩嫗嫖嫘嫣孵寞寧寡寥實寨寢寤察對屢嶄嶇幛幣幕幗幔廓廖弊彆彰徹慇"],
-["ba40","愿態慷慢慣慟慚慘慵截撇摘摔撤摸摟摺摑摧搴摭摻敲斡旗旖暢暨暝榜榨榕槁榮槓構榛榷榻榫榴槐槍榭槌榦槃榣歉歌氳漳演滾漓滴漩漾漠漬漏漂漢"],
-["baa1","滿滯漆漱漸漲漣漕漫漯澈漪滬漁滲滌滷熔熙煽熊熄熒爾犒犖獄獐瑤瑣瑪瑰瑭甄疑瘧瘍瘋瘉瘓盡監瞄睽睿睡磁碟碧碳碩碣禎福禍種稱窪窩竭端管箕箋筵算箝箔箏箸箇箄粹粽精綻綰綜綽綾綠緊綴網綱綺綢綿綵綸維緒緇綬"],
-["bb40","罰翠翡翟聞聚肇腐膀膏膈膊腿膂臧臺與舔舞艋蓉蒿蓆蓄蒙蒞蒲蒜蓋蒸蓀蓓蒐蒼蓑蓊蜿蜜蜻蜢蜥蜴蜘蝕蜷蜩裳褂裴裹裸製裨褚裯誦誌語誣認誡誓誤"],
-["bba1","說誥誨誘誑誚誧豪貍貌賓賑賒赫趙趕跼輔輒輕輓辣遠遘遜遣遙遞遢遝遛鄙鄘鄞酵酸酷酴鉸銀銅銘銖鉻銓銜銨鉼銑閡閨閩閣閥閤隙障際雌雒需靼鞅韶頗領颯颱餃餅餌餉駁骯骰髦魁魂鳴鳶鳳麼鼻齊億儀僻僵價儂儈儉儅凜"],
-["bc40","劇劈劉劍劊勰厲嘮嘻嘹嘲嘿嘴嘩噓噎噗噴嘶嘯嘰墀墟增墳墜墮墩墦奭嬉嫻嬋嫵嬌嬈寮寬審寫層履嶝嶔幢幟幡廢廚廟廝廣廠彈影德徵慶慧慮慝慕憂"],
-["bca1","慼慰慫慾憧憐憫憎憬憚憤憔憮戮摩摯摹撞撲撈撐撰撥撓撕撩撒撮播撫撚撬撙撢撳敵敷數暮暫暴暱樣樟槨樁樞標槽模樓樊槳樂樅槭樑歐歎殤毅毆漿潼澄潑潦潔澆潭潛潸潮澎潺潰潤澗潘滕潯潠潟熟熬熱熨牖犛獎獗瑩璋璃"],
-["bd40","瑾璀畿瘠瘩瘟瘤瘦瘡瘢皚皺盤瞎瞇瞌瞑瞋磋磅確磊碾磕碼磐稿稼穀稽稷稻窯窮箭箱範箴篆篇篁箠篌糊締練緯緻緘緬緝編緣線緞緩綞緙緲緹罵罷羯"],
-["bda1","翩耦膛膜膝膠膚膘蔗蔽蔚蓮蔬蔭蔓蔑蔣蔡蔔蓬蔥蓿蔆螂蝴蝶蝠蝦蝸蝨蝙蝗蝌蝓衛衝褐複褒褓褕褊誼諒談諄誕請諸課諉諂調誰論諍誶誹諛豌豎豬賠賞賦賤賬賭賢賣賜質賡赭趟趣踫踐踝踢踏踩踟踡踞躺輝輛輟輩輦輪輜輞"],
-["be40","輥適遮遨遭遷鄰鄭鄧鄱醇醉醋醃鋅銻銷鋪銬鋤鋁銳銼鋒鋇鋰銲閭閱霄霆震霉靠鞍鞋鞏頡頫頜颳養餓餒餘駝駐駟駛駑駕駒駙骷髮髯鬧魅魄魷魯鴆鴉"],
-["bea1","鴃麩麾黎墨齒儒儘儔儐儕冀冪凝劑劓勳噙噫噹噩噤噸噪器噥噱噯噬噢噶壁墾壇壅奮嬝嬴學寰導彊憲憑憩憊懍憶憾懊懈戰擅擁擋撻撼據擄擇擂操撿擒擔撾整曆曉暹曄曇暸樽樸樺橙橫橘樹橄橢橡橋橇樵機橈歙歷氅濂澱澡"],
-["bf40","濃澤濁澧澳激澹澶澦澠澴熾燉燐燒燈燕熹燎燙燜燃燄獨璜璣璘璟璞瓢甌甍瘴瘸瘺盧盥瞠瞞瞟瞥磨磚磬磧禦積穎穆穌穋窺篙簑築篤篛篡篩篦糕糖縊"],
-["bfa1","縑縈縛縣縞縝縉縐罹羲翰翱翮耨膳膩膨臻興艘艙蕊蕙蕈蕨蕩蕃蕉蕭蕪蕞螃螟螞螢融衡褪褲褥褫褡親覦諦諺諫諱謀諜諧諮諾謁謂諷諭諳諶諼豫豭貓賴蹄踱踴蹂踹踵輻輯輸輳辨辦遵遴選遲遼遺鄴醒錠錶鋸錳錯錢鋼錫錄錚"],
-["c040","錐錦錡錕錮錙閻隧隨險雕霎霑霖霍霓霏靛靜靦鞘頰頸頻頷頭頹頤餐館餞餛餡餚駭駢駱骸骼髻髭鬨鮑鴕鴣鴦鴨鴒鴛默黔龍龜優償儡儲勵嚎嚀嚐嚅嚇"],
-["c0a1","嚏壕壓壑壎嬰嬪嬤孺尷屨嶼嶺嶽嶸幫彌徽應懂懇懦懋戲戴擎擊擘擠擰擦擬擱擢擭斂斃曙曖檀檔檄檢檜櫛檣橾檗檐檠歜殮毚氈濘濱濟濠濛濤濫濯澀濬濡濩濕濮濰燧營燮燦燥燭燬燴燠爵牆獰獲璩環璦璨癆療癌盪瞳瞪瞰瞬"],
-["c140","瞧瞭矯磷磺磴磯礁禧禪穗窿簇簍篾篷簌篠糠糜糞糢糟糙糝縮績繆縷縲繃縫總縱繅繁縴縹繈縵縿縯罄翳翼聱聲聰聯聳臆臃膺臂臀膿膽臉膾臨舉艱薪"],
-["c1a1","薄蕾薜薑薔薯薛薇薨薊虧蟀蟑螳蟒蟆螫螻螺蟈蟋褻褶襄褸褽覬謎謗謙講謊謠謝謄謐豁谿豳賺賽購賸賻趨蹉蹋蹈蹊轄輾轂轅輿避遽還邁邂邀鄹醣醞醜鍍鎂錨鍵鍊鍥鍋錘鍾鍬鍛鍰鍚鍔闊闋闌闈闆隱隸雖霜霞鞠韓顆颶餵騁"],
-["c240","駿鮮鮫鮪鮭鴻鴿麋黏點黜黝黛鼾齋叢嚕嚮壙壘嬸彝懣戳擴擲擾攆擺擻擷斷曜朦檳檬櫃檻檸櫂檮檯歟歸殯瀉瀋濾瀆濺瀑瀏燻燼燾燸獷獵璧璿甕癖癘"],
-["c2a1","癒瞽瞿瞻瞼礎禮穡穢穠竄竅簫簧簪簞簣簡糧織繕繞繚繡繒繙罈翹翻職聶臍臏舊藏薩藍藐藉薰薺薹薦蟯蟬蟲蟠覆覲觴謨謹謬謫豐贅蹙蹣蹦蹤蹟蹕軀轉轍邇邃邈醫醬釐鎔鎊鎖鎢鎳鎮鎬鎰鎘鎚鎗闔闖闐闕離雜雙雛雞霤鞣鞦"],
-["c340","鞭韹額顏題顎顓颺餾餿餽餮馥騎髁鬃鬆魏魎魍鯊鯉鯽鯈鯀鵑鵝鵠黠鼕鼬儳嚥壞壟壢寵龐廬懲懷懶懵攀攏曠曝櫥櫝櫚櫓瀛瀟瀨瀚瀝瀕瀘爆爍牘犢獸"],
-["c3a1","獺璽瓊瓣疇疆癟癡矇礙禱穫穩簾簿簸簽簷籀繫繭繹繩繪羅繳羶羹羸臘藩藝藪藕藤藥藷蟻蠅蠍蟹蟾襠襟襖襞譁譜識證譚譎譏譆譙贈贊蹼蹲躇蹶蹬蹺蹴轔轎辭邊邋醱醮鏡鏑鏟鏃鏈鏜鏝鏖鏢鏍鏘鏤鏗鏨關隴難霪霧靡韜韻類"],
-["c440","願顛颼饅饉騖騙鬍鯨鯧鯖鯛鶉鵡鵲鵪鵬麒麗麓麴勸嚨嚷嚶嚴嚼壤孀孃孽寶巉懸懺攘攔攙曦朧櫬瀾瀰瀲爐獻瓏癢癥礦礪礬礫竇競籌籃籍糯糰辮繽繼"],
-["c4a1","纂罌耀臚艦藻藹蘑藺蘆蘋蘇蘊蠔蠕襤覺觸議譬警譯譟譫贏贍躉躁躅躂醴釋鐘鐃鏽闡霰飄饒饑馨騫騰騷騵鰓鰍鹹麵黨鼯齟齣齡儷儸囁囀囂夔屬巍懼懾攝攜斕曩櫻欄櫺殲灌爛犧瓖瓔癩矓籐纏續羼蘗蘭蘚蠣蠢蠡蠟襪襬覽譴"],
-["c540","護譽贓躊躍躋轟辯醺鐮鐳鐵鐺鐸鐲鐫闢霸霹露響顧顥饗驅驃驀騾髏魔魑鰭鰥鶯鶴鷂鶸麝黯鼙齜齦齧儼儻囈囊囉孿巔巒彎懿攤權歡灑灘玀瓤疊癮癬"],
-["c5a1","禳籠籟聾聽臟襲襯觼讀贖贗躑躓轡酈鑄鑑鑒霽霾韃韁顫饕驕驍髒鬚鱉鰱鰾鰻鷓鷗鼴齬齪龔囌巖戀攣攫攪曬欐瓚竊籤籣籥纓纖纔臢蘸蘿蠱變邐邏鑣鑠鑤靨顯饜驚驛驗髓體髑鱔鱗鱖鷥麟黴囑壩攬灞癱癲矗罐羈蠶蠹衢讓讒"],
-["c640","讖艷贛釀鑪靂靈靄韆顰驟鬢魘鱟鷹鷺鹼鹽鼇齷齲廳欖灣籬籮蠻觀躡釁鑲鑰顱饞髖鬣黌灤矚讚鑷韉驢驥纜讜躪釅鑽鑾鑼鱷鱸黷豔鑿鸚爨驪鬱鸛鸞籲"],
-["c940","乂乜凵匚厂万丌乇亍囗兀屮彳丏冇与丮亓仂仉仈冘勼卬厹圠夃夬尐巿旡殳毌气爿丱丼仨仜仩仡仝仚刌匜卌圢圣夗夯宁宄尒尻屴屳帄庀庂忉戉扐氕"],
-["c9a1","氶汃氿氻犮犰玊禸肊阞伎优伬仵伔仱伀价伈伝伂伅伢伓伄仴伒冱刓刉刐劦匢匟卍厊吇囡囟圮圪圴夼妀奼妅奻奾奷奿孖尕尥屼屺屻屾巟幵庄异弚彴忕忔忏扜扞扤扡扦扢扙扠扚扥旯旮朾朹朸朻机朿朼朳氘汆汒汜汏汊汔汋"],
-["ca40","汌灱牞犴犵玎甪癿穵网艸艼芀艽艿虍襾邙邗邘邛邔阢阤阠阣佖伻佢佉体佤伾佧佒佟佁佘伭伳伿佡冏冹刜刞刡劭劮匉卣卲厎厏吰吷吪呔呅吙吜吥吘"],
-["caa1","吽呏呁吨吤呇囮囧囥坁坅坌坉坋坒夆奀妦妘妠妗妎妢妐妏妧妡宎宒尨尪岍岏岈岋岉岒岊岆岓岕巠帊帎庋庉庌庈庍弅弝彸彶忒忑忐忭忨忮忳忡忤忣忺忯忷忻怀忴戺抃抌抎抏抔抇扱扻扺扰抁抈扷扽扲扴攷旰旴旳旲旵杅杇"],
-["cb40","杙杕杌杈杝杍杚杋毐氙氚汸汧汫沄沋沏汱汯汩沚汭沇沕沜汦汳汥汻沎灴灺牣犿犽狃狆狁犺狅玕玗玓玔玒町甹疔疕皁礽耴肕肙肐肒肜芐芏芅芎芑芓"],
-["cba1","芊芃芄豸迉辿邟邡邥邞邧邠阰阨阯阭丳侘佼侅佽侀侇佶佴侉侄佷佌侗佪侚佹侁佸侐侜侔侞侒侂侕佫佮冞冼冾刵刲刳剆刱劼匊匋匼厒厔咇呿咁咑咂咈呫呺呾呥呬呴呦咍呯呡呠咘呣呧呤囷囹坯坲坭坫坱坰坶垀坵坻坳坴坢"],
-["cc40","坨坽夌奅妵妺姏姎妲姌姁妶妼姃姖妱妽姀姈妴姇孢孥宓宕屄屇岮岤岠岵岯岨岬岟岣岭岢岪岧岝岥岶岰岦帗帔帙弨弢弣弤彔徂彾彽忞忥怭怦怙怲怋"],
-["cca1","怴怊怗怳怚怞怬怢怍怐怮怓怑怌怉怜戔戽抭抴拑抾抪抶拊抮抳抯抻抩抰抸攽斨斻昉旼昄昒昈旻昃昋昍昅旽昑昐曶朊枅杬枎枒杶杻枘枆构杴枍枌杺枟枑枙枃杽极杸杹枔欥殀歾毞氝沓泬泫泮泙沶泔沭泧沷泐泂沺泃泆泭泲"],
-["cd40","泒泝沴沊沝沀泞泀洰泍泇沰泹泏泩泑炔炘炅炓炆炄炑炖炂炚炃牪狖狋狘狉狜狒狔狚狌狑玤玡玭玦玢玠玬玝瓝瓨甿畀甾疌疘皯盳盱盰盵矸矼矹矻矺"],
-["cda1","矷祂礿秅穸穻竻籵糽耵肏肮肣肸肵肭舠芠苀芫芚芘芛芵芧芮芼芞芺芴芨芡芩苂芤苃芶芢虰虯虭虮豖迒迋迓迍迖迕迗邲邴邯邳邰阹阽阼阺陃俍俅俓侲俉俋俁俔俜俙侻侳俛俇俖侺俀侹俬剄剉勀勂匽卼厗厖厙厘咺咡咭咥哏"],
-["ce40","哃茍咷咮哖咶哅哆咠呰咼咢咾呲哞咰垵垞垟垤垌垗垝垛垔垘垏垙垥垚垕壴复奓姡姞姮娀姱姝姺姽姼姶姤姲姷姛姩姳姵姠姾姴姭宨屌峐峘峌峗峋峛"],
-["cea1","峞峚峉峇峊峖峓峔峏峈峆峎峟峸巹帡帢帣帠帤庰庤庢庛庣庥弇弮彖徆怷怹恔恲恞恅恓恇恉恛恌恀恂恟怤恄恘恦恮扂扃拏挍挋拵挎挃拫拹挏挌拸拶挀挓挔拺挕拻拰敁敃斪斿昶昡昲昵昜昦昢昳昫昺昝昴昹昮朏朐柁柲柈枺"],
-["cf40","柜枻柸柘柀枷柅柫柤柟枵柍枳柷柶柮柣柂枹柎柧柰枲柼柆柭柌枮柦柛柺柉柊柃柪柋欨殂殄殶毖毘毠氠氡洨洴洭洟洼洿洒洊泚洳洄洙洺洚洑洀洝浂"],
-["cfa1","洁洘洷洃洏浀洇洠洬洈洢洉洐炷炟炾炱炰炡炴炵炩牁牉牊牬牰牳牮狊狤狨狫狟狪狦狣玅珌珂珈珅玹玶玵玴珫玿珇玾珃珆玸珋瓬瓮甮畇畈疧疪癹盄眈眃眄眅眊盷盻盺矧矨砆砑砒砅砐砏砎砉砃砓祊祌祋祅祄秕种秏秖秎窀"],
-["d040","穾竑笀笁籺籸籹籿粀粁紃紈紁罘羑羍羾耇耎耏耔耷胘胇胠胑胈胂胐胅胣胙胜胊胕胉胏胗胦胍臿舡芔苙苾苹茇苨茀苕茺苫苖苴苬苡苲苵茌苻苶苰苪"],
-["d0a1","苤苠苺苳苭虷虴虼虳衁衎衧衪衩觓訄訇赲迣迡迮迠郱邽邿郕郅邾郇郋郈釔釓陔陏陑陓陊陎倞倅倇倓倢倰倛俵俴倳倷倬俶俷倗倜倠倧倵倯倱倎党冔冓凊凄凅凈凎剡剚剒剞剟剕剢勍匎厞唦哢唗唒哧哳哤唚哿唄唈哫唑唅哱"],
-["d140","唊哻哷哸哠唎唃唋圁圂埌堲埕埒垺埆垽垼垸垶垿埇埐垹埁夎奊娙娖娭娮娕娏娗娊娞娳孬宧宭宬尃屖屔峬峿峮峱峷崀峹帩帨庨庮庪庬弳弰彧恝恚恧"],
-["d1a1","恁悢悈悀悒悁悝悃悕悛悗悇悜悎戙扆拲挐捖挬捄捅挶捃揤挹捋捊挼挩捁挴捘捔捙挭捇挳捚捑挸捗捀捈敊敆旆旃旄旂晊晟晇晑朒朓栟栚桉栲栳栻桋桏栖栱栜栵栫栭栯桎桄栴栝栒栔栦栨栮桍栺栥栠欬欯欭欱欴歭肂殈毦毤"],
-["d240","毨毣毢毧氥浺浣浤浶洍浡涒浘浢浭浯涑涍淯浿涆浞浧浠涗浰浼浟涂涘洯浨涋浾涀涄洖涃浻浽浵涐烜烓烑烝烋缹烢烗烒烞烠烔烍烅烆烇烚烎烡牂牸"],
-["d2a1","牷牶猀狺狴狾狶狳狻猁珓珙珥珖玼珧珣珩珜珒珛珔珝珚珗珘珨瓞瓟瓴瓵甡畛畟疰痁疻痄痀疿疶疺皊盉眝眛眐眓眒眣眑眕眙眚眢眧砣砬砢砵砯砨砮砫砡砩砳砪砱祔祛祏祜祓祒祑秫秬秠秮秭秪秜秞秝窆窉窅窋窌窊窇竘笐"],
-["d340","笄笓笅笏笈笊笎笉笒粄粑粊粌粈粍粅紞紝紑紎紘紖紓紟紒紏紌罜罡罞罠罝罛羖羒翃翂翀耖耾耹胺胲胹胵脁胻脀舁舯舥茳茭荄茙荑茥荖茿荁茦茜茢"],
-["d3a1","荂荎茛茪茈茼荍茖茤茠茷茯茩荇荅荌荓茞茬荋茧荈虓虒蚢蚨蚖蚍蚑蚞蚇蚗蚆蚋蚚蚅蚥蚙蚡蚧蚕蚘蚎蚝蚐蚔衃衄衭衵衶衲袀衱衿衯袃衾衴衼訒豇豗豻貤貣赶赸趵趷趶軑軓迾迵适迿迻逄迼迶郖郠郙郚郣郟郥郘郛郗郜郤酐"],
-["d440","酎酏釕釢釚陜陟隼飣髟鬯乿偰偪偡偞偠偓偋偝偲偈偍偁偛偊偢倕偅偟偩偫偣偤偆偀偮偳偗偑凐剫剭剬剮勖勓匭厜啵啶唼啍啐唴唪啑啢唶唵唰啒啅"],
-["d4a1","唌唲啥啎唹啈唭唻啀啋圊圇埻堔埢埶埜埴堀埭埽堈埸堋埳埏堇埮埣埲埥埬埡堎埼堐埧堁堌埱埩埰堍堄奜婠婘婕婧婞娸娵婭婐婟婥婬婓婤婗婃婝婒婄婛婈媎娾婍娹婌婰婩婇婑婖婂婜孲孮寁寀屙崞崋崝崚崠崌崨崍崦崥崏"],
-["d540","崰崒崣崟崮帾帴庱庴庹庲庳弶弸徛徖徟悊悐悆悾悰悺惓惔惏惤惙惝惈悱惛悷惊悿惃惍惀挲捥掊掂捽掽掞掭掝掗掫掎捯掇掐据掯捵掜捭掮捼掤挻掟"],
-["d5a1","捸掅掁掑掍捰敓旍晥晡晛晙晜晢朘桹梇梐梜桭桮梮梫楖桯梣梬梩桵桴梲梏桷梒桼桫桲梪梀桱桾梛梖梋梠梉梤桸桻梑梌梊桽欶欳欷欸殑殏殍殎殌氪淀涫涴涳湴涬淩淢涷淶淔渀淈淠淟淖涾淥淜淝淛淴淊涽淭淰涺淕淂淏淉"],
-["d640","淐淲淓淽淗淍淣涻烺焍烷焗烴焌烰焄烳焐烼烿焆焓焀烸烶焋焂焎牾牻牼牿猝猗猇猑猘猊猈狿猏猞玈珶珸珵琄琁珽琇琀珺珼珿琌琋珴琈畤畣痎痒痏"],
-["d6a1","痋痌痑痐皏皉盓眹眯眭眱眲眴眳眽眥眻眵硈硒硉硍硊硌砦硅硐祤祧祩祪祣祫祡离秺秸秶秷窏窔窐笵筇笴笥笰笢笤笳笘笪笝笱笫笭笯笲笸笚笣粔粘粖粣紵紽紸紶紺絅紬紩絁絇紾紿絊紻紨罣羕羜羝羛翊翋翍翐翑翇翏翉耟"],
-["d740","耞耛聇聃聈脘脥脙脛脭脟脬脞脡脕脧脝脢舑舸舳舺舴舲艴莐莣莨莍荺荳莤荴莏莁莕莙荵莔莩荽莃莌莝莛莪莋荾莥莯莈莗莰荿莦莇莮荶莚虙虖蚿蚷"],
-["d7a1","蛂蛁蛅蚺蚰蛈蚹蚳蚸蛌蚴蚻蚼蛃蚽蚾衒袉袕袨袢袪袚袑袡袟袘袧袙袛袗袤袬袌袓袎覂觖觙觕訰訧訬訞谹谻豜豝豽貥赽赻赹趼跂趹趿跁軘軞軝軜軗軠軡逤逋逑逜逌逡郯郪郰郴郲郳郔郫郬郩酖酘酚酓酕釬釴釱釳釸釤釹釪"],
-["d840","釫釷釨釮镺閆閈陼陭陫陱陯隿靪頄飥馗傛傕傔傞傋傣傃傌傎傝偨傜傒傂傇兟凔匒匑厤厧喑喨喥喭啷噅喢喓喈喏喵喁喣喒喤啽喌喦啿喕喡喎圌堩堷"],
-["d8a1","堙堞堧堣堨埵塈堥堜堛堳堿堶堮堹堸堭堬堻奡媯媔媟婺媢媞婸媦婼媥媬媕媮娷媄媊媗媃媋媩婻婽媌媜媏媓媝寪寍寋寔寑寊寎尌尰崷嵃嵫嵁嵋崿崵嵑嵎嵕崳崺嵒崽崱嵙嵂崹嵉崸崼崲崶嵀嵅幄幁彘徦徥徫惉悹惌惢惎惄愔"],
-["d940","惲愊愖愅惵愓惸惼惾惁愃愘愝愐惿愄愋扊掔掱掰揎揥揨揯揃撝揳揊揠揶揕揲揵摡揟掾揝揜揄揘揓揂揇揌揋揈揰揗揙攲敧敪敤敜敨敥斌斝斞斮旐旒"],
-["d9a1","晼晬晻暀晱晹晪晲朁椌棓椄棜椪棬棪棱椏棖棷棫棤棶椓椐棳棡椇棌椈楰梴椑棯棆椔棸棐棽棼棨椋椊椗棎棈棝棞棦棴棑椆棔棩椕椥棇欹欻欿欼殔殗殙殕殽毰毲毳氰淼湆湇渟湉溈渼渽湅湢渫渿湁湝湳渜渳湋湀湑渻渃渮湞"],
-["da40","湨湜湡渱渨湠湱湫渹渢渰湓湥渧湸湤湷湕湹湒湦渵渶湚焠焞焯烻焮焱焣焥焢焲焟焨焺焛牋牚犈犉犆犅犋猒猋猰猢猱猳猧猲猭猦猣猵猌琮琬琰琫琖"],
-["daa1","琚琡琭琱琤琣琝琩琠琲瓻甯畯畬痧痚痡痦痝痟痤痗皕皒盚睆睇睄睍睅睊睎睋睌矞矬硠硤硥硜硭硱硪确硰硩硨硞硢祴祳祲祰稂稊稃稌稄窙竦竤筊笻筄筈筌筎筀筘筅粢粞粨粡絘絯絣絓絖絧絪絏絭絜絫絒絔絩絑絟絎缾缿罥"],
-["db40","罦羢羠羡翗聑聏聐胾胔腃腊腒腏腇脽腍脺臦臮臷臸臹舄舼舽舿艵茻菏菹萣菀菨萒菧菤菼菶萐菆菈菫菣莿萁菝菥菘菿菡菋菎菖菵菉萉萏菞萑萆菂菳"],
-["dba1","菕菺菇菑菪萓菃菬菮菄菻菗菢萛菛菾蛘蛢蛦蛓蛣蛚蛪蛝蛫蛜蛬蛩蛗蛨蛑衈衖衕袺裗袹袸裀袾袶袼袷袽袲褁裉覕覘覗觝觚觛詎詍訹詙詀詗詘詄詅詒詈詑詊詌詏豟貁貀貺貾貰貹貵趄趀趉跘跓跍跇跖跜跏跕跙跈跗跅軯軷軺"],
-["dc40","軹軦軮軥軵軧軨軶軫軱軬軴軩逭逴逯鄆鄬鄄郿郼鄈郹郻鄁鄀鄇鄅鄃酡酤酟酢酠鈁鈊鈥鈃鈚鈦鈏鈌鈀鈒釿釽鈆鈄鈧鈂鈜鈤鈙鈗鈅鈖镻閍閌閐隇陾隈"],
-["dca1","隉隃隀雂雈雃雱雰靬靰靮頇颩飫鳦黹亃亄亶傽傿僆傮僄僊傴僈僂傰僁傺傱僋僉傶傸凗剺剸剻剼嗃嗛嗌嗐嗋嗊嗝嗀嗔嗄嗩喿嗒喍嗏嗕嗢嗖嗈嗲嗍嗙嗂圔塓塨塤塏塍塉塯塕塎塝塙塥塛堽塣塱壼嫇嫄嫋媺媸媱媵媰媿嫈媻嫆"],
-["dd40","媷嫀嫊媴媶嫍媹媐寖寘寙尟尳嵱嵣嵊嵥嵲嵬嵞嵨嵧嵢巰幏幎幊幍幋廅廌廆廋廇彀徯徭惷慉慊愫慅愶愲愮慆愯慏愩慀戠酨戣戥戤揅揱揫搐搒搉搠搤"],
-["dda1","搳摃搟搕搘搹搷搢搣搌搦搰搨摁搵搯搊搚摀搥搧搋揧搛搮搡搎敯斒旓暆暌暕暐暋暊暙暔晸朠楦楟椸楎楢楱椿楅楪椹楂楗楙楺楈楉椵楬椳椽楥棰楸椴楩楀楯楄楶楘楁楴楌椻楋椷楜楏楑椲楒椯楻椼歆歅歃歂歈歁殛嗀毻毼"],
-["de40","毹毷毸溛滖滈溏滀溟溓溔溠溱溹滆滒溽滁溞滉溷溰滍溦滏溲溾滃滜滘溙溒溎溍溤溡溿溳滐滊溗溮溣煇煔煒煣煠煁煝煢煲煸煪煡煂煘煃煋煰煟煐煓"],
-["dea1","煄煍煚牏犍犌犑犐犎猼獂猻猺獀獊獉瑄瑊瑋瑒瑑瑗瑀瑏瑐瑎瑂瑆瑍瑔瓡瓿瓾瓽甝畹畷榃痯瘏瘃痷痾痼痹痸瘐痻痶痭痵痽皙皵盝睕睟睠睒睖睚睩睧睔睙睭矠碇碚碔碏碄碕碅碆碡碃硹碙碀碖硻祼禂祽祹稑稘稙稒稗稕稢稓"],
-["df40","稛稐窣窢窞竫筦筤筭筴筩筲筥筳筱筰筡筸筶筣粲粴粯綈綆綀綍絿綅絺綎絻綃絼綌綔綄絽綒罭罫罧罨罬羦羥羧翛翜耡腤腠腷腜腩腛腢腲朡腞腶腧腯"],
-["dfa1","腄腡舝艉艄艀艂艅蓱萿葖葶葹蒏蒍葥葑葀蒆葧萰葍葽葚葙葴葳葝蔇葞萷萺萴葺葃葸萲葅萩菙葋萯葂萭葟葰萹葎葌葒葯蓅蒎萻葇萶萳葨葾葄萫葠葔葮葐蜋蜄蛷蜌蛺蛖蛵蝍蛸蜎蜉蜁蛶蜍蜅裖裋裍裎裞裛裚裌裐覅覛觟觥觤"],
-["e040","觡觠觢觜触詶誆詿詡訿詷誂誄詵誃誁詴詺谼豋豊豥豤豦貆貄貅賌赨赩趑趌趎趏趍趓趔趐趒跰跠跬跱跮跐跩跣跢跧跲跫跴輆軿輁輀輅輇輈輂輋遒逿"],
-["e0a1","遄遉逽鄐鄍鄏鄑鄖鄔鄋鄎酮酯鉈鉒鈰鈺鉦鈳鉥鉞銃鈮鉊鉆鉭鉬鉏鉠鉧鉯鈶鉡鉰鈱鉔鉣鉐鉲鉎鉓鉌鉖鈲閟閜閞閛隒隓隑隗雎雺雽雸雵靳靷靸靲頏頍頎颬飶飹馯馲馰馵骭骫魛鳪鳭鳧麀黽僦僔僗僨僳僛僪僝僤僓僬僰僯僣僠"],
-["e140","凘劀劁勩勫匰厬嘧嘕嘌嘒嗼嘏嘜嘁嘓嘂嗺嘝嘄嗿嗹墉塼墐墘墆墁塿塴墋塺墇墑墎塶墂墈塻墔墏壾奫嫜嫮嫥嫕嫪嫚嫭嫫嫳嫢嫠嫛嫬嫞嫝嫙嫨嫟孷寠"],
-["e1a1","寣屣嶂嶀嵽嶆嵺嶁嵷嶊嶉嶈嵾嵼嶍嵹嵿幘幙幓廘廑廗廎廜廕廙廒廔彄彃彯徶愬愨慁慞慱慳慒慓慲慬憀慴慔慺慛慥愻慪慡慖戩戧戫搫摍摛摝摴摶摲摳摽摵摦撦摎撂摞摜摋摓摠摐摿搿摬摫摙摥摷敳斠暡暠暟朅朄朢榱榶槉"],
-["e240","榠槎榖榰榬榼榑榙榎榧榍榩榾榯榿槄榽榤槔榹槊榚槏榳榓榪榡榞槙榗榐槂榵榥槆歊歍歋殞殟殠毃毄毾滎滵滱漃漥滸漷滻漮漉潎漙漚漧漘漻漒滭漊"],
-["e2a1","漶潳滹滮漭潀漰漼漵滫漇漎潃漅滽滶漹漜滼漺漟漍漞漈漡熇熐熉熀熅熂熏煻熆熁熗牄牓犗犕犓獃獍獑獌瑢瑳瑱瑵瑲瑧瑮甀甂甃畽疐瘖瘈瘌瘕瘑瘊瘔皸瞁睼瞅瞂睮瞀睯睾瞃碲碪碴碭碨硾碫碞碥碠碬碢碤禘禊禋禖禕禔禓"],
-["e340","禗禈禒禐稫穊稰稯稨稦窨窫窬竮箈箜箊箑箐箖箍箌箛箎箅箘劄箙箤箂粻粿粼粺綧綷緂綣綪緁緀緅綝緎緄緆緋緌綯綹綖綼綟綦綮綩綡緉罳翢翣翥翞"],
-["e3a1","耤聝聜膉膆膃膇膍膌膋舕蒗蒤蒡蒟蒺蓎蓂蒬蒮蒫蒹蒴蓁蓍蒪蒚蒱蓐蒝蒧蒻蒢蒔蓇蓌蒛蒩蒯蒨蓖蒘蒶蓏蒠蓗蓔蓒蓛蒰蒑虡蜳蜣蜨蝫蝀蜮蜞蜡蜙蜛蝃蜬蝁蜾蝆蜠蜲蜪蜭蜼蜒蜺蜱蜵蝂蜦蜧蜸蜤蜚蜰蜑裷裧裱裲裺裾裮裼裶裻"],
-["e440","裰裬裫覝覡覟覞觩觫觨誫誙誋誒誏誖谽豨豩賕賏賗趖踉踂跿踍跽踊踃踇踆踅跾踀踄輐輑輎輍鄣鄜鄠鄢鄟鄝鄚鄤鄡鄛酺酲酹酳銥銤鉶銛鉺銠銔銪銍"],
-["e4a1","銦銚銫鉹銗鉿銣鋮銎銂銕銢鉽銈銡銊銆銌銙銧鉾銇銩銝銋鈭隞隡雿靘靽靺靾鞃鞀鞂靻鞄鞁靿韎韍頖颭颮餂餀餇馝馜駃馹馻馺駂馽駇骱髣髧鬾鬿魠魡魟鳱鳲鳵麧僿儃儰僸儆儇僶僾儋儌僽儊劋劌勱勯噈噂噌嘵噁噊噉噆噘"],
-["e540","噚噀嘳嘽嘬嘾嘸嘪嘺圚墫墝墱墠墣墯墬墥墡壿嫿嫴嫽嫷嫶嬃嫸嬂嫹嬁嬇嬅嬏屧嶙嶗嶟嶒嶢嶓嶕嶠嶜嶡嶚嶞幩幝幠幜緳廛廞廡彉徲憋憃慹憱憰憢憉"],
-["e5a1","憛憓憯憭憟憒憪憡憍慦憳戭摮摰撖撠撅撗撜撏撋撊撌撣撟摨撱撘敶敺敹敻斲斳暵暰暩暲暷暪暯樀樆樗槥槸樕槱槤樠槿槬槢樛樝槾樧槲槮樔槷槧橀樈槦槻樍槼槫樉樄樘樥樏槶樦樇槴樖歑殥殣殢殦氁氀毿氂潁漦潾澇濆澒"],
-["e640","澍澉澌潢潏澅潚澖潶潬澂潕潲潒潐潗澔澓潝漀潡潫潽潧澐潓澋潩潿澕潣潷潪潻熲熯熛熰熠熚熩熵熝熥熞熤熡熪熜熧熳犘犚獘獒獞獟獠獝獛獡獚獙"],
-["e6a1","獢璇璉璊璆璁瑽璅璈瑼瑹甈甇畾瘥瘞瘙瘝瘜瘣瘚瘨瘛皜皝皞皛瞍瞏瞉瞈磍碻磏磌磑磎磔磈磃磄磉禚禡禠禜禢禛歶稹窲窴窳箷篋箾箬篎箯箹篊箵糅糈糌糋緷緛緪緧緗緡縃緺緦緶緱緰緮緟罶羬羰羭翭翫翪翬翦翨聤聧膣膟"],
-["e740","膞膕膢膙膗舖艏艓艒艐艎艑蔤蔻蔏蔀蔩蔎蔉蔍蔟蔊蔧蔜蓻蔫蓺蔈蔌蓴蔪蓲蔕蓷蓫蓳蓼蔒蓪蓩蔖蓾蔨蔝蔮蔂蓽蔞蓶蔱蔦蓧蓨蓰蓯蓹蔘蔠蔰蔋蔙蔯虢"],
-["e7a1","蝖蝣蝤蝷蟡蝳蝘蝔蝛蝒蝡蝚蝑蝞蝭蝪蝐蝎蝟蝝蝯蝬蝺蝮蝜蝥蝏蝻蝵蝢蝧蝩衚褅褌褔褋褗褘褙褆褖褑褎褉覢覤覣觭觰觬諏諆誸諓諑諔諕誻諗誾諀諅諘諃誺誽諙谾豍貏賥賟賙賨賚賝賧趠趜趡趛踠踣踥踤踮踕踛踖踑踙踦踧"],
-["e840","踔踒踘踓踜踗踚輬輤輘輚輠輣輖輗遳遰遯遧遫鄯鄫鄩鄪鄲鄦鄮醅醆醊醁醂醄醀鋐鋃鋄鋀鋙銶鋏鋱鋟鋘鋩鋗鋝鋌鋯鋂鋨鋊鋈鋎鋦鋍鋕鋉鋠鋞鋧鋑鋓"],
-["e8a1","銵鋡鋆銴镼閬閫閮閰隤隢雓霅霈霂靚鞊鞎鞈韐韏頞頝頦頩頨頠頛頧颲餈飺餑餔餖餗餕駜駍駏駓駔駎駉駖駘駋駗駌骳髬髫髳髲髱魆魃魧魴魱魦魶魵魰魨魤魬鳼鳺鳽鳿鳷鴇鴀鳹鳻鴈鴅鴄麃黓鼏鼐儜儓儗儚儑凞匴叡噰噠噮"],
-["e940","噳噦噣噭噲噞噷圜圛壈墽壉墿墺壂墼壆嬗嬙嬛嬡嬔嬓嬐嬖嬨嬚嬠嬞寯嶬嶱嶩嶧嶵嶰嶮嶪嶨嶲嶭嶯嶴幧幨幦幯廩廧廦廨廥彋徼憝憨憖懅憴懆懁懌憺"],
-["e9a1","憿憸憌擗擖擐擏擉撽撉擃擛擳擙攳敿敼斢曈暾曀曊曋曏暽暻暺曌朣樴橦橉橧樲橨樾橝橭橶橛橑樨橚樻樿橁橪橤橐橏橔橯橩橠樼橞橖橕橍橎橆歕歔歖殧殪殫毈毇氄氃氆澭濋澣濇澼濎濈潞濄澽澞濊澨瀄澥澮澺澬澪濏澿澸"],
-["ea40","澢濉澫濍澯澲澰燅燂熿熸燖燀燁燋燔燊燇燏熽燘熼燆燚燛犝犞獩獦獧獬獥獫獪瑿璚璠璔璒璕璡甋疀瘯瘭瘱瘽瘳瘼瘵瘲瘰皻盦瞚瞝瞡瞜瞛瞢瞣瞕瞙"],
-["eaa1","瞗磝磩磥磪磞磣磛磡磢磭磟磠禤穄穈穇窶窸窵窱窷篞篣篧篝篕篥篚篨篹篔篪篢篜篫篘篟糒糔糗糐糑縒縡縗縌縟縠縓縎縜縕縚縢縋縏縖縍縔縥縤罃罻罼罺羱翯耪耩聬膱膦膮膹膵膫膰膬膴膲膷膧臲艕艖艗蕖蕅蕫蕍蕓蕡蕘"],
-["eb40","蕀蕆蕤蕁蕢蕄蕑蕇蕣蔾蕛蕱蕎蕮蕵蕕蕧蕠薌蕦蕝蕔蕥蕬虣虥虤螛螏螗螓螒螈螁螖螘蝹螇螣螅螐螑螝螄螔螜螚螉褞褦褰褭褮褧褱褢褩褣褯褬褟觱諠"],
-["eba1","諢諲諴諵諝謔諤諟諰諈諞諡諨諿諯諻貑貒貐賵賮賱賰賳赬赮趥趧踳踾踸蹀蹅踶踼踽蹁踰踿躽輶輮輵輲輹輷輴遶遹遻邆郺鄳鄵鄶醓醐醑醍醏錧錞錈錟錆錏鍺錸錼錛錣錒錁鍆錭錎錍鋋錝鋺錥錓鋹鋷錴錂錤鋿錩錹錵錪錔錌"],
-["ec40","錋鋾錉錀鋻錖閼闍閾閹閺閶閿閵閽隩雔霋霒霐鞙鞗鞔韰韸頵頯頲餤餟餧餩馞駮駬駥駤駰駣駪駩駧骹骿骴骻髶髺髹髷鬳鮀鮅鮇魼魾魻鮂鮓鮒鮐魺鮕"],
-["eca1","魽鮈鴥鴗鴠鴞鴔鴩鴝鴘鴢鴐鴙鴟麈麆麇麮麭黕黖黺鼒鼽儦儥儢儤儠儩勴嚓嚌嚍嚆嚄嚃噾嚂噿嚁壖壔壏壒嬭嬥嬲嬣嬬嬧嬦嬯嬮孻寱寲嶷幬幪徾徻懃憵憼懧懠懥懤懨懞擯擩擣擫擤擨斁斀斶旚曒檍檖檁檥檉檟檛檡檞檇檓檎"],
-["ed40","檕檃檨檤檑橿檦檚檅檌檒歛殭氉濌澩濴濔濣濜濭濧濦濞濲濝濢濨燡燱燨燲燤燰燢獳獮獯璗璲璫璐璪璭璱璥璯甐甑甒甏疄癃癈癉癇皤盩瞵瞫瞲瞷瞶"],
-["eda1","瞴瞱瞨矰磳磽礂磻磼磲礅磹磾礄禫禨穜穛穖穘穔穚窾竀竁簅簏篲簀篿篻簎篴簋篳簂簉簃簁篸篽簆篰篱簐簊糨縭縼繂縳顈縸縪繉繀繇縩繌縰縻縶繄縺罅罿罾罽翴翲耬膻臄臌臊臅臇膼臩艛艚艜薃薀薏薧薕薠薋薣蕻薤薚薞"],
-["ee40","蕷蕼薉薡蕺蕸蕗薎薖薆薍薙薝薁薢薂薈薅蕹蕶薘薐薟虨螾螪螭蟅螰螬螹螵螼螮蟉蟃蟂蟌螷螯蟄蟊螴螶螿螸螽蟞螲褵褳褼褾襁襒褷襂覭覯覮觲觳謞"],
-["eea1","謘謖謑謅謋謢謏謒謕謇謍謈謆謜謓謚豏豰豲豱豯貕貔賹赯蹎蹍蹓蹐蹌蹇轃轀邅遾鄸醚醢醛醙醟醡醝醠鎡鎃鎯鍤鍖鍇鍼鍘鍜鍶鍉鍐鍑鍠鍭鎏鍌鍪鍹鍗鍕鍒鍏鍱鍷鍻鍡鍞鍣鍧鎀鍎鍙闇闀闉闃闅閷隮隰隬霠霟霘霝霙鞚鞡鞜"],
-["ef40","鞞鞝韕韔韱顁顄顊顉顅顃餥餫餬餪餳餲餯餭餱餰馘馣馡騂駺駴駷駹駸駶駻駽駾駼騃骾髾髽鬁髼魈鮚鮨鮞鮛鮦鮡鮥鮤鮆鮢鮠鮯鴳鵁鵧鴶鴮鴯鴱鴸鴰"],
-["efa1","鵅鵂鵃鴾鴷鵀鴽翵鴭麊麉麍麰黈黚黻黿鼤鼣鼢齔龠儱儭儮嚘嚜嚗嚚嚝嚙奰嬼屩屪巀幭幮懘懟懭懮懱懪懰懫懖懩擿攄擽擸攁攃擼斔旛曚曛曘櫅檹檽櫡櫆檺檶檷櫇檴檭歞毉氋瀇瀌瀍瀁瀅瀔瀎濿瀀濻瀦濼濷瀊爁燿燹爃燽獶"],
-["f040","璸瓀璵瓁璾璶璻瓂甔甓癜癤癙癐癓癗癚皦皽盬矂瞺磿礌礓礔礉礐礒礑禭禬穟簜簩簙簠簟簭簝簦簨簢簥簰繜繐繖繣繘繢繟繑繠繗繓羵羳翷翸聵臑臒"],
-["f0a1","臐艟艞薴藆藀藃藂薳薵薽藇藄薿藋藎藈藅薱薶藒蘤薸薷薾虩蟧蟦蟢蟛蟫蟪蟥蟟蟳蟤蟔蟜蟓蟭蟘蟣螤蟗蟙蠁蟴蟨蟝襓襋襏襌襆襐襑襉謪謧謣謳謰謵譇謯謼謾謱謥謷謦謶謮謤謻謽謺豂豵貙貘貗賾贄贂贀蹜蹢蹠蹗蹖蹞蹥蹧"],
-["f140","蹛蹚蹡蹝蹩蹔轆轇轈轋鄨鄺鄻鄾醨醥醧醯醪鎵鎌鎒鎷鎛鎝鎉鎧鎎鎪鎞鎦鎕鎈鎙鎟鎍鎱鎑鎲鎤鎨鎴鎣鎥闒闓闑隳雗雚巂雟雘雝霣霢霥鞬鞮鞨鞫鞤鞪"],
-["f1a1","鞢鞥韗韙韖韘韺顐顑顒颸饁餼餺騏騋騉騍騄騑騊騅騇騆髀髜鬈鬄鬅鬩鬵魊魌魋鯇鯆鯃鮿鯁鮵鮸鯓鮶鯄鮹鮽鵜鵓鵏鵊鵛鵋鵙鵖鵌鵗鵒鵔鵟鵘鵚麎麌黟鼁鼀鼖鼥鼫鼪鼩鼨齌齕儴儵劖勷厴嚫嚭嚦嚧嚪嚬壚壝壛夒嬽嬾嬿巃幰"],
-["f240","徿懻攇攐攍攉攌攎斄旞旝曞櫧櫠櫌櫑櫙櫋櫟櫜櫐櫫櫏櫍櫞歠殰氌瀙瀧瀠瀖瀫瀡瀢瀣瀩瀗瀤瀜瀪爌爊爇爂爅犥犦犤犣犡瓋瓅璷瓃甖癠矉矊矄矱礝礛"],
-["f2a1","礡礜礗礞禰穧穨簳簼簹簬簻糬糪繶繵繸繰繷繯繺繲繴繨罋罊羃羆羷翽翾聸臗臕艤艡艣藫藱藭藙藡藨藚藗藬藲藸藘藟藣藜藑藰藦藯藞藢蠀蟺蠃蟶蟷蠉蠌蠋蠆蟼蠈蟿蠊蠂襢襚襛襗襡襜襘襝襙覈覷覶觶譐譈譊譀譓譖譔譋譕"],
-["f340","譑譂譒譗豃豷豶貚贆贇贉趬趪趭趫蹭蹸蹳蹪蹯蹻軂轒轑轏轐轓辴酀鄿醰醭鏞鏇鏏鏂鏚鏐鏹鏬鏌鏙鎩鏦鏊鏔鏮鏣鏕鏄鏎鏀鏒鏧镽闚闛雡霩霫霬霨霦"],
-["f3a1","鞳鞷鞶韝韞韟顜顙顝顗颿颽颻颾饈饇饃馦馧騚騕騥騝騤騛騢騠騧騣騞騜騔髂鬋鬊鬎鬌鬷鯪鯫鯠鯞鯤鯦鯢鯰鯔鯗鯬鯜鯙鯥鯕鯡鯚鵷鶁鶊鶄鶈鵱鶀鵸鶆鶋鶌鵽鵫鵴鵵鵰鵩鶅鵳鵻鶂鵯鵹鵿鶇鵨麔麑黀黼鼭齀齁齍齖齗齘匷嚲"],
-["f440","嚵嚳壣孅巆巇廮廯忀忁懹攗攖攕攓旟曨曣曤櫳櫰櫪櫨櫹櫱櫮櫯瀼瀵瀯瀷瀴瀱灂瀸瀿瀺瀹灀瀻瀳灁爓爔犨獽獼璺皫皪皾盭矌矎矏矍矲礥礣礧礨礤礩"],
-["f4a1","禲穮穬穭竷籉籈籊籇籅糮繻繾纁纀羺翿聹臛臙舋艨艩蘢藿蘁藾蘛蘀藶蘄蘉蘅蘌藽蠙蠐蠑蠗蠓蠖襣襦覹觷譠譪譝譨譣譥譧譭趮躆躈躄轙轖轗轕轘轚邍酃酁醷醵醲醳鐋鐓鏻鐠鐏鐔鏾鐕鐐鐨鐙鐍鏵鐀鏷鐇鐎鐖鐒鏺鐉鏸鐊鏿"],
-["f540","鏼鐌鏶鐑鐆闞闠闟霮霯鞹鞻韽韾顠顢顣顟飁飂饐饎饙饌饋饓騲騴騱騬騪騶騩騮騸騭髇髊髆鬐鬒鬑鰋鰈鯷鰅鰒鯸鱀鰇鰎鰆鰗鰔鰉鶟鶙鶤鶝鶒鶘鶐鶛"],
-["f5a1","鶠鶔鶜鶪鶗鶡鶚鶢鶨鶞鶣鶿鶩鶖鶦鶧麙麛麚黥黤黧黦鼰鼮齛齠齞齝齙龑儺儹劘劗囃嚽嚾孈孇巋巏廱懽攛欂櫼欃櫸欀灃灄灊灈灉灅灆爝爚爙獾甗癪矐礭礱礯籔籓糲纊纇纈纋纆纍罍羻耰臝蘘蘪蘦蘟蘣蘜蘙蘧蘮蘡蘠蘩蘞蘥"],
-["f640","蠩蠝蠛蠠蠤蠜蠫衊襭襩襮襫觺譹譸譅譺譻贐贔趯躎躌轞轛轝酆酄酅醹鐿鐻鐶鐩鐽鐼鐰鐹鐪鐷鐬鑀鐱闥闤闣霵霺鞿韡顤飉飆飀饘饖騹騽驆驄驂驁騺"],
-["f6a1","騿髍鬕鬗鬘鬖鬺魒鰫鰝鰜鰬鰣鰨鰩鰤鰡鶷鶶鶼鷁鷇鷊鷏鶾鷅鷃鶻鶵鷎鶹鶺鶬鷈鶱鶭鷌鶳鷍鶲鹺麜黫黮黭鼛鼘鼚鼱齎齥齤龒亹囆囅囋奱孋孌巕巑廲攡攠攦攢欋欈欉氍灕灖灗灒爞爟犩獿瓘瓕瓙瓗癭皭礵禴穰穱籗籜籙籛籚"],
-["f740","糴糱纑罏羇臞艫蘴蘵蘳蘬蘲蘶蠬蠨蠦蠪蠥襱覿覾觻譾讄讂讆讅譿贕躕躔躚躒躐躖躗轠轢酇鑌鑐鑊鑋鑏鑇鑅鑈鑉鑆霿韣顪顩飋饔饛驎驓驔驌驏驈驊"],
-["f7a1","驉驒驐髐鬙鬫鬻魖魕鱆鱈鰿鱄鰹鰳鱁鰼鰷鰴鰲鰽鰶鷛鷒鷞鷚鷋鷐鷜鷑鷟鷩鷙鷘鷖鷵鷕鷝麶黰鼵鼳鼲齂齫龕龢儽劙壨壧奲孍巘蠯彏戁戃戄攩攥斖曫欑欒欏毊灛灚爢玂玁玃癰矔籧籦纕艬蘺虀蘹蘼蘱蘻蘾蠰蠲蠮蠳襶襴襳觾"],
-["f840","讌讎讋讈豅贙躘轤轣醼鑢鑕鑝鑗鑞韄韅頀驖驙鬞鬟鬠鱒鱘鱐鱊鱍鱋鱕鱙鱌鱎鷻鷷鷯鷣鷫鷸鷤鷶鷡鷮鷦鷲鷰鷢鷬鷴鷳鷨鷭黂黐黲黳鼆鼜鼸鼷鼶齃齏"],
-["f8a1","齱齰齮齯囓囍孎屭攭曭曮欓灟灡灝灠爣瓛瓥矕礸禷禶籪纗羉艭虃蠸蠷蠵衋讔讕躞躟躠躝醾醽釂鑫鑨鑩雥靆靃靇韇韥驞髕魙鱣鱧鱦鱢鱞鱠鸂鷾鸇鸃鸆鸅鸀鸁鸉鷿鷽鸄麠鼞齆齴齵齶囔攮斸欘欙欗欚灢爦犪矘矙礹籩籫糶纚"],
-["f940","纘纛纙臠臡虆虇虈襹襺襼襻觿讘讙躥躤躣鑮鑭鑯鑱鑳靉顲饟鱨鱮鱭鸋鸍鸐鸏鸒鸑麡黵鼉齇齸齻齺齹圞灦籯蠼趲躦釃鑴鑸鑶鑵驠鱴鱳鱱鱵鸔鸓黶鼊"],
-["f9a1","龤灨灥糷虪蠾蠽蠿讞貜躩軉靋顳顴飌饡馫驤驦驧鬤鸕鸗齈戇欞爧虌躨钂钀钁驩驨鬮鸙爩虋讟钃鱹麷癵驫鱺鸝灩灪麤齾齉龘碁銹裏墻恒粧嫺╔╦╗╠╬╣╚╩╝╒╤╕╞╪╡╘╧╛╓╥╖╟╫╢╙╨╜║═╭╮╰╯▓"]
-]
diff --git a/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/eucjp.json b/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/eucjp.json
deleted file mode 100644
index 4fa61ca..0000000
--- a/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/eucjp.json
+++ /dev/null
@@ -1,182 +0,0 @@
-[
-["0","\u0000",127],
-["8ea1","｡",62],
-["a1a1","　、。，．・：；？！゛゜´｀¨＾￣＿ヽヾゝゞ〃仝々〆〇ー―‐／＼～∥｜…‥‘’“”（）〔〕［］｛｝〈",9,"＋－±×÷＝≠＜＞≦≧∞∴♂♀°′″℃￥＄￠￡％＃＆＊＠§☆★○●◎◇"],
-["a2a1","◆□■△▲▽▼※〒→←↑↓〓"],
-["a2ba","∈∋⊆⊇⊂⊃∪∩"],
-["a2ca","∧∨￢⇒⇔∀∃"],
-["a2dc","∠⊥⌒∂∇≡≒≪≫√∽∝∵∫∬"],
-["a2f2","ʼn♯♭♪†‡¶"],
-["a2fe","◯"],
-["a3b0","０",9],
-["a3c1","Ａ",25],
-["a3e1","ａ",25],
-["a4a1","ぁ",82],
-["a5a1","ァ",85],
-["a6a1","Α",16,"Σ",6],
-["a6c1","α",16,"σ",6],
-["a7a1","А",5,"ЁЖ",25],
-["a7d1","а",5,"ёж",25],
-["a8a1","─│┌┐┘└├┬┤┴┼━┃┏┓┛┗┣┳┫┻╋┠┯┨┷┿┝┰┥┸╂"],
-["ada1","①",19,"Ⅰ",9],
-["adc0","㍉㌔㌢㍍㌘㌧㌃㌶㍑㍗㌍㌦㌣㌫㍊㌻㎜㎝㎞㎎㎏㏄㎡"],
-["addf","㍻〝〟№㏍℡㊤",4,"㈱㈲㈹㍾㍽㍼≒≡∫∮∑√⊥∠∟⊿∵∩∪"],
-["b0a1","亜唖娃阿哀愛挨姶逢葵茜穐悪握渥旭葦芦鯵梓圧斡扱宛姐虻飴絢綾鮎或粟袷安庵按暗案闇鞍杏以伊位依偉囲夷委威尉惟意慰易椅為畏異移維緯胃萎衣謂違遺医井亥域育郁磯一壱溢逸稲茨芋鰯允印咽員因姻引飲淫胤蔭"],
-["b1a1","院陰隠韻吋右宇烏羽迂雨卯鵜窺丑碓臼渦嘘唄欝蔚鰻姥厩浦瓜閏噂云運雲荏餌叡営嬰影映曳栄永泳洩瑛盈穎頴英衛詠鋭液疫益駅悦謁越閲榎厭円園堰奄宴延怨掩援沿演炎焔煙燕猿縁艶苑薗遠鉛鴛塩於汚甥凹央奥往応"],
-["b2a1","押旺横欧殴王翁襖鴬鴎黄岡沖荻億屋憶臆桶牡乙俺卸恩温穏音下化仮何伽価佳加可嘉夏嫁家寡科暇果架歌河火珂禍禾稼箇花苛茄荷華菓蝦課嘩貨迦過霞蚊俄峨我牙画臥芽蛾賀雅餓駕介会解回塊壊廻快怪悔恢懐戒拐改"],
-["b3a1","魁晦械海灰界皆絵芥蟹開階貝凱劾外咳害崖慨概涯碍蓋街該鎧骸浬馨蛙垣柿蛎鈎劃嚇各廓拡撹格核殻獲確穫覚角赫較郭閣隔革学岳楽額顎掛笠樫橿梶鰍潟割喝恰括活渇滑葛褐轄且鰹叶椛樺鞄株兜竃蒲釜鎌噛鴨栢茅萱"],
-["b4a1","粥刈苅瓦乾侃冠寒刊勘勧巻喚堪姦完官寛干幹患感慣憾換敢柑桓棺款歓汗漢澗潅環甘監看竿管簡緩缶翰肝艦莞観諌貫還鑑間閑関陥韓館舘丸含岸巌玩癌眼岩翫贋雁頑顔願企伎危喜器基奇嬉寄岐希幾忌揮机旗既期棋棄"],
-["b5a1","機帰毅気汽畿祈季稀紀徽規記貴起軌輝飢騎鬼亀偽儀妓宜戯技擬欺犠疑祇義蟻誼議掬菊鞠吉吃喫桔橘詰砧杵黍却客脚虐逆丘久仇休及吸宮弓急救朽求汲泣灸球究窮笈級糾給旧牛去居巨拒拠挙渠虚許距鋸漁禦魚亨享京"],
-["b6a1","供侠僑兇競共凶協匡卿叫喬境峡強彊怯恐恭挟教橋況狂狭矯胸脅興蕎郷鏡響饗驚仰凝尭暁業局曲極玉桐粁僅勤均巾錦斤欣欽琴禁禽筋緊芹菌衿襟謹近金吟銀九倶句区狗玖矩苦躯駆駈駒具愚虞喰空偶寓遇隅串櫛釧屑屈"],
-["b7a1","掘窟沓靴轡窪熊隈粂栗繰桑鍬勲君薫訓群軍郡卦袈祁係傾刑兄啓圭珪型契形径恵慶慧憩掲携敬景桂渓畦稽系経継繋罫茎荊蛍計詣警軽頚鶏芸迎鯨劇戟撃激隙桁傑欠決潔穴結血訣月件倹倦健兼券剣喧圏堅嫌建憲懸拳捲"],
-["b8a1","検権牽犬献研硯絹県肩見謙賢軒遣鍵険顕験鹸元原厳幻弦減源玄現絃舷言諺限乎個古呼固姑孤己庫弧戸故枯湖狐糊袴股胡菰虎誇跨鈷雇顧鼓五互伍午呉吾娯後御悟梧檎瑚碁語誤護醐乞鯉交佼侯候倖光公功効勾厚口向"],
-["b9a1","后喉坑垢好孔孝宏工巧巷幸広庚康弘恒慌抗拘控攻昂晃更杭校梗構江洪浩港溝甲皇硬稿糠紅紘絞綱耕考肯肱腔膏航荒行衡講貢購郊酵鉱砿鋼閤降項香高鴻剛劫号合壕拷濠豪轟麹克刻告国穀酷鵠黒獄漉腰甑忽惚骨狛込"],
-["baa1","此頃今困坤墾婚恨懇昏昆根梱混痕紺艮魂些佐叉唆嵯左差査沙瑳砂詐鎖裟坐座挫債催再最哉塞妻宰彩才採栽歳済災采犀砕砦祭斎細菜裁載際剤在材罪財冴坂阪堺榊肴咲崎埼碕鷺作削咋搾昨朔柵窄策索錯桜鮭笹匙冊刷"],
-["bba1","察拶撮擦札殺薩雑皐鯖捌錆鮫皿晒三傘参山惨撒散桟燦珊産算纂蚕讃賛酸餐斬暫残仕仔伺使刺司史嗣四士始姉姿子屍市師志思指支孜斯施旨枝止死氏獅祉私糸紙紫肢脂至視詞詩試誌諮資賜雌飼歯事似侍児字寺慈持時"],
-["bca1","次滋治爾璽痔磁示而耳自蒔辞汐鹿式識鴫竺軸宍雫七叱執失嫉室悉湿漆疾質実蔀篠偲柴芝屡蕊縞舎写射捨赦斜煮社紗者謝車遮蛇邪借勺尺杓灼爵酌釈錫若寂弱惹主取守手朱殊狩珠種腫趣酒首儒受呪寿授樹綬需囚収周"],
-["bda1","宗就州修愁拾洲秀秋終繍習臭舟蒐衆襲讐蹴輯週酋酬集醜什住充十従戎柔汁渋獣縦重銃叔夙宿淑祝縮粛塾熟出術述俊峻春瞬竣舜駿准循旬楯殉淳準潤盾純巡遵醇順処初所暑曙渚庶緒署書薯藷諸助叙女序徐恕鋤除傷償"],
-["bea1","勝匠升召哨商唱嘗奨妾娼宵将小少尚庄床廠彰承抄招掌捷昇昌昭晶松梢樟樵沼消渉湘焼焦照症省硝礁祥称章笑粧紹肖菖蒋蕉衝裳訟証詔詳象賞醤鉦鍾鐘障鞘上丈丞乗冗剰城場壌嬢常情擾条杖浄状畳穣蒸譲醸錠嘱埴飾"],
-["bfa1","拭植殖燭織職色触食蝕辱尻伸信侵唇娠寝審心慎振新晋森榛浸深申疹真神秦紳臣芯薪親診身辛進針震人仁刃塵壬尋甚尽腎訊迅陣靭笥諏須酢図厨逗吹垂帥推水炊睡粋翠衰遂酔錐錘随瑞髄崇嵩数枢趨雛据杉椙菅頗雀裾"],
-["c0a1","澄摺寸世瀬畝是凄制勢姓征性成政整星晴棲栖正清牲生盛精聖声製西誠誓請逝醒青静斉税脆隻席惜戚斥昔析石積籍績脊責赤跡蹟碩切拙接摂折設窃節説雪絶舌蝉仙先千占宣専尖川戦扇撰栓栴泉浅洗染潜煎煽旋穿箭線"],
-["c1a1","繊羨腺舛船薦詮賎践選遷銭銑閃鮮前善漸然全禅繕膳糎噌塑岨措曾曽楚狙疏疎礎祖租粗素組蘇訴阻遡鼠僧創双叢倉喪壮奏爽宋層匝惣想捜掃挿掻操早曹巣槍槽漕燥争痩相窓糟総綜聡草荘葬蒼藻装走送遭鎗霜騒像増憎"],
-["c2a1","臓蔵贈造促側則即息捉束測足速俗属賊族続卒袖其揃存孫尊損村遜他多太汰詑唾堕妥惰打柁舵楕陀駄騨体堆対耐岱帯待怠態戴替泰滞胎腿苔袋貸退逮隊黛鯛代台大第醍題鷹滝瀧卓啄宅托択拓沢濯琢託鐸濁諾茸凧蛸只"],
-["c3a1","叩但達辰奪脱巽竪辿棚谷狸鱈樽誰丹単嘆坦担探旦歎淡湛炭短端箪綻耽胆蛋誕鍛団壇弾断暖檀段男談値知地弛恥智池痴稚置致蜘遅馳築畜竹筑蓄逐秩窒茶嫡着中仲宙忠抽昼柱注虫衷註酎鋳駐樗瀦猪苧著貯丁兆凋喋寵"],
-["c4a1","帖帳庁弔張彫徴懲挑暢朝潮牒町眺聴脹腸蝶調諜超跳銚長頂鳥勅捗直朕沈珍賃鎮陳津墜椎槌追鎚痛通塚栂掴槻佃漬柘辻蔦綴鍔椿潰坪壷嬬紬爪吊釣鶴亭低停偵剃貞呈堤定帝底庭廷弟悌抵挺提梯汀碇禎程締艇訂諦蹄逓"],
-["c5a1","邸鄭釘鼎泥摘擢敵滴的笛適鏑溺哲徹撤轍迭鉄典填天展店添纏甜貼転顛点伝殿澱田電兎吐堵塗妬屠徒斗杜渡登菟賭途都鍍砥砺努度土奴怒倒党冬凍刀唐塔塘套宕島嶋悼投搭東桃梼棟盗淘湯涛灯燈当痘祷等答筒糖統到"],
-["c6a1","董蕩藤討謄豆踏逃透鐙陶頭騰闘働動同堂導憧撞洞瞳童胴萄道銅峠鴇匿得徳涜特督禿篤毒独読栃橡凸突椴届鳶苫寅酉瀞噸屯惇敦沌豚遁頓呑曇鈍奈那内乍凪薙謎灘捺鍋楢馴縄畷南楠軟難汝二尼弐迩匂賑肉虹廿日乳入"],
-["c7a1","如尿韮任妊忍認濡禰祢寧葱猫熱年念捻撚燃粘乃廼之埜嚢悩濃納能脳膿農覗蚤巴把播覇杷波派琶破婆罵芭馬俳廃拝排敗杯盃牌背肺輩配倍培媒梅楳煤狽買売賠陪這蝿秤矧萩伯剥博拍柏泊白箔粕舶薄迫曝漠爆縛莫駁麦"],
-["c8a1","函箱硲箸肇筈櫨幡肌畑畠八鉢溌発醗髪伐罰抜筏閥鳩噺塙蛤隼伴判半反叛帆搬斑板氾汎版犯班畔繁般藩販範釆煩頒飯挽晩番盤磐蕃蛮匪卑否妃庇彼悲扉批披斐比泌疲皮碑秘緋罷肥被誹費避非飛樋簸備尾微枇毘琵眉美"],
-["c9a1","鼻柊稗匹疋髭彦膝菱肘弼必畢筆逼桧姫媛紐百謬俵彪標氷漂瓢票表評豹廟描病秒苗錨鋲蒜蛭鰭品彬斌浜瀕貧賓頻敏瓶不付埠夫婦富冨布府怖扶敷斧普浮父符腐膚芙譜負賦赴阜附侮撫武舞葡蕪部封楓風葺蕗伏副復幅服"],
-["caa1","福腹複覆淵弗払沸仏物鮒分吻噴墳憤扮焚奮粉糞紛雰文聞丙併兵塀幣平弊柄並蔽閉陛米頁僻壁癖碧別瞥蔑箆偏変片篇編辺返遍便勉娩弁鞭保舗鋪圃捕歩甫補輔穂募墓慕戊暮母簿菩倣俸包呆報奉宝峰峯崩庖抱捧放方朋"],
-["cba1","法泡烹砲縫胞芳萌蓬蜂褒訪豊邦鋒飽鳳鵬乏亡傍剖坊妨帽忘忙房暴望某棒冒紡肪膨謀貌貿鉾防吠頬北僕卜墨撲朴牧睦穆釦勃没殆堀幌奔本翻凡盆摩磨魔麻埋妹昧枚毎哩槙幕膜枕鮪柾鱒桝亦俣又抹末沫迄侭繭麿万慢満"],
-["cca1","漫蔓味未魅巳箕岬密蜜湊蓑稔脈妙粍民眠務夢無牟矛霧鵡椋婿娘冥名命明盟迷銘鳴姪牝滅免棉綿緬面麺摸模茂妄孟毛猛盲網耗蒙儲木黙目杢勿餅尤戻籾貰問悶紋門匁也冶夜爺耶野弥矢厄役約薬訳躍靖柳薮鑓愉愈油癒"],
-["cda1","諭輸唯佑優勇友宥幽悠憂揖有柚湧涌猶猷由祐裕誘遊邑郵雄融夕予余与誉輿預傭幼妖容庸揚揺擁曜楊様洋溶熔用窯羊耀葉蓉要謡踊遥陽養慾抑欲沃浴翌翼淀羅螺裸来莱頼雷洛絡落酪乱卵嵐欄濫藍蘭覧利吏履李梨理璃"],
-["cea1","痢裏裡里離陸律率立葎掠略劉流溜琉留硫粒隆竜龍侶慮旅虜了亮僚両凌寮料梁涼猟療瞭稜糧良諒遼量陵領力緑倫厘林淋燐琳臨輪隣鱗麟瑠塁涙累類令伶例冷励嶺怜玲礼苓鈴隷零霊麗齢暦歴列劣烈裂廉恋憐漣煉簾練聯"],
-["cfa1","蓮連錬呂魯櫓炉賂路露労婁廊弄朗楼榔浪漏牢狼篭老聾蝋郎六麓禄肋録論倭和話歪賄脇惑枠鷲亙亘鰐詫藁蕨椀湾碗腕"],
-["d0a1","弌丐丕个丱丶丼丿乂乖乘亂亅豫亊舒弍于亞亟亠亢亰亳亶从仍仄仆仂仗仞仭仟价伉佚估佛佝佗佇佶侈侏侘佻佩佰侑佯來侖儘俔俟俎俘俛俑俚俐俤俥倚倨倔倪倥倅伜俶倡倩倬俾俯們倆偃假會偕偐偈做偖偬偸傀傚傅傴傲"],
-["d1a1","僉僊傳僂僖僞僥僭僣僮價僵儉儁儂儖儕儔儚儡儺儷儼儻儿兀兒兌兔兢竸兩兪兮冀冂囘册冉冏冑冓冕冖冤冦冢冩冪冫决冱冲冰况冽凅凉凛几處凩凭凰凵凾刄刋刔刎刧刪刮刳刹剏剄剋剌剞剔剪剴剩剳剿剽劍劔劒剱劈劑辨"],
-["d2a1","辧劬劭劼劵勁勍勗勞勣勦飭勠勳勵勸勹匆匈甸匍匐匏匕匚匣匯匱匳匸區卆卅丗卉卍凖卞卩卮夘卻卷厂厖厠厦厥厮厰厶參簒雙叟曼燮叮叨叭叺吁吽呀听吭吼吮吶吩吝呎咏呵咎呟呱呷呰咒呻咀呶咄咐咆哇咢咸咥咬哄哈咨"],
-["d3a1","咫哂咤咾咼哘哥哦唏唔哽哮哭哺哢唹啀啣啌售啜啅啖啗唸唳啝喙喀咯喊喟啻啾喘喞單啼喃喩喇喨嗚嗅嗟嗄嗜嗤嗔嘔嗷嘖嗾嗽嘛嗹噎噐營嘴嘶嘲嘸噫噤嘯噬噪嚆嚀嚊嚠嚔嚏嚥嚮嚶嚴囂嚼囁囃囀囈囎囑囓囗囮囹圀囿圄圉"],
-["d4a1","圈國圍圓團圖嗇圜圦圷圸坎圻址坏坩埀垈坡坿垉垓垠垳垤垪垰埃埆埔埒埓堊埖埣堋堙堝塲堡塢塋塰毀塒堽塹墅墹墟墫墺壞墻墸墮壅壓壑壗壙壘壥壜壤壟壯壺壹壻壼壽夂夊夐夛梦夥夬夭夲夸夾竒奕奐奎奚奘奢奠奧奬奩"],
-["d5a1","奸妁妝佞侫妣妲姆姨姜妍姙姚娥娟娑娜娉娚婀婬婉娵娶婢婪媚媼媾嫋嫂媽嫣嫗嫦嫩嫖嫺嫻嬌嬋嬖嬲嫐嬪嬶嬾孃孅孀孑孕孚孛孥孩孰孳孵學斈孺宀它宦宸寃寇寉寔寐寤實寢寞寥寫寰寶寳尅將專對尓尠尢尨尸尹屁屆屎屓"],
-["d6a1","屐屏孱屬屮乢屶屹岌岑岔妛岫岻岶岼岷峅岾峇峙峩峽峺峭嶌峪崋崕崗嵜崟崛崑崔崢崚崙崘嵌嵒嵎嵋嵬嵳嵶嶇嶄嶂嶢嶝嶬嶮嶽嶐嶷嶼巉巍巓巒巖巛巫已巵帋帚帙帑帛帶帷幄幃幀幎幗幔幟幢幤幇幵并幺麼广庠廁廂廈廐廏"],
-["d7a1","廖廣廝廚廛廢廡廨廩廬廱廳廰廴廸廾弃弉彝彜弋弑弖弩弭弸彁彈彌彎弯彑彖彗彙彡彭彳彷徃徂彿徊很徑徇從徙徘徠徨徭徼忖忻忤忸忱忝悳忿怡恠怙怐怩怎怱怛怕怫怦怏怺恚恁恪恷恟恊恆恍恣恃恤恂恬恫恙悁悍惧悃悚"],
-["d8a1","悄悛悖悗悒悧悋惡悸惠惓悴忰悽惆悵惘慍愕愆惶惷愀惴惺愃愡惻惱愍愎慇愾愨愧慊愿愼愬愴愽慂慄慳慷慘慙慚慫慴慯慥慱慟慝慓慵憙憖憇憬憔憚憊憑憫憮懌懊應懷懈懃懆憺懋罹懍懦懣懶懺懴懿懽懼懾戀戈戉戍戌戔戛"],
-["d9a1","戞戡截戮戰戲戳扁扎扞扣扛扠扨扼抂抉找抒抓抖拔抃抔拗拑抻拏拿拆擔拈拜拌拊拂拇抛拉挌拮拱挧挂挈拯拵捐挾捍搜捏掖掎掀掫捶掣掏掉掟掵捫捩掾揩揀揆揣揉插揶揄搖搴搆搓搦搶攝搗搨搏摧摯摶摎攪撕撓撥撩撈撼"],
-["daa1","據擒擅擇撻擘擂擱擧舉擠擡抬擣擯攬擶擴擲擺攀擽攘攜攅攤攣攫攴攵攷收攸畋效敖敕敍敘敞敝敲數斂斃變斛斟斫斷旃旆旁旄旌旒旛旙无旡旱杲昊昃旻杳昵昶昴昜晏晄晉晁晞晝晤晧晨晟晢晰暃暈暎暉暄暘暝曁暹曉暾暼"],
-["dba1","曄暸曖曚曠昿曦曩曰曵曷朏朖朞朦朧霸朮朿朶杁朸朷杆杞杠杙杣杤枉杰枩杼杪枌枋枦枡枅枷柯枴柬枳柩枸柤柞柝柢柮枹柎柆柧檜栞框栩桀桍栲桎梳栫桙档桷桿梟梏梭梔條梛梃檮梹桴梵梠梺椏梍桾椁棊椈棘椢椦棡椌棍"],
-["dca1","棔棧棕椶椒椄棗棣椥棹棠棯椨椪椚椣椡棆楹楷楜楸楫楔楾楮椹楴椽楙椰楡楞楝榁楪榲榮槐榿槁槓榾槎寨槊槝榻槃榧樮榑榠榜榕榴槞槨樂樛槿權槹槲槧樅榱樞槭樔槫樊樒櫁樣樓橄樌橲樶橸橇橢橙橦橈樸樢檐檍檠檄檢檣"],
-["dda1","檗蘗檻櫃櫂檸檳檬櫞櫑櫟檪櫚櫪櫻欅蘖櫺欒欖鬱欟欸欷盜欹飮歇歃歉歐歙歔歛歟歡歸歹歿殀殄殃殍殘殕殞殤殪殫殯殲殱殳殷殼毆毋毓毟毬毫毳毯麾氈氓气氛氤氣汞汕汢汪沂沍沚沁沛汾汨汳沒沐泄泱泓沽泗泅泝沮沱沾"],
-["dea1","沺泛泯泙泪洟衍洶洫洽洸洙洵洳洒洌浣涓浤浚浹浙涎涕濤涅淹渕渊涵淇淦涸淆淬淞淌淨淒淅淺淙淤淕淪淮渭湮渮渙湲湟渾渣湫渫湶湍渟湃渺湎渤滿渝游溂溪溘滉溷滓溽溯滄溲滔滕溏溥滂溟潁漑灌滬滸滾漿滲漱滯漲滌"],
-["dfa1","漾漓滷澆潺潸澁澀潯潛濳潭澂潼潘澎澑濂潦澳澣澡澤澹濆澪濟濕濬濔濘濱濮濛瀉瀋濺瀑瀁瀏濾瀛瀚潴瀝瀘瀟瀰瀾瀲灑灣炙炒炯烱炬炸炳炮烟烋烝烙焉烽焜焙煥煕熈煦煢煌煖煬熏燻熄熕熨熬燗熹熾燒燉燔燎燠燬燧燵燼"],
-["e0a1","燹燿爍爐爛爨爭爬爰爲爻爼爿牀牆牋牘牴牾犂犁犇犒犖犢犧犹犲狃狆狄狎狒狢狠狡狹狷倏猗猊猜猖猝猴猯猩猥猾獎獏默獗獪獨獰獸獵獻獺珈玳珎玻珀珥珮珞璢琅瑯琥珸琲琺瑕琿瑟瑙瑁瑜瑩瑰瑣瑪瑶瑾璋璞璧瓊瓏瓔珱"],
-["e1a1","瓠瓣瓧瓩瓮瓲瓰瓱瓸瓷甄甃甅甌甎甍甕甓甞甦甬甼畄畍畊畉畛畆畚畩畤畧畫畭畸當疆疇畴疊疉疂疔疚疝疥疣痂疳痃疵疽疸疼疱痍痊痒痙痣痞痾痿痼瘁痰痺痲痳瘋瘍瘉瘟瘧瘠瘡瘢瘤瘴瘰瘻癇癈癆癜癘癡癢癨癩癪癧癬癰"],
-["e2a1","癲癶癸發皀皃皈皋皎皖皓皙皚皰皴皸皹皺盂盍盖盒盞盡盥盧盪蘯盻眈眇眄眩眤眞眥眦眛眷眸睇睚睨睫睛睥睿睾睹瞎瞋瞑瞠瞞瞰瞶瞹瞿瞼瞽瞻矇矍矗矚矜矣矮矼砌砒礦砠礪硅碎硴碆硼碚碌碣碵碪碯磑磆磋磔碾碼磅磊磬"],
-["e3a1","磧磚磽磴礇礒礑礙礬礫祀祠祗祟祚祕祓祺祿禊禝禧齋禪禮禳禹禺秉秕秧秬秡秣稈稍稘稙稠稟禀稱稻稾稷穃穗穉穡穢穩龝穰穹穽窈窗窕窘窖窩竈窰窶竅竄窿邃竇竊竍竏竕竓站竚竝竡竢竦竭竰笂笏笊笆笳笘笙笞笵笨笶筐"],
-["e4a1","筺笄筍笋筌筅筵筥筴筧筰筱筬筮箝箘箟箍箜箚箋箒箏筝箙篋篁篌篏箴篆篝篩簑簔篦篥籠簀簇簓篳篷簗簍篶簣簧簪簟簷簫簽籌籃籔籏籀籐籘籟籤籖籥籬籵粃粐粤粭粢粫粡粨粳粲粱粮粹粽糀糅糂糘糒糜糢鬻糯糲糴糶糺紆"],
-["e5a1","紂紜紕紊絅絋紮紲紿紵絆絳絖絎絲絨絮絏絣經綉絛綏絽綛綺綮綣綵緇綽綫總綢綯緜綸綟綰緘緝緤緞緻緲緡縅縊縣縡縒縱縟縉縋縢繆繦縻縵縹繃縷縲縺繧繝繖繞繙繚繹繪繩繼繻纃緕繽辮繿纈纉續纒纐纓纔纖纎纛纜缸缺"],
-["e6a1","罅罌罍罎罐网罕罔罘罟罠罨罩罧罸羂羆羃羈羇羌羔羞羝羚羣羯羲羹羮羶羸譱翅翆翊翕翔翡翦翩翳翹飜耆耄耋耒耘耙耜耡耨耿耻聊聆聒聘聚聟聢聨聳聲聰聶聹聽聿肄肆肅肛肓肚肭冐肬胛胥胙胝胄胚胖脉胯胱脛脩脣脯腋"],
-["e7a1","隋腆脾腓腑胼腱腮腥腦腴膃膈膊膀膂膠膕膤膣腟膓膩膰膵膾膸膽臀臂膺臉臍臑臙臘臈臚臟臠臧臺臻臾舁舂舅與舊舍舐舖舩舫舸舳艀艙艘艝艚艟艤艢艨艪艫舮艱艷艸艾芍芒芫芟芻芬苡苣苟苒苴苳苺莓范苻苹苞茆苜茉苙"],
-["e8a1","茵茴茖茲茱荀茹荐荅茯茫茗茘莅莚莪莟莢莖茣莎莇莊荼莵荳荵莠莉莨菴萓菫菎菽萃菘萋菁菷萇菠菲萍萢萠莽萸蔆菻葭萪萼蕚蒄葷葫蒭葮蒂葩葆萬葯葹萵蓊葢蒹蒿蒟蓙蓍蒻蓚蓐蓁蓆蓖蒡蔡蓿蓴蔗蔘蔬蔟蔕蔔蓼蕀蕣蕘蕈"],
-["e9a1","蕁蘂蕋蕕薀薤薈薑薊薨蕭薔薛藪薇薜蕷蕾薐藉薺藏薹藐藕藝藥藜藹蘊蘓蘋藾藺蘆蘢蘚蘰蘿虍乕虔號虧虱蚓蚣蚩蚪蚋蚌蚶蚯蛄蛆蚰蛉蠣蚫蛔蛞蛩蛬蛟蛛蛯蜒蜆蜈蜀蜃蛻蜑蜉蜍蛹蜊蜴蜿蜷蜻蜥蜩蜚蝠蝟蝸蝌蝎蝴蝗蝨蝮蝙"],
-["eaa1","蝓蝣蝪蠅螢螟螂螯蟋螽蟀蟐雖螫蟄螳蟇蟆螻蟯蟲蟠蠏蠍蟾蟶蟷蠎蟒蠑蠖蠕蠢蠡蠱蠶蠹蠧蠻衄衂衒衙衞衢衫袁衾袞衵衽袵衲袂袗袒袮袙袢袍袤袰袿袱裃裄裔裘裙裝裹褂裼裴裨裲褄褌褊褓襃褞褥褪褫襁襄褻褶褸襌褝襠襞"],
-["eba1","襦襤襭襪襯襴襷襾覃覈覊覓覘覡覩覦覬覯覲覺覽覿觀觚觜觝觧觴觸訃訖訐訌訛訝訥訶詁詛詒詆詈詼詭詬詢誅誂誄誨誡誑誥誦誚誣諄諍諂諚諫諳諧諤諱謔諠諢諷諞諛謌謇謚諡謖謐謗謠謳鞫謦謫謾謨譁譌譏譎證譖譛譚譫"],
-["eca1","譟譬譯譴譽讀讌讎讒讓讖讙讚谺豁谿豈豌豎豐豕豢豬豸豺貂貉貅貊貍貎貔豼貘戝貭貪貽貲貳貮貶賈賁賤賣賚賽賺賻贄贅贊贇贏贍贐齎贓賍贔贖赧赭赱赳趁趙跂趾趺跏跚跖跌跛跋跪跫跟跣跼踈踉跿踝踞踐踟蹂踵踰踴蹊"],
-["eda1","蹇蹉蹌蹐蹈蹙蹤蹠踪蹣蹕蹶蹲蹼躁躇躅躄躋躊躓躑躔躙躪躡躬躰軆躱躾軅軈軋軛軣軼軻軫軾輊輅輕輒輙輓輜輟輛輌輦輳輻輹轅轂輾轌轉轆轎轗轜轢轣轤辜辟辣辭辯辷迚迥迢迪迯邇迴逅迹迺逑逕逡逍逞逖逋逧逶逵逹迸"],
-["eea1","遏遐遑遒逎遉逾遖遘遞遨遯遶隨遲邂遽邁邀邊邉邏邨邯邱邵郢郤扈郛鄂鄒鄙鄲鄰酊酖酘酣酥酩酳酲醋醉醂醢醫醯醪醵醴醺釀釁釉釋釐釖釟釡釛釼釵釶鈞釿鈔鈬鈕鈑鉞鉗鉅鉉鉤鉈銕鈿鉋鉐銜銖銓銛鉚鋏銹銷鋩錏鋺鍄錮"],
-["efa1","錙錢錚錣錺錵錻鍜鍠鍼鍮鍖鎰鎬鎭鎔鎹鏖鏗鏨鏥鏘鏃鏝鏐鏈鏤鐚鐔鐓鐃鐇鐐鐶鐫鐵鐡鐺鑁鑒鑄鑛鑠鑢鑞鑪鈩鑰鑵鑷鑽鑚鑼鑾钁鑿閂閇閊閔閖閘閙閠閨閧閭閼閻閹閾闊濶闃闍闌闕闔闖關闡闥闢阡阨阮阯陂陌陏陋陷陜陞"],
-["f0a1","陝陟陦陲陬隍隘隕隗險隧隱隲隰隴隶隸隹雎雋雉雍襍雜霍雕雹霄霆霈霓霎霑霏霖霙霤霪霰霹霽霾靄靆靈靂靉靜靠靤靦靨勒靫靱靹鞅靼鞁靺鞆鞋鞏鞐鞜鞨鞦鞣鞳鞴韃韆韈韋韜韭齏韲竟韶韵頏頌頸頤頡頷頽顆顏顋顫顯顰"],
-["f1a1","顱顴顳颪颯颱颶飄飃飆飩飫餃餉餒餔餘餡餝餞餤餠餬餮餽餾饂饉饅饐饋饑饒饌饕馗馘馥馭馮馼駟駛駝駘駑駭駮駱駲駻駸騁騏騅駢騙騫騷驅驂驀驃騾驕驍驛驗驟驢驥驤驩驫驪骭骰骼髀髏髑髓體髞髟髢髣髦髯髫髮髴髱髷"],
-["f2a1","髻鬆鬘鬚鬟鬢鬣鬥鬧鬨鬩鬪鬮鬯鬲魄魃魏魍魎魑魘魴鮓鮃鮑鮖鮗鮟鮠鮨鮴鯀鯊鮹鯆鯏鯑鯒鯣鯢鯤鯔鯡鰺鯲鯱鯰鰕鰔鰉鰓鰌鰆鰈鰒鰊鰄鰮鰛鰥鰤鰡鰰鱇鰲鱆鰾鱚鱠鱧鱶鱸鳧鳬鳰鴉鴈鳫鴃鴆鴪鴦鶯鴣鴟鵄鴕鴒鵁鴿鴾鵆鵈"],
-["f3a1","鵝鵞鵤鵑鵐鵙鵲鶉鶇鶫鵯鵺鶚鶤鶩鶲鷄鷁鶻鶸鶺鷆鷏鷂鷙鷓鷸鷦鷭鷯鷽鸚鸛鸞鹵鹹鹽麁麈麋麌麒麕麑麝麥麩麸麪麭靡黌黎黏黐黔黜點黝黠黥黨黯黴黶黷黹黻黼黽鼇鼈皷鼕鼡鼬鼾齊齒齔齣齟齠齡齦齧齬齪齷齲齶龕龜龠"],
-["f4a1","堯槇遙瑤凜熙"],
-["f9a1","纊褜鍈銈蓜俉炻昱棈鋹曻彅丨仡仼伀伃伹佖侒侊侚侔俍偀倢俿倞偆偰偂傔僴僘兊兤冝冾凬刕劜劦勀勛匀匇匤卲厓厲叝﨎咜咊咩哿喆坙坥垬埈埇﨏塚增墲夋奓奛奝奣妤妺孖寀甯寘寬尞岦岺峵崧嵓﨑嵂嵭嶸嶹巐弡弴彧德"],
-["faa1","忞恝悅悊惞惕愠惲愑愷愰憘戓抦揵摠撝擎敎昀昕昻昉昮昞昤晥晗晙晴晳暙暠暲暿曺朎朗杦枻桒柀栁桄棏﨓楨﨔榘槢樰橫橆橳橾櫢櫤毖氿汜沆汯泚洄涇浯涖涬淏淸淲淼渹湜渧渼溿澈澵濵瀅瀇瀨炅炫焏焄煜煆煇凞燁燾犱"],
-["fba1","犾猤猪獷玽珉珖珣珒琇珵琦琪琩琮瑢璉璟甁畯皂皜皞皛皦益睆劯砡硎硤硺礰礼神祥禔福禛竑竧靖竫箞精絈絜綷綠緖繒罇羡羽茁荢荿菇菶葈蒴蕓蕙蕫﨟薰蘒﨡蠇裵訒訷詹誧誾諟諸諶譓譿賰賴贒赶﨣軏﨤逸遧郞都鄕鄧釚"],
-["fca1","釗釞釭釮釤釥鈆鈐鈊鈺鉀鈼鉎鉙鉑鈹鉧銧鉷鉸鋧鋗鋙鋐﨧鋕鋠鋓錥錡鋻﨨錞鋿錝錂鍰鍗鎤鏆鏞鏸鐱鑅鑈閒隆﨩隝隯霳霻靃靍靏靑靕顗顥飯飼餧館馞驎髙髜魵魲鮏鮱鮻鰀鵰鵫鶴鸙黑"],
-["fcf1","ⅰ",9,"￢￤＇＂"],
-["8fa2af","˘ˇ¸˙˝¯˛˚～΄΅"],
-["8fa2c2","¡¦¿"],
-["8fa2eb","ºª©®™¤№"],
-["8fa6e1","ΆΈΉΊΪ"],
-["8fa6e7","Ό"],
-["8fa6e9","ΎΫ"],
-["8fa6ec","Ώ"],
-["8fa6f1","άέήίϊΐόςύϋΰώ"],
-["8fa7c2","Ђ",10,"ЎЏ"],
-["8fa7f2","ђ",10,"ўџ"],
-["8fa9a1","ÆĐ"],
-["8fa9a4","Ħ"],
-["8fa9a6","IJ"],
-["8fa9a8","ŁĿ"],
-["8fa9ab","ŊØŒ"],
-["8fa9af","ŦÞ"],
-["8fa9c1","æđðħıijĸłŀʼnŋøœßŧþ"],
-["8faaa1","ÁÀÄÂĂǍĀĄÅÃĆĈČÇĊĎÉÈËÊĚĖĒĘ"],
-["8faaba","ĜĞĢĠĤÍÌÏÎǏİĪĮĨĴĶĹĽĻŃŇŅÑÓÒÖÔǑŐŌÕŔŘŖŚŜŠŞŤŢÚÙÜÛŬǓŰŪŲŮŨǗǛǙǕŴÝŸŶŹŽŻ"],
-["8faba1","áàäâăǎāąåãćĉčçċďéèëêěėēęǵĝğ"],
-["8fabbd","ġĥíìïîǐ"],
-["8fabc5","īįĩĵķĺľļńňņñóòöôǒőōõŕřŗśŝšşťţúùüûŭǔűūųůũǘǜǚǖŵýÿŷźžż"],
-["8fb0a1","丂丄丅丌丒丟丣两丨丫丮丯丰丵乀乁乄乇乑乚乜乣乨乩乴乵乹乿亍亖亗亝亯亹仃仐仚仛仠仡仢仨仯仱仳仵份仾仿伀伂伃伈伋伌伒伕伖众伙伮伱你伳伵伷伹伻伾佀佂佈佉佋佌佒佔佖佘佟佣佪佬佮佱佷佸佹佺佽佾侁侂侄"],
-["8fb1a1","侅侉侊侌侎侐侒侓侔侗侙侚侞侟侲侷侹侻侼侽侾俀俁俅俆俈俉俋俌俍俏俒俜俠俢俰俲俼俽俿倀倁倄倇倊倌倎倐倓倗倘倛倜倝倞倢倧倮倰倲倳倵偀偁偂偅偆偊偌偎偑偒偓偗偙偟偠偢偣偦偧偪偭偰偱倻傁傃傄傆傊傎傏傐"],
-["8fb2a1","傒傓傔傖傛傜傞",4,"傪傯傰傹傺傽僀僃僄僇僌僎僐僓僔僘僜僝僟僢僤僦僨僩僯僱僶僺僾儃儆儇儈儋儌儍儎僲儐儗儙儛儜儝儞儣儧儨儬儭儯儱儳儴儵儸儹兂兊兏兓兕兗兘兟兤兦兾冃冄冋冎冘冝冡冣冭冸冺冼冾冿凂"],
-["8fb3a1","凈减凑凒凓凕凘凞凢凥凮凲凳凴凷刁刂刅划刓刕刖刘刢刨刱刲刵刼剅剉剕剗剘剚剜剟剠剡剦剮剷剸剹劀劂劅劊劌劓劕劖劗劘劚劜劤劥劦劧劯劰劶劷劸劺劻劽勀勄勆勈勌勏勑勔勖勛勜勡勥勨勩勪勬勰勱勴勶勷匀匃匊匋"],
-["8fb4a1","匌匑匓匘匛匜匞匟匥匧匨匩匫匬匭匰匲匵匼匽匾卂卌卋卙卛卡卣卥卬卭卲卹卾厃厇厈厎厓厔厙厝厡厤厪厫厯厲厴厵厷厸厺厽叀叅叏叒叓叕叚叝叞叠另叧叵吂吓吚吡吧吨吪启吱吴吵呃呄呇呍呏呞呢呤呦呧呩呫呭呮呴呿"],
-["8fb5a1","咁咃咅咈咉咍咑咕咖咜咟咡咦咧咩咪咭咮咱咷咹咺咻咿哆哊响哎哠哪哬哯哶哼哾哿唀唁唅唈唉唌唍唎唕唪唫唲唵唶唻唼唽啁啇啉啊啍啐啑啘啚啛啞啠啡啤啦啿喁喂喆喈喎喏喑喒喓喔喗喣喤喭喲喿嗁嗃嗆嗉嗋嗌嗎嗑嗒"],
-["8fb6a1","嗓嗗嗘嗛嗞嗢嗩嗶嗿嘅嘈嘊嘍",5,"嘙嘬嘰嘳嘵嘷嘹嘻嘼嘽嘿噀噁噃噄噆噉噋噍噏噔噞噠噡噢噣噦噩噭噯噱噲噵嚄嚅嚈嚋嚌嚕嚙嚚嚝嚞嚟嚦嚧嚨嚩嚫嚬嚭嚱嚳嚷嚾囅囉囊囋囏囐囌囍囙囜囝囟囡囤",4,"囱囫园"],
-["8fb7a1","囶囷圁圂圇圊圌圑圕圚圛圝圠圢圣圤圥圩圪圬圮圯圳圴圽圾圿坅坆坌坍坒坢坥坧坨坫坭",4,"坳坴坵坷坹坺坻坼坾垁垃垌垔垗垙垚垜垝垞垟垡垕垧垨垩垬垸垽埇埈埌埏埕埝埞埤埦埧埩埭埰埵埶埸埽埾埿堃堄堈堉埡"],
-["8fb8a1","堌堍堛堞堟堠堦堧堭堲堹堿塉塌塍塏塐塕塟塡塤塧塨塸塼塿墀墁墇墈墉墊墌墍墏墐墔墖墝墠墡墢墦墩墱墲壄墼壂壈壍壎壐壒壔壖壚壝壡壢壩壳夅夆夋夌夒夓夔虁夝夡夣夤夨夯夰夳夵夶夿奃奆奒奓奙奛奝奞奟奡奣奫奭"],
-["8fb9a1","奯奲奵奶她奻奼妋妌妎妒妕妗妟妤妧妭妮妯妰妳妷妺妼姁姃姄姈姊姍姒姝姞姟姣姤姧姮姯姱姲姴姷娀娄娌娍娎娒娓娞娣娤娧娨娪娭娰婄婅婇婈婌婐婕婞婣婥婧婭婷婺婻婾媋媐媓媖媙媜媞媟媠媢媧媬媱媲媳媵媸媺媻媿"],
-["8fbaa1","嫄嫆嫈嫏嫚嫜嫠嫥嫪嫮嫵嫶嫽嬀嬁嬈嬗嬴嬙嬛嬝嬡嬥嬭嬸孁孋孌孒孖孞孨孮孯孼孽孾孿宁宄宆宊宎宐宑宓宔宖宨宩宬宭宯宱宲宷宺宼寀寁寍寏寖",4,"寠寯寱寴寽尌尗尞尟尣尦尩尫尬尮尰尲尵尶屙屚屜屢屣屧屨屩"],
-["8fbba1","屭屰屴屵屺屻屼屽岇岈岊岏岒岝岟岠岢岣岦岪岲岴岵岺峉峋峒峝峗峮峱峲峴崁崆崍崒崫崣崤崦崧崱崴崹崽崿嵂嵃嵆嵈嵕嵑嵙嵊嵟嵠嵡嵢嵤嵪嵭嵰嵹嵺嵾嵿嶁嶃嶈嶊嶒嶓嶔嶕嶙嶛嶟嶠嶧嶫嶰嶴嶸嶹巃巇巋巐巎巘巙巠巤"],
-["8fbca1","巩巸巹帀帇帍帒帔帕帘帟帠帮帨帲帵帾幋幐幉幑幖幘幛幜幞幨幪",4,"幰庀庋庎庢庤庥庨庪庬庱庳庽庾庿廆廌廋廎廑廒廔廕廜廞廥廫异弆弇弈弎弙弜弝弡弢弣弤弨弫弬弮弰弴弶弻弽弿彀彄彅彇彍彐彔彘彛彠彣彤彧"],
-["8fbda1","彯彲彴彵彸彺彽彾徉徍徏徖徜徝徢徧徫徤徬徯徰徱徸忄忇忈忉忋忐",4,"忞忡忢忨忩忪忬忭忮忯忲忳忶忺忼怇怊怍怓怔怗怘怚怟怤怭怳怵恀恇恈恉恌恑恔恖恗恝恡恧恱恾恿悂悆悈悊悎悑悓悕悘悝悞悢悤悥您悰悱悷"],
-["8fbea1","悻悾惂惄惈惉惊惋惎惏惔惕惙惛惝惞惢惥惲惵惸惼惽愂愇愊愌愐",4,"愖愗愙愜愞愢愪愫愰愱愵愶愷愹慁慅慆慉慞慠慬慲慸慻慼慿憀憁憃憄憋憍憒憓憗憘憜憝憟憠憥憨憪憭憸憹憼懀懁懂懎懏懕懜懝懞懟懡懢懧懩懥"],
-["8fbfa1","懬懭懯戁戃戄戇戓戕戜戠戢戣戧戩戫戹戽扂扃扄扆扌扐扑扒扔扖扚扜扤扭扯扳扺扽抍抎抏抐抦抨抳抶抷抺抾抿拄拎拕拖拚拪拲拴拼拽挃挄挊挋挍挐挓挖挘挩挪挭挵挶挹挼捁捂捃捄捆捊捋捎捒捓捔捘捛捥捦捬捭捱捴捵"],
-["8fc0a1","捸捼捽捿掂掄掇掊掐掔掕掙掚掞掤掦掭掮掯掽揁揅揈揎揑揓揔揕揜揠揥揪揬揲揳揵揸揹搉搊搐搒搔搘搞搠搢搤搥搩搪搯搰搵搽搿摋摏摑摒摓摔摚摛摜摝摟摠摡摣摭摳摴摻摽撅撇撏撐撑撘撙撛撝撟撡撣撦撨撬撳撽撾撿"],
-["8fc1a1","擄擉擊擋擌擎擐擑擕擗擤擥擩擪擭擰擵擷擻擿攁攄攈攉攊攏攓攔攖攙攛攞攟攢攦攩攮攱攺攼攽敃敇敉敐敒敔敟敠敧敫敺敽斁斅斊斒斕斘斝斠斣斦斮斲斳斴斿旂旈旉旎旐旔旖旘旟旰旲旴旵旹旾旿昀昄昈昉昍昑昒昕昖昝"],
-["8fc2a1","昞昡昢昣昤昦昩昪昫昬昮昰昱昳昹昷晀晅晆晊晌晑晎晗晘晙晛晜晠晡曻晪晫晬晾晳晵晿晷晸晹晻暀晼暋暌暍暐暒暙暚暛暜暟暠暤暭暱暲暵暻暿曀曂曃曈曌曎曏曔曛曟曨曫曬曮曺朅朇朎朓朙朜朠朢朳朾杅杇杈杌杔杕杝"],
-["8fc3a1","杦杬杮杴杶杻极构枎枏枑枓枖枘枙枛枰枱枲枵枻枼枽柹柀柂柃柅柈柉柒柗柙柜柡柦柰柲柶柷桒栔栙栝栟栨栧栬栭栯栰栱栳栻栿桄桅桊桌桕桗桘桛桫桮",4,"桵桹桺桻桼梂梄梆梈梖梘梚梜梡梣梥梩梪梮梲梻棅棈棌棏"],
-["8fc4a1","棐棑棓棖棙棜棝棥棨棪棫棬棭棰棱棵棶棻棼棽椆椉椊椐椑椓椖椗椱椳椵椸椻楂楅楉楎楗楛楣楤楥楦楨楩楬楰楱楲楺楻楿榀榍榒榖榘榡榥榦榨榫榭榯榷榸榺榼槅槈槑槖槗槢槥槮槯槱槳槵槾樀樁樃樏樑樕樚樝樠樤樨樰樲"],
-["8fc5a1","樴樷樻樾樿橅橆橉橊橎橐橑橒橕橖橛橤橧橪橱橳橾檁檃檆檇檉檋檑檛檝檞檟檥檫檯檰檱檴檽檾檿櫆櫉櫈櫌櫐櫔櫕櫖櫜櫝櫤櫧櫬櫰櫱櫲櫼櫽欂欃欆欇欉欏欐欑欗欛欞欤欨欫欬欯欵欶欻欿歆歊歍歒歖歘歝歠歧歫歮歰歵歽"],
-["8fc6a1","歾殂殅殗殛殟殠殢殣殨殩殬殭殮殰殸殹殽殾毃毄毉毌毖毚毡毣毦毧毮毱毷毹毿氂氄氅氉氍氎氐氒氙氟氦氧氨氬氮氳氵氶氺氻氿汊汋汍汏汒汔汙汛汜汫汭汯汴汶汸汹汻沅沆沇沉沔沕沗沘沜沟沰沲沴泂泆泍泏泐泑泒泔泖"],
-["8fc7a1","泚泜泠泧泩泫泬泮泲泴洄洇洊洎洏洑洓洚洦洧洨汧洮洯洱洹洼洿浗浞浟浡浥浧浯浰浼涂涇涑涒涔涖涗涘涪涬涴涷涹涽涿淄淈淊淎淏淖淛淝淟淠淢淥淩淯淰淴淶淼渀渄渞渢渧渲渶渹渻渼湄湅湈湉湋湏湑湒湓湔湗湜湝湞"],
-["8fc8a1","湢湣湨湳湻湽溍溓溙溠溧溭溮溱溳溻溿滀滁滃滇滈滊滍滎滏滫滭滮滹滻滽漄漈漊漌漍漖漘漚漛漦漩漪漯漰漳漶漻漼漭潏潑潒潓潗潙潚潝潞潡潢潨潬潽潾澃澇澈澋澌澍澐澒澓澔澖澚澟澠澥澦澧澨澮澯澰澵澶澼濅濇濈濊"],
-["8fc9a1","濚濞濨濩濰濵濹濼濽瀀瀅瀆瀇瀍瀗瀠瀣瀯瀴瀷瀹瀼灃灄灈灉灊灋灔灕灝灞灎灤灥灬灮灵灶灾炁炅炆炔",4,"炛炤炫炰炱炴炷烊烑烓烔烕烖烘烜烤烺焃",4,"焋焌焏焞焠焫焭焯焰焱焸煁煅煆煇煊煋煐煒煗煚煜煞煠"],
-["8fcaa1","煨煹熀熅熇熌熒熚熛熠熢熯熰熲熳熺熿燀燁燄燋燌燓燖燙燚燜燸燾爀爇爈爉爓爗爚爝爟爤爫爯爴爸爹牁牂牃牅牎牏牐牓牕牖牚牜牞牠牣牨牫牮牯牱牷牸牻牼牿犄犉犍犎犓犛犨犭犮犱犴犾狁狇狉狌狕狖狘狟狥狳狴狺狻"],
-["8fcba1","狾猂猄猅猇猋猍猒猓猘猙猞猢猤猧猨猬猱猲猵猺猻猽獃獍獐獒獖獘獝獞獟獠獦獧獩獫獬獮獯獱獷獹獼玀玁玃玅玆玎玐玓玕玗玘玜玞玟玠玢玥玦玪玫玭玵玷玹玼玽玿珅珆珉珋珌珏珒珓珖珙珝珡珣珦珧珩珴珵珷珹珺珻珽"],
-["8fcca1","珿琀琁琄琇琊琑琚琛琤琦琨",9,"琹瑀瑃瑄瑆瑇瑋瑍瑑瑒瑗瑝瑢瑦瑧瑨瑫瑭瑮瑱瑲璀璁璅璆璇璉璏璐璑璒璘璙璚璜璟璠璡璣璦璨璩璪璫璮璯璱璲璵璹璻璿瓈瓉瓌瓐瓓瓘瓚瓛瓞瓟瓤瓨瓪瓫瓯瓴瓺瓻瓼瓿甆"],
-["8fcda1","甒甖甗甠甡甤甧甩甪甯甶甹甽甾甿畀畃畇畈畎畐畒畗畞畟畡畯畱畹",5,"疁疅疐疒疓疕疙疜疢疤疴疺疿痀痁痄痆痌痎痏痗痜痟痠痡痤痧痬痮痯痱痹瘀瘂瘃瘄瘇瘈瘊瘌瘏瘒瘓瘕瘖瘙瘛瘜瘝瘞瘣瘥瘦瘩瘭瘲瘳瘵瘸瘹"],
-["8fcea1","瘺瘼癊癀癁癃癄癅癉癋癕癙癟癤癥癭癮癯癱癴皁皅皌皍皕皛皜皝皟皠皢",6,"皪皭皽盁盅盉盋盌盎盔盙盠盦盨盬盰盱盶盹盼眀眆眊眎眒眔眕眗眙眚眜眢眨眭眮眯眴眵眶眹眽眾睂睅睆睊睍睎睏睒睖睗睜睞睟睠睢"],
-["8fcfa1","睤睧睪睬睰睲睳睴睺睽瞀瞄瞌瞍瞔瞕瞖瞚瞟瞢瞧瞪瞮瞯瞱瞵瞾矃矉矑矒矕矙矞矟矠矤矦矪矬矰矱矴矸矻砅砆砉砍砎砑砝砡砢砣砭砮砰砵砷硃硄硇硈硌硎硒硜硞硠硡硣硤硨硪确硺硾碊碏碔碘碡碝碞碟碤碨碬碭碰碱碲碳"],
-["8fd0a1","碻碽碿磇磈磉磌磎磒磓磕磖磤磛磟磠磡磦磪磲磳礀磶磷磺磻磿礆礌礐礚礜礞礟礠礥礧礩礭礱礴礵礻礽礿祄祅祆祊祋祏祑祔祘祛祜祧祩祫祲祹祻祼祾禋禌禑禓禔禕禖禘禛禜禡禨禩禫禯禱禴禸离秂秄秇秈秊秏秔秖秚秝秞"],
-["8fd1a1","秠秢秥秪秫秭秱秸秼稂稃稇稉稊稌稑稕稛稞稡稧稫稭稯稰稴稵稸稹稺穄穅穇穈穌穕穖穙穜穝穟穠穥穧穪穭穵穸穾窀窂窅窆窊窋窐窑窔窞窠窣窬窳窵窹窻窼竆竉竌竎竑竛竨竩竫竬竱竴竻竽竾笇笔笟笣笧笩笪笫笭笮笯笰"],
-["8fd2a1","笱笴笽笿筀筁筇筎筕筠筤筦筩筪筭筯筲筳筷箄箉箎箐箑箖箛箞箠箥箬箯箰箲箵箶箺箻箼箽篂篅篈篊篔篖篗篙篚篛篨篪篲篴篵篸篹篺篼篾簁簂簃簄簆簉簋簌簎簏簙簛簠簥簦簨簬簱簳簴簶簹簺籆籊籕籑籒籓籙",5],
-["8fd3a1","籡籣籧籩籭籮籰籲籹籼籽粆粇粏粔粞粠粦粰粶粷粺粻粼粿糄糇糈糉糍糏糓糔糕糗糙糚糝糦糩糫糵紃紇紈紉紏紑紒紓紖紝紞紣紦紪紭紱紼紽紾絀絁絇絈絍絑絓絗絙絚絜絝絥絧絪絰絸絺絻絿綁綂綃綅綆綈綋綌綍綑綖綗綝"],
-["8fd4a1","綞綦綧綪綳綶綷綹緂",4,"緌緍緎緗緙縀緢緥緦緪緫緭緱緵緶緹緺縈縐縑縕縗縜縝縠縧縨縬縭縯縳縶縿繄繅繇繎繐繒繘繟繡繢繥繫繮繯繳繸繾纁纆纇纊纍纑纕纘纚纝纞缼缻缽缾缿罃罄罇罏罒罓罛罜罝罡罣罤罥罦罭"],
-["8fd5a1","罱罽罾罿羀羋羍羏羐羑羖羗羜羡羢羦羪羭羴羼羿翀翃翈翎翏翛翟翣翥翨翬翮翯翲翺翽翾翿耇耈耊耍耎耏耑耓耔耖耝耞耟耠耤耦耬耮耰耴耵耷耹耺耼耾聀聄聠聤聦聭聱聵肁肈肎肜肞肦肧肫肸肹胈胍胏胒胔胕胗胘胠胭胮"],
-["8fd6a1","胰胲胳胶胹胺胾脃脋脖脗脘脜脞脠脤脧脬脰脵脺脼腅腇腊腌腒腗腠腡腧腨腩腭腯腷膁膐膄膅膆膋膎膖膘膛膞膢膮膲膴膻臋臃臅臊臎臏臕臗臛臝臞臡臤臫臬臰臱臲臵臶臸臹臽臿舀舃舏舓舔舙舚舝舡舢舨舲舴舺艃艄艅艆"],
-["8fd7a1","艋艎艏艑艖艜艠艣艧艭艴艻艽艿芀芁芃芄芇芉芊芎芑芔芖芘芚芛芠芡芣芤芧芨芩芪芮芰芲芴芷芺芼芾芿苆苐苕苚苠苢苤苨苪苭苯苶苷苽苾茀茁茇茈茊茋荔茛茝茞茟茡茢茬茭茮茰茳茷茺茼茽荂荃荄荇荍荎荑荕荖荗荰荸"],
-["8fd8a1","荽荿莀莂莄莆莍莒莔莕莘莙莛莜莝莦莧莩莬莾莿菀菇菉菏菐菑菔菝荓菨菪菶菸菹菼萁萆萊萏萑萕萙莭萯萹葅葇葈葊葍葏葑葒葖葘葙葚葜葠葤葥葧葪葰葳葴葶葸葼葽蒁蒅蒒蒓蒕蒞蒦蒨蒩蒪蒯蒱蒴蒺蒽蒾蓀蓂蓇蓈蓌蓏蓓"],
-["8fd9a1","蓜蓧蓪蓯蓰蓱蓲蓷蔲蓺蓻蓽蔂蔃蔇蔌蔎蔐蔜蔞蔢蔣蔤蔥蔧蔪蔫蔯蔳蔴蔶蔿蕆蕏",4,"蕖蕙蕜",6,"蕤蕫蕯蕹蕺蕻蕽蕿薁薅薆薉薋薌薏薓薘薝薟薠薢薥薧薴薶薷薸薼薽薾薿藂藇藊藋藎薭藘藚藟藠藦藨藭藳藶藼"],
-["8fdaa1","藿蘀蘄蘅蘍蘎蘐蘑蘒蘘蘙蘛蘞蘡蘧蘩蘶蘸蘺蘼蘽虀虂虆虒虓虖虗虘虙虝虠",4,"虩虬虯虵虶虷虺蚍蚑蚖蚘蚚蚜蚡蚦蚧蚨蚭蚱蚳蚴蚵蚷蚸蚹蚿蛀蛁蛃蛅蛑蛒蛕蛗蛚蛜蛠蛣蛥蛧蚈蛺蛼蛽蜄蜅蜇蜋蜎蜏蜐蜓蜔蜙蜞蜟蜡蜣"],
-["8fdba1","蜨蜮蜯蜱蜲蜹蜺蜼蜽蜾蝀蝃蝅蝍蝘蝝蝡蝤蝥蝯蝱蝲蝻螃",6,"螋螌螐螓螕螗螘螙螞螠螣螧螬螭螮螱螵螾螿蟁蟈蟉蟊蟎蟕蟖蟙蟚蟜蟟蟢蟣蟤蟪蟫蟭蟱蟳蟸蟺蟿蠁蠃蠆蠉蠊蠋蠐蠙蠒蠓蠔蠘蠚蠛蠜蠞蠟蠨蠭蠮蠰蠲蠵"],
-["8fdca1","蠺蠼衁衃衅衈衉衊衋衎衑衕衖衘衚衜衟衠衤衩衱衹衻袀袘袚袛袜袟袠袨袪袺袽袾裀裊",4,"裑裒裓裛裞裧裯裰裱裵裷褁褆褍褎褏褕褖褘褙褚褜褠褦褧褨褰褱褲褵褹褺褾襀襂襅襆襉襏襒襗襚襛襜襡襢襣襫襮襰襳襵襺"],
-["8fdda1","襻襼襽覉覍覐覔覕覛覜覟覠覥覰覴覵覶覷覼觔",4,"觥觩觫觭觱觳觶觹觽觿訄訅訇訏訑訒訔訕訞訠訢訤訦訫訬訯訵訷訽訾詀詃詅詇詉詍詎詓詖詗詘詜詝詡詥詧詵詶詷詹詺詻詾詿誀誃誆誋誏誐誒誖誗誙誟誧誩誮誯誳"],
-["8fdea1","誶誷誻誾諃諆諈諉諊諑諓諔諕諗諝諟諬諰諴諵諶諼諿謅謆謋謑謜謞謟謊謭謰謷謼譂",4,"譈譒譓譔譙譍譞譣譭譶譸譹譼譾讁讄讅讋讍讏讔讕讜讞讟谸谹谽谾豅豇豉豋豏豑豓豔豗豘豛豝豙豣豤豦豨豩豭豳豵豶豻豾貆"],
-["8fdfa1","貇貋貐貒貓貙貛貜貤貹貺賅賆賉賋賏賖賕賙賝賡賨賬賯賰賲賵賷賸賾賿贁贃贉贒贗贛赥赩赬赮赿趂趄趈趍趐趑趕趞趟趠趦趫趬趯趲趵趷趹趻跀跅跆跇跈跊跎跑跔跕跗跙跤跥跧跬跰趼跱跲跴跽踁踄踅踆踋踑踔踖踠踡踢"],
-["8fe0a1","踣踦踧踱踳踶踷踸踹踽蹀蹁蹋蹍蹎蹏蹔蹛蹜蹝蹞蹡蹢蹩蹬蹭蹯蹰蹱蹹蹺蹻躂躃躉躐躒躕躚躛躝躞躢躧躩躭躮躳躵躺躻軀軁軃軄軇軏軑軔軜軨軮軰軱軷軹軺軭輀輂輇輈輏輐輖輗輘輞輠輡輣輥輧輨輬輭輮輴輵輶輷輺轀轁"],
-["8fe1a1","轃轇轏轑",4,"轘轝轞轥辝辠辡辤辥辦辵辶辸达迀迁迆迊迋迍运迒迓迕迠迣迤迨迮迱迵迶迻迾适逄逈逌逘逛逨逩逯逪逬逭逳逴逷逿遃遄遌遛遝遢遦遧遬遰遴遹邅邈邋邌邎邐邕邗邘邙邛邠邡邢邥邰邲邳邴邶邽郌邾郃"],
-["8fe2a1","郄郅郇郈郕郗郘郙郜郝郟郥郒郶郫郯郰郴郾郿鄀鄄鄅鄆鄈鄍鄐鄔鄖鄗鄘鄚鄜鄞鄠鄥鄢鄣鄧鄩鄮鄯鄱鄴鄶鄷鄹鄺鄼鄽酃酇酈酏酓酗酙酚酛酡酤酧酭酴酹酺酻醁醃醅醆醊醎醑醓醔醕醘醞醡醦醨醬醭醮醰醱醲醳醶醻醼醽醿"],
-["8fe3a1","釂釃釅釓釔釗釙釚釞釤釥釩釪釬",5,"釷釹釻釽鈀鈁鈄鈅鈆鈇鈉鈊鈌鈐鈒鈓鈖鈘鈜鈝鈣鈤鈥鈦鈨鈮鈯鈰鈳鈵鈶鈸鈹鈺鈼鈾鉀鉂鉃鉆鉇鉊鉍鉎鉏鉑鉘鉙鉜鉝鉠鉡鉥鉧鉨鉩鉮鉯鉰鉵",4,"鉻鉼鉽鉿銈銉銊銍銎銒銗"],
-["8fe4a1","銙銟銠銤銥銧銨銫銯銲銶銸銺銻銼銽銿",4,"鋅鋆鋇鋈鋋鋌鋍鋎鋐鋓鋕鋗鋘鋙鋜鋝鋟鋠鋡鋣鋥鋧鋨鋬鋮鋰鋹鋻鋿錀錂錈錍錑錔錕錜錝錞錟錡錤錥錧錩錪錳錴錶錷鍇鍈鍉鍐鍑鍒鍕鍗鍘鍚鍞鍤鍥鍧鍩鍪鍭鍯鍰鍱鍳鍴鍶"],
-["8fe5a1","鍺鍽鍿鎀鎁鎂鎈鎊鎋鎍鎏鎒鎕鎘鎛鎞鎡鎣鎤鎦鎨鎫鎴鎵鎶鎺鎩鏁鏄鏅鏆鏇鏉",4,"鏓鏙鏜鏞鏟鏢鏦鏧鏹鏷鏸鏺鏻鏽鐁鐂鐄鐈鐉鐍鐎鐏鐕鐖鐗鐟鐮鐯鐱鐲鐳鐴鐻鐿鐽鑃鑅鑈鑊鑌鑕鑙鑜鑟鑡鑣鑨鑫鑭鑮鑯鑱鑲钄钃镸镹"],
-["8fe6a1","镾閄閈閌閍閎閝閞閟閡閦閩閫閬閴閶閺閽閿闆闈闉闋闐闑闒闓闙闚闝闞闟闠闤闦阝阞阢阤阥阦阬阱阳阷阸阹阺阼阽陁陒陔陖陗陘陡陮陴陻陼陾陿隁隂隃隄隉隑隖隚隝隟隤隥隦隩隮隯隳隺雊雒嶲雘雚雝雞雟雩雯雱雺霂"],
-["8fe7a1","霃霅霉霚霛霝霡霢霣霨霱霳靁靃靊靎靏靕靗靘靚靛靣靧靪靮靳靶靷靸靻靽靿鞀鞉鞕鞖鞗鞙鞚鞞鞟鞢鞬鞮鞱鞲鞵鞶鞸鞹鞺鞼鞾鞿韁韄韅韇韉韊韌韍韎韐韑韔韗韘韙韝韞韠韛韡韤韯韱韴韷韸韺頇頊頙頍頎頔頖頜頞頠頣頦"],
-["8fe8a1","頫頮頯頰頲頳頵頥頾顄顇顊顑顒顓顖顗顙顚顢顣顥顦顪顬颫颭颮颰颴颷颸颺颻颿飂飅飈飌飡飣飥飦飧飪飳飶餂餇餈餑餕餖餗餚餛餜餟餢餦餧餫餱",4,"餹餺餻餼饀饁饆饇饈饍饎饔饘饙饛饜饞饟饠馛馝馟馦馰馱馲馵"],
-["8fe9a1","馹馺馽馿駃駉駓駔駙駚駜駞駧駪駫駬駰駴駵駹駽駾騂騃騄騋騌騐騑騖騞騠騢騣騤騧騭騮騳騵騶騸驇驁驄驊驋驌驎驑驔驖驝骪骬骮骯骲骴骵骶骹骻骾骿髁髃髆髈髎髐髒髕髖髗髛髜髠髤髥髧髩髬髲髳髵髹髺髽髿",4],
-["8feaa1","鬄鬅鬈鬉鬋鬌鬍鬎鬐鬒鬖鬙鬛鬜鬠鬦鬫鬭鬳鬴鬵鬷鬹鬺鬽魈魋魌魕魖魗魛魞魡魣魥魦魨魪",4,"魳魵魷魸魹魿鮀鮄鮅鮆鮇鮉鮊鮋鮍鮏鮐鮔鮚鮝鮞鮦鮧鮩鮬鮰鮱鮲鮷鮸鮻鮼鮾鮿鯁鯇鯈鯎鯐鯗鯘鯝鯟鯥鯧鯪鯫鯯鯳鯷鯸"],
-["8feba1","鯹鯺鯽鯿鰀鰂鰋鰏鰑鰖鰘鰙鰚鰜鰞鰢鰣鰦",4,"鰱鰵鰶鰷鰽鱁鱃鱄鱅鱉鱊鱎鱏鱐鱓鱔鱖鱘鱛鱝鱞鱟鱣鱩鱪鱜鱫鱨鱮鱰鱲鱵鱷鱻鳦鳲鳷鳹鴋鴂鴑鴗鴘鴜鴝鴞鴯鴰鴲鴳鴴鴺鴼鵅鴽鵂鵃鵇鵊鵓鵔鵟鵣鵢鵥鵩鵪鵫鵰鵶鵷鵻"],
-["8feca1","鵼鵾鶃鶄鶆鶊鶍鶎鶒鶓鶕鶖鶗鶘鶡鶪鶬鶮鶱鶵鶹鶼鶿鷃鷇鷉鷊鷔鷕鷖鷗鷚鷞鷟鷠鷥鷧鷩鷫鷮鷰鷳鷴鷾鸊鸂鸇鸎鸐鸑鸒鸕鸖鸙鸜鸝鹺鹻鹼麀麂麃麄麅麇麎麏麖麘麛麞麤麨麬麮麯麰麳麴麵黆黈黋黕黟黤黧黬黭黮黰黱黲黵"],
-["8feda1","黸黿鼂鼃鼉鼏鼐鼑鼒鼔鼖鼗鼙鼚鼛鼟鼢鼦鼪鼫鼯鼱鼲鼴鼷鼹鼺鼼鼽鼿齁齃",4,"齓齕齖齗齘齚齝齞齨齩齭",4,"齳齵齺齽龏龐龑龒龔龖龗龞龡龢龣龥"]
-]
diff --git a/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/gb18030-ranges.json b/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/gb18030-ranges.json
deleted file mode 100644
index 85c6934..0000000
--- a/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/gb18030-ranges.json
+++ /dev/null
@@ -1 +0,0 @@
-{"uChars":[128,165,169,178,184,216,226,235,238,244,248,251,253,258,276,284,300,325,329,334,364,463,465,467,469,471,473,475,477,506,594,610,712,716,730,930,938,962,970,1026,1104,1106,8209,8215,8218,8222,8231,8241,8244,8246,8252,8365,8452,8454,8458,8471,8482,8556,8570,8596,8602,8713,8720,8722,8726,8731,8737,8740,8742,8748,8751,8760,8766,8777,8781,8787,8802,8808,8816,8854,8858,8870,8896,8979,9322,9372,9548,9588,9616,9622,9634,9652,9662,9672,9676,9680,9702,9735,9738,9793,9795,11906,11909,11913,11917,11928,11944,11947,11951,11956,11960,11964,11979,12284,12292,12312,12319,12330,12351,12436,12447,12535,12543,12586,12842,12850,12964,13200,13215,13218,13253,13263,13267,13270,13384,13428,13727,13839,13851,14617,14703,14801,14816,14964,15183,15471,15585,16471,16736,17208,17325,17330,17374,17623,17997,18018,18212,18218,18301,18318,18760,18811,18814,18820,18823,18844,18848,18872,19576,19620,19738,19887,40870,59244,59336,59367,59413,59417,59423,59431,59437,59443,59452,59460,59478,59493,63789,63866,63894,63976,63986,64016,64018,64021,64025,64034,64037,64042,65074,65093,65107,65112,65127,65132,65375,65510,65536],"gbChars":[0,36,38,45,50,81,89,95,96,100,103,104,105,109,126,133,148,172,175,179,208,306,307,308,309,310,311,312,313,341,428,443,544,545,558,741,742,749,750,805,819,820,7922,7924,7925,7927,7934,7943,7944,7945,7950,8062,8148,8149,8152,8164,8174,8236,8240,8262,8264,8374,8380,8381,8384,8388,8390,8392,8393,8394,8396,8401,8406,8416,8419,8424,8437,8439,8445,8482,8485,8496,8521,8603,8936,8946,9046,9050,9063,9066,9076,9092,9100,9108,9111,9113,9131,9162,9164,9218,9219,11329,11331,11334,11336,11346,11361,11363,11366,11370,11372,11375,11389,11682,11686,11687,11692,11694,11714,11716,11723,11725,11730,11736,11982,11989,12102,12336,12348,12350,12384,12393,12395,12397,12510,12553,12851,12962,12973,13738,13823,13919,13933,14080,14298,14585,14698,15583,15847,16318,16434,16438,16481,16729,17102,17122,17315,17320,17402,17418,17859,17909,17911,17915,17916,17936,17939,17961,18664,18703,18814,18962,19043,33469,33470,33471,33484,33485,33490,33497,33501,33505,33513,33520,33536,33550,37845,37921,37948,38029,38038,38064,38065,38066,38069,38075,38076,38078,39108,39109,39113,39114,39115,39116,39265,39394,189000]}
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/gbk-added.json b/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/gbk-added.json
deleted file mode 100644
index 8abfa9f..0000000
--- a/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/gbk-added.json
+++ /dev/null
@@ -1,55 +0,0 @@
-[
-["a140","",62],
-["a180","",32],
-["a240","",62],
-["a280","",32],
-["a2ab","",5],
-["a2e3","€"],
-["a2ef",""],
-["a2fd",""],
-["a340","",62],
-["a380","",31,"　"],
-["a440","",62],
-["a480","",32],
-["a4f4","",10],
-["a540","",62],
-["a580","",32],
-["a5f7","",7],
-["a640","",62],
-["a680","",32],
-["a6b9","",7],
-["a6d9","",6],
-["a6ec",""],
-["a6f3",""],
-["a6f6","",8],
-["a740","",62],
-["a780","",32],
-["a7c2","",14],
-["a7f2","",12],
-["a896","",10],
-["a8bc",""],
-["a8bf","ǹ"],
-["a8c1",""],
-["a8ea","",20],
-["a958",""],
-["a95b",""],
-["a95d",""],
-["a989","〾⿰",11],
-["a997","",12],
-["a9f0","",14],
-["aaa1","",93],
-["aba1","",93],
-["aca1","",93],
-["ada1","",93],
-["aea1","",93],
-["afa1","",93],
-["d7fa","",4],
-["f8a1","",93],
-["f9a1","",93],
-["faa1","",93],
-["fba1","",93],
-["fca1","",93],
-["fda1","",93],
-["fe50","⺁⺄㑳㑇⺈⺋㖞㘚㘎⺌⺗㥮㤘㧏㧟㩳㧐㭎㱮㳠⺧⺪䁖䅟⺮䌷⺳⺶⺷䎱䎬⺻䏝䓖䙡䙌"],
-["fe80","䜣䜩䝼䞍⻊䥇䥺䥽䦂䦃䦅䦆䦟䦛䦷䦶䲣䲟䲠䲡䱷䲢䴓",6,"䶮",93]
-]
diff --git a/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/shiftjis.json b/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/shiftjis.json
deleted file mode 100644
index 5a3a43c..0000000
--- a/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/tables/shiftjis.json
+++ /dev/null
@@ -1,125 +0,0 @@
-[
-["0","\u0000",128],
-["a1","｡",62],
-["8140","　、。，．・：；？！゛゜´｀¨＾￣＿ヽヾゝゞ〃仝々〆〇ー―‐／＼～∥｜…‥‘’“”（）〔〕［］｛｝〈",9,"＋－±×"],
-["8180","÷＝≠＜＞≦≧∞∴♂♀°′″℃￥＄￠￡％＃＆＊＠§☆★○●◎◇◆□■△▲▽▼※〒→←↑↓〓"],
-["81b8","∈∋⊆⊇⊂⊃∪∩"],
-["81c8","∧∨￢⇒⇔∀∃"],
-["81da","∠⊥⌒∂∇≡≒≪≫√∽∝∵∫∬"],
-["81f0","ʼn♯♭♪†‡¶"],
-["81fc","◯"],
-["824f","０",9],
-["8260","Ａ",25],
-["8281","ａ",25],
-["829f","ぁ",82],
-["8340","ァ",62],
-["8380","ム",22],
-["839f","Α",16,"Σ",6],
-["83bf","α",16,"σ",6],
-["8440","А",5,"ЁЖ",25],
-["8470","а",5,"ёж",7],
-["8480","о",17],
-["849f","─│┌┐┘└├┬┤┴┼━┃┏┓┛┗┣┳┫┻╋┠┯┨┷┿┝┰┥┸╂"],
-["8740","①",19,"Ⅰ",9],
-["875f","㍉㌔㌢㍍㌘㌧㌃㌶㍑㍗㌍㌦㌣㌫㍊㌻㎜㎝㎞㎎㎏㏄㎡"],
-["877e","㍻"],
-["8780","〝〟№㏍℡㊤",4,"㈱㈲㈹㍾㍽㍼≒≡∫∮∑√⊥∠∟⊿∵∩∪"],
-["889f","亜唖娃阿哀愛挨姶逢葵茜穐悪握渥旭葦芦鯵梓圧斡扱宛姐虻飴絢綾鮎或粟袷安庵按暗案闇鞍杏以伊位依偉囲夷委威尉惟意慰易椅為畏異移維緯胃萎衣謂違遺医井亥域育郁磯一壱溢逸稲茨芋鰯允印咽員因姻引飲淫胤蔭"],
-["8940","院陰隠韻吋右宇烏羽迂雨卯鵜窺丑碓臼渦嘘唄欝蔚鰻姥厩浦瓜閏噂云運雲荏餌叡営嬰影映曳栄永泳洩瑛盈穎頴英衛詠鋭液疫益駅悦謁越閲榎厭円"],
-["8980","園堰奄宴延怨掩援沿演炎焔煙燕猿縁艶苑薗遠鉛鴛塩於汚甥凹央奥往応押旺横欧殴王翁襖鴬鴎黄岡沖荻億屋憶臆桶牡乙俺卸恩温穏音下化仮何伽価佳加可嘉夏嫁家寡科暇果架歌河火珂禍禾稼箇花苛茄荷華菓蝦課嘩貨迦過霞蚊俄峨我牙画臥芽蛾賀雅餓駕介会解回塊壊廻快怪悔恢懐戒拐改"],
-["8a40","魁晦械海灰界皆絵芥蟹開階貝凱劾外咳害崖慨概涯碍蓋街該鎧骸浬馨蛙垣柿蛎鈎劃嚇各廓拡撹格核殻獲確穫覚角赫較郭閣隔革学岳楽額顎掛笠樫"],
-["8a80","橿梶鰍潟割喝恰括活渇滑葛褐轄且鰹叶椛樺鞄株兜竃蒲釜鎌噛鴨栢茅萱粥刈苅瓦乾侃冠寒刊勘勧巻喚堪姦完官寛干幹患感慣憾換敢柑桓棺款歓汗漢澗潅環甘監看竿管簡緩缶翰肝艦莞観諌貫還鑑間閑関陥韓館舘丸含岸巌玩癌眼岩翫贋雁頑顔願企伎危喜器基奇嬉寄岐希幾忌揮机旗既期棋棄"],
-["8b40","機帰毅気汽畿祈季稀紀徽規記貴起軌輝飢騎鬼亀偽儀妓宜戯技擬欺犠疑祇義蟻誼議掬菊鞠吉吃喫桔橘詰砧杵黍却客脚虐逆丘久仇休及吸宮弓急救"],
-["8b80","朽求汲泣灸球究窮笈級糾給旧牛去居巨拒拠挙渠虚許距鋸漁禦魚亨享京供侠僑兇競共凶協匡卿叫喬境峡強彊怯恐恭挟教橋況狂狭矯胸脅興蕎郷鏡響饗驚仰凝尭暁業局曲極玉桐粁僅勤均巾錦斤欣欽琴禁禽筋緊芹菌衿襟謹近金吟銀九倶句区狗玖矩苦躯駆駈駒具愚虞喰空偶寓遇隅串櫛釧屑屈"],
-["8c40","掘窟沓靴轡窪熊隈粂栗繰桑鍬勲君薫訓群軍郡卦袈祁係傾刑兄啓圭珪型契形径恵慶慧憩掲携敬景桂渓畦稽系経継繋罫茎荊蛍計詣警軽頚鶏芸迎鯨"],
-["8c80","劇戟撃激隙桁傑欠決潔穴結血訣月件倹倦健兼券剣喧圏堅嫌建憲懸拳捲検権牽犬献研硯絹県肩見謙賢軒遣鍵険顕験鹸元原厳幻弦減源玄現絃舷言諺限乎個古呼固姑孤己庫弧戸故枯湖狐糊袴股胡菰虎誇跨鈷雇顧鼓五互伍午呉吾娯後御悟梧檎瑚碁語誤護醐乞鯉交佼侯候倖光公功効勾厚口向"],
-["8d40","后喉坑垢好孔孝宏工巧巷幸広庚康弘恒慌抗拘控攻昂晃更杭校梗構江洪浩港溝甲皇硬稿糠紅紘絞綱耕考肯肱腔膏航荒行衡講貢購郊酵鉱砿鋼閤降"],
-["8d80","項香高鴻剛劫号合壕拷濠豪轟麹克刻告国穀酷鵠黒獄漉腰甑忽惚骨狛込此頃今困坤墾婚恨懇昏昆根梱混痕紺艮魂些佐叉唆嵯左差査沙瑳砂詐鎖裟坐座挫債催再最哉塞妻宰彩才採栽歳済災采犀砕砦祭斎細菜裁載際剤在材罪財冴坂阪堺榊肴咲崎埼碕鷺作削咋搾昨朔柵窄策索錯桜鮭笹匙冊刷"],
-["8e40","察拶撮擦札殺薩雑皐鯖捌錆鮫皿晒三傘参山惨撒散桟燦珊産算纂蚕讃賛酸餐斬暫残仕仔伺使刺司史嗣四士始姉姿子屍市師志思指支孜斯施旨枝止"],
-["8e80","死氏獅祉私糸紙紫肢脂至視詞詩試誌諮資賜雌飼歯事似侍児字寺慈持時次滋治爾璽痔磁示而耳自蒔辞汐鹿式識鴫竺軸宍雫七叱執失嫉室悉湿漆疾質実蔀篠偲柴芝屡蕊縞舎写射捨赦斜煮社紗者謝車遮蛇邪借勺尺杓灼爵酌釈錫若寂弱惹主取守手朱殊狩珠種腫趣酒首儒受呪寿授樹綬需囚収周"],
-["8f40","宗就州修愁拾洲秀秋終繍習臭舟蒐衆襲讐蹴輯週酋酬集醜什住充十従戎柔汁渋獣縦重銃叔夙宿淑祝縮粛塾熟出術述俊峻春瞬竣舜駿准循旬楯殉淳"],
-["8f80","準潤盾純巡遵醇順処初所暑曙渚庶緒署書薯藷諸助叙女序徐恕鋤除傷償勝匠升召哨商唱嘗奨妾娼宵将小少尚庄床廠彰承抄招掌捷昇昌昭晶松梢樟樵沼消渉湘焼焦照症省硝礁祥称章笑粧紹肖菖蒋蕉衝裳訟証詔詳象賞醤鉦鍾鐘障鞘上丈丞乗冗剰城場壌嬢常情擾条杖浄状畳穣蒸譲醸錠嘱埴飾"],
-["9040","拭植殖燭織職色触食蝕辱尻伸信侵唇娠寝審心慎振新晋森榛浸深申疹真神秦紳臣芯薪親診身辛進針震人仁刃塵壬尋甚尽腎訊迅陣靭笥諏須酢図厨"],
-["9080","逗吹垂帥推水炊睡粋翠衰遂酔錐錘随瑞髄崇嵩数枢趨雛据杉椙菅頗雀裾澄摺寸世瀬畝是凄制勢姓征性成政整星晴棲栖正清牲生盛精聖声製西誠誓請逝醒青静斉税脆隻席惜戚斥昔析石積籍績脊責赤跡蹟碩切拙接摂折設窃節説雪絶舌蝉仙先千占宣専尖川戦扇撰栓栴泉浅洗染潜煎煽旋穿箭線"],
-["9140","繊羨腺舛船薦詮賎践選遷銭銑閃鮮前善漸然全禅繕膳糎噌塑岨措曾曽楚狙疏疎礎祖租粗素組蘇訴阻遡鼠僧創双叢倉喪壮奏爽宋層匝惣想捜掃挿掻"],
-["9180","操早曹巣槍槽漕燥争痩相窓糟総綜聡草荘葬蒼藻装走送遭鎗霜騒像増憎臓蔵贈造促側則即息捉束測足速俗属賊族続卒袖其揃存孫尊損村遜他多太汰詑唾堕妥惰打柁舵楕陀駄騨体堆対耐岱帯待怠態戴替泰滞胎腿苔袋貸退逮隊黛鯛代台大第醍題鷹滝瀧卓啄宅托択拓沢濯琢託鐸濁諾茸凧蛸只"],
-["9240","叩但達辰奪脱巽竪辿棚谷狸鱈樽誰丹単嘆坦担探旦歎淡湛炭短端箪綻耽胆蛋誕鍛団壇弾断暖檀段男談値知地弛恥智池痴稚置致蜘遅馳築畜竹筑蓄"],
-["9280","逐秩窒茶嫡着中仲宙忠抽昼柱注虫衷註酎鋳駐樗瀦猪苧著貯丁兆凋喋寵帖帳庁弔張彫徴懲挑暢朝潮牒町眺聴脹腸蝶調諜超跳銚長頂鳥勅捗直朕沈珍賃鎮陳津墜椎槌追鎚痛通塚栂掴槻佃漬柘辻蔦綴鍔椿潰坪壷嬬紬爪吊釣鶴亭低停偵剃貞呈堤定帝底庭廷弟悌抵挺提梯汀碇禎程締艇訂諦蹄逓"],
-["9340","邸鄭釘鼎泥摘擢敵滴的笛適鏑溺哲徹撤轍迭鉄典填天展店添纏甜貼転顛点伝殿澱田電兎吐堵塗妬屠徒斗杜渡登菟賭途都鍍砥砺努度土奴怒倒党冬"],
-["9380","凍刀唐塔塘套宕島嶋悼投搭東桃梼棟盗淘湯涛灯燈当痘祷等答筒糖統到董蕩藤討謄豆踏逃透鐙陶頭騰闘働動同堂導憧撞洞瞳童胴萄道銅峠鴇匿得徳涜特督禿篤毒独読栃橡凸突椴届鳶苫寅酉瀞噸屯惇敦沌豚遁頓呑曇鈍奈那内乍凪薙謎灘捺鍋楢馴縄畷南楠軟難汝二尼弐迩匂賑肉虹廿日乳入"],
-["9440","如尿韮任妊忍認濡禰祢寧葱猫熱年念捻撚燃粘乃廼之埜嚢悩濃納能脳膿農覗蚤巴把播覇杷波派琶破婆罵芭馬俳廃拝排敗杯盃牌背肺輩配倍培媒梅"],
-["9480","楳煤狽買売賠陪這蝿秤矧萩伯剥博拍柏泊白箔粕舶薄迫曝漠爆縛莫駁麦函箱硲箸肇筈櫨幡肌畑畠八鉢溌発醗髪伐罰抜筏閥鳩噺塙蛤隼伴判半反叛帆搬斑板氾汎版犯班畔繁般藩販範釆煩頒飯挽晩番盤磐蕃蛮匪卑否妃庇彼悲扉批披斐比泌疲皮碑秘緋罷肥被誹費避非飛樋簸備尾微枇毘琵眉美"],
-["9540","鼻柊稗匹疋髭彦膝菱肘弼必畢筆逼桧姫媛紐百謬俵彪標氷漂瓢票表評豹廟描病秒苗錨鋲蒜蛭鰭品彬斌浜瀕貧賓頻敏瓶不付埠夫婦富冨布府怖扶敷"],
-["9580","斧普浮父符腐膚芙譜負賦赴阜附侮撫武舞葡蕪部封楓風葺蕗伏副復幅服福腹複覆淵弗払沸仏物鮒分吻噴墳憤扮焚奮粉糞紛雰文聞丙併兵塀幣平弊柄並蔽閉陛米頁僻壁癖碧別瞥蔑箆偏変片篇編辺返遍便勉娩弁鞭保舗鋪圃捕歩甫補輔穂募墓慕戊暮母簿菩倣俸包呆報奉宝峰峯崩庖抱捧放方朋"],
-["9640","法泡烹砲縫胞芳萌蓬蜂褒訪豊邦鋒飽鳳鵬乏亡傍剖坊妨帽忘忙房暴望某棒冒紡肪膨謀貌貿鉾防吠頬北僕卜墨撲朴牧睦穆釦勃没殆堀幌奔本翻凡盆"],
-["9680","摩磨魔麻埋妹昧枚毎哩槙幕膜枕鮪柾鱒桝亦俣又抹末沫迄侭繭麿万慢満漫蔓味未魅巳箕岬密蜜湊蓑稔脈妙粍民眠務夢無牟矛霧鵡椋婿娘冥名命明盟迷銘鳴姪牝滅免棉綿緬面麺摸模茂妄孟毛猛盲網耗蒙儲木黙目杢勿餅尤戻籾貰問悶紋門匁也冶夜爺耶野弥矢厄役約薬訳躍靖柳薮鑓愉愈油癒"],
-["9740","諭輸唯佑優勇友宥幽悠憂揖有柚湧涌猶猷由祐裕誘遊邑郵雄融夕予余与誉輿預傭幼妖容庸揚揺擁曜楊様洋溶熔用窯羊耀葉蓉要謡踊遥陽養慾抑欲"],
-["9780","沃浴翌翼淀羅螺裸来莱頼雷洛絡落酪乱卵嵐欄濫藍蘭覧利吏履李梨理璃痢裏裡里離陸律率立葎掠略劉流溜琉留硫粒隆竜龍侶慮旅虜了亮僚両凌寮料梁涼猟療瞭稜糧良諒遼量陵領力緑倫厘林淋燐琳臨輪隣鱗麟瑠塁涙累類令伶例冷励嶺怜玲礼苓鈴隷零霊麗齢暦歴列劣烈裂廉恋憐漣煉簾練聯"],
-["9840","蓮連錬呂魯櫓炉賂路露労婁廊弄朗楼榔浪漏牢狼篭老聾蝋郎六麓禄肋録論倭和話歪賄脇惑枠鷲亙亘鰐詫藁蕨椀湾碗腕"],
-["989f","弌丐丕个丱丶丼丿乂乖乘亂亅豫亊舒弍于亞亟亠亢亰亳亶从仍仄仆仂仗仞仭仟价伉佚估佛佝佗佇佶侈侏侘佻佩佰侑佯來侖儘俔俟俎俘俛俑俚俐俤俥倚倨倔倪倥倅伜俶倡倩倬俾俯們倆偃假會偕偐偈做偖偬偸傀傚傅傴傲"],
-["9940","僉僊傳僂僖僞僥僭僣僮價僵儉儁儂儖儕儔儚儡儺儷儼儻儿兀兒兌兔兢竸兩兪兮冀冂囘册冉冏冑冓冕冖冤冦冢冩冪冫决冱冲冰况冽凅凉凛几處凩凭"],
-["9980","凰凵凾刄刋刔刎刧刪刮刳刹剏剄剋剌剞剔剪剴剩剳剿剽劍劔劒剱劈劑辨辧劬劭劼劵勁勍勗勞勣勦飭勠勳勵勸勹匆匈甸匍匐匏匕匚匣匯匱匳匸區卆卅丗卉卍凖卞卩卮夘卻卷厂厖厠厦厥厮厰厶參簒雙叟曼燮叮叨叭叺吁吽呀听吭吼吮吶吩吝呎咏呵咎呟呱呷呰咒呻咀呶咄咐咆哇咢咸咥咬哄哈咨"],
-["9a40","咫哂咤咾咼哘哥哦唏唔哽哮哭哺哢唹啀啣啌售啜啅啖啗唸唳啝喙喀咯喊喟啻啾喘喞單啼喃喩喇喨嗚嗅嗟嗄嗜嗤嗔嘔嗷嘖嗾嗽嘛嗹噎噐營嘴嘶嘲嘸"],
-["9a80","噫噤嘯噬噪嚆嚀嚊嚠嚔嚏嚥嚮嚶嚴囂嚼囁囃囀囈囎囑囓囗囮囹圀囿圄圉圈國圍圓團圖嗇圜圦圷圸坎圻址坏坩埀垈坡坿垉垓垠垳垤垪垰埃埆埔埒埓堊埖埣堋堙堝塲堡塢塋塰毀塒堽塹墅墹墟墫墺壞墻墸墮壅壓壑壗壙壘壥壜壤壟壯壺壹壻壼壽夂夊夐夛梦夥夬夭夲夸夾竒奕奐奎奚奘奢奠奧奬奩"],
-["9b40","奸妁妝佞侫妣妲姆姨姜妍姙姚娥娟娑娜娉娚婀婬婉娵娶婢婪媚媼媾嫋嫂媽嫣嫗嫦嫩嫖嫺嫻嬌嬋嬖嬲嫐嬪嬶嬾孃孅孀孑孕孚孛孥孩孰孳孵學斈孺宀"],
-["9b80","它宦宸寃寇寉寔寐寤實寢寞寥寫寰寶寳尅將專對尓尠尢尨尸尹屁屆屎屓屐屏孱屬屮乢屶屹岌岑岔妛岫岻岶岼岷峅岾峇峙峩峽峺峭嶌峪崋崕崗嵜崟崛崑崔崢崚崙崘嵌嵒嵎嵋嵬嵳嵶嶇嶄嶂嶢嶝嶬嶮嶽嶐嶷嶼巉巍巓巒巖巛巫已巵帋帚帙帑帛帶帷幄幃幀幎幗幔幟幢幤幇幵并幺麼广庠廁廂廈廐廏"],
-["9c40","廖廣廝廚廛廢廡廨廩廬廱廳廰廴廸廾弃弉彝彜弋弑弖弩弭弸彁彈彌彎弯彑彖彗彙彡彭彳彷徃徂彿徊很徑徇從徙徘徠徨徭徼忖忻忤忸忱忝悳忿怡恠"],
-["9c80","怙怐怩怎怱怛怕怫怦怏怺恚恁恪恷恟恊恆恍恣恃恤恂恬恫恙悁悍惧悃悚悄悛悖悗悒悧悋惡悸惠惓悴忰悽惆悵惘慍愕愆惶惷愀惴惺愃愡惻惱愍愎慇愾愨愧慊愿愼愬愴愽慂慄慳慷慘慙慚慫慴慯慥慱慟慝慓慵憙憖憇憬憔憚憊憑憫憮懌懊應懷懈懃懆憺懋罹懍懦懣懶懺懴懿懽懼懾戀戈戉戍戌戔戛"],
-["9d40","戞戡截戮戰戲戳扁扎扞扣扛扠扨扼抂抉找抒抓抖拔抃抔拗拑抻拏拿拆擔拈拜拌拊拂拇抛拉挌拮拱挧挂挈拯拵捐挾捍搜捏掖掎掀掫捶掣掏掉掟掵捫"],
-["9d80","捩掾揩揀揆揣揉插揶揄搖搴搆搓搦搶攝搗搨搏摧摯摶摎攪撕撓撥撩撈撼據擒擅擇撻擘擂擱擧舉擠擡抬擣擯攬擶擴擲擺攀擽攘攜攅攤攣攫攴攵攷收攸畋效敖敕敍敘敞敝敲數斂斃變斛斟斫斷旃旆旁旄旌旒旛旙无旡旱杲昊昃旻杳昵昶昴昜晏晄晉晁晞晝晤晧晨晟晢晰暃暈暎暉暄暘暝曁暹曉暾暼"],
-["9e40","曄暸曖曚曠昿曦曩曰曵曷朏朖朞朦朧霸朮朿朶杁朸朷杆杞杠杙杣杤枉杰枩杼杪枌枋枦枡枅枷柯枴柬枳柩枸柤柞柝柢柮枹柎柆柧檜栞框栩桀桍栲桎"],
-["9e80","梳栫桙档桷桿梟梏梭梔條梛梃檮梹桴梵梠梺椏梍桾椁棊椈棘椢椦棡椌棍棔棧棕椶椒椄棗棣椥棹棠棯椨椪椚椣椡棆楹楷楜楸楫楔楾楮椹楴椽楙椰楡楞楝榁楪榲榮槐榿槁槓榾槎寨槊槝榻槃榧樮榑榠榜榕榴槞槨樂樛槿權槹槲槧樅榱樞槭樔槫樊樒櫁樣樓橄樌橲樶橸橇橢橙橦橈樸樢檐檍檠檄檢檣"],
-["9f40","檗蘗檻櫃櫂檸檳檬櫞櫑櫟檪櫚櫪櫻欅蘖櫺欒欖鬱欟欸欷盜欹飮歇歃歉歐歙歔歛歟歡歸歹歿殀殄殃殍殘殕殞殤殪殫殯殲殱殳殷殼毆毋毓毟毬毫毳毯"],
-["9f80","麾氈氓气氛氤氣汞汕汢汪沂沍沚沁沛汾汨汳沒沐泄泱泓沽泗泅泝沮沱沾沺泛泯泙泪洟衍洶洫洽洸洙洵洳洒洌浣涓浤浚浹浙涎涕濤涅淹渕渊涵淇淦涸淆淬淞淌淨淒淅淺淙淤淕淪淮渭湮渮渙湲湟渾渣湫渫湶湍渟湃渺湎渤滿渝游溂溪溘滉溷滓溽溯滄溲滔滕溏溥滂溟潁漑灌滬滸滾漿滲漱滯漲滌"],
-["e040","漾漓滷澆潺潸澁澀潯潛濳潭澂潼潘澎澑濂潦澳澣澡澤澹濆澪濟濕濬濔濘濱濮濛瀉瀋濺瀑瀁瀏濾瀛瀚潴瀝瀘瀟瀰瀾瀲灑灣炙炒炯烱炬炸炳炮烟烋烝"],
-["e080","烙焉烽焜焙煥煕熈煦煢煌煖煬熏燻熄熕熨熬燗熹熾燒燉燔燎燠燬燧燵燼燹燿爍爐爛爨爭爬爰爲爻爼爿牀牆牋牘牴牾犂犁犇犒犖犢犧犹犲狃狆狄狎狒狢狠狡狹狷倏猗猊猜猖猝猴猯猩猥猾獎獏默獗獪獨獰獸獵獻獺珈玳珎玻珀珥珮珞璢琅瑯琥珸琲琺瑕琿瑟瑙瑁瑜瑩瑰瑣瑪瑶瑾璋璞璧瓊瓏瓔珱"],
-["e140","瓠瓣瓧瓩瓮瓲瓰瓱瓸瓷甄甃甅甌甎甍甕甓甞甦甬甼畄畍畊畉畛畆畚畩畤畧畫畭畸當疆疇畴疊疉疂疔疚疝疥疣痂疳痃疵疽疸疼疱痍痊痒痙痣痞痾痿"],
-["e180","痼瘁痰痺痲痳瘋瘍瘉瘟瘧瘠瘡瘢瘤瘴瘰瘻癇癈癆癜癘癡癢癨癩癪癧癬癰癲癶癸發皀皃皈皋皎皖皓皙皚皰皴皸皹皺盂盍盖盒盞盡盥盧盪蘯盻眈眇眄眩眤眞眥眦眛眷眸睇睚睨睫睛睥睿睾睹瞎瞋瞑瞠瞞瞰瞶瞹瞿瞼瞽瞻矇矍矗矚矜矣矮矼砌砒礦砠礪硅碎硴碆硼碚碌碣碵碪碯磑磆磋磔碾碼磅磊磬"],
-["e240","磧磚磽磴礇礒礑礙礬礫祀祠祗祟祚祕祓祺祿禊禝禧齋禪禮禳禹禺秉秕秧秬秡秣稈稍稘稙稠稟禀稱稻稾稷穃穗穉穡穢穩龝穰穹穽窈窗窕窘窖窩竈窰"],
-["e280","窶竅竄窿邃竇竊竍竏竕竓站竚竝竡竢竦竭竰笂笏笊笆笳笘笙笞笵笨笶筐筺笄筍笋筌筅筵筥筴筧筰筱筬筮箝箘箟箍箜箚箋箒箏筝箙篋篁篌篏箴篆篝篩簑簔篦篥籠簀簇簓篳篷簗簍篶簣簧簪簟簷簫簽籌籃籔籏籀籐籘籟籤籖籥籬籵粃粐粤粭粢粫粡粨粳粲粱粮粹粽糀糅糂糘糒糜糢鬻糯糲糴糶糺紆"],
-["e340","紂紜紕紊絅絋紮紲紿紵絆絳絖絎絲絨絮絏絣經綉絛綏絽綛綺綮綣綵緇綽綫總綢綯緜綸綟綰緘緝緤緞緻緲緡縅縊縣縡縒縱縟縉縋縢繆繦縻縵縹繃縷"],
-["e380","縲縺繧繝繖繞繙繚繹繪繩繼繻纃緕繽辮繿纈纉續纒纐纓纔纖纎纛纜缸缺罅罌罍罎罐网罕罔罘罟罠罨罩罧罸羂羆羃羈羇羌羔羞羝羚羣羯羲羹羮羶羸譱翅翆翊翕翔翡翦翩翳翹飜耆耄耋耒耘耙耜耡耨耿耻聊聆聒聘聚聟聢聨聳聲聰聶聹聽聿肄肆肅肛肓肚肭冐肬胛胥胙胝胄胚胖脉胯胱脛脩脣脯腋"],
-["e440","隋腆脾腓腑胼腱腮腥腦腴膃膈膊膀膂膠膕膤膣腟膓膩膰膵膾膸膽臀臂膺臉臍臑臙臘臈臚臟臠臧臺臻臾舁舂舅與舊舍舐舖舩舫舸舳艀艙艘艝艚艟艤"],
-["e480","艢艨艪艫舮艱艷艸艾芍芒芫芟芻芬苡苣苟苒苴苳苺莓范苻苹苞茆苜茉苙茵茴茖茲茱荀茹荐荅茯茫茗茘莅莚莪莟莢莖茣莎莇莊荼莵荳荵莠莉莨菴萓菫菎菽萃菘萋菁菷萇菠菲萍萢萠莽萸蔆菻葭萪萼蕚蒄葷葫蒭葮蒂葩葆萬葯葹萵蓊葢蒹蒿蒟蓙蓍蒻蓚蓐蓁蓆蓖蒡蔡蓿蓴蔗蔘蔬蔟蔕蔔蓼蕀蕣蕘蕈"],
-["e540","蕁蘂蕋蕕薀薤薈薑薊薨蕭薔薛藪薇薜蕷蕾薐藉薺藏薹藐藕藝藥藜藹蘊蘓蘋藾藺蘆蘢蘚蘰蘿虍乕虔號虧虱蚓蚣蚩蚪蚋蚌蚶蚯蛄蛆蚰蛉蠣蚫蛔蛞蛩蛬"],
-["e580","蛟蛛蛯蜒蜆蜈蜀蜃蛻蜑蜉蜍蛹蜊蜴蜿蜷蜻蜥蜩蜚蝠蝟蝸蝌蝎蝴蝗蝨蝮蝙蝓蝣蝪蠅螢螟螂螯蟋螽蟀蟐雖螫蟄螳蟇蟆螻蟯蟲蟠蠏蠍蟾蟶蟷蠎蟒蠑蠖蠕蠢蠡蠱蠶蠹蠧蠻衄衂衒衙衞衢衫袁衾袞衵衽袵衲袂袗袒袮袙袢袍袤袰袿袱裃裄裔裘裙裝裹褂裼裴裨裲褄褌褊褓襃褞褥褪褫襁襄褻褶褸襌褝襠襞"],
-["e640","襦襤襭襪襯襴襷襾覃覈覊覓覘覡覩覦覬覯覲覺覽覿觀觚觜觝觧觴觸訃訖訐訌訛訝訥訶詁詛詒詆詈詼詭詬詢誅誂誄誨誡誑誥誦誚誣諄諍諂諚諫諳諧"],
-["e680","諤諱謔諠諢諷諞諛謌謇謚諡謖謐謗謠謳鞫謦謫謾謨譁譌譏譎證譖譛譚譫譟譬譯譴譽讀讌讎讒讓讖讙讚谺豁谿豈豌豎豐豕豢豬豸豺貂貉貅貊貍貎貔豼貘戝貭貪貽貲貳貮貶賈賁賤賣賚賽賺賻贄贅贊贇贏贍贐齎贓賍贔贖赧赭赱赳趁趙跂趾趺跏跚跖跌跛跋跪跫跟跣跼踈踉跿踝踞踐踟蹂踵踰踴蹊"],
-["e740","蹇蹉蹌蹐蹈蹙蹤蹠踪蹣蹕蹶蹲蹼躁躇躅躄躋躊躓躑躔躙躪躡躬躰軆躱躾軅軈軋軛軣軼軻軫軾輊輅輕輒輙輓輜輟輛輌輦輳輻輹轅轂輾轌轉轆轎轗轜"],
-["e780","轢轣轤辜辟辣辭辯辷迚迥迢迪迯邇迴逅迹迺逑逕逡逍逞逖逋逧逶逵逹迸遏遐遑遒逎遉逾遖遘遞遨遯遶隨遲邂遽邁邀邊邉邏邨邯邱邵郢郤扈郛鄂鄒鄙鄲鄰酊酖酘酣酥酩酳酲醋醉醂醢醫醯醪醵醴醺釀釁釉釋釐釖釟釡釛釼釵釶鈞釿鈔鈬鈕鈑鉞鉗鉅鉉鉤鉈銕鈿鉋鉐銜銖銓銛鉚鋏銹銷鋩錏鋺鍄錮"],
-["e840","錙錢錚錣錺錵錻鍜鍠鍼鍮鍖鎰鎬鎭鎔鎹鏖鏗鏨鏥鏘鏃鏝鏐鏈鏤鐚鐔鐓鐃鐇鐐鐶鐫鐵鐡鐺鑁鑒鑄鑛鑠鑢鑞鑪鈩鑰鑵鑷鑽鑚鑼鑾钁鑿閂閇閊閔閖閘閙"],
-["e880","閠閨閧閭閼閻閹閾闊濶闃闍闌闕闔闖關闡闥闢阡阨阮阯陂陌陏陋陷陜陞陝陟陦陲陬隍隘隕隗險隧隱隲隰隴隶隸隹雎雋雉雍襍雜霍雕雹霄霆霈霓霎霑霏霖霙霤霪霰霹霽霾靄靆靈靂靉靜靠靤靦靨勒靫靱靹鞅靼鞁靺鞆鞋鞏鞐鞜鞨鞦鞣鞳鞴韃韆韈韋韜韭齏韲竟韶韵頏頌頸頤頡頷頽顆顏顋顫顯顰"],
-["e940","顱顴顳颪颯颱颶飄飃飆飩飫餃餉餒餔餘餡餝餞餤餠餬餮餽餾饂饉饅饐饋饑饒饌饕馗馘馥馭馮馼駟駛駝駘駑駭駮駱駲駻駸騁騏騅駢騙騫騷驅驂驀驃"],
-["e980","騾驕驍驛驗驟驢驥驤驩驫驪骭骰骼髀髏髑髓體髞髟髢髣髦髯髫髮髴髱髷髻鬆鬘鬚鬟鬢鬣鬥鬧鬨鬩鬪鬮鬯鬲魄魃魏魍魎魑魘魴鮓鮃鮑鮖鮗鮟鮠鮨鮴鯀鯊鮹鯆鯏鯑鯒鯣鯢鯤鯔鯡鰺鯲鯱鯰鰕鰔鰉鰓鰌鰆鰈鰒鰊鰄鰮鰛鰥鰤鰡鰰鱇鰲鱆鰾鱚鱠鱧鱶鱸鳧鳬鳰鴉鴈鳫鴃鴆鴪鴦鶯鴣鴟鵄鴕鴒鵁鴿鴾鵆鵈"],
-["ea40","鵝鵞鵤鵑鵐鵙鵲鶉鶇鶫鵯鵺鶚鶤鶩鶲鷄鷁鶻鶸鶺鷆鷏鷂鷙鷓鷸鷦鷭鷯鷽鸚鸛鸞鹵鹹鹽麁麈麋麌麒麕麑麝麥麩麸麪麭靡黌黎黏黐黔黜點黝黠黥黨黯"],
-["ea80","黴黶黷黹黻黼黽鼇鼈皷鼕鼡鼬鼾齊齒齔齣齟齠齡齦齧齬齪齷齲齶龕龜龠堯槇遙瑤凜熙"],
-["ed40","纊褜鍈銈蓜俉炻昱棈鋹曻彅丨仡仼伀伃伹佖侒侊侚侔俍偀倢俿倞偆偰偂傔僴僘兊兤冝冾凬刕劜劦勀勛匀匇匤卲厓厲叝﨎咜咊咩哿喆坙坥垬埈埇﨏"],
-["ed80","塚增墲夋奓奛奝奣妤妺孖寀甯寘寬尞岦岺峵崧嵓﨑嵂嵭嶸嶹巐弡弴彧德忞恝悅悊惞惕愠惲愑愷愰憘戓抦揵摠撝擎敎昀昕昻昉昮昞昤晥晗晙晴晳暙暠暲暿曺朎朗杦枻桒柀栁桄棏﨓楨﨔榘槢樰橫橆橳橾櫢櫤毖氿汜沆汯泚洄涇浯涖涬淏淸淲淼渹湜渧渼溿澈澵濵瀅瀇瀨炅炫焏焄煜煆煇凞燁燾犱"],
-["ee40","犾猤猪獷玽珉珖珣珒琇珵琦琪琩琮瑢璉璟甁畯皂皜皞皛皦益睆劯砡硎硤硺礰礼神祥禔福禛竑竧靖竫箞精絈絜綷綠緖繒罇羡羽茁荢荿菇菶葈蒴蕓蕙"],
-["ee80","蕫﨟薰蘒﨡蠇裵訒訷詹誧誾諟諸諶譓譿賰賴贒赶﨣軏﨤逸遧郞都鄕鄧釚釗釞釭釮釤釥鈆鈐鈊鈺鉀鈼鉎鉙鉑鈹鉧銧鉷鉸鋧鋗鋙鋐﨧鋕鋠鋓錥錡鋻﨨錞鋿錝錂鍰鍗鎤鏆鏞鏸鐱鑅鑈閒隆﨩隝隯霳霻靃靍靏靑靕顗顥飯飼餧館馞驎髙髜魵魲鮏鮱鮻鰀鵰鵫鶴鸙黑"],
-["eeef","ⅰ",9,"￢￤＇＂"],
-["f040","",62],
-["f080","",124],
-["f140","",62],
-["f180","",124],
-["f240","",62],
-["f280","",124],
-["f340","",62],
-["f380","",124],
-["f440","",62],
-["f480","",124],
-["f540","",62],
-["f580","",124],
-["f640","",62],
-["f680","",124],
-["f740","",62],
-["f780","",124],
-["f840","",62],
-["f880","",124],
-["f940",""],
-["fa40","ⅰ",9,"Ⅰ",9,"￢￤＇＂㈱№℡∵纊褜鍈銈蓜俉炻昱棈鋹曻彅丨仡仼伀伃伹佖侒侊侚侔俍偀倢俿倞偆偰偂傔僴僘兊"],
-["fa80","兤冝冾凬刕劜劦勀勛匀匇匤卲厓厲叝﨎咜咊咩哿喆坙坥垬埈埇﨏塚增墲夋奓奛奝奣妤妺孖寀甯寘寬尞岦岺峵崧嵓﨑嵂嵭嶸嶹巐弡弴彧德忞恝悅悊惞惕愠惲愑愷愰憘戓抦揵摠撝擎敎昀昕昻昉昮昞昤晥晗晙晴晳暙暠暲暿曺朎朗杦枻桒柀栁桄棏﨓楨﨔榘槢樰橫橆橳橾櫢櫤毖氿汜沆汯泚洄涇浯"],
-["fb40","涖涬淏淸淲淼渹湜渧渼溿澈澵濵瀅瀇瀨炅炫焏焄煜煆煇凞燁燾犱犾猤猪獷玽珉珖珣珒琇珵琦琪琩琮瑢璉璟甁畯皂皜皞皛皦益睆劯砡硎硤硺礰礼神"],
-["fb80","祥禔福禛竑竧靖竫箞精絈絜綷綠緖繒罇羡羽茁荢荿菇菶葈蒴蕓蕙蕫﨟薰蘒﨡蠇裵訒訷詹誧誾諟諸諶譓譿賰賴贒赶﨣軏﨤逸遧郞都鄕鄧釚釗釞釭釮釤釥鈆鈐鈊鈺鉀鈼鉎鉙鉑鈹鉧銧鉷鉸鋧鋗鋙鋐﨧鋕鋠鋓錥錡鋻﨨錞鋿錝錂鍰鍗鎤鏆鏞鏸鐱鑅鑈閒隆﨩隝隯霳霻靃靍靏靑靕顗顥飯飼餧館馞驎髙"],
-["fc40","髜魵魲鮏鮱鮻鰀鵰鵫鶴鸙黑"]
-]
diff --git a/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/utf16.js b/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/utf16.js
deleted file mode 100644
index 54765ae..0000000
--- a/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/utf16.js
+++ /dev/null
@@ -1,177 +0,0 @@
-"use strict";
-var Buffer = require("safer-buffer").Buffer;
-
-// Note: UTF16-LE (or UCS2) codec is Node.js native. See encodings/internal.js
-
-// == UTF16-BE codec. ==========================================================
-
-exports.utf16be = Utf16BECodec;
-function Utf16BECodec() {
-}
-
-Utf16BECodec.prototype.encoder = Utf16BEEncoder;
-Utf16BECodec.prototype.decoder = Utf16BEDecoder;
-Utf16BECodec.prototype.bomAware = true;
-
-
-// -- Encoding
-
-function Utf16BEEncoder() {
-}
-
-Utf16BEEncoder.prototype.write = function(str) {
-    var buf = Buffer.from(str, 'ucs2');
-    for (var i = 0; i < buf.length; i += 2) {
-        var tmp = buf[i]; buf[i] = buf[i+1]; buf[i+1] = tmp;
-    }
-    return buf;
-}
-
-Utf16BEEncoder.prototype.end = function() {
-}
-
-
-// -- Decoding
-
-function Utf16BEDecoder() {
-    this.overflowByte = -1;
-}
-
-Utf16BEDecoder.prototype.write = function(buf) {
-    if (buf.length == 0)
-        return '';
-
-    var buf2 = Buffer.alloc(buf.length + 1),
-        i = 0, j = 0;
-
-    if (this.overflowByte !== -1) {
-        buf2[0] = buf[0];
-        buf2[1] = this.overflowByte;
-        i = 1; j = 2;
-    }
-
-    for (; i < buf.length-1; i += 2, j+= 2) {
-        buf2[j] = buf[i+1];
-        buf2[j+1] = buf[i];
-    }
-
-    this.overflowByte = (i == buf.length-1) ? buf[buf.length-1] : -1;
-
-    return buf2.slice(0, j).toString('ucs2');
-}
-
-Utf16BEDecoder.prototype.end = function() {
-}
-
-
-// == UTF-16 codec =============================================================
-// Decoder chooses automatically from UTF-16LE and UTF-16BE using BOM and space-based heuristic.
-// Defaults to UTF-16LE, as it's prevalent and default in Node.
-// http://en.wikipedia.org/wiki/UTF-16 and http://encoding.spec.whatwg.org/#utf-16le
-// Decoder default can be changed: iconv.decode(buf, 'utf16', {defaultEncoding: 'utf-16be'});
-
-// Encoder uses UTF-16LE and prepends BOM (which can be overridden with addBOM: false).
-
-exports.utf16 = Utf16Codec;
-function Utf16Codec(codecOptions, iconv) {
-    this.iconv = iconv;
-}
-
-Utf16Codec.prototype.encoder = Utf16Encoder;
-Utf16Codec.prototype.decoder = Utf16Decoder;
-
-
-// -- Encoding (pass-through)
-
-function Utf16Encoder(options, codec) {
-    options = options || {};
-    if (options.addBOM === undefined)
-        options.addBOM = true;
-    this.encoder = codec.iconv.getEncoder('utf-16le', options);
-}
-
-Utf16Encoder.prototype.write = function(str) {
-    return this.encoder.write(str);
-}
-
-Utf16Encoder.prototype.end = function() {
-    return this.encoder.end();
-}
-
-
-// -- Decoding
-
-function Utf16Decoder(options, codec) {
-    this.decoder = null;
-    this.initialBytes = [];
-    this.initialBytesLen = 0;
-
-    this.options = options || {};
-    this.iconv = codec.iconv;
-}
-
-Utf16Decoder.prototype.write = function(buf) {
-    if (!this.decoder) {
-        // Codec is not chosen yet. Accumulate initial bytes.
-        this.initialBytes.push(buf);
-        this.initialBytesLen += buf.length;
-        
-        if (this.initialBytesLen < 16) // We need more bytes to use space heuristic (see below)
-            return '';
-
-        // We have enough bytes -> detect endianness.
-        var buf = Buffer.concat(this.initialBytes),
-            encoding = detectEncoding(buf, this.options.defaultEncoding);
-        this.decoder = this.iconv.getDecoder(encoding, this.options);
-        this.initialBytes.length = this.initialBytesLen = 0;
-    }
-
-    return this.decoder.write(buf);
-}
-
-Utf16Decoder.prototype.end = function() {
-    if (!this.decoder) {
-        var buf = Buffer.concat(this.initialBytes),
-            encoding = detectEncoding(buf, this.options.defaultEncoding);
-        this.decoder = this.iconv.getDecoder(encoding, this.options);
-
-        var res = this.decoder.write(buf),
-            trail = this.decoder.end();
-
-        return trail ? (res + trail) : res;
-    }
-    return this.decoder.end();
-}
-
-function detectEncoding(buf, defaultEncoding) {
-    var enc = defaultEncoding || 'utf-16le';
-
-    if (buf.length >= 2) {
-        // Check BOM.
-        if (buf[0] == 0xFE && buf[1] == 0xFF) // UTF-16BE BOM
-            enc = 'utf-16be';
-        else if (buf[0] == 0xFF && buf[1] == 0xFE) // UTF-16LE BOM
-            enc = 'utf-16le';
-        else {
-            // No BOM found. Try to deduce encoding from initial content.
-            // Most of the time, the content has ASCII chars (U+00**), but the opposite (U+**00) is uncommon.
-            // So, we count ASCII as if it was LE or BE, and decide from that.
-            var asciiCharsLE = 0, asciiCharsBE = 0, // Counts of chars in both positions
-                _len = Math.min(buf.length - (buf.length % 2), 64); // Len is always even.
-
-            for (var i = 0; i < _len; i += 2) {
-                if (buf[i] === 0 && buf[i+1] !== 0) asciiCharsBE++;
-                if (buf[i] !== 0 && buf[i+1] === 0) asciiCharsLE++;
-            }
-
-            if (asciiCharsBE > asciiCharsLE)
-                enc = 'utf-16be';
-            else if (asciiCharsBE < asciiCharsLE)
-                enc = 'utf-16le';
-        }
-    }
-
-    return enc;
-}
-
-
diff --git a/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/utf7.js b/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/utf7.js
deleted file mode 100644
index b7631c2..0000000
--- a/src/Servers/ExpressServer/node_modules/iconv-lite/encodings/utf7.js
+++ /dev/null
@@ -1,290 +0,0 @@
-"use strict";
-var Buffer = require("safer-buffer").Buffer;
-
-// UTF-7 codec, according to https://tools.ietf.org/html/rfc2152
-// See also below a UTF-7-IMAP codec, according to http://tools.ietf.org/html/rfc3501#section-5.1.3
-
-exports.utf7 = Utf7Codec;
-exports.unicode11utf7 = 'utf7'; // Alias UNICODE-1-1-UTF-7
-function Utf7Codec(codecOptions, iconv) {
-    this.iconv = iconv;
-};
-
-Utf7Codec.prototype.encoder = Utf7Encoder;
-Utf7Codec.prototype.decoder = Utf7Decoder;
-Utf7Codec.prototype.bomAware = true;
-
-
-// -- Encoding
-
-var nonDirectChars = /[^A-Za-z0-9'\(\),-\.\/:\? \n\r\t]+/g;
-
-function Utf7Encoder(options, codec) {
-    this.iconv = codec.iconv;
-}
-
-Utf7Encoder.prototype.write = function(str) {
-    // Naive implementation.
-    // Non-direct chars are encoded as "+<base64>-"; single "+" char is encoded as "+-".
-    return Buffer.from(str.replace(nonDirectChars, function(chunk) {
-        return "+" + (chunk === '+' ? '' : 
-            this.iconv.encode(chunk, 'utf16-be').toString('base64').replace(/=+$/, '')) 
-            + "-";
-    }.bind(this)));
-}
-
-Utf7Encoder.prototype.end = function() {
-}
-
-
-// -- Decoding
-
-function Utf7Decoder(options, codec) {
-    this.iconv = codec.iconv;
-    this.inBase64 = false;
-    this.base64Accum = '';
-}
-
-var base64Regex = /[A-Za-z0-9\/+]/;
-var base64Chars = [];
-for (var i = 0; i < 256; i++)
-    base64Chars[i] = base64Regex.test(String.fromCharCode(i));
-
-var plusChar = '+'.charCodeAt(0), 
-    minusChar = '-'.charCodeAt(0),
-    andChar = '&'.charCodeAt(0);
-
-Utf7Decoder.prototype.write = function(buf) {
-    var res = "", lastI = 0,
-        inBase64 = this.inBase64,
-        base64Accum = this.base64Accum;
-
-    // The decoder is more involved as we must handle chunks in stream.
-
-    for (var i = 0; i < buf.length; i++) {
-        if (!inBase64) { // We're in direct mode.
-            // Write direct chars until '+'
-            if (buf[i] == plusChar) {
-                res += this.iconv.decode(buf.slice(lastI, i), "ascii"); // Write direct chars.
-                lastI = i+1;
-                inBase64 = true;
-            }
-        } else { // We decode base64.
-            if (!base64Chars[buf[i]]) { // Base64 ended.
-                if (i == lastI && buf[i] == minusChar) {// "+-" -> "+"
-                    res += "+";
-                } else {
-                    var b64str = base64Accum + buf.slice(lastI, i).toString();
-                    res += this.iconv.decode(Buffer.from(b64str, 'base64'), "utf16-be");
-                }
-
-                if (buf[i] != minusChar) // Minus is absorbed after base64.
-                    i--;
-
-                lastI = i+1;
-                inBase64 = false;
-                base64Accum = '';
-            }
-        }
-    }
-
-    if (!inBase64) {
-        res += this.iconv.decode(buf.slice(lastI), "ascii"); // Write direct chars.
-    } else {
-        var b64str = base64Accum + buf.slice(lastI).toString();
-
-        var canBeDecoded = b64str.length - (b64str.length % 8); // Minimal chunk: 2 quads -> 2x3 bytes -> 3 chars.
-        base64Accum = b64str.slice(canBeDecoded); // The rest will be decoded in future.
-        b64str = b64str.slice(0, canBeDecoded);
-
-        res += this.iconv.decode(Buffer.from(b64str, 'base64'), "utf16-be");
-    }
-
-    this.inBase64 = inBase64;
-    this.base64Accum = base64Accum;
-
-    return res;
-}
-
-Utf7Decoder.prototype.end = function() {
-    var res = "";
-    if (this.inBase64 && this.base64Accum.length > 0)
-        res = this.iconv.decode(Buffer.from(this.base64Accum, 'base64'), "utf16-be");
-
-    this.inBase64 = false;
-    this.base64Accum = '';
-    return res;
-}
-
-
-// UTF-7-IMAP codec.
-// RFC3501 Sec. 5.1.3 Modified UTF-7 (http://tools.ietf.org/html/rfc3501#section-5.1.3)
-// Differences:
-//  * Base64 part is started by "&" instead of "+"
-//  * Direct characters are 0x20-0x7E, except "&" (0x26)
-//  * In Base64, "," is used instead of "/"
-//  * Base64 must not be used to represent direct characters.
-//  * No implicit shift back from Base64 (should always end with '-')
-//  * String must end in non-shifted position.
-//  * "-&" while in base64 is not allowed.
-
-
-exports.utf7imap = Utf7IMAPCodec;
-function Utf7IMAPCodec(codecOptions, iconv) {
-    this.iconv = iconv;
-};
-
-Utf7IMAPCodec.prototype.encoder = Utf7IMAPEncoder;
-Utf7IMAPCodec.prototype.decoder = Utf7IMAPDecoder;
-Utf7IMAPCodec.prototype.bomAware = true;
-
-
-// -- Encoding
-
-function Utf7IMAPEncoder(options, codec) {
-    this.iconv = codec.iconv;
-    this.inBase64 = false;
-    this.base64Accum = Buffer.alloc(6);
-    this.base64AccumIdx = 0;
-}
-
-Utf7IMAPEncoder.prototype.write = function(str) {
-    var inBase64 = this.inBase64,
-        base64Accum = this.base64Accum,
-        base64AccumIdx = this.base64AccumIdx,
-        buf = Buffer.alloc(str.length*5 + 10), bufIdx = 0;
-
-    for (var i = 0; i < str.length; i++) {
-        var uChar = str.charCodeAt(i);
-        if (0x20 <= uChar && uChar <= 0x7E) { // Direct character or '&'.
-            if (inBase64) {
-                if (base64AccumIdx > 0) {
-                    bufIdx += buf.write(base64Accum.slice(0, base64AccumIdx).toString('base64').replace(/\//g, ',').replace(/=+$/, ''), bufIdx);
-                    base64AccumIdx = 0;
-                }
-
-                buf[bufIdx++] = minusChar; // Write '-', then go to direct mode.
-                inBase64 = false;
-            }
-
-            if (!inBase64) {
-                buf[bufIdx++] = uChar; // Write direct character
-
-                if (uChar === andChar)  // Ampersand -> '&-'
-                    buf[bufIdx++] = minusChar;
-            }
-
-        } else { // Non-direct character
-            if (!inBase64) {
-                buf[bufIdx++] = andChar; // Write '&', then go to base64 mode.
-                inBase64 = true;
-            }
-            if (inBase64) {
-                base64Accum[base64AccumIdx++] = uChar >> 8;
-                base64Accum[base64AccumIdx++] = uChar & 0xFF;
-
-                if (base64AccumIdx == base64Accum.length) {
-                    bufIdx += buf.write(base64Accum.toString('base64').replace(/\//g, ','), bufIdx);
-                    base64AccumIdx = 0;
-                }
-            }
-        }
-    }
-
-    this.inBase64 = inBase64;
-    this.base64AccumIdx = base64AccumIdx;
-
-    return buf.slice(0, bufIdx);
-}
-
-Utf7IMAPEncoder.prototype.end = function() {
-    var buf = Buffer.alloc(10), bufIdx = 0;
-    if (this.inBase64) {
-        if (this.base64AccumIdx > 0) {
-            bufIdx += buf.write(this.base64Accum.slice(0, this.base64AccumIdx).toString('base64').replace(/\//g, ',').replace(/=+$/, ''), bufIdx);
-            this.base64AccumIdx = 0;
-        }
-
-        buf[bufIdx++] = minusChar; // Write '-', then go to direct mode.
-        this.inBase64 = false;
-    }
-
-    return buf.slice(0, bufIdx);
-}
-
-
-// -- Decoding
-
-function Utf7IMAPDecoder(options, codec) {
-    this.iconv = codec.iconv;
-    this.inBase64 = false;
-    this.base64Accum = '';
-}
-
-var base64IMAPChars = base64Chars.slice();
-base64IMAPChars[','.charCodeAt(0)] = true;
-
-Utf7IMAPDecoder.prototype.write = function(buf) {
-    var res = "", lastI = 0,
-        inBase64 = this.inBase64,
-        base64Accum = this.base64Accum;
-
-    // The decoder is more involved as we must handle chunks in stream.
-    // It is forgiving, closer to standard UTF-7 (for example, '-' is optional at the end).
-
-    for (var i = 0; i < buf.length; i++) {
-        if (!inBase64) { // We're in direct mode.
-            // Write direct chars until '&'
-            if (buf[i] == andChar) {
-                res += this.iconv.decode(buf.slice(lastI, i), "ascii"); // Write direct chars.
-                lastI = i+1;
-                inBase64 = true;
-            }
-        } else { // We decode base64.
-            if (!base64IMAPChars[buf[i]]) { // Base64 ended.
-                if (i == lastI && buf[i] == minusChar) { // "&-" -> "&"
-                    res += "&";
-                } else {
-                    var b64str = base64Accum + buf.slice(lastI, i).toString().replace(/,/g, '/');
-                    res += this.iconv.decode(Buffer.from(b64str, 'base64'), "utf16-be");
-                }
-
-                if (buf[i] != minusChar) // Minus may be absorbed after base64.
-                    i--;
-
-                lastI = i+1;
-                inBase64 = false;
-                base64Accum = '';
-            }
-        }
-    }
-
-    if (!inBase64) {
-        res += this.iconv.decode(buf.slice(lastI), "ascii"); // Write direct chars.
-    } else {
-        var b64str = base64Accum + buf.slice(lastI).toString().replace(/,/g, '/');
-
-        var canBeDecoded = b64str.length - (b64str.length % 8); // Minimal chunk: 2 quads -> 2x3 bytes -> 3 chars.
-        base64Accum = b64str.slice(canBeDecoded); // The rest will be decoded in future.
-        b64str = b64str.slice(0, canBeDecoded);
-
-        res += this.iconv.decode(Buffer.from(b64str, 'base64'), "utf16-be");
-    }
-
-    this.inBase64 = inBase64;
-    this.base64Accum = base64Accum;
-
-    return res;
-}
-
-Utf7IMAPDecoder.prototype.end = function() {
-    var res = "";
-    if (this.inBase64 && this.base64Accum.length > 0)
-        res = this.iconv.decode(Buffer.from(this.base64Accum, 'base64'), "utf16-be");
-
-    this.inBase64 = false;
-    this.base64Accum = '';
-    return res;
-}
-
-
diff --git a/src/Servers/ExpressServer/node_modules/iconv-lite/lib/bom-handling.js b/src/Servers/ExpressServer/node_modules/iconv-lite/lib/bom-handling.js
deleted file mode 100644
index 1050872..0000000
--- a/src/Servers/ExpressServer/node_modules/iconv-lite/lib/bom-handling.js
+++ /dev/null
@@ -1,52 +0,0 @@
-"use strict";
-
-var BOMChar = '\uFEFF';
-
-exports.PrependBOM = PrependBOMWrapper
-function PrependBOMWrapper(encoder, options) {
-    this.encoder = encoder;
-    this.addBOM = true;
-}
-
-PrependBOMWrapper.prototype.write = function(str) {
-    if (this.addBOM) {
-        str = BOMChar + str;
-        this.addBOM = false;
-    }
-
-    return this.encoder.write(str);
-}
-
-PrependBOMWrapper.prototype.end = function() {
-    return this.encoder.end();
-}
-
-
-//------------------------------------------------------------------------------
-
-exports.StripBOM = StripBOMWrapper;
-function StripBOMWrapper(decoder, options) {
-    this.decoder = decoder;
-    this.pass = false;
-    this.options = options || {};
-}
-
-StripBOMWrapper.prototype.write = function(buf) {
-    var res = this.decoder.write(buf);
-    if (this.pass || !res)
-        return res;
-
-    if (res[0] === BOMChar) {
-        res = res.slice(1);
-        if (typeof this.options.stripBOM === 'function')
-            this.options.stripBOM();
-    }
-
-    this.pass = true;
-    return res;
-}
-
-StripBOMWrapper.prototype.end = function() {
-    return this.decoder.end();
-}
-
diff --git a/src/Servers/ExpressServer/node_modules/iconv-lite/lib/extend-node.js b/src/Servers/ExpressServer/node_modules/iconv-lite/lib/extend-node.js
deleted file mode 100644
index 87f5394..0000000
--- a/src/Servers/ExpressServer/node_modules/iconv-lite/lib/extend-node.js
+++ /dev/null
@@ -1,217 +0,0 @@
-"use strict";
-var Buffer = require("buffer").Buffer;
-// Note: not polyfilled with safer-buffer on a purpose, as overrides Buffer
-
-// == Extend Node primitives to use iconv-lite =================================
-
-module.exports = function (iconv) {
-    var original = undefined; // Place to keep original methods.
-
-    // Node authors rewrote Buffer internals to make it compatible with
-    // Uint8Array and we cannot patch key functions since then.
-    // Note: this does use older Buffer API on a purpose
-    iconv.supportsNodeEncodingsExtension = !(Buffer.from || new Buffer(0) instanceof Uint8Array);
-
-    iconv.extendNodeEncodings = function extendNodeEncodings() {
-        if (original) return;
-        original = {};
-
-        if (!iconv.supportsNodeEncodingsExtension) {
-            console.error("ACTION NEEDED: require('iconv-lite').extendNodeEncodings() is not supported in your version of Node");
-            console.error("See more info at https://github.com/ashtuchkin/iconv-lite/wiki/Node-v4-compatibility");
-            return;
-        }
-
-        var nodeNativeEncodings = {
-            'hex': true, 'utf8': true, 'utf-8': true, 'ascii': true, 'binary': true, 
-            'base64': true, 'ucs2': true, 'ucs-2': true, 'utf16le': true, 'utf-16le': true,
-        };
-
-        Buffer.isNativeEncoding = function(enc) {
-            return enc && nodeNativeEncodings[enc.toLowerCase()];
-        }
-
-        // -- SlowBuffer -----------------------------------------------------------
-        var SlowBuffer = require('buffer').SlowBuffer;
-
-        original.SlowBufferToString = SlowBuffer.prototype.toString;
-        SlowBuffer.prototype.toString = function(encoding, start, end) {
-            encoding = String(encoding || 'utf8').toLowerCase();
-
-            // Use native conversion when possible
-            if (Buffer.isNativeEncoding(encoding))
-                return original.SlowBufferToString.call(this, encoding, start, end);
-
-            // Otherwise, use our decoding method.
-            if (typeof start == 'undefined') start = 0;
-            if (typeof end == 'undefined') end = this.length;
-            return iconv.decode(this.slice(start, end), encoding);
-        }
-
-        original.SlowBufferWrite = SlowBuffer.prototype.write;
-        SlowBuffer.prototype.write = function(string, offset, length, encoding) {
-            // Support both (string, offset, length, encoding)
-            // and the legacy (string, encoding, offset, length)
-            if (isFinite(offset)) {
-                if (!isFinite(length)) {
-                    encoding = length;
-                    length = undefined;
-                }
-            } else {  // legacy
-                var swap = encoding;
-                encoding = offset;
-                offset = length;
-                length = swap;
-            }
-
-            offset = +offset || 0;
-            var remaining = this.length - offset;
-            if (!length) {
-                length = remaining;
-            } else {
-                length = +length;
-                if (length > remaining) {
-                    length = remaining;
-                }
-            }
-            encoding = String(encoding || 'utf8').toLowerCase();
-
-            // Use native conversion when possible
-            if (Buffer.isNativeEncoding(encoding))
-                return original.SlowBufferWrite.call(this, string, offset, length, encoding);
-
-            if (string.length > 0 && (length < 0 || offset < 0))
-                throw new RangeError('attempt to write beyond buffer bounds');
-
-            // Otherwise, use our encoding method.
-            var buf = iconv.encode(string, encoding);
-            if (buf.length < length) length = buf.length;
-            buf.copy(this, offset, 0, length);
-            return length;
-        }
-
-        // -- Buffer ---------------------------------------------------------------
-
-        original.BufferIsEncoding = Buffer.isEncoding;
-        Buffer.isEncoding = function(encoding) {
-            return Buffer.isNativeEncoding(encoding) || iconv.encodingExists(encoding);
-        }
-
-        original.BufferByteLength = Buffer.byteLength;
-        Buffer.byteLength = SlowBuffer.byteLength = function(str, encoding) {
-            encoding = String(encoding || 'utf8').toLowerCase();
-
-            // Use native conversion when possible
-            if (Buffer.isNativeEncoding(encoding))
-                return original.BufferByteLength.call(this, str, encoding);
-
-            // Slow, I know, but we don't have a better way yet.
-            return iconv.encode(str, encoding).length;
-        }
-
-        original.BufferToString = Buffer.prototype.toString;
-        Buffer.prototype.toString = function(encoding, start, end) {
-            encoding = String(encoding || 'utf8').toLowerCase();
-
-            // Use native conversion when possible
-            if (Buffer.isNativeEncoding(encoding))
-                return original.BufferToString.call(this, encoding, start, end);
-
-            // Otherwise, use our decoding method.
-            if (typeof start == 'undefined') start = 0;
-            if (typeof end == 'undefined') end = this.length;
-            return iconv.decode(this.slice(start, end), encoding);
-        }
-
-        original.BufferWrite = Buffer.prototype.write;
-        Buffer.prototype.write = function(string, offset, length, encoding) {
-            var _offset = offset, _length = length, _encoding = encoding;
-            // Support both (string, offset, length, encoding)
-            // and the legacy (string, encoding, offset, length)
-            if (isFinite(offset)) {
-                if (!isFinite(length)) {
-                    encoding = length;
-                    length = undefined;
-                }
-            } else {  // legacy
-                var swap = encoding;
-                encoding = offset;
-                offset = length;
-                length = swap;
-            }
-
-            encoding = String(encoding || 'utf8').toLowerCase();
-
-            // Use native conversion when possible
-            if (Buffer.isNativeEncoding(encoding))
-                return original.BufferWrite.call(this, string, _offset, _length, _encoding);
-
-            offset = +offset || 0;
-            var remaining = this.length - offset;
-            if (!length) {
-                length = remaining;
-            } else {
-                length = +length;
-                if (length > remaining) {
-                    length = remaining;
-                }
-            }
-
-            if (string.length > 0 && (length < 0 || offset < 0))
-                throw new RangeError('attempt to write beyond buffer bounds');
-
-            // Otherwise, use our encoding method.
-            var buf = iconv.encode(string, encoding);
-            if (buf.length < length) length = buf.length;
-            buf.copy(this, offset, 0, length);
-            return length;
-
-            // TODO: Set _charsWritten.
-        }
-
-
-        // -- Readable -------------------------------------------------------------
-        if (iconv.supportsStreams) {
-            var Readable = require('stream').Readable;
-
-            original.ReadableSetEncoding = Readable.prototype.setEncoding;
-            Readable.prototype.setEncoding = function setEncoding(enc, options) {
-                // Use our own decoder, it has the same interface.
-                // We cannot use original function as it doesn't handle BOM-s.
-                this._readableState.decoder = iconv.getDecoder(enc, options);
-                this._readableState.encoding = enc;
-            }
-
-            Readable.prototype.collect = iconv._collect;
-        }
-    }
-
-    // Remove iconv-lite Node primitive extensions.
-    iconv.undoExtendNodeEncodings = function undoExtendNodeEncodings() {
-        if (!iconv.supportsNodeEncodingsExtension)
-            return;
-        if (!original)
-            throw new Error("require('iconv-lite').undoExtendNodeEncodings(): Nothing to undo; extendNodeEncodings() is not called.")
-
-        delete Buffer.isNativeEncoding;
-
-        var SlowBuffer = require('buffer').SlowBuffer;
-
-        SlowBuffer.prototype.toString = original.SlowBufferToString;
-        SlowBuffer.prototype.write = original.SlowBufferWrite;
-
-        Buffer.isEncoding = original.BufferIsEncoding;
-        Buffer.byteLength = original.BufferByteLength;
-        Buffer.prototype.toString = original.BufferToString;
-        Buffer.prototype.write = original.BufferWrite;
-
-        if (iconv.supportsStreams) {
-            var Readable = require('stream').Readable;
-
-            Readable.prototype.setEncoding = original.ReadableSetEncoding;
-            delete Readable.prototype.collect;
-        }
-
-        original = undefined;
-    }
-}
diff --git a/src/Servers/ExpressServer/node_modules/iconv-lite/lib/index.d.ts b/src/Servers/ExpressServer/node_modules/iconv-lite/lib/index.d.ts
deleted file mode 100644
index 0547eb3..0000000
--- a/src/Servers/ExpressServer/node_modules/iconv-lite/lib/index.d.ts
+++ /dev/null
@@ -1,24 +0,0 @@
-/*---------------------------------------------------------------------------------------------
- *  Copyright (c) Microsoft Corporation. All rights reserved.
- *  Licensed under the MIT License.
- *  REQUIREMENT: This definition is dependent on the @types/node definition.
- *  Install with `npm install @types/node --save-dev`
- *--------------------------------------------------------------------------------------------*/
-
-declare module 'iconv-lite' {
-	export function decode(buffer: Buffer, encoding: string, options?: Options): string;
-
-	export function encode(content: string, encoding: string, options?: Options): Buffer;
-
-	export function encodingExists(encoding: string): boolean;
-
-	export function decodeStream(encoding: string, options?: Options): NodeJS.ReadWriteStream;
-
-	export function encodeStream(encoding: string, options?: Options): NodeJS.ReadWriteStream;
-}
-
-export interface Options {
-    stripBOM?: boolean;
-    addBOM?: boolean;
-    defaultEncoding?: string;
-}
diff --git a/src/Servers/ExpressServer/node_modules/iconv-lite/lib/index.js b/src/Servers/ExpressServer/node_modules/iconv-lite/lib/index.js
deleted file mode 100644
index 5391919..0000000
--- a/src/Servers/ExpressServer/node_modules/iconv-lite/lib/index.js
+++ /dev/null
@@ -1,153 +0,0 @@
-"use strict";
-
-// Some environments don't have global Buffer (e.g. React Native).
-// Solution would be installing npm modules "buffer" and "stream" explicitly.
-var Buffer = require("safer-buffer").Buffer;
-
-var bomHandling = require("./bom-handling"),
-    iconv = module.exports;
-
-// All codecs and aliases are kept here, keyed by encoding name/alias.
-// They are lazy loaded in `iconv.getCodec` from `encodings/index.js`.
-iconv.encodings = null;
-
-// Characters emitted in case of error.
-iconv.defaultCharUnicode = '�';
-iconv.defaultCharSingleByte = '?';
-
-// Public API.
-iconv.encode = function encode(str, encoding, options) {
-    str = "" + (str || ""); // Ensure string.
-
-    var encoder = iconv.getEncoder(encoding, options);
-
-    var res = encoder.write(str);
-    var trail = encoder.end();
-    
-    return (trail && trail.length > 0) ? Buffer.concat([res, trail]) : res;
-}
-
-iconv.decode = function decode(buf, encoding, options) {
-    if (typeof buf === 'string') {
-        if (!iconv.skipDecodeWarning) {
-            console.error('Iconv-lite warning: decode()-ing strings is deprecated. Refer to https://github.com/ashtuchkin/iconv-lite/wiki/Use-Buffers-when-decoding');
-            iconv.skipDecodeWarning = true;
-        }
-
-        buf = Buffer.from("" + (buf || ""), "binary"); // Ensure buffer.
-    }
-
-    var decoder = iconv.getDecoder(encoding, options);
-
-    var res = decoder.write(buf);
-    var trail = decoder.end();
-
-    return trail ? (res + trail) : res;
-}
-
-iconv.encodingExists = function encodingExists(enc) {
-    try {
-        iconv.getCodec(enc);
-        return true;
-    } catch (e) {
-        return false;
-    }
-}
-
-// Legacy aliases to convert functions
-iconv.toEncoding = iconv.encode;
-iconv.fromEncoding = iconv.decode;
-
-// Search for a codec in iconv.encodings. Cache codec data in iconv._codecDataCache.
-iconv._codecDataCache = {};
-iconv.getCodec = function getCodec(encoding) {
-    if (!iconv.encodings)
-        iconv.encodings = require("../encodings"); // Lazy load all encoding definitions.
-    
-    // Canonicalize encoding name: strip all non-alphanumeric chars and appended year.
-    var enc = iconv._canonicalizeEncoding(encoding);
-
-    // Traverse iconv.encodings to find actual codec.
-    var codecOptions = {};
-    while (true) {
-        var codec = iconv._codecDataCache[enc];
-        if (codec)
-            return codec;
-
-        var codecDef = iconv.encodings[enc];
-
-        switch (typeof codecDef) {
-            case "string": // Direct alias to other encoding.
-                enc = codecDef;
-                break;
-
-            case "object": // Alias with options. Can be layered.
-                for (var key in codecDef)
-                    codecOptions[key] = codecDef[key];
-
-                if (!codecOptions.encodingName)
-                    codecOptions.encodingName = enc;
-                
-                enc = codecDef.type;
-                break;
-
-            case "function": // Codec itself.
-                if (!codecOptions.encodingName)
-                    codecOptions.encodingName = enc;
-
-                // The codec function must load all tables and return object with .encoder and .decoder methods.
-                // It'll be called only once (for each different options object).
-                codec = new codecDef(codecOptions, iconv);
-
-                iconv._codecDataCache[codecOptions.encodingName] = codec; // Save it to be reused later.
-                return codec;
-
-            default:
-                throw new Error("Encoding not recognized: '" + encoding + "' (searched as: '"+enc+"')");
-        }
-    }
-}
-
-iconv._canonicalizeEncoding = function(encoding) {
-    // Canonicalize encoding name: strip all non-alphanumeric chars and appended year.
-    return (''+encoding).toLowerCase().replace(/:\d{4}$|[^0-9a-z]/g, "");
-}
-
-iconv.getEncoder = function getEncoder(encoding, options) {
-    var codec = iconv.getCodec(encoding),
-        encoder = new codec.encoder(options, codec);
-
-    if (codec.bomAware && options && options.addBOM)
-        encoder = new bomHandling.PrependBOM(encoder, options);
-
-    return encoder;
-}
-
-iconv.getDecoder = function getDecoder(encoding, options) {
-    var codec = iconv.getCodec(encoding),
-        decoder = new codec.decoder(options, codec);
-
-    if (codec.bomAware && !(options && options.stripBOM === false))
-        decoder = new bomHandling.StripBOM(decoder, options);
-
-    return decoder;
-}
-
-
-// Load extensions in Node. All of them are omitted in Browserify build via 'browser' field in package.json.
-var nodeVer = typeof process !== 'undefined' && process.versions && process.versions.node;
-if (nodeVer) {
-
-    // Load streaming support in Node v0.10+
-    var nodeVerArr = nodeVer.split(".").map(Number);
-    if (nodeVerArr[0] > 0 || nodeVerArr[1] >= 10) {
-        require("./streams")(iconv);
-    }
-
-    // Load Node primitive extensions.
-    require("./extend-node")(iconv);
-}
-
-if ("Ā" != "\u0100") {
-    console.error("iconv-lite warning: javascript files use encoding different from utf-8. See https://github.com/ashtuchkin/iconv-lite/wiki/Javascript-source-file-encodings for more info.");
-}
diff --git a/src/Servers/ExpressServer/node_modules/iconv-lite/lib/streams.js b/src/Servers/ExpressServer/node_modules/iconv-lite/lib/streams.js
deleted file mode 100644
index 4409552..0000000
--- a/src/Servers/ExpressServer/node_modules/iconv-lite/lib/streams.js
+++ /dev/null
@@ -1,121 +0,0 @@
-"use strict";
-
-var Buffer = require("buffer").Buffer,
-    Transform = require("stream").Transform;
-
-
-// == Exports ==================================================================
-module.exports = function(iconv) {
-    
-    // Additional Public API.
-    iconv.encodeStream = function encodeStream(encoding, options) {
-        return new IconvLiteEncoderStream(iconv.getEncoder(encoding, options), options);
-    }
-
-    iconv.decodeStream = function decodeStream(encoding, options) {
-        return new IconvLiteDecoderStream(iconv.getDecoder(encoding, options), options);
-    }
-
-    iconv.supportsStreams = true;
-
-
-    // Not published yet.
-    iconv.IconvLiteEncoderStream = IconvLiteEncoderStream;
-    iconv.IconvLiteDecoderStream = IconvLiteDecoderStream;
-    iconv._collect = IconvLiteDecoderStream.prototype.collect;
-};
-
-
-// == Encoder stream =======================================================
-function IconvLiteEncoderStream(conv, options) {
-    this.conv = conv;
-    options = options || {};
-    options.decodeStrings = false; // We accept only strings, so we don't need to decode them.
-    Transform.call(this, options);
-}
-
-IconvLiteEncoderStream.prototype = Object.create(Transform.prototype, {
-    constructor: { value: IconvLiteEncoderStream }
-});
-
-IconvLiteEncoderStream.prototype._transform = function(chunk, encoding, done) {
-    if (typeof chunk != 'string')
-        return done(new Error("Iconv encoding stream needs strings as its input."));
-    try {
-        var res = this.conv.write(chunk);
-        if (res && res.length) this.push(res);
-        done();
-    }
-    catch (e) {
-        done(e);
-    }
-}
-
-IconvLiteEncoderStream.prototype._flush = function(done) {
-    try {
-        var res = this.conv.end();
-        if (res && res.length) this.push(res);
-        done();
-    }
-    catch (e) {
-        done(e);
-    }
-}
-
-IconvLiteEncoderStream.prototype.collect = function(cb) {
-    var chunks = [];
-    this.on('error', cb);
-    this.on('data', function(chunk) { chunks.push(chunk); });
-    this.on('end', function() {
-        cb(null, Buffer.concat(chunks));
-    });
-    return this;
-}
-
-
-// == Decoder stream =======================================================
-function IconvLiteDecoderStream(conv, options) {
-    this.conv = conv;
-    options = options || {};
-    options.encoding = this.encoding = 'utf8'; // We output strings.
-    Transform.call(this, options);
-}
-
-IconvLiteDecoderStream.prototype = Object.create(Transform.prototype, {
-    constructor: { value: IconvLiteDecoderStream }
-});
-
-IconvLiteDecoderStream.prototype._transform = function(chunk, encoding, done) {
-    if (!Buffer.isBuffer(chunk))
-        return done(new Error("Iconv decoding stream needs buffers as its input."));
-    try {
-        var res = this.conv.write(chunk);
-        if (res && res.length) this.push(res, this.encoding);
-        done();
-    }
-    catch (e) {
-        done(e);
-    }
-}
-
-IconvLiteDecoderStream.prototype._flush = function(done) {
-    try {
-        var res = this.conv.end();
-        if (res && res.length) this.push(res, this.encoding);                
-        done();
-    }
-    catch (e) {
-        done(e);
-    }
-}
-
-IconvLiteDecoderStream.prototype.collect = function(cb) {
-    var res = '';
-    this.on('error', cb);
-    this.on('data', function(chunk) { res += chunk; });
-    this.on('end', function() {
-        cb(null, res);
-    });
-    return this;
-}
-
diff --git a/src/Servers/ExpressServer/node_modules/iconv-lite/package.json b/src/Servers/ExpressServer/node_modules/iconv-lite/package.json
deleted file mode 100644
index a7c74fc..0000000
--- a/src/Servers/ExpressServer/node_modules/iconv-lite/package.json
+++ /dev/null
@@ -1,46 +0,0 @@
-{
-    "name": "iconv-lite",
-    "description": "Convert character encodings in pure javascript.",
-    "version": "0.4.24",
-    "license": "MIT",
-    "keywords": [
-        "iconv",
-        "convert",
-        "charset",
-        "icu"
-    ],
-    "author": "Alexander Shtuchkin <ashtuchkin@gmail.com>",
-    "main": "./lib/index.js",
-    "typings": "./lib/index.d.ts",
-    "homepage": "https://github.com/ashtuchkin/iconv-lite",
-    "bugs": "https://github.com/ashtuchkin/iconv-lite/issues",
-    "repository": {
-        "type": "git",
-        "url": "git://github.com/ashtuchkin/iconv-lite.git"
-    },
-    "engines": {
-        "node": ">=0.10.0"
-    },
-    "scripts": {
-        "coverage": "istanbul cover _mocha -- --grep .",
-        "coverage-open": "open coverage/lcov-report/index.html",
-        "test": "mocha --reporter spec --grep ."
-    },
-    "browser": {
-        "./lib/extend-node": false,
-        "./lib/streams": false
-    },
-    "devDependencies": {
-        "mocha": "^3.1.0",
-        "request": "~2.87.0",
-        "unorm": "*",
-        "errto": "*",
-        "async": "*",
-        "istanbul": "*",
-        "semver": "*",
-        "iconv": "*"
-    },
-    "dependencies": {
-        "safer-buffer": ">= 2.1.2 < 3"
-    }
-}
diff --git a/src/Servers/ExpressServer/node_modules/inherits/LICENSE b/src/Servers/ExpressServer/node_modules/inherits/LICENSE
deleted file mode 100644
index dea3013..0000000
--- a/src/Servers/ExpressServer/node_modules/inherits/LICENSE
+++ /dev/null
@@ -1,16 +0,0 @@
-The ISC License
-
-Copyright (c) Isaac Z. Schlueter
-
-Permission to use, copy, modify, and/or distribute this software for any
-purpose with or without fee is hereby granted, provided that the above
-copyright notice and this permission notice appear in all copies.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
-REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
-FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
-INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
-OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-PERFORMANCE OF THIS SOFTWARE.
-
diff --git a/src/Servers/ExpressServer/node_modules/inherits/README.md b/src/Servers/ExpressServer/node_modules/inherits/README.md
deleted file mode 100644
index b1c5665..0000000
--- a/src/Servers/ExpressServer/node_modules/inherits/README.md
+++ /dev/null
@@ -1,42 +0,0 @@
-Browser-friendly inheritance fully compatible with standard node.js
-[inherits](http://nodejs.org/api/util.html#util_util_inherits_constructor_superconstructor).
-
-This package exports standard `inherits` from node.js `util` module in
-node environment, but also provides alternative browser-friendly
-implementation through [browser
-field](https://gist.github.com/shtylman/4339901). Alternative
-implementation is a literal copy of standard one located in standalone
-module to avoid requiring of `util`. It also has a shim for old
-browsers with no `Object.create` support.
-
-While keeping you sure you are using standard `inherits`
-implementation in node.js environment, it allows bundlers such as
-[browserify](https://github.com/substack/node-browserify) to not
-include full `util` package to your client code if all you need is
-just `inherits` function. It worth, because browser shim for `util`
-package is large and `inherits` is often the single function you need
-from it.
-
-It's recommended to use this package instead of
-`require('util').inherits` for any code that has chances to be used
-not only in node.js but in browser too.
-
-## usage
-
-```js
-var inherits = require('inherits');
-// then use exactly as the standard one
-```
-
-## note on version ~1.0
-
-Version ~1.0 had completely different motivation and is not compatible
-neither with 2.0 nor with standard node.js `inherits`.
-
-If you are using version ~1.0 and planning to switch to ~2.0, be
-careful:
-
-* new version uses `super_` instead of `super` for referencing
-  superclass
-* new version overwrites current prototype while old one preserves any
-  existing fields on it
diff --git a/src/Servers/ExpressServer/node_modules/inherits/inherits.js b/src/Servers/ExpressServer/node_modules/inherits/inherits.js
deleted file mode 100644
index f71f2d9..0000000
--- a/src/Servers/ExpressServer/node_modules/inherits/inherits.js
+++ /dev/null
@@ -1,9 +0,0 @@
-try {
-  var util = require('util');
-  /* istanbul ignore next */
-  if (typeof util.inherits !== 'function') throw '';
-  module.exports = util.inherits;
-} catch (e) {
-  /* istanbul ignore next */
-  module.exports = require('./inherits_browser.js');
-}
diff --git a/src/Servers/ExpressServer/node_modules/inherits/inherits_browser.js b/src/Servers/ExpressServer/node_modules/inherits/inherits_browser.js
deleted file mode 100644
index 86bbb3d..0000000
--- a/src/Servers/ExpressServer/node_modules/inherits/inherits_browser.js
+++ /dev/null
@@ -1,27 +0,0 @@
-if (typeof Object.create === 'function') {
-  // implementation from standard node.js 'util' module
-  module.exports = function inherits(ctor, superCtor) {
-    if (superCtor) {
-      ctor.super_ = superCtor
-      ctor.prototype = Object.create(superCtor.prototype, {
-        constructor: {
-          value: ctor,
-          enumerable: false,
-          writable: true,
-          configurable: true
-        }
-      })
-    }
-  };
-} else {
-  // old school shim for old browsers
-  module.exports = function inherits(ctor, superCtor) {
-    if (superCtor) {
-      ctor.super_ = superCtor
-      var TempCtor = function () {}
-      TempCtor.prototype = superCtor.prototype
-      ctor.prototype = new TempCtor()
-      ctor.prototype.constructor = ctor
-    }
-  }
-}
diff --git a/src/Servers/ExpressServer/node_modules/inherits/package.json b/src/Servers/ExpressServer/node_modules/inherits/package.json
deleted file mode 100644
index 37b4366..0000000
--- a/src/Servers/ExpressServer/node_modules/inherits/package.json
+++ /dev/null
@@ -1,29 +0,0 @@
-{
-  "name": "inherits",
-  "description": "Browser-friendly inheritance fully compatible with standard node.js inherits()",
-  "version": "2.0.4",
-  "keywords": [
-    "inheritance",
-    "class",
-    "klass",
-    "oop",
-    "object-oriented",
-    "inherits",
-    "browser",
-    "browserify"
-  ],
-  "main": "./inherits.js",
-  "browser": "./inherits_browser.js",
-  "repository": "git://github.com/isaacs/inherits",
-  "license": "ISC",
-  "scripts": {
-    "test": "tap"
-  },
-  "devDependencies": {
-    "tap": "^14.2.4"
-  },
-  "files": [
-    "inherits.js",
-    "inherits_browser.js"
-  ]
-}
diff --git a/src/Servers/ExpressServer/node_modules/ipaddr.js/LICENSE b/src/Servers/ExpressServer/node_modules/ipaddr.js/LICENSE
deleted file mode 100644
index f6b37b5..0000000
--- a/src/Servers/ExpressServer/node_modules/ipaddr.js/LICENSE
+++ /dev/null
@@ -1,19 +0,0 @@
-Copyright (C) 2011-2017 whitequark <whitequark@whitequark.org>
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/ipaddr.js/README.md b/src/Servers/ExpressServer/node_modules/ipaddr.js/README.md
deleted file mode 100644
index f57725b..0000000
--- a/src/Servers/ExpressServer/node_modules/ipaddr.js/README.md
+++ /dev/null
@@ -1,233 +0,0 @@
-# ipaddr.js — an IPv6 and IPv4 address manipulation library [![Build Status](https://travis-ci.org/whitequark/ipaddr.js.svg)](https://travis-ci.org/whitequark/ipaddr.js)
-
-ipaddr.js is a small (1.9K minified and gzipped) library for manipulating
-IP addresses in JavaScript environments. It runs on both CommonJS runtimes
-(e.g. [nodejs]) and in a web browser.
-
-ipaddr.js allows you to verify and parse string representation of an IP
-address, match it against a CIDR range or range list, determine if it falls
-into some reserved ranges (examples include loopback and private ranges),
-and convert between IPv4 and IPv4-mapped IPv6 addresses.
-
-[nodejs]: http://nodejs.org
-
-## Installation
-
-`npm install ipaddr.js`
-
-or
-
-`bower install ipaddr.js`
-
-## API
-
-ipaddr.js defines one object in the global scope: `ipaddr`. In CommonJS,
-it is exported from the module:
-
-```js
-var ipaddr = require('ipaddr.js');
-```
-
-The API consists of several global methods and two classes: ipaddr.IPv6 and ipaddr.IPv4.
-
-### Global methods
-
-There are three global methods defined: `ipaddr.isValid`, `ipaddr.parse` and
-`ipaddr.process`. All of them receive a string as a single parameter.
-
-The `ipaddr.isValid` method returns `true` if the address is a valid IPv4 or
-IPv6 address, and `false` otherwise. It does not throw any exceptions.
-
-The `ipaddr.parse` method returns an object representing the IP address,
-or throws an `Error` if the passed string is not a valid representation of an
-IP address.
-
-The `ipaddr.process` method works just like the `ipaddr.parse` one, but it
-automatically converts IPv4-mapped IPv6 addresses to their IPv4 counterparts
-before returning. It is useful when you have a Node.js instance listening
-on an IPv6 socket, and the `net.ivp6.bindv6only` sysctl parameter (or its
-equivalent on non-Linux OS) is set to 0. In this case, you can accept IPv4
-connections on your IPv6-only socket, but the remote address will be mangled.
-Use `ipaddr.process` method to automatically demangle it.
-
-### Object representation
-
-Parsing methods return an object which descends from `ipaddr.IPv6` or
-`ipaddr.IPv4`. These objects share some properties, but most of them differ.
-
-#### Shared properties
-
-One can determine the type of address by calling `addr.kind()`. It will return
-either `"ipv6"` or `"ipv4"`.
-
-An address can be converted back to its string representation with `addr.toString()`.
-Note that this method:
- * does not return the original string used to create the object (in fact, there is
-   no way of getting that string)
- * returns a compact representation (when it is applicable)
-
-A `match(range, bits)` method can be used to check if the address falls into a
-certain CIDR range.
-Note that an address can be (obviously) matched only against an address of the same type.
-
-For example:
-
-```js
-var addr = ipaddr.parse("2001:db8:1234::1");
-var range = ipaddr.parse("2001:db8::");
-
-addr.match(range, 32); // => true
-```
-
-Alternatively, `match` can also be called as `match([range, bits])`. In this way,
-it can be used together with the `parseCIDR(string)` method, which parses an IP
-address together with a CIDR range.
-
-For example:
-
-```js
-var addr = ipaddr.parse("2001:db8:1234::1");
-
-addr.match(ipaddr.parseCIDR("2001:db8::/32")); // => true
-```
-
-A `range()` method returns one of predefined names for several special ranges defined
-by IP protocols. The exact names (and their respective CIDR ranges) can be looked up
-in the source: [IPv6 ranges] and [IPv4 ranges]. Some common ones include `"unicast"`
-(the default one) and `"reserved"`.
-
-You can match against your own range list by using
-`ipaddr.subnetMatch(address, rangeList, defaultName)` method. It can work with a mix of IPv6 or IPv4 addresses, and accepts a name-to-subnet map as the range list. For example:
-
-```js
-var rangeList = {
-  documentationOnly: [ ipaddr.parse('2001:db8::'), 32 ],
-  tunnelProviders: [
-    [ ipaddr.parse('2001:470::'), 32 ], // he.net
-    [ ipaddr.parse('2001:5c0::'), 32 ]  // freenet6
-  ]
-};
-ipaddr.subnetMatch(ipaddr.parse('2001:470:8:66::1'), rangeList, 'unknown'); // => "tunnelProviders"
-```
-
-The addresses can be converted to their byte representation with `toByteArray()`.
-(Actually, JavaScript mostly does not know about byte buffers. They are emulated with
-arrays of numbers, each in range of 0..255.)
-
-```js
-var bytes = ipaddr.parse('2a00:1450:8007::68').toByteArray(); // ipv6.google.com
-bytes // => [42, 0x00, 0x14, 0x50, 0x80, 0x07, 0x00, <zeroes...>, 0x00, 0x68 ]
-```
-
-The `ipaddr.IPv4` and `ipaddr.IPv6` objects have some methods defined, too. All of them
-have the same interface for both protocols, and are similar to global methods.
-
-`ipaddr.IPvX.isValid(string)` can be used to check if the string is a valid address
-for particular protocol, and `ipaddr.IPvX.parse(string)` is the error-throwing parser.
-
-`ipaddr.IPvX.isValid(string)` uses the same format for parsing as the POSIX `inet_ntoa` function, which accepts unusual formats like `0xc0.168.1.1` or `0x10000000`. The function `ipaddr.IPv4.isValidFourPartDecimal(string)` validates the IPv4 address and also ensures that it is written in four-part decimal format.
-
-[IPv6 ranges]: https://github.com/whitequark/ipaddr.js/blob/master/src/ipaddr.coffee#L186
-[IPv4 ranges]: https://github.com/whitequark/ipaddr.js/blob/master/src/ipaddr.coffee#L71
-
-#### IPv6 properties
-
-Sometimes you will want to convert IPv6 not to a compact string representation (with
-the `::` substitution); the `toNormalizedString()` method will return an address where
-all zeroes are explicit.
-
-For example:
-
-```js
-var addr = ipaddr.parse("2001:0db8::0001");
-addr.toString(); // => "2001:db8::1"
-addr.toNormalizedString(); // => "2001:db8:0:0:0:0:0:1"
-```
-
-The `isIPv4MappedAddress()` method will return `true` if this address is an IPv4-mapped
-one, and `toIPv4Address()` will return an IPv4 object address.
-
-To access the underlying binary representation of the address, use `addr.parts`.
-
-```js
-var addr = ipaddr.parse("2001:db8:10::1234:DEAD");
-addr.parts // => [0x2001, 0xdb8, 0x10, 0, 0, 0, 0x1234, 0xdead]
-```
-
-A IPv6 zone index can be accessed via `addr.zoneId`:
-
-```js
-var addr = ipaddr.parse("2001:db8::%eth0");
-addr.zoneId // => 'eth0'
-```
-
-#### IPv4 properties
-
-`toIPv4MappedAddress()` will return a corresponding IPv4-mapped IPv6 address.
-
-To access the underlying representation of the address, use `addr.octets`.
-
-```js
-var addr = ipaddr.parse("192.168.1.1");
-addr.octets // => [192, 168, 1, 1]
-```
-
-`prefixLengthFromSubnetMask()` will return a CIDR prefix length for a valid IPv4 netmask or
-null if the netmask is not valid.
-
-```js
-ipaddr.IPv4.parse('255.255.255.240').prefixLengthFromSubnetMask() == 28
-ipaddr.IPv4.parse('255.192.164.0').prefixLengthFromSubnetMask()  == null
-```
-
-`subnetMaskFromPrefixLength()` will return an IPv4 netmask for a valid CIDR prefix length.
-
-```js
-ipaddr.IPv4.subnetMaskFromPrefixLength(24) == "255.255.255.0"
-ipaddr.IPv4.subnetMaskFromPrefixLength(29) == "255.255.255.248"
-```
-
-`broadcastAddressFromCIDR()` will return the broadcast address for a given IPv4 interface and netmask in CIDR notation.
-```js
-ipaddr.IPv4.broadcastAddressFromCIDR("172.0.0.1/24") == "172.0.0.255"
-```
-`networkAddressFromCIDR()` will return the network address for a given IPv4 interface and netmask in CIDR notation.
-```js
-ipaddr.IPv4.networkAddressFromCIDR("172.0.0.1/24") == "172.0.0.0"
-```
-
-#### Conversion
-
-IPv4 and IPv6 can be converted bidirectionally to and from network byte order (MSB) byte arrays.
-
-The `fromByteArray()` method will take an array and create an appropriate IPv4 or IPv6 object
-if the input satisfies the requirements. For IPv4 it has to be an array of four 8-bit values,
-while for IPv6 it has to be an array of sixteen 8-bit values.
-
-For example:
-```js
-var addr = ipaddr.fromByteArray([0x7f, 0, 0, 1]);
-addr.toString(); // => "127.0.0.1"
-```
-
-or
-
-```js
-var addr = ipaddr.fromByteArray([0x20, 1, 0xd, 0xb8, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1])
-addr.toString(); // => "2001:db8::1"
-```
-
-Both objects also offer a `toByteArray()` method, which returns an array in network byte order (MSB).
-
-For example:
-```js
-var addr = ipaddr.parse("127.0.0.1");
-addr.toByteArray(); // => [0x7f, 0, 0, 1]
-```
-
-or
-
-```js
-var addr = ipaddr.parse("2001:db8::1");
-addr.toByteArray(); // => [0x20, 1, 0xd, 0xb8, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1]
-```
diff --git a/src/Servers/ExpressServer/node_modules/ipaddr.js/ipaddr.min.js b/src/Servers/ExpressServer/node_modules/ipaddr.js/ipaddr.min.js
deleted file mode 100644
index b54a7cc..0000000
--- a/src/Servers/ExpressServer/node_modules/ipaddr.js/ipaddr.min.js
+++ /dev/null
@@ -1 +0,0 @@
-(function(){var r,t,n,e,i,o,a,s;t={},s=this,"undefined"!=typeof module&&null!==module&&module.exports?module.exports=t:s.ipaddr=t,a=function(r,t,n,e){var i,o;if(r.length!==t.length)throw new Error("ipaddr: cannot match CIDR for objects with different lengths");for(i=0;e>0;){if((o=n-e)<0&&(o=0),r[i]>>o!=t[i]>>o)return!1;e-=n,i+=1}return!0},t.subnetMatch=function(r,t,n){var e,i,o,a,s;null==n&&(n="unicast");for(o in t)for(!(a=t[o])[0]||a[0]instanceof Array||(a=[a]),e=0,i=a.length;e<i;e++)if(s=a[e],r.kind()===s[0].kind()&&r.match.apply(r,s))return o;return n},t.IPv4=function(){function r(r){var t,n,e;if(4!==r.length)throw new Error("ipaddr: ipv4 octet count should be 4");for(t=0,n=r.length;t<n;t++)if(!(0<=(e=r[t])&&e<=255))throw new Error("ipaddr: ipv4 octet should fit in 8 bits");this.octets=r}return r.prototype.kind=function(){return"ipv4"},r.prototype.toString=function(){return this.octets.join(".")},r.prototype.toNormalizedString=function(){return this.toString()},r.prototype.toByteArray=function(){return this.octets.slice(0)},r.prototype.match=function(r,t){var n;if(void 0===t&&(r=(n=r)[0],t=n[1]),"ipv4"!==r.kind())throw new Error("ipaddr: cannot match ipv4 address with non-ipv4 one");return a(this.octets,r.octets,8,t)},r.prototype.SpecialRanges={unspecified:[[new r([0,0,0,0]),8]],broadcast:[[new r([255,255,255,255]),32]],multicast:[[new r([224,0,0,0]),4]],linkLocal:[[new r([169,254,0,0]),16]],loopback:[[new r([127,0,0,0]),8]],carrierGradeNat:[[new r([100,64,0,0]),10]],private:[[new r([10,0,0,0]),8],[new r([172,16,0,0]),12],[new r([192,168,0,0]),16]],reserved:[[new r([192,0,0,0]),24],[new r([192,0,2,0]),24],[new r([192,88,99,0]),24],[new r([198,51,100,0]),24],[new r([203,0,113,0]),24],[new r([240,0,0,0]),4]]},r.prototype.range=function(){return t.subnetMatch(this,this.SpecialRanges)},r.prototype.toIPv4MappedAddress=function(){return t.IPv6.parse("::ffff:"+this.toString())},r.prototype.prefixLengthFromSubnetMask=function(){var r,t,n,e,i,o,a;for(a={0:8,128:7,192:6,224:5,240:4,248:3,252:2,254:1,255:0},r=0,i=!1,t=n=3;n>=0;t=n+=-1){if(!((e=this.octets[t])in a))return null;if(o=a[e],i&&0!==o)return null;8!==o&&(i=!0),r+=o}return 32-r},r}(),n="(0?\\d+|0x[a-f0-9]+)",e={fourOctet:new RegExp("^"+n+"\\."+n+"\\."+n+"\\."+n+"$","i"),longValue:new RegExp("^"+n+"$","i")},t.IPv4.parser=function(r){var t,n,i,o,a;if(n=function(r){return"0"===r[0]&&"x"!==r[1]?parseInt(r,8):parseInt(r)},t=r.match(e.fourOctet))return function(){var r,e,o,a;for(a=[],r=0,e=(o=t.slice(1,6)).length;r<e;r++)i=o[r],a.push(n(i));return a}();if(t=r.match(e.longValue)){if((a=n(t[1]))>4294967295||a<0)throw new Error("ipaddr: address outside defined range");return function(){var r,t;for(t=[],o=r=0;r<=24;o=r+=8)t.push(a>>o&255);return t}().reverse()}return null},t.IPv6=function(){function r(r,t){var n,e,i,o,a,s;if(16===r.length)for(this.parts=[],n=e=0;e<=14;n=e+=2)this.parts.push(r[n]<<8|r[n+1]);else{if(8!==r.length)throw new Error("ipaddr: ipv6 part count should be 8 or 16");this.parts=r}for(i=0,o=(s=this.parts).length;i<o;i++)if(!(0<=(a=s[i])&&a<=65535))throw new Error("ipaddr: ipv6 part should fit in 16 bits");t&&(this.zoneId=t)}return r.prototype.kind=function(){return"ipv6"},r.prototype.toString=function(){return this.toNormalizedString().replace(/((^|:)(0(:|$))+)/,"::")},r.prototype.toRFC5952String=function(){var r,t,n,e,i;for(e=/((^|:)(0(:|$)){2,})/g,i=this.toNormalizedString(),r=0,t=-1;n=e.exec(i);)n[0].length>t&&(r=n.index,t=n[0].length);return t<0?i:i.substring(0,r)+"::"+i.substring(r+t)},r.prototype.toByteArray=function(){var r,t,n,e,i;for(r=[],t=0,n=(i=this.parts).length;t<n;t++)e=i[t],r.push(e>>8),r.push(255&e);return r},r.prototype.toNormalizedString=function(){var r,t,n;return r=function(){var r,n,e,i;for(i=[],r=0,n=(e=this.parts).length;r<n;r++)t=e[r],i.push(t.toString(16));return i}.call(this).join(":"),n="",this.zoneId&&(n="%"+this.zoneId),r+n},r.prototype.toFixedLengthString=function(){var r,t,n;return r=function(){var r,n,e,i;for(i=[],r=0,n=(e=this.parts).length;r<n;r++)t=e[r],i.push(t.toString(16).padStart(4,"0"));return i}.call(this).join(":"),n="",this.zoneId&&(n="%"+this.zoneId),r+n},r.prototype.match=function(r,t){var n;if(void 0===t&&(r=(n=r)[0],t=n[1]),"ipv6"!==r.kind())throw new Error("ipaddr: cannot match ipv6 address with non-ipv6 one");return a(this.parts,r.parts,16,t)},r.prototype.SpecialRanges={unspecified:[new r([0,0,0,0,0,0,0,0]),128],linkLocal:[new r([65152,0,0,0,0,0,0,0]),10],multicast:[new r([65280,0,0,0,0,0,0,0]),8],loopback:[new r([0,0,0,0,0,0,0,1]),128],uniqueLocal:[new r([64512,0,0,0,0,0,0,0]),7],ipv4Mapped:[new r([0,0,0,0,0,65535,0,0]),96],rfc6145:[new r([0,0,0,0,65535,0,0,0]),96],rfc6052:[new r([100,65435,0,0,0,0,0,0]),96],"6to4":[new r([8194,0,0,0,0,0,0,0]),16],teredo:[new r([8193,0,0,0,0,0,0,0]),32],reserved:[[new r([8193,3512,0,0,0,0,0,0]),32]]},r.prototype.range=function(){return t.subnetMatch(this,this.SpecialRanges)},r.prototype.isIPv4MappedAddress=function(){return"ipv4Mapped"===this.range()},r.prototype.toIPv4Address=function(){var r,n,e;if(!this.isIPv4MappedAddress())throw new Error("ipaddr: trying to convert a generic ipv6 address to ipv4");return e=this.parts.slice(-2),r=e[0],n=e[1],new t.IPv4([r>>8,255&r,n>>8,255&n])},r.prototype.prefixLengthFromSubnetMask=function(){var r,t,n,e,i,o,a;for(a={0:16,32768:15,49152:14,57344:13,61440:12,63488:11,64512:10,65024:9,65280:8,65408:7,65472:6,65504:5,65520:4,65528:3,65532:2,65534:1,65535:0},r=0,i=!1,t=n=7;n>=0;t=n+=-1){if(!((e=this.parts[t])in a))return null;if(o=a[e],i&&0!==o)return null;16!==o&&(i=!0),r+=o}return 128-r},r}(),i="(?:[0-9a-f]+::?)+",o={zoneIndex:new RegExp("%[0-9a-z]{1,}","i"),native:new RegExp("^(::)?("+i+")?([0-9a-f]+)?(::)?(%[0-9a-z]{1,})?$","i"),transitional:new RegExp("^((?:"+i+")|(?:::)(?:"+i+")?)"+n+"\\."+n+"\\."+n+"\\."+n+"(%[0-9a-z]{1,})?$","i")},r=function(r,t){var n,e,i,a,s,p;if(r.indexOf("::")!==r.lastIndexOf("::"))return null;for((p=(r.match(o.zoneIndex)||[])[0])&&(p=p.substring(1),r=r.replace(/%.+$/,"")),n=0,e=-1;(e=r.indexOf(":",e+1))>=0;)n++;if("::"===r.substr(0,2)&&n--,"::"===r.substr(-2,2)&&n--,n>t)return null;for(s=t-n,a=":";s--;)a+="0:";return":"===(r=r.replace("::",a))[0]&&(r=r.slice(1)),":"===r[r.length-1]&&(r=r.slice(0,-1)),t=function(){var t,n,e,o;for(o=[],t=0,n=(e=r.split(":")).length;t<n;t++)i=e[t],o.push(parseInt(i,16));return o}(),{parts:t,zoneId:p}},t.IPv6.parser=function(t){var n,e,i,a,s,p,u;if(o.native.test(t))return r(t,8);if((a=t.match(o.transitional))&&(u=a[6]||"",(n=r(a[1].slice(0,-1)+u,6)).parts)){for(e=0,i=(p=[parseInt(a[2]),parseInt(a[3]),parseInt(a[4]),parseInt(a[5])]).length;e<i;e++)if(!(0<=(s=p[e])&&s<=255))return null;return n.parts.push(p[0]<<8|p[1]),n.parts.push(p[2]<<8|p[3]),{parts:n.parts,zoneId:n.zoneId}}return null},t.IPv4.isIPv4=t.IPv6.isIPv6=function(r){return null!==this.parser(r)},t.IPv4.isValid=function(r){try{return new this(this.parser(r)),!0}catch(r){return r,!1}},t.IPv4.isValidFourPartDecimal=function(r){return!(!t.IPv4.isValid(r)||!r.match(/^(0|[1-9]\d*)(\.(0|[1-9]\d*)){3}$/))},t.IPv6.isValid=function(r){var t;if("string"==typeof r&&-1===r.indexOf(":"))return!1;try{return t=this.parser(r),new this(t.parts,t.zoneId),!0}catch(r){return r,!1}},t.IPv4.parse=function(r){var t;if(null===(t=this.parser(r)))throw new Error("ipaddr: string is not formatted like ip address");return new this(t)},t.IPv6.parse=function(r){var t;if(null===(t=this.parser(r)).parts)throw new Error("ipaddr: string is not formatted like ip address");return new this(t.parts,t.zoneId)},t.IPv4.parseCIDR=function(r){var t,n,e;if((n=r.match(/^(.+)\/(\d+)$/))&&(t=parseInt(n[2]))>=0&&t<=32)return e=[this.parse(n[1]),t],Object.defineProperty(e,"toString",{value:function(){return this.join("/")}}),e;throw new Error("ipaddr: string is not formatted like an IPv4 CIDR range")},t.IPv4.subnetMaskFromPrefixLength=function(r){var t,n,e;if((r=parseInt(r))<0||r>32)throw new Error("ipaddr: invalid IPv4 prefix length");for(e=[0,0,0,0],n=0,t=Math.floor(r/8);n<t;)e[n]=255,n++;return t<4&&(e[t]=Math.pow(2,r%8)-1<<8-r%8),new this(e)},t.IPv4.broadcastAddressFromCIDR=function(r){var t,n,e,i,o;try{for(e=(t=this.parseCIDR(r))[0].toByteArray(),o=this.subnetMaskFromPrefixLength(t[1]).toByteArray(),i=[],n=0;n<4;)i.push(parseInt(e[n],10)|255^parseInt(o[n],10)),n++;return new this(i)}catch(r){throw r,new Error("ipaddr: the address does not have IPv4 CIDR format")}},t.IPv4.networkAddressFromCIDR=function(r){var t,n,e,i,o;try{for(e=(t=this.parseCIDR(r))[0].toByteArray(),o=this.subnetMaskFromPrefixLength(t[1]).toByteArray(),i=[],n=0;n<4;)i.push(parseInt(e[n],10)&parseInt(o[n],10)),n++;return new this(i)}catch(r){throw r,new Error("ipaddr: the address does not have IPv4 CIDR format")}},t.IPv6.parseCIDR=function(r){var t,n,e;if((n=r.match(/^(.+)\/(\d+)$/))&&(t=parseInt(n[2]))>=0&&t<=128)return e=[this.parse(n[1]),t],Object.defineProperty(e,"toString",{value:function(){return this.join("/")}}),e;throw new Error("ipaddr: string is not formatted like an IPv6 CIDR range")},t.isValid=function(r){return t.IPv6.isValid(r)||t.IPv4.isValid(r)},t.parse=function(r){if(t.IPv6.isValid(r))return t.IPv6.parse(r);if(t.IPv4.isValid(r))return t.IPv4.parse(r);throw new Error("ipaddr: the address has neither IPv6 nor IPv4 format")},t.parseCIDR=function(r){try{return t.IPv6.parseCIDR(r)}catch(n){n;try{return t.IPv4.parseCIDR(r)}catch(r){throw r,new Error("ipaddr: the address has neither IPv6 nor IPv4 CIDR format")}}},t.fromByteArray=function(r){var n;if(4===(n=r.length))return new t.IPv4(r);if(16===n)return new t.IPv6(r);throw new Error("ipaddr: the binary input is neither an IPv6 nor IPv4 address")},t.process=function(r){var t;return t=this.parse(r),"ipv6"===t.kind()&&t.isIPv4MappedAddress()?t.toIPv4Address():t}}).call(this);
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/ipaddr.js/lib/ipaddr.js b/src/Servers/ExpressServer/node_modules/ipaddr.js/lib/ipaddr.js
deleted file mode 100644
index 18bd93b..0000000
--- a/src/Servers/ExpressServer/node_modules/ipaddr.js/lib/ipaddr.js
+++ /dev/null
@@ -1,673 +0,0 @@
-(function() {
-  var expandIPv6, ipaddr, ipv4Part, ipv4Regexes, ipv6Part, ipv6Regexes, matchCIDR, root, zoneIndex;
-
-  ipaddr = {};
-
-  root = this;
-
-  if ((typeof module !== "undefined" && module !== null) && module.exports) {
-    module.exports = ipaddr;
-  } else {
-    root['ipaddr'] = ipaddr;
-  }
-
-  matchCIDR = function(first, second, partSize, cidrBits) {
-    var part, shift;
-    if (first.length !== second.length) {
-      throw new Error("ipaddr: cannot match CIDR for objects with different lengths");
-    }
-    part = 0;
-    while (cidrBits > 0) {
-      shift = partSize - cidrBits;
-      if (shift < 0) {
-        shift = 0;
-      }
-      if (first[part] >> shift !== second[part] >> shift) {
-        return false;
-      }
-      cidrBits -= partSize;
-      part += 1;
-    }
-    return true;
-  };
-
-  ipaddr.subnetMatch = function(address, rangeList, defaultName) {
-    var k, len, rangeName, rangeSubnets, subnet;
-    if (defaultName == null) {
-      defaultName = 'unicast';
-    }
-    for (rangeName in rangeList) {
-      rangeSubnets = rangeList[rangeName];
-      if (rangeSubnets[0] && !(rangeSubnets[0] instanceof Array)) {
-        rangeSubnets = [rangeSubnets];
-      }
-      for (k = 0, len = rangeSubnets.length; k < len; k++) {
-        subnet = rangeSubnets[k];
-        if (address.kind() === subnet[0].kind()) {
-          if (address.match.apply(address, subnet)) {
-            return rangeName;
-          }
-        }
-      }
-    }
-    return defaultName;
-  };
-
-  ipaddr.IPv4 = (function() {
-    function IPv4(octets) {
-      var k, len, octet;
-      if (octets.length !== 4) {
-        throw new Error("ipaddr: ipv4 octet count should be 4");
-      }
-      for (k = 0, len = octets.length; k < len; k++) {
-        octet = octets[k];
-        if (!((0 <= octet && octet <= 255))) {
-          throw new Error("ipaddr: ipv4 octet should fit in 8 bits");
-        }
-      }
-      this.octets = octets;
-    }
-
-    IPv4.prototype.kind = function() {
-      return 'ipv4';
-    };
-
-    IPv4.prototype.toString = function() {
-      return this.octets.join(".");
-    };
-
-    IPv4.prototype.toNormalizedString = function() {
-      return this.toString();
-    };
-
-    IPv4.prototype.toByteArray = function() {
-      return this.octets.slice(0);
-    };
-
-    IPv4.prototype.match = function(other, cidrRange) {
-      var ref;
-      if (cidrRange === void 0) {
-        ref = other, other = ref[0], cidrRange = ref[1];
-      }
-      if (other.kind() !== 'ipv4') {
-        throw new Error("ipaddr: cannot match ipv4 address with non-ipv4 one");
-      }
-      return matchCIDR(this.octets, other.octets, 8, cidrRange);
-    };
-
-    IPv4.prototype.SpecialRanges = {
-      unspecified: [[new IPv4([0, 0, 0, 0]), 8]],
-      broadcast: [[new IPv4([255, 255, 255, 255]), 32]],
-      multicast: [[new IPv4([224, 0, 0, 0]), 4]],
-      linkLocal: [[new IPv4([169, 254, 0, 0]), 16]],
-      loopback: [[new IPv4([127, 0, 0, 0]), 8]],
-      carrierGradeNat: [[new IPv4([100, 64, 0, 0]), 10]],
-      "private": [[new IPv4([10, 0, 0, 0]), 8], [new IPv4([172, 16, 0, 0]), 12], [new IPv4([192, 168, 0, 0]), 16]],
-      reserved: [[new IPv4([192, 0, 0, 0]), 24], [new IPv4([192, 0, 2, 0]), 24], [new IPv4([192, 88, 99, 0]), 24], [new IPv4([198, 51, 100, 0]), 24], [new IPv4([203, 0, 113, 0]), 24], [new IPv4([240, 0, 0, 0]), 4]]
-    };
-
-    IPv4.prototype.range = function() {
-      return ipaddr.subnetMatch(this, this.SpecialRanges);
-    };
-
-    IPv4.prototype.toIPv4MappedAddress = function() {
-      return ipaddr.IPv6.parse("::ffff:" + (this.toString()));
-    };
-
-    IPv4.prototype.prefixLengthFromSubnetMask = function() {
-      var cidr, i, k, octet, stop, zeros, zerotable;
-      zerotable = {
-        0: 8,
-        128: 7,
-        192: 6,
-        224: 5,
-        240: 4,
-        248: 3,
-        252: 2,
-        254: 1,
-        255: 0
-      };
-      cidr = 0;
-      stop = false;
-      for (i = k = 3; k >= 0; i = k += -1) {
-        octet = this.octets[i];
-        if (octet in zerotable) {
-          zeros = zerotable[octet];
-          if (stop && zeros !== 0) {
-            return null;
-          }
-          if (zeros !== 8) {
-            stop = true;
-          }
-          cidr += zeros;
-        } else {
-          return null;
-        }
-      }
-      return 32 - cidr;
-    };
-
-    return IPv4;
-
-  })();
-
-  ipv4Part = "(0?\\d+|0x[a-f0-9]+)";
-
-  ipv4Regexes = {
-    fourOctet: new RegExp("^" + ipv4Part + "\\." + ipv4Part + "\\." + ipv4Part + "\\." + ipv4Part + "$", 'i'),
-    longValue: new RegExp("^" + ipv4Part + "$", 'i')
-  };
-
-  ipaddr.IPv4.parser = function(string) {
-    var match, parseIntAuto, part, shift, value;
-    parseIntAuto = function(string) {
-      if (string[0] === "0" && string[1] !== "x") {
-        return parseInt(string, 8);
-      } else {
-        return parseInt(string);
-      }
-    };
-    if (match = string.match(ipv4Regexes.fourOctet)) {
-      return (function() {
-        var k, len, ref, results;
-        ref = match.slice(1, 6);
-        results = [];
-        for (k = 0, len = ref.length; k < len; k++) {
-          part = ref[k];
-          results.push(parseIntAuto(part));
-        }
-        return results;
-      })();
-    } else if (match = string.match(ipv4Regexes.longValue)) {
-      value = parseIntAuto(match[1]);
-      if (value > 0xffffffff || value < 0) {
-        throw new Error("ipaddr: address outside defined range");
-      }
-      return ((function() {
-        var k, results;
-        results = [];
-        for (shift = k = 0; k <= 24; shift = k += 8) {
-          results.push((value >> shift) & 0xff);
-        }
-        return results;
-      })()).reverse();
-    } else {
-      return null;
-    }
-  };
-
-  ipaddr.IPv6 = (function() {
-    function IPv6(parts, zoneId) {
-      var i, k, l, len, part, ref;
-      if (parts.length === 16) {
-        this.parts = [];
-        for (i = k = 0; k <= 14; i = k += 2) {
-          this.parts.push((parts[i] << 8) | parts[i + 1]);
-        }
-      } else if (parts.length === 8) {
-        this.parts = parts;
-      } else {
-        throw new Error("ipaddr: ipv6 part count should be 8 or 16");
-      }
-      ref = this.parts;
-      for (l = 0, len = ref.length; l < len; l++) {
-        part = ref[l];
-        if (!((0 <= part && part <= 0xffff))) {
-          throw new Error("ipaddr: ipv6 part should fit in 16 bits");
-        }
-      }
-      if (zoneId) {
-        this.zoneId = zoneId;
-      }
-    }
-
-    IPv6.prototype.kind = function() {
-      return 'ipv6';
-    };
-
-    IPv6.prototype.toString = function() {
-      return this.toNormalizedString().replace(/((^|:)(0(:|$))+)/, '::');
-    };
-
-    IPv6.prototype.toRFC5952String = function() {
-      var bestMatchIndex, bestMatchLength, match, regex, string;
-      regex = /((^|:)(0(:|$)){2,})/g;
-      string = this.toNormalizedString();
-      bestMatchIndex = 0;
-      bestMatchLength = -1;
-      while ((match = regex.exec(string))) {
-        if (match[0].length > bestMatchLength) {
-          bestMatchIndex = match.index;
-          bestMatchLength = match[0].length;
-        }
-      }
-      if (bestMatchLength < 0) {
-        return string;
-      }
-      return string.substring(0, bestMatchIndex) + '::' + string.substring(bestMatchIndex + bestMatchLength);
-    };
-
-    IPv6.prototype.toByteArray = function() {
-      var bytes, k, len, part, ref;
-      bytes = [];
-      ref = this.parts;
-      for (k = 0, len = ref.length; k < len; k++) {
-        part = ref[k];
-        bytes.push(part >> 8);
-        bytes.push(part & 0xff);
-      }
-      return bytes;
-    };
-
-    IPv6.prototype.toNormalizedString = function() {
-      var addr, part, suffix;
-      addr = ((function() {
-        var k, len, ref, results;
-        ref = this.parts;
-        results = [];
-        for (k = 0, len = ref.length; k < len; k++) {
-          part = ref[k];
-          results.push(part.toString(16));
-        }
-        return results;
-      }).call(this)).join(":");
-      suffix = '';
-      if (this.zoneId) {
-        suffix = '%' + this.zoneId;
-      }
-      return addr + suffix;
-    };
-
-    IPv6.prototype.toFixedLengthString = function() {
-      var addr, part, suffix;
-      addr = ((function() {
-        var k, len, ref, results;
-        ref = this.parts;
-        results = [];
-        for (k = 0, len = ref.length; k < len; k++) {
-          part = ref[k];
-          results.push(part.toString(16).padStart(4, '0'));
-        }
-        return results;
-      }).call(this)).join(":");
-      suffix = '';
-      if (this.zoneId) {
-        suffix = '%' + this.zoneId;
-      }
-      return addr + suffix;
-    };
-
-    IPv6.prototype.match = function(other, cidrRange) {
-      var ref;
-      if (cidrRange === void 0) {
-        ref = other, other = ref[0], cidrRange = ref[1];
-      }
-      if (other.kind() !== 'ipv6') {
-        throw new Error("ipaddr: cannot match ipv6 address with non-ipv6 one");
-      }
-      return matchCIDR(this.parts, other.parts, 16, cidrRange);
-    };
-
-    IPv6.prototype.SpecialRanges = {
-      unspecified: [new IPv6([0, 0, 0, 0, 0, 0, 0, 0]), 128],
-      linkLocal: [new IPv6([0xfe80, 0, 0, 0, 0, 0, 0, 0]), 10],
-      multicast: [new IPv6([0xff00, 0, 0, 0, 0, 0, 0, 0]), 8],
-      loopback: [new IPv6([0, 0, 0, 0, 0, 0, 0, 1]), 128],
-      uniqueLocal: [new IPv6([0xfc00, 0, 0, 0, 0, 0, 0, 0]), 7],
-      ipv4Mapped: [new IPv6([0, 0, 0, 0, 0, 0xffff, 0, 0]), 96],
-      rfc6145: [new IPv6([0, 0, 0, 0, 0xffff, 0, 0, 0]), 96],
-      rfc6052: [new IPv6([0x64, 0xff9b, 0, 0, 0, 0, 0, 0]), 96],
-      '6to4': [new IPv6([0x2002, 0, 0, 0, 0, 0, 0, 0]), 16],
-      teredo: [new IPv6([0x2001, 0, 0, 0, 0, 0, 0, 0]), 32],
-      reserved: [[new IPv6([0x2001, 0xdb8, 0, 0, 0, 0, 0, 0]), 32]]
-    };
-
-    IPv6.prototype.range = function() {
-      return ipaddr.subnetMatch(this, this.SpecialRanges);
-    };
-
-    IPv6.prototype.isIPv4MappedAddress = function() {
-      return this.range() === 'ipv4Mapped';
-    };
-
-    IPv6.prototype.toIPv4Address = function() {
-      var high, low, ref;
-      if (!this.isIPv4MappedAddress()) {
-        throw new Error("ipaddr: trying to convert a generic ipv6 address to ipv4");
-      }
-      ref = this.parts.slice(-2), high = ref[0], low = ref[1];
-      return new ipaddr.IPv4([high >> 8, high & 0xff, low >> 8, low & 0xff]);
-    };
-
-    IPv6.prototype.prefixLengthFromSubnetMask = function() {
-      var cidr, i, k, part, stop, zeros, zerotable;
-      zerotable = {
-        0: 16,
-        32768: 15,
-        49152: 14,
-        57344: 13,
-        61440: 12,
-        63488: 11,
-        64512: 10,
-        65024: 9,
-        65280: 8,
-        65408: 7,
-        65472: 6,
-        65504: 5,
-        65520: 4,
-        65528: 3,
-        65532: 2,
-        65534: 1,
-        65535: 0
-      };
-      cidr = 0;
-      stop = false;
-      for (i = k = 7; k >= 0; i = k += -1) {
-        part = this.parts[i];
-        if (part in zerotable) {
-          zeros = zerotable[part];
-          if (stop && zeros !== 0) {
-            return null;
-          }
-          if (zeros !== 16) {
-            stop = true;
-          }
-          cidr += zeros;
-        } else {
-          return null;
-        }
-      }
-      return 128 - cidr;
-    };
-
-    return IPv6;
-
-  })();
-
-  ipv6Part = "(?:[0-9a-f]+::?)+";
-
-  zoneIndex = "%[0-9a-z]{1,}";
-
-  ipv6Regexes = {
-    zoneIndex: new RegExp(zoneIndex, 'i'),
-    "native": new RegExp("^(::)?(" + ipv6Part + ")?([0-9a-f]+)?(::)?(" + zoneIndex + ")?$", 'i'),
-    transitional: new RegExp(("^((?:" + ipv6Part + ")|(?:::)(?:" + ipv6Part + ")?)") + (ipv4Part + "\\." + ipv4Part + "\\." + ipv4Part + "\\." + ipv4Part) + ("(" + zoneIndex + ")?$"), 'i')
-  };
-
-  expandIPv6 = function(string, parts) {
-    var colonCount, lastColon, part, replacement, replacementCount, zoneId;
-    if (string.indexOf('::') !== string.lastIndexOf('::')) {
-      return null;
-    }
-    zoneId = (string.match(ipv6Regexes['zoneIndex']) || [])[0];
-    if (zoneId) {
-      zoneId = zoneId.substring(1);
-      string = string.replace(/%.+$/, '');
-    }
-    colonCount = 0;
-    lastColon = -1;
-    while ((lastColon = string.indexOf(':', lastColon + 1)) >= 0) {
-      colonCount++;
-    }
-    if (string.substr(0, 2) === '::') {
-      colonCount--;
-    }
-    if (string.substr(-2, 2) === '::') {
-      colonCount--;
-    }
-    if (colonCount > parts) {
-      return null;
-    }
-    replacementCount = parts - colonCount;
-    replacement = ':';
-    while (replacementCount--) {
-      replacement += '0:';
-    }
-    string = string.replace('::', replacement);
-    if (string[0] === ':') {
-      string = string.slice(1);
-    }
-    if (string[string.length - 1] === ':') {
-      string = string.slice(0, -1);
-    }
-    parts = (function() {
-      var k, len, ref, results;
-      ref = string.split(":");
-      results = [];
-      for (k = 0, len = ref.length; k < len; k++) {
-        part = ref[k];
-        results.push(parseInt(part, 16));
-      }
-      return results;
-    })();
-    return {
-      parts: parts,
-      zoneId: zoneId
-    };
-  };
-
-  ipaddr.IPv6.parser = function(string) {
-    var addr, k, len, match, octet, octets, zoneId;
-    if (ipv6Regexes['native'].test(string)) {
-      return expandIPv6(string, 8);
-    } else if (match = string.match(ipv6Regexes['transitional'])) {
-      zoneId = match[6] || '';
-      addr = expandIPv6(match[1].slice(0, -1) + zoneId, 6);
-      if (addr.parts) {
-        octets = [parseInt(match[2]), parseInt(match[3]), parseInt(match[4]), parseInt(match[5])];
-        for (k = 0, len = octets.length; k < len; k++) {
-          octet = octets[k];
-          if (!((0 <= octet && octet <= 255))) {
-            return null;
-          }
-        }
-        addr.parts.push(octets[0] << 8 | octets[1]);
-        addr.parts.push(octets[2] << 8 | octets[3]);
-        return {
-          parts: addr.parts,
-          zoneId: addr.zoneId
-        };
-      }
-    }
-    return null;
-  };
-
-  ipaddr.IPv4.isIPv4 = ipaddr.IPv6.isIPv6 = function(string) {
-    return this.parser(string) !== null;
-  };
-
-  ipaddr.IPv4.isValid = function(string) {
-    var e;
-    try {
-      new this(this.parser(string));
-      return true;
-    } catch (error1) {
-      e = error1;
-      return false;
-    }
-  };
-
-  ipaddr.IPv4.isValidFourPartDecimal = function(string) {
-    if (ipaddr.IPv4.isValid(string) && string.match(/^(0|[1-9]\d*)(\.(0|[1-9]\d*)){3}$/)) {
-      return true;
-    } else {
-      return false;
-    }
-  };
-
-  ipaddr.IPv6.isValid = function(string) {
-    var addr, e;
-    if (typeof string === "string" && string.indexOf(":") === -1) {
-      return false;
-    }
-    try {
-      addr = this.parser(string);
-      new this(addr.parts, addr.zoneId);
-      return true;
-    } catch (error1) {
-      e = error1;
-      return false;
-    }
-  };
-
-  ipaddr.IPv4.parse = function(string) {
-    var parts;
-    parts = this.parser(string);
-    if (parts === null) {
-      throw new Error("ipaddr: string is not formatted like ip address");
-    }
-    return new this(parts);
-  };
-
-  ipaddr.IPv6.parse = function(string) {
-    var addr;
-    addr = this.parser(string);
-    if (addr.parts === null) {
-      throw new Error("ipaddr: string is not formatted like ip address");
-    }
-    return new this(addr.parts, addr.zoneId);
-  };
-
-  ipaddr.IPv4.parseCIDR = function(string) {
-    var maskLength, match, parsed;
-    if (match = string.match(/^(.+)\/(\d+)$/)) {
-      maskLength = parseInt(match[2]);
-      if (maskLength >= 0 && maskLength <= 32) {
-        parsed = [this.parse(match[1]), maskLength];
-        Object.defineProperty(parsed, 'toString', {
-          value: function() {
-            return this.join('/');
-          }
-        });
-        return parsed;
-      }
-    }
-    throw new Error("ipaddr: string is not formatted like an IPv4 CIDR range");
-  };
-
-  ipaddr.IPv4.subnetMaskFromPrefixLength = function(prefix) {
-    var filledOctetCount, j, octets;
-    prefix = parseInt(prefix);
-    if (prefix < 0 || prefix > 32) {
-      throw new Error('ipaddr: invalid IPv4 prefix length');
-    }
-    octets = [0, 0, 0, 0];
-    j = 0;
-    filledOctetCount = Math.floor(prefix / 8);
-    while (j < filledOctetCount) {
-      octets[j] = 255;
-      j++;
-    }
-    if (filledOctetCount < 4) {
-      octets[filledOctetCount] = Math.pow(2, prefix % 8) - 1 << 8 - (prefix % 8);
-    }
-    return new this(octets);
-  };
-
-  ipaddr.IPv4.broadcastAddressFromCIDR = function(string) {
-    var cidr, error, i, ipInterfaceOctets, octets, subnetMaskOctets;
-    try {
-      cidr = this.parseCIDR(string);
-      ipInterfaceOctets = cidr[0].toByteArray();
-      subnetMaskOctets = this.subnetMaskFromPrefixLength(cidr[1]).toByteArray();
-      octets = [];
-      i = 0;
-      while (i < 4) {
-        octets.push(parseInt(ipInterfaceOctets[i], 10) | parseInt(subnetMaskOctets[i], 10) ^ 255);
-        i++;
-      }
-      return new this(octets);
-    } catch (error1) {
-      error = error1;
-      throw new Error('ipaddr: the address does not have IPv4 CIDR format');
-    }
-  };
-
-  ipaddr.IPv4.networkAddressFromCIDR = function(string) {
-    var cidr, error, i, ipInterfaceOctets, octets, subnetMaskOctets;
-    try {
-      cidr = this.parseCIDR(string);
-      ipInterfaceOctets = cidr[0].toByteArray();
-      subnetMaskOctets = this.subnetMaskFromPrefixLength(cidr[1]).toByteArray();
-      octets = [];
-      i = 0;
-      while (i < 4) {
-        octets.push(parseInt(ipInterfaceOctets[i], 10) & parseInt(subnetMaskOctets[i], 10));
-        i++;
-      }
-      return new this(octets);
-    } catch (error1) {
-      error = error1;
-      throw new Error('ipaddr: the address does not have IPv4 CIDR format');
-    }
-  };
-
-  ipaddr.IPv6.parseCIDR = function(string) {
-    var maskLength, match, parsed;
-    if (match = string.match(/^(.+)\/(\d+)$/)) {
-      maskLength = parseInt(match[2]);
-      if (maskLength >= 0 && maskLength <= 128) {
-        parsed = [this.parse(match[1]), maskLength];
-        Object.defineProperty(parsed, 'toString', {
-          value: function() {
-            return this.join('/');
-          }
-        });
-        return parsed;
-      }
-    }
-    throw new Error("ipaddr: string is not formatted like an IPv6 CIDR range");
-  };
-
-  ipaddr.isValid = function(string) {
-    return ipaddr.IPv6.isValid(string) || ipaddr.IPv4.isValid(string);
-  };
-
-  ipaddr.parse = function(string) {
-    if (ipaddr.IPv6.isValid(string)) {
-      return ipaddr.IPv6.parse(string);
-    } else if (ipaddr.IPv4.isValid(string)) {
-      return ipaddr.IPv4.parse(string);
-    } else {
-      throw new Error("ipaddr: the address has neither IPv6 nor IPv4 format");
-    }
-  };
-
-  ipaddr.parseCIDR = function(string) {
-    var e;
-    try {
-      return ipaddr.IPv6.parseCIDR(string);
-    } catch (error1) {
-      e = error1;
-      try {
-        return ipaddr.IPv4.parseCIDR(string);
-      } catch (error1) {
-        e = error1;
-        throw new Error("ipaddr: the address has neither IPv6 nor IPv4 CIDR format");
-      }
-    }
-  };
-
-  ipaddr.fromByteArray = function(bytes) {
-    var length;
-    length = bytes.length;
-    if (length === 4) {
-      return new ipaddr.IPv4(bytes);
-    } else if (length === 16) {
-      return new ipaddr.IPv6(bytes);
-    } else {
-      throw new Error("ipaddr: the binary input is neither an IPv6 nor IPv4 address");
-    }
-  };
-
-  ipaddr.process = function(string) {
-    var addr;
-    addr = this.parse(string);
-    if (addr.kind() === 'ipv6' && addr.isIPv4MappedAddress()) {
-      return addr.toIPv4Address();
-    } else {
-      return addr;
-    }
-  };
-
-}).call(this);
diff --git a/src/Servers/ExpressServer/node_modules/ipaddr.js/lib/ipaddr.js.d.ts b/src/Servers/ExpressServer/node_modules/ipaddr.js/lib/ipaddr.js.d.ts
deleted file mode 100644
index 52174b6..0000000
--- a/src/Servers/ExpressServer/node_modules/ipaddr.js/lib/ipaddr.js.d.ts
+++ /dev/null
@@ -1,68 +0,0 @@
-declare module "ipaddr.js" {
-    type IPv4Range = 'unicast' | 'unspecified' | 'broadcast' | 'multicast' | 'linkLocal' | 'loopback' | 'carrierGradeNat' | 'private' | 'reserved';
-    type IPv6Range = 'unicast' | 'unspecified' | 'linkLocal' | 'multicast' | 'loopback' | 'uniqueLocal' | 'ipv4Mapped' | 'rfc6145' | 'rfc6052' | '6to4' | 'teredo' | 'reserved';
-
-    interface RangeList<T> {
-        [name: string]: [T, number] | [T, number][];
-    }
-
-    // Common methods/properties for IPv4 and IPv6 classes.
-    class IP {
-        prefixLengthFromSubnetMask(): number | null;
-        toByteArray(): number[];
-        toNormalizedString(): string;
-        toString(): string;
-    }
-
-    namespace Address {
-        export function isValid(addr: string): boolean;
-        export function fromByteArray(bytes: number[]): IPv4 | IPv6;
-        export function parse(addr: string): IPv4 | IPv6;
-        export function parseCIDR(mask: string): [IPv4 | IPv6, number];
-        export function process(addr: string): IPv4 | IPv6;
-        export function subnetMatch(addr: IPv4, rangeList: RangeList<IPv4>, defaultName?: string): string;
-        export function subnetMatch(addr: IPv6, rangeList: RangeList<IPv6>, defaultName?: string): string;
-
-        export class IPv4 extends IP {
-            static broadcastAddressFromCIDR(addr: string): IPv4;
-            static isIPv4(addr: string): boolean;
-            static isValidFourPartDecimal(addr: string): boolean;
-            static isValid(addr: string): boolean;
-            static networkAddressFromCIDR(addr: string): IPv4;
-            static parse(addr: string): IPv4;
-            static parseCIDR(addr: string): [IPv4, number];
-            static subnetMaskFromPrefixLength(prefix: number): IPv4;
-            constructor(octets: number[]);
-            octets: number[]
-
-            kind(): 'ipv4';
-            match(addr: IPv4, bits: number): boolean;
-            match(mask: [IPv4, number]): boolean;
-            range(): IPv4Range;
-            subnetMatch(rangeList: RangeList<IPv4>, defaultName?: string): string;
-            toIPv4MappedAddress(): IPv6;
-        }
-
-        export class IPv6 extends IP {
-            static broadcastAddressFromCIDR(addr: string): IPv6;
-            static isIPv6(addr: string): boolean;
-            static isValid(addr: string): boolean;
-            static parse(addr: string): IPv6;
-            static parseCIDR(addr: string): [IPv6, number];
-            static subnetMaskFromPrefixLength(prefix: number): IPv6;
-            constructor(parts: number[]);
-            parts: number[]
-            zoneId?: string
-
-            isIPv4MappedAddress(): boolean;
-            kind(): 'ipv6';
-            match(addr: IPv6, bits: number): boolean;
-            match(mask: [IPv6, number]): boolean;
-            range(): IPv6Range;
-            subnetMatch(rangeList: RangeList<IPv6>, defaultName?: string): string;
-            toIPv4Address(): IPv4;
-        }
-    }
-
-    export = Address;
-}
diff --git a/src/Servers/ExpressServer/node_modules/ipaddr.js/package.json b/src/Servers/ExpressServer/node_modules/ipaddr.js/package.json
deleted file mode 100644
index f4d3547..0000000
--- a/src/Servers/ExpressServer/node_modules/ipaddr.js/package.json
+++ /dev/null
@@ -1,35 +0,0 @@
-{
-  "name": "ipaddr.js",
-  "description": "A library for manipulating IPv4 and IPv6 addresses in JavaScript.",
-  "version": "1.9.1",
-  "author": "whitequark <whitequark@whitequark.org>",
-  "directories": {
-    "lib": "./lib"
-  },
-  "dependencies": {},
-  "devDependencies": {
-    "coffee-script": "~1.12.6",
-    "nodeunit": "^0.11.3",
-    "uglify-js": "~3.0.19"
-  },
-  "scripts": {
-    "test": "cake build test"
-  },
-  "files": [
-    "lib/",
-    "LICENSE",
-    "ipaddr.min.js"
-  ],
-  "keywords": [
-    "ip",
-    "ipv4",
-    "ipv6"
-  ],
-  "repository": "git://github.com/whitequark/ipaddr.js",
-  "main": "./lib/ipaddr.js",
-  "engines": {
-    "node": ">= 0.10"
-  },
-  "license": "MIT",
-  "types": "./lib/ipaddr.js.d.ts"
-}
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/.eslintrc b/src/Servers/ExpressServer/node_modules/math-intrinsics/.eslintrc
deleted file mode 100644
index d90a1bc..0000000
--- a/src/Servers/ExpressServer/node_modules/math-intrinsics/.eslintrc
+++ /dev/null
@@ -1,16 +0,0 @@
-{
-	"root": true,
-
-	"extends": "@ljharb",
-
-	"rules": {
-		"eqeqeq": ["error", "allow-null"],
-		"id-length": "off",
-		"new-cap": ["error", {
-			"capIsNewExceptions": [
-				"RequireObjectCoercible",
-				"ToObject",
-			],
-		}],
-	},
-}
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/.github/FUNDING.yml b/src/Servers/ExpressServer/node_modules/math-intrinsics/.github/FUNDING.yml
deleted file mode 100644
index 868f4ff..0000000
--- a/src/Servers/ExpressServer/node_modules/math-intrinsics/.github/FUNDING.yml
+++ /dev/null
@@ -1,12 +0,0 @@
-# These are supported funding model platforms
-
-github: [ljharb]
-patreon: # Replace with a single Patreon username
-open_collective: # Replace with a single Open Collective username
-ko_fi: # Replace with a single Ko-fi username
-tidelift: npm/math-intrinsics
-community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
-liberapay: # Replace with a single Liberapay username
-issuehunt: # Replace with a single IssueHunt username
-otechie: # Replace with a single Otechie username
-custom: # Replace with a single custom sponsorship URL
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/CHANGELOG.md b/src/Servers/ExpressServer/node_modules/math-intrinsics/CHANGELOG.md
deleted file mode 100644
index 9cf48f5..0000000
--- a/src/Servers/ExpressServer/node_modules/math-intrinsics/CHANGELOG.md
+++ /dev/null
@@ -1,24 +0,0 @@
-# Changelog
-
-All notable changes to this project will be documented in this file.
-
-The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
-and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
-
-## [v1.1.0](https://github.com/es-shims/math-intrinsics/compare/v1.0.0...v1.1.0) - 2024-12-18
-
-### Commits
-
-- [New] add `round` [`7cfb044`](https://github.com/es-shims/math-intrinsics/commit/7cfb04460c0fbdf1ca101eecbac3f59d11994130)
-- [Tests] add attw [`e96be8f`](https://github.com/es-shims/math-intrinsics/commit/e96be8fbf58449eafe976446a0470e6ea561ad8d)
-- [Dev Deps] update `@types/tape` [`30d0023`](https://github.com/es-shims/math-intrinsics/commit/30d00234ce8a3fa0094a61cd55d6686eb91e36ec)
-
-## v1.0.0 - 2024-12-11
-
-### Commits
-
-- Initial implementation, tests, readme, types [`b898caa`](https://github.com/es-shims/math-intrinsics/commit/b898caae94e9994a94a42b8740f7bbcfd0a868fe)
-- Initial commit [`02745b0`](https://github.com/es-shims/math-intrinsics/commit/02745b03a62255af8a332771987b55d127538d9c)
-- [New] add `constants/maxArrayLength`, `mod` [`b978178`](https://github.com/es-shims/math-intrinsics/commit/b978178a57685bd23ed1c7efe2137f3784f5fcc5)
-- npm init [`a39fc57`](https://github.com/es-shims/math-intrinsics/commit/a39fc57e5639a645d0bd52a0dc56202480223be2)
-- Only apps should have lockfiles [`9451580`](https://github.com/es-shims/math-intrinsics/commit/94515800fb34db4f3cc7e99290042d45609ac7bd)
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/LICENSE b/src/Servers/ExpressServer/node_modules/math-intrinsics/LICENSE
deleted file mode 100644
index 34995e7..0000000
--- a/src/Servers/ExpressServer/node_modules/math-intrinsics/LICENSE
+++ /dev/null
@@ -1,21 +0,0 @@
-MIT License
-
-Copyright (c) 2024 ECMAScript Shims
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/README.md b/src/Servers/ExpressServer/node_modules/math-intrinsics/README.md
deleted file mode 100644
index 4a66dcf..0000000
--- a/src/Servers/ExpressServer/node_modules/math-intrinsics/README.md
+++ /dev/null
@@ -1,50 +0,0 @@
-# math-intrinsics <sup>[![Version Badge][npm-version-svg]][package-url]</sup>
-
-[![github actions][actions-image]][actions-url]
-[![coverage][codecov-image]][codecov-url]
-[![License][license-image]][license-url]
-[![Downloads][downloads-image]][downloads-url]
-
-[![npm badge][npm-badge-png]][package-url]
-
-ES Math-related intrinsics and helpers, robustly cached.
-
- - `abs`
- - `floor`
- - `isFinite`
- - `isInteger`
- - `isNaN`
- - `isNegativeZero`
- - `max`
- - `min`
- - `mod`
- - `pow`
- - `round`
- - `sign`
- - `constants/maxArrayLength`
- - `constants/maxSafeInteger`
- - `constants/maxValue`
-
-
-## Tests
-Simply clone the repo, `npm install`, and run `npm test`
-
-## Security
-
-Please email [@ljharb](https://github.com/ljharb) or see https://tidelift.com/security if you have a potential security vulnerability to report.
-
-[package-url]: https://npmjs.org/package/math-intrinsics
-[npm-version-svg]: https://versionbadg.es/es-shims/math-intrinsics.svg
-[deps-svg]: https://david-dm.org/es-shims/math-intrinsics.svg
-[deps-url]: https://david-dm.org/es-shims/math-intrinsics
-[dev-deps-svg]: https://david-dm.org/es-shims/math-intrinsics/dev-status.svg
-[dev-deps-url]: https://david-dm.org/es-shims/math-intrinsics#info=devDependencies
-[npm-badge-png]: https://nodei.co/npm/math-intrinsics.png?downloads=true&stars=true
-[license-image]: https://img.shields.io/npm/l/math-intrinsics.svg
-[license-url]: LICENSE
-[downloads-image]: https://img.shields.io/npm/dm/es-object.svg
-[downloads-url]: https://npm-stat.com/charts.html?package=math-intrinsics
-[codecov-image]: https://codecov.io/gh/es-shims/math-intrinsics/branch/main/graphs/badge.svg
-[codecov-url]: https://app.codecov.io/gh/es-shims/math-intrinsics/
-[actions-image]: https://img.shields.io/endpoint?url=https://github-actions-badge-u3jn4tfpocch.runkit.sh/es-shims/math-intrinsics
-[actions-url]: https://github.com/es-shims/math-intrinsics/actions
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/abs.d.ts b/src/Servers/ExpressServer/node_modules/math-intrinsics/abs.d.ts
deleted file mode 100644
index 14ad9c6..0000000
--- a/src/Servers/ExpressServer/node_modules/math-intrinsics/abs.d.ts
+++ /dev/null
@@ -1 +0,0 @@
-export = Math.abs;
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/abs.js b/src/Servers/ExpressServer/node_modules/math-intrinsics/abs.js
deleted file mode 100644
index a751424..0000000
--- a/src/Servers/ExpressServer/node_modules/math-intrinsics/abs.js
+++ /dev/null
@@ -1,4 +0,0 @@
-'use strict';
-
-/** @type {import('./abs')} */
-module.exports = Math.abs;
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/constants/maxArrayLength.d.ts b/src/Servers/ExpressServer/node_modules/math-intrinsics/constants/maxArrayLength.d.ts
deleted file mode 100644
index b92d46b..0000000
--- a/src/Servers/ExpressServer/node_modules/math-intrinsics/constants/maxArrayLength.d.ts
+++ /dev/null
@@ -1,3 +0,0 @@
-declare const MAX_ARRAY_LENGTH: 4294967295;
-
-export = MAX_ARRAY_LENGTH;
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/constants/maxArrayLength.js b/src/Servers/ExpressServer/node_modules/math-intrinsics/constants/maxArrayLength.js
deleted file mode 100644
index cfc6aff..0000000
--- a/src/Servers/ExpressServer/node_modules/math-intrinsics/constants/maxArrayLength.js
+++ /dev/null
@@ -1,4 +0,0 @@
-'use strict';
-
-/** @type {import('./maxArrayLength')} */
-module.exports = 4294967295; // Math.pow(2, 32) - 1;
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/constants/maxSafeInteger.d.ts b/src/Servers/ExpressServer/node_modules/math-intrinsics/constants/maxSafeInteger.d.ts
deleted file mode 100644
index fee3f62..0000000
--- a/src/Servers/ExpressServer/node_modules/math-intrinsics/constants/maxSafeInteger.d.ts
+++ /dev/null
@@ -1,3 +0,0 @@
-declare const MAX_SAFE_INTEGER: 9007199254740991;
-
-export = MAX_SAFE_INTEGER;
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/constants/maxSafeInteger.js b/src/Servers/ExpressServer/node_modules/math-intrinsics/constants/maxSafeInteger.js
deleted file mode 100644
index b568ad3..0000000
--- a/src/Servers/ExpressServer/node_modules/math-intrinsics/constants/maxSafeInteger.js
+++ /dev/null
@@ -1,5 +0,0 @@
-'use strict';
-
-/** @type {import('./maxSafeInteger')} */
-// eslint-disable-next-line no-extra-parens
-module.exports = /** @type {import('./maxSafeInteger')} */ (Number.MAX_SAFE_INTEGER) || 9007199254740991; // Math.pow(2, 53) - 1;
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/constants/maxValue.d.ts b/src/Servers/ExpressServer/node_modules/math-intrinsics/constants/maxValue.d.ts
deleted file mode 100644
index 292cb82..0000000
--- a/src/Servers/ExpressServer/node_modules/math-intrinsics/constants/maxValue.d.ts
+++ /dev/null
@@ -1,3 +0,0 @@
-declare const MAX_VALUE: 1.7976931348623157e+308;
-
-export = MAX_VALUE;
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/constants/maxValue.js b/src/Servers/ExpressServer/node_modules/math-intrinsics/constants/maxValue.js
deleted file mode 100644
index a2202dc..0000000
--- a/src/Servers/ExpressServer/node_modules/math-intrinsics/constants/maxValue.js
+++ /dev/null
@@ -1,5 +0,0 @@
-'use strict';
-
-/** @type {import('./maxValue')}  */
-// eslint-disable-next-line no-extra-parens
-module.exports = /** @type {import('./maxValue')}  */ (Number.MAX_VALUE) || 1.7976931348623157e+308;
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/floor.d.ts b/src/Servers/ExpressServer/node_modules/math-intrinsics/floor.d.ts
deleted file mode 100644
index 9265236..0000000
--- a/src/Servers/ExpressServer/node_modules/math-intrinsics/floor.d.ts
+++ /dev/null
@@ -1 +0,0 @@
-export = Math.floor;
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/floor.js b/src/Servers/ExpressServer/node_modules/math-intrinsics/floor.js
deleted file mode 100644
index ab0e5d7..0000000
--- a/src/Servers/ExpressServer/node_modules/math-intrinsics/floor.js
+++ /dev/null
@@ -1,4 +0,0 @@
-'use strict';
-
-/** @type {import('./floor')} */
-module.exports = Math.floor;
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/isFinite.d.ts b/src/Servers/ExpressServer/node_modules/math-intrinsics/isFinite.d.ts
deleted file mode 100644
index 6daae33..0000000
--- a/src/Servers/ExpressServer/node_modules/math-intrinsics/isFinite.d.ts
+++ /dev/null
@@ -1,3 +0,0 @@
-declare function isFinite(x: unknown): x is number | bigint;
-
-export = isFinite;
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/isFinite.js b/src/Servers/ExpressServer/node_modules/math-intrinsics/isFinite.js
deleted file mode 100644
index b201a5a..0000000
--- a/src/Servers/ExpressServer/node_modules/math-intrinsics/isFinite.js
+++ /dev/null
@@ -1,12 +0,0 @@
-'use strict';
-
-var $isNaN = require('./isNaN');
-
-/** @type {import('./isFinite')} */
-module.exports = function isFinite(x) {
-	return (typeof x === 'number' || typeof x === 'bigint')
-        && !$isNaN(x)
-        && x !== Infinity
-        && x !== -Infinity;
-};
-
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/isInteger.d.ts b/src/Servers/ExpressServer/node_modules/math-intrinsics/isInteger.d.ts
deleted file mode 100644
index 13935a8..0000000
--- a/src/Servers/ExpressServer/node_modules/math-intrinsics/isInteger.d.ts
+++ /dev/null
@@ -1,3 +0,0 @@
-declare function isInteger(argument: unknown): argument is number;
-
-export = isInteger;
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/isInteger.js b/src/Servers/ExpressServer/node_modules/math-intrinsics/isInteger.js
deleted file mode 100644
index 4b1b9a5..0000000
--- a/src/Servers/ExpressServer/node_modules/math-intrinsics/isInteger.js
+++ /dev/null
@@ -1,16 +0,0 @@
-'use strict';
-
-var $abs = require('./abs');
-var $floor = require('./floor');
-
-var $isNaN = require('./isNaN');
-var $isFinite = require('./isFinite');
-
-/** @type {import('./isInteger')} */
-module.exports = function isInteger(argument) {
-	if (typeof argument !== 'number' || $isNaN(argument) || !$isFinite(argument)) {
-		return false;
-	}
-	var absValue = $abs(argument);
-	return $floor(absValue) === absValue;
-};
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/isNaN.d.ts b/src/Servers/ExpressServer/node_modules/math-intrinsics/isNaN.d.ts
deleted file mode 100644
index c1d4c55..0000000
--- a/src/Servers/ExpressServer/node_modules/math-intrinsics/isNaN.d.ts
+++ /dev/null
@@ -1 +0,0 @@
-export = Number.isNaN;
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/isNaN.js b/src/Servers/ExpressServer/node_modules/math-intrinsics/isNaN.js
deleted file mode 100644
index e36475c..0000000
--- a/src/Servers/ExpressServer/node_modules/math-intrinsics/isNaN.js
+++ /dev/null
@@ -1,6 +0,0 @@
-'use strict';
-
-/** @type {import('./isNaN')} */
-module.exports = Number.isNaN || function isNaN(a) {
-	return a !== a;
-};
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/isNegativeZero.d.ts b/src/Servers/ExpressServer/node_modules/math-intrinsics/isNegativeZero.d.ts
deleted file mode 100644
index 7ad8819..0000000
--- a/src/Servers/ExpressServer/node_modules/math-intrinsics/isNegativeZero.d.ts
+++ /dev/null
@@ -1,3 +0,0 @@
-declare function isNegativeZero(x: unknown): boolean;
-
-export = isNegativeZero;
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/isNegativeZero.js b/src/Servers/ExpressServer/node_modules/math-intrinsics/isNegativeZero.js
deleted file mode 100644
index b69adcc..0000000
--- a/src/Servers/ExpressServer/node_modules/math-intrinsics/isNegativeZero.js
+++ /dev/null
@@ -1,6 +0,0 @@
-'use strict';
-
-/** @type {import('./isNegativeZero')} */
-module.exports = function isNegativeZero(x) {
-	return x === 0 && 1 / x === 1 / -0;
-};
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/max.d.ts b/src/Servers/ExpressServer/node_modules/math-intrinsics/max.d.ts
deleted file mode 100644
index ad6f43e..0000000
--- a/src/Servers/ExpressServer/node_modules/math-intrinsics/max.d.ts
+++ /dev/null
@@ -1 +0,0 @@
-export = Math.max;
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/max.js b/src/Servers/ExpressServer/node_modules/math-intrinsics/max.js
deleted file mode 100644
index edb55df..0000000
--- a/src/Servers/ExpressServer/node_modules/math-intrinsics/max.js
+++ /dev/null
@@ -1,4 +0,0 @@
-'use strict';
-
-/** @type {import('./max')} */
-module.exports = Math.max;
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/min.d.ts b/src/Servers/ExpressServer/node_modules/math-intrinsics/min.d.ts
deleted file mode 100644
index fd90f2d..0000000
--- a/src/Servers/ExpressServer/node_modules/math-intrinsics/min.d.ts
+++ /dev/null
@@ -1 +0,0 @@
-export = Math.min;
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/min.js b/src/Servers/ExpressServer/node_modules/math-intrinsics/min.js
deleted file mode 100644
index 5a4a7c7..0000000
--- a/src/Servers/ExpressServer/node_modules/math-intrinsics/min.js
+++ /dev/null
@@ -1,4 +0,0 @@
-'use strict';
-
-/** @type {import('./min')} */
-module.exports = Math.min;
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/mod.d.ts b/src/Servers/ExpressServer/node_modules/math-intrinsics/mod.d.ts
deleted file mode 100644
index 549dbd4..0000000
--- a/src/Servers/ExpressServer/node_modules/math-intrinsics/mod.d.ts
+++ /dev/null
@@ -1,3 +0,0 @@
-declare function mod(number: number, modulo: number): number;
-
-export = mod;
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/mod.js b/src/Servers/ExpressServer/node_modules/math-intrinsics/mod.js
deleted file mode 100644
index 4a98362..0000000
--- a/src/Servers/ExpressServer/node_modules/math-intrinsics/mod.js
+++ /dev/null
@@ -1,9 +0,0 @@
-'use strict';
-
-var $floor = require('./floor');
-
-/** @type {import('./mod')} */
-module.exports = function mod(number, modulo) {
-	var remain = number % modulo;
-	return $floor(remain >= 0 ? remain : remain + modulo);
-};
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/package.json b/src/Servers/ExpressServer/node_modules/math-intrinsics/package.json
deleted file mode 100644
index 0676273..0000000
--- a/src/Servers/ExpressServer/node_modules/math-intrinsics/package.json
+++ /dev/null
@@ -1,86 +0,0 @@
-{
-	"name": "math-intrinsics",
-	"version": "1.1.0",
-	"description": "ES Math-related intrinsics and helpers, robustly cached.",
-	"main": false,
-	"exports": {
-		"./abs": "./abs.js",
-		"./floor": "./floor.js",
-		"./isFinite": "./isFinite.js",
-		"./isInteger": "./isInteger.js",
-		"./isNaN": "./isNaN.js",
-		"./isNegativeZero": "./isNegativeZero.js",
-		"./max": "./max.js",
-		"./min": "./min.js",
-		"./mod": "./mod.js",
-		"./pow": "./pow.js",
-		"./sign": "./sign.js",
-		"./round": "./round.js",
-		"./constants/maxArrayLength": "./constants/maxArrayLength.js",
-		"./constants/maxSafeInteger": "./constants/maxSafeInteger.js",
-		"./constants/maxValue": "./constants/maxValue.js",
-		"./package.json": "./package.json"
-	},
-	"sideEffects": false,
-	"scripts": {
-		"prepack": "npmignore --auto --commentLines=autogenerated",
-		"prepublishOnly": "safe-publish-latest",
-		"prepublish": "not-in-publish || npm run prepublishOnly",
-		"pretest": "npm run lint",
-		"test": "npm run tests-only",
-		"tests-only": "nyc tape 'test/**/*.js'",
-		"posttest": "npx npm@'>= 10.2' audit --production",
-		"prelint": "evalmd README.md && eclint check $(git ls-files | xargs find 2> /dev/null | grep -vE 'node_modules|\\.git' | grep -v dist/)",
-		"lint": "eslint --ext=js,mjs .",
-		"postlint": "tsc && attw -P",
-		"version": "auto-changelog && git add CHANGELOG.md",
-		"postversion": "auto-changelog && git add CHANGELOG.md && git commit --no-edit --amend && git tag -f \"v$(node -e \"console.log(require('./package.json').version)\")\""
-	},
-	"repository": {
-		"type": "git",
-		"url": "git+https://github.com/es-shims/math-intrinsics.git"
-	},
-	"author": "Jordan Harband <ljharb@gmail.com>",
-	"license": "MIT",
-	"bugs": {
-		"url": "https://github.com/es-shims/math-intrinsics/issues"
-	},
-	"homepage": "https://github.com/es-shims/math-intrinsics#readme",
-	"devDependencies": {
-		"@arethetypeswrong/cli": "^0.17.1",
-		"@ljharb/eslint-config": "^21.1.1",
-		"@ljharb/tsconfig": "^0.2.2",
-		"@types/for-each": "^0.3.3",
-		"@types/object-inspect": "^1.13.0",
-		"@types/tape": "^5.8.0",
-		"auto-changelog": "^2.5.0",
-		"eclint": "^2.8.1",
-		"es-value-fixtures": "^1.5.0",
-		"eslint": "^8.8.0",
-		"evalmd": "^0.0.19",
-		"for-each": "^0.3.3",
-		"in-publish": "^2.0.1",
-		"npmignore": "^0.3.1",
-		"nyc": "^10.3.2",
-		"object-inspect": "^1.13.3",
-		"safe-publish-latest": "^2.0.0",
-		"tape": "^5.9.0",
-		"typescript": "next"
-	},
-	"auto-changelog": {
-		"output": "CHANGELOG.md",
-		"template": "keepachangelog",
-		"unreleased": false,
-		"commitLimit": false,
-		"backfillLimit": false,
-		"hideCredit": true
-	},
-	"publishConfig": {
-		"ignore": [
-			".github/workflows"
-		]
-	},
-	"engines": {
-		"node": ">= 0.4"
-	}
-}
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/pow.d.ts b/src/Servers/ExpressServer/node_modules/math-intrinsics/pow.d.ts
deleted file mode 100644
index 5873c44..0000000
--- a/src/Servers/ExpressServer/node_modules/math-intrinsics/pow.d.ts
+++ /dev/null
@@ -1 +0,0 @@
-export = Math.pow;
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/pow.js b/src/Servers/ExpressServer/node_modules/math-intrinsics/pow.js
deleted file mode 100644
index c0a4103..0000000
--- a/src/Servers/ExpressServer/node_modules/math-intrinsics/pow.js
+++ /dev/null
@@ -1,4 +0,0 @@
-'use strict';
-
-/** @type {import('./pow')} */
-module.exports = Math.pow;
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/round.d.ts b/src/Servers/ExpressServer/node_modules/math-intrinsics/round.d.ts
deleted file mode 100644
index da1fde3..0000000
--- a/src/Servers/ExpressServer/node_modules/math-intrinsics/round.d.ts
+++ /dev/null
@@ -1 +0,0 @@
-export = Math.round;
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/round.js b/src/Servers/ExpressServer/node_modules/math-intrinsics/round.js
deleted file mode 100644
index b792156..0000000
--- a/src/Servers/ExpressServer/node_modules/math-intrinsics/round.js
+++ /dev/null
@@ -1,4 +0,0 @@
-'use strict';
-
-/** @type {import('./round')} */
-module.exports = Math.round;
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/sign.d.ts b/src/Servers/ExpressServer/node_modules/math-intrinsics/sign.d.ts
deleted file mode 100644
index c49ceca..0000000
--- a/src/Servers/ExpressServer/node_modules/math-intrinsics/sign.d.ts
+++ /dev/null
@@ -1,3 +0,0 @@
-declare function sign(x: number): number;
-
-export = sign;
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/sign.js b/src/Servers/ExpressServer/node_modules/math-intrinsics/sign.js
deleted file mode 100644
index 9e5173c..0000000
--- a/src/Servers/ExpressServer/node_modules/math-intrinsics/sign.js
+++ /dev/null
@@ -1,11 +0,0 @@
-'use strict';
-
-var $isNaN = require('./isNaN');
-
-/** @type {import('./sign')} */
-module.exports = function sign(number) {
-	if ($isNaN(number) || number === 0) {
-		return number;
-	}
-	return number < 0 ? -1 : +1;
-};
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/test/index.js b/src/Servers/ExpressServer/node_modules/math-intrinsics/test/index.js
deleted file mode 100644
index 0f90a5d..0000000
--- a/src/Servers/ExpressServer/node_modules/math-intrinsics/test/index.js
+++ /dev/null
@@ -1,192 +0,0 @@
-'use strict';
-
-var test = require('tape');
-var v = require('es-value-fixtures');
-var forEach = require('for-each');
-var inspect = require('object-inspect');
-
-var abs = require('../abs');
-var floor = require('../floor');
-var isFinite = require('../isFinite');
-var isInteger = require('../isInteger');
-var isNaN = require('../isNaN');
-var isNegativeZero = require('../isNegativeZero');
-var max = require('../max');
-var min = require('../min');
-var mod = require('../mod');
-var pow = require('../pow');
-var round = require('../round');
-var sign = require('../sign');
-
-var maxArrayLength = require('../constants/maxArrayLength');
-var maxSafeInteger = require('../constants/maxSafeInteger');
-var maxValue = require('../constants/maxValue');
-
-test('abs', function (t) {
-	t.equal(abs(-1), 1, 'abs(-1) === 1');
-	t.equal(abs(+1), 1, 'abs(+1) === 1');
-	t.equal(abs(+0), +0, 'abs(+0) === +0');
-	t.equal(abs(-0), +0, 'abs(-0) === +0');
-
-	t.end();
-});
-
-test('floor', function (t) {
-	t.equal(floor(-1.1), -2, 'floor(-1.1) === -2');
-	t.equal(floor(+1.1), 1, 'floor(+1.1) === 1');
-	t.equal(floor(+0), +0, 'floor(+0) === +0');
-	t.equal(floor(-0), -0, 'floor(-0) === -0');
-	t.equal(floor(-Infinity), -Infinity, 'floor(-Infinity) === -Infinity');
-	t.equal(floor(Number(Infinity)), Number(Infinity), 'floor(+Infinity) === +Infinity');
-	t.equal(floor(NaN), NaN, 'floor(NaN) === NaN');
-	t.equal(floor(0), +0, 'floor(0) === +0');
-	t.equal(floor(-0), -0, 'floor(-0) === -0');
-	t.equal(floor(1), 1, 'floor(1) === 1');
-	t.equal(floor(-1), -1, 'floor(-1) === -1');
-	t.equal(floor(1.1), 1, 'floor(1.1) === 1');
-	t.equal(floor(-1.1), -2, 'floor(-1.1) === -2');
-	t.equal(floor(maxValue), maxValue, 'floor(maxValue) === maxValue');
-	t.equal(floor(maxSafeInteger), maxSafeInteger, 'floor(maxSafeInteger) === maxSafeInteger');
-
-	t.end();
-});
-
-test('isFinite', function (t) {
-	t.equal(isFinite(0), true, 'isFinite(+0) === true');
-	t.equal(isFinite(-0), true, 'isFinite(-0) === true');
-	t.equal(isFinite(1), true, 'isFinite(1) === true');
-	t.equal(isFinite(Infinity), false, 'isFinite(Infinity) === false');
-	t.equal(isFinite(-Infinity), false, 'isFinite(-Infinity) === false');
-	t.equal(isFinite(NaN), false, 'isFinite(NaN) === false');
-
-	forEach(v.nonNumbers, function (nonNumber) {
-		t.equal(isFinite(nonNumber), false, 'isFinite(' + inspect(nonNumber) + ') === false');
-	});
-
-	t.end();
-});
-
-test('isInteger', function (t) {
-	forEach([].concat(
-		// @ts-expect-error TS sucks with concat
-		v.nonNumbers,
-		v.nonIntegerNumbers
-	), function (nonInteger) {
-		t.equal(isInteger(nonInteger), false, 'isInteger(' + inspect(nonInteger) + ') === false');
-	});
-
-	t.end();
-});
-
-test('isNaN', function (t) {
-	forEach([].concat(
-		// @ts-expect-error TS sucks with concat
-		v.nonNumbers,
-		v.infinities,
-		v.zeroes,
-		v.integerNumbers
-	), function (nonNaN) {
-		t.equal(isNaN(nonNaN), false, 'isNaN(' + inspect(nonNaN) + ') === false');
-	});
-
-	t.equal(isNaN(NaN), true, 'isNaN(NaN) === true');
-
-	t.end();
-});
-
-test('isNegativeZero', function (t) {
-	t.equal(isNegativeZero(-0), true, 'isNegativeZero(-0) === true');
-	t.equal(isNegativeZero(+0), false, 'isNegativeZero(+0) === false');
-	t.equal(isNegativeZero(1), false, 'isNegativeZero(1) === false');
-	t.equal(isNegativeZero(-1), false, 'isNegativeZero(-1) === false');
-	t.equal(isNegativeZero(NaN), false, 'isNegativeZero(NaN) === false');
-	t.equal(isNegativeZero(Infinity), false, 'isNegativeZero(Infinity) === false');
-	t.equal(isNegativeZero(-Infinity), false, 'isNegativeZero(-Infinity) === false');
-
-	forEach(v.nonNumbers, function (nonNumber) {
-		t.equal(isNegativeZero(nonNumber), false, 'isNegativeZero(' + inspect(nonNumber) + ') === false');
-	});
-
-	t.end();
-});
-
-test('max', function (t) {
-	t.equal(max(1, 2), 2, 'max(1, 2) === 2');
-	t.equal(max(1, 2, 3), 3, 'max(1, 2, 3) === 3');
-	t.equal(max(1, 2, 3, 4), 4, 'max(1, 2, 3, 4) === 4');
-	t.equal(max(1, 2, 3, 4, 5), 5, 'max(1, 2, 3, 4, 5) === 5');
-	t.equal(max(1, 2, 3, 4, 5, 6), 6, 'max(1, 2, 3, 4, 5, 6) === 6');
-	t.equal(max(1, 2, 3, 4, 5, 6, 7), 7, 'max(1, 2, 3, 4, 5, 6, 7) === 7');
-
-	t.end();
-});
-
-test('min', function (t) {
-	t.equal(min(1, 2), 1, 'min(1, 2) === 1');
-	t.equal(min(1, 2, 3), 1, 'min(1, 2, 3) === 1');
-	t.equal(min(1, 2, 3, 4), 1, 'min(1, 2, 3, 4) === 1');
-	t.equal(min(1, 2, 3, 4, 5), 1, 'min(1, 2, 3, 4, 5) === 1');
-	t.equal(min(1, 2, 3, 4, 5, 6), 1, 'min(1, 2, 3, 4, 5, 6) === 1');
-
-	t.end();
-});
-
-test('mod', function (t) {
-	t.equal(mod(1, 2), 1, 'mod(1, 2) === 1');
-	t.equal(mod(2, 2), 0, 'mod(2, 2) === 0');
-	t.equal(mod(3, 2), 1, 'mod(3, 2) === 1');
-	t.equal(mod(4, 2), 0, 'mod(4, 2) === 0');
-	t.equal(mod(5, 2), 1, 'mod(5, 2) === 1');
-	t.equal(mod(6, 2), 0, 'mod(6, 2) === 0');
-	t.equal(mod(7, 2), 1, 'mod(7, 2) === 1');
-	t.equal(mod(8, 2), 0, 'mod(8, 2) === 0');
-	t.equal(mod(9, 2), 1, 'mod(9, 2) === 1');
-	t.equal(mod(10, 2), 0, 'mod(10, 2) === 0');
-	t.equal(mod(11, 2), 1, 'mod(11, 2) === 1');
-
-	t.end();
-});
-
-test('pow', function (t) {
-	t.equal(pow(2, 2), 4, 'pow(2, 2) === 4');
-	t.equal(pow(2, 3), 8, 'pow(2, 3) === 8');
-	t.equal(pow(2, 4), 16, 'pow(2, 4) === 16');
-	t.equal(pow(2, 5), 32, 'pow(2, 5) === 32');
-	t.equal(pow(2, 6), 64, 'pow(2, 6) === 64');
-	t.equal(pow(2, 7), 128, 'pow(2, 7) === 128');
-	t.equal(pow(2, 8), 256, 'pow(2, 8) === 256');
-	t.equal(pow(2, 9), 512, 'pow(2, 9) === 512');
-	t.equal(pow(2, 10), 1024, 'pow(2, 10) === 1024');
-
-	t.end();
-});
-
-test('round', function (t) {
-	t.equal(round(1.1), 1, 'round(1.1) === 1');
-	t.equal(round(1.5), 2, 'round(1.5) === 2');
-	t.equal(round(1.9), 2, 'round(1.9) === 2');
-
-	t.end();
-});
-
-test('sign', function (t) {
-	t.equal(sign(-1), -1, 'sign(-1) === -1');
-	t.equal(sign(+1), +1, 'sign(+1) === +1');
-	t.equal(sign(+0), +0, 'sign(+0) === +0');
-	t.equal(sign(-0), -0, 'sign(-0) === -0');
-	t.equal(sign(NaN), NaN, 'sign(NaN) === NaN');
-	t.equal(sign(Infinity), +1, 'sign(Infinity) === +1');
-	t.equal(sign(-Infinity), -1, 'sign(-Infinity) === -1');
-	t.equal(sign(maxValue), +1, 'sign(maxValue) === +1');
-	t.equal(sign(maxSafeInteger), +1, 'sign(maxSafeInteger) === +1');
-
-	t.end();
-});
-
-test('constants', function (t) {
-	t.equal(typeof maxArrayLength, 'number', 'typeof maxArrayLength === "number"');
-	t.equal(typeof maxSafeInteger, 'number', 'typeof maxSafeInteger === "number"');
-	t.equal(typeof maxValue, 'number', 'typeof maxValue === "number"');
-
-	t.end();
-});
diff --git a/src/Servers/ExpressServer/node_modules/math-intrinsics/tsconfig.json b/src/Servers/ExpressServer/node_modules/math-intrinsics/tsconfig.json
deleted file mode 100644
index b131000..0000000
--- a/src/Servers/ExpressServer/node_modules/math-intrinsics/tsconfig.json
+++ /dev/null
@@ -1,3 +0,0 @@
-{
-	"extends": "@ljharb/tsconfig",
-}
diff --git a/src/Servers/ExpressServer/node_modules/media-typer/HISTORY.md b/src/Servers/ExpressServer/node_modules/media-typer/HISTORY.md
deleted file mode 100644
index 62c2003..0000000
--- a/src/Servers/ExpressServer/node_modules/media-typer/HISTORY.md
+++ /dev/null
@@ -1,22 +0,0 @@
-0.3.0 / 2014-09-07
-==================
-
-  * Support Node.js 0.6
-  * Throw error when parameter format invalid on parse
-
-0.2.0 / 2014-06-18
-==================
-
-  * Add `typer.format()` to format media types
-
-0.1.0 / 2014-06-17
-==================
-
-  * Accept `req` as argument to `parse`
-  * Accept `res` as argument to `parse`
-  * Parse media type with extra LWS between type and first parameter
-
-0.0.0 / 2014-06-13
-==================
-
-  * Initial implementation
diff --git a/src/Servers/ExpressServer/node_modules/media-typer/LICENSE b/src/Servers/ExpressServer/node_modules/media-typer/LICENSE
deleted file mode 100644
index b7dce6c..0000000
--- a/src/Servers/ExpressServer/node_modules/media-typer/LICENSE
+++ /dev/null
@@ -1,22 +0,0 @@
-(The MIT License)
-
-Copyright (c) 2014 Douglas Christopher Wilson
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-'Software'), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
-CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
-TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
-SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/media-typer/README.md b/src/Servers/ExpressServer/node_modules/media-typer/README.md
deleted file mode 100644
index d8df623..0000000
--- a/src/Servers/ExpressServer/node_modules/media-typer/README.md
+++ /dev/null
@@ -1,81 +0,0 @@
-# media-typer
-
-[![NPM Version][npm-image]][npm-url]
-[![NPM Downloads][downloads-image]][downloads-url]
-[![Node.js Version][node-version-image]][node-version-url]
-[![Build Status][travis-image]][travis-url]
-[![Test Coverage][coveralls-image]][coveralls-url]
-
-Simple RFC 6838 media type parser
-
-## Installation
-
-```sh
-$ npm install media-typer
-```
-
-## API
-
-```js
-var typer = require('media-typer')
-```
-
-### typer.parse(string)
-
-```js
-var obj = typer.parse('image/svg+xml; charset=utf-8')
-```
-
-Parse a media type string. This will return an object with the following
-properties (examples are shown for the string `'image/svg+xml; charset=utf-8'`):
-
- - `type`: The type of the media type (always lower case). Example: `'image'`
-
- - `subtype`: The subtype of the media type (always lower case). Example: `'svg'`
-
- - `suffix`: The suffix of the media type (always lower case). Example: `'xml'`
-
- - `parameters`: An object of the parameters in the media type (name of parameter always lower case). Example: `{charset: 'utf-8'}`
-
-### typer.parse(req)
-
-```js
-var obj = typer.parse(req)
-```
-
-Parse the `content-type` header from the given `req`. Short-cut for
-`typer.parse(req.headers['content-type'])`.
-
-### typer.parse(res)
-
-```js
-var obj = typer.parse(res)
-```
-
-Parse the `content-type` header set on the given `res`. Short-cut for
-`typer.parse(res.getHeader('content-type'))`.
-
-### typer.format(obj)
-
-```js
-var obj = typer.format({type: 'image', subtype: 'svg', suffix: 'xml'})
-```
-
-Format an object into a media type string. This will return a string of the
-mime type for the given object. For the properties of the object, see the
-documentation for `typer.parse(string)`.
-
-## License
-
-[MIT](LICENSE)
-
-[npm-image]: https://img.shields.io/npm/v/media-typer.svg?style=flat
-[npm-url]: https://npmjs.org/package/media-typer
-[node-version-image]: https://img.shields.io/badge/node.js-%3E%3D_0.6-brightgreen.svg?style=flat
-[node-version-url]: http://nodejs.org/download/
-[travis-image]: https://img.shields.io/travis/jshttp/media-typer.svg?style=flat
-[travis-url]: https://travis-ci.org/jshttp/media-typer
-[coveralls-image]: https://img.shields.io/coveralls/jshttp/media-typer.svg?style=flat
-[coveralls-url]: https://coveralls.io/r/jshttp/media-typer
-[downloads-image]: https://img.shields.io/npm/dm/media-typer.svg?style=flat
-[downloads-url]: https://npmjs.org/package/media-typer
diff --git a/src/Servers/ExpressServer/node_modules/media-typer/index.js b/src/Servers/ExpressServer/node_modules/media-typer/index.js
deleted file mode 100644
index 07f7295..0000000
--- a/src/Servers/ExpressServer/node_modules/media-typer/index.js
+++ /dev/null
@@ -1,270 +0,0 @@
-/*!
- * media-typer
- * Copyright(c) 2014 Douglas Christopher Wilson
- * MIT Licensed
- */
-
-/**
- * RegExp to match *( ";" parameter ) in RFC 2616 sec 3.7
- *
- * parameter     = token "=" ( token | quoted-string )
- * token         = 1*<any CHAR except CTLs or separators>
- * separators    = "(" | ")" | "<" | ">" | "@"
- *               | "," | ";" | ":" | "\" | <">
- *               | "/" | "[" | "]" | "?" | "="
- *               | "{" | "}" | SP | HT
- * quoted-string = ( <"> *(qdtext | quoted-pair ) <"> )
- * qdtext        = <any TEXT except <">>
- * quoted-pair   = "\" CHAR
- * CHAR          = <any US-ASCII character (octets 0 - 127)>
- * TEXT          = <any OCTET except CTLs, but including LWS>
- * LWS           = [CRLF] 1*( SP | HT )
- * CRLF          = CR LF
- * CR            = <US-ASCII CR, carriage return (13)>
- * LF            = <US-ASCII LF, linefeed (10)>
- * SP            = <US-ASCII SP, space (32)>
- * SHT           = <US-ASCII HT, horizontal-tab (9)>
- * CTL           = <any US-ASCII control character (octets 0 - 31) and DEL (127)>
- * OCTET         = <any 8-bit sequence of data>
- */
-var paramRegExp = /; *([!#$%&'\*\+\-\.0-9A-Z\^_`a-z\|~]+) *= *("(?:[ !\u0023-\u005b\u005d-\u007e\u0080-\u00ff]|\\[\u0020-\u007e])*"|[!#$%&'\*\+\-\.0-9A-Z\^_`a-z\|~]+) */g;
-var textRegExp = /^[\u0020-\u007e\u0080-\u00ff]+$/
-var tokenRegExp = /^[!#$%&'\*\+\-\.0-9A-Z\^_`a-z\|~]+$/
-
-/**
- * RegExp to match quoted-pair in RFC 2616
- *
- * quoted-pair = "\" CHAR
- * CHAR        = <any US-ASCII character (octets 0 - 127)>
- */
-var qescRegExp = /\\([\u0000-\u007f])/g;
-
-/**
- * RegExp to match chars that must be quoted-pair in RFC 2616
- */
-var quoteRegExp = /([\\"])/g;
-
-/**
- * RegExp to match type in RFC 6838
- *
- * type-name = restricted-name
- * subtype-name = restricted-name
- * restricted-name = restricted-name-first *126restricted-name-chars
- * restricted-name-first  = ALPHA / DIGIT
- * restricted-name-chars  = ALPHA / DIGIT / "!" / "#" /
- *                          "$" / "&" / "-" / "^" / "_"
- * restricted-name-chars =/ "." ; Characters before first dot always
- *                              ; specify a facet name
- * restricted-name-chars =/ "+" ; Characters after last plus always
- *                              ; specify a structured syntax suffix
- * ALPHA =  %x41-5A / %x61-7A   ; A-Z / a-z
- * DIGIT =  %x30-39             ; 0-9
- */
-var subtypeNameRegExp = /^[A-Za-z0-9][A-Za-z0-9!#$&^_.-]{0,126}$/
-var typeNameRegExp = /^[A-Za-z0-9][A-Za-z0-9!#$&^_-]{0,126}$/
-var typeRegExp = /^ *([A-Za-z0-9][A-Za-z0-9!#$&^_-]{0,126})\/([A-Za-z0-9][A-Za-z0-9!#$&^_.+-]{0,126}) *$/;
-
-/**
- * Module exports.
- */
-
-exports.format = format
-exports.parse = parse
-
-/**
- * Format object to media type.
- *
- * @param {object} obj
- * @return {string}
- * @api public
- */
-
-function format(obj) {
-  if (!obj || typeof obj !== 'object') {
-    throw new TypeError('argument obj is required')
-  }
-
-  var parameters = obj.parameters
-  var subtype = obj.subtype
-  var suffix = obj.suffix
-  var type = obj.type
-
-  if (!type || !typeNameRegExp.test(type)) {
-    throw new TypeError('invalid type')
-  }
-
-  if (!subtype || !subtypeNameRegExp.test(subtype)) {
-    throw new TypeError('invalid subtype')
-  }
-
-  // format as type/subtype
-  var string = type + '/' + subtype
-
-  // append +suffix
-  if (suffix) {
-    if (!typeNameRegExp.test(suffix)) {
-      throw new TypeError('invalid suffix')
-    }
-
-    string += '+' + suffix
-  }
-
-  // append parameters
-  if (parameters && typeof parameters === 'object') {
-    var param
-    var params = Object.keys(parameters).sort()
-
-    for (var i = 0; i < params.length; i++) {
-      param = params[i]
-
-      if (!tokenRegExp.test(param)) {
-        throw new TypeError('invalid parameter name')
-      }
-
-      string += '; ' + param + '=' + qstring(parameters[param])
-    }
-  }
-
-  return string
-}
-
-/**
- * Parse media type to object.
- *
- * @param {string|object} string
- * @return {Object}
- * @api public
- */
-
-function parse(string) {
-  if (!string) {
-    throw new TypeError('argument string is required')
-  }
-
-  // support req/res-like objects as argument
-  if (typeof string === 'object') {
-    string = getcontenttype(string)
-  }
-
-  if (typeof string !== 'string') {
-    throw new TypeError('argument string is required to be a string')
-  }
-
-  var index = string.indexOf(';')
-  var type = index !== -1
-    ? string.substr(0, index)
-    : string
-
-  var key
-  var match
-  var obj = splitType(type)
-  var params = {}
-  var value
-
-  paramRegExp.lastIndex = index
-
-  while (match = paramRegExp.exec(string)) {
-    if (match.index !== index) {
-      throw new TypeError('invalid parameter format')
-    }
-
-    index += match[0].length
-    key = match[1].toLowerCase()
-    value = match[2]
-
-    if (value[0] === '"') {
-      // remove quotes and escapes
-      value = value
-        .substr(1, value.length - 2)
-        .replace(qescRegExp, '$1')
-    }
-
-    params[key] = value
-  }
-
-  if (index !== -1 && index !== string.length) {
-    throw new TypeError('invalid parameter format')
-  }
-
-  obj.parameters = params
-
-  return obj
-}
-
-/**
- * Get content-type from req/res objects.
- *
- * @param {object}
- * @return {Object}
- * @api private
- */
-
-function getcontenttype(obj) {
-  if (typeof obj.getHeader === 'function') {
-    // res-like
-    return obj.getHeader('content-type')
-  }
-
-  if (typeof obj.headers === 'object') {
-    // req-like
-    return obj.headers && obj.headers['content-type']
-  }
-}
-
-/**
- * Quote a string if necessary.
- *
- * @param {string} val
- * @return {string}
- * @api private
- */
-
-function qstring(val) {
-  var str = String(val)
-
-  // no need to quote tokens
-  if (tokenRegExp.test(str)) {
-    return str
-  }
-
-  if (str.length > 0 && !textRegExp.test(str)) {
-    throw new TypeError('invalid parameter value')
-  }
-
-  return '"' + str.replace(quoteRegExp, '\\$1') + '"'
-}
-
-/**
- * Simply "type/subtype+siffx" into parts.
- *
- * @param {string} string
- * @return {Object}
- * @api private
- */
-
-function splitType(string) {
-  var match = typeRegExp.exec(string.toLowerCase())
-
-  if (!match) {
-    throw new TypeError('invalid media type')
-  }
-
-  var type = match[1]
-  var subtype = match[2]
-  var suffix
-
-  // suffix after last +
-  var index = subtype.lastIndexOf('+')
-  if (index !== -1) {
-    suffix = subtype.substr(index + 1)
-    subtype = subtype.substr(0, index)
-  }
-
-  var obj = {
-    type: type,
-    subtype: subtype,
-    suffix: suffix
-  }
-
-  return obj
-}
diff --git a/src/Servers/ExpressServer/node_modules/media-typer/package.json b/src/Servers/ExpressServer/node_modules/media-typer/package.json
deleted file mode 100644
index 8cf3ebc..0000000
--- a/src/Servers/ExpressServer/node_modules/media-typer/package.json
+++ /dev/null
@@ -1,26 +0,0 @@
-{
-  "name": "media-typer",
-  "description": "Simple RFC 6838 media type parser and formatter",
-  "version": "0.3.0",
-  "author": "Douglas Christopher Wilson <doug@somethingdoug.com>",
-  "license": "MIT",
-  "repository": "jshttp/media-typer",
-  "devDependencies": {
-    "istanbul": "0.3.2",
-    "mocha": "~1.21.4",
-    "should": "~4.0.4"
-  },
-  "files": [
-    "LICENSE",
-    "HISTORY.md",
-    "index.js"
-  ],
-  "engines": {
-    "node": ">= 0.6"
-  },
-  "scripts": {
-    "test": "mocha --reporter spec --check-leaks --bail test/",
-    "test-cov": "istanbul cover node_modules/mocha/bin/_mocha -- --reporter dot --check-leaks test/",
-    "test-travis": "istanbul cover node_modules/mocha/bin/_mocha --report lcovonly -- --reporter spec --check-leaks test/"
-  }
-}
diff --git a/src/Servers/ExpressServer/node_modules/merge-descriptors/HISTORY.md b/src/Servers/ExpressServer/node_modules/merge-descriptors/HISTORY.md
deleted file mode 100644
index 486771f..0000000
--- a/src/Servers/ExpressServer/node_modules/merge-descriptors/HISTORY.md
+++ /dev/null
@@ -1,21 +0,0 @@
-1.0.1 / 2016-01-17
-==================
-
-  * perf: enable strict mode
-
-1.0.0 / 2015-03-01
-==================
-
-  * Add option to only add new descriptors
-  * Add simple argument validation
-  * Add jsdoc to source file
-
-0.0.2 / 2013-12-14
-==================
-
-  * Move repository to `component` organization
-
-0.0.1 / 2013-10-29
-==================
-
-  * Initial release
diff --git a/src/Servers/ExpressServer/node_modules/merge-descriptors/LICENSE b/src/Servers/ExpressServer/node_modules/merge-descriptors/LICENSE
deleted file mode 100644
index 274bfd8..0000000
--- a/src/Servers/ExpressServer/node_modules/merge-descriptors/LICENSE
+++ /dev/null
@@ -1,23 +0,0 @@
-(The MIT License)
-
-Copyright (c) 2013 Jonathan Ong <me@jongleberry.com>
-Copyright (c) 2015 Douglas Christopher Wilson <doug@somethingdoug.com>
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-'Software'), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
-CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
-TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
-SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/merge-descriptors/README.md b/src/Servers/ExpressServer/node_modules/merge-descriptors/README.md
deleted file mode 100644
index 3403f4a..0000000
--- a/src/Servers/ExpressServer/node_modules/merge-descriptors/README.md
+++ /dev/null
@@ -1,49 +0,0 @@
-# merge-descriptors
-
-[![NPM Version][npm-image]][npm-url]
-[![NPM Downloads][downloads-image]][downloads-url]
-[![Build Status][travis-image]][travis-url]
-[![Test Coverage][coveralls-image]][coveralls-url]
-
-Merge objects using descriptors.
-
-```js
-var thing = {
-  get name() {
-    return 'jon'
-  }
-}
-
-var animal = {
-
-}
-
-merge(animal, thing)
-
-animal.name === 'jon'
-```
-
-## API
-
-### merge(destination, source)
-
-Redefines `destination`'s descriptors with `source`'s. The return value is the
-`destination` object.
-
-### merge(destination, source, false)
-
-Defines `source`'s descriptors on `destination` if `destination` does not have
-a descriptor by the same name. The return value is the `destination` object.
-
-## License
-
-[MIT](LICENSE)
-
-[npm-image]: https://img.shields.io/npm/v/merge-descriptors.svg
-[npm-url]: https://npmjs.org/package/merge-descriptors
-[travis-image]: https://img.shields.io/travis/component/merge-descriptors/master.svg
-[travis-url]: https://travis-ci.org/component/merge-descriptors
-[coveralls-image]: https://img.shields.io/coveralls/component/merge-descriptors/master.svg
-[coveralls-url]: https://coveralls.io/r/component/merge-descriptors?branch=master
-[downloads-image]: https://img.shields.io/npm/dm/merge-descriptors.svg
-[downloads-url]: https://npmjs.org/package/merge-descriptors
diff --git a/src/Servers/ExpressServer/node_modules/merge-descriptors/index.js b/src/Servers/ExpressServer/node_modules/merge-descriptors/index.js
deleted file mode 100644
index f22ebab..0000000
--- a/src/Servers/ExpressServer/node_modules/merge-descriptors/index.js
+++ /dev/null
@@ -1,60 +0,0 @@
-/*!
- * merge-descriptors
- * Copyright(c) 2014 Jonathan Ong
- * Copyright(c) 2015 Douglas Christopher Wilson
- * MIT Licensed
- */
-
-'use strict'
-
-/**
- * Module exports.
- * @public
- */
-
-module.exports = merge
-
-/**
- * Module variables.
- * @private
- */
-
-var hasOwnProperty = Object.prototype.hasOwnProperty
-
-/**
- * Merge the property descriptors of `src` into `dest`
- *
- * @param {object} dest Object to add descriptors to
- * @param {object} src Object to clone descriptors from
- * @param {boolean} [redefine=true] Redefine `dest` properties with `src` properties
- * @returns {object} Reference to dest
- * @public
- */
-
-function merge (dest, src, redefine) {
-  if (!dest) {
-    throw new TypeError('argument dest is required')
-  }
-
-  if (!src) {
-    throw new TypeError('argument src is required')
-  }
-
-  if (redefine === undefined) {
-    // Default to true
-    redefine = true
-  }
-
-  Object.getOwnPropertyNames(src).forEach(function forEachOwnPropertyName (name) {
-    if (!redefine && hasOwnProperty.call(dest, name)) {
-      // Skip descriptor
-      return
-    }
-
-    // Copy descriptor
-    var descriptor = Object.getOwnPropertyDescriptor(src, name)
-    Object.defineProperty(dest, name, descriptor)
-  })
-
-  return dest
-}
diff --git a/src/Servers/ExpressServer/node_modules/merge-descriptors/package.json b/src/Servers/ExpressServer/node_modules/merge-descriptors/package.json
deleted file mode 100644
index aa9af0a..0000000
--- a/src/Servers/ExpressServer/node_modules/merge-descriptors/package.json
+++ /dev/null
@@ -1,39 +0,0 @@
-{
-  "name": "merge-descriptors",
-  "description": "Merge objects using descriptors",
-  "version": "1.0.3",
-  "author": {
-    "name": "Jonathan Ong",
-    "email": "me@jongleberry.com",
-    "url": "http://jongleberry.com",
-    "twitter": "https://twitter.com/jongleberry"
-  },
-  "contributors": [
-    "Douglas Christopher Wilson <doug@somethingdoug.com>",
-    "Mike Grabowski <grabbou@gmail.com>"
-  ],
-  "license": "MIT",
-  "repository": "sindresorhus/merge-descriptors",
-  "funding": "https://github.com/sponsors/sindresorhus",
-  "devDependencies": {
-    "eslint": "5.9.0",
-    "eslint-config-standard": "12.0.0",
-    "eslint-plugin-import": "2.14.0",
-    "eslint-plugin-node": "7.0.1",
-    "eslint-plugin-promise": "4.0.1",
-    "eslint-plugin-standard": "4.0.0",
-    "mocha": "5.2.0",
-    "nyc": "13.1.0"
-  },
-  "files": [
-    "HISTORY.md",
-    "LICENSE",
-    "README.md",
-    "index.js"
-  ],
-  "scripts": {
-    "lint": "eslint .",
-    "test": "mocha test/",
-    "test-cov": "nyc --reporter=html --reporter=text npm test"
-  }
-}
diff --git a/src/Servers/ExpressServer/node_modules/methods/HISTORY.md b/src/Servers/ExpressServer/node_modules/methods/HISTORY.md
deleted file mode 100644
index c0ecf07..0000000
--- a/src/Servers/ExpressServer/node_modules/methods/HISTORY.md
+++ /dev/null
@@ -1,29 +0,0 @@
-1.1.2 / 2016-01-17
-==================
-
-  * perf: enable strict mode
-
-1.1.1 / 2014-12-30
-==================
-
-  * Improve `browserify` support
-
-1.1.0 / 2014-07-05
-==================
-
-  * Add `CONNECT` method
- 
-1.0.1 / 2014-06-02
-==================
-
-  * Fix module to work with harmony transform
-
-1.0.0 / 2014-05-08
-==================
-
-  * Add `PURGE` method
-
-0.1.0 / 2013-10-28
-==================
-
-  * Add `http.METHODS` support
diff --git a/src/Servers/ExpressServer/node_modules/methods/LICENSE b/src/Servers/ExpressServer/node_modules/methods/LICENSE
deleted file mode 100644
index 220dc1a..0000000
--- a/src/Servers/ExpressServer/node_modules/methods/LICENSE
+++ /dev/null
@@ -1,24 +0,0 @@
-(The MIT License)
-
-Copyright (c) 2013-2014 TJ Holowaychuk <tj@vision-media.ca>
-Copyright (c) 2015-2016 Douglas Christopher Wilson <doug@somethingdoug.com>
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-'Software'), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
-CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
-TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
-SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
diff --git a/src/Servers/ExpressServer/node_modules/methods/README.md b/src/Servers/ExpressServer/node_modules/methods/README.md
deleted file mode 100644
index 672a32b..0000000
--- a/src/Servers/ExpressServer/node_modules/methods/README.md
+++ /dev/null
@@ -1,51 +0,0 @@
-# Methods
-
-[![NPM Version][npm-image]][npm-url]
-[![NPM Downloads][downloads-image]][downloads-url]
-[![Node.js Version][node-version-image]][node-version-url]
-[![Build Status][travis-image]][travis-url]
-[![Test Coverage][coveralls-image]][coveralls-url]
-
-HTTP verbs that Node.js core's HTTP parser supports.
-
-This module provides an export that is just like `http.METHODS` from Node.js core,
-with the following differences:
-
-  * All method names are lower-cased.
-  * Contains a fallback list of methods for Node.js versions that do not have a
-    `http.METHODS` export (0.10 and lower).
-  * Provides the fallback list when using tools like `browserify` without pulling
-    in the `http` shim module.
-
-## Install
-
-```bash
-$ npm install methods
-```
-
-## API
-
-```js
-var methods = require('methods')
-```
-
-### methods
-
-This is an array of lower-cased method names that Node.js supports. If Node.js
-provides the `http.METHODS` export, then this is the same array lower-cased,
-otherwise it is a snapshot of the verbs from Node.js 0.10.
-
-## License
-
-[MIT](LICENSE)
-
-[npm-image]: https://img.shields.io/npm/v/methods.svg?style=flat
-[npm-url]: https://npmjs.org/package/methods
-[node-version-image]: https://img.shields.io/node/v/methods.svg?style=flat
-[node-version-url]: https://nodejs.org/en/download/
-[travis-image]: https://img.shields.io/travis/jshttp/methods.svg?style=flat
-[travis-url]: https://travis-ci.org/jshttp/methods
-[coveralls-image]: https://img.shields.io/coveralls/jshttp/methods.svg?style=flat
-[coveralls-url]: https://coveralls.io/r/jshttp/methods?branch=master
-[downloads-image]: https://img.shields.io/npm/dm/methods.svg?style=flat
-[downloads-url]: https://npmjs.org/package/methods
diff --git a/src/Servers/ExpressServer/node_modules/methods/index.js b/src/Servers/ExpressServer/node_modules/methods/index.js
deleted file mode 100644
index 667a50b..0000000
--- a/src/Servers/ExpressServer/node_modules/methods/index.js
+++ /dev/null
@@ -1,69 +0,0 @@
-/*!
- * methods
- * Copyright(c) 2013-2014 TJ Holowaychuk
- * Copyright(c) 2015-2016 Douglas Christopher Wilson
- * MIT Licensed
- */
-
-'use strict';
-
-/**
- * Module dependencies.
- * @private
- */
-
-var http = require('http');
-
-/**
- * Module exports.
- * @public
- */
-
-module.exports = getCurrentNodeMethods() || getBasicNodeMethods();
-
-/**
- * Get the current Node.js methods.
- * @private
- */
-
-function getCurrentNodeMethods() {
-  return http.METHODS && http.METHODS.map(function lowerCaseMethod(method) {
-    return method.toLowerCase();
-  });
-}
-
-/**
- * Get the "basic" Node.js methods, a snapshot from Node.js 0.10.
- * @private
- */
-
-function getBasicNodeMethods() {
-  return [
-    'get',
-    'post',
-    'put',
-    'head',
-    'delete',
-    'options',
-    'trace',
-    'copy',
-    'lock',
-    'mkcol',
-    'move',
-    'purge',
-    'propfind',
-    'proppatch',
-    'unlock',
-    'report',
-    'mkactivity',
-    'checkout',
-    'merge',
-    'm-search',
-    'notify',
-    'subscribe',
-    'unsubscribe',
-    'patch',
-    'search',
-    'connect'
-  ];
-}
diff --git a/src/Servers/ExpressServer/node_modules/methods/package.json b/src/Servers/ExpressServer/node_modules/methods/package.json
deleted file mode 100644
index c4ce6f0..0000000
--- a/src/Servers/ExpressServer/node_modules/methods/package.json
+++ /dev/null
@@ -1,36 +0,0 @@
-{
-  "name": "methods",
-  "description": "HTTP methods that node supports",
-  "version": "1.1.2",
-  "contributors": [
-    "Douglas Christopher Wilson <doug@somethingdoug.com>",
-    "Jonathan Ong <me@jongleberry.com> (http://jongleberry.com)",
-    "TJ Holowaychuk <tj@vision-media.ca> (http://tjholowaychuk.com)"
-  ],
-  "license": "MIT",
-  "repository": "jshttp/methods",
-  "devDependencies": {
-    "istanbul": "0.4.1",
-    "mocha": "1.21.5"
-  },
-  "files": [
-    "index.js",
-    "HISTORY.md",
-    "LICENSE"
-  ],
-  "engines": {
-    "node": ">= 0.6"
-  },
-  "scripts": {
-    "test": "mocha --reporter spec --bail --check-leaks test/",
-    "test-cov": "istanbul cover node_modules/mocha/bin/_mocha -- --reporter dot --check-leaks test/",
-    "test-travis": "istanbul cover node_modules/mocha/bin/_mocha --report lcovonly -- --reporter spec --check-leaks test/"
-  },
-  "browser": {
-    "http": false
-  },
-  "keywords": [
-    "http",
-    "methods"
-  ]
-}
diff --git a/src/Servers/ExpressServer/node_modules/mime-db/HISTORY.md b/src/Servers/ExpressServer/node_modules/mime-db/HISTORY.md
deleted file mode 100644
index 7436f64..0000000
--- a/src/Servers/ExpressServer/node_modules/mime-db/HISTORY.md
+++ /dev/null
@@ -1,507 +0,0 @@
-1.52.0 / 2022-02-21
-===================
-
-  * Add extensions from IANA for more `image/*` types
-  * Add extension `.asc` to `application/pgp-keys`
-  * Add extensions to various XML types
-  * Add new upstream MIME types
-
-1.51.0 / 2021-11-08
-===================
-
-  * Add new upstream MIME types
-  * Mark `image/vnd.microsoft.icon` as compressible
-  * Mark `image/vnd.ms-dds` as compressible
-
-1.50.0 / 2021-09-15
-===================
-
-  * Add deprecated iWorks mime types and extensions
-  * Add new upstream MIME types
-
-1.49.0 / 2021-07-26
-===================
-
-  * Add extension `.trig` to `application/trig`
-  * Add new upstream MIME types
-
-1.48.0 / 2021-05-30
-===================
-
-  * Add extension `.mvt` to `application/vnd.mapbox-vector-tile`
-  * Add new upstream MIME types
-  * Mark `text/yaml` as compressible
-
-1.47.0 / 2021-04-01
-===================
-
-  * Add new upstream MIME types
-  * Remove ambigious extensions from IANA for `application/*+xml` types
-  * Update primary extension to `.es` for `application/ecmascript`
-
-1.46.0 / 2021-02-13
-===================
-
-  * Add extension `.amr` to `audio/amr`
-  * Add extension `.m4s` to `video/iso.segment`
-  * Add extension `.opus` to `audio/ogg`
-  * Add new upstream MIME types
-
-1.45.0 / 2020-09-22
-===================
-
-  * Add `application/ubjson` with extension `.ubj`
-  * Add `image/avif` with extension `.avif`
-  * Add `image/ktx2` with extension `.ktx2`
-  * Add extension `.dbf` to `application/vnd.dbf`
-  * Add extension `.rar` to `application/vnd.rar`
-  * Add extension `.td` to `application/urc-targetdesc+xml`
-  * Add new upstream MIME types
-  * Fix extension of `application/vnd.apple.keynote` to be `.key`
-
-1.44.0 / 2020-04-22
-===================
-
-  * Add charsets from IANA
-  * Add extension `.cjs` to `application/node`
-  * Add new upstream MIME types
-
-1.43.0 / 2020-01-05
-===================
-
-  * Add `application/x-keepass2` with extension `.kdbx`
-  * Add extension `.mxmf` to `audio/mobile-xmf`
-  * Add extensions from IANA for `application/*+xml` types
-  * Add new upstream MIME types
-
-1.42.0 / 2019-09-25
-===================
-
-  * Add `image/vnd.ms-dds` with extension `.dds`
-  * Add new upstream MIME types
-  * Remove compressible from `multipart/mixed`
-
-1.41.0 / 2019-08-30
-===================
-
-  * Add new upstream MIME types
-  * Add `application/toml` with extension `.toml`
-  * Mark `font/ttf` as compressible
-
-1.40.0 / 2019-04-20
-===================
-
-  * Add extensions from IANA for `model/*` types
-  * Add `text/mdx` with extension `.mdx`
-
-1.39.0 / 2019-04-04
-===================
-
-  * Add extensions `.siv` and `.sieve` to `application/sieve`
-  * Add new upstream MIME types
-
-1.38.0 / 2019-02-04
-===================
-
-  * Add extension `.nq` to `application/n-quads`
-  * Add extension `.nt` to `application/n-triples`
-  * Add new upstream MIME types
-  * Mark `text/less` as compressible
-
-1.37.0 / 2018-10-19
-===================
-
-  * Add extensions to HEIC image types
-  * Add new upstream MIME types
-
-1.36.0 / 2018-08-20
-===================
-
-  * Add Apple file extensions from IANA
-  * Add extensions from IANA for `image/*` types
-  * Add new upstream MIME types
-
-1.35.0 / 2018-07-15
-===================
-
-  * Add extension `.owl` to `application/rdf+xml`
-  * Add new upstream MIME types
-    - Removes extension `.woff` from `application/font-woff`
-
-1.34.0 / 2018-06-03
-===================
-
-  * Add extension `.csl` to `application/vnd.citationstyles.style+xml`
-  * Add extension `.es` to `application/ecmascript`
-  * Add new upstream MIME types
-  * Add `UTF-8` as default charset for `text/turtle`
-  * Mark all XML-derived types as compressible
-
-1.33.0 / 2018-02-15
-===================
-
-  * Add extensions from IANA for `message/*` types
-  * Add new upstream MIME types
-  * Fix some incorrect OOXML types
-  * Remove `application/font-woff2`
-
-1.32.0 / 2017-11-29
-===================
-
-  * Add new upstream MIME types
-  * Update `text/hjson` to registered `application/hjson`
-  * Add `text/shex` with extension `.shex`
-
-1.31.0 / 2017-10-25
-===================
-
-  * Add `application/raml+yaml` with extension `.raml`
-  * Add `application/wasm` with extension `.wasm`
-  * Add new `font` type from IANA
-  * Add new upstream font extensions
-  * Add new upstream MIME types
-  * Add extensions for JPEG-2000 images
-
-1.30.0 / 2017-08-27
-===================
-
-  * Add `application/vnd.ms-outlook`
-  * Add `application/x-arj`
-  * Add extension `.mjs` to `application/javascript`
-  * Add glTF types and extensions
-  * Add new upstream MIME types
-  * Add `text/x-org`
-  * Add VirtualBox MIME types
-  * Fix `source` records for `video/*` types that are IANA
-  * Update `font/opentype` to registered `font/otf`
-
-1.29.0 / 2017-07-10
-===================
-
-  * Add `application/fido.trusted-apps+json`
-  * Add extension `.wadl` to `application/vnd.sun.wadl+xml`
-  * Add new upstream MIME types
-  * Add `UTF-8` as default charset for `text/css`
-
-1.28.0 / 2017-05-14
-===================
-
-  * Add new upstream MIME types
-  * Add extension `.gz` to `application/gzip`
-  * Update extensions `.md` and `.markdown` to be `text/markdown`
-
-1.27.0 / 2017-03-16
-===================
-
-  * Add new upstream MIME types
-  * Add `image/apng` with extension `.apng`
-
-1.26.0 / 2017-01-14
-===================
-
-  * Add new upstream MIME types
-  * Add extension `.geojson` to `application/geo+json`
-
-1.25.0 / 2016-11-11
-===================
-
-  * Add new upstream MIME types
-
-1.24.0 / 2016-09-18
-===================
-
-  * Add `audio/mp3`
-  * Add new upstream MIME types
-
-1.23.0 / 2016-05-01
-===================
-
-  * Add new upstream MIME types
-  * Add extension `.3gpp` to `audio/3gpp`
-
-1.22.0 / 2016-02-15
-===================
-
-  * Add `text/slim`
-  * Add extension `.rng` to `application/xml`
-  * Add new upstream MIME types
-  * Fix extension of `application/dash+xml` to be `.mpd`
-  * Update primary extension to `.m4a` for `audio/mp4`
-
-1.21.0 / 2016-01-06
-===================
-
-  * Add Google document types
-  * Add new upstream MIME types
-
-1.20.0 / 2015-11-10
-===================
-
-  * Add `text/x-suse-ymp`
-  * Add new upstream MIME types
-
-1.19.0 / 2015-09-17
-===================
-
-  * Add `application/vnd.apple.pkpass`
-  * Add new upstream MIME types
-
-1.18.0 / 2015-09-03
-===================
-
-  * Add new upstream MIME types
-
-1.17.0 / 2015-08-13
-===================
-
-  * Add `application/x-msdos-program`
-  * Add `audio/g711-0`
-  * Add `image/vnd.mozilla.apng`
-  * Add extension `.exe` to `application/x-msdos-program`
-
-1.16.0 / 2015-07-29
-===================
-
-  * Add `application/vnd.uri-map`
-
-1.15.0 / 2015-07-13
-===================
-
-  * Add `application/x-httpd-php`
-
-1.14.0 / 2015-06-25
-===================
-
-  * Add `application/scim+json`
-  * Add `application/vnd.3gpp.ussd+xml`
-  * Add `application/vnd.biopax.rdf+xml`
-  * Add `text/x-processing`
-
-1.13.0 / 2015-06-07
-===================
-
-  * Add nginx as a source
-  * Add `application/x-cocoa`
-  * Add `application/x-java-archive-diff`
-  * Add `application/x-makeself`
-  * Add `application/x-perl`
-  * Add `application/x-pilot`
-  * Add `application/x-redhat-package-manager`
-  * Add `application/x-sea`
-  * Add `audio/x-m4a`
-  * Add `audio/x-realaudio`
-  * Add `image/x-jng`
-  * Add `text/mathml`
-
-1.12.0 / 2015-06-05
-===================
-
-  * Add `application/bdoc`
-  * Add `application/vnd.hyperdrive+json`
-  * Add `application/x-bdoc`
-  * Add extension `.rtf` to `text/rtf`
-
-1.11.0 / 2015-05-31
-===================
-
-  * Add `audio/wav`
-  * Add `audio/wave`
-  * Add extension `.litcoffee` to `text/coffeescript`
-  * Add extension `.sfd-hdstx` to `application/vnd.hydrostatix.sof-data`
-  * Add extension `.n-gage` to `application/vnd.nokia.n-gage.symbian.install`
-
-1.10.0 / 2015-05-19
-===================
-
-  * Add `application/vnd.balsamiq.bmpr`
-  * Add `application/vnd.microsoft.portable-executable`
-  * Add `application/x-ns-proxy-autoconfig`
-
-1.9.1 / 2015-04-19
-==================
-
-  * Remove `.json` extension from `application/manifest+json`
-    - This is causing bugs downstream
-
-1.9.0 / 2015-04-19
-==================
-
-  * Add `application/manifest+json`
-  * Add `application/vnd.micro+json`
-  * Add `image/vnd.zbrush.pcx`
-  * Add `image/x-ms-bmp`
-
-1.8.0 / 2015-03-13
-==================
-
-  * Add `application/vnd.citationstyles.style+xml`
-  * Add `application/vnd.fastcopy-disk-image`
-  * Add `application/vnd.gov.sk.xmldatacontainer+xml`
-  * Add extension `.jsonld` to `application/ld+json`
-
-1.7.0 / 2015-02-08
-==================
-
-  * Add `application/vnd.gerber`
-  * Add `application/vnd.msa-disk-image`
-
-1.6.1 / 2015-02-05
-==================
-
-  * Community extensions ownership transferred from `node-mime`
-
-1.6.0 / 2015-01-29
-==================
-
-  * Add `application/jose`
-  * Add `application/jose+json`
-  * Add `application/json-seq`
-  * Add `application/jwk+json`
-  * Add `application/jwk-set+json`
-  * Add `application/jwt`
-  * Add `application/rdap+json`
-  * Add `application/vnd.gov.sk.e-form+xml`
-  * Add `application/vnd.ims.imsccv1p3`
-
-1.5.0 / 2014-12-30
-==================
-
-  * Add `application/vnd.oracle.resource+json`
-  * Fix various invalid MIME type entries
-    - `application/mbox+xml`
-    - `application/oscp-response`
-    - `application/vwg-multiplexed`
-    - `audio/g721`
-
-1.4.0 / 2014-12-21
-==================
-
-  * Add `application/vnd.ims.imsccv1p2`
-  * Fix various invalid MIME type entries
-    - `application/vnd-acucobol`
-    - `application/vnd-curl`
-    - `application/vnd-dart`
-    - `application/vnd-dxr`
-    - `application/vnd-fdf`
-    - `application/vnd-mif`
-    - `application/vnd-sema`
-    - `application/vnd-wap-wmlc`
-    - `application/vnd.adobe.flash-movie`
-    - `application/vnd.dece-zip`
-    - `application/vnd.dvb_service`
-    - `application/vnd.micrografx-igx`
-    - `application/vnd.sealed-doc`
-    - `application/vnd.sealed-eml`
-    - `application/vnd.sealed-mht`
-    - `application/vnd.sealed-ppt`
-    - `application/vnd.sealed-tiff`
-    - `application/vnd.sealed-xls`
-    - `application/vnd.sealedmedia.softseal-html`
-    - `application/vnd.sealedmedia.softseal-pdf`
-    - `application/vnd.wap-slc`
-    - `application/vnd.wap-wbxml`
-    - `audio/vnd.sealedmedia.softseal-mpeg`
-    - `image/vnd-djvu`
-    - `image/vnd-svf`
-    - `image/vnd-wap-wbmp`
-    - `image/vnd.sealed-png`
-    - `image/vnd.sealedmedia.softseal-gif`
-    - `image/vnd.sealedmedia.softseal-jpg`
-    - `model/vnd-dwf`
-    - `model/vnd.parasolid.transmit-binary`
-    - `model/vnd.parasolid.transmit-text`
-    - `text/vnd-a`
-    - `text/vnd-curl`
-    - `text/vnd.wap-wml`
-  * Remove example template MIME types
-    - `application/example`
-    - `audio/example`
-    - `image/example`
-    - `message/example`
-    - `model/example`
-    - `multipart/example`
-    - `text/example`
-    - `video/example`
-
-1.3.1 / 2014-12-16
-==================
-
-  * Fix missing extensions
-    - `application/json5`
-    - `text/hjson`
-
-1.3.0 / 2014-12-07
-==================
-
-  * Add `application/a2l`
-  * Add `application/aml`
-  * Add `application/atfx`
-  * Add `application/atxml`
-  * Add `application/cdfx+xml`
-  * Add `application/dii`
-  * Add `application/json5`
-  * Add `application/lxf`
-  * Add `application/mf4`
-  * Add `application/vnd.apache.thrift.compact`
-  * Add `application/vnd.apache.thrift.json`
-  * Add `application/vnd.coffeescript`
-  * Add `application/vnd.enphase.envoy`
-  * Add `application/vnd.ims.imsccv1p1`
-  * Add `text/csv-schema`
-  * Add `text/hjson`
-  * Add `text/markdown`
-  * Add `text/yaml`
-
-1.2.0 / 2014-11-09
-==================
-
-  * Add `application/cea`
-  * Add `application/dit`
-  * Add `application/vnd.gov.sk.e-form+zip`
-  * Add `application/vnd.tmd.mediaflex.api+xml`
-  * Type `application/epub+zip` is now IANA-registered
-
-1.1.2 / 2014-10-23
-==================
-
-  * Rebuild database for `application/x-www-form-urlencoded` change
-
-1.1.1 / 2014-10-20
-==================
-
-  * Mark `application/x-www-form-urlencoded` as compressible.
-
-1.1.0 / 2014-09-28
-==================
-
-  * Add `application/font-woff2`
-
-1.0.3 / 2014-09-25
-==================
-
-  * Fix engine requirement in package
-
-1.0.2 / 2014-09-25
-==================
-
-  * Add `application/coap-group+json`
-  * Add `application/dcd`
-  * Add `application/vnd.apache.thrift.binary`
-  * Add `image/vnd.tencent.tap`
-  * Mark all JSON-derived types as compressible
-  * Update `text/vtt` data
-
-1.0.1 / 2014-08-30
-==================
-
-  * Fix extension ordering
-
-1.0.0 / 2014-08-30
-==================
-
-  * Add `application/atf`
-  * Add `application/merge-patch+json`
-  * Add `multipart/x-mixed-replace`
-  * Add `source: 'apache'` metadata
-  * Add `source: 'iana'` metadata
-  * Remove badly-assumed charset data
diff --git a/src/Servers/ExpressServer/node_modules/mime-db/LICENSE b/src/Servers/ExpressServer/node_modules/mime-db/LICENSE
deleted file mode 100644
index 0751cb1..0000000
--- a/src/Servers/ExpressServer/node_modules/mime-db/LICENSE
+++ /dev/null
@@ -1,23 +0,0 @@
-(The MIT License)
-
-Copyright (c) 2014 Jonathan Ong <me@jongleberry.com>
-Copyright (c) 2015-2022 Douglas Christopher Wilson <doug@somethingdoug.com>
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-'Software'), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
-CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
-TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
-SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/mime-db/README.md b/src/Servers/ExpressServer/node_modules/mime-db/README.md
deleted file mode 100644
index 5a8fcfe..0000000
--- a/src/Servers/ExpressServer/node_modules/mime-db/README.md
+++ /dev/null
@@ -1,100 +0,0 @@
-# mime-db
-
-[![NPM Version][npm-version-image]][npm-url]
-[![NPM Downloads][npm-downloads-image]][npm-url]
-[![Node.js Version][node-image]][node-url]
-[![Build Status][ci-image]][ci-url]
-[![Coverage Status][coveralls-image]][coveralls-url]
-
-This is a large database of mime types and information about them.
-It consists of a single, public JSON file and does not include any logic,
-allowing it to remain as un-opinionated as possible with an API.
-It aggregates data from the following sources:
-
-- http://www.iana.org/assignments/media-types/media-types.xhtml
-- http://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types
-- http://hg.nginx.org/nginx/raw-file/default/conf/mime.types
-
-## Installation
-
-```bash
-npm install mime-db
-```
-
-### Database Download
-
-If you're crazy enough to use this in the browser, you can just grab the
-JSON file using [jsDelivr](https://www.jsdelivr.com/). It is recommended to
-replace `master` with [a release tag](https://github.com/jshttp/mime-db/tags)
-as the JSON format may change in the future.
-
-```
-https://cdn.jsdelivr.net/gh/jshttp/mime-db@master/db.json
-```
-
-## Usage
-
-```js
-var db = require('mime-db')
-
-// grab data on .js files
-var data = db['application/javascript']
-```
-
-## Data Structure
-
-The JSON file is a map lookup for lowercased mime types.
-Each mime type has the following properties:
-
-- `.source` - where the mime type is defined.
-    If not set, it's probably a custom media type.
-    - `apache` - [Apache common media types](http://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types)
-    - `iana` - [IANA-defined media types](http://www.iana.org/assignments/media-types/media-types.xhtml)
-    - `nginx` - [nginx media types](http://hg.nginx.org/nginx/raw-file/default/conf/mime.types)
-- `.extensions[]` - known extensions associated with this mime type.
-- `.compressible` - whether a file of this type can be gzipped.
-- `.charset` - the default charset associated with this type, if any.
-
-If unknown, every property could be `undefined`.
-
-## Contributing
-
-To edit the database, only make PRs against `src/custom-types.json` or
-`src/custom-suffix.json`.
-
-The `src/custom-types.json` file is a JSON object with the MIME type as the
-keys and the values being an object with the following keys:
-
-- `compressible` - leave out if you don't know, otherwise `true`/`false` to
-  indicate whether the data represented by the type is typically compressible.
-- `extensions` - include an array of file extensions that are associated with
-  the type.
-- `notes` - human-readable notes about the type, typically what the type is.
-- `sources` - include an array of URLs of where the MIME type and the associated
-  extensions are sourced from. This needs to be a [primary source](https://en.wikipedia.org/wiki/Primary_source);
-  links to type aggregating sites and Wikipedia are _not acceptable_.
-
-To update the build, run `npm run build`.
-
-### Adding Custom Media Types
-
-The best way to get new media types included in this library is to register
-them with the IANA. The community registration procedure is outlined in
-[RFC 6838 section 5](http://tools.ietf.org/html/rfc6838#section-5). Types
-registered with the IANA are automatically pulled into this library.
-
-If that is not possible / feasible, they can be added directly here as a
-"custom" type. To do this, it is required to have a primary source that
-definitively lists the media type. If an extension is going to be listed as
-associateed with this media type, the source must definitively link the
-media type and extension as well.
-
-[ci-image]: https://badgen.net/github/checks/jshttp/mime-db/master?label=ci
-[ci-url]: https://github.com/jshttp/mime-db/actions?query=workflow%3Aci
-[coveralls-image]: https://badgen.net/coveralls/c/github/jshttp/mime-db/master
-[coveralls-url]: https://coveralls.io/r/jshttp/mime-db?branch=master
-[node-image]: https://badgen.net/npm/node/mime-db
-[node-url]: https://nodejs.org/en/download
-[npm-downloads-image]: https://badgen.net/npm/dm/mime-db
-[npm-url]: https://npmjs.org/package/mime-db
-[npm-version-image]: https://badgen.net/npm/v/mime-db
diff --git a/src/Servers/ExpressServer/node_modules/mime-db/db.json b/src/Servers/ExpressServer/node_modules/mime-db/db.json
deleted file mode 100644
index eb9c42c..0000000
--- a/src/Servers/ExpressServer/node_modules/mime-db/db.json
+++ /dev/null
@@ -1,8519 +0,0 @@
-{
-  "application/1d-interleaved-parityfec": {
-    "source": "iana"
-  },
-  "application/3gpdash-qoe-report+xml": {
-    "source": "iana",
-    "charset": "UTF-8",
-    "compressible": true
-  },
-  "application/3gpp-ims+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/3gpphal+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/3gpphalforms+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/a2l": {
-    "source": "iana"
-  },
-  "application/ace+cbor": {
-    "source": "iana"
-  },
-  "application/activemessage": {
-    "source": "iana"
-  },
-  "application/activity+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/alto-costmap+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/alto-costmapfilter+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/alto-directory+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/alto-endpointcost+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/alto-endpointcostparams+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/alto-endpointprop+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/alto-endpointpropparams+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/alto-error+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/alto-networkmap+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/alto-networkmapfilter+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/alto-updatestreamcontrol+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/alto-updatestreamparams+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/aml": {
-    "source": "iana"
-  },
-  "application/andrew-inset": {
-    "source": "iana",
-    "extensions": ["ez"]
-  },
-  "application/applefile": {
-    "source": "iana"
-  },
-  "application/applixware": {
-    "source": "apache",
-    "extensions": ["aw"]
-  },
-  "application/at+jwt": {
-    "source": "iana"
-  },
-  "application/atf": {
-    "source": "iana"
-  },
-  "application/atfx": {
-    "source": "iana"
-  },
-  "application/atom+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["atom"]
-  },
-  "application/atomcat+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["atomcat"]
-  },
-  "application/atomdeleted+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["atomdeleted"]
-  },
-  "application/atomicmail": {
-    "source": "iana"
-  },
-  "application/atomsvc+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["atomsvc"]
-  },
-  "application/atsc-dwd+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["dwd"]
-  },
-  "application/atsc-dynamic-event-message": {
-    "source": "iana"
-  },
-  "application/atsc-held+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["held"]
-  },
-  "application/atsc-rdt+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/atsc-rsat+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["rsat"]
-  },
-  "application/atxml": {
-    "source": "iana"
-  },
-  "application/auth-policy+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/bacnet-xdd+zip": {
-    "source": "iana",
-    "compressible": false
-  },
-  "application/batch-smtp": {
-    "source": "iana"
-  },
-  "application/bdoc": {
-    "compressible": false,
-    "extensions": ["bdoc"]
-  },
-  "application/beep+xml": {
-    "source": "iana",
-    "charset": "UTF-8",
-    "compressible": true
-  },
-  "application/calendar+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/calendar+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["xcs"]
-  },
-  "application/call-completion": {
-    "source": "iana"
-  },
-  "application/cals-1840": {
-    "source": "iana"
-  },
-  "application/captive+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/cbor": {
-    "source": "iana"
-  },
-  "application/cbor-seq": {
-    "source": "iana"
-  },
-  "application/cccex": {
-    "source": "iana"
-  },
-  "application/ccmp+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/ccxml+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["ccxml"]
-  },
-  "application/cdfx+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["cdfx"]
-  },
-  "application/cdmi-capability": {
-    "source": "iana",
-    "extensions": ["cdmia"]
-  },
-  "application/cdmi-container": {
-    "source": "iana",
-    "extensions": ["cdmic"]
-  },
-  "application/cdmi-domain": {
-    "source": "iana",
-    "extensions": ["cdmid"]
-  },
-  "application/cdmi-object": {
-    "source": "iana",
-    "extensions": ["cdmio"]
-  },
-  "application/cdmi-queue": {
-    "source": "iana",
-    "extensions": ["cdmiq"]
-  },
-  "application/cdni": {
-    "source": "iana"
-  },
-  "application/cea": {
-    "source": "iana"
-  },
-  "application/cea-2018+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/cellml+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/cfw": {
-    "source": "iana"
-  },
-  "application/city+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/clr": {
-    "source": "iana"
-  },
-  "application/clue+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/clue_info+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/cms": {
-    "source": "iana"
-  },
-  "application/cnrp+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/coap-group+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/coap-payload": {
-    "source": "iana"
-  },
-  "application/commonground": {
-    "source": "iana"
-  },
-  "application/conference-info+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/cose": {
-    "source": "iana"
-  },
-  "application/cose-key": {
-    "source": "iana"
-  },
-  "application/cose-key-set": {
-    "source": "iana"
-  },
-  "application/cpl+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["cpl"]
-  },
-  "application/csrattrs": {
-    "source": "iana"
-  },
-  "application/csta+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/cstadata+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/csvm+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/cu-seeme": {
-    "source": "apache",
-    "extensions": ["cu"]
-  },
-  "application/cwt": {
-    "source": "iana"
-  },
-  "application/cybercash": {
-    "source": "iana"
-  },
-  "application/dart": {
-    "compressible": true
-  },
-  "application/dash+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["mpd"]
-  },
-  "application/dash-patch+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["mpp"]
-  },
-  "application/dashdelta": {
-    "source": "iana"
-  },
-  "application/davmount+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["davmount"]
-  },
-  "application/dca-rft": {
-    "source": "iana"
-  },
-  "application/dcd": {
-    "source": "iana"
-  },
-  "application/dec-dx": {
-    "source": "iana"
-  },
-  "application/dialog-info+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/dicom": {
-    "source": "iana"
-  },
-  "application/dicom+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/dicom+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/dii": {
-    "source": "iana"
-  },
-  "application/dit": {
-    "source": "iana"
-  },
-  "application/dns": {
-    "source": "iana"
-  },
-  "application/dns+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/dns-message": {
-    "source": "iana"
-  },
-  "application/docbook+xml": {
-    "source": "apache",
-    "compressible": true,
-    "extensions": ["dbk"]
-  },
-  "application/dots+cbor": {
-    "source": "iana"
-  },
-  "application/dskpp+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/dssc+der": {
-    "source": "iana",
-    "extensions": ["dssc"]
-  },
-  "application/dssc+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["xdssc"]
-  },
-  "application/dvcs": {
-    "source": "iana"
-  },
-  "application/ecmascript": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["es","ecma"]
-  },
-  "application/edi-consent": {
-    "source": "iana"
-  },
-  "application/edi-x12": {
-    "source": "iana",
-    "compressible": false
-  },
-  "application/edifact": {
-    "source": "iana",
-    "compressible": false
-  },
-  "application/efi": {
-    "source": "iana"
-  },
-  "application/elm+json": {
-    "source": "iana",
-    "charset": "UTF-8",
-    "compressible": true
-  },
-  "application/elm+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/emergencycalldata.cap+xml": {
-    "source": "iana",
-    "charset": "UTF-8",
-    "compressible": true
-  },
-  "application/emergencycalldata.comment+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/emergencycalldata.control+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/emergencycalldata.deviceinfo+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/emergencycalldata.ecall.msd": {
-    "source": "iana"
-  },
-  "application/emergencycalldata.providerinfo+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/emergencycalldata.serviceinfo+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/emergencycalldata.subscriberinfo+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/emergencycalldata.veds+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/emma+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["emma"]
-  },
-  "application/emotionml+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["emotionml"]
-  },
-  "application/encaprtp": {
-    "source": "iana"
-  },
-  "application/epp+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/epub+zip": {
-    "source": "iana",
-    "compressible": false,
-    "extensions": ["epub"]
-  },
-  "application/eshop": {
-    "source": "iana"
-  },
-  "application/exi": {
-    "source": "iana",
-    "extensions": ["exi"]
-  },
-  "application/expect-ct-report+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/express": {
-    "source": "iana",
-    "extensions": ["exp"]
-  },
-  "application/fastinfoset": {
-    "source": "iana"
-  },
-  "application/fastsoap": {
-    "source": "iana"
-  },
-  "application/fdt+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["fdt"]
-  },
-  "application/fhir+json": {
-    "source": "iana",
-    "charset": "UTF-8",
-    "compressible": true
-  },
-  "application/fhir+xml": {
-    "source": "iana",
-    "charset": "UTF-8",
-    "compressible": true
-  },
-  "application/fido.trusted-apps+json": {
-    "compressible": true
-  },
-  "application/fits": {
-    "source": "iana"
-  },
-  "application/flexfec": {
-    "source": "iana"
-  },
-  "application/font-sfnt": {
-    "source": "iana"
-  },
-  "application/font-tdpfr": {
-    "source": "iana",
-    "extensions": ["pfr"]
-  },
-  "application/font-woff": {
-    "source": "iana",
-    "compressible": false
-  },
-  "application/framework-attributes+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/geo+json": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["geojson"]
-  },
-  "application/geo+json-seq": {
-    "source": "iana"
-  },
-  "application/geopackage+sqlite3": {
-    "source": "iana"
-  },
-  "application/geoxacml+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/gltf-buffer": {
-    "source": "iana"
-  },
-  "application/gml+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["gml"]
-  },
-  "application/gpx+xml": {
-    "source": "apache",
-    "compressible": true,
-    "extensions": ["gpx"]
-  },
-  "application/gxf": {
-    "source": "apache",
-    "extensions": ["gxf"]
-  },
-  "application/gzip": {
-    "source": "iana",
-    "compressible": false,
-    "extensions": ["gz"]
-  },
-  "application/h224": {
-    "source": "iana"
-  },
-  "application/held+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/hjson": {
-    "extensions": ["hjson"]
-  },
-  "application/http": {
-    "source": "iana"
-  },
-  "application/hyperstudio": {
-    "source": "iana",
-    "extensions": ["stk"]
-  },
-  "application/ibe-key-request+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/ibe-pkg-reply+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/ibe-pp-data": {
-    "source": "iana"
-  },
-  "application/iges": {
-    "source": "iana"
-  },
-  "application/im-iscomposing+xml": {
-    "source": "iana",
-    "charset": "UTF-8",
-    "compressible": true
-  },
-  "application/index": {
-    "source": "iana"
-  },
-  "application/index.cmd": {
-    "source": "iana"
-  },
-  "application/index.obj": {
-    "source": "iana"
-  },
-  "application/index.response": {
-    "source": "iana"
-  },
-  "application/index.vnd": {
-    "source": "iana"
-  },
-  "application/inkml+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["ink","inkml"]
-  },
-  "application/iotp": {
-    "source": "iana"
-  },
-  "application/ipfix": {
-    "source": "iana",
-    "extensions": ["ipfix"]
-  },
-  "application/ipp": {
-    "source": "iana"
-  },
-  "application/isup": {
-    "source": "iana"
-  },
-  "application/its+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["its"]
-  },
-  "application/java-archive": {
-    "source": "apache",
-    "compressible": false,
-    "extensions": ["jar","war","ear"]
-  },
-  "application/java-serialized-object": {
-    "source": "apache",
-    "compressible": false,
-    "extensions": ["ser"]
-  },
-  "application/java-vm": {
-    "source": "apache",
-    "compressible": false,
-    "extensions": ["class"]
-  },
-  "application/javascript": {
-    "source": "iana",
-    "charset": "UTF-8",
-    "compressible": true,
-    "extensions": ["js","mjs"]
-  },
-  "application/jf2feed+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/jose": {
-    "source": "iana"
-  },
-  "application/jose+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/jrd+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/jscalendar+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/json": {
-    "source": "iana",
-    "charset": "UTF-8",
-    "compressible": true,
-    "extensions": ["json","map"]
-  },
-  "application/json-patch+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/json-seq": {
-    "source": "iana"
-  },
-  "application/json5": {
-    "extensions": ["json5"]
-  },
-  "application/jsonml+json": {
-    "source": "apache",
-    "compressible": true,
-    "extensions": ["jsonml"]
-  },
-  "application/jwk+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/jwk-set+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/jwt": {
-    "source": "iana"
-  },
-  "application/kpml-request+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/kpml-response+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/ld+json": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["jsonld"]
-  },
-  "application/lgr+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["lgr"]
-  },
-  "application/link-format": {
-    "source": "iana"
-  },
-  "application/load-control+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/lost+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["lostxml"]
-  },
-  "application/lostsync+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/lpf+zip": {
-    "source": "iana",
-    "compressible": false
-  },
-  "application/lxf": {
-    "source": "iana"
-  },
-  "application/mac-binhex40": {
-    "source": "iana",
-    "extensions": ["hqx"]
-  },
-  "application/mac-compactpro": {
-    "source": "apache",
-    "extensions": ["cpt"]
-  },
-  "application/macwriteii": {
-    "source": "iana"
-  },
-  "application/mads+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["mads"]
-  },
-  "application/manifest+json": {
-    "source": "iana",
-    "charset": "UTF-8",
-    "compressible": true,
-    "extensions": ["webmanifest"]
-  },
-  "application/marc": {
-    "source": "iana",
-    "extensions": ["mrc"]
-  },
-  "application/marcxml+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["mrcx"]
-  },
-  "application/mathematica": {
-    "source": "iana",
-    "extensions": ["ma","nb","mb"]
-  },
-  "application/mathml+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["mathml"]
-  },
-  "application/mathml-content+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/mathml-presentation+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/mbms-associated-procedure-description+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/mbms-deregister+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/mbms-envelope+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/mbms-msk+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/mbms-msk-response+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/mbms-protection-description+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/mbms-reception-report+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/mbms-register+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/mbms-register-response+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/mbms-schedule+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/mbms-user-service-description+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/mbox": {
-    "source": "iana",
-    "extensions": ["mbox"]
-  },
-  "application/media-policy-dataset+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["mpf"]
-  },
-  "application/media_control+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/mediaservercontrol+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["mscml"]
-  },
-  "application/merge-patch+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/metalink+xml": {
-    "source": "apache",
-    "compressible": true,
-    "extensions": ["metalink"]
-  },
-  "application/metalink4+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["meta4"]
-  },
-  "application/mets+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["mets"]
-  },
-  "application/mf4": {
-    "source": "iana"
-  },
-  "application/mikey": {
-    "source": "iana"
-  },
-  "application/mipc": {
-    "source": "iana"
-  },
-  "application/missing-blocks+cbor-seq": {
-    "source": "iana"
-  },
-  "application/mmt-aei+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["maei"]
-  },
-  "application/mmt-usd+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["musd"]
-  },
-  "application/mods+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["mods"]
-  },
-  "application/moss-keys": {
-    "source": "iana"
-  },
-  "application/moss-signature": {
-    "source": "iana"
-  },
-  "application/mosskey-data": {
-    "source": "iana"
-  },
-  "application/mosskey-request": {
-    "source": "iana"
-  },
-  "application/mp21": {
-    "source": "iana",
-    "extensions": ["m21","mp21"]
-  },
-  "application/mp4": {
-    "source": "iana",
-    "extensions": ["mp4s","m4p"]
-  },
-  "application/mpeg4-generic": {
-    "source": "iana"
-  },
-  "application/mpeg4-iod": {
-    "source": "iana"
-  },
-  "application/mpeg4-iod-xmt": {
-    "source": "iana"
-  },
-  "application/mrb-consumer+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/mrb-publish+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/msc-ivr+xml": {
-    "source": "iana",
-    "charset": "UTF-8",
-    "compressible": true
-  },
-  "application/msc-mixer+xml": {
-    "source": "iana",
-    "charset": "UTF-8",
-    "compressible": true
-  },
-  "application/msword": {
-    "source": "iana",
-    "compressible": false,
-    "extensions": ["doc","dot"]
-  },
-  "application/mud+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/multipart-core": {
-    "source": "iana"
-  },
-  "application/mxf": {
-    "source": "iana",
-    "extensions": ["mxf"]
-  },
-  "application/n-quads": {
-    "source": "iana",
-    "extensions": ["nq"]
-  },
-  "application/n-triples": {
-    "source": "iana",
-    "extensions": ["nt"]
-  },
-  "application/nasdata": {
-    "source": "iana"
-  },
-  "application/news-checkgroups": {
-    "source": "iana",
-    "charset": "US-ASCII"
-  },
-  "application/news-groupinfo": {
-    "source": "iana",
-    "charset": "US-ASCII"
-  },
-  "application/news-transmission": {
-    "source": "iana"
-  },
-  "application/nlsml+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/node": {
-    "source": "iana",
-    "extensions": ["cjs"]
-  },
-  "application/nss": {
-    "source": "iana"
-  },
-  "application/oauth-authz-req+jwt": {
-    "source": "iana"
-  },
-  "application/oblivious-dns-message": {
-    "source": "iana"
-  },
-  "application/ocsp-request": {
-    "source": "iana"
-  },
-  "application/ocsp-response": {
-    "source": "iana"
-  },
-  "application/octet-stream": {
-    "source": "iana",
-    "compressible": false,
-    "extensions": ["bin","dms","lrf","mar","so","dist","distz","pkg","bpk","dump","elc","deploy","exe","dll","deb","dmg","iso","img","msi","msp","msm","buffer"]
-  },
-  "application/oda": {
-    "source": "iana",
-    "extensions": ["oda"]
-  },
-  "application/odm+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/odx": {
-    "source": "iana"
-  },
-  "application/oebps-package+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["opf"]
-  },
-  "application/ogg": {
-    "source": "iana",
-    "compressible": false,
-    "extensions": ["ogx"]
-  },
-  "application/omdoc+xml": {
-    "source": "apache",
-    "compressible": true,
-    "extensions": ["omdoc"]
-  },
-  "application/onenote": {
-    "source": "apache",
-    "extensions": ["onetoc","onetoc2","onetmp","onepkg"]
-  },
-  "application/opc-nodeset+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/oscore": {
-    "source": "iana"
-  },
-  "application/oxps": {
-    "source": "iana",
-    "extensions": ["oxps"]
-  },
-  "application/p21": {
-    "source": "iana"
-  },
-  "application/p21+zip": {
-    "source": "iana",
-    "compressible": false
-  },
-  "application/p2p-overlay+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["relo"]
-  },
-  "application/parityfec": {
-    "source": "iana"
-  },
-  "application/passport": {
-    "source": "iana"
-  },
-  "application/patch-ops-error+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["xer"]
-  },
-  "application/pdf": {
-    "source": "iana",
-    "compressible": false,
-    "extensions": ["pdf"]
-  },
-  "application/pdx": {
-    "source": "iana"
-  },
-  "application/pem-certificate-chain": {
-    "source": "iana"
-  },
-  "application/pgp-encrypted": {
-    "source": "iana",
-    "compressible": false,
-    "extensions": ["pgp"]
-  },
-  "application/pgp-keys": {
-    "source": "iana",
-    "extensions": ["asc"]
-  },
-  "application/pgp-signature": {
-    "source": "iana",
-    "extensions": ["asc","sig"]
-  },
-  "application/pics-rules": {
-    "source": "apache",
-    "extensions": ["prf"]
-  },
-  "application/pidf+xml": {
-    "source": "iana",
-    "charset": "UTF-8",
-    "compressible": true
-  },
-  "application/pidf-diff+xml": {
-    "source": "iana",
-    "charset": "UTF-8",
-    "compressible": true
-  },
-  "application/pkcs10": {
-    "source": "iana",
-    "extensions": ["p10"]
-  },
-  "application/pkcs12": {
-    "source": "iana"
-  },
-  "application/pkcs7-mime": {
-    "source": "iana",
-    "extensions": ["p7m","p7c"]
-  },
-  "application/pkcs7-signature": {
-    "source": "iana",
-    "extensions": ["p7s"]
-  },
-  "application/pkcs8": {
-    "source": "iana",
-    "extensions": ["p8"]
-  },
-  "application/pkcs8-encrypted": {
-    "source": "iana"
-  },
-  "application/pkix-attr-cert": {
-    "source": "iana",
-    "extensions": ["ac"]
-  },
-  "application/pkix-cert": {
-    "source": "iana",
-    "extensions": ["cer"]
-  },
-  "application/pkix-crl": {
-    "source": "iana",
-    "extensions": ["crl"]
-  },
-  "application/pkix-pkipath": {
-    "source": "iana",
-    "extensions": ["pkipath"]
-  },
-  "application/pkixcmp": {
-    "source": "iana",
-    "extensions": ["pki"]
-  },
-  "application/pls+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["pls"]
-  },
-  "application/poc-settings+xml": {
-    "source": "iana",
-    "charset": "UTF-8",
-    "compressible": true
-  },
-  "application/postscript": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["ai","eps","ps"]
-  },
-  "application/ppsp-tracker+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/problem+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/problem+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/provenance+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["provx"]
-  },
-  "application/prs.alvestrand.titrax-sheet": {
-    "source": "iana"
-  },
-  "application/prs.cww": {
-    "source": "iana",
-    "extensions": ["cww"]
-  },
-  "application/prs.cyn": {
-    "source": "iana",
-    "charset": "7-BIT"
-  },
-  "application/prs.hpub+zip": {
-    "source": "iana",
-    "compressible": false
-  },
-  "application/prs.nprend": {
-    "source": "iana"
-  },
-  "application/prs.plucker": {
-    "source": "iana"
-  },
-  "application/prs.rdf-xml-crypt": {
-    "source": "iana"
-  },
-  "application/prs.xsf+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/pskc+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["pskcxml"]
-  },
-  "application/pvd+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/qsig": {
-    "source": "iana"
-  },
-  "application/raml+yaml": {
-    "compressible": true,
-    "extensions": ["raml"]
-  },
-  "application/raptorfec": {
-    "source": "iana"
-  },
-  "application/rdap+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/rdf+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["rdf","owl"]
-  },
-  "application/reginfo+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["rif"]
-  },
-  "application/relax-ng-compact-syntax": {
-    "source": "iana",
-    "extensions": ["rnc"]
-  },
-  "application/remote-printing": {
-    "source": "iana"
-  },
-  "application/reputon+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/resource-lists+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["rl"]
-  },
-  "application/resource-lists-diff+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["rld"]
-  },
-  "application/rfc+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/riscos": {
-    "source": "iana"
-  },
-  "application/rlmi+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/rls-services+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["rs"]
-  },
-  "application/route-apd+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["rapd"]
-  },
-  "application/route-s-tsid+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["sls"]
-  },
-  "application/route-usd+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["rusd"]
-  },
-  "application/rpki-ghostbusters": {
-    "source": "iana",
-    "extensions": ["gbr"]
-  },
-  "application/rpki-manifest": {
-    "source": "iana",
-    "extensions": ["mft"]
-  },
-  "application/rpki-publication": {
-    "source": "iana"
-  },
-  "application/rpki-roa": {
-    "source": "iana",
-    "extensions": ["roa"]
-  },
-  "application/rpki-updown": {
-    "source": "iana"
-  },
-  "application/rsd+xml": {
-    "source": "apache",
-    "compressible": true,
-    "extensions": ["rsd"]
-  },
-  "application/rss+xml": {
-    "source": "apache",
-    "compressible": true,
-    "extensions": ["rss"]
-  },
-  "application/rtf": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["rtf"]
-  },
-  "application/rtploopback": {
-    "source": "iana"
-  },
-  "application/rtx": {
-    "source": "iana"
-  },
-  "application/samlassertion+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/samlmetadata+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/sarif+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/sarif-external-properties+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/sbe": {
-    "source": "iana"
-  },
-  "application/sbml+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["sbml"]
-  },
-  "application/scaip+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/scim+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/scvp-cv-request": {
-    "source": "iana",
-    "extensions": ["scq"]
-  },
-  "application/scvp-cv-response": {
-    "source": "iana",
-    "extensions": ["scs"]
-  },
-  "application/scvp-vp-request": {
-    "source": "iana",
-    "extensions": ["spq"]
-  },
-  "application/scvp-vp-response": {
-    "source": "iana",
-    "extensions": ["spp"]
-  },
-  "application/sdp": {
-    "source": "iana",
-    "extensions": ["sdp"]
-  },
-  "application/secevent+jwt": {
-    "source": "iana"
-  },
-  "application/senml+cbor": {
-    "source": "iana"
-  },
-  "application/senml+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/senml+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["senmlx"]
-  },
-  "application/senml-etch+cbor": {
-    "source": "iana"
-  },
-  "application/senml-etch+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/senml-exi": {
-    "source": "iana"
-  },
-  "application/sensml+cbor": {
-    "source": "iana"
-  },
-  "application/sensml+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/sensml+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["sensmlx"]
-  },
-  "application/sensml-exi": {
-    "source": "iana"
-  },
-  "application/sep+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/sep-exi": {
-    "source": "iana"
-  },
-  "application/session-info": {
-    "source": "iana"
-  },
-  "application/set-payment": {
-    "source": "iana"
-  },
-  "application/set-payment-initiation": {
-    "source": "iana",
-    "extensions": ["setpay"]
-  },
-  "application/set-registration": {
-    "source": "iana"
-  },
-  "application/set-registration-initiation": {
-    "source": "iana",
-    "extensions": ["setreg"]
-  },
-  "application/sgml": {
-    "source": "iana"
-  },
-  "application/sgml-open-catalog": {
-    "source": "iana"
-  },
-  "application/shf+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["shf"]
-  },
-  "application/sieve": {
-    "source": "iana",
-    "extensions": ["siv","sieve"]
-  },
-  "application/simple-filter+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/simple-message-summary": {
-    "source": "iana"
-  },
-  "application/simplesymbolcontainer": {
-    "source": "iana"
-  },
-  "application/sipc": {
-    "source": "iana"
-  },
-  "application/slate": {
-    "source": "iana"
-  },
-  "application/smil": {
-    "source": "iana"
-  },
-  "application/smil+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["smi","smil"]
-  },
-  "application/smpte336m": {
-    "source": "iana"
-  },
-  "application/soap+fastinfoset": {
-    "source": "iana"
-  },
-  "application/soap+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/sparql-query": {
-    "source": "iana",
-    "extensions": ["rq"]
-  },
-  "application/sparql-results+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["srx"]
-  },
-  "application/spdx+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/spirits-event+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/sql": {
-    "source": "iana"
-  },
-  "application/srgs": {
-    "source": "iana",
-    "extensions": ["gram"]
-  },
-  "application/srgs+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["grxml"]
-  },
-  "application/sru+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["sru"]
-  },
-  "application/ssdl+xml": {
-    "source": "apache",
-    "compressible": true,
-    "extensions": ["ssdl"]
-  },
-  "application/ssml+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["ssml"]
-  },
-  "application/stix+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/swid+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["swidtag"]
-  },
-  "application/tamp-apex-update": {
-    "source": "iana"
-  },
-  "application/tamp-apex-update-confirm": {
-    "source": "iana"
-  },
-  "application/tamp-community-update": {
-    "source": "iana"
-  },
-  "application/tamp-community-update-confirm": {
-    "source": "iana"
-  },
-  "application/tamp-error": {
-    "source": "iana"
-  },
-  "application/tamp-sequence-adjust": {
-    "source": "iana"
-  },
-  "application/tamp-sequence-adjust-confirm": {
-    "source": "iana"
-  },
-  "application/tamp-status-query": {
-    "source": "iana"
-  },
-  "application/tamp-status-response": {
-    "source": "iana"
-  },
-  "application/tamp-update": {
-    "source": "iana"
-  },
-  "application/tamp-update-confirm": {
-    "source": "iana"
-  },
-  "application/tar": {
-    "compressible": true
-  },
-  "application/taxii+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/td+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/tei+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["tei","teicorpus"]
-  },
-  "application/tetra_isi": {
-    "source": "iana"
-  },
-  "application/thraud+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["tfi"]
-  },
-  "application/timestamp-query": {
-    "source": "iana"
-  },
-  "application/timestamp-reply": {
-    "source": "iana"
-  },
-  "application/timestamped-data": {
-    "source": "iana",
-    "extensions": ["tsd"]
-  },
-  "application/tlsrpt+gzip": {
-    "source": "iana"
-  },
-  "application/tlsrpt+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/tnauthlist": {
-    "source": "iana"
-  },
-  "application/token-introspection+jwt": {
-    "source": "iana"
-  },
-  "application/toml": {
-    "compressible": true,
-    "extensions": ["toml"]
-  },
-  "application/trickle-ice-sdpfrag": {
-    "source": "iana"
-  },
-  "application/trig": {
-    "source": "iana",
-    "extensions": ["trig"]
-  },
-  "application/ttml+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["ttml"]
-  },
-  "application/tve-trigger": {
-    "source": "iana"
-  },
-  "application/tzif": {
-    "source": "iana"
-  },
-  "application/tzif-leap": {
-    "source": "iana"
-  },
-  "application/ubjson": {
-    "compressible": false,
-    "extensions": ["ubj"]
-  },
-  "application/ulpfec": {
-    "source": "iana"
-  },
-  "application/urc-grpsheet+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/urc-ressheet+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["rsheet"]
-  },
-  "application/urc-targetdesc+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["td"]
-  },
-  "application/urc-uisocketdesc+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vcard+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vcard+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vemmi": {
-    "source": "iana"
-  },
-  "application/vividence.scriptfile": {
-    "source": "apache"
-  },
-  "application/vnd.1000minds.decision-model+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["1km"]
-  },
-  "application/vnd.3gpp-prose+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.3gpp-prose-pc3ch+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.3gpp-v2x-local-service-information": {
-    "source": "iana"
-  },
-  "application/vnd.3gpp.5gnas": {
-    "source": "iana"
-  },
-  "application/vnd.3gpp.access-transfer-events+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.3gpp.bsf+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.3gpp.gmop+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.3gpp.gtpc": {
-    "source": "iana"
-  },
-  "application/vnd.3gpp.interworking-data": {
-    "source": "iana"
-  },
-  "application/vnd.3gpp.lpp": {
-    "source": "iana"
-  },
-  "application/vnd.3gpp.mc-signalling-ear": {
-    "source": "iana"
-  },
-  "application/vnd.3gpp.mcdata-affiliation-command+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.3gpp.mcdata-info+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.3gpp.mcdata-payload": {
-    "source": "iana"
-  },
-  "application/vnd.3gpp.mcdata-service-config+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.3gpp.mcdata-signalling": {
-    "source": "iana"
-  },
-  "application/vnd.3gpp.mcdata-ue-config+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.3gpp.mcdata-user-profile+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.3gpp.mcptt-affiliation-command+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.3gpp.mcptt-floor-request+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.3gpp.mcptt-info+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.3gpp.mcptt-location-info+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.3gpp.mcptt-mbms-usage-info+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.3gpp.mcptt-service-config+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.3gpp.mcptt-signed+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.3gpp.mcptt-ue-config+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.3gpp.mcptt-ue-init-config+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.3gpp.mcptt-user-profile+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.3gpp.mcvideo-affiliation-command+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.3gpp.mcvideo-affiliation-info+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.3gpp.mcvideo-info+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.3gpp.mcvideo-location-info+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.3gpp.mcvideo-mbms-usage-info+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.3gpp.mcvideo-service-config+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.3gpp.mcvideo-transmission-request+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.3gpp.mcvideo-ue-config+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.3gpp.mcvideo-user-profile+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.3gpp.mid-call+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.3gpp.ngap": {
-    "source": "iana"
-  },
-  "application/vnd.3gpp.pfcp": {
-    "source": "iana"
-  },
-  "application/vnd.3gpp.pic-bw-large": {
-    "source": "iana",
-    "extensions": ["plb"]
-  },
-  "application/vnd.3gpp.pic-bw-small": {
-    "source": "iana",
-    "extensions": ["psb"]
-  },
-  "application/vnd.3gpp.pic-bw-var": {
-    "source": "iana",
-    "extensions": ["pvb"]
-  },
-  "application/vnd.3gpp.s1ap": {
-    "source": "iana"
-  },
-  "application/vnd.3gpp.sms": {
-    "source": "iana"
-  },
-  "application/vnd.3gpp.sms+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.3gpp.srvcc-ext+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.3gpp.srvcc-info+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.3gpp.state-and-event-info+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.3gpp.ussd+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.3gpp2.bcmcsinfo+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.3gpp2.sms": {
-    "source": "iana"
-  },
-  "application/vnd.3gpp2.tcap": {
-    "source": "iana",
-    "extensions": ["tcap"]
-  },
-  "application/vnd.3lightssoftware.imagescal": {
-    "source": "iana"
-  },
-  "application/vnd.3m.post-it-notes": {
-    "source": "iana",
-    "extensions": ["pwn"]
-  },
-  "application/vnd.accpac.simply.aso": {
-    "source": "iana",
-    "extensions": ["aso"]
-  },
-  "application/vnd.accpac.simply.imp": {
-    "source": "iana",
-    "extensions": ["imp"]
-  },
-  "application/vnd.acucobol": {
-    "source": "iana",
-    "extensions": ["acu"]
-  },
-  "application/vnd.acucorp": {
-    "source": "iana",
-    "extensions": ["atc","acutc"]
-  },
-  "application/vnd.adobe.air-application-installer-package+zip": {
-    "source": "apache",
-    "compressible": false,
-    "extensions": ["air"]
-  },
-  "application/vnd.adobe.flash.movie": {
-    "source": "iana"
-  },
-  "application/vnd.adobe.formscentral.fcdt": {
-    "source": "iana",
-    "extensions": ["fcdt"]
-  },
-  "application/vnd.adobe.fxp": {
-    "source": "iana",
-    "extensions": ["fxp","fxpl"]
-  },
-  "application/vnd.adobe.partial-upload": {
-    "source": "iana"
-  },
-  "application/vnd.adobe.xdp+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["xdp"]
-  },
-  "application/vnd.adobe.xfdf": {
-    "source": "iana",
-    "extensions": ["xfdf"]
-  },
-  "application/vnd.aether.imp": {
-    "source": "iana"
-  },
-  "application/vnd.afpc.afplinedata": {
-    "source": "iana"
-  },
-  "application/vnd.afpc.afplinedata-pagedef": {
-    "source": "iana"
-  },
-  "application/vnd.afpc.cmoca-cmresource": {
-    "source": "iana"
-  },
-  "application/vnd.afpc.foca-charset": {
-    "source": "iana"
-  },
-  "application/vnd.afpc.foca-codedfont": {
-    "source": "iana"
-  },
-  "application/vnd.afpc.foca-codepage": {
-    "source": "iana"
-  },
-  "application/vnd.afpc.modca": {
-    "source": "iana"
-  },
-  "application/vnd.afpc.modca-cmtable": {
-    "source": "iana"
-  },
-  "application/vnd.afpc.modca-formdef": {
-    "source": "iana"
-  },
-  "application/vnd.afpc.modca-mediummap": {
-    "source": "iana"
-  },
-  "application/vnd.afpc.modca-objectcontainer": {
-    "source": "iana"
-  },
-  "application/vnd.afpc.modca-overlay": {
-    "source": "iana"
-  },
-  "application/vnd.afpc.modca-pagesegment": {
-    "source": "iana"
-  },
-  "application/vnd.age": {
-    "source": "iana",
-    "extensions": ["age"]
-  },
-  "application/vnd.ah-barcode": {
-    "source": "iana"
-  },
-  "application/vnd.ahead.space": {
-    "source": "iana",
-    "extensions": ["ahead"]
-  },
-  "application/vnd.airzip.filesecure.azf": {
-    "source": "iana",
-    "extensions": ["azf"]
-  },
-  "application/vnd.airzip.filesecure.azs": {
-    "source": "iana",
-    "extensions": ["azs"]
-  },
-  "application/vnd.amadeus+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.amazon.ebook": {
-    "source": "apache",
-    "extensions": ["azw"]
-  },
-  "application/vnd.amazon.mobi8-ebook": {
-    "source": "iana"
-  },
-  "application/vnd.americandynamics.acc": {
-    "source": "iana",
-    "extensions": ["acc"]
-  },
-  "application/vnd.amiga.ami": {
-    "source": "iana",
-    "extensions": ["ami"]
-  },
-  "application/vnd.amundsen.maze+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.android.ota": {
-    "source": "iana"
-  },
-  "application/vnd.android.package-archive": {
-    "source": "apache",
-    "compressible": false,
-    "extensions": ["apk"]
-  },
-  "application/vnd.anki": {
-    "source": "iana"
-  },
-  "application/vnd.anser-web-certificate-issue-initiation": {
-    "source": "iana",
-    "extensions": ["cii"]
-  },
-  "application/vnd.anser-web-funds-transfer-initiation": {
-    "source": "apache",
-    "extensions": ["fti"]
-  },
-  "application/vnd.antix.game-component": {
-    "source": "iana",
-    "extensions": ["atx"]
-  },
-  "application/vnd.apache.arrow.file": {
-    "source": "iana"
-  },
-  "application/vnd.apache.arrow.stream": {
-    "source": "iana"
-  },
-  "application/vnd.apache.thrift.binary": {
-    "source": "iana"
-  },
-  "application/vnd.apache.thrift.compact": {
-    "source": "iana"
-  },
-  "application/vnd.apache.thrift.json": {
-    "source": "iana"
-  },
-  "application/vnd.api+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.aplextor.warrp+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.apothekende.reservation+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.apple.installer+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["mpkg"]
-  },
-  "application/vnd.apple.keynote": {
-    "source": "iana",
-    "extensions": ["key"]
-  },
-  "application/vnd.apple.mpegurl": {
-    "source": "iana",
-    "extensions": ["m3u8"]
-  },
-  "application/vnd.apple.numbers": {
-    "source": "iana",
-    "extensions": ["numbers"]
-  },
-  "application/vnd.apple.pages": {
-    "source": "iana",
-    "extensions": ["pages"]
-  },
-  "application/vnd.apple.pkpass": {
-    "compressible": false,
-    "extensions": ["pkpass"]
-  },
-  "application/vnd.arastra.swi": {
-    "source": "iana"
-  },
-  "application/vnd.aristanetworks.swi": {
-    "source": "iana",
-    "extensions": ["swi"]
-  },
-  "application/vnd.artisan+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.artsquare": {
-    "source": "iana"
-  },
-  "application/vnd.astraea-software.iota": {
-    "source": "iana",
-    "extensions": ["iota"]
-  },
-  "application/vnd.audiograph": {
-    "source": "iana",
-    "extensions": ["aep"]
-  },
-  "application/vnd.autopackage": {
-    "source": "iana"
-  },
-  "application/vnd.avalon+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.avistar+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.balsamiq.bmml+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["bmml"]
-  },
-  "application/vnd.balsamiq.bmpr": {
-    "source": "iana"
-  },
-  "application/vnd.banana-accounting": {
-    "source": "iana"
-  },
-  "application/vnd.bbf.usp.error": {
-    "source": "iana"
-  },
-  "application/vnd.bbf.usp.msg": {
-    "source": "iana"
-  },
-  "application/vnd.bbf.usp.msg+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.bekitzur-stech+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.bint.med-content": {
-    "source": "iana"
-  },
-  "application/vnd.biopax.rdf+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.blink-idb-value-wrapper": {
-    "source": "iana"
-  },
-  "application/vnd.blueice.multipass": {
-    "source": "iana",
-    "extensions": ["mpm"]
-  },
-  "application/vnd.bluetooth.ep.oob": {
-    "source": "iana"
-  },
-  "application/vnd.bluetooth.le.oob": {
-    "source": "iana"
-  },
-  "application/vnd.bmi": {
-    "source": "iana",
-    "extensions": ["bmi"]
-  },
-  "application/vnd.bpf": {
-    "source": "iana"
-  },
-  "application/vnd.bpf3": {
-    "source": "iana"
-  },
-  "application/vnd.businessobjects": {
-    "source": "iana",
-    "extensions": ["rep"]
-  },
-  "application/vnd.byu.uapi+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.cab-jscript": {
-    "source": "iana"
-  },
-  "application/vnd.canon-cpdl": {
-    "source": "iana"
-  },
-  "application/vnd.canon-lips": {
-    "source": "iana"
-  },
-  "application/vnd.capasystems-pg+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.cendio.thinlinc.clientconf": {
-    "source": "iana"
-  },
-  "application/vnd.century-systems.tcp_stream": {
-    "source": "iana"
-  },
-  "application/vnd.chemdraw+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["cdxml"]
-  },
-  "application/vnd.chess-pgn": {
-    "source": "iana"
-  },
-  "application/vnd.chipnuts.karaoke-mmd": {
-    "source": "iana",
-    "extensions": ["mmd"]
-  },
-  "application/vnd.ciedi": {
-    "source": "iana"
-  },
-  "application/vnd.cinderella": {
-    "source": "iana",
-    "extensions": ["cdy"]
-  },
-  "application/vnd.cirpack.isdn-ext": {
-    "source": "iana"
-  },
-  "application/vnd.citationstyles.style+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["csl"]
-  },
-  "application/vnd.claymore": {
-    "source": "iana",
-    "extensions": ["cla"]
-  },
-  "application/vnd.cloanto.rp9": {
-    "source": "iana",
-    "extensions": ["rp9"]
-  },
-  "application/vnd.clonk.c4group": {
-    "source": "iana",
-    "extensions": ["c4g","c4d","c4f","c4p","c4u"]
-  },
-  "application/vnd.cluetrust.cartomobile-config": {
-    "source": "iana",
-    "extensions": ["c11amc"]
-  },
-  "application/vnd.cluetrust.cartomobile-config-pkg": {
-    "source": "iana",
-    "extensions": ["c11amz"]
-  },
-  "application/vnd.coffeescript": {
-    "source": "iana"
-  },
-  "application/vnd.collabio.xodocuments.document": {
-    "source": "iana"
-  },
-  "application/vnd.collabio.xodocuments.document-template": {
-    "source": "iana"
-  },
-  "application/vnd.collabio.xodocuments.presentation": {
-    "source": "iana"
-  },
-  "application/vnd.collabio.xodocuments.presentation-template": {
-    "source": "iana"
-  },
-  "application/vnd.collabio.xodocuments.spreadsheet": {
-    "source": "iana"
-  },
-  "application/vnd.collabio.xodocuments.spreadsheet-template": {
-    "source": "iana"
-  },
-  "application/vnd.collection+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.collection.doc+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.collection.next+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.comicbook+zip": {
-    "source": "iana",
-    "compressible": false
-  },
-  "application/vnd.comicbook-rar": {
-    "source": "iana"
-  },
-  "application/vnd.commerce-battelle": {
-    "source": "iana"
-  },
-  "application/vnd.commonspace": {
-    "source": "iana",
-    "extensions": ["csp"]
-  },
-  "application/vnd.contact.cmsg": {
-    "source": "iana",
-    "extensions": ["cdbcmsg"]
-  },
-  "application/vnd.coreos.ignition+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.cosmocaller": {
-    "source": "iana",
-    "extensions": ["cmc"]
-  },
-  "application/vnd.crick.clicker": {
-    "source": "iana",
-    "extensions": ["clkx"]
-  },
-  "application/vnd.crick.clicker.keyboard": {
-    "source": "iana",
-    "extensions": ["clkk"]
-  },
-  "application/vnd.crick.clicker.palette": {
-    "source": "iana",
-    "extensions": ["clkp"]
-  },
-  "application/vnd.crick.clicker.template": {
-    "source": "iana",
-    "extensions": ["clkt"]
-  },
-  "application/vnd.crick.clicker.wordbank": {
-    "source": "iana",
-    "extensions": ["clkw"]
-  },
-  "application/vnd.criticaltools.wbs+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["wbs"]
-  },
-  "application/vnd.cryptii.pipe+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.crypto-shade-file": {
-    "source": "iana"
-  },
-  "application/vnd.cryptomator.encrypted": {
-    "source": "iana"
-  },
-  "application/vnd.cryptomator.vault": {
-    "source": "iana"
-  },
-  "application/vnd.ctc-posml": {
-    "source": "iana",
-    "extensions": ["pml"]
-  },
-  "application/vnd.ctct.ws+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.cups-pdf": {
-    "source": "iana"
-  },
-  "application/vnd.cups-postscript": {
-    "source": "iana"
-  },
-  "application/vnd.cups-ppd": {
-    "source": "iana",
-    "extensions": ["ppd"]
-  },
-  "application/vnd.cups-raster": {
-    "source": "iana"
-  },
-  "application/vnd.cups-raw": {
-    "source": "iana"
-  },
-  "application/vnd.curl": {
-    "source": "iana"
-  },
-  "application/vnd.curl.car": {
-    "source": "apache",
-    "extensions": ["car"]
-  },
-  "application/vnd.curl.pcurl": {
-    "source": "apache",
-    "extensions": ["pcurl"]
-  },
-  "application/vnd.cyan.dean.root+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.cybank": {
-    "source": "iana"
-  },
-  "application/vnd.cyclonedx+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.cyclonedx+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.d2l.coursepackage1p0+zip": {
-    "source": "iana",
-    "compressible": false
-  },
-  "application/vnd.d3m-dataset": {
-    "source": "iana"
-  },
-  "application/vnd.d3m-problem": {
-    "source": "iana"
-  },
-  "application/vnd.dart": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["dart"]
-  },
-  "application/vnd.data-vision.rdz": {
-    "source": "iana",
-    "extensions": ["rdz"]
-  },
-  "application/vnd.datapackage+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.dataresource+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.dbf": {
-    "source": "iana",
-    "extensions": ["dbf"]
-  },
-  "application/vnd.debian.binary-package": {
-    "source": "iana"
-  },
-  "application/vnd.dece.data": {
-    "source": "iana",
-    "extensions": ["uvf","uvvf","uvd","uvvd"]
-  },
-  "application/vnd.dece.ttml+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["uvt","uvvt"]
-  },
-  "application/vnd.dece.unspecified": {
-    "source": "iana",
-    "extensions": ["uvx","uvvx"]
-  },
-  "application/vnd.dece.zip": {
-    "source": "iana",
-    "extensions": ["uvz","uvvz"]
-  },
-  "application/vnd.denovo.fcselayout-link": {
-    "source": "iana",
-    "extensions": ["fe_launch"]
-  },
-  "application/vnd.desmume.movie": {
-    "source": "iana"
-  },
-  "application/vnd.dir-bi.plate-dl-nosuffix": {
-    "source": "iana"
-  },
-  "application/vnd.dm.delegation+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.dna": {
-    "source": "iana",
-    "extensions": ["dna"]
-  },
-  "application/vnd.document+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.dolby.mlp": {
-    "source": "apache",
-    "extensions": ["mlp"]
-  },
-  "application/vnd.dolby.mobile.1": {
-    "source": "iana"
-  },
-  "application/vnd.dolby.mobile.2": {
-    "source": "iana"
-  },
-  "application/vnd.doremir.scorecloud-binary-document": {
-    "source": "iana"
-  },
-  "application/vnd.dpgraph": {
-    "source": "iana",
-    "extensions": ["dpg"]
-  },
-  "application/vnd.dreamfactory": {
-    "source": "iana",
-    "extensions": ["dfac"]
-  },
-  "application/vnd.drive+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.ds-keypoint": {
-    "source": "apache",
-    "extensions": ["kpxx"]
-  },
-  "application/vnd.dtg.local": {
-    "source": "iana"
-  },
-  "application/vnd.dtg.local.flash": {
-    "source": "iana"
-  },
-  "application/vnd.dtg.local.html": {
-    "source": "iana"
-  },
-  "application/vnd.dvb.ait": {
-    "source": "iana",
-    "extensions": ["ait"]
-  },
-  "application/vnd.dvb.dvbisl+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.dvb.dvbj": {
-    "source": "iana"
-  },
-  "application/vnd.dvb.esgcontainer": {
-    "source": "iana"
-  },
-  "application/vnd.dvb.ipdcdftnotifaccess": {
-    "source": "iana"
-  },
-  "application/vnd.dvb.ipdcesgaccess": {
-    "source": "iana"
-  },
-  "application/vnd.dvb.ipdcesgaccess2": {
-    "source": "iana"
-  },
-  "application/vnd.dvb.ipdcesgpdd": {
-    "source": "iana"
-  },
-  "application/vnd.dvb.ipdcroaming": {
-    "source": "iana"
-  },
-  "application/vnd.dvb.iptv.alfec-base": {
-    "source": "iana"
-  },
-  "application/vnd.dvb.iptv.alfec-enhancement": {
-    "source": "iana"
-  },
-  "application/vnd.dvb.notif-aggregate-root+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.dvb.notif-container+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.dvb.notif-generic+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.dvb.notif-ia-msglist+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.dvb.notif-ia-registration-request+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.dvb.notif-ia-registration-response+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.dvb.notif-init+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.dvb.pfr": {
-    "source": "iana"
-  },
-  "application/vnd.dvb.service": {
-    "source": "iana",
-    "extensions": ["svc"]
-  },
-  "application/vnd.dxr": {
-    "source": "iana"
-  },
-  "application/vnd.dynageo": {
-    "source": "iana",
-    "extensions": ["geo"]
-  },
-  "application/vnd.dzr": {
-    "source": "iana"
-  },
-  "application/vnd.easykaraoke.cdgdownload": {
-    "source": "iana"
-  },
-  "application/vnd.ecdis-update": {
-    "source": "iana"
-  },
-  "application/vnd.ecip.rlp": {
-    "source": "iana"
-  },
-  "application/vnd.eclipse.ditto+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.ecowin.chart": {
-    "source": "iana",
-    "extensions": ["mag"]
-  },
-  "application/vnd.ecowin.filerequest": {
-    "source": "iana"
-  },
-  "application/vnd.ecowin.fileupdate": {
-    "source": "iana"
-  },
-  "application/vnd.ecowin.series": {
-    "source": "iana"
-  },
-  "application/vnd.ecowin.seriesrequest": {
-    "source": "iana"
-  },
-  "application/vnd.ecowin.seriesupdate": {
-    "source": "iana"
-  },
-  "application/vnd.efi.img": {
-    "source": "iana"
-  },
-  "application/vnd.efi.iso": {
-    "source": "iana"
-  },
-  "application/vnd.emclient.accessrequest+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.enliven": {
-    "source": "iana",
-    "extensions": ["nml"]
-  },
-  "application/vnd.enphase.envoy": {
-    "source": "iana"
-  },
-  "application/vnd.eprints.data+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.epson.esf": {
-    "source": "iana",
-    "extensions": ["esf"]
-  },
-  "application/vnd.epson.msf": {
-    "source": "iana",
-    "extensions": ["msf"]
-  },
-  "application/vnd.epson.quickanime": {
-    "source": "iana",
-    "extensions": ["qam"]
-  },
-  "application/vnd.epson.salt": {
-    "source": "iana",
-    "extensions": ["slt"]
-  },
-  "application/vnd.epson.ssf": {
-    "source": "iana",
-    "extensions": ["ssf"]
-  },
-  "application/vnd.ericsson.quickcall": {
-    "source": "iana"
-  },
-  "application/vnd.espass-espass+zip": {
-    "source": "iana",
-    "compressible": false
-  },
-  "application/vnd.eszigno3+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["es3","et3"]
-  },
-  "application/vnd.etsi.aoc+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.etsi.asic-e+zip": {
-    "source": "iana",
-    "compressible": false
-  },
-  "application/vnd.etsi.asic-s+zip": {
-    "source": "iana",
-    "compressible": false
-  },
-  "application/vnd.etsi.cug+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.etsi.iptvcommand+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.etsi.iptvdiscovery+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.etsi.iptvprofile+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.etsi.iptvsad-bc+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.etsi.iptvsad-cod+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.etsi.iptvsad-npvr+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.etsi.iptvservice+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.etsi.iptvsync+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.etsi.iptvueprofile+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.etsi.mcid+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.etsi.mheg5": {
-    "source": "iana"
-  },
-  "application/vnd.etsi.overload-control-policy-dataset+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.etsi.pstn+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.etsi.sci+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.etsi.simservs+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.etsi.timestamp-token": {
-    "source": "iana"
-  },
-  "application/vnd.etsi.tsl+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.etsi.tsl.der": {
-    "source": "iana"
-  },
-  "application/vnd.eu.kasparian.car+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.eudora.data": {
-    "source": "iana"
-  },
-  "application/vnd.evolv.ecig.profile": {
-    "source": "iana"
-  },
-  "application/vnd.evolv.ecig.settings": {
-    "source": "iana"
-  },
-  "application/vnd.evolv.ecig.theme": {
-    "source": "iana"
-  },
-  "application/vnd.exstream-empower+zip": {
-    "source": "iana",
-    "compressible": false
-  },
-  "application/vnd.exstream-package": {
-    "source": "iana"
-  },
-  "application/vnd.ezpix-album": {
-    "source": "iana",
-    "extensions": ["ez2"]
-  },
-  "application/vnd.ezpix-package": {
-    "source": "iana",
-    "extensions": ["ez3"]
-  },
-  "application/vnd.f-secure.mobile": {
-    "source": "iana"
-  },
-  "application/vnd.familysearch.gedcom+zip": {
-    "source": "iana",
-    "compressible": false
-  },
-  "application/vnd.fastcopy-disk-image": {
-    "source": "iana"
-  },
-  "application/vnd.fdf": {
-    "source": "iana",
-    "extensions": ["fdf"]
-  },
-  "application/vnd.fdsn.mseed": {
-    "source": "iana",
-    "extensions": ["mseed"]
-  },
-  "application/vnd.fdsn.seed": {
-    "source": "iana",
-    "extensions": ["seed","dataless"]
-  },
-  "application/vnd.ffsns": {
-    "source": "iana"
-  },
-  "application/vnd.ficlab.flb+zip": {
-    "source": "iana",
-    "compressible": false
-  },
-  "application/vnd.filmit.zfc": {
-    "source": "iana"
-  },
-  "application/vnd.fints": {
-    "source": "iana"
-  },
-  "application/vnd.firemonkeys.cloudcell": {
-    "source": "iana"
-  },
-  "application/vnd.flographit": {
-    "source": "iana",
-    "extensions": ["gph"]
-  },
-  "application/vnd.fluxtime.clip": {
-    "source": "iana",
-    "extensions": ["ftc"]
-  },
-  "application/vnd.font-fontforge-sfd": {
-    "source": "iana"
-  },
-  "application/vnd.framemaker": {
-    "source": "iana",
-    "extensions": ["fm","frame","maker","book"]
-  },
-  "application/vnd.frogans.fnc": {
-    "source": "iana",
-    "extensions": ["fnc"]
-  },
-  "application/vnd.frogans.ltf": {
-    "source": "iana",
-    "extensions": ["ltf"]
-  },
-  "application/vnd.fsc.weblaunch": {
-    "source": "iana",
-    "extensions": ["fsc"]
-  },
-  "application/vnd.fujifilm.fb.docuworks": {
-    "source": "iana"
-  },
-  "application/vnd.fujifilm.fb.docuworks.binder": {
-    "source": "iana"
-  },
-  "application/vnd.fujifilm.fb.docuworks.container": {
-    "source": "iana"
-  },
-  "application/vnd.fujifilm.fb.jfi+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.fujitsu.oasys": {
-    "source": "iana",
-    "extensions": ["oas"]
-  },
-  "application/vnd.fujitsu.oasys2": {
-    "source": "iana",
-    "extensions": ["oa2"]
-  },
-  "application/vnd.fujitsu.oasys3": {
-    "source": "iana",
-    "extensions": ["oa3"]
-  },
-  "application/vnd.fujitsu.oasysgp": {
-    "source": "iana",
-    "extensions": ["fg5"]
-  },
-  "application/vnd.fujitsu.oasysprs": {
-    "source": "iana",
-    "extensions": ["bh2"]
-  },
-  "application/vnd.fujixerox.art-ex": {
-    "source": "iana"
-  },
-  "application/vnd.fujixerox.art4": {
-    "source": "iana"
-  },
-  "application/vnd.fujixerox.ddd": {
-    "source": "iana",
-    "extensions": ["ddd"]
-  },
-  "application/vnd.fujixerox.docuworks": {
-    "source": "iana",
-    "extensions": ["xdw"]
-  },
-  "application/vnd.fujixerox.docuworks.binder": {
-    "source": "iana",
-    "extensions": ["xbd"]
-  },
-  "application/vnd.fujixerox.docuworks.container": {
-    "source": "iana"
-  },
-  "application/vnd.fujixerox.hbpl": {
-    "source": "iana"
-  },
-  "application/vnd.fut-misnet": {
-    "source": "iana"
-  },
-  "application/vnd.futoin+cbor": {
-    "source": "iana"
-  },
-  "application/vnd.futoin+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.fuzzysheet": {
-    "source": "iana",
-    "extensions": ["fzs"]
-  },
-  "application/vnd.genomatix.tuxedo": {
-    "source": "iana",
-    "extensions": ["txd"]
-  },
-  "application/vnd.gentics.grd+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.geo+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.geocube+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.geogebra.file": {
-    "source": "iana",
-    "extensions": ["ggb"]
-  },
-  "application/vnd.geogebra.slides": {
-    "source": "iana"
-  },
-  "application/vnd.geogebra.tool": {
-    "source": "iana",
-    "extensions": ["ggt"]
-  },
-  "application/vnd.geometry-explorer": {
-    "source": "iana",
-    "extensions": ["gex","gre"]
-  },
-  "application/vnd.geonext": {
-    "source": "iana",
-    "extensions": ["gxt"]
-  },
-  "application/vnd.geoplan": {
-    "source": "iana",
-    "extensions": ["g2w"]
-  },
-  "application/vnd.geospace": {
-    "source": "iana",
-    "extensions": ["g3w"]
-  },
-  "application/vnd.gerber": {
-    "source": "iana"
-  },
-  "application/vnd.globalplatform.card-content-mgt": {
-    "source": "iana"
-  },
-  "application/vnd.globalplatform.card-content-mgt-response": {
-    "source": "iana"
-  },
-  "application/vnd.gmx": {
-    "source": "iana",
-    "extensions": ["gmx"]
-  },
-  "application/vnd.google-apps.document": {
-    "compressible": false,
-    "extensions": ["gdoc"]
-  },
-  "application/vnd.google-apps.presentation": {
-    "compressible": false,
-    "extensions": ["gslides"]
-  },
-  "application/vnd.google-apps.spreadsheet": {
-    "compressible": false,
-    "extensions": ["gsheet"]
-  },
-  "application/vnd.google-earth.kml+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["kml"]
-  },
-  "application/vnd.google-earth.kmz": {
-    "source": "iana",
-    "compressible": false,
-    "extensions": ["kmz"]
-  },
-  "application/vnd.gov.sk.e-form+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.gov.sk.e-form+zip": {
-    "source": "iana",
-    "compressible": false
-  },
-  "application/vnd.gov.sk.xmldatacontainer+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.grafeq": {
-    "source": "iana",
-    "extensions": ["gqf","gqs"]
-  },
-  "application/vnd.gridmp": {
-    "source": "iana"
-  },
-  "application/vnd.groove-account": {
-    "source": "iana",
-    "extensions": ["gac"]
-  },
-  "application/vnd.groove-help": {
-    "source": "iana",
-    "extensions": ["ghf"]
-  },
-  "application/vnd.groove-identity-message": {
-    "source": "iana",
-    "extensions": ["gim"]
-  },
-  "application/vnd.groove-injector": {
-    "source": "iana",
-    "extensions": ["grv"]
-  },
-  "application/vnd.groove-tool-message": {
-    "source": "iana",
-    "extensions": ["gtm"]
-  },
-  "application/vnd.groove-tool-template": {
-    "source": "iana",
-    "extensions": ["tpl"]
-  },
-  "application/vnd.groove-vcard": {
-    "source": "iana",
-    "extensions": ["vcg"]
-  },
-  "application/vnd.hal+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.hal+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["hal"]
-  },
-  "application/vnd.handheld-entertainment+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["zmm"]
-  },
-  "application/vnd.hbci": {
-    "source": "iana",
-    "extensions": ["hbci"]
-  },
-  "application/vnd.hc+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.hcl-bireports": {
-    "source": "iana"
-  },
-  "application/vnd.hdt": {
-    "source": "iana"
-  },
-  "application/vnd.heroku+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.hhe.lesson-player": {
-    "source": "iana",
-    "extensions": ["les"]
-  },
-  "application/vnd.hl7cda+xml": {
-    "source": "iana",
-    "charset": "UTF-8",
-    "compressible": true
-  },
-  "application/vnd.hl7v2+xml": {
-    "source": "iana",
-    "charset": "UTF-8",
-    "compressible": true
-  },
-  "application/vnd.hp-hpgl": {
-    "source": "iana",
-    "extensions": ["hpgl"]
-  },
-  "application/vnd.hp-hpid": {
-    "source": "iana",
-    "extensions": ["hpid"]
-  },
-  "application/vnd.hp-hps": {
-    "source": "iana",
-    "extensions": ["hps"]
-  },
-  "application/vnd.hp-jlyt": {
-    "source": "iana",
-    "extensions": ["jlt"]
-  },
-  "application/vnd.hp-pcl": {
-    "source": "iana",
-    "extensions": ["pcl"]
-  },
-  "application/vnd.hp-pclxl": {
-    "source": "iana",
-    "extensions": ["pclxl"]
-  },
-  "application/vnd.httphone": {
-    "source": "iana"
-  },
-  "application/vnd.hydrostatix.sof-data": {
-    "source": "iana",
-    "extensions": ["sfd-hdstx"]
-  },
-  "application/vnd.hyper+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.hyper-item+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.hyperdrive+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.hzn-3d-crossword": {
-    "source": "iana"
-  },
-  "application/vnd.ibm.afplinedata": {
-    "source": "iana"
-  },
-  "application/vnd.ibm.electronic-media": {
-    "source": "iana"
-  },
-  "application/vnd.ibm.minipay": {
-    "source": "iana",
-    "extensions": ["mpy"]
-  },
-  "application/vnd.ibm.modcap": {
-    "source": "iana",
-    "extensions": ["afp","listafp","list3820"]
-  },
-  "application/vnd.ibm.rights-management": {
-    "source": "iana",
-    "extensions": ["irm"]
-  },
-  "application/vnd.ibm.secure-container": {
-    "source": "iana",
-    "extensions": ["sc"]
-  },
-  "application/vnd.iccprofile": {
-    "source": "iana",
-    "extensions": ["icc","icm"]
-  },
-  "application/vnd.ieee.1905": {
-    "source": "iana"
-  },
-  "application/vnd.igloader": {
-    "source": "iana",
-    "extensions": ["igl"]
-  },
-  "application/vnd.imagemeter.folder+zip": {
-    "source": "iana",
-    "compressible": false
-  },
-  "application/vnd.imagemeter.image+zip": {
-    "source": "iana",
-    "compressible": false
-  },
-  "application/vnd.immervision-ivp": {
-    "source": "iana",
-    "extensions": ["ivp"]
-  },
-  "application/vnd.immervision-ivu": {
-    "source": "iana",
-    "extensions": ["ivu"]
-  },
-  "application/vnd.ims.imsccv1p1": {
-    "source": "iana"
-  },
-  "application/vnd.ims.imsccv1p2": {
-    "source": "iana"
-  },
-  "application/vnd.ims.imsccv1p3": {
-    "source": "iana"
-  },
-  "application/vnd.ims.lis.v2.result+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.ims.lti.v2.toolconsumerprofile+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.ims.lti.v2.toolproxy+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.ims.lti.v2.toolproxy.id+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.ims.lti.v2.toolsettings+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.ims.lti.v2.toolsettings.simple+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.informedcontrol.rms+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.informix-visionary": {
-    "source": "iana"
-  },
-  "application/vnd.infotech.project": {
-    "source": "iana"
-  },
-  "application/vnd.infotech.project+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.innopath.wamp.notification": {
-    "source": "iana"
-  },
-  "application/vnd.insors.igm": {
-    "source": "iana",
-    "extensions": ["igm"]
-  },
-  "application/vnd.intercon.formnet": {
-    "source": "iana",
-    "extensions": ["xpw","xpx"]
-  },
-  "application/vnd.intergeo": {
-    "source": "iana",
-    "extensions": ["i2g"]
-  },
-  "application/vnd.intertrust.digibox": {
-    "source": "iana"
-  },
-  "application/vnd.intertrust.nncp": {
-    "source": "iana"
-  },
-  "application/vnd.intu.qbo": {
-    "source": "iana",
-    "extensions": ["qbo"]
-  },
-  "application/vnd.intu.qfx": {
-    "source": "iana",
-    "extensions": ["qfx"]
-  },
-  "application/vnd.iptc.g2.catalogitem+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.iptc.g2.conceptitem+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.iptc.g2.knowledgeitem+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.iptc.g2.newsitem+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.iptc.g2.newsmessage+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.iptc.g2.packageitem+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.iptc.g2.planningitem+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.ipunplugged.rcprofile": {
-    "source": "iana",
-    "extensions": ["rcprofile"]
-  },
-  "application/vnd.irepository.package+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["irp"]
-  },
-  "application/vnd.is-xpr": {
-    "source": "iana",
-    "extensions": ["xpr"]
-  },
-  "application/vnd.isac.fcs": {
-    "source": "iana",
-    "extensions": ["fcs"]
-  },
-  "application/vnd.iso11783-10+zip": {
-    "source": "iana",
-    "compressible": false
-  },
-  "application/vnd.jam": {
-    "source": "iana",
-    "extensions": ["jam"]
-  },
-  "application/vnd.japannet-directory-service": {
-    "source": "iana"
-  },
-  "application/vnd.japannet-jpnstore-wakeup": {
-    "source": "iana"
-  },
-  "application/vnd.japannet-payment-wakeup": {
-    "source": "iana"
-  },
-  "application/vnd.japannet-registration": {
-    "source": "iana"
-  },
-  "application/vnd.japannet-registration-wakeup": {
-    "source": "iana"
-  },
-  "application/vnd.japannet-setstore-wakeup": {
-    "source": "iana"
-  },
-  "application/vnd.japannet-verification": {
-    "source": "iana"
-  },
-  "application/vnd.japannet-verification-wakeup": {
-    "source": "iana"
-  },
-  "application/vnd.jcp.javame.midlet-rms": {
-    "source": "iana",
-    "extensions": ["rms"]
-  },
-  "application/vnd.jisp": {
-    "source": "iana",
-    "extensions": ["jisp"]
-  },
-  "application/vnd.joost.joda-archive": {
-    "source": "iana",
-    "extensions": ["joda"]
-  },
-  "application/vnd.jsk.isdn-ngn": {
-    "source": "iana"
-  },
-  "application/vnd.kahootz": {
-    "source": "iana",
-    "extensions": ["ktz","ktr"]
-  },
-  "application/vnd.kde.karbon": {
-    "source": "iana",
-    "extensions": ["karbon"]
-  },
-  "application/vnd.kde.kchart": {
-    "source": "iana",
-    "extensions": ["chrt"]
-  },
-  "application/vnd.kde.kformula": {
-    "source": "iana",
-    "extensions": ["kfo"]
-  },
-  "application/vnd.kde.kivio": {
-    "source": "iana",
-    "extensions": ["flw"]
-  },
-  "application/vnd.kde.kontour": {
-    "source": "iana",
-    "extensions": ["kon"]
-  },
-  "application/vnd.kde.kpresenter": {
-    "source": "iana",
-    "extensions": ["kpr","kpt"]
-  },
-  "application/vnd.kde.kspread": {
-    "source": "iana",
-    "extensions": ["ksp"]
-  },
-  "application/vnd.kde.kword": {
-    "source": "iana",
-    "extensions": ["kwd","kwt"]
-  },
-  "application/vnd.kenameaapp": {
-    "source": "iana",
-    "extensions": ["htke"]
-  },
-  "application/vnd.kidspiration": {
-    "source": "iana",
-    "extensions": ["kia"]
-  },
-  "application/vnd.kinar": {
-    "source": "iana",
-    "extensions": ["kne","knp"]
-  },
-  "application/vnd.koan": {
-    "source": "iana",
-    "extensions": ["skp","skd","skt","skm"]
-  },
-  "application/vnd.kodak-descriptor": {
-    "source": "iana",
-    "extensions": ["sse"]
-  },
-  "application/vnd.las": {
-    "source": "iana"
-  },
-  "application/vnd.las.las+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.las.las+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["lasxml"]
-  },
-  "application/vnd.laszip": {
-    "source": "iana"
-  },
-  "application/vnd.leap+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.liberty-request+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.llamagraphics.life-balance.desktop": {
-    "source": "iana",
-    "extensions": ["lbd"]
-  },
-  "application/vnd.llamagraphics.life-balance.exchange+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["lbe"]
-  },
-  "application/vnd.logipipe.circuit+zip": {
-    "source": "iana",
-    "compressible": false
-  },
-  "application/vnd.loom": {
-    "source": "iana"
-  },
-  "application/vnd.lotus-1-2-3": {
-    "source": "iana",
-    "extensions": ["123"]
-  },
-  "application/vnd.lotus-approach": {
-    "source": "iana",
-    "extensions": ["apr"]
-  },
-  "application/vnd.lotus-freelance": {
-    "source": "iana",
-    "extensions": ["pre"]
-  },
-  "application/vnd.lotus-notes": {
-    "source": "iana",
-    "extensions": ["nsf"]
-  },
-  "application/vnd.lotus-organizer": {
-    "source": "iana",
-    "extensions": ["org"]
-  },
-  "application/vnd.lotus-screencam": {
-    "source": "iana",
-    "extensions": ["scm"]
-  },
-  "application/vnd.lotus-wordpro": {
-    "source": "iana",
-    "extensions": ["lwp"]
-  },
-  "application/vnd.macports.portpkg": {
-    "source": "iana",
-    "extensions": ["portpkg"]
-  },
-  "application/vnd.mapbox-vector-tile": {
-    "source": "iana",
-    "extensions": ["mvt"]
-  },
-  "application/vnd.marlin.drm.actiontoken+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.marlin.drm.conftoken+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.marlin.drm.license+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.marlin.drm.mdcf": {
-    "source": "iana"
-  },
-  "application/vnd.mason+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.maxar.archive.3tz+zip": {
-    "source": "iana",
-    "compressible": false
-  },
-  "application/vnd.maxmind.maxmind-db": {
-    "source": "iana"
-  },
-  "application/vnd.mcd": {
-    "source": "iana",
-    "extensions": ["mcd"]
-  },
-  "application/vnd.medcalcdata": {
-    "source": "iana",
-    "extensions": ["mc1"]
-  },
-  "application/vnd.mediastation.cdkey": {
-    "source": "iana",
-    "extensions": ["cdkey"]
-  },
-  "application/vnd.meridian-slingshot": {
-    "source": "iana"
-  },
-  "application/vnd.mfer": {
-    "source": "iana",
-    "extensions": ["mwf"]
-  },
-  "application/vnd.mfmp": {
-    "source": "iana",
-    "extensions": ["mfm"]
-  },
-  "application/vnd.micro+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.micrografx.flo": {
-    "source": "iana",
-    "extensions": ["flo"]
-  },
-  "application/vnd.micrografx.igx": {
-    "source": "iana",
-    "extensions": ["igx"]
-  },
-  "application/vnd.microsoft.portable-executable": {
-    "source": "iana"
-  },
-  "application/vnd.microsoft.windows.thumbnail-cache": {
-    "source": "iana"
-  },
-  "application/vnd.miele+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.mif": {
-    "source": "iana",
-    "extensions": ["mif"]
-  },
-  "application/vnd.minisoft-hp3000-save": {
-    "source": "iana"
-  },
-  "application/vnd.mitsubishi.misty-guard.trustweb": {
-    "source": "iana"
-  },
-  "application/vnd.mobius.daf": {
-    "source": "iana",
-    "extensions": ["daf"]
-  },
-  "application/vnd.mobius.dis": {
-    "source": "iana",
-    "extensions": ["dis"]
-  },
-  "application/vnd.mobius.mbk": {
-    "source": "iana",
-    "extensions": ["mbk"]
-  },
-  "application/vnd.mobius.mqy": {
-    "source": "iana",
-    "extensions": ["mqy"]
-  },
-  "application/vnd.mobius.msl": {
-    "source": "iana",
-    "extensions": ["msl"]
-  },
-  "application/vnd.mobius.plc": {
-    "source": "iana",
-    "extensions": ["plc"]
-  },
-  "application/vnd.mobius.txf": {
-    "source": "iana",
-    "extensions": ["txf"]
-  },
-  "application/vnd.mophun.application": {
-    "source": "iana",
-    "extensions": ["mpn"]
-  },
-  "application/vnd.mophun.certificate": {
-    "source": "iana",
-    "extensions": ["mpc"]
-  },
-  "application/vnd.motorola.flexsuite": {
-    "source": "iana"
-  },
-  "application/vnd.motorola.flexsuite.adsi": {
-    "source": "iana"
-  },
-  "application/vnd.motorola.flexsuite.fis": {
-    "source": "iana"
-  },
-  "application/vnd.motorola.flexsuite.gotap": {
-    "source": "iana"
-  },
-  "application/vnd.motorola.flexsuite.kmr": {
-    "source": "iana"
-  },
-  "application/vnd.motorola.flexsuite.ttc": {
-    "source": "iana"
-  },
-  "application/vnd.motorola.flexsuite.wem": {
-    "source": "iana"
-  },
-  "application/vnd.motorola.iprm": {
-    "source": "iana"
-  },
-  "application/vnd.mozilla.xul+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["xul"]
-  },
-  "application/vnd.ms-3mfdocument": {
-    "source": "iana"
-  },
-  "application/vnd.ms-artgalry": {
-    "source": "iana",
-    "extensions": ["cil"]
-  },
-  "application/vnd.ms-asf": {
-    "source": "iana"
-  },
-  "application/vnd.ms-cab-compressed": {
-    "source": "iana",
-    "extensions": ["cab"]
-  },
-  "application/vnd.ms-color.iccprofile": {
-    "source": "apache"
-  },
-  "application/vnd.ms-excel": {
-    "source": "iana",
-    "compressible": false,
-    "extensions": ["xls","xlm","xla","xlc","xlt","xlw"]
-  },
-  "application/vnd.ms-excel.addin.macroenabled.12": {
-    "source": "iana",
-    "extensions": ["xlam"]
-  },
-  "application/vnd.ms-excel.sheet.binary.macroenabled.12": {
-    "source": "iana",
-    "extensions": ["xlsb"]
-  },
-  "application/vnd.ms-excel.sheet.macroenabled.12": {
-    "source": "iana",
-    "extensions": ["xlsm"]
-  },
-  "application/vnd.ms-excel.template.macroenabled.12": {
-    "source": "iana",
-    "extensions": ["xltm"]
-  },
-  "application/vnd.ms-fontobject": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["eot"]
-  },
-  "application/vnd.ms-htmlhelp": {
-    "source": "iana",
-    "extensions": ["chm"]
-  },
-  "application/vnd.ms-ims": {
-    "source": "iana",
-    "extensions": ["ims"]
-  },
-  "application/vnd.ms-lrm": {
-    "source": "iana",
-    "extensions": ["lrm"]
-  },
-  "application/vnd.ms-office.activex+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.ms-officetheme": {
-    "source": "iana",
-    "extensions": ["thmx"]
-  },
-  "application/vnd.ms-opentype": {
-    "source": "apache",
-    "compressible": true
-  },
-  "application/vnd.ms-outlook": {
-    "compressible": false,
-    "extensions": ["msg"]
-  },
-  "application/vnd.ms-package.obfuscated-opentype": {
-    "source": "apache"
-  },
-  "application/vnd.ms-pki.seccat": {
-    "source": "apache",
-    "extensions": ["cat"]
-  },
-  "application/vnd.ms-pki.stl": {
-    "source": "apache",
-    "extensions": ["stl"]
-  },
-  "application/vnd.ms-playready.initiator+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.ms-powerpoint": {
-    "source": "iana",
-    "compressible": false,
-    "extensions": ["ppt","pps","pot"]
-  },
-  "application/vnd.ms-powerpoint.addin.macroenabled.12": {
-    "source": "iana",
-    "extensions": ["ppam"]
-  },
-  "application/vnd.ms-powerpoint.presentation.macroenabled.12": {
-    "source": "iana",
-    "extensions": ["pptm"]
-  },
-  "application/vnd.ms-powerpoint.slide.macroenabled.12": {
-    "source": "iana",
-    "extensions": ["sldm"]
-  },
-  "application/vnd.ms-powerpoint.slideshow.macroenabled.12": {
-    "source": "iana",
-    "extensions": ["ppsm"]
-  },
-  "application/vnd.ms-powerpoint.template.macroenabled.12": {
-    "source": "iana",
-    "extensions": ["potm"]
-  },
-  "application/vnd.ms-printdevicecapabilities+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.ms-printing.printticket+xml": {
-    "source": "apache",
-    "compressible": true
-  },
-  "application/vnd.ms-printschematicket+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.ms-project": {
-    "source": "iana",
-    "extensions": ["mpp","mpt"]
-  },
-  "application/vnd.ms-tnef": {
-    "source": "iana"
-  },
-  "application/vnd.ms-windows.devicepairing": {
-    "source": "iana"
-  },
-  "application/vnd.ms-windows.nwprinting.oob": {
-    "source": "iana"
-  },
-  "application/vnd.ms-windows.printerpairing": {
-    "source": "iana"
-  },
-  "application/vnd.ms-windows.wsd.oob": {
-    "source": "iana"
-  },
-  "application/vnd.ms-wmdrm.lic-chlg-req": {
-    "source": "iana"
-  },
-  "application/vnd.ms-wmdrm.lic-resp": {
-    "source": "iana"
-  },
-  "application/vnd.ms-wmdrm.meter-chlg-req": {
-    "source": "iana"
-  },
-  "application/vnd.ms-wmdrm.meter-resp": {
-    "source": "iana"
-  },
-  "application/vnd.ms-word.document.macroenabled.12": {
-    "source": "iana",
-    "extensions": ["docm"]
-  },
-  "application/vnd.ms-word.template.macroenabled.12": {
-    "source": "iana",
-    "extensions": ["dotm"]
-  },
-  "application/vnd.ms-works": {
-    "source": "iana",
-    "extensions": ["wps","wks","wcm","wdb"]
-  },
-  "application/vnd.ms-wpl": {
-    "source": "iana",
-    "extensions": ["wpl"]
-  },
-  "application/vnd.ms-xpsdocument": {
-    "source": "iana",
-    "compressible": false,
-    "extensions": ["xps"]
-  },
-  "application/vnd.msa-disk-image": {
-    "source": "iana"
-  },
-  "application/vnd.mseq": {
-    "source": "iana",
-    "extensions": ["mseq"]
-  },
-  "application/vnd.msign": {
-    "source": "iana"
-  },
-  "application/vnd.multiad.creator": {
-    "source": "iana"
-  },
-  "application/vnd.multiad.creator.cif": {
-    "source": "iana"
-  },
-  "application/vnd.music-niff": {
-    "source": "iana"
-  },
-  "application/vnd.musician": {
-    "source": "iana",
-    "extensions": ["mus"]
-  },
-  "application/vnd.muvee.style": {
-    "source": "iana",
-    "extensions": ["msty"]
-  },
-  "application/vnd.mynfc": {
-    "source": "iana",
-    "extensions": ["taglet"]
-  },
-  "application/vnd.nacamar.ybrid+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.ncd.control": {
-    "source": "iana"
-  },
-  "application/vnd.ncd.reference": {
-    "source": "iana"
-  },
-  "application/vnd.nearst.inv+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.nebumind.line": {
-    "source": "iana"
-  },
-  "application/vnd.nervana": {
-    "source": "iana"
-  },
-  "application/vnd.netfpx": {
-    "source": "iana"
-  },
-  "application/vnd.neurolanguage.nlu": {
-    "source": "iana",
-    "extensions": ["nlu"]
-  },
-  "application/vnd.nimn": {
-    "source": "iana"
-  },
-  "application/vnd.nintendo.nitro.rom": {
-    "source": "iana"
-  },
-  "application/vnd.nintendo.snes.rom": {
-    "source": "iana"
-  },
-  "application/vnd.nitf": {
-    "source": "iana",
-    "extensions": ["ntf","nitf"]
-  },
-  "application/vnd.noblenet-directory": {
-    "source": "iana",
-    "extensions": ["nnd"]
-  },
-  "application/vnd.noblenet-sealer": {
-    "source": "iana",
-    "extensions": ["nns"]
-  },
-  "application/vnd.noblenet-web": {
-    "source": "iana",
-    "extensions": ["nnw"]
-  },
-  "application/vnd.nokia.catalogs": {
-    "source": "iana"
-  },
-  "application/vnd.nokia.conml+wbxml": {
-    "source": "iana"
-  },
-  "application/vnd.nokia.conml+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.nokia.iptv.config+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.nokia.isds-radio-presets": {
-    "source": "iana"
-  },
-  "application/vnd.nokia.landmark+wbxml": {
-    "source": "iana"
-  },
-  "application/vnd.nokia.landmark+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.nokia.landmarkcollection+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.nokia.n-gage.ac+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["ac"]
-  },
-  "application/vnd.nokia.n-gage.data": {
-    "source": "iana",
-    "extensions": ["ngdat"]
-  },
-  "application/vnd.nokia.n-gage.symbian.install": {
-    "source": "iana",
-    "extensions": ["n-gage"]
-  },
-  "application/vnd.nokia.ncd": {
-    "source": "iana"
-  },
-  "application/vnd.nokia.pcd+wbxml": {
-    "source": "iana"
-  },
-  "application/vnd.nokia.pcd+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.nokia.radio-preset": {
-    "source": "iana",
-    "extensions": ["rpst"]
-  },
-  "application/vnd.nokia.radio-presets": {
-    "source": "iana",
-    "extensions": ["rpss"]
-  },
-  "application/vnd.novadigm.edm": {
-    "source": "iana",
-    "extensions": ["edm"]
-  },
-  "application/vnd.novadigm.edx": {
-    "source": "iana",
-    "extensions": ["edx"]
-  },
-  "application/vnd.novadigm.ext": {
-    "source": "iana",
-    "extensions": ["ext"]
-  },
-  "application/vnd.ntt-local.content-share": {
-    "source": "iana"
-  },
-  "application/vnd.ntt-local.file-transfer": {
-    "source": "iana"
-  },
-  "application/vnd.ntt-local.ogw_remote-access": {
-    "source": "iana"
-  },
-  "application/vnd.ntt-local.sip-ta_remote": {
-    "source": "iana"
-  },
-  "application/vnd.ntt-local.sip-ta_tcp_stream": {
-    "source": "iana"
-  },
-  "application/vnd.oasis.opendocument.chart": {
-    "source": "iana",
-    "extensions": ["odc"]
-  },
-  "application/vnd.oasis.opendocument.chart-template": {
-    "source": "iana",
-    "extensions": ["otc"]
-  },
-  "application/vnd.oasis.opendocument.database": {
-    "source": "iana",
-    "extensions": ["odb"]
-  },
-  "application/vnd.oasis.opendocument.formula": {
-    "source": "iana",
-    "extensions": ["odf"]
-  },
-  "application/vnd.oasis.opendocument.formula-template": {
-    "source": "iana",
-    "extensions": ["odft"]
-  },
-  "application/vnd.oasis.opendocument.graphics": {
-    "source": "iana",
-    "compressible": false,
-    "extensions": ["odg"]
-  },
-  "application/vnd.oasis.opendocument.graphics-template": {
-    "source": "iana",
-    "extensions": ["otg"]
-  },
-  "application/vnd.oasis.opendocument.image": {
-    "source": "iana",
-    "extensions": ["odi"]
-  },
-  "application/vnd.oasis.opendocument.image-template": {
-    "source": "iana",
-    "extensions": ["oti"]
-  },
-  "application/vnd.oasis.opendocument.presentation": {
-    "source": "iana",
-    "compressible": false,
-    "extensions": ["odp"]
-  },
-  "application/vnd.oasis.opendocument.presentation-template": {
-    "source": "iana",
-    "extensions": ["otp"]
-  },
-  "application/vnd.oasis.opendocument.spreadsheet": {
-    "source": "iana",
-    "compressible": false,
-    "extensions": ["ods"]
-  },
-  "application/vnd.oasis.opendocument.spreadsheet-template": {
-    "source": "iana",
-    "extensions": ["ots"]
-  },
-  "application/vnd.oasis.opendocument.text": {
-    "source": "iana",
-    "compressible": false,
-    "extensions": ["odt"]
-  },
-  "application/vnd.oasis.opendocument.text-master": {
-    "source": "iana",
-    "extensions": ["odm"]
-  },
-  "application/vnd.oasis.opendocument.text-template": {
-    "source": "iana",
-    "extensions": ["ott"]
-  },
-  "application/vnd.oasis.opendocument.text-web": {
-    "source": "iana",
-    "extensions": ["oth"]
-  },
-  "application/vnd.obn": {
-    "source": "iana"
-  },
-  "application/vnd.ocf+cbor": {
-    "source": "iana"
-  },
-  "application/vnd.oci.image.manifest.v1+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.oftn.l10n+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.oipf.contentaccessdownload+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.oipf.contentaccessstreaming+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.oipf.cspg-hexbinary": {
-    "source": "iana"
-  },
-  "application/vnd.oipf.dae.svg+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.oipf.dae.xhtml+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.oipf.mippvcontrolmessage+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.oipf.pae.gem": {
-    "source": "iana"
-  },
-  "application/vnd.oipf.spdiscovery+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.oipf.spdlist+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.oipf.ueprofile+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.oipf.userprofile+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.olpc-sugar": {
-    "source": "iana",
-    "extensions": ["xo"]
-  },
-  "application/vnd.oma-scws-config": {
-    "source": "iana"
-  },
-  "application/vnd.oma-scws-http-request": {
-    "source": "iana"
-  },
-  "application/vnd.oma-scws-http-response": {
-    "source": "iana"
-  },
-  "application/vnd.oma.bcast.associated-procedure-parameter+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.oma.bcast.drm-trigger+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.oma.bcast.imd+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.oma.bcast.ltkm": {
-    "source": "iana"
-  },
-  "application/vnd.oma.bcast.notification+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.oma.bcast.provisioningtrigger": {
-    "source": "iana"
-  },
-  "application/vnd.oma.bcast.sgboot": {
-    "source": "iana"
-  },
-  "application/vnd.oma.bcast.sgdd+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.oma.bcast.sgdu": {
-    "source": "iana"
-  },
-  "application/vnd.oma.bcast.simple-symbol-container": {
-    "source": "iana"
-  },
-  "application/vnd.oma.bcast.smartcard-trigger+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.oma.bcast.sprov+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.oma.bcast.stkm": {
-    "source": "iana"
-  },
-  "application/vnd.oma.cab-address-book+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.oma.cab-feature-handler+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.oma.cab-pcc+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.oma.cab-subs-invite+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.oma.cab-user-prefs+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.oma.dcd": {
-    "source": "iana"
-  },
-  "application/vnd.oma.dcdc": {
-    "source": "iana"
-  },
-  "application/vnd.oma.dd2+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["dd2"]
-  },
-  "application/vnd.oma.drm.risd+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.oma.group-usage-list+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.oma.lwm2m+cbor": {
-    "source": "iana"
-  },
-  "application/vnd.oma.lwm2m+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.oma.lwm2m+tlv": {
-    "source": "iana"
-  },
-  "application/vnd.oma.pal+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.oma.poc.detailed-progress-report+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.oma.poc.final-report+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.oma.poc.groups+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.oma.poc.invocation-descriptor+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.oma.poc.optimized-progress-report+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.oma.push": {
-    "source": "iana"
-  },
-  "application/vnd.oma.scidm.messages+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.oma.xcap-directory+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.omads-email+xml": {
-    "source": "iana",
-    "charset": "UTF-8",
-    "compressible": true
-  },
-  "application/vnd.omads-file+xml": {
-    "source": "iana",
-    "charset": "UTF-8",
-    "compressible": true
-  },
-  "application/vnd.omads-folder+xml": {
-    "source": "iana",
-    "charset": "UTF-8",
-    "compressible": true
-  },
-  "application/vnd.omaloc-supl-init": {
-    "source": "iana"
-  },
-  "application/vnd.onepager": {
-    "source": "iana"
-  },
-  "application/vnd.onepagertamp": {
-    "source": "iana"
-  },
-  "application/vnd.onepagertamx": {
-    "source": "iana"
-  },
-  "application/vnd.onepagertat": {
-    "source": "iana"
-  },
-  "application/vnd.onepagertatp": {
-    "source": "iana"
-  },
-  "application/vnd.onepagertatx": {
-    "source": "iana"
-  },
-  "application/vnd.openblox.game+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["obgx"]
-  },
-  "application/vnd.openblox.game-binary": {
-    "source": "iana"
-  },
-  "application/vnd.openeye.oeb": {
-    "source": "iana"
-  },
-  "application/vnd.openofficeorg.extension": {
-    "source": "apache",
-    "extensions": ["oxt"]
-  },
-  "application/vnd.openstreetmap.data+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["osm"]
-  },
-  "application/vnd.opentimestamps.ots": {
-    "source": "iana"
-  },
-  "application/vnd.openxmlformats-officedocument.custom-properties+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.customxmlproperties+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.drawing+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.drawingml.chart+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.drawingml.chartshapes+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.drawingml.diagramcolors+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.drawingml.diagramdata+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.drawingml.diagramlayout+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.drawingml.diagramstyle+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.extended-properties+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.presentationml.commentauthors+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.presentationml.comments+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.presentationml.handoutmaster+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.presentationml.notesmaster+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.presentationml.notesslide+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.presentationml.presentation": {
-    "source": "iana",
-    "compressible": false,
-    "extensions": ["pptx"]
-  },
-  "application/vnd.openxmlformats-officedocument.presentationml.presentation.main+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.presentationml.presprops+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.presentationml.slide": {
-    "source": "iana",
-    "extensions": ["sldx"]
-  },
-  "application/vnd.openxmlformats-officedocument.presentationml.slide+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.presentationml.slidelayout+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.presentationml.slidemaster+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.presentationml.slideshow": {
-    "source": "iana",
-    "extensions": ["ppsx"]
-  },
-  "application/vnd.openxmlformats-officedocument.presentationml.slideshow.main+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.presentationml.slideupdateinfo+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.presentationml.tablestyles+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.presentationml.tags+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.presentationml.template": {
-    "source": "iana",
-    "extensions": ["potx"]
-  },
-  "application/vnd.openxmlformats-officedocument.presentationml.template.main+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.presentationml.viewprops+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.spreadsheetml.calcchain+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.spreadsheetml.chartsheet+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.spreadsheetml.comments+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.spreadsheetml.connections+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.spreadsheetml.dialogsheet+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.spreadsheetml.externallink+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.spreadsheetml.pivotcachedefinition+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.spreadsheetml.pivotcacherecords+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.spreadsheetml.pivottable+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.spreadsheetml.querytable+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.spreadsheetml.revisionheaders+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.spreadsheetml.revisionlog+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.spreadsheetml.sharedstrings+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet": {
-    "source": "iana",
-    "compressible": false,
-    "extensions": ["xlsx"]
-  },
-  "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet.main+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.spreadsheetml.sheetmetadata+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.spreadsheetml.styles+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.spreadsheetml.table+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.spreadsheetml.tablesinglecells+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.spreadsheetml.template": {
-    "source": "iana",
-    "extensions": ["xltx"]
-  },
-  "application/vnd.openxmlformats-officedocument.spreadsheetml.template.main+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.spreadsheetml.usernames+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.spreadsheetml.volatiledependencies+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.spreadsheetml.worksheet+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.theme+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.themeoverride+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.vmldrawing": {
-    "source": "iana"
-  },
-  "application/vnd.openxmlformats-officedocument.wordprocessingml.comments+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.wordprocessingml.document": {
-    "source": "iana",
-    "compressible": false,
-    "extensions": ["docx"]
-  },
-  "application/vnd.openxmlformats-officedocument.wordprocessingml.document.glossary+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.wordprocessingml.document.main+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.wordprocessingml.endnotes+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.wordprocessingml.fonttable+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.wordprocessingml.footer+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.wordprocessingml.footnotes+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.wordprocessingml.numbering+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.wordprocessingml.settings+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.wordprocessingml.styles+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.wordprocessingml.template": {
-    "source": "iana",
-    "extensions": ["dotx"]
-  },
-  "application/vnd.openxmlformats-officedocument.wordprocessingml.template.main+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-officedocument.wordprocessingml.websettings+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-package.core-properties+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-package.digital-signature-xmlsignature+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.openxmlformats-package.relationships+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.oracle.resource+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.orange.indata": {
-    "source": "iana"
-  },
-  "application/vnd.osa.netdeploy": {
-    "source": "iana"
-  },
-  "application/vnd.osgeo.mapguide.package": {
-    "source": "iana",
-    "extensions": ["mgp"]
-  },
-  "application/vnd.osgi.bundle": {
-    "source": "iana"
-  },
-  "application/vnd.osgi.dp": {
-    "source": "iana",
-    "extensions": ["dp"]
-  },
-  "application/vnd.osgi.subsystem": {
-    "source": "iana",
-    "extensions": ["esa"]
-  },
-  "application/vnd.otps.ct-kip+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.oxli.countgraph": {
-    "source": "iana"
-  },
-  "application/vnd.pagerduty+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.palm": {
-    "source": "iana",
-    "extensions": ["pdb","pqa","oprc"]
-  },
-  "application/vnd.panoply": {
-    "source": "iana"
-  },
-  "application/vnd.paos.xml": {
-    "source": "iana"
-  },
-  "application/vnd.patentdive": {
-    "source": "iana"
-  },
-  "application/vnd.patientecommsdoc": {
-    "source": "iana"
-  },
-  "application/vnd.pawaafile": {
-    "source": "iana",
-    "extensions": ["paw"]
-  },
-  "application/vnd.pcos": {
-    "source": "iana"
-  },
-  "application/vnd.pg.format": {
-    "source": "iana",
-    "extensions": ["str"]
-  },
-  "application/vnd.pg.osasli": {
-    "source": "iana",
-    "extensions": ["ei6"]
-  },
-  "application/vnd.piaccess.application-licence": {
-    "source": "iana"
-  },
-  "application/vnd.picsel": {
-    "source": "iana",
-    "extensions": ["efif"]
-  },
-  "application/vnd.pmi.widget": {
-    "source": "iana",
-    "extensions": ["wg"]
-  },
-  "application/vnd.poc.group-advertisement+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.pocketlearn": {
-    "source": "iana",
-    "extensions": ["plf"]
-  },
-  "application/vnd.powerbuilder6": {
-    "source": "iana",
-    "extensions": ["pbd"]
-  },
-  "application/vnd.powerbuilder6-s": {
-    "source": "iana"
-  },
-  "application/vnd.powerbuilder7": {
-    "source": "iana"
-  },
-  "application/vnd.powerbuilder7-s": {
-    "source": "iana"
-  },
-  "application/vnd.powerbuilder75": {
-    "source": "iana"
-  },
-  "application/vnd.powerbuilder75-s": {
-    "source": "iana"
-  },
-  "application/vnd.preminet": {
-    "source": "iana"
-  },
-  "application/vnd.previewsystems.box": {
-    "source": "iana",
-    "extensions": ["box"]
-  },
-  "application/vnd.proteus.magazine": {
-    "source": "iana",
-    "extensions": ["mgz"]
-  },
-  "application/vnd.psfs": {
-    "source": "iana"
-  },
-  "application/vnd.publishare-delta-tree": {
-    "source": "iana",
-    "extensions": ["qps"]
-  },
-  "application/vnd.pvi.ptid1": {
-    "source": "iana",
-    "extensions": ["ptid"]
-  },
-  "application/vnd.pwg-multiplexed": {
-    "source": "iana"
-  },
-  "application/vnd.pwg-xhtml-print+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.qualcomm.brew-app-res": {
-    "source": "iana"
-  },
-  "application/vnd.quarantainenet": {
-    "source": "iana"
-  },
-  "application/vnd.quark.quarkxpress": {
-    "source": "iana",
-    "extensions": ["qxd","qxt","qwd","qwt","qxl","qxb"]
-  },
-  "application/vnd.quobject-quoxdocument": {
-    "source": "iana"
-  },
-  "application/vnd.radisys.moml+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.radisys.msml+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.radisys.msml-audit+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.radisys.msml-audit-conf+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.radisys.msml-audit-conn+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.radisys.msml-audit-dialog+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.radisys.msml-audit-stream+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.radisys.msml-conf+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.radisys.msml-dialog+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.radisys.msml-dialog-base+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.radisys.msml-dialog-fax-detect+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.radisys.msml-dialog-fax-sendrecv+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.radisys.msml-dialog-group+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.radisys.msml-dialog-speech+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.radisys.msml-dialog-transform+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.rainstor.data": {
-    "source": "iana"
-  },
-  "application/vnd.rapid": {
-    "source": "iana"
-  },
-  "application/vnd.rar": {
-    "source": "iana",
-    "extensions": ["rar"]
-  },
-  "application/vnd.realvnc.bed": {
-    "source": "iana",
-    "extensions": ["bed"]
-  },
-  "application/vnd.recordare.musicxml": {
-    "source": "iana",
-    "extensions": ["mxl"]
-  },
-  "application/vnd.recordare.musicxml+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["musicxml"]
-  },
-  "application/vnd.renlearn.rlprint": {
-    "source": "iana"
-  },
-  "application/vnd.resilient.logic": {
-    "source": "iana"
-  },
-  "application/vnd.restful+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.rig.cryptonote": {
-    "source": "iana",
-    "extensions": ["cryptonote"]
-  },
-  "application/vnd.rim.cod": {
-    "source": "apache",
-    "extensions": ["cod"]
-  },
-  "application/vnd.rn-realmedia": {
-    "source": "apache",
-    "extensions": ["rm"]
-  },
-  "application/vnd.rn-realmedia-vbr": {
-    "source": "apache",
-    "extensions": ["rmvb"]
-  },
-  "application/vnd.route66.link66+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["link66"]
-  },
-  "application/vnd.rs-274x": {
-    "source": "iana"
-  },
-  "application/vnd.ruckus.download": {
-    "source": "iana"
-  },
-  "application/vnd.s3sms": {
-    "source": "iana"
-  },
-  "application/vnd.sailingtracker.track": {
-    "source": "iana",
-    "extensions": ["st"]
-  },
-  "application/vnd.sar": {
-    "source": "iana"
-  },
-  "application/vnd.sbm.cid": {
-    "source": "iana"
-  },
-  "application/vnd.sbm.mid2": {
-    "source": "iana"
-  },
-  "application/vnd.scribus": {
-    "source": "iana"
-  },
-  "application/vnd.sealed.3df": {
-    "source": "iana"
-  },
-  "application/vnd.sealed.csf": {
-    "source": "iana"
-  },
-  "application/vnd.sealed.doc": {
-    "source": "iana"
-  },
-  "application/vnd.sealed.eml": {
-    "source": "iana"
-  },
-  "application/vnd.sealed.mht": {
-    "source": "iana"
-  },
-  "application/vnd.sealed.net": {
-    "source": "iana"
-  },
-  "application/vnd.sealed.ppt": {
-    "source": "iana"
-  },
-  "application/vnd.sealed.tiff": {
-    "source": "iana"
-  },
-  "application/vnd.sealed.xls": {
-    "source": "iana"
-  },
-  "application/vnd.sealedmedia.softseal.html": {
-    "source": "iana"
-  },
-  "application/vnd.sealedmedia.softseal.pdf": {
-    "source": "iana"
-  },
-  "application/vnd.seemail": {
-    "source": "iana",
-    "extensions": ["see"]
-  },
-  "application/vnd.seis+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.sema": {
-    "source": "iana",
-    "extensions": ["sema"]
-  },
-  "application/vnd.semd": {
-    "source": "iana",
-    "extensions": ["semd"]
-  },
-  "application/vnd.semf": {
-    "source": "iana",
-    "extensions": ["semf"]
-  },
-  "application/vnd.shade-save-file": {
-    "source": "iana"
-  },
-  "application/vnd.shana.informed.formdata": {
-    "source": "iana",
-    "extensions": ["ifm"]
-  },
-  "application/vnd.shana.informed.formtemplate": {
-    "source": "iana",
-    "extensions": ["itp"]
-  },
-  "application/vnd.shana.informed.interchange": {
-    "source": "iana",
-    "extensions": ["iif"]
-  },
-  "application/vnd.shana.informed.package": {
-    "source": "iana",
-    "extensions": ["ipk"]
-  },
-  "application/vnd.shootproof+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.shopkick+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.shp": {
-    "source": "iana"
-  },
-  "application/vnd.shx": {
-    "source": "iana"
-  },
-  "application/vnd.sigrok.session": {
-    "source": "iana"
-  },
-  "application/vnd.simtech-mindmapper": {
-    "source": "iana",
-    "extensions": ["twd","twds"]
-  },
-  "application/vnd.siren+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.smaf": {
-    "source": "iana",
-    "extensions": ["mmf"]
-  },
-  "application/vnd.smart.notebook": {
-    "source": "iana"
-  },
-  "application/vnd.smart.teacher": {
-    "source": "iana",
-    "extensions": ["teacher"]
-  },
-  "application/vnd.snesdev-page-table": {
-    "source": "iana"
-  },
-  "application/vnd.software602.filler.form+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["fo"]
-  },
-  "application/vnd.software602.filler.form-xml-zip": {
-    "source": "iana"
-  },
-  "application/vnd.solent.sdkm+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["sdkm","sdkd"]
-  },
-  "application/vnd.spotfire.dxp": {
-    "source": "iana",
-    "extensions": ["dxp"]
-  },
-  "application/vnd.spotfire.sfs": {
-    "source": "iana",
-    "extensions": ["sfs"]
-  },
-  "application/vnd.sqlite3": {
-    "source": "iana"
-  },
-  "application/vnd.sss-cod": {
-    "source": "iana"
-  },
-  "application/vnd.sss-dtf": {
-    "source": "iana"
-  },
-  "application/vnd.sss-ntf": {
-    "source": "iana"
-  },
-  "application/vnd.stardivision.calc": {
-    "source": "apache",
-    "extensions": ["sdc"]
-  },
-  "application/vnd.stardivision.draw": {
-    "source": "apache",
-    "extensions": ["sda"]
-  },
-  "application/vnd.stardivision.impress": {
-    "source": "apache",
-    "extensions": ["sdd"]
-  },
-  "application/vnd.stardivision.math": {
-    "source": "apache",
-    "extensions": ["smf"]
-  },
-  "application/vnd.stardivision.writer": {
-    "source": "apache",
-    "extensions": ["sdw","vor"]
-  },
-  "application/vnd.stardivision.writer-global": {
-    "source": "apache",
-    "extensions": ["sgl"]
-  },
-  "application/vnd.stepmania.package": {
-    "source": "iana",
-    "extensions": ["smzip"]
-  },
-  "application/vnd.stepmania.stepchart": {
-    "source": "iana",
-    "extensions": ["sm"]
-  },
-  "application/vnd.street-stream": {
-    "source": "iana"
-  },
-  "application/vnd.sun.wadl+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["wadl"]
-  },
-  "application/vnd.sun.xml.calc": {
-    "source": "apache",
-    "extensions": ["sxc"]
-  },
-  "application/vnd.sun.xml.calc.template": {
-    "source": "apache",
-    "extensions": ["stc"]
-  },
-  "application/vnd.sun.xml.draw": {
-    "source": "apache",
-    "extensions": ["sxd"]
-  },
-  "application/vnd.sun.xml.draw.template": {
-    "source": "apache",
-    "extensions": ["std"]
-  },
-  "application/vnd.sun.xml.impress": {
-    "source": "apache",
-    "extensions": ["sxi"]
-  },
-  "application/vnd.sun.xml.impress.template": {
-    "source": "apache",
-    "extensions": ["sti"]
-  },
-  "application/vnd.sun.xml.math": {
-    "source": "apache",
-    "extensions": ["sxm"]
-  },
-  "application/vnd.sun.xml.writer": {
-    "source": "apache",
-    "extensions": ["sxw"]
-  },
-  "application/vnd.sun.xml.writer.global": {
-    "source": "apache",
-    "extensions": ["sxg"]
-  },
-  "application/vnd.sun.xml.writer.template": {
-    "source": "apache",
-    "extensions": ["stw"]
-  },
-  "application/vnd.sus-calendar": {
-    "source": "iana",
-    "extensions": ["sus","susp"]
-  },
-  "application/vnd.svd": {
-    "source": "iana",
-    "extensions": ["svd"]
-  },
-  "application/vnd.swiftview-ics": {
-    "source": "iana"
-  },
-  "application/vnd.sycle+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.syft+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.symbian.install": {
-    "source": "apache",
-    "extensions": ["sis","sisx"]
-  },
-  "application/vnd.syncml+xml": {
-    "source": "iana",
-    "charset": "UTF-8",
-    "compressible": true,
-    "extensions": ["xsm"]
-  },
-  "application/vnd.syncml.dm+wbxml": {
-    "source": "iana",
-    "charset": "UTF-8",
-    "extensions": ["bdm"]
-  },
-  "application/vnd.syncml.dm+xml": {
-    "source": "iana",
-    "charset": "UTF-8",
-    "compressible": true,
-    "extensions": ["xdm"]
-  },
-  "application/vnd.syncml.dm.notification": {
-    "source": "iana"
-  },
-  "application/vnd.syncml.dmddf+wbxml": {
-    "source": "iana"
-  },
-  "application/vnd.syncml.dmddf+xml": {
-    "source": "iana",
-    "charset": "UTF-8",
-    "compressible": true,
-    "extensions": ["ddf"]
-  },
-  "application/vnd.syncml.dmtnds+wbxml": {
-    "source": "iana"
-  },
-  "application/vnd.syncml.dmtnds+xml": {
-    "source": "iana",
-    "charset": "UTF-8",
-    "compressible": true
-  },
-  "application/vnd.syncml.ds.notification": {
-    "source": "iana"
-  },
-  "application/vnd.tableschema+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.tao.intent-module-archive": {
-    "source": "iana",
-    "extensions": ["tao"]
-  },
-  "application/vnd.tcpdump.pcap": {
-    "source": "iana",
-    "extensions": ["pcap","cap","dmp"]
-  },
-  "application/vnd.think-cell.ppttc+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.tmd.mediaflex.api+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.tml": {
-    "source": "iana"
-  },
-  "application/vnd.tmobile-livetv": {
-    "source": "iana",
-    "extensions": ["tmo"]
-  },
-  "application/vnd.tri.onesource": {
-    "source": "iana"
-  },
-  "application/vnd.trid.tpt": {
-    "source": "iana",
-    "extensions": ["tpt"]
-  },
-  "application/vnd.triscape.mxs": {
-    "source": "iana",
-    "extensions": ["mxs"]
-  },
-  "application/vnd.trueapp": {
-    "source": "iana",
-    "extensions": ["tra"]
-  },
-  "application/vnd.truedoc": {
-    "source": "iana"
-  },
-  "application/vnd.ubisoft.webplayer": {
-    "source": "iana"
-  },
-  "application/vnd.ufdl": {
-    "source": "iana",
-    "extensions": ["ufd","ufdl"]
-  },
-  "application/vnd.uiq.theme": {
-    "source": "iana",
-    "extensions": ["utz"]
-  },
-  "application/vnd.umajin": {
-    "source": "iana",
-    "extensions": ["umj"]
-  },
-  "application/vnd.unity": {
-    "source": "iana",
-    "extensions": ["unityweb"]
-  },
-  "application/vnd.uoml+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["uoml"]
-  },
-  "application/vnd.uplanet.alert": {
-    "source": "iana"
-  },
-  "application/vnd.uplanet.alert-wbxml": {
-    "source": "iana"
-  },
-  "application/vnd.uplanet.bearer-choice": {
-    "source": "iana"
-  },
-  "application/vnd.uplanet.bearer-choice-wbxml": {
-    "source": "iana"
-  },
-  "application/vnd.uplanet.cacheop": {
-    "source": "iana"
-  },
-  "application/vnd.uplanet.cacheop-wbxml": {
-    "source": "iana"
-  },
-  "application/vnd.uplanet.channel": {
-    "source": "iana"
-  },
-  "application/vnd.uplanet.channel-wbxml": {
-    "source": "iana"
-  },
-  "application/vnd.uplanet.list": {
-    "source": "iana"
-  },
-  "application/vnd.uplanet.list-wbxml": {
-    "source": "iana"
-  },
-  "application/vnd.uplanet.listcmd": {
-    "source": "iana"
-  },
-  "application/vnd.uplanet.listcmd-wbxml": {
-    "source": "iana"
-  },
-  "application/vnd.uplanet.signal": {
-    "source": "iana"
-  },
-  "application/vnd.uri-map": {
-    "source": "iana"
-  },
-  "application/vnd.valve.source.material": {
-    "source": "iana"
-  },
-  "application/vnd.vcx": {
-    "source": "iana",
-    "extensions": ["vcx"]
-  },
-  "application/vnd.vd-study": {
-    "source": "iana"
-  },
-  "application/vnd.vectorworks": {
-    "source": "iana"
-  },
-  "application/vnd.vel+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.verimatrix.vcas": {
-    "source": "iana"
-  },
-  "application/vnd.veritone.aion+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.veryant.thin": {
-    "source": "iana"
-  },
-  "application/vnd.ves.encrypted": {
-    "source": "iana"
-  },
-  "application/vnd.vidsoft.vidconference": {
-    "source": "iana"
-  },
-  "application/vnd.visio": {
-    "source": "iana",
-    "extensions": ["vsd","vst","vss","vsw"]
-  },
-  "application/vnd.visionary": {
-    "source": "iana",
-    "extensions": ["vis"]
-  },
-  "application/vnd.vividence.scriptfile": {
-    "source": "iana"
-  },
-  "application/vnd.vsf": {
-    "source": "iana",
-    "extensions": ["vsf"]
-  },
-  "application/vnd.wap.sic": {
-    "source": "iana"
-  },
-  "application/vnd.wap.slc": {
-    "source": "iana"
-  },
-  "application/vnd.wap.wbxml": {
-    "source": "iana",
-    "charset": "UTF-8",
-    "extensions": ["wbxml"]
-  },
-  "application/vnd.wap.wmlc": {
-    "source": "iana",
-    "extensions": ["wmlc"]
-  },
-  "application/vnd.wap.wmlscriptc": {
-    "source": "iana",
-    "extensions": ["wmlsc"]
-  },
-  "application/vnd.webturbo": {
-    "source": "iana",
-    "extensions": ["wtb"]
-  },
-  "application/vnd.wfa.dpp": {
-    "source": "iana"
-  },
-  "application/vnd.wfa.p2p": {
-    "source": "iana"
-  },
-  "application/vnd.wfa.wsc": {
-    "source": "iana"
-  },
-  "application/vnd.windows.devicepairing": {
-    "source": "iana"
-  },
-  "application/vnd.wmc": {
-    "source": "iana"
-  },
-  "application/vnd.wmf.bootstrap": {
-    "source": "iana"
-  },
-  "application/vnd.wolfram.mathematica": {
-    "source": "iana"
-  },
-  "application/vnd.wolfram.mathematica.package": {
-    "source": "iana"
-  },
-  "application/vnd.wolfram.player": {
-    "source": "iana",
-    "extensions": ["nbp"]
-  },
-  "application/vnd.wordperfect": {
-    "source": "iana",
-    "extensions": ["wpd"]
-  },
-  "application/vnd.wqd": {
-    "source": "iana",
-    "extensions": ["wqd"]
-  },
-  "application/vnd.wrq-hp3000-labelled": {
-    "source": "iana"
-  },
-  "application/vnd.wt.stf": {
-    "source": "iana",
-    "extensions": ["stf"]
-  },
-  "application/vnd.wv.csp+wbxml": {
-    "source": "iana"
-  },
-  "application/vnd.wv.csp+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.wv.ssp+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.xacml+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.xara": {
-    "source": "iana",
-    "extensions": ["xar"]
-  },
-  "application/vnd.xfdl": {
-    "source": "iana",
-    "extensions": ["xfdl"]
-  },
-  "application/vnd.xfdl.webform": {
-    "source": "iana"
-  },
-  "application/vnd.xmi+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vnd.xmpie.cpkg": {
-    "source": "iana"
-  },
-  "application/vnd.xmpie.dpkg": {
-    "source": "iana"
-  },
-  "application/vnd.xmpie.plan": {
-    "source": "iana"
-  },
-  "application/vnd.xmpie.ppkg": {
-    "source": "iana"
-  },
-  "application/vnd.xmpie.xlim": {
-    "source": "iana"
-  },
-  "application/vnd.yamaha.hv-dic": {
-    "source": "iana",
-    "extensions": ["hvd"]
-  },
-  "application/vnd.yamaha.hv-script": {
-    "source": "iana",
-    "extensions": ["hvs"]
-  },
-  "application/vnd.yamaha.hv-voice": {
-    "source": "iana",
-    "extensions": ["hvp"]
-  },
-  "application/vnd.yamaha.openscoreformat": {
-    "source": "iana",
-    "extensions": ["osf"]
-  },
-  "application/vnd.yamaha.openscoreformat.osfpvg+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["osfpvg"]
-  },
-  "application/vnd.yamaha.remote-setup": {
-    "source": "iana"
-  },
-  "application/vnd.yamaha.smaf-audio": {
-    "source": "iana",
-    "extensions": ["saf"]
-  },
-  "application/vnd.yamaha.smaf-phrase": {
-    "source": "iana",
-    "extensions": ["spf"]
-  },
-  "application/vnd.yamaha.through-ngn": {
-    "source": "iana"
-  },
-  "application/vnd.yamaha.tunnel-udpencap": {
-    "source": "iana"
-  },
-  "application/vnd.yaoweme": {
-    "source": "iana"
-  },
-  "application/vnd.yellowriver-custom-menu": {
-    "source": "iana",
-    "extensions": ["cmp"]
-  },
-  "application/vnd.youtube.yt": {
-    "source": "iana"
-  },
-  "application/vnd.zul": {
-    "source": "iana",
-    "extensions": ["zir","zirz"]
-  },
-  "application/vnd.zzazz.deck+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["zaz"]
-  },
-  "application/voicexml+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["vxml"]
-  },
-  "application/voucher-cms+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/vq-rtcpxr": {
-    "source": "iana"
-  },
-  "application/wasm": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["wasm"]
-  },
-  "application/watcherinfo+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["wif"]
-  },
-  "application/webpush-options+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/whoispp-query": {
-    "source": "iana"
-  },
-  "application/whoispp-response": {
-    "source": "iana"
-  },
-  "application/widget": {
-    "source": "iana",
-    "extensions": ["wgt"]
-  },
-  "application/winhlp": {
-    "source": "apache",
-    "extensions": ["hlp"]
-  },
-  "application/wita": {
-    "source": "iana"
-  },
-  "application/wordperfect5.1": {
-    "source": "iana"
-  },
-  "application/wsdl+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["wsdl"]
-  },
-  "application/wspolicy+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["wspolicy"]
-  },
-  "application/x-7z-compressed": {
-    "source": "apache",
-    "compressible": false,
-    "extensions": ["7z"]
-  },
-  "application/x-abiword": {
-    "source": "apache",
-    "extensions": ["abw"]
-  },
-  "application/x-ace-compressed": {
-    "source": "apache",
-    "extensions": ["ace"]
-  },
-  "application/x-amf": {
-    "source": "apache"
-  },
-  "application/x-apple-diskimage": {
-    "source": "apache",
-    "extensions": ["dmg"]
-  },
-  "application/x-arj": {
-    "compressible": false,
-    "extensions": ["arj"]
-  },
-  "application/x-authorware-bin": {
-    "source": "apache",
-    "extensions": ["aab","x32","u32","vox"]
-  },
-  "application/x-authorware-map": {
-    "source": "apache",
-    "extensions": ["aam"]
-  },
-  "application/x-authorware-seg": {
-    "source": "apache",
-    "extensions": ["aas"]
-  },
-  "application/x-bcpio": {
-    "source": "apache",
-    "extensions": ["bcpio"]
-  },
-  "application/x-bdoc": {
-    "compressible": false,
-    "extensions": ["bdoc"]
-  },
-  "application/x-bittorrent": {
-    "source": "apache",
-    "extensions": ["torrent"]
-  },
-  "application/x-blorb": {
-    "source": "apache",
-    "extensions": ["blb","blorb"]
-  },
-  "application/x-bzip": {
-    "source": "apache",
-    "compressible": false,
-    "extensions": ["bz"]
-  },
-  "application/x-bzip2": {
-    "source": "apache",
-    "compressible": false,
-    "extensions": ["bz2","boz"]
-  },
-  "application/x-cbr": {
-    "source": "apache",
-    "extensions": ["cbr","cba","cbt","cbz","cb7"]
-  },
-  "application/x-cdlink": {
-    "source": "apache",
-    "extensions": ["vcd"]
-  },
-  "application/x-cfs-compressed": {
-    "source": "apache",
-    "extensions": ["cfs"]
-  },
-  "application/x-chat": {
-    "source": "apache",
-    "extensions": ["chat"]
-  },
-  "application/x-chess-pgn": {
-    "source": "apache",
-    "extensions": ["pgn"]
-  },
-  "application/x-chrome-extension": {
-    "extensions": ["crx"]
-  },
-  "application/x-cocoa": {
-    "source": "nginx",
-    "extensions": ["cco"]
-  },
-  "application/x-compress": {
-    "source": "apache"
-  },
-  "application/x-conference": {
-    "source": "apache",
-    "extensions": ["nsc"]
-  },
-  "application/x-cpio": {
-    "source": "apache",
-    "extensions": ["cpio"]
-  },
-  "application/x-csh": {
-    "source": "apache",
-    "extensions": ["csh"]
-  },
-  "application/x-deb": {
-    "compressible": false
-  },
-  "application/x-debian-package": {
-    "source": "apache",
-    "extensions": ["deb","udeb"]
-  },
-  "application/x-dgc-compressed": {
-    "source": "apache",
-    "extensions": ["dgc"]
-  },
-  "application/x-director": {
-    "source": "apache",
-    "extensions": ["dir","dcr","dxr","cst","cct","cxt","w3d","fgd","swa"]
-  },
-  "application/x-doom": {
-    "source": "apache",
-    "extensions": ["wad"]
-  },
-  "application/x-dtbncx+xml": {
-    "source": "apache",
-    "compressible": true,
-    "extensions": ["ncx"]
-  },
-  "application/x-dtbook+xml": {
-    "source": "apache",
-    "compressible": true,
-    "extensions": ["dtb"]
-  },
-  "application/x-dtbresource+xml": {
-    "source": "apache",
-    "compressible": true,
-    "extensions": ["res"]
-  },
-  "application/x-dvi": {
-    "source": "apache",
-    "compressible": false,
-    "extensions": ["dvi"]
-  },
-  "application/x-envoy": {
-    "source": "apache",
-    "extensions": ["evy"]
-  },
-  "application/x-eva": {
-    "source": "apache",
-    "extensions": ["eva"]
-  },
-  "application/x-font-bdf": {
-    "source": "apache",
-    "extensions": ["bdf"]
-  },
-  "application/x-font-dos": {
-    "source": "apache"
-  },
-  "application/x-font-framemaker": {
-    "source": "apache"
-  },
-  "application/x-font-ghostscript": {
-    "source": "apache",
-    "extensions": ["gsf"]
-  },
-  "application/x-font-libgrx": {
-    "source": "apache"
-  },
-  "application/x-font-linux-psf": {
-    "source": "apache",
-    "extensions": ["psf"]
-  },
-  "application/x-font-pcf": {
-    "source": "apache",
-    "extensions": ["pcf"]
-  },
-  "application/x-font-snf": {
-    "source": "apache",
-    "extensions": ["snf"]
-  },
-  "application/x-font-speedo": {
-    "source": "apache"
-  },
-  "application/x-font-sunos-news": {
-    "source": "apache"
-  },
-  "application/x-font-type1": {
-    "source": "apache",
-    "extensions": ["pfa","pfb","pfm","afm"]
-  },
-  "application/x-font-vfont": {
-    "source": "apache"
-  },
-  "application/x-freearc": {
-    "source": "apache",
-    "extensions": ["arc"]
-  },
-  "application/x-futuresplash": {
-    "source": "apache",
-    "extensions": ["spl"]
-  },
-  "application/x-gca-compressed": {
-    "source": "apache",
-    "extensions": ["gca"]
-  },
-  "application/x-glulx": {
-    "source": "apache",
-    "extensions": ["ulx"]
-  },
-  "application/x-gnumeric": {
-    "source": "apache",
-    "extensions": ["gnumeric"]
-  },
-  "application/x-gramps-xml": {
-    "source": "apache",
-    "extensions": ["gramps"]
-  },
-  "application/x-gtar": {
-    "source": "apache",
-    "extensions": ["gtar"]
-  },
-  "application/x-gzip": {
-    "source": "apache"
-  },
-  "application/x-hdf": {
-    "source": "apache",
-    "extensions": ["hdf"]
-  },
-  "application/x-httpd-php": {
-    "compressible": true,
-    "extensions": ["php"]
-  },
-  "application/x-install-instructions": {
-    "source": "apache",
-    "extensions": ["install"]
-  },
-  "application/x-iso9660-image": {
-    "source": "apache",
-    "extensions": ["iso"]
-  },
-  "application/x-iwork-keynote-sffkey": {
-    "extensions": ["key"]
-  },
-  "application/x-iwork-numbers-sffnumbers": {
-    "extensions": ["numbers"]
-  },
-  "application/x-iwork-pages-sffpages": {
-    "extensions": ["pages"]
-  },
-  "application/x-java-archive-diff": {
-    "source": "nginx",
-    "extensions": ["jardiff"]
-  },
-  "application/x-java-jnlp-file": {
-    "source": "apache",
-    "compressible": false,
-    "extensions": ["jnlp"]
-  },
-  "application/x-javascript": {
-    "compressible": true
-  },
-  "application/x-keepass2": {
-    "extensions": ["kdbx"]
-  },
-  "application/x-latex": {
-    "source": "apache",
-    "compressible": false,
-    "extensions": ["latex"]
-  },
-  "application/x-lua-bytecode": {
-    "extensions": ["luac"]
-  },
-  "application/x-lzh-compressed": {
-    "source": "apache",
-    "extensions": ["lzh","lha"]
-  },
-  "application/x-makeself": {
-    "source": "nginx",
-    "extensions": ["run"]
-  },
-  "application/x-mie": {
-    "source": "apache",
-    "extensions": ["mie"]
-  },
-  "application/x-mobipocket-ebook": {
-    "source": "apache",
-    "extensions": ["prc","mobi"]
-  },
-  "application/x-mpegurl": {
-    "compressible": false
-  },
-  "application/x-ms-application": {
-    "source": "apache",
-    "extensions": ["application"]
-  },
-  "application/x-ms-shortcut": {
-    "source": "apache",
-    "extensions": ["lnk"]
-  },
-  "application/x-ms-wmd": {
-    "source": "apache",
-    "extensions": ["wmd"]
-  },
-  "application/x-ms-wmz": {
-    "source": "apache",
-    "extensions": ["wmz"]
-  },
-  "application/x-ms-xbap": {
-    "source": "apache",
-    "extensions": ["xbap"]
-  },
-  "application/x-msaccess": {
-    "source": "apache",
-    "extensions": ["mdb"]
-  },
-  "application/x-msbinder": {
-    "source": "apache",
-    "extensions": ["obd"]
-  },
-  "application/x-mscardfile": {
-    "source": "apache",
-    "extensions": ["crd"]
-  },
-  "application/x-msclip": {
-    "source": "apache",
-    "extensions": ["clp"]
-  },
-  "application/x-msdos-program": {
-    "extensions": ["exe"]
-  },
-  "application/x-msdownload": {
-    "source": "apache",
-    "extensions": ["exe","dll","com","bat","msi"]
-  },
-  "application/x-msmediaview": {
-    "source": "apache",
-    "extensions": ["mvb","m13","m14"]
-  },
-  "application/x-msmetafile": {
-    "source": "apache",
-    "extensions": ["wmf","wmz","emf","emz"]
-  },
-  "application/x-msmoney": {
-    "source": "apache",
-    "extensions": ["mny"]
-  },
-  "application/x-mspublisher": {
-    "source": "apache",
-    "extensions": ["pub"]
-  },
-  "application/x-msschedule": {
-    "source": "apache",
-    "extensions": ["scd"]
-  },
-  "application/x-msterminal": {
-    "source": "apache",
-    "extensions": ["trm"]
-  },
-  "application/x-mswrite": {
-    "source": "apache",
-    "extensions": ["wri"]
-  },
-  "application/x-netcdf": {
-    "source": "apache",
-    "extensions": ["nc","cdf"]
-  },
-  "application/x-ns-proxy-autoconfig": {
-    "compressible": true,
-    "extensions": ["pac"]
-  },
-  "application/x-nzb": {
-    "source": "apache",
-    "extensions": ["nzb"]
-  },
-  "application/x-perl": {
-    "source": "nginx",
-    "extensions": ["pl","pm"]
-  },
-  "application/x-pilot": {
-    "source": "nginx",
-    "extensions": ["prc","pdb"]
-  },
-  "application/x-pkcs12": {
-    "source": "apache",
-    "compressible": false,
-    "extensions": ["p12","pfx"]
-  },
-  "application/x-pkcs7-certificates": {
-    "source": "apache",
-    "extensions": ["p7b","spc"]
-  },
-  "application/x-pkcs7-certreqresp": {
-    "source": "apache",
-    "extensions": ["p7r"]
-  },
-  "application/x-pki-message": {
-    "source": "iana"
-  },
-  "application/x-rar-compressed": {
-    "source": "apache",
-    "compressible": false,
-    "extensions": ["rar"]
-  },
-  "application/x-redhat-package-manager": {
-    "source": "nginx",
-    "extensions": ["rpm"]
-  },
-  "application/x-research-info-systems": {
-    "source": "apache",
-    "extensions": ["ris"]
-  },
-  "application/x-sea": {
-    "source": "nginx",
-    "extensions": ["sea"]
-  },
-  "application/x-sh": {
-    "source": "apache",
-    "compressible": true,
-    "extensions": ["sh"]
-  },
-  "application/x-shar": {
-    "source": "apache",
-    "extensions": ["shar"]
-  },
-  "application/x-shockwave-flash": {
-    "source": "apache",
-    "compressible": false,
-    "extensions": ["swf"]
-  },
-  "application/x-silverlight-app": {
-    "source": "apache",
-    "extensions": ["xap"]
-  },
-  "application/x-sql": {
-    "source": "apache",
-    "extensions": ["sql"]
-  },
-  "application/x-stuffit": {
-    "source": "apache",
-    "compressible": false,
-    "extensions": ["sit"]
-  },
-  "application/x-stuffitx": {
-    "source": "apache",
-    "extensions": ["sitx"]
-  },
-  "application/x-subrip": {
-    "source": "apache",
-    "extensions": ["srt"]
-  },
-  "application/x-sv4cpio": {
-    "source": "apache",
-    "extensions": ["sv4cpio"]
-  },
-  "application/x-sv4crc": {
-    "source": "apache",
-    "extensions": ["sv4crc"]
-  },
-  "application/x-t3vm-image": {
-    "source": "apache",
-    "extensions": ["t3"]
-  },
-  "application/x-tads": {
-    "source": "apache",
-    "extensions": ["gam"]
-  },
-  "application/x-tar": {
-    "source": "apache",
-    "compressible": true,
-    "extensions": ["tar"]
-  },
-  "application/x-tcl": {
-    "source": "apache",
-    "extensions": ["tcl","tk"]
-  },
-  "application/x-tex": {
-    "source": "apache",
-    "extensions": ["tex"]
-  },
-  "application/x-tex-tfm": {
-    "source": "apache",
-    "extensions": ["tfm"]
-  },
-  "application/x-texinfo": {
-    "source": "apache",
-    "extensions": ["texinfo","texi"]
-  },
-  "application/x-tgif": {
-    "source": "apache",
-    "extensions": ["obj"]
-  },
-  "application/x-ustar": {
-    "source": "apache",
-    "extensions": ["ustar"]
-  },
-  "application/x-virtualbox-hdd": {
-    "compressible": true,
-    "extensions": ["hdd"]
-  },
-  "application/x-virtualbox-ova": {
-    "compressible": true,
-    "extensions": ["ova"]
-  },
-  "application/x-virtualbox-ovf": {
-    "compressible": true,
-    "extensions": ["ovf"]
-  },
-  "application/x-virtualbox-vbox": {
-    "compressible": true,
-    "extensions": ["vbox"]
-  },
-  "application/x-virtualbox-vbox-extpack": {
-    "compressible": false,
-    "extensions": ["vbox-extpack"]
-  },
-  "application/x-virtualbox-vdi": {
-    "compressible": true,
-    "extensions": ["vdi"]
-  },
-  "application/x-virtualbox-vhd": {
-    "compressible": true,
-    "extensions": ["vhd"]
-  },
-  "application/x-virtualbox-vmdk": {
-    "compressible": true,
-    "extensions": ["vmdk"]
-  },
-  "application/x-wais-source": {
-    "source": "apache",
-    "extensions": ["src"]
-  },
-  "application/x-web-app-manifest+json": {
-    "compressible": true,
-    "extensions": ["webapp"]
-  },
-  "application/x-www-form-urlencoded": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/x-x509-ca-cert": {
-    "source": "iana",
-    "extensions": ["der","crt","pem"]
-  },
-  "application/x-x509-ca-ra-cert": {
-    "source": "iana"
-  },
-  "application/x-x509-next-ca-cert": {
-    "source": "iana"
-  },
-  "application/x-xfig": {
-    "source": "apache",
-    "extensions": ["fig"]
-  },
-  "application/x-xliff+xml": {
-    "source": "apache",
-    "compressible": true,
-    "extensions": ["xlf"]
-  },
-  "application/x-xpinstall": {
-    "source": "apache",
-    "compressible": false,
-    "extensions": ["xpi"]
-  },
-  "application/x-xz": {
-    "source": "apache",
-    "extensions": ["xz"]
-  },
-  "application/x-zmachine": {
-    "source": "apache",
-    "extensions": ["z1","z2","z3","z4","z5","z6","z7","z8"]
-  },
-  "application/x400-bp": {
-    "source": "iana"
-  },
-  "application/xacml+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/xaml+xml": {
-    "source": "apache",
-    "compressible": true,
-    "extensions": ["xaml"]
-  },
-  "application/xcap-att+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["xav"]
-  },
-  "application/xcap-caps+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["xca"]
-  },
-  "application/xcap-diff+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["xdf"]
-  },
-  "application/xcap-el+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["xel"]
-  },
-  "application/xcap-error+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/xcap-ns+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["xns"]
-  },
-  "application/xcon-conference-info+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/xcon-conference-info-diff+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/xenc+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["xenc"]
-  },
-  "application/xhtml+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["xhtml","xht"]
-  },
-  "application/xhtml-voice+xml": {
-    "source": "apache",
-    "compressible": true
-  },
-  "application/xliff+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["xlf"]
-  },
-  "application/xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["xml","xsl","xsd","rng"]
-  },
-  "application/xml-dtd": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["dtd"]
-  },
-  "application/xml-external-parsed-entity": {
-    "source": "iana"
-  },
-  "application/xml-patch+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/xmpp+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/xop+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["xop"]
-  },
-  "application/xproc+xml": {
-    "source": "apache",
-    "compressible": true,
-    "extensions": ["xpl"]
-  },
-  "application/xslt+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["xsl","xslt"]
-  },
-  "application/xspf+xml": {
-    "source": "apache",
-    "compressible": true,
-    "extensions": ["xspf"]
-  },
-  "application/xv+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["mxml","xhvml","xvml","xvm"]
-  },
-  "application/yang": {
-    "source": "iana",
-    "extensions": ["yang"]
-  },
-  "application/yang-data+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/yang-data+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/yang-patch+json": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/yang-patch+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "application/yin+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["yin"]
-  },
-  "application/zip": {
-    "source": "iana",
-    "compressible": false,
-    "extensions": ["zip"]
-  },
-  "application/zlib": {
-    "source": "iana"
-  },
-  "application/zstd": {
-    "source": "iana"
-  },
-  "audio/1d-interleaved-parityfec": {
-    "source": "iana"
-  },
-  "audio/32kadpcm": {
-    "source": "iana"
-  },
-  "audio/3gpp": {
-    "source": "iana",
-    "compressible": false,
-    "extensions": ["3gpp"]
-  },
-  "audio/3gpp2": {
-    "source": "iana"
-  },
-  "audio/aac": {
-    "source": "iana"
-  },
-  "audio/ac3": {
-    "source": "iana"
-  },
-  "audio/adpcm": {
-    "source": "apache",
-    "extensions": ["adp"]
-  },
-  "audio/amr": {
-    "source": "iana",
-    "extensions": ["amr"]
-  },
-  "audio/amr-wb": {
-    "source": "iana"
-  },
-  "audio/amr-wb+": {
-    "source": "iana"
-  },
-  "audio/aptx": {
-    "source": "iana"
-  },
-  "audio/asc": {
-    "source": "iana"
-  },
-  "audio/atrac-advanced-lossless": {
-    "source": "iana"
-  },
-  "audio/atrac-x": {
-    "source": "iana"
-  },
-  "audio/atrac3": {
-    "source": "iana"
-  },
-  "audio/basic": {
-    "source": "iana",
-    "compressible": false,
-    "extensions": ["au","snd"]
-  },
-  "audio/bv16": {
-    "source": "iana"
-  },
-  "audio/bv32": {
-    "source": "iana"
-  },
-  "audio/clearmode": {
-    "source": "iana"
-  },
-  "audio/cn": {
-    "source": "iana"
-  },
-  "audio/dat12": {
-    "source": "iana"
-  },
-  "audio/dls": {
-    "source": "iana"
-  },
-  "audio/dsr-es201108": {
-    "source": "iana"
-  },
-  "audio/dsr-es202050": {
-    "source": "iana"
-  },
-  "audio/dsr-es202211": {
-    "source": "iana"
-  },
-  "audio/dsr-es202212": {
-    "source": "iana"
-  },
-  "audio/dv": {
-    "source": "iana"
-  },
-  "audio/dvi4": {
-    "source": "iana"
-  },
-  "audio/eac3": {
-    "source": "iana"
-  },
-  "audio/encaprtp": {
-    "source": "iana"
-  },
-  "audio/evrc": {
-    "source": "iana"
-  },
-  "audio/evrc-qcp": {
-    "source": "iana"
-  },
-  "audio/evrc0": {
-    "source": "iana"
-  },
-  "audio/evrc1": {
-    "source": "iana"
-  },
-  "audio/evrcb": {
-    "source": "iana"
-  },
-  "audio/evrcb0": {
-    "source": "iana"
-  },
-  "audio/evrcb1": {
-    "source": "iana"
-  },
-  "audio/evrcnw": {
-    "source": "iana"
-  },
-  "audio/evrcnw0": {
-    "source": "iana"
-  },
-  "audio/evrcnw1": {
-    "source": "iana"
-  },
-  "audio/evrcwb": {
-    "source": "iana"
-  },
-  "audio/evrcwb0": {
-    "source": "iana"
-  },
-  "audio/evrcwb1": {
-    "source": "iana"
-  },
-  "audio/evs": {
-    "source": "iana"
-  },
-  "audio/flexfec": {
-    "source": "iana"
-  },
-  "audio/fwdred": {
-    "source": "iana"
-  },
-  "audio/g711-0": {
-    "source": "iana"
-  },
-  "audio/g719": {
-    "source": "iana"
-  },
-  "audio/g722": {
-    "source": "iana"
-  },
-  "audio/g7221": {
-    "source": "iana"
-  },
-  "audio/g723": {
-    "source": "iana"
-  },
-  "audio/g726-16": {
-    "source": "iana"
-  },
-  "audio/g726-24": {
-    "source": "iana"
-  },
-  "audio/g726-32": {
-    "source": "iana"
-  },
-  "audio/g726-40": {
-    "source": "iana"
-  },
-  "audio/g728": {
-    "source": "iana"
-  },
-  "audio/g729": {
-    "source": "iana"
-  },
-  "audio/g7291": {
-    "source": "iana"
-  },
-  "audio/g729d": {
-    "source": "iana"
-  },
-  "audio/g729e": {
-    "source": "iana"
-  },
-  "audio/gsm": {
-    "source": "iana"
-  },
-  "audio/gsm-efr": {
-    "source": "iana"
-  },
-  "audio/gsm-hr-08": {
-    "source": "iana"
-  },
-  "audio/ilbc": {
-    "source": "iana"
-  },
-  "audio/ip-mr_v2.5": {
-    "source": "iana"
-  },
-  "audio/isac": {
-    "source": "apache"
-  },
-  "audio/l16": {
-    "source": "iana"
-  },
-  "audio/l20": {
-    "source": "iana"
-  },
-  "audio/l24": {
-    "source": "iana",
-    "compressible": false
-  },
-  "audio/l8": {
-    "source": "iana"
-  },
-  "audio/lpc": {
-    "source": "iana"
-  },
-  "audio/melp": {
-    "source": "iana"
-  },
-  "audio/melp1200": {
-    "source": "iana"
-  },
-  "audio/melp2400": {
-    "source": "iana"
-  },
-  "audio/melp600": {
-    "source": "iana"
-  },
-  "audio/mhas": {
-    "source": "iana"
-  },
-  "audio/midi": {
-    "source": "apache",
-    "extensions": ["mid","midi","kar","rmi"]
-  },
-  "audio/mobile-xmf": {
-    "source": "iana",
-    "extensions": ["mxmf"]
-  },
-  "audio/mp3": {
-    "compressible": false,
-    "extensions": ["mp3"]
-  },
-  "audio/mp4": {
-    "source": "iana",
-    "compressible": false,
-    "extensions": ["m4a","mp4a"]
-  },
-  "audio/mp4a-latm": {
-    "source": "iana"
-  },
-  "audio/mpa": {
-    "source": "iana"
-  },
-  "audio/mpa-robust": {
-    "source": "iana"
-  },
-  "audio/mpeg": {
-    "source": "iana",
-    "compressible": false,
-    "extensions": ["mpga","mp2","mp2a","mp3","m2a","m3a"]
-  },
-  "audio/mpeg4-generic": {
-    "source": "iana"
-  },
-  "audio/musepack": {
-    "source": "apache"
-  },
-  "audio/ogg": {
-    "source": "iana",
-    "compressible": false,
-    "extensions": ["oga","ogg","spx","opus"]
-  },
-  "audio/opus": {
-    "source": "iana"
-  },
-  "audio/parityfec": {
-    "source": "iana"
-  },
-  "audio/pcma": {
-    "source": "iana"
-  },
-  "audio/pcma-wb": {
-    "source": "iana"
-  },
-  "audio/pcmu": {
-    "source": "iana"
-  },
-  "audio/pcmu-wb": {
-    "source": "iana"
-  },
-  "audio/prs.sid": {
-    "source": "iana"
-  },
-  "audio/qcelp": {
-    "source": "iana"
-  },
-  "audio/raptorfec": {
-    "source": "iana"
-  },
-  "audio/red": {
-    "source": "iana"
-  },
-  "audio/rtp-enc-aescm128": {
-    "source": "iana"
-  },
-  "audio/rtp-midi": {
-    "source": "iana"
-  },
-  "audio/rtploopback": {
-    "source": "iana"
-  },
-  "audio/rtx": {
-    "source": "iana"
-  },
-  "audio/s3m": {
-    "source": "apache",
-    "extensions": ["s3m"]
-  },
-  "audio/scip": {
-    "source": "iana"
-  },
-  "audio/silk": {
-    "source": "apache",
-    "extensions": ["sil"]
-  },
-  "audio/smv": {
-    "source": "iana"
-  },
-  "audio/smv-qcp": {
-    "source": "iana"
-  },
-  "audio/smv0": {
-    "source": "iana"
-  },
-  "audio/sofa": {
-    "source": "iana"
-  },
-  "audio/sp-midi": {
-    "source": "iana"
-  },
-  "audio/speex": {
-    "source": "iana"
-  },
-  "audio/t140c": {
-    "source": "iana"
-  },
-  "audio/t38": {
-    "source": "iana"
-  },
-  "audio/telephone-event": {
-    "source": "iana"
-  },
-  "audio/tetra_acelp": {
-    "source": "iana"
-  },
-  "audio/tetra_acelp_bb": {
-    "source": "iana"
-  },
-  "audio/tone": {
-    "source": "iana"
-  },
-  "audio/tsvcis": {
-    "source": "iana"
-  },
-  "audio/uemclip": {
-    "source": "iana"
-  },
-  "audio/ulpfec": {
-    "source": "iana"
-  },
-  "audio/usac": {
-    "source": "iana"
-  },
-  "audio/vdvi": {
-    "source": "iana"
-  },
-  "audio/vmr-wb": {
-    "source": "iana"
-  },
-  "audio/vnd.3gpp.iufp": {
-    "source": "iana"
-  },
-  "audio/vnd.4sb": {
-    "source": "iana"
-  },
-  "audio/vnd.audiokoz": {
-    "source": "iana"
-  },
-  "audio/vnd.celp": {
-    "source": "iana"
-  },
-  "audio/vnd.cisco.nse": {
-    "source": "iana"
-  },
-  "audio/vnd.cmles.radio-events": {
-    "source": "iana"
-  },
-  "audio/vnd.cns.anp1": {
-    "source": "iana"
-  },
-  "audio/vnd.cns.inf1": {
-    "source": "iana"
-  },
-  "audio/vnd.dece.audio": {
-    "source": "iana",
-    "extensions": ["uva","uvva"]
-  },
-  "audio/vnd.digital-winds": {
-    "source": "iana",
-    "extensions": ["eol"]
-  },
-  "audio/vnd.dlna.adts": {
-    "source": "iana"
-  },
-  "audio/vnd.dolby.heaac.1": {
-    "source": "iana"
-  },
-  "audio/vnd.dolby.heaac.2": {
-    "source": "iana"
-  },
-  "audio/vnd.dolby.mlp": {
-    "source": "iana"
-  },
-  "audio/vnd.dolby.mps": {
-    "source": "iana"
-  },
-  "audio/vnd.dolby.pl2": {
-    "source": "iana"
-  },
-  "audio/vnd.dolby.pl2x": {
-    "source": "iana"
-  },
-  "audio/vnd.dolby.pl2z": {
-    "source": "iana"
-  },
-  "audio/vnd.dolby.pulse.1": {
-    "source": "iana"
-  },
-  "audio/vnd.dra": {
-    "source": "iana",
-    "extensions": ["dra"]
-  },
-  "audio/vnd.dts": {
-    "source": "iana",
-    "extensions": ["dts"]
-  },
-  "audio/vnd.dts.hd": {
-    "source": "iana",
-    "extensions": ["dtshd"]
-  },
-  "audio/vnd.dts.uhd": {
-    "source": "iana"
-  },
-  "audio/vnd.dvb.file": {
-    "source": "iana"
-  },
-  "audio/vnd.everad.plj": {
-    "source": "iana"
-  },
-  "audio/vnd.hns.audio": {
-    "source": "iana"
-  },
-  "audio/vnd.lucent.voice": {
-    "source": "iana",
-    "extensions": ["lvp"]
-  },
-  "audio/vnd.ms-playready.media.pya": {
-    "source": "iana",
-    "extensions": ["pya"]
-  },
-  "audio/vnd.nokia.mobile-xmf": {
-    "source": "iana"
-  },
-  "audio/vnd.nortel.vbk": {
-    "source": "iana"
-  },
-  "audio/vnd.nuera.ecelp4800": {
-    "source": "iana",
-    "extensions": ["ecelp4800"]
-  },
-  "audio/vnd.nuera.ecelp7470": {
-    "source": "iana",
-    "extensions": ["ecelp7470"]
-  },
-  "audio/vnd.nuera.ecelp9600": {
-    "source": "iana",
-    "extensions": ["ecelp9600"]
-  },
-  "audio/vnd.octel.sbc": {
-    "source": "iana"
-  },
-  "audio/vnd.presonus.multitrack": {
-    "source": "iana"
-  },
-  "audio/vnd.qcelp": {
-    "source": "iana"
-  },
-  "audio/vnd.rhetorex.32kadpcm": {
-    "source": "iana"
-  },
-  "audio/vnd.rip": {
-    "source": "iana",
-    "extensions": ["rip"]
-  },
-  "audio/vnd.rn-realaudio": {
-    "compressible": false
-  },
-  "audio/vnd.sealedmedia.softseal.mpeg": {
-    "source": "iana"
-  },
-  "audio/vnd.vmx.cvsd": {
-    "source": "iana"
-  },
-  "audio/vnd.wave": {
-    "compressible": false
-  },
-  "audio/vorbis": {
-    "source": "iana",
-    "compressible": false
-  },
-  "audio/vorbis-config": {
-    "source": "iana"
-  },
-  "audio/wav": {
-    "compressible": false,
-    "extensions": ["wav"]
-  },
-  "audio/wave": {
-    "compressible": false,
-    "extensions": ["wav"]
-  },
-  "audio/webm": {
-    "source": "apache",
-    "compressible": false,
-    "extensions": ["weba"]
-  },
-  "audio/x-aac": {
-    "source": "apache",
-    "compressible": false,
-    "extensions": ["aac"]
-  },
-  "audio/x-aiff": {
-    "source": "apache",
-    "extensions": ["aif","aiff","aifc"]
-  },
-  "audio/x-caf": {
-    "source": "apache",
-    "compressible": false,
-    "extensions": ["caf"]
-  },
-  "audio/x-flac": {
-    "source": "apache",
-    "extensions": ["flac"]
-  },
-  "audio/x-m4a": {
-    "source": "nginx",
-    "extensions": ["m4a"]
-  },
-  "audio/x-matroska": {
-    "source": "apache",
-    "extensions": ["mka"]
-  },
-  "audio/x-mpegurl": {
-    "source": "apache",
-    "extensions": ["m3u"]
-  },
-  "audio/x-ms-wax": {
-    "source": "apache",
-    "extensions": ["wax"]
-  },
-  "audio/x-ms-wma": {
-    "source": "apache",
-    "extensions": ["wma"]
-  },
-  "audio/x-pn-realaudio": {
-    "source": "apache",
-    "extensions": ["ram","ra"]
-  },
-  "audio/x-pn-realaudio-plugin": {
-    "source": "apache",
-    "extensions": ["rmp"]
-  },
-  "audio/x-realaudio": {
-    "source": "nginx",
-    "extensions": ["ra"]
-  },
-  "audio/x-tta": {
-    "source": "apache"
-  },
-  "audio/x-wav": {
-    "source": "apache",
-    "extensions": ["wav"]
-  },
-  "audio/xm": {
-    "source": "apache",
-    "extensions": ["xm"]
-  },
-  "chemical/x-cdx": {
-    "source": "apache",
-    "extensions": ["cdx"]
-  },
-  "chemical/x-cif": {
-    "source": "apache",
-    "extensions": ["cif"]
-  },
-  "chemical/x-cmdf": {
-    "source": "apache",
-    "extensions": ["cmdf"]
-  },
-  "chemical/x-cml": {
-    "source": "apache",
-    "extensions": ["cml"]
-  },
-  "chemical/x-csml": {
-    "source": "apache",
-    "extensions": ["csml"]
-  },
-  "chemical/x-pdb": {
-    "source": "apache"
-  },
-  "chemical/x-xyz": {
-    "source": "apache",
-    "extensions": ["xyz"]
-  },
-  "font/collection": {
-    "source": "iana",
-    "extensions": ["ttc"]
-  },
-  "font/otf": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["otf"]
-  },
-  "font/sfnt": {
-    "source": "iana"
-  },
-  "font/ttf": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["ttf"]
-  },
-  "font/woff": {
-    "source": "iana",
-    "extensions": ["woff"]
-  },
-  "font/woff2": {
-    "source": "iana",
-    "extensions": ["woff2"]
-  },
-  "image/aces": {
-    "source": "iana",
-    "extensions": ["exr"]
-  },
-  "image/apng": {
-    "compressible": false,
-    "extensions": ["apng"]
-  },
-  "image/avci": {
-    "source": "iana",
-    "extensions": ["avci"]
-  },
-  "image/avcs": {
-    "source": "iana",
-    "extensions": ["avcs"]
-  },
-  "image/avif": {
-    "source": "iana",
-    "compressible": false,
-    "extensions": ["avif"]
-  },
-  "image/bmp": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["bmp"]
-  },
-  "image/cgm": {
-    "source": "iana",
-    "extensions": ["cgm"]
-  },
-  "image/dicom-rle": {
-    "source": "iana",
-    "extensions": ["drle"]
-  },
-  "image/emf": {
-    "source": "iana",
-    "extensions": ["emf"]
-  },
-  "image/fits": {
-    "source": "iana",
-    "extensions": ["fits"]
-  },
-  "image/g3fax": {
-    "source": "iana",
-    "extensions": ["g3"]
-  },
-  "image/gif": {
-    "source": "iana",
-    "compressible": false,
-    "extensions": ["gif"]
-  },
-  "image/heic": {
-    "source": "iana",
-    "extensions": ["heic"]
-  },
-  "image/heic-sequence": {
-    "source": "iana",
-    "extensions": ["heics"]
-  },
-  "image/heif": {
-    "source": "iana",
-    "extensions": ["heif"]
-  },
-  "image/heif-sequence": {
-    "source": "iana",
-    "extensions": ["heifs"]
-  },
-  "image/hej2k": {
-    "source": "iana",
-    "extensions": ["hej2"]
-  },
-  "image/hsj2": {
-    "source": "iana",
-    "extensions": ["hsj2"]
-  },
-  "image/ief": {
-    "source": "iana",
-    "extensions": ["ief"]
-  },
-  "image/jls": {
-    "source": "iana",
-    "extensions": ["jls"]
-  },
-  "image/jp2": {
-    "source": "iana",
-    "compressible": false,
-    "extensions": ["jp2","jpg2"]
-  },
-  "image/jpeg": {
-    "source": "iana",
-    "compressible": false,
-    "extensions": ["jpeg","jpg","jpe"]
-  },
-  "image/jph": {
-    "source": "iana",
-    "extensions": ["jph"]
-  },
-  "image/jphc": {
-    "source": "iana",
-    "extensions": ["jhc"]
-  },
-  "image/jpm": {
-    "source": "iana",
-    "compressible": false,
-    "extensions": ["jpm"]
-  },
-  "image/jpx": {
-    "source": "iana",
-    "compressible": false,
-    "extensions": ["jpx","jpf"]
-  },
-  "image/jxr": {
-    "source": "iana",
-    "extensions": ["jxr"]
-  },
-  "image/jxra": {
-    "source": "iana",
-    "extensions": ["jxra"]
-  },
-  "image/jxrs": {
-    "source": "iana",
-    "extensions": ["jxrs"]
-  },
-  "image/jxs": {
-    "source": "iana",
-    "extensions": ["jxs"]
-  },
-  "image/jxsc": {
-    "source": "iana",
-    "extensions": ["jxsc"]
-  },
-  "image/jxsi": {
-    "source": "iana",
-    "extensions": ["jxsi"]
-  },
-  "image/jxss": {
-    "source": "iana",
-    "extensions": ["jxss"]
-  },
-  "image/ktx": {
-    "source": "iana",
-    "extensions": ["ktx"]
-  },
-  "image/ktx2": {
-    "source": "iana",
-    "extensions": ["ktx2"]
-  },
-  "image/naplps": {
-    "source": "iana"
-  },
-  "image/pjpeg": {
-    "compressible": false
-  },
-  "image/png": {
-    "source": "iana",
-    "compressible": false,
-    "extensions": ["png"]
-  },
-  "image/prs.btif": {
-    "source": "iana",
-    "extensions": ["btif"]
-  },
-  "image/prs.pti": {
-    "source": "iana",
-    "extensions": ["pti"]
-  },
-  "image/pwg-raster": {
-    "source": "iana"
-  },
-  "image/sgi": {
-    "source": "apache",
-    "extensions": ["sgi"]
-  },
-  "image/svg+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["svg","svgz"]
-  },
-  "image/t38": {
-    "source": "iana",
-    "extensions": ["t38"]
-  },
-  "image/tiff": {
-    "source": "iana",
-    "compressible": false,
-    "extensions": ["tif","tiff"]
-  },
-  "image/tiff-fx": {
-    "source": "iana",
-    "extensions": ["tfx"]
-  },
-  "image/vnd.adobe.photoshop": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["psd"]
-  },
-  "image/vnd.airzip.accelerator.azv": {
-    "source": "iana",
-    "extensions": ["azv"]
-  },
-  "image/vnd.cns.inf2": {
-    "source": "iana"
-  },
-  "image/vnd.dece.graphic": {
-    "source": "iana",
-    "extensions": ["uvi","uvvi","uvg","uvvg"]
-  },
-  "image/vnd.djvu": {
-    "source": "iana",
-    "extensions": ["djvu","djv"]
-  },
-  "image/vnd.dvb.subtitle": {
-    "source": "iana",
-    "extensions": ["sub"]
-  },
-  "image/vnd.dwg": {
-    "source": "iana",
-    "extensions": ["dwg"]
-  },
-  "image/vnd.dxf": {
-    "source": "iana",
-    "extensions": ["dxf"]
-  },
-  "image/vnd.fastbidsheet": {
-    "source": "iana",
-    "extensions": ["fbs"]
-  },
-  "image/vnd.fpx": {
-    "source": "iana",
-    "extensions": ["fpx"]
-  },
-  "image/vnd.fst": {
-    "source": "iana",
-    "extensions": ["fst"]
-  },
-  "image/vnd.fujixerox.edmics-mmr": {
-    "source": "iana",
-    "extensions": ["mmr"]
-  },
-  "image/vnd.fujixerox.edmics-rlc": {
-    "source": "iana",
-    "extensions": ["rlc"]
-  },
-  "image/vnd.globalgraphics.pgb": {
-    "source": "iana"
-  },
-  "image/vnd.microsoft.icon": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["ico"]
-  },
-  "image/vnd.mix": {
-    "source": "iana"
-  },
-  "image/vnd.mozilla.apng": {
-    "source": "iana"
-  },
-  "image/vnd.ms-dds": {
-    "compressible": true,
-    "extensions": ["dds"]
-  },
-  "image/vnd.ms-modi": {
-    "source": "iana",
-    "extensions": ["mdi"]
-  },
-  "image/vnd.ms-photo": {
-    "source": "apache",
-    "extensions": ["wdp"]
-  },
-  "image/vnd.net-fpx": {
-    "source": "iana",
-    "extensions": ["npx"]
-  },
-  "image/vnd.pco.b16": {
-    "source": "iana",
-    "extensions": ["b16"]
-  },
-  "image/vnd.radiance": {
-    "source": "iana"
-  },
-  "image/vnd.sealed.png": {
-    "source": "iana"
-  },
-  "image/vnd.sealedmedia.softseal.gif": {
-    "source": "iana"
-  },
-  "image/vnd.sealedmedia.softseal.jpg": {
-    "source": "iana"
-  },
-  "image/vnd.svf": {
-    "source": "iana"
-  },
-  "image/vnd.tencent.tap": {
-    "source": "iana",
-    "extensions": ["tap"]
-  },
-  "image/vnd.valve.source.texture": {
-    "source": "iana",
-    "extensions": ["vtf"]
-  },
-  "image/vnd.wap.wbmp": {
-    "source": "iana",
-    "extensions": ["wbmp"]
-  },
-  "image/vnd.xiff": {
-    "source": "iana",
-    "extensions": ["xif"]
-  },
-  "image/vnd.zbrush.pcx": {
-    "source": "iana",
-    "extensions": ["pcx"]
-  },
-  "image/webp": {
-    "source": "apache",
-    "extensions": ["webp"]
-  },
-  "image/wmf": {
-    "source": "iana",
-    "extensions": ["wmf"]
-  },
-  "image/x-3ds": {
-    "source": "apache",
-    "extensions": ["3ds"]
-  },
-  "image/x-cmu-raster": {
-    "source": "apache",
-    "extensions": ["ras"]
-  },
-  "image/x-cmx": {
-    "source": "apache",
-    "extensions": ["cmx"]
-  },
-  "image/x-freehand": {
-    "source": "apache",
-    "extensions": ["fh","fhc","fh4","fh5","fh7"]
-  },
-  "image/x-icon": {
-    "source": "apache",
-    "compressible": true,
-    "extensions": ["ico"]
-  },
-  "image/x-jng": {
-    "source": "nginx",
-    "extensions": ["jng"]
-  },
-  "image/x-mrsid-image": {
-    "source": "apache",
-    "extensions": ["sid"]
-  },
-  "image/x-ms-bmp": {
-    "source": "nginx",
-    "compressible": true,
-    "extensions": ["bmp"]
-  },
-  "image/x-pcx": {
-    "source": "apache",
-    "extensions": ["pcx"]
-  },
-  "image/x-pict": {
-    "source": "apache",
-    "extensions": ["pic","pct"]
-  },
-  "image/x-portable-anymap": {
-    "source": "apache",
-    "extensions": ["pnm"]
-  },
-  "image/x-portable-bitmap": {
-    "source": "apache",
-    "extensions": ["pbm"]
-  },
-  "image/x-portable-graymap": {
-    "source": "apache",
-    "extensions": ["pgm"]
-  },
-  "image/x-portable-pixmap": {
-    "source": "apache",
-    "extensions": ["ppm"]
-  },
-  "image/x-rgb": {
-    "source": "apache",
-    "extensions": ["rgb"]
-  },
-  "image/x-tga": {
-    "source": "apache",
-    "extensions": ["tga"]
-  },
-  "image/x-xbitmap": {
-    "source": "apache",
-    "extensions": ["xbm"]
-  },
-  "image/x-xcf": {
-    "compressible": false
-  },
-  "image/x-xpixmap": {
-    "source": "apache",
-    "extensions": ["xpm"]
-  },
-  "image/x-xwindowdump": {
-    "source": "apache",
-    "extensions": ["xwd"]
-  },
-  "message/cpim": {
-    "source": "iana"
-  },
-  "message/delivery-status": {
-    "source": "iana"
-  },
-  "message/disposition-notification": {
-    "source": "iana",
-    "extensions": [
-      "disposition-notification"
-    ]
-  },
-  "message/external-body": {
-    "source": "iana"
-  },
-  "message/feedback-report": {
-    "source": "iana"
-  },
-  "message/global": {
-    "source": "iana",
-    "extensions": ["u8msg"]
-  },
-  "message/global-delivery-status": {
-    "source": "iana",
-    "extensions": ["u8dsn"]
-  },
-  "message/global-disposition-notification": {
-    "source": "iana",
-    "extensions": ["u8mdn"]
-  },
-  "message/global-headers": {
-    "source": "iana",
-    "extensions": ["u8hdr"]
-  },
-  "message/http": {
-    "source": "iana",
-    "compressible": false
-  },
-  "message/imdn+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "message/news": {
-    "source": "iana"
-  },
-  "message/partial": {
-    "source": "iana",
-    "compressible": false
-  },
-  "message/rfc822": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["eml","mime"]
-  },
-  "message/s-http": {
-    "source": "iana"
-  },
-  "message/sip": {
-    "source": "iana"
-  },
-  "message/sipfrag": {
-    "source": "iana"
-  },
-  "message/tracking-status": {
-    "source": "iana"
-  },
-  "message/vnd.si.simp": {
-    "source": "iana"
-  },
-  "message/vnd.wfa.wsc": {
-    "source": "iana",
-    "extensions": ["wsc"]
-  },
-  "model/3mf": {
-    "source": "iana",
-    "extensions": ["3mf"]
-  },
-  "model/e57": {
-    "source": "iana"
-  },
-  "model/gltf+json": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["gltf"]
-  },
-  "model/gltf-binary": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["glb"]
-  },
-  "model/iges": {
-    "source": "iana",
-    "compressible": false,
-    "extensions": ["igs","iges"]
-  },
-  "model/mesh": {
-    "source": "iana",
-    "compressible": false,
-    "extensions": ["msh","mesh","silo"]
-  },
-  "model/mtl": {
-    "source": "iana",
-    "extensions": ["mtl"]
-  },
-  "model/obj": {
-    "source": "iana",
-    "extensions": ["obj"]
-  },
-  "model/step": {
-    "source": "iana"
-  },
-  "model/step+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["stpx"]
-  },
-  "model/step+zip": {
-    "source": "iana",
-    "compressible": false,
-    "extensions": ["stpz"]
-  },
-  "model/step-xml+zip": {
-    "source": "iana",
-    "compressible": false,
-    "extensions": ["stpxz"]
-  },
-  "model/stl": {
-    "source": "iana",
-    "extensions": ["stl"]
-  },
-  "model/vnd.collada+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["dae"]
-  },
-  "model/vnd.dwf": {
-    "source": "iana",
-    "extensions": ["dwf"]
-  },
-  "model/vnd.flatland.3dml": {
-    "source": "iana"
-  },
-  "model/vnd.gdl": {
-    "source": "iana",
-    "extensions": ["gdl"]
-  },
-  "model/vnd.gs-gdl": {
-    "source": "apache"
-  },
-  "model/vnd.gs.gdl": {
-    "source": "iana"
-  },
-  "model/vnd.gtw": {
-    "source": "iana",
-    "extensions": ["gtw"]
-  },
-  "model/vnd.moml+xml": {
-    "source": "iana",
-    "compressible": true
-  },
-  "model/vnd.mts": {
-    "source": "iana",
-    "extensions": ["mts"]
-  },
-  "model/vnd.opengex": {
-    "source": "iana",
-    "extensions": ["ogex"]
-  },
-  "model/vnd.parasolid.transmit.binary": {
-    "source": "iana",
-    "extensions": ["x_b"]
-  },
-  "model/vnd.parasolid.transmit.text": {
-    "source": "iana",
-    "extensions": ["x_t"]
-  },
-  "model/vnd.pytha.pyox": {
-    "source": "iana"
-  },
-  "model/vnd.rosette.annotated-data-model": {
-    "source": "iana"
-  },
-  "model/vnd.sap.vds": {
-    "source": "iana",
-    "extensions": ["vds"]
-  },
-  "model/vnd.usdz+zip": {
-    "source": "iana",
-    "compressible": false,
-    "extensions": ["usdz"]
-  },
-  "model/vnd.valve.source.compiled-map": {
-    "source": "iana",
-    "extensions": ["bsp"]
-  },
-  "model/vnd.vtu": {
-    "source": "iana",
-    "extensions": ["vtu"]
-  },
-  "model/vrml": {
-    "source": "iana",
-    "compressible": false,
-    "extensions": ["wrl","vrml"]
-  },
-  "model/x3d+binary": {
-    "source": "apache",
-    "compressible": false,
-    "extensions": ["x3db","x3dbz"]
-  },
-  "model/x3d+fastinfoset": {
-    "source": "iana",
-    "extensions": ["x3db"]
-  },
-  "model/x3d+vrml": {
-    "source": "apache",
-    "compressible": false,
-    "extensions": ["x3dv","x3dvz"]
-  },
-  "model/x3d+xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["x3d","x3dz"]
-  },
-  "model/x3d-vrml": {
-    "source": "iana",
-    "extensions": ["x3dv"]
-  },
-  "multipart/alternative": {
-    "source": "iana",
-    "compressible": false
-  },
-  "multipart/appledouble": {
-    "source": "iana"
-  },
-  "multipart/byteranges": {
-    "source": "iana"
-  },
-  "multipart/digest": {
-    "source": "iana"
-  },
-  "multipart/encrypted": {
-    "source": "iana",
-    "compressible": false
-  },
-  "multipart/form-data": {
-    "source": "iana",
-    "compressible": false
-  },
-  "multipart/header-set": {
-    "source": "iana"
-  },
-  "multipart/mixed": {
-    "source": "iana"
-  },
-  "multipart/multilingual": {
-    "source": "iana"
-  },
-  "multipart/parallel": {
-    "source": "iana"
-  },
-  "multipart/related": {
-    "source": "iana",
-    "compressible": false
-  },
-  "multipart/report": {
-    "source": "iana"
-  },
-  "multipart/signed": {
-    "source": "iana",
-    "compressible": false
-  },
-  "multipart/vnd.bint.med-plus": {
-    "source": "iana"
-  },
-  "multipart/voice-message": {
-    "source": "iana"
-  },
-  "multipart/x-mixed-replace": {
-    "source": "iana"
-  },
-  "text/1d-interleaved-parityfec": {
-    "source": "iana"
-  },
-  "text/cache-manifest": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["appcache","manifest"]
-  },
-  "text/calendar": {
-    "source": "iana",
-    "extensions": ["ics","ifb"]
-  },
-  "text/calender": {
-    "compressible": true
-  },
-  "text/cmd": {
-    "compressible": true
-  },
-  "text/coffeescript": {
-    "extensions": ["coffee","litcoffee"]
-  },
-  "text/cql": {
-    "source": "iana"
-  },
-  "text/cql-expression": {
-    "source": "iana"
-  },
-  "text/cql-identifier": {
-    "source": "iana"
-  },
-  "text/css": {
-    "source": "iana",
-    "charset": "UTF-8",
-    "compressible": true,
-    "extensions": ["css"]
-  },
-  "text/csv": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["csv"]
-  },
-  "text/csv-schema": {
-    "source": "iana"
-  },
-  "text/directory": {
-    "source": "iana"
-  },
-  "text/dns": {
-    "source": "iana"
-  },
-  "text/ecmascript": {
-    "source": "iana"
-  },
-  "text/encaprtp": {
-    "source": "iana"
-  },
-  "text/enriched": {
-    "source": "iana"
-  },
-  "text/fhirpath": {
-    "source": "iana"
-  },
-  "text/flexfec": {
-    "source": "iana"
-  },
-  "text/fwdred": {
-    "source": "iana"
-  },
-  "text/gff3": {
-    "source": "iana"
-  },
-  "text/grammar-ref-list": {
-    "source": "iana"
-  },
-  "text/html": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["html","htm","shtml"]
-  },
-  "text/jade": {
-    "extensions": ["jade"]
-  },
-  "text/javascript": {
-    "source": "iana",
-    "compressible": true
-  },
-  "text/jcr-cnd": {
-    "source": "iana"
-  },
-  "text/jsx": {
-    "compressible": true,
-    "extensions": ["jsx"]
-  },
-  "text/less": {
-    "compressible": true,
-    "extensions": ["less"]
-  },
-  "text/markdown": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["markdown","md"]
-  },
-  "text/mathml": {
-    "source": "nginx",
-    "extensions": ["mml"]
-  },
-  "text/mdx": {
-    "compressible": true,
-    "extensions": ["mdx"]
-  },
-  "text/mizar": {
-    "source": "iana"
-  },
-  "text/n3": {
-    "source": "iana",
-    "charset": "UTF-8",
-    "compressible": true,
-    "extensions": ["n3"]
-  },
-  "text/parameters": {
-    "source": "iana",
-    "charset": "UTF-8"
-  },
-  "text/parityfec": {
-    "source": "iana"
-  },
-  "text/plain": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["txt","text","conf","def","list","log","in","ini"]
-  },
-  "text/provenance-notation": {
-    "source": "iana",
-    "charset": "UTF-8"
-  },
-  "text/prs.fallenstein.rst": {
-    "source": "iana"
-  },
-  "text/prs.lines.tag": {
-    "source": "iana",
-    "extensions": ["dsc"]
-  },
-  "text/prs.prop.logic": {
-    "source": "iana"
-  },
-  "text/raptorfec": {
-    "source": "iana"
-  },
-  "text/red": {
-    "source": "iana"
-  },
-  "text/rfc822-headers": {
-    "source": "iana"
-  },
-  "text/richtext": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["rtx"]
-  },
-  "text/rtf": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["rtf"]
-  },
-  "text/rtp-enc-aescm128": {
-    "source": "iana"
-  },
-  "text/rtploopback": {
-    "source": "iana"
-  },
-  "text/rtx": {
-    "source": "iana"
-  },
-  "text/sgml": {
-    "source": "iana",
-    "extensions": ["sgml","sgm"]
-  },
-  "text/shaclc": {
-    "source": "iana"
-  },
-  "text/shex": {
-    "source": "iana",
-    "extensions": ["shex"]
-  },
-  "text/slim": {
-    "extensions": ["slim","slm"]
-  },
-  "text/spdx": {
-    "source": "iana",
-    "extensions": ["spdx"]
-  },
-  "text/strings": {
-    "source": "iana"
-  },
-  "text/stylus": {
-    "extensions": ["stylus","styl"]
-  },
-  "text/t140": {
-    "source": "iana"
-  },
-  "text/tab-separated-values": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["tsv"]
-  },
-  "text/troff": {
-    "source": "iana",
-    "extensions": ["t","tr","roff","man","me","ms"]
-  },
-  "text/turtle": {
-    "source": "iana",
-    "charset": "UTF-8",
-    "extensions": ["ttl"]
-  },
-  "text/ulpfec": {
-    "source": "iana"
-  },
-  "text/uri-list": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["uri","uris","urls"]
-  },
-  "text/vcard": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["vcard"]
-  },
-  "text/vnd.a": {
-    "source": "iana"
-  },
-  "text/vnd.abc": {
-    "source": "iana"
-  },
-  "text/vnd.ascii-art": {
-    "source": "iana"
-  },
-  "text/vnd.curl": {
-    "source": "iana",
-    "extensions": ["curl"]
-  },
-  "text/vnd.curl.dcurl": {
-    "source": "apache",
-    "extensions": ["dcurl"]
-  },
-  "text/vnd.curl.mcurl": {
-    "source": "apache",
-    "extensions": ["mcurl"]
-  },
-  "text/vnd.curl.scurl": {
-    "source": "apache",
-    "extensions": ["scurl"]
-  },
-  "text/vnd.debian.copyright": {
-    "source": "iana",
-    "charset": "UTF-8"
-  },
-  "text/vnd.dmclientscript": {
-    "source": "iana"
-  },
-  "text/vnd.dvb.subtitle": {
-    "source": "iana",
-    "extensions": ["sub"]
-  },
-  "text/vnd.esmertec.theme-descriptor": {
-    "source": "iana",
-    "charset": "UTF-8"
-  },
-  "text/vnd.familysearch.gedcom": {
-    "source": "iana",
-    "extensions": ["ged"]
-  },
-  "text/vnd.ficlab.flt": {
-    "source": "iana"
-  },
-  "text/vnd.fly": {
-    "source": "iana",
-    "extensions": ["fly"]
-  },
-  "text/vnd.fmi.flexstor": {
-    "source": "iana",
-    "extensions": ["flx"]
-  },
-  "text/vnd.gml": {
-    "source": "iana"
-  },
-  "text/vnd.graphviz": {
-    "source": "iana",
-    "extensions": ["gv"]
-  },
-  "text/vnd.hans": {
-    "source": "iana"
-  },
-  "text/vnd.hgl": {
-    "source": "iana"
-  },
-  "text/vnd.in3d.3dml": {
-    "source": "iana",
-    "extensions": ["3dml"]
-  },
-  "text/vnd.in3d.spot": {
-    "source": "iana",
-    "extensions": ["spot"]
-  },
-  "text/vnd.iptc.newsml": {
-    "source": "iana"
-  },
-  "text/vnd.iptc.nitf": {
-    "source": "iana"
-  },
-  "text/vnd.latex-z": {
-    "source": "iana"
-  },
-  "text/vnd.motorola.reflex": {
-    "source": "iana"
-  },
-  "text/vnd.ms-mediapackage": {
-    "source": "iana"
-  },
-  "text/vnd.net2phone.commcenter.command": {
-    "source": "iana"
-  },
-  "text/vnd.radisys.msml-basic-layout": {
-    "source": "iana"
-  },
-  "text/vnd.senx.warpscript": {
-    "source": "iana"
-  },
-  "text/vnd.si.uricatalogue": {
-    "source": "iana"
-  },
-  "text/vnd.sosi": {
-    "source": "iana"
-  },
-  "text/vnd.sun.j2me.app-descriptor": {
-    "source": "iana",
-    "charset": "UTF-8",
-    "extensions": ["jad"]
-  },
-  "text/vnd.trolltech.linguist": {
-    "source": "iana",
-    "charset": "UTF-8"
-  },
-  "text/vnd.wap.si": {
-    "source": "iana"
-  },
-  "text/vnd.wap.sl": {
-    "source": "iana"
-  },
-  "text/vnd.wap.wml": {
-    "source": "iana",
-    "extensions": ["wml"]
-  },
-  "text/vnd.wap.wmlscript": {
-    "source": "iana",
-    "extensions": ["wmls"]
-  },
-  "text/vtt": {
-    "source": "iana",
-    "charset": "UTF-8",
-    "compressible": true,
-    "extensions": ["vtt"]
-  },
-  "text/x-asm": {
-    "source": "apache",
-    "extensions": ["s","asm"]
-  },
-  "text/x-c": {
-    "source": "apache",
-    "extensions": ["c","cc","cxx","cpp","h","hh","dic"]
-  },
-  "text/x-component": {
-    "source": "nginx",
-    "extensions": ["htc"]
-  },
-  "text/x-fortran": {
-    "source": "apache",
-    "extensions": ["f","for","f77","f90"]
-  },
-  "text/x-gwt-rpc": {
-    "compressible": true
-  },
-  "text/x-handlebars-template": {
-    "extensions": ["hbs"]
-  },
-  "text/x-java-source": {
-    "source": "apache",
-    "extensions": ["java"]
-  },
-  "text/x-jquery-tmpl": {
-    "compressible": true
-  },
-  "text/x-lua": {
-    "extensions": ["lua"]
-  },
-  "text/x-markdown": {
-    "compressible": true,
-    "extensions": ["mkd"]
-  },
-  "text/x-nfo": {
-    "source": "apache",
-    "extensions": ["nfo"]
-  },
-  "text/x-opml": {
-    "source": "apache",
-    "extensions": ["opml"]
-  },
-  "text/x-org": {
-    "compressible": true,
-    "extensions": ["org"]
-  },
-  "text/x-pascal": {
-    "source": "apache",
-    "extensions": ["p","pas"]
-  },
-  "text/x-processing": {
-    "compressible": true,
-    "extensions": ["pde"]
-  },
-  "text/x-sass": {
-    "extensions": ["sass"]
-  },
-  "text/x-scss": {
-    "extensions": ["scss"]
-  },
-  "text/x-setext": {
-    "source": "apache",
-    "extensions": ["etx"]
-  },
-  "text/x-sfv": {
-    "source": "apache",
-    "extensions": ["sfv"]
-  },
-  "text/x-suse-ymp": {
-    "compressible": true,
-    "extensions": ["ymp"]
-  },
-  "text/x-uuencode": {
-    "source": "apache",
-    "extensions": ["uu"]
-  },
-  "text/x-vcalendar": {
-    "source": "apache",
-    "extensions": ["vcs"]
-  },
-  "text/x-vcard": {
-    "source": "apache",
-    "extensions": ["vcf"]
-  },
-  "text/xml": {
-    "source": "iana",
-    "compressible": true,
-    "extensions": ["xml"]
-  },
-  "text/xml-external-parsed-entity": {
-    "source": "iana"
-  },
-  "text/yaml": {
-    "compressible": true,
-    "extensions": ["yaml","yml"]
-  },
-  "video/1d-interleaved-parityfec": {
-    "source": "iana"
-  },
-  "video/3gpp": {
-    "source": "iana",
-    "extensions": ["3gp","3gpp"]
-  },
-  "video/3gpp-tt": {
-    "source": "iana"
-  },
-  "video/3gpp2": {
-    "source": "iana",
-    "extensions": ["3g2"]
-  },
-  "video/av1": {
-    "source": "iana"
-  },
-  "video/bmpeg": {
-    "source": "iana"
-  },
-  "video/bt656": {
-    "source": "iana"
-  },
-  "video/celb": {
-    "source": "iana"
-  },
-  "video/dv": {
-    "source": "iana"
-  },
-  "video/encaprtp": {
-    "source": "iana"
-  },
-  "video/ffv1": {
-    "source": "iana"
-  },
-  "video/flexfec": {
-    "source": "iana"
-  },
-  "video/h261": {
-    "source": "iana",
-    "extensions": ["h261"]
-  },
-  "video/h263": {
-    "source": "iana",
-    "extensions": ["h263"]
-  },
-  "video/h263-1998": {
-    "source": "iana"
-  },
-  "video/h263-2000": {
-    "source": "iana"
-  },
-  "video/h264": {
-    "source": "iana",
-    "extensions": ["h264"]
-  },
-  "video/h264-rcdo": {
-    "source": "iana"
-  },
-  "video/h264-svc": {
-    "source": "iana"
-  },
-  "video/h265": {
-    "source": "iana"
-  },
-  "video/iso.segment": {
-    "source": "iana",
-    "extensions": ["m4s"]
-  },
-  "video/jpeg": {
-    "source": "iana",
-    "extensions": ["jpgv"]
-  },
-  "video/jpeg2000": {
-    "source": "iana"
-  },
-  "video/jpm": {
-    "source": "apache",
-    "extensions": ["jpm","jpgm"]
-  },
-  "video/jxsv": {
-    "source": "iana"
-  },
-  "video/mj2": {
-    "source": "iana",
-    "extensions": ["mj2","mjp2"]
-  },
-  "video/mp1s": {
-    "source": "iana"
-  },
-  "video/mp2p": {
-    "source": "iana"
-  },
-  "video/mp2t": {
-    "source": "iana",
-    "extensions": ["ts"]
-  },
-  "video/mp4": {
-    "source": "iana",
-    "compressible": false,
-    "extensions": ["mp4","mp4v","mpg4"]
-  },
-  "video/mp4v-es": {
-    "source": "iana"
-  },
-  "video/mpeg": {
-    "source": "iana",
-    "compressible": false,
-    "extensions": ["mpeg","mpg","mpe","m1v","m2v"]
-  },
-  "video/mpeg4-generic": {
-    "source": "iana"
-  },
-  "video/mpv": {
-    "source": "iana"
-  },
-  "video/nv": {
-    "source": "iana"
-  },
-  "video/ogg": {
-    "source": "iana",
-    "compressible": false,
-    "extensions": ["ogv"]
-  },
-  "video/parityfec": {
-    "source": "iana"
-  },
-  "video/pointer": {
-    "source": "iana"
-  },
-  "video/quicktime": {
-    "source": "iana",
-    "compressible": false,
-    "extensions": ["qt","mov"]
-  },
-  "video/raptorfec": {
-    "source": "iana"
-  },
-  "video/raw": {
-    "source": "iana"
-  },
-  "video/rtp-enc-aescm128": {
-    "source": "iana"
-  },
-  "video/rtploopback": {
-    "source": "iana"
-  },
-  "video/rtx": {
-    "source": "iana"
-  },
-  "video/scip": {
-    "source": "iana"
-  },
-  "video/smpte291": {
-    "source": "iana"
-  },
-  "video/smpte292m": {
-    "source": "iana"
-  },
-  "video/ulpfec": {
-    "source": "iana"
-  },
-  "video/vc1": {
-    "source": "iana"
-  },
-  "video/vc2": {
-    "source": "iana"
-  },
-  "video/vnd.cctv": {
-    "source": "iana"
-  },
-  "video/vnd.dece.hd": {
-    "source": "iana",
-    "extensions": ["uvh","uvvh"]
-  },
-  "video/vnd.dece.mobile": {
-    "source": "iana",
-    "extensions": ["uvm","uvvm"]
-  },
-  "video/vnd.dece.mp4": {
-    "source": "iana"
-  },
-  "video/vnd.dece.pd": {
-    "source": "iana",
-    "extensions": ["uvp","uvvp"]
-  },
-  "video/vnd.dece.sd": {
-    "source": "iana",
-    "extensions": ["uvs","uvvs"]
-  },
-  "video/vnd.dece.video": {
-    "source": "iana",
-    "extensions": ["uvv","uvvv"]
-  },
-  "video/vnd.directv.mpeg": {
-    "source": "iana"
-  },
-  "video/vnd.directv.mpeg-tts": {
-    "source": "iana"
-  },
-  "video/vnd.dlna.mpeg-tts": {
-    "source": "iana"
-  },
-  "video/vnd.dvb.file": {
-    "source": "iana",
-    "extensions": ["dvb"]
-  },
-  "video/vnd.fvt": {
-    "source": "iana",
-    "extensions": ["fvt"]
-  },
-  "video/vnd.hns.video": {
-    "source": "iana"
-  },
-  "video/vnd.iptvforum.1dparityfec-1010": {
-    "source": "iana"
-  },
-  "video/vnd.iptvforum.1dparityfec-2005": {
-    "source": "iana"
-  },
-  "video/vnd.iptvforum.2dparityfec-1010": {
-    "source": "iana"
-  },
-  "video/vnd.iptvforum.2dparityfec-2005": {
-    "source": "iana"
-  },
-  "video/vnd.iptvforum.ttsavc": {
-    "source": "iana"
-  },
-  "video/vnd.iptvforum.ttsmpeg2": {
-    "source": "iana"
-  },
-  "video/vnd.motorola.video": {
-    "source": "iana"
-  },
-  "video/vnd.motorola.videop": {
-    "source": "iana"
-  },
-  "video/vnd.mpegurl": {
-    "source": "iana",
-    "extensions": ["mxu","m4u"]
-  },
-  "video/vnd.ms-playready.media.pyv": {
-    "source": "iana",
-    "extensions": ["pyv"]
-  },
-  "video/vnd.nokia.interleaved-multimedia": {
-    "source": "iana"
-  },
-  "video/vnd.nokia.mp4vr": {
-    "source": "iana"
-  },
-  "video/vnd.nokia.videovoip": {
-    "source": "iana"
-  },
-  "video/vnd.objectvideo": {
-    "source": "iana"
-  },
-  "video/vnd.radgamettools.bink": {
-    "source": "iana"
-  },
-  "video/vnd.radgamettools.smacker": {
-    "source": "iana"
-  },
-  "video/vnd.sealed.mpeg1": {
-    "source": "iana"
-  },
-  "video/vnd.sealed.mpeg4": {
-    "source": "iana"
-  },
-  "video/vnd.sealed.swf": {
-    "source": "iana"
-  },
-  "video/vnd.sealedmedia.softseal.mov": {
-    "source": "iana"
-  },
-  "video/vnd.uvvu.mp4": {
-    "source": "iana",
-    "extensions": ["uvu","uvvu"]
-  },
-  "video/vnd.vivo": {
-    "source": "iana",
-    "extensions": ["viv"]
-  },
-  "video/vnd.youtube.yt": {
-    "source": "iana"
-  },
-  "video/vp8": {
-    "source": "iana"
-  },
-  "video/vp9": {
-    "source": "iana"
-  },
-  "video/webm": {
-    "source": "apache",
-    "compressible": false,
-    "extensions": ["webm"]
-  },
-  "video/x-f4v": {
-    "source": "apache",
-    "extensions": ["f4v"]
-  },
-  "video/x-fli": {
-    "source": "apache",
-    "extensions": ["fli"]
-  },
-  "video/x-flv": {
-    "source": "apache",
-    "compressible": false,
-    "extensions": ["flv"]
-  },
-  "video/x-m4v": {
-    "source": "apache",
-    "extensions": ["m4v"]
-  },
-  "video/x-matroska": {
-    "source": "apache",
-    "compressible": false,
-    "extensions": ["mkv","mk3d","mks"]
-  },
-  "video/x-mng": {
-    "source": "apache",
-    "extensions": ["mng"]
-  },
-  "video/x-ms-asf": {
-    "source": "apache",
-    "extensions": ["asf","asx"]
-  },
-  "video/x-ms-vob": {
-    "source": "apache",
-    "extensions": ["vob"]
-  },
-  "video/x-ms-wm": {
-    "source": "apache",
-    "extensions": ["wm"]
-  },
-  "video/x-ms-wmv": {
-    "source": "apache",
-    "compressible": false,
-    "extensions": ["wmv"]
-  },
-  "video/x-ms-wmx": {
-    "source": "apache",
-    "extensions": ["wmx"]
-  },
-  "video/x-ms-wvx": {
-    "source": "apache",
-    "extensions": ["wvx"]
-  },
-  "video/x-msvideo": {
-    "source": "apache",
-    "extensions": ["avi"]
-  },
-  "video/x-sgi-movie": {
-    "source": "apache",
-    "extensions": ["movie"]
-  },
-  "video/x-smv": {
-    "source": "apache",
-    "extensions": ["smv"]
-  },
-  "x-conference/x-cooltalk": {
-    "source": "apache",
-    "extensions": ["ice"]
-  },
-  "x-shader/x-fragment": {
-    "compressible": true
-  },
-  "x-shader/x-vertex": {
-    "compressible": true
-  }
-}
diff --git a/src/Servers/ExpressServer/node_modules/mime-db/index.js b/src/Servers/ExpressServer/node_modules/mime-db/index.js
deleted file mode 100644
index ec2be30..0000000
--- a/src/Servers/ExpressServer/node_modules/mime-db/index.js
+++ /dev/null
@@ -1,12 +0,0 @@
-/*!
- * mime-db
- * Copyright(c) 2014 Jonathan Ong
- * Copyright(c) 2015-2022 Douglas Christopher Wilson
- * MIT Licensed
- */
-
-/**
- * Module exports.
- */
-
-module.exports = require('./db.json')
diff --git a/src/Servers/ExpressServer/node_modules/mime-db/package.json b/src/Servers/ExpressServer/node_modules/mime-db/package.json
deleted file mode 100644
index 32c14b8..0000000
--- a/src/Servers/ExpressServer/node_modules/mime-db/package.json
+++ /dev/null
@@ -1,60 +0,0 @@
-{
-  "name": "mime-db",
-  "description": "Media Type Database",
-  "version": "1.52.0",
-  "contributors": [
-    "Douglas Christopher Wilson <doug@somethingdoug.com>",
-    "Jonathan Ong <me@jongleberry.com> (http://jongleberry.com)",
-    "Robert Kieffer <robert@broofa.com> (http://github.com/broofa)"
-  ],
-  "license": "MIT",
-  "keywords": [
-    "mime",
-    "db",
-    "type",
-    "types",
-    "database",
-    "charset",
-    "charsets"
-  ],
-  "repository": "jshttp/mime-db",
-  "devDependencies": {
-    "bluebird": "3.7.2",
-    "co": "4.6.0",
-    "cogent": "1.0.1",
-    "csv-parse": "4.16.3",
-    "eslint": "7.32.0",
-    "eslint-config-standard": "15.0.1",
-    "eslint-plugin-import": "2.25.4",
-    "eslint-plugin-markdown": "2.2.1",
-    "eslint-plugin-node": "11.1.0",
-    "eslint-plugin-promise": "5.1.1",
-    "eslint-plugin-standard": "4.1.0",
-    "gnode": "0.1.2",
-    "media-typer": "1.1.0",
-    "mocha": "9.2.1",
-    "nyc": "15.1.0",
-    "raw-body": "2.5.0",
-    "stream-to-array": "2.3.0"
-  },
-  "files": [
-    "HISTORY.md",
-    "LICENSE",
-    "README.md",
-    "db.json",
-    "index.js"
-  ],
-  "engines": {
-    "node": ">= 0.6"
-  },
-  "scripts": {
-    "build": "node scripts/build",
-    "fetch": "node scripts/fetch-apache && gnode scripts/fetch-iana && node scripts/fetch-nginx",
-    "lint": "eslint .",
-    "test": "mocha --reporter spec --bail --check-leaks test/",
-    "test-ci": "nyc --reporter=lcov --reporter=text npm test",
-    "test-cov": "nyc --reporter=html --reporter=text npm test",
-    "update": "npm run fetch && npm run build",
-    "version": "node scripts/version-history.js && git add HISTORY.md"
-  }
-}
diff --git a/src/Servers/ExpressServer/node_modules/mime-types/HISTORY.md b/src/Servers/ExpressServer/node_modules/mime-types/HISTORY.md
deleted file mode 100644
index c5043b7..0000000
--- a/src/Servers/ExpressServer/node_modules/mime-types/HISTORY.md
+++ /dev/null
@@ -1,397 +0,0 @@
-2.1.35 / 2022-03-12
-===================
-
-  * deps: mime-db@1.52.0
-    - Add extensions from IANA for more `image/*` types
-    - Add extension `.asc` to `application/pgp-keys`
-    - Add extensions to various XML types
-    - Add new upstream MIME types
-
-2.1.34 / 2021-11-08
-===================
-
-  * deps: mime-db@1.51.0
-    - Add new upstream MIME types
-
-2.1.33 / 2021-10-01
-===================
-
-  * deps: mime-db@1.50.0
-    - Add deprecated iWorks mime types and extensions
-    - Add new upstream MIME types
-
-2.1.32 / 2021-07-27
-===================
-
-  * deps: mime-db@1.49.0
-    - Add extension `.trig` to `application/trig`
-    - Add new upstream MIME types
-
-2.1.31 / 2021-06-01
-===================
-
-  * deps: mime-db@1.48.0
-    - Add extension `.mvt` to `application/vnd.mapbox-vector-tile`
-    - Add new upstream MIME types
-
-2.1.30 / 2021-04-02
-===================
-
-  * deps: mime-db@1.47.0
-    - Add extension `.amr` to `audio/amr`
-    - Remove ambigious extensions from IANA for `application/*+xml` types
-    - Update primary extension to `.es` for `application/ecmascript`
-
-2.1.29 / 2021-02-17
-===================
-
-  * deps: mime-db@1.46.0
-    - Add extension `.amr` to `audio/amr`
-    - Add extension `.m4s` to `video/iso.segment`
-    - Add extension `.opus` to `audio/ogg`
-    - Add new upstream MIME types
-
-2.1.28 / 2021-01-01
-===================
-
-  * deps: mime-db@1.45.0
-    - Add `application/ubjson` with extension `.ubj`
-    - Add `image/avif` with extension `.avif`
-    - Add `image/ktx2` with extension `.ktx2`
-    - Add extension `.dbf` to `application/vnd.dbf`
-    - Add extension `.rar` to `application/vnd.rar`
-    - Add extension `.td` to `application/urc-targetdesc+xml`
-    - Add new upstream MIME types
-    - Fix extension of `application/vnd.apple.keynote` to be `.key`
-
-2.1.27 / 2020-04-23
-===================
-
-  * deps: mime-db@1.44.0
-    - Add charsets from IANA
-    - Add extension `.cjs` to `application/node`
-    - Add new upstream MIME types
-
-2.1.26 / 2020-01-05
-===================
-
-  * deps: mime-db@1.43.0
-    - Add `application/x-keepass2` with extension `.kdbx`
-    - Add extension `.mxmf` to `audio/mobile-xmf`
-    - Add extensions from IANA for `application/*+xml` types
-    - Add new upstream MIME types
-
-2.1.25 / 2019-11-12
-===================
-
-  * deps: mime-db@1.42.0
-    - Add new upstream MIME types
-    - Add `application/toml` with extension `.toml`
-    - Add `image/vnd.ms-dds` with extension `.dds`
-
-2.1.24 / 2019-04-20
-===================
-
-  * deps: mime-db@1.40.0
-    - Add extensions from IANA for `model/*` types
-    - Add `text/mdx` with extension `.mdx`
-
-2.1.23 / 2019-04-17
-===================
-
-  * deps: mime-db@~1.39.0
-    - Add extensions `.siv` and `.sieve` to `application/sieve`
-    - Add new upstream MIME types
-
-2.1.22 / 2019-02-14
-===================
-
-  * deps: mime-db@~1.38.0
-    - Add extension `.nq` to `application/n-quads`
-    - Add extension `.nt` to `application/n-triples`
-    - Add new upstream MIME types
-
-2.1.21 / 2018-10-19
-===================
-
-  * deps: mime-db@~1.37.0
-    - Add extensions to HEIC image types
-    - Add new upstream MIME types
-
-2.1.20 / 2018-08-26
-===================
-
-  * deps: mime-db@~1.36.0
-    - Add Apple file extensions from IANA
-    - Add extensions from IANA for `image/*` types
-    - Add new upstream MIME types
-
-2.1.19 / 2018-07-17
-===================
-
-  * deps: mime-db@~1.35.0
-    - Add extension `.csl` to `application/vnd.citationstyles.style+xml`
-    - Add extension `.es` to `application/ecmascript`
-    - Add extension `.owl` to `application/rdf+xml`
-    - Add new upstream MIME types
-    - Add UTF-8 as default charset for `text/turtle`
-
-2.1.18 / 2018-02-16
-===================
-
-  * deps: mime-db@~1.33.0
-    - Add `application/raml+yaml` with extension `.raml`
-    - Add `application/wasm` with extension `.wasm`
-    - Add `text/shex` with extension `.shex`
-    - Add extensions for JPEG-2000 images
-    - Add extensions from IANA for `message/*` types
-    - Add new upstream MIME types
-    - Update font MIME types
-    - Update `text/hjson` to registered `application/hjson`
-
-2.1.17 / 2017-09-01
-===================
-
-  * deps: mime-db@~1.30.0
-    - Add `application/vnd.ms-outlook`
-    - Add `application/x-arj`
-    - Add extension `.mjs` to `application/javascript`
-    - Add glTF types and extensions
-    - Add new upstream MIME types
-    - Add `text/x-org`
-    - Add VirtualBox MIME types
-    - Fix `source` records for `video/*` types that are IANA
-    - Update `font/opentype` to registered `font/otf`
-
-2.1.16 / 2017-07-24
-===================
-
-  * deps: mime-db@~1.29.0
-    - Add `application/fido.trusted-apps+json`
-    - Add extension `.wadl` to `application/vnd.sun.wadl+xml`
-    - Add extension `.gz` to `application/gzip`
-    - Add new upstream MIME types
-    - Update extensions `.md` and `.markdown` to be `text/markdown`
-
-2.1.15 / 2017-03-23
-===================
-
-  * deps: mime-db@~1.27.0
-    - Add new mime types
-    - Add `image/apng`
-
-2.1.14 / 2017-01-14
-===================
-
-  * deps: mime-db@~1.26.0
-    - Add new mime types
-
-2.1.13 / 2016-11-18
-===================
-
-  * deps: mime-db@~1.25.0
-    - Add new mime types
-
-2.1.12 / 2016-09-18
-===================
-
-  * deps: mime-db@~1.24.0
-    - Add new mime types
-    - Add `audio/mp3`
-
-2.1.11 / 2016-05-01
-===================
-
-  * deps: mime-db@~1.23.0
-    - Add new mime types
-
-2.1.10 / 2016-02-15
-===================
-
-  * deps: mime-db@~1.22.0
-    - Add new mime types
-    - Fix extension of `application/dash+xml`
-    - Update primary extension for `audio/mp4`
-
-2.1.9 / 2016-01-06
-==================
-
-  * deps: mime-db@~1.21.0
-    - Add new mime types
-
-2.1.8 / 2015-11-30
-==================
-
-  * deps: mime-db@~1.20.0
-    - Add new mime types
-
-2.1.7 / 2015-09-20
-==================
-
-  * deps: mime-db@~1.19.0
-    - Add new mime types
-
-2.1.6 / 2015-09-03
-==================
-
-  * deps: mime-db@~1.18.0
-    - Add new mime types
-
-2.1.5 / 2015-08-20
-==================
-
-  * deps: mime-db@~1.17.0
-    - Add new mime types
-
-2.1.4 / 2015-07-30
-==================
-
-  * deps: mime-db@~1.16.0
-    - Add new mime types
-
-2.1.3 / 2015-07-13
-==================
-
-  * deps: mime-db@~1.15.0
-    - Add new mime types
-
-2.1.2 / 2015-06-25
-==================
-
-  * deps: mime-db@~1.14.0
-    - Add new mime types
-
-2.1.1 / 2015-06-08
-==================
-
-  * perf: fix deopt during mapping
-
-2.1.0 / 2015-06-07
-==================
-
-  * Fix incorrectly treating extension-less file name as extension
-    - i.e. `'path/to/json'` will no longer return `application/json`
-  * Fix `.charset(type)` to accept parameters
-  * Fix `.charset(type)` to match case-insensitive
-  * Improve generation of extension to MIME mapping
-  * Refactor internals for readability and no argument reassignment
-  * Prefer `application/*` MIME types from the same source
-  * Prefer any type over `application/octet-stream`
-  * deps: mime-db@~1.13.0
-    - Add nginx as a source
-    - Add new mime types
-
-2.0.14 / 2015-06-06
-===================
-
-  * deps: mime-db@~1.12.0
-    - Add new mime types
-
-2.0.13 / 2015-05-31
-===================
-
-  * deps: mime-db@~1.11.0
-    - Add new mime types
-
-2.0.12 / 2015-05-19
-===================
-
-  * deps: mime-db@~1.10.0
-    - Add new mime types
-
-2.0.11 / 2015-05-05
-===================
-
-  * deps: mime-db@~1.9.1
-    - Add new mime types
-
-2.0.10 / 2015-03-13
-===================
-
-  * deps: mime-db@~1.8.0
-    - Add new mime types
-
-2.0.9 / 2015-02-09
-==================
-
-  * deps: mime-db@~1.7.0
-    - Add new mime types
-    - Community extensions ownership transferred from `node-mime`
-
-2.0.8 / 2015-01-29
-==================
-
-  * deps: mime-db@~1.6.0
-    - Add new mime types
-
-2.0.7 / 2014-12-30
-==================
-
-  * deps: mime-db@~1.5.0
-    - Add new mime types
-    - Fix various invalid MIME type entries
-
-2.0.6 / 2014-12-30
-==================
-
-  * deps: mime-db@~1.4.0
-    - Add new mime types
-    - Fix various invalid MIME type entries
-    - Remove example template MIME types
-
-2.0.5 / 2014-12-29
-==================
-
-  * deps: mime-db@~1.3.1
-    - Fix missing extensions
-
-2.0.4 / 2014-12-10
-==================
-
-  * deps: mime-db@~1.3.0
-    - Add new mime types
-
-2.0.3 / 2014-11-09
-==================
-
-  * deps: mime-db@~1.2.0
-    - Add new mime types
-
-2.0.2 / 2014-09-28
-==================
-
-  * deps: mime-db@~1.1.0
-    - Add new mime types
-    - Update charsets
-
-2.0.1 / 2014-09-07
-==================
-
-  * Support Node.js 0.6
-
-2.0.0 / 2014-09-02
-==================
-
-  * Use `mime-db`
-  * Remove `.define()`
-
-1.0.2 / 2014-08-04
-==================
-
-  * Set charset=utf-8 for `text/javascript`
-
-1.0.1 / 2014-06-24
-==================
-
-  * Add `text/jsx` type
-
-1.0.0 / 2014-05-12
-==================
-
-  * Return `false` for unknown types
-  * Set charset=utf-8 for `application/json`
-
-0.1.0 / 2014-05-02
-==================
-
-  * Initial release
diff --git a/src/Servers/ExpressServer/node_modules/mime-types/LICENSE b/src/Servers/ExpressServer/node_modules/mime-types/LICENSE
deleted file mode 100644
index 0616607..0000000
--- a/src/Servers/ExpressServer/node_modules/mime-types/LICENSE
+++ /dev/null
@@ -1,23 +0,0 @@
-(The MIT License)
-
-Copyright (c) 2014 Jonathan Ong <me@jongleberry.com>
-Copyright (c) 2015 Douglas Christopher Wilson <doug@somethingdoug.com>
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-'Software'), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
-CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
-TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
-SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/mime-types/README.md b/src/Servers/ExpressServer/node_modules/mime-types/README.md
deleted file mode 100644
index 48d2fb4..0000000
--- a/src/Servers/ExpressServer/node_modules/mime-types/README.md
+++ /dev/null
@@ -1,113 +0,0 @@
-# mime-types
-
-[![NPM Version][npm-version-image]][npm-url]
-[![NPM Downloads][npm-downloads-image]][npm-url]
-[![Node.js Version][node-version-image]][node-version-url]
-[![Build Status][ci-image]][ci-url]
-[![Test Coverage][coveralls-image]][coveralls-url]
-
-The ultimate javascript content-type utility.
-
-Similar to [the `mime@1.x` module](https://www.npmjs.com/package/mime), except:
-
-- __No fallbacks.__ Instead of naively returning the first available type,
-  `mime-types` simply returns `false`, so do
-  `var type = mime.lookup('unrecognized') || 'application/octet-stream'`.
-- No `new Mime()` business, so you could do `var lookup = require('mime-types').lookup`.
-- No `.define()` functionality
-- Bug fixes for `.lookup(path)`
-
-Otherwise, the API is compatible with `mime` 1.x.
-
-## Install
-
-This is a [Node.js](https://nodejs.org/en/) module available through the
-[npm registry](https://www.npmjs.com/). Installation is done using the
-[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
-
-```sh
-$ npm install mime-types
-```
-
-## Adding Types
-
-All mime types are based on [mime-db](https://www.npmjs.com/package/mime-db),
-so open a PR there if you'd like to add mime types.
-
-## API
-
-```js
-var mime = require('mime-types')
-```
-
-All functions return `false` if input is invalid or not found.
-
-### mime.lookup(path)
-
-Lookup the content-type associated with a file.
-
-```js
-mime.lookup('json') // 'application/json'
-mime.lookup('.md') // 'text/markdown'
-mime.lookup('file.html') // 'text/html'
-mime.lookup('folder/file.js') // 'application/javascript'
-mime.lookup('folder/.htaccess') // false
-
-mime.lookup('cats') // false
-```
-
-### mime.contentType(type)
-
-Create a full content-type header given a content-type or extension.
-When given an extension, `mime.lookup` is used to get the matching
-content-type, otherwise the given content-type is used. Then if the
-content-type does not already have a `charset` parameter, `mime.charset`
-is used to get the default charset and add to the returned content-type.
-
-```js
-mime.contentType('markdown') // 'text/x-markdown; charset=utf-8'
-mime.contentType('file.json') // 'application/json; charset=utf-8'
-mime.contentType('text/html') // 'text/html; charset=utf-8'
-mime.contentType('text/html; charset=iso-8859-1') // 'text/html; charset=iso-8859-1'
-
-// from a full path
-mime.contentType(path.extname('/path/to/file.json')) // 'application/json; charset=utf-8'
-```
-
-### mime.extension(type)
-
-Get the default extension for a content-type.
-
-```js
-mime.extension('application/octet-stream') // 'bin'
-```
-
-### mime.charset(type)
-
-Lookup the implied default charset of a content-type.
-
-```js
-mime.charset('text/markdown') // 'UTF-8'
-```
-
-### var type = mime.types[extension]
-
-A map of content-types by extension.
-
-### [extensions...] = mime.extensions[type]
-
-A map of extensions by content-type.
-
-## License
-
-[MIT](LICENSE)
-
-[ci-image]: https://badgen.net/github/checks/jshttp/mime-types/master?label=ci
-[ci-url]: https://github.com/jshttp/mime-types/actions/workflows/ci.yml
-[coveralls-image]: https://badgen.net/coveralls/c/github/jshttp/mime-types/master
-[coveralls-url]: https://coveralls.io/r/jshttp/mime-types?branch=master
-[node-version-image]: https://badgen.net/npm/node/mime-types
-[node-version-url]: https://nodejs.org/en/download
-[npm-downloads-image]: https://badgen.net/npm/dm/mime-types
-[npm-url]: https://npmjs.org/package/mime-types
-[npm-version-image]: https://badgen.net/npm/v/mime-types
diff --git a/src/Servers/ExpressServer/node_modules/mime-types/index.js b/src/Servers/ExpressServer/node_modules/mime-types/index.js
deleted file mode 100644
index b9f34d5..0000000
--- a/src/Servers/ExpressServer/node_modules/mime-types/index.js
+++ /dev/null
@@ -1,188 +0,0 @@
-/*!
- * mime-types
- * Copyright(c) 2014 Jonathan Ong
- * Copyright(c) 2015 Douglas Christopher Wilson
- * MIT Licensed
- */
-
-'use strict'
-
-/**
- * Module dependencies.
- * @private
- */
-
-var db = require('mime-db')
-var extname = require('path').extname
-
-/**
- * Module variables.
- * @private
- */
-
-var EXTRACT_TYPE_REGEXP = /^\s*([^;\s]*)(?:;|\s|$)/
-var TEXT_TYPE_REGEXP = /^text\//i
-
-/**
- * Module exports.
- * @public
- */
-
-exports.charset = charset
-exports.charsets = { lookup: charset }
-exports.contentType = contentType
-exports.extension = extension
-exports.extensions = Object.create(null)
-exports.lookup = lookup
-exports.types = Object.create(null)
-
-// Populate the extensions/types maps
-populateMaps(exports.extensions, exports.types)
-
-/**
- * Get the default charset for a MIME type.
- *
- * @param {string} type
- * @return {boolean|string}
- */
-
-function charset (type) {
-  if (!type || typeof type !== 'string') {
-    return false
-  }
-
-  // TODO: use media-typer
-  var match = EXTRACT_TYPE_REGEXP.exec(type)
-  var mime = match && db[match[1].toLowerCase()]
-
-  if (mime && mime.charset) {
-    return mime.charset
-  }
-
-  // default text/* to utf-8
-  if (match && TEXT_TYPE_REGEXP.test(match[1])) {
-    return 'UTF-8'
-  }
-
-  return false
-}
-
-/**
- * Create a full Content-Type header given a MIME type or extension.
- *
- * @param {string} str
- * @return {boolean|string}
- */
-
-function contentType (str) {
-  // TODO: should this even be in this module?
-  if (!str || typeof str !== 'string') {
-    return false
-  }
-
-  var mime = str.indexOf('/') === -1
-    ? exports.lookup(str)
-    : str
-
-  if (!mime) {
-    return false
-  }
-
-  // TODO: use content-type or other module
-  if (mime.indexOf('charset') === -1) {
-    var charset = exports.charset(mime)
-    if (charset) mime += '; charset=' + charset.toLowerCase()
-  }
-
-  return mime
-}
-
-/**
- * Get the default extension for a MIME type.
- *
- * @param {string} type
- * @return {boolean|string}
- */
-
-function extension (type) {
-  if (!type || typeof type !== 'string') {
-    return false
-  }
-
-  // TODO: use media-typer
-  var match = EXTRACT_TYPE_REGEXP.exec(type)
-
-  // get extensions
-  var exts = match && exports.extensions[match[1].toLowerCase()]
-
-  if (!exts || !exts.length) {
-    return false
-  }
-
-  return exts[0]
-}
-
-/**
- * Lookup the MIME type for a file path/extension.
- *
- * @param {string} path
- * @return {boolean|string}
- */
-
-function lookup (path) {
-  if (!path || typeof path !== 'string') {
-    return false
-  }
-
-  // get the extension ("ext" or ".ext" or full path)
-  var extension = extname('x.' + path)
-    .toLowerCase()
-    .substr(1)
-
-  if (!extension) {
-    return false
-  }
-
-  return exports.types[extension] || false
-}
-
-/**
- * Populate the extensions and types maps.
- * @private
- */
-
-function populateMaps (extensions, types) {
-  // source preference (least -> most)
-  var preference = ['nginx', 'apache', undefined, 'iana']
-
-  Object.keys(db).forEach(function forEachMimeType (type) {
-    var mime = db[type]
-    var exts = mime.extensions
-
-    if (!exts || !exts.length) {
-      return
-    }
-
-    // mime -> extensions
-    extensions[type] = exts
-
-    // extension -> mime
-    for (var i = 0; i < exts.length; i++) {
-      var extension = exts[i]
-
-      if (types[extension]) {
-        var from = preference.indexOf(db[types[extension]].source)
-        var to = preference.indexOf(mime.source)
-
-        if (types[extension] !== 'application/octet-stream' &&
-          (from > to || (from === to && types[extension].substr(0, 12) === 'application/'))) {
-          // skip the remapping
-          continue
-        }
-      }
-
-      // set the extension -> mime
-      types[extension] = type
-    }
-  })
-}
diff --git a/src/Servers/ExpressServer/node_modules/mime-types/package.json b/src/Servers/ExpressServer/node_modules/mime-types/package.json
deleted file mode 100644
index bbef696..0000000
--- a/src/Servers/ExpressServer/node_modules/mime-types/package.json
+++ /dev/null
@@ -1,44 +0,0 @@
-{
-  "name": "mime-types",
-  "description": "The ultimate javascript content-type utility.",
-  "version": "2.1.35",
-  "contributors": [
-    "Douglas Christopher Wilson <doug@somethingdoug.com>",
-    "Jeremiah Senkpiel <fishrock123@rocketmail.com> (https://searchbeam.jit.su)",
-    "Jonathan Ong <me@jongleberry.com> (http://jongleberry.com)"
-  ],
-  "license": "MIT",
-  "keywords": [
-    "mime",
-    "types"
-  ],
-  "repository": "jshttp/mime-types",
-  "dependencies": {
-    "mime-db": "1.52.0"
-  },
-  "devDependencies": {
-    "eslint": "7.32.0",
-    "eslint-config-standard": "14.1.1",
-    "eslint-plugin-import": "2.25.4",
-    "eslint-plugin-markdown": "2.2.1",
-    "eslint-plugin-node": "11.1.0",
-    "eslint-plugin-promise": "5.2.0",
-    "eslint-plugin-standard": "4.1.0",
-    "mocha": "9.2.2",
-    "nyc": "15.1.0"
-  },
-  "files": [
-    "HISTORY.md",
-    "LICENSE",
-    "index.js"
-  ],
-  "engines": {
-    "node": ">= 0.6"
-  },
-  "scripts": {
-    "lint": "eslint .",
-    "test": "mocha --reporter spec test/test.js",
-    "test-ci": "nyc --reporter=lcov --reporter=text npm test",
-    "test-cov": "nyc --reporter=html --reporter=text npm test"
-  }
-}
diff --git a/src/Servers/ExpressServer/node_modules/mime/.npmignore b/src/Servers/ExpressServer/node_modules/mime/.npmignore
deleted file mode 100644
index e69de29..0000000
diff --git a/src/Servers/ExpressServer/node_modules/mime/CHANGELOG.md b/src/Servers/ExpressServer/node_modules/mime/CHANGELOG.md
deleted file mode 100644
index f127535..0000000
--- a/src/Servers/ExpressServer/node_modules/mime/CHANGELOG.md
+++ /dev/null
@@ -1,164 +0,0 @@
-# Changelog
-
-## v1.6.0 (24/11/2017)
-*No changelog for this release.*
-
----
-
-## v2.0.4 (24/11/2017)
-- [**closed**] Switch to mime-score module for resolving extension contention issues. [#182](https://github.com/broofa/node-mime/issues/182)
-- [**closed**] Update mime-db to 1.31.0 in v1.x branch [#181](https://github.com/broofa/node-mime/issues/181)
-
----
-
-## v1.5.0 (22/11/2017)
-- [**closed**] need ES5 version ready in npm package [#179](https://github.com/broofa/node-mime/issues/179)
-- [**closed**] mime-db no trace of iWork - pages / numbers / etc. [#178](https://github.com/broofa/node-mime/issues/178)
-- [**closed**] How it works in brownser ? [#176](https://github.com/broofa/node-mime/issues/176)
-- [**closed**] Missing `./Mime` [#175](https://github.com/broofa/node-mime/issues/175)
-- [**closed**] Vulnerable Regular Expression [#167](https://github.com/broofa/node-mime/issues/167)
-
----
-
-## v2.0.3 (25/09/2017)
-*No changelog for this release.*
-
----
-
-## v1.4.1 (25/09/2017)
-- [**closed**] Issue when bundling with webpack [#172](https://github.com/broofa/node-mime/issues/172)
-
----
-
-## v2.0.2 (15/09/2017)
-- [**V2**] fs.readFileSync is not a function [#165](https://github.com/broofa/node-mime/issues/165)
-- [**closed**] The extension for video/quicktime should map to .mov, not .qt [#164](https://github.com/broofa/node-mime/issues/164)
-- [**V2**] [v2 Feedback request] Mime class API [#163](https://github.com/broofa/node-mime/issues/163)
-- [**V2**] [v2 Feedback request] Resolving conflicts over extensions [#162](https://github.com/broofa/node-mime/issues/162)
-- [**V2**] Allow callers to load module with official, full, or no defined types.  [#161](https://github.com/broofa/node-mime/issues/161)
-- [**V2**] Use "facets" to resolve extension conflicts [#160](https://github.com/broofa/node-mime/issues/160)
-- [**V2**] Remove fs and path dependencies [#152](https://github.com/broofa/node-mime/issues/152)
-- [**V2**] Default content-type should not be application/octet-stream [#139](https://github.com/broofa/node-mime/issues/139)
-- [**V2**] reset mime-types [#124](https://github.com/broofa/node-mime/issues/124)
-- [**V2**] Extensionless paths should return null or false [#113](https://github.com/broofa/node-mime/issues/113)
-
----
-
-## v2.0.1 (14/09/2017)
-- [**closed**] Changelog for v2.0 does not mention breaking changes [#171](https://github.com/broofa/node-mime/issues/171)
-- [**closed**] MIME breaking with 'class' declaration as it is without 'use strict mode' [#170](https://github.com/broofa/node-mime/issues/170)
-
----
-
-## v2.0.0 (12/09/2017)
-- [**closed**] woff and woff2 [#168](https://github.com/broofa/node-mime/issues/168)
-
----
-
-## v1.4.0 (28/08/2017)
-- [**closed**] support for ac3 voc files [#159](https://github.com/broofa/node-mime/issues/159)
-- [**closed**] Help understanding change from application/xml to text/xml [#158](https://github.com/broofa/node-mime/issues/158)
-- [**closed**] no longer able to override mimetype [#157](https://github.com/broofa/node-mime/issues/157)
-- [**closed**] application/vnd.adobe.photoshop [#147](https://github.com/broofa/node-mime/issues/147)
-- [**closed**] Directories should appear as something other than application/octet-stream [#135](https://github.com/broofa/node-mime/issues/135)
-- [**closed**] requested features [#131](https://github.com/broofa/node-mime/issues/131)
-- [**closed**] Make types.json loading optional? [#129](https://github.com/broofa/node-mime/issues/129)
-- [**closed**] Cannot find module './types.json' [#120](https://github.com/broofa/node-mime/issues/120)
-- [**V2**] .wav files show up as "audio/x-wav" instead of "audio/x-wave" [#118](https://github.com/broofa/node-mime/issues/118)
-- [**closed**] Don't be a pain in the ass for node community [#108](https://github.com/broofa/node-mime/issues/108)
-- [**closed**] don't make default_type global [#78](https://github.com/broofa/node-mime/issues/78)
-- [**closed**] mime.extension() fails if the content-type is parameterized [#74](https://github.com/broofa/node-mime/issues/74)
-
----
-
-## v1.3.6 (11/05/2017)
-- [**closed**] .md should be text/markdown as of March 2016 [#154](https://github.com/broofa/node-mime/issues/154)
-- [**closed**] Error while installing mime [#153](https://github.com/broofa/node-mime/issues/153)
-- [**closed**] application/manifest+json [#149](https://github.com/broofa/node-mime/issues/149)
-- [**closed**] Dynamic adaptive streaming over HTTP (DASH) file extension typo [#141](https://github.com/broofa/node-mime/issues/141)
-- [**closed**] charsets image/png undefined [#140](https://github.com/broofa/node-mime/issues/140)
-- [**closed**] Mime-db dependency out of date [#130](https://github.com/broofa/node-mime/issues/130)
-- [**closed**] how to support plist？ [#126](https://github.com/broofa/node-mime/issues/126)
-- [**closed**] how does .types file format look like? [#123](https://github.com/broofa/node-mime/issues/123)
-- [**closed**] Feature: support for expanding MIME patterns [#121](https://github.com/broofa/node-mime/issues/121)
-- [**closed**] DEBUG_MIME doesn't work [#117](https://github.com/broofa/node-mime/issues/117)
-
----
-
-## v1.3.4 (06/02/2015)
-*No changelog for this release.*
-
----
-
-## v1.3.3 (06/02/2015)
-*No changelog for this release.*
-
----
-
-## v1.3.1 (05/02/2015)
-- [**closed**] Consider adding support for Handlebars .hbs file ending [#111](https://github.com/broofa/node-mime/issues/111)
-- [**closed**] Consider adding support for hjson. [#110](https://github.com/broofa/node-mime/issues/110)
-- [**closed**] Add mime type for Opus audio files [#94](https://github.com/broofa/node-mime/issues/94)
-- [**closed**] Consider making the `Requesting New Types` information more visible [#77](https://github.com/broofa/node-mime/issues/77)
-
----
-
-## v1.3.0 (05/02/2015)
-- [**closed**] Add common name? [#114](https://github.com/broofa/node-mime/issues/114)
-- [**closed**] application/x-yaml [#104](https://github.com/broofa/node-mime/issues/104)
-- [**closed**] Add mime type for WOFF file format 2.0 [#102](https://github.com/broofa/node-mime/issues/102)
-- [**closed**] application/x-msi for .msi [#99](https://github.com/broofa/node-mime/issues/99)
-- [**closed**] Add mimetype for gettext translation files [#98](https://github.com/broofa/node-mime/issues/98)
-- [**closed**] collaborators [#88](https://github.com/broofa/node-mime/issues/88)
-- [**closed**] getting errot in installation of mime module...any1 can help? [#87](https://github.com/broofa/node-mime/issues/87)
-- [**closed**] should application/json's charset be utf8? [#86](https://github.com/broofa/node-mime/issues/86)
-- [**closed**] Add "license" and "licenses" to package.json [#81](https://github.com/broofa/node-mime/issues/81)
-- [**closed**] lookup with extension-less file on Windows returns wrong type [#68](https://github.com/broofa/node-mime/issues/68)
-
----
-
-## v1.2.11 (15/08/2013)
-- [**closed**] Update mime.types [#65](https://github.com/broofa/node-mime/issues/65)
-- [**closed**] Publish a new version [#63](https://github.com/broofa/node-mime/issues/63)
-- [**closed**] README should state upfront that "application/octet-stream" is default for unknown extension [#55](https://github.com/broofa/node-mime/issues/55)
-- [**closed**] Suggested improvement to the charset API [#52](https://github.com/broofa/node-mime/issues/52)
-
----
-
-## v1.2.10 (25/07/2013)
-- [**closed**] Mime type for woff files should be application/font-woff and not application/x-font-woff [#62](https://github.com/broofa/node-mime/issues/62)
-- [**closed**] node.types in conflict with mime.types [#51](https://github.com/broofa/node-mime/issues/51)
-
----
-
-## v1.2.9 (17/01/2013)
-- [**closed**] Please update "mime" NPM [#49](https://github.com/broofa/node-mime/issues/49)
-- [**closed**] Please add semicolon [#46](https://github.com/broofa/node-mime/issues/46)
-- [**closed**] parse full mime types [#43](https://github.com/broofa/node-mime/issues/43)
-
----
-
-## v1.2.8 (10/01/2013)
-- [**closed**] /js directory mime is application/javascript. Is it correct? [#47](https://github.com/broofa/node-mime/issues/47)
-- [**closed**] Add mime types for lua code. [#45](https://github.com/broofa/node-mime/issues/45)
-
----
-
-## v1.2.7 (19/10/2012)
-- [**closed**] cannot install 1.2.7 via npm [#41](https://github.com/broofa/node-mime/issues/41)
-- [**closed**] Transfer ownership to @broofa [#36](https://github.com/broofa/node-mime/issues/36)
-- [**closed**] it's wrong to set charset to UTF-8 for text [#30](https://github.com/broofa/node-mime/issues/30)
-- [**closed**] Allow multiple instances of MIME types container [#27](https://github.com/broofa/node-mime/issues/27)
-
----
-
-## v1.2.5 (16/02/2012)
-- [**closed**] When looking up a types, check hasOwnProperty [#23](https://github.com/broofa/node-mime/issues/23)
-- [**closed**] Bump version to 1.2.2 [#18](https://github.com/broofa/node-mime/issues/18)
-- [**closed**] No license [#16](https://github.com/broofa/node-mime/issues/16)
-- [**closed**] Some types missing that are used by html5/css3 [#13](https://github.com/broofa/node-mime/issues/13)
-- [**closed**] npm install fails for 1.2.1 [#12](https://github.com/broofa/node-mime/issues/12)
-- [**closed**] image/pjpeg + image/x-png [#10](https://github.com/broofa/node-mime/issues/10)
-- [**closed**] symlink [#8](https://github.com/broofa/node-mime/issues/8)
-- [**closed**] gzip [#2](https://github.com/broofa/node-mime/issues/2)
-- [**closed**] ALL CAPS filenames return incorrect mime type [#1](https://github.com/broofa/node-mime/issues/1)
diff --git a/src/Servers/ExpressServer/node_modules/mime/LICENSE b/src/Servers/ExpressServer/node_modules/mime/LICENSE
deleted file mode 100644
index d3f46f7..0000000
--- a/src/Servers/ExpressServer/node_modules/mime/LICENSE
+++ /dev/null
@@ -1,21 +0,0 @@
-The MIT License (MIT)
-
-Copyright (c) 2010 Benjamin Thomas, Robert Kieffer
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/mime/README.md b/src/Servers/ExpressServer/node_modules/mime/README.md
deleted file mode 100644
index 506fbe5..0000000
--- a/src/Servers/ExpressServer/node_modules/mime/README.md
+++ /dev/null
@@ -1,90 +0,0 @@
-# mime
-
-Comprehensive MIME type mapping API based on mime-db module.
-
-## Install
-
-Install with [npm](http://github.com/isaacs/npm):
-
-    npm install mime
-
-## Contributing / Testing
-
-    npm run test
-
-## Command Line
-
-    mime [path_string]
-
-E.g.
-
-    > mime scripts/jquery.js
-    application/javascript
-
-## API - Queries
-
-### mime.lookup(path)
-Get the mime type associated with a file, if no mime type is found `application/octet-stream` is returned. Performs a case-insensitive lookup using the extension in `path` (the substring after the last '/' or '.').  E.g.
-
-```js
-var mime = require('mime');
-
-mime.lookup('/path/to/file.txt');         // => 'text/plain'
-mime.lookup('file.txt');                  // => 'text/plain'
-mime.lookup('.TXT');                      // => 'text/plain'
-mime.lookup('htm');                       // => 'text/html'
-```
-
-### mime.default_type
-Sets the mime type returned when `mime.lookup` fails to find the extension searched for. (Default is `application/octet-stream`.)
-
-### mime.extension(type)
-Get the default extension for `type`
-
-```js
-mime.extension('text/html');                 // => 'html'
-mime.extension('application/octet-stream');  // => 'bin'
-```
-
-### mime.charsets.lookup()
-
-Map mime-type to charset
-
-```js
-mime.charsets.lookup('text/plain');        // => 'UTF-8'
-```
-
-(The logic for charset lookups is pretty rudimentary.  Feel free to suggest improvements.)
-
-## API - Defining Custom Types
-
-Custom type mappings can be added on a per-project basis via the following APIs.
-
-### mime.define()
-
-Add custom mime/extension mappings
-
-```js
-mime.define({
-    'text/x-some-format': ['x-sf', 'x-sft', 'x-sfml'],
-    'application/x-my-type': ['x-mt', 'x-mtt'],
-    // etc ...
-});
-
-mime.lookup('x-sft');                 // => 'text/x-some-format'
-```
-
-The first entry in the extensions array is returned by `mime.extension()`. E.g.
-
-```js
-mime.extension('text/x-some-format'); // => 'x-sf'
-```
-
-### mime.load(filepath)
-
-Load mappings from an Apache ".types" format file
-
-```js
-mime.load('./my_project.types');
-```
-The .types file format is simple -  See the `types` dir for examples.
diff --git a/src/Servers/ExpressServer/node_modules/mime/cli.js b/src/Servers/ExpressServer/node_modules/mime/cli.js
deleted file mode 100755
index 20b1ffe..0000000
--- a/src/Servers/ExpressServer/node_modules/mime/cli.js
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/usr/bin/env node
-
-var mime = require('./mime.js');
-var file = process.argv[2];
-var type = mime.lookup(file);
-
-process.stdout.write(type + '\n');
-
diff --git a/src/Servers/ExpressServer/node_modules/mime/mime.js b/src/Servers/ExpressServer/node_modules/mime/mime.js
deleted file mode 100644
index d7efbde..0000000
--- a/src/Servers/ExpressServer/node_modules/mime/mime.js
+++ /dev/null
@@ -1,108 +0,0 @@
-var path = require('path');
-var fs = require('fs');
-
-function Mime() {
-  // Map of extension -> mime type
-  this.types = Object.create(null);
-
-  // Map of mime type -> extension
-  this.extensions = Object.create(null);
-}
-
-/**
- * Define mimetype -> extension mappings.  Each key is a mime-type that maps
- * to an array of extensions associated with the type.  The first extension is
- * used as the default extension for the type.
- *
- * e.g. mime.define({'audio/ogg', ['oga', 'ogg', 'spx']});
- *
- * @param map (Object) type definitions
- */
-Mime.prototype.define = function (map) {
-  for (var type in map) {
-    var exts = map[type];
-    for (var i = 0; i < exts.length; i++) {
-      if (process.env.DEBUG_MIME && this.types[exts[i]]) {
-        console.warn((this._loading || "define()").replace(/.*\//, ''), 'changes "' + exts[i] + '" extension type from ' +
-          this.types[exts[i]] + ' to ' + type);
-      }
-
-      this.types[exts[i]] = type;
-    }
-
-    // Default extension is the first one we encounter
-    if (!this.extensions[type]) {
-      this.extensions[type] = exts[0];
-    }
-  }
-};
-
-/**
- * Load an Apache2-style ".types" file
- *
- * This may be called multiple times (it's expected).  Where files declare
- * overlapping types/extensions, the last file wins.
- *
- * @param file (String) path of file to load.
- */
-Mime.prototype.load = function(file) {
-  this._loading = file;
-  // Read file and split into lines
-  var map = {},
-      content = fs.readFileSync(file, 'ascii'),
-      lines = content.split(/[\r\n]+/);
-
-  lines.forEach(function(line) {
-    // Clean up whitespace/comments, and split into fields
-    var fields = line.replace(/\s*#.*|^\s*|\s*$/g, '').split(/\s+/);
-    map[fields.shift()] = fields;
-  });
-
-  this.define(map);
-
-  this._loading = null;
-};
-
-/**
- * Lookup a mime type based on extension
- */
-Mime.prototype.lookup = function(path, fallback) {
-  var ext = path.replace(/^.*[\.\/\\]/, '').toLowerCase();
-
-  return this.types[ext] || fallback || this.default_type;
-};
-
-/**
- * Return file extension associated with a mime type
- */
-Mime.prototype.extension = function(mimeType) {
-  var type = mimeType.match(/^\s*([^;\s]*)(?:;|\s|$)/)[1].toLowerCase();
-  return this.extensions[type];
-};
-
-// Default instance
-var mime = new Mime();
-
-// Define built-in types
-mime.define(require('./types.json'));
-
-// Default type
-mime.default_type = mime.lookup('bin');
-
-//
-// Additional API specific to the default instance
-//
-
-mime.Mime = Mime;
-
-/**
- * Lookup a charset based on mime type.
- */
-mime.charsets = {
-  lookup: function(mimeType, fallback) {
-    // Assume text types are utf8
-    return (/^text\/|^application\/(javascript|json)/).test(mimeType) ? 'UTF-8' : fallback;
-  }
-};
-
-module.exports = mime;
diff --git a/src/Servers/ExpressServer/node_modules/mime/package.json b/src/Servers/ExpressServer/node_modules/mime/package.json
deleted file mode 100644
index 6bd24bc..0000000
--- a/src/Servers/ExpressServer/node_modules/mime/package.json
+++ /dev/null
@@ -1,44 +0,0 @@
-{
-  "author": {
-    "name": "Robert Kieffer",
-    "url": "http://github.com/broofa",
-    "email": "robert@broofa.com"
-  },
-  "bin": {
-    "mime": "cli.js"
-  },
-  "engines": {
-    "node": ">=4"
-  },
-  "contributors": [
-    {
-      "name": "Benjamin Thomas",
-      "url": "http://github.com/bentomas",
-      "email": "benjamin@benjaminthomas.org"
-    }
-  ],
-  "description": "A comprehensive library for mime-type mapping",
-  "license": "MIT",
-  "dependencies": {},
-  "devDependencies": {
-    "github-release-notes": "0.13.1",
-    "mime-db": "1.31.0",
-    "mime-score": "1.1.0"
-  },
-  "scripts": {
-    "prepare": "node src/build.js",
-    "changelog": "gren changelog --tags=all --generate --override",
-    "test": "node src/test.js"
-  },
-  "keywords": [
-    "util",
-    "mime"
-  ],
-  "main": "mime.js",
-  "name": "mime",
-  "repository": {
-    "url": "https://github.com/broofa/node-mime",
-    "type": "git"
-  },
-  "version": "1.6.0"
-}
diff --git a/src/Servers/ExpressServer/node_modules/mime/src/build.js b/src/Servers/ExpressServer/node_modules/mime/src/build.js
deleted file mode 100755
index 4928e48..0000000
--- a/src/Servers/ExpressServer/node_modules/mime/src/build.js
+++ /dev/null
@@ -1,53 +0,0 @@
-#!/usr/bin/env node
-
-'use strict';
-
-const fs = require('fs');
-const path = require('path');
-const mimeScore = require('mime-score');
-
-let db = require('mime-db');
-let chalk = require('chalk');
-
-const STANDARD_FACET_SCORE = 900;
-
-const byExtension = {};
-
-// Clear out any conflict extensions in mime-db
-for (let type in db) {
-  let entry = db[type];
-  entry.type = type;
-
-  if (!entry.extensions) continue;
-
-  entry.extensions.forEach(ext => {
-    if (ext in byExtension) {
-      const e0 = entry;
-      const e1 = byExtension[ext];
-      e0.pri = mimeScore(e0.type, e0.source);
-      e1.pri = mimeScore(e1.type, e1.source);
-
-      let drop = e0.pri < e1.pri ? e0 : e1;
-      let keep = e0.pri >= e1.pri ? e0 : e1;
-      drop.extensions = drop.extensions.filter(e => e !== ext);
-
-      console.log(`${ext}: Keeping ${chalk.green(keep.type)} (${keep.pri}), dropping ${chalk.red(drop.type)} (${drop.pri})`);
-    }
-    byExtension[ext] = entry;
-  });
-}
-
-function writeTypesFile(types, path) {
-  fs.writeFileSync(path, JSON.stringify(types));
-}
-
-// Segregate into standard and non-standard types based on facet per
-// https://tools.ietf.org/html/rfc6838#section-3.1
-const types = {};
-
-Object.keys(db).sort().forEach(k => {
-  const entry = db[k];
-  types[entry.type] = entry.extensions;
-});
-
-writeTypesFile(types, path.join(__dirname, '..', 'types.json'));
diff --git a/src/Servers/ExpressServer/node_modules/mime/src/test.js b/src/Servers/ExpressServer/node_modules/mime/src/test.js
deleted file mode 100644
index 42958a2..0000000
--- a/src/Servers/ExpressServer/node_modules/mime/src/test.js
+++ /dev/null
@@ -1,60 +0,0 @@
-/**
- * Usage: node test.js
- */
-
-var mime = require('../mime');
-var assert = require('assert');
-var path = require('path');
-
-//
-// Test mime lookups
-//
-
-assert.equal('text/plain', mime.lookup('text.txt'));     // normal file
-assert.equal('text/plain', mime.lookup('TEXT.TXT'));     // uppercase
-assert.equal('text/plain', mime.lookup('dir/text.txt')); // dir + file
-assert.equal('text/plain', mime.lookup('.text.txt'));    // hidden file
-assert.equal('text/plain', mime.lookup('.txt'));         // nameless
-assert.equal('text/plain', mime.lookup('txt'));          // extension-only
-assert.equal('text/plain', mime.lookup('/txt'));         // extension-less ()
-assert.equal('text/plain', mime.lookup('\\txt'));        // Windows, extension-less
-assert.equal('application/octet-stream', mime.lookup('text.nope')); // unrecognized
-assert.equal('fallback', mime.lookup('text.fallback', 'fallback')); // alternate default
-
-//
-// Test extensions
-//
-
-assert.equal('txt', mime.extension(mime.types.text));
-assert.equal('html', mime.extension(mime.types.htm));
-assert.equal('bin', mime.extension('application/octet-stream'));
-assert.equal('bin', mime.extension('application/octet-stream '));
-assert.equal('html', mime.extension(' text/html; charset=UTF-8'));
-assert.equal('html', mime.extension('text/html; charset=UTF-8 '));
-assert.equal('html', mime.extension('text/html; charset=UTF-8'));
-assert.equal('html', mime.extension('text/html ; charset=UTF-8'));
-assert.equal('html', mime.extension('text/html;charset=UTF-8'));
-assert.equal('html', mime.extension('text/Html;charset=UTF-8'));
-assert.equal(undefined, mime.extension('unrecognized'));
-
-//
-// Test node.types lookups
-//
-
-assert.equal('font/woff', mime.lookup('file.woff'));
-assert.equal('application/octet-stream', mime.lookup('file.buffer'));
-// TODO: Uncomment once #157 is resolved
-// assert.equal('audio/mp4', mime.lookup('file.m4a'));
-assert.equal('font/otf', mime.lookup('file.otf'));
-
-//
-// Test charsets
-//
-
-assert.equal('UTF-8', mime.charsets.lookup('text/plain'));
-assert.equal('UTF-8', mime.charsets.lookup(mime.types.js));
-assert.equal('UTF-8', mime.charsets.lookup(mime.types.json));
-assert.equal(undefined, mime.charsets.lookup(mime.types.bin));
-assert.equal('fallback', mime.charsets.lookup('application/octet-stream', 'fallback'));
-
-console.log('\nAll tests passed');
diff --git a/src/Servers/ExpressServer/node_modules/mime/types.json b/src/Servers/ExpressServer/node_modules/mime/types.json
deleted file mode 100644
index bec78ab..0000000
--- a/src/Servers/ExpressServer/node_modules/mime/types.json
+++ /dev/null
@@ -1 +0,0 @@
-{"application/andrew-inset":["ez"],"application/applixware":["aw"],"application/atom+xml":["atom"],"application/atomcat+xml":["atomcat"],"application/atomsvc+xml":["atomsvc"],"application/bdoc":["bdoc"],"application/ccxml+xml":["ccxml"],"application/cdmi-capability":["cdmia"],"application/cdmi-container":["cdmic"],"application/cdmi-domain":["cdmid"],"application/cdmi-object":["cdmio"],"application/cdmi-queue":["cdmiq"],"application/cu-seeme":["cu"],"application/dash+xml":["mpd"],"application/davmount+xml":["davmount"],"application/docbook+xml":["dbk"],"application/dssc+der":["dssc"],"application/dssc+xml":["xdssc"],"application/ecmascript":["ecma"],"application/emma+xml":["emma"],"application/epub+zip":["epub"],"application/exi":["exi"],"application/font-tdpfr":["pfr"],"application/font-woff":[],"application/font-woff2":[],"application/geo+json":["geojson"],"application/gml+xml":["gml"],"application/gpx+xml":["gpx"],"application/gxf":["gxf"],"application/gzip":["gz"],"application/hyperstudio":["stk"],"application/inkml+xml":["ink","inkml"],"application/ipfix":["ipfix"],"application/java-archive":["jar","war","ear"],"application/java-serialized-object":["ser"],"application/java-vm":["class"],"application/javascript":["js","mjs"],"application/json":["json","map"],"application/json5":["json5"],"application/jsonml+json":["jsonml"],"application/ld+json":["jsonld"],"application/lost+xml":["lostxml"],"application/mac-binhex40":["hqx"],"application/mac-compactpro":["cpt"],"application/mads+xml":["mads"],"application/manifest+json":["webmanifest"],"application/marc":["mrc"],"application/marcxml+xml":["mrcx"],"application/mathematica":["ma","nb","mb"],"application/mathml+xml":["mathml"],"application/mbox":["mbox"],"application/mediaservercontrol+xml":["mscml"],"application/metalink+xml":["metalink"],"application/metalink4+xml":["meta4"],"application/mets+xml":["mets"],"application/mods+xml":["mods"],"application/mp21":["m21","mp21"],"application/mp4":["mp4s","m4p"],"application/msword":["doc","dot"],"application/mxf":["mxf"],"application/octet-stream":["bin","dms","lrf","mar","so","dist","distz","pkg","bpk","dump","elc","deploy","exe","dll","deb","dmg","iso","img","msi","msp","msm","buffer"],"application/oda":["oda"],"application/oebps-package+xml":["opf"],"application/ogg":["ogx"],"application/omdoc+xml":["omdoc"],"application/onenote":["onetoc","onetoc2","onetmp","onepkg"],"application/oxps":["oxps"],"application/patch-ops-error+xml":["xer"],"application/pdf":["pdf"],"application/pgp-encrypted":["pgp"],"application/pgp-signature":["asc","sig"],"application/pics-rules":["prf"],"application/pkcs10":["p10"],"application/pkcs7-mime":["p7m","p7c"],"application/pkcs7-signature":["p7s"],"application/pkcs8":["p8"],"application/pkix-attr-cert":["ac"],"application/pkix-cert":["cer"],"application/pkix-crl":["crl"],"application/pkix-pkipath":["pkipath"],"application/pkixcmp":["pki"],"application/pls+xml":["pls"],"application/postscript":["ai","eps","ps"],"application/prs.cww":["cww"],"application/pskc+xml":["pskcxml"],"application/raml+yaml":["raml"],"application/rdf+xml":["rdf"],"application/reginfo+xml":["rif"],"application/relax-ng-compact-syntax":["rnc"],"application/resource-lists+xml":["rl"],"application/resource-lists-diff+xml":["rld"],"application/rls-services+xml":["rs"],"application/rpki-ghostbusters":["gbr"],"application/rpki-manifest":["mft"],"application/rpki-roa":["roa"],"application/rsd+xml":["rsd"],"application/rss+xml":["rss"],"application/rtf":["rtf"],"application/sbml+xml":["sbml"],"application/scvp-cv-request":["scq"],"application/scvp-cv-response":["scs"],"application/scvp-vp-request":["spq"],"application/scvp-vp-response":["spp"],"application/sdp":["sdp"],"application/set-payment-initiation":["setpay"],"application/set-registration-initiation":["setreg"],"application/shf+xml":["shf"],"application/smil+xml":["smi","smil"],"application/sparql-query":["rq"],"application/sparql-results+xml":["srx"],"application/srgs":["gram"],"application/srgs+xml":["grxml"],"application/sru+xml":["sru"],"application/ssdl+xml":["ssdl"],"application/ssml+xml":["ssml"],"application/tei+xml":["tei","teicorpus"],"application/thraud+xml":["tfi"],"application/timestamped-data":["tsd"],"application/vnd.3gpp.pic-bw-large":["plb"],"application/vnd.3gpp.pic-bw-small":["psb"],"application/vnd.3gpp.pic-bw-var":["pvb"],"application/vnd.3gpp2.tcap":["tcap"],"application/vnd.3m.post-it-notes":["pwn"],"application/vnd.accpac.simply.aso":["aso"],"application/vnd.accpac.simply.imp":["imp"],"application/vnd.acucobol":["acu"],"application/vnd.acucorp":["atc","acutc"],"application/vnd.adobe.air-application-installer-package+zip":["air"],"application/vnd.adobe.formscentral.fcdt":["fcdt"],"application/vnd.adobe.fxp":["fxp","fxpl"],"application/vnd.adobe.xdp+xml":["xdp"],"application/vnd.adobe.xfdf":["xfdf"],"application/vnd.ahead.space":["ahead"],"application/vnd.airzip.filesecure.azf":["azf"],"application/vnd.airzip.filesecure.azs":["azs"],"application/vnd.amazon.ebook":["azw"],"application/vnd.americandynamics.acc":["acc"],"application/vnd.amiga.ami":["ami"],"application/vnd.android.package-archive":["apk"],"application/vnd.anser-web-certificate-issue-initiation":["cii"],"application/vnd.anser-web-funds-transfer-initiation":["fti"],"application/vnd.antix.game-component":["atx"],"application/vnd.apple.installer+xml":["mpkg"],"application/vnd.apple.mpegurl":["m3u8"],"application/vnd.apple.pkpass":["pkpass"],"application/vnd.aristanetworks.swi":["swi"],"application/vnd.astraea-software.iota":["iota"],"application/vnd.audiograph":["aep"],"application/vnd.blueice.multipass":["mpm"],"application/vnd.bmi":["bmi"],"application/vnd.businessobjects":["rep"],"application/vnd.chemdraw+xml":["cdxml"],"application/vnd.chipnuts.karaoke-mmd":["mmd"],"application/vnd.cinderella":["cdy"],"application/vnd.claymore":["cla"],"application/vnd.cloanto.rp9":["rp9"],"application/vnd.clonk.c4group":["c4g","c4d","c4f","c4p","c4u"],"application/vnd.cluetrust.cartomobile-config":["c11amc"],"application/vnd.cluetrust.cartomobile-config-pkg":["c11amz"],"application/vnd.commonspace":["csp"],"application/vnd.contact.cmsg":["cdbcmsg"],"application/vnd.cosmocaller":["cmc"],"application/vnd.crick.clicker":["clkx"],"application/vnd.crick.clicker.keyboard":["clkk"],"application/vnd.crick.clicker.palette":["clkp"],"application/vnd.crick.clicker.template":["clkt"],"application/vnd.crick.clicker.wordbank":["clkw"],"application/vnd.criticaltools.wbs+xml":["wbs"],"application/vnd.ctc-posml":["pml"],"application/vnd.cups-ppd":["ppd"],"application/vnd.curl.car":["car"],"application/vnd.curl.pcurl":["pcurl"],"application/vnd.dart":["dart"],"application/vnd.data-vision.rdz":["rdz"],"application/vnd.dece.data":["uvf","uvvf","uvd","uvvd"],"application/vnd.dece.ttml+xml":["uvt","uvvt"],"application/vnd.dece.unspecified":["uvx","uvvx"],"application/vnd.dece.zip":["uvz","uvvz"],"application/vnd.denovo.fcselayout-link":["fe_launch"],"application/vnd.dna":["dna"],"application/vnd.dolby.mlp":["mlp"],"application/vnd.dpgraph":["dpg"],"application/vnd.dreamfactory":["dfac"],"application/vnd.ds-keypoint":["kpxx"],"application/vnd.dvb.ait":["ait"],"application/vnd.dvb.service":["svc"],"application/vnd.dynageo":["geo"],"application/vnd.ecowin.chart":["mag"],"application/vnd.enliven":["nml"],"application/vnd.epson.esf":["esf"],"application/vnd.epson.msf":["msf"],"application/vnd.epson.quickanime":["qam"],"application/vnd.epson.salt":["slt"],"application/vnd.epson.ssf":["ssf"],"application/vnd.eszigno3+xml":["es3","et3"],"application/vnd.ezpix-album":["ez2"],"application/vnd.ezpix-package":["ez3"],"application/vnd.fdf":["fdf"],"application/vnd.fdsn.mseed":["mseed"],"application/vnd.fdsn.seed":["seed","dataless"],"application/vnd.flographit":["gph"],"application/vnd.fluxtime.clip":["ftc"],"application/vnd.framemaker":["fm","frame","maker","book"],"application/vnd.frogans.fnc":["fnc"],"application/vnd.frogans.ltf":["ltf"],"application/vnd.fsc.weblaunch":["fsc"],"application/vnd.fujitsu.oasys":["oas"],"application/vnd.fujitsu.oasys2":["oa2"],"application/vnd.fujitsu.oasys3":["oa3"],"application/vnd.fujitsu.oasysgp":["fg5"],"application/vnd.fujitsu.oasysprs":["bh2"],"application/vnd.fujixerox.ddd":["ddd"],"application/vnd.fujixerox.docuworks":["xdw"],"application/vnd.fujixerox.docuworks.binder":["xbd"],"application/vnd.fuzzysheet":["fzs"],"application/vnd.genomatix.tuxedo":["txd"],"application/vnd.geogebra.file":["ggb"],"application/vnd.geogebra.tool":["ggt"],"application/vnd.geometry-explorer":["gex","gre"],"application/vnd.geonext":["gxt"],"application/vnd.geoplan":["g2w"],"application/vnd.geospace":["g3w"],"application/vnd.gmx":["gmx"],"application/vnd.google-apps.document":["gdoc"],"application/vnd.google-apps.presentation":["gslides"],"application/vnd.google-apps.spreadsheet":["gsheet"],"application/vnd.google-earth.kml+xml":["kml"],"application/vnd.google-earth.kmz":["kmz"],"application/vnd.grafeq":["gqf","gqs"],"application/vnd.groove-account":["gac"],"application/vnd.groove-help":["ghf"],"application/vnd.groove-identity-message":["gim"],"application/vnd.groove-injector":["grv"],"application/vnd.groove-tool-message":["gtm"],"application/vnd.groove-tool-template":["tpl"],"application/vnd.groove-vcard":["vcg"],"application/vnd.hal+xml":["hal"],"application/vnd.handheld-entertainment+xml":["zmm"],"application/vnd.hbci":["hbci"],"application/vnd.hhe.lesson-player":["les"],"application/vnd.hp-hpgl":["hpgl"],"application/vnd.hp-hpid":["hpid"],"application/vnd.hp-hps":["hps"],"application/vnd.hp-jlyt":["jlt"],"application/vnd.hp-pcl":["pcl"],"application/vnd.hp-pclxl":["pclxl"],"application/vnd.hydrostatix.sof-data":["sfd-hdstx"],"application/vnd.ibm.minipay":["mpy"],"application/vnd.ibm.modcap":["afp","listafp","list3820"],"application/vnd.ibm.rights-management":["irm"],"application/vnd.ibm.secure-container":["sc"],"application/vnd.iccprofile":["icc","icm"],"application/vnd.igloader":["igl"],"application/vnd.immervision-ivp":["ivp"],"application/vnd.immervision-ivu":["ivu"],"application/vnd.insors.igm":["igm"],"application/vnd.intercon.formnet":["xpw","xpx"],"application/vnd.intergeo":["i2g"],"application/vnd.intu.qbo":["qbo"],"application/vnd.intu.qfx":["qfx"],"application/vnd.ipunplugged.rcprofile":["rcprofile"],"application/vnd.irepository.package+xml":["irp"],"application/vnd.is-xpr":["xpr"],"application/vnd.isac.fcs":["fcs"],"application/vnd.jam":["jam"],"application/vnd.jcp.javame.midlet-rms":["rms"],"application/vnd.jisp":["jisp"],"application/vnd.joost.joda-archive":["joda"],"application/vnd.kahootz":["ktz","ktr"],"application/vnd.kde.karbon":["karbon"],"application/vnd.kde.kchart":["chrt"],"application/vnd.kde.kformula":["kfo"],"application/vnd.kde.kivio":["flw"],"application/vnd.kde.kontour":["kon"],"application/vnd.kde.kpresenter":["kpr","kpt"],"application/vnd.kde.kspread":["ksp"],"application/vnd.kde.kword":["kwd","kwt"],"application/vnd.kenameaapp":["htke"],"application/vnd.kidspiration":["kia"],"application/vnd.kinar":["kne","knp"],"application/vnd.koan":["skp","skd","skt","skm"],"application/vnd.kodak-descriptor":["sse"],"application/vnd.las.las+xml":["lasxml"],"application/vnd.llamagraphics.life-balance.desktop":["lbd"],"application/vnd.llamagraphics.life-balance.exchange+xml":["lbe"],"application/vnd.lotus-1-2-3":["123"],"application/vnd.lotus-approach":["apr"],"application/vnd.lotus-freelance":["pre"],"application/vnd.lotus-notes":["nsf"],"application/vnd.lotus-organizer":["org"],"application/vnd.lotus-screencam":["scm"],"application/vnd.lotus-wordpro":["lwp"],"application/vnd.macports.portpkg":["portpkg"],"application/vnd.mcd":["mcd"],"application/vnd.medcalcdata":["mc1"],"application/vnd.mediastation.cdkey":["cdkey"],"application/vnd.mfer":["mwf"],"application/vnd.mfmp":["mfm"],"application/vnd.micrografx.flo":["flo"],"application/vnd.micrografx.igx":["igx"],"application/vnd.mif":["mif"],"application/vnd.mobius.daf":["daf"],"application/vnd.mobius.dis":["dis"],"application/vnd.mobius.mbk":["mbk"],"application/vnd.mobius.mqy":["mqy"],"application/vnd.mobius.msl":["msl"],"application/vnd.mobius.plc":["plc"],"application/vnd.mobius.txf":["txf"],"application/vnd.mophun.application":["mpn"],"application/vnd.mophun.certificate":["mpc"],"application/vnd.mozilla.xul+xml":["xul"],"application/vnd.ms-artgalry":["cil"],"application/vnd.ms-cab-compressed":["cab"],"application/vnd.ms-excel":["xls","xlm","xla","xlc","xlt","xlw"],"application/vnd.ms-excel.addin.macroenabled.12":["xlam"],"application/vnd.ms-excel.sheet.binary.macroenabled.12":["xlsb"],"application/vnd.ms-excel.sheet.macroenabled.12":["xlsm"],"application/vnd.ms-excel.template.macroenabled.12":["xltm"],"application/vnd.ms-fontobject":["eot"],"application/vnd.ms-htmlhelp":["chm"],"application/vnd.ms-ims":["ims"],"application/vnd.ms-lrm":["lrm"],"application/vnd.ms-officetheme":["thmx"],"application/vnd.ms-outlook":["msg"],"application/vnd.ms-pki.seccat":["cat"],"application/vnd.ms-pki.stl":["stl"],"application/vnd.ms-powerpoint":["ppt","pps","pot"],"application/vnd.ms-powerpoint.addin.macroenabled.12":["ppam"],"application/vnd.ms-powerpoint.presentation.macroenabled.12":["pptm"],"application/vnd.ms-powerpoint.slide.macroenabled.12":["sldm"],"application/vnd.ms-powerpoint.slideshow.macroenabled.12":["ppsm"],"application/vnd.ms-powerpoint.template.macroenabled.12":["potm"],"application/vnd.ms-project":["mpp","mpt"],"application/vnd.ms-word.document.macroenabled.12":["docm"],"application/vnd.ms-word.template.macroenabled.12":["dotm"],"application/vnd.ms-works":["wps","wks","wcm","wdb"],"application/vnd.ms-wpl":["wpl"],"application/vnd.ms-xpsdocument":["xps"],"application/vnd.mseq":["mseq"],"application/vnd.musician":["mus"],"application/vnd.muvee.style":["msty"],"application/vnd.mynfc":["taglet"],"application/vnd.neurolanguage.nlu":["nlu"],"application/vnd.nitf":["ntf","nitf"],"application/vnd.noblenet-directory":["nnd"],"application/vnd.noblenet-sealer":["nns"],"application/vnd.noblenet-web":["nnw"],"application/vnd.nokia.n-gage.data":["ngdat"],"application/vnd.nokia.n-gage.symbian.install":["n-gage"],"application/vnd.nokia.radio-preset":["rpst"],"application/vnd.nokia.radio-presets":["rpss"],"application/vnd.novadigm.edm":["edm"],"application/vnd.novadigm.edx":["edx"],"application/vnd.novadigm.ext":["ext"],"application/vnd.oasis.opendocument.chart":["odc"],"application/vnd.oasis.opendocument.chart-template":["otc"],"application/vnd.oasis.opendocument.database":["odb"],"application/vnd.oasis.opendocument.formula":["odf"],"application/vnd.oasis.opendocument.formula-template":["odft"],"application/vnd.oasis.opendocument.graphics":["odg"],"application/vnd.oasis.opendocument.graphics-template":["otg"],"application/vnd.oasis.opendocument.image":["odi"],"application/vnd.oasis.opendocument.image-template":["oti"],"application/vnd.oasis.opendocument.presentation":["odp"],"application/vnd.oasis.opendocument.presentation-template":["otp"],"application/vnd.oasis.opendocument.spreadsheet":["ods"],"application/vnd.oasis.opendocument.spreadsheet-template":["ots"],"application/vnd.oasis.opendocument.text":["odt"],"application/vnd.oasis.opendocument.text-master":["odm"],"application/vnd.oasis.opendocument.text-template":["ott"],"application/vnd.oasis.opendocument.text-web":["oth"],"application/vnd.olpc-sugar":["xo"],"application/vnd.oma.dd2+xml":["dd2"],"application/vnd.openofficeorg.extension":["oxt"],"application/vnd.openxmlformats-officedocument.presentationml.presentation":["pptx"],"application/vnd.openxmlformats-officedocument.presentationml.slide":["sldx"],"application/vnd.openxmlformats-officedocument.presentationml.slideshow":["ppsx"],"application/vnd.openxmlformats-officedocument.presentationml.template":["potx"],"application/vnd.openxmlformats-officedocument.spreadsheetml.sheet":["xlsx"],"application/vnd.openxmlformats-officedocument.spreadsheetml.template":["xltx"],"application/vnd.openxmlformats-officedocument.wordprocessingml.document":["docx"],"application/vnd.openxmlformats-officedocument.wordprocessingml.template":["dotx"],"application/vnd.osgeo.mapguide.package":["mgp"],"application/vnd.osgi.dp":["dp"],"application/vnd.osgi.subsystem":["esa"],"application/vnd.palm":["pdb","pqa","oprc"],"application/vnd.pawaafile":["paw"],"application/vnd.pg.format":["str"],"application/vnd.pg.osasli":["ei6"],"application/vnd.picsel":["efif"],"application/vnd.pmi.widget":["wg"],"application/vnd.pocketlearn":["plf"],"application/vnd.powerbuilder6":["pbd"],"application/vnd.previewsystems.box":["box"],"application/vnd.proteus.magazine":["mgz"],"application/vnd.publishare-delta-tree":["qps"],"application/vnd.pvi.ptid1":["ptid"],"application/vnd.quark.quarkxpress":["qxd","qxt","qwd","qwt","qxl","qxb"],"application/vnd.realvnc.bed":["bed"],"application/vnd.recordare.musicxml":["mxl"],"application/vnd.recordare.musicxml+xml":["musicxml"],"application/vnd.rig.cryptonote":["cryptonote"],"application/vnd.rim.cod":["cod"],"application/vnd.rn-realmedia":["rm"],"application/vnd.rn-realmedia-vbr":["rmvb"],"application/vnd.route66.link66+xml":["link66"],"application/vnd.sailingtracker.track":["st"],"application/vnd.seemail":["see"],"application/vnd.sema":["sema"],"application/vnd.semd":["semd"],"application/vnd.semf":["semf"],"application/vnd.shana.informed.formdata":["ifm"],"application/vnd.shana.informed.formtemplate":["itp"],"application/vnd.shana.informed.interchange":["iif"],"application/vnd.shana.informed.package":["ipk"],"application/vnd.simtech-mindmapper":["twd","twds"],"application/vnd.smaf":["mmf"],"application/vnd.smart.teacher":["teacher"],"application/vnd.solent.sdkm+xml":["sdkm","sdkd"],"application/vnd.spotfire.dxp":["dxp"],"application/vnd.spotfire.sfs":["sfs"],"application/vnd.stardivision.calc":["sdc"],"application/vnd.stardivision.draw":["sda"],"application/vnd.stardivision.impress":["sdd"],"application/vnd.stardivision.math":["smf"],"application/vnd.stardivision.writer":["sdw","vor"],"application/vnd.stardivision.writer-global":["sgl"],"application/vnd.stepmania.package":["smzip"],"application/vnd.stepmania.stepchart":["sm"],"application/vnd.sun.wadl+xml":["wadl"],"application/vnd.sun.xml.calc":["sxc"],"application/vnd.sun.xml.calc.template":["stc"],"application/vnd.sun.xml.draw":["sxd"],"application/vnd.sun.xml.draw.template":["std"],"application/vnd.sun.xml.impress":["sxi"],"application/vnd.sun.xml.impress.template":["sti"],"application/vnd.sun.xml.math":["sxm"],"application/vnd.sun.xml.writer":["sxw"],"application/vnd.sun.xml.writer.global":["sxg"],"application/vnd.sun.xml.writer.template":["stw"],"application/vnd.sus-calendar":["sus","susp"],"application/vnd.svd":["svd"],"application/vnd.symbian.install":["sis","sisx"],"application/vnd.syncml+xml":["xsm"],"application/vnd.syncml.dm+wbxml":["bdm"],"application/vnd.syncml.dm+xml":["xdm"],"application/vnd.tao.intent-module-archive":["tao"],"application/vnd.tcpdump.pcap":["pcap","cap","dmp"],"application/vnd.tmobile-livetv":["tmo"],"application/vnd.trid.tpt":["tpt"],"application/vnd.triscape.mxs":["mxs"],"application/vnd.trueapp":["tra"],"application/vnd.ufdl":["ufd","ufdl"],"application/vnd.uiq.theme":["utz"],"application/vnd.umajin":["umj"],"application/vnd.unity":["unityweb"],"application/vnd.uoml+xml":["uoml"],"application/vnd.vcx":["vcx"],"application/vnd.visio":["vsd","vst","vss","vsw"],"application/vnd.visionary":["vis"],"application/vnd.vsf":["vsf"],"application/vnd.wap.wbxml":["wbxml"],"application/vnd.wap.wmlc":["wmlc"],"application/vnd.wap.wmlscriptc":["wmlsc"],"application/vnd.webturbo":["wtb"],"application/vnd.wolfram.player":["nbp"],"application/vnd.wordperfect":["wpd"],"application/vnd.wqd":["wqd"],"application/vnd.wt.stf":["stf"],"application/vnd.xara":["xar"],"application/vnd.xfdl":["xfdl"],"application/vnd.yamaha.hv-dic":["hvd"],"application/vnd.yamaha.hv-script":["hvs"],"application/vnd.yamaha.hv-voice":["hvp"],"application/vnd.yamaha.openscoreformat":["osf"],"application/vnd.yamaha.openscoreformat.osfpvg+xml":["osfpvg"],"application/vnd.yamaha.smaf-audio":["saf"],"application/vnd.yamaha.smaf-phrase":["spf"],"application/vnd.yellowriver-custom-menu":["cmp"],"application/vnd.zul":["zir","zirz"],"application/vnd.zzazz.deck+xml":["zaz"],"application/voicexml+xml":["vxml"],"application/wasm":["wasm"],"application/widget":["wgt"],"application/winhlp":["hlp"],"application/wsdl+xml":["wsdl"],"application/wspolicy+xml":["wspolicy"],"application/x-7z-compressed":["7z"],"application/x-abiword":["abw"],"application/x-ace-compressed":["ace"],"application/x-apple-diskimage":[],"application/x-arj":["arj"],"application/x-authorware-bin":["aab","x32","u32","vox"],"application/x-authorware-map":["aam"],"application/x-authorware-seg":["aas"],"application/x-bcpio":["bcpio"],"application/x-bdoc":[],"application/x-bittorrent":["torrent"],"application/x-blorb":["blb","blorb"],"application/x-bzip":["bz"],"application/x-bzip2":["bz2","boz"],"application/x-cbr":["cbr","cba","cbt","cbz","cb7"],"application/x-cdlink":["vcd"],"application/x-cfs-compressed":["cfs"],"application/x-chat":["chat"],"application/x-chess-pgn":["pgn"],"application/x-chrome-extension":["crx"],"application/x-cocoa":["cco"],"application/x-conference":["nsc"],"application/x-cpio":["cpio"],"application/x-csh":["csh"],"application/x-debian-package":["udeb"],"application/x-dgc-compressed":["dgc"],"application/x-director":["dir","dcr","dxr","cst","cct","cxt","w3d","fgd","swa"],"application/x-doom":["wad"],"application/x-dtbncx+xml":["ncx"],"application/x-dtbook+xml":["dtb"],"application/x-dtbresource+xml":["res"],"application/x-dvi":["dvi"],"application/x-envoy":["evy"],"application/x-eva":["eva"],"application/x-font-bdf":["bdf"],"application/x-font-ghostscript":["gsf"],"application/x-font-linux-psf":["psf"],"application/x-font-pcf":["pcf"],"application/x-font-snf":["snf"],"application/x-font-type1":["pfa","pfb","pfm","afm"],"application/x-freearc":["arc"],"application/x-futuresplash":["spl"],"application/x-gca-compressed":["gca"],"application/x-glulx":["ulx"],"application/x-gnumeric":["gnumeric"],"application/x-gramps-xml":["gramps"],"application/x-gtar":["gtar"],"application/x-hdf":["hdf"],"application/x-httpd-php":["php"],"application/x-install-instructions":["install"],"application/x-iso9660-image":[],"application/x-java-archive-diff":["jardiff"],"application/x-java-jnlp-file":["jnlp"],"application/x-latex":["latex"],"application/x-lua-bytecode":["luac"],"application/x-lzh-compressed":["lzh","lha"],"application/x-makeself":["run"],"application/x-mie":["mie"],"application/x-mobipocket-ebook":["prc","mobi"],"application/x-ms-application":["application"],"application/x-ms-shortcut":["lnk"],"application/x-ms-wmd":["wmd"],"application/x-ms-wmz":["wmz"],"application/x-ms-xbap":["xbap"],"application/x-msaccess":["mdb"],"application/x-msbinder":["obd"],"application/x-mscardfile":["crd"],"application/x-msclip":["clp"],"application/x-msdos-program":[],"application/x-msdownload":["com","bat"],"application/x-msmediaview":["mvb","m13","m14"],"application/x-msmetafile":["wmf","emf","emz"],"application/x-msmoney":["mny"],"application/x-mspublisher":["pub"],"application/x-msschedule":["scd"],"application/x-msterminal":["trm"],"application/x-mswrite":["wri"],"application/x-netcdf":["nc","cdf"],"application/x-ns-proxy-autoconfig":["pac"],"application/x-nzb":["nzb"],"application/x-perl":["pl","pm"],"application/x-pilot":[],"application/x-pkcs12":["p12","pfx"],"application/x-pkcs7-certificates":["p7b","spc"],"application/x-pkcs7-certreqresp":["p7r"],"application/x-rar-compressed":["rar"],"application/x-redhat-package-manager":["rpm"],"application/x-research-info-systems":["ris"],"application/x-sea":["sea"],"application/x-sh":["sh"],"application/x-shar":["shar"],"application/x-shockwave-flash":["swf"],"application/x-silverlight-app":["xap"],"application/x-sql":["sql"],"application/x-stuffit":["sit"],"application/x-stuffitx":["sitx"],"application/x-subrip":["srt"],"application/x-sv4cpio":["sv4cpio"],"application/x-sv4crc":["sv4crc"],"application/x-t3vm-image":["t3"],"application/x-tads":["gam"],"application/x-tar":["tar"],"application/x-tcl":["tcl","tk"],"application/x-tex":["tex"],"application/x-tex-tfm":["tfm"],"application/x-texinfo":["texinfo","texi"],"application/x-tgif":["obj"],"application/x-ustar":["ustar"],"application/x-virtualbox-hdd":["hdd"],"application/x-virtualbox-ova":["ova"],"application/x-virtualbox-ovf":["ovf"],"application/x-virtualbox-vbox":["vbox"],"application/x-virtualbox-vbox-extpack":["vbox-extpack"],"application/x-virtualbox-vdi":["vdi"],"application/x-virtualbox-vhd":["vhd"],"application/x-virtualbox-vmdk":["vmdk"],"application/x-wais-source":["src"],"application/x-web-app-manifest+json":["webapp"],"application/x-x509-ca-cert":["der","crt","pem"],"application/x-xfig":["fig"],"application/x-xliff+xml":["xlf"],"application/x-xpinstall":["xpi"],"application/x-xz":["xz"],"application/x-zmachine":["z1","z2","z3","z4","z5","z6","z7","z8"],"application/xaml+xml":["xaml"],"application/xcap-diff+xml":["xdf"],"application/xenc+xml":["xenc"],"application/xhtml+xml":["xhtml","xht"],"application/xml":["xml","xsl","xsd","rng"],"application/xml-dtd":["dtd"],"application/xop+xml":["xop"],"application/xproc+xml":["xpl"],"application/xslt+xml":["xslt"],"application/xspf+xml":["xspf"],"application/xv+xml":["mxml","xhvml","xvml","xvm"],"application/yang":["yang"],"application/yin+xml":["yin"],"application/zip":["zip"],"audio/3gpp":[],"audio/adpcm":["adp"],"audio/basic":["au","snd"],"audio/midi":["mid","midi","kar","rmi"],"audio/mp3":[],"audio/mp4":["m4a","mp4a"],"audio/mpeg":["mpga","mp2","mp2a","mp3","m2a","m3a"],"audio/ogg":["oga","ogg","spx"],"audio/s3m":["s3m"],"audio/silk":["sil"],"audio/vnd.dece.audio":["uva","uvva"],"audio/vnd.digital-winds":["eol"],"audio/vnd.dra":["dra"],"audio/vnd.dts":["dts"],"audio/vnd.dts.hd":["dtshd"],"audio/vnd.lucent.voice":["lvp"],"audio/vnd.ms-playready.media.pya":["pya"],"audio/vnd.nuera.ecelp4800":["ecelp4800"],"audio/vnd.nuera.ecelp7470":["ecelp7470"],"audio/vnd.nuera.ecelp9600":["ecelp9600"],"audio/vnd.rip":["rip"],"audio/wav":["wav"],"audio/wave":[],"audio/webm":["weba"],"audio/x-aac":["aac"],"audio/x-aiff":["aif","aiff","aifc"],"audio/x-caf":["caf"],"audio/x-flac":["flac"],"audio/x-m4a":[],"audio/x-matroska":["mka"],"audio/x-mpegurl":["m3u"],"audio/x-ms-wax":["wax"],"audio/x-ms-wma":["wma"],"audio/x-pn-realaudio":["ram","ra"],"audio/x-pn-realaudio-plugin":["rmp"],"audio/x-realaudio":[],"audio/x-wav":[],"audio/xm":["xm"],"chemical/x-cdx":["cdx"],"chemical/x-cif":["cif"],"chemical/x-cmdf":["cmdf"],"chemical/x-cml":["cml"],"chemical/x-csml":["csml"],"chemical/x-xyz":["xyz"],"font/collection":["ttc"],"font/otf":["otf"],"font/ttf":["ttf"],"font/woff":["woff"],"font/woff2":["woff2"],"image/apng":["apng"],"image/bmp":["bmp"],"image/cgm":["cgm"],"image/g3fax":["g3"],"image/gif":["gif"],"image/ief":["ief"],"image/jp2":["jp2","jpg2"],"image/jpeg":["jpeg","jpg","jpe"],"image/jpm":["jpm"],"image/jpx":["jpx","jpf"],"image/ktx":["ktx"],"image/png":["png"],"image/prs.btif":["btif"],"image/sgi":["sgi"],"image/svg+xml":["svg","svgz"],"image/tiff":["tiff","tif"],"image/vnd.adobe.photoshop":["psd"],"image/vnd.dece.graphic":["uvi","uvvi","uvg","uvvg"],"image/vnd.djvu":["djvu","djv"],"image/vnd.dvb.subtitle":[],"image/vnd.dwg":["dwg"],"image/vnd.dxf":["dxf"],"image/vnd.fastbidsheet":["fbs"],"image/vnd.fpx":["fpx"],"image/vnd.fst":["fst"],"image/vnd.fujixerox.edmics-mmr":["mmr"],"image/vnd.fujixerox.edmics-rlc":["rlc"],"image/vnd.ms-modi":["mdi"],"image/vnd.ms-photo":["wdp"],"image/vnd.net-fpx":["npx"],"image/vnd.wap.wbmp":["wbmp"],"image/vnd.xiff":["xif"],"image/webp":["webp"],"image/x-3ds":["3ds"],"image/x-cmu-raster":["ras"],"image/x-cmx":["cmx"],"image/x-freehand":["fh","fhc","fh4","fh5","fh7"],"image/x-icon":["ico"],"image/x-jng":["jng"],"image/x-mrsid-image":["sid"],"image/x-ms-bmp":[],"image/x-pcx":["pcx"],"image/x-pict":["pic","pct"],"image/x-portable-anymap":["pnm"],"image/x-portable-bitmap":["pbm"],"image/x-portable-graymap":["pgm"],"image/x-portable-pixmap":["ppm"],"image/x-rgb":["rgb"],"image/x-tga":["tga"],"image/x-xbitmap":["xbm"],"image/x-xpixmap":["xpm"],"image/x-xwindowdump":["xwd"],"message/rfc822":["eml","mime"],"model/gltf+json":["gltf"],"model/gltf-binary":["glb"],"model/iges":["igs","iges"],"model/mesh":["msh","mesh","silo"],"model/vnd.collada+xml":["dae"],"model/vnd.dwf":["dwf"],"model/vnd.gdl":["gdl"],"model/vnd.gtw":["gtw"],"model/vnd.mts":["mts"],"model/vnd.vtu":["vtu"],"model/vrml":["wrl","vrml"],"model/x3d+binary":["x3db","x3dbz"],"model/x3d+vrml":["x3dv","x3dvz"],"model/x3d+xml":["x3d","x3dz"],"text/cache-manifest":["appcache","manifest"],"text/calendar":["ics","ifb"],"text/coffeescript":["coffee","litcoffee"],"text/css":["css"],"text/csv":["csv"],"text/hjson":["hjson"],"text/html":["html","htm","shtml"],"text/jade":["jade"],"text/jsx":["jsx"],"text/less":["less"],"text/markdown":["markdown","md"],"text/mathml":["mml"],"text/n3":["n3"],"text/plain":["txt","text","conf","def","list","log","in","ini"],"text/prs.lines.tag":["dsc"],"text/richtext":["rtx"],"text/rtf":[],"text/sgml":["sgml","sgm"],"text/slim":["slim","slm"],"text/stylus":["stylus","styl"],"text/tab-separated-values":["tsv"],"text/troff":["t","tr","roff","man","me","ms"],"text/turtle":["ttl"],"text/uri-list":["uri","uris","urls"],"text/vcard":["vcard"],"text/vnd.curl":["curl"],"text/vnd.curl.dcurl":["dcurl"],"text/vnd.curl.mcurl":["mcurl"],"text/vnd.curl.scurl":["scurl"],"text/vnd.dvb.subtitle":["sub"],"text/vnd.fly":["fly"],"text/vnd.fmi.flexstor":["flx"],"text/vnd.graphviz":["gv"],"text/vnd.in3d.3dml":["3dml"],"text/vnd.in3d.spot":["spot"],"text/vnd.sun.j2me.app-descriptor":["jad"],"text/vnd.wap.wml":["wml"],"text/vnd.wap.wmlscript":["wmls"],"text/vtt":["vtt"],"text/x-asm":["s","asm"],"text/x-c":["c","cc","cxx","cpp","h","hh","dic"],"text/x-component":["htc"],"text/x-fortran":["f","for","f77","f90"],"text/x-handlebars-template":["hbs"],"text/x-java-source":["java"],"text/x-lua":["lua"],"text/x-markdown":["mkd"],"text/x-nfo":["nfo"],"text/x-opml":["opml"],"text/x-org":[],"text/x-pascal":["p","pas"],"text/x-processing":["pde"],"text/x-sass":["sass"],"text/x-scss":["scss"],"text/x-setext":["etx"],"text/x-sfv":["sfv"],"text/x-suse-ymp":["ymp"],"text/x-uuencode":["uu"],"text/x-vcalendar":["vcs"],"text/x-vcard":["vcf"],"text/xml":[],"text/yaml":["yaml","yml"],"video/3gpp":["3gp","3gpp"],"video/3gpp2":["3g2"],"video/h261":["h261"],"video/h263":["h263"],"video/h264":["h264"],"video/jpeg":["jpgv"],"video/jpm":["jpgm"],"video/mj2":["mj2","mjp2"],"video/mp2t":["ts"],"video/mp4":["mp4","mp4v","mpg4"],"video/mpeg":["mpeg","mpg","mpe","m1v","m2v"],"video/ogg":["ogv"],"video/quicktime":["qt","mov"],"video/vnd.dece.hd":["uvh","uvvh"],"video/vnd.dece.mobile":["uvm","uvvm"],"video/vnd.dece.pd":["uvp","uvvp"],"video/vnd.dece.sd":["uvs","uvvs"],"video/vnd.dece.video":["uvv","uvvv"],"video/vnd.dvb.file":["dvb"],"video/vnd.fvt":["fvt"],"video/vnd.mpegurl":["mxu","m4u"],"video/vnd.ms-playready.media.pyv":["pyv"],"video/vnd.uvvu.mp4":["uvu","uvvu"],"video/vnd.vivo":["viv"],"video/webm":["webm"],"video/x-f4v":["f4v"],"video/x-fli":["fli"],"video/x-flv":["flv"],"video/x-m4v":["m4v"],"video/x-matroska":["mkv","mk3d","mks"],"video/x-mng":["mng"],"video/x-ms-asf":["asf","asx"],"video/x-ms-vob":["vob"],"video/x-ms-wm":["wm"],"video/x-ms-wmv":["wmv"],"video/x-ms-wmx":["wmx"],"video/x-ms-wvx":["wvx"],"video/x-msvideo":["avi"],"video/x-sgi-movie":["movie"],"video/x-smv":["smv"],"x-conference/x-cooltalk":["ice"]}
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/ms/index.js b/src/Servers/ExpressServer/node_modules/ms/index.js
deleted file mode 100644
index 6a522b1..0000000
--- a/src/Servers/ExpressServer/node_modules/ms/index.js
+++ /dev/null
@@ -1,152 +0,0 @@
-/**
- * Helpers.
- */
-
-var s = 1000;
-var m = s * 60;
-var h = m * 60;
-var d = h * 24;
-var y = d * 365.25;
-
-/**
- * Parse or format the given `val`.
- *
- * Options:
- *
- *  - `long` verbose formatting [false]
- *
- * @param {String|Number} val
- * @param {Object} [options]
- * @throws {Error} throw an error if val is not a non-empty string or a number
- * @return {String|Number}
- * @api public
- */
-
-module.exports = function(val, options) {
-  options = options || {};
-  var type = typeof val;
-  if (type === 'string' && val.length > 0) {
-    return parse(val);
-  } else if (type === 'number' && isNaN(val) === false) {
-    return options.long ? fmtLong(val) : fmtShort(val);
-  }
-  throw new Error(
-    'val is not a non-empty string or a valid number. val=' +
-      JSON.stringify(val)
-  );
-};
-
-/**
- * Parse the given `str` and return milliseconds.
- *
- * @param {String} str
- * @return {Number}
- * @api private
- */
-
-function parse(str) {
-  str = String(str);
-  if (str.length > 100) {
-    return;
-  }
-  var match = /^((?:\d+)?\.?\d+) *(milliseconds?|msecs?|ms|seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|years?|yrs?|y)?$/i.exec(
-    str
-  );
-  if (!match) {
-    return;
-  }
-  var n = parseFloat(match[1]);
-  var type = (match[2] || 'ms').toLowerCase();
-  switch (type) {
-    case 'years':
-    case 'year':
-    case 'yrs':
-    case 'yr':
-    case 'y':
-      return n * y;
-    case 'days':
-    case 'day':
-    case 'd':
-      return n * d;
-    case 'hours':
-    case 'hour':
-    case 'hrs':
-    case 'hr':
-    case 'h':
-      return n * h;
-    case 'minutes':
-    case 'minute':
-    case 'mins':
-    case 'min':
-    case 'm':
-      return n * m;
-    case 'seconds':
-    case 'second':
-    case 'secs':
-    case 'sec':
-    case 's':
-      return n * s;
-    case 'milliseconds':
-    case 'millisecond':
-    case 'msecs':
-    case 'msec':
-    case 'ms':
-      return n;
-    default:
-      return undefined;
-  }
-}
-
-/**
- * Short format for `ms`.
- *
- * @param {Number} ms
- * @return {String}
- * @api private
- */
-
-function fmtShort(ms) {
-  if (ms >= d) {
-    return Math.round(ms / d) + 'd';
-  }
-  if (ms >= h) {
-    return Math.round(ms / h) + 'h';
-  }
-  if (ms >= m) {
-    return Math.round(ms / m) + 'm';
-  }
-  if (ms >= s) {
-    return Math.round(ms / s) + 's';
-  }
-  return ms + 'ms';
-}
-
-/**
- * Long format for `ms`.
- *
- * @param {Number} ms
- * @return {String}
- * @api private
- */
-
-function fmtLong(ms) {
-  return plural(ms, d, 'day') ||
-    plural(ms, h, 'hour') ||
-    plural(ms, m, 'minute') ||
-    plural(ms, s, 'second') ||
-    ms + ' ms';
-}
-
-/**
- * Pluralization helper.
- */
-
-function plural(ms, n, name) {
-  if (ms < n) {
-    return;
-  }
-  if (ms < n * 1.5) {
-    return Math.floor(ms / n) + ' ' + name;
-  }
-  return Math.ceil(ms / n) + ' ' + name + 's';
-}
diff --git a/src/Servers/ExpressServer/node_modules/ms/license.md b/src/Servers/ExpressServer/node_modules/ms/license.md
deleted file mode 100644
index 69b6125..0000000
--- a/src/Servers/ExpressServer/node_modules/ms/license.md
+++ /dev/null
@@ -1,21 +0,0 @@
-The MIT License (MIT)
-
-Copyright (c) 2016 Zeit, Inc.
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/ms/package.json b/src/Servers/ExpressServer/node_modules/ms/package.json
deleted file mode 100644
index 6a31c81..0000000
--- a/src/Servers/ExpressServer/node_modules/ms/package.json
+++ /dev/null
@@ -1,37 +0,0 @@
-{
-  "name": "ms",
-  "version": "2.0.0",
-  "description": "Tiny milisecond conversion utility",
-  "repository": "zeit/ms",
-  "main": "./index",
-  "files": [
-    "index.js"
-  ],
-  "scripts": {
-    "precommit": "lint-staged",
-    "lint": "eslint lib/* bin/*",
-    "test": "mocha tests.js"
-  },
-  "eslintConfig": {
-    "extends": "eslint:recommended",
-    "env": {
-      "node": true,
-      "es6": true
-    }
-  },
-  "lint-staged": {
-    "*.js": [
-      "npm run lint",
-      "prettier --single-quote --write",
-      "git add"
-    ]
-  },
-  "license": "MIT",
-  "devDependencies": {
-    "eslint": "3.19.0",
-    "expect.js": "0.3.1",
-    "husky": "0.13.3",
-    "lint-staged": "3.4.1",
-    "mocha": "3.4.1"
-  }
-}
diff --git a/src/Servers/ExpressServer/node_modules/ms/readme.md b/src/Servers/ExpressServer/node_modules/ms/readme.md
deleted file mode 100644
index 84a9974..0000000
--- a/src/Servers/ExpressServer/node_modules/ms/readme.md
+++ /dev/null
@@ -1,51 +0,0 @@
-# ms
-
-[![Build Status](https://travis-ci.org/zeit/ms.svg?branch=master)](https://travis-ci.org/zeit/ms)
-[![Slack Channel](http://zeit-slackin.now.sh/badge.svg)](https://zeit.chat/)
-
-Use this package to easily convert various time formats to milliseconds.
-
-## Examples
-
-```js
-ms('2 days')  // 172800000
-ms('1d')      // 86400000
-ms('10h')     // 36000000
-ms('2.5 hrs') // 9000000
-ms('2h')      // 7200000
-ms('1m')      // 60000
-ms('5s')      // 5000
-ms('1y')      // 31557600000
-ms('100')     // 100
-```
-
-### Convert from milliseconds
-
-```js
-ms(60000)             // "1m"
-ms(2 * 60000)         // "2m"
-ms(ms('10 hours'))    // "10h"
-```
-
-### Time format written-out
-
-```js
-ms(60000, { long: true })             // "1 minute"
-ms(2 * 60000, { long: true })         // "2 minutes"
-ms(ms('10 hours'), { long: true })    // "10 hours"
-```
-
-## Features
-
-- Works both in [node](https://nodejs.org) and in the browser.
-- If a number is supplied to `ms`, a string with a unit is returned.
-- If a string that contains the number is supplied, it returns it as a number (e.g.: it returns `100` for `'100'`).
-- If you pass a string with a number and a valid unit, the number of equivalent ms is returned.
-
-## Caught a bug?
-
-1. [Fork](https://help.github.com/articles/fork-a-repo/) this repository to your own GitHub account and then [clone](https://help.github.com/articles/cloning-a-repository/) it to your local device
-2. Link the package to the global module directory: `npm link`
-3. Within the module you want to test your local development instance of ms, just link it to the dependencies: `npm link ms`. Instead of the default one from npm, node will now use your clone of ms!
-
-As always, you can run the tests using: `npm test`
diff --git a/src/Servers/ExpressServer/node_modules/negotiator/HISTORY.md b/src/Servers/ExpressServer/node_modules/negotiator/HISTORY.md
deleted file mode 100644
index a9a5449..0000000
--- a/src/Servers/ExpressServer/node_modules/negotiator/HISTORY.md
+++ /dev/null
@@ -1,108 +0,0 @@
-0.6.3 / 2022-01-22
-==================
-
-  * Revert "Lazy-load modules from main entry point"
-
-0.6.2 / 2019-04-29
-==================
-
-  * Fix sorting charset, encoding, and language with extra parameters
-
-0.6.1 / 2016-05-02
-==================
-
-  * perf: improve `Accept` parsing speed
-  * perf: improve `Accept-Charset` parsing speed
-  * perf: improve `Accept-Encoding` parsing speed
-  * perf: improve `Accept-Language` parsing speed
-
-0.6.0 / 2015-09-29
-==================
-
-  * Fix including type extensions in parameters in `Accept` parsing
-  * Fix parsing `Accept` parameters with quoted equals
-  * Fix parsing `Accept` parameters with quoted semicolons
-  * Lazy-load modules from main entry point
-  * perf: delay type concatenation until needed
-  * perf: enable strict mode
-  * perf: hoist regular expressions
-  * perf: remove closures getting spec properties
-  * perf: remove a closure from media type parsing
-  * perf: remove property delete from media type parsing
-
-0.5.3 / 2015-05-10
-==================
-
-  * Fix media type parameter matching to be case-insensitive
-
-0.5.2 / 2015-05-06
-==================
-
-  * Fix comparing media types with quoted values
-  * Fix splitting media types with quoted commas
-
-0.5.1 / 2015-02-14
-==================
-
-  * Fix preference sorting to be stable for long acceptable lists
-
-0.5.0 / 2014-12-18
-==================
-
-  * Fix list return order when large accepted list
-  * Fix missing identity encoding when q=0 exists
-  * Remove dynamic building of Negotiator class
-
-0.4.9 / 2014-10-14
-==================
-
-  * Fix error when media type has invalid parameter
-
-0.4.8 / 2014-09-28
-==================
-
-  * Fix all negotiations to be case-insensitive
-  * Stable sort preferences of same quality according to client order
-  * Support Node.js 0.6
-
-0.4.7 / 2014-06-24
-==================
-
-  * Handle invalid provided languages
-  * Handle invalid provided media types
-
-0.4.6 / 2014-06-11
-==================
-
-  *  Order by specificity when quality is the same
-
-0.4.5 / 2014-05-29
-==================
-
-  * Fix regression in empty header handling
-
-0.4.4 / 2014-05-29
-==================
-
-  * Fix behaviors when headers are not present
-
-0.4.3 / 2014-04-16
-==================
-
-  * Handle slashes on media params correctly
-
-0.4.2 / 2014-02-28
-==================
-
-  * Fix media type sorting
-  * Handle media types params strictly
-
-0.4.1 / 2014-01-16
-==================
-
-  * Use most specific matches
-
-0.4.0 / 2014-01-09
-==================
-
-  * Remove preferred prefix from methods
diff --git a/src/Servers/ExpressServer/node_modules/negotiator/LICENSE b/src/Servers/ExpressServer/node_modules/negotiator/LICENSE
deleted file mode 100644
index ea6b9e2..0000000
--- a/src/Servers/ExpressServer/node_modules/negotiator/LICENSE
+++ /dev/null
@@ -1,24 +0,0 @@
-(The MIT License)
-
-Copyright (c) 2012-2014 Federico Romero
-Copyright (c) 2012-2014 Isaac Z. Schlueter
-Copyright (c) 2014-2015 Douglas Christopher Wilson
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-'Software'), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
-CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
-TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
-SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/negotiator/README.md b/src/Servers/ExpressServer/node_modules/negotiator/README.md
deleted file mode 100644
index 82915e5..0000000
--- a/src/Servers/ExpressServer/node_modules/negotiator/README.md
+++ /dev/null
@@ -1,203 +0,0 @@
-# negotiator
-
-[![NPM Version][npm-image]][npm-url]
-[![NPM Downloads][downloads-image]][downloads-url]
-[![Node.js Version][node-version-image]][node-version-url]
-[![Build Status][github-actions-ci-image]][github-actions-ci-url]
-[![Test Coverage][coveralls-image]][coveralls-url]
-
-An HTTP content negotiator for Node.js
-
-## Installation
-
-```sh
-$ npm install negotiator
-```
-
-## API
-
-```js
-var Negotiator = require('negotiator')
-```
-
-### Accept Negotiation
-
-```js
-availableMediaTypes = ['text/html', 'text/plain', 'application/json']
-
-// The negotiator constructor receives a request object
-negotiator = new Negotiator(request)
-
-// Let's say Accept header is 'text/html, application/*;q=0.2, image/jpeg;q=0.8'
-
-negotiator.mediaTypes()
-// -> ['text/html', 'image/jpeg', 'application/*']
-
-negotiator.mediaTypes(availableMediaTypes)
-// -> ['text/html', 'application/json']
-
-negotiator.mediaType(availableMediaTypes)
-// -> 'text/html'
-```
-
-You can check a working example at `examples/accept.js`.
-
-#### Methods
-
-##### mediaType()
-
-Returns the most preferred media type from the client.
-
-##### mediaType(availableMediaType)
-
-Returns the most preferred media type from a list of available media types.
-
-##### mediaTypes()
-
-Returns an array of preferred media types ordered by the client preference.
-
-##### mediaTypes(availableMediaTypes)
-
-Returns an array of preferred media types ordered by priority from a list of
-available media types.
-
-### Accept-Language Negotiation
-
-```js
-negotiator = new Negotiator(request)
-
-availableLanguages = ['en', 'es', 'fr']
-
-// Let's say Accept-Language header is 'en;q=0.8, es, pt'
-
-negotiator.languages()
-// -> ['es', 'pt', 'en']
-
-negotiator.languages(availableLanguages)
-// -> ['es', 'en']
-
-language = negotiator.language(availableLanguages)
-// -> 'es'
-```
-
-You can check a working example at `examples/language.js`.
-
-#### Methods
-
-##### language()
-
-Returns the most preferred language from the client.
-
-##### language(availableLanguages)
-
-Returns the most preferred language from a list of available languages.
-
-##### languages()
-
-Returns an array of preferred languages ordered by the client preference.
-
-##### languages(availableLanguages)
-
-Returns an array of preferred languages ordered by priority from a list of
-available languages.
-
-### Accept-Charset Negotiation
-
-```js
-availableCharsets = ['utf-8', 'iso-8859-1', 'iso-8859-5']
-
-negotiator = new Negotiator(request)
-
-// Let's say Accept-Charset header is 'utf-8, iso-8859-1;q=0.8, utf-7;q=0.2'
-
-negotiator.charsets()
-// -> ['utf-8', 'iso-8859-1', 'utf-7']
-
-negotiator.charsets(availableCharsets)
-// -> ['utf-8', 'iso-8859-1']
-
-negotiator.charset(availableCharsets)
-// -> 'utf-8'
-```
-
-You can check a working example at `examples/charset.js`.
-
-#### Methods
-
-##### charset()
-
-Returns the most preferred charset from the client.
-
-##### charset(availableCharsets)
-
-Returns the most preferred charset from a list of available charsets.
-
-##### charsets()
-
-Returns an array of preferred charsets ordered by the client preference.
-
-##### charsets(availableCharsets)
-
-Returns an array of preferred charsets ordered by priority from a list of
-available charsets.
-
-### Accept-Encoding Negotiation
-
-```js
-availableEncodings = ['identity', 'gzip']
-
-negotiator = new Negotiator(request)
-
-// Let's say Accept-Encoding header is 'gzip, compress;q=0.2, identity;q=0.5'
-
-negotiator.encodings()
-// -> ['gzip', 'identity', 'compress']
-
-negotiator.encodings(availableEncodings)
-// -> ['gzip', 'identity']
-
-negotiator.encoding(availableEncodings)
-// -> 'gzip'
-```
-
-You can check a working example at `examples/encoding.js`.
-
-#### Methods
-
-##### encoding()
-
-Returns the most preferred encoding from the client.
-
-##### encoding(availableEncodings)
-
-Returns the most preferred encoding from a list of available encodings.
-
-##### encodings()
-
-Returns an array of preferred encodings ordered by the client preference.
-
-##### encodings(availableEncodings)
-
-Returns an array of preferred encodings ordered by priority from a list of
-available encodings.
-
-## See Also
-
-The [accepts](https://npmjs.org/package/accepts#readme) module builds on
-this module and provides an alternative interface, mime type validation,
-and more.
-
-## License
-
-[MIT](LICENSE)
-
-[npm-image]: https://img.shields.io/npm/v/negotiator.svg
-[npm-url]: https://npmjs.org/package/negotiator
-[node-version-image]: https://img.shields.io/node/v/negotiator.svg
-[node-version-url]: https://nodejs.org/en/download/
-[coveralls-image]: https://img.shields.io/coveralls/jshttp/negotiator/master.svg
-[coveralls-url]: https://coveralls.io/r/jshttp/negotiator?branch=master
-[downloads-image]: https://img.shields.io/npm/dm/negotiator.svg
-[downloads-url]: https://npmjs.org/package/negotiator
-[github-actions-ci-image]: https://img.shields.io/github/workflow/status/jshttp/negotiator/ci/master?label=ci
-[github-actions-ci-url]: https://github.com/jshttp/negotiator/actions/workflows/ci.yml
diff --git a/src/Servers/ExpressServer/node_modules/negotiator/index.js b/src/Servers/ExpressServer/node_modules/negotiator/index.js
deleted file mode 100644
index 4788264..0000000
--- a/src/Servers/ExpressServer/node_modules/negotiator/index.js
+++ /dev/null
@@ -1,82 +0,0 @@
-/*!
- * negotiator
- * Copyright(c) 2012 Federico Romero
- * Copyright(c) 2012-2014 Isaac Z. Schlueter
- * Copyright(c) 2015 Douglas Christopher Wilson
- * MIT Licensed
- */
-
-'use strict';
-
-var preferredCharsets = require('./lib/charset')
-var preferredEncodings = require('./lib/encoding')
-var preferredLanguages = require('./lib/language')
-var preferredMediaTypes = require('./lib/mediaType')
-
-/**
- * Module exports.
- * @public
- */
-
-module.exports = Negotiator;
-module.exports.Negotiator = Negotiator;
-
-/**
- * Create a Negotiator instance from a request.
- * @param {object} request
- * @public
- */
-
-function Negotiator(request) {
-  if (!(this instanceof Negotiator)) {
-    return new Negotiator(request);
-  }
-
-  this.request = request;
-}
-
-Negotiator.prototype.charset = function charset(available) {
-  var set = this.charsets(available);
-  return set && set[0];
-};
-
-Negotiator.prototype.charsets = function charsets(available) {
-  return preferredCharsets(this.request.headers['accept-charset'], available);
-};
-
-Negotiator.prototype.encoding = function encoding(available) {
-  var set = this.encodings(available);
-  return set && set[0];
-};
-
-Negotiator.prototype.encodings = function encodings(available) {
-  return preferredEncodings(this.request.headers['accept-encoding'], available);
-};
-
-Negotiator.prototype.language = function language(available) {
-  var set = this.languages(available);
-  return set && set[0];
-};
-
-Negotiator.prototype.languages = function languages(available) {
-  return preferredLanguages(this.request.headers['accept-language'], available);
-};
-
-Negotiator.prototype.mediaType = function mediaType(available) {
-  var set = this.mediaTypes(available);
-  return set && set[0];
-};
-
-Negotiator.prototype.mediaTypes = function mediaTypes(available) {
-  return preferredMediaTypes(this.request.headers.accept, available);
-};
-
-// Backwards compatibility
-Negotiator.prototype.preferredCharset = Negotiator.prototype.charset;
-Negotiator.prototype.preferredCharsets = Negotiator.prototype.charsets;
-Negotiator.prototype.preferredEncoding = Negotiator.prototype.encoding;
-Negotiator.prototype.preferredEncodings = Negotiator.prototype.encodings;
-Negotiator.prototype.preferredLanguage = Negotiator.prototype.language;
-Negotiator.prototype.preferredLanguages = Negotiator.prototype.languages;
-Negotiator.prototype.preferredMediaType = Negotiator.prototype.mediaType;
-Negotiator.prototype.preferredMediaTypes = Negotiator.prototype.mediaTypes;
diff --git a/src/Servers/ExpressServer/node_modules/negotiator/lib/charset.js b/src/Servers/ExpressServer/node_modules/negotiator/lib/charset.js
deleted file mode 100644
index cdd0148..0000000
--- a/src/Servers/ExpressServer/node_modules/negotiator/lib/charset.js
+++ /dev/null
@@ -1,169 +0,0 @@
-/**
- * negotiator
- * Copyright(c) 2012 Isaac Z. Schlueter
- * Copyright(c) 2014 Federico Romero
- * Copyright(c) 2014-2015 Douglas Christopher Wilson
- * MIT Licensed
- */
-
-'use strict';
-
-/**
- * Module exports.
- * @public
- */
-
-module.exports = preferredCharsets;
-module.exports.preferredCharsets = preferredCharsets;
-
-/**
- * Module variables.
- * @private
- */
-
-var simpleCharsetRegExp = /^\s*([^\s;]+)\s*(?:;(.*))?$/;
-
-/**
- * Parse the Accept-Charset header.
- * @private
- */
-
-function parseAcceptCharset(accept) {
-  var accepts = accept.split(',');
-
-  for (var i = 0, j = 0; i < accepts.length; i++) {
-    var charset = parseCharset(accepts[i].trim(), i);
-
-    if (charset) {
-      accepts[j++] = charset;
-    }
-  }
-
-  // trim accepts
-  accepts.length = j;
-
-  return accepts;
-}
-
-/**
- * Parse a charset from the Accept-Charset header.
- * @private
- */
-
-function parseCharset(str, i) {
-  var match = simpleCharsetRegExp.exec(str);
-  if (!match) return null;
-
-  var charset = match[1];
-  var q = 1;
-  if (match[2]) {
-    var params = match[2].split(';')
-    for (var j = 0; j < params.length; j++) {
-      var p = params[j].trim().split('=');
-      if (p[0] === 'q') {
-        q = parseFloat(p[1]);
-        break;
-      }
-    }
-  }
-
-  return {
-    charset: charset,
-    q: q,
-    i: i
-  };
-}
-
-/**
- * Get the priority of a charset.
- * @private
- */
-
-function getCharsetPriority(charset, accepted, index) {
-  var priority = {o: -1, q: 0, s: 0};
-
-  for (var i = 0; i < accepted.length; i++) {
-    var spec = specify(charset, accepted[i], index);
-
-    if (spec && (priority.s - spec.s || priority.q - spec.q || priority.o - spec.o) < 0) {
-      priority = spec;
-    }
-  }
-
-  return priority;
-}
-
-/**
- * Get the specificity of the charset.
- * @private
- */
-
-function specify(charset, spec, index) {
-  var s = 0;
-  if(spec.charset.toLowerCase() === charset.toLowerCase()){
-    s |= 1;
-  } else if (spec.charset !== '*' ) {
-    return null
-  }
-
-  return {
-    i: index,
-    o: spec.i,
-    q: spec.q,
-    s: s
-  }
-}
-
-/**
- * Get the preferred charsets from an Accept-Charset header.
- * @public
- */
-
-function preferredCharsets(accept, provided) {
-  // RFC 2616 sec 14.2: no header = *
-  var accepts = parseAcceptCharset(accept === undefined ? '*' : accept || '');
-
-  if (!provided) {
-    // sorted list of all charsets
-    return accepts
-      .filter(isQuality)
-      .sort(compareSpecs)
-      .map(getFullCharset);
-  }
-
-  var priorities = provided.map(function getPriority(type, index) {
-    return getCharsetPriority(type, accepts, index);
-  });
-
-  // sorted list of accepted charsets
-  return priorities.filter(isQuality).sort(compareSpecs).map(function getCharset(priority) {
-    return provided[priorities.indexOf(priority)];
-  });
-}
-
-/**
- * Compare two specs.
- * @private
- */
-
-function compareSpecs(a, b) {
-  return (b.q - a.q) || (b.s - a.s) || (a.o - b.o) || (a.i - b.i) || 0;
-}
-
-/**
- * Get full charset string.
- * @private
- */
-
-function getFullCharset(spec) {
-  return spec.charset;
-}
-
-/**
- * Check if a spec has any quality.
- * @private
- */
-
-function isQuality(spec) {
-  return spec.q > 0;
-}
diff --git a/src/Servers/ExpressServer/node_modules/negotiator/lib/encoding.js b/src/Servers/ExpressServer/node_modules/negotiator/lib/encoding.js
deleted file mode 100644
index 8432cd7..0000000
--- a/src/Servers/ExpressServer/node_modules/negotiator/lib/encoding.js
+++ /dev/null
@@ -1,184 +0,0 @@
-/**
- * negotiator
- * Copyright(c) 2012 Isaac Z. Schlueter
- * Copyright(c) 2014 Federico Romero
- * Copyright(c) 2014-2015 Douglas Christopher Wilson
- * MIT Licensed
- */
-
-'use strict';
-
-/**
- * Module exports.
- * @public
- */
-
-module.exports = preferredEncodings;
-module.exports.preferredEncodings = preferredEncodings;
-
-/**
- * Module variables.
- * @private
- */
-
-var simpleEncodingRegExp = /^\s*([^\s;]+)\s*(?:;(.*))?$/;
-
-/**
- * Parse the Accept-Encoding header.
- * @private
- */
-
-function parseAcceptEncoding(accept) {
-  var accepts = accept.split(',');
-  var hasIdentity = false;
-  var minQuality = 1;
-
-  for (var i = 0, j = 0; i < accepts.length; i++) {
-    var encoding = parseEncoding(accepts[i].trim(), i);
-
-    if (encoding) {
-      accepts[j++] = encoding;
-      hasIdentity = hasIdentity || specify('identity', encoding);
-      minQuality = Math.min(minQuality, encoding.q || 1);
-    }
-  }
-
-  if (!hasIdentity) {
-    /*
-     * If identity doesn't explicitly appear in the accept-encoding header,
-     * it's added to the list of acceptable encoding with the lowest q
-     */
-    accepts[j++] = {
-      encoding: 'identity',
-      q: minQuality,
-      i: i
-    };
-  }
-
-  // trim accepts
-  accepts.length = j;
-
-  return accepts;
-}
-
-/**
- * Parse an encoding from the Accept-Encoding header.
- * @private
- */
-
-function parseEncoding(str, i) {
-  var match = simpleEncodingRegExp.exec(str);
-  if (!match) return null;
-
-  var encoding = match[1];
-  var q = 1;
-  if (match[2]) {
-    var params = match[2].split(';');
-    for (var j = 0; j < params.length; j++) {
-      var p = params[j].trim().split('=');
-      if (p[0] === 'q') {
-        q = parseFloat(p[1]);
-        break;
-      }
-    }
-  }
-
-  return {
-    encoding: encoding,
-    q: q,
-    i: i
-  };
-}
-
-/**
- * Get the priority of an encoding.
- * @private
- */
-
-function getEncodingPriority(encoding, accepted, index) {
-  var priority = {o: -1, q: 0, s: 0};
-
-  for (var i = 0; i < accepted.length; i++) {
-    var spec = specify(encoding, accepted[i], index);
-
-    if (spec && (priority.s - spec.s || priority.q - spec.q || priority.o - spec.o) < 0) {
-      priority = spec;
-    }
-  }
-
-  return priority;
-}
-
-/**
- * Get the specificity of the encoding.
- * @private
- */
-
-function specify(encoding, spec, index) {
-  var s = 0;
-  if(spec.encoding.toLowerCase() === encoding.toLowerCase()){
-    s |= 1;
-  } else if (spec.encoding !== '*' ) {
-    return null
-  }
-
-  return {
-    i: index,
-    o: spec.i,
-    q: spec.q,
-    s: s
-  }
-};
-
-/**
- * Get the preferred encodings from an Accept-Encoding header.
- * @public
- */
-
-function preferredEncodings(accept, provided) {
-  var accepts = parseAcceptEncoding(accept || '');
-
-  if (!provided) {
-    // sorted list of all encodings
-    return accepts
-      .filter(isQuality)
-      .sort(compareSpecs)
-      .map(getFullEncoding);
-  }
-
-  var priorities = provided.map(function getPriority(type, index) {
-    return getEncodingPriority(type, accepts, index);
-  });
-
-  // sorted list of accepted encodings
-  return priorities.filter(isQuality).sort(compareSpecs).map(function getEncoding(priority) {
-    return provided[priorities.indexOf(priority)];
-  });
-}
-
-/**
- * Compare two specs.
- * @private
- */
-
-function compareSpecs(a, b) {
-  return (b.q - a.q) || (b.s - a.s) || (a.o - b.o) || (a.i - b.i) || 0;
-}
-
-/**
- * Get full encoding string.
- * @private
- */
-
-function getFullEncoding(spec) {
-  return spec.encoding;
-}
-
-/**
- * Check if a spec has any quality.
- * @private
- */
-
-function isQuality(spec) {
-  return spec.q > 0;
-}
diff --git a/src/Servers/ExpressServer/node_modules/negotiator/lib/language.js b/src/Servers/ExpressServer/node_modules/negotiator/lib/language.js
deleted file mode 100644
index a231672..0000000
--- a/src/Servers/ExpressServer/node_modules/negotiator/lib/language.js
+++ /dev/null
@@ -1,179 +0,0 @@
-/**
- * negotiator
- * Copyright(c) 2012 Isaac Z. Schlueter
- * Copyright(c) 2014 Federico Romero
- * Copyright(c) 2014-2015 Douglas Christopher Wilson
- * MIT Licensed
- */
-
-'use strict';
-
-/**
- * Module exports.
- * @public
- */
-
-module.exports = preferredLanguages;
-module.exports.preferredLanguages = preferredLanguages;
-
-/**
- * Module variables.
- * @private
- */
-
-var simpleLanguageRegExp = /^\s*([^\s\-;]+)(?:-([^\s;]+))?\s*(?:;(.*))?$/;
-
-/**
- * Parse the Accept-Language header.
- * @private
- */
-
-function parseAcceptLanguage(accept) {
-  var accepts = accept.split(',');
-
-  for (var i = 0, j = 0; i < accepts.length; i++) {
-    var language = parseLanguage(accepts[i].trim(), i);
-
-    if (language) {
-      accepts[j++] = language;
-    }
-  }
-
-  // trim accepts
-  accepts.length = j;
-
-  return accepts;
-}
-
-/**
- * Parse a language from the Accept-Language header.
- * @private
- */
-
-function parseLanguage(str, i) {
-  var match = simpleLanguageRegExp.exec(str);
-  if (!match) return null;
-
-  var prefix = match[1]
-  var suffix = match[2]
-  var full = prefix
-
-  if (suffix) full += "-" + suffix;
-
-  var q = 1;
-  if (match[3]) {
-    var params = match[3].split(';')
-    for (var j = 0; j < params.length; j++) {
-      var p = params[j].split('=');
-      if (p[0] === 'q') q = parseFloat(p[1]);
-    }
-  }
-
-  return {
-    prefix: prefix,
-    suffix: suffix,
-    q: q,
-    i: i,
-    full: full
-  };
-}
-
-/**
- * Get the priority of a language.
- * @private
- */
-
-function getLanguagePriority(language, accepted, index) {
-  var priority = {o: -1, q: 0, s: 0};
-
-  for (var i = 0; i < accepted.length; i++) {
-    var spec = specify(language, accepted[i], index);
-
-    if (spec && (priority.s - spec.s || priority.q - spec.q || priority.o - spec.o) < 0) {
-      priority = spec;
-    }
-  }
-
-  return priority;
-}
-
-/**
- * Get the specificity of the language.
- * @private
- */
-
-function specify(language, spec, index) {
-  var p = parseLanguage(language)
-  if (!p) return null;
-  var s = 0;
-  if(spec.full.toLowerCase() === p.full.toLowerCase()){
-    s |= 4;
-  } else if (spec.prefix.toLowerCase() === p.full.toLowerCase()) {
-    s |= 2;
-  } else if (spec.full.toLowerCase() === p.prefix.toLowerCase()) {
-    s |= 1;
-  } else if (spec.full !== '*' ) {
-    return null
-  }
-
-  return {
-    i: index,
-    o: spec.i,
-    q: spec.q,
-    s: s
-  }
-};
-
-/**
- * Get the preferred languages from an Accept-Language header.
- * @public
- */
-
-function preferredLanguages(accept, provided) {
-  // RFC 2616 sec 14.4: no header = *
-  var accepts = parseAcceptLanguage(accept === undefined ? '*' : accept || '');
-
-  if (!provided) {
-    // sorted list of all languages
-    return accepts
-      .filter(isQuality)
-      .sort(compareSpecs)
-      .map(getFullLanguage);
-  }
-
-  var priorities = provided.map(function getPriority(type, index) {
-    return getLanguagePriority(type, accepts, index);
-  });
-
-  // sorted list of accepted languages
-  return priorities.filter(isQuality).sort(compareSpecs).map(function getLanguage(priority) {
-    return provided[priorities.indexOf(priority)];
-  });
-}
-
-/**
- * Compare two specs.
- * @private
- */
-
-function compareSpecs(a, b) {
-  return (b.q - a.q) || (b.s - a.s) || (a.o - b.o) || (a.i - b.i) || 0;
-}
-
-/**
- * Get full language string.
- * @private
- */
-
-function getFullLanguage(spec) {
-  return spec.full;
-}
-
-/**
- * Check if a spec has any quality.
- * @private
- */
-
-function isQuality(spec) {
-  return spec.q > 0;
-}
diff --git a/src/Servers/ExpressServer/node_modules/negotiator/lib/mediaType.js b/src/Servers/ExpressServer/node_modules/negotiator/lib/mediaType.js
deleted file mode 100644
index 67309dd..0000000
--- a/src/Servers/ExpressServer/node_modules/negotiator/lib/mediaType.js
+++ /dev/null
@@ -1,294 +0,0 @@
-/**
- * negotiator
- * Copyright(c) 2012 Isaac Z. Schlueter
- * Copyright(c) 2014 Federico Romero
- * Copyright(c) 2014-2015 Douglas Christopher Wilson
- * MIT Licensed
- */
-
-'use strict';
-
-/**
- * Module exports.
- * @public
- */
-
-module.exports = preferredMediaTypes;
-module.exports.preferredMediaTypes = preferredMediaTypes;
-
-/**
- * Module variables.
- * @private
- */
-
-var simpleMediaTypeRegExp = /^\s*([^\s\/;]+)\/([^;\s]+)\s*(?:;(.*))?$/;
-
-/**
- * Parse the Accept header.
- * @private
- */
-
-function parseAccept(accept) {
-  var accepts = splitMediaTypes(accept);
-
-  for (var i = 0, j = 0; i < accepts.length; i++) {
-    var mediaType = parseMediaType(accepts[i].trim(), i);
-
-    if (mediaType) {
-      accepts[j++] = mediaType;
-    }
-  }
-
-  // trim accepts
-  accepts.length = j;
-
-  return accepts;
-}
-
-/**
- * Parse a media type from the Accept header.
- * @private
- */
-
-function parseMediaType(str, i) {
-  var match = simpleMediaTypeRegExp.exec(str);
-  if (!match) return null;
-
-  var params = Object.create(null);
-  var q = 1;
-  var subtype = match[2];
-  var type = match[1];
-
-  if (match[3]) {
-    var kvps = splitParameters(match[3]).map(splitKeyValuePair);
-
-    for (var j = 0; j < kvps.length; j++) {
-      var pair = kvps[j];
-      var key = pair[0].toLowerCase();
-      var val = pair[1];
-
-      // get the value, unwrapping quotes
-      var value = val && val[0] === '"' && val[val.length - 1] === '"'
-        ? val.substr(1, val.length - 2)
-        : val;
-
-      if (key === 'q') {
-        q = parseFloat(value);
-        break;
-      }
-
-      // store parameter
-      params[key] = value;
-    }
-  }
-
-  return {
-    type: type,
-    subtype: subtype,
-    params: params,
-    q: q,
-    i: i
-  };
-}
-
-/**
- * Get the priority of a media type.
- * @private
- */
-
-function getMediaTypePriority(type, accepted, index) {
-  var priority = {o: -1, q: 0, s: 0};
-
-  for (var i = 0; i < accepted.length; i++) {
-    var spec = specify(type, accepted[i], index);
-
-    if (spec && (priority.s - spec.s || priority.q - spec.q || priority.o - spec.o) < 0) {
-      priority = spec;
-    }
-  }
-
-  return priority;
-}
-
-/**
- * Get the specificity of the media type.
- * @private
- */
-
-function specify(type, spec, index) {
-  var p = parseMediaType(type);
-  var s = 0;
-
-  if (!p) {
-    return null;
-  }
-
-  if(spec.type.toLowerCase() == p.type.toLowerCase()) {
-    s |= 4
-  } else if(spec.type != '*') {
-    return null;
-  }
-
-  if(spec.subtype.toLowerCase() == p.subtype.toLowerCase()) {
-    s |= 2
-  } else if(spec.subtype != '*') {
-    return null;
-  }
-
-  var keys = Object.keys(spec.params);
-  if (keys.length > 0) {
-    if (keys.every(function (k) {
-      return spec.params[k] == '*' || (spec.params[k] || '').toLowerCase() == (p.params[k] || '').toLowerCase();
-    })) {
-      s |= 1
-    } else {
-      return null
-    }
-  }
-
-  return {
-    i: index,
-    o: spec.i,
-    q: spec.q,
-    s: s,
-  }
-}
-
-/**
- * Get the preferred media types from an Accept header.
- * @public
- */
-
-function preferredMediaTypes(accept, provided) {
-  // RFC 2616 sec 14.2: no header = */*
-  var accepts = parseAccept(accept === undefined ? '*/*' : accept || '');
-
-  if (!provided) {
-    // sorted list of all types
-    return accepts
-      .filter(isQuality)
-      .sort(compareSpecs)
-      .map(getFullType);
-  }
-
-  var priorities = provided.map(function getPriority(type, index) {
-    return getMediaTypePriority(type, accepts, index);
-  });
-
-  // sorted list of accepted types
-  return priorities.filter(isQuality).sort(compareSpecs).map(function getType(priority) {
-    return provided[priorities.indexOf(priority)];
-  });
-}
-
-/**
- * Compare two specs.
- * @private
- */
-
-function compareSpecs(a, b) {
-  return (b.q - a.q) || (b.s - a.s) || (a.o - b.o) || (a.i - b.i) || 0;
-}
-
-/**
- * Get full type string.
- * @private
- */
-
-function getFullType(spec) {
-  return spec.type + '/' + spec.subtype;
-}
-
-/**
- * Check if a spec has any quality.
- * @private
- */
-
-function isQuality(spec) {
-  return spec.q > 0;
-}
-
-/**
- * Count the number of quotes in a string.
- * @private
- */
-
-function quoteCount(string) {
-  var count = 0;
-  var index = 0;
-
-  while ((index = string.indexOf('"', index)) !== -1) {
-    count++;
-    index++;
-  }
-
-  return count;
-}
-
-/**
- * Split a key value pair.
- * @private
- */
-
-function splitKeyValuePair(str) {
-  var index = str.indexOf('=');
-  var key;
-  var val;
-
-  if (index === -1) {
-    key = str;
-  } else {
-    key = str.substr(0, index);
-    val = str.substr(index + 1);
-  }
-
-  return [key, val];
-}
-
-/**
- * Split an Accept header into media types.
- * @private
- */
-
-function splitMediaTypes(accept) {
-  var accepts = accept.split(',');
-
-  for (var i = 1, j = 0; i < accepts.length; i++) {
-    if (quoteCount(accepts[j]) % 2 == 0) {
-      accepts[++j] = accepts[i];
-    } else {
-      accepts[j] += ',' + accepts[i];
-    }
-  }
-
-  // trim accepts
-  accepts.length = j + 1;
-
-  return accepts;
-}
-
-/**
- * Split a string of parameters.
- * @private
- */
-
-function splitParameters(str) {
-  var parameters = str.split(';');
-
-  for (var i = 1, j = 0; i < parameters.length; i++) {
-    if (quoteCount(parameters[j]) % 2 == 0) {
-      parameters[++j] = parameters[i];
-    } else {
-      parameters[j] += ';' + parameters[i];
-    }
-  }
-
-  // trim parameters
-  parameters.length = j + 1;
-
-  for (var i = 0; i < parameters.length; i++) {
-    parameters[i] = parameters[i].trim();
-  }
-
-  return parameters;
-}
diff --git a/src/Servers/ExpressServer/node_modules/negotiator/package.json b/src/Servers/ExpressServer/node_modules/negotiator/package.json
deleted file mode 100644
index 297635f..0000000
--- a/src/Servers/ExpressServer/node_modules/negotiator/package.json
+++ /dev/null
@@ -1,42 +0,0 @@
-{
-  "name": "negotiator",
-  "description": "HTTP content negotiation",
-  "version": "0.6.3",
-  "contributors": [
-    "Douglas Christopher Wilson <doug@somethingdoug.com>",
-    "Federico Romero <federico.romero@outboxlabs.com>",
-    "Isaac Z. Schlueter <i@izs.me> (http://blog.izs.me/)"
-  ],
-  "license": "MIT",
-  "keywords": [
-    "http",
-    "content negotiation",
-    "accept",
-    "accept-language",
-    "accept-encoding",
-    "accept-charset"
-  ],
-  "repository": "jshttp/negotiator",
-  "devDependencies": {
-    "eslint": "7.32.0",
-    "eslint-plugin-markdown": "2.2.1",
-    "mocha": "9.1.3",
-    "nyc": "15.1.0"
-  },
-  "files": [
-    "lib/",
-    "HISTORY.md",
-    "LICENSE",
-    "index.js",
-    "README.md"
-  ],
-  "engines": {
-    "node": ">= 0.6"
-  },
-  "scripts": {
-    "lint": "eslint .",
-    "test": "mocha --reporter spec --check-leaks --bail test/",
-    "test-ci": "nyc --reporter=lcov --reporter=text npm test",
-    "test-cov": "nyc --reporter=html --reporter=text npm test"
-  }
-}
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/.eslintrc b/src/Servers/ExpressServer/node_modules/object-inspect/.eslintrc
deleted file mode 100644
index 21f9039..0000000
--- a/src/Servers/ExpressServer/node_modules/object-inspect/.eslintrc
+++ /dev/null
@@ -1,53 +0,0 @@
-{
-    "root": true,
-    "extends": "@ljharb",
-    "rules": {
-        "complexity": 0,
-        "func-style": [2, "declaration"],
-        "indent": [2, 4],
-        "max-lines": 1,
-        "max-lines-per-function": 1,
-        "max-params": [2, 4],
-        "max-statements": 0,
-        "max-statements-per-line": [2, { "max": 2 }],
-        "no-magic-numbers": 0,
-        "no-param-reassign": 1,
-        "strict": 0, // TODO
-    },
-    "overrides": [
-        {
-            "files": ["test/**", "test-*", "example/**"],
-            "extends": "@ljharb/eslint-config/tests",
-            "rules": {
-              "id-length": 0,
-            },
-        },
-        {
-            "files": ["example/**"],
-            "rules": {
-                "no-console": 0,
-            },
-        },
-        {
-            "files": ["test/browser/**"],
-            "env": {
-                "browser": true,
-            },
-        },
-        {
-            "files": ["test/bigint*"],
-            "rules": {
-                "new-cap": [2, { "capIsNewExceptions": ["BigInt"] }],
-            },
-        },
-        {
-            "files": "index.js",
-            "globals": {
-                "HTMLElement": false,
-            },
-            "rules": {
-                "no-use-before-define": 1,
-            },
-        },
-    ],
-}
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/.github/FUNDING.yml b/src/Servers/ExpressServer/node_modules/object-inspect/.github/FUNDING.yml
deleted file mode 100644
index 730276b..0000000
--- a/src/Servers/ExpressServer/node_modules/object-inspect/.github/FUNDING.yml
+++ /dev/null
@@ -1,12 +0,0 @@
-# These are supported funding model platforms
-
-github: [ljharb]
-patreon: # Replace with a single Patreon username
-open_collective: # Replace with a single Open Collective username
-ko_fi: # Replace with a single Ko-fi username
-tidelift: npm/object-inspect
-community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
-liberapay: # Replace with a single Liberapay username
-issuehunt: # Replace with a single IssueHunt username
-otechie: # Replace with a single Otechie username
-custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/.nycrc b/src/Servers/ExpressServer/node_modules/object-inspect/.nycrc
deleted file mode 100644
index 58a5db7..0000000
--- a/src/Servers/ExpressServer/node_modules/object-inspect/.nycrc
+++ /dev/null
@@ -1,13 +0,0 @@
-{
-  "all": true,
-  "check-coverage": false,
-  "instrumentation": false,
-  "sourceMap": false,
-  "reporter": ["text-summary", "text", "html", "json"],
-  "exclude": [
-    "coverage",
-    "example",
-    "test",
-    "test-core-js.js"
-  ]
-}
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/CHANGELOG.md b/src/Servers/ExpressServer/node_modules/object-inspect/CHANGELOG.md
deleted file mode 100644
index bdf9002..0000000
--- a/src/Servers/ExpressServer/node_modules/object-inspect/CHANGELOG.md
+++ /dev/null
@@ -1,424 +0,0 @@
-# Changelog
-
-All notable changes to this project will be documented in this file.
-
-The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
-and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
-
-## [v1.13.4](https://github.com/inspect-js/object-inspect/compare/v1.13.3...v1.13.4) - 2025-02-04
-
-### Commits
-
-- [Fix] avoid being fooled by a `Symbol.toStringTag` [`fa5870d`](https://github.com/inspect-js/object-inspect/commit/fa5870da468a525d2f20193700f70752f506cbf7)
-- [Tests] fix tests in node v6.0 - v6.4 [`2abfe1b`](https://github.com/inspect-js/object-inspect/commit/2abfe1bc3c69f9293c07c5cd65a9d7d87a628b84)
-- [Dev Deps] update `es-value-fixtures`, `for-each`, `has-symbols` [`3edfb01`](https://github.com/inspect-js/object-inspect/commit/3edfb01cc8cce220fba0dfdfe2dc8bc955758cdd)
-
-## [v1.13.3](https://github.com/inspect-js/object-inspect/compare/v1.13.2...v1.13.3) - 2024-11-09
-
-### Commits
-
-- [actions] split out node 10-20, and 20+ [`44395a8`](https://github.com/inspect-js/object-inspect/commit/44395a8fc1deda6718a5e125e86b9ffcaa1c7580)
-- [Fix] `quoteStyle`: properly escape only the containing quotes [`5137f8f`](https://github.com/inspect-js/object-inspect/commit/5137f8f7bea69a7fc671bb683fd35f244f38fc52)
-- [Refactor] clean up `quoteStyle` code [`450680c`](https://github.com/inspect-js/object-inspect/commit/450680cd50de4e689ee3b8e1d6db3a1bcf3fc18c)
-- [Tests] add `quoteStyle` escaping tests [`e997c59`](https://github.com/inspect-js/object-inspect/commit/e997c595aeaea84fd98ca35d7e1c3b5ab3ae26e0)
-- [Dev Deps] update `auto-changelog`, `es-value-fixtures`, `tape` [`d5a469c`](https://github.com/inspect-js/object-inspect/commit/d5a469c99ec07ccaeafc36ac4b36a93285086d48)
-- [Tests] replace `aud` with `npm audit` [`fb7815f`](https://github.com/inspect-js/object-inspect/commit/fb7815f9b72cae277a04f65bbb0543f85b88be62)
-- [Dev Deps] update `mock-property` [`11c817b`](https://github.com/inspect-js/object-inspect/commit/11c817bf10392aa017755962ba6bc89d731359ee)
-
-## [v1.13.2](https://github.com/inspect-js/object-inspect/compare/v1.13.1...v1.13.2) - 2024-06-21
-
-### Commits
-
-- [readme] update badges [`8a51e6b`](https://github.com/inspect-js/object-inspect/commit/8a51e6bedaf389ec40cc4659e9df53e8543d176e)
-- [Dev Deps] update `@ljharb/eslint-config`, `tape` [`ef05f58`](https://github.com/inspect-js/object-inspect/commit/ef05f58c9761a41416ab907299bf0fa79517014b)
-- [Dev Deps] update `error-cause`, `has-tostringtag`, `tape` [`c0c6c26`](https://github.com/inspect-js/object-inspect/commit/c0c6c26c44cee6671f7c5d43d2b91d27c5c00d90)
-- [Fix] Don't throw when `global` is not defined [`d4d0965`](https://github.com/inspect-js/object-inspect/commit/d4d096570f7dbd0e03266a96de11d05eb7b63e0f)
-- [meta] add missing `engines.node` [`17a352a`](https://github.com/inspect-js/object-inspect/commit/17a352af6fe1ba6b70a19081674231eb1a50c940)
-- [Dev Deps] update `globalthis` [`9c08884`](https://github.com/inspect-js/object-inspect/commit/9c08884aa662a149e2f11403f413927736b97da7)
-- [Dev Deps] update `error-cause` [`6af352d`](https://github.com/inspect-js/object-inspect/commit/6af352d7c3929a4cc4c55768c27bf547a5e900f4)
-- [Dev Deps] update `npmignore` [`94e617d`](https://github.com/inspect-js/object-inspect/commit/94e617d38831722562fa73dff4c895746861d267)
-- [Dev Deps] update `mock-property` [`2ac24d7`](https://github.com/inspect-js/object-inspect/commit/2ac24d7e58cd388ad093c33249e413e05bbfd6c3)
-- [Dev Deps] update `tape` [`46125e5`](https://github.com/inspect-js/object-inspect/commit/46125e58f1d1dcfb170ed3d1ea69da550ea8d77b)
-
-## [v1.13.1](https://github.com/inspect-js/object-inspect/compare/v1.13.0...v1.13.1) - 2023-10-19
-
-### Commits
-
-- [Fix] in IE 8, global can !== window despite them being prototypes of each other [`30d0859`](https://github.com/inspect-js/object-inspect/commit/30d0859dc4606cf75c2410edcd5d5c6355f8d372)
-
-## [v1.13.0](https://github.com/inspect-js/object-inspect/compare/v1.12.3...v1.13.0) - 2023-10-14
-
-### Commits
-
-- [New] add special handling for the global object [`431bab2`](https://github.com/inspect-js/object-inspect/commit/431bab21a490ee51d35395966a504501e8c685da)
-- [Dev Deps] update `@ljharb/eslint-config`, `aud`, `tape` [`fd4f619`](https://github.com/inspect-js/object-inspect/commit/fd4f6193562b4b0e95dcf5c0201b4e8cbbc4f58d)
-- [Dev Deps] update `mock-property`, `tape` [`b453f6c`](https://github.com/inspect-js/object-inspect/commit/b453f6ceeebf8a1b738a1029754092e0367a4134)
-- [Dev Deps] update `error-cause` [`e8ffc57`](https://github.com/inspect-js/object-inspect/commit/e8ffc577d73b92bb6a4b00c44f14e3319e374888)
-- [Dev Deps] update `tape` [`054b8b9`](https://github.com/inspect-js/object-inspect/commit/054b8b9b98633284cf989e582450ebfbbe53503c)
-- [Dev Deps] temporarily remove `aud` due to breaking change in transitive deps [`2476845`](https://github.com/inspect-js/object-inspect/commit/2476845e0678dd290c541c81cd3dec8420782c52)
-- [Dev Deps] pin `glob`, since v10.3.8+ requires a broken `jackspeak` [`383fa5e`](https://github.com/inspect-js/object-inspect/commit/383fa5eebc0afd705cc778a4b49d8e26452e49a8)
-- [Dev Deps] pin `jackspeak` since 2.1.2+ depends on npm aliases, which kill the install process in npm &lt; 6 [`68c244c`](https://github.com/inspect-js/object-inspect/commit/68c244c5174cdd877e5dcb8ee90aa3f44b2f25be)
-
-## [v1.12.3](https://github.com/inspect-js/object-inspect/compare/v1.12.2...v1.12.3) - 2023-01-12
-
-### Commits
-
-- [Fix] in eg FF 24, collections lack forEach [`75fc226`](https://github.com/inspect-js/object-inspect/commit/75fc22673c82d45f28322b1946bb0eb41b672b7f)
-- [actions] update rebase action to use reusable workflow [`250a277`](https://github.com/inspect-js/object-inspect/commit/250a277a095e9dacc029ab8454dcfc15de549dcd)
-- [Dev Deps] update `aud`, `es-value-fixtures`, `tape` [`66a19b3`](https://github.com/inspect-js/object-inspect/commit/66a19b3209ccc3c5ef4b34c3cb0160e65d1ce9d5)
-- [Dev Deps] update `@ljharb/eslint-config`, `aud`, `error-cause` [`c43d332`](https://github.com/inspect-js/object-inspect/commit/c43d3324b48384a16fd3dc444e5fc589d785bef3)
-- [Tests] add `@pkgjs/support` to `postlint` [`e2618d2`](https://github.com/inspect-js/object-inspect/commit/e2618d22a7a3fa361b6629b53c1752fddc9c4d80)
-
-## [v1.12.2](https://github.com/inspect-js/object-inspect/compare/v1.12.1...v1.12.2) - 2022-05-26
-
-### Commits
-
-- [Fix] use `util.inspect` for a custom inspection symbol method [`e243bf2`](https://github.com/inspect-js/object-inspect/commit/e243bf2eda6c4403ac6f1146fddb14d12e9646c1)
-- [meta] add support info [`ca20ba3`](https://github.com/inspect-js/object-inspect/commit/ca20ba35713c17068ca912a86c542f5e8acb656c)
-- [Fix] ignore `cause` in node v16.9 and v16.10 where it has a bug [`86aa553`](https://github.com/inspect-js/object-inspect/commit/86aa553a4a455562c2c56f1540f0bf857b9d314b)
-
-## [v1.12.1](https://github.com/inspect-js/object-inspect/compare/v1.12.0...v1.12.1) - 2022-05-21
-
-### Commits
-
-- [Tests] use `mock-property` [`4ec8893`](https://github.com/inspect-js/object-inspect/commit/4ec8893ea9bfd28065ca3638cf6762424bf44352)
-- [meta] use `npmignore` to autogenerate an npmignore file [`07f868c`](https://github.com/inspect-js/object-inspect/commit/07f868c10bd25a9d18686528339bb749c211fc9a)
-- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `aud`, `auto-changelog`, `tape` [`b05244b`](https://github.com/inspect-js/object-inspect/commit/b05244b4f331e00c43b3151bc498041be77ccc91)
-- [Dev Deps] update `@ljharb/eslint-config`, `error-cause`, `es-value-fixtures`, `functions-have-names`, `tape` [`d037398`](https://github.com/inspect-js/object-inspect/commit/d037398dcc5d531532e4c19c4a711ed677f579c1)
-- [Fix] properly handle callable regexes in older engines [`848fe48`](https://github.com/inspect-js/object-inspect/commit/848fe48bd6dd0064ba781ee6f3c5e54a94144c37)
-
-## [v1.12.0](https://github.com/inspect-js/object-inspect/compare/v1.11.1...v1.12.0) - 2021-12-18
-
-### Commits
-
-- [New] add `numericSeparator` boolean option [`2d2d537`](https://github.com/inspect-js/object-inspect/commit/2d2d537f5359a4300ce1c10241369f8024f89e11)
-- [Robustness] cache more prototype methods [`191533d`](https://github.com/inspect-js/object-inspect/commit/191533da8aec98a05eadd73a5a6e979c9c8653e8)
-- [New] ensure an Error’s `cause` is displayed [`53bc2ce`](https://github.com/inspect-js/object-inspect/commit/53bc2cee4e5a9cc4986f3cafa22c0685f340715e)
-- [Dev Deps] update `eslint`, `@ljharb/eslint-config` [`bc164b6`](https://github.com/inspect-js/object-inspect/commit/bc164b6e2e7d36b263970f16f54de63048b84a36)
-- [Robustness] cache `RegExp.prototype.test` [`a314ab8`](https://github.com/inspect-js/object-inspect/commit/a314ab8271b905cbabc594c82914d2485a8daf12)
-- [meta] fix auto-changelog settings [`5ed0983`](https://github.com/inspect-js/object-inspect/commit/5ed0983be72f73e32e2559997517a95525c7e20d)
-
-## [v1.11.1](https://github.com/inspect-js/object-inspect/compare/v1.11.0...v1.11.1) - 2021-12-05
-
-### Commits
-
-- [meta] add `auto-changelog` [`7dbdd22`](https://github.com/inspect-js/object-inspect/commit/7dbdd228401d6025d8b7391476d88aee9ea9bbdf)
-- [actions] reuse common workflows [`c8823bc`](https://github.com/inspect-js/object-inspect/commit/c8823bc0a8790729680709d45fb6e652432e91aa)
-- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `safe-publish-latest`, `tape` [`7532b12`](https://github.com/inspect-js/object-inspect/commit/7532b120598307497b712890f75af8056f6d37a6)
-- [Refactor] use `has-tostringtag` to behave correctly in the presence of symbol shams [`94abb5d`](https://github.com/inspect-js/object-inspect/commit/94abb5d4e745bf33253942dea86b3e538d2ff6c6)
-- [actions] update codecov uploader [`5ed5102`](https://github.com/inspect-js/object-inspect/commit/5ed51025267a00e53b1341357315490ac4eb0874)
-- [Dev Deps] update `eslint`, `tape` [`37b2ad2`](https://github.com/inspect-js/object-inspect/commit/37b2ad26c08d94bfd01d5d07069a0b28ef4e2ad7)
-- [meta] add `sideEffects` flag [`d341f90`](https://github.com/inspect-js/object-inspect/commit/d341f905ef8bffa6a694cda6ddc5ba343532cd4f)
-
-## [v1.11.0](https://github.com/inspect-js/object-inspect/compare/v1.10.3...v1.11.0) - 2021-07-12
-
-### Commits
-
-- [New] `customInspect`: add `symbol` option, to mimic modern util.inspect behavior [`e973a6e`](https://github.com/inspect-js/object-inspect/commit/e973a6e21f8140c5837cf25e9d89bdde88dc3120)
-- [Dev Deps] update `eslint` [`05f1cb3`](https://github.com/inspect-js/object-inspect/commit/05f1cb3cbcfe1f238e8b51cf9bc294305b7ed793)
-
-## [v1.10.3](https://github.com/inspect-js/object-inspect/compare/v1.10.2...v1.10.3) - 2021-05-07
-
-### Commits
-
-- [Fix] handle core-js Symbol shams [`4acfc2c`](https://github.com/inspect-js/object-inspect/commit/4acfc2c4b503498759120eb517abad6d51c9c5d6)
-- [readme] update badges [`95c323a`](https://github.com/inspect-js/object-inspect/commit/95c323ad909d6cbabb95dd6015c190ba6db9c1f2)
-- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `aud` [`cb38f48`](https://github.com/inspect-js/object-inspect/commit/cb38f485de6ec7a95109b5a9bbd0a1deba2f6611)
-
-## [v1.10.2](https://github.com/inspect-js/object-inspect/compare/v1.10.1...v1.10.2) - 2021-04-17
-
-### Commits
-
-- [Fix] use a robust check for a boxed Symbol [`87f12d6`](https://github.com/inspect-js/object-inspect/commit/87f12d6e69ce530be04659c81a4cd502943acac5)
-
-## [v1.10.1](https://github.com/inspect-js/object-inspect/compare/v1.10.0...v1.10.1) - 2021-04-17
-
-### Commits
-
-- [Fix] use a robust check for a boxed bigint [`d5ca829`](https://github.com/inspect-js/object-inspect/commit/d5ca8298b6d2e5c7b9334a5b21b96ed95d225c91)
-
-## [v1.10.0](https://github.com/inspect-js/object-inspect/compare/v1.9.0...v1.10.0) - 2021-04-17
-
-### Commits
-
-- [Tests] increase coverage [`d8abb8a`](https://github.com/inspect-js/object-inspect/commit/d8abb8a62c2f084919df994a433b346e0d87a227)
-- [actions] use `node/install` instead of `node/run`; use `codecov` action [`4bfec2e`](https://github.com/inspect-js/object-inspect/commit/4bfec2e30aaef6ddef6cbb1448306f9f8b9520b7)
-- [New] respect `Symbol.toStringTag` on objects [`799b58f`](https://github.com/inspect-js/object-inspect/commit/799b58f536a45e4484633a8e9daeb0330835f175)
-- [Fix] do not allow Symbol.toStringTag to masquerade as builtins [`d6c5b37`](https://github.com/inspect-js/object-inspect/commit/d6c5b37d7e94427796b82432fb0c8964f033a6ab)
-- [New] add `WeakRef` support [`b6d898e`](https://github.com/inspect-js/object-inspect/commit/b6d898ee21868c780a7ee66b28532b5b34ed7f09)
-- [meta] do not publish github action workflow files [`918cdfc`](https://github.com/inspect-js/object-inspect/commit/918cdfc4b6fe83f559ff6ef04fe66201e3ff5cbd)
-- [meta] create `FUNDING.yml` [`0bb5fc5`](https://github.com/inspect-js/object-inspect/commit/0bb5fc516dbcd2cd728bd89cee0b580acc5ce301)
-- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `aud`, `tape` [`22c8dc0`](https://github.com/inspect-js/object-inspect/commit/22c8dc0cac113d70f4781e49a950070923a671be)
-- [meta] use `prepublishOnly` script for npm 7+ [`e52ee09`](https://github.com/inspect-js/object-inspect/commit/e52ee09e8050b8dbac94ef57f786675567728223)
-- [Dev Deps] update `eslint` [`7c4e6fd`](https://github.com/inspect-js/object-inspect/commit/7c4e6fdedcd27cc980e13c9ad834d05a96f3d40c)
-
-## [v1.9.0](https://github.com/inspect-js/object-inspect/compare/v1.8.0...v1.9.0) - 2020-11-30
-
-### Commits
-
-- [Tests] migrate tests to Github Actions [`d262251`](https://github.com/inspect-js/object-inspect/commit/d262251e13e16d3490b5473672f6b6d6ff86675d)
-- [New] add enumerable own Symbols to plain object output [`ee60c03`](https://github.com/inspect-js/object-inspect/commit/ee60c033088cff9d33baa71e59a362a541b48284)
-- [Tests] add passing tests [`01ac3e4`](https://github.com/inspect-js/object-inspect/commit/01ac3e4b5a30f97875a63dc9b1416b3bd626afc9)
-- [actions] add "Require Allow Edits" action [`c2d7746`](https://github.com/inspect-js/object-inspect/commit/c2d774680cde4ca4af332d84d4121b26f798ba9e)
-- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `aud`, `core-js` [`70058de`](https://github.com/inspect-js/object-inspect/commit/70058de1579fc54d1d15ed6c2dbe246637ce70ff)
-- [Fix] hex characters in strings should be uppercased, to match node `assert` [`6ab8faa`](https://github.com/inspect-js/object-inspect/commit/6ab8faaa0abc08fe7a8e2afd8b39c6f1f0e00113)
-- [Tests] run `nyc` on all tests [`4c47372`](https://github.com/inspect-js/object-inspect/commit/4c473727879ddc8e28b599202551ddaaf07b6210)
-- [Tests] node 0.8 has an unpredictable property order; fix `groups` test by removing property [`f192069`](https://github.com/inspect-js/object-inspect/commit/f192069a978a3b60e6f0e0d45ac7df260ab9a778)
-- [New] add enumerable properties to Function inspect result, per node’s `assert` [`fd38e1b`](https://github.com/inspect-js/object-inspect/commit/fd38e1bc3e2a1dc82091ce3e021917462eee64fc)
-- [Tests] fix tests for node &lt; 10, due to regex match `groups` [`2ac6462`](https://github.com/inspect-js/object-inspect/commit/2ac6462cc4f72eaa0b63a8cfee9aabe3008b2330)
-- [Dev Deps] update `eslint`, `@ljharb/eslint-config` [`44b59e2`](https://github.com/inspect-js/object-inspect/commit/44b59e2676a7f825ef530dfd19dafb599e3b9456)
-- [Robustness] cache `Symbol.prototype.toString` [`f3c2074`](https://github.com/inspect-js/object-inspect/commit/f3c2074d8f32faf8292587c07c9678ea931703dd)
-- [Dev Deps] update `eslint` [`9411294`](https://github.com/inspect-js/object-inspect/commit/94112944b9245e3302e25453277876402d207e7f)
-- [meta] `require-allow-edits` no longer requires an explicit github token [`36c0220`](https://github.com/inspect-js/object-inspect/commit/36c02205de3c2b0e84d53777c5c9fd54a36c48ab)
-- [actions] update rebase checkout action to v2 [`55a39a6`](https://github.com/inspect-js/object-inspect/commit/55a39a64e944f19c6a7d8efddf3df27700f20d14)
-- [actions] switch Automatic Rebase workflow to `pull_request_target` event [`f59fd3c`](https://github.com/inspect-js/object-inspect/commit/f59fd3cf406c3a7c7ece140904a80bbc6bacfcca)
-- [Dev Deps] update `eslint` [`a492bec`](https://github.com/inspect-js/object-inspect/commit/a492becec644b0155c9c4bc1caf6f9fac11fb2c7)
-
-## [v1.8.0](https://github.com/inspect-js/object-inspect/compare/v1.7.0...v1.8.0) - 2020-06-18
-
-### Fixed
-
-- [New] add `indent` option [`#27`](https://github.com/inspect-js/object-inspect/issues/27)
-
-### Commits
-
-- [Tests] add codecov [`4324cbb`](https://github.com/inspect-js/object-inspect/commit/4324cbb1a2bd7710822a4151ff373570db22453e)
-- [New] add `maxStringLength` option [`b3995cb`](https://github.com/inspect-js/object-inspect/commit/b3995cb71e15b5ee127a3094c43994df9d973502)
-- [New] add `customInspect` option, to disable custom inspect methods [`28b9179`](https://github.com/inspect-js/object-inspect/commit/28b9179ee802bb3b90810100c11637db90c2fb6d)
-- [Tests] add Date and RegExp tests [`3b28eca`](https://github.com/inspect-js/object-inspect/commit/3b28eca57b0367aeadffac604ea09e8bdae7d97b)
-- [actions] add automatic rebasing / merge commit blocking [`0d9c6c0`](https://github.com/inspect-js/object-inspect/commit/0d9c6c044e83475ff0bfffb9d35b149834c83a2e)
-- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `core-js`, `tape`; add `aud` [`7c204f2`](https://github.com/inspect-js/object-inspect/commit/7c204f22b9e41bc97147f4d32d4cb045b17769a6)
-- [readme] fix repo URLs, remove testling [`34ca9a0`](https://github.com/inspect-js/object-inspect/commit/34ca9a0dabfe75bd311f806a326fadad029909a3)
-- [Fix] when truncating a deep array, note it as `[Array]` instead of just `[Object]` [`f74c82d`](https://github.com/inspect-js/object-inspect/commit/f74c82dd0b35386445510deb250f34c41be3ec0e)
-- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `tape` [`1a8a5ea`](https://github.com/inspect-js/object-inspect/commit/1a8a5ea069ea2bee89d77caedad83ffa23d35711)
-- [Fix] do not be fooled by a function’s own `toString` method [`7cb5c65`](https://github.com/inspect-js/object-inspect/commit/7cb5c657a976f94715c19c10556a30f15bb7d5d7)
-- [patch] indicate explicitly that anon functions are anonymous, to match node [`81ebdd4`](https://github.com/inspect-js/object-inspect/commit/81ebdd4215005144074bbdff3f6bafa01407910a)
-- [Dev Deps] loosen the `core-js` dep [`e7472e8`](https://github.com/inspect-js/object-inspect/commit/e7472e8e242117670560bd995830c2a4d12080f5)
-- [Dev Deps] update `tape` [`699827e`](https://github.com/inspect-js/object-inspect/commit/699827e6b37258b5203c33c78c009bf4b0e6a66d)
-- [meta] add `safe-publish-latest` [`c5d2868`](https://github.com/inspect-js/object-inspect/commit/c5d2868d6eb33c472f37a20f89ceef2787046088)
-- [Dev Deps] update `@ljharb/eslint-config` [`9199501`](https://github.com/inspect-js/object-inspect/commit/919950195d486114ccebacbdf9d74d7f382693b0)
-
-## [v1.7.0](https://github.com/inspect-js/object-inspect/compare/v1.6.0...v1.7.0) - 2019-11-10
-
-### Commits
-
-- [Tests] use shared travis-ci configs [`19899ed`](https://github.com/inspect-js/object-inspect/commit/19899edbf31f4f8809acf745ce34ad1ce1bfa63b)
-- [Tests] add linting [`a00f057`](https://github.com/inspect-js/object-inspect/commit/a00f057d917f66ea26dd37769c6b810ec4af97e8)
-- [Tests] lint last file [`2698047`](https://github.com/inspect-js/object-inspect/commit/2698047b58af1e2e88061598ef37a75f228dddf6)
-- [Tests] up to `node` `v12.7`, `v11.15`, `v10.16`, `v8.16`, `v6.17` [`589e87a`](https://github.com/inspect-js/object-inspect/commit/589e87a99cadcff4b600e6a303418e9d922836e8)
-- [New] add support for `WeakMap` and `WeakSet` [`3ddb3e4`](https://github.com/inspect-js/object-inspect/commit/3ddb3e4e0c8287130c61a12e0ed9c104b1549306)
-- [meta] clean up license so github can detect it properly [`27527bb`](https://github.com/inspect-js/object-inspect/commit/27527bb801520c9610c68cc3b55d6f20a2bee56d)
-- [Tests] cover `util.inspect.custom` [`36d47b9`](https://github.com/inspect-js/object-inspect/commit/36d47b9c59056a57ef2f1491602c726359561800)
-- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `core-js`, `tape` [`b614eaa`](https://github.com/inspect-js/object-inspect/commit/b614eaac901da0e5c69151f534671f990a94cace)
-- [Tests] fix coverage thresholds [`7b7b176`](https://github.com/inspect-js/object-inspect/commit/7b7b176e15f8bd6e8b2f261ff5a493c2fe78d9c2)
-- [Tests] bigint tests now can run on unflagged node [`063af31`](https://github.com/inspect-js/object-inspect/commit/063af31ce9cd13c202e3b67c07ba06dc9b7c0f81)
-- [Refactor] add early bailout to `isMap` and `isSet` checks [`fc51047`](https://github.com/inspect-js/object-inspect/commit/fc5104714a3671d37e225813db79470d6335683b)
-- [meta] add `funding` field [`7f9953a`](https://github.com/inspect-js/object-inspect/commit/7f9953a113eec7b064a6393cf9f90ba15f1d131b)
-- [Tests] Fix invalid strict-mode syntax with hexadecimal [`a8b5425`](https://github.com/inspect-js/object-inspect/commit/a8b542503b4af1599a275209a1a99f5fdedb1ead)
-- [Dev Deps] update `@ljharb/eslint-config` [`98df157`](https://github.com/inspect-js/object-inspect/commit/98df1577314d9188a3fc3f17fdcf2fba697ae1bd)
-- add copyright to LICENSE [`bb69fd0`](https://github.com/inspect-js/object-inspect/commit/bb69fd017a062d299e44da1f9b2c7dcd67f621e6)
-- [Tests] use `npx aud` in `posttest` [`4838353`](https://github.com/inspect-js/object-inspect/commit/4838353593974cf7f905b9ef04c03c094f0cdbe2)
-- [Tests] move `0.6` to allowed failures, because it won‘t build on travis [`1bff32a`](https://github.com/inspect-js/object-inspect/commit/1bff32aa52e8aea687f0856b28ba754b3e43ebf7)
-
-## [v1.6.0](https://github.com/inspect-js/object-inspect/compare/v1.5.0...v1.6.0) - 2018-05-02
-
-### Commits
-
-- [New] add support for boxed BigInt primitives [`356c66a`](https://github.com/inspect-js/object-inspect/commit/356c66a410e7aece7162c8319880a5ef647beaa9)
-- [Tests] up to `node` `v10.0`, `v9.11`, `v8.11`, `v6.14`, `v4.9` [`c77b65b`](https://github.com/inspect-js/object-inspect/commit/c77b65bba593811b906b9ec57561c5cba92e2db3)
-- [New] Add support for upcoming `BigInt` [`1ac548e`](https://github.com/inspect-js/object-inspect/commit/1ac548e4b27e26466c28c9a5e63e5d4e0591c31f)
-- [Tests] run bigint tests in CI with --harmony-bigint flag [`d31b738`](https://github.com/inspect-js/object-inspect/commit/d31b73831880254b5c6cf5691cda9a149fbc5f04)
-- [Dev Deps] update `core-js`, `tape` [`ff9eff6`](https://github.com/inspect-js/object-inspect/commit/ff9eff67113341ee1aaf80c1c22d683f43bfbccf)
-- [Docs] fix example to use `safer-buffer` [`48cae12`](https://github.com/inspect-js/object-inspect/commit/48cae12a73ec6cacc955175bc56bbe6aee6a211f)
-
-## [v1.5.0](https://github.com/inspect-js/object-inspect/compare/v1.4.1...v1.5.0) - 2017-12-25
-
-### Commits
-
-- [New] add `quoteStyle` option [`f5a72d2`](https://github.com/inspect-js/object-inspect/commit/f5a72d26edb3959b048f74c056ca7100a6b091e4)
-- [Tests] add more test coverage [`30ebe4e`](https://github.com/inspect-js/object-inspect/commit/30ebe4e1fa943b99ecbb85be7614256d536e2759)
-- [Tests] require 0.6 to pass [`99a008c`](https://github.com/inspect-js/object-inspect/commit/99a008ccace189a60fd7da18bf00e32c9572b980)
-
-## [v1.4.1](https://github.com/inspect-js/object-inspect/compare/v1.4.0...v1.4.1) - 2017-12-19
-
-### Commits
-
-- [Tests] up to `node` `v9.3`, `v8.9`, `v6.12` [`6674476`](https://github.com/inspect-js/object-inspect/commit/6674476cc56acaac1bde96c84fed5ef631911906)
-- [Fix] `inspect(Object(-0))` should be “Object(-0)”, not “Object(0)” [`d0a031f`](https://github.com/inspect-js/object-inspect/commit/d0a031f1cbb3024ee9982bfe364dd18a7e4d1bd3)
-
-## [v1.4.0](https://github.com/inspect-js/object-inspect/compare/v1.3.0...v1.4.0) - 2017-10-24
-
-### Commits
-
-- [Tests] add `npm run coverage` [`3b48fb2`](https://github.com/inspect-js/object-inspect/commit/3b48fb25db037235eeb808f0b2830aad7aa36f70)
-- [Tests] remove commented-out osx builds [`71e24db`](https://github.com/inspect-js/object-inspect/commit/71e24db8ad6ee3b9b381c5300b0475f2ba595a73)
-- [New] add support for `util.inspect.custom`, in node only. [`20cca77`](https://github.com/inspect-js/object-inspect/commit/20cca7762d7e17f15b21a90793dff84acce155df)
-- [Tests] up to `node` `v8.6`; use `nvm install-latest-npm` to ensure new npm doesn’t break old node [`252952d`](https://github.com/inspect-js/object-inspect/commit/252952d230d8065851dd3d4d5fe8398aae068529)
-- [Tests] up to `node` `v8.8` [`4aa868d`](https://github.com/inspect-js/object-inspect/commit/4aa868d3a62914091d489dd6ec6eed194ee67cd3)
-- [Dev Deps] update `core-js`, `tape` [`59483d1`](https://github.com/inspect-js/object-inspect/commit/59483d1df418f852f51fa0db7b24aa6b0209a27a)
-
-## [v1.3.0](https://github.com/inspect-js/object-inspect/compare/v1.2.2...v1.3.0) - 2017-07-31
-
-### Fixed
-
-- [Fix] Map/Set: work around core-js bug &lt; v2.5.0 [`#9`](https://github.com/inspect-js/object-inspect/issues/9)
-
-### Commits
-
-- [New] add support for arrays with additional object keys [`0d19937`](https://github.com/inspect-js/object-inspect/commit/0d199374ee37959e51539616666f420ccb29acb9)
-- [Tests] up to `node` `v8.2`, `v7.10`, `v6.11`; fix new npm breaking on older nodes [`e24784a`](https://github.com/inspect-js/object-inspect/commit/e24784a90c49117787157a12a63897c49cf89bbb)
-- Only apps should have lockfiles [`c6faebc`](https://github.com/inspect-js/object-inspect/commit/c6faebcb2ee486a889a4a1c4d78c0776c7576185)
-- [Dev Deps] update `tape` [`7345a0a`](https://github.com/inspect-js/object-inspect/commit/7345a0aeba7e91b888a079c10004d17696a7f586)
-
-## [v1.2.2](https://github.com/inspect-js/object-inspect/compare/v1.2.1...v1.2.2) - 2017-03-24
-
-### Commits
-
-- [Tests] up to `node` `v7.7`, `v6.10`, `v4.8`; improve test matrix [`a2ddc15`](https://github.com/inspect-js/object-inspect/commit/a2ddc15a1f2c65af18076eea1c0eb9cbceb478a0)
-- [Tests] up to `node` `v7.0`, `v6.9`, `v5.12`, `v4.6`, `io.js` `v3.3`; improve test matrix [`a48949f`](https://github.com/inspect-js/object-inspect/commit/a48949f6b574b2d4d2298109d8e8d0eb3e7a83e7)
-- [Performance] check for primitive types as early as possible. [`3b8092a`](https://github.com/inspect-js/object-inspect/commit/3b8092a2a4deffd0575f94334f00194e2d48dad3)
-- [Refactor] remove unneeded `else`s. [`7255034`](https://github.com/inspect-js/object-inspect/commit/725503402e08de4f96f6bf2d8edef44ac36f26b6)
-- [Refactor] avoid recreating `lowbyte` function every time. [`81edd34`](https://github.com/inspect-js/object-inspect/commit/81edd3475bd15bdd18e84de7472033dcf5004aaa)
-- [Fix] differentiate -0 from 0 [`521d345`](https://github.com/inspect-js/object-inspect/commit/521d3456b009da7bf1c5785c8a9df5a9f8718264)
-- [Refactor] move object key gathering into separate function [`aca6265`](https://github.com/inspect-js/object-inspect/commit/aca626536eaeef697196c6e9db3e90e7e0355b6a)
-- [Refactor] consolidate wrapping logic for boxed primitives into a function. [`4e440cd`](https://github.com/inspect-js/object-inspect/commit/4e440cd9065df04802a2a1dead03f48c353ca301)
-- [Robustness] use `typeof` instead of comparing to literal `undefined` [`5ca6f60`](https://github.com/inspect-js/object-inspect/commit/5ca6f601937506daff8ed2fcf686363b55807b69)
-- [Refactor] consolidate Map/Set notations. [`4e576e5`](https://github.com/inspect-js/object-inspect/commit/4e576e5d7ed2f9ec3fb7f37a0d16732eb10758a9)
-- [Tests] ensure that this function remains anonymous, despite ES6 name inference. [`7540ae5`](https://github.com/inspect-js/object-inspect/commit/7540ae591278756db614fa4def55ca413150e1a3)
-- [Refactor] explicitly coerce Error objects to strings. [`7f4ca84`](https://github.com/inspect-js/object-inspect/commit/7f4ca8424ee8dc2c0ca5a422d94f7fac40327261)
-- [Refactor] split up `var` declarations for debuggability [`6f2c11e`](https://github.com/inspect-js/object-inspect/commit/6f2c11e6a85418586a00292dcec5e97683f89bc3)
-- [Robustness] cache `Object.prototype.toString` [`df44a20`](https://github.com/inspect-js/object-inspect/commit/df44a20adfccf31529d60d1df2079bfc3c836e27)
-- [Dev Deps] update `tape` [`3ec714e`](https://github.com/inspect-js/object-inspect/commit/3ec714eba57bc3f58a6eb4fca1376f49e70d300a)
-- [Dev Deps] update `tape` [`beb72d9`](https://github.com/inspect-js/object-inspect/commit/beb72d969653747d7cde300393c28755375329b0)
-
-## [v1.2.1](https://github.com/inspect-js/object-inspect/compare/v1.2.0...v1.2.1) - 2016-04-09
-
-### Fixed
-
-- [Fix] fix Boolean `false` object inspection. [`#7`](https://github.com/substack/object-inspect/pull/7)
-
-## [v1.2.0](https://github.com/inspect-js/object-inspect/compare/v1.1.0...v1.2.0) - 2016-04-09
-
-### Fixed
-
-- [New] add support for inspecting String/Number/Boolean objects. [`#6`](https://github.com/inspect-js/object-inspect/issues/6)
-
-### Commits
-
-- [Dev Deps] update `tape` [`742caa2`](https://github.com/inspect-js/object-inspect/commit/742caa262cf7af4c815d4821c8bd0129c1446432)
-
-## [v1.1.0](https://github.com/inspect-js/object-inspect/compare/1.0.2...v1.1.0) - 2015-12-14
-
-### Merged
-
-- [New] add ES6 Map/Set support. [`#4`](https://github.com/inspect-js/object-inspect/pull/4)
-
-### Fixed
-
-- [New] add ES6 Map/Set support. [`#3`](https://github.com/inspect-js/object-inspect/issues/3)
-
-### Commits
-
-- Update `travis.yml` to test on bunches of `iojs` and `node` versions. [`4c1fd65`](https://github.com/inspect-js/object-inspect/commit/4c1fd65cc3bd95307e854d114b90478324287fd2)
-- [Dev Deps] update `tape` [`88a907e`](https://github.com/inspect-js/object-inspect/commit/88a907e33afbe408e4b5d6e4e42a33143f88848c)
-
-## [1.0.2](https://github.com/inspect-js/object-inspect/compare/1.0.1...1.0.2) - 2015-08-07
-
-### Commits
-
-- [Fix] Cache `Object.prototype.hasOwnProperty` in case it's deleted later. [`1d0075d`](https://github.com/inspect-js/object-inspect/commit/1d0075d3091dc82246feeb1f9871cb2b8ed227b3)
-- [Dev Deps] Update `tape` [`ca8d5d7`](https://github.com/inspect-js/object-inspect/commit/ca8d5d75635ddbf76f944e628267581e04958457)
-- gitignore node_modules since this is a reusable modules. [`ed41407`](https://github.com/inspect-js/object-inspect/commit/ed41407811743ca530cdeb28f982beb96026af82)
-
-## [1.0.1](https://github.com/inspect-js/object-inspect/compare/1.0.0...1.0.1) - 2015-07-19
-
-### Commits
-
-- Make `inspect` work with symbol primitives and objects, including in node 0.11 and 0.12. [`ddf1b94`](https://github.com/inspect-js/object-inspect/commit/ddf1b94475ab951f1e3bccdc0a48e9073cfbfef4)
-- bump tape [`103d674`](https://github.com/inspect-js/object-inspect/commit/103d67496b504bdcfdd765d303a773f87ec106e2)
-- use newer travis config [`d497276`](https://github.com/inspect-js/object-inspect/commit/d497276c1da14234bb5098a59cf20de75fbc316a)
-
-## [1.0.0](https://github.com/inspect-js/object-inspect/compare/0.4.0...1.0.0) - 2014-08-05
-
-### Commits
-
-- error inspect works properly [`260a22d`](https://github.com/inspect-js/object-inspect/commit/260a22d134d3a8a482c67d52091c6040c34f4299)
-- seen coverage [`57269e8`](https://github.com/inspect-js/object-inspect/commit/57269e8baa992a7439047f47325111fdcbcb8417)
-- htmlelement instance coverage [`397ffe1`](https://github.com/inspect-js/object-inspect/commit/397ffe10a1980350868043ef9de65686d438979f)
-- more element coverage [`6905cc2`](https://github.com/inspect-js/object-inspect/commit/6905cc2f7df35600177e613b0642b4df5efd3eca)
-- failing test for type errors [`385b615`](https://github.com/inspect-js/object-inspect/commit/385b6152e49b51b68449a662f410b084ed7c601a)
-- fn name coverage [`edc906d`](https://github.com/inspect-js/object-inspect/commit/edc906d40fca6b9194d304062c037ee8e398c4c2)
-- server-side element test [`362d1d3`](https://github.com/inspect-js/object-inspect/commit/362d1d3e86f187651c29feeb8478110afada385b)
-- custom inspect fn [`e89b0f6`](https://github.com/inspect-js/object-inspect/commit/e89b0f6fe6d5e03681282af83732a509160435a6)
-- fixed browser test [`b530882`](https://github.com/inspect-js/object-inspect/commit/b5308824a1c8471c5617e394766a03a6977102a9)
-- depth test, matches node [`1cfd9e0`](https://github.com/inspect-js/object-inspect/commit/1cfd9e0285a4ae1dff44101ad482915d9bf47e48)
-- exercise hasOwnProperty path [`8d753fb`](https://github.com/inspect-js/object-inspect/commit/8d753fb362a534fa1106e4d80f2ee9bea06a66d9)
-- more cases covered for errors [`c5c46a5`](https://github.com/inspect-js/object-inspect/commit/c5c46a569ec4606583497e8550f0d8c7ad39a4a4)
-- \W obj key test case [`b0eceee`](https://github.com/inspect-js/object-inspect/commit/b0eceeea6e0eb94d686c1046e99b9e25e5005f75)
-- coverage for explicit depth param [`e12b91c`](https://github.com/inspect-js/object-inspect/commit/e12b91cd59683362f3a0e80f46481a0211e26c15)
-
-## [0.4.0](https://github.com/inspect-js/object-inspect/compare/0.3.1...0.4.0) - 2014-03-21
-
-### Commits
-
-- passing lowbyte interpolation test [`b847511`](https://github.com/inspect-js/object-inspect/commit/b8475114f5def7e7961c5353d48d3d8d9a520985)
-- lowbyte test [`4a2b0e1`](https://github.com/inspect-js/object-inspect/commit/4a2b0e142667fc933f195472759385ac08f3946c)
-
-## [0.3.1](https://github.com/inspect-js/object-inspect/compare/0.3.0...0.3.1) - 2014-03-04
-
-### Commits
-
-- sort keys [`a07b19c`](https://github.com/inspect-js/object-inspect/commit/a07b19cc3b1521a82d4fafb6368b7a9775428a05)
-
-## [0.3.0](https://github.com/inspect-js/object-inspect/compare/0.2.0...0.3.0) - 2014-03-04
-
-### Commits
-
-- [] and {} instead of [ ] and { } [`654c44b`](https://github.com/inspect-js/object-inspect/commit/654c44b2865811f3519e57bb8526e0821caf5c6b)
-
-## [0.2.0](https://github.com/inspect-js/object-inspect/compare/0.1.3...0.2.0) - 2014-03-04
-
-### Commits
-
-- failing holes test [`99cdfad`](https://github.com/inspect-js/object-inspect/commit/99cdfad03c6474740275a75636fe6ca86c77737a)
-- regex already work [`e324033`](https://github.com/inspect-js/object-inspect/commit/e324033267025995ec97d32ed0a65737c99477a6)
-- failing undef/null test [`1f88a00`](https://github.com/inspect-js/object-inspect/commit/1f88a00265d3209719dda8117b7e6360b4c20943)
-- holes in the all example [`7d345f3`](https://github.com/inspect-js/object-inspect/commit/7d345f3676dcbe980cff89a4f6c243269ebbb709)
-- check for .inspect(), fixes Buffer use-case [`c3f7546`](https://github.com/inspect-js/object-inspect/commit/c3f75466dbca125347d49847c05262c292f12b79)
-- fixes for holes [`ce25f73`](https://github.com/inspect-js/object-inspect/commit/ce25f736683de4b92ff27dc5471218415e2d78d8)
-- weird null behavior [`405c1ea`](https://github.com/inspect-js/object-inspect/commit/405c1ea72cd5a8cf3b498c3eaa903d01b9fbcab5)
-- tape is actually a devDependency, upgrade [`703b0ce`](https://github.com/inspect-js/object-inspect/commit/703b0ce6c5817b4245a082564bccd877e0bb6990)
-- put date in the example [`a342219`](https://github.com/inspect-js/object-inspect/commit/a3422190eeaa013215f46df2d0d37b48595ac058)
-- passing the null test [`4ab737e`](https://github.com/inspect-js/object-inspect/commit/4ab737ebf862a75d247ebe51e79307a34d6380d4)
-
-## [0.1.3](https://github.com/inspect-js/object-inspect/compare/0.1.1...0.1.3) - 2013-07-26
-
-### Commits
-
-- special isElement() check [`882768a`](https://github.com/inspect-js/object-inspect/commit/882768a54035d30747be9de1baf14e5aa0daa128)
-- oh right old IEs don't have indexOf either [`36d1275`](https://github.com/inspect-js/object-inspect/commit/36d12756c38b08a74370b0bb696c809e529913a5)
-
-## [0.1.1](https://github.com/inspect-js/object-inspect/compare/0.1.0...0.1.1) - 2013-07-26
-
-### Commits
-
-- tests! [`4422fd9`](https://github.com/inspect-js/object-inspect/commit/4422fd95532c2745aa6c4f786f35f1090be29998)
-- fix for ie&lt;9, doesn't have hasOwnProperty [`6b7d611`](https://github.com/inspect-js/object-inspect/commit/6b7d61183050f6da801ea04473211da226482613)
-- fix for all IEs: no f.name [`4e0c2f6`](https://github.com/inspect-js/object-inspect/commit/4e0c2f6dfd01c306d067d7163319acc97c94ee50)
-- badges [`5ed0d88`](https://github.com/inspect-js/object-inspect/commit/5ed0d88e4e407f9cb327fa4a146c17921f9680f3)
-
-## [0.1.0](https://github.com/inspect-js/object-inspect/compare/0.0.0...0.1.0) - 2013-07-26
-
-### Commits
-
-- [Function] for functions [`ad5c485`](https://github.com/inspect-js/object-inspect/commit/ad5c485098fc83352cb540a60b2548ca56820e0b)
-
-## 0.0.0 - 2013-07-26
-
-### Commits
-
-- working browser example [`34be6b6`](https://github.com/inspect-js/object-inspect/commit/34be6b6548f9ce92bdc3c27572857ba0c4a1218d)
-- package.json etc [`cad51f2`](https://github.com/inspect-js/object-inspect/commit/cad51f23fc6bcf1a456ed6abe16088256c2f632f)
-- docs complete [`b80cce2`](https://github.com/inspect-js/object-inspect/commit/b80cce2490c4e7183a9ee11ea89071f0abec4446)
-- circular example [`4b4a7b9`](https://github.com/inspect-js/object-inspect/commit/4b4a7b92209e4e6b4630976cb6bcd17d14165a59)
-- string rep [`7afb479`](https://github.com/inspect-js/object-inspect/commit/7afb479baa798d27f09e0a178b72ea327f60f5c8)
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/LICENSE b/src/Servers/ExpressServer/node_modules/object-inspect/LICENSE
deleted file mode 100644
index ca64cc1..0000000
--- a/src/Servers/ExpressServer/node_modules/object-inspect/LICENSE
+++ /dev/null
@@ -1,21 +0,0 @@
-MIT License
-
-Copyright (c) 2013 James Halliday
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/example/all.js b/src/Servers/ExpressServer/node_modules/object-inspect/example/all.js
deleted file mode 100644
index 2f3355c..0000000
--- a/src/Servers/ExpressServer/node_modules/object-inspect/example/all.js
+++ /dev/null
@@ -1,23 +0,0 @@
-'use strict';
-
-var inspect = require('../');
-var Buffer = require('safer-buffer').Buffer;
-
-var holes = ['a', 'b'];
-holes[4] = 'e';
-holes[6] = 'g';
-
-var obj = {
-    a: 1,
-    b: [3, 4, undefined, null],
-    c: undefined,
-    d: null,
-    e: {
-        regex: /^x/i,
-        buf: Buffer.from('abc'),
-        holes: holes
-    },
-    now: new Date()
-};
-obj.self = obj;
-console.log(inspect(obj));
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/example/circular.js b/src/Servers/ExpressServer/node_modules/object-inspect/example/circular.js
deleted file mode 100644
index 487a7c1..0000000
--- a/src/Servers/ExpressServer/node_modules/object-inspect/example/circular.js
+++ /dev/null
@@ -1,6 +0,0 @@
-'use strict';
-
-var inspect = require('../');
-var obj = { a: 1, b: [3, 4] };
-obj.c = obj;
-console.log(inspect(obj));
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/example/fn.js b/src/Servers/ExpressServer/node_modules/object-inspect/example/fn.js
deleted file mode 100644
index 9b5db8d..0000000
--- a/src/Servers/ExpressServer/node_modules/object-inspect/example/fn.js
+++ /dev/null
@@ -1,5 +0,0 @@
-'use strict';
-
-var inspect = require('../');
-var obj = [1, 2, function f(n) { return n + 5; }, 4];
-console.log(inspect(obj));
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/example/inspect.js b/src/Servers/ExpressServer/node_modules/object-inspect/example/inspect.js
deleted file mode 100644
index e2df7c9..0000000
--- a/src/Servers/ExpressServer/node_modules/object-inspect/example/inspect.js
+++ /dev/null
@@ -1,10 +0,0 @@
-'use strict';
-
-/* eslint-env browser */
-var inspect = require('../');
-
-var d = document.createElement('div');
-d.setAttribute('id', 'beep');
-d.innerHTML = '<b>wooo</b><i>iiiii</i>';
-
-console.log(inspect([d, { a: 3, b: 4, c: [5, 6, [7, [8, [9]]]] }]));
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/index.js b/src/Servers/ExpressServer/node_modules/object-inspect/index.js
deleted file mode 100644
index a4b2d4c..0000000
--- a/src/Servers/ExpressServer/node_modules/object-inspect/index.js
+++ /dev/null
@@ -1,544 +0,0 @@
-var hasMap = typeof Map === 'function' && Map.prototype;
-var mapSizeDescriptor = Object.getOwnPropertyDescriptor && hasMap ? Object.getOwnPropertyDescriptor(Map.prototype, 'size') : null;
-var mapSize = hasMap && mapSizeDescriptor && typeof mapSizeDescriptor.get === 'function' ? mapSizeDescriptor.get : null;
-var mapForEach = hasMap && Map.prototype.forEach;
-var hasSet = typeof Set === 'function' && Set.prototype;
-var setSizeDescriptor = Object.getOwnPropertyDescriptor && hasSet ? Object.getOwnPropertyDescriptor(Set.prototype, 'size') : null;
-var setSize = hasSet && setSizeDescriptor && typeof setSizeDescriptor.get === 'function' ? setSizeDescriptor.get : null;
-var setForEach = hasSet && Set.prototype.forEach;
-var hasWeakMap = typeof WeakMap === 'function' && WeakMap.prototype;
-var weakMapHas = hasWeakMap ? WeakMap.prototype.has : null;
-var hasWeakSet = typeof WeakSet === 'function' && WeakSet.prototype;
-var weakSetHas = hasWeakSet ? WeakSet.prototype.has : null;
-var hasWeakRef = typeof WeakRef === 'function' && WeakRef.prototype;
-var weakRefDeref = hasWeakRef ? WeakRef.prototype.deref : null;
-var booleanValueOf = Boolean.prototype.valueOf;
-var objectToString = Object.prototype.toString;
-var functionToString = Function.prototype.toString;
-var $match = String.prototype.match;
-var $slice = String.prototype.slice;
-var $replace = String.prototype.replace;
-var $toUpperCase = String.prototype.toUpperCase;
-var $toLowerCase = String.prototype.toLowerCase;
-var $test = RegExp.prototype.test;
-var $concat = Array.prototype.concat;
-var $join = Array.prototype.join;
-var $arrSlice = Array.prototype.slice;
-var $floor = Math.floor;
-var bigIntValueOf = typeof BigInt === 'function' ? BigInt.prototype.valueOf : null;
-var gOPS = Object.getOwnPropertySymbols;
-var symToString = typeof Symbol === 'function' && typeof Symbol.iterator === 'symbol' ? Symbol.prototype.toString : null;
-var hasShammedSymbols = typeof Symbol === 'function' && typeof Symbol.iterator === 'object';
-// ie, `has-tostringtag/shams
-var toStringTag = typeof Symbol === 'function' && Symbol.toStringTag && (typeof Symbol.toStringTag === hasShammedSymbols ? 'object' : 'symbol')
-    ? Symbol.toStringTag
-    : null;
-var isEnumerable = Object.prototype.propertyIsEnumerable;
-
-var gPO = (typeof Reflect === 'function' ? Reflect.getPrototypeOf : Object.getPrototypeOf) || (
-    [].__proto__ === Array.prototype // eslint-disable-line no-proto
-        ? function (O) {
-            return O.__proto__; // eslint-disable-line no-proto
-        }
-        : null
-);
-
-function addNumericSeparator(num, str) {
-    if (
-        num === Infinity
-        || num === -Infinity
-        || num !== num
-        || (num && num > -1000 && num < 1000)
-        || $test.call(/e/, str)
-    ) {
-        return str;
-    }
-    var sepRegex = /[0-9](?=(?:[0-9]{3})+(?![0-9]))/g;
-    if (typeof num === 'number') {
-        var int = num < 0 ? -$floor(-num) : $floor(num); // trunc(num)
-        if (int !== num) {
-            var intStr = String(int);
-            var dec = $slice.call(str, intStr.length + 1);
-            return $replace.call(intStr, sepRegex, '$&_') + '.' + $replace.call($replace.call(dec, /([0-9]{3})/g, '$&_'), /_$/, '');
-        }
-    }
-    return $replace.call(str, sepRegex, '$&_');
-}
-
-var utilInspect = require('./util.inspect');
-var inspectCustom = utilInspect.custom;
-var inspectSymbol = isSymbol(inspectCustom) ? inspectCustom : null;
-
-var quotes = {
-    __proto__: null,
-    'double': '"',
-    single: "'"
-};
-var quoteREs = {
-    __proto__: null,
-    'double': /(["\\])/g,
-    single: /(['\\])/g
-};
-
-module.exports = function inspect_(obj, options, depth, seen) {
-    var opts = options || {};
-
-    if (has(opts, 'quoteStyle') && !has(quotes, opts.quoteStyle)) {
-        throw new TypeError('option "quoteStyle" must be "single" or "double"');
-    }
-    if (
-        has(opts, 'maxStringLength') && (typeof opts.maxStringLength === 'number'
-            ? opts.maxStringLength < 0 && opts.maxStringLength !== Infinity
-            : opts.maxStringLength !== null
-        )
-    ) {
-        throw new TypeError('option "maxStringLength", if provided, must be a positive integer, Infinity, or `null`');
-    }
-    var customInspect = has(opts, 'customInspect') ? opts.customInspect : true;
-    if (typeof customInspect !== 'boolean' && customInspect !== 'symbol') {
-        throw new TypeError('option "customInspect", if provided, must be `true`, `false`, or `\'symbol\'`');
-    }
-
-    if (
-        has(opts, 'indent')
-        && opts.indent !== null
-        && opts.indent !== '\t'
-        && !(parseInt(opts.indent, 10) === opts.indent && opts.indent > 0)
-    ) {
-        throw new TypeError('option "indent" must be "\\t", an integer > 0, or `null`');
-    }
-    if (has(opts, 'numericSeparator') && typeof opts.numericSeparator !== 'boolean') {
-        throw new TypeError('option "numericSeparator", if provided, must be `true` or `false`');
-    }
-    var numericSeparator = opts.numericSeparator;
-
-    if (typeof obj === 'undefined') {
-        return 'undefined';
-    }
-    if (obj === null) {
-        return 'null';
-    }
-    if (typeof obj === 'boolean') {
-        return obj ? 'true' : 'false';
-    }
-
-    if (typeof obj === 'string') {
-        return inspectString(obj, opts);
-    }
-    if (typeof obj === 'number') {
-        if (obj === 0) {
-            return Infinity / obj > 0 ? '0' : '-0';
-        }
-        var str = String(obj);
-        return numericSeparator ? addNumericSeparator(obj, str) : str;
-    }
-    if (typeof obj === 'bigint') {
-        var bigIntStr = String(obj) + 'n';
-        return numericSeparator ? addNumericSeparator(obj, bigIntStr) : bigIntStr;
-    }
-
-    var maxDepth = typeof opts.depth === 'undefined' ? 5 : opts.depth;
-    if (typeof depth === 'undefined') { depth = 0; }
-    if (depth >= maxDepth && maxDepth > 0 && typeof obj === 'object') {
-        return isArray(obj) ? '[Array]' : '[Object]';
-    }
-
-    var indent = getIndent(opts, depth);
-
-    if (typeof seen === 'undefined') {
-        seen = [];
-    } else if (indexOf(seen, obj) >= 0) {
-        return '[Circular]';
-    }
-
-    function inspect(value, from, noIndent) {
-        if (from) {
-            seen = $arrSlice.call(seen);
-            seen.push(from);
-        }
-        if (noIndent) {
-            var newOpts = {
-                depth: opts.depth
-            };
-            if (has(opts, 'quoteStyle')) {
-                newOpts.quoteStyle = opts.quoteStyle;
-            }
-            return inspect_(value, newOpts, depth + 1, seen);
-        }
-        return inspect_(value, opts, depth + 1, seen);
-    }
-
-    if (typeof obj === 'function' && !isRegExp(obj)) { // in older engines, regexes are callable
-        var name = nameOf(obj);
-        var keys = arrObjKeys(obj, inspect);
-        return '[Function' + (name ? ': ' + name : ' (anonymous)') + ']' + (keys.length > 0 ? ' { ' + $join.call(keys, ', ') + ' }' : '');
-    }
-    if (isSymbol(obj)) {
-        var symString = hasShammedSymbols ? $replace.call(String(obj), /^(Symbol\(.*\))_[^)]*$/, '$1') : symToString.call(obj);
-        return typeof obj === 'object' && !hasShammedSymbols ? markBoxed(symString) : symString;
-    }
-    if (isElement(obj)) {
-        var s = '<' + $toLowerCase.call(String(obj.nodeName));
-        var attrs = obj.attributes || [];
-        for (var i = 0; i < attrs.length; i++) {
-            s += ' ' + attrs[i].name + '=' + wrapQuotes(quote(attrs[i].value), 'double', opts);
-        }
-        s += '>';
-        if (obj.childNodes && obj.childNodes.length) { s += '...'; }
-        s += '</' + $toLowerCase.call(String(obj.nodeName)) + '>';
-        return s;
-    }
-    if (isArray(obj)) {
-        if (obj.length === 0) { return '[]'; }
-        var xs = arrObjKeys(obj, inspect);
-        if (indent && !singleLineValues(xs)) {
-            return '[' + indentedJoin(xs, indent) + ']';
-        }
-        return '[ ' + $join.call(xs, ', ') + ' ]';
-    }
-    if (isError(obj)) {
-        var parts = arrObjKeys(obj, inspect);
-        if (!('cause' in Error.prototype) && 'cause' in obj && !isEnumerable.call(obj, 'cause')) {
-            return '{ [' + String(obj) + '] ' + $join.call($concat.call('[cause]: ' + inspect(obj.cause), parts), ', ') + ' }';
-        }
-        if (parts.length === 0) { return '[' + String(obj) + ']'; }
-        return '{ [' + String(obj) + '] ' + $join.call(parts, ', ') + ' }';
-    }
-    if (typeof obj === 'object' && customInspect) {
-        if (inspectSymbol && typeof obj[inspectSymbol] === 'function' && utilInspect) {
-            return utilInspect(obj, { depth: maxDepth - depth });
-        } else if (customInspect !== 'symbol' && typeof obj.inspect === 'function') {
-            return obj.inspect();
-        }
-    }
-    if (isMap(obj)) {
-        var mapParts = [];
-        if (mapForEach) {
-            mapForEach.call(obj, function (value, key) {
-                mapParts.push(inspect(key, obj, true) + ' => ' + inspect(value, obj));
-            });
-        }
-        return collectionOf('Map', mapSize.call(obj), mapParts, indent);
-    }
-    if (isSet(obj)) {
-        var setParts = [];
-        if (setForEach) {
-            setForEach.call(obj, function (value) {
-                setParts.push(inspect(value, obj));
-            });
-        }
-        return collectionOf('Set', setSize.call(obj), setParts, indent);
-    }
-    if (isWeakMap(obj)) {
-        return weakCollectionOf('WeakMap');
-    }
-    if (isWeakSet(obj)) {
-        return weakCollectionOf('WeakSet');
-    }
-    if (isWeakRef(obj)) {
-        return weakCollectionOf('WeakRef');
-    }
-    if (isNumber(obj)) {
-        return markBoxed(inspect(Number(obj)));
-    }
-    if (isBigInt(obj)) {
-        return markBoxed(inspect(bigIntValueOf.call(obj)));
-    }
-    if (isBoolean(obj)) {
-        return markBoxed(booleanValueOf.call(obj));
-    }
-    if (isString(obj)) {
-        return markBoxed(inspect(String(obj)));
-    }
-    // note: in IE 8, sometimes `global !== window` but both are the prototypes of each other
-    /* eslint-env browser */
-    if (typeof window !== 'undefined' && obj === window) {
-        return '{ [object Window] }';
-    }
-    if (
-        (typeof globalThis !== 'undefined' && obj === globalThis)
-        || (typeof global !== 'undefined' && obj === global)
-    ) {
-        return '{ [object globalThis] }';
-    }
-    if (!isDate(obj) && !isRegExp(obj)) {
-        var ys = arrObjKeys(obj, inspect);
-        var isPlainObject = gPO ? gPO(obj) === Object.prototype : obj instanceof Object || obj.constructor === Object;
-        var protoTag = obj instanceof Object ? '' : 'null prototype';
-        var stringTag = !isPlainObject && toStringTag && Object(obj) === obj && toStringTag in obj ? $slice.call(toStr(obj), 8, -1) : protoTag ? 'Object' : '';
-        var constructorTag = isPlainObject || typeof obj.constructor !== 'function' ? '' : obj.constructor.name ? obj.constructor.name + ' ' : '';
-        var tag = constructorTag + (stringTag || protoTag ? '[' + $join.call($concat.call([], stringTag || [], protoTag || []), ': ') + '] ' : '');
-        if (ys.length === 0) { return tag + '{}'; }
-        if (indent) {
-            return tag + '{' + indentedJoin(ys, indent) + '}';
-        }
-        return tag + '{ ' + $join.call(ys, ', ') + ' }';
-    }
-    return String(obj);
-};
-
-function wrapQuotes(s, defaultStyle, opts) {
-    var style = opts.quoteStyle || defaultStyle;
-    var quoteChar = quotes[style];
-    return quoteChar + s + quoteChar;
-}
-
-function quote(s) {
-    return $replace.call(String(s), /"/g, '&quot;');
-}
-
-function canTrustToString(obj) {
-    return !toStringTag || !(typeof obj === 'object' && (toStringTag in obj || typeof obj[toStringTag] !== 'undefined'));
-}
-function isArray(obj) { return toStr(obj) === '[object Array]' && canTrustToString(obj); }
-function isDate(obj) { return toStr(obj) === '[object Date]' && canTrustToString(obj); }
-function isRegExp(obj) { return toStr(obj) === '[object RegExp]' && canTrustToString(obj); }
-function isError(obj) { return toStr(obj) === '[object Error]' && canTrustToString(obj); }
-function isString(obj) { return toStr(obj) === '[object String]' && canTrustToString(obj); }
-function isNumber(obj) { return toStr(obj) === '[object Number]' && canTrustToString(obj); }
-function isBoolean(obj) { return toStr(obj) === '[object Boolean]' && canTrustToString(obj); }
-
-// Symbol and BigInt do have Symbol.toStringTag by spec, so that can't be used to eliminate false positives
-function isSymbol(obj) {
-    if (hasShammedSymbols) {
-        return obj && typeof obj === 'object' && obj instanceof Symbol;
-    }
-    if (typeof obj === 'symbol') {
-        return true;
-    }
-    if (!obj || typeof obj !== 'object' || !symToString) {
-        return false;
-    }
-    try {
-        symToString.call(obj);
-        return true;
-    } catch (e) {}
-    return false;
-}
-
-function isBigInt(obj) {
-    if (!obj || typeof obj !== 'object' || !bigIntValueOf) {
-        return false;
-    }
-    try {
-        bigIntValueOf.call(obj);
-        return true;
-    } catch (e) {}
-    return false;
-}
-
-var hasOwn = Object.prototype.hasOwnProperty || function (key) { return key in this; };
-function has(obj, key) {
-    return hasOwn.call(obj, key);
-}
-
-function toStr(obj) {
-    return objectToString.call(obj);
-}
-
-function nameOf(f) {
-    if (f.name) { return f.name; }
-    var m = $match.call(functionToString.call(f), /^function\s*([\w$]+)/);
-    if (m) { return m[1]; }
-    return null;
-}
-
-function indexOf(xs, x) {
-    if (xs.indexOf) { return xs.indexOf(x); }
-    for (var i = 0, l = xs.length; i < l; i++) {
-        if (xs[i] === x) { return i; }
-    }
-    return -1;
-}
-
-function isMap(x) {
-    if (!mapSize || !x || typeof x !== 'object') {
-        return false;
-    }
-    try {
-        mapSize.call(x);
-        try {
-            setSize.call(x);
-        } catch (s) {
-            return true;
-        }
-        return x instanceof Map; // core-js workaround, pre-v2.5.0
-    } catch (e) {}
-    return false;
-}
-
-function isWeakMap(x) {
-    if (!weakMapHas || !x || typeof x !== 'object') {
-        return false;
-    }
-    try {
-        weakMapHas.call(x, weakMapHas);
-        try {
-            weakSetHas.call(x, weakSetHas);
-        } catch (s) {
-            return true;
-        }
-        return x instanceof WeakMap; // core-js workaround, pre-v2.5.0
-    } catch (e) {}
-    return false;
-}
-
-function isWeakRef(x) {
-    if (!weakRefDeref || !x || typeof x !== 'object') {
-        return false;
-    }
-    try {
-        weakRefDeref.call(x);
-        return true;
-    } catch (e) {}
-    return false;
-}
-
-function isSet(x) {
-    if (!setSize || !x || typeof x !== 'object') {
-        return false;
-    }
-    try {
-        setSize.call(x);
-        try {
-            mapSize.call(x);
-        } catch (m) {
-            return true;
-        }
-        return x instanceof Set; // core-js workaround, pre-v2.5.0
-    } catch (e) {}
-    return false;
-}
-
-function isWeakSet(x) {
-    if (!weakSetHas || !x || typeof x !== 'object') {
-        return false;
-    }
-    try {
-        weakSetHas.call(x, weakSetHas);
-        try {
-            weakMapHas.call(x, weakMapHas);
-        } catch (s) {
-            return true;
-        }
-        return x instanceof WeakSet; // core-js workaround, pre-v2.5.0
-    } catch (e) {}
-    return false;
-}
-
-function isElement(x) {
-    if (!x || typeof x !== 'object') { return false; }
-    if (typeof HTMLElement !== 'undefined' && x instanceof HTMLElement) {
-        return true;
-    }
-    return typeof x.nodeName === 'string' && typeof x.getAttribute === 'function';
-}
-
-function inspectString(str, opts) {
-    if (str.length > opts.maxStringLength) {
-        var remaining = str.length - opts.maxStringLength;
-        var trailer = '... ' + remaining + ' more character' + (remaining > 1 ? 's' : '');
-        return inspectString($slice.call(str, 0, opts.maxStringLength), opts) + trailer;
-    }
-    var quoteRE = quoteREs[opts.quoteStyle || 'single'];
-    quoteRE.lastIndex = 0;
-    // eslint-disable-next-line no-control-regex
-    var s = $replace.call($replace.call(str, quoteRE, '\\$1'), /[\x00-\x1f]/g, lowbyte);
-    return wrapQuotes(s, 'single', opts);
-}
-
-function lowbyte(c) {
-    var n = c.charCodeAt(0);
-    var x = {
-        8: 'b',
-        9: 't',
-        10: 'n',
-        12: 'f',
-        13: 'r'
-    }[n];
-    if (x) { return '\\' + x; }
-    return '\\x' + (n < 0x10 ? '0' : '') + $toUpperCase.call(n.toString(16));
-}
-
-function markBoxed(str) {
-    return 'Object(' + str + ')';
-}
-
-function weakCollectionOf(type) {
-    return type + ' { ? }';
-}
-
-function collectionOf(type, size, entries, indent) {
-    var joinedEntries = indent ? indentedJoin(entries, indent) : $join.call(entries, ', ');
-    return type + ' (' + size + ') {' + joinedEntries + '}';
-}
-
-function singleLineValues(xs) {
-    for (var i = 0; i < xs.length; i++) {
-        if (indexOf(xs[i], '\n') >= 0) {
-            return false;
-        }
-    }
-    return true;
-}
-
-function getIndent(opts, depth) {
-    var baseIndent;
-    if (opts.indent === '\t') {
-        baseIndent = '\t';
-    } else if (typeof opts.indent === 'number' && opts.indent > 0) {
-        baseIndent = $join.call(Array(opts.indent + 1), ' ');
-    } else {
-        return null;
-    }
-    return {
-        base: baseIndent,
-        prev: $join.call(Array(depth + 1), baseIndent)
-    };
-}
-
-function indentedJoin(xs, indent) {
-    if (xs.length === 0) { return ''; }
-    var lineJoiner = '\n' + indent.prev + indent.base;
-    return lineJoiner + $join.call(xs, ',' + lineJoiner) + '\n' + indent.prev;
-}
-
-function arrObjKeys(obj, inspect) {
-    var isArr = isArray(obj);
-    var xs = [];
-    if (isArr) {
-        xs.length = obj.length;
-        for (var i = 0; i < obj.length; i++) {
-            xs[i] = has(obj, i) ? inspect(obj[i], obj) : '';
-        }
-    }
-    var syms = typeof gOPS === 'function' ? gOPS(obj) : [];
-    var symMap;
-    if (hasShammedSymbols) {
-        symMap = {};
-        for (var k = 0; k < syms.length; k++) {
-            symMap['$' + syms[k]] = syms[k];
-        }
-    }
-
-    for (var key in obj) { // eslint-disable-line no-restricted-syntax
-        if (!has(obj, key)) { continue; } // eslint-disable-line no-restricted-syntax, no-continue
-        if (isArr && String(Number(key)) === key && key < obj.length) { continue; } // eslint-disable-line no-restricted-syntax, no-continue
-        if (hasShammedSymbols && symMap['$' + key] instanceof Symbol) {
-            // this is to prevent shammed Symbols, which are stored as strings, from being included in the string key section
-            continue; // eslint-disable-line no-restricted-syntax, no-continue
-        } else if ($test.call(/[^\w$]/, key)) {
-            xs.push(inspect(key, obj) + ': ' + inspect(obj[key], obj));
-        } else {
-            xs.push(key + ': ' + inspect(obj[key], obj));
-        }
-    }
-    if (typeof gOPS === 'function') {
-        for (var j = 0; j < syms.length; j++) {
-            if (isEnumerable.call(obj, syms[j])) {
-                xs.push('[' + inspect(syms[j]) + ']: ' + inspect(obj[syms[j]], obj));
-            }
-        }
-    }
-    return xs;
-}
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/package-support.json b/src/Servers/ExpressServer/node_modules/object-inspect/package-support.json
deleted file mode 100644
index 5cc12d0..0000000
--- a/src/Servers/ExpressServer/node_modules/object-inspect/package-support.json
+++ /dev/null
@@ -1,20 +0,0 @@
-{
-  "versions": [
-    {
-      "version": "*",
-      "target": {
-        "node": "all"
-      },
-      "response": {
-        "type": "time-permitting"
-      },
-      "backing": {
-        "npm-funding": true,
-        "donations": [
-          "https://github.com/ljharb",
-          "https://tidelift.com/funding/github/npm/object-inspect"
-        ]
-      }
-    }
-  ]
-}
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/package.json b/src/Servers/ExpressServer/node_modules/object-inspect/package.json
deleted file mode 100644
index 9fd97ff..0000000
--- a/src/Servers/ExpressServer/node_modules/object-inspect/package.json
+++ /dev/null
@@ -1,105 +0,0 @@
-{
-  "name": "object-inspect",
-  "version": "1.13.4",
-  "description": "string representations of objects in node and the browser",
-  "main": "index.js",
-  "sideEffects": false,
-  "devDependencies": {
-    "@ljharb/eslint-config": "^21.1.1",
-    "@pkgjs/support": "^0.0.6",
-    "auto-changelog": "^2.5.0",
-    "core-js": "^2.6.12",
-    "error-cause": "^1.0.8",
-    "es-value-fixtures": "^1.7.1",
-    "eslint": "=8.8.0",
-    "for-each": "^0.3.4",
-    "functions-have-names": "^1.2.3",
-    "glob": "=10.3.7",
-    "globalthis": "^1.0.4",
-    "has-symbols": "^1.1.0",
-    "has-tostringtag": "^1.0.2",
-    "in-publish": "^2.0.1",
-    "jackspeak": "=2.1.1",
-    "make-arrow-function": "^1.2.0",
-    "mock-property": "^1.1.0",
-    "npmignore": "^0.3.1",
-    "nyc": "^10.3.2",
-    "safe-publish-latest": "^2.0.0",
-    "safer-buffer": "^2.1.2",
-    "semver": "^6.3.1",
-    "string.prototype.repeat": "^1.0.0",
-    "tape": "^5.9.0"
-  },
-  "scripts": {
-    "prepack": "npmignore --auto --commentLines=autogenerated",
-    "prepublish": "not-in-publish || npm run prepublishOnly",
-    "prepublishOnly": "safe-publish-latest",
-    "pretest": "npm run lint",
-    "lint": "eslint --ext=js,mjs .",
-    "postlint": "npx @pkgjs/support validate",
-    "test": "npm run tests-only && npm run test:corejs",
-    "tests-only": "nyc tape 'test/*.js'",
-    "test:corejs": "nyc tape test-core-js.js 'test/*.js'",
-    "posttest": "npx npm@'>=10.2' audit --production",
-    "version": "auto-changelog && git add CHANGELOG.md",
-    "postversion": "auto-changelog && git add CHANGELOG.md && git commit --no-edit --amend && git tag -f \"v$(node -e \"console.log(require('./package.json').version)\")\""
-  },
-  "testling": {
-    "files": [
-      "test/*.js",
-      "test/browser/*.js"
-    ],
-    "browsers": [
-      "ie/6..latest",
-      "chrome/latest",
-      "firefox/latest",
-      "safari/latest",
-      "opera/latest",
-      "iphone/latest",
-      "ipad/latest",
-      "android/latest"
-    ]
-  },
-  "repository": {
-    "type": "git",
-    "url": "git://github.com/inspect-js/object-inspect.git"
-  },
-  "homepage": "https://github.com/inspect-js/object-inspect",
-  "keywords": [
-    "inspect",
-    "util.inspect",
-    "object",
-    "stringify",
-    "pretty"
-  ],
-  "author": {
-    "name": "James Halliday",
-    "email": "mail@substack.net",
-    "url": "http://substack.net"
-  },
-  "funding": {
-    "url": "https://github.com/sponsors/ljharb"
-  },
-  "license": "MIT",
-  "browser": {
-    "./util.inspect.js": false
-  },
-  "auto-changelog": {
-    "output": "CHANGELOG.md",
-    "template": "keepachangelog",
-    "unreleased": false,
-    "commitLimit": false,
-    "backfillLimit": false,
-    "hideCredit": true
-  },
-  "publishConfig": {
-    "ignore": [
-      ".github/workflows",
-      "./test-core-js.js"
-    ]
-  },
-  "support": true,
-  "engines": {
-    "node": ">= 0.4"
-  }
-}
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/readme.markdown b/src/Servers/ExpressServer/node_modules/object-inspect/readme.markdown
deleted file mode 100644
index f91617d..0000000
--- a/src/Servers/ExpressServer/node_modules/object-inspect/readme.markdown
+++ /dev/null
@@ -1,84 +0,0 @@
-# object-inspect <sup>[![Version Badge][npm-version-svg]][package-url]</sup>
-
-string representations of objects in node and the browser
-
-[![github actions][actions-image]][actions-url]
-[![coverage][codecov-image]][codecov-url]
-[![License][license-image]][license-url]
-[![Downloads][downloads-image]][downloads-url]
-
-[![npm badge][npm-badge-png]][package-url]
-
-# example
-
-## circular
-
-``` js
-var inspect = require('object-inspect');
-var obj = { a: 1, b: [3,4] };
-obj.c = obj;
-console.log(inspect(obj));
-```
-
-## dom element
-
-``` js
-var inspect = require('object-inspect');
-
-var d = document.createElement('div');
-d.setAttribute('id', 'beep');
-d.innerHTML = '<b>wooo</b><i>iiiii</i>';
-
-console.log(inspect([ d, { a: 3, b : 4, c: [5,6,[7,[8,[9]]]] } ]));
-```
-
-output:
-
-```
-[ <div id="beep">...</div>, { a: 3, b: 4, c: [ 5, 6, [ 7, [ 8, [ ... ] ] ] ] } ]
-```
-
-# methods
-
-``` js
-var inspect = require('object-inspect')
-```
-
-## var s = inspect(obj, opts={})
-
-Return a string `s` with the string representation of `obj` up to a depth of `opts.depth`.
-
-Additional options:
-  - `quoteStyle`: must be "single" or "double", if present. Default `'single'` for strings, `'double'` for HTML elements.
-  - `maxStringLength`: must be `0`, a positive integer, `Infinity`, or `null`, if present. Default `Infinity`.
-  - `customInspect`: When `true`, a custom inspect method function will be invoked (either undere the `util.inspect.custom` symbol, or the `inspect` property). When the string `'symbol'`, only the symbol method will be invoked. Default `true`.
-  - `indent`: must be "\t", `null`, or a positive integer. Default `null`.
-  - `numericSeparator`: must be a boolean, if present. Default `false`. If `true`, all numbers will be printed with numeric separators (eg, `1234.5678` will be printed as `'1_234.567_8'`)
-
-# install
-
-With [npm](https://npmjs.org) do:
-
-```
-npm install object-inspect
-```
-
-# license
-
-MIT
-
-[package-url]: https://npmjs.org/package/object-inspect
-[npm-version-svg]: https://versionbadg.es/inspect-js/object-inspect.svg
-[deps-svg]: https://david-dm.org/inspect-js/object-inspect.svg
-[deps-url]: https://david-dm.org/inspect-js/object-inspect
-[dev-deps-svg]: https://david-dm.org/inspect-js/object-inspect/dev-status.svg
-[dev-deps-url]: https://david-dm.org/inspect-js/object-inspect#info=devDependencies
-[npm-badge-png]: https://nodei.co/npm/object-inspect.png?downloads=true&stars=true
-[license-image]: https://img.shields.io/npm/l/object-inspect.svg
-[license-url]: LICENSE
-[downloads-image]: https://img.shields.io/npm/dm/object-inspect.svg
-[downloads-url]: https://npm-stat.com/charts.html?package=object-inspect
-[codecov-image]: https://codecov.io/gh/inspect-js/object-inspect/branch/main/graphs/badge.svg
-[codecov-url]: https://app.codecov.io/gh/inspect-js/object-inspect/
-[actions-image]: https://img.shields.io/endpoint?url=https://github-actions-badge-u3jn4tfpocch.runkit.sh/inspect-js/object-inspect
-[actions-url]: https://github.com/inspect-js/object-inspect/actions
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/test-core-js.js b/src/Servers/ExpressServer/node_modules/object-inspect/test-core-js.js
deleted file mode 100644
index e53c400..0000000
--- a/src/Servers/ExpressServer/node_modules/object-inspect/test-core-js.js
+++ /dev/null
@@ -1,26 +0,0 @@
-'use strict';
-
-require('core-js');
-
-var inspect = require('./');
-var test = require('tape');
-
-test('Maps', function (t) {
-    t.equal(inspect(new Map([[1, 2]])), 'Map (1) {1 => 2}');
-    t.end();
-});
-
-test('WeakMaps', function (t) {
-    t.equal(inspect(new WeakMap([[{}, 2]])), 'WeakMap { ? }');
-    t.end();
-});
-
-test('Sets', function (t) {
-    t.equal(inspect(new Set([[1, 2]])), 'Set (1) {[ 1, 2 ]}');
-    t.end();
-});
-
-test('WeakSets', function (t) {
-    t.equal(inspect(new WeakSet([[1, 2]])), 'WeakSet { ? }');
-    t.end();
-});
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/test/bigint.js b/src/Servers/ExpressServer/node_modules/object-inspect/test/bigint.js
deleted file mode 100644
index 4ecc31d..0000000
--- a/src/Servers/ExpressServer/node_modules/object-inspect/test/bigint.js
+++ /dev/null
@@ -1,58 +0,0 @@
-'use strict';
-
-var inspect = require('../');
-var test = require('tape');
-var hasToStringTag = require('has-tostringtag/shams')();
-
-test('bigint', { skip: typeof BigInt === 'undefined' }, function (t) {
-    t.test('primitives', function (st) {
-        st.plan(3);
-
-        st.equal(inspect(BigInt(-256)), '-256n');
-        st.equal(inspect(BigInt(0)), '0n');
-        st.equal(inspect(BigInt(256)), '256n');
-    });
-
-    t.test('objects', function (st) {
-        st.plan(3);
-
-        st.equal(inspect(Object(BigInt(-256))), 'Object(-256n)');
-        st.equal(inspect(Object(BigInt(0))), 'Object(0n)');
-        st.equal(inspect(Object(BigInt(256))), 'Object(256n)');
-    });
-
-    t.test('syntactic primitives', function (st) {
-        st.plan(3);
-
-        /* eslint-disable no-new-func */
-        st.equal(inspect(Function('return -256n')()), '-256n');
-        st.equal(inspect(Function('return 0n')()), '0n');
-        st.equal(inspect(Function('return 256n')()), '256n');
-    });
-
-    t.test('toStringTag', { skip: !hasToStringTag }, function (st) {
-        st.plan(1);
-
-        var faker = {};
-        faker[Symbol.toStringTag] = 'BigInt';
-        st.equal(
-            inspect(faker),
-            '{ [Symbol(Symbol.toStringTag)]: \'BigInt\' }',
-            'object lying about being a BigInt inspects as an object'
-        );
-    });
-
-    t.test('numericSeparator', function (st) {
-        st.equal(inspect(BigInt(0), { numericSeparator: false }), '0n', '0n, numericSeparator false');
-        st.equal(inspect(BigInt(0), { numericSeparator: true }), '0n', '0n, numericSeparator true');
-
-        st.equal(inspect(BigInt(1234), { numericSeparator: false }), '1234n', '1234n, numericSeparator false');
-        st.equal(inspect(BigInt(1234), { numericSeparator: true }), '1_234n', '1234n, numericSeparator true');
-        st.equal(inspect(BigInt(-1234), { numericSeparator: false }), '-1234n', '1234n, numericSeparator false');
-        st.equal(inspect(BigInt(-1234), { numericSeparator: true }), '-1_234n', '1234n, numericSeparator true');
-
-        st.end();
-    });
-
-    t.end();
-});
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/test/browser/dom.js b/src/Servers/ExpressServer/node_modules/object-inspect/test/browser/dom.js
deleted file mode 100644
index 210c0b2..0000000
--- a/src/Servers/ExpressServer/node_modules/object-inspect/test/browser/dom.js
+++ /dev/null
@@ -1,15 +0,0 @@
-var inspect = require('../../');
-var test = require('tape');
-
-test('dom element', function (t) {
-    t.plan(1);
-
-    var d = document.createElement('div');
-    d.setAttribute('id', 'beep');
-    d.innerHTML = '<b>wooo</b><i>iiiii</i>';
-
-    t.equal(
-        inspect([d, { a: 3, b: 4, c: [5, 6, [7, [8, [9]]]] }]),
-        '[ <div id="beep">...</div>, { a: 3, b: 4, c: [ 5, 6, [ 7, [ 8, [Object] ] ] ] } ]'
-    );
-});
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/test/circular.js b/src/Servers/ExpressServer/node_modules/object-inspect/test/circular.js
deleted file mode 100644
index 5df4233..0000000
--- a/src/Servers/ExpressServer/node_modules/object-inspect/test/circular.js
+++ /dev/null
@@ -1,16 +0,0 @@
-var inspect = require('../');
-var test = require('tape');
-
-test('circular', function (t) {
-    t.plan(2);
-    var obj = { a: 1, b: [3, 4] };
-    obj.c = obj;
-    t.equal(inspect(obj), '{ a: 1, b: [ 3, 4 ], c: [Circular] }');
-
-    var double = {};
-    double.a = [double];
-    double.b = {};
-    double.b.inner = double.b;
-    double.b.obj = double;
-    t.equal(inspect(double), '{ a: [ [Circular] ], b: { inner: [Circular], obj: [Circular] } }');
-});
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/test/deep.js b/src/Servers/ExpressServer/node_modules/object-inspect/test/deep.js
deleted file mode 100644
index 99ce32a..0000000
--- a/src/Servers/ExpressServer/node_modules/object-inspect/test/deep.js
+++ /dev/null
@@ -1,12 +0,0 @@
-var inspect = require('../');
-var test = require('tape');
-
-test('deep', function (t) {
-    t.plan(4);
-    var obj = [[[[[[500]]]]]];
-    t.equal(inspect(obj), '[ [ [ [ [ [Array] ] ] ] ] ]');
-    t.equal(inspect(obj, { depth: 4 }), '[ [ [ [ [Array] ] ] ] ]');
-    t.equal(inspect(obj, { depth: 2 }), '[ [ [Array] ] ]');
-
-    t.equal(inspect([[[{ a: 1 }]]], { depth: 3 }), '[ [ [ [Object] ] ] ]');
-});
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/test/element.js b/src/Servers/ExpressServer/node_modules/object-inspect/test/element.js
deleted file mode 100644
index 47fa9e2..0000000
--- a/src/Servers/ExpressServer/node_modules/object-inspect/test/element.js
+++ /dev/null
@@ -1,53 +0,0 @@
-var inspect = require('../');
-var test = require('tape');
-
-test('element', function (t) {
-    t.plan(3);
-    var elem = {
-        nodeName: 'div',
-        attributes: [{ name: 'class', value: 'row' }],
-        getAttribute: function (key) { return key; },
-        childNodes: []
-    };
-    var obj = [1, elem, 3];
-    t.deepEqual(inspect(obj), '[ 1, <div class="row"></div>, 3 ]');
-    t.deepEqual(inspect(obj, { quoteStyle: 'single' }), "[ 1, <div class='row'></div>, 3 ]");
-    t.deepEqual(inspect(obj, { quoteStyle: 'double' }), '[ 1, <div class="row"></div>, 3 ]');
-});
-
-test('element no attr', function (t) {
-    t.plan(1);
-    var elem = {
-        nodeName: 'div',
-        getAttribute: function (key) { return key; },
-        childNodes: []
-    };
-    var obj = [1, elem, 3];
-    t.deepEqual(inspect(obj), '[ 1, <div></div>, 3 ]');
-});
-
-test('element with contents', function (t) {
-    t.plan(1);
-    var elem = {
-        nodeName: 'div',
-        getAttribute: function (key) { return key; },
-        childNodes: [{ nodeName: 'b' }]
-    };
-    var obj = [1, elem, 3];
-    t.deepEqual(inspect(obj), '[ 1, <div>...</div>, 3 ]');
-});
-
-test('element instance', function (t) {
-    t.plan(1);
-    var h = global.HTMLElement;
-    global.HTMLElement = function (name, attr) {
-        this.nodeName = name;
-        this.attributes = attr;
-    };
-    global.HTMLElement.prototype.getAttribute = function () {};
-
-    var elem = new global.HTMLElement('div', []);
-    var obj = [1, elem, 3];
-    t.deepEqual(inspect(obj), '[ 1, <div></div>, 3 ]');
-    global.HTMLElement = h;
-});
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/test/err.js b/src/Servers/ExpressServer/node_modules/object-inspect/test/err.js
deleted file mode 100644
index cc1d884..0000000
--- a/src/Servers/ExpressServer/node_modules/object-inspect/test/err.js
+++ /dev/null
@@ -1,48 +0,0 @@
-var test = require('tape');
-var ErrorWithCause = require('error-cause/Error');
-
-var inspect = require('../');
-
-test('type error', function (t) {
-    t.plan(1);
-    var aerr = new TypeError();
-    aerr.foo = 555;
-    aerr.bar = [1, 2, 3];
-
-    var berr = new TypeError('tuv');
-    berr.baz = 555;
-
-    var cerr = new SyntaxError();
-    cerr.message = 'whoa';
-    cerr['a-b'] = 5;
-
-    var withCause = new ErrorWithCause('foo', { cause: 'bar' });
-    var withCausePlus = new ErrorWithCause('foo', { cause: 'bar' });
-    withCausePlus.foo = 'bar';
-    var withUndefinedCause = new ErrorWithCause('foo', { cause: undefined });
-    var withEnumerableCause = new Error('foo');
-    withEnumerableCause.cause = 'bar';
-
-    var obj = [
-        new TypeError(),
-        new TypeError('xxx'),
-        aerr,
-        berr,
-        cerr,
-        withCause,
-        withCausePlus,
-        withUndefinedCause,
-        withEnumerableCause
-    ];
-    t.equal(inspect(obj), '[ ' + [
-        '[TypeError]',
-        '[TypeError: xxx]',
-        '{ [TypeError] foo: 555, bar: [ 1, 2, 3 ] }',
-        '{ [TypeError: tuv] baz: 555 }',
-        '{ [SyntaxError: whoa] message: \'whoa\', \'a-b\': 5 }',
-        'cause' in Error.prototype ? '[Error: foo]' : '{ [Error: foo] [cause]: \'bar\' }',
-        '{ [Error: foo] ' + ('cause' in Error.prototype ? '' : '[cause]: \'bar\', ') + 'foo: \'bar\' }',
-        'cause' in Error.prototype ? '[Error: foo]' : '{ [Error: foo] [cause]: undefined }',
-        '{ [Error: foo] cause: \'bar\' }'
-    ].join(', ') + ' ]');
-});
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/test/fakes.js b/src/Servers/ExpressServer/node_modules/object-inspect/test/fakes.js
deleted file mode 100644
index a65c08c..0000000
--- a/src/Servers/ExpressServer/node_modules/object-inspect/test/fakes.js
+++ /dev/null
@@ -1,29 +0,0 @@
-'use strict';
-
-var inspect = require('../');
-var test = require('tape');
-var hasToStringTag = require('has-tostringtag/shams')();
-var forEach = require('for-each');
-
-test('fakes', { skip: !hasToStringTag }, function (t) {
-    forEach([
-        'Array',
-        'Boolean',
-        'Date',
-        'Error',
-        'Number',
-        'RegExp',
-        'String'
-    ], function (expected) {
-        var faker = {};
-        faker[Symbol.toStringTag] = expected;
-
-        t.equal(
-            inspect(faker),
-            '{ [Symbol(Symbol.toStringTag)]: \'' + expected + '\' }',
-            'faker masquerading as ' + expected + ' is not shown as one'
-        );
-    });
-
-    t.end();
-});
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/test/fn.js b/src/Servers/ExpressServer/node_modules/object-inspect/test/fn.js
deleted file mode 100644
index de3ca62..0000000
--- a/src/Servers/ExpressServer/node_modules/object-inspect/test/fn.js
+++ /dev/null
@@ -1,76 +0,0 @@
-var inspect = require('../');
-var test = require('tape');
-var arrow = require('make-arrow-function')();
-var functionsHaveConfigurableNames = require('functions-have-names').functionsHaveConfigurableNames();
-
-test('function', function (t) {
-    t.plan(1);
-    var obj = [1, 2, function f(n) { return n; }, 4];
-    t.equal(inspect(obj), '[ 1, 2, [Function: f], 4 ]');
-});
-
-test('function name', function (t) {
-    t.plan(1);
-    var f = (function () {
-        return function () {};
-    }());
-    f.toString = function toStr() { return 'function xxx () {}'; };
-    var obj = [1, 2, f, 4];
-    t.equal(inspect(obj), '[ 1, 2, [Function (anonymous)] { toString: [Function: toStr] }, 4 ]');
-});
-
-test('anon function', function (t) {
-    var f = (function () {
-        return function () {};
-    }());
-    var obj = [1, 2, f, 4];
-    t.equal(inspect(obj), '[ 1, 2, [Function (anonymous)], 4 ]');
-
-    t.end();
-});
-
-test('arrow function', { skip: !arrow }, function (t) {
-    t.equal(inspect(arrow), '[Function (anonymous)]');
-
-    t.end();
-});
-
-test('truly nameless function', { skip: !arrow || !functionsHaveConfigurableNames }, function (t) {
-    function f() {}
-    Object.defineProperty(f, 'name', { value: false });
-    t.equal(f.name, false);
-    t.equal(
-        inspect(f),
-        '[Function: f]',
-        'named function with falsy `.name` does not hide its original name'
-    );
-
-    function g() {}
-    Object.defineProperty(g, 'name', { value: true });
-    t.equal(g.name, true);
-    t.equal(
-        inspect(g),
-        '[Function: true]',
-        'named function with truthy `.name` hides its original name'
-    );
-
-    var anon = function () {}; // eslint-disable-line func-style
-    Object.defineProperty(anon, 'name', { value: null });
-    t.equal(anon.name, null);
-    t.equal(
-        inspect(anon),
-        '[Function (anonymous)]',
-        'anon function with falsy `.name` does not hide its anonymity'
-    );
-
-    var anon2 = function () {}; // eslint-disable-line func-style
-    Object.defineProperty(anon2, 'name', { value: 1 });
-    t.equal(anon2.name, 1);
-    t.equal(
-        inspect(anon2),
-        '[Function: 1]',
-        'anon function with truthy `.name` hides its anonymity'
-    );
-
-    t.end();
-});
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/test/global.js b/src/Servers/ExpressServer/node_modules/object-inspect/test/global.js
deleted file mode 100644
index c57216a..0000000
--- a/src/Servers/ExpressServer/node_modules/object-inspect/test/global.js
+++ /dev/null
@@ -1,17 +0,0 @@
-'use strict';
-
-var inspect = require('../');
-
-var test = require('tape');
-var globalThis = require('globalthis')();
-
-test('global object', function (t) {
-    /* eslint-env browser */
-    var expected = typeof window === 'undefined' ? 'globalThis' : 'Window';
-    t.equal(
-        inspect([globalThis]),
-        '[ { [object ' + expected + '] } ]'
-    );
-
-    t.end();
-});
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/test/has.js b/src/Servers/ExpressServer/node_modules/object-inspect/test/has.js
deleted file mode 100644
index 01800de..0000000
--- a/src/Servers/ExpressServer/node_modules/object-inspect/test/has.js
+++ /dev/null
@@ -1,15 +0,0 @@
-'use strict';
-
-var inspect = require('../');
-var test = require('tape');
-var mockProperty = require('mock-property');
-
-test('when Object#hasOwnProperty is deleted', function (t) {
-    t.plan(1);
-    var arr = [1, , 3]; // eslint-disable-line no-sparse-arrays
-
-    t.teardown(mockProperty(Array.prototype, 1, { value: 2 })); // this is needed to account for "in" vs "hasOwnProperty"
-    t.teardown(mockProperty(Object.prototype, 'hasOwnProperty', { 'delete': true }));
-
-    t.equal(inspect(arr), '[ 1, , 3 ]');
-});
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/test/holes.js b/src/Servers/ExpressServer/node_modules/object-inspect/test/holes.js
deleted file mode 100644
index 87fc8c8..0000000
--- a/src/Servers/ExpressServer/node_modules/object-inspect/test/holes.js
+++ /dev/null
@@ -1,15 +0,0 @@
-var test = require('tape');
-var inspect = require('../');
-
-var xs = ['a', 'b'];
-xs[5] = 'f';
-xs[7] = 'j';
-xs[8] = 'k';
-
-test('holes', function (t) {
-    t.plan(1);
-    t.equal(
-        inspect(xs),
-        "[ 'a', 'b', , , , 'f', , 'j', 'k' ]"
-    );
-});
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/test/indent-option.js b/src/Servers/ExpressServer/node_modules/object-inspect/test/indent-option.js
deleted file mode 100644
index 89d8fce..0000000
--- a/src/Servers/ExpressServer/node_modules/object-inspect/test/indent-option.js
+++ /dev/null
@@ -1,271 +0,0 @@
-var test = require('tape');
-var forEach = require('for-each');
-
-var inspect = require('../');
-
-test('bad indent options', function (t) {
-    forEach([
-        undefined,
-        true,
-        false,
-        -1,
-        1.2,
-        Infinity,
-        -Infinity,
-        NaN
-    ], function (indent) {
-        t['throws'](
-            function () { inspect('', { indent: indent }); },
-            TypeError,
-            inspect(indent) + ' is invalid'
-        );
-    });
-
-    t.end();
-});
-
-test('simple object with indent', function (t) {
-    t.plan(2);
-
-    var obj = { a: 1, b: 2 };
-
-    var expectedSpaces = [
-        '{',
-        '  a: 1,',
-        '  b: 2',
-        '}'
-    ].join('\n');
-    var expectedTabs = [
-        '{',
-        '	a: 1,',
-        '	b: 2',
-        '}'
-    ].join('\n');
-
-    t.equal(inspect(obj, { indent: 2 }), expectedSpaces, 'two');
-    t.equal(inspect(obj, { indent: '\t' }), expectedTabs, 'tabs');
-});
-
-test('two deep object with indent', function (t) {
-    t.plan(2);
-
-    var obj = { a: 1, b: { c: 3, d: 4 } };
-
-    var expectedSpaces = [
-        '{',
-        '  a: 1,',
-        '  b: {',
-        '    c: 3,',
-        '    d: 4',
-        '  }',
-        '}'
-    ].join('\n');
-    var expectedTabs = [
-        '{',
-        '	a: 1,',
-        '	b: {',
-        '		c: 3,',
-        '		d: 4',
-        '	}',
-        '}'
-    ].join('\n');
-
-    t.equal(inspect(obj, { indent: 2 }), expectedSpaces, 'two');
-    t.equal(inspect(obj, { indent: '\t' }), expectedTabs, 'tabs');
-});
-
-test('simple array with all single line elements', function (t) {
-    t.plan(2);
-
-    var obj = [1, 2, 3, 'asdf\nsdf'];
-
-    var expected = '[ 1, 2, 3, \'asdf\\nsdf\' ]';
-
-    t.equal(inspect(obj, { indent: 2 }), expected, 'two');
-    t.equal(inspect(obj, { indent: '\t' }), expected, 'tabs');
-});
-
-test('array with complex elements', function (t) {
-    t.plan(2);
-
-    var obj = [1, { a: 1, b: { c: 1 } }, 'asdf\nsdf'];
-
-    var expectedSpaces = [
-        '[',
-        '  1,',
-        '  {',
-        '    a: 1,',
-        '    b: {',
-        '      c: 1',
-        '    }',
-        '  },',
-        '  \'asdf\\nsdf\'',
-        ']'
-    ].join('\n');
-    var expectedTabs = [
-        '[',
-        '	1,',
-        '	{',
-        '		a: 1,',
-        '		b: {',
-        '			c: 1',
-        '		}',
-        '	},',
-        '	\'asdf\\nsdf\'',
-        ']'
-    ].join('\n');
-
-    t.equal(inspect(obj, { indent: 2 }), expectedSpaces, 'two');
-    t.equal(inspect(obj, { indent: '\t' }), expectedTabs, 'tabs');
-});
-
-test('values', function (t) {
-    t.plan(2);
-    var obj = [{}, [], { 'a-b': 5 }];
-
-    var expectedSpaces = [
-        '[',
-        '  {},',
-        '  [],',
-        '  {',
-        '    \'a-b\': 5',
-        '  }',
-        ']'
-    ].join('\n');
-    var expectedTabs = [
-        '[',
-        '	{},',
-        '	[],',
-        '	{',
-        '		\'a-b\': 5',
-        '	}',
-        ']'
-    ].join('\n');
-
-    t.equal(inspect(obj, { indent: 2 }), expectedSpaces, 'two');
-    t.equal(inspect(obj, { indent: '\t' }), expectedTabs, 'tabs');
-});
-
-test('Map', { skip: typeof Map !== 'function' }, function (t) {
-    var map = new Map();
-    map.set({ a: 1 }, ['b']);
-    map.set(3, NaN);
-
-    var expectedStringSpaces = [
-        'Map (2) {',
-        '  { a: 1 } => [ \'b\' ],',
-        '  3 => NaN',
-        '}'
-    ].join('\n');
-    var expectedStringTabs = [
-        'Map (2) {',
-        '	{ a: 1 } => [ \'b\' ],',
-        '	3 => NaN',
-        '}'
-    ].join('\n');
-    var expectedStringTabsDoubleQuotes = [
-        'Map (2) {',
-        '	{ a: 1 } => [ "b" ],',
-        '	3 => NaN',
-        '}'
-    ].join('\n');
-
-    t.equal(
-        inspect(map, { indent: 2 }),
-        expectedStringSpaces,
-        'Map keys are not indented (two)'
-    );
-    t.equal(
-        inspect(map, { indent: '\t' }),
-        expectedStringTabs,
-        'Map keys are not indented (tabs)'
-    );
-    t.equal(
-        inspect(map, { indent: '\t', quoteStyle: 'double' }),
-        expectedStringTabsDoubleQuotes,
-        'Map keys are not indented (tabs + double quotes)'
-    );
-
-    t.equal(inspect(new Map(), { indent: 2 }), 'Map (0) {}', 'empty Map should show as empty (two)');
-    t.equal(inspect(new Map(), { indent: '\t' }), 'Map (0) {}', 'empty Map should show as empty (tabs)');
-
-    var nestedMap = new Map();
-    nestedMap.set(nestedMap, map);
-    var expectedNestedSpaces = [
-        'Map (1) {',
-        '  [Circular] => Map (2) {',
-        '    { a: 1 } => [ \'b\' ],',
-        '    3 => NaN',
-        '  }',
-        '}'
-    ].join('\n');
-    var expectedNestedTabs = [
-        'Map (1) {',
-        '	[Circular] => Map (2) {',
-        '		{ a: 1 } => [ \'b\' ],',
-        '		3 => NaN',
-        '	}',
-        '}'
-    ].join('\n');
-    t.equal(inspect(nestedMap, { indent: 2 }), expectedNestedSpaces, 'Map containing a Map should work (two)');
-    t.equal(inspect(nestedMap, { indent: '\t' }), expectedNestedTabs, 'Map containing a Map should work (tabs)');
-
-    t.end();
-});
-
-test('Set', { skip: typeof Set !== 'function' }, function (t) {
-    var set = new Set();
-    set.add({ a: 1 });
-    set.add(['b']);
-    var expectedStringSpaces = [
-        'Set (2) {',
-        '  {',
-        '    a: 1',
-        '  },',
-        '  [ \'b\' ]',
-        '}'
-    ].join('\n');
-    var expectedStringTabs = [
-        'Set (2) {',
-        '	{',
-        '		a: 1',
-        '	},',
-        '	[ \'b\' ]',
-        '}'
-    ].join('\n');
-    t.equal(inspect(set, { indent: 2 }), expectedStringSpaces, 'new Set([{ a: 1 }, ["b"]]) should show size and contents (two)');
-    t.equal(inspect(set, { indent: '\t' }), expectedStringTabs, 'new Set([{ a: 1 }, ["b"]]) should show size and contents (tabs)');
-
-    t.equal(inspect(new Set(), { indent: 2 }), 'Set (0) {}', 'empty Set should show as empty (two)');
-    t.equal(inspect(new Set(), { indent: '\t' }), 'Set (0) {}', 'empty Set should show as empty (tabs)');
-
-    var nestedSet = new Set();
-    nestedSet.add(set);
-    nestedSet.add(nestedSet);
-    var expectedNestedSpaces = [
-        'Set (2) {',
-        '  Set (2) {',
-        '    {',
-        '      a: 1',
-        '    },',
-        '    [ \'b\' ]',
-        '  },',
-        '  [Circular]',
-        '}'
-    ].join('\n');
-    var expectedNestedTabs = [
-        'Set (2) {',
-        '	Set (2) {',
-        '		{',
-        '			a: 1',
-        '		},',
-        '		[ \'b\' ]',
-        '	},',
-        '	[Circular]',
-        '}'
-    ].join('\n');
-    t.equal(inspect(nestedSet, { indent: 2 }), expectedNestedSpaces, 'Set containing a Set should work (two)');
-    t.equal(inspect(nestedSet, { indent: '\t' }), expectedNestedTabs, 'Set containing a Set should work (tabs)');
-
-    t.end();
-});
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/test/inspect.js b/src/Servers/ExpressServer/node_modules/object-inspect/test/inspect.js
deleted file mode 100644
index 1abf81b..0000000
--- a/src/Servers/ExpressServer/node_modules/object-inspect/test/inspect.js
+++ /dev/null
@@ -1,139 +0,0 @@
-var test = require('tape');
-var hasSymbols = require('has-symbols/shams')();
-var utilInspect = require('../util.inspect');
-var repeat = require('string.prototype.repeat');
-
-var inspect = require('..');
-
-test('inspect', function (t) {
-    t.plan(5);
-
-    var obj = [{ inspect: function xyzInspect() { return '!XYZ¡'; } }, []];
-    var stringResult = '[ !XYZ¡, [] ]';
-    var falseResult = '[ { inspect: [Function: xyzInspect] }, [] ]';
-
-    t.equal(inspect(obj), stringResult);
-    t.equal(inspect(obj, { customInspect: true }), stringResult);
-    t.equal(inspect(obj, { customInspect: 'symbol' }), falseResult);
-    t.equal(inspect(obj, { customInspect: false }), falseResult);
-    t['throws'](
-        function () { inspect(obj, { customInspect: 'not a boolean or "symbol"' }); },
-        TypeError,
-        '`customInspect` must be a boolean or the string "symbol"'
-    );
-});
-
-test('inspect custom symbol', { skip: !hasSymbols || !utilInspect || !utilInspect.custom }, function (t) {
-    t.plan(4);
-
-    var obj = { inspect: function stringInspect() { return 'string'; } };
-    obj[utilInspect.custom] = function custom() { return 'symbol'; };
-
-    var symbolResult = '[ symbol, [] ]';
-    var stringResult = '[ string, [] ]';
-    var falseResult = '[ { inspect: [Function: stringInspect]' + (utilInspect.custom ? ', [' + inspect(utilInspect.custom) + ']: [Function: custom]' : '') + ' }, [] ]';
-
-    var symbolStringFallback = utilInspect.custom ? symbolResult : stringResult;
-    var symbolFalseFallback = utilInspect.custom ? symbolResult : falseResult;
-
-    t.equal(inspect([obj, []]), symbolStringFallback);
-    t.equal(inspect([obj, []], { customInspect: true }), symbolStringFallback);
-    t.equal(inspect([obj, []], { customInspect: 'symbol' }), symbolFalseFallback);
-    t.equal(inspect([obj, []], { customInspect: false }), falseResult);
-});
-
-test('symbols', { skip: !hasSymbols }, function (t) {
-    t.plan(2);
-
-    var obj = { a: 1 };
-    obj[Symbol('test')] = 2;
-    obj[Symbol.iterator] = 3;
-    Object.defineProperty(obj, Symbol('non-enum'), {
-        enumerable: false,
-        value: 4
-    });
-
-    if (typeof Symbol.iterator === 'symbol') {
-        t.equal(inspect(obj), '{ a: 1, [Symbol(test)]: 2, [Symbol(Symbol.iterator)]: 3 }', 'object with symbols');
-        t.equal(inspect([obj, []]), '[ { a: 1, [Symbol(test)]: 2, [Symbol(Symbol.iterator)]: 3 }, [] ]', 'object with symbols in array');
-    } else {
-        // symbol sham key ordering is unreliable
-        t.match(
-            inspect(obj),
-            /^(?:{ a: 1, \[Symbol\(test\)\]: 2, \[Symbol\(Symbol.iterator\)\]: 3 }|{ a: 1, \[Symbol\(Symbol.iterator\)\]: 3, \[Symbol\(test\)\]: 2 })$/,
-            'object with symbols (nondeterministic symbol sham key ordering)'
-        );
-        t.match(
-            inspect([obj, []]),
-            /^\[ (?:{ a: 1, \[Symbol\(test\)\]: 2, \[Symbol\(Symbol.iterator\)\]: 3 }|{ a: 1, \[Symbol\(Symbol.iterator\)\]: 3, \[Symbol\(test\)\]: 2 }), \[\] \]$/,
-            'object with symbols in array (nondeterministic symbol sham key ordering)'
-        );
-    }
-});
-
-test('maxStringLength', function (t) {
-    t['throws'](
-        function () { inspect('', { maxStringLength: -1 }); },
-        TypeError,
-        'maxStringLength must be >= 0, or Infinity, not negative'
-    );
-
-    var str = repeat('a', 1e8);
-
-    t.equal(
-        inspect([str], { maxStringLength: 10 }),
-        '[ \'aaaaaaaaaa\'... 99999990 more characters ]',
-        'maxStringLength option limits output'
-    );
-
-    t.equal(
-        inspect(['f'], { maxStringLength: null }),
-        '[ \'\'... 1 more character ]',
-        'maxStringLength option accepts `null`'
-    );
-
-    t.equal(
-        inspect([str], { maxStringLength: Infinity }),
-        '[ \'' + str + '\' ]',
-        'maxStringLength option accepts ∞'
-    );
-
-    t.end();
-});
-
-test('inspect options', { skip: !utilInspect.custom }, function (t) {
-    var obj = {};
-    obj[utilInspect.custom] = function () {
-        return JSON.stringify(arguments);
-    };
-    t.equal(
-        inspect(obj),
-        utilInspect(obj, { depth: 5 }),
-        'custom symbols will use node\'s inspect'
-    );
-    t.equal(
-        inspect(obj, { depth: 2 }),
-        utilInspect(obj, { depth: 2 }),
-        'a reduced depth will be passed to node\'s inspect'
-    );
-    t.equal(
-        inspect({ d1: obj }, { depth: 3 }),
-        '{ d1: ' + utilInspect(obj, { depth: 2 }) + ' }',
-        'deep objects will receive a reduced depth'
-    );
-    t.equal(
-        inspect({ d1: obj }, { depth: 1 }),
-        '{ d1: [Object] }',
-        'unlike nodejs inspect, customInspect will not be used once the depth is exceeded.'
-    );
-    t.end();
-});
-
-test('inspect URL', { skip: typeof URL === 'undefined' }, function (t) {
-    t.match(
-        inspect(new URL('https://nodejs.org')),
-        /nodejs\.org/, // Different environments stringify it differently
-        'url can be inspected'
-    );
-    t.end();
-});
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/test/lowbyte.js b/src/Servers/ExpressServer/node_modules/object-inspect/test/lowbyte.js
deleted file mode 100644
index 68a345d..0000000
--- a/src/Servers/ExpressServer/node_modules/object-inspect/test/lowbyte.js
+++ /dev/null
@@ -1,12 +0,0 @@
-var test = require('tape');
-var inspect = require('../');
-
-var obj = { x: 'a\r\nb', y: '\x05! \x1f \x12' };
-
-test('interpolate low bytes', function (t) {
-    t.plan(1);
-    t.equal(
-        inspect(obj),
-        "{ x: 'a\\r\\nb', y: '\\x05! \\x1F \\x12' }"
-    );
-});
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/test/number.js b/src/Servers/ExpressServer/node_modules/object-inspect/test/number.js
deleted file mode 100644
index 8f287e8..0000000
--- a/src/Servers/ExpressServer/node_modules/object-inspect/test/number.js
+++ /dev/null
@@ -1,58 +0,0 @@
-var test = require('tape');
-var v = require('es-value-fixtures');
-var forEach = require('for-each');
-
-var inspect = require('../');
-
-test('negative zero', function (t) {
-    t.equal(inspect(0), '0', 'inspect(0) === "0"');
-    t.equal(inspect(Object(0)), 'Object(0)', 'inspect(Object(0)) === "Object(0)"');
-
-    t.equal(inspect(-0), '-0', 'inspect(-0) === "-0"');
-    t.equal(inspect(Object(-0)), 'Object(-0)', 'inspect(Object(-0)) === "Object(-0)"');
-
-    t.end();
-});
-
-test('numericSeparator', function (t) {
-    forEach(v.nonBooleans, function (nonBoolean) {
-        t['throws'](
-            function () { inspect(true, { numericSeparator: nonBoolean }); },
-            TypeError,
-            inspect(nonBoolean) + ' is not a boolean'
-        );
-    });
-
-    t.test('3 digit numbers', function (st) {
-        var failed = false;
-        for (var i = -999; i < 1000; i += 1) {
-            var actual = inspect(i);
-            var actualSepNo = inspect(i, { numericSeparator: false });
-            var actualSepYes = inspect(i, { numericSeparator: true });
-            var expected = String(i);
-            if (actual !== expected || actualSepNo !== expected || actualSepYes !== expected) {
-                failed = true;
-                t.equal(actual, expected);
-                t.equal(actualSepNo, expected);
-                t.equal(actualSepYes, expected);
-            }
-        }
-
-        st.notOk(failed, 'all 3 digit numbers passed');
-
-        st.end();
-    });
-
-    t.equal(inspect(1e3), '1000', '1000');
-    t.equal(inspect(1e3, { numericSeparator: false }), '1000', '1000, numericSeparator false');
-    t.equal(inspect(1e3, { numericSeparator: true }), '1_000', '1000, numericSeparator true');
-    t.equal(inspect(-1e3), '-1000', '-1000');
-    t.equal(inspect(-1e3, { numericSeparator: false }), '-1000', '-1000, numericSeparator false');
-    t.equal(inspect(-1e3, { numericSeparator: true }), '-1_000', '-1000, numericSeparator true');
-
-    t.equal(inspect(1234.5678, { numericSeparator: true }), '1_234.567_8', 'fractional numbers get separators');
-    t.equal(inspect(1234.56789, { numericSeparator: true }), '1_234.567_89', 'fractional numbers get separators');
-    t.equal(inspect(1234.567891, { numericSeparator: true }), '1_234.567_891', 'fractional numbers get separators');
-
-    t.end();
-});
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/test/quoteStyle.js b/src/Servers/ExpressServer/node_modules/object-inspect/test/quoteStyle.js
deleted file mode 100644
index da23e63..0000000
--- a/src/Servers/ExpressServer/node_modules/object-inspect/test/quoteStyle.js
+++ /dev/null
@@ -1,26 +0,0 @@
-'use strict';
-
-var inspect = require('../');
-var test = require('tape');
-
-test('quoteStyle option', function (t) {
-    t['throws'](function () { inspect(null, { quoteStyle: false }); }, 'false is not a valid value');
-    t['throws'](function () { inspect(null, { quoteStyle: true }); }, 'true is not a valid value');
-    t['throws'](function () { inspect(null, { quoteStyle: '' }); }, '"" is not a valid value');
-    t['throws'](function () { inspect(null, { quoteStyle: {} }); }, '{} is not a valid value');
-    t['throws'](function () { inspect(null, { quoteStyle: [] }); }, '[] is not a valid value');
-    t['throws'](function () { inspect(null, { quoteStyle: 42 }); }, '42 is not a valid value');
-    t['throws'](function () { inspect(null, { quoteStyle: NaN }); }, 'NaN is not a valid value');
-    t['throws'](function () { inspect(null, { quoteStyle: function () {} }); }, 'a function is not a valid value');
-
-    t.equal(inspect('"', { quoteStyle: 'single' }), '\'"\'', 'double quote, quoteStyle: "single"');
-    t.equal(inspect('"', { quoteStyle: 'double' }), '"\\""', 'double quote, quoteStyle: "double"');
-
-    t.equal(inspect('\'', { quoteStyle: 'single' }), '\'\\\'\'', 'single quote, quoteStyle: "single"');
-    t.equal(inspect('\'', { quoteStyle: 'double' }), '"\'"', 'single quote, quoteStyle: "double"');
-
-    t.equal(inspect('`', { quoteStyle: 'single' }), '\'`\'', 'backtick, quoteStyle: "single"');
-    t.equal(inspect('`', { quoteStyle: 'double' }), '"`"', 'backtick, quoteStyle: "double"');
-
-    t.end();
-});
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/test/toStringTag.js b/src/Servers/ExpressServer/node_modules/object-inspect/test/toStringTag.js
deleted file mode 100644
index 95f8270..0000000
--- a/src/Servers/ExpressServer/node_modules/object-inspect/test/toStringTag.js
+++ /dev/null
@@ -1,40 +0,0 @@
-'use strict';
-
-var test = require('tape');
-var hasToStringTag = require('has-tostringtag/shams')();
-
-var inspect = require('../');
-
-test('Symbol.toStringTag', { skip: !hasToStringTag }, function (t) {
-    t.plan(4);
-
-    var obj = { a: 1 };
-    t.equal(inspect(obj), '{ a: 1 }', 'object, no Symbol.toStringTag');
-
-    obj[Symbol.toStringTag] = 'foo';
-    t.equal(inspect(obj), '{ a: 1, [Symbol(Symbol.toStringTag)]: \'foo\' }', 'object with Symbol.toStringTag');
-
-    t.test('null objects', { skip: 'toString' in { __proto__: null } }, function (st) {
-        st.plan(2);
-
-        var dict = { __proto__: null, a: 1 };
-        st.equal(inspect(dict), '[Object: null prototype] { a: 1 }', 'null object with Symbol.toStringTag');
-
-        dict[Symbol.toStringTag] = 'Dict';
-        st.equal(inspect(dict), '[Dict: null prototype] { a: 1, [Symbol(Symbol.toStringTag)]: \'Dict\' }', 'null object with Symbol.toStringTag');
-    });
-
-    t.test('instances', function (st) {
-        st.plan(4);
-
-        function C() {
-            this.a = 1;
-        }
-        st.equal(Object.prototype.toString.call(new C()), '[object Object]', 'instance, no toStringTag, Object.prototype.toString');
-        st.equal(inspect(new C()), 'C { a: 1 }', 'instance, no toStringTag');
-
-        C.prototype[Symbol.toStringTag] = 'Class!';
-        st.equal(Object.prototype.toString.call(new C()), '[object Class!]', 'instance, with toStringTag, Object.prototype.toString');
-        st.equal(inspect(new C()), 'C [Class!] { a: 1 }', 'instance, with toStringTag');
-    });
-});
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/test/undef.js b/src/Servers/ExpressServer/node_modules/object-inspect/test/undef.js
deleted file mode 100644
index e3f4961..0000000
--- a/src/Servers/ExpressServer/node_modules/object-inspect/test/undef.js
+++ /dev/null
@@ -1,12 +0,0 @@
-var test = require('tape');
-var inspect = require('../');
-
-var obj = { a: 1, b: [3, 4, undefined, null], c: undefined, d: null };
-
-test('undef and null', function (t) {
-    t.plan(1);
-    t.equal(
-        inspect(obj),
-        '{ a: 1, b: [ 3, 4, undefined, null ], c: undefined, d: null }'
-    );
-});
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/test/values.js b/src/Servers/ExpressServer/node_modules/object-inspect/test/values.js
deleted file mode 100644
index 15986cd..0000000
--- a/src/Servers/ExpressServer/node_modules/object-inspect/test/values.js
+++ /dev/null
@@ -1,261 +0,0 @@
-'use strict';
-
-var inspect = require('../');
-var test = require('tape');
-var mockProperty = require('mock-property');
-var hasSymbols = require('has-symbols/shams')();
-var hasToStringTag = require('has-tostringtag/shams')();
-var forEach = require('for-each');
-var semver = require('semver');
-
-test('values', function (t) {
-    t.plan(1);
-    var obj = [{}, [], { 'a-b': 5 }];
-    t.equal(inspect(obj), '[ {}, [], { \'a-b\': 5 } ]');
-});
-
-test('arrays with properties', function (t) {
-    t.plan(1);
-    var arr = [3];
-    arr.foo = 'bar';
-    var obj = [1, 2, arr];
-    obj.baz = 'quux';
-    obj.index = -1;
-    t.equal(inspect(obj), '[ 1, 2, [ 3, foo: \'bar\' ], baz: \'quux\', index: -1 ]');
-});
-
-test('has', function (t) {
-    t.plan(1);
-    t.teardown(mockProperty(Object.prototype, 'hasOwnProperty', { 'delete': true }));
-
-    t.equal(inspect({ a: 1, b: 2 }), '{ a: 1, b: 2 }');
-});
-
-test('indexOf seen', function (t) {
-    t.plan(1);
-    var xs = [1, 2, 3, {}];
-    xs.push(xs);
-
-    var seen = [];
-    seen.indexOf = undefined;
-
-    t.equal(
-        inspect(xs, {}, 0, seen),
-        '[ 1, 2, 3, {}, [Circular] ]'
-    );
-});
-
-test('seen seen', function (t) {
-    t.plan(1);
-    var xs = [1, 2, 3];
-
-    var seen = [xs];
-    seen.indexOf = undefined;
-
-    t.equal(
-        inspect(xs, {}, 0, seen),
-        '[Circular]'
-    );
-});
-
-test('seen seen seen', function (t) {
-    t.plan(1);
-    var xs = [1, 2, 3];
-
-    var seen = [5, xs];
-    seen.indexOf = undefined;
-
-    t.equal(
-        inspect(xs, {}, 0, seen),
-        '[Circular]'
-    );
-});
-
-test('symbols', { skip: !hasSymbols }, function (t) {
-    var sym = Symbol('foo');
-    t.equal(inspect(sym), 'Symbol(foo)', 'Symbol("foo") should be "Symbol(foo)"');
-    if (typeof sym === 'symbol') {
-        // Symbol shams are incapable of differentiating boxed from unboxed symbols
-        t.equal(inspect(Object(sym)), 'Object(Symbol(foo))', 'Object(Symbol("foo")) should be "Object(Symbol(foo))"');
-    }
-
-    t.test('toStringTag', { skip: !hasToStringTag }, function (st) {
-        st.plan(1);
-
-        var faker = {};
-        faker[Symbol.toStringTag] = 'Symbol';
-        st.equal(
-            inspect(faker),
-            '{ [Symbol(Symbol.toStringTag)]: \'Symbol\' }',
-            'object lying about being a Symbol inspects as an object'
-        );
-    });
-
-    t.end();
-});
-
-test('Map', { skip: typeof Map !== 'function' }, function (t) {
-    var map = new Map();
-    map.set({ a: 1 }, ['b']);
-    map.set(3, NaN);
-    var expectedString = 'Map (2) {' + inspect({ a: 1 }) + ' => ' + inspect(['b']) + ', 3 => NaN}';
-    t.equal(inspect(map), expectedString, 'new Map([[{ a: 1 }, ["b"]], [3, NaN]]) should show size and contents');
-    t.equal(inspect(new Map()), 'Map (0) {}', 'empty Map should show as empty');
-
-    var nestedMap = new Map();
-    nestedMap.set(nestedMap, map);
-    t.equal(inspect(nestedMap), 'Map (1) {[Circular] => ' + expectedString + '}', 'Map containing a Map should work');
-
-    t.end();
-});
-
-test('WeakMap', { skip: typeof WeakMap !== 'function' }, function (t) {
-    var map = new WeakMap();
-    map.set({ a: 1 }, ['b']);
-    var expectedString = 'WeakMap { ? }';
-    t.equal(inspect(map), expectedString, 'new WeakMap([[{ a: 1 }, ["b"]]]) should not show size or contents');
-    t.equal(inspect(new WeakMap()), 'WeakMap { ? }', 'empty WeakMap should not show as empty');
-
-    t.end();
-});
-
-test('Set', { skip: typeof Set !== 'function' }, function (t) {
-    var set = new Set();
-    set.add({ a: 1 });
-    set.add(['b']);
-    var expectedString = 'Set (2) {' + inspect({ a: 1 }) + ', ' + inspect(['b']) + '}';
-    t.equal(inspect(set), expectedString, 'new Set([{ a: 1 }, ["b"]]) should show size and contents');
-    t.equal(inspect(new Set()), 'Set (0) {}', 'empty Set should show as empty');
-
-    var nestedSet = new Set();
-    nestedSet.add(set);
-    nestedSet.add(nestedSet);
-    t.equal(inspect(nestedSet), 'Set (2) {' + expectedString + ', [Circular]}', 'Set containing a Set should work');
-
-    t.end();
-});
-
-test('WeakSet', { skip: typeof WeakSet !== 'function' }, function (t) {
-    var map = new WeakSet();
-    map.add({ a: 1 });
-    var expectedString = 'WeakSet { ? }';
-    t.equal(inspect(map), expectedString, 'new WeakSet([{ a: 1 }]) should not show size or contents');
-    t.equal(inspect(new WeakSet()), 'WeakSet { ? }', 'empty WeakSet should not show as empty');
-
-    t.end();
-});
-
-test('WeakRef', { skip: typeof WeakRef !== 'function' }, function (t) {
-    var ref = new WeakRef({ a: 1 });
-    var expectedString = 'WeakRef { ? }';
-    t.equal(inspect(ref), expectedString, 'new WeakRef({ a: 1 }) should not show contents');
-
-    t.end();
-});
-
-test('FinalizationRegistry', { skip: typeof FinalizationRegistry !== 'function' }, function (t) {
-    var registry = new FinalizationRegistry(function () {});
-    var expectedString = 'FinalizationRegistry [FinalizationRegistry] {}';
-    t.equal(inspect(registry), expectedString, 'new FinalizationRegistry(function () {}) should work normallys');
-
-    t.end();
-});
-
-test('Strings', function (t) {
-    var str = 'abc';
-
-    t.equal(inspect(str), "'" + str + "'", 'primitive string shows as such');
-    t.equal(inspect(str, { quoteStyle: 'single' }), "'" + str + "'", 'primitive string shows as such, single quoted');
-    t.equal(inspect(str, { quoteStyle: 'double' }), '"' + str + '"', 'primitive string shows as such, double quoted');
-    t.equal(inspect(Object(str)), 'Object(' + inspect(str) + ')', 'String object shows as such');
-    t.equal(inspect(Object(str), { quoteStyle: 'single' }), 'Object(' + inspect(str, { quoteStyle: 'single' }) + ')', 'String object shows as such, single quoted');
-    t.equal(inspect(Object(str), { quoteStyle: 'double' }), 'Object(' + inspect(str, { quoteStyle: 'double' }) + ')', 'String object shows as such, double quoted');
-
-    t.end();
-});
-
-test('Numbers', function (t) {
-    var num = 42;
-
-    t.equal(inspect(num), String(num), 'primitive number shows as such');
-    t.equal(inspect(Object(num)), 'Object(' + inspect(num) + ')', 'Number object shows as such');
-
-    t.end();
-});
-
-test('Booleans', function (t) {
-    t.equal(inspect(true), String(true), 'primitive true shows as such');
-    t.equal(inspect(Object(true)), 'Object(' + inspect(true) + ')', 'Boolean object true shows as such');
-
-    t.equal(inspect(false), String(false), 'primitive false shows as such');
-    t.equal(inspect(Object(false)), 'Object(' + inspect(false) + ')', 'Boolean false object shows as such');
-
-    t.end();
-});
-
-test('Date', function (t) {
-    var now = new Date();
-    t.equal(inspect(now), String(now), 'Date shows properly');
-    t.equal(inspect(new Date(NaN)), 'Invalid Date', 'Invalid Date shows properly');
-
-    t.end();
-});
-
-test('RegExps', function (t) {
-    t.equal(inspect(/a/g), '/a/g', 'regex shows properly');
-    t.equal(inspect(new RegExp('abc', 'i')), '/abc/i', 'new RegExp shows properly');
-
-    var match = 'abc abc'.match(/[ab]+/);
-    delete match.groups; // for node < 10
-    t.equal(inspect(match), '[ \'ab\', index: 0, input: \'abc abc\' ]', 'RegExp match object shows properly');
-
-    t.end();
-});
-
-test('Proxies', { skip: typeof Proxy !== 'function' || !hasToStringTag }, function (t) {
-    var target = { proxy: true };
-    var fake = new Proxy(target, { has: function () { return false; } });
-
-    // needed to work around a weird difference in node v6.0 - v6.4 where non-present properties are not logged
-    var isNode60 = semver.satisfies(process.version, '6.0 - 6.4');
-
-    forEach([
-        'Boolean',
-        'Number',
-        'String',
-        'Symbol',
-        'Date'
-    ], function (tag) {
-        target[Symbol.toStringTag] = tag;
-
-        t.equal(
-            inspect(fake),
-            '{ ' + (isNode60 ? '' : 'proxy: true, ') + '[Symbol(Symbol.toStringTag)]: \'' + tag + '\' }',
-            'Proxy for + ' + tag + ' shows as the target, which has no slots'
-        );
-    });
-
-    t.end();
-});
-
-test('fakers', { skip: !hasToStringTag }, function (t) {
-    var target = { proxy: false };
-
-    forEach([
-        'Boolean',
-        'Number',
-        'String',
-        'Symbol',
-        'Date'
-    ], function (tag) {
-        target[Symbol.toStringTag] = tag;
-
-        t.equal(
-            inspect(target),
-            '{ proxy: false, [Symbol(Symbol.toStringTag)]: \'' + tag + '\' }',
-            'Object pretending to be ' + tag + ' does not trick us'
-        );
-    });
-
-    t.end();
-});
diff --git a/src/Servers/ExpressServer/node_modules/object-inspect/util.inspect.js b/src/Servers/ExpressServer/node_modules/object-inspect/util.inspect.js
deleted file mode 100644
index 7784fab..0000000
--- a/src/Servers/ExpressServer/node_modules/object-inspect/util.inspect.js
+++ /dev/null
@@ -1 +0,0 @@
-module.exports = require('util').inspect;
diff --git a/src/Servers/ExpressServer/node_modules/on-finished/HISTORY.md b/src/Servers/ExpressServer/node_modules/on-finished/HISTORY.md
deleted file mode 100644
index 1917595..0000000
--- a/src/Servers/ExpressServer/node_modules/on-finished/HISTORY.md
+++ /dev/null
@@ -1,98 +0,0 @@
-2.4.1 / 2022-02-22
-==================
-
-  * Fix error on early async hooks implementations
-
-2.4.0 / 2022-02-21
-==================
-
-  * Prevent loss of async hooks context
-
-2.3.0 / 2015-05-26
-==================
-
-  * Add defined behavior for HTTP `CONNECT` requests
-  * Add defined behavior for HTTP `Upgrade` requests
-  * deps: ee-first@1.1.1
-
-2.2.1 / 2015-04-22
-==================
-
-  * Fix `isFinished(req)` when data buffered
-
-2.2.0 / 2014-12-22
-==================
-
-  * Add message object to callback arguments
-
-2.1.1 / 2014-10-22
-==================
-
-  * Fix handling of pipelined requests
-
-2.1.0 / 2014-08-16
-==================
-
-  * Check if `socket` is detached
-  * Return `undefined` for `isFinished` if state unknown
-
-2.0.0 / 2014-08-16
-==================
-
-  * Add `isFinished` function
-  * Move to `jshttp` organization
-  * Remove support for plain socket argument
-  * Rename to `on-finished`
-  * Support both `req` and `res` as arguments
-  * deps: ee-first@1.0.5
-
-1.2.2 / 2014-06-10
-==================
-
-  * Reduce listeners added to emitters
-    - avoids "event emitter leak" warnings when used multiple times on same request
-
-1.2.1 / 2014-06-08
-==================
-
-  * Fix returned value when already finished
-
-1.2.0 / 2014-06-05
-==================
-
-  * Call callback when called on already-finished socket
-
-1.1.4 / 2014-05-27
-==================
-
-  * Support node.js 0.8
-
-1.1.3 / 2014-04-30
-==================
-
-  * Make sure errors passed as instanceof `Error`
-
-1.1.2 / 2014-04-18
-==================
-
-  * Default the `socket` to passed-in object
-
-1.1.1 / 2014-01-16
-==================
-
-  * Rename module to `finished`
-
-1.1.0 / 2013-12-25
-==================
-
-  * Call callback when called on already-errored socket
-
-1.0.1 / 2013-12-20
-==================
-
-  * Actually pass the error to the callback
-
-1.0.0 / 2013-12-20
-==================
-
-  * Initial release
diff --git a/src/Servers/ExpressServer/node_modules/on-finished/LICENSE b/src/Servers/ExpressServer/node_modules/on-finished/LICENSE
deleted file mode 100644
index 5931fd2..0000000
--- a/src/Servers/ExpressServer/node_modules/on-finished/LICENSE
+++ /dev/null
@@ -1,23 +0,0 @@
-(The MIT License)
-
-Copyright (c) 2013 Jonathan Ong <me@jongleberry.com>
-Copyright (c) 2014 Douglas Christopher Wilson <doug@somethingdoug.com>
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-'Software'), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
-CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
-TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
-SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/on-finished/README.md b/src/Servers/ExpressServer/node_modules/on-finished/README.md
deleted file mode 100644
index 8973cde..0000000
--- a/src/Servers/ExpressServer/node_modules/on-finished/README.md
+++ /dev/null
@@ -1,162 +0,0 @@
-# on-finished
-
-[![NPM Version][npm-version-image]][npm-url]
-[![NPM Downloads][npm-downloads-image]][npm-url]
-[![Node.js Version][node-image]][node-url]
-[![Build Status][ci-image]][ci-url]
-[![Coverage Status][coveralls-image]][coveralls-url]
-
-Execute a callback when a HTTP request closes, finishes, or errors.
-
-## Install
-
-This is a [Node.js](https://nodejs.org/en/) module available through the
-[npm registry](https://www.npmjs.com/). Installation is done using the
-[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
-
-```sh
-$ npm install on-finished
-```
-
-## API
-
-```js
-var onFinished = require('on-finished')
-```
-
-### onFinished(res, listener)
-
-Attach a listener to listen for the response to finish. The listener will
-be invoked only once when the response finished. If the response finished
-to an error, the first argument will contain the error. If the response
-has already finished, the listener will be invoked.
-
-Listening to the end of a response would be used to close things associated
-with the response, like open files.
-
-Listener is invoked as `listener(err, res)`.
-
-<!-- eslint-disable handle-callback-err -->
-
-```js
-onFinished(res, function (err, res) {
-  // clean up open fds, etc.
-  // err contains the error if request error'd
-})
-```
-
-### onFinished(req, listener)
-
-Attach a listener to listen for the request to finish. The listener will
-be invoked only once when the request finished. If the request finished
-to an error, the first argument will contain the error. If the request
-has already finished, the listener will be invoked.
-
-Listening to the end of a request would be used to know when to continue
-after reading the data.
-
-Listener is invoked as `listener(err, req)`.
-
-<!-- eslint-disable handle-callback-err -->
-
-```js
-var data = ''
-
-req.setEncoding('utf8')
-req.on('data', function (str) {
-  data += str
-})
-
-onFinished(req, function (err, req) {
-  // data is read unless there is err
-})
-```
-
-### onFinished.isFinished(res)
-
-Determine if `res` is already finished. This would be useful to check and
-not even start certain operations if the response has already finished.
-
-### onFinished.isFinished(req)
-
-Determine if `req` is already finished. This would be useful to check and
-not even start certain operations if the request has already finished.
-
-## Special Node.js requests
-
-### HTTP CONNECT method
-
-The meaning of the `CONNECT` method from RFC 7231, section 4.3.6:
-
-> The CONNECT method requests that the recipient establish a tunnel to
-> the destination origin server identified by the request-target and,
-> if successful, thereafter restrict its behavior to blind forwarding
-> of packets, in both directions, until the tunnel is closed.  Tunnels
-> are commonly used to create an end-to-end virtual connection, through
-> one or more proxies, which can then be secured using TLS (Transport
-> Layer Security, [RFC5246]).
-
-In Node.js, these request objects come from the `'connect'` event on
-the HTTP server.
-
-When this module is used on a HTTP `CONNECT` request, the request is
-considered "finished" immediately, **due to limitations in the Node.js
-interface**. This means if the `CONNECT` request contains a request entity,
-the request will be considered "finished" even before it has been read.
-
-There is no such thing as a response object to a `CONNECT` request in
-Node.js, so there is no support for one.
-
-### HTTP Upgrade request
-
-The meaning of the `Upgrade` header from RFC 7230, section 6.1:
-
-> The "Upgrade" header field is intended to provide a simple mechanism
-> for transitioning from HTTP/1.1 to some other protocol on the same
-> connection.
-
-In Node.js, these request objects come from the `'upgrade'` event on
-the HTTP server.
-
-When this module is used on a HTTP request with an `Upgrade` header, the
-request is considered "finished" immediately, **due to limitations in the
-Node.js interface**. This means if the `Upgrade` request contains a request
-entity, the request will be considered "finished" even before it has been
-read.
-
-There is no such thing as a response object to a `Upgrade` request in
-Node.js, so there is no support for one.
-
-## Example
-
-The following code ensures that file descriptors are always closed
-once the response finishes.
-
-```js
-var destroy = require('destroy')
-var fs = require('fs')
-var http = require('http')
-var onFinished = require('on-finished')
-
-http.createServer(function onRequest (req, res) {
-  var stream = fs.createReadStream('package.json')
-  stream.pipe(res)
-  onFinished(res, function () {
-    destroy(stream)
-  })
-})
-```
-
-## License
-
-[MIT](LICENSE)
-
-[ci-image]: https://badgen.net/github/checks/jshttp/on-finished/master?label=ci
-[ci-url]: https://github.com/jshttp/on-finished/actions/workflows/ci.yml
-[coveralls-image]: https://badgen.net/coveralls/c/github/jshttp/on-finished/master
-[coveralls-url]: https://coveralls.io/r/jshttp/on-finished?branch=master
-[node-image]: https://badgen.net/npm/node/on-finished
-[node-url]: https://nodejs.org/en/download
-[npm-downloads-image]: https://badgen.net/npm/dm/on-finished
-[npm-url]: https://npmjs.org/package/on-finished
-[npm-version-image]: https://badgen.net/npm/v/on-finished
diff --git a/src/Servers/ExpressServer/node_modules/on-finished/index.js b/src/Servers/ExpressServer/node_modules/on-finished/index.js
deleted file mode 100644
index e68df7b..0000000
--- a/src/Servers/ExpressServer/node_modules/on-finished/index.js
+++ /dev/null
@@ -1,234 +0,0 @@
-/*!
- * on-finished
- * Copyright(c) 2013 Jonathan Ong
- * Copyright(c) 2014 Douglas Christopher Wilson
- * MIT Licensed
- */
-
-'use strict'
-
-/**
- * Module exports.
- * @public
- */
-
-module.exports = onFinished
-module.exports.isFinished = isFinished
-
-/**
- * Module dependencies.
- * @private
- */
-
-var asyncHooks = tryRequireAsyncHooks()
-var first = require('ee-first')
-
-/**
- * Variables.
- * @private
- */
-
-/* istanbul ignore next */
-var defer = typeof setImmediate === 'function'
-  ? setImmediate
-  : function (fn) { process.nextTick(fn.bind.apply(fn, arguments)) }
-
-/**
- * Invoke callback when the response has finished, useful for
- * cleaning up resources afterwards.
- *
- * @param {object} msg
- * @param {function} listener
- * @return {object}
- * @public
- */
-
-function onFinished (msg, listener) {
-  if (isFinished(msg) !== false) {
-    defer(listener, null, msg)
-    return msg
-  }
-
-  // attach the listener to the message
-  attachListener(msg, wrap(listener))
-
-  return msg
-}
-
-/**
- * Determine if message is already finished.
- *
- * @param {object} msg
- * @return {boolean}
- * @public
- */
-
-function isFinished (msg) {
-  var socket = msg.socket
-
-  if (typeof msg.finished === 'boolean') {
-    // OutgoingMessage
-    return Boolean(msg.finished || (socket && !socket.writable))
-  }
-
-  if (typeof msg.complete === 'boolean') {
-    // IncomingMessage
-    return Boolean(msg.upgrade || !socket || !socket.readable || (msg.complete && !msg.readable))
-  }
-
-  // don't know
-  return undefined
-}
-
-/**
- * Attach a finished listener to the message.
- *
- * @param {object} msg
- * @param {function} callback
- * @private
- */
-
-function attachFinishedListener (msg, callback) {
-  var eeMsg
-  var eeSocket
-  var finished = false
-
-  function onFinish (error) {
-    eeMsg.cancel()
-    eeSocket.cancel()
-
-    finished = true
-    callback(error)
-  }
-
-  // finished on first message event
-  eeMsg = eeSocket = first([[msg, 'end', 'finish']], onFinish)
-
-  function onSocket (socket) {
-    // remove listener
-    msg.removeListener('socket', onSocket)
-
-    if (finished) return
-    if (eeMsg !== eeSocket) return
-
-    // finished on first socket event
-    eeSocket = first([[socket, 'error', 'close']], onFinish)
-  }
-
-  if (msg.socket) {
-    // socket already assigned
-    onSocket(msg.socket)
-    return
-  }
-
-  // wait for socket to be assigned
-  msg.on('socket', onSocket)
-
-  if (msg.socket === undefined) {
-    // istanbul ignore next: node.js 0.8 patch
-    patchAssignSocket(msg, onSocket)
-  }
-}
-
-/**
- * Attach the listener to the message.
- *
- * @param {object} msg
- * @return {function}
- * @private
- */
-
-function attachListener (msg, listener) {
-  var attached = msg.__onFinished
-
-  // create a private single listener with queue
-  if (!attached || !attached.queue) {
-    attached = msg.__onFinished = createListener(msg)
-    attachFinishedListener(msg, attached)
-  }
-
-  attached.queue.push(listener)
-}
-
-/**
- * Create listener on message.
- *
- * @param {object} msg
- * @return {function}
- * @private
- */
-
-function createListener (msg) {
-  function listener (err) {
-    if (msg.__onFinished === listener) msg.__onFinished = null
-    if (!listener.queue) return
-
-    var queue = listener.queue
-    listener.queue = null
-
-    for (var i = 0; i < queue.length; i++) {
-      queue[i](err, msg)
-    }
-  }
-
-  listener.queue = []
-
-  return listener
-}
-
-/**
- * Patch ServerResponse.prototype.assignSocket for node.js 0.8.
- *
- * @param {ServerResponse} res
- * @param {function} callback
- * @private
- */
-
-// istanbul ignore next: node.js 0.8 patch
-function patchAssignSocket (res, callback) {
-  var assignSocket = res.assignSocket
-
-  if (typeof assignSocket !== 'function') return
-
-  // res.on('socket', callback) is broken in 0.8
-  res.assignSocket = function _assignSocket (socket) {
-    assignSocket.call(this, socket)
-    callback(socket)
-  }
-}
-
-/**
- * Try to require async_hooks
- * @private
- */
-
-function tryRequireAsyncHooks () {
-  try {
-    return require('async_hooks')
-  } catch (e) {
-    return {}
-  }
-}
-
-/**
- * Wrap function with async resource, if possible.
- * AsyncResource.bind static method backported.
- * @private
- */
-
-function wrap (fn) {
-  var res
-
-  // create anonymous resource
-  if (asyncHooks.AsyncResource) {
-    res = new asyncHooks.AsyncResource(fn.name || 'bound-anonymous-fn')
-  }
-
-  // incompatible node.js
-  if (!res || !res.runInAsyncScope) {
-    return fn
-  }
-
-  // return bound function
-  return res.runInAsyncScope.bind(res, fn, null)
-}
diff --git a/src/Servers/ExpressServer/node_modules/on-finished/package.json b/src/Servers/ExpressServer/node_modules/on-finished/package.json
deleted file mode 100644
index 644cd81..0000000
--- a/src/Servers/ExpressServer/node_modules/on-finished/package.json
+++ /dev/null
@@ -1,39 +0,0 @@
-{
-  "name": "on-finished",
-  "description": "Execute a callback when a request closes, finishes, or errors",
-  "version": "2.4.1",
-  "contributors": [
-    "Douglas Christopher Wilson <doug@somethingdoug.com>",
-    "Jonathan Ong <me@jongleberry.com> (http://jongleberry.com)"
-  ],
-  "license": "MIT",
-  "repository": "jshttp/on-finished",
-  "dependencies": {
-    "ee-first": "1.1.1"
-  },
-  "devDependencies": {
-    "eslint": "7.32.0",
-    "eslint-config-standard": "14.1.1",
-    "eslint-plugin-import": "2.25.4",
-    "eslint-plugin-markdown": "2.2.1",
-    "eslint-plugin-node": "11.1.0",
-    "eslint-plugin-promise": "5.2.0",
-    "eslint-plugin-standard": "4.1.0",
-    "mocha": "9.2.1",
-    "nyc": "15.1.0"
-  },
-  "engines": {
-    "node": ">= 0.8"
-  },
-  "files": [
-    "HISTORY.md",
-    "LICENSE",
-    "index.js"
-  ],
-  "scripts": {
-    "lint": "eslint .",
-    "test": "mocha --reporter spec --bail --check-leaks test/",
-    "test-ci": "nyc --reporter=lcovonly --reporter=text npm test",
-    "test-cov": "nyc --reporter=html --reporter=text npm test"
-  }
-}
diff --git a/src/Servers/ExpressServer/node_modules/parseurl/HISTORY.md b/src/Servers/ExpressServer/node_modules/parseurl/HISTORY.md
deleted file mode 100644
index 8e40954..0000000
--- a/src/Servers/ExpressServer/node_modules/parseurl/HISTORY.md
+++ /dev/null
@@ -1,58 +0,0 @@
-1.3.3 / 2019-04-15
-==================
-
-  * Fix Node.js 0.8 return value inconsistencies
-
-1.3.2 / 2017-09-09
-==================
-
-  * perf: reduce overhead for full URLs
-  * perf: unroll the "fast-path" `RegExp`
-
-1.3.1 / 2016-01-17
-==================
-
-  * perf: enable strict mode
-
-1.3.0 / 2014-08-09
-==================
-
-  * Add `parseurl.original` for parsing `req.originalUrl` with fallback
-  * Return `undefined` if `req.url` is `undefined`
-
-1.2.0 / 2014-07-21
-==================
-
-  * Cache URLs based on original value
-  * Remove no-longer-needed URL mis-parse work-around
-  * Simplify the "fast-path" `RegExp`
-
-1.1.3 / 2014-07-08
-==================
-
-  * Fix typo
-
-1.1.2 / 2014-07-08
-==================
-
-  * Seriously fix Node.js 0.8 compatibility
-
-1.1.1 / 2014-07-08
-==================
-
-  * Fix Node.js 0.8 compatibility
-
-1.1.0 / 2014-07-08
-==================
-
-  * Incorporate URL href-only parse fast-path
-
-1.0.1 / 2014-03-08
-==================
-
-  * Add missing `require`
-
-1.0.0 / 2014-03-08
-==================
-
-  * Genesis from `connect`
diff --git a/src/Servers/ExpressServer/node_modules/parseurl/LICENSE b/src/Servers/ExpressServer/node_modules/parseurl/LICENSE
deleted file mode 100644
index 27653d3..0000000
--- a/src/Servers/ExpressServer/node_modules/parseurl/LICENSE
+++ /dev/null
@@ -1,24 +0,0 @@
-
-(The MIT License)
-
-Copyright (c) 2014 Jonathan Ong <me@jongleberry.com>
-Copyright (c) 2014-2017 Douglas Christopher Wilson <doug@somethingdoug.com>
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-'Software'), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
-CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
-TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
-SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/parseurl/README.md b/src/Servers/ExpressServer/node_modules/parseurl/README.md
deleted file mode 100644
index 443e716..0000000
--- a/src/Servers/ExpressServer/node_modules/parseurl/README.md
+++ /dev/null
@@ -1,133 +0,0 @@
-# parseurl
-
-[![NPM Version][npm-version-image]][npm-url]
-[![NPM Downloads][npm-downloads-image]][npm-url]
-[![Node.js Version][node-image]][node-url]
-[![Build Status][travis-image]][travis-url]
-[![Test Coverage][coveralls-image]][coveralls-url]
-
-Parse a URL with memoization.
-
-## Install
-
-This is a [Node.js](https://nodejs.org/en/) module available through the
-[npm registry](https://www.npmjs.com/). Installation is done using the
-[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
-
-```sh
-$ npm install parseurl
-```
-
-## API
-
-```js
-var parseurl = require('parseurl')
-```
-
-### parseurl(req)
-
-Parse the URL of the given request object (looks at the `req.url` property)
-and return the result. The result is the same as `url.parse` in Node.js core.
-Calling this function multiple times on the same `req` where `req.url` does
-not change will return a cached parsed object, rather than parsing again.
-
-### parseurl.original(req)
-
-Parse the original URL of the given request object and return the result.
-This works by trying to parse `req.originalUrl` if it is a string, otherwise
-parses `req.url`. The result is the same as `url.parse` in Node.js core.
-Calling this function multiple times on the same `req` where `req.originalUrl`
-does not change will return a cached parsed object, rather than parsing again.
-
-## Benchmark
-
-```bash
-$ npm run-script bench
-
-> parseurl@1.3.3 bench nodejs-parseurl
-> node benchmark/index.js
-
-  http_parser@2.8.0
-  node@10.6.0
-  v8@6.7.288.46-node.13
-  uv@1.21.0
-  zlib@1.2.11
-  ares@1.14.0
-  modules@64
-  nghttp2@1.32.0
-  napi@3
-  openssl@1.1.0h
-  icu@61.1
-  unicode@10.0
-  cldr@33.0
-  tz@2018c
-
-> node benchmark/fullurl.js
-
-  Parsing URL "http://localhost:8888/foo/bar?user=tj&pet=fluffy"
-
-  4 tests completed.
-
-  fasturl            x 2,207,842 ops/sec ±3.76% (184 runs sampled)
-  nativeurl - legacy x   507,180 ops/sec ±0.82% (191 runs sampled)
-  nativeurl - whatwg x   290,044 ops/sec ±1.96% (189 runs sampled)
-  parseurl           x   488,907 ops/sec ±2.13% (192 runs sampled)
-
-> node benchmark/pathquery.js
-
-  Parsing URL "/foo/bar?user=tj&pet=fluffy"
-
-  4 tests completed.
-
-  fasturl            x 3,812,564 ops/sec ±3.15% (188 runs sampled)
-  nativeurl - legacy x 2,651,631 ops/sec ±1.68% (189 runs sampled)
-  nativeurl - whatwg x   161,837 ops/sec ±2.26% (189 runs sampled)
-  parseurl           x 4,166,338 ops/sec ±2.23% (184 runs sampled)
-
-> node benchmark/samerequest.js
-
-  Parsing URL "/foo/bar?user=tj&pet=fluffy" on same request object
-
-  4 tests completed.
-
-  fasturl            x  3,821,651 ops/sec ±2.42% (185 runs sampled)
-  nativeurl - legacy x  2,651,162 ops/sec ±1.90% (187 runs sampled)
-  nativeurl - whatwg x    175,166 ops/sec ±1.44% (188 runs sampled)
-  parseurl           x 14,912,606 ops/sec ±3.59% (183 runs sampled)
-
-> node benchmark/simplepath.js
-
-  Parsing URL "/foo/bar"
-
-  4 tests completed.
-
-  fasturl            x 12,421,765 ops/sec ±2.04% (191 runs sampled)
-  nativeurl - legacy x  7,546,036 ops/sec ±1.41% (188 runs sampled)
-  nativeurl - whatwg x    198,843 ops/sec ±1.83% (189 runs sampled)
-  parseurl           x 24,244,006 ops/sec ±0.51% (194 runs sampled)
-
-> node benchmark/slash.js
-
-  Parsing URL "/"
-
-  4 tests completed.
-
-  fasturl            x 17,159,456 ops/sec ±3.25% (188 runs sampled)
-  nativeurl - legacy x 11,635,097 ops/sec ±3.79% (184 runs sampled)
-  nativeurl - whatwg x    240,693 ops/sec ±0.83% (189 runs sampled)
-  parseurl           x 42,279,067 ops/sec ±0.55% (190 runs sampled)
-```
-
-## License
-
-  [MIT](LICENSE)
-
-[coveralls-image]: https://badgen.net/coveralls/c/github/pillarjs/parseurl/master
-[coveralls-url]: https://coveralls.io/r/pillarjs/parseurl?branch=master
-[node-image]: https://badgen.net/npm/node/parseurl
-[node-url]: https://nodejs.org/en/download
-[npm-downloads-image]: https://badgen.net/npm/dm/parseurl
-[npm-url]: https://npmjs.org/package/parseurl
-[npm-version-image]: https://badgen.net/npm/v/parseurl
-[travis-image]: https://badgen.net/travis/pillarjs/parseurl/master
-[travis-url]: https://travis-ci.org/pillarjs/parseurl
diff --git a/src/Servers/ExpressServer/node_modules/parseurl/index.js b/src/Servers/ExpressServer/node_modules/parseurl/index.js
deleted file mode 100644
index ece7223..0000000
--- a/src/Servers/ExpressServer/node_modules/parseurl/index.js
+++ /dev/null
@@ -1,158 +0,0 @@
-/*!
- * parseurl
- * Copyright(c) 2014 Jonathan Ong
- * Copyright(c) 2014-2017 Douglas Christopher Wilson
- * MIT Licensed
- */
-
-'use strict'
-
-/**
- * Module dependencies.
- * @private
- */
-
-var url = require('url')
-var parse = url.parse
-var Url = url.Url
-
-/**
- * Module exports.
- * @public
- */
-
-module.exports = parseurl
-module.exports.original = originalurl
-
-/**
- * Parse the `req` url with memoization.
- *
- * @param {ServerRequest} req
- * @return {Object}
- * @public
- */
-
-function parseurl (req) {
-  var url = req.url
-
-  if (url === undefined) {
-    // URL is undefined
-    return undefined
-  }
-
-  var parsed = req._parsedUrl
-
-  if (fresh(url, parsed)) {
-    // Return cached URL parse
-    return parsed
-  }
-
-  // Parse the URL
-  parsed = fastparse(url)
-  parsed._raw = url
-
-  return (req._parsedUrl = parsed)
-};
-
-/**
- * Parse the `req` original url with fallback and memoization.
- *
- * @param {ServerRequest} req
- * @return {Object}
- * @public
- */
-
-function originalurl (req) {
-  var url = req.originalUrl
-
-  if (typeof url !== 'string') {
-    // Fallback
-    return parseurl(req)
-  }
-
-  var parsed = req._parsedOriginalUrl
-
-  if (fresh(url, parsed)) {
-    // Return cached URL parse
-    return parsed
-  }
-
-  // Parse the URL
-  parsed = fastparse(url)
-  parsed._raw = url
-
-  return (req._parsedOriginalUrl = parsed)
-};
-
-/**
- * Parse the `str` url with fast-path short-cut.
- *
- * @param {string} str
- * @return {Object}
- * @private
- */
-
-function fastparse (str) {
-  if (typeof str !== 'string' || str.charCodeAt(0) !== 0x2f /* / */) {
-    return parse(str)
-  }
-
-  var pathname = str
-  var query = null
-  var search = null
-
-  // This takes the regexp from https://github.com/joyent/node/pull/7878
-  // Which is /^(\/[^?#\s]*)(\?[^#\s]*)?$/
-  // And unrolls it into a for loop
-  for (var i = 1; i < str.length; i++) {
-    switch (str.charCodeAt(i)) {
-      case 0x3f: /* ?  */
-        if (search === null) {
-          pathname = str.substring(0, i)
-          query = str.substring(i + 1)
-          search = str.substring(i)
-        }
-        break
-      case 0x09: /* \t */
-      case 0x0a: /* \n */
-      case 0x0c: /* \f */
-      case 0x0d: /* \r */
-      case 0x20: /*    */
-      case 0x23: /* #  */
-      case 0xa0:
-      case 0xfeff:
-        return parse(str)
-    }
-  }
-
-  var url = Url !== undefined
-    ? new Url()
-    : {}
-
-  url.path = str
-  url.href = str
-  url.pathname = pathname
-
-  if (search !== null) {
-    url.query = query
-    url.search = search
-  }
-
-  return url
-}
-
-/**
- * Determine if parsed is still fresh for url.
- *
- * @param {string} url
- * @param {object} parsedUrl
- * @return {boolean}
- * @private
- */
-
-function fresh (url, parsedUrl) {
-  return typeof parsedUrl === 'object' &&
-    parsedUrl !== null &&
-    (Url === undefined || parsedUrl instanceof Url) &&
-    parsedUrl._raw === url
-}
diff --git a/src/Servers/ExpressServer/node_modules/parseurl/package.json b/src/Servers/ExpressServer/node_modules/parseurl/package.json
deleted file mode 100644
index 6b443ca..0000000
--- a/src/Servers/ExpressServer/node_modules/parseurl/package.json
+++ /dev/null
@@ -1,40 +0,0 @@
-{
-  "name": "parseurl",
-  "description": "parse a url with memoization",
-  "version": "1.3.3",
-  "contributors": [
-    "Douglas Christopher Wilson <doug@somethingdoug.com>",
-    "Jonathan Ong <me@jongleberry.com> (http://jongleberry.com)"
-  ],
-  "repository": "pillarjs/parseurl",
-  "license": "MIT",
-  "devDependencies": {
-    "beautify-benchmark": "0.2.4",
-    "benchmark": "2.1.4",
-    "eslint": "5.16.0",
-    "eslint-config-standard": "12.0.0",
-    "eslint-plugin-import": "2.17.1",
-    "eslint-plugin-node": "7.0.1",
-    "eslint-plugin-promise": "4.1.1",
-    "eslint-plugin-standard": "4.0.0",
-    "fast-url-parser": "1.1.3",
-    "istanbul": "0.4.5",
-    "mocha": "6.1.3"
-  },
-  "files": [
-    "LICENSE",
-    "HISTORY.md",
-    "README.md",
-    "index.js"
-  ],
-  "engines": {
-    "node": ">= 0.8"
-  },
-  "scripts": {
-    "bench": "node benchmark/index.js",
-    "lint": "eslint .",
-    "test": "mocha --check-leaks --bail --reporter spec test/",
-    "test-cov": "istanbul cover node_modules/mocha/bin/_mocha -- --check-leaks --reporter dot test/",
-    "test-travis": "istanbul cover node_modules/mocha/bin/_mocha --report lcovonly -- --check-leaks --reporter spec test/"
-  }
-}
diff --git a/src/Servers/ExpressServer/node_modules/path-to-regexp/LICENSE b/src/Servers/ExpressServer/node_modules/path-to-regexp/LICENSE
deleted file mode 100644
index 983fbe8..0000000
--- a/src/Servers/ExpressServer/node_modules/path-to-regexp/LICENSE
+++ /dev/null
@@ -1,21 +0,0 @@
-The MIT License (MIT)
-
-Copyright (c) 2014 Blake Embrey (hello@blakeembrey.com)
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/path-to-regexp/Readme.md b/src/Servers/ExpressServer/node_modules/path-to-regexp/Readme.md
deleted file mode 100644
index 95452a6..0000000
--- a/src/Servers/ExpressServer/node_modules/path-to-regexp/Readme.md
+++ /dev/null
@@ -1,35 +0,0 @@
-# Path-to-RegExp
-
-Turn an Express-style path string such as `/user/:name` into a regular expression.
-
-**Note:** This is a legacy branch. You should upgrade to `1.x`.
-
-## Usage
-
-```javascript
-var pathToRegexp = require('path-to-regexp');
-```
-
-### pathToRegexp(path, keys, options)
-
- - **path** A string in the express format, an array of such strings, or a regular expression
- - **keys** An array to be populated with the keys present in the url.  Once the function completes, this will be an array of strings.
- - **options**
-   - **options.sensitive** Defaults to false, set this to true to make routes case sensitive
-   - **options.strict** Defaults to false, set this to true to make the trailing slash matter.
-   - **options.end** Defaults to true, set this to false to only match the prefix of the URL.
-
-```javascript
-var keys = [];
-var exp = pathToRegexp('/foo/:bar', keys);
-//keys = ['bar']
-//exp = /^\/foo\/(?:([^\/]+?))\/?$/i
-```
-
-## Live Demo
-
-You can see a live demo of this library in use at [express-route-tester](http://forbeslindesay.github.com/express-route-tester/).
-
-## License
-
-  MIT
diff --git a/src/Servers/ExpressServer/node_modules/path-to-regexp/index.js b/src/Servers/ExpressServer/node_modules/path-to-regexp/index.js
deleted file mode 100644
index 95d2f4b..0000000
--- a/src/Servers/ExpressServer/node_modules/path-to-regexp/index.js
+++ /dev/null
@@ -1,156 +0,0 @@
-/**
- * Expose `pathToRegexp`.
- */
-
-module.exports = pathToRegexp;
-
-/**
- * Match matching groups in a regular expression.
- */
-var MATCHING_GROUP_REGEXP = /\\.|\((?:\?<(.*?)>)?(?!\?)/g;
-
-/**
- * Normalize the given path string,
- * returning a regular expression.
- *
- * An empty array should be passed,
- * which will contain the placeholder
- * key names. For example "/user/:id" will
- * then contain ["id"].
- *
- * @param  {String|RegExp|Array} path
- * @param  {Array} keys
- * @param  {Object} options
- * @return {RegExp}
- * @api private
- */
-
-function pathToRegexp(path, keys, options) {
-  options = options || {};
-  keys = keys || [];
-  var strict = options.strict;
-  var end = options.end !== false;
-  var flags = options.sensitive ? '' : 'i';
-  var lookahead = options.lookahead !== false;
-  var extraOffset = 0;
-  var keysOffset = keys.length;
-  var i = 0;
-  var name = 0;
-  var pos = 0;
-  var backtrack = '';
-  var m;
-
-  if (path instanceof RegExp) {
-    while (m = MATCHING_GROUP_REGEXP.exec(path.source)) {
-      if (m[0][0] === '\\') continue;
-
-      keys.push({
-        name: m[1] || name++,
-        optional: false,
-        offset: m.index
-      });
-    }
-
-    return path;
-  }
-
-  if (Array.isArray(path)) {
-    // Map array parts into regexps and return their source. We also pass
-    // the same keys and options instance into every generation to get
-    // consistent matching groups before we join the sources together.
-    path = path.map(function (value) {
-      return pathToRegexp(value, keys, options).source;
-    });
-
-    return new RegExp(path.join('|'), flags);
-  }
-
-  if (typeof path !== 'string') {
-    throw new TypeError('path must be a string, array of strings, or regular expression');
-  }
-
-  path = path.replace(
-    /\\.|(\/)?(\.)?:(\w+)(\(.*?\))?(\*)?(\?)?|[.*]|\/\(/g,
-    function (match, slash, format, key, capture, star, optional, offset) {
-      if (match[0] === '\\') {
-        backtrack += match;
-        pos += 2;
-        return match;
-      }
-
-      if (match === '.') {
-        backtrack += '\\.';
-        extraOffset += 1;
-        pos += 1;
-        return '\\.';
-      }
-
-      if (slash || format) {
-        backtrack = '';
-      } else {
-        backtrack += path.slice(pos, offset);
-      }
-
-      pos = offset + match.length;
-
-      if (match === '*') {
-        extraOffset += 3;
-        return '(.*)';
-      }
-
-      if (match === '/(') {
-        backtrack += '/';
-        extraOffset += 2;
-        return '/(?:';
-      }
-
-      slash = slash || '';
-      format = format ? '\\.' : '';
-      optional = optional || '';
-      capture = capture ?
-        capture.replace(/\\.|\*/, function (m) { return m === '*' ? '(.*)' : m; }) :
-        (backtrack ? '((?:(?!/|' + backtrack + ').)+?)' : '([^/' + format + ']+?)');
-
-      keys.push({
-        name: key,
-        optional: !!optional,
-        offset: offset + extraOffset
-      });
-
-      var result = '(?:'
-        + format + slash + capture
-        + (star ? '((?:[/' + format + '].+?)?)' : '')
-        + ')'
-        + optional;
-
-      extraOffset += result.length - match.length;
-
-      return result;
-    });
-
-  // This is a workaround for handling unnamed matching groups.
-  while (m = MATCHING_GROUP_REGEXP.exec(path)) {
-    if (m[0][0] === '\\') continue;
-
-    if (keysOffset + i === keys.length || keys[keysOffset + i].offset > m.index) {
-      keys.splice(keysOffset + i, 0, {
-        name: name++, // Unnamed matching groups must be consistently linear.
-        optional: false,
-        offset: m.index
-      });
-    }
-
-    i++;
-  }
-
-  path += strict ? '' : path[path.length - 1] === '/' ? '?' : '/?';
-
-  // If the path is non-ending, match until the end or a slash.
-  if (end) {
-    path += '$';
-  } else if (path[path.length - 1] !== '/') {
-    path += lookahead ? '(?=/|$)' : '(?:/|$)';
-  }
-
-  return new RegExp('^' + path, flags);
-};
diff --git a/src/Servers/ExpressServer/node_modules/path-to-regexp/package.json b/src/Servers/ExpressServer/node_modules/path-to-regexp/package.json
deleted file mode 100644
index 23b4b6a..0000000
--- a/src/Servers/ExpressServer/node_modules/path-to-regexp/package.json
+++ /dev/null
@@ -1,30 +0,0 @@
-{
-  "name": "path-to-regexp",
-  "description": "Express style path to RegExp utility",
-  "version": "0.1.12",
-  "files": [
-    "index.js",
-    "LICENSE"
-  ],
-  "scripts": {
-    "test": "istanbul cover _mocha -- -R spec"
-  },
-  "keywords": [
-    "express",
-    "regexp"
-  ],
-  "component": {
-    "scripts": {
-      "path-to-regexp": "index.js"
-    }
-  },
-  "license": "MIT",
-  "repository": {
-    "type": "git",
-    "url": "https://github.com/pillarjs/path-to-regexp.git"
-  },
-  "devDependencies": {
-    "mocha": "^1.17.1",
-    "istanbul": "^0.2.6"
-  }
-}
diff --git a/src/Servers/ExpressServer/node_modules/proxy-addr/HISTORY.md b/src/Servers/ExpressServer/node_modules/proxy-addr/HISTORY.md
deleted file mode 100644
index 8480242..0000000
--- a/src/Servers/ExpressServer/node_modules/proxy-addr/HISTORY.md
+++ /dev/null
@@ -1,161 +0,0 @@
-2.0.7 / 2021-05-31
-==================
-
-  * deps: forwarded@0.2.0
-    - Use `req.socket` over deprecated `req.connection`
-
-2.0.6 / 2020-02-24
-==================
-
-  * deps: ipaddr.js@1.9.1
-
-2.0.5 / 2019-04-16
-==================
-
-  * deps: ipaddr.js@1.9.0
-
-2.0.4 / 2018-07-26
-==================
-
-  * deps: ipaddr.js@1.8.0
-
-2.0.3 / 2018-02-19
-==================
-
-  * deps: ipaddr.js@1.6.0
-
-2.0.2 / 2017-09-24
-==================
-
-  * deps: forwarded@~0.1.2
-    - perf: improve header parsing
-    - perf: reduce overhead when no `X-Forwarded-For` header
-
-2.0.1 / 2017-09-10
-==================
-
-  * deps: forwarded@~0.1.1
-    - Fix trimming leading / trailing OWS
-    - perf: hoist regular expression
-  * deps: ipaddr.js@1.5.2
-
-2.0.0 / 2017-08-08
-==================
-
-  * Drop support for Node.js below 0.10
-
-1.1.5 / 2017-07-25
-==================
-
-  * Fix array argument being altered
-  * deps: ipaddr.js@1.4.0
-
-1.1.4 / 2017-03-24
-==================
-
-  * deps: ipaddr.js@1.3.0
-
-1.1.3 / 2017-01-14
-==================
-
-  * deps: ipaddr.js@1.2.0
-
-1.1.2 / 2016-05-29
-==================
-
-  * deps: ipaddr.js@1.1.1
-    - Fix IPv6-mapped IPv4 validation edge cases
-
-1.1.1 / 2016-05-03
-==================
-
-  * Fix regression matching mixed versions against multiple subnets
-
-1.1.0 / 2016-05-01
-==================
-
-  * Fix accepting various invalid netmasks
-    - IPv4 netmasks must be contingous
-    - IPv6 addresses cannot be used as a netmask
-  * deps: ipaddr.js@1.1.0
-
-1.0.10 / 2015-12-09
-===================
-
-  * deps: ipaddr.js@1.0.5
-    - Fix regression in `isValid` with non-string arguments
-
-1.0.9 / 2015-12-01
-==================
-
-  * deps: ipaddr.js@1.0.4
-    - Fix accepting some invalid IPv6 addresses
-    - Reject CIDRs with negative or overlong masks
-  * perf: enable strict mode
-
-1.0.8 / 2015-05-10
-==================
-
-  * deps: ipaddr.js@1.0.1
-
-1.0.7 / 2015-03-16
-==================
-
-  * deps: ipaddr.js@0.1.9
-    - Fix OOM on certain inputs to `isValid`
-
-1.0.6 / 2015-02-01
-==================
-
-  * deps: ipaddr.js@0.1.8
-
-1.0.5 / 2015-01-08
-==================
-
-  * deps: ipaddr.js@0.1.6
-
-1.0.4 / 2014-11-23
-==================
-
-  * deps: ipaddr.js@0.1.5
-    - Fix edge cases with `isValid`
-
-1.0.3 / 2014-09-21
-==================
-
-  * Use `forwarded` npm module
-
-1.0.2 / 2014-09-18
-==================
-
-  * Fix a global leak when multiple subnets are trusted
-  * Support Node.js 0.6
-  * deps: ipaddr.js@0.1.3
-
-1.0.1 / 2014-06-03
-==================
-
-  * Fix links in npm package
-
-1.0.0 / 2014-05-08
-==================
-
-  * Add `trust` argument to determine proxy trust on
-    * Accepts custom function
-    * Accepts IPv4/IPv6 address(es)
-    * Accepts subnets
-    * Accepts pre-defined names
-  * Add optional `trust` argument to `proxyaddr.all` to
-    stop at first untrusted
-  * Add `proxyaddr.compile` to pre-compile `trust` function
-    to make subsequent calls faster
-
-0.0.1 / 2014-05-04
-==================
-
-  * Fix bad npm publish
-
-0.0.0 / 2014-05-04
-==================
-
-  * Initial release
diff --git a/src/Servers/ExpressServer/node_modules/proxy-addr/LICENSE b/src/Servers/ExpressServer/node_modules/proxy-addr/LICENSE
deleted file mode 100644
index cab251c..0000000
--- a/src/Servers/ExpressServer/node_modules/proxy-addr/LICENSE
+++ /dev/null
@@ -1,22 +0,0 @@
-(The MIT License)
-
-Copyright (c) 2014-2016 Douglas Christopher Wilson
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-'Software'), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
-CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
-TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
-SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/proxy-addr/README.md b/src/Servers/ExpressServer/node_modules/proxy-addr/README.md
deleted file mode 100644
index 69c0b63..0000000
--- a/src/Servers/ExpressServer/node_modules/proxy-addr/README.md
+++ /dev/null
@@ -1,139 +0,0 @@
-# proxy-addr
-
-[![NPM Version][npm-version-image]][npm-url]
-[![NPM Downloads][npm-downloads-image]][npm-url]
-[![Node.js Version][node-image]][node-url]
-[![Build Status][ci-image]][ci-url]
-[![Test Coverage][coveralls-image]][coveralls-url]
-
-Determine address of proxied request
-
-## Install
-
-This is a [Node.js](https://nodejs.org/en/) module available through the
-[npm registry](https://www.npmjs.com/). Installation is done using the
-[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
-
-```sh
-$ npm install proxy-addr
-```
-
-## API
-
-```js
-var proxyaddr = require('proxy-addr')
-```
-
-### proxyaddr(req, trust)
-
-Return the address of the request, using the given `trust` parameter.
-
-The `trust` argument is a function that returns `true` if you trust
-the address, `false` if you don't. The closest untrusted address is
-returned.
-
-```js
-proxyaddr(req, function (addr) { return addr === '127.0.0.1' })
-proxyaddr(req, function (addr, i) { return i < 1 })
-```
-
-The `trust` arugment may also be a single IP address string or an
-array of trusted addresses, as plain IP addresses, CIDR-formatted
-strings, or IP/netmask strings.
-
-```js
-proxyaddr(req, '127.0.0.1')
-proxyaddr(req, ['127.0.0.0/8', '10.0.0.0/8'])
-proxyaddr(req, ['127.0.0.0/255.0.0.0', '192.168.0.0/255.255.0.0'])
-```
-
-This module also supports IPv6. Your IPv6 addresses will be normalized
-automatically (i.e. `fe80::00ed:1` equals `fe80:0:0:0:0:0:ed:1`).
-
-```js
-proxyaddr(req, '::1')
-proxyaddr(req, ['::1/128', 'fe80::/10'])
-```
-
-This module will automatically work with IPv4-mapped IPv6 addresses
-as well to support node.js in IPv6-only mode. This means that you do
-not have to specify both `::ffff:a00:1` and `10.0.0.1`.
-
-As a convenience, this module also takes certain pre-defined names
-in addition to IP addresses, which expand into IP addresses:
-
-```js
-proxyaddr(req, 'loopback')
-proxyaddr(req, ['loopback', 'fc00:ac:1ab5:fff::1/64'])
-```
-
-  * `loopback`: IPv4 and IPv6 loopback addresses (like `::1` and
-    `127.0.0.1`).
-  * `linklocal`: IPv4 and IPv6 link-local addresses (like
-    `fe80::1:1:1:1` and `169.254.0.1`).
-  * `uniquelocal`: IPv4 private addresses and IPv6 unique-local
-    addresses (like `fc00:ac:1ab5:fff::1` and `192.168.0.1`).
-
-When `trust` is specified as a function, it will be called for each
-address to determine if it is a trusted address. The function is
-given two arguments: `addr` and `i`, where `addr` is a string of
-the address to check and `i` is a number that represents the distance
-from the socket address.
-
-### proxyaddr.all(req, [trust])
-
-Return all the addresses of the request, optionally stopping at the
-first untrusted. This array is ordered from closest to furthest
-(i.e. `arr[0] === req.connection.remoteAddress`).
-
-```js
-proxyaddr.all(req)
-```
-
-The optional `trust` argument takes the same arguments as `trust`
-does in `proxyaddr(req, trust)`.
-
-```js
-proxyaddr.all(req, 'loopback')
-```
-
-### proxyaddr.compile(val)
-
-Compiles argument `val` into a `trust` function. This function takes
-the same arguments as `trust` does in `proxyaddr(req, trust)` and
-returns a function suitable for `proxyaddr(req, trust)`.
-
-```js
-var trust = proxyaddr.compile('loopback')
-var addr = proxyaddr(req, trust)
-```
-
-This function is meant to be optimized for use against every request.
-It is recommend to compile a trust function up-front for the trusted
-configuration and pass that to `proxyaddr(req, trust)` for each request.
-
-## Testing
-
-```sh
-$ npm test
-```
-
-## Benchmarks
-
-```sh
-$ npm run-script bench
-```
-
-## License
-
-[MIT](LICENSE)
-
-[ci-image]: https://badgen.net/github/checks/jshttp/proxy-addr/master?label=ci
-[ci-url]: https://github.com/jshttp/proxy-addr/actions?query=workflow%3Aci
-[coveralls-image]: https://badgen.net/coveralls/c/github/jshttp/proxy-addr/master
-[coveralls-url]: https://coveralls.io/r/jshttp/proxy-addr?branch=master
-[node-image]: https://badgen.net/npm/node/proxy-addr
-[node-url]: https://nodejs.org/en/download
-[npm-downloads-image]: https://badgen.net/npm/dm/proxy-addr
-[npm-url]: https://npmjs.org/package/proxy-addr
-[npm-version-image]: https://badgen.net/npm/v/proxy-addr
diff --git a/src/Servers/ExpressServer/node_modules/proxy-addr/index.js b/src/Servers/ExpressServer/node_modules/proxy-addr/index.js
deleted file mode 100644
index a909b05..0000000
--- a/src/Servers/ExpressServer/node_modules/proxy-addr/index.js
+++ /dev/null
@@ -1,327 +0,0 @@
-/*!
- * proxy-addr
- * Copyright(c) 2014-2016 Douglas Christopher Wilson
- * MIT Licensed
- */
-
-'use strict'
-
-/**
- * Module exports.
- * @public
- */
-
-module.exports = proxyaddr
-module.exports.all = alladdrs
-module.exports.compile = compile
-
-/**
- * Module dependencies.
- * @private
- */
-
-var forwarded = require('forwarded')
-var ipaddr = require('ipaddr.js')
-
-/**
- * Variables.
- * @private
- */
-
-var DIGIT_REGEXP = /^[0-9]+$/
-var isip = ipaddr.isValid
-var parseip = ipaddr.parse
-
-/**
- * Pre-defined IP ranges.
- * @private
- */
-
-var IP_RANGES = {
-  linklocal: ['169.254.0.0/16', 'fe80::/10'],
-  loopback: ['127.0.0.1/8', '::1/128'],
-  uniquelocal: ['10.0.0.0/8', '172.16.0.0/12', '192.168.0.0/16', 'fc00::/7']
-}
-
-/**
- * Get all addresses in the request, optionally stopping
- * at the first untrusted.
- *
- * @param {Object} request
- * @param {Function|Array|String} [trust]
- * @public
- */
-
-function alladdrs (req, trust) {
-  // get addresses
-  var addrs = forwarded(req)
-
-  if (!trust) {
-    // Return all addresses
-    return addrs
-  }
-
-  if (typeof trust !== 'function') {
-    trust = compile(trust)
-  }
-
-  for (var i = 0; i < addrs.length - 1; i++) {
-    if (trust(addrs[i], i)) continue
-
-    addrs.length = i + 1
-  }
-
-  return addrs
-}
-
-/**
- * Compile argument into trust function.
- *
- * @param {Array|String} val
- * @private
- */
-
-function compile (val) {
-  if (!val) {
-    throw new TypeError('argument is required')
-  }
-
-  var trust
-
-  if (typeof val === 'string') {
-    trust = [val]
-  } else if (Array.isArray(val)) {
-    trust = val.slice()
-  } else {
-    throw new TypeError('unsupported trust argument')
-  }
-
-  for (var i = 0; i < trust.length; i++) {
-    val = trust[i]
-
-    if (!Object.prototype.hasOwnProperty.call(IP_RANGES, val)) {
-      continue
-    }
-
-    // Splice in pre-defined range
-    val = IP_RANGES[val]
-    trust.splice.apply(trust, [i, 1].concat(val))
-    i += val.length - 1
-  }
-
-  return compileTrust(compileRangeSubnets(trust))
-}
-
-/**
- * Compile `arr` elements into range subnets.
- *
- * @param {Array} arr
- * @private
- */
-
-function compileRangeSubnets (arr) {
-  var rangeSubnets = new Array(arr.length)
-
-  for (var i = 0; i < arr.length; i++) {
-    rangeSubnets[i] = parseipNotation(arr[i])
-  }
-
-  return rangeSubnets
-}
-
-/**
- * Compile range subnet array into trust function.
- *
- * @param {Array} rangeSubnets
- * @private
- */
-
-function compileTrust (rangeSubnets) {
-  // Return optimized function based on length
-  var len = rangeSubnets.length
-  return len === 0
-    ? trustNone
-    : len === 1
-      ? trustSingle(rangeSubnets[0])
-      : trustMulti(rangeSubnets)
-}
-
-/**
- * Parse IP notation string into range subnet.
- *
- * @param {String} note
- * @private
- */
-
-function parseipNotation (note) {
-  var pos = note.lastIndexOf('/')
-  var str = pos !== -1
-    ? note.substring(0, pos)
-    : note
-
-  if (!isip(str)) {
-    throw new TypeError('invalid IP address: ' + str)
-  }
-
-  var ip = parseip(str)
-
-  if (pos === -1 && ip.kind() === 'ipv6' && ip.isIPv4MappedAddress()) {
-    // Store as IPv4
-    ip = ip.toIPv4Address()
-  }
-
-  var max = ip.kind() === 'ipv6'
-    ? 128
-    : 32
-
-  var range = pos !== -1
-    ? note.substring(pos + 1, note.length)
-    : null
-
-  if (range === null) {
-    range = max
-  } else if (DIGIT_REGEXP.test(range)) {
-    range = parseInt(range, 10)
-  } else if (ip.kind() === 'ipv4' && isip(range)) {
-    range = parseNetmask(range)
-  } else {
-    range = null
-  }
-
-  if (range <= 0 || range > max) {
-    throw new TypeError('invalid range on address: ' + note)
-  }
-
-  return [ip, range]
-}
-
-/**
- * Parse netmask string into CIDR range.
- *
- * @param {String} netmask
- * @private
- */
-
-function parseNetmask (netmask) {
-  var ip = parseip(netmask)
-  var kind = ip.kind()
-
-  return kind === 'ipv4'
-    ? ip.prefixLengthFromSubnetMask()
-    : null
-}
-
-/**
- * Determine address of proxied request.
- *
- * @param {Object} request
- * @param {Function|Array|String} trust
- * @public
- */
-
-function proxyaddr (req, trust) {
-  if (!req) {
-    throw new TypeError('req argument is required')
-  }
-
-  if (!trust) {
-    throw new TypeError('trust argument is required')
-  }
-
-  var addrs = alladdrs(req, trust)
-  var addr = addrs[addrs.length - 1]
-
-  return addr
-}
-
-/**
- * Static trust function to trust nothing.
- *
- * @private
- */
-
-function trustNone () {
-  return false
-}
-
-/**
- * Compile trust function for multiple subnets.
- *
- * @param {Array} subnets
- * @private
- */
-
-function trustMulti (subnets) {
-  return function trust (addr) {
-    if (!isip(addr)) return false
-
-    var ip = parseip(addr)
-    var ipconv
-    var kind = ip.kind()
-
-    for (var i = 0; i < subnets.length; i++) {
-      var subnet = subnets[i]
-      var subnetip = subnet[0]
-      var subnetkind = subnetip.kind()
-      var subnetrange = subnet[1]
-      var trusted = ip
-
-      if (kind !== subnetkind) {
-        if (subnetkind === 'ipv4' && !ip.isIPv4MappedAddress()) {
-          // Incompatible IP addresses
-          continue
-        }
-
-        if (!ipconv) {
-          // Convert IP to match subnet IP kind
-          ipconv = subnetkind === 'ipv4'
-            ? ip.toIPv4Address()
-            : ip.toIPv4MappedAddress()
-        }
-
-        trusted = ipconv
-      }
-
-      if (trusted.match(subnetip, subnetrange)) {
-        return true
-      }
-    }
-
-    return false
-  }
-}
-
-/**
- * Compile trust function for single subnet.
- *
- * @param {Object} subnet
- * @private
- */
-
-function trustSingle (subnet) {
-  var subnetip = subnet[0]
-  var subnetkind = subnetip.kind()
-  var subnetisipv4 = subnetkind === 'ipv4'
-  var subnetrange = subnet[1]
-
-  return function trust (addr) {
-    if (!isip(addr)) return false
-
-    var ip = parseip(addr)
-    var kind = ip.kind()
-
-    if (kind !== subnetkind) {
-      if (subnetisipv4 && !ip.isIPv4MappedAddress()) {
-        // Incompatible IP addresses
-        return false
-      }
-
-      // Convert IP to match subnet IP kind
-      ip = subnetisipv4
-        ? ip.toIPv4Address()
-        : ip.toIPv4MappedAddress()
-    }
-
-    return ip.match(subnetip, subnetrange)
-  }
-}
diff --git a/src/Servers/ExpressServer/node_modules/proxy-addr/package.json b/src/Servers/ExpressServer/node_modules/proxy-addr/package.json
deleted file mode 100644
index 24ba8f7..0000000
--- a/src/Servers/ExpressServer/node_modules/proxy-addr/package.json
+++ /dev/null
@@ -1,47 +0,0 @@
-{
-  "name": "proxy-addr",
-  "description": "Determine address of proxied request",
-  "version": "2.0.7",
-  "author": "Douglas Christopher Wilson <doug@somethingdoug.com>",
-  "license": "MIT",
-  "keywords": [
-    "ip",
-    "proxy",
-    "x-forwarded-for"
-  ],
-  "repository": "jshttp/proxy-addr",
-  "dependencies": {
-    "forwarded": "0.2.0",
-    "ipaddr.js": "1.9.1"
-  },
-  "devDependencies": {
-    "benchmark": "2.1.4",
-    "beautify-benchmark": "0.2.4",
-    "deep-equal": "1.0.1",
-    "eslint": "7.26.0",
-    "eslint-config-standard": "14.1.1",
-    "eslint-plugin-import": "2.23.4",
-    "eslint-plugin-markdown": "2.2.0",
-    "eslint-plugin-node": "11.1.0",
-    "eslint-plugin-promise": "4.3.1",
-    "eslint-plugin-standard": "4.1.0",
-    "mocha": "8.4.0",
-    "nyc": "15.1.0"
-  },
-  "files": [
-    "LICENSE",
-    "HISTORY.md",
-    "README.md",
-    "index.js"
-  ],
-  "engines": {
-    "node": ">= 0.10"
-  },
-  "scripts": {
-    "bench": "node benchmark/index.js",
-    "lint": "eslint .",
-    "test": "mocha --reporter spec --bail --check-leaks test/",
-    "test-ci": "nyc --reporter=lcov --reporter=text npm test",
-    "test-cov": "nyc --reporter=html --reporter=text npm test"
-  }
-}
diff --git a/src/Servers/ExpressServer/node_modules/qs/.editorconfig b/src/Servers/ExpressServer/node_modules/qs/.editorconfig
deleted file mode 100644
index dd5a8d8..0000000
--- a/src/Servers/ExpressServer/node_modules/qs/.editorconfig
+++ /dev/null
@@ -1,46 +0,0 @@
-root = true
-
-[*]
-indent_style = space
-indent_size = 4
-end_of_line = lf
-charset = utf-8
-trim_trailing_whitespace = true
-insert_final_newline = true
-max_line_length = 180
-quote_type = single
-
-[test/*]
-max_line_length = off
-
-[LICENSE.md]
-indent_size = off
-
-[*.md]
-max_line_length = off
-
-[*.json]
-max_line_length = off
-
-[Makefile]
-max_line_length = off
-
-[CHANGELOG.md]
-indent_style = space
-indent_size = 2
-
-[LICENSE]
-indent_size = 2
-max_line_length = off
-
-[coverage/**/*]
-indent_size = off
-indent_style = off
-indent = off
-max_line_length = off
-
-[.nycrc]
-indent_style = tab
-
-[tea.yaml]
-indent_size = 2
diff --git a/src/Servers/ExpressServer/node_modules/qs/.github/FUNDING.yml b/src/Servers/ExpressServer/node_modules/qs/.github/FUNDING.yml
deleted file mode 100644
index 0355f4f..0000000
--- a/src/Servers/ExpressServer/node_modules/qs/.github/FUNDING.yml
+++ /dev/null
@@ -1,12 +0,0 @@
-# These are supported funding model platforms
-
-github: [ljharb]
-patreon: # Replace with a single Patreon username
-open_collective: # Replace with a single Open Collective username
-ko_fi: # Replace with a single Ko-fi username
-tidelift: npm/qs
-community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
-liberapay: # Replace with a single Liberapay username
-issuehunt: # Replace with a single IssueHunt username
-otechie: # Replace with a single Otechie username
-custom: # Replace with a single custom sponsorship URL
diff --git a/src/Servers/ExpressServer/node_modules/qs/.github/SECURITY.md b/src/Servers/ExpressServer/node_modules/qs/.github/SECURITY.md
deleted file mode 100644
index b499cb6..0000000
--- a/src/Servers/ExpressServer/node_modules/qs/.github/SECURITY.md
+++ /dev/null
@@ -1,11 +0,0 @@
-# Security
-
-Please file a private vulnerability report via GitHub, email [@ljharb](https://github.com/ljharb), or see https://tidelift.com/security if you have a potential security vulnerability to report.
-
-## Incident Response Plan
-
-Please see our [Incident Response Plan](https://github.com/ljharb/.github/blob/main/INCIDENT_RESPONSE_PLAN.md).
-
-## Threat Model
-
-Please see [THREAT_MODEL.md](./THREAT_MODEL.md).
diff --git a/src/Servers/ExpressServer/node_modules/qs/.github/THREAT_MODEL.md b/src/Servers/ExpressServer/node_modules/qs/.github/THREAT_MODEL.md
deleted file mode 100644
index 7e6fef1..0000000
--- a/src/Servers/ExpressServer/node_modules/qs/.github/THREAT_MODEL.md
+++ /dev/null
@@ -1,78 +0,0 @@
-## Threat Model for qs (querystring parsing library)
-
-### 1. Library Overview
-
-- **Library Name:** qs
-- **Brief Description:** A JavaScript library for parsing and stringifying URL query strings, supporting nested objects and arrays. It is widely used in Node.js and web applications for processing query parameters[2][6][8].
-- **Key Public APIs/Functions:** `qs.parse()`, `qs.stringify()`
-
-### 2. Define Scope
-
-This threat model focuses on the core parsing and stringifying functionality, specifically the handling of nested objects and arrays, option validation, and cycle management in stringification.
-
-### 3. Conceptual System Diagram
-
-```
-Caller Application → qs.parse(input, options) → Parsing Engine → Output Object
-                           │
-                           └→ Options Handling
-
-Caller Application → qs.stringify(obj, options) → Stringifying Engine → Output String
-                           │
-                           └→ Options Handling
-                           └→ Cycle Tracking
-```
-
-**Trust Boundaries:**
-- **Input string (parse):** May come from untrusted sources (e.g., user input, network requests)
-- **Input object (stringify):** May contain cycles, which can lead to infinite loops during stringification
-- **Options:** Provided by the caller
-- **Cycle Tracking:** Used only during stringification to detect and handle circular references
-
-### 4. Identify Assets
-
-- **Integrity of parsed output:** Prevent malicious manipulation of the output object structure, especially ensuring builtins/globals are not modified as a result of parse[3][4][8].
-- **Confidentiality of processed data:** Avoid leaking sensitive information through errors or output.
-- **Availability/performance for host application:** Prevent crashes or resource exhaustion in the consuming application.
-- **Security of host application:** Prevent the library from being a vector for attacks (e.g., prototype pollution, DoS).
-- **Reputation of library:** Maintain trust by avoiding supply chain attacks and vulnerabilities[1].
-
-### 5. Identify Threats
-
-| Component / API / Interaction         | S  | T  | R  | I  | D  | E  |
-|---------------------------------------|----|----|----|----|----|----|
-| Public API Call (`parse`)             | –  | ✓  | –  | ✓  | ✓  | ✓  |
-| Public API Call (`stringify`)         | –  | ✓  | –  | ✓  | ✓  | –  |
-| Options Handling                      | ✓  | ✓  | –  | ✓  | –  | ✓  |
-| Dependency Interaction                | –  | –  | –  | –  | ✓  | –  |
-
-**Key Threats:**
-- **Tampering:** Malicious input can, if not prevented, alter parsed output (e.g., prototype pollution via `__proto__`, modification of builtins/globals)[3][4][8].
-- **Information Disclosure:** Error messages may expose internal details or sensitive data.
-- **Denial of Service:** Large or malformed input can exhaust memory or CPU.
-- **Elevation of Privilege:** Prototype pollution can lead to unintended privilege escalation in the host application[3][4][8].
-
-### 6. Mitigation/Countermeasures
-
-| Threat Identified                                 | Proposed Mitigation |
-|---------------------------------------------------|---------------------|
-| Tampering (malicious input, prototype pollution)  | Strict input validation; keep `allowPrototypes: false` by default; use `plainObjects` for output; ensure builtins/globals are never modified by parse[4][8]. |
-| Information Disclosure (error messages)           | Generic error messages without stack traces or internal paths. |
-| Denial of Service (memory/CPU exhaustion)         | Enforce `arrayLimit` and `parameterLimit` with safe defaults; enable `throwOnLimitExceeded`; limit nesting depth[7]. |
-| Elevation of Privilege (prototype pollution)      | Keep `allowPrototypes: false`; validate options against allowlist; use `plainObjects` to avoid prototype pollution[4][8]. |
-
-### 7. Risk Ranking
-
-- **High:** Denial of Service via array parsing or malformed input (historical vulnerability)
-- **Medium:** Prototype pollution via options or input (if `allowPrototypes` enabled)
-- **Low:** Information disclosure in errors
-
-### 8. Next Steps & Review
-
-1. **Audit option validation logic.**
-2. **Add depth limiting to nested parsing and stringification.**
-3. **Implement fuzz testing for parser and stringifier edge cases.**
-4. **Regularly review dependencies for vulnerabilities.**
-5. **Keep documentation and threat model up to date.**
-6. **Ensure builtins/globals are never modified as a result of parse.**
-7. **Support round-trip consistency between parse and stringify as a non-security goal, with the right options[5][9].**
diff --git a/src/Servers/ExpressServer/node_modules/qs/.nycrc b/src/Servers/ExpressServer/node_modules/qs/.nycrc
deleted file mode 100644
index 1d57cab..0000000
--- a/src/Servers/ExpressServer/node_modules/qs/.nycrc
+++ /dev/null
@@ -1,13 +0,0 @@
-{
-	"all": true,
-	"check-coverage": false,
-	"reporter": ["text-summary", "text", "html", "json"],
-	"lines": 86,
-	"statements": 85.93,
-	"functions": 82.43,
-	"branches": 76.06,
-	"exclude": [
-		"coverage",
-		"dist"
-	]
-}
diff --git a/src/Servers/ExpressServer/node_modules/qs/CHANGELOG.md b/src/Servers/ExpressServer/node_modules/qs/CHANGELOG.md
deleted file mode 100644
index 0d304ea..0000000
--- a/src/Servers/ExpressServer/node_modules/qs/CHANGELOG.md
+++ /dev/null
@@ -1,644 +0,0 @@
-## **6.14.2**
-- [Fix] `parse`: mark overflow objects for indexed notation exceeding `arrayLimit` (#546)
-- [Fix] `arrayLimit` means max count, not max index, in `combine`/`merge`/`parseArrayValue`
-- [Fix] `parse`: throw on `arrayLimit` exceeded with indexed notation when `throwOnLimitExceeded` is true (#529)
-- [Fix] `parse`: enforce `arrayLimit` on `comma`-parsed values
-- [Fix] `parse`: fix error message to reflect arrayLimit as max index; remove extraneous comments (#545)
-- [Robustness] avoid `.push`, use `void`
-- [readme] document that `addQueryPrefix` does not add `?` to empty output (#418)
-- [readme] clarify `parseArrays` and `arrayLimit` documentation (#543)
-- [readme] replace runkit CI badge with shields.io check-runs badge
-- [meta] fix changelog typo (`arrayLength` → `arrayLimit`)
-- [actions] fix rebase workflow permissions
-
-## **6.14.1**
-- [Fix] ensure `arrayLimit` applies to `[]` notation as well
-- [Fix] `parse`: when a custom decoder returns `null` for a key, ignore that key
-- [Refactor] `parse`: extract key segment splitting helper
-- [meta] add threat model
-- [actions] add workflow permissions
-- [Tests] `stringify`: increase coverage
-- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `npmignore`, `es-value-fixtures`, `for-each`, `object-inspect`
-
-## **6.14.0**
-- [New] `parse`: add `throwOnParameterLimitExceeded` option (#517)
-- [Refactor] `parse`: use `utils.combine` more
-- [patch] `parse`: add explicit `throwOnLimitExceeded` default
-- [actions] use shared action; re-add finishers
-- [meta] Fix changelog formatting bug
-- [Deps] update `side-channel`
-- [Dev Deps] update `es-value-fixtures`, `has-bigints`, `has-proto`, `has-symbols`
-- [Tests] increase coverage
-
-## **6.13.1**
-- [Fix] `stringify`: avoid a crash when a `filter` key is `null`
-- [Fix] `utils.merge`: functions should not be stringified into keys
-- [Fix] `parse`: avoid a crash with interpretNumericEntities: true, comma: true, and iso charset
-- [Fix] `stringify`: ensure a non-string `filter` does not crash
-- [Refactor] use `__proto__` syntax instead of `Object.create` for null objects
-- [Refactor] misc cleanup
-- [Tests] `utils.merge`: add some coverage
-- [Tests] fix a test case
-- [actions] split out node 10-20, and 20+
-- [Dev Deps] update `es-value-fixtures`, `mock-property`, `object-inspect`, `tape`
-
-## **6.13.0**
-- [New] `parse`: add `strictDepth` option (#511)
-- [Tests] use `npm audit` instead of `aud`
-
-## **6.12.3**
-- [Fix] `parse`: properly account for `strictNullHandling` when `allowEmptyArrays`
-- [meta] fix changelog indentation
-
-## **6.12.2**
-- [Fix] `parse`: parse encoded square brackets (#506)
-- [readme] add CII best practices badge
-
-## **6.12.1**
-- [Fix] `parse`: Disable `decodeDotInKeys` by default to restore previous behavior (#501)
-- [Performance] `utils`: Optimize performance under large data volumes, reduce memory usage, and speed up processing (#502)
-- [Refactor] `utils`: use `+=`
-- [Tests] increase coverage
-
-## **6.12.0**
-
-- [New] `parse`/`stringify`: add `decodeDotInKeys`/`encodeDotKeys` options (#488)
-- [New] `parse`: add `duplicates` option
-- [New] `parse`/`stringify`: add `allowEmptyArrays` option to allow [] in object values (#487)
-- [Refactor] `parse`/`stringify`: move allowDots config logic to its own variable
-- [Refactor] `stringify`: move option-handling code into `normalizeStringifyOptions`
-- [readme] update readme, add logos (#484)
-- [readme] `stringify`: clarify default `arrayFormat` behavior
-- [readme] fix line wrapping
-- [readme] remove dead badges
-- [Deps] update `side-channel`
-- [meta] make the dist build 50% smaller
-- [meta] add `sideEffects` flag
-- [meta] run build in prepack, not prepublish
-- [Tests] `parse`: remove useless tests; add coverage
-- [Tests] `stringify`: increase coverage
-- [Tests] use `mock-property`
-- [Tests] `stringify`: improve coverage
-- [Dev Deps] update `@ljharb/eslint-config `, `aud`, `has-override-mistake`, `has-property-descriptors`, `mock-property`, `npmignore`, `object-inspect`, `tape`
-- [Dev Deps] pin `glob`, since v10.3.8+ requires a broken `jackspeak`
-- [Dev Deps] pin `jackspeak` since 2.1.2+ depends on npm aliases, which kill the install process in npm < 6
-
-## **6.11.2**
-- [Fix] `parse`: Fix parsing when the global Object prototype is frozen (#473)
-- [Tests] add passing test cases with empty keys (#473)
-
-## **6.11.1**
-- [Fix] `stringify`: encode comma values more consistently (#463)
-- [readme] add usage of `filter` option for injecting custom serialization, i.e. of custom types (#447)
-- [meta] remove extraneous code backticks (#457)
-- [meta] fix changelog markdown
-- [actions] update checkout action
-- [actions] restrict action permissions
-- [Dev Deps] update `@ljharb/eslint-config`, `aud`, `object-inspect`, `tape`
-
-## **6.11.0**
-- [New] [Fix] `stringify`: revert 0e903c0; add `commaRoundTrip` option (#442)
-- [readme] fix version badge
-
-## **6.10.5**
-- [Fix] `stringify`: with `arrayFormat: comma`, properly include an explicit `[]` on a single-item array (#434)
-
-## **6.10.4**
-- [Fix] `stringify`: with `arrayFormat: comma`, include an explicit `[]` on a single-item array (#441)
-- [meta] use `npmignore` to autogenerate an npmignore file
-- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `aud`, `has-symbol`, `object-inspect`, `tape`
-
-## **6.10.3**
-- [Fix] `parse`: ignore `__proto__` keys (#428)
-- [Robustness] `stringify`: avoid relying on a global `undefined` (#427)
-- [actions] reuse common workflows
-- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `object-inspect`, `tape`
-
-## **6.10.2**
-- [Fix] `stringify`: actually fix cyclic references (#426)
-- [Fix] `stringify`: avoid encoding arrayformat comma when `encodeValuesOnly = true` (#424)
-- [readme] remove travis badge; add github actions/codecov badges; update URLs
-- [Docs] add note and links for coercing primitive values (#408)
-- [actions] update codecov uploader
-- [actions] update workflows
-- [Tests] clean up stringify tests slightly
-- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `aud`, `object-inspect`, `safe-publish-latest`, `tape`
-
-## **6.10.1**
-- [Fix] `stringify`: avoid exception on repeated object values (#402)
-
-## **6.10.0**
-- [New] `stringify`: throw on cycles, instead of an infinite loop (#395, #394, #393)
-- [New] `parse`: add `allowSparse` option for collapsing arrays with missing indices (#312)
-- [meta] fix README.md (#399)
-- [meta] only run `npm run dist` in publish, not install
-- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `aud`, `has-symbols`, `tape`
-- [Tests] fix tests on node v0.6
-- [Tests] use `ljharb/actions/node/install` instead of `ljharb/actions/node/run`
-- [Tests] Revert "[meta] ignore eclint transitive audit warning"
-
-## **6.9.7**
-- [Fix] `parse`: ignore `__proto__` keys (#428)
-- [Fix] `stringify`: avoid encoding arrayformat comma when `encodeValuesOnly = true` (#424)
-- [Robustness] `stringify`: avoid relying on a global `undefined` (#427)
-- [readme] remove travis badge; add github actions/codecov badges; update URLs
-- [Docs] add note and links for coercing primitive values (#408)
-- [Tests] clean up stringify tests slightly
-- [meta] fix README.md (#399)
-- Revert "[meta] ignore eclint transitive audit warning"
-- [actions] backport actions from main
-- [Dev Deps] backport updates from main
-
-## **6.9.6**
-- [Fix] restore `dist` dir; mistakenly removed in d4f6c32
-
-## **6.9.5**
-- [Fix] `stringify`: do not encode parens for RFC1738
-- [Fix] `stringify`: fix arrayFormat comma with empty array/objects (#350)
-- [Refactor] `format`: remove `util.assign` call
-- [meta] add "Allow Edits" workflow; update rebase workflow
-- [actions] switch Automatic Rebase workflow to `pull_request_target` event
-- [Tests] `stringify`: add tests for #378
-- [Tests] migrate tests to Github Actions
-- [Tests] run `nyc` on all tests; use `tape` runner
-- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `browserify`, `mkdirp`, `object-inspect`, `tape`; add `aud`
-
-## **6.9.4**
-- [Fix] `stringify`: when `arrayFormat` is `comma`, respect `serializeDate` (#364)
-- [Refactor] `stringify`: reduce branching (part of #350)
-- [Refactor] move `maybeMap` to `utils`
-- [Dev Deps] update `browserify`, `tape`
-
-## **6.9.3**
-- [Fix] proper comma parsing of URL-encoded commas (#361)
-- [Fix] parses comma delimited array while having percent-encoded comma treated as normal text (#336)
-
-## **6.9.2**
-- [Fix] `parse`: Fix parsing array from object with `comma` true (#359)
-- [Fix] `parse`: throw a TypeError instead of an Error for bad charset (#349)
-- [meta] ignore eclint transitive audit warning
-- [meta] fix indentation in package.json
-- [meta] add tidelift marketing copy
-- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `object-inspect`, `has-symbols`, `tape`, `mkdirp`, `iconv-lite`
-- [actions] add automatic rebasing / merge commit blocking
-
-## **6.9.1**
-- [Fix] `parse`: with comma true, handle field that holds an array of arrays (#335)
-- [Fix] `parse`: with comma true, do not split non-string values (#334)
-- [meta] add `funding` field
-- [Dev Deps] update `eslint`, `@ljharb/eslint-config`
-- [Tests] use shared travis-ci config
-
-## **6.9.0**
-- [New] `parse`/`stringify`: Pass extra key/value argument to `decoder` (#333)
-- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `evalmd`
-- [Tests] `parse`: add passing `arrayFormat` tests
-- [Tests] add `posttest` using `npx aud` to run `npm audit` without a lockfile
-- [Tests] up to `node` `v12.10`, `v11.15`, `v10.16`, `v8.16`
-- [Tests] `Buffer.from` in node v5.0-v5.9 and v4.0-v4.4 requires a TypedArray
-
-## **6.8.3**
-- [Fix] `parse`: ignore `__proto__` keys (#428)
-- [Robustness] `stringify`: avoid relying on a global `undefined` (#427)
-- [Fix] `stringify`: avoid encoding arrayformat comma when `encodeValuesOnly = true` (#424)
-- [readme] remove travis badge; add github actions/codecov badges; update URLs
-- [Tests] clean up stringify tests slightly
-- [Docs] add note and links for coercing primitive values (#408)
-- [meta] fix README.md (#399)
-- [actions] backport actions from main
-- [Dev Deps] backport updates from main
-- [Refactor] `stringify`: reduce branching
-- [meta] do not publish workflow files
-
-## **6.8.2**
-- [Fix] proper comma parsing of URL-encoded commas (#361)
-- [Fix] parses comma delimited array while having percent-encoded comma treated as normal text (#336)
-
-## **6.8.1**
-- [Fix] `parse`: Fix parsing array from object with `comma` true (#359)
-- [Fix] `parse`: throw a TypeError instead of an Error for bad charset (#349)
-- [Fix] `parse`: with comma true, handle field that holds an array of arrays (#335)
-- [fix] `parse`: with comma true, do not split non-string values (#334)
-- [meta] add tidelift marketing copy
-- [meta] add `funding` field
-- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `tape`, `safe-publish-latest`, `evalmd`, `has-symbols`, `iconv-lite`, `mkdirp`, `object-inspect`
-- [Tests] `parse`: add passing `arrayFormat` tests
-- [Tests] use shared travis-ci configs
-- [Tests] `Buffer.from` in node v5.0-v5.9 and v4.0-v4.4 requires a TypedArray
-- [actions] add automatic rebasing / merge commit blocking
-
-## **6.8.0**
-- [New] add `depth=false` to preserve the original key; [Fix] `depth=0` should preserve the original key (#326)
-- [New] [Fix] stringify symbols and bigints
-- [Fix] ensure node 0.12 can stringify Symbols
-- [Fix] fix for an impossible situation: when the formatter is called with a non-string value
-- [Refactor] `formats`: tiny bit of cleanup.
-- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `browserify`, `safe-publish-latest`, `iconv-lite`, `tape`
-- [Tests] add tests for `depth=0` and `depth=false` behavior, both current and intuitive/intended (#326)
-- [Tests] use `eclint` instead of `editorconfig-tools`
-- [docs] readme: add security note
-- [meta] add github sponsorship
-- [meta] add FUNDING.yml
-- [meta] Clean up license text so it’s properly detected as BSD-3-Clause
-
-## **6.7.3**
-- [Fix] `parse`: ignore `__proto__` keys (#428)
-- [Fix] `stringify`: avoid encoding arrayformat comma when `encodeValuesOnly = true` (#424)
-- [Robustness] `stringify`: avoid relying on a global `undefined` (#427)
-- [readme] remove travis badge; add github actions/codecov badges; update URLs
-- [Docs] add note and links for coercing primitive values (#408)
-- [meta] fix README.md (#399)
-- [meta] do not publish workflow files
-- [actions] backport actions from main
-- [Dev Deps] backport updates from main
-- [Tests] use `nyc` for coverage
-- [Tests] clean up stringify tests slightly
-
-## **6.7.2**
-- [Fix] proper comma parsing of URL-encoded commas (#361)
-- [Fix] parses comma delimited array while having percent-encoded comma treated as normal text (#336)
-
-## **6.7.1**
-- [Fix] `parse`: Fix parsing array from object with `comma` true (#359)
-- [Fix] `parse`: with comma true, handle field that holds an array of arrays (#335)
-- [fix] `parse`: with comma true, do not split non-string values (#334)
-- [Fix] `parse`: throw a TypeError instead of an Error for bad charset (#349)
-- [Fix] fix for an impossible situation: when the formatter is called with a non-string value
-- [Refactor] `formats`: tiny bit of cleanup.
-- readme: add security note
-- [meta] add tidelift marketing copy
-- [meta] add `funding` field
-- [meta] add FUNDING.yml
-- [meta] Clean up license text so it’s properly detected as BSD-3-Clause
-- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `tape`, `safe-publish-latest`, `evalmd`, `iconv-lite`, `mkdirp`, `object-inspect`, `browserify`
-- [Tests] `parse`: add passing `arrayFormat` tests
-- [Tests] use shared travis-ci configs
-- [Tests] `Buffer.from` in node v5.0-v5.9 and v4.0-v4.4 requires a TypedArray
-- [Tests] add tests for `depth=0` and `depth=false` behavior, both current and intuitive/intended
-- [Tests] use `eclint` instead of `editorconfig-tools`
-- [actions] add automatic rebasing / merge commit blocking
-
-## **6.7.0**
-- [New] `stringify`/`parse`: add `comma` as an `arrayFormat` option (#276, #219)
-- [Fix] correctly parse nested arrays (#212)
-- [Fix] `utils.merge`: avoid a crash with a null target and a truthy non-array source, also with an array source
-- [Robustness] `stringify`: cache `Object.prototype.hasOwnProperty`
-- [Refactor] `utils`: `isBuffer`: small tweak; add tests
-- [Refactor] use cached `Array.isArray`
-- [Refactor] `parse`/`stringify`: make a function to normalize the options
-- [Refactor] `utils`: reduce observable [[Get]]s
-- [Refactor] `stringify`/`utils`: cache `Array.isArray`
-- [Tests] always use `String(x)` over `x.toString()`
-- [Tests] fix Buffer tests to work in node < 4.5 and node < 5.10
-- [Tests] temporarily allow coverage to fail
-
-## **6.6.1**
-- [Fix] `parse`: ignore `__proto__` keys (#428)
-- [Fix] fix for an impossible situation: when the formatter is called with a non-string value
-- [Fix] `utils.merge`: avoid a crash with a null target and an array source
-- [Fix] `utils.merge`: avoid a crash with a null target and a truthy non-array source
-- [Fix] correctly parse nested arrays
-- [Robustness] `stringify`: avoid relying on a global `undefined` (#427)
-- [Robustness] `stringify`: cache `Object.prototype.hasOwnProperty`
-- [Refactor] `formats`: tiny bit of cleanup.
-- [Refactor] `utils`: `isBuffer`: small tweak; add tests
-- [Refactor]: `stringify`/`utils`: cache `Array.isArray`
-- [Refactor] `utils`: reduce observable [[Get]]s
-- [Refactor] use cached `Array.isArray`
-- [Refactor] `parse`/`stringify`: make a function to normalize the options
-- [readme] remove travis badge; add github actions/codecov badges; update URLs
-- [Docs] Clarify the need for "arrayLimit" option
-- [meta] fix README.md (#399)
-- [meta] do not publish workflow files
-- [meta] Clean up license text so it’s properly detected as BSD-3-Clause
-- [meta] add FUNDING.yml
-- [meta] Fixes typo in CHANGELOG.md
-- [actions] backport actions from main
-- [Tests] fix Buffer tests to work in node < 4.5 and node < 5.10
-- [Tests] always use `String(x)` over `x.toString()`
-- [Dev Deps] backport from main
-
-## **6.6.0**
-- [New] Add support for iso-8859-1, utf8 "sentinel" and numeric entities (#268)
-- [New] move two-value combine to a `utils` function (#189)
-- [Fix] `stringify`: fix a crash with `strictNullHandling` and a custom `filter`/`serializeDate` (#279)
-- [Fix] when `parseArrays` is false, properly handle keys ending in `[]` (#260)
-- [Fix] `stringify`: do not crash in an obscure combo of `interpretNumericEntities`, a bad custom `decoder`, & `iso-8859-1`
-- [Fix] `utils`: `merge`: fix crash when `source` is a truthy primitive & no options are provided
-- [refactor] `stringify`: Avoid arr = arr.concat(...), push to the existing instance (#269)
-- [Refactor] `parse`: only need to reassign the var once
-- [Refactor] `parse`/`stringify`: clean up `charset` options checking; fix defaults
-- [Refactor] add missing defaults
-- [Refactor] `parse`: one less `concat` call
-- [Refactor] `utils`: `compactQueue`: make it explicitly side-effecting
-- [Dev Deps] update `browserify`, `eslint`, `@ljharb/eslint-config`, `iconv-lite`, `safe-publish-latest`, `tape`
-- [Tests] up to `node` `v10.10`, `v9.11`, `v8.12`, `v6.14`, `v4.9`; pin included builds to LTS
-
-## **6.5.3**
-- [Fix] `parse`: ignore `__proto__` keys (#428)
-- [Fix] `utils.merge`: avoid a crash with a null target and a truthy non-array source
-- [Fix] correctly parse nested arrays
-- [Fix] `stringify`: fix a crash with `strictNullHandling` and a custom `filter`/`serializeDate` (#279)
-- [Fix] `utils`: `merge`: fix crash when `source` is a truthy primitive & no options are provided
-- [Fix] when `parseArrays` is false, properly handle keys ending in `[]`
-- [Fix] fix for an impossible situation: when the formatter is called with a non-string value
-- [Fix] `utils.merge`: avoid a crash with a null target and an array source
-- [Refactor] `utils`: reduce observable [[Get]]s
-- [Refactor] use cached `Array.isArray`
-- [Refactor] `stringify`: Avoid arr = arr.concat(...), push to the existing instance (#269)
-- [Refactor] `parse`: only need to reassign the var once
-- [Robustness] `stringify`: avoid relying on a global `undefined` (#427)
-- [readme] remove travis badge; add github actions/codecov badges; update URLs
-- [Docs] Clean up license text so it’s properly detected as BSD-3-Clause
-- [Docs] Clarify the need for "arrayLimit" option
-- [meta] fix README.md (#399)
-- [meta] add FUNDING.yml
-- [actions] backport actions from main
-- [Tests] always use `String(x)` over `x.toString()`
-- [Tests] remove nonexistent tape option
-- [Dev Deps] backport from main
-
-## **6.5.2**
-- [Fix] use `safer-buffer` instead of `Buffer` constructor
-- [Refactor] utils: `module.exports` one thing, instead of mutating `exports` (#230)
-- [Dev Deps] update `browserify`, `eslint`, `iconv-lite`, `safer-buffer`, `tape`, `browserify`
-
-## **6.5.1**
-- [Fix] Fix parsing & compacting very deep objects (#224)
-- [Refactor] name utils functions
-- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `tape`
-- [Tests] up to `node` `v8.4`; use `nvm install-latest-npm` so newer npm doesn’t break older node
-- [Tests] Use precise dist for Node.js 0.6 runtime (#225)
-- [Tests] make 0.6 required, now that it’s passing
-- [Tests] on `node` `v8.2`; fix npm on node 0.6
-
-## **6.5.0**
-- [New] add `utils.assign`
-- [New] pass default encoder/decoder to custom encoder/decoder functions (#206)
-- [New] `parse`/`stringify`: add `ignoreQueryPrefix`/`addQueryPrefix` options, respectively (#213)
-- [Fix] Handle stringifying empty objects with addQueryPrefix (#217)
-- [Fix] do not mutate `options` argument (#207)
-- [Refactor] `parse`: cache index to reuse in else statement (#182)
-- [Docs] add various badges to readme (#208)
-- [Dev Deps] update `eslint`, `browserify`, `iconv-lite`, `tape`
-- [Tests] up to `node` `v8.1`, `v7.10`, `v6.11`; npm v4.6 breaks on node < v1; npm v5+ breaks on node < v4
-- [Tests] add `editorconfig-tools`
-
-## **6.4.1**
-- [Fix] `parse`: ignore `__proto__` keys (#428)
-- [Fix] fix for an impossible situation: when the formatter is called with a non-string value
-- [Fix] use `safer-buffer` instead of `Buffer` constructor
-- [Fix] `utils.merge`: avoid a crash with a null target and an array source
-- [Fix] `utils.merge`: avoid a crash with a null target and a truthy non-array source
-- [Fix] `stringify`: fix a crash with `strictNullHandling` and a custom `filter`/`serializeDate` (#279)
-- [Fix] `utils`: `merge`: fix crash when `source` is a truthy primitive & no options are provided
-- [Fix] when `parseArrays` is false, properly handle keys ending in `[]`
-- [Robustness] `stringify`: avoid relying on a global `undefined` (#427)
-- [Refactor] use cached `Array.isArray`
-- [Refactor] `stringify`: Avoid arr = arr.concat(...), push to the existing instance (#269)
-- [readme] remove travis badge; add github actions/codecov badges; update URLs
-- [Docs] Clarify the need for "arrayLimit" option
-- [meta] fix README.md (#399)
-- [meta] Clean up license text so it’s properly detected as BSD-3-Clause
-- [meta] add FUNDING.yml
-- [actions] backport actions from main
-- [Tests] remove nonexistent tape option
-- [Dev Deps] backport from main
-
-## **6.4.0**
-- [New] `qs.stringify`: add `encodeValuesOnly` option
-- [Fix] follow `allowPrototypes` option during merge (#201, #201)
-- [Fix] support keys starting with brackets (#202, #200)
-- [Fix] chmod a-x
-- [Dev Deps] update `eslint`
-- [Tests] up to `node` `v7.7`, `v6.10`,` v4.8`; disable osx builds since they block linux builds
-- [eslint] reduce warnings
-
-## **6.3.3**
-- [Fix] `parse`: ignore `__proto__` keys (#428)
-- [Fix] fix for an impossible situation: when the formatter is called with a non-string value
-- [Fix] `utils.merge`: avoid a crash with a null target and an array source
-- [Fix] `utils.merge`: avoid a crash with a null target and a truthy non-array source
-- [Fix] `stringify`: fix a crash with `strictNullHandling` and a custom `filter`/`serializeDate` (#279)
-- [Fix] `utils`: `merge`: fix crash when `source` is a truthy primitive & no options are provided
-- [Fix] when `parseArrays` is false, properly handle keys ending in `[]`
-- [Robustness] `stringify`: avoid relying on a global `undefined` (#427)
-- [Refactor] use cached `Array.isArray`
-- [Refactor] `stringify`: Avoid arr = arr.concat(...), push to the existing instance (#269)
-- [Docs] Clarify the need for "arrayLimit" option
-- [meta] fix README.md (#399)
-- [meta] Clean up license text so it’s properly detected as BSD-3-Clause
-- [meta] add FUNDING.yml
-- [actions] backport actions from main
-- [Tests] use `safer-buffer` instead of `Buffer` constructor
-- [Tests] remove nonexistent tape option
-- [Dev Deps] backport from main
-
-## **6.3.2**
-- [Fix] follow `allowPrototypes` option during merge (#201, #200)
-- [Dev Deps] update `eslint`
-- [Fix] chmod a-x
-- [Fix] support keys starting with brackets (#202, #200)
-- [Tests] up to `node` `v7.7`, `v6.10`,` v4.8`; disable osx builds since they block linux builds
-
-## **6.3.1**
-- [Fix] ensure that `allowPrototypes: false` does not ever shadow Object.prototype properties (thanks, @snyk!)
-- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `browserify`, `iconv-lite`, `qs-iconv`, `tape`
-- [Tests] on all node minors; improve test matrix
-- [Docs] document stringify option `allowDots` (#195)
-- [Docs] add empty object and array values example (#195)
-- [Docs] Fix minor inconsistency/typo (#192)
-- [Docs] document stringify option `sort` (#191)
-- [Refactor] `stringify`: throw faster with an invalid encoder
-- [Refactor] remove unnecessary escapes (#184)
-- Remove contributing.md, since `qs` is no longer part of `hapi` (#183)
-
-## **6.3.0**
-- [New] Add support for RFC 1738 (#174, #173)
-- [New] `stringify`: Add `serializeDate` option to customize Date serialization (#159)
-- [Fix] ensure `utils.merge` handles merging two arrays
-- [Refactor] only constructors should be capitalized
-- [Refactor] capitalized var names are for constructors only
-- [Refactor] avoid using a sparse array
-- [Robustness] `formats`: cache `String#replace`
-- [Dev Deps] update `browserify`, `eslint`, `@ljharb/eslint-config`; add `safe-publish-latest`
-- [Tests] up to `node` `v6.8`, `v4.6`; improve test matrix
-- [Tests] flesh out arrayLimit/arrayFormat tests (#107)
-- [Tests] skip Object.create tests when null objects are not available
-- [Tests] Turn on eslint for test files (#175)
-
-## **6.2.4**
-- [Fix] `parse`: ignore `__proto__` keys (#428)
-- [Fix] `utils.merge`: avoid a crash with a null target and an array source
-- [Fix] `utils.merge`: avoid a crash with a null target and a truthy non-array source
-- [Fix] `utils`: `merge`: fix crash when `source` is a truthy primitive & no options are provided
-- [Fix] when `parseArrays` is false, properly handle keys ending in `[]`
-- [Robustness] `stringify`: avoid relying on a global `undefined` (#427)
-- [Refactor] use cached `Array.isArray`
-- [Docs] Clarify the need for "arrayLimit" option
-- [meta] fix README.md (#399)
-- [meta] Clean up license text so it’s properly detected as BSD-3-Clause
-- [meta] add FUNDING.yml
-- [actions] backport actions from main
-- [Tests] use `safer-buffer` instead of `Buffer` constructor
-- [Tests] remove nonexistent tape option
-- [Dev Deps] backport from main
-
-## **6.2.3**
-- [Fix] follow `allowPrototypes` option during merge (#201, #200)
-- [Fix] chmod a-x
-- [Fix] support keys starting with brackets (#202, #200)
-- [Tests] up to `node` `v7.7`, `v6.10`,` v4.8`; disable osx builds since they block linux builds
-
-## **6.2.2**
-- [Fix] ensure that `allowPrototypes: false` does not ever shadow Object.prototype properties
-
-## **6.2.1**
-- [Fix] ensure `key[]=x&key[]&key[]=y` results in 3, not 2, values
-- [Refactor] Be explicit and use `Object.prototype.hasOwnProperty.call`
-- [Tests] remove `parallelshell` since it does not reliably report failures
-- [Tests] up to `node` `v6.3`, `v5.12`
-- [Dev Deps] update `tape`, `eslint`, `@ljharb/eslint-config`, `qs-iconv`
-
-## [**6.2.0**](https://github.com/ljharb/qs/issues?milestone=36&state=closed)
-- [New] pass Buffers to the encoder/decoder directly (#161)
-- [New] add "encoder" and "decoder" options, for custom param encoding/decoding (#160)
-- [Fix] fix compacting of nested sparse arrays (#150)
-
-## **6.1.2**
-- [Fix] follow `allowPrototypes` option during merge (#201, #200)
-- [Fix] chmod a-x
-- [Fix] support keys starting with brackets (#202, #200)
-- [Tests] up to `node` `v7.7`, `v6.10`,` v4.8`; disable osx builds since they block linux builds
-
-## **6.1.1**
-- [Fix] ensure that `allowPrototypes: false` does not ever shadow Object.prototype properties
-
-## [**6.1.0**](https://github.com/ljharb/qs/issues?milestone=35&state=closed)
-- [New] allowDots option for `stringify` (#151)
-- [Fix] "sort" option should work at a depth of 3 or more (#151)
-- [Fix] Restore `dist` directory; will be removed in v7 (#148)
-
-## **6.0.4**
-- [Fix] follow `allowPrototypes` option during merge (#201, #200)
-- [Fix] chmod a-x
-- [Fix] support keys starting with brackets (#202, #200)
-- [Tests] up to `node` `v7.7`, `v6.10`,` v4.8`; disable osx builds since they block linux builds
-
-## **6.0.3**
-- [Fix] ensure that `allowPrototypes: false` does not ever shadow Object.prototype properties
-- [Fix] Restore `dist` directory; will be removed in v7 (#148)
-
-## [**6.0.2**](https://github.com/ljharb/qs/issues?milestone=33&state=closed)
-- Revert ES6 requirement and restore support for node down to v0.8.
-
-## [**6.0.1**](https://github.com/ljharb/qs/issues?milestone=32&state=closed)
-- [**#127**](https://github.com/ljharb/qs/pull/127) Fix engines definition in package.json
-
-## [**6.0.0**](https://github.com/ljharb/qs/issues?milestone=31&state=closed)
-- [**#124**](https://github.com/ljharb/qs/issues/124) Use ES6 and drop support for node < v4
-
-## **5.2.1**
-- [Fix] ensure `key[]=x&key[]&key[]=y` results in 3, not 2, values
-
-## [**5.2.0**](https://github.com/ljharb/qs/issues?milestone=30&state=closed)
-- [**#64**](https://github.com/ljharb/qs/issues/64) Add option to sort object keys in the query string
-
-## [**5.1.0**](https://github.com/ljharb/qs/issues?milestone=29&state=closed)
-- [**#117**](https://github.com/ljharb/qs/issues/117) make URI encoding stringified results optional
-- [**#106**](https://github.com/ljharb/qs/issues/106) Add flag `skipNulls` to optionally skip null values in stringify
-
-## [**5.0.0**](https://github.com/ljharb/qs/issues?milestone=28&state=closed)
-- [**#114**](https://github.com/ljharb/qs/issues/114) default allowDots to false
-- [**#100**](https://github.com/ljharb/qs/issues/100) include dist to npm
-
-## [**4.0.0**](https://github.com/ljharb/qs/issues?milestone=26&state=closed)
-- [**#98**](https://github.com/ljharb/qs/issues/98) make returning plain objects and allowing prototype overwriting properties optional
-
-## [**3.1.0**](https://github.com/ljharb/qs/issues?milestone=24&state=closed)
-- [**#89**](https://github.com/ljharb/qs/issues/89) Add option to disable "Transform dot notation to bracket notation"
-
-## [**3.0.0**](https://github.com/ljharb/qs/issues?milestone=23&state=closed)
-- [**#80**](https://github.com/ljharb/qs/issues/80) qs.parse silently drops properties
-- [**#77**](https://github.com/ljharb/qs/issues/77) Perf boost
-- [**#60**](https://github.com/ljharb/qs/issues/60) Add explicit option to disable array parsing
-- [**#74**](https://github.com/ljharb/qs/issues/74) Bad parse when turning array into object
-- [**#81**](https://github.com/ljharb/qs/issues/81) Add a `filter` option
-- [**#68**](https://github.com/ljharb/qs/issues/68) Fixed issue with recursion and passing strings into objects.
-- [**#66**](https://github.com/ljharb/qs/issues/66) Add mixed array and object dot notation support Closes: #47
-- [**#76**](https://github.com/ljharb/qs/issues/76) RFC 3986
-- [**#85**](https://github.com/ljharb/qs/issues/85) No equal sign
-- [**#84**](https://github.com/ljharb/qs/issues/84) update license attribute
-
-## [**2.4.1**](https://github.com/ljharb/qs/issues?milestone=20&state=closed)
-- [**#73**](https://github.com/ljharb/qs/issues/73) Property 'hasOwnProperty' of object #<Object> is not a function
-
-## [**2.4.0**](https://github.com/ljharb/qs/issues?milestone=19&state=closed)
-- [**#70**](https://github.com/ljharb/qs/issues/70) Add arrayFormat option
-
-## [**2.3.3**](https://github.com/ljharb/qs/issues?milestone=18&state=closed)
-- [**#59**](https://github.com/ljharb/qs/issues/59) make sure array indexes are >= 0, closes #57
-- [**#58**](https://github.com/ljharb/qs/issues/58) make qs usable for browser loader
-
-## [**2.3.2**](https://github.com/ljharb/qs/issues?milestone=17&state=closed)
-- [**#55**](https://github.com/ljharb/qs/issues/55) allow merging a string into an object
-
-## [**2.3.1**](https://github.com/ljharb/qs/issues?milestone=16&state=closed)
-- [**#52**](https://github.com/ljharb/qs/issues/52) Return "undefined" and "false" instead of throwing "TypeError".
-
-## [**2.3.0**](https://github.com/ljharb/qs/issues?milestone=15&state=closed)
-- [**#50**](https://github.com/ljharb/qs/issues/50) add option to omit array indices, closes #46
-
-## [**2.2.5**](https://github.com/ljharb/qs/issues?milestone=14&state=closed)
-- [**#39**](https://github.com/ljharb/qs/issues/39) Is there an alternative to Buffer.isBuffer?
-- [**#49**](https://github.com/ljharb/qs/issues/49) refactor utils.merge, fixes #45
-- [**#41**](https://github.com/ljharb/qs/issues/41) avoid browserifying Buffer, for #39
-
-## [**2.2.4**](https://github.com/ljharb/qs/issues?milestone=13&state=closed)
-- [**#38**](https://github.com/ljharb/qs/issues/38) how to handle object keys beginning with a number
-
-## [**2.2.3**](https://github.com/ljharb/qs/issues?milestone=12&state=closed)
-- [**#37**](https://github.com/ljharb/qs/issues/37) parser discards first empty value in array
-- [**#36**](https://github.com/ljharb/qs/issues/36) Update to lab 4.x
-
-## [**2.2.2**](https://github.com/ljharb/qs/issues?milestone=11&state=closed)
-- [**#33**](https://github.com/ljharb/qs/issues/33) Error when plain object in a value
-- [**#34**](https://github.com/ljharb/qs/issues/34) use Object.prototype.hasOwnProperty.call instead of obj.hasOwnProperty
-- [**#24**](https://github.com/ljharb/qs/issues/24) Changelog? Semver?
-
-## [**2.2.1**](https://github.com/ljharb/qs/issues?milestone=10&state=closed)
-- [**#32**](https://github.com/ljharb/qs/issues/32) account for circular references properly, closes #31
-- [**#31**](https://github.com/ljharb/qs/issues/31) qs.parse stackoverflow on circular objects
-
-## [**2.2.0**](https://github.com/ljharb/qs/issues?milestone=9&state=closed)
-- [**#26**](https://github.com/ljharb/qs/issues/26) Don't use Buffer global if it's not present
-- [**#30**](https://github.com/ljharb/qs/issues/30) Bug when merging non-object values into arrays
-- [**#29**](https://github.com/ljharb/qs/issues/29) Don't call Utils.clone at the top of Utils.merge
-- [**#23**](https://github.com/ljharb/qs/issues/23) Ability to not limit parameters?
-
-## [**2.1.0**](https://github.com/ljharb/qs/issues?milestone=8&state=closed)
-- [**#22**](https://github.com/ljharb/qs/issues/22) Enable using a RegExp as delimiter
-
-## [**2.0.0**](https://github.com/ljharb/qs/issues?milestone=7&state=closed)
-- [**#18**](https://github.com/ljharb/qs/issues/18) Why is there arrayLimit?
-- [**#20**](https://github.com/ljharb/qs/issues/20) Configurable parametersLimit
-- [**#21**](https://github.com/ljharb/qs/issues/21) make all limits optional, for #18, for #20
-
-## [**1.2.2**](https://github.com/ljharb/qs/issues?milestone=6&state=closed)
-- [**#19**](https://github.com/ljharb/qs/issues/19) Don't overwrite null values
-
-## [**1.2.1**](https://github.com/ljharb/qs/issues?milestone=5&state=closed)
-- [**#16**](https://github.com/ljharb/qs/issues/16) ignore non-string delimiters
-- [**#15**](https://github.com/ljharb/qs/issues/15) Close code block
-
-## [**1.2.0**](https://github.com/ljharb/qs/issues?milestone=4&state=closed)
-- [**#12**](https://github.com/ljharb/qs/issues/12) Add optional delim argument
-- [**#13**](https://github.com/ljharb/qs/issues/13) fix #11: flattened keys in array are now correctly parsed
-
-## [**1.1.0**](https://github.com/ljharb/qs/issues?milestone=3&state=closed)
-- [**#7**](https://github.com/ljharb/qs/issues/7) Empty values of a POST array disappear after being submitted
-- [**#9**](https://github.com/ljharb/qs/issues/9) Should not omit equals signs (=) when value is null
-- [**#6**](https://github.com/ljharb/qs/issues/6) Minor grammar fix in README
-
-## [**1.0.2**](https://github.com/ljharb/qs/issues?milestone=2&state=closed)
-- [**#5**](https://github.com/ljharb/qs/issues/5) array holes incorrectly copied into object on large index
diff --git a/src/Servers/ExpressServer/node_modules/qs/LICENSE.md b/src/Servers/ExpressServer/node_modules/qs/LICENSE.md
deleted file mode 100644
index fecf6b6..0000000
--- a/src/Servers/ExpressServer/node_modules/qs/LICENSE.md
+++ /dev/null
@@ -1,29 +0,0 @@
-BSD 3-Clause License
-
-Copyright (c) 2014, Nathan LaFreniere and other [contributors](https://github.com/ljharb/qs/graphs/contributors)
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are met:
-
-1. Redistributions of source code must retain the above copyright notice, this
-   list of conditions and the following disclaimer.
-
-2. Redistributions in binary form must reproduce the above copyright notice,
-   this list of conditions and the following disclaimer in the documentation
-   and/or other materials provided with the distribution.
-
-3. Neither the name of the copyright holder nor the names of its
-   contributors may be used to endorse or promote products derived from
-   this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
-AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/src/Servers/ExpressServer/node_modules/qs/README.md b/src/Servers/ExpressServer/node_modules/qs/README.md
deleted file mode 100644
index 5c37739..0000000
--- a/src/Servers/ExpressServer/node_modules/qs/README.md
+++ /dev/null
@@ -1,740 +0,0 @@
-<p align="center">
-    <img alt="qs" src="./logos/banner_default.png" width="800" />
-</p>
-
-# qs <sup>[![Version Badge][npm-version-svg]][package-url]</sup>
-
-[![github actions][actions-image]][actions-url]
-[![coverage][codecov-image]][codecov-url]
-[![License][license-image]][license-url]
-[![Downloads][downloads-image]][downloads-url]
-[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/9058/badge)](https://bestpractices.coreinfrastructure.org/projects/9058)
-
-[![npm badge][npm-badge-png]][package-url]
-
-A querystring parsing and stringifying library with some added security.
-
-Lead Maintainer: [Jordan Harband](https://github.com/ljharb)
-
-The **qs** module was originally created and maintained by [TJ Holowaychuk](https://github.com/visionmedia/node-querystring).
-
-## Usage
-
-```javascript
-var qs = require('qs');
-var assert = require('assert');
-
-var obj = qs.parse('a=c');
-assert.deepEqual(obj, { a: 'c' });
-
-var str = qs.stringify(obj);
-assert.equal(str, 'a=c');
-```
-
-### Parsing Objects
-
-[](#preventEval)
-```javascript
-qs.parse(string, [options]);
-```
-
-**qs** allows you to create nested objects within your query strings, by surrounding the name of sub-keys with square brackets `[]`.
-For example, the string `'foo[bar]=baz'` converts to:
-
-```javascript
-assert.deepEqual(qs.parse('foo[bar]=baz'), {
-    foo: {
-        bar: 'baz'
-    }
-});
-```
-
-When using the `plainObjects` option the parsed value is returned as a null object, created via `{ __proto__: null }` and as such you should be aware that prototype methods will not exist on it and a user may set those names to whatever value they like:
-
-```javascript
-var nullObject = qs.parse('a[hasOwnProperty]=b', { plainObjects: true });
-assert.deepEqual(nullObject, { a: { hasOwnProperty: 'b' } });
-```
-
-By default parameters that would overwrite properties on the object prototype are ignored, if you wish to keep the data from those fields either use `plainObjects` as mentioned above, or set `allowPrototypes` to `true` which will allow user input to overwrite those properties.
-*WARNING* It is generally a bad idea to enable this option as it can cause problems when attempting to use the properties that have been overwritten.
-Always be careful with this option.
-
-```javascript
-var protoObject = qs.parse('a[hasOwnProperty]=b', { allowPrototypes: true });
-assert.deepEqual(protoObject, { a: { hasOwnProperty: 'b' } });
-```
-
-URI encoded strings work too:
-
-```javascript
-assert.deepEqual(qs.parse('a%5Bb%5D=c'), {
-    a: { b: 'c' }
-});
-```
-
-You can also nest your objects, like `'foo[bar][baz]=foobarbaz'`:
-
-```javascript
-assert.deepEqual(qs.parse('foo[bar][baz]=foobarbaz'), {
-    foo: {
-        bar: {
-            baz: 'foobarbaz'
-        }
-    }
-});
-```
-
-By default, when nesting objects **qs** will only parse up to 5 children deep.
-This means if you attempt to parse a string like `'a[b][c][d][e][f][g][h][i]=j'` your resulting object will be:
-
-```javascript
-var expected = {
-    a: {
-        b: {
-            c: {
-                d: {
-                    e: {
-                        f: {
-                            '[g][h][i]': 'j'
-                        }
-                    }
-                }
-            }
-        }
-    }
-};
-var string = 'a[b][c][d][e][f][g][h][i]=j';
-assert.deepEqual(qs.parse(string), expected);
-```
-
-This depth can be overridden by passing a `depth` option to `qs.parse(string, [options])`:
-
-```javascript
-var deep = qs.parse('a[b][c][d][e][f][g][h][i]=j', { depth: 1 });
-assert.deepEqual(deep, { a: { b: { '[c][d][e][f][g][h][i]': 'j' } } });
-```
-
-You can configure **qs** to throw an error when parsing nested input beyond this depth using the `strictDepth` option (defaulted to false):
-
-```javascript
-try {
-    qs.parse('a[b][c][d][e][f][g][h][i]=j', { depth: 1, strictDepth: true });
-} catch (err) {
-    assert(err instanceof RangeError);
-    assert.strictEqual(err.message, 'Input depth exceeded depth option of 1 and strictDepth is true');
-}
-```
-
-The depth limit helps mitigate abuse when **qs** is used to parse user input, and it is recommended to keep it a reasonably small number. The strictDepth option adds a layer of protection by throwing an error when the limit is exceeded, allowing you to catch and handle such cases.
-
-For similar reasons, by default **qs** will only parse up to 1000 parameters. This can be overridden by passing a `parameterLimit` option:
-
-```javascript
-var limited = qs.parse('a=b&c=d', { parameterLimit: 1 });
-assert.deepEqual(limited, { a: 'b' });
-```
-
-If you want an error to be thrown whenever the a limit is exceeded (eg, `parameterLimit`, `arrayLimit`), set the `throwOnLimitExceeded` option to `true`. This option will generate a descriptive error if the query string exceeds a configured limit.
-```javascript
-try {
-    qs.parse('a=1&b=2&c=3&d=4', { parameterLimit: 3, throwOnLimitExceeded: true });
-} catch (err) {
-    assert(err instanceof Error);
-    assert.strictEqual(err.message, 'Parameter limit exceeded. Only 3 parameters allowed.');
-}
-```
-
-When `throwOnLimitExceeded` is set to `false` (default), **qs** will parse up to the specified `parameterLimit` and ignore the rest without throwing an error.
-
-To bypass the leading question mark, use `ignoreQueryPrefix`:
-
-```javascript
-var prefixed = qs.parse('?a=b&c=d', { ignoreQueryPrefix: true });
-assert.deepEqual(prefixed, { a: 'b', c: 'd' });
-```
-
-An optional delimiter can also be passed:
-
-```javascript
-var delimited = qs.parse('a=b;c=d', { delimiter: ';' });
-assert.deepEqual(delimited, { a: 'b', c: 'd' });
-```
-
-Delimiters can be a regular expression too:
-
-```javascript
-var regexed = qs.parse('a=b;c=d,e=f', { delimiter: /[;,]/ });
-assert.deepEqual(regexed, { a: 'b', c: 'd', e: 'f' });
-```
-
-Option `allowDots` can be used to enable dot notation:
-
-```javascript
-var withDots = qs.parse('a.b=c', { allowDots: true });
-assert.deepEqual(withDots, { a: { b: 'c' } });
-```
-
-Option `decodeDotInKeys` can be used to decode dots in keys
-Note: it implies `allowDots`, so `parse` will error if you set `decodeDotInKeys` to `true`, and `allowDots` to `false`.
-
-```javascript
-var withDots = qs.parse('name%252Eobj.first=John&name%252Eobj.last=Doe', { decodeDotInKeys: true });
-assert.deepEqual(withDots, { 'name.obj': { first: 'John', last: 'Doe' }});
-```
-
-Option `allowEmptyArrays` can be used to allowing empty array values in object
-```javascript
-var withEmptyArrays = qs.parse('foo[]&bar=baz', { allowEmptyArrays: true });
-assert.deepEqual(withEmptyArrays, { foo: [], bar: 'baz' });
-```
-
-Option `duplicates` can be used to change the behavior when duplicate keys are encountered
-```javascript
-assert.deepEqual(qs.parse('foo=bar&foo=baz'), { foo: ['bar', 'baz'] });
-assert.deepEqual(qs.parse('foo=bar&foo=baz', { duplicates: 'combine' }), { foo: ['bar', 'baz'] });
-assert.deepEqual(qs.parse('foo=bar&foo=baz', { duplicates: 'first' }), { foo: 'bar' });
-assert.deepEqual(qs.parse('foo=bar&foo=baz', { duplicates: 'last' }), { foo: 'baz' });
-```
-
-If you have to deal with legacy browsers or services, there's also support for decoding percent-encoded octets as iso-8859-1:
-
-```javascript
-var oldCharset = qs.parse('a=%A7', { charset: 'iso-8859-1' });
-assert.deepEqual(oldCharset, { a: '§' });
-```
-
-Some services add an initial `utf8=✓` value to forms so that old Internet Explorer versions are more likely to submit the form as utf-8.
-Additionally, the server can check the value against wrong encodings of the checkmark character and detect that a query string or `application/x-www-form-urlencoded` body was *not* sent as utf-8, eg. if the form had an `accept-charset` parameter or the containing page had a different character set.
-
-**qs** supports this mechanism via the `charsetSentinel` option.
-If specified, the `utf8` parameter will be omitted from the returned object.
-It will be used to switch to `iso-8859-1`/`utf-8` mode depending on how the checkmark is encoded.
-
-**Important**: When you specify both the `charset` option and the `charsetSentinel` option, the `charset` will be overridden when the request contains a `utf8` parameter from which the actual charset can be deduced.
-In that sense the `charset` will behave as the default charset rather than the authoritative charset.
-
-```javascript
-var detectedAsUtf8 = qs.parse('utf8=%E2%9C%93&a=%C3%B8', {
-    charset: 'iso-8859-1',
-    charsetSentinel: true
-});
-assert.deepEqual(detectedAsUtf8, { a: 'ø' });
-
-// Browsers encode the checkmark as &#10003; when submitting as iso-8859-1:
-var detectedAsIso8859_1 = qs.parse('utf8=%26%2310003%3B&a=%F8', {
-    charset: 'utf-8',
-    charsetSentinel: true
-});
-assert.deepEqual(detectedAsIso8859_1, { a: 'ø' });
-```
-
-If you want to decode the `&#...;` syntax to the actual character, you can specify the `interpretNumericEntities` option as well:
-
-```javascript
-var detectedAsIso8859_1 = qs.parse('a=%26%239786%3B', {
-    charset: 'iso-8859-1',
-    interpretNumericEntities: true
-});
-assert.deepEqual(detectedAsIso8859_1, { a: '☺' });
-```
-
-It also works when the charset has been detected in `charsetSentinel` mode.
-
-### Parsing Arrays
-
-**qs** can also parse arrays using a similar `[]` notation:
-
-```javascript
-var withArray = qs.parse('a[]=b&a[]=c');
-assert.deepEqual(withArray, { a: ['b', 'c'] });
-```
-
-You may specify an index as well:
-
-```javascript
-var withIndexes = qs.parse('a[1]=c&a[0]=b');
-assert.deepEqual(withIndexes, { a: ['b', 'c'] });
-```
-
-Note that the only difference between an index in an array and a key in an object is that the value between the brackets must be a number to create an array.
-When creating arrays with specific indices, **qs** will compact a sparse array to only the existing values preserving their order:
-
-```javascript
-var noSparse = qs.parse('a[1]=b&a[15]=c');
-assert.deepEqual(noSparse, { a: ['b', 'c'] });
-```
-
-You may also use `allowSparse` option to parse sparse arrays:
-
-```javascript
-var sparseArray = qs.parse('a[1]=2&a[3]=5', { allowSparse: true });
-assert.deepEqual(sparseArray, { a: [, '2', , '5'] });
-```
-
-Note that an empty string is also a value, and will be preserved:
-
-```javascript
-var withEmptyString = qs.parse('a[]=&a[]=b');
-assert.deepEqual(withEmptyString, { a: ['', 'b'] });
-
-var withIndexedEmptyString = qs.parse('a[0]=b&a[1]=&a[2]=c');
-assert.deepEqual(withIndexedEmptyString, { a: ['b', '', 'c'] });
-```
-
-**qs** will also limit arrays to a maximum of `20` elements.
-Any array members with an index of `20` or greater will instead be converted to an object with the index as the key.
-This is needed to handle cases when someone sent, for example, `a[999999999]` and it will take significant time to iterate over this huge array.
-
-```javascript
-var withMaxIndex = qs.parse('a[100]=b');
-assert.deepEqual(withMaxIndex, { a: { '100': 'b' } });
-```
-
-This limit can be overridden by passing an `arrayLimit` option:
-
-```javascript
-var withArrayLimit = qs.parse('a[1]=b', { arrayLimit: 0 });
-assert.deepEqual(withArrayLimit, { a: { '1': 'b' } });
-```
-
-If you want to throw an error whenever the array limit is exceeded, set the `throwOnLimitExceeded` option to `true`. This option will generate a descriptive error if the query string exceeds a configured limit.
-```javascript
-try {
-    qs.parse('a[1]=b', { arrayLimit: 0, throwOnLimitExceeded: true });
-} catch (err) {
-    assert(err instanceof Error);
-    assert.strictEqual(err.message, 'Array limit exceeded. Only 0 elements allowed in an array.');
-}
-```
-
-When `throwOnLimitExceeded` is set to `false` (default), **qs** will parse up to the specified `arrayLimit` and if the limit is exceeded, the array will instead be converted to an object with the index as the key
-
-To prevent array syntax (`a[]`, `a[0]`) from being parsed as arrays, set `parseArrays` to `false`.
-Note that duplicate keys (e.g. `a=b&a=c`) may still produce arrays when `duplicates` is `'combine'` (the default).
-
-```javascript
-var noParsingArrays = qs.parse('a[]=b', { parseArrays: false });
-assert.deepEqual(noParsingArrays, { a: { '0': 'b' } });
-```
-
-If you mix notations, **qs** will merge the two items into an object:
-
-```javascript
-var mixedNotation = qs.parse('a[0]=b&a[b]=c');
-assert.deepEqual(mixedNotation, { a: { '0': 'b', b: 'c' } });
-```
-
-You can also create arrays of objects:
-
-```javascript
-var arraysOfObjects = qs.parse('a[][b]=c');
-assert.deepEqual(arraysOfObjects, { a: [{ b: 'c' }] });
-```
-
-Some people use comma to join array, **qs** can parse it:
-```javascript
-var arraysOfObjects = qs.parse('a=b,c', { comma: true })
-assert.deepEqual(arraysOfObjects, { a: ['b', 'c'] })
-```
-(_this cannot convert nested objects, such as `a={b:1},{c:d}`_)
-
-### Parsing primitive/scalar values (numbers, booleans, null, etc)
-
-By default, all values are parsed as strings.
-This behavior will not change and is explained in [issue #91](https://github.com/ljharb/qs/issues/91).
-
-```javascript
-var primitiveValues = qs.parse('a=15&b=true&c=null');
-assert.deepEqual(primitiveValues, { a: '15', b: 'true', c: 'null' });
-```
-
-If you wish to auto-convert values which look like numbers, booleans, and other values into their primitive counterparts, you can use the [query-types Express JS middleware](https://github.com/xpepermint/query-types) which will auto-convert all request query parameters.
-
-### Stringifying
-
-[](#preventEval)
-```javascript
-qs.stringify(object, [options]);
-```
-
-When stringifying, **qs** by default URI encodes output. Objects are stringified as you would expect:
-
-```javascript
-assert.equal(qs.stringify({ a: 'b' }), 'a=b');
-assert.equal(qs.stringify({ a: { b: 'c' } }), 'a%5Bb%5D=c');
-```
-
-This encoding can be disabled by setting the `encode` option to `false`:
-
-```javascript
-var unencoded = qs.stringify({ a: { b: 'c' } }, { encode: false });
-assert.equal(unencoded, 'a[b]=c');
-```
-
-Encoding can be disabled for keys by setting the `encodeValuesOnly` option to `true`:
-```javascript
-var encodedValues = qs.stringify(
-    { a: 'b', c: ['d', 'e=f'], f: [['g'], ['h']] },
-    { encodeValuesOnly: true }
-);
-assert.equal(encodedValues,'a=b&c[0]=d&c[1]=e%3Df&f[0][0]=g&f[1][0]=h');
-```
-
-This encoding can also be replaced by a custom encoding method set as `encoder` option:
-
-```javascript
-var encoded = qs.stringify({ a: { b: 'c' } }, { encoder: function (str) {
-    // Passed in values `a`, `b`, `c`
-    return // Return encoded string
-}})
-```
-
-_(Note: the `encoder` option does not apply if `encode` is `false`)_
-
-Analogue to the `encoder` there is a `decoder` option for `parse` to override decoding of properties and values:
-
-```javascript
-var decoded = qs.parse('x=z', { decoder: function (str) {
-    // Passed in values `x`, `z`
-    return // Return decoded string
-}})
-```
-
-You can encode keys and values using different logic by using the type argument provided to the encoder:
-
-```javascript
-var encoded = qs.stringify({ a: { b: 'c' } }, { encoder: function (str, defaultEncoder, charset, type) {
-    if (type === 'key') {
-        return // Encoded key
-    } else if (type === 'value') {
-        return // Encoded value
-    }
-}})
-```
-
-The type argument is also provided to the decoder:
-
-```javascript
-var decoded = qs.parse('x=z', { decoder: function (str, defaultDecoder, charset, type) {
-    if (type === 'key') {
-        return // Decoded key
-    } else if (type === 'value') {
-        return // Decoded value
-    }
-}})
-```
-
-Examples beyond this point will be shown as though the output is not URI encoded for clarity.
-Please note that the return values in these cases *will* be URI encoded during real usage.
-
-When arrays are stringified, they follow the `arrayFormat` option, which defaults to `indices`:
-
-```javascript
-qs.stringify({ a: ['b', 'c', 'd'] });
-// 'a[0]=b&a[1]=c&a[2]=d'
-```
-
-You may override this by setting the `indices` option to `false`, or to be more explicit, the `arrayFormat` option to `repeat`:
-
-```javascript
-qs.stringify({ a: ['b', 'c', 'd'] }, { indices: false });
-// 'a=b&a=c&a=d'
-```
-
-You may use the `arrayFormat` option to specify the format of the output array:
-
-```javascript
-qs.stringify({ a: ['b', 'c'] }, { arrayFormat: 'indices' })
-// 'a[0]=b&a[1]=c'
-qs.stringify({ a: ['b', 'c'] }, { arrayFormat: 'brackets' })
-// 'a[]=b&a[]=c'
-qs.stringify({ a: ['b', 'c'] }, { arrayFormat: 'repeat' })
-// 'a=b&a=c'
-qs.stringify({ a: ['b', 'c'] }, { arrayFormat: 'comma' })
-// 'a=b,c'
-```
-
-Note: when using `arrayFormat` set to `'comma'`, you can also pass the `commaRoundTrip` option set to `true` or `false`, to append `[]` on single-item arrays, so that they can round trip through a parse.
-
-When objects are stringified, by default they use bracket notation:
-
-```javascript
-qs.stringify({ a: { b: { c: 'd', e: 'f' } } });
-// 'a[b][c]=d&a[b][e]=f'
-```
-
-You may override this to use dot notation by setting the `allowDots` option to `true`:
-
-```javascript
-qs.stringify({ a: { b: { c: 'd', e: 'f' } } }, { allowDots: true });
-// 'a.b.c=d&a.b.e=f'
-```
-
-You may encode the dot notation in the keys of object with option `encodeDotInKeys` by setting it to `true`:
-Note: it implies `allowDots`, so `stringify` will error if you set `decodeDotInKeys` to `true`, and `allowDots` to `false`.
-Caveat: when `encodeValuesOnly` is `true` as well as `encodeDotInKeys`, only dots in keys and nothing else will be encoded.
-```javascript
-qs.stringify({ "name.obj": { "first": "John", "last": "Doe" } }, { allowDots: true, encodeDotInKeys: true })
-// 'name%252Eobj.first=John&name%252Eobj.last=Doe'
-```
-
-You may allow empty array values by setting the `allowEmptyArrays` option to `true`:
-```javascript
-qs.stringify({ foo: [], bar: 'baz' }, { allowEmptyArrays: true });
-// 'foo[]&bar=baz'
-```
-
-Empty strings and null values will omit the value, but the equals sign (=) remains in place:
-
-```javascript
-assert.equal(qs.stringify({ a: '' }), 'a=');
-```
-
-Key with no values (such as an empty object or array) will return nothing:
-
-```javascript
-assert.equal(qs.stringify({ a: [] }), '');
-assert.equal(qs.stringify({ a: {} }), '');
-assert.equal(qs.stringify({ a: [{}] }), '');
-assert.equal(qs.stringify({ a: { b: []} }), '');
-assert.equal(qs.stringify({ a: { b: {}} }), '');
-```
-
-Properties that are set to `undefined` will be omitted entirely:
-
-```javascript
-assert.equal(qs.stringify({ a: null, b: undefined }), 'a=');
-```
-
-The query string may optionally be prepended with a question mark:
-
-```javascript
-assert.equal(qs.stringify({ a: 'b', c: 'd' }, { addQueryPrefix: true }), '?a=b&c=d');
-```
-
-Note that when the output is an empty string, the prefix will not be added:
-
-```javascript
-assert.equal(qs.stringify({}, { addQueryPrefix: true }), '');
-```
-
-The delimiter may be overridden with stringify as well:
-
-```javascript
-assert.equal(qs.stringify({ a: 'b', c: 'd' }, { delimiter: ';' }), 'a=b;c=d');
-```
-
-If you only want to override the serialization of `Date` objects, you can provide a `serializeDate` option:
-
-```javascript
-var date = new Date(7);
-assert.equal(qs.stringify({ a: date }), 'a=1970-01-01T00:00:00.007Z'.replace(/:/g, '%3A'));
-assert.equal(
-    qs.stringify({ a: date }, { serializeDate: function (d) { return d.getTime(); } }),
-    'a=7'
-);
-```
-
-You may use the `sort` option to affect the order of parameter keys:
-
-```javascript
-function alphabeticalSort(a, b) {
-    return a.localeCompare(b);
-}
-assert.equal(qs.stringify({ a: 'c', z: 'y', b : 'f' }, { sort: alphabeticalSort }), 'a=c&b=f&z=y');
-```
-
-Finally, you can use the `filter` option to restrict which keys will be included in the stringified output.
-If you pass a function, it will be called for each key to obtain the replacement value.
-Otherwise, if you pass an array, it will be used to select properties and array indices for stringification:
-
-```javascript
-function filterFunc(prefix, value) {
-    if (prefix == 'b') {
-        // Return an `undefined` value to omit a property.
-        return;
-    }
-    if (prefix == 'e[f]') {
-        return value.getTime();
-    }
-    if (prefix == 'e[g][0]') {
-        return value * 2;
-    }
-    return value;
-}
-qs.stringify({ a: 'b', c: 'd', e: { f: new Date(123), g: [2] } }, { filter: filterFunc });
-// 'a=b&c=d&e[f]=123&e[g][0]=4'
-qs.stringify({ a: 'b', c: 'd', e: 'f' }, { filter: ['a', 'e'] });
-// 'a=b&e=f'
-qs.stringify({ a: ['b', 'c', 'd'], e: 'f' }, { filter: ['a', 0, 2] });
-// 'a[0]=b&a[2]=d'
-```
-
-You could also use `filter` to inject custom serialization for user defined types.
-Consider you're working with some api that expects query strings of the format for ranges:
-
-```
-https://domain.com/endpoint?range=30...70
-```
-
-For which you model as:
-
-```javascript
-class Range {
-    constructor(from, to) {
-        this.from = from;
-        this.to = to;
-    }
-}
-```
-
-You could _inject_ a custom serializer to handle values of this type:
-
-```javascript
-qs.stringify(
-    {
-        range: new Range(30, 70),
-    },
-    {
-        filter: (prefix, value) => {
-            if (value instanceof Range) {
-                return `${value.from}...${value.to}`;
-            }
-            // serialize the usual way
-            return value;
-        },
-    }
-);
-// range=30...70
-```
-
-### Handling of `null` values
-
-By default, `null` values are treated like empty strings:
-
-```javascript
-var withNull = qs.stringify({ a: null, b: '' });
-assert.equal(withNull, 'a=&b=');
-```
-
-Parsing does not distinguish between parameters with and without equal signs.
-Both are converted to empty strings.
-
-```javascript
-var equalsInsensitive = qs.parse('a&b=');
-assert.deepEqual(equalsInsensitive, { a: '', b: '' });
-```
-
-To distinguish between `null` values and empty strings use the `strictNullHandling` flag. In the result string the `null`
-values have no `=` sign:
-
-```javascript
-var strictNull = qs.stringify({ a: null, b: '' }, { strictNullHandling: true });
-assert.equal(strictNull, 'a&b=');
-```
-
-To parse values without `=` back to `null` use the `strictNullHandling` flag:
-
-```javascript
-var parsedStrictNull = qs.parse('a&b=', { strictNullHandling: true });
-assert.deepEqual(parsedStrictNull, { a: null, b: '' });
-```
-
-To completely skip rendering keys with `null` values, use the `skipNulls` flag:
-
-```javascript
-var nullsSkipped = qs.stringify({ a: 'b', c: null}, { skipNulls: true });
-assert.equal(nullsSkipped, 'a=b');
-```
-
-If you're communicating with legacy systems, you can switch to `iso-8859-1` using the `charset` option:
-
-```javascript
-var iso = qs.stringify({ æ: 'æ' }, { charset: 'iso-8859-1' });
-assert.equal(iso, '%E6=%E6');
-```
-
-Characters that don't exist in `iso-8859-1` will be converted to numeric entities, similar to what browsers do:
-
-```javascript
-var numeric = qs.stringify({ a: '☺' }, { charset: 'iso-8859-1' });
-assert.equal(numeric, 'a=%26%239786%3B');
-```
-
-You can use the `charsetSentinel` option to announce the character by including an `utf8=✓` parameter with the proper encoding if the checkmark, similar to what Ruby on Rails and others do when submitting forms.
-
-```javascript
-var sentinel = qs.stringify({ a: '☺' }, { charsetSentinel: true });
-assert.equal(sentinel, 'utf8=%E2%9C%93&a=%E2%98%BA');
-
-var isoSentinel = qs.stringify({ a: 'æ' }, { charsetSentinel: true, charset: 'iso-8859-1' });
-assert.equal(isoSentinel, 'utf8=%26%2310003%3B&a=%E6');
-```
-
-### Dealing with special character sets
-
-By default the encoding and decoding of characters is done in `utf-8`, and `iso-8859-1` support is also built in via the `charset` parameter.
-
-If you wish to encode querystrings to a different character set (i.e.
-[Shift JIS](https://en.wikipedia.org/wiki/Shift_JIS)) you can use the
-[`qs-iconv`](https://github.com/martinheidegger/qs-iconv) library:
-
-```javascript
-var encoder = require('qs-iconv/encoder')('shift_jis');
-var shiftJISEncoded = qs.stringify({ a: 'こんにちは！' }, { encoder: encoder });
-assert.equal(shiftJISEncoded, 'a=%82%B1%82%F1%82%C9%82%BF%82%CD%81I');
-```
-
-This also works for decoding of query strings:
-
-```javascript
-var decoder = require('qs-iconv/decoder')('shift_jis');
-var obj = qs.parse('a=%82%B1%82%F1%82%C9%82%BF%82%CD%81I', { decoder: decoder });
-assert.deepEqual(obj, { a: 'こんにちは！' });
-```
-
-### RFC 3986 and RFC 1738 space encoding
-
-RFC3986 used as default option and encodes ' ' to *%20* which is backward compatible.
-In the same time, output can be stringified as per RFC1738 with ' ' equal to '+'.
-
-```
-assert.equal(qs.stringify({ a: 'b c' }), 'a=b%20c');
-assert.equal(qs.stringify({ a: 'b c' }, { format : 'RFC3986' }), 'a=b%20c');
-assert.equal(qs.stringify({ a: 'b c' }, { format : 'RFC1738' }), 'a=b+c');
-```
-
-## Security
-
-Please email [@ljharb](https://github.com/ljharb) or see https://tidelift.com/security if you have a potential security vulnerability to report.
-
-## qs for enterprise
-
-Available as part of the Tidelift Subscription
-
-The maintainers of qs and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source dependencies you use to build your applications.
-Save time, reduce risk, and improve code health, while paying the maintainers of the exact dependencies you use.
-[Learn more.](https://tidelift.com/subscription/pkg/npm-qs?utm_source=npm-qs&utm_medium=referral&utm_campaign=enterprise&utm_term=repo)
-
-[package-url]: https://npmjs.org/package/qs
-[npm-version-svg]: https://versionbadg.es/ljharb/qs.svg
-[deps-svg]: https://david-dm.org/ljharb/qs.svg
-[deps-url]: https://david-dm.org/ljharb/qs
-[dev-deps-svg]: https://david-dm.org/ljharb/qs/dev-status.svg
-[dev-deps-url]: https://david-dm.org/ljharb/qs#info=devDependencies
-[npm-badge-png]: https://nodei.co/npm/qs.png?downloads=true&stars=true
-[license-image]: https://img.shields.io/npm/l/qs.svg
-[license-url]: LICENSE
-[downloads-image]: https://img.shields.io/npm/dm/qs.svg
-[downloads-url]: https://npm-stat.com/charts.html?package=qs
-[codecov-image]: https://codecov.io/gh/ljharb/qs/branch/main/graphs/badge.svg
-[codecov-url]: https://app.codecov.io/gh/ljharb/qs/
-[actions-image]: https://img.shields.io/github/check-runs/ljharb/qs/main
-[actions-url]: https://github.com/ljharb/qs/actions
-
-## Acknowledgements
-
-qs logo by [NUMI](https://github.com/numi-hq/open-design):
-
-[<img src="https://raw.githubusercontent.com/numi-hq/open-design/main/assets/numi-lockup.png" alt="NUMI Logo" style="width: 200px;"/>](https://numi.tech/?ref=qs)
diff --git a/src/Servers/ExpressServer/node_modules/qs/dist/qs.js b/src/Servers/ExpressServer/node_modules/qs/dist/qs.js
deleted file mode 100644
index d5eb519..0000000
--- a/src/Servers/ExpressServer/node_modules/qs/dist/qs.js
+++ /dev/null
@@ -1,141 +0,0 @@
-(function(f){if(typeof exports==="object"&&typeof module!=="undefined"){module.exports=f()}else if(typeof define==="function"&&define.amd){define([],f)}else{var g;if(typeof window!=="undefined"){g=window}else if(typeof global!=="undefined"){g=global}else if(typeof self!=="undefined"){g=self}else{g=this}g.Qs = f()}})(function(){var define,module,exports;return (function(){function r(e,n,t){function o(i,f){if(!n[i]){if(!e[i]){var c="function"==typeof require&&require;if(!f&&c)return c(i,!0);if(u)return u(i,!0);var a=new Error("Cannot find module '"+i+"'");throw a.code="MODULE_NOT_FOUND",a}var p=n[i]={exports:{}};e[i][0].call(p.exports,function(r){var n=e[i][1][r];return o(n||r)},p,p.exports,r,e,n,t)}return n[i].exports}for(var u="function"==typeof require&&require,i=0;i<t.length;i++)o(t[i]);return o}return r})()({1:[function(require,module,exports){
-"use strict";var replace=String.prototype.replace,percentTwenties=/%20/g,Format={RFC1738:"RFC1738",RFC3986:"RFC3986"};module.exports={default:Format.RFC3986,formatters:{RFC1738:function(e){return replace.call(e,percentTwenties,"+")},RFC3986:function(e){return String(e)}},RFC1738:Format.RFC1738,RFC3986:Format.RFC3986};
-
-},{}],2:[function(require,module,exports){
-"use strict";var stringify=require(4),parse=require(3),formats=require(1);module.exports={formats:formats,parse:parse,stringify:stringify};
-
-},{"1":1,"3":3,"4":4}],3:[function(require,module,exports){
-"use strict";var utils=require(5),has=Object.prototype.hasOwnProperty,isArray=Array.isArray,defaults={allowDots:!1,allowEmptyArrays:!1,allowPrototypes:!1,allowSparse:!1,arrayLimit:20,charset:"utf-8",charsetSentinel:!1,comma:!1,decodeDotInKeys:!1,decoder:utils.decode,delimiter:"&",depth:5,duplicates:"combine",ignoreQueryPrefix:!1,interpretNumericEntities:!1,parameterLimit:1e3,parseArrays:!0,plainObjects:!1,strictDepth:!1,strictNullHandling:!1,throwOnLimitExceeded:!1},interpretNumericEntities=function(e){return e.replace(/&#(\d+);/g,function(e,t){return String.fromCharCode(parseInt(t,10))})},parseArrayValue=function(e,t,r){if(e&&"string"==typeof e&&t.comma&&e.indexOf(",")>-1)return e.split(",");if(t.throwOnLimitExceeded&&r>=t.arrayLimit)throw new RangeError("Array limit exceeded. Only "+t.arrayLimit+" element"+(1===t.arrayLimit?"":"s")+" allowed in an array.");return e},isoSentinel="utf8=%26%2310003%3B",charsetSentinel="utf8=%E2%9C%93",parseValues=function parseQueryStringValues(e,t){var r={__proto__:null},i=t.ignoreQueryPrefix?e.replace(/^\?/,""):e;i=i.replace(/%5B/gi,"[").replace(/%5D/gi,"]");var a=t.parameterLimit===1/0?void 0:t.parameterLimit,o=i.split(t.delimiter,t.throwOnLimitExceeded?a+1:a);if(t.throwOnLimitExceeded&&o.length>a)throw new RangeError("Parameter limit exceeded. Only "+a+" parameter"+(1===a?"":"s")+" allowed.");var l,n=-1,s=t.charset;if(t.charsetSentinel)for(l=0;l<o.length;++l)0===o[l].indexOf("utf8=")&&(o[l]===charsetSentinel?s="utf-8":o[l]===isoSentinel&&(s="iso-8859-1"),n=l,l=o.length);for(l=0;l<o.length;++l)if(l!==n){var d,p,c=o[l],u=c.indexOf("]="),y=-1===u?c.indexOf("="):u+1;if(-1===y?(d=t.decoder(c,defaults.decoder,s,"key"),p=t.strictNullHandling?null:""):null!==(d=t.decoder(c.slice(0,y),defaults.decoder,s,"key"))&&(p=utils.maybeMap(parseArrayValue(c.slice(y+1),t,isArray(r[d])?r[d].length:0),function(e){return t.decoder(e,defaults.decoder,s,"value")})),p&&t.interpretNumericEntities&&"iso-8859-1"===s&&(p=interpretNumericEntities(String(p))),c.indexOf("[]=")>-1&&(p=isArray(p)?[p]:p),t.comma&&isArray(p)&&p.length>t.arrayLimit){if(t.throwOnLimitExceeded)throw new RangeError("Array limit exceeded. Only "+t.arrayLimit+" element"+(1===t.arrayLimit?"":"s")+" allowed in an array.");p=utils.combine([],p,t.arrayLimit,t.plainObjects)}if(null!==d){var f=has.call(r,d);f&&"combine"===t.duplicates?r[d]=utils.combine(r[d],p,t.arrayLimit,t.plainObjects):f&&"last"!==t.duplicates||(r[d]=p)}}return r},parseObject=function(e,t,r,i){var a=0;if(e.length>0&&"[]"===e[e.length-1]){var o=e.slice(0,-1).join("");a=Array.isArray(t)&&t[o]?t[o].length:0}for(var l=i?t:parseArrayValue(t,r,a),n=e.length-1;n>=0;--n){var s,d=e[n];if("[]"===d&&r.parseArrays)s=utils.isOverflow(l)?l:r.allowEmptyArrays&&(""===l||r.strictNullHandling&&null===l)?[]:utils.combine([],l,r.arrayLimit,r.plainObjects);else{s=r.plainObjects?{__proto__:null}:{};var p="["===d.charAt(0)&&"]"===d.charAt(d.length-1)?d.slice(1,-1):d,c=r.decodeDotInKeys?p.replace(/%2E/g,"."):p,u=parseInt(c,10),y=!isNaN(u)&&d!==c&&String(u)===c&&u>=0&&r.parseArrays;if(r.parseArrays||""!==c)if(y&&u<r.arrayLimit)(s=[])[u]=l;else{if(y&&r.throwOnLimitExceeded)throw new RangeError("Array limit exceeded. Only "+r.arrayLimit+" element"+(1===r.arrayLimit?"":"s")+" allowed in an array.");y?(s[u]=l,utils.markOverflow(s,u)):"__proto__"!==c&&(s[c]=l)}else s={0:l}}l=s}return l},splitKeyIntoSegments=function splitKeyIntoSegments(e,t){var r=t.allowDots?e.replace(/\.([^.[]+)/g,"[$1]"):e;if(t.depth<=0){if(!t.plainObjects&&has.call(Object.prototype,r)&&!t.allowPrototypes)return;return[r]}var i=/(\[[^[\]]*])/g,a=/(\[[^[\]]*])/.exec(r),o=a?r.slice(0,a.index):r,l=[];if(o){if(!t.plainObjects&&has.call(Object.prototype,o)&&!t.allowPrototypes)return;l[l.length]=o}for(var n=0;null!==(a=i.exec(r))&&n<t.depth;){n+=1;var s=a[1].slice(1,-1);if(!t.plainObjects&&has.call(Object.prototype,s)&&!t.allowPrototypes)return;l[l.length]=a[1]}if(a){if(!0===t.strictDepth)throw new RangeError("Input depth exceeded depth option of "+t.depth+" and strictDepth is true");l[l.length]="["+r.slice(a.index)+"]"}return l},parseKeys=function parseQueryStringKeys(e,t,r,i){if(e){var a=splitKeyIntoSegments(e,r);if(a)return parseObject(a,t,r,i)}},normalizeParseOptions=function normalizeParseOptions(e){if(!e)return defaults;if(void 0!==e.allowEmptyArrays&&"boolean"!=typeof e.allowEmptyArrays)throw new TypeError("`allowEmptyArrays` option can only be `true` or `false`, when provided");if(void 0!==e.decodeDotInKeys&&"boolean"!=typeof e.decodeDotInKeys)throw new TypeError("`decodeDotInKeys` option can only be `true` or `false`, when provided");if(null!==e.decoder&&void 0!==e.decoder&&"function"!=typeof e.decoder)throw new TypeError("Decoder has to be a function.");if(void 0!==e.charset&&"utf-8"!==e.charset&&"iso-8859-1"!==e.charset)throw new TypeError("The charset option must be either utf-8, iso-8859-1, or undefined");if(void 0!==e.throwOnLimitExceeded&&"boolean"!=typeof e.throwOnLimitExceeded)throw new TypeError("`throwOnLimitExceeded` option must be a boolean");var t=void 0===e.charset?defaults.charset:e.charset,r=void 0===e.duplicates?defaults.duplicates:e.duplicates;if("combine"!==r&&"first"!==r&&"last"!==r)throw new TypeError("The duplicates option must be either combine, first, or last");return{allowDots:void 0===e.allowDots?!0===e.decodeDotInKeys||defaults.allowDots:!!e.allowDots,allowEmptyArrays:"boolean"==typeof e.allowEmptyArrays?!!e.allowEmptyArrays:defaults.allowEmptyArrays,allowPrototypes:"boolean"==typeof e.allowPrototypes?e.allowPrototypes:defaults.allowPrototypes,allowSparse:"boolean"==typeof e.allowSparse?e.allowSparse:defaults.allowSparse,arrayLimit:"number"==typeof e.arrayLimit?e.arrayLimit:defaults.arrayLimit,charset:t,charsetSentinel:"boolean"==typeof e.charsetSentinel?e.charsetSentinel:defaults.charsetSentinel,comma:"boolean"==typeof e.comma?e.comma:defaults.comma,decodeDotInKeys:"boolean"==typeof e.decodeDotInKeys?e.decodeDotInKeys:defaults.decodeDotInKeys,decoder:"function"==typeof e.decoder?e.decoder:defaults.decoder,delimiter:"string"==typeof e.delimiter||utils.isRegExp(e.delimiter)?e.delimiter:defaults.delimiter,depth:"number"==typeof e.depth||!1===e.depth?+e.depth:defaults.depth,duplicates:r,ignoreQueryPrefix:!0===e.ignoreQueryPrefix,interpretNumericEntities:"boolean"==typeof e.interpretNumericEntities?e.interpretNumericEntities:defaults.interpretNumericEntities,parameterLimit:"number"==typeof e.parameterLimit?e.parameterLimit:defaults.parameterLimit,parseArrays:!1!==e.parseArrays,plainObjects:"boolean"==typeof e.plainObjects?e.plainObjects:defaults.plainObjects,strictDepth:"boolean"==typeof e.strictDepth?!!e.strictDepth:defaults.strictDepth,strictNullHandling:"boolean"==typeof e.strictNullHandling?e.strictNullHandling:defaults.strictNullHandling,throwOnLimitExceeded:"boolean"==typeof e.throwOnLimitExceeded&&e.throwOnLimitExceeded}};module.exports=function(e,t){var r=normalizeParseOptions(t);if(""===e||null==e)return r.plainObjects?{__proto__:null}:{};for(var i="string"==typeof e?parseValues(e,r):e,a=r.plainObjects?{__proto__:null}:{},o=Object.keys(i),l=0;l<o.length;++l){var n=o[l],s=parseKeys(n,i[n],r,"string"==typeof e);a=utils.merge(a,s,r)}return!0===r.allowSparse?a:utils.compact(a)};
-
-},{"5":5}],4:[function(require,module,exports){
-"use strict";var getSideChannel=require(46),utils=require(5),formats=require(1),has=Object.prototype.hasOwnProperty,arrayPrefixGenerators={brackets:function brackets(e){return e+"[]"},comma:"comma",indices:function indices(e,r){return e+"["+r+"]"},repeat:function repeat(e){return e}},isArray=Array.isArray,push=Array.prototype.push,pushToArray=function(e,r){push.apply(e,isArray(r)?r:[r])},toISO=Date.prototype.toISOString,defaultFormat=formats.default,defaults={addQueryPrefix:!1,allowDots:!1,allowEmptyArrays:!1,arrayFormat:"indices",charset:"utf-8",charsetSentinel:!1,commaRoundTrip:!1,delimiter:"&",encode:!0,encodeDotInKeys:!1,encoder:utils.encode,encodeValuesOnly:!1,filter:void 0,format:defaultFormat,formatter:formats.formatters[defaultFormat],indices:!1,serializeDate:function serializeDate(e){return toISO.call(e)},skipNulls:!1,strictNullHandling:!1},isNonNullishPrimitive=function isNonNullishPrimitive(e){return"string"==typeof e||"number"==typeof e||"boolean"==typeof e||"symbol"==typeof e||"bigint"==typeof e},sentinel={},stringify=function stringify(e,r,t,o,a,n,i,l,s,f,u,d,y,c,p,m,h,v){for(var g=e,w=v,b=0,A=!1;void 0!==(w=w.get(sentinel))&&!A;){var D=w.get(e);if(b+=1,void 0!==D){if(D===b)throw new RangeError("Cyclic object value");A=!0}void 0===w.get(sentinel)&&(b=0)}if("function"==typeof f?g=f(r,g):g instanceof Date?g=y(g):"comma"===t&&isArray(g)&&(g=utils.maybeMap(g,function(e){return e instanceof Date?y(e):e})),null===g){if(n)return s&&!m?s(r,defaults.encoder,h,"key",c):r;g=""}if(isNonNullishPrimitive(g)||utils.isBuffer(g))return s?[p(m?r:s(r,defaults.encoder,h,"key",c))+"="+p(s(g,defaults.encoder,h,"value",c))]:[p(r)+"="+p(String(g))];var S,E=[];if(void 0===g)return E;if("comma"===t&&isArray(g))m&&s&&(g=utils.maybeMap(g,s)),S=[{value:g.length>0?g.join(",")||null:void 0}];else if(isArray(f))S=f;else{var N=Object.keys(g);S=u?N.sort(u):N}var T=l?String(r).replace(/\./g,"%2E"):String(r),O=o&&isArray(g)&&1===g.length?T+"[]":T;if(a&&isArray(g)&&0===g.length)return O+"[]";for(var k=0;k<S.length;++k){var I=S[k],P="object"==typeof I&&I&&void 0!==I.value?I.value:g[I];if(!i||null!==P){var x=d&&l?String(I).replace(/\./g,"%2E"):String(I),z=isArray(g)?"function"==typeof t?t(O,x):O:O+(d?"."+x:"["+x+"]");v.set(e,b);var K=getSideChannel();K.set(sentinel,v),pushToArray(E,stringify(P,z,t,o,a,n,i,l,"comma"===t&&m&&isArray(g)?null:s,f,u,d,y,c,p,m,h,K))}}return E},normalizeStringifyOptions=function normalizeStringifyOptions(e){if(!e)return defaults;if(void 0!==e.allowEmptyArrays&&"boolean"!=typeof e.allowEmptyArrays)throw new TypeError("`allowEmptyArrays` option can only be `true` or `false`, when provided");if(void 0!==e.encodeDotInKeys&&"boolean"!=typeof e.encodeDotInKeys)throw new TypeError("`encodeDotInKeys` option can only be `true` or `false`, when provided");if(null!==e.encoder&&void 0!==e.encoder&&"function"!=typeof e.encoder)throw new TypeError("Encoder has to be a function.");var r=e.charset||defaults.charset;if(void 0!==e.charset&&"utf-8"!==e.charset&&"iso-8859-1"!==e.charset)throw new TypeError("The charset option must be either utf-8, iso-8859-1, or undefined");var t=formats.default;if(void 0!==e.format){if(!has.call(formats.formatters,e.format))throw new TypeError("Unknown format option provided.");t=e.format}var o,a=formats.formatters[t],n=defaults.filter;if(("function"==typeof e.filter||isArray(e.filter))&&(n=e.filter),o=e.arrayFormat in arrayPrefixGenerators?e.arrayFormat:"indices"in e?e.indices?"indices":"repeat":defaults.arrayFormat,"commaRoundTrip"in e&&"boolean"!=typeof e.commaRoundTrip)throw new TypeError("`commaRoundTrip` must be a boolean, or absent");var i=void 0===e.allowDots?!0===e.encodeDotInKeys||defaults.allowDots:!!e.allowDots;return{addQueryPrefix:"boolean"==typeof e.addQueryPrefix?e.addQueryPrefix:defaults.addQueryPrefix,allowDots:i,allowEmptyArrays:"boolean"==typeof e.allowEmptyArrays?!!e.allowEmptyArrays:defaults.allowEmptyArrays,arrayFormat:o,charset:r,charsetSentinel:"boolean"==typeof e.charsetSentinel?e.charsetSentinel:defaults.charsetSentinel,commaRoundTrip:!!e.commaRoundTrip,delimiter:void 0===e.delimiter?defaults.delimiter:e.delimiter,encode:"boolean"==typeof e.encode?e.encode:defaults.encode,encodeDotInKeys:"boolean"==typeof e.encodeDotInKeys?e.encodeDotInKeys:defaults.encodeDotInKeys,encoder:"function"==typeof e.encoder?e.encoder:defaults.encoder,encodeValuesOnly:"boolean"==typeof e.encodeValuesOnly?e.encodeValuesOnly:defaults.encodeValuesOnly,filter:n,format:t,formatter:a,serializeDate:"function"==typeof e.serializeDate?e.serializeDate:defaults.serializeDate,skipNulls:"boolean"==typeof e.skipNulls?e.skipNulls:defaults.skipNulls,sort:"function"==typeof e.sort?e.sort:null,strictNullHandling:"boolean"==typeof e.strictNullHandling?e.strictNullHandling:defaults.strictNullHandling}};module.exports=function(e,r){var t,o=e,a=normalizeStringifyOptions(r);"function"==typeof a.filter?o=(0,a.filter)("",o):isArray(a.filter)&&(t=a.filter);var n=[];if("object"!=typeof o||null===o)return"";var i=arrayPrefixGenerators[a.arrayFormat],l="comma"===i&&a.commaRoundTrip;t||(t=Object.keys(o)),a.sort&&t.sort(a.sort);for(var s=getSideChannel(),f=0;f<t.length;++f){var u=t[f],d=o[u];a.skipNulls&&null===d||pushToArray(n,stringify(d,u,i,l,a.allowEmptyArrays,a.strictNullHandling,a.skipNulls,a.encodeDotInKeys,a.encode?a.encoder:null,a.filter,a.sort,a.allowDots,a.serializeDate,a.format,a.formatter,a.encodeValuesOnly,a.charset,s))}var y=n.join(a.delimiter),c=!0===a.addQueryPrefix?"?":"";return a.charsetSentinel&&("iso-8859-1"===a.charset?c+="utf8=%26%2310003%3B&":c+="utf8=%E2%9C%93&"),y.length>0?c+y:""};
-
-},{"1":1,"46":46,"5":5}],5:[function(require,module,exports){
-"use strict";var formats=require(1),getSideChannel=require(46),has=Object.prototype.hasOwnProperty,isArray=Array.isArray,overflowChannel=getSideChannel(),markOverflow=function markOverflow(e,r){return overflowChannel.set(e,r),e},isOverflow=function isOverflow(e){return overflowChannel.has(e)},getMaxIndex=function getMaxIndex(e){return overflowChannel.get(e)},setMaxIndex=function setMaxIndex(e,r){overflowChannel.set(e,r)},hexTable=function(){for(var e=[],r=0;r<256;++r)e[e.length]="%"+((r<16?"0":"")+r.toString(16)).toUpperCase();return e}(),compactQueue=function compactQueue(e){for(;e.length>1;){var r=e.pop(),t=r.obj[r.prop];if(isArray(t)){for(var n=[],o=0;o<t.length;++o)void 0!==t[o]&&(n[n.length]=t[o]);r.obj[r.prop]=n}}},arrayToObject=function arrayToObject(e,r){for(var t=r&&r.plainObjects?{__proto__:null}:{},n=0;n<e.length;++n)void 0!==e[n]&&(t[n]=e[n]);return t},merge=function merge(e,r,t){if(!r)return e;if("object"!=typeof r&&"function"!=typeof r){if(isArray(e)){var n=e.length;if(t&&"number"==typeof t.arrayLimit&&n>t.arrayLimit)return markOverflow(arrayToObject(e.concat(r),t),n);e[n]=r}else{if(!e||"object"!=typeof e)return[e,r];if(isOverflow(e)){var o=getMaxIndex(e)+1;e[o]=r,setMaxIndex(e,o)}else(t&&(t.plainObjects||t.allowPrototypes)||!has.call(Object.prototype,r))&&(e[r]=!0)}return e}if(!e||"object"!=typeof e){if(isOverflow(r)){for(var a=Object.keys(r),i=t&&t.plainObjects?{__proto__:null,0:e}:{0:e},c=0;c<a.length;c++)i[parseInt(a[c],10)+1]=r[a[c]];return markOverflow(i,getMaxIndex(r)+1)}var l=[e].concat(r);return t&&"number"==typeof t.arrayLimit&&l.length>t.arrayLimit?markOverflow(arrayToObject(l,t),l.length-1):l}var f=e;return isArray(e)&&!isArray(r)&&(f=arrayToObject(e,t)),isArray(e)&&isArray(r)?(r.forEach(function(r,n){if(has.call(e,n)){var o=e[n];o&&"object"==typeof o&&r&&"object"==typeof r?e[n]=merge(o,r,t):e[e.length]=r}else e[n]=r}),e):Object.keys(r).reduce(function(e,n){var o=r[n];if(has.call(e,n)?e[n]=merge(e[n],o,t):e[n]=o,isOverflow(r)&&!isOverflow(e)&&markOverflow(e,getMaxIndex(r)),isOverflow(e)){var a=parseInt(n,10);String(a)===n&&a>=0&&a>getMaxIndex(e)&&setMaxIndex(e,a)}return e},f)},assign=function assignSingleSource(e,r){return Object.keys(r).reduce(function(e,t){return e[t]=r[t],e},e)},decode=function(e,r,t){var n=e.replace(/\+/g," ");if("iso-8859-1"===t)return n.replace(/%[0-9a-f]{2}/gi,unescape);try{return decodeURIComponent(n)}catch(e){return n}},limit=1024,encode=function encode(e,r,t,n,o){if(0===e.length)return e;var a=e;if("symbol"==typeof e?a=Symbol.prototype.toString.call(e):"string"!=typeof e&&(a=String(e)),"iso-8859-1"===t)return escape(a).replace(/%u[0-9a-f]{4}/gi,function(e){return"%26%23"+parseInt(e.slice(2),16)+"%3B"});for(var i="",c=0;c<a.length;c+=limit){for(var l=a.length>=limit?a.slice(c,c+limit):a,f=[],s=0;s<l.length;++s){var u=l.charCodeAt(s);45===u||46===u||95===u||126===u||u>=48&&u<=57||u>=65&&u<=90||u>=97&&u<=122||o===formats.RFC1738&&(40===u||41===u)?f[f.length]=l.charAt(s):u<128?f[f.length]=hexTable[u]:u<2048?f[f.length]=hexTable[192|u>>6]+hexTable[128|63&u]:u<55296||u>=57344?f[f.length]=hexTable[224|u>>12]+hexTable[128|u>>6&63]+hexTable[128|63&u]:(s+=1,u=65536+((1023&u)<<10|1023&l.charCodeAt(s)),f[f.length]=hexTable[240|u>>18]+hexTable[128|u>>12&63]+hexTable[128|u>>6&63]+hexTable[128|63&u])}i+=f.join("")}return i},compact=function compact(e){for(var r=[{obj:{o:e},prop:"o"}],t=[],n=0;n<r.length;++n)for(var o=r[n],a=o.obj[o.prop],i=Object.keys(a),c=0;c<i.length;++c){var l=i[c],f=a[l];"object"==typeof f&&null!==f&&-1===t.indexOf(f)&&(r[r.length]={obj:a,prop:l},t[t.length]=f)}return compactQueue(r),e},isRegExp=function isRegExp(e){return"[object RegExp]"===Object.prototype.toString.call(e)},isBuffer=function isBuffer(e){return!(!e||"object"!=typeof e||!(e.constructor&&e.constructor.isBuffer&&e.constructor.isBuffer(e)))},combine=function combine(e,r,t,n){if(isOverflow(e)){var o=getMaxIndex(e)+1;return e[o]=r,setMaxIndex(e,o),e}var a=[].concat(e,r);return a.length>t?markOverflow(arrayToObject(a,{plainObjects:n}),a.length-1):a},maybeMap=function maybeMap(e,r){if(isArray(e)){for(var t=[],n=0;n<e.length;n+=1)t[t.length]=r(e[n]);return t}return r(e)};module.exports={/* common-shake removed: arrayToObject:arrayToObject *//* common-shake removed: assign:assign */combine:combine,compact:compact,decode:decode,encode:encode,isBuffer:isBuffer,isOverflow:isOverflow,isRegExp:isRegExp,markOverflow:markOverflow,maybeMap:maybeMap,merge:merge};
-
-},{"1":1,"46":46}],46:[function(require,module,exports){
-"use strict";var $TypeError=require(20),inspect=require(42),getSideChannelList=require(43),getSideChannelMap=require(44),getSideChannelWeakMap=require(45),makeChannel=getSideChannelWeakMap||getSideChannelMap||getSideChannelList;module.exports=function getSideChannel(){var e,n={assert:function(e){if(!n.has(e))throw new $TypeError("Side channel does not contain "+inspect(e))},delete:function(n){return!!e&&e.delete(n)},get:function(n){return e&&e.get(n)},has:function(n){return!!e&&e.has(n)},set:function(n,t){e||(e=makeChannel()),e.set(n,t)}};return n};
-
-},{"20":20,"42":42,"43":43,"44":44,"45":45}],6:[function(require,module,exports){
-
-},{}],7:[function(require,module,exports){
-"use strict";var bind=require(24),$apply=require(8),$call=require(9),$reflectApply=require(11);module.exports=$reflectApply||bind.call($call,$apply);
-
-},{"11":11,"24":24,"8":8,"9":9}],9:[function(require,module,exports){
-"use strict";module.exports=Function.prototype.call;
-
-},{}],8:[function(require,module,exports){
-"use strict";module.exports=Function.prototype.apply;
-
-},{}],24:[function(require,module,exports){
-"use strict";var implementation=require(23);module.exports=Function.prototype.bind||implementation;
-
-},{"23":23}],11:[function(require,module,exports){
-"use strict";module.exports="undefined"!=typeof Reflect&&Reflect&&Reflect.apply;
-
-},{}],10:[function(require,module,exports){
-"use strict";var bind=require(24),$TypeError=require(20),$call=require(9),$actualApply=require(7);module.exports=function callBindBasic(r){if(r.length<1||"function"!=typeof r[0])throw new $TypeError("a function is required");return $actualApply(bind,$call,r)};
-
-},{"20":20,"24":24,"7":7,"9":9}],20:[function(require,module,exports){
-"use strict";module.exports=TypeError;
-
-},{}],12:[function(require,module,exports){
-"use strict";var GetIntrinsic=require(25),callBindBasic=require(10),$indexOf=callBindBasic([GetIntrinsic("%String.prototype.indexOf%")]);module.exports=function callBoundIntrinsic(i,n){var t=GetIntrinsic(i,!!n);return"function"==typeof t&&$indexOf(i,".prototype.")>-1?callBindBasic([t]):t};
-
-},{"10":10,"25":25}],25:[function(require,module,exports){
-"use strict";var undefined,$Object=require(22),$Error=require(16),$EvalError=require(15),$RangeError=require(17),$ReferenceError=require(18),$SyntaxError=require(19),$TypeError=require(20),$URIError=require(21),abs=require(34),floor=require(35),max=require(37),min=require(38),pow=require(39),round=require(40),sign=require(41),$Function=Function,getEvalledConstructor=function(r){try{return $Function('"use strict"; return ('+r+").constructor;")()}catch(r){}},$gOPD=require(30),$defineProperty=require(14),throwTypeError=function(){throw new $TypeError},ThrowTypeError=$gOPD?function(){try{return throwTypeError}catch(r){try{return $gOPD(arguments,"callee").get}catch(r){return throwTypeError}}}():throwTypeError,hasSymbols=require(31)(),getProto=require(28),$ObjectGPO=require(26),$ReflectGPO=require(27),$apply=require(8),$call=require(9),needsEval={},TypedArray="undefined"!=typeof Uint8Array&&getProto?getProto(Uint8Array):undefined,INTRINSICS={__proto__:null,"%AggregateError%":"undefined"==typeof AggregateError?undefined:AggregateError,"%Array%":Array,"%ArrayBuffer%":"undefined"==typeof ArrayBuffer?undefined:ArrayBuffer,"%ArrayIteratorPrototype%":hasSymbols&&getProto?getProto([][Symbol.iterator]()):undefined,"%AsyncFromSyncIteratorPrototype%":undefined,"%AsyncFunction%":needsEval,"%AsyncGenerator%":needsEval,"%AsyncGeneratorFunction%":needsEval,"%AsyncIteratorPrototype%":needsEval,"%Atomics%":"undefined"==typeof Atomics?undefined:Atomics,"%BigInt%":"undefined"==typeof BigInt?undefined:BigInt,"%BigInt64Array%":"undefined"==typeof BigInt64Array?undefined:BigInt64Array,"%BigUint64Array%":"undefined"==typeof BigUint64Array?undefined:BigUint64Array,"%Boolean%":Boolean,"%DataView%":"undefined"==typeof DataView?undefined:DataView,"%Date%":Date,"%decodeURI%":decodeURI,"%decodeURIComponent%":decodeURIComponent,"%encodeURI%":encodeURI,"%encodeURIComponent%":encodeURIComponent,"%Error%":$Error,"%eval%":eval,"%EvalError%":$EvalError,"%Float16Array%":"undefined"==typeof Float16Array?undefined:Float16Array,"%Float32Array%":"undefined"==typeof Float32Array?undefined:Float32Array,"%Float64Array%":"undefined"==typeof Float64Array?undefined:Float64Array,"%FinalizationRegistry%":"undefined"==typeof FinalizationRegistry?undefined:FinalizationRegistry,"%Function%":$Function,"%GeneratorFunction%":needsEval,"%Int8Array%":"undefined"==typeof Int8Array?undefined:Int8Array,"%Int16Array%":"undefined"==typeof Int16Array?undefined:Int16Array,"%Int32Array%":"undefined"==typeof Int32Array?undefined:Int32Array,"%isFinite%":isFinite,"%isNaN%":isNaN,"%IteratorPrototype%":hasSymbols&&getProto?getProto(getProto([][Symbol.iterator]())):undefined,"%JSON%":"object"==typeof JSON?JSON:undefined,"%Map%":"undefined"==typeof Map?undefined:Map,"%MapIteratorPrototype%":"undefined"!=typeof Map&&hasSymbols&&getProto?getProto((new Map)[Symbol.iterator]()):undefined,"%Math%":Math,"%Number%":Number,"%Object%":$Object,"%Object.getOwnPropertyDescriptor%":$gOPD,"%parseFloat%":parseFloat,"%parseInt%":parseInt,"%Promise%":"undefined"==typeof Promise?undefined:Promise,"%Proxy%":"undefined"==typeof Proxy?undefined:Proxy,"%RangeError%":$RangeError,"%ReferenceError%":$ReferenceError,"%Reflect%":"undefined"==typeof Reflect?undefined:Reflect,"%RegExp%":RegExp,"%Set%":"undefined"==typeof Set?undefined:Set,"%SetIteratorPrototype%":"undefined"!=typeof Set&&hasSymbols&&getProto?getProto((new Set)[Symbol.iterator]()):undefined,"%SharedArrayBuffer%":"undefined"==typeof SharedArrayBuffer?undefined:SharedArrayBuffer,"%String%":String,"%StringIteratorPrototype%":hasSymbols&&getProto?getProto(""[Symbol.iterator]()):undefined,"%Symbol%":hasSymbols?Symbol:undefined,"%SyntaxError%":$SyntaxError,"%ThrowTypeError%":ThrowTypeError,"%TypedArray%":TypedArray,"%TypeError%":$TypeError,"%Uint8Array%":"undefined"==typeof Uint8Array?undefined:Uint8Array,"%Uint8ClampedArray%":"undefined"==typeof Uint8ClampedArray?undefined:Uint8ClampedArray,"%Uint16Array%":"undefined"==typeof Uint16Array?undefined:Uint16Array,"%Uint32Array%":"undefined"==typeof Uint32Array?undefined:Uint32Array,"%URIError%":$URIError,"%WeakMap%":"undefined"==typeof WeakMap?undefined:WeakMap,"%WeakRef%":"undefined"==typeof WeakRef?undefined:WeakRef,"%WeakSet%":"undefined"==typeof WeakSet?undefined:WeakSet,"%Function.prototype.call%":$call,"%Function.prototype.apply%":$apply,"%Object.defineProperty%":$defineProperty,"%Object.getPrototypeOf%":$ObjectGPO,"%Math.abs%":abs,"%Math.floor%":floor,"%Math.max%":max,"%Math.min%":min,"%Math.pow%":pow,"%Math.round%":round,"%Math.sign%":sign,"%Reflect.getPrototypeOf%":$ReflectGPO};if(getProto)try{null.error}catch(r){var errorProto=getProto(getProto(r));INTRINSICS["%Error.prototype%"]=errorProto}var doEval=function doEval(r){var e;if("%AsyncFunction%"===r)e=getEvalledConstructor("async function () {}");else if("%GeneratorFunction%"===r)e=getEvalledConstructor("function* () {}");else if("%AsyncGeneratorFunction%"===r)e=getEvalledConstructor("async function* () {}");else if("%AsyncGenerator%"===r){var t=doEval("%AsyncGeneratorFunction%");t&&(e=t.prototype)}else if("%AsyncIteratorPrototype%"===r){var o=doEval("%AsyncGenerator%");o&&getProto&&(e=getProto(o.prototype))}return INTRINSICS[r]=e,e},LEGACY_ALIASES={__proto__:null,"%ArrayBufferPrototype%":["ArrayBuffer","prototype"],"%ArrayPrototype%":["Array","prototype"],"%ArrayProto_entries%":["Array","prototype","entries"],"%ArrayProto_forEach%":["Array","prototype","forEach"],"%ArrayProto_keys%":["Array","prototype","keys"],"%ArrayProto_values%":["Array","prototype","values"],"%AsyncFunctionPrototype%":["AsyncFunction","prototype"],"%AsyncGenerator%":["AsyncGeneratorFunction","prototype"],"%AsyncGeneratorPrototype%":["AsyncGeneratorFunction","prototype","prototype"],"%BooleanPrototype%":["Boolean","prototype"],"%DataViewPrototype%":["DataView","prototype"],"%DatePrototype%":["Date","prototype"],"%ErrorPrototype%":["Error","prototype"],"%EvalErrorPrototype%":["EvalError","prototype"],"%Float32ArrayPrototype%":["Float32Array","prototype"],"%Float64ArrayPrototype%":["Float64Array","prototype"],"%FunctionPrototype%":["Function","prototype"],"%Generator%":["GeneratorFunction","prototype"],"%GeneratorPrototype%":["GeneratorFunction","prototype","prototype"],"%Int8ArrayPrototype%":["Int8Array","prototype"],"%Int16ArrayPrototype%":["Int16Array","prototype"],"%Int32ArrayPrototype%":["Int32Array","prototype"],"%JSONParse%":["JSON","parse"],"%JSONStringify%":["JSON","stringify"],"%MapPrototype%":["Map","prototype"],"%NumberPrototype%":["Number","prototype"],"%ObjectPrototype%":["Object","prototype"],"%ObjProto_toString%":["Object","prototype","toString"],"%ObjProto_valueOf%":["Object","prototype","valueOf"],"%PromisePrototype%":["Promise","prototype"],"%PromiseProto_then%":["Promise","prototype","then"],"%Promise_all%":["Promise","all"],"%Promise_reject%":["Promise","reject"],"%Promise_resolve%":["Promise","resolve"],"%RangeErrorPrototype%":["RangeError","prototype"],"%ReferenceErrorPrototype%":["ReferenceError","prototype"],"%RegExpPrototype%":["RegExp","prototype"],"%SetPrototype%":["Set","prototype"],"%SharedArrayBufferPrototype%":["SharedArrayBuffer","prototype"],"%StringPrototype%":["String","prototype"],"%SymbolPrototype%":["Symbol","prototype"],"%SyntaxErrorPrototype%":["SyntaxError","prototype"],"%TypedArrayPrototype%":["TypedArray","prototype"],"%TypeErrorPrototype%":["TypeError","prototype"],"%Uint8ArrayPrototype%":["Uint8Array","prototype"],"%Uint8ClampedArrayPrototype%":["Uint8ClampedArray","prototype"],"%Uint16ArrayPrototype%":["Uint16Array","prototype"],"%Uint32ArrayPrototype%":["Uint32Array","prototype"],"%URIErrorPrototype%":["URIError","prototype"],"%WeakMapPrototype%":["WeakMap","prototype"],"%WeakSetPrototype%":["WeakSet","prototype"]},bind=require(24),hasOwn=require(33),$concat=bind.call($call,Array.prototype.concat),$spliceApply=bind.call($apply,Array.prototype.splice),$replace=bind.call($call,String.prototype.replace),$strSlice=bind.call($call,String.prototype.slice),$exec=bind.call($call,RegExp.prototype.exec),rePropName=/[^%.[\]]+|\[(?:(-?\d+(?:\.\d+)?)|(["'])((?:(?!\2)[^\\]|\\.)*?)\2)\]|(?=(?:\.|\[\])(?:\.|\[\]|%$))/g,reEscapeChar=/\\(\\)?/g,stringToPath=function stringToPath(r){var e=$strSlice(r,0,1),t=$strSlice(r,-1);if("%"===e&&"%"!==t)throw new $SyntaxError("invalid intrinsic syntax, expected closing `%`");if("%"===t&&"%"!==e)throw new $SyntaxError("invalid intrinsic syntax, expected opening `%`");var o=[];return $replace(r,rePropName,function(r,e,t,n){o[o.length]=t?$replace(n,reEscapeChar,"$1"):e||r}),o},getBaseIntrinsic=function getBaseIntrinsic(r,e){var t,o=r;if(hasOwn(LEGACY_ALIASES,o)&&(o="%"+(t=LEGACY_ALIASES[o])[0]+"%"),hasOwn(INTRINSICS,o)){var n=INTRINSICS[o];if(n===needsEval&&(n=doEval(o)),void 0===n&&!e)throw new $TypeError("intrinsic "+r+" exists, but is not available. Please file an issue!");return{alias:t,name:o,value:n}}throw new $SyntaxError("intrinsic "+r+" does not exist!")};module.exports=function GetIntrinsic(r,e){if("string"!=typeof r||0===r.length)throw new $TypeError("intrinsic name must be a non-empty string");if(arguments.length>1&&"boolean"!=typeof e)throw new $TypeError('"allowMissing" argument must be a boolean');if(null===$exec(/^%?[^%]*%?$/,r))throw new $SyntaxError("`%` may not be present anywhere but at the beginning and end of the intrinsic name");var t=stringToPath(r),o=t.length>0?t[0]:"",n=getBaseIntrinsic("%"+o+"%",e),a=n.name,i=n.value,y=!1,p=n.alias;p&&(o=p[0],$spliceApply(t,$concat([0,1],p)));for(var d=1,s=!0;d<t.length;d+=1){var f=t[d],l=$strSlice(f,0,1),u=$strSlice(f,-1);if(('"'===l||"'"===l||"`"===l||'"'===u||"'"===u||"`"===u)&&l!==u)throw new $SyntaxError("property names with quotes must have matching quotes");if("constructor"!==f&&s||(y=!0),hasOwn(INTRINSICS,a="%"+(o+="."+f)+"%"))i=INTRINSICS[a];else if(null!=i){if(!(f in i)){if(!e)throw new $TypeError("base intrinsic for "+r+" exists, but the property is not available.");return}if($gOPD&&d+1>=t.length){var c=$gOPD(i,f);i=(s=!!c)&&"get"in c&&!("originalValue"in c.get)?c.get:i[f]}else s=hasOwn(i,f),i=i[f];s&&!y&&(INTRINSICS[a]=i)}}return i};
-
-},{"14":14,"15":15,"16":16,"17":17,"18":18,"19":19,"20":20,"21":21,"22":22,"24":24,"26":26,"27":27,"28":28,"30":30,"31":31,"33":33,"34":34,"35":35,"37":37,"38":38,"39":39,"40":40,"41":41,"8":8,"9":9}],13:[function(require,module,exports){
-"use strict";var hasProtoAccessor,callBind=require(10),gOPD=require(30);try{hasProtoAccessor=[].__proto__===Array.prototype}catch(t){if(!t||"object"!=typeof t||!("code"in t)||"ERR_PROTO_ACCESS"!==t.code)throw t}var desc=!!hasProtoAccessor&&gOPD&&gOPD(Object.prototype,"__proto__"),$Object=Object,$getPrototypeOf=$Object.getPrototypeOf;module.exports=desc&&"function"==typeof desc.get?callBind([desc.get]):"function"==typeof $getPrototypeOf&&function getDunder(t){return $getPrototypeOf(null==t?t:$Object(t))};
-
-},{"10":10,"30":30}],30:[function(require,module,exports){
-"use strict";var $gOPD=require(29);if($gOPD)try{$gOPD([],"length")}catch(g){$gOPD=null}module.exports=$gOPD;
-
-},{"29":29}],14:[function(require,module,exports){
-"use strict";var $defineProperty=Object.defineProperty||!1;if($defineProperty)try{$defineProperty({},"a",{value:1})}catch(e){$defineProperty=!1}module.exports=$defineProperty;
-
-},{}],15:[function(require,module,exports){
-"use strict";module.exports=EvalError;
-
-},{}],16:[function(require,module,exports){
-"use strict";module.exports=Error;
-
-},{}],17:[function(require,module,exports){
-"use strict";module.exports=RangeError;
-
-},{}],18:[function(require,module,exports){
-"use strict";module.exports=ReferenceError;
-
-},{}],19:[function(require,module,exports){
-"use strict";module.exports=SyntaxError;
-
-},{}],21:[function(require,module,exports){
-"use strict";module.exports=URIError;
-
-},{}],22:[function(require,module,exports){
-"use strict";module.exports=Object;
-
-},{}],23:[function(require,module,exports){
-"use strict";var ERROR_MESSAGE="Function.prototype.bind called on incompatible ",toStr=Object.prototype.toString,max=Math.max,funcType="[object Function]",concatty=function concatty(t,n){for(var r=[],o=0;o<t.length;o+=1)r[o]=t[o];for(var e=0;e<n.length;e+=1)r[e+t.length]=n[e];return r},slicy=function slicy(t,n){for(var r=[],o=n||0,e=0;o<t.length;o+=1,e+=1)r[e]=t[o];return r},joiny=function(t,n){for(var r="",o=0;o<t.length;o+=1)r+=t[o],o+1<t.length&&(r+=n);return r};module.exports=function bind(t){var n=this;if("function"!=typeof n||toStr.apply(n)!==funcType)throw new TypeError(ERROR_MESSAGE+n);for(var r,o=slicy(arguments,1),e=max(0,n.length-o.length),i=[],c=0;c<e;c++)i[c]="$"+c;if(r=Function("binder","return function ("+joiny(i,",")+"){ return binder.apply(this,arguments); }")(function(){if(this instanceof r){var e=n.apply(this,concatty(o,arguments));return Object(e)===e?e:this}return n.apply(t,concatty(o,arguments))}),n.prototype){var p=function Empty(){};p.prototype=n.prototype,r.prototype=new p,p.prototype=null}return r};
-
-},{}],39:[function(require,module,exports){
-"use strict";module.exports=Math.pow;
-
-},{}],37:[function(require,module,exports){
-"use strict";module.exports=Math.max;
-
-},{}],34:[function(require,module,exports){
-"use strict";module.exports=Math.abs;
-
-},{}],38:[function(require,module,exports){
-"use strict";module.exports=Math.min;
-
-},{}],35:[function(require,module,exports){
-"use strict";module.exports=Math.floor;
-
-},{}],40:[function(require,module,exports){
-"use strict";module.exports=Math.round;
-
-},{}],27:[function(require,module,exports){
-"use strict";module.exports="undefined"!=typeof Reflect&&Reflect.getPrototypeOf||null;
-
-},{}],26:[function(require,module,exports){
-"use strict";var $Object=require(22);module.exports=$Object.getPrototypeOf||null;
-
-},{"22":22}],41:[function(require,module,exports){
-"use strict";var $isNaN=require(36);module.exports=function sign(i){return $isNaN(i)||0===i?i:i<0?-1:1};
-
-},{"36":36}],33:[function(require,module,exports){
-"use strict";var call=Function.prototype.call,$hasOwn=Object.prototype.hasOwnProperty,bind=require(24);module.exports=bind.call(call,$hasOwn);
-
-},{"24":24}],31:[function(require,module,exports){
-"use strict";var origSymbol="undefined"!=typeof Symbol&&Symbol,hasSymbolSham=require(32);module.exports=function hasNativeSymbols(){return"function"==typeof origSymbol&&"function"==typeof Symbol&&"symbol"==typeof origSymbol("foo")&&"symbol"==typeof Symbol("bar")&&hasSymbolSham()};
-
-},{"32":32}],28:[function(require,module,exports){
-"use strict";var reflectGetProto=require(27),originalGetProto=require(26),getDunderProto=require(13);module.exports=reflectGetProto?function getProto(t){return reflectGetProto(t)}:originalGetProto?function getProto(t){if(!t||"object"!=typeof t&&"function"!=typeof t)throw new TypeError("getProto: not an object");return originalGetProto(t)}:getDunderProto?function getProto(t){return getDunderProto(t)}:null;
-
-},{"13":13,"26":26,"27":27}],29:[function(require,module,exports){
-"use strict";module.exports=Object.getOwnPropertyDescriptor;
-
-},{}],32:[function(require,module,exports){
-"use strict";module.exports=function hasSymbols(){if("function"!=typeof Symbol||"function"!=typeof Object.getOwnPropertySymbols)return!1;if("symbol"==typeof Symbol.iterator)return!0;var t={},e=Symbol("test"),r=Object(e);if("string"==typeof e)return!1;if("[object Symbol]"!==Object.prototype.toString.call(e))return!1;if("[object Symbol]"!==Object.prototype.toString.call(r))return!1;for(var o in t[e]=42,t)return!1;if("function"==typeof Object.keys&&0!==Object.keys(t).length)return!1;if("function"==typeof Object.getOwnPropertyNames&&0!==Object.getOwnPropertyNames(t).length)return!1;var n=Object.getOwnPropertySymbols(t);if(1!==n.length||n[0]!==e)return!1;if(!Object.prototype.propertyIsEnumerable.call(t,e))return!1;if("function"==typeof Object.getOwnPropertyDescriptor){var y=Object.getOwnPropertyDescriptor(t,e);if(42!==y.value||!0!==y.enumerable)return!1}return!0};
-
-},{}],36:[function(require,module,exports){
-"use strict";module.exports=Number.isNaN||function isNaN(e){return e!=e};
-
-},{}],42:[function(require,module,exports){
-(function (global){(function (){
-var hasMap="function"==typeof Map&&Map.prototype,mapSizeDescriptor=Object.getOwnPropertyDescriptor&&hasMap?Object.getOwnPropertyDescriptor(Map.prototype,"size"):null,mapSize=hasMap&&mapSizeDescriptor&&"function"==typeof mapSizeDescriptor.get?mapSizeDescriptor.get:null,mapForEach=hasMap&&Map.prototype.forEach,hasSet="function"==typeof Set&&Set.prototype,setSizeDescriptor=Object.getOwnPropertyDescriptor&&hasSet?Object.getOwnPropertyDescriptor(Set.prototype,"size"):null,setSize=hasSet&&setSizeDescriptor&&"function"==typeof setSizeDescriptor.get?setSizeDescriptor.get:null,setForEach=hasSet&&Set.prototype.forEach,hasWeakMap="function"==typeof WeakMap&&WeakMap.prototype,weakMapHas=hasWeakMap?WeakMap.prototype.has:null,hasWeakSet="function"==typeof WeakSet&&WeakSet.prototype,weakSetHas=hasWeakSet?WeakSet.prototype.has:null,hasWeakRef="function"==typeof WeakRef&&WeakRef.prototype,weakRefDeref=hasWeakRef?WeakRef.prototype.deref:null,booleanValueOf=Boolean.prototype.valueOf,objectToString=Object.prototype.toString,functionToString=Function.prototype.toString,$match=String.prototype.match,$slice=String.prototype.slice,$replace=String.prototype.replace,$toUpperCase=String.prototype.toUpperCase,$toLowerCase=String.prototype.toLowerCase,$test=RegExp.prototype.test,$concat=Array.prototype.concat,$join=Array.prototype.join,$arrSlice=Array.prototype.slice,$floor=Math.floor,bigIntValueOf="function"==typeof BigInt?BigInt.prototype.valueOf:null,gOPS=Object.getOwnPropertySymbols,symToString="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?Symbol.prototype.toString:null,hasShammedSymbols="function"==typeof Symbol&&"object"==typeof Symbol.iterator,toStringTag="function"==typeof Symbol&&Symbol.toStringTag&&(Symbol.toStringTag,1)?Symbol.toStringTag:null,isEnumerable=Object.prototype.propertyIsEnumerable,gPO=("function"==typeof Reflect?Reflect.getPrototypeOf:Object.getPrototypeOf)||([].__proto__===Array.prototype?function(t){return t.__proto__}:null);function addNumericSeparator(t,e){if(t===1/0||t===-1/0||t!=t||t&&t>-1e3&&t<1e3||$test.call(/e/,e))return e;var r=/[0-9](?=(?:[0-9]{3})+(?![0-9]))/g;if("number"==typeof t){var n=t<0?-$floor(-t):$floor(t);if(n!==t){var o=String(n),i=$slice.call(e,o.length+1);return $replace.call(o,r,"$&_")+"."+$replace.call($replace.call(i,/([0-9]{3})/g,"$&_"),/_$/,"")}}return $replace.call(e,r,"$&_")}var utilInspect=require(6),inspectCustom=utilInspect.custom,inspectSymbol=isSymbol(inspectCustom)?inspectCustom:null,quotes={__proto__:null,double:'"',single:"'"},quoteREs={__proto__:null,double:/(["\\])/g,single:/(['\\])/g};function wrapQuotes(t,e,r){var n=r.quoteStyle||e,o=quotes[n];return o+t+o}function quote(t){return $replace.call(String(t),/"/g,"&quot;")}function canTrustToString(t){return!toStringTag||!("object"==typeof t&&(toStringTag in t||void 0!==t[toStringTag]))}function isArray(t){return"[object Array]"===toStr(t)&&canTrustToString(t)}function isDate(t){return"[object Date]"===toStr(t)&&canTrustToString(t)}function isRegExp(t){return"[object RegExp]"===toStr(t)&&canTrustToString(t)}function isError(t){return"[object Error]"===toStr(t)&&canTrustToString(t)}function isString(t){return"[object String]"===toStr(t)&&canTrustToString(t)}function isNumber(t){return"[object Number]"===toStr(t)&&canTrustToString(t)}function isBoolean(t){return"[object Boolean]"===toStr(t)&&canTrustToString(t)}function isSymbol(t){if(hasShammedSymbols)return t&&"object"==typeof t&&t instanceof Symbol;if("symbol"==typeof t)return!0;if(!t||"object"!=typeof t||!symToString)return!1;try{return symToString.call(t),!0}catch(t){}return!1}function isBigInt(t){if(!t||"object"!=typeof t||!bigIntValueOf)return!1;try{return bigIntValueOf.call(t),!0}catch(t){}return!1}module.exports=function inspect_(t,e,r,n){var o=e||{};if(has(o,"quoteStyle")&&!has(quotes,o.quoteStyle))throw new TypeError('option "quoteStyle" must be "single" or "double"');if(has(o,"maxStringLength")&&("number"==typeof o.maxStringLength?o.maxStringLength<0&&o.maxStringLength!==1/0:null!==o.maxStringLength))throw new TypeError('option "maxStringLength", if provided, must be a positive integer, Infinity, or `null`');var i=!has(o,"customInspect")||o.customInspect;if("boolean"!=typeof i&&"symbol"!==i)throw new TypeError("option \"customInspect\", if provided, must be `true`, `false`, or `'symbol'`");if(has(o,"indent")&&null!==o.indent&&"\t"!==o.indent&&!(parseInt(o.indent,10)===o.indent&&o.indent>0))throw new TypeError('option "indent" must be "\\t", an integer > 0, or `null`');if(has(o,"numericSeparator")&&"boolean"!=typeof o.numericSeparator)throw new TypeError('option "numericSeparator", if provided, must be `true` or `false`');var a=o.numericSeparator;if(void 0===t)return"undefined";if(null===t)return"null";if("boolean"==typeof t)return t?"true":"false";if("string"==typeof t)return inspectString(t,o);if("number"==typeof t){if(0===t)return 1/0/t>0?"0":"-0";var c=String(t);return a?addNumericSeparator(t,c):c}if("bigint"==typeof t){var l=String(t)+"n";return a?addNumericSeparator(t,l):l}var u=void 0===o.depth?5:o.depth;if(void 0===r&&(r=0),r>=u&&u>0&&"object"==typeof t)return isArray(t)?"[Array]":"[Object]";var p=getIndent(o,r);if(void 0===n)n=[];else if(indexOf(n,t)>=0)return"[Circular]";function inspect(t,e,i){if(e&&(n=$arrSlice.call(n)).push(e),i){var a={depth:o.depth};return has(o,"quoteStyle")&&(a.quoteStyle=o.quoteStyle),inspect_(t,a,r+1,n)}return inspect_(t,o,r+1,n)}if("function"==typeof t&&!isRegExp(t)){var s=nameOf(t),f=arrObjKeys(t,inspect);return"[Function"+(s?": "+s:" (anonymous)")+"]"+(f.length>0?" { "+$join.call(f,", ")+" }":"")}if(isSymbol(t)){var y=hasShammedSymbols?$replace.call(String(t),/^(Symbol\(.*\))_[^)]*$/,"$1"):symToString.call(t);return"object"!=typeof t||hasShammedSymbols?y:markBoxed(y)}if(isElement(t)){for(var S="<"+$toLowerCase.call(String(t.nodeName)),g=t.attributes||[],m=0;m<g.length;m++)S+=" "+g[m].name+"="+wrapQuotes(quote(g[m].value),"double",o);return S+=">",t.childNodes&&t.childNodes.length&&(S+="..."),S+"</"+$toLowerCase.call(String(t.nodeName))+">"}if(isArray(t)){if(0===t.length)return"[]";var b=arrObjKeys(t,inspect);return p&&!singleLineValues(b)?"["+indentedJoin(b,p)+"]":"[ "+$join.call(b,", ")+" ]"}if(isError(t)){var h=arrObjKeys(t,inspect);return"cause"in Error.prototype||!("cause"in t)||isEnumerable.call(t,"cause")?0===h.length?"["+String(t)+"]":"{ ["+String(t)+"] "+$join.call(h,", ")+" }":"{ ["+String(t)+"] "+$join.call($concat.call("[cause]: "+inspect(t.cause),h),", ")+" }"}if("object"==typeof t&&i){if(inspectSymbol&&"function"==typeof t[inspectSymbol]&&utilInspect)return utilInspect(t,{depth:u-r});if("symbol"!==i&&"function"==typeof t.inspect)return t.inspect()}if(isMap(t)){var d=[];return mapForEach&&mapForEach.call(t,function(e,r){d.push(inspect(r,t,!0)+" => "+inspect(e,t))}),collectionOf("Map",mapSize.call(t),d,p)}if(isSet(t)){var O=[];return setForEach&&setForEach.call(t,function(e){O.push(inspect(e,t))}),collectionOf("Set",setSize.call(t),O,p)}if(isWeakMap(t))return weakCollectionOf("WeakMap");if(isWeakSet(t))return weakCollectionOf("WeakSet");if(isWeakRef(t))return weakCollectionOf("WeakRef");if(isNumber(t))return markBoxed(inspect(Number(t)));if(isBigInt(t))return markBoxed(inspect(bigIntValueOf.call(t)));if(isBoolean(t))return markBoxed(booleanValueOf.call(t));if(isString(t))return markBoxed(inspect(String(t)));if("undefined"!=typeof window&&t===window)return"{ [object Window] }";if("undefined"!=typeof globalThis&&t===globalThis||"undefined"!=typeof global&&t===global)return"{ [object globalThis] }";if(!isDate(t)&&!isRegExp(t)){var j=arrObjKeys(t,inspect),w=gPO?gPO(t)===Object.prototype:t instanceof Object||t.constructor===Object,$=t instanceof Object?"":"null prototype",v=!w&&toStringTag&&Object(t)===t&&toStringTag in t?$slice.call(toStr(t),8,-1):$?"Object":"",k=(w||"function"!=typeof t.constructor?"":t.constructor.name?t.constructor.name+" ":"")+(v||$?"["+$join.call($concat.call([],v||[],$||[]),": ")+"] ":"");return 0===j.length?k+"{}":p?k+"{"+indentedJoin(j,p)+"}":k+"{ "+$join.call(j,", ")+" }"}return String(t)};var hasOwn=Object.prototype.hasOwnProperty||function(t){return t in this};function has(t,e){return hasOwn.call(t,e)}function toStr(t){return objectToString.call(t)}function nameOf(t){if(t.name)return t.name;var e=$match.call(functionToString.call(t),/^function\s*([\w$]+)/);return e?e[1]:null}function indexOf(t,e){if(t.indexOf)return t.indexOf(e);for(var r=0,n=t.length;r<n;r++)if(t[r]===e)return r;return-1}function isMap(t){if(!mapSize||!t||"object"!=typeof t)return!1;try{mapSize.call(t);try{setSize.call(t)}catch(t){return!0}return t instanceof Map}catch(t){}return!1}function isWeakMap(t){if(!weakMapHas||!t||"object"!=typeof t)return!1;try{weakMapHas.call(t,weakMapHas);try{weakSetHas.call(t,weakSetHas)}catch(t){return!0}return t instanceof WeakMap}catch(t){}return!1}function isWeakRef(t){if(!weakRefDeref||!t||"object"!=typeof t)return!1;try{return weakRefDeref.call(t),!0}catch(t){}return!1}function isSet(t){if(!setSize||!t||"object"!=typeof t)return!1;try{setSize.call(t);try{mapSize.call(t)}catch(t){return!0}return t instanceof Set}catch(t){}return!1}function isWeakSet(t){if(!weakSetHas||!t||"object"!=typeof t)return!1;try{weakSetHas.call(t,weakSetHas);try{weakMapHas.call(t,weakMapHas)}catch(t){return!0}return t instanceof WeakSet}catch(t){}return!1}function isElement(t){return!(!t||"object"!=typeof t)&&("undefined"!=typeof HTMLElement&&t instanceof HTMLElement||"string"==typeof t.nodeName&&"function"==typeof t.getAttribute)}function inspectString(t,e){if(t.length>e.maxStringLength){var r=t.length-e.maxStringLength,n="... "+r+" more character"+(r>1?"s":"");return inspectString($slice.call(t,0,e.maxStringLength),e)+n}var o=quoteREs[e.quoteStyle||"single"];return o.lastIndex=0,wrapQuotes($replace.call($replace.call(t,o,"\\$1"),/[\x00-\x1f]/g,lowbyte),"single",e)}function lowbyte(t){var e=t.charCodeAt(0),r={8:"b",9:"t",10:"n",12:"f",13:"r"}[e];return r?"\\"+r:"\\x"+(e<16?"0":"")+$toUpperCase.call(e.toString(16))}function markBoxed(t){return"Object("+t+")"}function weakCollectionOf(t){return t+" { ? }"}function collectionOf(t,e,r,n){return t+" ("+e+") {"+(n?indentedJoin(r,n):$join.call(r,", "))+"}"}function singleLineValues(t){for(var e=0;e<t.length;e++)if(indexOf(t[e],"\n")>=0)return!1;return!0}function getIndent(t,e){var r;if("\t"===t.indent)r="\t";else{if(!("number"==typeof t.indent&&t.indent>0))return null;r=$join.call(Array(t.indent+1)," ")}return{base:r,prev:$join.call(Array(e+1),r)}}function indentedJoin(t,e){if(0===t.length)return"";var r="\n"+e.prev+e.base;return r+$join.call(t,","+r)+"\n"+e.prev}function arrObjKeys(t,e){var r=isArray(t),n=[];if(r){n.length=t.length;for(var o=0;o<t.length;o++)n[o]=has(t,o)?e(t[o],t):""}var i,a="function"==typeof gOPS?gOPS(t):[];if(hasShammedSymbols){i={};for(var c=0;c<a.length;c++)i["$"+a[c]]=a[c]}for(var l in t)has(t,l)&&(r&&String(Number(l))===l&&l<t.length||hasShammedSymbols&&i["$"+l]instanceof Symbol||($test.call(/[^\w$]/,l)?n.push(e(l,t)+": "+e(t[l],t)):n.push(l+": "+e(t[l],t))));if("function"==typeof gOPS)for(var u=0;u<a.length;u++)isEnumerable.call(t,a[u])&&n.push("["+e(a[u])+"]: "+e(t[a[u]],t));return n}
-
-}).call(this)}).call(this,typeof global !== "undefined" ? global : typeof self !== "undefined" ? self : typeof window !== "undefined" ? window : {})
-},{"6":6}],43:[function(require,module,exports){
-"use strict";var inspect=require(42),$TypeError=require(20),listGetNode=function(e,t,n){for(var i,r=e;null!=(i=r.next);r=i)if(i.key===t)return r.next=i.next,n||(i.next=e.next,e.next=i),i},listGet=function(e,t){if(e){var n=listGetNode(e,t);return n&&n.value}},listSet=function(e,t,n){var i=listGetNode(e,t);i?i.value=n:e.next={key:t,next:e.next,value:n}},listHas=function(e,t){return!!e&&!!listGetNode(e,t)},listDelete=function(e,t){if(e)return listGetNode(e,t,!0)};module.exports=function getSideChannelList(){var e,t={assert:function(e){if(!t.has(e))throw new $TypeError("Side channel does not contain "+inspect(e))},delete:function(t){var n=e&&e.next,i=listDelete(e,t);return i&&n&&n===i&&(e=void 0),!!i},get:function(t){return listGet(e,t)},has:function(t){return listHas(e,t)},set:function(t,n){e||(e={next:void 0}),listSet(e,t,n)}};return t};
-
-},{"20":20,"42":42}],44:[function(require,module,exports){
-"use strict";var GetIntrinsic=require(25),callBound=require(12),inspect=require(42),$TypeError=require(20),$Map=GetIntrinsic("%Map%",!0),$mapGet=callBound("Map.prototype.get",!0),$mapSet=callBound("Map.prototype.set",!0),$mapHas=callBound("Map.prototype.has",!0),$mapDelete=callBound("Map.prototype.delete",!0),$mapSize=callBound("Map.prototype.size",!0);module.exports=!!$Map&&function getSideChannelMap(){var e,t={assert:function(e){if(!t.has(e))throw new $TypeError("Side channel does not contain "+inspect(e))},delete:function(t){if(e){var n=$mapDelete(e,t);return 0===$mapSize(e)&&(e=void 0),n}return!1},get:function(t){if(e)return $mapGet(e,t)},has:function(t){return!!e&&$mapHas(e,t)},set:function(t,n){e||(e=new $Map),$mapSet(e,t,n)}};return t};
-
-},{"12":12,"20":20,"25":25,"42":42}],45:[function(require,module,exports){
-"use strict";var GetIntrinsic=require(25),callBound=require(12),inspect=require(42),getSideChannelMap=require(44),$TypeError=require(20),$WeakMap=GetIntrinsic("%WeakMap%",!0),$weakMapGet=callBound("WeakMap.prototype.get",!0),$weakMapSet=callBound("WeakMap.prototype.set",!0),$weakMapHas=callBound("WeakMap.prototype.has",!0),$weakMapDelete=callBound("WeakMap.prototype.delete",!0);module.exports=$WeakMap?function getSideChannelWeakMap(){var e,t,a={assert:function(e){if(!a.has(e))throw new $TypeError("Side channel does not contain "+inspect(e))},delete:function(a){if($WeakMap&&a&&("object"==typeof a||"function"==typeof a)){if(e)return $weakMapDelete(e,a)}else if(getSideChannelMap&&t)return t.delete(a);return!1},get:function(a){return $WeakMap&&a&&("object"==typeof a||"function"==typeof a)&&e?$weakMapGet(e,a):t&&t.get(a)},has:function(a){return $WeakMap&&a&&("object"==typeof a||"function"==typeof a)&&e?$weakMapHas(e,a):!!t&&t.has(a)},set:function(a,n){$WeakMap&&a&&("object"==typeof a||"function"==typeof a)?(e||(e=new $WeakMap),$weakMapSet(e,a,n)):getSideChannelMap&&(t||(t=getSideChannelMap()),t.set(a,n))}};return a}:getSideChannelMap;
-
-},{"12":12,"20":20,"25":25,"42":42,"44":44}]},{},[2])(2)
-});
diff --git a/src/Servers/ExpressServer/node_modules/qs/eslint.config.mjs b/src/Servers/ExpressServer/node_modules/qs/eslint.config.mjs
deleted file mode 100644
index bdde6e9..0000000
--- a/src/Servers/ExpressServer/node_modules/qs/eslint.config.mjs
+++ /dev/null
@@ -1,56 +0,0 @@
-import ljharbConfig from '@ljharb/eslint-config/flat';
-
-export default [
-    {
-        ignores: ['dist/'],
-    },
-
-    ...ljharbConfig,
-
-    {
-        rules: {
-            complexity: 'off',
-            'consistent-return': 'warn',
-            'func-name-matching': 'off',
-            'id-length': [
-                'error',
-                {
-                    max: 25,
-                    min: 1,
-                    properties: 'never',
-                },
-            ],
-            indent: ['error', 4],
-            'max-lines': 'off',
-            'max-lines-per-function': [
-                'error',
-                { max: 150 },
-            ],
-            'max-params': ['error', 18],
-            'max-statements': ['error', 100],
-            'multiline-comment-style': 'off',
-            'no-continue': 'warn',
-            'no-magic-numbers': 'off',
-            'no-restricted-syntax': [
-                'error',
-                'BreakStatement',
-                'DebuggerStatement',
-                'ForInStatement',
-                'LabeledStatement',
-                'WithStatement',
-            ],
-        },
-    },
-
-    {
-        files: ['test/**'],
-        rules: {
-            'function-paren-newline': 'off',
-            'max-lines-per-function': 'off',
-            'max-statements': 'off',
-            'no-buffer-constructor': 'off',
-            'no-extend-native': 'off',
-            'no-throw-literal': 'off',
-        },
-    },
-];
diff --git a/src/Servers/ExpressServer/node_modules/qs/lib/formats.js b/src/Servers/ExpressServer/node_modules/qs/lib/formats.js
deleted file mode 100644
index f36cf20..0000000
--- a/src/Servers/ExpressServer/node_modules/qs/lib/formats.js
+++ /dev/null
@@ -1,23 +0,0 @@
-'use strict';
-
-var replace = String.prototype.replace;
-var percentTwenties = /%20/g;
-
-var Format = {
-    RFC1738: 'RFC1738',
-    RFC3986: 'RFC3986'
-};
-
-module.exports = {
-    'default': Format.RFC3986,
-    formatters: {
-        RFC1738: function (value) {
-            return replace.call(value, percentTwenties, '+');
-        },
-        RFC3986: function (value) {
-            return String(value);
-        }
-    },
-    RFC1738: Format.RFC1738,
-    RFC3986: Format.RFC3986
-};
diff --git a/src/Servers/ExpressServer/node_modules/qs/lib/index.js b/src/Servers/ExpressServer/node_modules/qs/lib/index.js
deleted file mode 100644
index 0d6a97d..0000000
--- a/src/Servers/ExpressServer/node_modules/qs/lib/index.js
+++ /dev/null
@@ -1,11 +0,0 @@
-'use strict';
-
-var stringify = require('./stringify');
-var parse = require('./parse');
-var formats = require('./formats');
-
-module.exports = {
-    formats: formats,
-    parse: parse,
-    stringify: stringify
-};
diff --git a/src/Servers/ExpressServer/node_modules/qs/lib/parse.js b/src/Servers/ExpressServer/node_modules/qs/lib/parse.js
deleted file mode 100644
index 2aa1c48..0000000
--- a/src/Servers/ExpressServer/node_modules/qs/lib/parse.js
+++ /dev/null
@@ -1,371 +0,0 @@
-'use strict';
-
-var utils = require('./utils');
-
-var has = Object.prototype.hasOwnProperty;
-var isArray = Array.isArray;
-
-var defaults = {
-    allowDots: false,
-    allowEmptyArrays: false,
-    allowPrototypes: false,
-    allowSparse: false,
-    arrayLimit: 20,
-    charset: 'utf-8',
-    charsetSentinel: false,
-    comma: false,
-    decodeDotInKeys: false,
-    decoder: utils.decode,
-    delimiter: '&',
-    depth: 5,
-    duplicates: 'combine',
-    ignoreQueryPrefix: false,
-    interpretNumericEntities: false,
-    parameterLimit: 1000,
-    parseArrays: true,
-    plainObjects: false,
-    strictDepth: false,
-    strictNullHandling: false,
-    throwOnLimitExceeded: false
-};
-
-var interpretNumericEntities = function (str) {
-    return str.replace(/&#(\d+);/g, function ($0, numberStr) {
-        return String.fromCharCode(parseInt(numberStr, 10));
-    });
-};
-
-var parseArrayValue = function (val, options, currentArrayLength) {
-    if (val && typeof val === 'string' && options.comma && val.indexOf(',') > -1) {
-        return val.split(',');
-    }
-
-    if (options.throwOnLimitExceeded && currentArrayLength >= options.arrayLimit) {
-        throw new RangeError('Array limit exceeded. Only ' + options.arrayLimit + ' element' + (options.arrayLimit === 1 ? '' : 's') + ' allowed in an array.');
-    }
-
-    return val;
-};
-
-// This is what browsers will submit when the ✓ character occurs in an
-// application/x-www-form-urlencoded body and the encoding of the page containing
-// the form is iso-8859-1, or when the submitted form has an accept-charset
-// attribute of iso-8859-1. Presumably also with other charsets that do not contain
-// the ✓ character, such as us-ascii.
-var isoSentinel = 'utf8=%26%2310003%3B'; // encodeURIComponent('&#10003;')
-
-// These are the percent-encoded utf-8 octets representing a checkmark, indicating that the request actually is utf-8 encoded.
-var charsetSentinel = 'utf8=%E2%9C%93'; // encodeURIComponent('✓')
-
-var parseValues = function parseQueryStringValues(str, options) {
-    var obj = { __proto__: null };
-
-    var cleanStr = options.ignoreQueryPrefix ? str.replace(/^\?/, '') : str;
-    cleanStr = cleanStr.replace(/%5B/gi, '[').replace(/%5D/gi, ']');
-
-    var limit = options.parameterLimit === Infinity ? void undefined : options.parameterLimit;
-    var parts = cleanStr.split(
-        options.delimiter,
-        options.throwOnLimitExceeded ? limit + 1 : limit
-    );
-
-    if (options.throwOnLimitExceeded && parts.length > limit) {
-        throw new RangeError('Parameter limit exceeded. Only ' + limit + ' parameter' + (limit === 1 ? '' : 's') + ' allowed.');
-    }
-
-    var skipIndex = -1; // Keep track of where the utf8 sentinel was found
-    var i;
-
-    var charset = options.charset;
-    if (options.charsetSentinel) {
-        for (i = 0; i < parts.length; ++i) {
-            if (parts[i].indexOf('utf8=') === 0) {
-                if (parts[i] === charsetSentinel) {
-                    charset = 'utf-8';
-                } else if (parts[i] === isoSentinel) {
-                    charset = 'iso-8859-1';
-                }
-                skipIndex = i;
-                i = parts.length; // The eslint settings do not allow break;
-            }
-        }
-    }
-
-    for (i = 0; i < parts.length; ++i) {
-        if (i === skipIndex) {
-            continue;
-        }
-        var part = parts[i];
-
-        var bracketEqualsPos = part.indexOf(']=');
-        var pos = bracketEqualsPos === -1 ? part.indexOf('=') : bracketEqualsPos + 1;
-
-        var key;
-        var val;
-        if (pos === -1) {
-            key = options.decoder(part, defaults.decoder, charset, 'key');
-            val = options.strictNullHandling ? null : '';
-        } else {
-            key = options.decoder(part.slice(0, pos), defaults.decoder, charset, 'key');
-
-            if (key !== null) {
-                val = utils.maybeMap(
-                    parseArrayValue(
-                        part.slice(pos + 1),
-                        options,
-                        isArray(obj[key]) ? obj[key].length : 0
-                    ),
-                    function (encodedVal) {
-                        return options.decoder(encodedVal, defaults.decoder, charset, 'value');
-                    }
-                );
-            }
-        }
-
-        if (val && options.interpretNumericEntities && charset === 'iso-8859-1') {
-            val = interpretNumericEntities(String(val));
-        }
-
-        if (part.indexOf('[]=') > -1) {
-            val = isArray(val) ? [val] : val;
-        }
-
-        if (options.comma && isArray(val) && val.length > options.arrayLimit) {
-            if (options.throwOnLimitExceeded) {
-                throw new RangeError('Array limit exceeded. Only ' + options.arrayLimit + ' element' + (options.arrayLimit === 1 ? '' : 's') + ' allowed in an array.');
-            }
-            val = utils.combine([], val, options.arrayLimit, options.plainObjects);
-        }
-
-        if (key !== null) {
-            var existing = has.call(obj, key);
-            if (existing && options.duplicates === 'combine') {
-                obj[key] = utils.combine(
-                    obj[key],
-                    val,
-                    options.arrayLimit,
-                    options.plainObjects
-                );
-            } else if (!existing || options.duplicates === 'last') {
-                obj[key] = val;
-            }
-        }
-    }
-
-    return obj;
-};
-
-var parseObject = function (chain, val, options, valuesParsed) {
-    var currentArrayLength = 0;
-    if (chain.length > 0 && chain[chain.length - 1] === '[]') {
-        var parentKey = chain.slice(0, -1).join('');
-        currentArrayLength = Array.isArray(val) && val[parentKey] ? val[parentKey].length : 0;
-    }
-
-    var leaf = valuesParsed ? val : parseArrayValue(val, options, currentArrayLength);
-
-    for (var i = chain.length - 1; i >= 0; --i) {
-        var obj;
-        var root = chain[i];
-
-        if (root === '[]' && options.parseArrays) {
-            if (utils.isOverflow(leaf)) {
-                // leaf is already an overflow object, preserve it
-                obj = leaf;
-            } else {
-                obj = options.allowEmptyArrays && (leaf === '' || (options.strictNullHandling && leaf === null))
-                    ? []
-                    : utils.combine(
-                        [],
-                        leaf,
-                        options.arrayLimit,
-                        options.plainObjects
-                    );
-            }
-        } else {
-            obj = options.plainObjects ? { __proto__: null } : {};
-            var cleanRoot = root.charAt(0) === '[' && root.charAt(root.length - 1) === ']' ? root.slice(1, -1) : root;
-            var decodedRoot = options.decodeDotInKeys ? cleanRoot.replace(/%2E/g, '.') : cleanRoot;
-            var index = parseInt(decodedRoot, 10);
-            var isValidArrayIndex = !isNaN(index)
-                && root !== decodedRoot
-                && String(index) === decodedRoot
-                && index >= 0
-                && options.parseArrays;
-            if (!options.parseArrays && decodedRoot === '') {
-                obj = { 0: leaf };
-            } else if (isValidArrayIndex && index < options.arrayLimit) {
-                obj = [];
-                obj[index] = leaf;
-            } else if (isValidArrayIndex && options.throwOnLimitExceeded) {
-                throw new RangeError('Array limit exceeded. Only ' + options.arrayLimit + ' element' + (options.arrayLimit === 1 ? '' : 's') + ' allowed in an array.');
-            } else if (isValidArrayIndex) {
-                obj[index] = leaf;
-                utils.markOverflow(obj, index);
-            } else if (decodedRoot !== '__proto__') {
-                obj[decodedRoot] = leaf;
-            }
-        }
-
-        leaf = obj;
-    }
-
-    return leaf;
-};
-
-var splitKeyIntoSegments = function splitKeyIntoSegments(givenKey, options) {
-    var key = options.allowDots ? givenKey.replace(/\.([^.[]+)/g, '[$1]') : givenKey;
-
-    if (options.depth <= 0) {
-        if (!options.plainObjects && has.call(Object.prototype, key)) {
-            if (!options.allowPrototypes) {
-                return;
-            }
-        }
-
-        return [key];
-    }
-
-    var brackets = /(\[[^[\]]*])/;
-    var child = /(\[[^[\]]*])/g;
-
-    var segment = brackets.exec(key);
-    var parent = segment ? key.slice(0, segment.index) : key;
-
-    var keys = [];
-
-    if (parent) {
-        if (!options.plainObjects && has.call(Object.prototype, parent)) {
-            if (!options.allowPrototypes) {
-                return;
-            }
-        }
-
-        keys[keys.length] = parent;
-    }
-
-    var i = 0;
-    while ((segment = child.exec(key)) !== null && i < options.depth) {
-        i += 1;
-
-        var segmentContent = segment[1].slice(1, -1);
-        if (!options.plainObjects && has.call(Object.prototype, segmentContent)) {
-            if (!options.allowPrototypes) {
-                return;
-            }
-        }
-
-        keys[keys.length] = segment[1];
-    }
-
-    if (segment) {
-        if (options.strictDepth === true) {
-            throw new RangeError('Input depth exceeded depth option of ' + options.depth + ' and strictDepth is true');
-        }
-
-        keys[keys.length] = '[' + key.slice(segment.index) + ']';
-    }
-
-    return keys;
-};
-
-var parseKeys = function parseQueryStringKeys(givenKey, val, options, valuesParsed) {
-    if (!givenKey) {
-        return;
-    }
-
-    var keys = splitKeyIntoSegments(givenKey, options);
-
-    if (!keys) {
-        return;
-    }
-
-    return parseObject(keys, val, options, valuesParsed);
-};
-
-var normalizeParseOptions = function normalizeParseOptions(opts) {
-    if (!opts) {
-        return defaults;
-    }
-
-    if (typeof opts.allowEmptyArrays !== 'undefined' && typeof opts.allowEmptyArrays !== 'boolean') {
-        throw new TypeError('`allowEmptyArrays` option can only be `true` or `false`, when provided');
-    }
-
-    if (typeof opts.decodeDotInKeys !== 'undefined' && typeof opts.decodeDotInKeys !== 'boolean') {
-        throw new TypeError('`decodeDotInKeys` option can only be `true` or `false`, when provided');
-    }
-
-    if (opts.decoder !== null && typeof opts.decoder !== 'undefined' && typeof opts.decoder !== 'function') {
-        throw new TypeError('Decoder has to be a function.');
-    }
-
-    if (typeof opts.charset !== 'undefined' && opts.charset !== 'utf-8' && opts.charset !== 'iso-8859-1') {
-        throw new TypeError('The charset option must be either utf-8, iso-8859-1, or undefined');
-    }
-
-    if (typeof opts.throwOnLimitExceeded !== 'undefined' && typeof opts.throwOnLimitExceeded !== 'boolean') {
-        throw new TypeError('`throwOnLimitExceeded` option must be a boolean');
-    }
-
-    var charset = typeof opts.charset === 'undefined' ? defaults.charset : opts.charset;
-
-    var duplicates = typeof opts.duplicates === 'undefined' ? defaults.duplicates : opts.duplicates;
-
-    if (duplicates !== 'combine' && duplicates !== 'first' && duplicates !== 'last') {
-        throw new TypeError('The duplicates option must be either combine, first, or last');
-    }
-
-    var allowDots = typeof opts.allowDots === 'undefined' ? opts.decodeDotInKeys === true ? true : defaults.allowDots : !!opts.allowDots;
-
-    return {
-        allowDots: allowDots,
-        allowEmptyArrays: typeof opts.allowEmptyArrays === 'boolean' ? !!opts.allowEmptyArrays : defaults.allowEmptyArrays,
-        allowPrototypes: typeof opts.allowPrototypes === 'boolean' ? opts.allowPrototypes : defaults.allowPrototypes,
-        allowSparse: typeof opts.allowSparse === 'boolean' ? opts.allowSparse : defaults.allowSparse,
-        arrayLimit: typeof opts.arrayLimit === 'number' ? opts.arrayLimit : defaults.arrayLimit,
-        charset: charset,
-        charsetSentinel: typeof opts.charsetSentinel === 'boolean' ? opts.charsetSentinel : defaults.charsetSentinel,
-        comma: typeof opts.comma === 'boolean' ? opts.comma : defaults.comma,
-        decodeDotInKeys: typeof opts.decodeDotInKeys === 'boolean' ? opts.decodeDotInKeys : defaults.decodeDotInKeys,
-        decoder: typeof opts.decoder === 'function' ? opts.decoder : defaults.decoder,
-        delimiter: typeof opts.delimiter === 'string' || utils.isRegExp(opts.delimiter) ? opts.delimiter : defaults.delimiter,
-        // eslint-disable-next-line no-implicit-coercion, no-extra-parens
-        depth: (typeof opts.depth === 'number' || opts.depth === false) ? +opts.depth : defaults.depth,
-        duplicates: duplicates,
-        ignoreQueryPrefix: opts.ignoreQueryPrefix === true,
-        interpretNumericEntities: typeof opts.interpretNumericEntities === 'boolean' ? opts.interpretNumericEntities : defaults.interpretNumericEntities,
-        parameterLimit: typeof opts.parameterLimit === 'number' ? opts.parameterLimit : defaults.parameterLimit,
-        parseArrays: opts.parseArrays !== false,
-        plainObjects: typeof opts.plainObjects === 'boolean' ? opts.plainObjects : defaults.plainObjects,
-        strictDepth: typeof opts.strictDepth === 'boolean' ? !!opts.strictDepth : defaults.strictDepth,
-        strictNullHandling: typeof opts.strictNullHandling === 'boolean' ? opts.strictNullHandling : defaults.strictNullHandling,
-        throwOnLimitExceeded: typeof opts.throwOnLimitExceeded === 'boolean' ? opts.throwOnLimitExceeded : false
-    };
-};
-
-module.exports = function (str, opts) {
-    var options = normalizeParseOptions(opts);
-
-    if (str === '' || str === null || typeof str === 'undefined') {
-        return options.plainObjects ? { __proto__: null } : {};
-    }
-
-    var tempObj = typeof str === 'string' ? parseValues(str, options) : str;
-    var obj = options.plainObjects ? { __proto__: null } : {};
-
-    // Iterate over the keys and setup the new object
-
-    var keys = Object.keys(tempObj);
-    for (var i = 0; i < keys.length; ++i) {
-        var key = keys[i];
-        var newObj = parseKeys(key, tempObj[key], options, typeof str === 'string');
-        obj = utils.merge(obj, newObj, options);
-    }
-
-    if (options.allowSparse === true) {
-        return obj;
-    }
-
-    return utils.compact(obj);
-};
diff --git a/src/Servers/ExpressServer/node_modules/qs/lib/stringify.js b/src/Servers/ExpressServer/node_modules/qs/lib/stringify.js
deleted file mode 100644
index 2666eaf..0000000
--- a/src/Servers/ExpressServer/node_modules/qs/lib/stringify.js
+++ /dev/null
@@ -1,356 +0,0 @@
-'use strict';
-
-var getSideChannel = require('side-channel');
-var utils = require('./utils');
-var formats = require('./formats');
-var has = Object.prototype.hasOwnProperty;
-
-var arrayPrefixGenerators = {
-    brackets: function brackets(prefix) {
-        return prefix + '[]';
-    },
-    comma: 'comma',
-    indices: function indices(prefix, key) {
-        return prefix + '[' + key + ']';
-    },
-    repeat: function repeat(prefix) {
-        return prefix;
-    }
-};
-
-var isArray = Array.isArray;
-var push = Array.prototype.push;
-var pushToArray = function (arr, valueOrArray) {
-    push.apply(arr, isArray(valueOrArray) ? valueOrArray : [valueOrArray]);
-};
-
-var toISO = Date.prototype.toISOString;
-
-var defaultFormat = formats['default'];
-var defaults = {
-    addQueryPrefix: false,
-    allowDots: false,
-    allowEmptyArrays: false,
-    arrayFormat: 'indices',
-    charset: 'utf-8',
-    charsetSentinel: false,
-    commaRoundTrip: false,
-    delimiter: '&',
-    encode: true,
-    encodeDotInKeys: false,
-    encoder: utils.encode,
-    encodeValuesOnly: false,
-    filter: void undefined,
-    format: defaultFormat,
-    formatter: formats.formatters[defaultFormat],
-    // deprecated
-    indices: false,
-    serializeDate: function serializeDate(date) {
-        return toISO.call(date);
-    },
-    skipNulls: false,
-    strictNullHandling: false
-};
-
-var isNonNullishPrimitive = function isNonNullishPrimitive(v) {
-    return typeof v === 'string'
-        || typeof v === 'number'
-        || typeof v === 'boolean'
-        || typeof v === 'symbol'
-        || typeof v === 'bigint';
-};
-
-var sentinel = {};
-
-var stringify = function stringify(
-    object,
-    prefix,
-    generateArrayPrefix,
-    commaRoundTrip,
-    allowEmptyArrays,
-    strictNullHandling,
-    skipNulls,
-    encodeDotInKeys,
-    encoder,
-    filter,
-    sort,
-    allowDots,
-    serializeDate,
-    format,
-    formatter,
-    encodeValuesOnly,
-    charset,
-    sideChannel
-) {
-    var obj = object;
-
-    var tmpSc = sideChannel;
-    var step = 0;
-    var findFlag = false;
-    while ((tmpSc = tmpSc.get(sentinel)) !== void undefined && !findFlag) {
-        // Where object last appeared in the ref tree
-        var pos = tmpSc.get(object);
-        step += 1;
-        if (typeof pos !== 'undefined') {
-            if (pos === step) {
-                throw new RangeError('Cyclic object value');
-            } else {
-                findFlag = true; // Break while
-            }
-        }
-        if (typeof tmpSc.get(sentinel) === 'undefined') {
-            step = 0;
-        }
-    }
-
-    if (typeof filter === 'function') {
-        obj = filter(prefix, obj);
-    } else if (obj instanceof Date) {
-        obj = serializeDate(obj);
-    } else if (generateArrayPrefix === 'comma' && isArray(obj)) {
-        obj = utils.maybeMap(obj, function (value) {
-            if (value instanceof Date) {
-                return serializeDate(value);
-            }
-            return value;
-        });
-    }
-
-    if (obj === null) {
-        if (strictNullHandling) {
-            return encoder && !encodeValuesOnly ? encoder(prefix, defaults.encoder, charset, 'key', format) : prefix;
-        }
-
-        obj = '';
-    }
-
-    if (isNonNullishPrimitive(obj) || utils.isBuffer(obj)) {
-        if (encoder) {
-            var keyValue = encodeValuesOnly ? prefix : encoder(prefix, defaults.encoder, charset, 'key', format);
-            return [formatter(keyValue) + '=' + formatter(encoder(obj, defaults.encoder, charset, 'value', format))];
-        }
-        return [formatter(prefix) + '=' + formatter(String(obj))];
-    }
-
-    var values = [];
-
-    if (typeof obj === 'undefined') {
-        return values;
-    }
-
-    var objKeys;
-    if (generateArrayPrefix === 'comma' && isArray(obj)) {
-        // we need to join elements in
-        if (encodeValuesOnly && encoder) {
-            obj = utils.maybeMap(obj, encoder);
-        }
-        objKeys = [{ value: obj.length > 0 ? obj.join(',') || null : void undefined }];
-    } else if (isArray(filter)) {
-        objKeys = filter;
-    } else {
-        var keys = Object.keys(obj);
-        objKeys = sort ? keys.sort(sort) : keys;
-    }
-
-    var encodedPrefix = encodeDotInKeys ? String(prefix).replace(/\./g, '%2E') : String(prefix);
-
-    var adjustedPrefix = commaRoundTrip && isArray(obj) && obj.length === 1 ? encodedPrefix + '[]' : encodedPrefix;
-
-    if (allowEmptyArrays && isArray(obj) && obj.length === 0) {
-        return adjustedPrefix + '[]';
-    }
-
-    for (var j = 0; j < objKeys.length; ++j) {
-        var key = objKeys[j];
-        var value = typeof key === 'object' && key && typeof key.value !== 'undefined'
-            ? key.value
-            : obj[key];
-
-        if (skipNulls && value === null) {
-            continue;
-        }
-
-        var encodedKey = allowDots && encodeDotInKeys ? String(key).replace(/\./g, '%2E') : String(key);
-        var keyPrefix = isArray(obj)
-            ? typeof generateArrayPrefix === 'function' ? generateArrayPrefix(adjustedPrefix, encodedKey) : adjustedPrefix
-            : adjustedPrefix + (allowDots ? '.' + encodedKey : '[' + encodedKey + ']');
-
-        sideChannel.set(object, step);
-        var valueSideChannel = getSideChannel();
-        valueSideChannel.set(sentinel, sideChannel);
-        pushToArray(values, stringify(
-            value,
-            keyPrefix,
-            generateArrayPrefix,
-            commaRoundTrip,
-            allowEmptyArrays,
-            strictNullHandling,
-            skipNulls,
-            encodeDotInKeys,
-            generateArrayPrefix === 'comma' && encodeValuesOnly && isArray(obj) ? null : encoder,
-            filter,
-            sort,
-            allowDots,
-            serializeDate,
-            format,
-            formatter,
-            encodeValuesOnly,
-            charset,
-            valueSideChannel
-        ));
-    }
-
-    return values;
-};
-
-var normalizeStringifyOptions = function normalizeStringifyOptions(opts) {
-    if (!opts) {
-        return defaults;
-    }
-
-    if (typeof opts.allowEmptyArrays !== 'undefined' && typeof opts.allowEmptyArrays !== 'boolean') {
-        throw new TypeError('`allowEmptyArrays` option can only be `true` or `false`, when provided');
-    }
-
-    if (typeof opts.encodeDotInKeys !== 'undefined' && typeof opts.encodeDotInKeys !== 'boolean') {
-        throw new TypeError('`encodeDotInKeys` option can only be `true` or `false`, when provided');
-    }
-
-    if (opts.encoder !== null && typeof opts.encoder !== 'undefined' && typeof opts.encoder !== 'function') {
-        throw new TypeError('Encoder has to be a function.');
-    }
-
-    var charset = opts.charset || defaults.charset;
-    if (typeof opts.charset !== 'undefined' && opts.charset !== 'utf-8' && opts.charset !== 'iso-8859-1') {
-        throw new TypeError('The charset option must be either utf-8, iso-8859-1, or undefined');
-    }
-
-    var format = formats['default'];
-    if (typeof opts.format !== 'undefined') {
-        if (!has.call(formats.formatters, opts.format)) {
-            throw new TypeError('Unknown format option provided.');
-        }
-        format = opts.format;
-    }
-    var formatter = formats.formatters[format];
-
-    var filter = defaults.filter;
-    if (typeof opts.filter === 'function' || isArray(opts.filter)) {
-        filter = opts.filter;
-    }
-
-    var arrayFormat;
-    if (opts.arrayFormat in arrayPrefixGenerators) {
-        arrayFormat = opts.arrayFormat;
-    } else if ('indices' in opts) {
-        arrayFormat = opts.indices ? 'indices' : 'repeat';
-    } else {
-        arrayFormat = defaults.arrayFormat;
-    }
-
-    if ('commaRoundTrip' in opts && typeof opts.commaRoundTrip !== 'boolean') {
-        throw new TypeError('`commaRoundTrip` must be a boolean, or absent');
-    }
-
-    var allowDots = typeof opts.allowDots === 'undefined' ? opts.encodeDotInKeys === true ? true : defaults.allowDots : !!opts.allowDots;
-
-    return {
-        addQueryPrefix: typeof opts.addQueryPrefix === 'boolean' ? opts.addQueryPrefix : defaults.addQueryPrefix,
-        allowDots: allowDots,
-        allowEmptyArrays: typeof opts.allowEmptyArrays === 'boolean' ? !!opts.allowEmptyArrays : defaults.allowEmptyArrays,
-        arrayFormat: arrayFormat,
-        charset: charset,
-        charsetSentinel: typeof opts.charsetSentinel === 'boolean' ? opts.charsetSentinel : defaults.charsetSentinel,
-        commaRoundTrip: !!opts.commaRoundTrip,
-        delimiter: typeof opts.delimiter === 'undefined' ? defaults.delimiter : opts.delimiter,
-        encode: typeof opts.encode === 'boolean' ? opts.encode : defaults.encode,
-        encodeDotInKeys: typeof opts.encodeDotInKeys === 'boolean' ? opts.encodeDotInKeys : defaults.encodeDotInKeys,
-        encoder: typeof opts.encoder === 'function' ? opts.encoder : defaults.encoder,
-        encodeValuesOnly: typeof opts.encodeValuesOnly === 'boolean' ? opts.encodeValuesOnly : defaults.encodeValuesOnly,
-        filter: filter,
-        format: format,
-        formatter: formatter,
-        serializeDate: typeof opts.serializeDate === 'function' ? opts.serializeDate : defaults.serializeDate,
-        skipNulls: typeof opts.skipNulls === 'boolean' ? opts.skipNulls : defaults.skipNulls,
-        sort: typeof opts.sort === 'function' ? opts.sort : null,
-        strictNullHandling: typeof opts.strictNullHandling === 'boolean' ? opts.strictNullHandling : defaults.strictNullHandling
-    };
-};
-
-module.exports = function (object, opts) {
-    var obj = object;
-    var options = normalizeStringifyOptions(opts);
-
-    var objKeys;
-    var filter;
-
-    if (typeof options.filter === 'function') {
-        filter = options.filter;
-        obj = filter('', obj);
-    } else if (isArray(options.filter)) {
-        filter = options.filter;
-        objKeys = filter;
-    }
-
-    var keys = [];
-
-    if (typeof obj !== 'object' || obj === null) {
-        return '';
-    }
-
-    var generateArrayPrefix = arrayPrefixGenerators[options.arrayFormat];
-    var commaRoundTrip = generateArrayPrefix === 'comma' && options.commaRoundTrip;
-
-    if (!objKeys) {
-        objKeys = Object.keys(obj);
-    }
-
-    if (options.sort) {
-        objKeys.sort(options.sort);
-    }
-
-    var sideChannel = getSideChannel();
-    for (var i = 0; i < objKeys.length; ++i) {
-        var key = objKeys[i];
-        var value = obj[key];
-
-        if (options.skipNulls && value === null) {
-            continue;
-        }
-        pushToArray(keys, stringify(
-            value,
-            key,
-            generateArrayPrefix,
-            commaRoundTrip,
-            options.allowEmptyArrays,
-            options.strictNullHandling,
-            options.skipNulls,
-            options.encodeDotInKeys,
-            options.encode ? options.encoder : null,
-            options.filter,
-            options.sort,
-            options.allowDots,
-            options.serializeDate,
-            options.format,
-            options.formatter,
-            options.encodeValuesOnly,
-            options.charset,
-            sideChannel
-        ));
-    }
-
-    var joined = keys.join(options.delimiter);
-    var prefix = options.addQueryPrefix === true ? '?' : '';
-
-    if (options.charsetSentinel) {
-        if (options.charset === 'iso-8859-1') {
-            // encodeURIComponent('&#10003;'), the "numeric entity" representation of a checkmark
-            prefix += 'utf8=%26%2310003%3B&';
-        } else {
-            // encodeURIComponent('✓')
-            prefix += 'utf8=%E2%9C%93&';
-        }
-    }
-
-    return joined.length > 0 ? prefix + joined : '';
-};
diff --git a/src/Servers/ExpressServer/node_modules/qs/lib/utils.js b/src/Servers/ExpressServer/node_modules/qs/lib/utils.js
deleted file mode 100644
index 8e10e39..0000000
--- a/src/Servers/ExpressServer/node_modules/qs/lib/utils.js
+++ /dev/null
@@ -1,340 +0,0 @@
-'use strict';
-
-var formats = require('./formats');
-var getSideChannel = require('side-channel');
-
-var has = Object.prototype.hasOwnProperty;
-var isArray = Array.isArray;
-
-// Track objects created from arrayLimit overflow using side-channel
-// Stores the current max numeric index for O(1) lookup
-var overflowChannel = getSideChannel();
-
-var markOverflow = function markOverflow(obj, maxIndex) {
-    overflowChannel.set(obj, maxIndex);
-    return obj;
-};
-
-var isOverflow = function isOverflow(obj) {
-    return overflowChannel.has(obj);
-};
-
-var getMaxIndex = function getMaxIndex(obj) {
-    return overflowChannel.get(obj);
-};
-
-var setMaxIndex = function setMaxIndex(obj, maxIndex) {
-    overflowChannel.set(obj, maxIndex);
-};
-
-var hexTable = (function () {
-    var array = [];
-    for (var i = 0; i < 256; ++i) {
-        array[array.length] = '%' + ((i < 16 ? '0' : '') + i.toString(16)).toUpperCase();
-    }
-
-    return array;
-}());
-
-var compactQueue = function compactQueue(queue) {
-    while (queue.length > 1) {
-        var item = queue.pop();
-        var obj = item.obj[item.prop];
-
-        if (isArray(obj)) {
-            var compacted = [];
-
-            for (var j = 0; j < obj.length; ++j) {
-                if (typeof obj[j] !== 'undefined') {
-                    compacted[compacted.length] = obj[j];
-                }
-            }
-
-            item.obj[item.prop] = compacted;
-        }
-    }
-};
-
-var arrayToObject = function arrayToObject(source, options) {
-    var obj = options && options.plainObjects ? { __proto__: null } : {};
-    for (var i = 0; i < source.length; ++i) {
-        if (typeof source[i] !== 'undefined') {
-            obj[i] = source[i];
-        }
-    }
-
-    return obj;
-};
-
-var merge = function merge(target, source, options) {
-    /* eslint no-param-reassign: 0 */
-    if (!source) {
-        return target;
-    }
-
-    if (typeof source !== 'object' && typeof source !== 'function') {
-        if (isArray(target)) {
-            var nextIndex = target.length;
-            if (options && typeof options.arrayLimit === 'number' && nextIndex > options.arrayLimit) {
-                return markOverflow(arrayToObject(target.concat(source), options), nextIndex);
-            }
-            target[nextIndex] = source;
-        } else if (target && typeof target === 'object') {
-            if (isOverflow(target)) {
-                // Add at next numeric index for overflow objects
-                var newIndex = getMaxIndex(target) + 1;
-                target[newIndex] = source;
-                setMaxIndex(target, newIndex);
-            } else if (
-                (options && (options.plainObjects || options.allowPrototypes))
-                || !has.call(Object.prototype, source)
-            ) {
-                target[source] = true;
-            }
-        } else {
-            return [target, source];
-        }
-
-        return target;
-    }
-
-    if (!target || typeof target !== 'object') {
-        if (isOverflow(source)) {
-            // Create new object with target at 0, source values shifted by 1
-            var sourceKeys = Object.keys(source);
-            var result = options && options.plainObjects
-                ? { __proto__: null, 0: target }
-                : { 0: target };
-            for (var m = 0; m < sourceKeys.length; m++) {
-                var oldKey = parseInt(sourceKeys[m], 10);
-                result[oldKey + 1] = source[sourceKeys[m]];
-            }
-            return markOverflow(result, getMaxIndex(source) + 1);
-        }
-        var combined = [target].concat(source);
-        if (options && typeof options.arrayLimit === 'number' && combined.length > options.arrayLimit) {
-            return markOverflow(arrayToObject(combined, options), combined.length - 1);
-        }
-        return combined;
-    }
-
-    var mergeTarget = target;
-    if (isArray(target) && !isArray(source)) {
-        mergeTarget = arrayToObject(target, options);
-    }
-
-    if (isArray(target) && isArray(source)) {
-        source.forEach(function (item, i) {
-            if (has.call(target, i)) {
-                var targetItem = target[i];
-                if (targetItem && typeof targetItem === 'object' && item && typeof item === 'object') {
-                    target[i] = merge(targetItem, item, options);
-                } else {
-                    target[target.length] = item;
-                }
-            } else {
-                target[i] = item;
-            }
-        });
-        return target;
-    }
-
-    return Object.keys(source).reduce(function (acc, key) {
-        var value = source[key];
-
-        if (has.call(acc, key)) {
-            acc[key] = merge(acc[key], value, options);
-        } else {
-            acc[key] = value;
-        }
-
-        if (isOverflow(source) && !isOverflow(acc)) {
-            markOverflow(acc, getMaxIndex(source));
-        }
-        if (isOverflow(acc)) {
-            var keyNum = parseInt(key, 10);
-            if (String(keyNum) === key && keyNum >= 0 && keyNum > getMaxIndex(acc)) {
-                setMaxIndex(acc, keyNum);
-            }
-        }
-
-        return acc;
-    }, mergeTarget);
-};
-
-var assign = function assignSingleSource(target, source) {
-    return Object.keys(source).reduce(function (acc, key) {
-        acc[key] = source[key];
-        return acc;
-    }, target);
-};
-
-var decode = function (str, defaultDecoder, charset) {
-    var strWithoutPlus = str.replace(/\+/g, ' ');
-    if (charset === 'iso-8859-1') {
-        // unescape never throws, no try...catch needed:
-        return strWithoutPlus.replace(/%[0-9a-f]{2}/gi, unescape);
-    }
-    // utf-8
-    try {
-        return decodeURIComponent(strWithoutPlus);
-    } catch (e) {
-        return strWithoutPlus;
-    }
-};
-
-var limit = 1024;
-
-/* eslint operator-linebreak: [2, "before"] */
-
-var encode = function encode(str, defaultEncoder, charset, kind, format) {
-    // This code was originally written by Brian White (mscdex) for the io.js core querystring library.
-    // It has been adapted here for stricter adherence to RFC 3986
-    if (str.length === 0) {
-        return str;
-    }
-
-    var string = str;
-    if (typeof str === 'symbol') {
-        string = Symbol.prototype.toString.call(str);
-    } else if (typeof str !== 'string') {
-        string = String(str);
-    }
-
-    if (charset === 'iso-8859-1') {
-        return escape(string).replace(/%u[0-9a-f]{4}/gi, function ($0) {
-            return '%26%23' + parseInt($0.slice(2), 16) + '%3B';
-        });
-    }
-
-    var out = '';
-    for (var j = 0; j < string.length; j += limit) {
-        var segment = string.length >= limit ? string.slice(j, j + limit) : string;
-        var arr = [];
-
-        for (var i = 0; i < segment.length; ++i) {
-            var c = segment.charCodeAt(i);
-            if (
-                c === 0x2D // -
-                || c === 0x2E // .
-                || c === 0x5F // _
-                || c === 0x7E // ~
-                || (c >= 0x30 && c <= 0x39) // 0-9
-                || (c >= 0x41 && c <= 0x5A) // a-z
-                || (c >= 0x61 && c <= 0x7A) // A-Z
-                || (format === formats.RFC1738 && (c === 0x28 || c === 0x29)) // ( )
-            ) {
-                arr[arr.length] = segment.charAt(i);
-                continue;
-            }
-
-            if (c < 0x80) {
-                arr[arr.length] = hexTable[c];
-                continue;
-            }
-
-            if (c < 0x800) {
-                arr[arr.length] = hexTable[0xC0 | (c >> 6)]
-                    + hexTable[0x80 | (c & 0x3F)];
-                continue;
-            }
-
-            if (c < 0xD800 || c >= 0xE000) {
-                arr[arr.length] = hexTable[0xE0 | (c >> 12)]
-                    + hexTable[0x80 | ((c >> 6) & 0x3F)]
-                    + hexTable[0x80 | (c & 0x3F)];
-                continue;
-            }
-
-            i += 1;
-            c = 0x10000 + (((c & 0x3FF) << 10) | (segment.charCodeAt(i) & 0x3FF));
-
-            arr[arr.length] = hexTable[0xF0 | (c >> 18)]
-                + hexTable[0x80 | ((c >> 12) & 0x3F)]
-                + hexTable[0x80 | ((c >> 6) & 0x3F)]
-                + hexTable[0x80 | (c & 0x3F)];
-        }
-
-        out += arr.join('');
-    }
-
-    return out;
-};
-
-var compact = function compact(value) {
-    var queue = [{ obj: { o: value }, prop: 'o' }];
-    var refs = [];
-
-    for (var i = 0; i < queue.length; ++i) {
-        var item = queue[i];
-        var obj = item.obj[item.prop];
-
-        var keys = Object.keys(obj);
-        for (var j = 0; j < keys.length; ++j) {
-            var key = keys[j];
-            var val = obj[key];
-            if (typeof val === 'object' && val !== null && refs.indexOf(val) === -1) {
-                queue[queue.length] = { obj: obj, prop: key };
-                refs[refs.length] = val;
-            }
-        }
-    }
-
-    compactQueue(queue);
-
-    return value;
-};
-
-var isRegExp = function isRegExp(obj) {
-    return Object.prototype.toString.call(obj) === '[object RegExp]';
-};
-
-var isBuffer = function isBuffer(obj) {
-    if (!obj || typeof obj !== 'object') {
-        return false;
-    }
-
-    return !!(obj.constructor && obj.constructor.isBuffer && obj.constructor.isBuffer(obj));
-};
-
-var combine = function combine(a, b, arrayLimit, plainObjects) {
-    // If 'a' is already an overflow object, add to it
-    if (isOverflow(a)) {
-        var newIndex = getMaxIndex(a) + 1;
-        a[newIndex] = b;
-        setMaxIndex(a, newIndex);
-        return a;
-    }
-
-    var result = [].concat(a, b);
-    if (result.length > arrayLimit) {
-        return markOverflow(arrayToObject(result, { plainObjects: plainObjects }), result.length - 1);
-    }
-    return result;
-};
-
-var maybeMap = function maybeMap(val, fn) {
-    if (isArray(val)) {
-        var mapped = [];
-        for (var i = 0; i < val.length; i += 1) {
-            mapped[mapped.length] = fn(val[i]);
-        }
-        return mapped;
-    }
-    return fn(val);
-};
-
-module.exports = {
-    arrayToObject: arrayToObject,
-    assign: assign,
-    combine: combine,
-    compact: compact,
-    decode: decode,
-    encode: encode,
-    isBuffer: isBuffer,
-    isOverflow: isOverflow,
-    isRegExp: isRegExp,
-    markOverflow: markOverflow,
-    maybeMap: maybeMap,
-    merge: merge
-};
diff --git a/src/Servers/ExpressServer/node_modules/qs/package.json b/src/Servers/ExpressServer/node_modules/qs/package.json
deleted file mode 100644
index cb5cfbe..0000000
--- a/src/Servers/ExpressServer/node_modules/qs/package.json
+++ /dev/null
@@ -1,94 +0,0 @@
-{
-    "name": "qs",
-    "description": "A querystring parser that supports nesting and arrays, with a depth limit",
-    "homepage": "https://github.com/ljharb/qs",
-    "version": "6.14.2",
-    "repository": {
-        "type": "git",
-        "url": "https://github.com/ljharb/qs.git"
-    },
-    "funding": {
-        "url": "https://github.com/sponsors/ljharb"
-    },
-    "main": "lib/index.js",
-    "sideEffects": false,
-    "contributors": [
-        {
-            "name": "Jordan Harband",
-            "email": "ljharb@gmail.com",
-            "url": "http://ljharb.codes"
-        }
-    ],
-    "keywords": [
-        "querystring",
-        "qs",
-        "query",
-        "url",
-        "parse",
-        "stringify"
-    ],
-    "engines": {
-        "node": ">=0.6"
-    },
-    "dependencies": {
-        "side-channel": "^1.1.0"
-    },
-    "devDependencies": {
-        "@browserify/envify": "^6.0.0",
-        "@browserify/uglifyify": "^6.0.0",
-        "@ljharb/eslint-config": "^22.1.3",
-        "browserify": "^16.5.2",
-        "bundle-collapser": "^1.4.0",
-        "common-shakeify": "~1.0.0",
-        "eclint": "^2.8.1",
-        "es-value-fixtures": "^1.7.1",
-        "eslint": "^9.39.2",
-        "evalmd": "^0.0.19",
-        "for-each": "^0.3.5",
-        "glob": "=10.3.7",
-        "has-bigints": "^1.1.0",
-        "has-override-mistake": "^1.0.1",
-        "has-property-descriptors": "^1.0.2",
-        "has-proto": "^1.2.0",
-        "has-symbols": "^1.1.0",
-        "iconv-lite": "^0.5.1",
-        "in-publish": "^2.0.1",
-        "jackspeak": "=2.1.1",
-        "jiti": "^0.0.0",
-        "mkdirp": "^0.5.5",
-        "mock-property": "^1.1.0",
-        "module-deps": "^6.2.3",
-        "npmignore": "^0.3.5",
-        "nyc": "^10.3.2",
-        "object-inspect": "^1.13.4",
-        "qs-iconv": "^1.0.4",
-        "safe-publish-latest": "^2.0.0",
-        "safer-buffer": "^2.1.2",
-        "tape": "^5.9.0",
-        "unassertify": "^3.0.1"
-    },
-    "scripts": {
-        "prepack": "npmignore --auto --commentLines=autogenerated && npm run dist",
-        "prepublishOnly": "safe-publish-latest",
-        "prepublish": "not-in-publish || npm run prepublishOnly",
-        "pretest": "npm run --silent readme && npm run --silent lint",
-        "test": "npm run tests-only",
-        "tests-only": "nyc tape 'test/**/*.js'",
-        "posttest": "npx npm@'>=10.2' audit --production",
-        "readme": "evalmd README.md",
-        "postlint": "eclint check $(git ls-files | xargs find 2> /dev/null | grep -vE 'node_modules|\\.git' | grep -v dist/)",
-        "lint": "eslint .",
-        "dist": "mkdirp dist && browserify --standalone Qs -g unassertify -g @browserify/envify -g [@browserify/uglifyify --mangle.keep_fnames --compress.keep_fnames --format.indent_level=1 --compress.arrows=false --compress.passes=4 --compress.typeofs=false] -p common-shakeify -p bundle-collapser/plugin lib/index.js > dist/qs.js"
-    },
-    "license": "BSD-3-Clause",
-    "publishConfig": {
-        "ignore": [
-            "!dist/*",
-            "bower.json",
-            "component.json",
-            ".github/workflows",
-            "logos",
-            "tea.yaml"
-        ]
-    }
-}
diff --git a/src/Servers/ExpressServer/node_modules/qs/test/empty-keys-cases.js b/src/Servers/ExpressServer/node_modules/qs/test/empty-keys-cases.js
deleted file mode 100644
index 2b1190e..0000000
--- a/src/Servers/ExpressServer/node_modules/qs/test/empty-keys-cases.js
+++ /dev/null
@@ -1,267 +0,0 @@
-'use strict';
-
-module.exports = {
-    emptyTestCases: [
-        {
-            input: '&',
-            withEmptyKeys: {},
-            stringifyOutput: {
-                brackets: '',
-                indices: '',
-                repeat: ''
-            },
-            noEmptyKeys: {}
-        },
-        {
-            input: '&&',
-            withEmptyKeys: {},
-            stringifyOutput: {
-                brackets: '',
-                indices: '',
-                repeat: ''
-            },
-            noEmptyKeys: {}
-        },
-        {
-            input: '&=',
-            withEmptyKeys: { '': '' },
-            stringifyOutput: {
-                brackets: '=',
-                indices: '=',
-                repeat: '='
-            },
-            noEmptyKeys: {}
-        },
-        {
-            input: '&=&',
-            withEmptyKeys: { '': '' },
-            stringifyOutput: {
-                brackets: '=',
-                indices: '=',
-                repeat: '='
-            },
-            noEmptyKeys: {}
-        },
-        {
-            input: '&=&=',
-            withEmptyKeys: { '': ['', ''] },
-            stringifyOutput: {
-                brackets: '[]=&[]=',
-                indices: '[0]=&[1]=',
-                repeat: '=&='
-            },
-            noEmptyKeys: {}
-        },
-        {
-            input: '&=&=&',
-            withEmptyKeys: { '': ['', ''] },
-            stringifyOutput: {
-                brackets: '[]=&[]=',
-                indices: '[0]=&[1]=',
-                repeat: '=&='
-            },
-            noEmptyKeys: {}
-        },
-        {
-            input: '=',
-            withEmptyKeys: { '': '' },
-            noEmptyKeys: {},
-            stringifyOutput: {
-                brackets: '=',
-                indices: '=',
-                repeat: '='
-            }
-        },
-        {
-            input: '=&',
-            withEmptyKeys: { '': '' },
-            stringifyOutput: {
-                brackets: '=',
-                indices: '=',
-                repeat: '='
-            },
-            noEmptyKeys: {}
-        },
-        {
-            input: '=&&&',
-            withEmptyKeys: { '': '' },
-            stringifyOutput: {
-                brackets: '=',
-                indices: '=',
-                repeat: '='
-            },
-            noEmptyKeys: {}
-        },
-        {
-            input: '=&=&=&',
-            withEmptyKeys: { '': ['', '', ''] },
-            stringifyOutput: {
-                brackets: '[]=&[]=&[]=',
-                indices: '[0]=&[1]=&[2]=',
-                repeat: '=&=&='
-            },
-            noEmptyKeys: {}
-        },
-        {
-            input: '=&a[]=b&a[1]=c',
-            withEmptyKeys: { '': '', a: ['b', 'c'] },
-            stringifyOutput: {
-                brackets: '=&a[]=b&a[]=c',
-                indices: '=&a[0]=b&a[1]=c',
-                repeat: '=&a=b&a=c'
-            },
-            noEmptyKeys: { a: ['b', 'c'] }
-        },
-        {
-            input: '=a',
-            withEmptyKeys: { '': 'a' },
-            noEmptyKeys: {},
-            stringifyOutput: {
-                brackets: '=a',
-                indices: '=a',
-                repeat: '=a'
-            }
-        },
-        {
-            input: 'a==a',
-            withEmptyKeys: { a: '=a' },
-            noEmptyKeys: { a: '=a' },
-            stringifyOutput: {
-                brackets: 'a==a',
-                indices: 'a==a',
-                repeat: 'a==a'
-            }
-        },
-        {
-            input: '=&a[]=b',
-            withEmptyKeys: { '': '', a: ['b'] },
-            stringifyOutput: {
-                brackets: '=&a[]=b',
-                indices: '=&a[0]=b',
-                repeat: '=&a=b'
-            },
-            noEmptyKeys: { a: ['b'] }
-        },
-        {
-            input: '=&a[]=b&a[]=c&a[2]=d',
-            withEmptyKeys: { '': '', a: ['b', 'c', 'd'] },
-            stringifyOutput: {
-                brackets: '=&a[]=b&a[]=c&a[]=d',
-                indices: '=&a[0]=b&a[1]=c&a[2]=d',
-                repeat: '=&a=b&a=c&a=d'
-            },
-            noEmptyKeys: { a: ['b', 'c', 'd'] }
-        },
-        {
-            input: '=a&=b',
-            withEmptyKeys: { '': ['a', 'b'] },
-            stringifyOutput: {
-                brackets: '[]=a&[]=b',
-                indices: '[0]=a&[1]=b',
-                repeat: '=a&=b'
-            },
-            noEmptyKeys: {}
-        },
-        {
-            input: '=a&foo=b',
-            withEmptyKeys: { '': 'a', foo: 'b' },
-            noEmptyKeys: { foo: 'b' },
-            stringifyOutput: {
-                brackets: '=a&foo=b',
-                indices: '=a&foo=b',
-                repeat: '=a&foo=b'
-            }
-        },
-        {
-            input: 'a[]=b&a=c&=',
-            withEmptyKeys: { '': '', a: ['b', 'c'] },
-            stringifyOutput: {
-                brackets: '=&a[]=b&a[]=c',
-                indices: '=&a[0]=b&a[1]=c',
-                repeat: '=&a=b&a=c'
-            },
-            noEmptyKeys: { a: ['b', 'c'] }
-        },
-        {
-            input: 'a[]=b&a=c&=',
-            withEmptyKeys: { '': '', a: ['b', 'c'] },
-            stringifyOutput: {
-                brackets: '=&a[]=b&a[]=c',
-                indices: '=&a[0]=b&a[1]=c',
-                repeat: '=&a=b&a=c'
-            },
-            noEmptyKeys: { a: ['b', 'c'] }
-        },
-        {
-            input: 'a[0]=b&a=c&=',
-            withEmptyKeys: { '': '', a: ['b', 'c'] },
-            stringifyOutput: {
-                brackets: '=&a[]=b&a[]=c',
-                indices: '=&a[0]=b&a[1]=c',
-                repeat: '=&a=b&a=c'
-            },
-            noEmptyKeys: { a: ['b', 'c'] }
-        },
-        {
-            input: 'a=b&a[]=c&=',
-            withEmptyKeys: { '': '', a: ['b', 'c'] },
-            stringifyOutput: {
-                brackets: '=&a[]=b&a[]=c',
-                indices: '=&a[0]=b&a[1]=c',
-                repeat: '=&a=b&a=c'
-            },
-            noEmptyKeys: { a: ['b', 'c'] }
-        },
-        {
-            input: 'a=b&a[0]=c&=',
-            withEmptyKeys: { '': '', a: ['b', 'c'] },
-            stringifyOutput: {
-                brackets: '=&a[]=b&a[]=c',
-                indices: '=&a[0]=b&a[1]=c',
-                repeat: '=&a=b&a=c'
-            },
-            noEmptyKeys: { a: ['b', 'c'] }
-        },
-        {
-            input: '[]=a&[]=b& []=1',
-            withEmptyKeys: { '': ['a', 'b'], ' ': ['1'] },
-            stringifyOutput: {
-                brackets: '[]=a&[]=b& []=1',
-                indices: '[0]=a&[1]=b& [0]=1',
-                repeat: '=a&=b& =1'
-            },
-            noEmptyKeys: { 0: 'a', 1: 'b', ' ': ['1'] }
-        },
-        {
-            input: '[0]=a&[1]=b&a[0]=1&a[1]=2',
-            withEmptyKeys: { '': ['a', 'b'], a: ['1', '2'] },
-            noEmptyKeys: { 0: 'a', 1: 'b', a: ['1', '2'] },
-            stringifyOutput: {
-                brackets: '[]=a&[]=b&a[]=1&a[]=2',
-                indices: '[0]=a&[1]=b&a[0]=1&a[1]=2',
-                repeat: '=a&=b&a=1&a=2'
-            }
-        },
-        {
-            input: '[deep]=a&[deep]=2',
-            withEmptyKeys: { '': { deep: ['a', '2'] }
-            },
-            stringifyOutput: {
-                brackets: '[deep][]=a&[deep][]=2',
-                indices: '[deep][0]=a&[deep][1]=2',
-                repeat: '[deep]=a&[deep]=2'
-            },
-            noEmptyKeys: { deep: ['a', '2'] }
-        },
-        {
-            input: '%5B0%5D=a&%5B1%5D=b',
-            withEmptyKeys: { '': ['a', 'b'] },
-            stringifyOutput: {
-                brackets: '[]=a&[]=b',
-                indices: '[0]=a&[1]=b',
-                repeat: '=a&=b'
-            },
-            noEmptyKeys: { 0: 'a', 1: 'b' }
-        }
-    ]
-};
diff --git a/src/Servers/ExpressServer/node_modules/qs/test/parse.js b/src/Servers/ExpressServer/node_modules/qs/test/parse.js
deleted file mode 100644
index 6234fef..0000000
--- a/src/Servers/ExpressServer/node_modules/qs/test/parse.js
+++ /dev/null
@@ -1,1512 +0,0 @@
-'use strict';
-
-var test = require('tape');
-var hasPropertyDescriptors = require('has-property-descriptors')();
-var iconv = require('iconv-lite');
-var mockProperty = require('mock-property');
-var hasOverrideMistake = require('has-override-mistake')();
-var SaferBuffer = require('safer-buffer').Buffer;
-var v = require('es-value-fixtures');
-var inspect = require('object-inspect');
-var emptyTestCases = require('./empty-keys-cases').emptyTestCases;
-var hasProto = require('has-proto')();
-
-var qs = require('../');
-var utils = require('../lib/utils');
-
-test('parse()', function (t) {
-    t.test('parses a simple string', function (st) {
-        st.deepEqual(qs.parse('0=foo'), { 0: 'foo' });
-        st.deepEqual(qs.parse('foo=c++'), { foo: 'c  ' });
-        st.deepEqual(qs.parse('a[>=]=23'), { a: { '>=': '23' } });
-        st.deepEqual(qs.parse('a[<=>]==23'), { a: { '<=>': '=23' } });
-        st.deepEqual(qs.parse('a[==]=23'), { a: { '==': '23' } });
-        st.deepEqual(qs.parse('foo', { strictNullHandling: true }), { foo: null });
-        st.deepEqual(qs.parse('foo'), { foo: '' });
-        st.deepEqual(qs.parse('foo='), { foo: '' });
-        st.deepEqual(qs.parse('foo=bar'), { foo: 'bar' });
-        st.deepEqual(qs.parse(' foo = bar = baz '), { ' foo ': ' bar = baz ' });
-        st.deepEqual(qs.parse('foo=bar=baz'), { foo: 'bar=baz' });
-        st.deepEqual(qs.parse('foo=bar&bar=baz'), { foo: 'bar', bar: 'baz' });
-        st.deepEqual(qs.parse('foo2=bar2&baz2='), { foo2: 'bar2', baz2: '' });
-        st.deepEqual(qs.parse('foo=bar&baz', { strictNullHandling: true }), { foo: 'bar', baz: null });
-        st.deepEqual(qs.parse('foo=bar&baz'), { foo: 'bar', baz: '' });
-        st.deepEqual(qs.parse('cht=p3&chd=t:60,40&chs=250x100&chl=Hello|World'), {
-            cht: 'p3',
-            chd: 't:60,40',
-            chs: '250x100',
-            chl: 'Hello|World'
-        });
-        st.end();
-    });
-
-    t.test('comma: false', function (st) {
-        st.deepEqual(qs.parse('a[]=b&a[]=c'), { a: ['b', 'c'] });
-        st.deepEqual(qs.parse('a[0]=b&a[1]=c'), { a: ['b', 'c'] });
-        st.deepEqual(qs.parse('a=b,c'), { a: 'b,c' });
-        st.deepEqual(qs.parse('a=b&a=c'), { a: ['b', 'c'] });
-        st.end();
-    });
-
-    t.test('comma: true', function (st) {
-        st.deepEqual(qs.parse('a[]=b&a[]=c', { comma: true }), { a: ['b', 'c'] });
-        st.deepEqual(qs.parse('a[0]=b&a[1]=c', { comma: true }), { a: ['b', 'c'] });
-        st.deepEqual(qs.parse('a=b,c', { comma: true }), { a: ['b', 'c'] });
-        st.deepEqual(qs.parse('a=b&a=c', { comma: true }), { a: ['b', 'c'] });
-        st.end();
-    });
-
-    t.test('allows enabling dot notation', function (st) {
-        st.deepEqual(qs.parse('a.b=c'), { 'a.b': 'c' });
-        st.deepEqual(qs.parse('a.b=c', { allowDots: true }), { a: { b: 'c' } });
-
-        st.end();
-    });
-
-    t.test('decode dot keys correctly', function (st) {
-        st.deepEqual(
-            qs.parse('name%252Eobj.first=John&name%252Eobj.last=Doe', { allowDots: false, decodeDotInKeys: false }),
-            { 'name%2Eobj.first': 'John', 'name%2Eobj.last': 'Doe' },
-            'with allowDots false and decodeDotInKeys false'
-        );
-        st.deepEqual(
-            qs.parse('name.obj.first=John&name.obj.last=Doe', { allowDots: true, decodeDotInKeys: false }),
-            { name: { obj: { first: 'John', last: 'Doe' } } },
-            'with allowDots false and decodeDotInKeys false'
-        );
-        st.deepEqual(
-            qs.parse('name%252Eobj.first=John&name%252Eobj.last=Doe', { allowDots: true, decodeDotInKeys: false }),
-            { 'name%2Eobj': { first: 'John', last: 'Doe' } },
-            'with allowDots true and decodeDotInKeys false'
-        );
-        st.deepEqual(
-            qs.parse('name%252Eobj.first=John&name%252Eobj.last=Doe', { allowDots: true, decodeDotInKeys: true }),
-            { 'name.obj': { first: 'John', last: 'Doe' } },
-            'with allowDots true and decodeDotInKeys true'
-        );
-
-        st.deepEqual(
-            qs.parse(
-                'name%252Eobj%252Esubobject.first%252Egodly%252Ename=John&name%252Eobj%252Esubobject.last=Doe',
-                { allowDots: false, decodeDotInKeys: false }
-            ),
-            { 'name%2Eobj%2Esubobject.first%2Egodly%2Ename': 'John', 'name%2Eobj%2Esubobject.last': 'Doe' },
-            'with allowDots false and decodeDotInKeys false'
-        );
-        st.deepEqual(
-            qs.parse(
-                'name.obj.subobject.first.godly.name=John&name.obj.subobject.last=Doe',
-                { allowDots: true, decodeDotInKeys: false }
-            ),
-            { name: { obj: { subobject: { first: { godly: { name: 'John' } }, last: 'Doe' } } } },
-            'with allowDots true and decodeDotInKeys false'
-        );
-        st.deepEqual(
-            qs.parse(
-                'name%252Eobj%252Esubobject.first%252Egodly%252Ename=John&name%252Eobj%252Esubobject.last=Doe',
-                { allowDots: true, decodeDotInKeys: true }
-            ),
-            { 'name.obj.subobject': { 'first.godly.name': 'John', last: 'Doe' } },
-            'with allowDots true and decodeDotInKeys true'
-        );
-        st.deepEqual(
-            qs.parse('name%252Eobj.first=John&name%252Eobj.last=Doe'),
-            { 'name%2Eobj.first': 'John', 'name%2Eobj.last': 'Doe' },
-            'with allowDots and decodeDotInKeys undefined'
-        );
-
-        st.end();
-    });
-
-    t.test('decodes dot in key of object, and allow enabling dot notation when decodeDotInKeys is set to true and allowDots is undefined', function (st) {
-        st.deepEqual(
-            qs.parse(
-                'name%252Eobj%252Esubobject.first%252Egodly%252Ename=John&name%252Eobj%252Esubobject.last=Doe',
-                { decodeDotInKeys: true }
-            ),
-            { 'name.obj.subobject': { 'first.godly.name': 'John', last: 'Doe' } },
-            'with allowDots undefined and decodeDotInKeys true'
-        );
-
-        st.end();
-    });
-
-    t.test('throws when decodeDotInKeys is not of type boolean', function (st) {
-        st['throws'](
-            function () { qs.parse('foo[]&bar=baz', { decodeDotInKeys: 'foobar' }); },
-            TypeError
-        );
-
-        st['throws'](
-            function () { qs.parse('foo[]&bar=baz', { decodeDotInKeys: 0 }); },
-            TypeError
-        );
-        st['throws'](
-            function () { qs.parse('foo[]&bar=baz', { decodeDotInKeys: NaN }); },
-            TypeError
-        );
-
-        st['throws'](
-            function () { qs.parse('foo[]&bar=baz', { decodeDotInKeys: null }); },
-            TypeError
-        );
-
-        st.end();
-    });
-
-    t.test('allows empty arrays in obj values', function (st) {
-        st.deepEqual(qs.parse('foo[]&bar=baz', { allowEmptyArrays: true }), { foo: [], bar: 'baz' });
-        st.deepEqual(qs.parse('foo[]&bar=baz', { allowEmptyArrays: false }), { foo: [''], bar: 'baz' });
-
-        st.end();
-    });
-
-    t.test('throws when allowEmptyArrays is not of type boolean', function (st) {
-        st['throws'](
-            function () { qs.parse('foo[]&bar=baz', { allowEmptyArrays: 'foobar' }); },
-            TypeError
-        );
-
-        st['throws'](
-            function () { qs.parse('foo[]&bar=baz', { allowEmptyArrays: 0 }); },
-            TypeError
-        );
-        st['throws'](
-            function () { qs.parse('foo[]&bar=baz', { allowEmptyArrays: NaN }); },
-            TypeError
-        );
-
-        st['throws'](
-            function () { qs.parse('foo[]&bar=baz', { allowEmptyArrays: null }); },
-            TypeError
-        );
-
-        st.end();
-    });
-
-    t.test('allowEmptyArrays + strictNullHandling', function (st) {
-        st.deepEqual(
-            qs.parse('testEmptyArray[]', { strictNullHandling: true, allowEmptyArrays: true }),
-            { testEmptyArray: [] }
-        );
-
-        st.end();
-    });
-
-    t.deepEqual(qs.parse('a[b]=c'), { a: { b: 'c' } }, 'parses a single nested string');
-    t.deepEqual(qs.parse('a[b][c]=d'), { a: { b: { c: 'd' } } }, 'parses a double nested string');
-    t.deepEqual(
-        qs.parse('a[b][c][d][e][f][g][h]=i'),
-        { a: { b: { c: { d: { e: { f: { '[g][h]': 'i' } } } } } } },
-        'defaults to a depth of 5'
-    );
-
-    t.test('only parses one level when depth = 1', function (st) {
-        st.deepEqual(qs.parse('a[b][c]=d', { depth: 1 }), { a: { b: { '[c]': 'd' } } });
-        st.deepEqual(qs.parse('a[b][c][d]=e', { depth: 1 }), { a: { b: { '[c][d]': 'e' } } });
-        st.end();
-    });
-
-    t.test('uses original key when depth = 0', function (st) {
-        st.deepEqual(qs.parse('a[0]=b&a[1]=c', { depth: 0 }), { 'a[0]': 'b', 'a[1]': 'c' });
-        st.deepEqual(qs.parse('a[0][0]=b&a[0][1]=c&a[1]=d&e=2', { depth: 0 }), { 'a[0][0]': 'b', 'a[0][1]': 'c', 'a[1]': 'd', e: '2' });
-        st.end();
-    });
-
-    t.test('uses original key when depth = false', function (st) {
-        st.deepEqual(qs.parse('a[0]=b&a[1]=c', { depth: false }), { 'a[0]': 'b', 'a[1]': 'c' });
-        st.deepEqual(qs.parse('a[0][0]=b&a[0][1]=c&a[1]=d&e=2', { depth: false }), { 'a[0][0]': 'b', 'a[0][1]': 'c', 'a[1]': 'd', e: '2' });
-        st.end();
-    });
-
-    t.deepEqual(qs.parse('a=b&a=c'), { a: ['b', 'c'] }, 'parses a simple array');
-
-    t.test('parses an explicit array', function (st) {
-        st.deepEqual(qs.parse('a[]=b'), { a: ['b'] });
-        st.deepEqual(qs.parse('a[]=b&a[]=c'), { a: ['b', 'c'] });
-        st.deepEqual(qs.parse('a[]=b&a[]=c&a[]=d'), { a: ['b', 'c', 'd'] });
-        st.end();
-    });
-
-    t.test('parses a mix of simple and explicit arrays', function (st) {
-        st.deepEqual(qs.parse('a=b&a[]=c'), { a: ['b', 'c'] });
-        st.deepEqual(qs.parse('a[]=b&a=c'), { a: ['b', 'c'] });
-        st.deepEqual(qs.parse('a[0]=b&a=c'), { a: ['b', 'c'] });
-        st.deepEqual(qs.parse('a=b&a[0]=c'), { a: ['b', 'c'] });
-
-        st.deepEqual(qs.parse('a[1]=b&a=c', { arrayLimit: 20 }), { a: ['b', 'c'] });
-        st.deepEqual(qs.parse('a[]=b&a=c', { arrayLimit: 0 }), { a: { 0: 'b', 1: 'c' } });
-        st.deepEqual(qs.parse('a[]=b&a=c'), { a: ['b', 'c'] });
-
-        st.deepEqual(qs.parse('a=b&a[1]=c', { arrayLimit: 20 }), { a: ['b', 'c'] });
-        st.deepEqual(qs.parse('a=b&a[]=c', { arrayLimit: 0 }), { a: { 0: 'b', 1: 'c' } });
-        st.deepEqual(qs.parse('a=b&a[]=c'), { a: ['b', 'c'] });
-
-        st.end();
-    });
-
-    t.test('parses a nested array', function (st) {
-        st.deepEqual(qs.parse('a[b][]=c&a[b][]=d'), { a: { b: ['c', 'd'] } });
-        st.deepEqual(qs.parse('a[>=]=25'), { a: { '>=': '25' } });
-        st.end();
-    });
-
-    t.test('allows to specify array indices', function (st) {
-        st.deepEqual(qs.parse('a[1]=c&a[0]=b&a[2]=d'), { a: ['b', 'c', 'd'] });
-        st.deepEqual(qs.parse('a[1]=c&a[0]=b'), { a: ['b', 'c'] });
-        st.deepEqual(qs.parse('a[1]=c', { arrayLimit: 20 }), { a: ['c'] });
-        st.deepEqual(qs.parse('a[1]=c', { arrayLimit: 0 }), { a: { 1: 'c' } });
-        st.deepEqual(qs.parse('a[1]=c'), { a: ['c'] });
-        st.end();
-    });
-
-    t.test('limits specific array indices to arrayLimit', function (st) {
-        st.deepEqual(qs.parse('a[19]=a', { arrayLimit: 20 }), { a: ['a'] });
-        st.deepEqual(qs.parse('a[20]=a', { arrayLimit: 20 }), { a: { 20: 'a' } });
-
-        st.deepEqual(qs.parse('a[19]=a'), { a: ['a'] });
-        st.deepEqual(qs.parse('a[20]=a'), { a: { 20: 'a' } });
-        st.end();
-    });
-
-    t.deepEqual(qs.parse('a[12b]=c'), { a: { '12b': 'c' } }, 'supports keys that begin with a number');
-
-    t.test('supports encoded = signs', function (st) {
-        st.deepEqual(qs.parse('he%3Dllo=th%3Dere'), { 'he=llo': 'th=ere' });
-        st.end();
-    });
-
-    t.test('is ok with url encoded strings', function (st) {
-        st.deepEqual(qs.parse('a[b%20c]=d'), { a: { 'b c': 'd' } });
-        st.deepEqual(qs.parse('a[b]=c%20d'), { a: { b: 'c d' } });
-        st.end();
-    });
-
-    t.test('allows brackets in the value', function (st) {
-        st.deepEqual(qs.parse('pets=["tobi"]'), { pets: '["tobi"]' });
-        st.deepEqual(qs.parse('operators=[">=", "<="]'), { operators: '[">=", "<="]' });
-        st.end();
-    });
-
-    t.test('allows empty values', function (st) {
-        st.deepEqual(qs.parse(''), {});
-        st.deepEqual(qs.parse(null), {});
-        st.deepEqual(qs.parse(undefined), {});
-        st.end();
-    });
-
-    t.test('transforms arrays to objects', function (st) {
-        st.deepEqual(qs.parse('foo[0]=bar&foo[bad]=baz'), { foo: { 0: 'bar', bad: 'baz' } });
-        st.deepEqual(qs.parse('foo[bad]=baz&foo[0]=bar'), { foo: { bad: 'baz', 0: 'bar' } });
-        st.deepEqual(qs.parse('foo[bad]=baz&foo[]=bar'), { foo: { bad: 'baz', 0: 'bar' } });
-        st.deepEqual(qs.parse('foo[]=bar&foo[bad]=baz'), { foo: { 0: 'bar', bad: 'baz' } });
-        st.deepEqual(qs.parse('foo[bad]=baz&foo[]=bar&foo[]=foo'), { foo: { bad: 'baz', 0: 'bar', 1: 'foo' } });
-        st.deepEqual(qs.parse('foo[0][a]=a&foo[0][b]=b&foo[1][a]=aa&foo[1][b]=bb'), { foo: [{ a: 'a', b: 'b' }, { a: 'aa', b: 'bb' }] });
-
-        st.deepEqual(qs.parse('a[]=b&a[t]=u&a[hasOwnProperty]=c', { allowPrototypes: false }), { a: { 0: 'b', t: 'u' } });
-        st.deepEqual(qs.parse('a[]=b&a[t]=u&a[hasOwnProperty]=c', { allowPrototypes: true }), { a: { 0: 'b', t: 'u', hasOwnProperty: 'c' } });
-        st.deepEqual(qs.parse('a[]=b&a[hasOwnProperty]=c&a[x]=y', { allowPrototypes: false }), { a: { 0: 'b', x: 'y' } });
-        st.deepEqual(qs.parse('a[]=b&a[hasOwnProperty]=c&a[x]=y', { allowPrototypes: true }), { a: { 0: 'b', hasOwnProperty: 'c', x: 'y' } });
-        st.end();
-    });
-
-    t.test('transforms arrays to objects (dot notation)', function (st) {
-        st.deepEqual(qs.parse('foo[0].baz=bar&fool.bad=baz', { allowDots: true }), { foo: [{ baz: 'bar' }], fool: { bad: 'baz' } });
-        st.deepEqual(qs.parse('foo[0].baz=bar&fool.bad.boo=baz', { allowDots: true }), { foo: [{ baz: 'bar' }], fool: { bad: { boo: 'baz' } } });
-        st.deepEqual(qs.parse('foo[0][0].baz=bar&fool.bad=baz', { allowDots: true }), { foo: [[{ baz: 'bar' }]], fool: { bad: 'baz' } });
-        st.deepEqual(qs.parse('foo[0].baz[0]=15&foo[0].bar=2', { allowDots: true }), { foo: [{ baz: ['15'], bar: '2' }] });
-        st.deepEqual(qs.parse('foo[0].baz[0]=15&foo[0].baz[1]=16&foo[0].bar=2', { allowDots: true }), { foo: [{ baz: ['15', '16'], bar: '2' }] });
-        st.deepEqual(qs.parse('foo.bad=baz&foo[0]=bar', { allowDots: true }), { foo: { bad: 'baz', 0: 'bar' } });
-        st.deepEqual(qs.parse('foo.bad=baz&foo[]=bar', { allowDots: true }), { foo: { bad: 'baz', 0: 'bar' } });
-        st.deepEqual(qs.parse('foo[]=bar&foo.bad=baz', { allowDots: true }), { foo: { 0: 'bar', bad: 'baz' } });
-        st.deepEqual(qs.parse('foo.bad=baz&foo[]=bar&foo[]=foo', { allowDots: true }), { foo: { bad: 'baz', 0: 'bar', 1: 'foo' } });
-        st.deepEqual(qs.parse('foo[0].a=a&foo[0].b=b&foo[1].a=aa&foo[1].b=bb', { allowDots: true }), { foo: [{ a: 'a', b: 'b' }, { a: 'aa', b: 'bb' }] });
-        st.end();
-    });
-
-    t.test('correctly prunes undefined values when converting an array to an object', function (st) {
-        st.deepEqual(qs.parse('a[2]=b&a[99999999]=c'), { a: { 2: 'b', 99999999: 'c' } });
-        st.end();
-    });
-
-    t.test('supports malformed uri characters', function (st) {
-        st.deepEqual(qs.parse('{%:%}', { strictNullHandling: true }), { '{%:%}': null });
-        st.deepEqual(qs.parse('{%:%}='), { '{%:%}': '' });
-        st.deepEqual(qs.parse('foo=%:%}'), { foo: '%:%}' });
-        st.end();
-    });
-
-    t.test('doesn\'t produce empty keys', function (st) {
-        st.deepEqual(qs.parse('_r=1&'), { _r: '1' });
-        st.end();
-    });
-
-    t.test('cannot access Object prototype', function (st) {
-        qs.parse('constructor[prototype][bad]=bad');
-        qs.parse('bad[constructor][prototype][bad]=bad');
-        st.equal(typeof Object.prototype.bad, 'undefined');
-        st.end();
-    });
-
-    t.test('parses arrays of objects', function (st) {
-        st.deepEqual(qs.parse('a[][b]=c'), { a: [{ b: 'c' }] });
-        st.deepEqual(qs.parse('a[0][b]=c'), { a: [{ b: 'c' }] });
-        st.end();
-    });
-
-    t.test('allows for empty strings in arrays', function (st) {
-        st.deepEqual(qs.parse('a[]=b&a[]=&a[]=c'), { a: ['b', '', 'c'] });
-
-        st.deepEqual(
-            qs.parse('a[0]=b&a[1]&a[2]=c&a[19]=', { strictNullHandling: true, arrayLimit: 20 }),
-            { a: ['b', null, 'c', ''] },
-            'with arrayLimit 20 + array indices: null then empty string works'
-        );
-        st.deepEqual(
-            qs.parse('a[]=b&a[]&a[]=c&a[]=', { strictNullHandling: true, arrayLimit: 0 }),
-            { a: { 0: 'b', 1: null, 2: 'c', 3: '' } },
-            'with arrayLimit 0 + array brackets: null then empty string works'
-        );
-
-        st.deepEqual(
-            qs.parse('a[0]=b&a[1]=&a[2]=c&a[19]', { strictNullHandling: true, arrayLimit: 20 }),
-            { a: ['b', '', 'c', null] },
-            'with arrayLimit 20 + array indices: empty string then null works'
-        );
-        st.deepEqual(
-            qs.parse('a[]=b&a[]=&a[]=c&a[]', { strictNullHandling: true, arrayLimit: 0 }),
-            { a: { 0: 'b', 1: '', 2: 'c', 3: null } },
-            'with arrayLimit 0 + array brackets: empty string then null works'
-        );
-
-        st.deepEqual(
-            qs.parse('a[]=&a[]=b&a[]=c'),
-            { a: ['', 'b', 'c'] },
-            'array brackets: empty strings work'
-        );
-        st.end();
-    });
-
-    t.test('compacts sparse arrays', function (st) {
-        st.deepEqual(qs.parse('a[10]=1&a[2]=2', { arrayLimit: 20 }), { a: ['2', '1'] });
-        st.deepEqual(qs.parse('a[1][b][2][c]=1', { arrayLimit: 20 }), { a: [{ b: [{ c: '1' }] }] });
-        st.deepEqual(qs.parse('a[1][2][3][c]=1', { arrayLimit: 20 }), { a: [[[{ c: '1' }]]] });
-        st.deepEqual(qs.parse('a[1][2][3][c][1]=1', { arrayLimit: 20 }), { a: [[[{ c: ['1'] }]]] });
-        st.end();
-    });
-
-    t.test('parses sparse arrays', function (st) {
-        /* eslint no-sparse-arrays: 0 */
-        st.deepEqual(qs.parse('a[4]=1&a[1]=2', { allowSparse: true }), { a: [, '2', , , '1'] });
-        st.deepEqual(qs.parse('a[1][b][2][c]=1', { allowSparse: true }), { a: [, { b: [, , { c: '1' }] }] });
-        st.deepEqual(qs.parse('a[1][2][3][c]=1', { allowSparse: true }), { a: [, [, , [, , , { c: '1' }]]] });
-        st.deepEqual(qs.parse('a[1][2][3][c][1]=1', { allowSparse: true }), { a: [, [, , [, , , { c: [, '1'] }]]] });
-        st.end();
-    });
-
-    t.test('parses semi-parsed strings', function (st) {
-        st.deepEqual(qs.parse({ 'a[b]': 'c' }), { a: { b: 'c' } });
-        st.deepEqual(qs.parse({ 'a[b]': 'c', 'a[d]': 'e' }), { a: { b: 'c', d: 'e' } });
-        st.end();
-    });
-
-    t.test('parses buffers correctly', function (st) {
-        var b = SaferBuffer.from('test');
-        st.deepEqual(qs.parse({ a: b }), { a: b });
-        st.end();
-    });
-
-    t.test('parses jquery-param strings', function (st) {
-        // readable = 'filter[0][]=int1&filter[0][]==&filter[0][]=77&filter[]=and&filter[2][]=int2&filter[2][]==&filter[2][]=8'
-        var encoded = 'filter%5B0%5D%5B%5D=int1&filter%5B0%5D%5B%5D=%3D&filter%5B0%5D%5B%5D=77&filter%5B%5D=and&filter%5B2%5D%5B%5D=int2&filter%5B2%5D%5B%5D=%3D&filter%5B2%5D%5B%5D=8';
-        var expected = { filter: [['int1', '=', '77'], 'and', ['int2', '=', '8']] };
-        st.deepEqual(qs.parse(encoded), expected);
-        st.end();
-    });
-
-    t.test('continues parsing when no parent is found', function (st) {
-        st.deepEqual(qs.parse('[]=&a=b'), { 0: '', a: 'b' });
-        st.deepEqual(qs.parse('[]&a=b', { strictNullHandling: true }), { 0: null, a: 'b' });
-        st.deepEqual(qs.parse('[foo]=bar'), { foo: 'bar' });
-        st.end();
-    });
-
-    t.test('does not error when parsing a very long array', function (st) {
-        var str = 'a[]=a';
-        while (Buffer.byteLength(str) < 128 * 1024) {
-            str = str + '&' + str;
-        }
-
-        st.doesNotThrow(function () {
-            qs.parse(str);
-        });
-
-        st.end();
-    });
-
-    t.test('does not throw when a native prototype has an enumerable property', function (st) {
-        st.intercept(Object.prototype, 'crash', { value: '' });
-        st.intercept(Array.prototype, 'crash', { value: '' });
-
-        st.doesNotThrow(qs.parse.bind(null, 'a=b'));
-        st.deepEqual(qs.parse('a=b'), { a: 'b' });
-        st.doesNotThrow(qs.parse.bind(null, 'a[][b]=c'));
-        st.deepEqual(qs.parse('a[][b]=c'), { a: [{ b: 'c' }] });
-
-        st.end();
-    });
-
-    t.test('parses a string with an alternative string delimiter', function (st) {
-        st.deepEqual(qs.parse('a=b;c=d', { delimiter: ';' }), { a: 'b', c: 'd' });
-        st.end();
-    });
-
-    t.test('parses a string with an alternative RegExp delimiter', function (st) {
-        st.deepEqual(qs.parse('a=b; c=d', { delimiter: /[;,] */ }), { a: 'b', c: 'd' });
-        st.end();
-    });
-
-    t.test('does not use non-splittable objects as delimiters', function (st) {
-        st.deepEqual(qs.parse('a=b&c=d', { delimiter: true }), { a: 'b', c: 'd' });
-        st.end();
-    });
-
-    t.test('allows overriding parameter limit', function (st) {
-        st.deepEqual(qs.parse('a=b&c=d', { parameterLimit: 1 }), { a: 'b' });
-        st.end();
-    });
-
-    t.test('allows setting the parameter limit to Infinity', function (st) {
-        st.deepEqual(qs.parse('a=b&c=d', { parameterLimit: Infinity }), { a: 'b', c: 'd' });
-        st.end();
-    });
-
-    t.test('allows overriding array limit', function (st) {
-        st.deepEqual(qs.parse('a[0]=b', { arrayLimit: -1 }), { a: { 0: 'b' } });
-        st.deepEqual(qs.parse('a[0]=b', { arrayLimit: 0 }), { a: { 0: 'b' } });
-
-        st.deepEqual(qs.parse('a[-1]=b', { arrayLimit: -1 }), { a: { '-1': 'b' } });
-        st.deepEqual(qs.parse('a[-1]=b', { arrayLimit: 0 }), { a: { '-1': 'b' } });
-
-        st.deepEqual(qs.parse('a[0]=b&a[1]=c', { arrayLimit: -1 }), { a: { 0: 'b', 1: 'c' } });
-        st.deepEqual(qs.parse('a[0]=b&a[1]=c', { arrayLimit: 0 }), { a: { 0: 'b', 1: 'c' } });
-
-        st.end();
-    });
-
-    t.test('allows disabling array parsing', function (st) {
-        var indices = qs.parse('a[0]=b&a[1]=c', { parseArrays: false });
-        st.deepEqual(indices, { a: { 0: 'b', 1: 'c' } });
-        st.equal(Array.isArray(indices.a), false, 'parseArrays:false, indices case is not an array');
-
-        var emptyBrackets = qs.parse('a[]=b', { parseArrays: false });
-        st.deepEqual(emptyBrackets, { a: { 0: 'b' } });
-        st.equal(Array.isArray(emptyBrackets.a), false, 'parseArrays:false, empty brackets case is not an array');
-
-        st.end();
-    });
-
-    t.test('allows for query string prefix', function (st) {
-        st.deepEqual(qs.parse('?foo=bar', { ignoreQueryPrefix: true }), { foo: 'bar' });
-        st.deepEqual(qs.parse('foo=bar', { ignoreQueryPrefix: true }), { foo: 'bar' });
-        st.deepEqual(qs.parse('?foo=bar', { ignoreQueryPrefix: false }), { '?foo': 'bar' });
-
-        st.end();
-    });
-
-    t.test('parses an object', function (st) {
-        var input = {
-            'user[name]': { 'pop[bob]': 3 },
-            'user[email]': null
-        };
-
-        var expected = {
-            user: {
-                name: { 'pop[bob]': 3 },
-                email: null
-            }
-        };
-
-        var result = qs.parse(input);
-
-        st.deepEqual(result, expected);
-        st.end();
-    });
-
-    t.test('parses string with comma as array divider', function (st) {
-        st.deepEqual(qs.parse('foo=bar,tee', { comma: true }), { foo: ['bar', 'tee'] });
-        st.deepEqual(qs.parse('foo[bar]=coffee,tee', { comma: true }), { foo: { bar: ['coffee', 'tee'] } });
-        st.deepEqual(qs.parse('foo=', { comma: true }), { foo: '' });
-        st.deepEqual(qs.parse('foo', { comma: true }), { foo: '' });
-        st.deepEqual(qs.parse('foo', { comma: true, strictNullHandling: true }), { foo: null });
-
-        // test cases inversed from from stringify tests
-        st.deepEqual(qs.parse('a[0]=c'), { a: ['c'] });
-        st.deepEqual(qs.parse('a[]=c'), { a: ['c'] });
-        st.deepEqual(qs.parse('a[]=c', { comma: true }), { a: ['c'] });
-
-        st.deepEqual(qs.parse('a[0]=c&a[1]=d'), { a: ['c', 'd'] });
-        st.deepEqual(qs.parse('a[]=c&a[]=d'), { a: ['c', 'd'] });
-        st.deepEqual(qs.parse('a=c,d', { comma: true }), { a: ['c', 'd'] });
-
-        st.end();
-    });
-
-    t.test('parses values with comma as array divider', function (st) {
-        st.deepEqual(qs.parse({ foo: 'bar,tee' }, { comma: false }), { foo: 'bar,tee' });
-        st.deepEqual(qs.parse({ foo: 'bar,tee' }, { comma: true }), { foo: ['bar', 'tee'] });
-        st.end();
-    });
-
-    t.test('use number decoder, parses string that has one number with comma option enabled', function (st) {
-        var decoder = function (str, defaultDecoder, charset, type) {
-            if (!isNaN(Number(str))) {
-                return parseFloat(str);
-            }
-            return defaultDecoder(str, defaultDecoder, charset, type);
-        };
-
-        st.deepEqual(qs.parse('foo=1', { comma: true, decoder: decoder }), { foo: 1 });
-        st.deepEqual(qs.parse('foo=0', { comma: true, decoder: decoder }), { foo: 0 });
-
-        st.end();
-    });
-
-    t.test('parses brackets holds array of arrays when having two parts of strings with comma as array divider', function (st) {
-        st.deepEqual(qs.parse('foo[]=1,2,3&foo[]=4,5,6', { comma: true }), { foo: [['1', '2', '3'], ['4', '5', '6']] });
-        st.deepEqual(qs.parse('foo[]=1,2,3&foo[]=', { comma: true }), { foo: [['1', '2', '3'], ''] });
-        st.deepEqual(qs.parse('foo[]=1,2,3&foo[]=,', { comma: true }), { foo: [['1', '2', '3'], ['', '']] });
-        st.deepEqual(qs.parse('foo[]=1,2,3&foo[]=a', { comma: true }), { foo: [['1', '2', '3'], 'a'] });
-
-        st.end();
-    });
-
-    t.test('parses url-encoded brackets holds array of arrays when having two parts of strings with comma as array divider', function (st) {
-        st.deepEqual(qs.parse('foo%5B%5D=1,2,3&foo%5B%5D=4,5,6', { comma: true }), { foo: [['1', '2', '3'], ['4', '5', '6']] });
-        st.deepEqual(qs.parse('foo%5B%5D=1,2,3&foo%5B%5D=', { comma: true }), { foo: [['1', '2', '3'], ''] });
-        st.deepEqual(qs.parse('foo%5B%5D=1,2,3&foo%5B%5D=,', { comma: true }), { foo: [['1', '2', '3'], ['', '']] });
-        st.deepEqual(qs.parse('foo%5B%5D=1,2,3&foo%5B%5D=a', { comma: true }), { foo: [['1', '2', '3'], 'a'] });
-
-        st.end();
-    });
-
-    t.test('parses comma delimited array while having percent-encoded comma treated as normal text', function (st) {
-        st.deepEqual(qs.parse('foo=a%2Cb', { comma: true }), { foo: 'a,b' });
-        st.deepEqual(qs.parse('foo=a%2C%20b,d', { comma: true }), { foo: ['a, b', 'd'] });
-        st.deepEqual(qs.parse('foo=a%2C%20b,c%2C%20d', { comma: true }), { foo: ['a, b', 'c, d'] });
-
-        st.end();
-    });
-
-    t.test('parses an object in dot notation', function (st) {
-        var input = {
-            'user.name': { 'pop[bob]': 3 },
-            'user.email.': null
-        };
-
-        var expected = {
-            user: {
-                name: { 'pop[bob]': 3 },
-                email: null
-            }
-        };
-
-        var result = qs.parse(input, { allowDots: true });
-
-        st.deepEqual(result, expected);
-        st.end();
-    });
-
-    t.test('parses an object and not child values', function (st) {
-        var input = {
-            'user[name]': { 'pop[bob]': { test: 3 } },
-            'user[email]': null
-        };
-
-        var expected = {
-            user: {
-                name: { 'pop[bob]': { test: 3 } },
-                email: null
-            }
-        };
-
-        var result = qs.parse(input);
-
-        st.deepEqual(result, expected);
-        st.end();
-    });
-
-    t.test('does not blow up when Buffer global is missing', function (st) {
-        var restore = mockProperty(global, 'Buffer', { 'delete': true });
-
-        var result = qs.parse('a=b&c=d');
-
-        restore();
-
-        st.deepEqual(result, { a: 'b', c: 'd' });
-        st.end();
-    });
-
-    t.test('does not crash when parsing circular references', function (st) {
-        var a = {};
-        a.b = a;
-
-        var parsed;
-
-        st.doesNotThrow(function () {
-            parsed = qs.parse({ 'foo[bar]': 'baz', 'foo[baz]': a });
-        });
-
-        st.equal('foo' in parsed, true, 'parsed has "foo" property');
-        st.equal('bar' in parsed.foo, true);
-        st.equal('baz' in parsed.foo, true);
-        st.equal(parsed.foo.bar, 'baz');
-        st.deepEqual(parsed.foo.baz, a);
-        st.end();
-    });
-
-    t.test('does not crash when parsing deep objects', function (st) {
-        var parsed;
-        var str = 'foo';
-
-        for (var i = 0; i < 5000; i++) {
-            str += '[p]';
-        }
-
-        str += '=bar';
-
-        st.doesNotThrow(function () {
-            parsed = qs.parse(str, { depth: 5000 });
-        });
-
-        st.equal('foo' in parsed, true, 'parsed has "foo" property');
-
-        var depth = 0;
-        var ref = parsed.foo;
-        while ((ref = ref.p)) {
-            depth += 1;
-        }
-
-        st.equal(depth, 5000, 'parsed is 5000 properties deep');
-
-        st.end();
-    });
-
-    t.test('parses null objects correctly', { skip: !hasProto }, function (st) {
-        var a = { __proto__: null, b: 'c' };
-
-        st.deepEqual(qs.parse(a), { b: 'c' });
-        var result = qs.parse({ a: a });
-        st.equal('a' in result, true, 'result has "a" property');
-        st.deepEqual(result.a, a);
-        st.end();
-    });
-
-    t.test('parses dates correctly', function (st) {
-        var now = new Date();
-        st.deepEqual(qs.parse({ a: now }), { a: now });
-        st.end();
-    });
-
-    t.test('parses regular expressions correctly', function (st) {
-        var re = /^test$/;
-        st.deepEqual(qs.parse({ a: re }), { a: re });
-        st.end();
-    });
-
-    t.test('does not allow overwriting prototype properties', function (st) {
-        st.deepEqual(qs.parse('a[hasOwnProperty]=b', { allowPrototypes: false }), {});
-        st.deepEqual(qs.parse('hasOwnProperty=b', { allowPrototypes: false }), {});
-
-        st.deepEqual(
-            qs.parse('toString', { allowPrototypes: false }),
-            {},
-            'bare "toString" results in {}'
-        );
-
-        st.end();
-    });
-
-    t.test('can allow overwriting prototype properties', function (st) {
-        st.deepEqual(qs.parse('a[hasOwnProperty]=b', { allowPrototypes: true }), { a: { hasOwnProperty: 'b' } });
-        st.deepEqual(qs.parse('hasOwnProperty=b', { allowPrototypes: true }), { hasOwnProperty: 'b' });
-
-        st.deepEqual(
-            qs.parse('toString', { allowPrototypes: true }),
-            { toString: '' },
-            'bare "toString" results in { toString: "" }'
-        );
-
-        st.end();
-    });
-
-    t.test('does not crash when the global Object prototype is frozen', { skip: !hasPropertyDescriptors || !hasOverrideMistake }, function (st) {
-        // We can't actually freeze the global Object prototype as that will interfere with other tests, and once an object is frozen, it
-        // can't be unfrozen. Instead, we add a new non-writable property to simulate this.
-        st.teardown(mockProperty(Object.prototype, 'frozenProp', { value: 'foo', nonWritable: true, nonEnumerable: true }));
-
-        st['throws'](
-            function () {
-                var obj = {};
-                obj.frozenProp = 'bar';
-            },
-            // node < 6 has a different error message
-            /^TypeError: Cannot assign to read only property 'frozenProp' of (?:object '#<Object>'|#<Object>)/,
-            'regular assignment of an inherited non-writable property throws'
-        );
-
-        var parsed;
-        st.doesNotThrow(
-            function () {
-                parsed = qs.parse('frozenProp', { allowPrototypes: false });
-            },
-            'parsing a nonwritable Object.prototype property does not throw'
-        );
-
-        st.deepEqual(parsed, {}, 'bare "frozenProp" results in {}');
-
-        st.end();
-    });
-
-    t.test('params starting with a closing bracket', function (st) {
-        st.deepEqual(qs.parse(']=toString'), { ']': 'toString' });
-        st.deepEqual(qs.parse(']]=toString'), { ']]': 'toString' });
-        st.deepEqual(qs.parse(']hello]=toString'), { ']hello]': 'toString' });
-        st.end();
-    });
-
-    t.test('params starting with a starting bracket', function (st) {
-        st.deepEqual(qs.parse('[=toString'), { '[': 'toString' });
-        st.deepEqual(qs.parse('[[=toString'), { '[[': 'toString' });
-        st.deepEqual(qs.parse('[hello[=toString'), { '[hello[': 'toString' });
-        st.end();
-    });
-
-    t.test('add keys to objects', function (st) {
-        st.deepEqual(
-            qs.parse('a[b]=c&a=d'),
-            { a: { b: 'c', d: true } },
-            'can add keys to objects'
-        );
-
-        st.deepEqual(
-            qs.parse('a[b]=c&a=toString'),
-            { a: { b: 'c' } },
-            'can not overwrite prototype'
-        );
-
-        st.deepEqual(
-            qs.parse('a[b]=c&a=toString', { allowPrototypes: true }),
-            { a: { b: 'c', toString: true } },
-            'can overwrite prototype with allowPrototypes true'
-        );
-
-        st.deepEqual(
-            qs.parse('a[b]=c&a=toString', { plainObjects: true }),
-            { __proto__: null, a: { __proto__: null, b: 'c', toString: true } },
-            'can overwrite prototype with plainObjects true'
-        );
-
-        st.end();
-    });
-
-    t.test('dunder proto is ignored', function (st) {
-        var payload = 'categories[__proto__]=login&categories[__proto__]&categories[length]=42';
-        var result = qs.parse(payload, { allowPrototypes: true });
-
-        st.deepEqual(
-            result,
-            {
-                categories: {
-                    length: '42'
-                }
-            },
-            'silent [[Prototype]] payload'
-        );
-
-        var plainResult = qs.parse(payload, { allowPrototypes: true, plainObjects: true });
-
-        st.deepEqual(
-            plainResult,
-            {
-                __proto__: null,
-                categories: {
-                    __proto__: null,
-                    length: '42'
-                }
-            },
-            'silent [[Prototype]] payload: plain objects'
-        );
-
-        var query = qs.parse('categories[__proto__]=cats&categories[__proto__]=dogs&categories[some][json]=toInject', { allowPrototypes: true });
-
-        st.notOk(Array.isArray(query.categories), 'is not an array');
-        st.notOk(query.categories instanceof Array, 'is not instanceof an array');
-        st.deepEqual(query.categories, { some: { json: 'toInject' } });
-        st.equal(JSON.stringify(query.categories), '{"some":{"json":"toInject"}}', 'stringifies as a non-array');
-
-        st.deepEqual(
-            qs.parse('foo[__proto__][hidden]=value&foo[bar]=stuffs', { allowPrototypes: true }),
-            {
-                foo: {
-                    bar: 'stuffs'
-                }
-            },
-            'hidden values'
-        );
-
-        st.deepEqual(
-            qs.parse('foo[__proto__][hidden]=value&foo[bar]=stuffs', { allowPrototypes: true, plainObjects: true }),
-            {
-                __proto__: null,
-                foo: {
-                    __proto__: null,
-                    bar: 'stuffs'
-                }
-            },
-            'hidden values: plain objects'
-        );
-
-        st.end();
-    });
-
-    t.test('can return null objects', { skip: !hasProto }, function (st) {
-        var expected = {
-            __proto__: null,
-            a: {
-                __proto__: null,
-                b: 'c',
-                hasOwnProperty: 'd'
-            }
-        };
-        st.deepEqual(qs.parse('a[b]=c&a[hasOwnProperty]=d', { plainObjects: true }), expected);
-        st.deepEqual(qs.parse(null, { plainObjects: true }), { __proto__: null });
-        var expectedArray = {
-            __proto__: null,
-            a: {
-                __proto__: null,
-                0: 'b',
-                c: 'd'
-            }
-        };
-        st.deepEqual(qs.parse('a[]=b&a[c]=d', { plainObjects: true }), expectedArray);
-        st.end();
-    });
-
-    t.test('can parse with custom encoding', function (st) {
-        st.deepEqual(qs.parse('%8c%a7=%91%e5%8d%e3%95%7b', {
-            decoder: function (str) {
-                var reg = /%([0-9A-F]{2})/ig;
-                var result = [];
-                var parts = reg.exec(str);
-                while (parts) {
-                    result.push(parseInt(parts[1], 16));
-                    parts = reg.exec(str);
-                }
-                return String(iconv.decode(SaferBuffer.from(result), 'shift_jis'));
-            }
-        }), { 県: '大阪府' });
-        st.end();
-    });
-
-    t.test('receives the default decoder as a second argument', function (st) {
-        st.plan(1);
-        qs.parse('a', {
-            decoder: function (str, defaultDecoder) {
-                st.equal(defaultDecoder, utils.decode);
-            }
-        });
-        st.end();
-    });
-
-    t.test('throws error with wrong decoder', function (st) {
-        st['throws'](function () {
-            qs.parse({}, { decoder: 'string' });
-        }, new TypeError('Decoder has to be a function.'));
-        st.end();
-    });
-
-    t.test('does not mutate the options argument', function (st) {
-        var options = {};
-        qs.parse('a[b]=true', options);
-        st.deepEqual(options, {});
-        st.end();
-    });
-
-    t.test('throws if an invalid charset is specified', function (st) {
-        st['throws'](function () {
-            qs.parse('a=b', { charset: 'foobar' });
-        }, new TypeError('The charset option must be either utf-8, iso-8859-1, or undefined'));
-        st.end();
-    });
-
-    t.test('parses an iso-8859-1 string if asked to', function (st) {
-        st.deepEqual(qs.parse('%A2=%BD', { charset: 'iso-8859-1' }), { '¢': '½' });
-        st.end();
-    });
-
-    var urlEncodedCheckmarkInUtf8 = '%E2%9C%93';
-    var urlEncodedOSlashInUtf8 = '%C3%B8';
-    var urlEncodedNumCheckmark = '%26%2310003%3B';
-    var urlEncodedNumSmiley = '%26%239786%3B';
-
-    t.test('prefers an utf-8 charset specified by the utf8 sentinel to a default charset of iso-8859-1', function (st) {
-        st.deepEqual(qs.parse('utf8=' + urlEncodedCheckmarkInUtf8 + '&' + urlEncodedOSlashInUtf8 + '=' + urlEncodedOSlashInUtf8, { charsetSentinel: true, charset: 'iso-8859-1' }), { ø: 'ø' });
-        st.end();
-    });
-
-    t.test('prefers an iso-8859-1 charset specified by the utf8 sentinel to a default charset of utf-8', function (st) {
-        st.deepEqual(qs.parse('utf8=' + urlEncodedNumCheckmark + '&' + urlEncodedOSlashInUtf8 + '=' + urlEncodedOSlashInUtf8, { charsetSentinel: true, charset: 'utf-8' }), { 'ø': 'ø' });
-        st.end();
-    });
-
-    t.test('does not require the utf8 sentinel to be defined before the parameters whose decoding it affects', function (st) {
-        st.deepEqual(qs.parse('a=' + urlEncodedOSlashInUtf8 + '&utf8=' + urlEncodedNumCheckmark, { charsetSentinel: true, charset: 'utf-8' }), { a: 'ø' });
-        st.end();
-    });
-
-    t.test('ignores an utf8 sentinel with an unknown value', function (st) {
-        st.deepEqual(qs.parse('utf8=foo&' + urlEncodedOSlashInUtf8 + '=' + urlEncodedOSlashInUtf8, { charsetSentinel: true, charset: 'utf-8' }), { ø: 'ø' });
-        st.end();
-    });
-
-    t.test('uses the utf8 sentinel to switch to utf-8 when no default charset is given', function (st) {
-        st.deepEqual(qs.parse('utf8=' + urlEncodedCheckmarkInUtf8 + '&' + urlEncodedOSlashInUtf8 + '=' + urlEncodedOSlashInUtf8, { charsetSentinel: true }), { ø: 'ø' });
-        st.end();
-    });
-
-    t.test('uses the utf8 sentinel to switch to iso-8859-1 when no default charset is given', function (st) {
-        st.deepEqual(qs.parse('utf8=' + urlEncodedNumCheckmark + '&' + urlEncodedOSlashInUtf8 + '=' + urlEncodedOSlashInUtf8, { charsetSentinel: true }), { 'ø': 'ø' });
-        st.end();
-    });
-
-    t.test('interprets numeric entities in iso-8859-1 when `interpretNumericEntities`', function (st) {
-        st.deepEqual(qs.parse('foo=' + urlEncodedNumSmiley, { charset: 'iso-8859-1', interpretNumericEntities: true }), { foo: '☺' });
-        st.end();
-    });
-
-    t.test('handles a custom decoder returning `null`, in the `iso-8859-1` charset, when `interpretNumericEntities`', function (st) {
-        st.deepEqual(qs.parse('foo=&bar=' + urlEncodedNumSmiley, {
-            charset: 'iso-8859-1',
-            decoder: function (str, defaultDecoder, charset) {
-                return str ? defaultDecoder(str, defaultDecoder, charset) : null;
-            },
-            interpretNumericEntities: true
-        }), { foo: null, bar: '☺' });
-        st.end();
-    });
-
-    t.test('handles a custom decoder returning `null`, with a string key of `null`', function (st) {
-        st.deepEqual(
-            qs.parse('null=1&ToNull=2', {
-                decoder: function (str, defaultDecoder, charset) {
-                    return str === 'ToNull' ? null : defaultDecoder(str, defaultDecoder, charset);
-                }
-            }),
-            { 'null': '1' },
-            '"null" key is not overridden by `null` decoder result'
-        );
-
-        st.end();
-    });
-
-    t.test('does not interpret numeric entities in iso-8859-1 when `interpretNumericEntities` is absent', function (st) {
-        st.deepEqual(qs.parse('foo=' + urlEncodedNumSmiley, { charset: 'iso-8859-1' }), { foo: '&#9786;' });
-        st.end();
-    });
-
-    t.test('does not interpret numeric entities when the charset is utf-8, even when `interpretNumericEntities`', function (st) {
-        st.deepEqual(qs.parse('foo=' + urlEncodedNumSmiley, { charset: 'utf-8', interpretNumericEntities: true }), { foo: '&#9786;' });
-        st.end();
-    });
-
-    t.test('interpretNumericEntities with comma:true and iso charset does not crash', function (st) {
-        st.deepEqual(
-            qs.parse('b&a[]=1,' + urlEncodedNumSmiley, { comma: true, charset: 'iso-8859-1', interpretNumericEntities: true }),
-            { b: '', a: ['1,☺'] }
-        );
-
-        st.end();
-    });
-
-    t.test('does not interpret %uXXXX syntax in iso-8859-1 mode', function (st) {
-        st.deepEqual(qs.parse('%u263A=%u263A', { charset: 'iso-8859-1' }), { '%u263A': '%u263A' });
-        st.end();
-    });
-
-    t.test('allows for decoding keys and values differently', function (st) {
-        var decoder = function (str, defaultDecoder, charset, type) {
-            if (type === 'key') {
-                return defaultDecoder(str, defaultDecoder, charset, type).toLowerCase();
-            }
-            if (type === 'value') {
-                return defaultDecoder(str, defaultDecoder, charset, type).toUpperCase();
-            }
-            throw 'this should never happen! type: ' + type;
-        };
-
-        st.deepEqual(qs.parse('KeY=vAlUe', { decoder: decoder }), { key: 'VALUE' });
-        st.end();
-    });
-
-    t.test('parameter limit tests', function (st) {
-        st.test('does not throw error when within parameter limit', function (sst) {
-            var result = qs.parse('a=1&b=2&c=3', { parameterLimit: 5, throwOnLimitExceeded: true });
-            sst.deepEqual(result, { a: '1', b: '2', c: '3' }, 'parses without errors');
-            sst.end();
-        });
-
-        st.test('throws error when throwOnLimitExceeded is present but not boolean', function (sst) {
-            sst['throws'](
-                function () {
-                    qs.parse('a=1&b=2&c=3&d=4&e=5&f=6', { parameterLimit: 3, throwOnLimitExceeded: 'true' });
-                },
-                new TypeError('`throwOnLimitExceeded` option must be a boolean'),
-                'throws error when throwOnLimitExceeded is present and not boolean'
-            );
-            sst.end();
-        });
-
-        st.test('throws error when parameter limit exceeded', function (sst) {
-            sst['throws'](
-                function () {
-                    qs.parse('a=1&b=2&c=3&d=4&e=5&f=6', { parameterLimit: 3, throwOnLimitExceeded: true });
-                },
-                new RangeError('Parameter limit exceeded. Only 3 parameters allowed.'),
-                'throws error when parameter limit is exceeded'
-            );
-            sst.end();
-        });
-
-        st.test('silently truncates when throwOnLimitExceeded is not given', function (sst) {
-            var result = qs.parse('a=1&b=2&c=3&d=4&e=5', { parameterLimit: 3 });
-            sst.deepEqual(result, { a: '1', b: '2', c: '3' }, 'parses and truncates silently');
-            sst.end();
-        });
-
-        st.test('silently truncates when parameter limit exceeded without error', function (sst) {
-            var result = qs.parse('a=1&b=2&c=3&d=4&e=5', { parameterLimit: 3, throwOnLimitExceeded: false });
-            sst.deepEqual(result, { a: '1', b: '2', c: '3' }, 'parses and truncates silently');
-            sst.end();
-        });
-
-        st.test('allows unlimited parameters when parameterLimit set to Infinity', function (sst) {
-            var result = qs.parse('a=1&b=2&c=3&d=4&e=5&f=6', { parameterLimit: Infinity });
-            sst.deepEqual(result, { a: '1', b: '2', c: '3', d: '4', e: '5', f: '6' }, 'parses all parameters without truncation');
-            sst.end();
-        });
-
-        st.end();
-    });
-
-    t.test('array limit tests', function (st) {
-        st.test('does not throw error when array is within limit', function (sst) {
-            var result = qs.parse('a[]=1&a[]=2&a[]=3', { arrayLimit: 5, throwOnLimitExceeded: true });
-            sst.deepEqual(result, { a: ['1', '2', '3'] }, 'parses array without errors');
-            sst.end();
-        });
-
-        st.test('throws error when throwOnLimitExceeded is present but not boolean for array limit', function (sst) {
-            sst['throws'](
-                function () {
-                    qs.parse('a[]=1&a[]=2&a[]=3&a[]=4', { arrayLimit: 3, throwOnLimitExceeded: 'true' });
-                },
-                new TypeError('`throwOnLimitExceeded` option must be a boolean'),
-                'throws error when throwOnLimitExceeded is present and not boolean for array limit'
-            );
-            sst.end();
-        });
-
-        st.test('throws error when array limit exceeded', function (sst) {
-            // 4 elements exceeds limit of 3
-            sst['throws'](
-                function () {
-                    qs.parse('a[]=1&a[]=2&a[]=3&a[]=4', { arrayLimit: 3, throwOnLimitExceeded: true });
-                },
-                new RangeError('Array limit exceeded. Only 3 elements allowed in an array.'),
-                'throws error when array limit is exceeded'
-            );
-            sst.end();
-        });
-
-        st.test('does not throw when at limit', function (sst) {
-            // 3 elements = limit of 3, should not throw
-            var result = qs.parse('a[]=1&a[]=2&a[]=3', { arrayLimit: 3, throwOnLimitExceeded: true });
-            sst.ok(Array.isArray(result.a), 'result is an array');
-            sst.deepEqual(result.a, ['1', '2', '3'], 'all values present');
-            sst.end();
-        });
-
-        st.test('converts array to object if length is greater than limit', function (sst) {
-            var result = qs.parse('a[1]=1&a[2]=2&a[3]=3&a[4]=4&a[5]=5&a[6]=6', { arrayLimit: 5 });
-
-            sst.deepEqual(result, { a: { 1: '1', 2: '2', 3: '3', 4: '4', 5: '5', 6: '6' } }, 'parses into object if array length is greater than limit');
-            sst.end();
-        });
-
-        st.test('throws error when indexed notation exceeds arrayLimit with throwOnLimitExceeded', function (sst) {
-            sst['throws'](
-                function () {
-                    qs.parse('a[1001]=b', { arrayLimit: 1000, throwOnLimitExceeded: true });
-                },
-                new RangeError('Array limit exceeded. Only 1000 elements allowed in an array.'),
-                'throws error for a single index exceeding arrayLimit'
-            );
-
-            sst['throws'](
-                function () {
-                    qs.parse('a[0]=1&a[1]=2&a[2]=3&a[10]=4', { arrayLimit: 6, throwOnLimitExceeded: true, allowSparse: true });
-                },
-                new RangeError('Array limit exceeded. Only 6 elements allowed in an array.'),
-                'throws error when a sparse index exceeds arrayLimit'
-            );
-
-            sst.end();
-        });
-
-        st.test('does not throw for indexed notation within arrayLimit with throwOnLimitExceeded', function (sst) {
-            var result = qs.parse('a[4]=b', { arrayLimit: 5, throwOnLimitExceeded: true, allowSparse: true });
-            sst.ok(Array.isArray(result.a), 'result is an array');
-            sst.equal(result.a.length, 5, 'array has correct length');
-            sst.equal(result.a[4], 'b', 'value at index 4 is correct');
-            sst.end();
-        });
-
-        st.test('silently converts to object for indexed notation exceeding arrayLimit without throwOnLimitExceeded', function (sst) {
-            var result = qs.parse('a[1001]=b', { arrayLimit: 1000 });
-            sst.deepEqual(result, { a: { 1001: 'b' } }, 'converts to object without throwing');
-            sst.end();
-        });
-
-        st.end();
-    });
-
-    t.end();
-});
-
-test('parses empty keys', function (t) {
-    emptyTestCases.forEach(function (testCase) {
-        t.test('skips empty string key with ' + testCase.input, function (st) {
-            st.deepEqual(qs.parse(testCase.input), testCase.noEmptyKeys);
-
-            st.end();
-        });
-    });
-});
-
-test('`duplicates` option', function (t) {
-    v.nonStrings.concat('not a valid option').forEach(function (invalidOption) {
-        if (typeof invalidOption !== 'undefined') {
-            t['throws'](
-                function () { qs.parse('', { duplicates: invalidOption }); },
-                TypeError,
-                'throws on invalid option: ' + inspect(invalidOption)
-            );
-        }
-    });
-
-    t.deepEqual(
-        qs.parse('foo=bar&foo=baz'),
-        { foo: ['bar', 'baz'] },
-        'duplicates: default, combine'
-    );
-
-    t.deepEqual(
-        qs.parse('foo=bar&foo=baz', { duplicates: 'combine' }),
-        { foo: ['bar', 'baz'] },
-        'duplicates: combine'
-    );
-
-    t.deepEqual(
-        qs.parse('foo=bar&foo=baz', { duplicates: 'first' }),
-        { foo: 'bar' },
-        'duplicates: first'
-    );
-
-    t.deepEqual(
-        qs.parse('foo=bar&foo=baz', { duplicates: 'last' }),
-        { foo: 'baz' },
-        'duplicates: last'
-    );
-
-    t.end();
-});
-
-test('qs strictDepth option - throw cases', function (t) {
-    t.test('throws an exception when depth exceeds the limit with strictDepth: true', function (st) {
-        st['throws'](
-            function () {
-                qs.parse('a[b][c][d][e][f][g][h][i]=j', { depth: 1, strictDepth: true });
-            },
-            RangeError,
-            'throws RangeError'
-        );
-        st.end();
-    });
-
-    t.test('throws an exception for multiple nested arrays with strictDepth: true', function (st) {
-        st['throws'](
-            function () {
-                qs.parse('a[0][1][2][3][4]=b', { depth: 3, strictDepth: true });
-            },
-            RangeError,
-            'throws RangeError'
-        );
-        st.end();
-    });
-
-    t.test('throws an exception for nested objects and arrays with strictDepth: true', function (st) {
-        st['throws'](
-            function () {
-                qs.parse('a[b][c][0][d][e]=f', { depth: 3, strictDepth: true });
-            },
-            RangeError,
-            'throws RangeError'
-        );
-        st.end();
-    });
-
-    t.test('throws an exception for different types of values with strictDepth: true', function (st) {
-        st['throws'](
-            function () {
-                qs.parse('a[b][c][d][e]=true&a[b][c][d][f]=42', { depth: 3, strictDepth: true });
-            },
-            RangeError,
-            'throws RangeError'
-        );
-        st.end();
-    });
-
-});
-
-test('qs strictDepth option - non-throw cases', function (t) {
-    t.test('when depth is 0 and strictDepth true, do not throw', function (st) {
-        st.doesNotThrow(
-            function () {
-                qs.parse('a[b][c][d][e]=true&a[b][c][d][f]=42', { depth: 0, strictDepth: true });
-            },
-            RangeError,
-            'does not throw RangeError'
-        );
-        st.end();
-    });
-
-    t.test('parses successfully when depth is within the limit with strictDepth: true', function (st) {
-        st.doesNotThrow(
-            function () {
-                var result = qs.parse('a[b]=c', { depth: 1, strictDepth: true });
-                st.deepEqual(result, { a: { b: 'c' } }, 'parses correctly');
-            }
-        );
-        st.end();
-    });
-
-    t.test('does not throw an exception when depth exceeds the limit with strictDepth: false', function (st) {
-        st.doesNotThrow(
-            function () {
-                var result = qs.parse('a[b][c][d][e][f][g][h][i]=j', { depth: 1 });
-                st.deepEqual(result, { a: { b: { '[c][d][e][f][g][h][i]': 'j' } } }, 'parses with depth limit');
-            }
-        );
-        st.end();
-    });
-
-    t.test('parses successfully when depth is within the limit with strictDepth: false', function (st) {
-        st.doesNotThrow(
-            function () {
-                var result = qs.parse('a[b]=c', { depth: 1 });
-                st.deepEqual(result, { a: { b: 'c' } }, 'parses correctly');
-            }
-        );
-        st.end();
-    });
-
-    t.test('does not throw when depth is exactly at the limit with strictDepth: true', function (st) {
-        st.doesNotThrow(
-            function () {
-                var result = qs.parse('a[b][c]=d', { depth: 2, strictDepth: true });
-                st.deepEqual(result, { a: { b: { c: 'd' } } }, 'parses correctly');
-            }
-        );
-        st.end();
-    });
-});
-
-test('DOS', function (t) {
-    var arr = [];
-    for (var i = 0; i < 105; i++) {
-        arr[arr.length] = 'x';
-    }
-    var attack = 'a[]=' + arr.join('&a[]=');
-    var result = qs.parse(attack, { arrayLimit: 100 });
-
-    t.notOk(Array.isArray(result.a), 'arrayLimit is respected: result is an object, not an array');
-    t.equal(Object.keys(result.a).length, 105, 'all values are preserved');
-
-    t.end();
-});
-
-test('arrayLimit boundary conditions', function (t) {
-    // arrayLimit is the max number of elements allowed in an array
-    t.test('exactly at the limit stays as array', function (st) {
-        // 3 elements = limit of 3
-        var result = qs.parse('a[]=1&a[]=2&a[]=3', { arrayLimit: 3 });
-        st.ok(Array.isArray(result.a), 'result is an array when count equals limit');
-        st.deepEqual(result.a, ['1', '2', '3'], 'all values present');
-        st.end();
-    });
-
-    t.test('one over the limit converts to object', function (st) {
-        // 4 elements exceeds limit of 3
-        var result = qs.parse('a[]=1&a[]=2&a[]=3&a[]=4', { arrayLimit: 3 });
-        st.notOk(Array.isArray(result.a), 'result is not an array when over limit');
-        st.deepEqual(result.a, { 0: '1', 1: '2', 2: '3', 3: '4' }, 'all values preserved as object');
-        st.end();
-    });
-
-    t.test('arrayLimit 1 with one value', function (st) {
-        // 1 element = limit of 1
-        var result = qs.parse('a[]=1', { arrayLimit: 1 });
-        st.ok(Array.isArray(result.a), 'result is an array when count equals limit');
-        st.deepEqual(result.a, ['1'], 'value preserved as array');
-        st.end();
-    });
-
-    t.test('arrayLimit 1 with two values converts to object', function (st) {
-        // 2 elements exceeds limit of 1
-        var result = qs.parse('a[]=1&a[]=2', { arrayLimit: 1 });
-        st.notOk(Array.isArray(result.a), 'result is not an array');
-        st.deepEqual(result.a, { 0: '1', 1: '2' }, 'all values preserved as object');
-        st.end();
-    });
-
-    t.end();
-});
-
-test('comma + arrayLimit', function (t) {
-    t.test('comma-separated values within arrayLimit stay as array', function (st) {
-        var result = qs.parse('a=1,2,3', { comma: true, arrayLimit: 5 });
-        st.ok(Array.isArray(result.a), 'result is an array');
-        st.deepEqual(result.a, ['1', '2', '3'], 'all values present');
-        st.end();
-    });
-
-    t.test('comma-separated values exceeding arrayLimit convert to object', function (st) {
-        var result = qs.parse('a=1,2,3,4', { comma: true, arrayLimit: 3 });
-        st.notOk(Array.isArray(result.a), 'result is not an array when over limit');
-        st.deepEqual(result.a, { 0: '1', 1: '2', 2: '3', 3: '4' }, 'all values preserved as object');
-        st.end();
-    });
-
-    t.test('comma-separated values exceeding arrayLimit with throwOnLimitExceeded throws', function (st) {
-        st['throws'](
-            function () {
-                qs.parse('a=1,2,3,4', { comma: true, arrayLimit: 3, throwOnLimitExceeded: true });
-            },
-            new RangeError('Array limit exceeded. Only 3 elements allowed in an array.'),
-            'throws error when comma-split exceeds array limit'
-        );
-        st.end();
-    });
-
-    t.test('comma-separated values at exactly arrayLimit stay as array', function (st) {
-        var result = qs.parse('a=1,2,3', { comma: true, arrayLimit: 3 });
-        st.ok(Array.isArray(result.a), 'result is an array when exactly at limit');
-        st.deepEqual(result.a, ['1', '2', '3'], 'all values present');
-        st.end();
-    });
-
-    t.end();
-});
-
-test('mixed array and object notation', function (t) {
-    t.test('array brackets with object key - under limit', function (st) {
-        st.deepEqual(
-            qs.parse('a[]=b&a[c]=d'),
-            { a: { 0: 'b', c: 'd' } },
-            'mixing [] and [key] converts to object'
-        );
-        st.end();
-    });
-
-    t.test('array index with object key - under limit', function (st) {
-        st.deepEqual(
-            qs.parse('a[0]=b&a[c]=d'),
-            { a: { 0: 'b', c: 'd' } },
-            'mixing [0] and [key] produces object'
-        );
-        st.end();
-    });
-
-    t.test('plain value with array brackets - under limit', function (st) {
-        st.deepEqual(
-            qs.parse('a=b&a[]=c', { arrayLimit: 20 }),
-            { a: ['b', 'c'] },
-            'plain value combined with [] stays as array under limit'
-        );
-        st.end();
-    });
-
-    t.test('array brackets with plain value - under limit', function (st) {
-        st.deepEqual(
-            qs.parse('a[]=b&a=c', { arrayLimit: 20 }),
-            { a: ['b', 'c'] },
-            '[] combined with plain value stays as array under limit'
-        );
-        st.end();
-    });
-
-    t.test('plain value with array index - under limit', function (st) {
-        st.deepEqual(
-            qs.parse('a=b&a[0]=c', { arrayLimit: 20 }),
-            { a: ['b', 'c'] },
-            'plain value combined with [0] stays as array under limit'
-        );
-        st.end();
-    });
-
-    t.test('multiple plain values with duplicates combine', function (st) {
-        st.deepEqual(
-            qs.parse('a=b&a=c&a=d', { arrayLimit: 20 }),
-            { a: ['b', 'c', 'd'] },
-            'duplicate plain keys combine into array'
-        );
-        st.end();
-    });
-
-    t.test('multiple plain values exceeding limit', function (st) {
-        // 3 elements (indices 0-2), max index 2 > limit 1
-        st.deepEqual(
-            qs.parse('a=b&a=c&a=d', { arrayLimit: 1 }),
-            { a: { 0: 'b', 1: 'c', 2: 'd' } },
-            'duplicate plain keys convert to object when exceeding limit'
-        );
-        st.end();
-    });
-
-    t.test('mixed notation produces consistent results when arrayLimit is exceeded', function (st) {
-        var expected = { a: { 0: 'b', 1: 'c', 2: 'd' } };
-
-        st.deepEqual(
-            qs.parse('a[]=b&a[1]=c&a=d', { arrayLimit: -1 }),
-            expected,
-            'arrayLimit -1'
-        );
-
-        st.deepEqual(
-            qs.parse('a[]=b&a[1]=c&a=d', { arrayLimit: 0 }),
-            expected,
-            'arrayLimit 0'
-        );
-
-        st.deepEqual(
-            qs.parse('a[]=b&a[1]=c&a=d', { arrayLimit: 1 }),
-            expected,
-            'arrayLimit 1'
-        );
-
-        st.end();
-    });
-
-    t.end();
-});
diff --git a/src/Servers/ExpressServer/node_modules/qs/test/stringify.js b/src/Servers/ExpressServer/node_modules/qs/test/stringify.js
deleted file mode 100644
index 4d77694..0000000
--- a/src/Servers/ExpressServer/node_modules/qs/test/stringify.js
+++ /dev/null
@@ -1,1310 +0,0 @@
-'use strict';
-
-var test = require('tape');
-var qs = require('../');
-var utils = require('../lib/utils');
-var iconv = require('iconv-lite');
-var SaferBuffer = require('safer-buffer').Buffer;
-var hasSymbols = require('has-symbols');
-var mockProperty = require('mock-property');
-var emptyTestCases = require('./empty-keys-cases').emptyTestCases;
-var hasProto = require('has-proto')();
-var hasBigInt = require('has-bigints')();
-
-test('stringify()', function (t) {
-    t.test('stringifies a querystring object', function (st) {
-        st.equal(qs.stringify({ a: 'b' }), 'a=b');
-        st.equal(qs.stringify({ a: 1 }), 'a=1');
-        st.equal(qs.stringify({ a: 1, b: 2 }), 'a=1&b=2');
-        st.equal(qs.stringify({ a: 'A_Z' }), 'a=A_Z');
-        st.equal(qs.stringify({ a: '€' }), 'a=%E2%82%AC');
-        st.equal(qs.stringify({ a: '' }), 'a=%EE%80%80');
-        st.equal(qs.stringify({ a: 'א' }), 'a=%D7%90');
-        st.equal(qs.stringify({ a: '𐐷' }), 'a=%F0%90%90%B7');
-        st.end();
-    });
-
-    t.test('stringifies falsy values', function (st) {
-        st.equal(qs.stringify(undefined), '');
-        st.equal(qs.stringify(null), '');
-        st.equal(qs.stringify(null, { strictNullHandling: true }), '');
-        st.equal(qs.stringify(false), '');
-        st.equal(qs.stringify(0), '');
-        st.end();
-    });
-
-    t.test('stringifies symbols', { skip: !hasSymbols() }, function (st) {
-        st.equal(qs.stringify(Symbol.iterator), '');
-        st.equal(qs.stringify([Symbol.iterator]), '0=Symbol%28Symbol.iterator%29');
-        st.equal(qs.stringify({ a: Symbol.iterator }), 'a=Symbol%28Symbol.iterator%29');
-        st.equal(
-            qs.stringify({ a: [Symbol.iterator] }, { encodeValuesOnly: true, arrayFormat: 'brackets' }),
-            'a[]=Symbol%28Symbol.iterator%29'
-        );
-        st.end();
-    });
-
-    t.test('stringifies bigints', { skip: !hasBigInt }, function (st) {
-        var three = BigInt(3);
-        var encodeWithN = function (value, defaultEncoder, charset) {
-            var result = defaultEncoder(value, defaultEncoder, charset);
-            return typeof value === 'bigint' ? result + 'n' : result;
-        };
-        st.equal(qs.stringify(three), '');
-        st.equal(qs.stringify([three]), '0=3');
-        st.equal(qs.stringify([three], { encoder: encodeWithN }), '0=3n');
-        st.equal(qs.stringify({ a: three }), 'a=3');
-        st.equal(qs.stringify({ a: three }, { encoder: encodeWithN }), 'a=3n');
-        st.equal(
-            qs.stringify({ a: [three] }, { encodeValuesOnly: true, arrayFormat: 'brackets' }),
-            'a[]=3'
-        );
-        st.equal(
-            qs.stringify({ a: [three] }, { encodeValuesOnly: true, encoder: encodeWithN, arrayFormat: 'brackets' }),
-            'a[]=3n'
-        );
-        st.end();
-    });
-
-    t.test('encodes dot in key of object when encodeDotInKeys and allowDots is provided', function (st) {
-        st.equal(
-            qs.stringify(
-                { 'name.obj': { first: 'John', last: 'Doe' } },
-                { allowDots: false, encodeDotInKeys: false }
-            ),
-            'name.obj%5Bfirst%5D=John&name.obj%5Blast%5D=Doe',
-            'with allowDots false and encodeDotInKeys false'
-        );
-        st.equal(
-            qs.stringify(
-                { 'name.obj': { first: 'John', last: 'Doe' } },
-                { allowDots: true, encodeDotInKeys: false }
-            ),
-            'name.obj.first=John&name.obj.last=Doe',
-            'with allowDots true and encodeDotInKeys false'
-        );
-        st.equal(
-            qs.stringify(
-                { 'name.obj': { first: 'John', last: 'Doe' } },
-                { allowDots: false, encodeDotInKeys: true }
-            ),
-            'name%252Eobj%5Bfirst%5D=John&name%252Eobj%5Blast%5D=Doe',
-            'with allowDots false and encodeDotInKeys true'
-        );
-        st.equal(
-            qs.stringify(
-                { 'name.obj': { first: 'John', last: 'Doe' } },
-                { allowDots: true, encodeDotInKeys: true }
-            ),
-            'name%252Eobj.first=John&name%252Eobj.last=Doe',
-            'with allowDots true and encodeDotInKeys true'
-        );
-
-        st.equal(
-            qs.stringify(
-                { 'name.obj.subobject': { 'first.godly.name': 'John', last: 'Doe' } },
-                { allowDots: false, encodeDotInKeys: false }
-            ),
-            'name.obj.subobject%5Bfirst.godly.name%5D=John&name.obj.subobject%5Blast%5D=Doe',
-            'with allowDots false and encodeDotInKeys false'
-        );
-        st.equal(
-            qs.stringify(
-                { 'name.obj.subobject': { 'first.godly.name': 'John', last: 'Doe' } },
-                { allowDots: true, encodeDotInKeys: false }
-            ),
-            'name.obj.subobject.first.godly.name=John&name.obj.subobject.last=Doe',
-            'with allowDots false and encodeDotInKeys false'
-        );
-        st.equal(
-            qs.stringify(
-                { 'name.obj.subobject': { 'first.godly.name': 'John', last: 'Doe' } },
-                { allowDots: false, encodeDotInKeys: true }
-            ),
-            'name%252Eobj%252Esubobject%5Bfirst.godly.name%5D=John&name%252Eobj%252Esubobject%5Blast%5D=Doe',
-            'with allowDots false and encodeDotInKeys true'
-        );
-        st.equal(
-            qs.stringify(
-                { 'name.obj.subobject': { 'first.godly.name': 'John', last: 'Doe' } },
-                { allowDots: true, encodeDotInKeys: true }
-            ),
-            'name%252Eobj%252Esubobject.first%252Egodly%252Ename=John&name%252Eobj%252Esubobject.last=Doe',
-            'with allowDots true and encodeDotInKeys true'
-        );
-
-        st.end();
-    });
-
-    t.test('should encode dot in key of object, and automatically set allowDots to `true` when encodeDotInKeys is true and allowDots in undefined', function (st) {
-        st.equal(
-            qs.stringify(
-                { 'name.obj.subobject': { 'first.godly.name': 'John', last: 'Doe' } },
-                { encodeDotInKeys: true }
-            ),
-            'name%252Eobj%252Esubobject.first%252Egodly%252Ename=John&name%252Eobj%252Esubobject.last=Doe',
-            'with allowDots undefined and encodeDotInKeys true'
-        );
-        st.end();
-    });
-
-    t.test('should encode dot in key of object when encodeDotInKeys and allowDots is provided, and nothing else when encodeValuesOnly is provided', function (st) {
-        st.equal(
-            qs.stringify({ 'name.obj': { first: 'John', last: 'Doe' } }, {
-                encodeDotInKeys: true, allowDots: true, encodeValuesOnly: true
-            }),
-            'name%2Eobj.first=John&name%2Eobj.last=Doe'
-        );
-
-        st.equal(
-            qs.stringify({ 'name.obj.subobject': { 'first.godly.name': 'John', last: 'Doe' } }, { allowDots: true, encodeDotInKeys: true, encodeValuesOnly: true }),
-            'name%2Eobj%2Esubobject.first%2Egodly%2Ename=John&name%2Eobj%2Esubobject.last=Doe'
-        );
-
-        st.end();
-    });
-
-    t.test('throws when `commaRoundTrip` is not a boolean', function (st) {
-        st['throws'](
-            function () { qs.stringify({}, { commaRoundTrip: 'not a boolean' }); },
-            TypeError,
-            'throws when `commaRoundTrip` is not a boolean'
-        );
-
-        st.end();
-    });
-
-    t.test('throws when `encodeDotInKeys` is not a boolean', function (st) {
-        st['throws'](
-            function () { qs.stringify({ a: [], b: 'zz' }, { encodeDotInKeys: 'foobar' }); },
-            TypeError
-        );
-
-        st['throws'](
-            function () { qs.stringify({ a: [], b: 'zz' }, { encodeDotInKeys: 0 }); },
-            TypeError
-        );
-
-        st['throws'](
-            function () { qs.stringify({ a: [], b: 'zz' }, { encodeDotInKeys: NaN }); },
-            TypeError
-        );
-
-        st['throws'](
-            function () { qs.stringify({ a: [], b: 'zz' }, { encodeDotInKeys: null }); },
-            TypeError
-        );
-
-        st.end();
-    });
-
-    t.test('adds query prefix', function (st) {
-        st.equal(qs.stringify({ a: 'b' }, { addQueryPrefix: true }), '?a=b');
-        st.end();
-    });
-
-    t.test('with query prefix, outputs blank string given an empty object', function (st) {
-        st.equal(qs.stringify({}, { addQueryPrefix: true }), '');
-        st.end();
-    });
-
-    t.test('stringifies nested falsy values', function (st) {
-        st.equal(qs.stringify({ a: { b: { c: null } } }), 'a%5Bb%5D%5Bc%5D=');
-        st.equal(qs.stringify({ a: { b: { c: null } } }, { strictNullHandling: true }), 'a%5Bb%5D%5Bc%5D');
-        st.equal(qs.stringify({ a: { b: { c: false } } }), 'a%5Bb%5D%5Bc%5D=false');
-        st.end();
-    });
-
-    t.test('stringifies a nested object', function (st) {
-        st.equal(qs.stringify({ a: { b: 'c' } }), 'a%5Bb%5D=c');
-        st.equal(qs.stringify({ a: { b: { c: { d: 'e' } } } }), 'a%5Bb%5D%5Bc%5D%5Bd%5D=e');
-        st.end();
-    });
-
-    t.test('`allowDots` option: stringifies a nested object with dots notation', function (st) {
-        st.equal(qs.stringify({ a: { b: 'c' } }, { allowDots: true }), 'a.b=c');
-        st.equal(qs.stringify({ a: { b: { c: { d: 'e' } } } }, { allowDots: true }), 'a.b.c.d=e');
-        st.end();
-    });
-
-    t.test('stringifies an array value', function (st) {
-        st.equal(
-            qs.stringify({ a: ['b', 'c', 'd'] }, { arrayFormat: 'indices' }),
-            'a%5B0%5D=b&a%5B1%5D=c&a%5B2%5D=d',
-            'indices => indices'
-        );
-        st.equal(
-            qs.stringify({ a: ['b', 'c', 'd'] }, { arrayFormat: 'brackets' }),
-            'a%5B%5D=b&a%5B%5D=c&a%5B%5D=d',
-            'brackets => brackets'
-        );
-        st.equal(
-            qs.stringify({ a: ['b', 'c', 'd'] }, { arrayFormat: 'comma' }),
-            'a=b%2Cc%2Cd',
-            'comma => comma'
-        );
-        st.equal(
-            qs.stringify({ a: ['b', 'c', 'd'] }, { arrayFormat: 'comma', commaRoundTrip: true }),
-            'a=b%2Cc%2Cd',
-            'comma round trip => comma'
-        );
-        st.equal(
-            qs.stringify({ a: ['b', 'c', 'd'] }),
-            'a%5B0%5D=b&a%5B1%5D=c&a%5B2%5D=d',
-            'default => indices'
-        );
-        st.end();
-    });
-
-    t.test('`skipNulls` option', function (st) {
-        st.equal(
-            qs.stringify({ a: 'b', c: null }, { skipNulls: true }),
-            'a=b',
-            'omits nulls when asked'
-        );
-
-        st.equal(
-            qs.stringify({ a: { b: 'c', d: null } }, { skipNulls: true }),
-            'a%5Bb%5D=c',
-            'omits nested nulls when asked'
-        );
-
-        st.end();
-    });
-
-    t.test('omits array indices when asked', function (st) {
-        st.equal(qs.stringify({ a: ['b', 'c', 'd'] }, { indices: false }), 'a=b&a=c&a=d');
-
-        st.end();
-    });
-
-    t.test('omits object key/value pair when value is empty array', function (st) {
-        st.equal(qs.stringify({ a: [], b: 'zz' }), 'b=zz');
-
-        st.end();
-    });
-
-    t.test('should not omit object key/value pair when value is empty array and when asked', function (st) {
-        st.equal(qs.stringify({ a: [], b: 'zz' }), 'b=zz');
-        st.equal(qs.stringify({ a: [], b: 'zz' }, { allowEmptyArrays: false }), 'b=zz');
-        st.equal(qs.stringify({ a: [], b: 'zz' }, { allowEmptyArrays: true }), 'a[]&b=zz');
-
-        st.end();
-    });
-
-    t.test('should throw when allowEmptyArrays is not of type boolean', function (st) {
-        st['throws'](
-            function () { qs.stringify({ a: [], b: 'zz' }, { allowEmptyArrays: 'foobar' }); },
-            TypeError
-        );
-
-        st['throws'](
-            function () { qs.stringify({ a: [], b: 'zz' }, { allowEmptyArrays: 0 }); },
-            TypeError
-        );
-
-        st['throws'](
-            function () { qs.stringify({ a: [], b: 'zz' }, { allowEmptyArrays: NaN }); },
-            TypeError
-        );
-
-        st['throws'](
-            function () { qs.stringify({ a: [], b: 'zz' }, { allowEmptyArrays: null }); },
-            TypeError
-        );
-
-        st.end();
-    });
-
-    t.test('allowEmptyArrays + strictNullHandling', function (st) {
-        st.equal(
-            qs.stringify(
-                { testEmptyArray: [] },
-                { strictNullHandling: true, allowEmptyArrays: true }
-            ),
-            'testEmptyArray[]'
-        );
-
-        st.end();
-    });
-
-    t.test('stringifies an array value with one item vs multiple items', function (st) {
-        st.test('non-array item', function (s2t) {
-            s2t.equal(qs.stringify({ a: 'c' }, { encodeValuesOnly: true, arrayFormat: 'indices' }), 'a=c');
-            s2t.equal(qs.stringify({ a: 'c' }, { encodeValuesOnly: true, arrayFormat: 'brackets' }), 'a=c');
-            s2t.equal(qs.stringify({ a: 'c' }, { encodeValuesOnly: true, arrayFormat: 'comma' }), 'a=c');
-            s2t.equal(qs.stringify({ a: 'c' }, { encodeValuesOnly: true }), 'a=c');
-
-            s2t.end();
-        });
-
-        st.test('array with a single item', function (s2t) {
-            s2t.equal(qs.stringify({ a: ['c'] }, { encodeValuesOnly: true, arrayFormat: 'indices' }), 'a[0]=c');
-            s2t.equal(qs.stringify({ a: ['c'] }, { encodeValuesOnly: true, arrayFormat: 'brackets' }), 'a[]=c');
-            s2t.equal(qs.stringify({ a: ['c'] }, { encodeValuesOnly: true, arrayFormat: 'comma' }), 'a=c');
-            s2t.equal(qs.stringify({ a: ['c'] }, { encodeValuesOnly: true, arrayFormat: 'comma', commaRoundTrip: true }), 'a[]=c'); // so it parses back as an array
-            s2t.equal(qs.stringify({ a: ['c'] }, { encodeValuesOnly: true }), 'a[0]=c');
-
-            s2t.end();
-        });
-
-        st.test('array with multiple items', function (s2t) {
-            s2t.equal(qs.stringify({ a: ['c', 'd'] }, { encodeValuesOnly: true, arrayFormat: 'indices' }), 'a[0]=c&a[1]=d');
-            s2t.equal(qs.stringify({ a: ['c', 'd'] }, { encodeValuesOnly: true, arrayFormat: 'brackets' }), 'a[]=c&a[]=d');
-            s2t.equal(qs.stringify({ a: ['c', 'd'] }, { encodeValuesOnly: true, arrayFormat: 'comma' }), 'a=c,d');
-            s2t.equal(qs.stringify({ a: ['c', 'd'] }, { encodeValuesOnly: true, arrayFormat: 'comma', commaRoundTrip: true }), 'a=c,d');
-            s2t.equal(qs.stringify({ a: ['c', 'd'] }, { encodeValuesOnly: true }), 'a[0]=c&a[1]=d');
-
-            s2t.end();
-        });
-
-        st.test('array with multiple items with a comma inside', function (s2t) {
-            s2t.equal(qs.stringify({ a: ['c,d', 'e'] }, { encodeValuesOnly: true, arrayFormat: 'comma' }), 'a=c%2Cd,e');
-            s2t.equal(qs.stringify({ a: ['c,d', 'e'] }, { arrayFormat: 'comma' }), 'a=c%2Cd%2Ce');
-
-            s2t.equal(qs.stringify({ a: ['c,d', 'e'] }, { encodeValuesOnly: true, arrayFormat: 'comma', commaRoundTrip: true }), 'a=c%2Cd,e');
-            s2t.equal(qs.stringify({ a: ['c,d', 'e'] }, { arrayFormat: 'comma', commaRoundTrip: true }), 'a=c%2Cd%2Ce');
-
-            s2t.end();
-        });
-
-        st.end();
-    });
-
-    t.test('stringifies a nested array value', function (st) {
-        st.equal(qs.stringify({ a: { b: ['c', 'd'] } }, { encodeValuesOnly: true, arrayFormat: 'indices' }), 'a[b][0]=c&a[b][1]=d');
-        st.equal(qs.stringify({ a: { b: ['c', 'd'] } }, { encodeValuesOnly: true, arrayFormat: 'brackets' }), 'a[b][]=c&a[b][]=d');
-        st.equal(qs.stringify({ a: { b: ['c', 'd'] } }, { encodeValuesOnly: true, arrayFormat: 'comma' }), 'a[b]=c,d');
-        st.equal(qs.stringify({ a: { b: ['c', 'd'] } }, { encodeValuesOnly: true }), 'a[b][0]=c&a[b][1]=d');
-        st.end();
-    });
-
-    t.test('stringifies comma and empty array values', function (st) {
-        st.equal(qs.stringify({ a: [',', '', 'c,d%'] }, { encode: false, arrayFormat: 'indices' }), 'a[0]=,&a[1]=&a[2]=c,d%');
-        st.equal(qs.stringify({ a: [',', '', 'c,d%'] }, { encode: false, arrayFormat: 'brackets' }), 'a[]=,&a[]=&a[]=c,d%');
-        st.equal(qs.stringify({ a: [',', '', 'c,d%'] }, { encode: false, arrayFormat: 'comma' }), 'a=,,,c,d%');
-        st.equal(qs.stringify({ a: [',', '', 'c,d%'] }, { encode: false, arrayFormat: 'repeat' }), 'a=,&a=&a=c,d%');
-
-        st.equal(qs.stringify({ a: [',', '', 'c,d%'] }, { encode: true, encodeValuesOnly: true, arrayFormat: 'indices' }), 'a[0]=%2C&a[1]=&a[2]=c%2Cd%25');
-        st.equal(qs.stringify({ a: [',', '', 'c,d%'] }, { encode: true, encodeValuesOnly: true, arrayFormat: 'brackets' }), 'a[]=%2C&a[]=&a[]=c%2Cd%25');
-        st.equal(qs.stringify({ a: [',', '', 'c,d%'] }, { encode: true, encodeValuesOnly: true, arrayFormat: 'comma' }), 'a=%2C,,c%2Cd%25');
-        st.equal(qs.stringify({ a: [',', '', 'c,d%'] }, { encode: true, encodeValuesOnly: true, arrayFormat: 'repeat' }), 'a=%2C&a=&a=c%2Cd%25');
-
-        st.equal(qs.stringify({ a: [',', '', 'c,d%'] }, { encode: true, encodeValuesOnly: false, arrayFormat: 'indices' }), 'a%5B0%5D=%2C&a%5B1%5D=&a%5B2%5D=c%2Cd%25');
-        st.equal(qs.stringify({ a: [',', '', 'c,d%'] }, { encode: true, encodeValuesOnly: false, arrayFormat: 'brackets' }), 'a%5B%5D=%2C&a%5B%5D=&a%5B%5D=c%2Cd%25');
-        st.equal(qs.stringify({ a: [',', '', 'c,d%'] }, { encode: true, encodeValuesOnly: false, arrayFormat: 'comma' }), 'a=%2C%2C%2Cc%2Cd%25');
-        st.equal(qs.stringify({ a: [',', '', 'c,d%'] }, { encode: true, encodeValuesOnly: false, arrayFormat: 'repeat' }), 'a=%2C&a=&a=c%2Cd%25');
-
-        st.end();
-    });
-
-    t.test('stringifies comma and empty non-array values', function (st) {
-        st.equal(qs.stringify({ a: ',', b: '', c: 'c,d%' }, { encode: false, arrayFormat: 'indices' }), 'a=,&b=&c=c,d%');
-        st.equal(qs.stringify({ a: ',', b: '', c: 'c,d%' }, { encode: false, arrayFormat: 'brackets' }), 'a=,&b=&c=c,d%');
-        st.equal(qs.stringify({ a: ',', b: '', c: 'c,d%' }, { encode: false, arrayFormat: 'comma' }), 'a=,&b=&c=c,d%');
-        st.equal(qs.stringify({ a: ',', b: '', c: 'c,d%' }, { encode: false, arrayFormat: 'repeat' }), 'a=,&b=&c=c,d%');
-
-        st.equal(qs.stringify({ a: ',', b: '', c: 'c,d%' }, { encode: true, encodeValuesOnly: true, arrayFormat: 'indices' }), 'a=%2C&b=&c=c%2Cd%25');
-        st.equal(qs.stringify({ a: ',', b: '', c: 'c,d%' }, { encode: true, encodeValuesOnly: true, arrayFormat: 'brackets' }), 'a=%2C&b=&c=c%2Cd%25');
-        st.equal(qs.stringify({ a: ',', b: '', c: 'c,d%' }, { encode: true, encodeValuesOnly: true, arrayFormat: 'comma' }), 'a=%2C&b=&c=c%2Cd%25');
-        st.equal(qs.stringify({ a: ',', b: '', c: 'c,d%' }, { encode: true, encodeValuesOnly: true, arrayFormat: 'repeat' }), 'a=%2C&b=&c=c%2Cd%25');
-
-        st.equal(qs.stringify({ a: ',', b: '', c: 'c,d%' }, { encode: true, encodeValuesOnly: false, arrayFormat: 'indices' }), 'a=%2C&b=&c=c%2Cd%25');
-        st.equal(qs.stringify({ a: ',', b: '', c: 'c,d%' }, { encode: true, encodeValuesOnly: false, arrayFormat: 'brackets' }), 'a=%2C&b=&c=c%2Cd%25');
-        st.equal(qs.stringify({ a: ',', b: '', c: 'c,d%' }, { encode: true, encodeValuesOnly: false, arrayFormat: 'comma' }), 'a=%2C&b=&c=c%2Cd%25');
-        st.equal(qs.stringify({ a: ',', b: '', c: 'c,d%' }, { encode: true, encodeValuesOnly: false, arrayFormat: 'repeat' }), 'a=%2C&b=&c=c%2Cd%25');
-
-        st.end();
-    });
-
-    t.test('stringifies a nested array value with dots notation', function (st) {
-        st.equal(
-            qs.stringify(
-                { a: { b: ['c', 'd'] } },
-                { allowDots: true, encodeValuesOnly: true, arrayFormat: 'indices' }
-            ),
-            'a.b[0]=c&a.b[1]=d',
-            'indices: stringifies with dots + indices'
-        );
-        st.equal(
-            qs.stringify(
-                { a: { b: ['c', 'd'] } },
-                { allowDots: true, encodeValuesOnly: true, arrayFormat: 'brackets' }
-            ),
-            'a.b[]=c&a.b[]=d',
-            'brackets: stringifies with dots + brackets'
-        );
-        st.equal(
-            qs.stringify(
-                { a: { b: ['c', 'd'] } },
-                { allowDots: true, encodeValuesOnly: true, arrayFormat: 'comma' }
-            ),
-            'a.b=c,d',
-            'comma: stringifies with dots + comma'
-        );
-        st.equal(
-            qs.stringify(
-                { a: { b: ['c', 'd'] } },
-                { allowDots: true, encodeValuesOnly: true }
-            ),
-            'a.b[0]=c&a.b[1]=d',
-            'default: stringifies with dots + indices'
-        );
-        st.end();
-    });
-
-    t.test('stringifies an object inside an array', function (st) {
-        st.equal(
-            qs.stringify({ a: [{ b: 'c' }] }, { arrayFormat: 'indices', encodeValuesOnly: true }),
-            'a[0][b]=c',
-            'indices => indices'
-        );
-        st.equal(
-            qs.stringify({ a: [{ b: 'c' }] }, { arrayFormat: 'repeat', encodeValuesOnly: true }),
-            'a[b]=c',
-            'repeat => repeat'
-        );
-        st.equal(
-            qs.stringify({ a: [{ b: 'c' }] }, { arrayFormat: 'brackets', encodeValuesOnly: true }),
-            'a[][b]=c',
-            'brackets => brackets'
-        );
-        st.equal(
-            qs.stringify({ a: [{ b: 'c' }] }, { encodeValuesOnly: true }),
-            'a[0][b]=c',
-            'default => indices'
-        );
-
-        st.equal(
-            qs.stringify({ a: [{ b: { c: [1] } }] }, { arrayFormat: 'indices', encodeValuesOnly: true }),
-            'a[0][b][c][0]=1',
-            'indices => indices'
-        );
-        st.equal(
-            qs.stringify({ a: [{ b: { c: [1] } }] }, { arrayFormat: 'repeat', encodeValuesOnly: true }),
-            'a[b][c]=1',
-            'repeat => repeat'
-        );
-        st.equal(
-            qs.stringify({ a: [{ b: { c: [1] } }] }, { arrayFormat: 'brackets', encodeValuesOnly: true }),
-            'a[][b][c][]=1',
-            'brackets => brackets'
-        );
-        st.equal(
-            qs.stringify({ a: [{ b: { c: [1] } }] }, { encodeValuesOnly: true }),
-            'a[0][b][c][0]=1',
-            'default => indices'
-        );
-
-        st.end();
-    });
-
-    t.test('stringifies an array with mixed objects and primitives', function (st) {
-        st.equal(
-            qs.stringify({ a: [{ b: 1 }, 2, 3] }, { encodeValuesOnly: true, arrayFormat: 'indices' }),
-            'a[0][b]=1&a[1]=2&a[2]=3',
-            'indices => indices'
-        );
-        st.equal(
-            qs.stringify({ a: [{ b: 1 }, 2, 3] }, { encodeValuesOnly: true, arrayFormat: 'brackets' }),
-            'a[][b]=1&a[]=2&a[]=3',
-            'brackets => brackets'
-        );
-        st.equal(
-            qs.stringify({ a: [{ b: 1 }, 2, 3] }, { encodeValuesOnly: true, arrayFormat: 'comma' }),
-            '???',
-            'brackets => brackets',
-            { skip: 'TODO: figure out what this should do' }
-        );
-        st.equal(
-            qs.stringify({ a: [{ b: 1 }, 2, 3] }, { encodeValuesOnly: true }),
-            'a[0][b]=1&a[1]=2&a[2]=3',
-            'default => indices'
-        );
-
-        st.end();
-    });
-
-    t.test('stringifies an object inside an array with dots notation', function (st) {
-        st.equal(
-            qs.stringify(
-                { a: [{ b: 'c' }] },
-                { allowDots: true, encode: false, arrayFormat: 'indices' }
-            ),
-            'a[0].b=c',
-            'indices => indices'
-        );
-        st.equal(
-            qs.stringify(
-                { a: [{ b: 'c' }] },
-                { allowDots: true, encode: false, arrayFormat: 'brackets' }
-            ),
-            'a[].b=c',
-            'brackets => brackets'
-        );
-        st.equal(
-            qs.stringify(
-                { a: [{ b: 'c' }] },
-                { allowDots: true, encode: false }
-            ),
-            'a[0].b=c',
-            'default => indices'
-        );
-
-        st.equal(
-            qs.stringify(
-                { a: [{ b: { c: [1] } }] },
-                { allowDots: true, encode: false, arrayFormat: 'indices' }
-            ),
-            'a[0].b.c[0]=1',
-            'indices => indices'
-        );
-        st.equal(
-            qs.stringify(
-                { a: [{ b: { c: [1] } }] },
-                { allowDots: true, encode: false, arrayFormat: 'brackets' }
-            ),
-            'a[].b.c[]=1',
-            'brackets => brackets'
-        );
-        st.equal(
-            qs.stringify(
-                { a: [{ b: { c: [1] } }] },
-                { allowDots: true, encode: false }
-            ),
-            'a[0].b.c[0]=1',
-            'default => indices'
-        );
-
-        st.end();
-    });
-
-    t.test('does not omit object keys when indices = false', function (st) {
-        st.equal(qs.stringify({ a: [{ b: 'c' }] }, { indices: false }), 'a%5Bb%5D=c');
-        st.end();
-    });
-
-    t.test('uses indices notation for arrays when indices=true', function (st) {
-        st.equal(qs.stringify({ a: ['b', 'c'] }, { indices: true }), 'a%5B0%5D=b&a%5B1%5D=c');
-        st.end();
-    });
-
-    t.test('uses indices notation for arrays when no arrayFormat is specified', function (st) {
-        st.equal(qs.stringify({ a: ['b', 'c'] }), 'a%5B0%5D=b&a%5B1%5D=c');
-        st.end();
-    });
-
-    t.test('uses indices notation for arrays when arrayFormat=indices', function (st) {
-        st.equal(qs.stringify({ a: ['b', 'c'] }, { arrayFormat: 'indices' }), 'a%5B0%5D=b&a%5B1%5D=c');
-        st.end();
-    });
-
-    t.test('uses repeat notation for arrays when arrayFormat=repeat', function (st) {
-        st.equal(qs.stringify({ a: ['b', 'c'] }, { arrayFormat: 'repeat' }), 'a=b&a=c');
-        st.end();
-    });
-
-    t.test('uses brackets notation for arrays when arrayFormat=brackets', function (st) {
-        st.equal(qs.stringify({ a: ['b', 'c'] }, { arrayFormat: 'brackets' }), 'a%5B%5D=b&a%5B%5D=c');
-        st.end();
-    });
-
-    t.test('stringifies a complicated object', function (st) {
-        st.equal(qs.stringify({ a: { b: 'c', d: 'e' } }), 'a%5Bb%5D=c&a%5Bd%5D=e');
-        st.end();
-    });
-
-    t.test('stringifies an empty value', function (st) {
-        st.equal(qs.stringify({ a: '' }), 'a=');
-        st.equal(qs.stringify({ a: null }, { strictNullHandling: true }), 'a');
-
-        st.equal(qs.stringify({ a: '', b: '' }), 'a=&b=');
-        st.equal(qs.stringify({ a: null, b: '' }, { strictNullHandling: true }), 'a&b=');
-
-        st.equal(qs.stringify({ a: { b: '' } }), 'a%5Bb%5D=');
-        st.equal(qs.stringify({ a: { b: null } }, { strictNullHandling: true }), 'a%5Bb%5D');
-        st.equal(qs.stringify({ a: { b: null } }, { strictNullHandling: false }), 'a%5Bb%5D=');
-
-        st.end();
-    });
-
-    t.test('stringifies an empty array in different arrayFormat', function (st) {
-        st.equal(qs.stringify({ a: [], b: [null], c: 'c' }, { encode: false }), 'b[0]=&c=c');
-        // arrayFormat default
-        st.equal(qs.stringify({ a: [], b: [null], c: 'c' }, { encode: false, arrayFormat: 'indices' }), 'b[0]=&c=c');
-        st.equal(qs.stringify({ a: [], b: [null], c: 'c' }, { encode: false, arrayFormat: 'brackets' }), 'b[]=&c=c');
-        st.equal(qs.stringify({ a: [], b: [null], c: 'c' }, { encode: false, arrayFormat: 'repeat' }), 'b=&c=c');
-        st.equal(qs.stringify({ a: [], b: [null], c: 'c' }, { encode: false, arrayFormat: 'comma' }), 'b=&c=c');
-        st.equal(qs.stringify({ a: [], b: [null], c: 'c' }, { encode: false, arrayFormat: 'comma', commaRoundTrip: true }), 'b[]=&c=c');
-        // with strictNullHandling
-        st.equal(qs.stringify({ a: [], b: [null], c: 'c' }, { encode: false, arrayFormat: 'indices', strictNullHandling: true }), 'b[0]&c=c');
-        st.equal(qs.stringify({ a: [], b: [null], c: 'c' }, { encode: false, arrayFormat: 'brackets', strictNullHandling: true }), 'b[]&c=c');
-        st.equal(qs.stringify({ a: [], b: [null], c: 'c' }, { encode: false, arrayFormat: 'repeat', strictNullHandling: true }), 'b&c=c');
-        st.equal(qs.stringify({ a: [], b: [null], c: 'c' }, { encode: false, arrayFormat: 'comma', strictNullHandling: true }), 'b&c=c');
-        st.equal(qs.stringify({ a: [], b: [null], c: 'c' }, { encode: false, arrayFormat: 'comma', strictNullHandling: true, commaRoundTrip: true }), 'b[]&c=c');
-        // with skipNulls
-        st.equal(qs.stringify({ a: [], b: [null], c: 'c' }, { encode: false, arrayFormat: 'indices', skipNulls: true }), 'c=c');
-        st.equal(qs.stringify({ a: [], b: [null], c: 'c' }, { encode: false, arrayFormat: 'brackets', skipNulls: true }), 'c=c');
-        st.equal(qs.stringify({ a: [], b: [null], c: 'c' }, { encode: false, arrayFormat: 'repeat', skipNulls: true }), 'c=c');
-        st.equal(qs.stringify({ a: [], b: [null], c: 'c' }, { encode: false, arrayFormat: 'comma', skipNulls: true }), 'c=c');
-
-        st.end();
-    });
-
-    t.test('stringifies a null object', { skip: !hasProto }, function (st) {
-        st.equal(qs.stringify({ __proto__: null, a: 'b' }), 'a=b');
-        st.end();
-    });
-
-    t.test('returns an empty string for invalid input', function (st) {
-        st.equal(qs.stringify(undefined), '');
-        st.equal(qs.stringify(false), '');
-        st.equal(qs.stringify(null), '');
-        st.equal(qs.stringify(''), '');
-        st.end();
-    });
-
-    t.test('stringifies an object with a null object as a child', { skip: !hasProto }, function (st) {
-        st.equal(qs.stringify({ a: { __proto__: null, b: 'c' } }), 'a%5Bb%5D=c');
-        st.end();
-    });
-
-    t.test('drops keys with a value of undefined', function (st) {
-        st.equal(qs.stringify({ a: undefined }), '');
-
-        st.equal(qs.stringify({ a: { b: undefined, c: null } }, { strictNullHandling: true }), 'a%5Bc%5D');
-        st.equal(qs.stringify({ a: { b: undefined, c: null } }, { strictNullHandling: false }), 'a%5Bc%5D=');
-        st.equal(qs.stringify({ a: { b: undefined, c: '' } }), 'a%5Bc%5D=');
-        st.end();
-    });
-
-    t.test('url encodes values', function (st) {
-        st.equal(qs.stringify({ a: 'b c' }), 'a=b%20c');
-        st.end();
-    });
-
-    t.test('stringifies a date', function (st) {
-        var now = new Date();
-        var str = 'a=' + encodeURIComponent(now.toISOString());
-        st.equal(qs.stringify({ a: now }), str);
-        st.end();
-    });
-
-    t.test('stringifies the weird object from qs', function (st) {
-        st.equal(qs.stringify({ 'my weird field': '~q1!2"\'w$5&7/z8)?' }), 'my%20weird%20field=~q1%212%22%27w%245%267%2Fz8%29%3F');
-        st.end();
-    });
-
-    t.test('skips properties that are part of the object prototype', function (st) {
-        st.intercept(Object.prototype, 'crash', { value: 'test' });
-
-        st.equal(qs.stringify({ a: 'b' }), 'a=b');
-        st.equal(qs.stringify({ a: { b: 'c' } }), 'a%5Bb%5D=c');
-
-        st.end();
-    });
-
-    t.test('stringifies boolean values', function (st) {
-        st.equal(qs.stringify({ a: true }), 'a=true');
-        st.equal(qs.stringify({ a: { b: true } }), 'a%5Bb%5D=true');
-        st.equal(qs.stringify({ b: false }), 'b=false');
-        st.equal(qs.stringify({ b: { c: false } }), 'b%5Bc%5D=false');
-        st.end();
-    });
-
-    t.test('stringifies buffer values', function (st) {
-        st.equal(qs.stringify({ a: SaferBuffer.from('test') }), 'a=test');
-        st.equal(qs.stringify({ a: { b: SaferBuffer.from('test') } }), 'a%5Bb%5D=test');
-        st.end();
-    });
-
-    t.test('stringifies an object using an alternative delimiter', function (st) {
-        st.equal(qs.stringify({ a: 'b', c: 'd' }, { delimiter: ';' }), 'a=b;c=d');
-        st.end();
-    });
-
-    t.test('does not blow up when Buffer global is missing', function (st) {
-        var restore = mockProperty(global, 'Buffer', { 'delete': true });
-
-        var result = qs.stringify({ a: 'b', c: 'd' });
-
-        restore();
-
-        st.equal(result, 'a=b&c=d');
-        st.end();
-    });
-
-    t.test('does not crash when parsing circular references', function (st) {
-        var a = {};
-        a.b = a;
-
-        st['throws'](
-            function () { qs.stringify({ 'foo[bar]': 'baz', 'foo[baz]': a }); },
-            /RangeError: Cyclic object value/,
-            'cyclic values throw'
-        );
-
-        var circular = {
-            a: 'value'
-        };
-        circular.a = circular;
-        st['throws'](
-            function () { qs.stringify(circular); },
-            /RangeError: Cyclic object value/,
-            'cyclic values throw'
-        );
-
-        var arr = ['a'];
-        st.doesNotThrow(
-            function () { qs.stringify({ x: arr, y: arr }); },
-            'non-cyclic values do not throw'
-        );
-
-        st.end();
-    });
-
-    t.test('non-circular duplicated references can still work', function (st) {
-        var hourOfDay = {
-            'function': 'hour_of_day'
-        };
-
-        var p1 = {
-            'function': 'gte',
-            arguments: [hourOfDay, 0]
-        };
-        var p2 = {
-            'function': 'lte',
-            arguments: [hourOfDay, 23]
-        };
-
-        st.equal(
-            qs.stringify({ filters: { $and: [p1, p2] } }, { encodeValuesOnly: true, arrayFormat: 'indices' }),
-            'filters[$and][0][function]=gte&filters[$and][0][arguments][0][function]=hour_of_day&filters[$and][0][arguments][1]=0&filters[$and][1][function]=lte&filters[$and][1][arguments][0][function]=hour_of_day&filters[$and][1][arguments][1]=23'
-        );
-        st.equal(
-            qs.stringify({ filters: { $and: [p1, p2] } }, { encodeValuesOnly: true, arrayFormat: 'brackets' }),
-            'filters[$and][][function]=gte&filters[$and][][arguments][][function]=hour_of_day&filters[$and][][arguments][]=0&filters[$and][][function]=lte&filters[$and][][arguments][][function]=hour_of_day&filters[$and][][arguments][]=23'
-        );
-        st.equal(
-            qs.stringify({ filters: { $and: [p1, p2] } }, { encodeValuesOnly: true, arrayFormat: 'repeat' }),
-            'filters[$and][function]=gte&filters[$and][arguments][function]=hour_of_day&filters[$and][arguments]=0&filters[$and][function]=lte&filters[$and][arguments][function]=hour_of_day&filters[$and][arguments]=23'
-        );
-
-        st.end();
-    });
-
-    t.test('selects properties when filter=array', function (st) {
-        st.equal(qs.stringify({ a: 'b' }, { filter: ['a'] }), 'a=b');
-        st.equal(qs.stringify({ a: 1 }, { filter: [] }), '');
-
-        st.equal(
-            qs.stringify(
-                { a: { b: [1, 2, 3, 4], c: 'd' }, c: 'f' },
-                { filter: ['a', 'b', 0, 2], arrayFormat: 'indices' }
-            ),
-            'a%5Bb%5D%5B0%5D=1&a%5Bb%5D%5B2%5D=3',
-            'indices => indices'
-        );
-        st.equal(
-            qs.stringify(
-                { a: { b: [1, 2, 3, 4], c: 'd' }, c: 'f' },
-                { filter: ['a', 'b', 0, 2], arrayFormat: 'brackets' }
-            ),
-            'a%5Bb%5D%5B%5D=1&a%5Bb%5D%5B%5D=3',
-            'brackets => brackets'
-        );
-        st.equal(
-            qs.stringify(
-                { a: { b: [1, 2, 3, 4], c: 'd' }, c: 'f' },
-                { filter: ['a', 'b', 0, 2] }
-            ),
-            'a%5Bb%5D%5B0%5D=1&a%5Bb%5D%5B2%5D=3',
-            'default => indices'
-        );
-
-        st.end();
-    });
-
-    t.test('supports custom representations when filter=function', function (st) {
-        var calls = 0;
-        var obj = { a: 'b', c: 'd', e: { f: new Date(1257894000000) } };
-        var filterFunc = function (prefix, value) {
-            calls += 1;
-            if (calls === 1) {
-                st.equal(prefix, '', 'prefix is empty');
-                st.equal(value, obj);
-            } else if (prefix === 'c') {
-                return void 0;
-            } else if (value instanceof Date) {
-                st.equal(prefix, 'e[f]');
-                return value.getTime();
-            }
-            return value;
-        };
-
-        st.equal(qs.stringify(obj, { filter: filterFunc }), 'a=b&e%5Bf%5D=1257894000000');
-        st.equal(calls, 5);
-        st.end();
-    });
-
-    t.test('can disable uri encoding', function (st) {
-        st.equal(qs.stringify({ a: 'b' }, { encode: false }), 'a=b');
-        st.equal(qs.stringify({ a: { b: 'c' } }, { encode: false }), 'a[b]=c');
-        st.equal(qs.stringify({ a: 'b', c: null }, { strictNullHandling: true, encode: false }), 'a=b&c');
-        st.end();
-    });
-
-    t.test('can sort the keys', function (st) {
-        var sort = function (a, b) {
-            return a.localeCompare(b);
-        };
-        st.equal(qs.stringify({ a: 'c', z: 'y', b: 'f' }, { sort: sort }), 'a=c&b=f&z=y');
-        st.equal(qs.stringify({ a: 'c', z: { j: 'a', i: 'b' }, b: 'f' }, { sort: sort }), 'a=c&b=f&z%5Bi%5D=b&z%5Bj%5D=a');
-        st.end();
-    });
-
-    t.test('can sort the keys at depth 3 or more too', function (st) {
-        var sort = function (a, b) {
-            return a.localeCompare(b);
-        };
-        st.equal(
-            qs.stringify(
-                { a: 'a', z: { zj: { zjb: 'zjb', zja: 'zja' }, zi: { zib: 'zib', zia: 'zia' } }, b: 'b' },
-                { sort: sort, encode: false }
-            ),
-            'a=a&b=b&z[zi][zia]=zia&z[zi][zib]=zib&z[zj][zja]=zja&z[zj][zjb]=zjb'
-        );
-        st.equal(
-            qs.stringify(
-                { a: 'a', z: { zj: { zjb: 'zjb', zja: 'zja' }, zi: { zib: 'zib', zia: 'zia' } }, b: 'b' },
-                { sort: null, encode: false }
-            ),
-            'a=a&z[zj][zjb]=zjb&z[zj][zja]=zja&z[zi][zib]=zib&z[zi][zia]=zia&b=b'
-        );
-        st.end();
-    });
-
-    t.test('can stringify with custom encoding', function (st) {
-        st.equal(qs.stringify({ 県: '大阪府', '': '' }, {
-            encoder: function (str) {
-                if (str.length === 0) {
-                    return '';
-                }
-                var buf = iconv.encode(str, 'shiftjis');
-                var result = [];
-                for (var i = 0; i < buf.length; ++i) {
-                    result.push(buf.readUInt8(i).toString(16));
-                }
-                return '%' + result.join('%');
-            }
-        }), '%8c%a7=%91%e5%8d%e3%95%7b&=');
-        st.end();
-    });
-
-    t.test('receives the default encoder as a second argument', function (st) {
-        st.plan(8);
-
-        qs.stringify({ a: 1, b: new Date(), c: true, d: [1] }, {
-            encoder: function (str) {
-                st.match(typeof str, /^(?:string|number|boolean)$/);
-                return '';
-            }
-        });
-
-        st.end();
-    });
-
-    t.test('receives the default encoder as a second argument', function (st) {
-        st.plan(2);
-
-        qs.stringify({ a: 1 }, {
-            encoder: function (str, defaultEncoder) {
-                st.equal(defaultEncoder, utils.encode);
-            }
-        });
-
-        st.end();
-    });
-
-    t.test('throws error with wrong encoder', function (st) {
-        st['throws'](function () {
-            qs.stringify({}, { encoder: 'string' });
-        }, new TypeError('Encoder has to be a function.'));
-        st.end();
-    });
-
-    t.test('can use custom encoder for a buffer object', { skip: typeof Buffer === 'undefined' }, function (st) {
-        st.equal(qs.stringify({ a: SaferBuffer.from([1]) }, {
-            encoder: function (buffer) {
-                if (typeof buffer === 'string') {
-                    return buffer;
-                }
-                return String.fromCharCode(buffer.readUInt8(0) + 97);
-            }
-        }), 'a=b');
-
-        st.equal(qs.stringify({ a: SaferBuffer.from('a b') }, {
-            encoder: function (buffer) {
-                return buffer;
-            }
-        }), 'a=a b');
-        st.end();
-    });
-
-    t.test('serializeDate option', function (st) {
-        var date = new Date();
-        st.equal(
-            qs.stringify({ a: date }),
-            'a=' + date.toISOString().replace(/:/g, '%3A'),
-            'default is toISOString'
-        );
-
-        var mutatedDate = new Date();
-        mutatedDate.toISOString = function () {
-            throw new SyntaxError();
-        };
-        st['throws'](function () {
-            mutatedDate.toISOString();
-        }, SyntaxError);
-        st.equal(
-            qs.stringify({ a: mutatedDate }),
-            'a=' + Date.prototype.toISOString.call(mutatedDate).replace(/:/g, '%3A'),
-            'toISOString works even when method is not locally present'
-        );
-
-        var specificDate = new Date(6);
-        st.equal(
-            qs.stringify(
-                { a: specificDate },
-                { serializeDate: function (d) { return d.getTime() * 7; } }
-            ),
-            'a=42',
-            'custom serializeDate function called'
-        );
-
-        st.equal(
-            qs.stringify(
-                { a: [date] },
-                {
-                    serializeDate: function (d) { return d.getTime(); },
-                    arrayFormat: 'comma'
-                }
-            ),
-            'a=' + date.getTime(),
-            'works with arrayFormat comma'
-        );
-        st.equal(
-            qs.stringify(
-                { a: [date] },
-                {
-                    serializeDate: function (d) { return d.getTime(); },
-                    arrayFormat: 'comma',
-                    commaRoundTrip: true
-                }
-            ),
-            'a%5B%5D=' + date.getTime(),
-            'works with arrayFormat comma'
-        );
-
-        st.end();
-    });
-
-    t.test('RFC 1738 serialization', function (st) {
-        st.equal(qs.stringify({ a: 'b c' }, { format: qs.formats.RFC1738 }), 'a=b+c');
-        st.equal(qs.stringify({ 'a b': 'c d' }, { format: qs.formats.RFC1738 }), 'a+b=c+d');
-        st.equal(qs.stringify({ 'a b': SaferBuffer.from('a b') }, { format: qs.formats.RFC1738 }), 'a+b=a+b');
-
-        st.equal(qs.stringify({ 'foo(ref)': 'bar' }, { format: qs.formats.RFC1738 }), 'foo(ref)=bar');
-
-        st.end();
-    });
-
-    t.test('RFC 3986 spaces serialization', function (st) {
-        st.equal(qs.stringify({ a: 'b c' }, { format: qs.formats.RFC3986 }), 'a=b%20c');
-        st.equal(qs.stringify({ 'a b': 'c d' }, { format: qs.formats.RFC3986 }), 'a%20b=c%20d');
-        st.equal(qs.stringify({ 'a b': SaferBuffer.from('a b') }, { format: qs.formats.RFC3986 }), 'a%20b=a%20b');
-
-        st.end();
-    });
-
-    t.test('Backward compatibility to RFC 3986', function (st) {
-        st.equal(qs.stringify({ a: 'b c' }), 'a=b%20c');
-        st.equal(qs.stringify({ 'a b': SaferBuffer.from('a b') }), 'a%20b=a%20b');
-
-        st.end();
-    });
-
-    t.test('Edge cases and unknown formats', function (st) {
-        ['UFO1234', false, 1234, null, {}, []].forEach(function (format) {
-            st['throws'](
-                function () {
-                    qs.stringify({ a: 'b c' }, { format: format });
-                },
-                new TypeError('Unknown format option provided.')
-            );
-        });
-        st.end();
-    });
-
-    t.test('encodeValuesOnly', function (st) {
-        st.equal(
-            qs.stringify(
-                { a: 'b', c: ['d', 'e=f'], f: [['g'], ['h']] },
-                { encodeValuesOnly: true, arrayFormat: 'indices' }
-            ),
-            'a=b&c[0]=d&c[1]=e%3Df&f[0][0]=g&f[1][0]=h',
-            'encodeValuesOnly + indices'
-        );
-        st.equal(
-            qs.stringify(
-                { a: 'b', c: ['d', 'e=f'], f: [['g'], ['h']] },
-                { encodeValuesOnly: true, arrayFormat: 'brackets' }
-            ),
-            'a=b&c[]=d&c[]=e%3Df&f[][]=g&f[][]=h',
-            'encodeValuesOnly + brackets'
-        );
-        st.equal(
-            qs.stringify(
-                { a: 'b', c: ['d', 'e=f'], f: [['g'], ['h']] },
-                { encodeValuesOnly: true, arrayFormat: 'repeat' }
-            ),
-            'a=b&c=d&c=e%3Df&f=g&f=h',
-            'encodeValuesOnly + repeat'
-        );
-
-        st.equal(
-            qs.stringify(
-                { a: 'b', c: ['d', 'e'], f: [['g'], ['h']] },
-                { arrayFormat: 'indices' }
-            ),
-            'a=b&c%5B0%5D=d&c%5B1%5D=e&f%5B0%5D%5B0%5D=g&f%5B1%5D%5B0%5D=h',
-            'no encodeValuesOnly + indices'
-        );
-        st.equal(
-            qs.stringify(
-                { a: 'b', c: ['d', 'e'], f: [['g'], ['h']] },
-                { arrayFormat: 'brackets' }
-            ),
-            'a=b&c%5B%5D=d&c%5B%5D=e&f%5B%5D%5B%5D=g&f%5B%5D%5B%5D=h',
-            'no encodeValuesOnly + brackets'
-        );
-        st.equal(
-            qs.stringify(
-                { a: 'b', c: ['d', 'e'], f: [['g'], ['h']] },
-                { arrayFormat: 'repeat' }
-            ),
-            'a=b&c=d&c=e&f=g&f=h',
-            'no encodeValuesOnly + repeat'
-        );
-
-        st.end();
-    });
-
-    t.test('encodeValuesOnly - strictNullHandling', function (st) {
-        st.equal(
-            qs.stringify(
-                { a: { b: null } },
-                { encodeValuesOnly: true, strictNullHandling: true }
-            ),
-            'a[b]'
-        );
-        st.end();
-    });
-
-    t.test('throws if an invalid charset is specified', function (st) {
-        st['throws'](function () {
-            qs.stringify({ a: 'b' }, { charset: 'foobar' });
-        }, new TypeError('The charset option must be either utf-8, iso-8859-1, or undefined'));
-        st.end();
-    });
-
-    t.test('respects a charset of iso-8859-1', function (st) {
-        st.equal(qs.stringify({ æ: 'æ' }, { charset: 'iso-8859-1' }), '%E6=%E6');
-        st.end();
-    });
-
-    t.test('encodes unrepresentable chars as numeric entities in iso-8859-1 mode', function (st) {
-        st.equal(qs.stringify({ a: '☺' }, { charset: 'iso-8859-1' }), 'a=%26%239786%3B');
-        st.end();
-    });
-
-    t.test('respects an explicit charset of utf-8 (the default)', function (st) {
-        st.equal(qs.stringify({ a: 'æ' }, { charset: 'utf-8' }), 'a=%C3%A6');
-        st.end();
-    });
-
-    t.test('`charsetSentinel` option', function (st) {
-        st.equal(
-            qs.stringify({ a: 'æ' }, { charsetSentinel: true, charset: 'utf-8' }),
-            'utf8=%E2%9C%93&a=%C3%A6',
-            'adds the right sentinel when instructed to and the charset is utf-8'
-        );
-
-        st.equal(
-            qs.stringify({ a: 'æ' }, { charsetSentinel: true, charset: 'iso-8859-1' }),
-            'utf8=%26%2310003%3B&a=%E6',
-            'adds the right sentinel when instructed to and the charset is iso-8859-1'
-        );
-
-        st.end();
-    });
-
-    t.test('does not mutate the options argument', function (st) {
-        var options = {};
-        qs.stringify({}, options);
-        st.deepEqual(options, {});
-        st.end();
-    });
-
-    t.test('strictNullHandling works with custom filter', function (st) {
-        var filter = function (prefix, value) {
-            return value;
-        };
-
-        var options = { strictNullHandling: true, filter: filter };
-        st.equal(qs.stringify({ key: null }, options), 'key');
-        st.end();
-    });
-
-    t.test('strictNullHandling works with null serializeDate', function (st) {
-        var serializeDate = function () {
-            return null;
-        };
-        var options = { strictNullHandling: true, serializeDate: serializeDate };
-        var date = new Date();
-        st.equal(qs.stringify({ key: date }, options), 'key');
-        st.end();
-    });
-
-    t.test('allows for encoding keys and values differently', function (st) {
-        var encoder = function (str, defaultEncoder, charset, type) {
-            if (type === 'key') {
-                return defaultEncoder(str, defaultEncoder, charset, type).toLowerCase();
-            }
-            if (type === 'value') {
-                return defaultEncoder(str, defaultEncoder, charset, type).toUpperCase();
-            }
-            throw 'this should never happen! type: ' + type;
-        };
-
-        st.deepEqual(qs.stringify({ KeY: 'vAlUe' }, { encoder: encoder }), 'key=VALUE');
-        st.end();
-    });
-
-    t.test('objects inside arrays', function (st) {
-        var obj = { a: { b: { c: 'd', e: 'f' } } };
-        var withArray = { a: { b: [{ c: 'd', e: 'f' }] } };
-
-        st.equal(qs.stringify(obj, { encode: false }), 'a[b][c]=d&a[b][e]=f', 'no array, no arrayFormat');
-        st.equal(qs.stringify(obj, { encode: false, arrayFormat: 'brackets' }), 'a[b][c]=d&a[b][e]=f', 'no array, bracket');
-        st.equal(qs.stringify(obj, { encode: false, arrayFormat: 'indices' }), 'a[b][c]=d&a[b][e]=f', 'no array, indices');
-        st.equal(qs.stringify(obj, { encode: false, arrayFormat: 'repeat' }), 'a[b][c]=d&a[b][e]=f', 'no array, repeat');
-        st.equal(qs.stringify(obj, { encode: false, arrayFormat: 'comma' }), 'a[b][c]=d&a[b][e]=f', 'no array, comma');
-
-        st.equal(qs.stringify(withArray, { encode: false }), 'a[b][0][c]=d&a[b][0][e]=f', 'array, no arrayFormat');
-        st.equal(qs.stringify(withArray, { encode: false, arrayFormat: 'brackets' }), 'a[b][][c]=d&a[b][][e]=f', 'array, bracket');
-        st.equal(qs.stringify(withArray, { encode: false, arrayFormat: 'indices' }), 'a[b][0][c]=d&a[b][0][e]=f', 'array, indices');
-        st.equal(qs.stringify(withArray, { encode: false, arrayFormat: 'repeat' }), 'a[b][c]=d&a[b][e]=f', 'array, repeat');
-        st.equal(
-            qs.stringify(withArray, { encode: false, arrayFormat: 'comma' }),
-            '???',
-            'array, comma',
-            { skip: 'TODO: figure out what this should do' }
-        );
-
-        st.end();
-    });
-
-    t.test('stringifies sparse arrays', function (st) {
-        /* eslint no-sparse-arrays: 0 */
-        st.equal(qs.stringify({ a: [, '2', , , '1'] }, { encodeValuesOnly: true, arrayFormat: 'indices' }), 'a[1]=2&a[4]=1');
-        st.equal(qs.stringify({ a: [, '2', , , '1'] }, { encodeValuesOnly: true, arrayFormat: 'brackets' }), 'a[]=2&a[]=1');
-        st.equal(qs.stringify({ a: [, '2', , , '1'] }, { encodeValuesOnly: true, arrayFormat: 'repeat' }), 'a=2&a=1');
-
-        st.equal(qs.stringify({ a: [, { b: [, , { c: '1' }] }] }, { encodeValuesOnly: true, arrayFormat: 'indices' }), 'a[1][b][2][c]=1');
-        st.equal(qs.stringify({ a: [, { b: [, , { c: '1' }] }] }, { encodeValuesOnly: true, arrayFormat: 'brackets' }), 'a[][b][][c]=1');
-        st.equal(qs.stringify({ a: [, { b: [, , { c: '1' }] }] }, { encodeValuesOnly: true, arrayFormat: 'repeat' }), 'a[b][c]=1');
-
-        st.equal(qs.stringify({ a: [, [, , [, , , { c: '1' }]]] }, { encodeValuesOnly: true, arrayFormat: 'indices' }), 'a[1][2][3][c]=1');
-        st.equal(qs.stringify({ a: [, [, , [, , , { c: '1' }]]] }, { encodeValuesOnly: true, arrayFormat: 'brackets' }), 'a[][][][c]=1');
-        st.equal(qs.stringify({ a: [, [, , [, , , { c: '1' }]]] }, { encodeValuesOnly: true, arrayFormat: 'repeat' }), 'a[c]=1');
-
-        st.equal(qs.stringify({ a: [, [, , [, , , { c: [, '1'] }]]] }, { encodeValuesOnly: true, arrayFormat: 'indices' }), 'a[1][2][3][c][1]=1');
-        st.equal(qs.stringify({ a: [, [, , [, , , { c: [, '1'] }]]] }, { encodeValuesOnly: true, arrayFormat: 'brackets' }), 'a[][][][c][]=1');
-        st.equal(qs.stringify({ a: [, [, , [, , , { c: [, '1'] }]]] }, { encodeValuesOnly: true, arrayFormat: 'repeat' }), 'a[c]=1');
-
-        st.end();
-    });
-
-    t.test('encodes a very long string', function (st) {
-        var chars = [];
-        var expected = [];
-        for (var i = 0; i < 5e3; i++) {
-            chars.push(' ' + i);
-
-            expected.push('%20' + i);
-        }
-
-        var obj = {
-            foo: chars.join('')
-        };
-
-        st.equal(
-            qs.stringify(obj, { arrayFormat: 'brackets', charset: 'utf-8' }),
-            'foo=' + expected.join('')
-        );
-
-        st.end();
-    });
-
-    t.end();
-});
-
-test('stringifies empty keys', function (t) {
-    emptyTestCases.forEach(function (testCase) {
-        t.test('stringifies an object with empty string key with ' + testCase.input, function (st) {
-            st.deepEqual(
-                qs.stringify(testCase.withEmptyKeys, { encode: false, arrayFormat: 'indices' }),
-                testCase.stringifyOutput.indices,
-                'test case: ' + testCase.input + ', indices'
-            );
-            st.deepEqual(
-                qs.stringify(testCase.withEmptyKeys, { encode: false, arrayFormat: 'brackets' }),
-                testCase.stringifyOutput.brackets,
-                'test case: ' + testCase.input + ', brackets'
-            );
-            st.deepEqual(
-                qs.stringify(testCase.withEmptyKeys, { encode: false, arrayFormat: 'repeat' }),
-                testCase.stringifyOutput.repeat,
-                'test case: ' + testCase.input + ', repeat'
-            );
-
-            st.end();
-        });
-    });
-
-    t.test('edge case with object/arrays', function (st) {
-        st.deepEqual(qs.stringify({ '': { '': [2, 3] } }, { encode: false }), '[][0]=2&[][1]=3');
-        st.deepEqual(qs.stringify({ '': { '': [2, 3], a: 2 } }, { encode: false }), '[][0]=2&[][1]=3&[a]=2');
-        st.deepEqual(qs.stringify({ '': { '': [2, 3] } }, { encode: false, arrayFormat: 'indices' }), '[][0]=2&[][1]=3');
-        st.deepEqual(qs.stringify({ '': { '': [2, 3], a: 2 } }, { encode: false, arrayFormat: 'indices' }), '[][0]=2&[][1]=3&[a]=2');
-
-        st.end();
-    });
-
-    t.test('stringifies non-string keys', function (st) {
-        var S = Object('abc');
-        S.toString = function () {
-            return 'd';
-        };
-        var actual = qs.stringify({ a: 'b', 'false': {}, 1e+22: 'c', d: 'e' }, {
-            filter: ['a', false, null, 10000000000000000000000, S],
-            allowDots: true,
-            encodeDotInKeys: true
-        });
-
-        st.equal(actual, 'a=b&1e%2B22=c&d=e', 'stringifies correctly');
-
-        st.end();
-    });
-});
diff --git a/src/Servers/ExpressServer/node_modules/qs/test/utils.js b/src/Servers/ExpressServer/node_modules/qs/test/utils.js
deleted file mode 100644
index 65baea7..0000000
--- a/src/Servers/ExpressServer/node_modules/qs/test/utils.js
+++ /dev/null
@@ -1,397 +0,0 @@
-'use strict';
-
-var test = require('tape');
-var inspect = require('object-inspect');
-var SaferBuffer = require('safer-buffer').Buffer;
-var forEach = require('for-each');
-var v = require('es-value-fixtures');
-
-var utils = require('../lib/utils');
-
-test('merge()', function (t) {
-    t.deepEqual(utils.merge(null, true), [null, true], 'merges true into null');
-
-    t.deepEqual(utils.merge(null, [42]), [null, 42], 'merges null into an array');
-
-    t.deepEqual(utils.merge({ a: 'b' }, { a: 'c' }), { a: ['b', 'c'] }, 'merges two objects with the same key');
-
-    var oneMerged = utils.merge({ foo: 'bar' }, { foo: { first: '123' } });
-    t.deepEqual(oneMerged, { foo: ['bar', { first: '123' }] }, 'merges a standalone and an object into an array');
-
-    var twoMerged = utils.merge({ foo: ['bar', { first: '123' }] }, { foo: { second: '456' } });
-    t.deepEqual(twoMerged, { foo: { 0: 'bar', 1: { first: '123' }, second: '456' } }, 'merges a standalone and two objects into an array');
-
-    var sandwiched = utils.merge({ foo: ['bar', { first: '123', second: '456' }] }, { foo: 'baz' });
-    t.deepEqual(sandwiched, { foo: ['bar', { first: '123', second: '456' }, 'baz'] }, 'merges an object sandwiched by two standalones into an array');
-
-    var nestedArrays = utils.merge({ foo: ['baz'] }, { foo: ['bar', 'xyzzy'] });
-    t.deepEqual(nestedArrays, { foo: ['baz', 'bar', 'xyzzy'] });
-
-    var noOptionsNonObjectSource = utils.merge({ foo: 'baz' }, 'bar');
-    t.deepEqual(noOptionsNonObjectSource, { foo: 'baz', bar: true });
-
-    var func = function f() {};
-    t.deepEqual(
-        utils.merge(func, { foo: 'bar' }),
-        [func, { foo: 'bar' }],
-        'functions can not be merged into'
-    );
-
-    func.bar = 'baz';
-    t.deepEqual(
-        utils.merge({ foo: 'bar' }, func),
-        { foo: 'bar', bar: 'baz' },
-        'functions can be merge sources'
-    );
-
-    t.test(
-        'avoids invoking array setters unnecessarily',
-        { skip: typeof Object.defineProperty !== 'function' },
-        function (st) {
-            var setCount = 0;
-            var getCount = 0;
-            var observed = [];
-            Object.defineProperty(observed, 0, {
-                get: function () {
-                    getCount += 1;
-                    return { bar: 'baz' };
-                },
-                set: function () { setCount += 1; }
-            });
-            utils.merge(observed, [null]);
-            st.equal(setCount, 0);
-            st.equal(getCount, 1);
-            observed[0] = observed[0]; // eslint-disable-line no-self-assign
-            st.equal(setCount, 1);
-            st.equal(getCount, 2);
-            st.end();
-        }
-    );
-
-    t.test('with overflow objects (from arrayLimit)', function (st) {
-        // arrayLimit is max index, so with limit 0, max index 0 is allowed (1 element)
-        // To create overflow, need 2+ elements with limit 0, or 3+ with limit 1, etc.
-        st.test('merges primitive into overflow object at next index', function (s2t) {
-            // Create an overflow object via combine: 3 elements (indices 0-2) with limit 0
-            var overflow = utils.combine(['a', 'b'], 'c', 0, false);
-            s2t.ok(utils.isOverflow(overflow), 'overflow object is marked');
-            var merged = utils.merge(overflow, 'd');
-            s2t.deepEqual(merged, { 0: 'a', 1: 'b', 2: 'c', 3: 'd' }, 'adds primitive at next numeric index');
-            s2t.end();
-        });
-
-        st.test('merges primitive into regular object with numeric keys normally', function (s2t) {
-            var obj = { 0: 'a', 1: 'b' };
-            s2t.notOk(utils.isOverflow(obj), 'plain object is not marked as overflow');
-            var merged = utils.merge(obj, 'c');
-            s2t.deepEqual(merged, { 0: 'a', 1: 'b', c: true }, 'adds primitive as key (not at next index)');
-            s2t.end();
-        });
-
-        st.test('merges primitive into object with non-numeric keys normally', function (s2t) {
-            var obj = { foo: 'bar' };
-            var merged = utils.merge(obj, 'baz');
-            s2t.deepEqual(merged, { foo: 'bar', baz: true }, 'adds primitive as key with value true');
-            s2t.end();
-        });
-
-        st.test('merges overflow object into primitive', function (s2t) {
-            // Create an overflow object via combine: 2 elements (indices 0-1) with limit 0
-            var overflow = utils.combine(['a'], 'b', 0, false);
-            s2t.ok(utils.isOverflow(overflow), 'overflow object is marked');
-            var merged = utils.merge('c', overflow);
-            s2t.ok(utils.isOverflow(merged), 'result is also marked as overflow');
-            s2t.deepEqual(merged, { 0: 'c', 1: 'a', 2: 'b' }, 'creates object with primitive at 0, source values shifted');
-            s2t.end();
-        });
-
-        st.test('merges overflow object with multiple values into primitive', function (s2t) {
-            // Create an overflow object via combine: 3 elements (indices 0-2) with limit 0
-            var overflow = utils.combine(['b', 'c'], 'd', 0, false);
-            s2t.ok(utils.isOverflow(overflow), 'overflow object is marked');
-            var merged = utils.merge('a', overflow);
-            s2t.deepEqual(merged, { 0: 'a', 1: 'b', 2: 'c', 3: 'd' }, 'shifts all source indices by 1');
-            s2t.end();
-        });
-
-        st.test('merges regular object into primitive as array', function (s2t) {
-            var obj = { foo: 'bar' };
-            var merged = utils.merge('a', obj);
-            s2t.deepEqual(merged, ['a', { foo: 'bar' }], 'creates array with primitive and object');
-            s2t.end();
-        });
-
-        st.end();
-    });
-
-    t.end();
-});
-
-test('assign()', function (t) {
-    var target = { a: 1, b: 2 };
-    var source = { b: 3, c: 4 };
-    var result = utils.assign(target, source);
-
-    t.equal(result, target, 'returns the target');
-    t.deepEqual(target, { a: 1, b: 3, c: 4 }, 'target and source are merged');
-    t.deepEqual(source, { b: 3, c: 4 }, 'source is untouched');
-
-    t.end();
-});
-
-test('combine()', function (t) {
-    t.test('both arrays', function (st) {
-        var a = [1];
-        var b = [2];
-        var combined = utils.combine(a, b);
-
-        st.deepEqual(a, [1], 'a is not mutated');
-        st.deepEqual(b, [2], 'b is not mutated');
-        st.notEqual(a, combined, 'a !== combined');
-        st.notEqual(b, combined, 'b !== combined');
-        st.deepEqual(combined, [1, 2], 'combined is a + b');
-
-        st.end();
-    });
-
-    t.test('one array, one non-array', function (st) {
-        var aN = 1;
-        var a = [aN];
-        var bN = 2;
-        var b = [bN];
-
-        var combinedAnB = utils.combine(aN, b);
-        st.deepEqual(b, [bN], 'b is not mutated');
-        st.notEqual(aN, combinedAnB, 'aN + b !== aN');
-        st.notEqual(a, combinedAnB, 'aN + b !== a');
-        st.notEqual(bN, combinedAnB, 'aN + b !== bN');
-        st.notEqual(b, combinedAnB, 'aN + b !== b');
-        st.deepEqual([1, 2], combinedAnB, 'first argument is array-wrapped when not an array');
-
-        var combinedABn = utils.combine(a, bN);
-        st.deepEqual(a, [aN], 'a is not mutated');
-        st.notEqual(aN, combinedABn, 'a + bN !== aN');
-        st.notEqual(a, combinedABn, 'a + bN !== a');
-        st.notEqual(bN, combinedABn, 'a + bN !== bN');
-        st.notEqual(b, combinedABn, 'a + bN !== b');
-        st.deepEqual([1, 2], combinedABn, 'second argument is array-wrapped when not an array');
-
-        st.end();
-    });
-
-    t.test('neither is an array', function (st) {
-        var combined = utils.combine(1, 2);
-        st.notEqual(1, combined, '1 + 2 !== 1');
-        st.notEqual(2, combined, '1 + 2 !== 2');
-        st.deepEqual([1, 2], combined, 'both arguments are array-wrapped when not an array');
-
-        st.end();
-    });
-
-    t.test('with arrayLimit', function (st) {
-        st.test('under the limit', function (s2t) {
-            var combined = utils.combine(['a', 'b'], 'c', 10, false);
-            s2t.deepEqual(combined, ['a', 'b', 'c'], 'returns array when under limit');
-            s2t.ok(Array.isArray(combined), 'result is an array');
-            s2t.end();
-        });
-
-        st.test('exactly at the limit stays as array', function (s2t) {
-            var combined = utils.combine(['a', 'b'], 'c', 3, false);
-            s2t.deepEqual(combined, ['a', 'b', 'c'], 'stays as array when count equals limit');
-            s2t.ok(Array.isArray(combined), 'result is an array');
-            s2t.end();
-        });
-
-        st.test('over the limit', function (s2t) {
-            var combined = utils.combine(['a', 'b', 'c'], 'd', 3, false);
-            s2t.deepEqual(combined, { 0: 'a', 1: 'b', 2: 'c', 3: 'd' }, 'converts to object when over limit');
-            s2t.notOk(Array.isArray(combined), 'result is not an array');
-            s2t.end();
-        });
-
-        st.test('with arrayLimit 1', function (s2t) {
-            var combined = utils.combine([], 'a', 1, false);
-            s2t.deepEqual(combined, ['a'], 'stays as array when count equals limit');
-            s2t.ok(Array.isArray(combined), 'result is an array');
-            s2t.end();
-        });
-
-        st.test('with arrayLimit 0 converts single element to object', function (s2t) {
-            var combined = utils.combine([], 'a', 0, false);
-            s2t.deepEqual(combined, { 0: 'a' }, 'converts to object when count exceeds limit');
-            s2t.notOk(Array.isArray(combined), 'result is not an array');
-            s2t.end();
-        });
-
-        st.test('with arrayLimit 0 and two elements converts to object', function (s2t) {
-            var combined = utils.combine(['a'], 'b', 0, false);
-            s2t.deepEqual(combined, { 0: 'a', 1: 'b' }, 'converts to object when count exceeds limit');
-            s2t.notOk(Array.isArray(combined), 'result is not an array');
-            s2t.end();
-        });
-
-        st.test('with plainObjects option', function (s2t) {
-            var combined = utils.combine(['a', 'b'], 'c', 1, true);
-            var expected = { __proto__: null, 0: 'a', 1: 'b', 2: 'c' };
-            s2t.deepEqual(combined, expected, 'converts to object with null prototype');
-            s2t.equal(Object.getPrototypeOf(combined), null, 'result has null prototype when plainObjects is true');
-            s2t.end();
-        });
-
-        st.end();
-    });
-
-    t.test('with existing overflow object', function (st) {
-        st.test('adds to existing overflow object at next index', function (s2t) {
-            // Create overflow object first via combine: 3 elements (indices 0-2) with limit 0
-            var overflow = utils.combine(['a', 'b'], 'c', 0, false);
-            s2t.ok(utils.isOverflow(overflow), 'initial object is marked as overflow');
-
-            var combined = utils.combine(overflow, 'd', 10, false);
-            s2t.equal(combined, overflow, 'returns the same object (mutated)');
-            s2t.deepEqual(combined, { 0: 'a', 1: 'b', 2: 'c', 3: 'd' }, 'adds value at next numeric index');
-            s2t.end();
-        });
-
-        st.test('does not treat plain object with numeric keys as overflow', function (s2t) {
-            var plainObj = { 0: 'a', 1: 'b' };
-            s2t.notOk(utils.isOverflow(plainObj), 'plain object is not marked as overflow');
-
-            // combine treats this as a regular value, not an overflow object to append to
-            var combined = utils.combine(plainObj, 'c', 10, false);
-            s2t.deepEqual(combined, [{ 0: 'a', 1: 'b' }, 'c'], 'concatenates as regular values');
-            s2t.end();
-        });
-
-        st.end();
-    });
-
-    t.end();
-});
-
-test('decode', function (t) {
-    t.equal(
-        utils.decode('a+b'),
-        'a b',
-        'decodes + to space'
-    );
-
-    t.equal(
-        utils.decode('name%2Eobj'),
-        'name.obj',
-        'decodes a string'
-    );
-    t.equal(
-        utils.decode('name%2Eobj%2Efoo', null, 'iso-8859-1'),
-        'name.obj.foo',
-        'decodes a string in iso-8859-1'
-    );
-
-    t.end();
-});
-
-test('encode', function (t) {
-    forEach(v.nullPrimitives, function (nullish) {
-        t['throws'](
-            function () { utils.encode(nullish); },
-            TypeError,
-            inspect(nullish) + ' is not a string'
-        );
-    });
-
-    t.equal(utils.encode(''), '', 'empty string returns itself');
-    t.deepEqual(utils.encode([]), [], 'empty array returns itself');
-    t.deepEqual(utils.encode({ length: 0 }), { length: 0 }, 'empty arraylike returns itself');
-
-    t.test('symbols', { skip: !v.hasSymbols }, function (st) {
-        st.equal(utils.encode(Symbol('x')), 'Symbol%28x%29', 'symbol is encoded');
-
-        st.end();
-    });
-
-    t.equal(
-        utils.encode('(abc)'),
-        '%28abc%29',
-        'encodes parentheses'
-    );
-    t.equal(
-        utils.encode({ toString: function () { return '(abc)'; } }),
-        '%28abc%29',
-        'toStrings and encodes parentheses'
-    );
-
-    t.equal(
-        utils.encode('abc 123 💩', null, 'iso-8859-1'),
-        'abc%20123%20%26%2355357%3B%26%2356489%3B',
-        'encodes in iso-8859-1'
-    );
-
-    var longString = '';
-    var expectedString = '';
-    for (var i = 0; i < 1500; i++) {
-        longString += ' ';
-        expectedString += '%20';
-    }
-
-    t.equal(
-        utils.encode(longString),
-        expectedString,
-        'encodes a long string'
-    );
-
-    t.equal(
-        utils.encode('\x28\x29'),
-        '%28%29',
-        'encodes parens normally'
-    );
-    t.equal(
-        utils.encode('\x28\x29', null, null, null, 'RFC1738'),
-        '()',
-        'does not encode parens in RFC1738'
-    );
-
-    // todo RFC1738 format
-
-    t.equal(
-        utils.encode('Āက豈'),
-        '%C4%80%E1%80%80%EF%A4%80',
-        'encodes multibyte chars'
-    );
-
-    t.equal(
-        utils.encode('\uD83D \uDCA9'),
-        '%F0%9F%90%A0%F0%BA%90%80',
-        'encodes lone surrogates'
-    );
-
-    t.end();
-});
-
-test('isBuffer()', function (t) {
-    forEach([null, undefined, true, false, '', 'abc', 42, 0, NaN, {}, [], function () {}, /a/g], function (x) {
-        t.equal(utils.isBuffer(x), false, inspect(x) + ' is not a buffer');
-    });
-
-    var fakeBuffer = { constructor: Buffer };
-    t.equal(utils.isBuffer(fakeBuffer), false, 'fake buffer is not a buffer');
-
-    var saferBuffer = SaferBuffer.from('abc');
-    t.equal(utils.isBuffer(saferBuffer), true, 'SaferBuffer instance is a buffer');
-
-    var buffer = Buffer.from && Buffer.alloc ? Buffer.from('abc') : new Buffer('abc');
-    t.equal(utils.isBuffer(buffer), true, 'real Buffer instance is a buffer');
-    t.end();
-});
-
-test('isRegExp()', function (t) {
-    t.equal(utils.isRegExp(/a/g), true, 'RegExp is a RegExp');
-    t.equal(utils.isRegExp(new RegExp('a', 'g')), true, 'new RegExp is a RegExp');
-    t.equal(utils.isRegExp(new Date()), false, 'Date is not a RegExp');
-
-    forEach(v.primitives, function (primitive) {
-        t.equal(utils.isRegExp(primitive), false, inspect(primitive) + ' is not a RegExp');
-    });
-
-    t.end();
-});
diff --git a/src/Servers/ExpressServer/node_modules/range-parser/HISTORY.md b/src/Servers/ExpressServer/node_modules/range-parser/HISTORY.md
deleted file mode 100644
index 70a973d..0000000
--- a/src/Servers/ExpressServer/node_modules/range-parser/HISTORY.md
+++ /dev/null
@@ -1,56 +0,0 @@
-1.2.1 / 2019-05-10
-==================
-
-  * Improve error when `str` is not a string
-
-1.2.0 / 2016-06-01
-==================
-
-  * Add `combine` option to combine overlapping ranges
-
-1.1.0 / 2016-05-13
-==================
-
-  * Fix incorrectly returning -1 when there is at least one valid range
-  * perf: remove internal function
-
-1.0.3 / 2015-10-29
-==================
-
-  * perf: enable strict mode
-
-1.0.2 / 2014-09-08
-==================
-
-  * Support Node.js 0.6
-
-1.0.1 / 2014-09-07
-==================
-
-  * Move repository to jshttp
-
-1.0.0 / 2013-12-11
-==================
-
-  * Add repository to package.json
-  * Add MIT license
-
-0.0.4 / 2012-06-17
-==================
-
-  * Change ret -1 for unsatisfiable and -2 when invalid
-
-0.0.3 / 2012-06-17
-==================
-
-  * Fix last-byte-pos default to len - 1
-
-0.0.2 / 2012-06-14
-==================
-
-  * Add `.type`
-
-0.0.1 / 2012-06-11
-==================
-
-  * Initial release
diff --git a/src/Servers/ExpressServer/node_modules/range-parser/LICENSE b/src/Servers/ExpressServer/node_modules/range-parser/LICENSE
deleted file mode 100644
index 3599954..0000000
--- a/src/Servers/ExpressServer/node_modules/range-parser/LICENSE
+++ /dev/null
@@ -1,23 +0,0 @@
-(The MIT License)
-
-Copyright (c) 2012-2014 TJ Holowaychuk <tj@vision-media.ca>
-Copyright (c) 2015-2016 Douglas Christopher Wilson <doug@somethingdoug.com
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-'Software'), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
-CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
-TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
-SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/range-parser/README.md b/src/Servers/ExpressServer/node_modules/range-parser/README.md
deleted file mode 100644
index c247e82..0000000
--- a/src/Servers/ExpressServer/node_modules/range-parser/README.md
+++ /dev/null
@@ -1,84 +0,0 @@
-# range-parser
-
-[![NPM Version][npm-version-image]][npm-url]
-[![NPM Downloads][npm-downloads-image]][npm-url]
-[![Node.js Version][node-image]][node-url]
-[![Build Status][travis-image]][travis-url]
-[![Test Coverage][coveralls-image]][coveralls-url]
-
-Range header field parser.
-
-## Installation
-
-This is a [Node.js](https://nodejs.org/en/) module available through the
-[npm registry](https://www.npmjs.com/). Installation is done using the
-[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
-
-```sh
-$ npm install range-parser
-```
-
-## API
-
-<!-- eslint-disable no-unused-vars -->
-
-```js
-var parseRange = require('range-parser')
-```
-
-### parseRange(size, header, options)
-
-Parse the given `header` string where `size` is the maximum size of the resource.
-An array of ranges will be returned or negative numbers indicating an error parsing.
-
-  * `-2` signals a malformed header string
-  * `-1` signals an unsatisfiable range
-
-<!-- eslint-disable no-undef -->
-
-```js
-// parse header from request
-var range = parseRange(size, req.headers.range)
-
-// the type of the range
-if (range.type === 'bytes') {
-  // the ranges
-  range.forEach(function (r) {
-    // do something with r.start and r.end
-  })
-}
-```
-
-#### Options
-
-These properties are accepted in the options object.
-
-##### combine
-
-Specifies if overlapping & adjacent ranges should be combined, defaults to `false`.
-When `true`, ranges will be combined and returned as if they were specified that
-way in the header.
-
-<!-- eslint-disable no-undef -->
-
-```js
-parseRange(100, 'bytes=50-55,0-10,5-10,56-60', { combine: true })
-// => [
-//      { start: 0,  end: 10 },
-//      { start: 50, end: 60 }
-//    ]
-```
-
-## License
-
-[MIT](LICENSE)
-
-[coveralls-image]: https://badgen.net/coveralls/c/github/jshttp/range-parser/master
-[coveralls-url]: https://coveralls.io/r/jshttp/range-parser?branch=master
-[node-image]: https://badgen.net/npm/node/range-parser
-[node-url]: https://nodejs.org/en/download
-[npm-downloads-image]: https://badgen.net/npm/dm/range-parser
-[npm-url]: https://npmjs.org/package/range-parser
-[npm-version-image]: https://badgen.net/npm/v/range-parser
-[travis-image]: https://badgen.net/travis/jshttp/range-parser/master
-[travis-url]: https://travis-ci.org/jshttp/range-parser
diff --git a/src/Servers/ExpressServer/node_modules/range-parser/index.js b/src/Servers/ExpressServer/node_modules/range-parser/index.js
deleted file mode 100644
index b7dc5c0..0000000
--- a/src/Servers/ExpressServer/node_modules/range-parser/index.js
+++ /dev/null
@@ -1,162 +0,0 @@
-/*!
- * range-parser
- * Copyright(c) 2012-2014 TJ Holowaychuk
- * Copyright(c) 2015-2016 Douglas Christopher Wilson
- * MIT Licensed
- */
-
-'use strict'
-
-/**
- * Module exports.
- * @public
- */
-
-module.exports = rangeParser
-
-/**
- * Parse "Range" header `str` relative to the given file `size`.
- *
- * @param {Number} size
- * @param {String} str
- * @param {Object} [options]
- * @return {Array}
- * @public
- */
-
-function rangeParser (size, str, options) {
-  if (typeof str !== 'string') {
-    throw new TypeError('argument str must be a string')
-  }
-
-  var index = str.indexOf('=')
-
-  if (index === -1) {
-    return -2
-  }
-
-  // split the range string
-  var arr = str.slice(index + 1).split(',')
-  var ranges = []
-
-  // add ranges type
-  ranges.type = str.slice(0, index)
-
-  // parse all ranges
-  for (var i = 0; i < arr.length; i++) {
-    var range = arr[i].split('-')
-    var start = parseInt(range[0], 10)
-    var end = parseInt(range[1], 10)
-
-    // -nnn
-    if (isNaN(start)) {
-      start = size - end
-      end = size - 1
-    // nnn-
-    } else if (isNaN(end)) {
-      end = size - 1
-    }
-
-    // limit last-byte-pos to current length
-    if (end > size - 1) {
-      end = size - 1
-    }
-
-    // invalid or unsatisifiable
-    if (isNaN(start) || isNaN(end) || start > end || start < 0) {
-      continue
-    }
-
-    // add range
-    ranges.push({
-      start: start,
-      end: end
-    })
-  }
-
-  if (ranges.length < 1) {
-    // unsatisifiable
-    return -1
-  }
-
-  return options && options.combine
-    ? combineRanges(ranges)
-    : ranges
-}
-
-/**
- * Combine overlapping & adjacent ranges.
- * @private
- */
-
-function combineRanges (ranges) {
-  var ordered = ranges.map(mapWithIndex).sort(sortByRangeStart)
-
-  for (var j = 0, i = 1; i < ordered.length; i++) {
-    var range = ordered[i]
-    var current = ordered[j]
-
-    if (range.start > current.end + 1) {
-      // next range
-      ordered[++j] = range
-    } else if (range.end > current.end) {
-      // extend range
-      current.end = range.end
-      current.index = Math.min(current.index, range.index)
-    }
-  }
-
-  // trim ordered array
-  ordered.length = j + 1
-
-  // generate combined range
-  var combined = ordered.sort(sortByRangeIndex).map(mapWithoutIndex)
-
-  // copy ranges type
-  combined.type = ranges.type
-
-  return combined
-}
-
-/**
- * Map function to add index value to ranges.
- * @private
- */
-
-function mapWithIndex (range, index) {
-  return {
-    start: range.start,
-    end: range.end,
-    index: index
-  }
-}
-
-/**
- * Map function to remove index value from ranges.
- * @private
- */
-
-function mapWithoutIndex (range) {
-  return {
-    start: range.start,
-    end: range.end
-  }
-}
-
-/**
- * Sort function to sort ranges by index.
- * @private
- */
-
-function sortByRangeIndex (a, b) {
-  return a.index - b.index
-}
-
-/**
- * Sort function to sort ranges by start position.
- * @private
- */
-
-function sortByRangeStart (a, b) {
-  return a.start - b.start
-}
diff --git a/src/Servers/ExpressServer/node_modules/range-parser/package.json b/src/Servers/ExpressServer/node_modules/range-parser/package.json
deleted file mode 100644
index abea6d8..0000000
--- a/src/Servers/ExpressServer/node_modules/range-parser/package.json
+++ /dev/null
@@ -1,44 +0,0 @@
-{
-  "name": "range-parser",
-  "author": "TJ Holowaychuk <tj@vision-media.ca> (http://tjholowaychuk.com)",
-  "description": "Range header field string parser",
-  "version": "1.2.1",
-  "contributors": [
-    "Douglas Christopher Wilson <doug@somethingdoug.com>",
-    "James Wyatt Cready <wyatt.cready@lanetix.com>",
-    "Jonathan Ong <me@jongleberry.com> (http://jongleberry.com)"
-  ],
-  "license": "MIT",
-  "keywords": [
-    "range",
-    "parser",
-    "http"
-  ],
-  "repository": "jshttp/range-parser",
-  "devDependencies": {
-    "deep-equal": "1.0.1",
-    "eslint": "5.16.0",
-    "eslint-config-standard": "12.0.0",
-    "eslint-plugin-markdown": "1.0.0",
-    "eslint-plugin-import": "2.17.2",
-    "eslint-plugin-node": "8.0.1",
-    "eslint-plugin-promise": "4.1.1",
-    "eslint-plugin-standard": "4.0.0",
-    "mocha": "6.1.4",
-    "nyc": "14.1.1"
-  },
-  "files": [
-    "HISTORY.md",
-    "LICENSE",
-    "index.js"
-  ],
-  "engines": {
-    "node": ">= 0.6"
-  },
-  "scripts": {
-    "lint": "eslint --plugin markdown --ext js,md .",
-    "test": "mocha --reporter spec",
-    "test-cov": "nyc --reporter=html --reporter=text npm test",
-    "test-travis": "nyc --reporter=text npm test"
-  }
-}
diff --git a/src/Servers/ExpressServer/node_modules/raw-body/LICENSE b/src/Servers/ExpressServer/node_modules/raw-body/LICENSE
deleted file mode 100644
index 1029a7a..0000000
--- a/src/Servers/ExpressServer/node_modules/raw-body/LICENSE
+++ /dev/null
@@ -1,22 +0,0 @@
-The MIT License (MIT)
-
-Copyright (c) 2013-2014 Jonathan Ong <me@jongleberry.com>
-Copyright (c) 2014-2022 Douglas Christopher Wilson <doug@somethingdoug.com>
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/raw-body/README.md b/src/Servers/ExpressServer/node_modules/raw-body/README.md
deleted file mode 100644
index d9b36d6..0000000
--- a/src/Servers/ExpressServer/node_modules/raw-body/README.md
+++ /dev/null
@@ -1,223 +0,0 @@
-# raw-body
-
-[![NPM Version][npm-image]][npm-url]
-[![NPM Downloads][downloads-image]][downloads-url]
-[![Node.js Version][node-version-image]][node-version-url]
-[![Build status][github-actions-ci-image]][github-actions-ci-url]
-[![Test coverage][coveralls-image]][coveralls-url]
-
-Gets the entire buffer of a stream either as a `Buffer` or a string.
-Validates the stream's length against an expected length and maximum limit.
-Ideal for parsing request bodies.
-
-## Install
-
-This is a [Node.js](https://nodejs.org/en/) module available through the
-[npm registry](https://www.npmjs.com/). Installation is done using the
-[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
-
-```sh
-$ npm install raw-body
-```
-
-### TypeScript
-
-This module includes a [TypeScript](https://www.typescriptlang.org/)
-declaration file to enable auto complete in compatible editors and type
-information for TypeScript projects. This module depends on the Node.js
-types, so install `@types/node`:
-
-```sh
-$ npm install @types/node
-```
-
-## API
-
-```js
-var getRawBody = require('raw-body')
-```
-
-### getRawBody(stream, [options], [callback])
-
-**Returns a promise if no callback specified and global `Promise` exists.**
-
-Options:
-
-- `length` - The length of the stream.
-  If the contents of the stream do not add up to this length,
-  an `400` error code is returned.
-- `limit` - The byte limit of the body.
-  This is the number of bytes or any string format supported by
-  [bytes](https://www.npmjs.com/package/bytes),
-  for example `1000`, `'500kb'` or `'3mb'`.
-  If the body ends up being larger than this limit,
-  a `413` error code is returned.
-- `encoding` - The encoding to use to decode the body into a string.
-  By default, a `Buffer` instance will be returned when no encoding is specified.
-  Most likely, you want `utf-8`, so setting `encoding` to `true` will decode as `utf-8`.
-  You can use any type of encoding supported by [iconv-lite](https://www.npmjs.org/package/iconv-lite#readme).
-
-You can also pass a string in place of options to just specify the encoding.
-
-If an error occurs, the stream will be paused, everything unpiped,
-and you are responsible for correctly disposing the stream.
-For HTTP requests, you may need to finish consuming the stream if
-you want to keep the socket open for future requests. For streams
-that use file descriptors, you should `stream.destroy()` or
-`stream.close()` to prevent leaks.
-
-## Errors
-
-This module creates errors depending on the error condition during reading.
-The error may be an error from the underlying Node.js implementation, but is
-otherwise an error created by this module, which has the following attributes:
-
-  * `limit` - the limit in bytes
-  * `length` and `expected` - the expected length of the stream
-  * `received` - the received bytes
-  * `encoding` - the invalid encoding
-  * `status` and `statusCode` - the corresponding status code for the error
-  * `type` - the error type
-
-### Types
-
-The errors from this module have a `type` property which allows for the programmatic
-determination of the type of error returned.
-
-#### encoding.unsupported
-
-This error will occur when the `encoding` option is specified, but the value does
-not map to an encoding supported by the [iconv-lite](https://www.npmjs.org/package/iconv-lite#readme)
-module.
-
-#### entity.too.large
-
-This error will occur when the `limit` option is specified, but the stream has
-an entity that is larger.
-
-#### request.aborted
-
-This error will occur when the request stream is aborted by the client before
-reading the body has finished.
-
-#### request.size.invalid
-
-This error will occur when the `length` option is specified, but the stream has
-emitted more bytes.
-
-#### stream.encoding.set
-
-This error will occur when the given stream has an encoding set on it, making it
-a decoded stream. The stream should not have an encoding set and is expected to
-emit `Buffer` objects.
-
-#### stream.not.readable
-
-This error will occur when the given stream is not readable.
-
-## Examples
-
-### Simple Express example
-
-```js
-var contentType = require('content-type')
-var express = require('express')
-var getRawBody = require('raw-body')
-
-var app = express()
-
-app.use(function (req, res, next) {
-  getRawBody(req, {
-    length: req.headers['content-length'],
-    limit: '1mb',
-    encoding: contentType.parse(req).parameters.charset
-  }, function (err, string) {
-    if (err) return next(err)
-    req.text = string
-    next()
-  })
-})
-
-// now access req.text
-```
-
-### Simple Koa example
-
-```js
-var contentType = require('content-type')
-var getRawBody = require('raw-body')
-var koa = require('koa')
-
-var app = koa()
-
-app.use(function * (next) {
-  this.text = yield getRawBody(this.req, {
-    length: this.req.headers['content-length'],
-    limit: '1mb',
-    encoding: contentType.parse(this.req).parameters.charset
-  })
-  yield next
-})
-
-// now access this.text
-```
-
-### Using as a promise
-
-To use this library as a promise, simply omit the `callback` and a promise is
-returned, provided that a global `Promise` is defined.
-
-```js
-var getRawBody = require('raw-body')
-var http = require('http')
-
-var server = http.createServer(function (req, res) {
-  getRawBody(req)
-    .then(function (buf) {
-      res.statusCode = 200
-      res.end(buf.length + ' bytes submitted')
-    })
-    .catch(function (err) {
-      res.statusCode = 500
-      res.end(err.message)
-    })
-})
-
-server.listen(3000)
-```
-
-### Using with TypeScript
-
-```ts
-import * as getRawBody from 'raw-body';
-import * as http from 'http';
-
-const server = http.createServer((req, res) => {
-  getRawBody(req)
-  .then((buf) => {
-    res.statusCode = 200;
-    res.end(buf.length + ' bytes submitted');
-  })
-  .catch((err) => {
-    res.statusCode = err.statusCode;
-    res.end(err.message);
-  });
-});
-
-server.listen(3000);
-```
-
-## License
-
-[MIT](LICENSE)
-
-[npm-image]: https://img.shields.io/npm/v/raw-body.svg
-[npm-url]: https://npmjs.org/package/raw-body
-[node-version-image]: https://img.shields.io/node/v/raw-body.svg
-[node-version-url]: https://nodejs.org/en/download/
-[coveralls-image]: https://img.shields.io/coveralls/stream-utils/raw-body/master.svg
-[coveralls-url]: https://coveralls.io/r/stream-utils/raw-body?branch=master
-[downloads-image]: https://img.shields.io/npm/dm/raw-body.svg
-[downloads-url]: https://npmjs.org/package/raw-body
-[github-actions-ci-image]: https://img.shields.io/github/actions/workflow/status/stream-utils/raw-body/ci.yml?branch=master&label=ci
-[github-actions-ci-url]: https://github.com/jshttp/stream-utils/raw-body?query=workflow%3Aci
diff --git a/src/Servers/ExpressServer/node_modules/raw-body/index.d.ts b/src/Servers/ExpressServer/node_modules/raw-body/index.d.ts
deleted file mode 100644
index dcbbebd..0000000
--- a/src/Servers/ExpressServer/node_modules/raw-body/index.d.ts
+++ /dev/null
@@ -1,87 +0,0 @@
-import { Readable } from 'stream';
-
-declare namespace getRawBody {
-  export type Encoding = string | true;
-
-  export interface Options {
-    /**
-     * The expected length of the stream.
-     */
-    length?: number | string | null;
-    /**
-     * The byte limit of the body. This is the number of bytes or any string
-     * format supported by `bytes`, for example `1000`, `'500kb'` or `'3mb'`.
-     */
-    limit?: number | string | null;
-    /**
-     * The encoding to use to decode the body into a string. By default, a
-     * `Buffer` instance will be returned when no encoding is specified. Most
-     * likely, you want `utf-8`, so setting encoding to `true` will decode as
-     * `utf-8`. You can use any type of encoding supported by `iconv-lite`.
-     */
-    encoding?: Encoding | null;
-  }
-
-  export interface RawBodyError extends Error {
-    /**
-     * The limit in bytes.
-     */
-    limit?: number;
-    /**
-     * The expected length of the stream.
-     */
-    length?: number;
-    expected?: number;
-    /**
-     * The received bytes.
-     */
-    received?: number;
-    /**
-     * The encoding.
-     */
-    encoding?: string;
-    /**
-     * The corresponding status code for the error.
-     */
-    status: number;
-    statusCode: number;
-    /**
-     * The error type.
-     */
-    type: string;
-  }
-}
-
-/**
- * Gets the entire buffer of a stream either as a `Buffer` or a string.
- * Validates the stream's length against an expected length and maximum
- * limit. Ideal for parsing request bodies.
- */
-declare function getRawBody(
-  stream: Readable,
-  callback: (err: getRawBody.RawBodyError, body: Buffer) => void
-): void;
-
-declare function getRawBody(
-  stream: Readable,
-  options: (getRawBody.Options & { encoding: getRawBody.Encoding }) | getRawBody.Encoding,
-  callback: (err: getRawBody.RawBodyError, body: string) => void
-): void;
-
-declare function getRawBody(
-  stream: Readable,
-  options: getRawBody.Options,
-  callback: (err: getRawBody.RawBodyError, body: Buffer) => void
-): void;
-
-declare function getRawBody(
-  stream: Readable,
-  options: (getRawBody.Options & { encoding: getRawBody.Encoding }) | getRawBody.Encoding
-): Promise<string>;
-
-declare function getRawBody(
-  stream: Readable,
-  options?: getRawBody.Options
-): Promise<Buffer>;
-
-export = getRawBody;
diff --git a/src/Servers/ExpressServer/node_modules/raw-body/index.js b/src/Servers/ExpressServer/node_modules/raw-body/index.js
deleted file mode 100644
index 9cdcd12..0000000
--- a/src/Servers/ExpressServer/node_modules/raw-body/index.js
+++ /dev/null
@@ -1,336 +0,0 @@
-/*!
- * raw-body
- * Copyright(c) 2013-2014 Jonathan Ong
- * Copyright(c) 2014-2022 Douglas Christopher Wilson
- * MIT Licensed
- */
-
-'use strict'
-
-/**
- * Module dependencies.
- * @private
- */
-
-var asyncHooks = tryRequireAsyncHooks()
-var bytes = require('bytes')
-var createError = require('http-errors')
-var iconv = require('iconv-lite')
-var unpipe = require('unpipe')
-
-/**
- * Module exports.
- * @public
- */
-
-module.exports = getRawBody
-
-/**
- * Module variables.
- * @private
- */
-
-var ICONV_ENCODING_MESSAGE_REGEXP = /^Encoding not recognized: /
-
-/**
- * Get the decoder for a given encoding.
- *
- * @param {string} encoding
- * @private
- */
-
-function getDecoder (encoding) {
-  if (!encoding) return null
-
-  try {
-    return iconv.getDecoder(encoding)
-  } catch (e) {
-    // error getting decoder
-    if (!ICONV_ENCODING_MESSAGE_REGEXP.test(e.message)) throw e
-
-    // the encoding was not found
-    throw createError(415, 'specified encoding unsupported', {
-      encoding: encoding,
-      type: 'encoding.unsupported'
-    })
-  }
-}
-
-/**
- * Get the raw body of a stream (typically HTTP).
- *
- * @param {object} stream
- * @param {object|string|function} [options]
- * @param {function} [callback]
- * @public
- */
-
-function getRawBody (stream, options, callback) {
-  var done = callback
-  var opts = options || {}
-
-  // light validation
-  if (stream === undefined) {
-    throw new TypeError('argument stream is required')
-  } else if (typeof stream !== 'object' || stream === null || typeof stream.on !== 'function') {
-    throw new TypeError('argument stream must be a stream')
-  }
-
-  if (options === true || typeof options === 'string') {
-    // short cut for encoding
-    opts = {
-      encoding: options
-    }
-  }
-
-  if (typeof options === 'function') {
-    done = options
-    opts = {}
-  }
-
-  // validate callback is a function, if provided
-  if (done !== undefined && typeof done !== 'function') {
-    throw new TypeError('argument callback must be a function')
-  }
-
-  // require the callback without promises
-  if (!done && !global.Promise) {
-    throw new TypeError('argument callback is required')
-  }
-
-  // get encoding
-  var encoding = opts.encoding !== true
-    ? opts.encoding
-    : 'utf-8'
-
-  // convert the limit to an integer
-  var limit = bytes.parse(opts.limit)
-
-  // convert the expected length to an integer
-  var length = opts.length != null && !isNaN(opts.length)
-    ? parseInt(opts.length, 10)
-    : null
-
-  if (done) {
-    // classic callback style
-    return readStream(stream, encoding, length, limit, wrap(done))
-  }
-
-  return new Promise(function executor (resolve, reject) {
-    readStream(stream, encoding, length, limit, function onRead (err, buf) {
-      if (err) return reject(err)
-      resolve(buf)
-    })
-  })
-}
-
-/**
- * Halt a stream.
- *
- * @param {Object} stream
- * @private
- */
-
-function halt (stream) {
-  // unpipe everything from the stream
-  unpipe(stream)
-
-  // pause stream
-  if (typeof stream.pause === 'function') {
-    stream.pause()
-  }
-}
-
-/**
- * Read the data from the stream.
- *
- * @param {object} stream
- * @param {string} encoding
- * @param {number} length
- * @param {number} limit
- * @param {function} callback
- * @public
- */
-
-function readStream (stream, encoding, length, limit, callback) {
-  var complete = false
-  var sync = true
-
-  // check the length and limit options.
-  // note: we intentionally leave the stream paused,
-  // so users should handle the stream themselves.
-  if (limit !== null && length !== null && length > limit) {
-    return done(createError(413, 'request entity too large', {
-      expected: length,
-      length: length,
-      limit: limit,
-      type: 'entity.too.large'
-    }))
-  }
-
-  // streams1: assert request encoding is buffer.
-  // streams2+: assert the stream encoding is buffer.
-  //   stream._decoder: streams1
-  //   state.encoding: streams2
-  //   state.decoder: streams2, specifically < 0.10.6
-  var state = stream._readableState
-  if (stream._decoder || (state && (state.encoding || state.decoder))) {
-    // developer error
-    return done(createError(500, 'stream encoding should not be set', {
-      type: 'stream.encoding.set'
-    }))
-  }
-
-  if (typeof stream.readable !== 'undefined' && !stream.readable) {
-    return done(createError(500, 'stream is not readable', {
-      type: 'stream.not.readable'
-    }))
-  }
-
-  var received = 0
-  var decoder
-
-  try {
-    decoder = getDecoder(encoding)
-  } catch (err) {
-    return done(err)
-  }
-
-  var buffer = decoder
-    ? ''
-    : []
-
-  // attach listeners
-  stream.on('aborted', onAborted)
-  stream.on('close', cleanup)
-  stream.on('data', onData)
-  stream.on('end', onEnd)
-  stream.on('error', onEnd)
-
-  // mark sync section complete
-  sync = false
-
-  function done () {
-    var args = new Array(arguments.length)
-
-    // copy arguments
-    for (var i = 0; i < args.length; i++) {
-      args[i] = arguments[i]
-    }
-
-    // mark complete
-    complete = true
-
-    if (sync) {
-      process.nextTick(invokeCallback)
-    } else {
-      invokeCallback()
-    }
-
-    function invokeCallback () {
-      cleanup()
-
-      if (args[0]) {
-        // halt the stream on error
-        halt(stream)
-      }
-
-      callback.apply(null, args)
-    }
-  }
-
-  function onAborted () {
-    if (complete) return
-
-    done(createError(400, 'request aborted', {
-      code: 'ECONNABORTED',
-      expected: length,
-      length: length,
-      received: received,
-      type: 'request.aborted'
-    }))
-  }
-
-  function onData (chunk) {
-    if (complete) return
-
-    received += chunk.length
-
-    if (limit !== null && received > limit) {
-      done(createError(413, 'request entity too large', {
-        limit: limit,
-        received: received,
-        type: 'entity.too.large'
-      }))
-    } else if (decoder) {
-      buffer += decoder.write(chunk)
-    } else {
-      buffer.push(chunk)
-    }
-  }
-
-  function onEnd (err) {
-    if (complete) return
-    if (err) return done(err)
-
-    if (length !== null && received !== length) {
-      done(createError(400, 'request size did not match content length', {
-        expected: length,
-        length: length,
-        received: received,
-        type: 'request.size.invalid'
-      }))
-    } else {
-      var string = decoder
-        ? buffer + (decoder.end() || '')
-        : Buffer.concat(buffer)
-      done(null, string)
-    }
-  }
-
-  function cleanup () {
-    buffer = null
-
-    stream.removeListener('aborted', onAborted)
-    stream.removeListener('data', onData)
-    stream.removeListener('end', onEnd)
-    stream.removeListener('error', onEnd)
-    stream.removeListener('close', cleanup)
-  }
-}
-
-/**
- * Try to require async_hooks
- * @private
- */
-
-function tryRequireAsyncHooks () {
-  try {
-    return require('async_hooks')
-  } catch (e) {
-    return {}
-  }
-}
-
-/**
- * Wrap function with async resource, if possible.
- * AsyncResource.bind static method backported.
- * @private
- */
-
-function wrap (fn) {
-  var res
-
-  // create anonymous resource
-  if (asyncHooks.AsyncResource) {
-    res = new asyncHooks.AsyncResource(fn.name || 'bound-anonymous-fn')
-  }
-
-  // incompatible node.js
-  if (!res || !res.runInAsyncScope) {
-    return fn
-  }
-
-  // return bound function
-  return res.runInAsyncScope.bind(res, fn, null)
-}
diff --git a/src/Servers/ExpressServer/node_modules/raw-body/package.json b/src/Servers/ExpressServer/node_modules/raw-body/package.json
deleted file mode 100644
index d8120af..0000000
--- a/src/Servers/ExpressServer/node_modules/raw-body/package.json
+++ /dev/null
@@ -1,47 +0,0 @@
-{
-  "name": "raw-body",
-  "description": "Get and validate the raw body of a readable stream.",
-  "version": "2.5.3",
-  "author": "Jonathan Ong <me@jongleberry.com> (http://jongleberry.com)",
-  "contributors": [
-    "Douglas Christopher Wilson <doug@somethingdoug.com>",
-    "Raynos <raynos2@gmail.com>"
-  ],
-  "license": "MIT",
-  "repository": "stream-utils/raw-body",
-  "dependencies": {
-    "bytes": "~3.1.2",
-    "http-errors": "~2.0.1",
-    "iconv-lite": "~0.4.24",
-    "unpipe": "~1.0.0"
-  },
-  "devDependencies": {
-    "bluebird": "3.7.2",
-    "eslint": "8.34.0",
-    "eslint-config-standard": "15.0.1",
-    "eslint-plugin-import": "2.27.5",
-    "eslint-plugin-markdown": "3.0.0",
-    "eslint-plugin-node": "11.1.0",
-    "eslint-plugin-promise": "6.1.1",
-    "eslint-plugin-standard": "4.1.0",
-    "mocha": "10.2.0",
-    "nyc": "15.1.0",
-    "readable-stream": "2.3.7",
-    "safe-buffer": "5.2.1"
-  },
-  "engines": {
-    "node": ">= 0.8"
-  },
-  "files": [
-    "LICENSE",
-    "README.md",
-    "index.d.ts",
-    "index.js"
-  ],
-  "scripts": {
-    "lint": "eslint .",
-    "test": "mocha --trace-deprecation --reporter spec --bail --check-leaks test/",
-    "test-ci": "nyc --reporter=lcovonly --reporter=text npm test",
-    "test-cov": "nyc --reporter=html --reporter=text npm test"
-  }
-}
diff --git a/src/Servers/ExpressServer/node_modules/safe-buffer/LICENSE b/src/Servers/ExpressServer/node_modules/safe-buffer/LICENSE
deleted file mode 100644
index 0c068ce..0000000
--- a/src/Servers/ExpressServer/node_modules/safe-buffer/LICENSE
+++ /dev/null
@@ -1,21 +0,0 @@
-The MIT License (MIT)
-
-Copyright (c) Feross Aboukhadijeh
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/safe-buffer/README.md b/src/Servers/ExpressServer/node_modules/safe-buffer/README.md
deleted file mode 100644
index e9a81af..0000000
--- a/src/Servers/ExpressServer/node_modules/safe-buffer/README.md
+++ /dev/null
@@ -1,584 +0,0 @@
-# safe-buffer [![travis][travis-image]][travis-url] [![npm][npm-image]][npm-url] [![downloads][downloads-image]][downloads-url] [![javascript style guide][standard-image]][standard-url]
-
-[travis-image]: https://img.shields.io/travis/feross/safe-buffer/master.svg
-[travis-url]: https://travis-ci.org/feross/safe-buffer
-[npm-image]: https://img.shields.io/npm/v/safe-buffer.svg
-[npm-url]: https://npmjs.org/package/safe-buffer
-[downloads-image]: https://img.shields.io/npm/dm/safe-buffer.svg
-[downloads-url]: https://npmjs.org/package/safe-buffer
-[standard-image]: https://img.shields.io/badge/code_style-standard-brightgreen.svg
-[standard-url]: https://standardjs.com
-
-#### Safer Node.js Buffer API
-
-**Use the new Node.js Buffer APIs (`Buffer.from`, `Buffer.alloc`,
-`Buffer.allocUnsafe`, `Buffer.allocUnsafeSlow`) in all versions of Node.js.**
-
-**Uses the built-in implementation when available.**
-
-## install
-
-```
-npm install safe-buffer
-```
-
-## usage
-
-The goal of this package is to provide a safe replacement for the node.js `Buffer`.
-
-It's a drop-in replacement for `Buffer`. You can use it by adding one `require` line to
-the top of your node.js modules:
-
-```js
-var Buffer = require('safe-buffer').Buffer
-
-// Existing buffer code will continue to work without issues:
-
-new Buffer('hey', 'utf8')
-new Buffer([1, 2, 3], 'utf8')
-new Buffer(obj)
-new Buffer(16) // create an uninitialized buffer (potentially unsafe)
-
-// But you can use these new explicit APIs to make clear what you want:
-
-Buffer.from('hey', 'utf8') // convert from many types to a Buffer
-Buffer.alloc(16) // create a zero-filled buffer (safe)
-Buffer.allocUnsafe(16) // create an uninitialized buffer (potentially unsafe)
-```
-
-## api
-
-### Class Method: Buffer.from(array)
-<!-- YAML
-added: v3.0.0
--->
-
-* `array` {Array}
-
-Allocates a new `Buffer` using an `array` of octets.
-
-```js
-const buf = Buffer.from([0x62,0x75,0x66,0x66,0x65,0x72]);
-  // creates a new Buffer containing ASCII bytes
-  // ['b','u','f','f','e','r']
-```
-
-A `TypeError` will be thrown if `array` is not an `Array`.
-
-### Class Method: Buffer.from(arrayBuffer[, byteOffset[, length]])
-<!-- YAML
-added: v5.10.0
--->
-
-* `arrayBuffer` {ArrayBuffer} The `.buffer` property of a `TypedArray` or
-  a `new ArrayBuffer()`
-* `byteOffset` {Number} Default: `0`
-* `length` {Number} Default: `arrayBuffer.length - byteOffset`
-
-When passed a reference to the `.buffer` property of a `TypedArray` instance,
-the newly created `Buffer` will share the same allocated memory as the
-TypedArray.
-
-```js
-const arr = new Uint16Array(2);
-arr[0] = 5000;
-arr[1] = 4000;
-
-const buf = Buffer.from(arr.buffer); // shares the memory with arr;
-
-console.log(buf);
-  // Prints: <Buffer 88 13 a0 0f>
-
-// changing the TypedArray changes the Buffer also
-arr[1] = 6000;
-
-console.log(buf);
-  // Prints: <Buffer 88 13 70 17>
-```
-
-The optional `byteOffset` and `length` arguments specify a memory range within
-the `arrayBuffer` that will be shared by the `Buffer`.
-
-```js
-const ab = new ArrayBuffer(10);
-const buf = Buffer.from(ab, 0, 2);
-console.log(buf.length);
-  // Prints: 2
-```
-
-A `TypeError` will be thrown if `arrayBuffer` is not an `ArrayBuffer`.
-
-### Class Method: Buffer.from(buffer)
-<!-- YAML
-added: v3.0.0
--->
-
-* `buffer` {Buffer}
-
-Copies the passed `buffer` data onto a new `Buffer` instance.
-
-```js
-const buf1 = Buffer.from('buffer');
-const buf2 = Buffer.from(buf1);
-
-buf1[0] = 0x61;
-console.log(buf1.toString());
-  // 'auffer'
-console.log(buf2.toString());
-  // 'buffer' (copy is not changed)
-```
-
-A `TypeError` will be thrown if `buffer` is not a `Buffer`.
-
-### Class Method: Buffer.from(str[, encoding])
-<!-- YAML
-added: v5.10.0
--->
-
-* `str` {String} String to encode.
-* `encoding` {String} Encoding to use, Default: `'utf8'`
-
-Creates a new `Buffer` containing the given JavaScript string `str`. If
-provided, the `encoding` parameter identifies the character encoding.
-If not provided, `encoding` defaults to `'utf8'`.
-
-```js
-const buf1 = Buffer.from('this is a tést');
-console.log(buf1.toString());
-  // prints: this is a tést
-console.log(buf1.toString('ascii'));
-  // prints: this is a tC)st
-
-const buf2 = Buffer.from('7468697320697320612074c3a97374', 'hex');
-console.log(buf2.toString());
-  // prints: this is a tést
-```
-
-A `TypeError` will be thrown if `str` is not a string.
-
-### Class Method: Buffer.alloc(size[, fill[, encoding]])
-<!-- YAML
-added: v5.10.0
--->
-
-* `size` {Number}
-* `fill` {Value} Default: `undefined`
-* `encoding` {String} Default: `utf8`
-
-Allocates a new `Buffer` of `size` bytes. If `fill` is `undefined`, the
-`Buffer` will be *zero-filled*.
-
-```js
-const buf = Buffer.alloc(5);
-console.log(buf);
-  // <Buffer 00 00 00 00 00>
-```
-
-The `size` must be less than or equal to the value of
-`require('buffer').kMaxLength` (on 64-bit architectures, `kMaxLength` is
-`(2^31)-1`). Otherwise, a [`RangeError`][] is thrown. A zero-length Buffer will
-be created if a `size` less than or equal to 0 is specified.
-
-If `fill` is specified, the allocated `Buffer` will be initialized by calling
-`buf.fill(fill)`. See [`buf.fill()`][] for more information.
-
-```js
-const buf = Buffer.alloc(5, 'a');
-console.log(buf);
-  // <Buffer 61 61 61 61 61>
-```
-
-If both `fill` and `encoding` are specified, the allocated `Buffer` will be
-initialized by calling `buf.fill(fill, encoding)`. For example:
-
-```js
-const buf = Buffer.alloc(11, 'aGVsbG8gd29ybGQ=', 'base64');
-console.log(buf);
-  // <Buffer 68 65 6c 6c 6f 20 77 6f 72 6c 64>
-```
-
-Calling `Buffer.alloc(size)` can be significantly slower than the alternative
-`Buffer.allocUnsafe(size)` but ensures that the newly created `Buffer` instance
-contents will *never contain sensitive data*.
-
-A `TypeError` will be thrown if `size` is not a number.
-
-### Class Method: Buffer.allocUnsafe(size)
-<!-- YAML
-added: v5.10.0
--->
-
-* `size` {Number}
-
-Allocates a new *non-zero-filled* `Buffer` of `size` bytes.  The `size` must
-be less than or equal to the value of `require('buffer').kMaxLength` (on 64-bit
-architectures, `kMaxLength` is `(2^31)-1`). Otherwise, a [`RangeError`][] is
-thrown. A zero-length Buffer will be created if a `size` less than or equal to
-0 is specified.
-
-The underlying memory for `Buffer` instances created in this way is *not
-initialized*. The contents of the newly created `Buffer` are unknown and
-*may contain sensitive data*. Use [`buf.fill(0)`][] to initialize such
-`Buffer` instances to zeroes.
-
-```js
-const buf = Buffer.allocUnsafe(5);
-console.log(buf);
-  // <Buffer 78 e0 82 02 01>
-  // (octets will be different, every time)
-buf.fill(0);
-console.log(buf);
-  // <Buffer 00 00 00 00 00>
-```
-
-A `TypeError` will be thrown if `size` is not a number.
-
-Note that the `Buffer` module pre-allocates an internal `Buffer` instance of
-size `Buffer.poolSize` that is used as a pool for the fast allocation of new
-`Buffer` instances created using `Buffer.allocUnsafe(size)` (and the deprecated
-`new Buffer(size)` constructor) only when `size` is less than or equal to
-`Buffer.poolSize >> 1` (floor of `Buffer.poolSize` divided by two). The default
-value of `Buffer.poolSize` is `8192` but can be modified.
-
-Use of this pre-allocated internal memory pool is a key difference between
-calling `Buffer.alloc(size, fill)` vs. `Buffer.allocUnsafe(size).fill(fill)`.
-Specifically, `Buffer.alloc(size, fill)` will *never* use the internal Buffer
-pool, while `Buffer.allocUnsafe(size).fill(fill)` *will* use the internal
-Buffer pool if `size` is less than or equal to half `Buffer.poolSize`. The
-difference is subtle but can be important when an application requires the
-additional performance that `Buffer.allocUnsafe(size)` provides.
-
-### Class Method: Buffer.allocUnsafeSlow(size)
-<!-- YAML
-added: v5.10.0
--->
-
-* `size` {Number}
-
-Allocates a new *non-zero-filled* and non-pooled `Buffer` of `size` bytes.  The
-`size` must be less than or equal to the value of
-`require('buffer').kMaxLength` (on 64-bit architectures, `kMaxLength` is
-`(2^31)-1`). Otherwise, a [`RangeError`][] is thrown. A zero-length Buffer will
-be created if a `size` less than or equal to 0 is specified.
-
-The underlying memory for `Buffer` instances created in this way is *not
-initialized*. The contents of the newly created `Buffer` are unknown and
-*may contain sensitive data*. Use [`buf.fill(0)`][] to initialize such
-`Buffer` instances to zeroes.
-
-When using `Buffer.allocUnsafe()` to allocate new `Buffer` instances,
-allocations under 4KB are, by default, sliced from a single pre-allocated
-`Buffer`. This allows applications to avoid the garbage collection overhead of
-creating many individually allocated Buffers. This approach improves both
-performance and memory usage by eliminating the need to track and cleanup as
-many `Persistent` objects.
-
-However, in the case where a developer may need to retain a small chunk of
-memory from a pool for an indeterminate amount of time, it may be appropriate
-to create an un-pooled Buffer instance using `Buffer.allocUnsafeSlow()` then
-copy out the relevant bits.
-
-```js
-// need to keep around a few small chunks of memory
-const store = [];
-
-socket.on('readable', () => {
-  const data = socket.read();
-  // allocate for retained data
-  const sb = Buffer.allocUnsafeSlow(10);
-  // copy the data into the new allocation
-  data.copy(sb, 0, 0, 10);
-  store.push(sb);
-});
-```
-
-Use of `Buffer.allocUnsafeSlow()` should be used only as a last resort *after*
-a developer has observed undue memory retention in their applications.
-
-A `TypeError` will be thrown if `size` is not a number.
-
-### All the Rest
-
-The rest of the `Buffer` API is exactly the same as in node.js.
-[See the docs](https://nodejs.org/api/buffer.html).
-
-
-## Related links
-
-- [Node.js issue: Buffer(number) is unsafe](https://github.com/nodejs/node/issues/4660)
-- [Node.js Enhancement Proposal: Buffer.from/Buffer.alloc/Buffer.zalloc/Buffer() soft-deprecate](https://github.com/nodejs/node-eps/pull/4)
-
-## Why is `Buffer` unsafe?
-
-Today, the node.js `Buffer` constructor is overloaded to handle many different argument
-types like `String`, `Array`, `Object`, `TypedArrayView` (`Uint8Array`, etc.),
-`ArrayBuffer`, and also `Number`.
-
-The API is optimized for convenience: you can throw any type at it, and it will try to do
-what you want.
-
-Because the Buffer constructor is so powerful, you often see code like this:
-
-```js
-// Convert UTF-8 strings to hex
-function toHex (str) {
-  return new Buffer(str).toString('hex')
-}
-```
-
-***But what happens if `toHex` is called with a `Number` argument?***
-
-### Remote Memory Disclosure
-
-If an attacker can make your program call the `Buffer` constructor with a `Number`
-argument, then they can make it allocate uninitialized memory from the node.js process.
-This could potentially disclose TLS private keys, user data, or database passwords.
-
-When the `Buffer` constructor is passed a `Number` argument, it returns an
-**UNINITIALIZED** block of memory of the specified `size`. When you create a `Buffer` like
-this, you **MUST** overwrite the contents before returning it to the user.
-
-From the [node.js docs](https://nodejs.org/api/buffer.html#buffer_new_buffer_size):
-
-> `new Buffer(size)`
->
-> - `size` Number
->
-> The underlying memory for `Buffer` instances created in this way is not initialized.
-> **The contents of a newly created `Buffer` are unknown and could contain sensitive
-> data.** Use `buf.fill(0)` to initialize a Buffer to zeroes.
-
-(Emphasis our own.)
-
-Whenever the programmer intended to create an uninitialized `Buffer` you often see code
-like this:
-
-```js
-var buf = new Buffer(16)
-
-// Immediately overwrite the uninitialized buffer with data from another buffer
-for (var i = 0; i < buf.length; i++) {
-  buf[i] = otherBuf[i]
-}
-```
-
-
-### Would this ever be a problem in real code?
-
-Yes. It's surprisingly common to forget to check the type of your variables in a
-dynamically-typed language like JavaScript.
-
-Usually the consequences of assuming the wrong type is that your program crashes with an
-uncaught exception. But the failure mode for forgetting to check the type of arguments to
-the `Buffer` constructor is more catastrophic.
-
-Here's an example of a vulnerable service that takes a JSON payload and converts it to
-hex:
-
-```js
-// Take a JSON payload {str: "some string"} and convert it to hex
-var server = http.createServer(function (req, res) {
-  var data = ''
-  req.setEncoding('utf8')
-  req.on('data', function (chunk) {
-    data += chunk
-  })
-  req.on('end', function () {
-    var body = JSON.parse(data)
-    res.end(new Buffer(body.str).toString('hex'))
-  })
-})
-
-server.listen(8080)
-```
-
-In this example, an http client just has to send:
-
-```json
-{
-  "str": 1000
-}
-```
-
-and it will get back 1,000 bytes of uninitialized memory from the server.
-
-This is a very serious bug. It's similar in severity to the
-[the Heartbleed bug](http://heartbleed.com/) that allowed disclosure of OpenSSL process
-memory by remote attackers.
-
-
-### Which real-world packages were vulnerable?
-
-#### [`bittorrent-dht`](https://www.npmjs.com/package/bittorrent-dht)
-
-[Mathias Buus](https://github.com/mafintosh) and I
-([Feross Aboukhadijeh](http://feross.org/)) found this issue in one of our own packages,
-[`bittorrent-dht`](https://www.npmjs.com/package/bittorrent-dht). The bug would allow
-anyone on the internet to send a series of messages to a user of `bittorrent-dht` and get
-them to reveal 20 bytes at a time of uninitialized memory from the node.js process.
-
-Here's
-[the commit](https://github.com/feross/bittorrent-dht/commit/6c7da04025d5633699800a99ec3fbadf70ad35b8)
-that fixed it. We released a new fixed version, created a
-[Node Security Project disclosure](https://nodesecurity.io/advisories/68), and deprecated all
-vulnerable versions on npm so users will get a warning to upgrade to a newer version.
-
-#### [`ws`](https://www.npmjs.com/package/ws)
-
-That got us wondering if there were other vulnerable packages. Sure enough, within a short
-period of time, we found the same issue in [`ws`](https://www.npmjs.com/package/ws), the
-most popular WebSocket implementation in node.js.
-
-If certain APIs were called with `Number` parameters instead of `String` or `Buffer` as
-expected, then uninitialized server memory would be disclosed to the remote peer.
-
-These were the vulnerable methods:
-
-```js
-socket.send(number)
-socket.ping(number)
-socket.pong(number)
-```
-
-Here's a vulnerable socket server with some echo functionality:
-
-```js
-server.on('connection', function (socket) {
-  socket.on('message', function (message) {
-    message = JSON.parse(message)
-    if (message.type === 'echo') {
-      socket.send(message.data) // send back the user's message
-    }
-  })
-})
-```
-
-`socket.send(number)` called on the server, will disclose server memory.
-
-Here's [the release](https://github.com/websockets/ws/releases/tag/1.0.1) where the issue
-was fixed, with a more detailed explanation. Props to
-[Arnout Kazemier](https://github.com/3rd-Eden) for the quick fix. Here's the
-[Node Security Project disclosure](https://nodesecurity.io/advisories/67).
-
-
-### What's the solution?
-
-It's important that node.js offers a fast way to get memory otherwise performance-critical
-applications would needlessly get a lot slower.
-
-But we need a better way to *signal our intent* as programmers. **When we want
-uninitialized memory, we should request it explicitly.**
-
-Sensitive functionality should not be packed into a developer-friendly API that loosely
-accepts many different types. This type of API encourages the lazy practice of passing
-variables in without checking the type very carefully.
-
-#### A new API: `Buffer.allocUnsafe(number)`
-
-The functionality of creating buffers with uninitialized memory should be part of another
-API. We propose `Buffer.allocUnsafe(number)`. This way, it's not part of an API that
-frequently gets user input of all sorts of different types passed into it.
-
-```js
-var buf = Buffer.allocUnsafe(16) // careful, uninitialized memory!
-
-// Immediately overwrite the uninitialized buffer with data from another buffer
-for (var i = 0; i < buf.length; i++) {
-  buf[i] = otherBuf[i]
-}
-```
-
-
-### How do we fix node.js core?
-
-We sent [a PR to node.js core](https://github.com/nodejs/node/pull/4514) (merged as
-`semver-major`) which defends against one case:
-
-```js
-var str = 16
-new Buffer(str, 'utf8')
-```
-
-In this situation, it's implied that the programmer intended the first argument to be a
-string, since they passed an encoding as a second argument. Today, node.js will allocate
-uninitialized memory in the case of `new Buffer(number, encoding)`, which is probably not
-what the programmer intended.
-
-But this is only a partial solution, since if the programmer does `new Buffer(variable)`
-(without an `encoding` parameter) there's no way to know what they intended. If `variable`
-is sometimes a number, then uninitialized memory will sometimes be returned.
-
-### What's the real long-term fix?
-
-We could deprecate and remove `new Buffer(number)` and use `Buffer.allocUnsafe(number)` when
-we need uninitialized memory. But that would break 1000s of packages.
-
-~~We believe the best solution is to:~~
-
-~~1. Change `new Buffer(number)` to return safe, zeroed-out memory~~
-
-~~2. Create a new API for creating uninitialized Buffers. We propose: `Buffer.allocUnsafe(number)`~~
-
-#### Update
-
-We now support adding three new APIs:
-
-- `Buffer.from(value)` - convert from any type to a buffer
-- `Buffer.alloc(size)` - create a zero-filled buffer
-- `Buffer.allocUnsafe(size)` - create an uninitialized buffer with given size
-
-This solves the core problem that affected `ws` and `bittorrent-dht` which is
-`Buffer(variable)` getting tricked into taking a number argument.
-
-This way, existing code continues working and the impact on the npm ecosystem will be
-minimal. Over time, npm maintainers can migrate performance-critical code to use
-`Buffer.allocUnsafe(number)` instead of `new Buffer(number)`.
-
-
-### Conclusion
-
-We think there's a serious design issue with the `Buffer` API as it exists today. It
-promotes insecure software by putting high-risk functionality into a convenient API
-with friendly "developer ergonomics".
-
-This wasn't merely a theoretical exercise because we found the issue in some of the
-most popular npm packages.
-
-Fortunately, there's an easy fix that can be applied today. Use `safe-buffer` in place of
-`buffer`.
-
-```js
-var Buffer = require('safe-buffer').Buffer
-```
-
-Eventually, we hope that node.js core can switch to this new, safer behavior. We believe
-the impact on the ecosystem would be minimal since it's not a breaking change.
-Well-maintained, popular packages would be updated to use `Buffer.alloc` quickly, while
-older, insecure packages would magically become safe from this attack vector.
-
-
-## links
-
-- [Node.js PR: buffer: throw if both length and enc are passed](https://github.com/nodejs/node/pull/4514)
-- [Node Security Project disclosure for `ws`](https://nodesecurity.io/advisories/67)
-- [Node Security Project disclosure for`bittorrent-dht`](https://nodesecurity.io/advisories/68)
-
-
-## credit
-
-The original issues in `bittorrent-dht`
-([disclosure](https://nodesecurity.io/advisories/68)) and
-`ws` ([disclosure](https://nodesecurity.io/advisories/67)) were discovered by
-[Mathias Buus](https://github.com/mafintosh) and
-[Feross Aboukhadijeh](http://feross.org/).
-
-Thanks to [Adam Baldwin](https://github.com/evilpacket) for helping disclose these issues
-and for his work running the [Node Security Project](https://nodesecurity.io/).
-
-Thanks to [John Hiesey](https://github.com/jhiesey) for proofreading this README and
-auditing the code.
-
-
-## license
-
-MIT. Copyright (C) [Feross Aboukhadijeh](http://feross.org)
diff --git a/src/Servers/ExpressServer/node_modules/safe-buffer/index.d.ts b/src/Servers/ExpressServer/node_modules/safe-buffer/index.d.ts
deleted file mode 100644
index e9fed80..0000000
--- a/src/Servers/ExpressServer/node_modules/safe-buffer/index.d.ts
+++ /dev/null
@@ -1,187 +0,0 @@
-declare module "safe-buffer" {
-  export class Buffer {
-    length: number
-    write(string: string, offset?: number, length?: number, encoding?: string): number;
-    toString(encoding?: string, start?: number, end?: number): string;
-    toJSON(): { type: 'Buffer', data: any[] };
-    equals(otherBuffer: Buffer): boolean;
-    compare(otherBuffer: Buffer, targetStart?: number, targetEnd?: number, sourceStart?: number, sourceEnd?: number): number;
-    copy(targetBuffer: Buffer, targetStart?: number, sourceStart?: number, sourceEnd?: number): number;
-    slice(start?: number, end?: number): Buffer;
-    writeUIntLE(value: number, offset: number, byteLength: number, noAssert?: boolean): number;
-    writeUIntBE(value: number, offset: number, byteLength: number, noAssert?: boolean): number;
-    writeIntLE(value: number, offset: number, byteLength: number, noAssert?: boolean): number;
-    writeIntBE(value: number, offset: number, byteLength: number, noAssert?: boolean): number;
-    readUIntLE(offset: number, byteLength: number, noAssert?: boolean): number;
-    readUIntBE(offset: number, byteLength: number, noAssert?: boolean): number;
-    readIntLE(offset: number, byteLength: number, noAssert?: boolean): number;
-    readIntBE(offset: number, byteLength: number, noAssert?: boolean): number;
-    readUInt8(offset: number, noAssert?: boolean): number;
-    readUInt16LE(offset: number, noAssert?: boolean): number;
-    readUInt16BE(offset: number, noAssert?: boolean): number;
-    readUInt32LE(offset: number, noAssert?: boolean): number;
-    readUInt32BE(offset: number, noAssert?: boolean): number;
-    readInt8(offset: number, noAssert?: boolean): number;
-    readInt16LE(offset: number, noAssert?: boolean): number;
-    readInt16BE(offset: number, noAssert?: boolean): number;
-    readInt32LE(offset: number, noAssert?: boolean): number;
-    readInt32BE(offset: number, noAssert?: boolean): number;
-    readFloatLE(offset: number, noAssert?: boolean): number;
-    readFloatBE(offset: number, noAssert?: boolean): number;
-    readDoubleLE(offset: number, noAssert?: boolean): number;
-    readDoubleBE(offset: number, noAssert?: boolean): number;
-    swap16(): Buffer;
-    swap32(): Buffer;
-    swap64(): Buffer;
-    writeUInt8(value: number, offset: number, noAssert?: boolean): number;
-    writeUInt16LE(value: number, offset: number, noAssert?: boolean): number;
-    writeUInt16BE(value: number, offset: number, noAssert?: boolean): number;
-    writeUInt32LE(value: number, offset: number, noAssert?: boolean): number;
-    writeUInt32BE(value: number, offset: number, noAssert?: boolean): number;
-    writeInt8(value: number, offset: number, noAssert?: boolean): number;
-    writeInt16LE(value: number, offset: number, noAssert?: boolean): number;
-    writeInt16BE(value: number, offset: number, noAssert?: boolean): number;
-    writeInt32LE(value: number, offset: number, noAssert?: boolean): number;
-    writeInt32BE(value: number, offset: number, noAssert?: boolean): number;
-    writeFloatLE(value: number, offset: number, noAssert?: boolean): number;
-    writeFloatBE(value: number, offset: number, noAssert?: boolean): number;
-    writeDoubleLE(value: number, offset: number, noAssert?: boolean): number;
-    writeDoubleBE(value: number, offset: number, noAssert?: boolean): number;
-    fill(value: any, offset?: number, end?: number): this;
-    indexOf(value: string | number | Buffer, byteOffset?: number, encoding?: string): number;
-    lastIndexOf(value: string | number | Buffer, byteOffset?: number, encoding?: string): number;
-    includes(value: string | number | Buffer, byteOffset?: number, encoding?: string): boolean;
-
-    /**
-     * Allocates a new buffer containing the given {str}.
-     *
-     * @param str String to store in buffer.
-     * @param encoding encoding to use, optional.  Default is 'utf8'
-     */
-     constructor (str: string, encoding?: string);
-    /**
-     * Allocates a new buffer of {size} octets.
-     *
-     * @param size count of octets to allocate.
-     */
-    constructor (size: number);
-    /**
-     * Allocates a new buffer containing the given {array} of octets.
-     *
-     * @param array The octets to store.
-     */
-    constructor (array: Uint8Array);
-    /**
-     * Produces a Buffer backed by the same allocated memory as
-     * the given {ArrayBuffer}.
-     *
-     *
-     * @param arrayBuffer The ArrayBuffer with which to share memory.
-     */
-    constructor (arrayBuffer: ArrayBuffer);
-    /**
-     * Allocates a new buffer containing the given {array} of octets.
-     *
-     * @param array The octets to store.
-     */
-    constructor (array: any[]);
-    /**
-     * Copies the passed {buffer} data onto a new {Buffer} instance.
-     *
-     * @param buffer The buffer to copy.
-     */
-    constructor (buffer: Buffer);
-    prototype: Buffer;
-    /**
-     * Allocates a new Buffer using an {array} of octets.
-     *
-     * @param array
-     */
-    static from(array: any[]): Buffer;
-    /**
-     * When passed a reference to the .buffer property of a TypedArray instance,
-     * the newly created Buffer will share the same allocated memory as the TypedArray.
-     * The optional {byteOffset} and {length} arguments specify a memory range
-     * within the {arrayBuffer} that will be shared by the Buffer.
-     *
-     * @param arrayBuffer The .buffer property of a TypedArray or a new ArrayBuffer()
-     * @param byteOffset
-     * @param length
-     */
-    static from(arrayBuffer: ArrayBuffer, byteOffset?: number, length?: number): Buffer;
-    /**
-     * Copies the passed {buffer} data onto a new Buffer instance.
-     *
-     * @param buffer
-     */
-    static from(buffer: Buffer): Buffer;
-    /**
-     * Creates a new Buffer containing the given JavaScript string {str}.
-     * If provided, the {encoding} parameter identifies the character encoding.
-     * If not provided, {encoding} defaults to 'utf8'.
-     *
-     * @param str
-     */
-    static from(str: string, encoding?: string): Buffer;
-    /**
-     * Returns true if {obj} is a Buffer
-     *
-     * @param obj object to test.
-     */
-    static isBuffer(obj: any): obj is Buffer;
-    /**
-     * Returns true if {encoding} is a valid encoding argument.
-     * Valid string encodings in Node 0.12: 'ascii'|'utf8'|'utf16le'|'ucs2'(alias of 'utf16le')|'base64'|'binary'(deprecated)|'hex'
-     *
-     * @param encoding string to test.
-     */
-    static isEncoding(encoding: string): boolean;
-    /**
-     * Gives the actual byte length of a string. encoding defaults to 'utf8'.
-     * This is not the same as String.prototype.length since that returns the number of characters in a string.
-     *
-     * @param string string to test.
-     * @param encoding encoding used to evaluate (defaults to 'utf8')
-     */
-    static byteLength(string: string, encoding?: string): number;
-    /**
-     * Returns a buffer which is the result of concatenating all the buffers in the list together.
-     *
-     * If the list has no items, or if the totalLength is 0, then it returns a zero-length buffer.
-     * If the list has exactly one item, then the first item of the list is returned.
-     * If the list has more than one item, then a new Buffer is created.
-     *
-     * @param list An array of Buffer objects to concatenate
-     * @param totalLength Total length of the buffers when concatenated.
-     *   If totalLength is not provided, it is read from the buffers in the list. However, this adds an additional loop to the function, so it is faster to provide the length explicitly.
-     */
-    static concat(list: Buffer[], totalLength?: number): Buffer;
-    /**
-     * The same as buf1.compare(buf2).
-     */
-    static compare(buf1: Buffer, buf2: Buffer): number;
-    /**
-     * Allocates a new buffer of {size} octets.
-     *
-     * @param size count of octets to allocate.
-     * @param fill if specified, buffer will be initialized by calling buf.fill(fill).
-     *    If parameter is omitted, buffer will be filled with zeros.
-     * @param encoding encoding used for call to buf.fill while initalizing
-     */
-    static alloc(size: number, fill?: string | Buffer | number, encoding?: string): Buffer;
-    /**
-     * Allocates a new buffer of {size} octets, leaving memory not initialized, so the contents
-     * of the newly created Buffer are unknown and may contain sensitive data.
-     *
-     * @param size count of octets to allocate
-     */
-    static allocUnsafe(size: number): Buffer;
-    /**
-     * Allocates a new non-pooled buffer of {size} octets, leaving memory not initialized, so the contents
-     * of the newly created Buffer are unknown and may contain sensitive data.
-     *
-     * @param size count of octets to allocate
-     */
-    static allocUnsafeSlow(size: number): Buffer;
-  }
-}
\ No newline at end of file
diff --git a/src/Servers/ExpressServer/node_modules/safe-buffer/index.js b/src/Servers/ExpressServer/node_modules/safe-buffer/index.js
deleted file mode 100644
index f8d3ec9..0000000
--- a/src/Servers/ExpressServer/node_modules/safe-buffer/index.js
+++ /dev/null
@@ -1,65 +0,0 @@
-/*! safe-buffer. MIT License. Feross Aboukhadijeh <https://feross.org/opensource> */
-/* eslint-disable node/no-deprecated-api */
-var buffer = require('buffer')
-var Buffer = buffer.Buffer
-
-// alternative to using Object.keys for old browsers
-function copyProps (src, dst) {
-  for (var key in src) {
-    dst[key] = src[key]
-  }
-}
-if (Buffer.from && Buffer.alloc && Buffer.allocUnsafe && Buffer.allocUnsafeSlow) {
-  module.exports = buffer
-} else {
-  // Copy properties from require('buffer')
-  copyProps(buffer, exports)
-  exports.Buffer = SafeBuffer
-}
-
-function SafeBuffer (arg, encodingOrOffset, length) {
-  return Buffer(arg, encodingOrOffset, length)
-}
-
-SafeBuffer.prototype = Object.create(Buffer.prototype)
-
-// Copy static methods from Buffer
-copyProps(Buffer, SafeBuffer)
-
-SafeBuffer.from = function (arg, encodingOrOffset, length) {
-  if (typeof arg === 'number') {
-    throw new TypeError('Argument must not be a number')
-  }
-  return Buffer(arg, encodingOrOffset, length)
-}
-
-SafeBuffer.alloc = function (size, fill, encoding) {
-  if (typeof size !== 'number') {
-    throw new TypeError('Argument must be a number')
-  }
-  var buf = Buffer(size)
-  if (fill !== undefined) {
-    if (typeof encoding === 'string') {
-      buf.fill(fill, encoding)
-    } else {
-      buf.fill(fill)
-    }
-  } else {
-    buf.fill(0)
-  }
-  return buf
-}
-
-SafeBuffer.allocUnsafe = function (size) {
-  if (typeof size !== 'number') {
-    throw new TypeError('Argument must be a number')
-  }
-  return Buffer(size)
-}
-
-SafeBuffer.allocUnsafeSlow = function (size) {
-  if (typeof size !== 'number') {
-    throw new TypeError('Argument must be a number')
-  }
-  return buffer.SlowBuffer(size)
-}
diff --git a/src/Servers/ExpressServer/node_modules/safe-buffer/package.json b/src/Servers/ExpressServer/node_modules/safe-buffer/package.json
deleted file mode 100644
index f2869e2..0000000
--- a/src/Servers/ExpressServer/node_modules/safe-buffer/package.json
+++ /dev/null
@@ -1,51 +0,0 @@
-{
-  "name": "safe-buffer",
-  "description": "Safer Node.js Buffer API",
-  "version": "5.2.1",
-  "author": {
-    "name": "Feross Aboukhadijeh",
-    "email": "feross@feross.org",
-    "url": "https://feross.org"
-  },
-  "bugs": {
-    "url": "https://github.com/feross/safe-buffer/issues"
-  },
-  "devDependencies": {
-    "standard": "*",
-    "tape": "^5.0.0"
-  },
-  "homepage": "https://github.com/feross/safe-buffer",
-  "keywords": [
-    "buffer",
-    "buffer allocate",
-    "node security",
-    "safe",
-    "safe-buffer",
-    "security",
-    "uninitialized"
-  ],
-  "license": "MIT",
-  "main": "index.js",
-  "types": "index.d.ts",
-  "repository": {
-    "type": "git",
-    "url": "git://github.com/feross/safe-buffer.git"
-  },
-  "scripts": {
-    "test": "standard && tape test/*.js"
-  },
-  "funding": [
-    {
-      "type": "github",
-      "url": "https://github.com/sponsors/feross"
-    },
-    {
-      "type": "patreon",
-      "url": "https://www.patreon.com/feross"
-    },
-    {
-      "type": "consulting",
-      "url": "https://feross.org/support"
-    }
-  ]
-}
diff --git a/src/Servers/ExpressServer/node_modules/safer-buffer/LICENSE b/src/Servers/ExpressServer/node_modules/safer-buffer/LICENSE
deleted file mode 100644
index 4fe9e6f..0000000
--- a/src/Servers/ExpressServer/node_modules/safer-buffer/LICENSE
+++ /dev/null
@@ -1,21 +0,0 @@
-MIT License
-
-Copyright (c) 2018 Nikita Skovoroda <chalkerx@gmail.com>
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/safer-buffer/Porting-Buffer.md b/src/Servers/ExpressServer/node_modules/safer-buffer/Porting-Buffer.md
deleted file mode 100644
index 68d86ba..0000000
--- a/src/Servers/ExpressServer/node_modules/safer-buffer/Porting-Buffer.md
+++ /dev/null
@@ -1,268 +0,0 @@
-# Porting to the Buffer.from/Buffer.alloc API
-
-<a id="overview"></a>
-## Overview
-
-- [Variant 1: Drop support for Node.js ≤ 4.4.x and 5.0.0 — 5.9.x.](#variant-1) (*recommended*)
-- [Variant 2: Use a polyfill](#variant-2)
-- [Variant 3: manual detection, with safeguards](#variant-3)
-
-### Finding problematic bits of code using grep
-
-Just run `grep -nrE '[^a-zA-Z](Slow)?Buffer\s*\(' --exclude-dir node_modules`.
-
-It will find all the potentially unsafe places in your own code (with some considerably unlikely
-exceptions).
-
-### Finding problematic bits of code using Node.js 8
-
-If you’re using Node.js ≥ 8.0.0 (which is recommended), Node.js exposes multiple options that help with finding the relevant pieces of code:
-
-- `--trace-warnings` will make Node.js show a stack trace for this warning and other warnings that are printed by Node.js.
-- `--trace-deprecation` does the same thing, but only for deprecation warnings.
-- `--pending-deprecation` will show more types of deprecation warnings. In particular, it will show the `Buffer()` deprecation warning, even on Node.js 8.
-
-You can set these flags using an environment variable:
-
-```console
-$ export NODE_OPTIONS='--trace-warnings --pending-deprecation'
-$ cat example.js
-'use strict';
-const foo = new Buffer('foo');
-$ node example.js
-(node:7147) [DEP0005] DeprecationWarning: The Buffer() and new Buffer() constructors are not recommended for use due to security and usability concerns. Please use the new Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() construction methods instead.
-    at showFlaggedDeprecation (buffer.js:127:13)
-    at new Buffer (buffer.js:148:3)
-    at Object.<anonymous> (/path/to/example.js:2:13)
-    [... more stack trace lines ...]
-```
-
-### Finding problematic bits of code using linters
-
-Eslint rules [no-buffer-constructor](https://eslint.org/docs/rules/no-buffer-constructor)
-or
-[node/no-deprecated-api](https://github.com/mysticatea/eslint-plugin-node/blob/master/docs/rules/no-deprecated-api.md)
-also find calls to deprecated `Buffer()` API. Those rules are included in some pre-sets.
-
-There is a drawback, though, that it doesn't always
-[work correctly](https://github.com/chalker/safer-buffer#why-not-safe-buffer) when `Buffer` is
-overriden e.g. with a polyfill, so recommended is a combination of this and some other method
-described above.
-
-<a id="variant-1"></a>
-## Variant 1: Drop support for Node.js ≤ 4.4.x and 5.0.0 — 5.9.x.
-
-This is the recommended solution nowadays that would imply only minimal overhead.
-
-The Node.js 5.x release line has been unsupported since July 2016, and the Node.js 4.x release line reaches its End of Life in April 2018 (→ [Schedule](https://github.com/nodejs/Release#release-schedule)). This means that these versions of Node.js will *not* receive any updates, even in case of security issues, so using these release lines should be avoided, if at all possible.
-
-What you would do in this case is to convert all `new Buffer()` or `Buffer()` calls to use `Buffer.alloc()` or `Buffer.from()`, in the following way:
-
-- For `new Buffer(number)`, replace it with `Buffer.alloc(number)`.
-- For `new Buffer(string)` (or `new Buffer(string, encoding)`), replace it with `Buffer.from(string)` (or `Buffer.from(string, encoding)`).
-- For all other combinations of arguments (these are much rarer), also replace `new Buffer(...arguments)` with `Buffer.from(...arguments)`.
-
-Note that `Buffer.alloc()` is also _faster_ on the current Node.js versions than
-`new Buffer(size).fill(0)`, which is what you would otherwise need to ensure zero-filling.
-
-Enabling eslint rule [no-buffer-constructor](https://eslint.org/docs/rules/no-buffer-constructor)
-or
-[node/no-deprecated-api](https://github.com/mysticatea/eslint-plugin-node/blob/master/docs/rules/no-deprecated-api.md)
-is recommended to avoid accidential unsafe Buffer API usage.
-
-There is also a [JSCodeshift codemod](https://github.com/joyeecheung/node-dep-codemod#dep005)
-for automatically migrating Buffer constructors to `Buffer.alloc()` or `Buffer.from()`.
-Note that it currently only works with cases where the arguments are literals or where the
-constructor is invoked with two arguments.
-
-_If you currently support those older Node.js versions and dropping them would be a semver-major change
-for you, or if you support older branches of your packages, consider using [Variant 2](#variant-2)
-or [Variant 3](#variant-3) on older branches, so people using those older branches will also receive
-the fix. That way, you will eradicate potential issues caused by unguarded Buffer API usage and
-your users will not observe a runtime deprecation warning when running your code on Node.js 10._
-
-<a id="variant-2"></a>
-## Variant 2: Use a polyfill
-
-Utilize [safer-buffer](https://www.npmjs.com/package/safer-buffer) as a polyfill to support older
-Node.js versions.
-
-You would take exacly the same steps as in [Variant 1](#variant-1), but with a polyfill
-`const Buffer = require('safer-buffer').Buffer` in all files where you use the new `Buffer` api.
-
-Make sure that you do not use old `new Buffer` API — in any files where the line above is added,
-using old `new Buffer()` API will _throw_. It will be easy to notice that in CI, though.
-
-Alternatively, you could use [buffer-from](https://www.npmjs.com/package/buffer-from) and/or
-[buffer-alloc](https://www.npmjs.com/package/buffer-alloc) [ponyfills](https://ponyfill.com/) —
-those are great, the only downsides being 4 deps in the tree and slightly more code changes to
-migrate off them (as you would be using e.g. `Buffer.from` under a different name). If you need only
-`Buffer.from` polyfilled — `buffer-from` alone which comes with no extra dependencies.
-
-_Alternatively, you could use [safe-buffer](https://www.npmjs.com/package/safe-buffer) — it also
-provides a polyfill, but takes a different approach which has
-[it's drawbacks](https://github.com/chalker/safer-buffer#why-not-safe-buffer). It will allow you
-to also use the older `new Buffer()` API in your code, though — but that's arguably a benefit, as
-it is problematic, can cause issues in your code, and will start emitting runtime deprecation
-warnings starting with Node.js 10._
-
-Note that in either case, it is important that you also remove all calls to the old Buffer
-API manually — just throwing in `safe-buffer` doesn't fix the problem by itself, it just provides
-a polyfill for the new API. I have seen people doing that mistake.
-
-Enabling eslint rule [no-buffer-constructor](https://eslint.org/docs/rules/no-buffer-constructor)
-or
-[node/no-deprecated-api](https://github.com/mysticatea/eslint-plugin-node/blob/master/docs/rules/no-deprecated-api.md)
-is recommended.
-
-_Don't forget to drop the polyfill usage once you drop support for Node.js < 4.5.0._
-
-<a id="variant-3"></a>
-## Variant 3 — manual detection, with safeguards
-
-This is useful if you create Buffer instances in only a few places (e.g. one), or you have your own
-wrapper around them.
-
-### Buffer(0)
-
-This special case for creating empty buffers can be safely replaced with `Buffer.concat([])`, which
-returns the same result all the way down to Node.js 0.8.x.
-
-### Buffer(notNumber)
-
-Before:
-
-```js
-var buf = new Buffer(notNumber, encoding);
-```
-
-After:
-
-```js
-var buf;
-if (Buffer.from && Buffer.from !== Uint8Array.from) {
-  buf = Buffer.from(notNumber, encoding);
-} else {
-  if (typeof notNumber === 'number')
-    throw new Error('The "size" argument must be of type number.');
-  buf = new Buffer(notNumber, encoding);
-}
-```
-
-`encoding` is optional.
-
-Note that the `typeof notNumber` before `new Buffer` is required (for cases when `notNumber` argument is not
-hard-coded) and _is not caused by the deprecation of Buffer constructor_ — it's exactly _why_ the
-Buffer constructor is deprecated. Ecosystem packages lacking this type-check caused numereous
-security issues — situations when unsanitized user input could end up in the `Buffer(arg)` create
-problems ranging from DoS to leaking sensitive information to the attacker from the process memory.
-
-When `notNumber` argument is hardcoded (e.g. literal `"abc"` or `[0,1,2]`), the `typeof` check can
-be omitted.
-
-Also note that using TypeScript does not fix this problem for you — when libs written in
-`TypeScript` are used from JS, or when user input ends up there — it behaves exactly as pure JS, as
-all type checks are translation-time only and are not present in the actual JS code which TS
-compiles to.
-
-### Buffer(number)
-
-For Node.js 0.10.x (and below) support:
-
-```js
-var buf;
-if (Buffer.alloc) {
-  buf = Buffer.alloc(number);
-} else {
-  buf = new Buffer(number);
-  buf.fill(0);
-}
-```
-
-Otherwise (Node.js ≥ 0.12.x):
-
-```js
-const buf = Buffer.alloc ? Buffer.alloc(number) : new Buffer(number).fill(0);
-```
-
-## Regarding Buffer.allocUnsafe
-
-Be extra cautious when using `Buffer.allocUnsafe`:
- * Don't use it if you don't have a good reason to
-   * e.g. you probably won't ever see a performance difference for small buffers, in fact, those
-     might be even faster with `Buffer.alloc()`,
-   * if your code is not in the hot code path — you also probably won't notice a difference,
-   * keep in mind that zero-filling minimizes the potential risks.
- * If you use it, make sure that you never return the buffer in a partially-filled state,
-   * if you are writing to it sequentially — always truncate it to the actuall written length
-
-Errors in handling buffers allocated with `Buffer.allocUnsafe` could result in various issues,
-ranged from undefined behaviour of your code to sensitive data (user input, passwords, certs)
-leaking to the remote attacker.
-
-_Note that the same applies to `new Buffer` usage without zero-filling, depending on the Node.js
-version (and lacking type checks also adds DoS to the list of potential problems)._
-
-<a id="faq"></a>
-## FAQ
-
-<a id="design-flaws"></a>
-### What is wrong with the `Buffer` constructor?
-
-The `Buffer` constructor could be used to create a buffer in many different ways:
-
-- `new Buffer(42)` creates a `Buffer` of 42 bytes. Before Node.js 8, this buffer contained
-  *arbitrary memory* for performance reasons, which could include anything ranging from
-  program source code to passwords and encryption keys.
-- `new Buffer('abc')` creates a `Buffer` that contains the UTF-8-encoded version of
-  the string `'abc'`. A second argument could specify another encoding: For example,
-  `new Buffer(string, 'base64')` could be used to convert a Base64 string into the original
-  sequence of bytes that it represents.
-- There are several other combinations of arguments.
-
-This meant that, in code like `var buffer = new Buffer(foo);`, *it is not possible to tell
-what exactly the contents of the generated buffer are* without knowing the type of `foo`.
-
-Sometimes, the value of `foo` comes from an external source. For example, this function
-could be exposed as a service on a web server, converting a UTF-8 string into its Base64 form:
-
-```
-function stringToBase64(req, res) {
-  // The request body should have the format of `{ string: 'foobar' }`
-  const rawBytes = new Buffer(req.body.string)
-  const encoded = rawBytes.toString('base64')
-  res.end({ encoded: encoded })
-}
-```
-
-Note that this code does *not* validate the type of `req.body.string`:
-
-- `req.body.string` is expected to be a string. If this is the case, all goes well.
-- `req.body.string` is controlled by the client that sends the request.
-- If `req.body.string` is the *number* `50`, the `rawBytes` would be 50 bytes:
-  - Before Node.js 8, the content would be uninitialized
-  - After Node.js 8, the content would be `50` bytes with the value `0`
-
-Because of the missing type check, an attacker could intentionally send a number
-as part of the request. Using this, they can either:
-
-- Read uninitialized memory. This **will** leak passwords, encryption keys and other
-  kinds of sensitive information. (Information leak)
-- Force the program to allocate a large amount of memory. For example, when specifying
-  `500000000` as the input value, each request will allocate 500MB of memory.
-  This can be used to either exhaust the memory available of a program completely
-  and make it crash, or slow it down significantly. (Denial of Service)
-
-Both of these scenarios are considered serious security issues in a real-world
-web server context.
-
-when using `Buffer.from(req.body.string)` instead, passing a number will always
-throw an exception instead, giving a controlled behaviour that can always be
-handled by the program.
-
-<a id="ecosystem-usage"></a>
-### The `Buffer()` constructor has been deprecated for a while. Is this really an issue?
-
-Surveys of code in the `npm` ecosystem have shown that the `Buffer()` constructor is still
-widely used. This includes new code, and overall usage of such code has actually been
-*increasing*.
diff --git a/src/Servers/ExpressServer/node_modules/safer-buffer/Readme.md b/src/Servers/ExpressServer/node_modules/safer-buffer/Readme.md
deleted file mode 100644
index 14b0822..0000000
--- a/src/Servers/ExpressServer/node_modules/safer-buffer/Readme.md
+++ /dev/null
@@ -1,156 +0,0 @@
-# safer-buffer [![travis][travis-image]][travis-url] [![npm][npm-image]][npm-url] [![javascript style guide][standard-image]][standard-url] [![Security Responsible Disclosure][secuirty-image]][secuirty-url]
-
-[travis-image]: https://travis-ci.org/ChALkeR/safer-buffer.svg?branch=master
-[travis-url]: https://travis-ci.org/ChALkeR/safer-buffer
-[npm-image]: https://img.shields.io/npm/v/safer-buffer.svg
-[npm-url]: https://npmjs.org/package/safer-buffer
-[standard-image]: https://img.shields.io/badge/code_style-standard-brightgreen.svg
-[standard-url]: https://standardjs.com
-[secuirty-image]: https://img.shields.io/badge/Security-Responsible%20Disclosure-green.svg
-[secuirty-url]: https://github.com/nodejs/security-wg/blob/master/processes/responsible_disclosure_template.md
-
-Modern Buffer API polyfill without footguns, working on Node.js from 0.8 to current.
-
-## How to use?
-
-First, port all `Buffer()` and `new Buffer()` calls to `Buffer.alloc()` and `Buffer.from()` API.
-
-Then, to achieve compatibility with outdated Node.js versions (`<4.5.0` and 5.x `<5.9.0`), use
-`const Buffer = require('safer-buffer').Buffer` in all files where you make calls to the new
-Buffer API. _Use `var` instead of `const` if you need that for your Node.js version range support._
-
-Also, see the
-[porting Buffer](https://github.com/ChALkeR/safer-buffer/blob/master/Porting-Buffer.md) guide.
-
-## Do I need it?
-
-Hopefully, not — dropping support for outdated Node.js versions should be fine nowdays, and that
-is the recommended path forward. You _do_ need to port to the `Buffer.alloc()` and `Buffer.from()`
-though.
-
-See the [porting guide](https://github.com/ChALkeR/safer-buffer/blob/master/Porting-Buffer.md)
-for a better description.
-
-## Why not [safe-buffer](https://npmjs.com/safe-buffer)?
-
-_In short: while `safe-buffer` serves as a polyfill for the new API, it allows old API usage and
-itself contains footguns._
-
-`safe-buffer` could be used safely to get the new API while still keeping support for older
-Node.js versions (like this module), but while analyzing ecosystem usage of the old Buffer API
-I found out that `safe-buffer` is itself causing problems in some cases.
-
-For example, consider the following snippet:
-
-```console
-$ cat example.unsafe.js
-console.log(Buffer(20))
-$ ./node-v6.13.0-linux-x64/bin/node example.unsafe.js
-<Buffer 0a 00 00 00 00 00 00 00 28 13 de 02 00 00 00 00 05 00 00 00>
-$ standard example.unsafe.js
-standard: Use JavaScript Standard Style (https://standardjs.com)
-  /home/chalker/repo/safer-buffer/example.unsafe.js:2:13: 'Buffer()' was deprecated since v6. Use 'Buffer.alloc()' or 'Buffer.from()' (use 'https://www.npmjs.com/package/safe-buffer' for '<4.5.0') instead.
-```
-
-This is allocates and writes to console an uninitialized chunk of memory.
-[standard](https://www.npmjs.com/package/standard) linter (among others) catch that and warn people
-to avoid using unsafe API.
-
-Let's now throw in `safe-buffer`!
-
-```console
-$ cat example.safe-buffer.js
-const Buffer = require('safe-buffer').Buffer
-console.log(Buffer(20))
-$ standard example.safe-buffer.js
-$ ./node-v6.13.0-linux-x64/bin/node example.safe-buffer.js
-<Buffer 08 00 00 00 00 00 00 00 28 58 01 82 fe 7f 00 00 00 00 00 00>
-```
-
-See the problem? Adding in `safe-buffer` _magically removes the lint warning_, but the behavior
-remains identiсal to what we had before, and when launched on Node.js 6.x LTS — this dumps out
-chunks of uninitialized memory.
-_And this code will still emit runtime warnings on Node.js 10.x and above._
-
-That was done by design. I first considered changing `safe-buffer`, prohibiting old API usage or
-emitting warnings on it, but that significantly diverges from `safe-buffer` design. After some
-discussion, it was decided to move my approach into a separate package, and _this is that separate
-package_.
-
-This footgun is not imaginary — I observed top-downloaded packages doing that kind of thing,
-«fixing» the lint warning by blindly including `safe-buffer` without any actual changes.
-
-Also in some cases, even if the API _was_ migrated to use of safe Buffer API — a random pull request
-can bring unsafe Buffer API usage back to the codebase by adding new calls — and that could go
-unnoticed even if you have a linter prohibiting that (becase of the reason stated above), and even
-pass CI. _I also observed that being done in popular packages._
-
-Some examples:
- * [webdriverio](https://github.com/webdriverio/webdriverio/commit/05cbd3167c12e4930f09ef7cf93b127ba4effae4#diff-124380949022817b90b622871837d56cR31)
-   (a module with 548 759 downloads/month),
- * [websocket-stream](https://github.com/maxogden/websocket-stream/commit/c9312bd24d08271687d76da0fe3c83493871cf61)
-   (218 288 d/m, fix in [maxogden/websocket-stream#142](https://github.com/maxogden/websocket-stream/pull/142)),
- * [node-serialport](https://github.com/node-serialport/node-serialport/commit/e8d9d2b16c664224920ce1c895199b1ce2def48c)
-   (113 138 d/m, fix in [node-serialport/node-serialport#1510](https://github.com/node-serialport/node-serialport/pull/1510)),
- * [karma](https://github.com/karma-runner/karma/commit/3d94b8cf18c695104ca195334dc75ff054c74eec)
-   (3 973 193 d/m, fix in [karma-runner/karma#2947](https://github.com/karma-runner/karma/pull/2947)),
- * [spdy-transport](https://github.com/spdy-http2/spdy-transport/commit/5375ac33f4a62a4f65bcfc2827447d42a5dbe8b1)
-   (5 970 727 d/m, fix in [spdy-http2/spdy-transport#53](https://github.com/spdy-http2/spdy-transport/pull/53)).
- * And there are a lot more over the ecosystem.
-
-I filed a PR at
-[mysticatea/eslint-plugin-node#110](https://github.com/mysticatea/eslint-plugin-node/pull/110) to
-partially fix that (for cases when that lint rule is used), but it is a semver-major change for
-linter rules and presets, so it would take significant time for that to reach actual setups.
-_It also hasn't been released yet (2018-03-20)._
-
-Also, `safer-buffer` discourages the usage of `.allocUnsafe()`, which is often done by a mistake.
-It still supports it with an explicit concern barier, by placing it under
-`require('safer-buffer/dangereous')`.
-
-## But isn't throwing bad?
-
-Not really. It's an error that could be noticed and fixed early, instead of causing havoc later like
-unguarded `new Buffer()` calls that end up receiving user input can do.
-
-This package affects only the files where `var Buffer = require('safer-buffer').Buffer` was done, so
-it is really simple to keep track of things and make sure that you don't mix old API usage with that.
-Also, CI should hint anything that you might have missed.
-
-New commits, if tested, won't land new usage of unsafe Buffer API this way.
-_Node.js 10.x also deals with that by printing a runtime depecation warning._
-
-### Would it affect third-party modules?
-
-No, unless you explicitly do an awful thing like monkey-patching or overriding the built-in `Buffer`.
-Don't do that.
-
-### But I don't want throwing…
-
-That is also fine!
-
-Also, it could be better in some cases when you don't comprehensive enough test coverage.
-
-In that case — just don't override `Buffer` and use
-`var SaferBuffer = require('safer-buffer').Buffer` instead.
-
-That way, everything using `Buffer` natively would still work, but there would be two drawbacks:
-
-* `Buffer.from`/`Buffer.alloc` won't be polyfilled — use `SaferBuffer.from` and
-  `SaferBuffer.alloc` instead.
-* You are still open to accidentally using the insecure deprecated API — use a linter to catch that.
-
-Note that using a linter to catch accidential `Buffer` constructor usage in this case is strongly
-recommended. `Buffer` is not overriden in this usecase, so linters won't get confused.
-
-## «Without footguns»?
-
-Well, it is still possible to do _some_ things with `Buffer` API, e.g. accessing `.buffer` property
-on older versions and duping things from there. You shouldn't do that in your code, probabably.
-
-The intention is to remove the most significant footguns that affect lots of packages in the
-ecosystem, and to do it in the proper way.
-
-Also, this package doesn't protect against security issues affecting some Node.js versions, so for
-usage in your own production code, it is still recommended to update to a Node.js version
-[supported by upstream](https://github.com/nodejs/release#release-schedule).
diff --git a/src/Servers/ExpressServer/node_modules/safer-buffer/dangerous.js b/src/Servers/ExpressServer/node_modules/safer-buffer/dangerous.js
deleted file mode 100644
index ca41fdc..0000000
--- a/src/Servers/ExpressServer/node_modules/safer-buffer/dangerous.js
+++ /dev/null
@@ -1,58 +0,0 @@
-/* eslint-disable node/no-deprecated-api */
-
-'use strict'
-
-var buffer = require('buffer')
-var Buffer = buffer.Buffer
-var safer = require('./safer.js')
-var Safer = safer.Buffer
-
-var dangerous = {}
-
-var key
-
-for (key in safer) {
-  if (!safer.hasOwnProperty(key)) continue
-  dangerous[key] = safer[key]
-}
-
-var Dangereous = dangerous.Buffer = {}
-
-// Copy Safer API
-for (key in Safer) {
-  if (!Safer.hasOwnProperty(key)) continue
-  Dangereous[key] = Safer[key]
-}
-
-// Copy those missing unsafe methods, if they are present
-for (key in Buffer) {
-  if (!Buffer.hasOwnProperty(key)) continue
-  if (Dangereous.hasOwnProperty(key)) continue
-  Dangereous[key] = Buffer[key]
-}
-
-if (!Dangereous.allocUnsafe) {
-  Dangereous.allocUnsafe = function (size) {
-    if (typeof size !== 'number') {
-      throw new TypeError('The "size" argument must be of type number. Received type ' + typeof size)
-    }
-    if (size < 0 || size >= 2 * (1 << 30)) {
-      throw new RangeError('The value "' + size + '" is invalid for option "size"')
-    }
-    return Buffer(size)
-  }
-}
-
-if (!Dangereous.allocUnsafeSlow) {
-  Dangereous.allocUnsafeSlow = function (size) {
-    if (typeof size !== 'number') {
-      throw new TypeError('The "size" argument must be of type number. Received type ' + typeof size)
-    }
-    if (size < 0 || size >= 2 * (1 << 30)) {
-      throw new RangeError('The value "' + size + '" is invalid for option "size"')
-    }
-    return buffer.SlowBuffer(size)
-  }
-}
-
-module.exports = dangerous
diff --git a/src/Servers/ExpressServer/node_modules/safer-buffer/package.json b/src/Servers/ExpressServer/node_modules/safer-buffer/package.json
deleted file mode 100644
index d452b04..0000000
--- a/src/Servers/ExpressServer/node_modules/safer-buffer/package.json
+++ /dev/null
@@ -1,34 +0,0 @@
-{
-  "name": "safer-buffer",
-  "version": "2.1.2",
-  "description": "Modern Buffer API polyfill without footguns",
-  "main": "safer.js",
-  "scripts": {
-    "browserify-test": "browserify --external tape tests.js > browserify-tests.js && tape browserify-tests.js",
-    "test": "standard && tape tests.js"
-  },
-  "author": {
-    "name": "Nikita Skovoroda",
-    "email": "chalkerx@gmail.com",
-    "url": "https://github.com/ChALkeR"
-  },
-  "license": "MIT",
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/ChALkeR/safer-buffer.git"
-  },
-  "bugs": {
-    "url": "https://github.com/ChALkeR/safer-buffer/issues"
-  },
-  "devDependencies": {
-    "standard": "^11.0.1",
-    "tape": "^4.9.0"
-  },
-  "files": [
-    "Porting-Buffer.md",
-    "Readme.md",
-    "tests.js",
-    "dangerous.js",
-    "safer.js"
-  ]
-}
diff --git a/src/Servers/ExpressServer/node_modules/safer-buffer/safer.js b/src/Servers/ExpressServer/node_modules/safer-buffer/safer.js
deleted file mode 100644
index 37c7e1a..0000000
--- a/src/Servers/ExpressServer/node_modules/safer-buffer/safer.js
+++ /dev/null
@@ -1,77 +0,0 @@
-/* eslint-disable node/no-deprecated-api */
-
-'use strict'
-
-var buffer = require('buffer')
-var Buffer = buffer.Buffer
-
-var safer = {}
-
-var key
-
-for (key in buffer) {
-  if (!buffer.hasOwnProperty(key)) continue
-  if (key === 'SlowBuffer' || key === 'Buffer') continue
-  safer[key] = buffer[key]
-}
-
-var Safer = safer.Buffer = {}
-for (key in Buffer) {
-  if (!Buffer.hasOwnProperty(key)) continue
-  if (key === 'allocUnsafe' || key === 'allocUnsafeSlow') continue
-  Safer[key] = Buffer[key]
-}
-
-safer.Buffer.prototype = Buffer.prototype
-
-if (!Safer.from || Safer.from === Uint8Array.from) {
-  Safer.from = function (value, encodingOrOffset, length) {
-    if (typeof value === 'number') {
-      throw new TypeError('The "value" argument must not be of type number. Received type ' + typeof value)
-    }
-    if (value && typeof value.length === 'undefined') {
-      throw new TypeError('The first argument must be one of type string, Buffer, ArrayBuffer, Array, or Array-like Object. Received type ' + typeof value)
-    }
-    return Buffer(value, encodingOrOffset, length)
-  }
-}
-
-if (!Safer.alloc) {
-  Safer.alloc = function (size, fill, encoding) {
-    if (typeof size !== 'number') {
-      throw new TypeError('The "size" argument must be of type number. Received type ' + typeof size)
-    }
-    if (size < 0 || size >= 2 * (1 << 30)) {
-      throw new RangeError('The value "' + size + '" is invalid for option "size"')
-    }
-    var buf = Buffer(size)
-    if (!fill || fill.length === 0) {
-      buf.fill(0)
-    } else if (typeof encoding === 'string') {
-      buf.fill(fill, encoding)
-    } else {
-      buf.fill(fill)
-    }
-    return buf
-  }
-}
-
-if (!safer.kStringMaxLength) {
-  try {
-    safer.kStringMaxLength = process.binding('buffer').kStringMaxLength
-  } catch (e) {
-    // we can't determine kStringMaxLength in environments where process.binding
-    // is unsupported, so let's not set it
-  }
-}
-
-if (!safer.constants) {
-  safer.constants = {
-    MAX_LENGTH: safer.kMaxLength
-  }
-  if (safer.kStringMaxLength) {
-    safer.constants.MAX_STRING_LENGTH = safer.kStringMaxLength
-  }
-}
-
-module.exports = safer
diff --git a/src/Servers/ExpressServer/node_modules/safer-buffer/tests.js b/src/Servers/ExpressServer/node_modules/safer-buffer/tests.js
deleted file mode 100644
index 7ed2777..0000000
--- a/src/Servers/ExpressServer/node_modules/safer-buffer/tests.js
+++ /dev/null
@@ -1,406 +0,0 @@
-/* eslint-disable node/no-deprecated-api */
-
-'use strict'
-
-var test = require('tape')
-
-var buffer = require('buffer')
-
-var index = require('./')
-var safer = require('./safer')
-var dangerous = require('./dangerous')
-
-/* Inheritance tests */
-
-test('Default is Safer', function (t) {
-  t.equal(index, safer)
-  t.notEqual(safer, dangerous)
-  t.notEqual(index, dangerous)
-  t.end()
-})
-
-test('Is not a function', function (t) {
-  [index, safer, dangerous].forEach(function (impl) {
-    t.equal(typeof impl, 'object')
-    t.equal(typeof impl.Buffer, 'object')
-  });
-  [buffer].forEach(function (impl) {
-    t.equal(typeof impl, 'object')
-    t.equal(typeof impl.Buffer, 'function')
-  })
-  t.end()
-})
-
-test('Constructor throws', function (t) {
-  [index, safer, dangerous].forEach(function (impl) {
-    t.throws(function () { impl.Buffer() })
-    t.throws(function () { impl.Buffer(0) })
-    t.throws(function () { impl.Buffer('a') })
-    t.throws(function () { impl.Buffer('a', 'utf-8') })
-    t.throws(function () { return new impl.Buffer() })
-    t.throws(function () { return new impl.Buffer(0) })
-    t.throws(function () { return new impl.Buffer('a') })
-    t.throws(function () { return new impl.Buffer('a', 'utf-8') })
-  })
-  t.end()
-})
-
-test('Safe methods exist', function (t) {
-  [index, safer, dangerous].forEach(function (impl) {
-    t.equal(typeof impl.Buffer.alloc, 'function', 'alloc')
-    t.equal(typeof impl.Buffer.from, 'function', 'from')
-  })
-  t.end()
-})
-
-test('Unsafe methods exist only in Dangerous', function (t) {
-  [index, safer].forEach(function (impl) {
-    t.equal(typeof impl.Buffer.allocUnsafe, 'undefined')
-    t.equal(typeof impl.Buffer.allocUnsafeSlow, 'undefined')
-  });
-  [dangerous].forEach(function (impl) {
-    t.equal(typeof impl.Buffer.allocUnsafe, 'function')
-    t.equal(typeof impl.Buffer.allocUnsafeSlow, 'function')
-  })
-  t.end()
-})
-
-test('Generic methods/properties are defined and equal', function (t) {
-  ['poolSize', 'isBuffer', 'concat', 'byteLength'].forEach(function (method) {
-    [index, safer, dangerous].forEach(function (impl) {
-      t.equal(impl.Buffer[method], buffer.Buffer[method], method)
-      t.notEqual(typeof impl.Buffer[method], 'undefined', method)
-    })
-  })
-  t.end()
-})
-
-test('Built-in buffer static methods/properties are inherited', function (t) {
-  Object.keys(buffer).forEach(function (method) {
-    if (method === 'SlowBuffer' || method === 'Buffer') return;
-    [index, safer, dangerous].forEach(function (impl) {
-      t.equal(impl[method], buffer[method], method)
-      t.notEqual(typeof impl[method], 'undefined', method)
-    })
-  })
-  t.end()
-})
-
-test('Built-in Buffer static methods/properties are inherited', function (t) {
-  Object.keys(buffer.Buffer).forEach(function (method) {
-    if (method === 'allocUnsafe' || method === 'allocUnsafeSlow') return;
-    [index, safer, dangerous].forEach(function (impl) {
-      t.equal(impl.Buffer[method], buffer.Buffer[method], method)
-      t.notEqual(typeof impl.Buffer[method], 'undefined', method)
-    })
-  })
-  t.end()
-})
-
-test('.prototype property of Buffer is inherited', function (t) {
-  [index, safer, dangerous].forEach(function (impl) {
-    t.equal(impl.Buffer.prototype, buffer.Buffer.prototype, 'prototype')
-    t.notEqual(typeof impl.Buffer.prototype, 'undefined', 'prototype')
-  })
-  t.end()
-})
-
-test('All Safer methods are present in Dangerous', function (t) {
-  Object.keys(safer).forEach(function (method) {
-    if (method === 'Buffer') return;
-    [index, safer, dangerous].forEach(function (impl) {
-      t.equal(impl[method], safer[method], method)
-      if (method !== 'kStringMaxLength') {
-        t.notEqual(typeof impl[method], 'undefined', method)
-      }
-    })
-  })
-  Object.keys(safer.Buffer).forEach(function (method) {
-    [index, safer, dangerous].forEach(function (impl) {
-      t.equal(impl.Buffer[method], safer.Buffer[method], method)
-      t.notEqual(typeof impl.Buffer[method], 'undefined', method)
-    })
-  })
-  t.end()
-})
-
-test('Safe methods from Dangerous methods are present in Safer', function (t) {
-  Object.keys(dangerous).forEach(function (method) {
-    if (method === 'Buffer') return;
-    [index, safer, dangerous].forEach(function (impl) {
-      t.equal(impl[method], dangerous[method], method)
-      if (method !== 'kStringMaxLength') {
-        t.notEqual(typeof impl[method], 'undefined', method)
-      }
-    })
-  })
-  Object.keys(dangerous.Buffer).forEach(function (method) {
-    if (method === 'allocUnsafe' || method === 'allocUnsafeSlow') return;
-    [index, safer, dangerous].forEach(function (impl) {
-      t.equal(impl.Buffer[method], dangerous.Buffer[method], method)
-      t.notEqual(typeof impl.Buffer[method], 'undefined', method)
-    })
-  })
-  t.end()
-})
-
-/* Behaviour tests */
-
-test('Methods return Buffers', function (t) {
-  [index, safer, dangerous].forEach(function (impl) {
-    t.ok(buffer.Buffer.isBuffer(impl.Buffer.alloc(0)))
-    t.ok(buffer.Buffer.isBuffer(impl.Buffer.alloc(0, 10)))
-    t.ok(buffer.Buffer.isBuffer(impl.Buffer.alloc(0, 'a')))
-    t.ok(buffer.Buffer.isBuffer(impl.Buffer.alloc(10)))
-    t.ok(buffer.Buffer.isBuffer(impl.Buffer.alloc(10, 'x')))
-    t.ok(buffer.Buffer.isBuffer(impl.Buffer.alloc(9, 'ab')))
-    t.ok(buffer.Buffer.isBuffer(impl.Buffer.from('')))
-    t.ok(buffer.Buffer.isBuffer(impl.Buffer.from('string')))
-    t.ok(buffer.Buffer.isBuffer(impl.Buffer.from('string', 'utf-8')))
-    t.ok(buffer.Buffer.isBuffer(impl.Buffer.from('b25ldHdvdGhyZWU=', 'base64')))
-    t.ok(buffer.Buffer.isBuffer(impl.Buffer.from([0, 42, 3])))
-    t.ok(buffer.Buffer.isBuffer(impl.Buffer.from(new Uint8Array([0, 42, 3]))))
-    t.ok(buffer.Buffer.isBuffer(impl.Buffer.from([])))
-  });
-  ['allocUnsafe', 'allocUnsafeSlow'].forEach(function (method) {
-    t.ok(buffer.Buffer.isBuffer(dangerous.Buffer[method](0)))
-    t.ok(buffer.Buffer.isBuffer(dangerous.Buffer[method](10)))
-  })
-  t.end()
-})
-
-test('Constructor is buffer.Buffer', function (t) {
-  [index, safer, dangerous].forEach(function (impl) {
-    t.equal(impl.Buffer.alloc(0).constructor, buffer.Buffer)
-    t.equal(impl.Buffer.alloc(0, 10).constructor, buffer.Buffer)
-    t.equal(impl.Buffer.alloc(0, 'a').constructor, buffer.Buffer)
-    t.equal(impl.Buffer.alloc(10).constructor, buffer.Buffer)
-    t.equal(impl.Buffer.alloc(10, 'x').constructor, buffer.Buffer)
-    t.equal(impl.Buffer.alloc(9, 'ab').constructor, buffer.Buffer)
-    t.equal(impl.Buffer.from('').constructor, buffer.Buffer)
-    t.equal(impl.Buffer.from('string').constructor, buffer.Buffer)
-    t.equal(impl.Buffer.from('string', 'utf-8').constructor, buffer.Buffer)
-    t.equal(impl.Buffer.from('b25ldHdvdGhyZWU=', 'base64').constructor, buffer.Buffer)
-    t.equal(impl.Buffer.from([0, 42, 3]).constructor, buffer.Buffer)
-    t.equal(impl.Buffer.from(new Uint8Array([0, 42, 3])).constructor, buffer.Buffer)
-    t.equal(impl.Buffer.from([]).constructor, buffer.Buffer)
-  });
-  [0, 10, 100].forEach(function (arg) {
-    t.equal(dangerous.Buffer.allocUnsafe(arg).constructor, buffer.Buffer)
-    t.equal(dangerous.Buffer.allocUnsafeSlow(arg).constructor, buffer.SlowBuffer(0).constructor)
-  })
-  t.end()
-})
-
-test('Invalid calls throw', function (t) {
-  [index, safer, dangerous].forEach(function (impl) {
-    t.throws(function () { impl.Buffer.from(0) })
-    t.throws(function () { impl.Buffer.from(10) })
-    t.throws(function () { impl.Buffer.from(10, 'utf-8') })
-    t.throws(function () { impl.Buffer.from('string', 'invalid encoding') })
-    t.throws(function () { impl.Buffer.from(-10) })
-    t.throws(function () { impl.Buffer.from(1e90) })
-    t.throws(function () { impl.Buffer.from(Infinity) })
-    t.throws(function () { impl.Buffer.from(-Infinity) })
-    t.throws(function () { impl.Buffer.from(NaN) })
-    t.throws(function () { impl.Buffer.from(null) })
-    t.throws(function () { impl.Buffer.from(undefined) })
-    t.throws(function () { impl.Buffer.from() })
-    t.throws(function () { impl.Buffer.from({}) })
-    t.throws(function () { impl.Buffer.alloc('') })
-    t.throws(function () { impl.Buffer.alloc('string') })
-    t.throws(function () { impl.Buffer.alloc('string', 'utf-8') })
-    t.throws(function () { impl.Buffer.alloc('b25ldHdvdGhyZWU=', 'base64') })
-    t.throws(function () { impl.Buffer.alloc(-10) })
-    t.throws(function () { impl.Buffer.alloc(1e90) })
-    t.throws(function () { impl.Buffer.alloc(2 * (1 << 30)) })
-    t.throws(function () { impl.Buffer.alloc(Infinity) })
-    t.throws(function () { impl.Buffer.alloc(-Infinity) })
-    t.throws(function () { impl.Buffer.alloc(null) })
-    t.throws(function () { impl.Buffer.alloc(undefined) })
-    t.throws(function () { impl.Buffer.alloc() })
-    t.throws(function () { impl.Buffer.alloc([]) })
-    t.throws(function () { impl.Buffer.alloc([0, 42, 3]) })
-    t.throws(function () { impl.Buffer.alloc({}) })
-  });
-  ['allocUnsafe', 'allocUnsafeSlow'].forEach(function (method) {
-    t.throws(function () { dangerous.Buffer[method]('') })
-    t.throws(function () { dangerous.Buffer[method]('string') })
-    t.throws(function () { dangerous.Buffer[method]('string', 'utf-8') })
-    t.throws(function () { dangerous.Buffer[method](2 * (1 << 30)) })
-    t.throws(function () { dangerous.Buffer[method](Infinity) })
-    if (dangerous.Buffer[method] === buffer.Buffer.allocUnsafe) {
-      t.skip('Skipping, older impl of allocUnsafe coerced negative sizes to 0')
-    } else {
-      t.throws(function () { dangerous.Buffer[method](-10) })
-      t.throws(function () { dangerous.Buffer[method](-1e90) })
-      t.throws(function () { dangerous.Buffer[method](-Infinity) })
-    }
-    t.throws(function () { dangerous.Buffer[method](null) })
-    t.throws(function () { dangerous.Buffer[method](undefined) })
-    t.throws(function () { dangerous.Buffer[method]() })
-    t.throws(function () { dangerous.Buffer[method]([]) })
-    t.throws(function () { dangerous.Buffer[method]([0, 42, 3]) })
-    t.throws(function () { dangerous.Buffer[method]({}) })
-  })
-  t.end()
-})
-
-test('Buffers have appropriate lengths', function (t) {
-  [index, safer, dangerous].forEach(function (impl) {
-    t.equal(impl.Buffer.alloc(0).length, 0)
-    t.equal(impl.Buffer.alloc(10).length, 10)
-    t.equal(impl.Buffer.from('').length, 0)
-    t.equal(impl.Buffer.from('string').length, 6)
-    t.equal(impl.Buffer.from('string', 'utf-8').length, 6)
-    t.equal(impl.Buffer.from('b25ldHdvdGhyZWU=', 'base64').length, 11)
-    t.equal(impl.Buffer.from([0, 42, 3]).length, 3)
-    t.equal(impl.Buffer.from(new Uint8Array([0, 42, 3])).length, 3)
-    t.equal(impl.Buffer.from([]).length, 0)
-  });
-  ['allocUnsafe', 'allocUnsafeSlow'].forEach(function (method) {
-    t.equal(dangerous.Buffer[method](0).length, 0)
-    t.equal(dangerous.Buffer[method](10).length, 10)
-  })
-  t.end()
-})
-
-test('Buffers have appropriate lengths (2)', function (t) {
-  t.equal(index.Buffer.alloc, safer.Buffer.alloc)
-  t.equal(index.Buffer.alloc, dangerous.Buffer.alloc)
-  var ok = true;
-  [ safer.Buffer.alloc,
-    dangerous.Buffer.allocUnsafe,
-    dangerous.Buffer.allocUnsafeSlow
-  ].forEach(function (method) {
-    for (var i = 0; i < 1e2; i++) {
-      var length = Math.round(Math.random() * 1e5)
-      var buf = method(length)
-      if (!buffer.Buffer.isBuffer(buf)) ok = false
-      if (buf.length !== length) ok = false
-    }
-  })
-  t.ok(ok)
-  t.end()
-})
-
-test('.alloc(size) is zero-filled and has correct length', function (t) {
-  t.equal(index.Buffer.alloc, safer.Buffer.alloc)
-  t.equal(index.Buffer.alloc, dangerous.Buffer.alloc)
-  var ok = true
-  for (var i = 0; i < 1e2; i++) {
-    var length = Math.round(Math.random() * 2e6)
-    var buf = index.Buffer.alloc(length)
-    if (!buffer.Buffer.isBuffer(buf)) ok = false
-    if (buf.length !== length) ok = false
-    var j
-    for (j = 0; j < length; j++) {
-      if (buf[j] !== 0) ok = false
-    }
-    buf.fill(1)
-    for (j = 0; j < length; j++) {
-      if (buf[j] !== 1) ok = false
-    }
-  }
-  t.ok(ok)
-  t.end()
-})
-
-test('.allocUnsafe / .allocUnsafeSlow are fillable and have correct lengths', function (t) {
-  ['allocUnsafe', 'allocUnsafeSlow'].forEach(function (method) {
-    var ok = true
-    for (var i = 0; i < 1e2; i++) {
-      var length = Math.round(Math.random() * 2e6)
-      var buf = dangerous.Buffer[method](length)
-      if (!buffer.Buffer.isBuffer(buf)) ok = false
-      if (buf.length !== length) ok = false
-      buf.fill(0, 0, length)
-      var j
-      for (j = 0; j < length; j++) {
-        if (buf[j] !== 0) ok = false
-      }
-      buf.fill(1, 0, length)
-      for (j = 0; j < length; j++) {
-        if (buf[j] !== 1) ok = false
-      }
-    }
-    t.ok(ok, method)
-  })
-  t.end()
-})
-
-test('.alloc(size, fill) is `fill`-filled', function (t) {
-  t.equal(index.Buffer.alloc, safer.Buffer.alloc)
-  t.equal(index.Buffer.alloc, dangerous.Buffer.alloc)
-  var ok = true
-  for (var i = 0; i < 1e2; i++) {
-    var length = Math.round(Math.random() * 2e6)
-    var fill = Math.round(Math.random() * 255)
-    var buf = index.Buffer.alloc(length, fill)
-    if (!buffer.Buffer.isBuffer(buf)) ok = false
-    if (buf.length !== length) ok = false
-    for (var j = 0; j < length; j++) {
-      if (buf[j] !== fill) ok = false
-    }
-  }
-  t.ok(ok)
-  t.end()
-})
-
-test('.alloc(size, fill) is `fill`-filled', function (t) {
-  t.equal(index.Buffer.alloc, safer.Buffer.alloc)
-  t.equal(index.Buffer.alloc, dangerous.Buffer.alloc)
-  var ok = true
-  for (var i = 0; i < 1e2; i++) {
-    var length = Math.round(Math.random() * 2e6)
-    var fill = Math.round(Math.random() * 255)
-    var buf = index.Buffer.alloc(length, fill)
-    if (!buffer.Buffer.isBuffer(buf)) ok = false
-    if (buf.length !== length) ok = false
-    for (var j = 0; j < length; j++) {
-      if (buf[j] !== fill) ok = false
-    }
-  }
-  t.ok(ok)
-  t.deepEqual(index.Buffer.alloc(9, 'a'), index.Buffer.alloc(9, 97))
-  t.notDeepEqual(index.Buffer.alloc(9, 'a'), index.Buffer.alloc(9, 98))
-
-  var tmp = new buffer.Buffer(2)
-  tmp.fill('ok')
-  if (tmp[1] === tmp[0]) {
-    // Outdated Node.js
-    t.deepEqual(index.Buffer.alloc(5, 'ok'), index.Buffer.from('ooooo'))
-  } else {
-    t.deepEqual(index.Buffer.alloc(5, 'ok'), index.Buffer.from('okoko'))
-  }
-  t.notDeepEqual(index.Buffer.alloc(5, 'ok'), index.Buffer.from('kokok'))
-
-  t.end()
-})
-
-test('safer.Buffer.from returns results same as Buffer constructor', function (t) {
-  [index, safer, dangerous].forEach(function (impl) {
-    t.deepEqual(impl.Buffer.from(''), new buffer.Buffer(''))
-    t.deepEqual(impl.Buffer.from('string'), new buffer.Buffer('string'))
-    t.deepEqual(impl.Buffer.from('string', 'utf-8'), new buffer.Buffer('string', 'utf-8'))
-    t.deepEqual(impl.Buffer.from('b25ldHdvdGhyZWU=', 'base64'), new buffer.Buffer('b25ldHdvdGhyZWU=', 'base64'))
-    t.deepEqual(impl.Buffer.from([0, 42, 3]), new buffer.Buffer([0, 42, 3]))
-    t.deepEqual(impl.Buffer.from(new Uint8Array([0, 42, 3])), new buffer.Buffer(new Uint8Array([0, 42, 3])))
-    t.deepEqual(impl.Buffer.from([]), new buffer.Buffer([]))
-  })
-  t.end()
-})
-
-test('safer.Buffer.from returns consistent results', function (t) {
-  [index, safer, dangerous].forEach(function (impl) {
-    t.deepEqual(impl.Buffer.from(''), impl.Buffer.alloc(0))
-    t.deepEqual(impl.Buffer.from([]), impl.Buffer.alloc(0))
-    t.deepEqual(impl.Buffer.from(new Uint8Array([])), impl.Buffer.alloc(0))
-    t.deepEqual(impl.Buffer.from('string', 'utf-8'), impl.Buffer.from('string'))
-    t.deepEqual(impl.Buffer.from('string'), impl.Buffer.from([115, 116, 114, 105, 110, 103]))
-    t.deepEqual(impl.Buffer.from('string'), impl.Buffer.from(impl.Buffer.from('string')))
-    t.deepEqual(impl.Buffer.from('b25ldHdvdGhyZWU=', 'base64'), impl.Buffer.from('onetwothree'))
-    t.notDeepEqual(impl.Buffer.from('b25ldHdvdGhyZWU='), impl.Buffer.from('onetwothree'))
-  })
-  t.end()
-})
diff --git a/src/Servers/ExpressServer/node_modules/send/HISTORY.md b/src/Servers/ExpressServer/node_modules/send/HISTORY.md
deleted file mode 100644
index 13789ba..0000000
--- a/src/Servers/ExpressServer/node_modules/send/HISTORY.md
+++ /dev/null
@@ -1,538 +0,0 @@
-0.19.2 / 2025-12-15
-===================
-
-* deps: use tilde notation for dependencies
-* deps: http-errors@~2.0.1
-* deps: statuses@~2.0.2
-
-0.19.1 / 2024-10-09
-===================
-
-* deps: encodeurl@~2.0.0
-
-0.19.0 / 2024-09-10
-===================
-
-* Remove link renderization in html while redirecting
-
-0.18.0 / 2022-03-23
-===================
-
-  * Fix emitted 416 error missing headers property
-  * Limit the headers removed for 304 response
-  * deps: depd@2.0.0
-    - Replace internal `eval` usage with `Function` constructor
-    - Use instance methods on `process` to check for listeners
-  * deps: destroy@1.2.0
-  * deps: http-errors@2.0.0
-    - deps: depd@2.0.0
-    - deps: statuses@2.0.1
-  * deps: on-finished@2.4.1
-  * deps: statuses@2.0.1
-
-0.17.2 / 2021-12-11
-===================
-
-  * pref: ignore empty http tokens
-  * deps: http-errors@1.8.1
-    - deps: inherits@2.0.4
-    - deps: toidentifier@1.0.1
-    - deps: setprototypeof@1.2.0
-  * deps: ms@2.1.3
-
-0.17.1 / 2019-05-10
-===================
-
-  * Set stricter CSP header in redirect & error responses
-  * deps: range-parser@~1.2.1
-
-0.17.0 / 2019-05-03
-===================
-
-  * deps: http-errors@~1.7.2
-    - Set constructor name when possible
-    - Use `toidentifier` module to make class names
-    - deps: depd@~1.1.2
-    - deps: setprototypeof@1.1.1
-    - deps: statuses@'>= 1.5.0 < 2'
-  * deps: mime@1.6.0
-    - Add extensions for JPEG-2000 images
-    - Add new `font/*` types from IANA
-    - Add WASM mapping
-    - Update `.bdoc` to `application/bdoc`
-    - Update `.bmp` to `image/bmp`
-    - Update `.m4a` to `audio/mp4`
-    - Update `.rtf` to `application/rtf`
-    - Update `.wav` to `audio/wav`
-    - Update `.xml` to `application/xml`
-    - Update generic extensions to `application/octet-stream`:
-      `.deb`, `.dll`, `.dmg`, `.exe`, `.iso`, `.msi`
-    - Use mime-score module to resolve extension conflicts
-  * deps: ms@2.1.1
-    - Add `week`/`w` support
-    - Fix negative number handling
-  * deps: statuses@~1.5.0
-  * perf: remove redundant `path.normalize` call
-
-0.16.2 / 2018-02-07
-===================
-
-  * Fix incorrect end tag in default error & redirects
-  * deps: depd@~1.1.2
-    - perf: remove argument reassignment
-  * deps: encodeurl@~1.0.2
-    - Fix encoding `%` as last character
-  * deps: statuses@~1.4.0
-
-0.16.1 / 2017-09-29
-===================
-
-  * Fix regression in edge-case behavior for empty `path`
-
-0.16.0 / 2017-09-27
-===================
-
-  * Add `immutable` option
-  * Fix missing `</html>` in default error & redirects
-  * Use instance methods on steam to check for listeners
-  * deps: mime@1.4.1
-    - Add 70 new types for file extensions
-    - Set charset as "UTF-8" for .js and .json
-  * perf: improve path validation speed
-
-0.15.6 / 2017-09-22
-===================
-
-  * deps: debug@2.6.9
-  * perf: improve `If-Match` token parsing
-
-0.15.5 / 2017-09-20
-===================
-
-  * deps: etag@~1.8.1
-    - perf: replace regular expression with substring
-  * deps: fresh@0.5.2
-    - Fix handling of modified headers with invalid dates
-    - perf: improve ETag match loop
-    - perf: improve `If-None-Match` token parsing
-
-0.15.4 / 2017-08-05
-===================
-
-  * deps: debug@2.6.8
-  * deps: depd@~1.1.1
-    - Remove unnecessary `Buffer` loading
-  * deps: http-errors@~1.6.2
-    - deps: depd@1.1.1
-
-0.15.3 / 2017-05-16
-===================
-
-  * deps: debug@2.6.7
-    - deps: ms@2.0.0
-  * deps: ms@2.0.0
-
-0.15.2 / 2017-04-26
-===================
-
-  * deps: debug@2.6.4
-    - Fix `DEBUG_MAX_ARRAY_LENGTH`
-    - deps: ms@0.7.3
-  * deps: ms@1.0.0
-
-0.15.1 / 2017-03-04
-===================
-
-  * Fix issue when `Date.parse` does not return `NaN` on invalid date
-  * Fix strict violation in broken environments
-
-0.15.0 / 2017-02-25
-===================
-
-  * Support `If-Match` and `If-Unmodified-Since` headers
-  * Add `res` and `path` arguments to `directory` event
-  * Remove usage of `res._headers` private field
-    - Improves compatibility with Node.js 8 nightly
-  * Send complete HTML document in redirect & error responses
-  * Set default CSP header in redirect & error responses
-  * Use `res.getHeaderNames()` when available
-  * Use `res.headersSent` when available
-  * deps: debug@2.6.1
-    - Allow colors in workers
-    - Deprecated `DEBUG_FD` environment variable set to `3` or higher
-    - Fix error when running under React Native
-    - Use same color for same namespace
-    - deps: ms@0.7.2
-  * deps: etag@~1.8.0
-  * deps: fresh@0.5.0
-    - Fix false detection of `no-cache` request directive
-    - Fix incorrect result when `If-None-Match` has both `*` and ETags
-    - Fix weak `ETag` matching to match spec
-    - perf: delay reading header values until needed
-    - perf: enable strict mode
-    - perf: hoist regular expressions
-    - perf: remove duplicate conditional
-    - perf: remove unnecessary boolean coercions
-    - perf: skip checking modified time if ETag check failed
-    - perf: skip parsing `If-None-Match` when no `ETag` header
-    - perf: use `Date.parse` instead of `new Date`
-  * deps: http-errors@~1.6.1
-    - Make `message` property enumerable for `HttpError`s
-    - deps: setprototypeof@1.0.3
-
-0.14.2 / 2017-01-23
-===================
-
-  * deps: http-errors@~1.5.1
-    - deps: inherits@2.0.3
-    - deps: setprototypeof@1.0.2
-    - deps: statuses@'>= 1.3.1 < 2'
-  * deps: ms@0.7.2
-  * deps: statuses@~1.3.1
-
-0.14.1 / 2016-06-09
-===================
-
-  * Fix redirect error when `path` contains raw non-URL characters
-  * Fix redirect when `path` starts with multiple forward slashes
-
-0.14.0 / 2016-06-06
-===================
-
-  * Add `acceptRanges` option
-  * Add `cacheControl` option
-  * Attempt to combine multiple ranges into single range
-  * Correctly inherit from `Stream` class
-  * Fix `Content-Range` header in 416 responses when using `start`/`end` options
-  * Fix `Content-Range` header missing from default 416 responses
-  * Ignore non-byte `Range` headers
-  * deps: http-errors@~1.5.0
-    - Add `HttpError` export, for `err instanceof createError.HttpError`
-    - Support new code `421 Misdirected Request`
-    - Use `setprototypeof` module to replace `__proto__` setting
-    - deps: inherits@2.0.1
-    - deps: statuses@'>= 1.3.0 < 2'
-    - perf: enable strict mode
-  * deps: range-parser@~1.2.0
-    - Fix incorrectly returning -1 when there is at least one valid range
-    - perf: remove internal function
-  * deps: statuses@~1.3.0
-    - Add `421 Misdirected Request`
-    - perf: enable strict mode
-  * perf: remove argument reassignment
-
-0.13.2 / 2016-03-05
-===================
-
-  * Fix invalid `Content-Type` header when `send.mime.default_type` unset
-
-0.13.1 / 2016-01-16
-===================
-
-  * deps: depd@~1.1.0
-    - Support web browser loading
-    - perf: enable strict mode
-  * deps: destroy@~1.0.4
-    - perf: enable strict mode
-  * deps: escape-html@~1.0.3
-    - perf: enable strict mode
-    - perf: optimize string replacement
-    - perf: use faster string coercion
-  * deps: range-parser@~1.0.3
-    - perf: enable strict mode
-
-0.13.0 / 2015-06-16
-===================
-
-  * Allow Node.js HTTP server to set `Date` response header
-  * Fix incorrectly removing `Content-Location` on 304 response
-  * Improve the default redirect response headers
-  * Send appropriate headers on default error response
-  * Use `http-errors` for standard emitted errors
-  * Use `statuses` instead of `http` module for status messages
-  * deps: escape-html@1.0.2
-  * deps: etag@~1.7.0
-    - Improve stat performance by removing hashing
-  * deps: fresh@0.3.0
-    - Add weak `ETag` matching support
-  * deps: on-finished@~2.3.0
-    - Add defined behavior for HTTP `CONNECT` requests
-    - Add defined behavior for HTTP `Upgrade` requests
-    - deps: ee-first@1.1.1
-  * perf: enable strict mode
-  * perf: remove unnecessary array allocations
-
-0.12.3 / 2015-05-13
-===================
-
-  * deps: debug@~2.2.0
-    - deps: ms@0.7.1
-  * deps: depd@~1.0.1
-  * deps: etag@~1.6.0
-   - Improve support for JXcore
-   - Support "fake" stats objects in environments without `fs`
-  * deps: ms@0.7.1
-    - Prevent extraordinarily long inputs
-  * deps: on-finished@~2.2.1
-
-0.12.2 / 2015-03-13
-===================
-
-  * Throw errors early for invalid `extensions` or `index` options
-  * deps: debug@~2.1.3
-    - Fix high intensity foreground color for bold
-    - deps: ms@0.7.0
-
-0.12.1 / 2015-02-17
-===================
-
-  * Fix regression sending zero-length files
-
-0.12.0 / 2015-02-16
-===================
-
-  * Always read the stat size from the file
-  * Fix mutating passed-in `options`
-  * deps: mime@1.3.4
-
-0.11.1 / 2015-01-20
-===================
-
-  * Fix `root` path disclosure
-
-0.11.0 / 2015-01-05
-===================
-
-  * deps: debug@~2.1.1
-  * deps: etag@~1.5.1
-    - deps: crc@3.2.1
-  * deps: ms@0.7.0
-    - Add `milliseconds`
-    - Add `msecs`
-    - Add `secs`
-    - Add `mins`
-    - Add `hrs`
-    - Add `yrs`
-  * deps: on-finished@~2.2.0
-
-0.10.1 / 2014-10-22
-===================
-
-  * deps: on-finished@~2.1.1
-    - Fix handling of pipelined requests
-
-0.10.0 / 2014-10-15
-===================
-
-  * deps: debug@~2.1.0
-    - Implement `DEBUG_FD` env variable support
-  * deps: depd@~1.0.0
-  * deps: etag@~1.5.0
-    - Improve string performance
-    - Slightly improve speed for weak ETags over 1KB
-
-0.9.3 / 2014-09-24
-==================
-
-  * deps: etag@~1.4.0
-    - Support "fake" stats objects
-
-0.9.2 / 2014-09-15
-==================
-
-  * deps: depd@0.4.5
-  * deps: etag@~1.3.1
-  * deps: range-parser@~1.0.2
-
-0.9.1 / 2014-09-07
-==================
-
-  * deps: fresh@0.2.4
-
-0.9.0 / 2014-09-07
-==================
-
-  * Add `lastModified` option
-  * Use `etag` to generate `ETag` header
-  * deps: debug@~2.0.0
-
-0.8.5 / 2014-09-04
-==================
-
-  * Fix malicious path detection for empty string path
-
-0.8.4 / 2014-09-04
-==================
-
-  * Fix a path traversal issue when using `root`
-
-0.8.3 / 2014-08-16
-==================
-
-  * deps: destroy@1.0.3
-    - renamed from dethroy
-  * deps: on-finished@2.1.0
-
-0.8.2 / 2014-08-14
-==================
-
-  * Work around `fd` leak in Node.js 0.10 for `fs.ReadStream`
-  * deps: dethroy@1.0.2
-
-0.8.1 / 2014-08-05
-==================
-
-  * Fix `extensions` behavior when file already has extension
-
-0.8.0 / 2014-08-05
-==================
-
-  * Add `extensions` option
-
-0.7.4 / 2014-08-04
-==================
-
-  * Fix serving index files without root dir
-
-0.7.3 / 2014-07-29
-==================
-
-  * Fix incorrect 403 on Windows and Node.js 0.11
-
-0.7.2 / 2014-07-27
-==================
-
-  * deps: depd@0.4.4
-    - Work-around v8 generating empty stack traces
-
-0.7.1 / 2014-07-26
-==================
-
- * deps: depd@0.4.3
-   - Fix exception when global `Error.stackTraceLimit` is too low
-
-0.7.0 / 2014-07-20
-==================
-
- * Deprecate `hidden` option; use `dotfiles` option
- * Add `dotfiles` option
- * deps: debug@1.0.4
- * deps: depd@0.4.2
-   - Add `TRACE_DEPRECATION` environment variable
-   - Remove non-standard grey color from color output
-   - Support `--no-deprecation` argument
-   - Support `--trace-deprecation` argument
-
-0.6.0 / 2014-07-11
-==================
-
- * Deprecate `from` option; use `root` option
- * Deprecate `send.etag()` -- use `etag` in `options`
- * Deprecate `send.hidden()` -- use `hidden` in `options`
- * Deprecate `send.index()` -- use `index` in `options`
- * Deprecate `send.maxage()` -- use `maxAge` in `options`
- * Deprecate `send.root()` -- use `root` in `options`
- * Cap `maxAge` value to 1 year
- * deps: debug@1.0.3
-   - Add support for multiple wildcards in namespaces
-
-0.5.0 / 2014-06-28
-==================
-
- * Accept string for `maxAge` (converted by `ms`)
- * Add `headers` event
- * Include link in default redirect response
- * Use `EventEmitter.listenerCount` to count listeners
-
-0.4.3 / 2014-06-11
-==================
-
- * Do not throw un-catchable error on file open race condition
- * Use `escape-html` for HTML escaping
- * deps: debug@1.0.2
-   - fix some debugging output colors on node.js 0.8
- * deps: finished@1.2.2
- * deps: fresh@0.2.2
-
-0.4.2 / 2014-06-09
-==================
-
- * fix "event emitter leak" warnings
- * deps: debug@1.0.1
- * deps: finished@1.2.1
-
-0.4.1 / 2014-06-02
-==================
-
- * Send `max-age` in `Cache-Control` in correct format
-
-0.4.0 / 2014-05-27
-==================
-
- * Calculate ETag with md5 for reduced collisions
- * Fix wrong behavior when index file matches directory
- * Ignore stream errors after request ends
-   - Goodbye `EBADF, read`
- * Skip directories in index file search
- * deps: debug@0.8.1
-
-0.3.0 / 2014-04-24
-==================
-
- * Fix sending files with dots without root set
- * Coerce option types
- * Accept API options in options object
- * Set etags to "weak"
- * Include file path in etag
- * Make "Can't set headers after they are sent." catchable
- * Send full entity-body for multi range requests
- * Default directory access to 403 when index disabled
- * Support multiple index paths
- * Support "If-Range" header
- * Control whether to generate etags
- * deps: mime@1.2.11
-
-0.2.0 / 2014-01-29
-==================
-
- * update range-parser and fresh
-
-0.1.4 / 2013-08-11
-==================
-
- * update fresh
-
-0.1.3 / 2013-07-08
-==================
-
- * Revert "Fix fd leak"
-
-0.1.2 / 2013-07-03
-==================
-
- * Fix fd leak
-
-0.1.0 / 2012-08-25
-==================
-
-  * add options parameter to send() that is passed to fs.createReadStream() [kanongil]
-
-0.0.4 / 2012-08-16
-==================
-
-  * allow custom "Accept-Ranges" definition
-
-0.0.3 / 2012-07-16
-==================
-
-  * fix normalization of the root directory. Closes #3
-
-0.0.2 / 2012-07-09
-==================
-
-  * add passing of req explicitly for now (YUCK)
-
-0.0.1 / 2010-01-03
-==================
-
-  * Initial release
diff --git a/src/Servers/ExpressServer/node_modules/send/LICENSE b/src/Servers/ExpressServer/node_modules/send/LICENSE
deleted file mode 100644
index b6ea1c1..0000000
--- a/src/Servers/ExpressServer/node_modules/send/LICENSE
+++ /dev/null
@@ -1,23 +0,0 @@
-(The MIT License)
-
-Copyright (c) 2012 TJ Holowaychuk
-Copyright (c) 2014-2022 Douglas Christopher Wilson
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-'Software'), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
-CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
-TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
-SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/send/README.md b/src/Servers/ExpressServer/node_modules/send/README.md
deleted file mode 100644
index fadf838..0000000
--- a/src/Servers/ExpressServer/node_modules/send/README.md
+++ /dev/null
@@ -1,327 +0,0 @@
-# send
-
-[![NPM Version][npm-version-image]][npm-url]
-[![NPM Downloads][npm-downloads-image]][npm-url]
-[![Linux Build][github-actions-ci-image]][github-actions-ci-url]
-[![Windows Build][appveyor-image]][appveyor-url]
-[![Test Coverage][coveralls-image]][coveralls-url]
-
-Send is a library for streaming files from the file system as a http response
-supporting partial responses (Ranges), conditional-GET negotiation (If-Match,
-If-Unmodified-Since, If-None-Match, If-Modified-Since), high test coverage,
-and granular events which may be leveraged to take appropriate actions in your
-application or framework.
-
-Looking to serve up entire folders mapped to URLs? Try [serve-static](https://www.npmjs.org/package/serve-static).
-
-## Installation
-
-This is a [Node.js](https://nodejs.org/en/) module available through the
-[npm registry](https://www.npmjs.com/). Installation is done using the
-[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
-
-```bash
-$ npm install send
-```
-
-## API
-
-```js
-var send = require('send')
-```
-
-### send(req, path, [options])
-
-Create a new `SendStream` for the given path to send to a `res`. The `req` is
-the Node.js HTTP request and the `path` is a urlencoded path to send (urlencoded,
-not the actual file-system path).
-
-#### Options
-
-##### acceptRanges
-
-Enable or disable accepting ranged requests, defaults to true.
-Disabling this will not send `Accept-Ranges` and ignore the contents
-of the `Range` request header.
-
-##### cacheControl
-
-Enable or disable setting `Cache-Control` response header, defaults to
-true. Disabling this will ignore the `immutable` and `maxAge` options.
-
-##### dotfiles
-
-Set how "dotfiles" are treated when encountered. A dotfile is a file
-or directory that begins with a dot ("."). Note this check is done on
-the path itself without checking if the path actually exists on the
-disk. If `root` is specified, only the dotfiles above the root are
-checked (i.e. the root itself can be within a dotfile when when set
-to "deny").
-
-  - `'allow'` No special treatment for dotfiles.
-  - `'deny'` Send a 403 for any request for a dotfile.
-  - `'ignore'` Pretend like the dotfile does not exist and 404.
-
-The default value is _similar_ to `'ignore'`, with the exception that
-this default will not ignore the files within a directory that begins
-with a dot, for backward-compatibility.
-
-##### end
-
-Byte offset at which the stream ends, defaults to the length of the file
-minus 1. The end is inclusive in the stream, meaning `end: 3` will include
-the 4th byte in the stream.
-
-##### etag
-
-Enable or disable etag generation, defaults to true.
-
-##### extensions
-
-If a given file doesn't exist, try appending one of the given extensions,
-in the given order. By default, this is disabled (set to `false`). An
-example value that will serve extension-less HTML files: `['html', 'htm']`.
-This is skipped if the requested file already has an extension.
-
-##### immutable
-
-Enable or disable the `immutable` directive in the `Cache-Control` response
-header, defaults to `false`. If set to `true`, the `maxAge` option should
-also be specified to enable caching. The `immutable` directive will prevent
-supported clients from making conditional requests during the life of the
-`maxAge` option to check if the file has changed.
-
-##### index
-
-By default send supports "index.html" files, to disable this
-set `false` or to supply a new index pass a string or an array
-in preferred order.
-
-##### lastModified
-
-Enable or disable `Last-Modified` header, defaults to true. Uses the file
-system's last modified value.
-
-##### maxAge
-
-Provide a max-age in milliseconds for http caching, defaults to 0.
-This can also be a string accepted by the
-[ms](https://www.npmjs.org/package/ms#readme) module.
-
-##### root
-
-Serve files relative to `path`.
-
-##### start
-
-Byte offset at which the stream starts, defaults to 0. The start is inclusive,
-meaning `start: 2` will include the 3rd byte in the stream.
-
-#### Events
-
-The `SendStream` is an event emitter and will emit the following events:
-
-  - `error` an error occurred `(err)`
-  - `directory` a directory was requested `(res, path)`
-  - `file` a file was requested `(path, stat)`
-  - `headers` the headers are about to be set on a file `(res, path, stat)`
-  - `stream` file streaming has started `(stream)`
-  - `end` streaming has completed
-
-#### .pipe
-
-The `pipe` method is used to pipe the response into the Node.js HTTP response
-object, typically `send(req, path, options).pipe(res)`.
-
-### .mime
-
-The `mime` export is the global instance of of the
-[`mime` npm module](https://www.npmjs.com/package/mime).
-
-This is used to configure the MIME types that are associated with file extensions
-as well as other options for how to resolve the MIME type of a file (like the
-default type to use for an unknown file extension).
-
-## Error-handling
-
-By default when no `error` listeners are present an automatic response will be
-made, otherwise you have full control over the response, aka you may show a 5xx
-page etc.
-
-## Caching
-
-It does _not_ perform internal caching, you should use a reverse proxy cache
-such as Varnish for this, or those fancy things called CDNs. If your
-application is small enough that it would benefit from single-node memory
-caching, it's small enough that it does not need caching at all ;).
-
-## Debugging
-
-To enable `debug()` instrumentation output export __DEBUG__:
-
-```
-$ DEBUG=send node app
-```
-
-## Running tests
-
-```
-$ npm install
-$ npm test
-```
-
-## Examples
-
-### Serve a specific file
-
-This simple example will send a specific file to all requests.
-
-```js
-var http = require('http')
-var send = require('send')
-
-var server = http.createServer(function onRequest (req, res) {
-  send(req, '/path/to/index.html')
-    .pipe(res)
-})
-
-server.listen(3000)
-```
-
-### Serve all files from a directory
-
-This simple example will just serve up all the files in a
-given directory as the top-level. For example, a request
-`GET /foo.txt` will send back `/www/public/foo.txt`.
-
-```js
-var http = require('http')
-var parseUrl = require('parseurl')
-var send = require('send')
-
-var server = http.createServer(function onRequest (req, res) {
-  send(req, parseUrl(req).pathname, { root: '/www/public' })
-    .pipe(res)
-})
-
-server.listen(3000)
-```
-
-### Custom file types
-
-```js
-var http = require('http')
-var parseUrl = require('parseurl')
-var send = require('send')
-
-// Default unknown types to text/plain
-send.mime.default_type = 'text/plain'
-
-// Add a custom type
-send.mime.define({
-  'application/x-my-type': ['x-mt', 'x-mtt']
-})
-
-var server = http.createServer(function onRequest (req, res) {
-  send(req, parseUrl(req).pathname, { root: '/www/public' })
-    .pipe(res)
-})
-
-server.listen(3000)
-```
-
-### Custom directory index view
-
-This is a example of serving up a structure of directories with a
-custom function to render a listing of a directory.
-
-```js
-var http = require('http')
-var fs = require('fs')
-var parseUrl = require('parseurl')
-var send = require('send')
-
-// Transfer arbitrary files from within /www/example.com/public/*
-// with a custom handler for directory listing
-var server = http.createServer(function onRequest (req, res) {
-  send(req, parseUrl(req).pathname, { index: false, root: '/www/public' })
-    .once('directory', directory)
-    .pipe(res)
-})
-
-server.listen(3000)
-
-// Custom directory handler
-function directory (res, path) {
-  var stream = this
-
-  // redirect to trailing slash for consistent url
-  if (!stream.hasTrailingSlash()) {
-    return stream.redirect(path)
-  }
-
-  // get directory list
-  fs.readdir(path, function onReaddir (err, list) {
-    if (err) return stream.error(err)
-
-    // render an index for the directory
-    res.setHeader('Content-Type', 'text/plain; charset=UTF-8')
-    res.end(list.join('\n') + '\n')
-  })
-}
-```
-
-### Serving from a root directory with custom error-handling
-
-```js
-var http = require('http')
-var parseUrl = require('parseurl')
-var send = require('send')
-
-var server = http.createServer(function onRequest (req, res) {
-  // your custom error-handling logic:
-  function error (err) {
-    res.statusCode = err.status || 500
-    res.end(err.message)
-  }
-
-  // your custom headers
-  function headers (res, path, stat) {
-    // serve all files for download
-    res.setHeader('Content-Disposition', 'attachment')
-  }
-
-  // your custom directory handling logic:
-  function redirect () {
-    res.statusCode = 301
-    res.setHeader('Location', req.url + '/')
-    res.end('Redirecting to ' + req.url + '/')
-  }
-
-  // transfer arbitrary files from within
-  // /www/example.com/public/*
-  send(req, parseUrl(req).pathname, { root: '/www/public' })
-    .on('error', error)
-    .on('directory', redirect)
-    .on('headers', headers)
-    .pipe(res)
-})
-
-server.listen(3000)
-```
-
-## License
-
-[MIT](LICENSE)
-
-[appveyor-image]: https://badgen.net/appveyor/ci/dougwilson/send/master?label=windows
-[appveyor-url]: https://ci.appveyor.com/project/dougwilson/send
-[coveralls-image]: https://badgen.net/coveralls/c/github/pillarjs/send/master
-[coveralls-url]: https://coveralls.io/r/pillarjs/send?branch=master
-[github-actions-ci-image]: https://badgen.net/github/checks/pillarjs/send/master?label=linux
-[github-actions-ci-url]: https://github.com/pillarjs/send/actions/workflows/ci.yml
-[node-image]: https://badgen.net/npm/node/send
-[node-url]: https://nodejs.org/en/download/
-[npm-downloads-image]: https://badgen.net/npm/dm/send
-[npm-url]: https://npmjs.org/package/send
-[npm-version-image]: https://badgen.net/npm/v/send
diff --git a/src/Servers/ExpressServer/node_modules/send/SECURITY.md b/src/Servers/ExpressServer/node_modules/send/SECURITY.md
deleted file mode 100644
index 46b48f7..0000000
--- a/src/Servers/ExpressServer/node_modules/send/SECURITY.md
+++ /dev/null
@@ -1,24 +0,0 @@
-# Security Policies and Procedures
-
-## Reporting a Bug
-
-The `send` team and community take all security bugs seriously. Thank you
-for improving the security of Express. We appreciate your efforts and
-responsible disclosure and will make every effort to acknowledge your
-contributions.
-
-Report security bugs by emailing the current owner(s) of `send`. This information
-can be found in the npm registry using the command `npm owner ls send`.
-If unsure or unable to get the information from the above, open an issue
-in the [project issue tracker](https://github.com/pillarjs/send/issues)
-asking for the current contact information.
-
-To ensure the timely response to your report, please ensure that the entirety
-of the report is contained within the email body and not solely behind a web
-link or an attachment.
-
-At least one owner will acknowledge your email within 48 hours, and will send a
-more detailed response within 48 hours indicating the next steps in handling
-your report. After the initial reply to your report, the owners will
-endeavor to keep you informed of the progress towards a fix and full
-announcement, and may ask for additional information or guidance.
diff --git a/src/Servers/ExpressServer/node_modules/send/index.js b/src/Servers/ExpressServer/node_modules/send/index.js
deleted file mode 100644
index 768f8ca..0000000
--- a/src/Servers/ExpressServer/node_modules/send/index.js
+++ /dev/null
@@ -1,1142 +0,0 @@
-/*!
- * send
- * Copyright(c) 2012 TJ Holowaychuk
- * Copyright(c) 2014-2022 Douglas Christopher Wilson
- * MIT Licensed
- */
-
-'use strict'
-
-/**
- * Module dependencies.
- * @private
- */
-
-var createError = require('http-errors')
-var debug = require('debug')('send')
-var deprecate = require('depd')('send')
-var destroy = require('destroy')
-var encodeUrl = require('encodeurl')
-var escapeHtml = require('escape-html')
-var etag = require('etag')
-var fresh = require('fresh')
-var fs = require('fs')
-var mime = require('mime')
-var ms = require('ms')
-var onFinished = require('on-finished')
-var parseRange = require('range-parser')
-var path = require('path')
-var statuses = require('statuses')
-var Stream = require('stream')
-var util = require('util')
-
-/**
- * Path function references.
- * @private
- */
-
-var extname = path.extname
-var join = path.join
-var normalize = path.normalize
-var resolve = path.resolve
-var sep = path.sep
-
-/**
- * Regular expression for identifying a bytes Range header.
- * @private
- */
-
-var BYTES_RANGE_REGEXP = /^ *bytes=/
-
-/**
- * Maximum value allowed for the max age.
- * @private
- */
-
-var MAX_MAXAGE = 60 * 60 * 24 * 365 * 1000 // 1 year
-
-/**
- * Regular expression to match a path with a directory up component.
- * @private
- */
-
-var UP_PATH_REGEXP = /(?:^|[\\/])\.\.(?:[\\/]|$)/
-
-/**
- * Module exports.
- * @public
- */
-
-module.exports = send
-module.exports.mime = mime
-
-/**
- * Return a `SendStream` for `req` and `path`.
- *
- * @param {object} req
- * @param {string} path
- * @param {object} [options]
- * @return {SendStream}
- * @public
- */
-
-function send (req, path, options) {
-  return new SendStream(req, path, options)
-}
-
-/**
- * Initialize a `SendStream` with the given `path`.
- *
- * @param {Request} req
- * @param {String} path
- * @param {object} [options]
- * @private
- */
-
-function SendStream (req, path, options) {
-  Stream.call(this)
-
-  var opts = options || {}
-
-  this.options = opts
-  this.path = path
-  this.req = req
-
-  this._acceptRanges = opts.acceptRanges !== undefined
-    ? Boolean(opts.acceptRanges)
-    : true
-
-  this._cacheControl = opts.cacheControl !== undefined
-    ? Boolean(opts.cacheControl)
-    : true
-
-  this._etag = opts.etag !== undefined
-    ? Boolean(opts.etag)
-    : true
-
-  this._dotfiles = opts.dotfiles !== undefined
-    ? opts.dotfiles
-    : 'ignore'
-
-  if (this._dotfiles !== 'ignore' && this._dotfiles !== 'allow' && this._dotfiles !== 'deny') {
-    throw new TypeError('dotfiles option must be "allow", "deny", or "ignore"')
-  }
-
-  this._hidden = Boolean(opts.hidden)
-
-  if (opts.hidden !== undefined) {
-    deprecate('hidden: use dotfiles: \'' + (this._hidden ? 'allow' : 'ignore') + '\' instead')
-  }
-
-  // legacy support
-  if (opts.dotfiles === undefined) {
-    this._dotfiles = undefined
-  }
-
-  this._extensions = opts.extensions !== undefined
-    ? normalizeList(opts.extensions, 'extensions option')
-    : []
-
-  this._immutable = opts.immutable !== undefined
-    ? Boolean(opts.immutable)
-    : false
-
-  this._index = opts.index !== undefined
-    ? normalizeList(opts.index, 'index option')
-    : ['index.html']
-
-  this._lastModified = opts.lastModified !== undefined
-    ? Boolean(opts.lastModified)
-    : true
-
-  this._maxage = opts.maxAge || opts.maxage
-  this._maxage = typeof this._maxage === 'string'
-    ? ms(this._maxage)
-    : Number(this._maxage)
-  this._maxage = !isNaN(this._maxage)
-    ? Math.min(Math.max(0, this._maxage), MAX_MAXAGE)
-    : 0
-
-  this._root = opts.root
-    ? resolve(opts.root)
-    : null
-
-  if (!this._root && opts.from) {
-    this.from(opts.from)
-  }
-}
-
-/**
- * Inherits from `Stream`.
- */
-
-util.inherits(SendStream, Stream)
-
-/**
- * Enable or disable etag generation.
- *
- * @param {Boolean} val
- * @return {SendStream}
- * @api public
- */
-
-SendStream.prototype.etag = deprecate.function(function etag (val) {
-  this._etag = Boolean(val)
-  debug('etag %s', this._etag)
-  return this
-}, 'send.etag: pass etag as option')
-
-/**
- * Enable or disable "hidden" (dot) files.
- *
- * @param {Boolean} path
- * @return {SendStream}
- * @api public
- */
-
-SendStream.prototype.hidden = deprecate.function(function hidden (val) {
-  this._hidden = Boolean(val)
-  this._dotfiles = undefined
-  debug('hidden %s', this._hidden)
-  return this
-}, 'send.hidden: use dotfiles option')
-
-/**
- * Set index `paths`, set to a falsy
- * value to disable index support.
- *
- * @param {String|Boolean|Array} paths
- * @return {SendStream}
- * @api public
- */
-
-SendStream.prototype.index = deprecate.function(function index (paths) {
-  var index = !paths ? [] : normalizeList(paths, 'paths argument')
-  debug('index %o', paths)
-  this._index = index
-  return this
-}, 'send.index: pass index as option')
-
-/**
- * Set root `path`.
- *
- * @param {String} path
- * @return {SendStream}
- * @api public
- */
-
-SendStream.prototype.root = function root (path) {
-  this._root = resolve(String(path))
-  debug('root %s', this._root)
-  return this
-}
-
-SendStream.prototype.from = deprecate.function(SendStream.prototype.root,
-  'send.from: pass root as option')
-
-SendStream.prototype.root = deprecate.function(SendStream.prototype.root,
-  'send.root: pass root as option')
-
-/**
- * Set max-age to `maxAge`.
- *
- * @param {Number} maxAge
- * @return {SendStream}
- * @api public
- */
-
-SendStream.prototype.maxage = deprecate.function(function maxage (maxAge) {
-  this._maxage = typeof maxAge === 'string'
-    ? ms(maxAge)
-    : Number(maxAge)
-  this._maxage = !isNaN(this._maxage)
-    ? Math.min(Math.max(0, this._maxage), MAX_MAXAGE)
-    : 0
-  debug('max-age %d', this._maxage)
-  return this
-}, 'send.maxage: pass maxAge as option')
-
-/**
- * Emit error with `status`.
- *
- * @param {number} status
- * @param {Error} [err]
- * @private
- */
-
-SendStream.prototype.error = function error (status, err) {
-  // emit if listeners instead of responding
-  if (hasListeners(this, 'error')) {
-    return this.emit('error', createHttpError(status, err))
-  }
-
-  var res = this.res
-  var msg = statuses.message[status] || String(status)
-  var doc = createHtmlDocument('Error', escapeHtml(msg))
-
-  // clear existing headers
-  clearHeaders(res)
-
-  // add error headers
-  if (err && err.headers) {
-    setHeaders(res, err.headers)
-  }
-
-  // send basic response
-  res.statusCode = status
-  res.setHeader('Content-Type', 'text/html; charset=UTF-8')
-  res.setHeader('Content-Length', Buffer.byteLength(doc))
-  res.setHeader('Content-Security-Policy', "default-src 'none'")
-  res.setHeader('X-Content-Type-Options', 'nosniff')
-  res.end(doc)
-}
-
-/**
- * Check if the pathname ends with "/".
- *
- * @return {boolean}
- * @private
- */
-
-SendStream.prototype.hasTrailingSlash = function hasTrailingSlash () {
-  return this.path[this.path.length - 1] === '/'
-}
-
-/**
- * Check if this is a conditional GET request.
- *
- * @return {Boolean}
- * @api private
- */
-
-SendStream.prototype.isConditionalGET = function isConditionalGET () {
-  return this.req.headers['if-match'] ||
-    this.req.headers['if-unmodified-since'] ||
-    this.req.headers['if-none-match'] ||
-    this.req.headers['if-modified-since']
-}
-
-/**
- * Check if the request preconditions failed.
- *
- * @return {boolean}
- * @private
- */
-
-SendStream.prototype.isPreconditionFailure = function isPreconditionFailure () {
-  var req = this.req
-  var res = this.res
-
-  // if-match
-  var match = req.headers['if-match']
-  if (match) {
-    var etag = res.getHeader('ETag')
-    return !etag || (match !== '*' && parseTokenList(match).every(function (match) {
-      return match !== etag && match !== 'W/' + etag && 'W/' + match !== etag
-    }))
-  }
-
-  // if-unmodified-since
-  var unmodifiedSince = parseHttpDate(req.headers['if-unmodified-since'])
-  if (!isNaN(unmodifiedSince)) {
-    var lastModified = parseHttpDate(res.getHeader('Last-Modified'))
-    return isNaN(lastModified) || lastModified > unmodifiedSince
-  }
-
-  return false
-}
-
-/**
- * Strip various content header fields for a change in entity.
- *
- * @private
- */
-
-SendStream.prototype.removeContentHeaderFields = function removeContentHeaderFields () {
-  var res = this.res
-
-  res.removeHeader('Content-Encoding')
-  res.removeHeader('Content-Language')
-  res.removeHeader('Content-Length')
-  res.removeHeader('Content-Range')
-  res.removeHeader('Content-Type')
-}
-
-/**
- * Respond with 304 not modified.
- *
- * @api private
- */
-
-SendStream.prototype.notModified = function notModified () {
-  var res = this.res
-  debug('not modified')
-  this.removeContentHeaderFields()
-  res.statusCode = 304
-  res.end()
-}
-
-/**
- * Raise error that headers already sent.
- *
- * @api private
- */
-
-SendStream.prototype.headersAlreadySent = function headersAlreadySent () {
-  var err = new Error('Can\'t set headers after they are sent.')
-  debug('headers already sent')
-  this.error(500, err)
-}
-
-/**
- * Check if the request is cacheable, aka
- * responded with 2xx or 304 (see RFC 2616 section 14.2{5,6}).
- *
- * @return {Boolean}
- * @api private
- */
-
-SendStream.prototype.isCachable = function isCachable () {
-  var statusCode = this.res.statusCode
-  return (statusCode >= 200 && statusCode < 300) ||
-    statusCode === 304
-}
-
-/**
- * Handle stat() error.
- *
- * @param {Error} error
- * @private
- */
-
-SendStream.prototype.onStatError = function onStatError (error) {
-  switch (error.code) {
-    case 'ENAMETOOLONG':
-    case 'ENOENT':
-    case 'ENOTDIR':
-      this.error(404, error)
-      break
-    default:
-      this.error(500, error)
-      break
-  }
-}
-
-/**
- * Check if the cache is fresh.
- *
- * @return {Boolean}
- * @api private
- */
-
-SendStream.prototype.isFresh = function isFresh () {
-  return fresh(this.req.headers, {
-    etag: this.res.getHeader('ETag'),
-    'last-modified': this.res.getHeader('Last-Modified')
-  })
-}
-
-/**
- * Check if the range is fresh.
- *
- * @return {Boolean}
- * @api private
- */
-
-SendStream.prototype.isRangeFresh = function isRangeFresh () {
-  var ifRange = this.req.headers['if-range']
-
-  if (!ifRange) {
-    return true
-  }
-
-  // if-range as etag
-  if (ifRange.indexOf('"') !== -1) {
-    var etag = this.res.getHeader('ETag')
-    return Boolean(etag && ifRange.indexOf(etag) !== -1)
-  }
-
-  // if-range as modified date
-  var lastModified = this.res.getHeader('Last-Modified')
-  return parseHttpDate(lastModified) <= parseHttpDate(ifRange)
-}
-
-/**
- * Redirect to path.
- *
- * @param {string} path
- * @private
- */
-
-SendStream.prototype.redirect = function redirect (path) {
-  var res = this.res
-
-  if (hasListeners(this, 'directory')) {
-    this.emit('directory', res, path)
-    return
-  }
-
-  if (this.hasTrailingSlash()) {
-    this.error(403)
-    return
-  }
-
-  var loc = encodeUrl(collapseLeadingSlashes(this.path + '/'))
-  var doc = createHtmlDocument('Redirecting', 'Redirecting to ' + escapeHtml(loc))
-
-  // redirect
-  res.statusCode = 301
-  res.setHeader('Content-Type', 'text/html; charset=UTF-8')
-  res.setHeader('Content-Length', Buffer.byteLength(doc))
-  res.setHeader('Content-Security-Policy', "default-src 'none'")
-  res.setHeader('X-Content-Type-Options', 'nosniff')
-  res.setHeader('Location', loc)
-  res.end(doc)
-}
-
-/**
- * Pipe to `res.
- *
- * @param {Stream} res
- * @return {Stream} res
- * @api public
- */
-
-SendStream.prototype.pipe = function pipe (res) {
-  // root path
-  var root = this._root
-
-  // references
-  this.res = res
-
-  // decode the path
-  var path = decode(this.path)
-  if (path === -1) {
-    this.error(400)
-    return res
-  }
-
-  // null byte(s)
-  if (~path.indexOf('\0')) {
-    this.error(400)
-    return res
-  }
-
-  var parts
-  if (root !== null) {
-    // normalize
-    if (path) {
-      path = normalize('.' + sep + path)
-    }
-
-    // malicious path
-    if (UP_PATH_REGEXP.test(path)) {
-      debug('malicious path "%s"', path)
-      this.error(403)
-      return res
-    }
-
-    // explode path parts
-    parts = path.split(sep)
-
-    // join / normalize from optional root dir
-    path = normalize(join(root, path))
-  } else {
-    // ".." is malicious without "root"
-    if (UP_PATH_REGEXP.test(path)) {
-      debug('malicious path "%s"', path)
-      this.error(403)
-      return res
-    }
-
-    // explode path parts
-    parts = normalize(path).split(sep)
-
-    // resolve the path
-    path = resolve(path)
-  }
-
-  // dotfile handling
-  if (containsDotFile(parts)) {
-    var access = this._dotfiles
-
-    // legacy support
-    if (access === undefined) {
-      access = parts[parts.length - 1][0] === '.'
-        ? (this._hidden ? 'allow' : 'ignore')
-        : 'allow'
-    }
-
-    debug('%s dotfile "%s"', access, path)
-    switch (access) {
-      case 'allow':
-        break
-      case 'deny':
-        this.error(403)
-        return res
-      case 'ignore':
-      default:
-        this.error(404)
-        return res
-    }
-  }
-
-  // index file support
-  if (this._index.length && this.hasTrailingSlash()) {
-    this.sendIndex(path)
-    return res
-  }
-
-  this.sendFile(path)
-  return res
-}
-
-/**
- * Transfer `path`.
- *
- * @param {String} path
- * @api public
- */
-
-SendStream.prototype.send = function send (path, stat) {
-  var len = stat.size
-  var options = this.options
-  var opts = {}
-  var res = this.res
-  var req = this.req
-  var ranges = req.headers.range
-  var offset = options.start || 0
-
-  if (headersSent(res)) {
-    // impossible to send now
-    this.headersAlreadySent()
-    return
-  }
-
-  debug('pipe "%s"', path)
-
-  // set header fields
-  this.setHeader(path, stat)
-
-  // set content-type
-  this.type(path)
-
-  // conditional GET support
-  if (this.isConditionalGET()) {
-    if (this.isPreconditionFailure()) {
-      this.error(412)
-      return
-    }
-
-    if (this.isCachable() && this.isFresh()) {
-      this.notModified()
-      return
-    }
-  }
-
-  // adjust len to start/end options
-  len = Math.max(0, len - offset)
-  if (options.end !== undefined) {
-    var bytes = options.end - offset + 1
-    if (len > bytes) len = bytes
-  }
-
-  // Range support
-  if (this._acceptRanges && BYTES_RANGE_REGEXP.test(ranges)) {
-    // parse
-    ranges = parseRange(len, ranges, {
-      combine: true
-    })
-
-    // If-Range support
-    if (!this.isRangeFresh()) {
-      debug('range stale')
-      ranges = -2
-    }
-
-    // unsatisfiable
-    if (ranges === -1) {
-      debug('range unsatisfiable')
-
-      // Content-Range
-      res.setHeader('Content-Range', contentRange('bytes', len))
-
-      // 416 Requested Range Not Satisfiable
-      return this.error(416, {
-        headers: { 'Content-Range': res.getHeader('Content-Range') }
-      })
-    }
-
-    // valid (syntactically invalid/multiple ranges are treated as a regular response)
-    if (ranges !== -2 && ranges.length === 1) {
-      debug('range %j', ranges)
-
-      // Content-Range
-      res.statusCode = 206
-      res.setHeader('Content-Range', contentRange('bytes', len, ranges[0]))
-
-      // adjust for requested range
-      offset += ranges[0].start
-      len = ranges[0].end - ranges[0].start + 1
-    }
-  }
-
-  // clone options
-  for (var prop in options) {
-    opts[prop] = options[prop]
-  }
-
-  // set read options
-  opts.start = offset
-  opts.end = Math.max(offset, offset + len - 1)
-
-  // content-length
-  res.setHeader('Content-Length', len)
-
-  // HEAD support
-  if (req.method === 'HEAD') {
-    res.end()
-    return
-  }
-
-  this.stream(path, opts)
-}
-
-/**
- * Transfer file for `path`.
- *
- * @param {String} path
- * @api private
- */
-SendStream.prototype.sendFile = function sendFile (path) {
-  var i = 0
-  var self = this
-
-  debug('stat "%s"', path)
-  fs.stat(path, function onstat (err, stat) {
-    if (err && err.code === 'ENOENT' && !extname(path) && path[path.length - 1] !== sep) {
-      // not found, check extensions
-      return next(err)
-    }
-    if (err) return self.onStatError(err)
-    if (stat.isDirectory()) return self.redirect(path)
-    self.emit('file', path, stat)
-    self.send(path, stat)
-  })
-
-  function next (err) {
-    if (self._extensions.length <= i) {
-      return err
-        ? self.onStatError(err)
-        : self.error(404)
-    }
-
-    var p = path + '.' + self._extensions[i++]
-
-    debug('stat "%s"', p)
-    fs.stat(p, function (err, stat) {
-      if (err) return next(err)
-      if (stat.isDirectory()) return next()
-      self.emit('file', p, stat)
-      self.send(p, stat)
-    })
-  }
-}
-
-/**
- * Transfer index for `path`.
- *
- * @param {String} path
- * @api private
- */
-SendStream.prototype.sendIndex = function sendIndex (path) {
-  var i = -1
-  var self = this
-
-  function next (err) {
-    if (++i >= self._index.length) {
-      if (err) return self.onStatError(err)
-      return self.error(404)
-    }
-
-    var p = join(path, self._index[i])
-
-    debug('stat "%s"', p)
-    fs.stat(p, function (err, stat) {
-      if (err) return next(err)
-      if (stat.isDirectory()) return next()
-      self.emit('file', p, stat)
-      self.send(p, stat)
-    })
-  }
-
-  next()
-}
-
-/**
- * Stream `path` to the response.
- *
- * @param {String} path
- * @param {Object} options
- * @api private
- */
-
-SendStream.prototype.stream = function stream (path, options) {
-  var self = this
-  var res = this.res
-
-  // pipe
-  var stream = fs.createReadStream(path, options)
-  this.emit('stream', stream)
-  stream.pipe(res)
-
-  // cleanup
-  function cleanup () {
-    destroy(stream, true)
-  }
-
-  // response finished, cleanup
-  onFinished(res, cleanup)
-
-  // error handling
-  stream.on('error', function onerror (err) {
-    // clean up stream early
-    cleanup()
-
-    // error
-    self.onStatError(err)
-  })
-
-  // end
-  stream.on('end', function onend () {
-    self.emit('end')
-  })
-}
-
-/**
- * Set content-type based on `path`
- * if it hasn't been explicitly set.
- *
- * @param {String} path
- * @api private
- */
-
-SendStream.prototype.type = function type (path) {
-  var res = this.res
-
-  if (res.getHeader('Content-Type')) return
-
-  var type = mime.lookup(path)
-
-  if (!type) {
-    debug('no content-type')
-    return
-  }
-
-  var charset = mime.charsets.lookup(type)
-
-  debug('content-type %s', type)
-  res.setHeader('Content-Type', type + (charset ? '; charset=' + charset : ''))
-}
-
-/**
- * Set response header fields, most
- * fields may be pre-defined.
- *
- * @param {String} path
- * @param {Object} stat
- * @api private
- */
-
-SendStream.prototype.setHeader = function setHeader (path, stat) {
-  var res = this.res
-
-  this.emit('headers', res, path, stat)
-
-  if (this._acceptRanges && !res.getHeader('Accept-Ranges')) {
-    debug('accept ranges')
-    res.setHeader('Accept-Ranges', 'bytes')
-  }
-
-  if (this._cacheControl && !res.getHeader('Cache-Control')) {
-    var cacheControl = 'public, max-age=' + Math.floor(this._maxage / 1000)
-
-    if (this._immutable) {
-      cacheControl += ', immutable'
-    }
-
-    debug('cache-control %s', cacheControl)
-    res.setHeader('Cache-Control', cacheControl)
-  }
-
-  if (this._lastModified && !res.getHeader('Last-Modified')) {
-    var modified = stat.mtime.toUTCString()
-    debug('modified %s', modified)
-    res.setHeader('Last-Modified', modified)
-  }
-
-  if (this._etag && !res.getHeader('ETag')) {
-    var val = etag(stat)
-    debug('etag %s', val)
-    res.setHeader('ETag', val)
-  }
-}
-
-/**
- * Clear all headers from a response.
- *
- * @param {object} res
- * @private
- */
-
-function clearHeaders (res) {
-  var headers = getHeaderNames(res)
-
-  for (var i = 0; i < headers.length; i++) {
-    res.removeHeader(headers[i])
-  }
-}
-
-/**
- * Collapse all leading slashes into a single slash
- *
- * @param {string} str
- * @private
- */
-function collapseLeadingSlashes (str) {
-  for (var i = 0; i < str.length; i++) {
-    if (str[i] !== '/') {
-      break
-    }
-  }
-
-  return i > 1
-    ? '/' + str.substr(i)
-    : str
-}
-
-/**
- * Determine if path parts contain a dotfile.
- *
- * @api private
- */
-
-function containsDotFile (parts) {
-  for (var i = 0; i < parts.length; i++) {
-    var part = parts[i]
-    if (part.length > 1 && part[0] === '.') {
-      return true
-    }
-  }
-
-  return false
-}
-
-/**
- * Create a Content-Range header.
- *
- * @param {string} type
- * @param {number} size
- * @param {array} [range]
- */
-
-function contentRange (type, size, range) {
-  return type + ' ' + (range ? range.start + '-' + range.end : '*') + '/' + size
-}
-
-/**
- * Create a minimal HTML document.
- *
- * @param {string} title
- * @param {string} body
- * @private
- */
-
-function createHtmlDocument (title, body) {
-  return '<!DOCTYPE html>\n' +
-    '<html lang="en">\n' +
-    '<head>\n' +
-    '<meta charset="utf-8">\n' +
-    '<title>' + title + '</title>\n' +
-    '</head>\n' +
-    '<body>\n' +
-    '<pre>' + body + '</pre>\n' +
-    '</body>\n' +
-    '</html>\n'
-}
-
-/**
- * Create a HttpError object from simple arguments.
- *
- * @param {number} status
- * @param {Error|object} err
- * @private
- */
-
-function createHttpError (status, err) {
-  if (!err) {
-    return createError(status)
-  }
-
-  return err instanceof Error
-    ? createError(status, err, { expose: false })
-    : createError(status, err)
-}
-
-/**
- * decodeURIComponent.
- *
- * Allows V8 to only deoptimize this fn instead of all
- * of send().
- *
- * @param {String} path
- * @api private
- */
-
-function decode (path) {
-  try {
-    return decodeURIComponent(path)
-  } catch (err) {
-    return -1
-  }
-}
-
-/**
- * Get the header names on a respnse.
- *
- * @param {object} res
- * @returns {array[string]}
- * @private
- */
-
-function getHeaderNames (res) {
-  return typeof res.getHeaderNames !== 'function'
-    ? Object.keys(res._headers || {})
-    : res.getHeaderNames()
-}
-
-/**
- * Determine if emitter has listeners of a given type.
- *
- * The way to do this check is done three different ways in Node.js >= 0.8
- * so this consolidates them into a minimal set using instance methods.
- *
- * @param {EventEmitter} emitter
- * @param {string} type
- * @returns {boolean}
- * @private
- */
-
-function hasListeners (emitter, type) {
-  var count = typeof emitter.listenerCount !== 'function'
-    ? emitter.listeners(type).length
-    : emitter.listenerCount(type)
-
-  return count > 0
-}
-
-/**
- * Determine if the response headers have been sent.
- *
- * @param {object} res
- * @returns {boolean}
- * @private
- */
-
-function headersSent (res) {
-  return typeof res.headersSent !== 'boolean'
-    ? Boolean(res._header)
-    : res.headersSent
-}
-
-/**
- * Normalize the index option into an array.
- *
- * @param {boolean|string|array} val
- * @param {string} name
- * @private
- */
-
-function normalizeList (val, name) {
-  var list = [].concat(val || [])
-
-  for (var i = 0; i < list.length; i++) {
-    if (typeof list[i] !== 'string') {
-      throw new TypeError(name + ' must be array of strings or false')
-    }
-  }
-
-  return list
-}
-
-/**
- * Parse an HTTP Date into a number.
- *
- * @param {string} date
- * @private
- */
-
-function parseHttpDate (date) {
-  var timestamp = date && Date.parse(date)
-
-  return typeof timestamp === 'number'
-    ? timestamp
-    : NaN
-}
-
-/**
- * Parse a HTTP token list.
- *
- * @param {string} str
- * @private
- */
-
-function parseTokenList (str) {
-  var end = 0
-  var list = []
-  var start = 0
-
-  // gather tokens
-  for (var i = 0, len = str.length; i < len; i++) {
-    switch (str.charCodeAt(i)) {
-      case 0x20: /*   */
-        if (start === end) {
-          start = end = i + 1
-        }
-        break
-      case 0x2c: /* , */
-        if (start !== end) {
-          list.push(str.substring(start, end))
-        }
-        start = end = i + 1
-        break
-      default:
-        end = i + 1
-        break
-    }
-  }
-
-  // final token
-  if (start !== end) {
-    list.push(str.substring(start, end))
-  }
-
-  return list
-}
-
-/**
- * Set an object of headers on a response.
- *
- * @param {object} res
- * @param {object} headers
- * @private
- */
-
-function setHeaders (res, headers) {
-  var keys = Object.keys(headers)
-
-  for (var i = 0; i < keys.length; i++) {
-    var key = keys[i]
-    res.setHeader(key, headers[key])
-  }
-}
diff --git a/src/Servers/ExpressServer/node_modules/send/node_modules/ms/index.js b/src/Servers/ExpressServer/node_modules/send/node_modules/ms/index.js
deleted file mode 100644
index ea734fb..0000000
--- a/src/Servers/ExpressServer/node_modules/send/node_modules/ms/index.js
+++ /dev/null
@@ -1,162 +0,0 @@
-/**
- * Helpers.
- */
-
-var s = 1000;
-var m = s * 60;
-var h = m * 60;
-var d = h * 24;
-var w = d * 7;
-var y = d * 365.25;
-
-/**
- * Parse or format the given `val`.
- *
- * Options:
- *
- *  - `long` verbose formatting [false]
- *
- * @param {String|Number} val
- * @param {Object} [options]
- * @throws {Error} throw an error if val is not a non-empty string or a number
- * @return {String|Number}
- * @api public
- */
-
-module.exports = function (val, options) {
-  options = options || {};
-  var type = typeof val;
-  if (type === 'string' && val.length > 0) {
-    return parse(val);
-  } else if (type === 'number' && isFinite(val)) {
-    return options.long ? fmtLong(val) : fmtShort(val);
-  }
-  throw new Error(
-    'val is not a non-empty string or a valid number. val=' +
-      JSON.stringify(val)
-  );
-};
-
-/**
- * Parse the given `str` and return milliseconds.
- *
- * @param {String} str
- * @return {Number}
- * @api private
- */
-
-function parse(str) {
-  str = String(str);
-  if (str.length > 100) {
-    return;
-  }
-  var match = /^(-?(?:\d+)?\.?\d+) *(milliseconds?|msecs?|ms|seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)?$/i.exec(
-    str
-  );
-  if (!match) {
-    return;
-  }
-  var n = parseFloat(match[1]);
-  var type = (match[2] || 'ms').toLowerCase();
-  switch (type) {
-    case 'years':
-    case 'year':
-    case 'yrs':
-    case 'yr':
-    case 'y':
-      return n * y;
-    case 'weeks':
-    case 'week':
-    case 'w':
-      return n * w;
-    case 'days':
-    case 'day':
-    case 'd':
-      return n * d;
-    case 'hours':
-    case 'hour':
-    case 'hrs':
-    case 'hr':
-    case 'h':
-      return n * h;
-    case 'minutes':
-    case 'minute':
-    case 'mins':
-    case 'min':
-    case 'm':
-      return n * m;
-    case 'seconds':
-    case 'second':
-    case 'secs':
-    case 'sec':
-    case 's':
-      return n * s;
-    case 'milliseconds':
-    case 'millisecond':
-    case 'msecs':
-    case 'msec':
-    case 'ms':
-      return n;
-    default:
-      return undefined;
-  }
-}
-
-/**
- * Short format for `ms`.
- *
- * @param {Number} ms
- * @return {String}
- * @api private
- */
-
-function fmtShort(ms) {
-  var msAbs = Math.abs(ms);
-  if (msAbs >= d) {
-    return Math.round(ms / d) + 'd';
-  }
-  if (msAbs >= h) {
-    return Math.round(ms / h) + 'h';
-  }
-  if (msAbs >= m) {
-    return Math.round(ms / m) + 'm';
-  }
-  if (msAbs >= s) {
-    return Math.round(ms / s) + 's';
-  }
-  return ms + 'ms';
-}
-
-/**
- * Long format for `ms`.
- *
- * @param {Number} ms
- * @return {String}
- * @api private
- */
-
-function fmtLong(ms) {
-  var msAbs = Math.abs(ms);
-  if (msAbs >= d) {
-    return plural(ms, msAbs, d, 'day');
-  }
-  if (msAbs >= h) {
-    return plural(ms, msAbs, h, 'hour');
-  }
-  if (msAbs >= m) {
-    return plural(ms, msAbs, m, 'minute');
-  }
-  if (msAbs >= s) {
-    return plural(ms, msAbs, s, 'second');
-  }
-  return ms + ' ms';
-}
-
-/**
- * Pluralization helper.
- */
-
-function plural(ms, msAbs, n, name) {
-  var isPlural = msAbs >= n * 1.5;
-  return Math.round(ms / n) + ' ' + name + (isPlural ? 's' : '');
-}
diff --git a/src/Servers/ExpressServer/node_modules/send/node_modules/ms/license.md b/src/Servers/ExpressServer/node_modules/send/node_modules/ms/license.md
deleted file mode 100644
index fa5d39b..0000000
--- a/src/Servers/ExpressServer/node_modules/send/node_modules/ms/license.md
+++ /dev/null
@@ -1,21 +0,0 @@
-The MIT License (MIT)
-
-Copyright (c) 2020 Vercel, Inc.
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/send/node_modules/ms/package.json b/src/Servers/ExpressServer/node_modules/send/node_modules/ms/package.json
deleted file mode 100644
index 4997189..0000000
--- a/src/Servers/ExpressServer/node_modules/send/node_modules/ms/package.json
+++ /dev/null
@@ -1,38 +0,0 @@
-{
-  "name": "ms",
-  "version": "2.1.3",
-  "description": "Tiny millisecond conversion utility",
-  "repository": "vercel/ms",
-  "main": "./index",
-  "files": [
-    "index.js"
-  ],
-  "scripts": {
-    "precommit": "lint-staged",
-    "lint": "eslint lib/* bin/*",
-    "test": "mocha tests.js"
-  },
-  "eslintConfig": {
-    "extends": "eslint:recommended",
-    "env": {
-      "node": true,
-      "es6": true
-    }
-  },
-  "lint-staged": {
-    "*.js": [
-      "npm run lint",
-      "prettier --single-quote --write",
-      "git add"
-    ]
-  },
-  "license": "MIT",
-  "devDependencies": {
-    "eslint": "4.18.2",
-    "expect.js": "0.3.1",
-    "husky": "0.14.3",
-    "lint-staged": "5.0.0",
-    "mocha": "4.0.1",
-    "prettier": "2.0.5"
-  }
-}
diff --git a/src/Servers/ExpressServer/node_modules/send/node_modules/ms/readme.md b/src/Servers/ExpressServer/node_modules/send/node_modules/ms/readme.md
deleted file mode 100644
index 0fc1abb..0000000
--- a/src/Servers/ExpressServer/node_modules/send/node_modules/ms/readme.md
+++ /dev/null
@@ -1,59 +0,0 @@
-# ms
-
-![CI](https://github.com/vercel/ms/workflows/CI/badge.svg)
-
-Use this package to easily convert various time formats to milliseconds.
-
-## Examples
-
-```js
-ms('2 days')  // 172800000
-ms('1d')      // 86400000
-ms('10h')     // 36000000
-ms('2.5 hrs') // 9000000
-ms('2h')      // 7200000
-ms('1m')      // 60000
-ms('5s')      // 5000
-ms('1y')      // 31557600000
-ms('100')     // 100
-ms('-3 days') // -259200000
-ms('-1h')     // -3600000
-ms('-200')    // -200
-```
-
-### Convert from Milliseconds
-
-```js
-ms(60000)             // "1m"
-ms(2 * 60000)         // "2m"
-ms(-3 * 60000)        // "-3m"
-ms(ms('10 hours'))    // "10h"
-```
-
-### Time Format Written-Out
-
-```js
-ms(60000, { long: true })             // "1 minute"
-ms(2 * 60000, { long: true })         // "2 minutes"
-ms(-3 * 60000, { long: true })        // "-3 minutes"
-ms(ms('10 hours'), { long: true })    // "10 hours"
-```
-
-## Features
-
-- Works both in [Node.js](https://nodejs.org) and in the browser
-- If a number is supplied to `ms`, a string with a unit is returned
-- If a string that contains the number is supplied, it returns it as a number (e.g.: it returns `100` for `'100'`)
-- If you pass a string with a number and a valid unit, the number of equivalent milliseconds is returned
-
-## Related Packages
-
-- [ms.macro](https://github.com/knpwrs/ms.macro) - Run `ms` as a macro at build-time.
-
-## Caught a Bug?
-
-1. [Fork](https://help.github.com/articles/fork-a-repo/) this repository to your own GitHub account and then [clone](https://help.github.com/articles/cloning-a-repository/) it to your local device
-2. Link the package to the global module directory: `npm link`
-3. Within the module you want to test your local development instance of ms, just link it to the dependencies: `npm link ms`. Instead of the default one from npm, Node.js will now use your clone of ms!
-
-As always, you can run the tests using: `npm test`
diff --git a/src/Servers/ExpressServer/node_modules/send/package.json b/src/Servers/ExpressServer/node_modules/send/package.json
deleted file mode 100644
index 2d2b805..0000000
--- a/src/Servers/ExpressServer/node_modules/send/package.json
+++ /dev/null
@@ -1,62 +0,0 @@
-{
-  "name": "send",
-  "description": "Better streaming static file server with Range and conditional-GET support",
-  "version": "0.19.2",
-  "author": "TJ Holowaychuk <tj@vision-media.ca>",
-  "contributors": [
-    "Douglas Christopher Wilson <doug@somethingdoug.com>",
-    "James Wyatt Cready <jcready@gmail.com>",
-    "Jesús Leganés Combarro <piranna@gmail.com>"
-  ],
-  "license": "MIT",
-  "repository": "pillarjs/send",
-  "keywords": [
-    "static",
-    "file",
-    "server"
-  ],
-  "dependencies": {
-    "debug": "2.6.9",
-    "depd": "2.0.0",
-    "destroy": "1.2.0",
-    "encodeurl": "~2.0.0",
-    "escape-html": "~1.0.3",
-    "etag": "~1.8.1",
-    "fresh": "~0.5.2",
-    "http-errors": "~2.0.1",
-    "mime": "1.6.0",
-    "ms": "2.1.3",
-    "on-finished": "~2.4.1",
-    "range-parser": "~1.2.1",
-    "statuses": "~2.0.2"
-  },
-  "devDependencies": {
-    "after": "0.8.2",
-    "eslint": "7.32.0",
-    "eslint-config-standard": "14.1.1",
-    "eslint-plugin-import": "2.25.4",
-    "eslint-plugin-markdown": "2.2.1",
-    "eslint-plugin-node": "11.1.0",
-    "eslint-plugin-promise": "5.2.0",
-    "eslint-plugin-standard": "4.1.0",
-    "mocha": "9.2.2",
-    "nyc": "15.1.0",
-    "supertest": "6.2.2"
-  },
-  "files": [
-    "HISTORY.md",
-    "LICENSE",
-    "README.md",
-    "SECURITY.md",
-    "index.js"
-  ],
-  "engines": {
-    "node": ">= 0.8.0"
-  },
-  "scripts": {
-    "lint": "eslint .",
-    "test": "mocha --check-leaks --reporter spec --bail",
-    "test-ci": "nyc --reporter=lcov --reporter=text npm test",
-    "test-cov": "nyc --reporter=html --reporter=text npm test"
-  }
-}
diff --git a/src/Servers/ExpressServer/node_modules/serve-static/HISTORY.md b/src/Servers/ExpressServer/node_modules/serve-static/HISTORY.md
deleted file mode 100644
index 9919669..0000000
--- a/src/Servers/ExpressServer/node_modules/serve-static/HISTORY.md
+++ /dev/null
@@ -1,493 +0,0 @@
-1.16.3 / 2024-12-15
-===================
-
-* deps: send@~0.19.1
-  - deps: encodeurl@~2.0.0 
-
-1.16.2 / 2024-09-11
-===================
-
-* deps: encodeurl@~2.0.0
-
-1.16.1 / 2024-09-11
-===================
-
-* deps: send@0.19.0
-
-1.16.0 / 2024-09-10
-===================
-
-* Remove link renderization in html while redirecting
-
-
-1.15.0 / 2022-03-24
-===================
-
-  * deps: send@0.18.0
-    - Fix emitted 416 error missing headers property
-    - Limit the headers removed for 304 response
-    - deps: depd@2.0.0
-    - deps: destroy@1.2.0
-    - deps: http-errors@2.0.0
-    - deps: on-finished@2.4.1
-    - deps: statuses@2.0.1
-
-1.14.2 / 2021-12-15
-===================
-
-  * deps: send@0.17.2
-    - deps: http-errors@1.8.1
-    - deps: ms@2.1.3
-    - pref: ignore empty http tokens
-
-1.14.1 / 2019-05-10
-===================
-
-  * Set stricter CSP header in redirect response
-  * deps: send@0.17.1
-    - deps: range-parser@~1.2.1
-
-1.14.0 / 2019-05-07
-===================
-
-  * deps: parseurl@~1.3.3
-  * deps: send@0.17.0
-    - deps: http-errors@~1.7.2
-    - deps: mime@1.6.0
-    - deps: ms@2.1.1
-    - deps: statuses@~1.5.0
-    - perf: remove redundant `path.normalize` call
-
-1.13.2 / 2018-02-07
-===================
-
-  * Fix incorrect end tag in redirects
-  * deps: encodeurl@~1.0.2
-    - Fix encoding `%` as last character
-  * deps: send@0.16.2
-    - deps: depd@~1.1.2
-    - deps: encodeurl@~1.0.2
-    - deps: statuses@~1.4.0
-
-1.13.1 / 2017-09-29
-===================
-
-  * Fix regression when `root` is incorrectly set to a file
-  * deps: send@0.16.1
-
-1.13.0 / 2017-09-27
-===================
-
-  * deps: send@0.16.0
-    - Add 70 new types for file extensions
-    - Add `immutable` option
-    - Fix missing `</html>` in default error & redirects
-    - Set charset as "UTF-8" for .js and .json
-    - Use instance methods on steam to check for listeners
-    - deps: mime@1.4.1
-    - perf: improve path validation speed
-
-1.12.6 / 2017-09-22
-===================
-
-  * deps: send@0.15.6
-    - deps: debug@2.6.9
-    - perf: improve `If-Match` token parsing
-  * perf: improve slash collapsing
-
-1.12.5 / 2017-09-21
-===================
-
-  * deps: parseurl@~1.3.2
-    - perf: reduce overhead for full URLs
-    - perf: unroll the "fast-path" `RegExp`
-  * deps: send@0.15.5
-    - Fix handling of modified headers with invalid dates
-    - deps: etag@~1.8.1
-    - deps: fresh@0.5.2
-
-1.12.4 / 2017-08-05
-===================
-
-  * deps: send@0.15.4
-    - deps: debug@2.6.8
-    - deps: depd@~1.1.1
-    - deps: http-errors@~1.6.2
-
-1.12.3 / 2017-05-16
-===================
-
-  * deps: send@0.15.3
-    - deps: debug@2.6.7
-
-1.12.2 / 2017-04-26
-===================
-
-  * deps: send@0.15.2
-    - deps: debug@2.6.4
-
-1.12.1 / 2017-03-04
-===================
-
-  * deps: send@0.15.1
-    - Fix issue when `Date.parse` does not return `NaN` on invalid date
-    - Fix strict violation in broken environments
-
-1.12.0 / 2017-02-25
-===================
-
-  * Send complete HTML document in redirect response
-  * Set default CSP header in redirect response
-  * deps: send@0.15.0
-    - Fix false detection of `no-cache` request directive
-    - Fix incorrect result when `If-None-Match` has both `*` and ETags
-    - Fix weak `ETag` matching to match spec
-    - Remove usage of `res._headers` private field
-    - Support `If-Match` and `If-Unmodified-Since` headers
-    - Use `res.getHeaderNames()` when available
-    - Use `res.headersSent` when available
-    - deps: debug@2.6.1
-    - deps: etag@~1.8.0
-    - deps: fresh@0.5.0
-    - deps: http-errors@~1.6.1
-
-1.11.2 / 2017-01-23
-===================
-
-  * deps: send@0.14.2
-    - deps: http-errors@~1.5.1
-    - deps: ms@0.7.2
-    - deps: statuses@~1.3.1
-
-1.11.1 / 2016-06-10
-===================
-
-  * Fix redirect error when `req.url` contains raw non-URL characters
-  * deps: send@0.14.1
-
-1.11.0 / 2016-06-07
-===================
-
-  * Use status code 301 for redirects
-  * deps: send@0.14.0
-    - Add `acceptRanges` option
-    - Add `cacheControl` option
-    - Attempt to combine multiple ranges into single range
-    - Correctly inherit from `Stream` class
-    - Fix `Content-Range` header in 416 responses when using `start`/`end` options
-    - Fix `Content-Range` header missing from default 416 responses
-    - Ignore non-byte `Range` headers
-    - deps: http-errors@~1.5.0
-    - deps: range-parser@~1.2.0
-    - deps: statuses@~1.3.0
-    - perf: remove argument reassignment
-
-1.10.3 / 2016-05-30
-===================
-
-  * deps: send@0.13.2
-    - Fix invalid `Content-Type` header when `send.mime.default_type` unset
-
-1.10.2 / 2016-01-19
-===================
-
-  * deps: parseurl@~1.3.1
-    - perf: enable strict mode
-
-1.10.1 / 2016-01-16
-===================
-
-  * deps: escape-html@~1.0.3
-    - perf: enable strict mode
-    - perf: optimize string replacement
-    - perf: use faster string coercion
-  * deps: send@0.13.1
-    - deps: depd@~1.1.0
-    - deps: destroy@~1.0.4
-    - deps: escape-html@~1.0.3
-    - deps: range-parser@~1.0.3
-
-1.10.0 / 2015-06-17
-===================
-
-  * Add `fallthrough` option
-    - Allows declaring this middleware is the final destination
-    - Provides better integration with Express patterns
-  * Fix reading options from options prototype
-  * Improve the default redirect response headers
-  * deps: escape-html@1.0.2
-  * deps: send@0.13.0
-    - Allow Node.js HTTP server to set `Date` response header
-    - Fix incorrectly removing `Content-Location` on 304 response
-    - Improve the default redirect response headers
-    - Send appropriate headers on default error response
-    - Use `http-errors` for standard emitted errors
-    - Use `statuses` instead of `http` module for status messages
-    - deps: escape-html@1.0.2
-    - deps: etag@~1.7.0
-    - deps: fresh@0.3.0
-    - deps: on-finished@~2.3.0
-    - perf: enable strict mode
-    - perf: remove unnecessary array allocations
-  * perf: enable strict mode
-  * perf: remove argument reassignment
-
-1.9.3 / 2015-05-14
-==================
-
-  * deps: send@0.12.3
-    - deps: debug@~2.2.0
-    - deps: depd@~1.0.1
-    - deps: etag@~1.6.0
-    - deps: ms@0.7.1
-    - deps: on-finished@~2.2.1
-
-1.9.2 / 2015-03-14
-==================
-
-  * deps: send@0.12.2
-    - Throw errors early for invalid `extensions` or `index` options
-    - deps: debug@~2.1.3
-
-1.9.1 / 2015-02-17
-==================
-
-  * deps: send@0.12.1
-    - Fix regression sending zero-length files
-
-1.9.0 / 2015-02-16
-==================
-
-  * deps: send@0.12.0
-    - Always read the stat size from the file
-    - Fix mutating passed-in `options`
-    - deps: mime@1.3.4
-
-1.8.1 / 2015-01-20
-==================
-
-  * Fix redirect loop in Node.js 0.11.14
-  * deps: send@0.11.1
-    - Fix root path disclosure
-
-1.8.0 / 2015-01-05
-==================
-
-  * deps: send@0.11.0
-    - deps: debug@~2.1.1
-    - deps: etag@~1.5.1
-    - deps: ms@0.7.0
-    - deps: on-finished@~2.2.0
-
-1.7.2 / 2015-01-02
-==================
-
-  * Fix potential open redirect when mounted at root
-
-1.7.1 / 2014-10-22
-==================
-
-  * deps: send@0.10.1
-    - deps: on-finished@~2.1.1
-
-1.7.0 / 2014-10-15
-==================
-
-  * deps: send@0.10.0
-    - deps: debug@~2.1.0
-    - deps: depd@~1.0.0
-    - deps: etag@~1.5.0
-
-1.6.5 / 2015-02-04
-==================
-
-  * Fix potential open redirect when mounted at root
-    - Back-ported from v1.7.2
-
-1.6.4 / 2014-10-08
-==================
-
-  * Fix redirect loop when index file serving disabled
-
-1.6.3 / 2014-09-24
-==================
-
-  * deps: send@0.9.3
-    - deps: etag@~1.4.0
-
-1.6.2 / 2014-09-15
-==================
-
-  * deps: send@0.9.2
-    - deps: depd@0.4.5
-    - deps: etag@~1.3.1
-    - deps: range-parser@~1.0.2
-
-1.6.1 / 2014-09-07
-==================
-
-  * deps: send@0.9.1
-    - deps: fresh@0.2.4
-
-1.6.0 / 2014-09-07
-==================
-
-  * deps: send@0.9.0
-    - Add `lastModified` option
-    - Use `etag` to generate `ETag` header
-    - deps: debug@~2.0.0
-
-1.5.4 / 2014-09-04
-==================
-
-  * deps: send@0.8.5
-    - Fix a path traversal issue when using `root`
-    - Fix malicious path detection for empty string path
-
-1.5.3 / 2014-08-17
-==================
-
-  * deps: send@0.8.3
-
-1.5.2 / 2014-08-14
-==================
-
-  * deps: send@0.8.2
-    - Work around `fd` leak in Node.js 0.10 for `fs.ReadStream`
-
-1.5.1 / 2014-08-09
-==================
-
-  * Fix parsing of weird `req.originalUrl` values
-  * deps: parseurl@~1.3.0
-  * deps: utils-merge@1.0.0
-
-1.5.0 / 2014-08-05
-==================
-
-  * deps: send@0.8.1
-    - Add `extensions` option
-
-1.4.4 / 2014-08-04
-==================
-
-  * deps: send@0.7.4
-    - Fix serving index files without root dir
-
-1.4.3 / 2014-07-29
-==================
-
-  * deps: send@0.7.3
-    - Fix incorrect 403 on Windows and Node.js 0.11
-
-1.4.2 / 2014-07-27
-==================
-
-  * deps: send@0.7.2
-    - deps: depd@0.4.4
-
-1.4.1 / 2014-07-26
-==================
-
-  * deps: send@0.7.1
-    - deps: depd@0.4.3
-
-1.4.0 / 2014-07-21
-==================
-
-  * deps: parseurl@~1.2.0
-    - Cache URLs based on original value
-    - Remove no-longer-needed URL mis-parse work-around
-    - Simplify the "fast-path" `RegExp`
-  * deps: send@0.7.0
-    - Add `dotfiles` option
-    - deps: debug@1.0.4
-    - deps: depd@0.4.2
-
-1.3.2 / 2014-07-11
-==================
-
-  * deps: send@0.6.0
-    - Cap `maxAge` value to 1 year
-    - deps: debug@1.0.3
-
-1.3.1 / 2014-07-09
-==================
-
-  * deps: parseurl@~1.1.3
-    - faster parsing of href-only URLs
-
-1.3.0 / 2014-06-28
-==================
-
-  * Add `setHeaders` option
-  * Include HTML link in redirect response
-  * deps: send@0.5.0
-    - Accept string for `maxAge` (converted by `ms`)
-
-1.2.3 / 2014-06-11
-==================
-
-  * deps: send@0.4.3
-    - Do not throw un-catchable error on file open race condition
-    - Use `escape-html` for HTML escaping
-    - deps: debug@1.0.2
-    - deps: finished@1.2.2
-    - deps: fresh@0.2.2
-
-1.2.2 / 2014-06-09
-==================
-
-  * deps: send@0.4.2
-    - fix "event emitter leak" warnings
-    - deps: debug@1.0.1
-    - deps: finished@1.2.1
-
-1.2.1 / 2014-06-02
-==================
-
-  * use `escape-html` for escaping
-  * deps: send@0.4.1
-    - Send `max-age` in `Cache-Control` in correct format
-
-1.2.0 / 2014-05-29
-==================
-
-  * deps: send@0.4.0
-    - Calculate ETag with md5 for reduced collisions
-    - Fix wrong behavior when index file matches directory
-    - Ignore stream errors after request ends
-    - Skip directories in index file search
-    - deps: debug@0.8.1
-
-1.1.0 / 2014-04-24
-==================
-
-  * Accept options directly to `send` module
-  * deps: send@0.3.0
-
-1.0.4 / 2014-04-07
-==================
-
-  * Resolve relative paths at middleware setup
-  * Use parseurl to parse the URL from request
-
-1.0.3 / 2014-03-20
-==================
-
-  * Do not rely on connect-like environments
-
-1.0.2 / 2014-03-06
-==================
-
-  * deps: send@0.2.0
-
-1.0.1 / 2014-03-05
-==================
-
-  * Add mime export for back-compat
-
-1.0.0 / 2014-03-05
-==================
-
-  * Genesis from `connect`
diff --git a/src/Servers/ExpressServer/node_modules/serve-static/LICENSE b/src/Servers/ExpressServer/node_modules/serve-static/LICENSE
deleted file mode 100644
index cbe62e8..0000000
--- a/src/Servers/ExpressServer/node_modules/serve-static/LICENSE
+++ /dev/null
@@ -1,25 +0,0 @@
-(The MIT License)
-
-Copyright (c) 2010 Sencha Inc.
-Copyright (c) 2011 LearnBoost
-Copyright (c) 2011 TJ Holowaychuk
-Copyright (c) 2014-2016 Douglas Christopher Wilson
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-'Software'), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
-CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
-TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
-SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/serve-static/README.md b/src/Servers/ExpressServer/node_modules/serve-static/README.md
deleted file mode 100644
index 262d944..0000000
--- a/src/Servers/ExpressServer/node_modules/serve-static/README.md
+++ /dev/null
@@ -1,257 +0,0 @@
-# serve-static
-
-[![NPM Version][npm-version-image]][npm-url]
-[![NPM Downloads][npm-downloads-image]][npm-url]
-[![Linux Build][github-actions-ci-image]][github-actions-ci-url]
-[![Windows Build][appveyor-image]][appveyor-url]
-[![Test Coverage][coveralls-image]][coveralls-url]
-
-## Install
-
-This is a [Node.js](https://nodejs.org/en/) module available through the
-[npm registry](https://www.npmjs.com/). Installation is done using the
-[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
-
-```sh
-$ npm install serve-static
-```
-
-## API
-
-```js
-var serveStatic = require('serve-static')
-```
-
-### serveStatic(root, options)
-
-Create a new middleware function to serve files from within a given root
-directory. The file to serve will be determined by combining `req.url`
-with the provided root directory. When a file is not found, instead of
-sending a 404 response, this module will instead call `next()` to move on
-to the next middleware, allowing for stacking and fall-backs.
-
-#### Options
-
-##### acceptRanges
-
-Enable or disable accepting ranged requests, defaults to true.
-Disabling this will not send `Accept-Ranges` and ignore the contents
-of the `Range` request header.
-
-##### cacheControl
-
-Enable or disable setting `Cache-Control` response header, defaults to
-true. Disabling this will ignore the `immutable` and `maxAge` options.
-
-##### dotfiles
-
- Set how "dotfiles" are treated when encountered. A dotfile is a file
-or directory that begins with a dot ("."). Note this check is done on
-the path itself without checking if the path actually exists on the
-disk. If `root` is specified, only the dotfiles above the root are
-checked (i.e. the root itself can be within a dotfile when set
-to "deny").
-
-  - `'allow'` No special treatment for dotfiles.
-  - `'deny'` Deny a request for a dotfile and 403/`next()`.
-  - `'ignore'` Pretend like the dotfile does not exist and 404/`next()`.
-
-The default value is similar to `'ignore'`, with the exception that this
-default will not ignore the files within a directory that begins with a dot.
-
-##### etag
-
-Enable or disable etag generation, defaults to true.
-
-##### extensions
-
-Set file extension fallbacks. When set, if a file is not found, the given
-extensions will be added to the file name and search for. The first that
-exists will be served. Example: `['html', 'htm']`.
-
-The default value is `false`.
-
-##### fallthrough
-
-Set the middleware to have client errors fall-through as just unhandled
-requests, otherwise forward a client error. The difference is that client
-errors like a bad request or a request to a non-existent file will cause
-this middleware to simply `next()` to your next middleware when this value
-is `true`. When this value is `false`, these errors (even 404s), will invoke
-`next(err)`.
-
-Typically `true` is desired such that multiple physical directories can be
-mapped to the same web address or for routes to fill in non-existent files.
-
-The value `false` can be used if this middleware is mounted at a path that
-is designed to be strictly a single file system directory, which allows for
-short-circuiting 404s for less overhead. This middleware will also reply to
-all methods.
-
-The default value is `true`.
-
-##### immutable
-
-Enable or disable the `immutable` directive in the `Cache-Control` response
-header, defaults to `false`. If set to `true`, the `maxAge` option should
-also be specified to enable caching. The `immutable` directive will prevent
-supported clients from making conditional requests during the life of the
-`maxAge` option to check if the file has changed.
-
-##### index
-
-By default this module will send "index.html" files in response to a request
-on a directory. To disable this set `false` or to supply a new index pass a
-string or an array in preferred order.
-
-##### lastModified
-
-Enable or disable `Last-Modified` header, defaults to true. Uses the file
-system's last modified value.
-
-##### maxAge
-
-Provide a max-age in milliseconds for http caching, defaults to 0. This
-can also be a string accepted by the [ms](https://www.npmjs.org/package/ms#readme)
-module.
-
-##### redirect
-
-Redirect to trailing "/" when the pathname is a dir. Defaults to `true`.
-
-##### setHeaders
-
-Function to set custom headers on response. Alterations to the headers need to
-occur synchronously. The function is called as `fn(res, path, stat)`, where
-the arguments are:
-
-  - `res` the response object
-  - `path` the file path that is being sent
-  - `stat` the stat object of the file that is being sent
-
-## Examples
-
-### Serve files with vanilla node.js http server
-
-```js
-var finalhandler = require('finalhandler')
-var http = require('http')
-var serveStatic = require('serve-static')
-
-// Serve up public/ftp folder
-var serve = serveStatic('public/ftp', { index: ['index.html', 'index.htm'] })
-
-// Create server
-var server = http.createServer(function onRequest (req, res) {
-  serve(req, res, finalhandler(req, res))
-})
-
-// Listen
-server.listen(3000)
-```
-
-### Serve all files as downloads
-
-```js
-var contentDisposition = require('content-disposition')
-var finalhandler = require('finalhandler')
-var http = require('http')
-var serveStatic = require('serve-static')
-
-// Serve up public/ftp folder
-var serve = serveStatic('public/ftp', {
-  index: false,
-  setHeaders: setHeaders
-})
-
-// Set header to force download
-function setHeaders (res, path) {
-  res.setHeader('Content-Disposition', contentDisposition(path))
-}
-
-// Create server
-var server = http.createServer(function onRequest (req, res) {
-  serve(req, res, finalhandler(req, res))
-})
-
-// Listen
-server.listen(3000)
-```
-
-### Serving using express
-
-#### Simple
-
-This is a simple example of using Express.
-
-```js
-var express = require('express')
-var serveStatic = require('serve-static')
-
-var app = express()
-
-app.use(serveStatic('public/ftp', { index: ['default.html', 'default.htm'] }))
-app.listen(3000)
-```
-
-#### Multiple roots
-
-This example shows a simple way to search through multiple directories.
-Files are searched for in `public-optimized/` first, then `public/` second
-as a fallback.
-
-```js
-var express = require('express')
-var path = require('path')
-var serveStatic = require('serve-static')
-
-var app = express()
-
-app.use(serveStatic(path.join(__dirname, 'public-optimized')))
-app.use(serveStatic(path.join(__dirname, 'public')))
-app.listen(3000)
-```
-
-#### Different settings for paths
-
-This example shows how to set a different max age depending on the served
-file type. In this example, HTML files are not cached, while everything else
-is for 1 day.
-
-```js
-var express = require('express')
-var path = require('path')
-var serveStatic = require('serve-static')
-
-var app = express()
-
-app.use(serveStatic(path.join(__dirname, 'public'), {
-  maxAge: '1d',
-  setHeaders: setCustomCacheControl
-}))
-
-app.listen(3000)
-
-function setCustomCacheControl (res, path) {
-  if (serveStatic.mime.lookup(path) === 'text/html') {
-    // Custom Cache-Control for HTML files
-    res.setHeader('Cache-Control', 'public, max-age=0')
-  }
-}
-```
-
-## License
-
-[MIT](LICENSE)
-
-[appveyor-image]: https://badgen.net/appveyor/ci/dougwilson/serve-static/master?label=windows
-[appveyor-url]: https://ci.appveyor.com/project/dougwilson/serve-static
-[coveralls-image]: https://badgen.net/coveralls/c/github/expressjs/serve-static/master
-[coveralls-url]: https://coveralls.io/r/expressjs/serve-static?branch=master
-[github-actions-ci-image]: https://badgen.net/github/checks/expressjs/serve-static/master?label=linux
-[github-actions-ci-url]: https://github.com/expressjs/serve-static/actions/workflows/ci.yml
-[node-image]: https://badgen.net/npm/node/serve-static
-[node-url]: https://nodejs.org/en/download/
-[npm-downloads-image]: https://badgen.net/npm/dm/serve-static
-[npm-url]: https://npmjs.org/package/serve-static
-[npm-version-image]: https://badgen.net/npm/v/serve-static
diff --git a/src/Servers/ExpressServer/node_modules/serve-static/index.js b/src/Servers/ExpressServer/node_modules/serve-static/index.js
deleted file mode 100644
index 3f3e64e..0000000
--- a/src/Servers/ExpressServer/node_modules/serve-static/index.js
+++ /dev/null
@@ -1,209 +0,0 @@
-/*!
- * serve-static
- * Copyright(c) 2010 Sencha Inc.
- * Copyright(c) 2011 TJ Holowaychuk
- * Copyright(c) 2014-2016 Douglas Christopher Wilson
- * MIT Licensed
- */
-
-'use strict'
-
-/**
- * Module dependencies.
- * @private
- */
-
-var encodeUrl = require('encodeurl')
-var escapeHtml = require('escape-html')
-var parseUrl = require('parseurl')
-var resolve = require('path').resolve
-var send = require('send')
-var url = require('url')
-
-/**
- * Module exports.
- * @public
- */
-
-module.exports = serveStatic
-module.exports.mime = send.mime
-
-/**
- * @param {string} root
- * @param {object} [options]
- * @return {function}
- * @public
- */
-
-function serveStatic (root, options) {
-  if (!root) {
-    throw new TypeError('root path required')
-  }
-
-  if (typeof root !== 'string') {
-    throw new TypeError('root path must be a string')
-  }
-
-  // copy options object
-  var opts = Object.create(options || null)
-
-  // fall-though
-  var fallthrough = opts.fallthrough !== false
-
-  // default redirect
-  var redirect = opts.redirect !== false
-
-  // headers listener
-  var setHeaders = opts.setHeaders
-
-  if (setHeaders && typeof setHeaders !== 'function') {
-    throw new TypeError('option setHeaders must be function')
-  }
-
-  // setup options for send
-  opts.maxage = opts.maxage || opts.maxAge || 0
-  opts.root = resolve(root)
-
-  // construct directory listener
-  var onDirectory = redirect
-    ? createRedirectDirectoryListener()
-    : createNotFoundDirectoryListener()
-
-  return function serveStatic (req, res, next) {
-    if (req.method !== 'GET' && req.method !== 'HEAD') {
-      if (fallthrough) {
-        return next()
-      }
-
-      // method not allowed
-      res.statusCode = 405
-      res.setHeader('Allow', 'GET, HEAD')
-      res.setHeader('Content-Length', '0')
-      res.end()
-      return
-    }
-
-    var forwardError = !fallthrough
-    var originalUrl = parseUrl.original(req)
-    var path = parseUrl(req).pathname
-
-    // make sure redirect occurs at mount
-    if (path === '/' && originalUrl.pathname.substr(-1) !== '/') {
-      path = ''
-    }
-
-    // create send stream
-    var stream = send(req, path, opts)
-
-    // add directory handler
-    stream.on('directory', onDirectory)
-
-    // add headers listener
-    if (setHeaders) {
-      stream.on('headers', setHeaders)
-    }
-
-    // add file listener for fallthrough
-    if (fallthrough) {
-      stream.on('file', function onFile () {
-        // once file is determined, always forward error
-        forwardError = true
-      })
-    }
-
-    // forward errors
-    stream.on('error', function error (err) {
-      if (forwardError || !(err.statusCode < 500)) {
-        next(err)
-        return
-      }
-
-      next()
-    })
-
-    // pipe
-    stream.pipe(res)
-  }
-}
-
-/**
- * Collapse all leading slashes into a single slash
- * @private
- */
-function collapseLeadingSlashes (str) {
-  for (var i = 0; i < str.length; i++) {
-    if (str.charCodeAt(i) !== 0x2f /* / */) {
-      break
-    }
-  }
-
-  return i > 1
-    ? '/' + str.substr(i)
-    : str
-}
-
-/**
- * Create a minimal HTML document.
- *
- * @param {string} title
- * @param {string} body
- * @private
- */
-
-function createHtmlDocument (title, body) {
-  return '<!DOCTYPE html>\n' +
-    '<html lang="en">\n' +
-    '<head>\n' +
-    '<meta charset="utf-8">\n' +
-    '<title>' + title + '</title>\n' +
-    '</head>\n' +
-    '<body>\n' +
-    '<pre>' + body + '</pre>\n' +
-    '</body>\n' +
-    '</html>\n'
-}
-
-/**
- * Create a directory listener that just 404s.
- * @private
- */
-
-function createNotFoundDirectoryListener () {
-  return function notFound () {
-    this.error(404)
-  }
-}
-
-/**
- * Create a directory listener that performs a redirect.
- * @private
- */
-
-function createRedirectDirectoryListener () {
-  return function redirect (res) {
-    if (this.hasTrailingSlash()) {
-      this.error(404)
-      return
-    }
-
-    // get original URL
-    var originalUrl = parseUrl.original(this.req)
-
-    // append trailing slash
-    originalUrl.path = null
-    originalUrl.pathname = collapseLeadingSlashes(originalUrl.pathname + '/')
-
-    // reformat the URL
-    var loc = encodeUrl(url.format(originalUrl))
-    var doc = createHtmlDocument('Redirecting', 'Redirecting to ' + escapeHtml(loc))
-
-    // send redirect response
-    res.statusCode = 301
-    res.setHeader('Content-Type', 'text/html; charset=UTF-8')
-    res.setHeader('Content-Length', Buffer.byteLength(doc))
-    res.setHeader('Content-Security-Policy', "default-src 'none'")
-    res.setHeader('X-Content-Type-Options', 'nosniff')
-    res.setHeader('Location', loc)
-    res.end(doc)
-  }
-}
diff --git a/src/Servers/ExpressServer/node_modules/serve-static/package.json b/src/Servers/ExpressServer/node_modules/serve-static/package.json
deleted file mode 100644
index b268e48..0000000
--- a/src/Servers/ExpressServer/node_modules/serve-static/package.json
+++ /dev/null
@@ -1,42 +0,0 @@
-{
-  "name": "serve-static",
-  "description": "Serve static files",
-  "version": "1.16.3",
-  "author": "Douglas Christopher Wilson <doug@somethingdoug.com>",
-  "license": "MIT",
-  "repository": "expressjs/serve-static",
-  "dependencies": {
-    "encodeurl": "~2.0.0",
-    "escape-html": "~1.0.3",
-    "parseurl": "~1.3.3",
-    "send": "~0.19.1"
-  },
-  "devDependencies": {
-    "eslint": "7.32.0",
-    "eslint-config-standard": "14.1.1",
-    "eslint-plugin-import": "2.25.4",
-    "eslint-plugin-markdown": "2.2.1",
-    "eslint-plugin-node": "11.1.0",
-    "eslint-plugin-promise": "5.2.0",
-    "eslint-plugin-standard": "4.1.0",
-    "mocha": "9.2.2",
-    "nyc": "15.1.0",
-    "safe-buffer": "5.2.1",
-    "supertest": "6.2.2"
-  },
-  "files": [
-    "LICENSE",
-    "HISTORY.md",
-    "index.js"
-  ],
-  "engines": {
-    "node": ">= 0.8.0"
-  },
-  "scripts": {
-    "lint": "eslint .",
-    "test": "mocha --reporter spec --bail --check-leaks test/",
-    "test-ci": "nyc --reporter=lcov --reporter=text npm test",
-    "test-cov": "nyc --reporter=html --reporter=text npm test",
-    "version": "node scripts/version-history.js && git add HISTORY.md"
-  }
-}
diff --git a/src/Servers/ExpressServer/node_modules/setprototypeof/LICENSE b/src/Servers/ExpressServer/node_modules/setprototypeof/LICENSE
deleted file mode 100644
index 61afa2f..0000000
--- a/src/Servers/ExpressServer/node_modules/setprototypeof/LICENSE
+++ /dev/null
@@ -1,13 +0,0 @@
-Copyright (c) 2015, Wes Todd
-
-Permission to use, copy, modify, and/or distribute this software for any
-purpose with or without fee is hereby granted, provided that the above
-copyright notice and this permission notice appear in all copies.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
-SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
-OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
-CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/setprototypeof/README.md b/src/Servers/ExpressServer/node_modules/setprototypeof/README.md
deleted file mode 100644
index 791eeff..0000000
--- a/src/Servers/ExpressServer/node_modules/setprototypeof/README.md
+++ /dev/null
@@ -1,31 +0,0 @@
-# Polyfill for `Object.setPrototypeOf`
-
-[![NPM Version](https://img.shields.io/npm/v/setprototypeof.svg)](https://npmjs.org/package/setprototypeof)
-[![NPM Downloads](https://img.shields.io/npm/dm/setprototypeof.svg)](https://npmjs.org/package/setprototypeof)
-[![js-standard-style](https://img.shields.io/badge/code%20style-standard-brightgreen.svg)](https://github.com/standard/standard)
-
-A simple cross platform implementation to set the prototype of an instianted object.  Supports all modern browsers and at least back to IE8.
-
-## Usage:
-
-```
-$ npm install --save setprototypeof
-```
-
-```javascript
-var setPrototypeOf = require('setprototypeof')
-
-var obj = {}
-setPrototypeOf(obj, {
-  foo: function () {
-    return 'bar'
-  }
-})
-obj.foo() // bar
-```
-
-TypeScript is also supported:
-
-```typescript
-import setPrototypeOf from 'setprototypeof'
-```
diff --git a/src/Servers/ExpressServer/node_modules/setprototypeof/index.d.ts b/src/Servers/ExpressServer/node_modules/setprototypeof/index.d.ts
deleted file mode 100644
index f108ecd..0000000
--- a/src/Servers/ExpressServer/node_modules/setprototypeof/index.d.ts
+++ /dev/null
@@ -1,2 +0,0 @@
-declare function setPrototypeOf(o: any, proto: object | null): any;
-export = setPrototypeOf;
diff --git a/src/Servers/ExpressServer/node_modules/setprototypeof/index.js b/src/Servers/ExpressServer/node_modules/setprototypeof/index.js
deleted file mode 100644
index c527055..0000000
--- a/src/Servers/ExpressServer/node_modules/setprototypeof/index.js
+++ /dev/null
@@ -1,17 +0,0 @@
-'use strict'
-/* eslint no-proto: 0 */
-module.exports = Object.setPrototypeOf || ({ __proto__: [] } instanceof Array ? setProtoOf : mixinProperties)
-
-function setProtoOf (obj, proto) {
-  obj.__proto__ = proto
-  return obj
-}
-
-function mixinProperties (obj, proto) {
-  for (var prop in proto) {
-    if (!Object.prototype.hasOwnProperty.call(obj, prop)) {
-      obj[prop] = proto[prop]
-    }
-  }
-  return obj
-}
diff --git a/src/Servers/ExpressServer/node_modules/setprototypeof/package.json b/src/Servers/ExpressServer/node_modules/setprototypeof/package.json
deleted file mode 100644
index f20915b..0000000
--- a/src/Servers/ExpressServer/node_modules/setprototypeof/package.json
+++ /dev/null
@@ -1,38 +0,0 @@
-{
-  "name": "setprototypeof",
-  "version": "1.2.0",
-  "description": "A small polyfill for Object.setprototypeof",
-  "main": "index.js",
-  "typings": "index.d.ts",
-  "scripts": {
-    "test": "standard && mocha",
-    "testallversions": "npm run node010 && npm run node4 && npm run node6 && npm run node9 && npm run node11",
-    "testversion": "docker run -it --rm -v $(PWD):/usr/src/app -w /usr/src/app node:${NODE_VER} npm install mocha@${MOCHA_VER:-latest} && npm t",
-    "node010": "NODE_VER=0.10 MOCHA_VER=3 npm run testversion",
-    "node4": "NODE_VER=4 npm run testversion",
-    "node6": "NODE_VER=6 npm run testversion",
-    "node9": "NODE_VER=9 npm run testversion",
-    "node11": "NODE_VER=11 npm run testversion",
-    "prepublishOnly": "npm t",
-    "postpublish": "git push origin && git push origin --tags"
-  },
-  "repository": {
-    "type": "git",
-    "url": "https://github.com/wesleytodd/setprototypeof.git"
-  },
-  "keywords": [
-    "polyfill",
-    "object",
-    "setprototypeof"
-  ],
-  "author": "Wes Todd",
-  "license": "ISC",
-  "bugs": {
-    "url": "https://github.com/wesleytodd/setprototypeof/issues"
-  },
-  "homepage": "https://github.com/wesleytodd/setprototypeof",
-  "devDependencies": {
-    "mocha": "^6.1.4",
-    "standard": "^13.0.2"
-  }
-}
diff --git a/src/Servers/ExpressServer/node_modules/setprototypeof/test/index.js b/src/Servers/ExpressServer/node_modules/setprototypeof/test/index.js
deleted file mode 100644
index afeb4dd..0000000
--- a/src/Servers/ExpressServer/node_modules/setprototypeof/test/index.js
+++ /dev/null
@@ -1,24 +0,0 @@
-'use strict'
-/* eslint-env mocha */
-/* eslint no-proto: 0 */
-var assert = require('assert')
-var setPrototypeOf = require('..')
-
-describe('setProtoOf(obj, proto)', function () {
-  it('should merge objects', function () {
-    var obj = { a: 1, b: 2 }
-    var proto = { b: 3, c: 4 }
-    var mergeObj = setPrototypeOf(obj, proto)
-
-    if (Object.getPrototypeOf) {
-      assert.strictEqual(Object.getPrototypeOf(obj), proto)
-    } else if ({ __proto__: [] } instanceof Array) {
-      assert.strictEqual(obj.__proto__, proto)
-    } else {
-      assert.strictEqual(obj.a, 1)
-      assert.strictEqual(obj.b, 2)
-      assert.strictEqual(obj.c, 4)
-    }
-    assert.strictEqual(mergeObj, obj)
-  })
-})
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-list/.editorconfig b/src/Servers/ExpressServer/node_modules/side-channel-list/.editorconfig
deleted file mode 100644
index 72e0eba..0000000
--- a/src/Servers/ExpressServer/node_modules/side-channel-list/.editorconfig
+++ /dev/null
@@ -1,9 +0,0 @@
-root = true
-
-[*]
-charset = utf-8
-end_of_line = lf
-insert_final_newline = true
-indent_style = tab
-indent_size = 2
-trim_trailing_whitespace = true
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-list/.eslintrc b/src/Servers/ExpressServer/node_modules/side-channel-list/.eslintrc
deleted file mode 100644
index 93978e7..0000000
--- a/src/Servers/ExpressServer/node_modules/side-channel-list/.eslintrc
+++ /dev/null
@@ -1,11 +0,0 @@
-{
-	"root": true,
-
-	"extends": "@ljharb",
-
-	"rules": {
-		"max-lines-per-function": 0,
-		"multiline-comment-style": 1,
-		"new-cap": [2, { "capIsNewExceptions": ["GetIntrinsic"] }],
-	},
-}
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-list/.github/FUNDING.yml b/src/Servers/ExpressServer/node_modules/side-channel-list/.github/FUNDING.yml
deleted file mode 100644
index eaff735..0000000
--- a/src/Servers/ExpressServer/node_modules/side-channel-list/.github/FUNDING.yml
+++ /dev/null
@@ -1,12 +0,0 @@
-# These are supported funding model platforms
-
-github: [ljharb]
-patreon: # Replace with a single Patreon username
-open_collective: # Replace with a single Open Collective username
-ko_fi: # Replace with a single Ko-fi username
-tidelift: npm/side-channel-list
-community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
-liberapay: # Replace with a single Liberapay username
-issuehunt: # Replace with a single IssueHunt username
-otechie: # Replace with a single Otechie username
-custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-list/.nycrc b/src/Servers/ExpressServer/node_modules/side-channel-list/.nycrc
deleted file mode 100644
index 1826526..0000000
--- a/src/Servers/ExpressServer/node_modules/side-channel-list/.nycrc
+++ /dev/null
@@ -1,13 +0,0 @@
-{
-	"all": true,
-	"check-coverage": false,
-	"reporter": ["text-summary", "text", "html", "json"],
-	"lines": 86,
-	"statements": 85.93,
-	"functions": 82.43,
-	"branches": 76.06,
-	"exclude": [
-		"coverage",
-		"test"
-	]
-}
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-list/CHANGELOG.md b/src/Servers/ExpressServer/node_modules/side-channel-list/CHANGELOG.md
deleted file mode 100644
index 2ec51b7..0000000
--- a/src/Servers/ExpressServer/node_modules/side-channel-list/CHANGELOG.md
+++ /dev/null
@@ -1,15 +0,0 @@
-# Changelog
-
-All notable changes to this project will be documented in this file.
-
-The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
-and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
-
-## v1.0.0 - 2024-12-10
-
-### Commits
-
-- Initial implementation, tests, readme, types [`5d6baee`](https://github.com/ljharb/side-channel-list/commit/5d6baee5c9054a1238007f5a1dfc109a7a816251)
-- Initial commit [`3ae784c`](https://github.com/ljharb/side-channel-list/commit/3ae784c63a47895fbaeed2a91ab54a8029a7a100)
-- npm init [`07055a4`](https://github.com/ljharb/side-channel-list/commit/07055a4d139895565b199dba5fe2479c1a1b9e28)
-- Only apps should have lockfiles [`9573058`](https://github.com/ljharb/side-channel-list/commit/9573058a47494e2d68f8c6c77b5d7fbe441949c1)
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-list/LICENSE b/src/Servers/ExpressServer/node_modules/side-channel-list/LICENSE
deleted file mode 100644
index f82f389..0000000
--- a/src/Servers/ExpressServer/node_modules/side-channel-list/LICENSE
+++ /dev/null
@@ -1,21 +0,0 @@
-MIT License
-
-Copyright (c) 2024 Jordan Harband
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-list/README.md b/src/Servers/ExpressServer/node_modules/side-channel-list/README.md
deleted file mode 100644
index d9c7a13..0000000
--- a/src/Servers/ExpressServer/node_modules/side-channel-list/README.md
+++ /dev/null
@@ -1,62 +0,0 @@
-# side-channel-list <sup>[![Version Badge][npm-version-svg]][package-url]</sup>
-
-[![github actions][actions-image]][actions-url]
-[![coverage][codecov-image]][codecov-url]
-[![License][license-image]][license-url]
-[![Downloads][downloads-image]][downloads-url]
-
-[![npm badge][npm-badge-png]][package-url]
-
-Store information about any JS value in a side channel, using a linked list.
-
-Warning: this implementation will leak memory until you `delete` the `key`.
-Use [`side-channel`](https://npmjs.com/side-channel) for the best available strategy.
-
-## Getting started
-
-```sh
-npm install --save side-channel-list
-```
-
-## Usage/Examples
-
-```js
-const assert = require('assert');
-const getSideChannelList = require('side-channel-list');
-
-const channel = getSideChannelList();
-
-const key = {};
-assert.equal(channel.has(key), false);
-assert.throws(() => channel.assert(key), TypeError);
-
-channel.set(key, 42);
-
-channel.assert(key); // does not throw
-assert.equal(channel.has(key), true);
-assert.equal(channel.get(key), 42);
-
-channel.delete(key);
-assert.equal(channel.has(key), false);
-assert.throws(() => channel.assert(key), TypeError);
-```
-
-## Tests
-
-Clone the repo, `npm install`, and run `npm test`
-
-[package-url]: https://npmjs.org/package/side-channel-list
-[npm-version-svg]: https://versionbadg.es/ljharb/side-channel-list.svg
-[deps-svg]: https://david-dm.org/ljharb/side-channel-list.svg
-[deps-url]: https://david-dm.org/ljharb/side-channel-list
-[dev-deps-svg]: https://david-dm.org/ljharb/side-channel-list/dev-status.svg
-[dev-deps-url]: https://david-dm.org/ljharb/side-channel-list#info=devDependencies
-[npm-badge-png]: https://nodei.co/npm/side-channel-list.png?downloads=true&stars=true
-[license-image]: https://img.shields.io/npm/l/side-channel-list.svg
-[license-url]: LICENSE
-[downloads-image]: https://img.shields.io/npm/dm/side-channel-list.svg
-[downloads-url]: https://npm-stat.com/charts.html?package=side-channel-list
-[codecov-image]: https://codecov.io/gh/ljharb/side-channel-list/branch/main/graphs/badge.svg
-[codecov-url]: https://app.codecov.io/gh/ljharb/side-channel-list/
-[actions-image]: https://img.shields.io/endpoint?url=https://github-actions-badge-u3jn4tfpocch.runkit.sh/ljharb/side-channel-list
-[actions-url]: https://github.com/ljharb/side-channel-list/actions
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-list/index.d.ts b/src/Servers/ExpressServer/node_modules/side-channel-list/index.d.ts
deleted file mode 100644
index c9cabc8..0000000
--- a/src/Servers/ExpressServer/node_modules/side-channel-list/index.d.ts
+++ /dev/null
@@ -1,13 +0,0 @@
-declare namespace getSideChannelList {
-	type Channel<K, V> = {
-		assert: (key: K) => void;
-		has: (key: K) => boolean;
-		get: (key: K) => V | undefined;
-		set: (key: K, value: V) => void;
-		delete: (key: K) => boolean;
-	};
-}
-
-declare function getSideChannelList<V, K>(): getSideChannelList.Channel<K, V>;
-
-export = getSideChannelList;
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-list/index.js b/src/Servers/ExpressServer/node_modules/side-channel-list/index.js
deleted file mode 100644
index 8d6f98c..0000000
--- a/src/Servers/ExpressServer/node_modules/side-channel-list/index.js
+++ /dev/null
@@ -1,113 +0,0 @@
-'use strict';
-
-var inspect = require('object-inspect');
-
-var $TypeError = require('es-errors/type');
-
-/*
-* This function traverses the list returning the node corresponding to the given key.
-*
-* That node is also moved to the head of the list, so that if it's accessed again we don't need to traverse the whole list.
-* By doing so, all the recently used nodes can be accessed relatively quickly.
-*/
-/** @type {import('./list.d.ts').listGetNode} */
-// eslint-disable-next-line consistent-return
-var listGetNode = function (list, key, isDelete) {
-	/** @type {typeof list | NonNullable<(typeof list)['next']>} */
-	var prev = list;
-	/** @type {(typeof list)['next']} */
-	var curr;
-	// eslint-disable-next-line eqeqeq
-	for (; (curr = prev.next) != null; prev = curr) {
-		if (curr.key === key) {
-			prev.next = curr.next;
-			if (!isDelete) {
-				// eslint-disable-next-line no-extra-parens
-				curr.next = /** @type {NonNullable<typeof list.next>} */ (list.next);
-				list.next = curr; // eslint-disable-line no-param-reassign
-			}
-			return curr;
-		}
-	}
-};
-
-/** @type {import('./list.d.ts').listGet} */
-var listGet = function (objects, key) {
-	if (!objects) {
-		return void undefined;
-	}
-	var node = listGetNode(objects, key);
-	return node && node.value;
-};
-/** @type {import('./list.d.ts').listSet} */
-var listSet = function (objects, key, value) {
-	var node = listGetNode(objects, key);
-	if (node) {
-		node.value = value;
-	} else {
-		// Prepend the new node to the beginning of the list
-		objects.next = /** @type {import('./list.d.ts').ListNode<typeof value, typeof key>} */ ({ // eslint-disable-line no-param-reassign, no-extra-parens
-			key: key,
-			next: objects.next,
-			value: value
-		});
-	}
-};
-/** @type {import('./list.d.ts').listHas} */
-var listHas = function (objects, key) {
-	if (!objects) {
-		return false;
-	}
-	return !!listGetNode(objects, key);
-};
-/** @type {import('./list.d.ts').listDelete} */
-// eslint-disable-next-line consistent-return
-var listDelete = function (objects, key) {
-	if (objects) {
-		return listGetNode(objects, key, true);
-	}
-};
-
-/** @type {import('.')} */
-module.exports = function getSideChannelList() {
-	/** @typedef {ReturnType<typeof getSideChannelList>} Channel */
-	/** @typedef {Parameters<Channel['get']>[0]} K */
-	/** @typedef {Parameters<Channel['set']>[1]} V */
-
-	/** @type {import('./list.d.ts').RootNode<V, K> | undefined} */ var $o;
-
-	/** @type {Channel} */
-	var channel = {
-		assert: function (key) {
-			if (!channel.has(key)) {
-				throw new $TypeError('Side channel does not contain ' + inspect(key));
-			}
-		},
-		'delete': function (key) {
-			var root = $o && $o.next;
-			var deletedNode = listDelete($o, key);
-			if (deletedNode && root && root === deletedNode) {
-				$o = void undefined;
-			}
-			return !!deletedNode;
-		},
-		get: function (key) {
-			return listGet($o, key);
-		},
-		has: function (key) {
-			return listHas($o, key);
-		},
-		set: function (key, value) {
-			if (!$o) {
-				// Initialize the linked list as an empty node, so that we don't have to special-case handling of the first node: we can always refer to it as (previous node).next, instead of something like (list).head
-				$o = {
-					next: void undefined
-				};
-			}
-			// eslint-disable-next-line no-extra-parens
-			listSet(/** @type {NonNullable<typeof $o>} */ ($o), key, value);
-		}
-	};
-	// @ts-expect-error TODO: figure out why this is erroring
-	return channel;
-};
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-list/list.d.ts b/src/Servers/ExpressServer/node_modules/side-channel-list/list.d.ts
deleted file mode 100644
index 2c759e2..0000000
--- a/src/Servers/ExpressServer/node_modules/side-channel-list/list.d.ts
+++ /dev/null
@@ -1,14 +0,0 @@
-type ListNode<T, K> = {
-	key: K;
-	next: undefined | ListNode<T, K>;
-	value: T;
-};
-type RootNode<T, K> = {
-	next: undefined | ListNode<T, K>;
-};
-
-export function listGetNode<T, K>(list: RootNode<T, K>, key: ListNode<T, K>['key'], isDelete?: boolean): ListNode<T, K> | undefined;
-export function listGet<T, K>(objects: undefined | RootNode<T, K>, key: ListNode<T, K>['key']): T | undefined;
-export function listSet<T, K>(objects: RootNode<T, K>, key: ListNode<T, K>['key'], value: T): void;
-export function listHas<T, K>(objects: undefined | RootNode<T, K>, key: ListNode<T, K>['key']): boolean;
-export function listDelete<T, K>(objects: undefined | RootNode<T, K>, key: ListNode<T, K>['key']): ListNode<T, K> | undefined;
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-list/package.json b/src/Servers/ExpressServer/node_modules/side-channel-list/package.json
deleted file mode 100644
index ba0f5c5..0000000
--- a/src/Servers/ExpressServer/node_modules/side-channel-list/package.json
+++ /dev/null
@@ -1,77 +0,0 @@
-{
-	"name": "side-channel-list",
-	"version": "1.0.0",
-	"description": "Store information about any JS value in a side channel, using a linked list",
-	"main": "index.js",
-	"exports": {
-		".": "./index.js",
-		"./package.json": "./package.json"
-	},
-	"types": "./index.d.ts",
-	"scripts": {
-		"prepack": "npmignore --auto --commentLines=autogenerated",
-		"prepublishOnly": "safe-publish-latest",
-		"prepublish": "not-in-publish || npm run prepublishOnly",
-		"prelint": "evalmd README.md && eclint check $(git ls-files | xargs find 2> /dev/null | grep -vE 'node_modules|\\.git')",
-		"lint": "eslint --ext=js,mjs .",
-		"postlint": "tsc -p . && attw -P",
-		"pretest": "npm run lint",
-		"tests-only": "nyc tape 'test/**/*.js'",
-		"test": "npm run tests-only",
-		"posttest": "npx npm@'>= 10.2' audit --production",
-		"version": "auto-changelog && git add CHANGELOG.md",
-		"postversion": "auto-changelog && git add CHANGELOG.md && git commit --no-edit --amend && git tag -f \"v$(node -e \"console.log(require('./package.json').version)\")\""
-	},
-	"repository": {
-		"type": "git",
-		"url": "git+https://github.com/ljharb/side-channel-list.git"
-	},
-	"keywords": [],
-	"author": "Jordan Harband <ljharb@gmail.com>",
-	"funding": {
-		"url": "https://github.com/sponsors/ljharb"
-	},
-	"license": "MIT",
-	"bugs": {
-		"url": "https://github.com/ljharb/side-channel-list/issues"
-	},
-	"homepage": "https://github.com/ljharb/side-channel-list#readme",
-	"dependencies": {
-		"es-errors": "^1.3.0",
-		"object-inspect": "^1.13.3"
-	},
-	"devDependencies": {
-		"@arethetypeswrong/cli": "^0.17.1",
-		"@ljharb/eslint-config": "^21.1.1",
-		"@ljharb/tsconfig": "^0.2.2",
-		"@types/object-inspect": "^1.13.0",
-		"@types/tape": "^5.6.5",
-		"auto-changelog": "^2.5.0",
-		"eclint": "^2.8.1",
-		"encoding": "^0.1.13",
-		"eslint": "=8.8.0",
-		"evalmd": "^0.0.19",
-		"in-publish": "^2.0.1",
-		"npmignore": "^0.3.1",
-		"nyc": "^10.3.2",
-		"safe-publish-latest": "^2.0.0",
-		"tape": "^5.9.0",
-		"typescript": "next"
-	},
-	"auto-changelog": {
-		"output": "CHANGELOG.md",
-		"template": "keepachangelog",
-		"unreleased": false,
-		"commitLimit": false,
-		"backfillLimit": false,
-		"hideCredit": true
-	},
-	"publishConfig": {
-		"ignore": [
-			".github/workflows"
-		]
-	},
-	"engines": {
-		"node": ">= 0.4"
-	}
-}
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-list/test/index.js b/src/Servers/ExpressServer/node_modules/side-channel-list/test/index.js
deleted file mode 100644
index 3ad4368..0000000
--- a/src/Servers/ExpressServer/node_modules/side-channel-list/test/index.js
+++ /dev/null
@@ -1,104 +0,0 @@
-'use strict';
-
-var test = require('tape');
-
-var getSideChannelList = require('../');
-
-test('getSideChannelList', function (t) {
-	t.test('export', function (st) {
-		st.equal(typeof getSideChannelList, 'function', 'is a function');
-
-		st.equal(getSideChannelList.length, 0, 'takes no arguments');
-
-		var channel = getSideChannelList();
-		st.ok(channel, 'is truthy');
-		st.equal(typeof channel, 'object', 'is an object');
-		st.end();
-	});
-
-	t.test('assert', function (st) {
-		var channel = getSideChannelList();
-		st['throws'](
-			function () { channel.assert({}); },
-			TypeError,
-			'nonexistent value throws'
-		);
-
-		var o = {};
-		channel.set(o, 'data');
-		st.doesNotThrow(function () { channel.assert(o); }, 'existent value noops');
-
-		st.end();
-	});
-
-	t.test('has', function (st) {
-		var channel = getSideChannelList();
-		/** @type {unknown[]} */ var o = [];
-
-		st.equal(channel.has(o), false, 'nonexistent value yields false');
-
-		channel.set(o, 'foo');
-		st.equal(channel.has(o), true, 'existent value yields true');
-
-		st.equal(channel.has('abc'), false, 'non object value non existent yields false');
-
-		channel.set('abc', 'foo');
-		st.equal(channel.has('abc'), true, 'non object value that exists yields true');
-
-		st.end();
-	});
-
-	t.test('get', function (st) {
-		var channel = getSideChannelList();
-		var o = {};
-		st.equal(channel.get(o), undefined, 'nonexistent value yields undefined');
-
-		var data = {};
-		channel.set(o, data);
-		st.equal(channel.get(o), data, '"get" yields data set by "set"');
-
-		st.end();
-	});
-
-	t.test('set', function (st) {
-		var channel = getSideChannelList();
-		var o = function () {};
-		st.equal(channel.get(o), undefined, 'value not set');
-
-		channel.set(o, 42);
-		st.equal(channel.get(o), 42, 'value was set');
-
-		channel.set(o, Infinity);
-		st.equal(channel.get(o), Infinity, 'value was set again');
-
-		var o2 = {};
-		channel.set(o2, 17);
-		st.equal(channel.get(o), Infinity, 'o is not modified');
-		st.equal(channel.get(o2), 17, 'o2 is set');
-
-		channel.set(o, 14);
-		st.equal(channel.get(o), 14, 'o is modified');
-		st.equal(channel.get(o2), 17, 'o2 is not modified');
-
-		st.end();
-	});
-
-	t.test('delete', function (st) {
-		var channel = getSideChannelList();
-		var o = {};
-		st.equal(channel['delete']({}), false, 'nonexistent value yields false');
-
-		channel.set(o, 42);
-		st.equal(channel.has(o), true, 'value is set');
-
-		st.equal(channel['delete']({}), false, 'nonexistent value still yields false');
-
-		st.equal(channel['delete'](o), true, 'deleted value yields true');
-
-		st.equal(channel.has(o), false, 'value is no longer set');
-
-		st.end();
-	});
-
-	t.end();
-});
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-list/tsconfig.json b/src/Servers/ExpressServer/node_modules/side-channel-list/tsconfig.json
deleted file mode 100644
index d9a6668..0000000
--- a/src/Servers/ExpressServer/node_modules/side-channel-list/tsconfig.json
+++ /dev/null
@@ -1,9 +0,0 @@
-{
-	"extends": "@ljharb/tsconfig",
-	"compilerOptions": {
-		"target": "es2021",
-	},
-	"exclude": [
-		"coverage",
-	],
-}
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-map/.editorconfig b/src/Servers/ExpressServer/node_modules/side-channel-map/.editorconfig
deleted file mode 100644
index 72e0eba..0000000
--- a/src/Servers/ExpressServer/node_modules/side-channel-map/.editorconfig
+++ /dev/null
@@ -1,9 +0,0 @@
-root = true
-
-[*]
-charset = utf-8
-end_of_line = lf
-insert_final_newline = true
-indent_style = tab
-indent_size = 2
-trim_trailing_whitespace = true
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-map/.eslintrc b/src/Servers/ExpressServer/node_modules/side-channel-map/.eslintrc
deleted file mode 100644
index 93978e7..0000000
--- a/src/Servers/ExpressServer/node_modules/side-channel-map/.eslintrc
+++ /dev/null
@@ -1,11 +0,0 @@
-{
-	"root": true,
-
-	"extends": "@ljharb",
-
-	"rules": {
-		"max-lines-per-function": 0,
-		"multiline-comment-style": 1,
-		"new-cap": [2, { "capIsNewExceptions": ["GetIntrinsic"] }],
-	},
-}
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-map/.github/FUNDING.yml b/src/Servers/ExpressServer/node_modules/side-channel-map/.github/FUNDING.yml
deleted file mode 100644
index f2891bd..0000000
--- a/src/Servers/ExpressServer/node_modules/side-channel-map/.github/FUNDING.yml
+++ /dev/null
@@ -1,12 +0,0 @@
-# These are supported funding model platforms
-
-github: [ljharb]
-patreon: # Replace with a single Patreon username
-open_collective: # Replace with a single Open Collective username
-ko_fi: # Replace with a single Ko-fi username
-tidelift: npm/side-channel-map
-community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
-liberapay: # Replace with a single Liberapay username
-issuehunt: # Replace with a single IssueHunt username
-otechie: # Replace with a single Otechie username
-custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-map/.nycrc b/src/Servers/ExpressServer/node_modules/side-channel-map/.nycrc
deleted file mode 100644
index 1826526..0000000
--- a/src/Servers/ExpressServer/node_modules/side-channel-map/.nycrc
+++ /dev/null
@@ -1,13 +0,0 @@
-{
-	"all": true,
-	"check-coverage": false,
-	"reporter": ["text-summary", "text", "html", "json"],
-	"lines": 86,
-	"statements": 85.93,
-	"functions": 82.43,
-	"branches": 76.06,
-	"exclude": [
-		"coverage",
-		"test"
-	]
-}
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-map/CHANGELOG.md b/src/Servers/ExpressServer/node_modules/side-channel-map/CHANGELOG.md
deleted file mode 100644
index b6ccea9..0000000
--- a/src/Servers/ExpressServer/node_modules/side-channel-map/CHANGELOG.md
+++ /dev/null
@@ -1,22 +0,0 @@
-# Changelog
-
-All notable changes to this project will be documented in this file.
-
-The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
-and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
-
-## [v1.0.1](https://github.com/ljharb/side-channel-map/compare/v1.0.0...v1.0.1) - 2024-12-10
-
-### Commits
-
-- [Deps] update `call-bound` [`6d05aaa`](https://github.com/ljharb/side-channel-map/commit/6d05aaa4ce5f2be4e7825df433d650696f0ba40f)
-- [types] fix generics ordering [`11c0184`](https://github.com/ljharb/side-channel-map/commit/11c0184132ac11fdc16857e12682e148e5e9ee74)
-
-## v1.0.0 - 2024-12-10
-
-### Commits
-
-- Initial implementation, tests, readme, types [`ad877b4`](https://github.com/ljharb/side-channel-map/commit/ad877b42926d46d63fff76a2bd01d2b4a01959a9)
-- Initial commit [`28f8879`](https://github.com/ljharb/side-channel-map/commit/28f8879c512abe8fcf9b6a4dc7754a0287e5eba4)
-- npm init [`2c9604e`](https://github.com/ljharb/side-channel-map/commit/2c9604e5aa40223e425ea7cea78f8a07697504bd)
-- Only apps should have lockfiles [`5e7ba9c`](https://github.com/ljharb/side-channel-map/commit/5e7ba9cffe3ef42095815adc8ac1255b49bbadf5)
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-map/LICENSE b/src/Servers/ExpressServer/node_modules/side-channel-map/LICENSE
deleted file mode 100644
index f82f389..0000000
--- a/src/Servers/ExpressServer/node_modules/side-channel-map/LICENSE
+++ /dev/null
@@ -1,21 +0,0 @@
-MIT License
-
-Copyright (c) 2024 Jordan Harband
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-map/README.md b/src/Servers/ExpressServer/node_modules/side-channel-map/README.md
deleted file mode 100644
index 8fa6f77..0000000
--- a/src/Servers/ExpressServer/node_modules/side-channel-map/README.md
+++ /dev/null
@@ -1,62 +0,0 @@
-# side-channel-map <sup>[![Version Badge][npm-version-svg]][package-url]</sup>
-
-[![github actions][actions-image]][actions-url]
-[![coverage][codecov-image]][codecov-url]
-[![License][license-image]][license-url]
-[![Downloads][downloads-image]][downloads-url]
-
-[![npm badge][npm-badge-png]][package-url]
-
-Store information about any JS value in a side channel, using a Map.
-
-Warning: if the `key` is an object, this implementation will leak memory until you `delete` it.
-Use [`side-channel`](https://npmjs.com/side-channel) for the best available strategy.
-
-## Getting started
-
-```sh
-npm install --save side-channel-map
-```
-
-## Usage/Examples
-
-```js
-const assert = require('assert');
-const getSideChannelMap = require('side-channel-map');
-
-const channel = getSideChannelMap();
-
-const key = {};
-assert.equal(channel.has(key), false);
-assert.throws(() => channel.assert(key), TypeError);
-
-channel.set(key, 42);
-
-channel.assert(key); // does not throw
-assert.equal(channel.has(key), true);
-assert.equal(channel.get(key), 42);
-
-channel.delete(key);
-assert.equal(channel.has(key), false);
-assert.throws(() => channel.assert(key), TypeError);
-```
-
-## Tests
-
-Clone the repo, `npm install`, and run `npm test`
-
-[package-url]: https://npmjs.org/package/side-channel-map
-[npm-version-svg]: https://versionbadg.es/ljharb/side-channel-map.svg
-[deps-svg]: https://david-dm.org/ljharb/side-channel-map.svg
-[deps-url]: https://david-dm.org/ljharb/side-channel-map
-[dev-deps-svg]: https://david-dm.org/ljharb/side-channel-map/dev-status.svg
-[dev-deps-url]: https://david-dm.org/ljharb/side-channel-map#info=devDependencies
-[npm-badge-png]: https://nodei.co/npm/side-channel-map.png?downloads=true&stars=true
-[license-image]: https://img.shields.io/npm/l/side-channel-map.svg
-[license-url]: LICENSE
-[downloads-image]: https://img.shields.io/npm/dm/side-channel-map.svg
-[downloads-url]: https://npm-stat.com/charts.html?package=side-channel-map
-[codecov-image]: https://codecov.io/gh/ljharb/side-channel-map/branch/main/graphs/badge.svg
-[codecov-url]: https://app.codecov.io/gh/ljharb/side-channel-map/
-[actions-image]: https://img.shields.io/endpoint?url=https://github-actions-badge-u3jn4tfpocch.runkit.sh/ljharb/side-channel-map
-[actions-url]: https://github.com/ljharb/side-channel-map/actions
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-map/index.d.ts b/src/Servers/ExpressServer/node_modules/side-channel-map/index.d.ts
deleted file mode 100644
index de33e89..0000000
--- a/src/Servers/ExpressServer/node_modules/side-channel-map/index.d.ts
+++ /dev/null
@@ -1,15 +0,0 @@
-declare namespace getSideChannelMap {
-	type Channel<K, V> = {
-		assert: (key: K) => void;
-		has: (key: K) => boolean;
-		get: (key: K) => V | undefined;
-		set: (key: K, value: V) => void;
-		delete: (key: K) => boolean;
-	};
-}
-
-declare function getSideChannelMap<K, V>(): getSideChannelMap.Channel<K, V>;
-
-declare const x: false | typeof getSideChannelMap;
-
-export = x;
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-map/index.js b/src/Servers/ExpressServer/node_modules/side-channel-map/index.js
deleted file mode 100644
index e111100..0000000
--- a/src/Servers/ExpressServer/node_modules/side-channel-map/index.js
+++ /dev/null
@@ -1,68 +0,0 @@
-'use strict';
-
-var GetIntrinsic = require('get-intrinsic');
-var callBound = require('call-bound');
-var inspect = require('object-inspect');
-
-var $TypeError = require('es-errors/type');
-var $Map = GetIntrinsic('%Map%', true);
-
-/** @type {<K, V>(thisArg: Map<K, V>, key: K) => V} */
-var $mapGet = callBound('Map.prototype.get', true);
-/** @type {<K, V>(thisArg: Map<K, V>, key: K, value: V) => void} */
-var $mapSet = callBound('Map.prototype.set', true);
-/** @type {<K, V>(thisArg: Map<K, V>, key: K) => boolean} */
-var $mapHas = callBound('Map.prototype.has', true);
-/** @type {<K, V>(thisArg: Map<K, V>, key: K) => boolean} */
-var $mapDelete = callBound('Map.prototype.delete', true);
-/** @type {<K, V>(thisArg: Map<K, V>) => number} */
-var $mapSize = callBound('Map.prototype.size', true);
-
-/** @type {import('.')} */
-module.exports = !!$Map && /** @type {Exclude<import('.'), false>} */ function getSideChannelMap() {
-	/** @typedef {ReturnType<typeof getSideChannelMap>} Channel */
-	/** @typedef {Parameters<Channel['get']>[0]} K */
-	/** @typedef {Parameters<Channel['set']>[1]} V */
-
-	/** @type {Map<K, V> | undefined} */ var $m;
-
-	/** @type {Channel} */
-	var channel = {
-		assert: function (key) {
-			if (!channel.has(key)) {
-				throw new $TypeError('Side channel does not contain ' + inspect(key));
-			}
-		},
-		'delete': function (key) {
-			if ($m) {
-				var result = $mapDelete($m, key);
-				if ($mapSize($m) === 0) {
-					$m = void undefined;
-				}
-				return result;
-			}
-			return false;
-		},
-		get: function (key) { // eslint-disable-line consistent-return
-			if ($m) {
-				return $mapGet($m, key);
-			}
-		},
-		has: function (key) {
-			if ($m) {
-				return $mapHas($m, key);
-			}
-			return false;
-		},
-		set: function (key, value) {
-			if (!$m) {
-				// @ts-expect-error TS can't handle narrowing a variable inside a closure
-				$m = new $Map();
-			}
-			$mapSet($m, key, value);
-		}
-	};
-
-	// @ts-expect-error TODO: figure out why TS is erroring here
-	return channel;
-};
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-map/package.json b/src/Servers/ExpressServer/node_modules/side-channel-map/package.json
deleted file mode 100644
index 18e8080..0000000
--- a/src/Servers/ExpressServer/node_modules/side-channel-map/package.json
+++ /dev/null
@@ -1,80 +0,0 @@
-{
-	"name": "side-channel-map",
-	"version": "1.0.1",
-	"description": "Store information about any JS value in a side channel, using a Map",
-	"main": "index.js",
-	"exports": {
-		".": "./index.js",
-		"./package.json": "./package.json"
-	},
-	"types": "./index.d.ts",
-	"scripts": {
-		"prepack": "npmignore --auto --commentLines=autogenerated",
-		"prepublishOnly": "safe-publish-latest",
-		"prepublish": "not-in-publish || npm run prepublishOnly",
-		"prelint": "evalmd README.md && eclint check $(git ls-files | xargs find 2> /dev/null | grep -vE 'node_modules|\\.git')",
-		"lint": "eslint --ext=js,mjs .",
-		"postlint": "tsc -p . && attw -P",
-		"pretest": "npm run lint",
-		"tests-only": "nyc tape 'test/**/*.js'",
-		"test": "npm run tests-only",
-		"posttest": "npx npm@'>= 10.2' audit --production",
-		"version": "auto-changelog && git add CHANGELOG.md",
-		"postversion": "auto-changelog && git add CHANGELOG.md && git commit --no-edit --amend && git tag -f \"v$(node -e \"console.log(require('./package.json').version)\")\""
-	},
-	"repository": {
-		"type": "git",
-		"url": "git+https://github.com/ljharb/side-channel-map.git"
-	},
-	"keywords": [],
-	"author": "Jordan Harband <ljharb@gmail.com>",
-	"funding": {
-		"url": "https://github.com/sponsors/ljharb"
-	},
-	"license": "MIT",
-	"bugs": {
-		"url": "https://github.com/ljharb/side-channel-map/issues"
-	},
-	"homepage": "https://github.com/ljharb/side-channel-map#readme",
-	"dependencies": {
-		"call-bound": "^1.0.2",
-		"es-errors": "^1.3.0",
-		"get-intrinsic": "^1.2.5",
-		"object-inspect": "^1.13.3"
-	},
-	"devDependencies": {
-		"@arethetypeswrong/cli": "^0.17.1",
-		"@ljharb/eslint-config": "^21.1.1",
-		"@ljharb/tsconfig": "^0.2.2",
-		"@types/get-intrinsic": "^1.2.3",
-		"@types/object-inspect": "^1.13.0",
-		"@types/tape": "^5.6.5",
-		"auto-changelog": "^2.5.0",
-		"eclint": "^2.8.1",
-		"encoding": "^0.1.13",
-		"eslint": "=8.8.0",
-		"evalmd": "^0.0.19",
-		"in-publish": "^2.0.1",
-		"npmignore": "^0.3.1",
-		"nyc": "^10.3.2",
-		"safe-publish-latest": "^2.0.0",
-		"tape": "^5.9.0",
-		"typescript": "next"
-	},
-	"auto-changelog": {
-		"output": "CHANGELOG.md",
-		"template": "keepachangelog",
-		"unreleased": false,
-		"commitLimit": false,
-		"backfillLimit": false,
-		"hideCredit": true
-	},
-	"publishConfig": {
-		"ignore": [
-			".github/workflows"
-		]
-	},
-	"engines": {
-		"node": ">= 0.4"
-	}
-}
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-map/test/index.js b/src/Servers/ExpressServer/node_modules/side-channel-map/test/index.js
deleted file mode 100644
index 1743323..0000000
--- a/src/Servers/ExpressServer/node_modules/side-channel-map/test/index.js
+++ /dev/null
@@ -1,114 +0,0 @@
-'use strict';
-
-var test = require('tape');
-
-var getSideChannelMap = require('../');
-
-test('getSideChannelMap', { skip: typeof Map !== 'function' }, function (t) {
-	var getSideChannel = getSideChannelMap || function () {
-		throw new EvalError('should never happen');
-	};
-
-	t.test('export', function (st) {
-		st.equal(typeof getSideChannel, 'function', 'is a function');
-
-		st.equal(getSideChannel.length, 0, 'takes no arguments');
-
-		var channel = getSideChannel();
-		st.ok(channel, 'is truthy');
-		st.equal(typeof channel, 'object', 'is an object');
-		st.end();
-	});
-
-	t.test('assert', function (st) {
-		var channel = getSideChannel();
-		st['throws'](
-			function () { channel.assert({}); },
-			TypeError,
-			'nonexistent value throws'
-		);
-
-		var o = {};
-		channel.set(o, 'data');
-		st.doesNotThrow(function () { channel.assert(o); }, 'existent value noops');
-
-		st.end();
-	});
-
-	t.test('has', function (st) {
-		var channel = getSideChannel();
-		/** @type {unknown[]} */ var o = [];
-
-		st.equal(channel.has(o), false, 'nonexistent value yields false');
-
-		channel.set(o, 'foo');
-		st.equal(channel.has(o), true, 'existent value yields true');
-
-		st.equal(channel.has('abc'), false, 'non object value non existent yields false');
-
-		channel.set('abc', 'foo');
-		st.equal(channel.has('abc'), true, 'non object value that exists yields true');
-
-		st.end();
-	});
-
-	t.test('get', function (st) {
-		var channel = getSideChannel();
-		var o = {};
-		st.equal(channel.get(o), undefined, 'nonexistent value yields undefined');
-
-		var data = {};
-		channel.set(o, data);
-		st.equal(channel.get(o), data, '"get" yields data set by "set"');
-
-		st.end();
-	});
-
-	t.test('set', function (st) {
-		var channel = getSideChannel();
-		var o = function () {};
-		st.equal(channel.get(o), undefined, 'value not set');
-
-		channel.set(o, 42);
-		st.equal(channel.get(o), 42, 'value was set');
-
-		channel.set(o, Infinity);
-		st.equal(channel.get(o), Infinity, 'value was set again');
-
-		var o2 = {};
-		channel.set(o2, 17);
-		st.equal(channel.get(o), Infinity, 'o is not modified');
-		st.equal(channel.get(o2), 17, 'o2 is set');
-
-		channel.set(o, 14);
-		st.equal(channel.get(o), 14, 'o is modified');
-		st.equal(channel.get(o2), 17, 'o2 is not modified');
-
-		st.end();
-	});
-
-	t.test('delete', function (st) {
-		var channel = getSideChannel();
-		var o = {};
-		st.equal(channel['delete']({}), false, 'nonexistent value yields false');
-
-		channel.set(o, 42);
-		st.equal(channel.has(o), true, 'value is set');
-
-		st.equal(channel['delete']({}), false, 'nonexistent value still yields false');
-
-		st.equal(channel['delete'](o), true, 'deleted value yields true');
-
-		st.equal(channel.has(o), false, 'value is no longer set');
-
-		st.end();
-	});
-
-	t.end();
-});
-
-test('getSideChannelMap, no Maps', { skip: typeof Map === 'function' }, function (t) {
-	t.equal(getSideChannelMap, false, 'is false');
-
-	t.end();
-});
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-map/tsconfig.json b/src/Servers/ExpressServer/node_modules/side-channel-map/tsconfig.json
deleted file mode 100644
index d9a6668..0000000
--- a/src/Servers/ExpressServer/node_modules/side-channel-map/tsconfig.json
+++ /dev/null
@@ -1,9 +0,0 @@
-{
-	"extends": "@ljharb/tsconfig",
-	"compilerOptions": {
-		"target": "es2021",
-	},
-	"exclude": [
-		"coverage",
-	],
-}
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-weakmap/.editorconfig b/src/Servers/ExpressServer/node_modules/side-channel-weakmap/.editorconfig
deleted file mode 100644
index 72e0eba..0000000
--- a/src/Servers/ExpressServer/node_modules/side-channel-weakmap/.editorconfig
+++ /dev/null
@@ -1,9 +0,0 @@
-root = true
-
-[*]
-charset = utf-8
-end_of_line = lf
-insert_final_newline = true
-indent_style = tab
-indent_size = 2
-trim_trailing_whitespace = true
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-weakmap/.eslintrc b/src/Servers/ExpressServer/node_modules/side-channel-weakmap/.eslintrc
deleted file mode 100644
index 9b13ad8..0000000
--- a/src/Servers/ExpressServer/node_modules/side-channel-weakmap/.eslintrc
+++ /dev/null
@@ -1,12 +0,0 @@
-{
-	"root": true,
-
-	"extends": "@ljharb",
-
-	"rules": {
-		"id-length": 0,
-		"max-lines-per-function": 0,
-		"multiline-comment-style": 1,
-		"new-cap": [2, { "capIsNewExceptions": ["GetIntrinsic"] }],
-	},
-}
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-weakmap/.github/FUNDING.yml b/src/Servers/ExpressServer/node_modules/side-channel-weakmap/.github/FUNDING.yml
deleted file mode 100644
index 2ae71cd..0000000
--- a/src/Servers/ExpressServer/node_modules/side-channel-weakmap/.github/FUNDING.yml
+++ /dev/null
@@ -1,12 +0,0 @@
-# These are supported funding model platforms
-
-github: [ljharb]
-patreon: # Replace with a single Patreon username
-open_collective: # Replace with a single Open Collective username
-ko_fi: # Replace with a single Ko-fi username
-tidelift: npm/side-channel-weakmap
-community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
-liberapay: # Replace with a single Liberapay username
-issuehunt: # Replace with a single IssueHunt username
-otechie: # Replace with a single Otechie username
-custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-weakmap/.nycrc b/src/Servers/ExpressServer/node_modules/side-channel-weakmap/.nycrc
deleted file mode 100644
index 1826526..0000000
--- a/src/Servers/ExpressServer/node_modules/side-channel-weakmap/.nycrc
+++ /dev/null
@@ -1,13 +0,0 @@
-{
-	"all": true,
-	"check-coverage": false,
-	"reporter": ["text-summary", "text", "html", "json"],
-	"lines": 86,
-	"statements": 85.93,
-	"functions": 82.43,
-	"branches": 76.06,
-	"exclude": [
-		"coverage",
-		"test"
-	]
-}
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-weakmap/CHANGELOG.md b/src/Servers/ExpressServer/node_modules/side-channel-weakmap/CHANGELOG.md
deleted file mode 100644
index aba7ab0..0000000
--- a/src/Servers/ExpressServer/node_modules/side-channel-weakmap/CHANGELOG.md
+++ /dev/null
@@ -1,28 +0,0 @@
-# Changelog
-
-All notable changes to this project will be documented in this file.
-
-The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
-and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
-
-## [v1.0.2](https://github.com/ljharb/side-channel-weakmap/compare/v1.0.1...v1.0.2) - 2024-12-10
-
-### Commits
-
-- [types] fix generics ordering [`1b62e94`](https://github.com/ljharb/side-channel-weakmap/commit/1b62e94a2ad6ed30b640ba73c4a2535836c67289)
-
-## [v1.0.1](https://github.com/ljharb/side-channel-weakmap/compare/v1.0.0...v1.0.1) - 2024-12-10
-
-### Commits
-
-- [types] fix generics ordering [`08a4a5d`](https://github.com/ljharb/side-channel-weakmap/commit/08a4a5dbffedc3ebc79f1aaaf5a3dd6d2196dc1b)
-- [Deps] update `side-channel-map` [`b53fe44`](https://github.com/ljharb/side-channel-weakmap/commit/b53fe447dfdd3a9aebedfd015b384eac17fce916)
-
-## v1.0.0 - 2024-12-10
-
-### Commits
-
-- Initial implementation, tests, readme, types [`53c0fa4`](https://github.com/ljharb/side-channel-weakmap/commit/53c0fa4788435a006f58b9d7b43cb65989ecee49)
-- Initial commit [`a157947`](https://github.com/ljharb/side-channel-weakmap/commit/a157947f26fcaf2c4a941d3a044e76bf67343532)
-- npm init [`54dfc55`](https://github.com/ljharb/side-channel-weakmap/commit/54dfc55bafb16265910d5aad4e743c43aee5bbbb)
-- Only apps should have lockfiles [`0ddd6c7`](https://github.com/ljharb/side-channel-weakmap/commit/0ddd6c7b07fe8ee04d67b2e9f7255af7ce62c07d)
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-weakmap/LICENSE b/src/Servers/ExpressServer/node_modules/side-channel-weakmap/LICENSE
deleted file mode 100644
index 3900dd7..0000000
--- a/src/Servers/ExpressServer/node_modules/side-channel-weakmap/LICENSE
+++ /dev/null
@@ -1,21 +0,0 @@
-MIT License
-
-Copyright (c) 2019 Jordan Harband
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-weakmap/README.md b/src/Servers/ExpressServer/node_modules/side-channel-weakmap/README.md
deleted file mode 100644
index 856ee36..0000000
--- a/src/Servers/ExpressServer/node_modules/side-channel-weakmap/README.md
+++ /dev/null
@@ -1,62 +0,0 @@
-# side-channel-weakmap <sup>[![Version Badge][npm-version-svg]][package-url]</sup>
-
-[![github actions][actions-image]][actions-url]
-[![coverage][codecov-image]][codecov-url]
-[![License][license-image]][license-url]
-[![Downloads][downloads-image]][downloads-url]
-
-[![npm badge][npm-badge-png]][package-url]
-
-Store information about any JS value in a side channel. Uses WeakMap if available.
-
-Warning: this implementation will leak memory until you `delete` the `key`.
-Use [`side-channel`](https://npmjs.com/side-channel) for the best available strategy.
-
-## Getting started
-
-```sh
-npm install --save side-channel-weakmap
-```
-
-## Usage/Examples
-
-```js
-const assert = require('assert');
-const getSideChannelList = require('side-channel-weakmap');
-
-const channel = getSideChannelList();
-
-const key = {};
-assert.equal(channel.has(key), false);
-assert.throws(() => channel.assert(key), TypeError);
-
-channel.set(key, 42);
-
-channel.assert(key); // does not throw
-assert.equal(channel.has(key), true);
-assert.equal(channel.get(key), 42);
-
-channel.delete(key);
-assert.equal(channel.has(key), false);
-assert.throws(() => channel.assert(key), TypeError);
-```
-
-## Tests
-
-Clone the repo, `npm install`, and run `npm test`
-
-[package-url]: https://npmjs.org/package/side-channel-weakmap
-[npm-version-svg]: https://versionbadg.es/ljharb/side-channel-weakmap.svg
-[deps-svg]: https://david-dm.org/ljharb/side-channel-weakmap.svg
-[deps-url]: https://david-dm.org/ljharb/side-channel-weakmap
-[dev-deps-svg]: https://david-dm.org/ljharb/side-channel-weakmap/dev-status.svg
-[dev-deps-url]: https://david-dm.org/ljharb/side-channel-weakmap#info=devDependencies
-[npm-badge-png]: https://nodei.co/npm/side-channel-weakmap.png?downloads=true&stars=true
-[license-image]: https://img.shields.io/npm/l/side-channel-weakmap.svg
-[license-url]: LICENSE
-[downloads-image]: https://img.shields.io/npm/dm/side-channel-weakmap.svg
-[downloads-url]: https://npm-stat.com/charts.html?package=side-channel-weakmap
-[codecov-image]: https://codecov.io/gh/ljharb/side-channel-weakmap/branch/main/graphs/badge.svg
-[codecov-url]: https://app.codecov.io/gh/ljharb/side-channel-weakmap/
-[actions-image]: https://img.shields.io/endpoint?url=https://github-actions-badge-u3jn4tfpocch.runkit.sh/ljharb/side-channel-weakmap
-[actions-url]: https://github.com/ljharb/side-channel-weakmap/actions
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-weakmap/index.d.ts b/src/Servers/ExpressServer/node_modules/side-channel-weakmap/index.d.ts
deleted file mode 100644
index ce1bc2a..0000000
--- a/src/Servers/ExpressServer/node_modules/side-channel-weakmap/index.d.ts
+++ /dev/null
@@ -1,15 +0,0 @@
-declare namespace getSideChannelWeakMap {
-	type Channel<K, V> = {
-		assert: (key: K) => void;
-		has: (key: K) => boolean;
-		get: (key: K) => V | undefined;
-		set: (key: K, value: V) => void;
-		delete: (key: K) => boolean;
-	}
-}
-
-declare function getSideChannelWeakMap<K, V>(): getSideChannelWeakMap.Channel<K, V>;
-
-declare const x: false | typeof getSideChannelWeakMap;
-
-export = x;
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-weakmap/index.js b/src/Servers/ExpressServer/node_modules/side-channel-weakmap/index.js
deleted file mode 100644
index e5b8183..0000000
--- a/src/Servers/ExpressServer/node_modules/side-channel-weakmap/index.js
+++ /dev/null
@@ -1,84 +0,0 @@
-'use strict';
-
-var GetIntrinsic = require('get-intrinsic');
-var callBound = require('call-bound');
-var inspect = require('object-inspect');
-var getSideChannelMap = require('side-channel-map');
-
-var $TypeError = require('es-errors/type');
-var $WeakMap = GetIntrinsic('%WeakMap%', true);
-
-/** @type {<K extends object, V>(thisArg: WeakMap<K, V>, key: K) => V} */
-var $weakMapGet = callBound('WeakMap.prototype.get', true);
-/** @type {<K extends object, V>(thisArg: WeakMap<K, V>, key: K, value: V) => void} */
-var $weakMapSet = callBound('WeakMap.prototype.set', true);
-/** @type {<K extends object, V>(thisArg: WeakMap<K, V>, key: K) => boolean} */
-var $weakMapHas = callBound('WeakMap.prototype.has', true);
-/** @type {<K extends object, V>(thisArg: WeakMap<K, V>, key: K) => boolean} */
-var $weakMapDelete = callBound('WeakMap.prototype.delete', true);
-
-/** @type {import('.')} */
-module.exports = $WeakMap
-	? /** @type {Exclude<import('.'), false>} */ function getSideChannelWeakMap() {
-		/** @typedef {ReturnType<typeof getSideChannelWeakMap>} Channel */
-		/** @typedef {Parameters<Channel['get']>[0]} K */
-		/** @typedef {Parameters<Channel['set']>[1]} V */
-
-		/** @type {WeakMap<K & object, V> | undefined} */ var $wm;
-		/** @type {Channel | undefined} */ var $m;
-
-		/** @type {Channel} */
-		var channel = {
-			assert: function (key) {
-				if (!channel.has(key)) {
-					throw new $TypeError('Side channel does not contain ' + inspect(key));
-				}
-			},
-			'delete': function (key) {
-				if ($WeakMap && key && (typeof key === 'object' || typeof key === 'function')) {
-					if ($wm) {
-						return $weakMapDelete($wm, key);
-					}
-				} else if (getSideChannelMap) {
-					if ($m) {
-						return $m['delete'](key);
-					}
-				}
-				return false;
-			},
-			get: function (key) {
-				if ($WeakMap && key && (typeof key === 'object' || typeof key === 'function')) {
-					if ($wm) {
-						return $weakMapGet($wm, key);
-					}
-				}
-				return $m && $m.get(key);
-			},
-			has: function (key) {
-				if ($WeakMap && key && (typeof key === 'object' || typeof key === 'function')) {
-					if ($wm) {
-						return $weakMapHas($wm, key);
-					}
-				}
-				return !!$m && $m.has(key);
-			},
-			set: function (key, value) {
-				if ($WeakMap && key && (typeof key === 'object' || typeof key === 'function')) {
-					if (!$wm) {
-						$wm = new $WeakMap();
-					}
-					$weakMapSet($wm, key, value);
-				} else if (getSideChannelMap) {
-					if (!$m) {
-						$m = getSideChannelMap();
-					}
-					// eslint-disable-next-line no-extra-parens
-					/** @type {NonNullable<typeof $m>} */ ($m).set(key, value);
-				}
-			}
-		};
-
-		// @ts-expect-error TODO: figure out why this is erroring
-		return channel;
-	}
-	: getSideChannelMap;
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-weakmap/package.json b/src/Servers/ExpressServer/node_modules/side-channel-weakmap/package.json
deleted file mode 100644
index 9ef6583..0000000
--- a/src/Servers/ExpressServer/node_modules/side-channel-weakmap/package.json
+++ /dev/null
@@ -1,87 +0,0 @@
-{
-	"name": "side-channel-weakmap",
-	"version": "1.0.2",
-	"description": "Store information about any JS value in a side channel. Uses WeakMap if available.",
-	"main": "index.js",
-	"exports": {
-		".": "./index.js",
-		"./package.json": "./package.json"
-	},
-	"types": "./index.d.ts",
-	"scripts": {
-		"prepack": "npmignore --auto --commentLines=autogenerated",
-		"prepublishOnly": "safe-publish-latest",
-		"prepublish": "not-in-publish || npm run prepublishOnly",
-		"prelint": "eclint check $(git ls-files | xargs find 2> /dev/null | grep -vE 'node_modules|\\.git')",
-		"lint": "eslint --ext=js,mjs .",
-		"postlint": "tsc -p . && attw -P",
-		"pretest": "npm run lint",
-		"tests-only": "nyc tape 'test/**/*.js'",
-		"test": "npm run tests-only",
-		"posttest": "npx npm@'>=10.2' audit --production",
-		"version": "auto-changelog && git add CHANGELOG.md",
-		"postversion": "auto-changelog && git add CHANGELOG.md && git commit --no-edit --amend && git tag -f \"v$(node -e \"console.log(require('./package.json').version)\")\""
-	},
-	"repository": {
-		"type": "git",
-		"url": "git+https://github.com/ljharb/side-channel-weakmap.git"
-	},
-	"keywords": [
-		"weakmap",
-		"map",
-		"side",
-		"channel",
-		"metadata"
-	],
-	"author": "Jordan Harband <ljharb@gmail.com>",
-	"funding": {
-		"url": "https://github.com/sponsors/ljharb"
-	},
-	"license": "MIT",
-	"bugs": {
-		"url": "https://github.com/ljharb/side-channel-weakmap/issues"
-	},
-	"homepage": "https://github.com/ljharb/side-channel-weakmap#readme",
-	"dependencies": {
-		"call-bound": "^1.0.2",
-		"es-errors": "^1.3.0",
-		"get-intrinsic": "^1.2.5",
-		"object-inspect": "^1.13.3",
-		"side-channel-map": "^1.0.1"
-	},
-	"devDependencies": {
-		"@arethetypeswrong/cli": "^0.17.1",
-		"@ljharb/eslint-config": "^21.1.1",
-		"@ljharb/tsconfig": "^0.2.2",
-		"@types/call-bind": "^1.0.5",
-		"@types/get-intrinsic": "^1.2.3",
-		"@types/object-inspect": "^1.13.0",
-		"@types/tape": "^5.6.5",
-		"auto-changelog": "^2.5.0",
-		"eclint": "^2.8.1",
-		"encoding": "^0.1.13",
-		"eslint": "=8.8.0",
-		"in-publish": "^2.0.1",
-		"npmignore": "^0.3.1",
-		"nyc": "^10.3.2",
-		"safe-publish-latest": "^2.0.0",
-		"tape": "^5.9.0",
-		"typescript": "next"
-	},
-	"auto-changelog": {
-		"output": "CHANGELOG.md",
-		"template": "keepachangelog",
-		"unreleased": false,
-		"commitLimit": false,
-		"backfillLimit": false,
-		"hideCredit": true
-	},
-	"publishConfig": {
-		"ignore": [
-			".github/workflows"
-		]
-	},
-	"engines": {
-		"node": ">= 0.4"
-	}
-}
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-weakmap/test/index.js b/src/Servers/ExpressServer/node_modules/side-channel-weakmap/test/index.js
deleted file mode 100644
index a01248b..0000000
--- a/src/Servers/ExpressServer/node_modules/side-channel-weakmap/test/index.js
+++ /dev/null
@@ -1,114 +0,0 @@
-'use strict';
-
-var test = require('tape');
-
-var getSideChannelWeakMap = require('../');
-
-test('getSideChannelMap', { skip: typeof WeakMap !== 'function' && typeof Map !== 'function' }, function (t) {
-	var getSideChannel = getSideChannelWeakMap || function () {
-		throw new EvalError('should never happen');
-	};
-
-	t.test('export', function (st) {
-		st.equal(typeof getSideChannel, 'function', 'is a function');
-
-		st.equal(getSideChannel.length, 0, 'takes no arguments');
-
-		var channel = getSideChannel();
-		st.ok(channel, 'is truthy');
-		st.equal(typeof channel, 'object', 'is an object');
-		st.end();
-	});
-
-	t.test('assert', function (st) {
-		var channel = getSideChannel();
-		st['throws'](
-			function () { channel.assert({}); },
-			TypeError,
-			'nonexistent value throws'
-		);
-
-		var o = {};
-		channel.set(o, 'data');
-		st.doesNotThrow(function () { channel.assert(o); }, 'existent value noops');
-
-		st.end();
-	});
-
-	t.test('has', function (st) {
-		var channel = getSideChannel();
-		/** @type {unknown[]} */ var o = [];
-
-		st.equal(channel.has(o), false, 'nonexistent value yields false');
-
-		channel.set(o, 'foo');
-		st.equal(channel.has(o), true, 'existent value yields true');
-
-		st.equal(channel.has('abc'), false, 'non object value non existent yields false');
-
-		channel.set('abc', 'foo');
-		st.equal(channel.has('abc'), true, 'non object value that exists yields true');
-
-		st.end();
-	});
-
-	t.test('get', function (st) {
-		var channel = getSideChannel();
-		var o = {};
-		st.equal(channel.get(o), undefined, 'nonexistent value yields undefined');
-
-		var data = {};
-		channel.set(o, data);
-		st.equal(channel.get(o), data, '"get" yields data set by "set"');
-
-		st.end();
-	});
-
-	t.test('set', function (st) {
-		var channel = getSideChannel();
-		var o = function () {};
-		st.equal(channel.get(o), undefined, 'value not set');
-
-		channel.set(o, 42);
-		st.equal(channel.get(o), 42, 'value was set');
-
-		channel.set(o, Infinity);
-		st.equal(channel.get(o), Infinity, 'value was set again');
-
-		var o2 = {};
-		channel.set(o2, 17);
-		st.equal(channel.get(o), Infinity, 'o is not modified');
-		st.equal(channel.get(o2), 17, 'o2 is set');
-
-		channel.set(o, 14);
-		st.equal(channel.get(o), 14, 'o is modified');
-		st.equal(channel.get(o2), 17, 'o2 is not modified');
-
-		st.end();
-	});
-
-	t.test('delete', function (st) {
-		var channel = getSideChannel();
-		var o = {};
-		st.equal(channel['delete']({}), false, 'nonexistent value yields false');
-
-		channel.set(o, 42);
-		st.equal(channel.has(o), true, 'value is set');
-
-		st.equal(channel['delete']({}), false, 'nonexistent value still yields false');
-
-		st.equal(channel['delete'](o), true, 'deleted value yields true');
-
-		st.equal(channel.has(o), false, 'value is no longer set');
-
-		st.end();
-	});
-
-	t.end();
-});
-
-test('getSideChannelMap, no WeakMaps and/or Maps', { skip: typeof WeakMap === 'function' || typeof Map === 'function' }, function (t) {
-	t.equal(getSideChannelWeakMap, false, 'is false');
-
-	t.end();
-});
diff --git a/src/Servers/ExpressServer/node_modules/side-channel-weakmap/tsconfig.json b/src/Servers/ExpressServer/node_modules/side-channel-weakmap/tsconfig.json
deleted file mode 100644
index d9a6668..0000000
--- a/src/Servers/ExpressServer/node_modules/side-channel-weakmap/tsconfig.json
+++ /dev/null
@@ -1,9 +0,0 @@
-{
-	"extends": "@ljharb/tsconfig",
-	"compilerOptions": {
-		"target": "es2021",
-	},
-	"exclude": [
-		"coverage",
-	],
-}
diff --git a/src/Servers/ExpressServer/node_modules/side-channel/.editorconfig b/src/Servers/ExpressServer/node_modules/side-channel/.editorconfig
deleted file mode 100644
index 72e0eba..0000000
--- a/src/Servers/ExpressServer/node_modules/side-channel/.editorconfig
+++ /dev/null
@@ -1,9 +0,0 @@
-root = true
-
-[*]
-charset = utf-8
-end_of_line = lf
-insert_final_newline = true
-indent_style = tab
-indent_size = 2
-trim_trailing_whitespace = true
diff --git a/src/Servers/ExpressServer/node_modules/side-channel/.eslintrc b/src/Servers/ExpressServer/node_modules/side-channel/.eslintrc
deleted file mode 100644
index 9b13ad8..0000000
--- a/src/Servers/ExpressServer/node_modules/side-channel/.eslintrc
+++ /dev/null
@@ -1,12 +0,0 @@
-{
-	"root": true,
-
-	"extends": "@ljharb",
-
-	"rules": {
-		"id-length": 0,
-		"max-lines-per-function": 0,
-		"multiline-comment-style": 1,
-		"new-cap": [2, { "capIsNewExceptions": ["GetIntrinsic"] }],
-	},
-}
diff --git a/src/Servers/ExpressServer/node_modules/side-channel/.github/FUNDING.yml b/src/Servers/ExpressServer/node_modules/side-channel/.github/FUNDING.yml
deleted file mode 100644
index 2a94840..0000000
--- a/src/Servers/ExpressServer/node_modules/side-channel/.github/FUNDING.yml
+++ /dev/null
@@ -1,12 +0,0 @@
-# These are supported funding model platforms
-
-github: [ljharb]
-patreon: # Replace with a single Patreon username
-open_collective: # Replace with a single Open Collective username
-ko_fi: # Replace with a single Ko-fi username
-tidelift: npm/side-channel
-community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
-liberapay: # Replace with a single Liberapay username
-issuehunt: # Replace with a single IssueHunt username
-otechie: # Replace with a single Otechie username
-custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']
diff --git a/src/Servers/ExpressServer/node_modules/side-channel/.nycrc b/src/Servers/ExpressServer/node_modules/side-channel/.nycrc
deleted file mode 100644
index 1826526..0000000
--- a/src/Servers/ExpressServer/node_modules/side-channel/.nycrc
+++ /dev/null
@@ -1,13 +0,0 @@
-{
-	"all": true,
-	"check-coverage": false,
-	"reporter": ["text-summary", "text", "html", "json"],
-	"lines": 86,
-	"statements": 85.93,
-	"functions": 82.43,
-	"branches": 76.06,
-	"exclude": [
-		"coverage",
-		"test"
-	]
-}
diff --git a/src/Servers/ExpressServer/node_modules/side-channel/CHANGELOG.md b/src/Servers/ExpressServer/node_modules/side-channel/CHANGELOG.md
deleted file mode 100644
index 58e378c..0000000
--- a/src/Servers/ExpressServer/node_modules/side-channel/CHANGELOG.md
+++ /dev/null
@@ -1,110 +0,0 @@
-# Changelog
-
-All notable changes to this project will be documented in this file.
-
-The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
-and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
-
-## [v1.1.0](https://github.com/ljharb/side-channel/compare/v1.0.6...v1.1.0) - 2024-12-11
-
-### Commits
-
-- [Refactor] extract implementations to `side-channel-weakmap`, `side-channel-map`, `side-channel-list` [`ada5955`](https://github.com/ljharb/side-channel/commit/ada595549a5c4c6c853756d598846b180941c6da)
-- [New] add `channel.delete` [`c01d2d3`](https://github.com/ljharb/side-channel/commit/c01d2d3fd51dbb1ce6da72ad7916e61bd6172aad)
-- [types] improve types [`0c54356`](https://github.com/ljharb/side-channel/commit/0c5435651417df41b8cc1a5f7cdce8bffae68cde)
-- [readme] add content [`be24868`](https://github.com/ljharb/side-channel/commit/be248682ac294b0e22c883092c45985aa91c490a)
-- [actions] split out node 10-20, and 20+ [`c4488e2`](https://github.com/ljharb/side-channel/commit/c4488e241ef3d49a19fe266ac830a2e644305911)
-- [types] use shared tsconfig [`0e0d57c`](https://github.com/ljharb/side-channel/commit/0e0d57c2ff17c7b45c6cbd43ebcf553edc9e3adc)
-- [Dev Deps] update `@ljharb/eslint-config`, `@ljharb/tsconfig`, `@types/get-intrinsic`, `@types/object-inspect`, `@types/tape`, `auto-changelog`, `tape` [`fb4f622`](https://github.com/ljharb/side-channel/commit/fb4f622e64a99a1e40b6e5cd7691674a9dc429e4)
-- [Deps] update `call-bind`, `get-intrinsic`, `object-inspect` [`b78336b`](https://github.com/ljharb/side-channel/commit/b78336b886172d1b457d414ac9e28de8c5fecc78)
-- [Tests] replace `aud` with `npm audit` [`ee3ab46`](https://github.com/ljharb/side-channel/commit/ee3ab4690d954311c35115651bcfd45edd205aa1)
-- [Dev Deps] add missing peer dep [`c03e21a`](https://github.com/ljharb/side-channel/commit/c03e21a7def3b67cdc15ae22316884fefcb2f6a8)
-
-## [v1.0.6](https://github.com/ljharb/side-channel/compare/v1.0.5...v1.0.6) - 2024-02-29
-
-### Commits
-
-- add types [`9beef66`](https://github.com/ljharb/side-channel/commit/9beef6643e6d717ea57bedabf86448123a7dd9e9)
-- [meta] simplify `exports` [`4334cf9`](https://github.com/ljharb/side-channel/commit/4334cf9df654151504c383b62a2f9ebdc8d9d5ac)
-- [Deps] update `call-bind` [`d6043c4`](https://github.com/ljharb/side-channel/commit/d6043c4d8f4d7be9037dd0f0419c7a2e0e39ec6a)
-- [Dev Deps] update `tape` [`6aca376`](https://github.com/ljharb/side-channel/commit/6aca3761868dc8cd5ff7fd9799bf6b95e09a6eb0)
-
-## [v1.0.5](https://github.com/ljharb/side-channel/compare/v1.0.4...v1.0.5) - 2024-02-06
-
-### Commits
-
-- [actions] reuse common workflows [`3d2e1ff`](https://github.com/ljharb/side-channel/commit/3d2e1ffd16dd6eaaf3e40ff57951f840d2d63c04)
-- [meta] use `npmignore` to autogenerate an npmignore file [`04296ea`](https://github.com/ljharb/side-channel/commit/04296ea17d1544b0a5d20fd5bfb31aa4f6513eb9)
-- [meta] add `.editorconfig`; add `eclint` [`130f0a6`](https://github.com/ljharb/side-channel/commit/130f0a6adbc04d385c7456a601d38344dce3d6a9)
-- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `aud`, `auto-changelog`, `safe-publish-latest`, `tape` [`d480c2f`](https://github.com/ljharb/side-channel/commit/d480c2fbe757489ae9b4275491ffbcc3ac4725e9)
-- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `aud`, `auto-changelog`, `tape` [`ecbe70e`](https://github.com/ljharb/side-channel/commit/ecbe70e53a418234081a77971fec1fdfae20c841)
-- [actions] update rebase action [`75240b9`](https://github.com/ljharb/side-channel/commit/75240b9963b816e8846400d2287cb68f88c7fba7)
-- [Dev Deps] update `@ljharb/eslint-config`, `aud`, `npmignore`, `tape` [`ae8d281`](https://github.com/ljharb/side-channel/commit/ae8d281572430099109870fd9430d2ca3f320b8d)
-- [Dev Deps] update `@ljharb/eslint-config`, `aud`, `tape` [`7125b88`](https://github.com/ljharb/side-channel/commit/7125b885fd0eacad4fee9b073b72d14065ece278)
-- [Deps] update `call-bind`, `get-intrinsic`, `object-inspect` [`82577c9`](https://github.com/ljharb/side-channel/commit/82577c9796304519139a570f82a317211b5f3b86)
-- [Deps] update `call-bind`, `get-intrinsic`, `object-inspect` [`550aadf`](https://github.com/ljharb/side-channel/commit/550aadf20475a6081fd70304cc54f77259a5c8a8)
-- [Tests] increase coverage [`5130877`](https://github.com/ljharb/side-channel/commit/5130877a7b27c862e64e6d1c12a178b28808859d)
-- [Deps] update `get-intrinsic`, `object-inspect` [`ba0194c`](https://github.com/ljharb/side-channel/commit/ba0194c505b1a8a0427be14cadd5b8a46d4d01b8)
-- [meta] add missing `engines.node` [`985fd24`](https://github.com/ljharb/side-channel/commit/985fd249663cb06617a693a94fe08cad12f5cb70)
-- [Refactor] use `es-errors`, so things that only need those do not need `get-intrinsic` [`40227a8`](https://github.com/ljharb/side-channel/commit/40227a87b01709ad2c0eebf87eb4223a800099b9)
-- [Deps] update `get-intrinsic` [`a989b40`](https://github.com/ljharb/side-channel/commit/a989b4024958737ae7be9fbffdeff2078f33a0fd)
-- [Deps] update `object-inspect` [`aec42d2`](https://github.com/ljharb/side-channel/commit/aec42d2ec541a31aaa02475692c87d489237d9a3)
-
-## [v1.0.4](https://github.com/ljharb/side-channel/compare/v1.0.3...v1.0.4) - 2020-12-29
-
-### Commits
-
-- [Tests] migrate tests to Github Actions [`10909cb`](https://github.com/ljharb/side-channel/commit/10909cbf8ce9c0bf96f604cf13d7ffd5a22c2d40)
-- [Refactor] Use a linked list rather than an array, and move accessed nodes to the beginning [`195613f`](https://github.com/ljharb/side-channel/commit/195613f28b5c1e6072ef0b61b5beebaf2b6a304e)
-- [meta] do not publish github action workflow files [`290ec29`](https://github.com/ljharb/side-channel/commit/290ec29cd21a60585145b4a7237ec55228c52c27)
-- [Tests] run `nyc` on all tests; use `tape` runner [`ea6d030`](https://github.com/ljharb/side-channel/commit/ea6d030ff3fe6be2eca39e859d644c51ecd88869)
-- [actions] add "Allow Edits" workflow [`d464d8f`](https://github.com/ljharb/side-channel/commit/d464d8fe52b5eddf1504a0ed97f0941a90f32c15)
-- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `aud`, `auto-changelog` [`02daca8`](https://github.com/ljharb/side-channel/commit/02daca87c6809821c97be468d1afa2f5ef447383)
-- [Refactor] use `call-bind` and `get-intrinsic` instead of `es-abstract` [`e09d481`](https://github.com/ljharb/side-channel/commit/e09d481528452ebafa5cdeae1af665c35aa2deee)
-- [Deps] update `object.assign` [`ee83aa8`](https://github.com/ljharb/side-channel/commit/ee83aa81df313b5e46319a63adb05cf0c179079a)
-- [actions] update rebase action to use checkout v2 [`7726b0b`](https://github.com/ljharb/side-channel/commit/7726b0b058b632fccea709f58960871defaaa9d7)
-
-## [v1.0.3](https://github.com/ljharb/side-channel/compare/v1.0.2...v1.0.3) - 2020-08-23
-
-### Commits
-
-- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `aud`, `auto-changelog`, `tape` [`1f10561`](https://github.com/ljharb/side-channel/commit/1f105611ef3acf32dec8032ae5c0baa5e56bb868)
-- [Deps] update `es-abstract`, `object-inspect` [`bc20159`](https://github.com/ljharb/side-channel/commit/bc201597949a505e37cef9eaf24c7010831e6f03)
-- [Dev Deps] update `@ljharb/eslint-config`, `tape` [`b9b2b22`](https://github.com/ljharb/side-channel/commit/b9b2b225f9e0ea72a6ec2b89348f0bd690bc9ed1)
-- [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `tape` [`7055ab4`](https://github.com/ljharb/side-channel/commit/7055ab4de0860606efd2003674a74f1fe6ebc07e)
-- [Dev Deps] update `auto-changelog`; add `aud` [`d278c37`](https://github.com/ljharb/side-channel/commit/d278c37d08227be4f84aa769fcd919e73feeba40)
-- [actions] switch Automatic Rebase workflow to `pull_request_target` event [`3bcf982`](https://github.com/ljharb/side-channel/commit/3bcf982faa122745b39c33ce83d32fdf003741c6)
-- [Tests] only audit prod deps [`18d01c4`](https://github.com/ljharb/side-channel/commit/18d01c4015b82a3d75044c4d5ba7917b2eac01ec)
-- [Deps] update `es-abstract` [`6ab096d`](https://github.com/ljharb/side-channel/commit/6ab096d9de2b482cf5e0717e34e212f5b2b9bc9a)
-- [Dev Deps] update `tape` [`9dc174c`](https://github.com/ljharb/side-channel/commit/9dc174cc651dfd300b4b72da936a0a7eda5f9452)
-- [Deps] update `es-abstract` [`431d0f0`](https://github.com/ljharb/side-channel/commit/431d0f0ff11fbd2ae6f3115582a356d3a1cfce82)
-- [Deps] update `es-abstract` [`49869fd`](https://github.com/ljharb/side-channel/commit/49869fd323bf4453f0ba515c0fb265cf5ab7b932)
-- [meta] Add package.json to package's exports [`77d9cdc`](https://github.com/ljharb/side-channel/commit/77d9cdceb2a9e47700074f2ae0c0a202e7dac0d4)
-
-## [v1.0.2](https://github.com/ljharb/side-channel/compare/v1.0.1...v1.0.2) - 2019-12-20
-
-### Commits
-
-- [Dev Deps] update `@ljharb/eslint-config`, `tape` [`4a526df`](https://github.com/ljharb/side-channel/commit/4a526df44e4701566ed001ec78546193f818b082)
-- [Deps] update `es-abstract` [`d4f6e62`](https://github.com/ljharb/side-channel/commit/d4f6e629b6fb93a07415db7f30d3c90fd7f264fe)
-
-## [v1.0.1](https://github.com/ljharb/side-channel/compare/v1.0.0...v1.0.1) - 2019-12-01
-
-### Commits
-
-- [Fix] add missing "exports" [`d212907`](https://github.com/ljharb/side-channel/commit/d2129073abf0701a5343bf28aa2145617604dc2e)
-
-## v1.0.0 - 2019-12-01
-
-### Commits
-
-- Initial implementation [`dbebd3a`](https://github.com/ljharb/side-channel/commit/dbebd3a4b5ed64242f9a6810efe7c4214cd8cde4)
-- Initial tests [`73bdefe`](https://github.com/ljharb/side-channel/commit/73bdefe568c9076cf8c0b8719bc2141aec0e19b8)
-- Initial commit [`43c03e1`](https://github.com/ljharb/side-channel/commit/43c03e1c2849ec50a87b7a5cd76238a62b0b8770)
-- npm init [`5c090a7`](https://github.com/ljharb/side-channel/commit/5c090a765d66a5527d9889b89aeff78dee91348c)
-- [meta] add `auto-changelog` [`a5c4e56`](https://github.com/ljharb/side-channel/commit/a5c4e5675ec02d5eb4d84b4243aeea2a1d38fbec)
-- [actions] add automatic rebasing / merge commit blocking [`bab1683`](https://github.com/ljharb/side-channel/commit/bab1683d8f9754b086e94397699fdc645e0d7077)
-- [meta] add `funding` field; create FUNDING.yml [`63d7aea`](https://github.com/ljharb/side-channel/commit/63d7aeaf34f5650650ae97ca4b9fae685bd0937c)
-- [Tests] add `npm run lint` [`46a5a81`](https://github.com/ljharb/side-channel/commit/46a5a81705cd2664f83df232c01dbbf2ee952885)
-- Only apps should have lockfiles [`8b16b03`](https://github.com/ljharb/side-channel/commit/8b16b0305f00895d90c4e2e5773c854cfea0e448)
-- [meta] add `safe-publish-latest` [`2f098ef`](https://github.com/ljharb/side-channel/commit/2f098ef092a39399cfe548b19a1fc03c2fd2f490)
diff --git a/src/Servers/ExpressServer/node_modules/side-channel/LICENSE b/src/Servers/ExpressServer/node_modules/side-channel/LICENSE
deleted file mode 100644
index 3900dd7..0000000
--- a/src/Servers/ExpressServer/node_modules/side-channel/LICENSE
+++ /dev/null
@@ -1,21 +0,0 @@
-MIT License
-
-Copyright (c) 2019 Jordan Harband
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/side-channel/README.md b/src/Servers/ExpressServer/node_modules/side-channel/README.md
deleted file mode 100644
index cc7e103..0000000
--- a/src/Servers/ExpressServer/node_modules/side-channel/README.md
+++ /dev/null
@@ -1,61 +0,0 @@
-# side-channel <sup>[![Version Badge][npm-version-svg]][package-url]</sup>
-
-[![github actions][actions-image]][actions-url]
-[![coverage][codecov-image]][codecov-url]
-[![License][license-image]][license-url]
-[![Downloads][downloads-image]][downloads-url]
-
-[![npm badge][npm-badge-png]][package-url]
-
-Store information about any JS value in a side channel. Uses WeakMap if available.
-
-Warning: in an environment that lacks `WeakMap`, this implementation will leak memory until you `delete` the `key`.
-
-## Getting started
-
-```sh
-npm install --save side-channel
-```
-
-## Usage/Examples
-
-```js
-const assert = require('assert');
-const getSideChannel = require('side-channel');
-
-const channel = getSideChannel();
-
-const key = {};
-assert.equal(channel.has(key), false);
-assert.throws(() => channel.assert(key), TypeError);
-
-channel.set(key, 42);
-
-channel.assert(key); // does not throw
-assert.equal(channel.has(key), true);
-assert.equal(channel.get(key), 42);
-
-channel.delete(key);
-assert.equal(channel.has(key), false);
-assert.throws(() => channel.assert(key), TypeError);
-```
-
-## Tests
-
-Clone the repo, `npm install`, and run `npm test`
-
-[package-url]: https://npmjs.org/package/side-channel
-[npm-version-svg]: https://versionbadg.es/ljharb/side-channel.svg
-[deps-svg]: https://david-dm.org/ljharb/side-channel.svg
-[deps-url]: https://david-dm.org/ljharb/side-channel
-[dev-deps-svg]: https://david-dm.org/ljharb/side-channel/dev-status.svg
-[dev-deps-url]: https://david-dm.org/ljharb/side-channel#info=devDependencies
-[npm-badge-png]: https://nodei.co/npm/side-channel.png?downloads=true&stars=true
-[license-image]: https://img.shields.io/npm/l/side-channel.svg
-[license-url]: LICENSE
-[downloads-image]: https://img.shields.io/npm/dm/side-channel.svg
-[downloads-url]: https://npm-stat.com/charts.html?package=side-channel
-[codecov-image]: https://codecov.io/gh/ljharb/side-channel/branch/main/graphs/badge.svg
-[codecov-url]: https://app.codecov.io/gh/ljharb/side-channel/
-[actions-image]: https://img.shields.io/endpoint?url=https://github-actions-badge-u3jn4tfpocch.runkit.sh/ljharb/side-channel
-[actions-url]: https://github.com/ljharb/side-channel/actions
diff --git a/src/Servers/ExpressServer/node_modules/side-channel/index.d.ts b/src/Servers/ExpressServer/node_modules/side-channel/index.d.ts
deleted file mode 100644
index 18c6317..0000000
--- a/src/Servers/ExpressServer/node_modules/side-channel/index.d.ts
+++ /dev/null
@@ -1,14 +0,0 @@
-import getSideChannelList from 'side-channel-list';
-import getSideChannelMap from 'side-channel-map';
-import getSideChannelWeakMap from 'side-channel-weakmap';
-
-declare namespace getSideChannel {
-	type Channel<K, V> =
-		| getSideChannelList.Channel<K, V>
-		| ReturnType<Exclude<typeof getSideChannelMap<K, V>, false>>
-		| ReturnType<Exclude<typeof getSideChannelWeakMap<K, V>, false>>;
-}
-
-declare function getSideChannel<K, V>(): getSideChannel.Channel<K, V>;
-
-export = getSideChannel;
diff --git a/src/Servers/ExpressServer/node_modules/side-channel/index.js b/src/Servers/ExpressServer/node_modules/side-channel/index.js
deleted file mode 100644
index a8a9b05..0000000
--- a/src/Servers/ExpressServer/node_modules/side-channel/index.js
+++ /dev/null
@@ -1,43 +0,0 @@
-'use strict';
-
-var $TypeError = require('es-errors/type');
-var inspect = require('object-inspect');
-var getSideChannelList = require('side-channel-list');
-var getSideChannelMap = require('side-channel-map');
-var getSideChannelWeakMap = require('side-channel-weakmap');
-
-var makeChannel = getSideChannelWeakMap || getSideChannelMap || getSideChannelList;
-
-/** @type {import('.')} */
-module.exports = function getSideChannel() {
-	/** @typedef {ReturnType<typeof getSideChannel>} Channel */
-
-	/** @type {Channel | undefined} */ var $channelData;
-
-	/** @type {Channel} */
-	var channel = {
-		assert: function (key) {
-			if (!channel.has(key)) {
-				throw new $TypeError('Side channel does not contain ' + inspect(key));
-			}
-		},
-		'delete': function (key) {
-			return !!$channelData && $channelData['delete'](key);
-		},
-		get: function (key) {
-			return $channelData && $channelData.get(key);
-		},
-		has: function (key) {
-			return !!$channelData && $channelData.has(key);
-		},
-		set: function (key, value) {
-			if (!$channelData) {
-				$channelData = makeChannel();
-			}
-
-			$channelData.set(key, value);
-		}
-	};
-	// @ts-expect-error TODO: figure out why this is erroring
-	return channel;
-};
diff --git a/src/Servers/ExpressServer/node_modules/side-channel/package.json b/src/Servers/ExpressServer/node_modules/side-channel/package.json
deleted file mode 100644
index 30fa42c..0000000
--- a/src/Servers/ExpressServer/node_modules/side-channel/package.json
+++ /dev/null
@@ -1,85 +0,0 @@
-{
-	"name": "side-channel",
-	"version": "1.1.0",
-	"description": "Store information about any JS value in a side channel. Uses WeakMap if available.",
-	"main": "index.js",
-	"exports": {
-		".": "./index.js",
-		"./package.json": "./package.json"
-	},
-	"types": "./index.d.ts",
-	"scripts": {
-		"prepack": "npmignore --auto --commentLines=autogenerated",
-		"prepublishOnly": "safe-publish-latest",
-		"prepublish": "not-in-publish || npm run prepublishOnly",
-		"prelint": "eclint check $(git ls-files | xargs find 2> /dev/null | grep -vE 'node_modules|\\.git')",
-		"lint": "eslint --ext=js,mjs .",
-		"postlint": "tsc -p . && attw -P",
-		"pretest": "npm run lint",
-		"tests-only": "nyc tape 'test/**/*.js'",
-		"test": "npm run tests-only",
-		"posttest": "npx npm@'>=10.2' audit --production",
-		"version": "auto-changelog && git add CHANGELOG.md",
-		"postversion": "auto-changelog && git add CHANGELOG.md && git commit --no-edit --amend && git tag -f \"v$(node -e \"console.log(require('./package.json').version)\")\""
-	},
-	"repository": {
-		"type": "git",
-		"url": "git+https://github.com/ljharb/side-channel.git"
-	},
-	"keywords": [
-		"weakmap",
-		"map",
-		"side",
-		"channel",
-		"metadata"
-	],
-	"author": "Jordan Harband <ljharb@gmail.com>",
-	"funding": {
-		"url": "https://github.com/sponsors/ljharb"
-	},
-	"license": "MIT",
-	"bugs": {
-		"url": "https://github.com/ljharb/side-channel/issues"
-	},
-	"homepage": "https://github.com/ljharb/side-channel#readme",
-	"dependencies": {
-		"es-errors": "^1.3.0",
-		"object-inspect": "^1.13.3",
-		"side-channel-list": "^1.0.0",
-		"side-channel-map": "^1.0.1",
-		"side-channel-weakmap": "^1.0.2"
-	},
-	"devDependencies": {
-		"@arethetypeswrong/cli": "^0.17.1",
-		"@ljharb/eslint-config": "^21.1.1",
-		"@ljharb/tsconfig": "^0.2.2",
-		"@types/object-inspect": "^1.13.0",
-		"@types/tape": "^5.6.5",
-		"auto-changelog": "^2.5.0",
-		"eclint": "^2.8.1",
-		"encoding": "^0.1.13",
-		"eslint": "=8.8.0",
-		"in-publish": "^2.0.1",
-		"npmignore": "^0.3.1",
-		"nyc": "^10.3.2",
-		"safe-publish-latest": "^2.0.0",
-		"tape": "^5.9.0",
-		"typescript": "next"
-	},
-	"auto-changelog": {
-		"output": "CHANGELOG.md",
-		"template": "keepachangelog",
-		"unreleased": false,
-		"commitLimit": false,
-		"backfillLimit": false,
-		"hideCredit": true
-	},
-	"publishConfig": {
-		"ignore": [
-			".github/workflows"
-		]
-	},
-	"engines": {
-		"node": ">= 0.4"
-	}
-}
diff --git a/src/Servers/ExpressServer/node_modules/side-channel/test/index.js b/src/Servers/ExpressServer/node_modules/side-channel/test/index.js
deleted file mode 100644
index bd1e7c2..0000000
--- a/src/Servers/ExpressServer/node_modules/side-channel/test/index.js
+++ /dev/null
@@ -1,104 +0,0 @@
-'use strict';
-
-var test = require('tape');
-
-var getSideChannel = require('../');
-
-test('getSideChannel', function (t) {
-	t.test('export', function (st) {
-		st.equal(typeof getSideChannel, 'function', 'is a function');
-
-		st.equal(getSideChannel.length, 0, 'takes no arguments');
-
-		var channel = getSideChannel();
-		st.ok(channel, 'is truthy');
-		st.equal(typeof channel, 'object', 'is an object');
-		st.end();
-	});
-
-	t.test('assert', function (st) {
-		var channel = getSideChannel();
-		st['throws'](
-			function () { channel.assert({}); },
-			TypeError,
-			'nonexistent value throws'
-		);
-
-		var o = {};
-		channel.set(o, 'data');
-		st.doesNotThrow(function () { channel.assert(o); }, 'existent value noops');
-
-		st.end();
-	});
-
-	t.test('has', function (st) {
-		var channel = getSideChannel();
-		/** @type {unknown[]} */ var o = [];
-
-		st.equal(channel.has(o), false, 'nonexistent value yields false');
-
-		channel.set(o, 'foo');
-		st.equal(channel.has(o), true, 'existent value yields true');
-
-		st.equal(channel.has('abc'), false, 'non object value non existent yields false');
-
-		channel.set('abc', 'foo');
-		st.equal(channel.has('abc'), true, 'non object value that exists yields true');
-
-		st.end();
-	});
-
-	t.test('get', function (st) {
-		var channel = getSideChannel();
-		var o = {};
-		st.equal(channel.get(o), undefined, 'nonexistent value yields undefined');
-
-		var data = {};
-		channel.set(o, data);
-		st.equal(channel.get(o), data, '"get" yields data set by "set"');
-
-		st.end();
-	});
-
-	t.test('set', function (st) {
-		var channel = getSideChannel();
-		var o = function () {};
-		st.equal(channel.get(o), undefined, 'value not set');
-
-		channel.set(o, 42);
-		st.equal(channel.get(o), 42, 'value was set');
-
-		channel.set(o, Infinity);
-		st.equal(channel.get(o), Infinity, 'value was set again');
-
-		var o2 = {};
-		channel.set(o2, 17);
-		st.equal(channel.get(o), Infinity, 'o is not modified');
-		st.equal(channel.get(o2), 17, 'o2 is set');
-
-		channel.set(o, 14);
-		st.equal(channel.get(o), 14, 'o is modified');
-		st.equal(channel.get(o2), 17, 'o2 is not modified');
-
-		st.end();
-	});
-
-	t.test('delete', function (st) {
-		var channel = getSideChannel();
-		var o = {};
-		st.equal(channel['delete']({}), false, 'nonexistent value yields false');
-
-		channel.set(o, 42);
-		st.equal(channel.has(o), true, 'value is set');
-
-		st.equal(channel['delete']({}), false, 'nonexistent value still yields false');
-
-		st.equal(channel['delete'](o), true, 'deleted value yields true');
-
-		st.equal(channel.has(o), false, 'value is no longer set');
-
-		st.end();
-	});
-
-	t.end();
-});
diff --git a/src/Servers/ExpressServer/node_modules/side-channel/tsconfig.json b/src/Servers/ExpressServer/node_modules/side-channel/tsconfig.json
deleted file mode 100644
index d9a6668..0000000
--- a/src/Servers/ExpressServer/node_modules/side-channel/tsconfig.json
+++ /dev/null
@@ -1,9 +0,0 @@
-{
-	"extends": "@ljharb/tsconfig",
-	"compilerOptions": {
-		"target": "es2021",
-	},
-	"exclude": [
-		"coverage",
-	],
-}
diff --git a/src/Servers/ExpressServer/node_modules/statuses/HISTORY.md b/src/Servers/ExpressServer/node_modules/statuses/HISTORY.md
deleted file mode 100644
index dc549b8..0000000
--- a/src/Servers/ExpressServer/node_modules/statuses/HISTORY.md
+++ /dev/null
@@ -1,87 +0,0 @@
-2.0.2 / 2025-06-06
-==================
-
-  * Migrate to `String.prototype.slice()`
-
-2.0.1 / 2021-01-03
-==================
-
-  * Fix returning values from `Object.prototype`
-
-2.0.0 / 2020-04-19
-==================
-
-  * Drop support for Node.js 0.6
-  * Fix messaging casing of `418 I'm a Teapot`
-  * Remove code 306
-  * Remove `status[code]` exports; use `status.message[code]`
-  * Remove `status[msg]` exports; use `status.code[msg]`
-  * Rename `425 Unordered Collection` to standard `425 Too Early`
-  * Rename `STATUS_CODES` export to `message`
-  * Return status message for `statuses(code)` when given code
-
-1.5.0 / 2018-03-27
-==================
-
-  * Add `103 Early Hints`
-
-1.4.0 / 2017-10-20
-==================
-
-  * Add `STATUS_CODES` export
-
-1.3.1 / 2016-11-11
-==================
-
-  * Fix return type in JSDoc
-
-1.3.0 / 2016-05-17
-==================
-
-  * Add `421 Misdirected Request`
-  * perf: enable strict mode
-
-1.2.1 / 2015-02-01
-==================
-
-  * Fix message for status 451
-    - `451 Unavailable For Legal Reasons`
-
-1.2.0 / 2014-09-28
-==================
-
-  * Add `208 Already Repored`
-  * Add `226 IM Used`
-  * Add `306 (Unused)`
-  * Add `415 Unable For Legal Reasons`
-  * Add `508 Loop Detected`
-
-1.1.1 / 2014-09-24
-==================
-
-  * Add missing 308 to `codes.json`
-
-1.1.0 / 2014-09-21
-==================
-
-  * Add `codes.json` for universal support
-
-1.0.4 / 2014-08-20
-==================
-
-  * Package cleanup
-
-1.0.3 / 2014-06-08
-==================
-
-  * Add 308 to `.redirect` category
-
-1.0.2 / 2014-03-13
-==================
-
-  * Add `.retry` category
-
-1.0.1 / 2014-03-12
-==================
-
-  * Initial release
diff --git a/src/Servers/ExpressServer/node_modules/statuses/LICENSE b/src/Servers/ExpressServer/node_modules/statuses/LICENSE
deleted file mode 100644
index 28a3161..0000000
--- a/src/Servers/ExpressServer/node_modules/statuses/LICENSE
+++ /dev/null
@@ -1,23 +0,0 @@
-
-The MIT License (MIT)
-
-Copyright (c) 2014 Jonathan Ong <me@jongleberry.com>
-Copyright (c) 2016 Douglas Christopher Wilson <doug@somethingdoug.com>
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/statuses/README.md b/src/Servers/ExpressServer/node_modules/statuses/README.md
deleted file mode 100644
index 89d542f..0000000
--- a/src/Servers/ExpressServer/node_modules/statuses/README.md
+++ /dev/null
@@ -1,139 +0,0 @@
-# statuses
-
-[![NPM Version][npm-version-image]][npm-url]
-[![NPM Downloads][npm-downloads-image]][npm-url]
-[![Node.js Version][node-version-image]][node-version-url]
-[![Build Status][ci-image]][ci-url]
-[![Test Coverage][coveralls-image]][coveralls-url]
-[![OpenSSF Scorecard Badge][ossf-scorecard-badge]][ossf-scorecard-visualizer]
-
-HTTP status utility for node.
-
-This module provides a list of status codes and messages sourced from
-a few different projects:
-
-  * The [IANA Status Code Registry](https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml)
-  * The [Node.js project](https://nodejs.org/)
-  * The [NGINX project](https://www.nginx.com/)
-  * The [Apache HTTP Server project](https://httpd.apache.org/)
-
-## Installation
-
-This is a [Node.js](https://nodejs.org/en/) module available through the
-[npm registry](https://www.npmjs.com/). Installation is done using the
-[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
-
-```sh
-$ npm install statuses
-```
-
-## API
-
-<!-- eslint-disable no-unused-vars -->
-
-```js
-var status = require('statuses')
-```
-
-### status(code)
-
-Returns the status message string for a known HTTP status code. The code
-may be a number or a string. An error is thrown for an unknown status code.
-
-<!-- eslint-disable no-undef -->
-
-```js
-status(403) // => 'Forbidden'
-status('403') // => 'Forbidden'
-status(306) // throws
-```
-
-### status(msg)
-
-Returns the numeric status code for a known HTTP status message. The message
-is case-insensitive. An error is thrown for an unknown status message.
-
-<!-- eslint-disable no-undef -->
-
-```js
-status('forbidden') // => 403
-status('Forbidden') // => 403
-status('foo') // throws
-```
-
-### status.codes
-
-Returns an array of all the status codes as `Integer`s.
-
-### status.code[msg]
-
-Returns the numeric status code for a known status message (in lower-case),
-otherwise `undefined`.
-
-<!-- eslint-disable no-undef, no-unused-expressions -->
-
-```js
-status['not found'] // => 404
-```
-
-### status.empty[code]
-
-Returns `true` if a status code expects an empty body.
-
-<!-- eslint-disable no-undef, no-unused-expressions -->
-
-```js
-status.empty[200] // => undefined
-status.empty[204] // => true
-status.empty[304] // => true
-```
-
-### status.message[code]
-
-Returns the string message for a known numeric status code, otherwise
-`undefined`. This object is the same format as the
-[Node.js http module `http.STATUS_CODES`](https://nodejs.org/dist/latest/docs/api/http.html#http_http_status_codes).
-
-<!-- eslint-disable no-undef, no-unused-expressions -->
-
-```js
-status.message[404] // => 'Not Found'
-```
-
-### status.redirect[code]
-
-Returns `true` if a status code is a valid redirect status.
-
-<!-- eslint-disable no-undef, no-unused-expressions -->
-
-```js
-status.redirect[200] // => undefined
-status.redirect[301] // => true
-```
-
-### status.retry[code]
-
-Returns `true` if you should retry the rest.
-
-<!-- eslint-disable no-undef, no-unused-expressions -->
-
-```js
-status.retry[501] // => undefined
-status.retry[503] // => true
-```
-
-## License
-
-[MIT](LICENSE)
-
-[ci-image]: https://badgen.net/github/checks/jshttp/statuses/master?label=ci
-[ci-url]: https://github.com/jshttp/statuses/actions?query=workflow%3Aci
-[coveralls-image]: https://badgen.net/coveralls/c/github/jshttp/statuses/master
-[coveralls-url]: https://coveralls.io/r/jshttp/statuses?branch=master
-[node-version-image]: https://badgen.net/npm/node/statuses
-[node-version-url]: https://nodejs.org/en/download
-[npm-downloads-image]: https://badgen.net/npm/dm/statuses
-[npm-url]: https://npmjs.org/package/statuses
-[npm-version-image]: https://badgen.net/npm/v/statuses
-[ossf-scorecard-badge]: https://api.securityscorecards.dev/projects/github.com/jshttp/statuses/badge
-[ossf-scorecard-visualizer]: https://kooltheba.github.io/openssf-scorecard-api-visualizer/#/projects/github.com/jshttp/statuses
diff --git a/src/Servers/ExpressServer/node_modules/statuses/codes.json b/src/Servers/ExpressServer/node_modules/statuses/codes.json
deleted file mode 100644
index 1333ed1..0000000
--- a/src/Servers/ExpressServer/node_modules/statuses/codes.json
+++ /dev/null
@@ -1,65 +0,0 @@
-{
-  "100": "Continue",
-  "101": "Switching Protocols",
-  "102": "Processing",
-  "103": "Early Hints",
-  "200": "OK",
-  "201": "Created",
-  "202": "Accepted",
-  "203": "Non-Authoritative Information",
-  "204": "No Content",
-  "205": "Reset Content",
-  "206": "Partial Content",
-  "207": "Multi-Status",
-  "208": "Already Reported",
-  "226": "IM Used",
-  "300": "Multiple Choices",
-  "301": "Moved Permanently",
-  "302": "Found",
-  "303": "See Other",
-  "304": "Not Modified",
-  "305": "Use Proxy",
-  "307": "Temporary Redirect",
-  "308": "Permanent Redirect",
-  "400": "Bad Request",
-  "401": "Unauthorized",
-  "402": "Payment Required",
-  "403": "Forbidden",
-  "404": "Not Found",
-  "405": "Method Not Allowed",
-  "406": "Not Acceptable",
-  "407": "Proxy Authentication Required",
-  "408": "Request Timeout",
-  "409": "Conflict",
-  "410": "Gone",
-  "411": "Length Required",
-  "412": "Precondition Failed",
-  "413": "Payload Too Large",
-  "414": "URI Too Long",
-  "415": "Unsupported Media Type",
-  "416": "Range Not Satisfiable",
-  "417": "Expectation Failed",
-  "418": "I'm a Teapot",
-  "421": "Misdirected Request",
-  "422": "Unprocessable Entity",
-  "423": "Locked",
-  "424": "Failed Dependency",
-  "425": "Too Early",
-  "426": "Upgrade Required",
-  "428": "Precondition Required",
-  "429": "Too Many Requests",
-  "431": "Request Header Fields Too Large",
-  "451": "Unavailable For Legal Reasons",
-  "500": "Internal Server Error",
-  "501": "Not Implemented",
-  "502": "Bad Gateway",
-  "503": "Service Unavailable",
-  "504": "Gateway Timeout",
-  "505": "HTTP Version Not Supported",
-  "506": "Variant Also Negotiates",
-  "507": "Insufficient Storage",
-  "508": "Loop Detected",
-  "509": "Bandwidth Limit Exceeded",
-  "510": "Not Extended",
-  "511": "Network Authentication Required"
-}
diff --git a/src/Servers/ExpressServer/node_modules/statuses/index.js b/src/Servers/ExpressServer/node_modules/statuses/index.js
deleted file mode 100644
index ea351c5..0000000
--- a/src/Servers/ExpressServer/node_modules/statuses/index.js
+++ /dev/null
@@ -1,146 +0,0 @@
-/*!
- * statuses
- * Copyright(c) 2014 Jonathan Ong
- * Copyright(c) 2016 Douglas Christopher Wilson
- * MIT Licensed
- */
-
-'use strict'
-
-/**
- * Module dependencies.
- * @private
- */
-
-var codes = require('./codes.json')
-
-/**
- * Module exports.
- * @public
- */
-
-module.exports = status
-
-// status code to message map
-status.message = codes
-
-// status message (lower-case) to code map
-status.code = createMessageToStatusCodeMap(codes)
-
-// array of status codes
-status.codes = createStatusCodeList(codes)
-
-// status codes for redirects
-status.redirect = {
-  300: true,
-  301: true,
-  302: true,
-  303: true,
-  305: true,
-  307: true,
-  308: true
-}
-
-// status codes for empty bodies
-status.empty = {
-  204: true,
-  205: true,
-  304: true
-}
-
-// status codes for when you should retry the request
-status.retry = {
-  502: true,
-  503: true,
-  504: true
-}
-
-/**
- * Create a map of message to status code.
- * @private
- */
-
-function createMessageToStatusCodeMap (codes) {
-  var map = {}
-
-  Object.keys(codes).forEach(function forEachCode (code) {
-    var message = codes[code]
-    var status = Number(code)
-
-    // populate map
-    map[message.toLowerCase()] = status
-  })
-
-  return map
-}
-
-/**
- * Create a list of all status codes.
- * @private
- */
-
-function createStatusCodeList (codes) {
-  return Object.keys(codes).map(function mapCode (code) {
-    return Number(code)
-  })
-}
-
-/**
- * Get the status code for given message.
- * @private
- */
-
-function getStatusCode (message) {
-  var msg = message.toLowerCase()
-
-  if (!Object.prototype.hasOwnProperty.call(status.code, msg)) {
-    throw new Error('invalid status message: "' + message + '"')
-  }
-
-  return status.code[msg]
-}
-
-/**
- * Get the status message for given code.
- * @private
- */
-
-function getStatusMessage (code) {
-  if (!Object.prototype.hasOwnProperty.call(status.message, code)) {
-    throw new Error('invalid status code: ' + code)
-  }
-
-  return status.message[code]
-}
-
-/**
- * Get the status code.
- *
- * Given a number, this will throw if it is not a known status
- * code, otherwise the code will be returned. Given a string,
- * the string will be parsed for a number and return the code
- * if valid, otherwise will lookup the code assuming this is
- * the status message.
- *
- * @param {string|number} code
- * @returns {number}
- * @public
- */
-
-function status (code) {
-  if (typeof code === 'number') {
-    return getStatusMessage(code)
-  }
-
-  if (typeof code !== 'string') {
-    throw new TypeError('code must be a number or string')
-  }
-
-  // '403'
-  var n = parseInt(code, 10)
-  if (!isNaN(n)) {
-    return getStatusMessage(n)
-  }
-
-  return getStatusCode(code)
-}
diff --git a/src/Servers/ExpressServer/node_modules/statuses/package.json b/src/Servers/ExpressServer/node_modules/statuses/package.json
deleted file mode 100644
index b5d016e..0000000
--- a/src/Servers/ExpressServer/node_modules/statuses/package.json
+++ /dev/null
@@ -1,49 +0,0 @@
-{
-  "name": "statuses",
-  "description": "HTTP status utility",
-  "version": "2.0.2",
-  "contributors": [
-    "Douglas Christopher Wilson <doug@somethingdoug.com>",
-    "Jonathan Ong <me@jongleberry.com> (http://jongleberry.com)"
-  ],
-  "repository": "jshttp/statuses",
-  "license": "MIT",
-  "keywords": [
-    "http",
-    "status",
-    "code"
-  ],
-  "files": [
-    "HISTORY.md",
-    "index.js",
-    "codes.json",
-    "LICENSE"
-  ],
-  "devDependencies": {
-    "csv-parse": "4.16.3",
-    "eslint": "7.19.0",
-    "eslint-config-standard": "14.1.1",
-    "eslint-plugin-import": "2.31.0",
-    "eslint-plugin-markdown": "1.0.2",
-    "eslint-plugin-node": "11.1.0",
-    "eslint-plugin-promise": "4.3.1",
-    "eslint-plugin-standard": "4.1.0",
-    "mocha": "8.4.0",
-    "nyc": "15.1.0",
-    "raw-body": "2.5.2",
-    "stream-to-array": "2.3.0"
-  },
-  "engines": {
-    "node": ">= 0.8"
-  },
-  "scripts": {
-    "build": "node scripts/build.js",
-    "fetch": "node scripts/fetch-apache.js && node scripts/fetch-iana.js && node scripts/fetch-nginx.js && node scripts/fetch-node.js",
-    "lint": "eslint --plugin markdown --ext js,md .",
-    "test": "mocha --reporter spec --check-leaks --bail test/",
-    "test-ci": "nyc --reporter=lcov --reporter=text npm test",
-    "test-cov": "nyc --reporter=html --reporter=text npm test",
-    "update": "npm run fetch && npm run build",
-    "version": "node scripts/version-history.js && git add HISTORY.md"
-  }
-}
diff --git a/src/Servers/ExpressServer/node_modules/toidentifier/HISTORY.md b/src/Servers/ExpressServer/node_modules/toidentifier/HISTORY.md
deleted file mode 100644
index cb7cc89..0000000
--- a/src/Servers/ExpressServer/node_modules/toidentifier/HISTORY.md
+++ /dev/null
@@ -1,9 +0,0 @@
-1.0.1 / 2021-11-14
-==================
-
-  * pref: enable strict mode
-
-1.0.0 / 2018-07-09
-==================
-
-  * Initial release
diff --git a/src/Servers/ExpressServer/node_modules/toidentifier/LICENSE b/src/Servers/ExpressServer/node_modules/toidentifier/LICENSE
deleted file mode 100644
index de22d15..0000000
--- a/src/Servers/ExpressServer/node_modules/toidentifier/LICENSE
+++ /dev/null
@@ -1,21 +0,0 @@
-MIT License
-
-Copyright (c) 2016 Douglas Christopher Wilson <doug@somethingdoug.com>
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/toidentifier/README.md b/src/Servers/ExpressServer/node_modules/toidentifier/README.md
deleted file mode 100644
index 57e8a78..0000000
--- a/src/Servers/ExpressServer/node_modules/toidentifier/README.md
+++ /dev/null
@@ -1,61 +0,0 @@
-# toidentifier
-
-[![NPM Version][npm-image]][npm-url]
-[![NPM Downloads][downloads-image]][downloads-url]
-[![Build Status][github-actions-ci-image]][github-actions-ci-url]
-[![Test Coverage][codecov-image]][codecov-url]
-
-> Convert a string of words to a JavaScript identifier
-
-## Install
-
-This is a [Node.js](https://nodejs.org/en/) module available through the
-[npm registry](https://www.npmjs.com/). Installation is done using the
-[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
-
-```bash
-$ npm install toidentifier
-```
-
-## Example
-
-```js
-var toIdentifier = require('toidentifier')
-
-console.log(toIdentifier('Bad Request'))
-// => "BadRequest"
-```
-
-## API
-
-This CommonJS module exports a single default function: `toIdentifier`.
-
-### toIdentifier(string)
-
-Given a string as the argument, it will be transformed according to
-the following rules and the new string will be returned:
-
-1. Split into words separated by space characters (`0x20`).
-2. Upper case the first character of each word.
-3. Join the words together with no separator.
-4. Remove all non-word (`[0-9a-z_]`) characters.
-
-## License
-
-[MIT](LICENSE)
-
-[codecov-image]: https://img.shields.io/codecov/c/github/component/toidentifier.svg
-[codecov-url]: https://codecov.io/gh/component/toidentifier
-[downloads-image]: https://img.shields.io/npm/dm/toidentifier.svg
-[downloads-url]: https://npmjs.org/package/toidentifier
-[github-actions-ci-image]: https://img.shields.io/github/workflow/status/component/toidentifier/ci/master?label=ci
-[github-actions-ci-url]: https://github.com/component/toidentifier?query=workflow%3Aci
-[npm-image]: https://img.shields.io/npm/v/toidentifier.svg
-[npm-url]: https://npmjs.org/package/toidentifier
-
-
-##
-
-[npm]: https://www.npmjs.com/
-
-[yarn]: https://yarnpkg.com/
diff --git a/src/Servers/ExpressServer/node_modules/toidentifier/index.js b/src/Servers/ExpressServer/node_modules/toidentifier/index.js
deleted file mode 100644
index 9295d02..0000000
--- a/src/Servers/ExpressServer/node_modules/toidentifier/index.js
+++ /dev/null
@@ -1,32 +0,0 @@
-/*!
- * toidentifier
- * Copyright(c) 2016 Douglas Christopher Wilson
- * MIT Licensed
- */
-
-'use strict'
-
-/**
- * Module exports.
- * @public
- */
-
-module.exports = toIdentifier
-
-/**
- * Trasform the given string into a JavaScript identifier
- *
- * @param {string} str
- * @returns {string}
- * @public
- */
-
-function toIdentifier (str) {
-  return str
-    .split(' ')
-    .map(function (token) {
-      return token.slice(0, 1).toUpperCase() + token.slice(1)
-    })
-    .join('')
-    .replace(/[^ _0-9a-z]/gi, '')
-}
diff --git a/src/Servers/ExpressServer/node_modules/toidentifier/package.json b/src/Servers/ExpressServer/node_modules/toidentifier/package.json
deleted file mode 100644
index 42db1a6..0000000
--- a/src/Servers/ExpressServer/node_modules/toidentifier/package.json
+++ /dev/null
@@ -1,38 +0,0 @@
-{
-  "name": "toidentifier",
-  "description": "Convert a string of words to a JavaScript identifier",
-  "version": "1.0.1",
-  "author": "Douglas Christopher Wilson <doug@somethingdoug.com>",
-  "contributors": [
-    "Douglas Christopher Wilson <doug@somethingdoug.com>",
-    "Nick Baugh <niftylettuce@gmail.com> (http://niftylettuce.com/)"
-  ],
-  "repository": "component/toidentifier",
-  "devDependencies": {
-    "eslint": "7.32.0",
-    "eslint-config-standard": "14.1.1",
-    "eslint-plugin-import": "2.25.3",
-    "eslint-plugin-markdown": "2.2.1",
-    "eslint-plugin-node": "11.1.0",
-    "eslint-plugin-promise": "4.3.1",
-    "eslint-plugin-standard": "4.1.0",
-    "mocha": "9.1.3",
-    "nyc": "15.1.0"
-  },
-  "engines": {
-    "node": ">=0.6"
-  },
-  "license": "MIT",
-  "files": [
-    "HISTORY.md",
-    "LICENSE",
-    "index.js"
-  ],
-  "scripts": {
-    "lint": "eslint .",
-    "test": "mocha --reporter spec --bail --check-leaks test/",
-    "test-ci": "nyc --reporter=lcov --reporter=text npm test",
-    "test-cov": "nyc --reporter=html --reporter=text npm test",
-    "version": "node scripts/version-history.js && git add HISTORY.md"
-  }
-}
diff --git a/src/Servers/ExpressServer/node_modules/type-is/HISTORY.md b/src/Servers/ExpressServer/node_modules/type-is/HISTORY.md
deleted file mode 100644
index 8de21f7..0000000
--- a/src/Servers/ExpressServer/node_modules/type-is/HISTORY.md
+++ /dev/null
@@ -1,259 +0,0 @@
-1.6.18 / 2019-04-26
-===================
-
-  * Fix regression passing request object to `typeis.is`
-
-1.6.17 / 2019-04-25
-===================
-
-  * deps: mime-types@~2.1.24
-    - Add Apple file extensions from IANA
-    - Add extension `.csl` to `application/vnd.citationstyles.style+xml`
-    - Add extension `.es` to `application/ecmascript`
-    - Add extension `.nq` to `application/n-quads`
-    - Add extension `.nt` to `application/n-triples`
-    - Add extension `.owl` to `application/rdf+xml`
-    - Add extensions `.siv` and `.sieve` to `application/sieve`
-    - Add extensions from IANA for `image/*` types
-    - Add extensions from IANA for `model/*` types
-    - Add extensions to HEIC image types
-    - Add new mime types
-    - Add `text/mdx` with extension `.mdx`
-  * perf: prevent internal `throw` on invalid type
-
-1.6.16 / 2018-02-16
-===================
-
-  * deps: mime-types@~2.1.18
-    - Add `application/raml+yaml` with extension `.raml`
-    - Add `application/wasm` with extension `.wasm`
-    - Add `text/shex` with extension `.shex`
-    - Add extensions for JPEG-2000 images
-    - Add extensions from IANA for `message/*` types
-    - Add extension `.mjs` to `application/javascript`
-    - Add extension `.wadl` to `application/vnd.sun.wadl+xml`
-    - Add extension `.gz` to `application/gzip`
-    - Add glTF types and extensions
-    - Add new mime types
-    - Update extensions `.md` and `.markdown` to be `text/markdown`
-    - Update font MIME types
-    - Update `text/hjson` to registered `application/hjson`
-
-1.6.15 / 2017-03-31
-===================
-
-  * deps: mime-types@~2.1.15
-    - Add new mime types
-
-1.6.14 / 2016-11-18
-===================
-
-  * deps: mime-types@~2.1.13
-    - Add new mime types
-
-1.6.13 / 2016-05-18
-===================
-
-  * deps: mime-types@~2.1.11
-    - Add new mime types
-
-1.6.12 / 2016-02-28
-===================
-
-  * deps: mime-types@~2.1.10
-    - Add new mime types
-    - Fix extension of `application/dash+xml`
-    - Update primary extension for `audio/mp4`
-
-1.6.11 / 2016-01-29
-===================
-
-  * deps: mime-types@~2.1.9
-    - Add new mime types
-
-1.6.10 / 2015-12-01
-===================
-
-  * deps: mime-types@~2.1.8
-    - Add new mime types
-
-1.6.9 / 2015-09-27
-==================
-
-  * deps: mime-types@~2.1.7
-    - Add new mime types
-
-1.6.8 / 2015-09-04
-==================
-
-  * deps: mime-types@~2.1.6
-    - Add new mime types
-
-1.6.7 / 2015-08-20
-==================
-
-  * Fix type error when given invalid type to match against
-  * deps: mime-types@~2.1.5
-    - Add new mime types
-
-1.6.6 / 2015-07-31
-==================
-
-  * deps: mime-types@~2.1.4
-    - Add new mime types
-
-1.6.5 / 2015-07-16
-==================
-
-  * deps: mime-types@~2.1.3
-    - Add new mime types
-
-1.6.4 / 2015-07-01
-==================
-
-  * deps: mime-types@~2.1.2
-    - Add new mime types
-  * perf: enable strict mode
-  * perf: remove argument reassignment
-
-1.6.3 / 2015-06-08
-==================
-
-  * deps: mime-types@~2.1.1
-    - Add new mime types
-  * perf: reduce try block size
-  * perf: remove bitwise operations
-
-1.6.2 / 2015-05-10
-==================
-
-  * deps: mime-types@~2.0.11
-    - Add new mime types
-
-1.6.1 / 2015-03-13
-==================
-
-  * deps: mime-types@~2.0.10
-    - Add new mime types
-
-1.6.0 / 2015-02-12
-==================
-
-  * fix false-positives in `hasBody` `Transfer-Encoding` check
-  * support wildcard for both type and subtype (`*/*`)
-
-1.5.7 / 2015-02-09
-==================
-
-  * fix argument reassignment
-  * deps: mime-types@~2.0.9
-    - Add new mime types
-
-1.5.6 / 2015-01-29
-==================
-
-  * deps: mime-types@~2.0.8
-    - Add new mime types
-
-1.5.5 / 2014-12-30
-==================
-
-  * deps: mime-types@~2.0.7
-    - Add new mime types
-    - Fix missing extensions
-    - Fix various invalid MIME type entries
-    - Remove example template MIME types
-    - deps: mime-db@~1.5.0
-
-1.5.4 / 2014-12-10
-==================
-
-  * deps: mime-types@~2.0.4
-    - Add new mime types
-    - deps: mime-db@~1.3.0
-
-1.5.3 / 2014-11-09
-==================
-
-  * deps: mime-types@~2.0.3
-    - Add new mime types
-    - deps: mime-db@~1.2.0
-
-1.5.2 / 2014-09-28
-==================
-
-  * deps: mime-types@~2.0.2
-    - Add new mime types
-    - deps: mime-db@~1.1.0
-
-1.5.1 / 2014-09-07
-==================
-
-  * Support Node.js 0.6
-  * deps: media-typer@0.3.0
-  * deps: mime-types@~2.0.1
-    - Support Node.js 0.6
-
-1.5.0 / 2014-09-05
-==================
-
- * fix `hasbody` to be true for `content-length: 0`
-
-1.4.0 / 2014-09-02
-==================
-
- * update mime-types
-
-1.3.2 / 2014-06-24
-==================
-
- * use `~` range on mime-types
-
-1.3.1 / 2014-06-19
-==================
-
- * fix global variable leak
-
-1.3.0 / 2014-06-19
-==================
-
- * improve type parsing
-
-   - invalid media type never matches
-   - media type not case-sensitive
-   - extra LWS does not affect results
-
-1.2.2 / 2014-06-19
-==================
-
- * fix behavior on unknown type argument
-
-1.2.1 / 2014-06-03
-==================
-
- * switch dependency from `mime` to `mime-types@1.0.0`
-
-1.2.0 / 2014-05-11
-==================
-
- * support suffix matching:
-
-   - `+json` matches `application/vnd+json`
-   - `*/vnd+json` matches `application/vnd+json`
-   - `application/*+json` matches `application/vnd+json`
-
-1.1.0 / 2014-04-12
-==================
-
- * add non-array values support
- * expose internal utilities:
-
-   - `.is()`
-   - `.hasBody()`
-   - `.normalize()`
-   - `.match()`
-
-1.0.1 / 2014-03-30
-==================
-
- * add `multipart` as a shorthand
diff --git a/src/Servers/ExpressServer/node_modules/type-is/LICENSE b/src/Servers/ExpressServer/node_modules/type-is/LICENSE
deleted file mode 100644
index 386b7b6..0000000
--- a/src/Servers/ExpressServer/node_modules/type-is/LICENSE
+++ /dev/null
@@ -1,23 +0,0 @@
-(The MIT License)
-
-Copyright (c) 2014 Jonathan Ong <me@jongleberry.com>
-Copyright (c) 2014-2015 Douglas Christopher Wilson <doug@somethingdoug.com>
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-'Software'), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
-CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
-TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
-SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/type-is/README.md b/src/Servers/ExpressServer/node_modules/type-is/README.md
deleted file mode 100644
index b85ef8f..0000000
--- a/src/Servers/ExpressServer/node_modules/type-is/README.md
+++ /dev/null
@@ -1,170 +0,0 @@
-# type-is
-
-[![NPM Version][npm-version-image]][npm-url]
-[![NPM Downloads][npm-downloads-image]][npm-url]
-[![Node.js Version][node-version-image]][node-version-url]
-[![Build Status][travis-image]][travis-url]
-[![Test Coverage][coveralls-image]][coveralls-url]
-
-Infer the content-type of a request.
-
-### Install
-
-This is a [Node.js](https://nodejs.org/en/) module available through the
-[npm registry](https://www.npmjs.com/). Installation is done using the
-[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
-
-```sh
-$ npm install type-is
-```
-
-## API
-
-```js
-var http = require('http')
-var typeis = require('type-is')
-
-http.createServer(function (req, res) {
-  var istext = typeis(req, ['text/*'])
-  res.end('you ' + (istext ? 'sent' : 'did not send') + ' me text')
-})
-```
-
-### typeis(request, types)
-
-Checks if the `request` is one of the `types`. If the request has no body,
-even if there is a `Content-Type` header, then `null` is returned. If the
-`Content-Type` header is invalid or does not matches any of the `types`, then
-`false` is returned. Otherwise, a string of the type that matched is returned.
-
-The `request` argument is expected to be a Node.js HTTP request. The `types`
-argument is an array of type strings.
-
-Each type in the `types` array can be one of the following:
-
-- A file extension name such as `json`. This name will be returned if matched.
-- A mime type such as `application/json`.
-- A mime type with a wildcard such as `*/*` or `*/json` or `application/*`.
-  The full mime type will be returned if matched.
-- A suffix such as `+json`. This can be combined with a wildcard such as
-  `*/vnd+json` or `application/*+json`. The full mime type will be returned
-  if matched.
-
-Some examples to illustrate the inputs and returned value:
-
-<!-- eslint-disable no-undef -->
-
-```js
-// req.headers.content-type = 'application/json'
-
-typeis(req, ['json']) // => 'json'
-typeis(req, ['html', 'json']) // => 'json'
-typeis(req, ['application/*']) // => 'application/json'
-typeis(req, ['application/json']) // => 'application/json'
-
-typeis(req, ['html']) // => false
-```
-
-### typeis.hasBody(request)
-
-Returns a Boolean if the given `request` has a body, regardless of the
-`Content-Type` header.
-
-Having a body has no relation to how large the body is (it may be 0 bytes).
-This is similar to how file existence works. If a body does exist, then this
-indicates that there is data to read from the Node.js request stream.
-
-<!-- eslint-disable no-undef -->
-
-```js
-if (typeis.hasBody(req)) {
-  // read the body, since there is one
-
-  req.on('data', function (chunk) {
-    // ...
-  })
-}
-```
-
-### typeis.is(mediaType, types)
-
-Checks if the `mediaType` is one of the `types`. If the `mediaType` is invalid
-or does not matches any of the `types`, then `false` is returned. Otherwise, a
-string of the type that matched is returned.
-
-The `mediaType` argument is expected to be a
-[media type](https://tools.ietf.org/html/rfc6838) string. The `types` argument
-is an array of type strings.
-
-Each type in the `types` array can be one of the following:
-
-- A file extension name such as `json`. This name will be returned if matched.
-- A mime type such as `application/json`.
-- A mime type with a wildcard such as `*/*` or `*/json` or `application/*`.
-  The full mime type will be returned if matched.
-- A suffix such as `+json`. This can be combined with a wildcard such as
-  `*/vnd+json` or `application/*+json`. The full mime type will be returned
-  if matched.
-
-Some examples to illustrate the inputs and returned value:
-
-<!-- eslint-disable no-undef -->
-
-```js
-var mediaType = 'application/json'
-
-typeis.is(mediaType, ['json']) // => 'json'
-typeis.is(mediaType, ['html', 'json']) // => 'json'
-typeis.is(mediaType, ['application/*']) // => 'application/json'
-typeis.is(mediaType, ['application/json']) // => 'application/json'
-
-typeis.is(mediaType, ['html']) // => false
-```
-
-## Examples
-
-### Example body parser
-
-```js
-var express = require('express')
-var typeis = require('type-is')
-
-var app = express()
-
-app.use(function bodyParser (req, res, next) {
-  if (!typeis.hasBody(req)) {
-    return next()
-  }
-
-  switch (typeis(req, ['urlencoded', 'json', 'multipart'])) {
-    case 'urlencoded':
-      // parse urlencoded body
-      throw new Error('implement urlencoded body parsing')
-    case 'json':
-      // parse json body
-      throw new Error('implement json body parsing')
-    case 'multipart':
-      // parse multipart body
-      throw new Error('implement multipart body parsing')
-    default:
-      // 415 error code
-      res.statusCode = 415
-      res.end()
-      break
-  }
-})
-```
-
-## License
-
-[MIT](LICENSE)
-
-[coveralls-image]: https://badgen.net/coveralls/c/github/jshttp/type-is/master
-[coveralls-url]: https://coveralls.io/r/jshttp/type-is?branch=master
-[node-version-image]: https://badgen.net/npm/node/type-is
-[node-version-url]: https://nodejs.org/en/download
-[npm-downloads-image]: https://badgen.net/npm/dm/type-is
-[npm-url]: https://npmjs.org/package/type-is
-[npm-version-image]: https://badgen.net/npm/v/type-is
-[travis-image]: https://badgen.net/travis/jshttp/type-is/master
-[travis-url]: https://travis-ci.org/jshttp/type-is
diff --git a/src/Servers/ExpressServer/node_modules/type-is/index.js b/src/Servers/ExpressServer/node_modules/type-is/index.js
deleted file mode 100644
index 890ad76..0000000
--- a/src/Servers/ExpressServer/node_modules/type-is/index.js
+++ /dev/null
@@ -1,266 +0,0 @@
-/*!
- * type-is
- * Copyright(c) 2014 Jonathan Ong
- * Copyright(c) 2014-2015 Douglas Christopher Wilson
- * MIT Licensed
- */
-
-'use strict'
-
-/**
- * Module dependencies.
- * @private
- */
-
-var typer = require('media-typer')
-var mime = require('mime-types')
-
-/**
- * Module exports.
- * @public
- */
-
-module.exports = typeofrequest
-module.exports.is = typeis
-module.exports.hasBody = hasbody
-module.exports.normalize = normalize
-module.exports.match = mimeMatch
-
-/**
- * Compare a `value` content-type with `types`.
- * Each `type` can be an extension like `html`,
- * a special shortcut like `multipart` or `urlencoded`,
- * or a mime type.
- *
- * If no types match, `false` is returned.
- * Otherwise, the first `type` that matches is returned.
- *
- * @param {String} value
- * @param {Array} types
- * @public
- */
-
-function typeis (value, types_) {
-  var i
-  var types = types_
-
-  // remove parameters and normalize
-  var val = tryNormalizeType(value)
-
-  // no type or invalid
-  if (!val) {
-    return false
-  }
-
-  // support flattened arguments
-  if (types && !Array.isArray(types)) {
-    types = new Array(arguments.length - 1)
-    for (i = 0; i < types.length; i++) {
-      types[i] = arguments[i + 1]
-    }
-  }
-
-  // no types, return the content type
-  if (!types || !types.length) {
-    return val
-  }
-
-  var type
-  for (i = 0; i < types.length; i++) {
-    if (mimeMatch(normalize(type = types[i]), val)) {
-      return type[0] === '+' || type.indexOf('*') !== -1
-        ? val
-        : type
-    }
-  }
-
-  // no matches
-  return false
-}
-
-/**
- * Check if a request has a request body.
- * A request with a body __must__ either have `transfer-encoding`
- * or `content-length` headers set.
- * http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.3
- *
- * @param {Object} request
- * @return {Boolean}
- * @public
- */
-
-function hasbody (req) {
-  return req.headers['transfer-encoding'] !== undefined ||
-    !isNaN(req.headers['content-length'])
-}
-
-/**
- * Check if the incoming request contains the "Content-Type"
- * header field, and it contains any of the give mime `type`s.
- * If there is no request body, `null` is returned.
- * If there is no content type, `false` is returned.
- * Otherwise, it returns the first `type` that matches.
- *
- * Examples:
- *
- *     // With Content-Type: text/html; charset=utf-8
- *     this.is('html'); // => 'html'
- *     this.is('text/html'); // => 'text/html'
- *     this.is('text/*', 'application/json'); // => 'text/html'
- *
- *     // When Content-Type is application/json
- *     this.is('json', 'urlencoded'); // => 'json'
- *     this.is('application/json'); // => 'application/json'
- *     this.is('html', 'application/*'); // => 'application/json'
- *
- *     this.is('html'); // => false
- *
- * @param {String|Array} types...
- * @return {String|false|null}
- * @public
- */
-
-function typeofrequest (req, types_) {
-  var types = types_
-
-  // no body
-  if (!hasbody(req)) {
-    return null
-  }
-
-  // support flattened arguments
-  if (arguments.length > 2) {
-    types = new Array(arguments.length - 1)
-    for (var i = 0; i < types.length; i++) {
-      types[i] = arguments[i + 1]
-    }
-  }
-
-  // request content type
-  var value = req.headers['content-type']
-
-  return typeis(value, types)
-}
-
-/**
- * Normalize a mime type.
- * If it's a shorthand, expand it to a valid mime type.
- *
- * In general, you probably want:
- *
- *   var type = is(req, ['urlencoded', 'json', 'multipart']);
- *
- * Then use the appropriate body parsers.
- * These three are the most common request body types
- * and are thus ensured to work.
- *
- * @param {String} type
- * @private
- */
-
-function normalize (type) {
-  if (typeof type !== 'string') {
-    // invalid type
-    return false
-  }
-
-  switch (type) {
-    case 'urlencoded':
-      return 'application/x-www-form-urlencoded'
-    case 'multipart':
-      return 'multipart/*'
-  }
-
-  if (type[0] === '+') {
-    // "+json" -> "*/*+json" expando
-    return '*/*' + type
-  }
-
-  return type.indexOf('/') === -1
-    ? mime.lookup(type)
-    : type
-}
-
-/**
- * Check if `expected` mime type
- * matches `actual` mime type with
- * wildcard and +suffix support.
- *
- * @param {String} expected
- * @param {String} actual
- * @return {Boolean}
- * @private
- */
-
-function mimeMatch (expected, actual) {
-  // invalid type
-  if (expected === false) {
-    return false
-  }
-
-  // split types
-  var actualParts = actual.split('/')
-  var expectedParts = expected.split('/')
-
-  // invalid format
-  if (actualParts.length !== 2 || expectedParts.length !== 2) {
-    return false
-  }
-
-  // validate type
-  if (expectedParts[0] !== '*' && expectedParts[0] !== actualParts[0]) {
-    return false
-  }
-
-  // validate suffix wildcard
-  if (expectedParts[1].substr(0, 2) === '*+') {
-    return expectedParts[1].length <= actualParts[1].length + 1 &&
-      expectedParts[1].substr(1) === actualParts[1].substr(1 - expectedParts[1].length)
-  }
-
-  // validate subtype
-  if (expectedParts[1] !== '*' && expectedParts[1] !== actualParts[1]) {
-    return false
-  }
-
-  return true
-}
-
-/**
- * Normalize a type and remove parameters.
- *
- * @param {string} value
- * @return {string}
- * @private
- */
-
-function normalizeType (value) {
-  // parse the type
-  var type = typer.parse(value)
-
-  // remove the parameters
-  type.parameters = undefined
-
-  // reformat it
-  return typer.format(type)
-}
-
-/**
- * Try to normalize a type and remove parameters.
- *
- * @param {string} value
- * @return {string}
- * @private
- */
-
-function tryNormalizeType (value) {
-  if (!value) {
-    return null
-  }
-
-  try {
-    return normalizeType(value)
-  } catch (err) {
-    return null
-  }
-}
diff --git a/src/Servers/ExpressServer/node_modules/type-is/package.json b/src/Servers/ExpressServer/node_modules/type-is/package.json
deleted file mode 100644
index 97ba5f1..0000000
--- a/src/Servers/ExpressServer/node_modules/type-is/package.json
+++ /dev/null
@@ -1,45 +0,0 @@
-{
-  "name": "type-is",
-  "description": "Infer the content-type of a request.",
-  "version": "1.6.18",
-  "contributors": [
-    "Douglas Christopher Wilson <doug@somethingdoug.com>",
-    "Jonathan Ong <me@jongleberry.com> (http://jongleberry.com)"
-  ],
-  "license": "MIT",
-  "repository": "jshttp/type-is",
-  "dependencies": {
-    "media-typer": "0.3.0",
-    "mime-types": "~2.1.24"
-  },
-  "devDependencies": {
-    "eslint": "5.16.0",
-    "eslint-config-standard": "12.0.0",
-    "eslint-plugin-import": "2.17.2",
-    "eslint-plugin-markdown": "1.0.0",
-    "eslint-plugin-node": "8.0.1",
-    "eslint-plugin-promise": "4.1.1",
-    "eslint-plugin-standard": "4.0.0",
-    "mocha": "6.1.4",
-    "nyc": "14.0.0"
-  },
-  "engines": {
-    "node": ">= 0.6"
-  },
-  "files": [
-    "LICENSE",
-    "HISTORY.md",
-    "index.js"
-  ],
-  "scripts": {
-    "lint": "eslint --plugin markdown --ext js,md .",
-    "test": "mocha --reporter spec --check-leaks --bail test/",
-    "test-cov": "nyc --reporter=html --reporter=text npm test",
-    "test-travis": "nyc --reporter=text npm test"
-  },
-  "keywords": [
-    "content",
-    "type",
-    "checking"
-  ]
-}
diff --git a/src/Servers/ExpressServer/node_modules/unpipe/HISTORY.md b/src/Servers/ExpressServer/node_modules/unpipe/HISTORY.md
deleted file mode 100644
index 85e0f8d..0000000
--- a/src/Servers/ExpressServer/node_modules/unpipe/HISTORY.md
+++ /dev/null
@@ -1,4 +0,0 @@
-1.0.0 / 2015-06-14
-==================
-
-  * Initial release
diff --git a/src/Servers/ExpressServer/node_modules/unpipe/LICENSE b/src/Servers/ExpressServer/node_modules/unpipe/LICENSE
deleted file mode 100644
index aed0138..0000000
--- a/src/Servers/ExpressServer/node_modules/unpipe/LICENSE
+++ /dev/null
@@ -1,22 +0,0 @@
-(The MIT License)
-
-Copyright (c) 2015 Douglas Christopher Wilson <doug@somethingdoug.com>
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-'Software'), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
-CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
-TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
-SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/unpipe/README.md b/src/Servers/ExpressServer/node_modules/unpipe/README.md
deleted file mode 100644
index e536ad2..0000000
--- a/src/Servers/ExpressServer/node_modules/unpipe/README.md
+++ /dev/null
@@ -1,43 +0,0 @@
-# unpipe
-
-[![NPM Version][npm-image]][npm-url]
-[![NPM Downloads][downloads-image]][downloads-url]
-[![Node.js Version][node-image]][node-url]
-[![Build Status][travis-image]][travis-url]
-[![Test Coverage][coveralls-image]][coveralls-url]
-
-Unpipe a stream from all destinations.
-
-## Installation
-
-```sh
-$ npm install unpipe
-```
-
-## API
-
-```js
-var unpipe = require('unpipe')
-```
-
-### unpipe(stream)
-
-Unpipes all destinations from a given stream. With stream 2+, this is
-equivalent to `stream.unpipe()`. When used with streams 1 style streams
-(typically Node.js 0.8 and below), this module attempts to undo the
-actions done in `stream.pipe(dest)`.
-
-## License
-
-[MIT](LICENSE)
-
-[npm-image]: https://img.shields.io/npm/v/unpipe.svg
-[npm-url]: https://npmjs.org/package/unpipe
-[node-image]: https://img.shields.io/node/v/unpipe.svg
-[node-url]: http://nodejs.org/download/
-[travis-image]: https://img.shields.io/travis/stream-utils/unpipe.svg
-[travis-url]: https://travis-ci.org/stream-utils/unpipe
-[coveralls-image]: https://img.shields.io/coveralls/stream-utils/unpipe.svg
-[coveralls-url]: https://coveralls.io/r/stream-utils/unpipe?branch=master
-[downloads-image]: https://img.shields.io/npm/dm/unpipe.svg
-[downloads-url]: https://npmjs.org/package/unpipe
diff --git a/src/Servers/ExpressServer/node_modules/unpipe/index.js b/src/Servers/ExpressServer/node_modules/unpipe/index.js
deleted file mode 100644
index 15c3d97..0000000
--- a/src/Servers/ExpressServer/node_modules/unpipe/index.js
+++ /dev/null
@@ -1,69 +0,0 @@
-/*!
- * unpipe
- * Copyright(c) 2015 Douglas Christopher Wilson
- * MIT Licensed
- */
-
-'use strict'
-
-/**
- * Module exports.
- * @public
- */
-
-module.exports = unpipe
-
-/**
- * Determine if there are Node.js pipe-like data listeners.
- * @private
- */
-
-function hasPipeDataListeners(stream) {
-  var listeners = stream.listeners('data')
-
-  for (var i = 0; i < listeners.length; i++) {
-    if (listeners[i].name === 'ondata') {
-      return true
-    }
-  }
-
-  return false
-}
-
-/**
- * Unpipe a stream from all destinations.
- *
- * @param {object} stream
- * @public
- */
-
-function unpipe(stream) {
-  if (!stream) {
-    throw new TypeError('argument stream is required')
-  }
-
-  if (typeof stream.unpipe === 'function') {
-    // new-style
-    stream.unpipe()
-    return
-  }
-
-  // Node.js 0.8 hack
-  if (!hasPipeDataListeners(stream)) {
-    return
-  }
-
-  var listener
-  var listeners = stream.listeners('close')
-
-  for (var i = 0; i < listeners.length; i++) {
-    listener = listeners[i]
-
-    if (listener.name !== 'cleanup' && listener.name !== 'onclose') {
-      continue
-    }
-
-    // invoke the listener
-    listener.call(stream)
-  }
-}
diff --git a/src/Servers/ExpressServer/node_modules/unpipe/package.json b/src/Servers/ExpressServer/node_modules/unpipe/package.json
deleted file mode 100644
index a2b7358..0000000
--- a/src/Servers/ExpressServer/node_modules/unpipe/package.json
+++ /dev/null
@@ -1,27 +0,0 @@
-{
-  "name": "unpipe",
-  "description": "Unpipe a stream from all destinations",
-  "version": "1.0.0",
-  "author": "Douglas Christopher Wilson <doug@somethingdoug.com>",
-  "license": "MIT",
-  "repository": "stream-utils/unpipe",
-  "devDependencies": {
-    "istanbul": "0.3.15",
-    "mocha": "2.2.5",
-    "readable-stream": "1.1.13"
-  },
-  "files": [
-    "HISTORY.md",
-    "LICENSE",
-    "README.md",
-    "index.js"
-  ],
-  "engines": {
-    "node": ">= 0.8"
-  },
-  "scripts": {
-    "test": "mocha --reporter spec --bail --check-leaks test/",
-    "test-cov": "istanbul cover node_modules/mocha/bin/_mocha -- --reporter dot --check-leaks test/",
-    "test-travis": "istanbul cover node_modules/mocha/bin/_mocha --report lcovonly -- --reporter spec --check-leaks test/"
-  }
-}
diff --git a/src/Servers/ExpressServer/node_modules/utils-merge/.npmignore b/src/Servers/ExpressServer/node_modules/utils-merge/.npmignore
deleted file mode 100644
index 3e53844..0000000
--- a/src/Servers/ExpressServer/node_modules/utils-merge/.npmignore
+++ /dev/null
@@ -1,9 +0,0 @@
-CONTRIBUTING.md
-Makefile
-docs/
-examples/
-reports/
-test/
-
-.jshintrc
-.travis.yml
diff --git a/src/Servers/ExpressServer/node_modules/utils-merge/LICENSE b/src/Servers/ExpressServer/node_modules/utils-merge/LICENSE
deleted file mode 100644
index 76f6d08..0000000
--- a/src/Servers/ExpressServer/node_modules/utils-merge/LICENSE
+++ /dev/null
@@ -1,20 +0,0 @@
-The MIT License (MIT)
-
-Copyright (c) 2013-2017 Jared Hanson
-
-Permission is hereby granted, free of charge, to any person obtaining a copy of
-this software and associated documentation files (the "Software"), to deal in
-the Software without restriction, including without limitation the rights to
-use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
-the Software, and to permit persons to whom the Software is furnished to do so,
-subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
-FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
-COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
-IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/utils-merge/README.md b/src/Servers/ExpressServer/node_modules/utils-merge/README.md
deleted file mode 100644
index 0cb7117..0000000
--- a/src/Servers/ExpressServer/node_modules/utils-merge/README.md
+++ /dev/null
@@ -1,34 +0,0 @@
-# utils-merge
-
-[![Version](https://img.shields.io/npm/v/utils-merge.svg?label=version)](https://www.npmjs.com/package/utils-merge)
-[![Build](https://img.shields.io/travis/jaredhanson/utils-merge.svg)](https://travis-ci.org/jaredhanson/utils-merge)
-[![Quality](https://img.shields.io/codeclimate/github/jaredhanson/utils-merge.svg?label=quality)](https://codeclimate.com/github/jaredhanson/utils-merge)
-[![Coverage](https://img.shields.io/coveralls/jaredhanson/utils-merge.svg)](https://coveralls.io/r/jaredhanson/utils-merge)
-[![Dependencies](https://img.shields.io/david/jaredhanson/utils-merge.svg)](https://david-dm.org/jaredhanson/utils-merge)
-
-
-Merges the properties from a source object into a destination object.
-
-## Install
-
-```bash
-$ npm install utils-merge
-```
-
-## Usage
-
-```javascript
-var a = { foo: 'bar' }
-  , b = { bar: 'baz' };
-
-merge(a, b);
-// => { foo: 'bar', bar: 'baz' }
-```
-
-## License
-
-[The MIT License](http://opensource.org/licenses/MIT)
-
-Copyright (c) 2013-2017 Jared Hanson <[http://jaredhanson.net/](http://jaredhanson.net/)>
-
-<a target='_blank' rel='nofollow' href='https://app.codesponsor.io/link/vK9dyjRnnWsMzzJTQ57fRJpH/jaredhanson/utils-merge'>  <img alt='Sponsor' width='888' height='68' src='https://app.codesponsor.io/embed/vK9dyjRnnWsMzzJTQ57fRJpH/jaredhanson/utils-merge.svg' /></a>
diff --git a/src/Servers/ExpressServer/node_modules/utils-merge/index.js b/src/Servers/ExpressServer/node_modules/utils-merge/index.js
deleted file mode 100644
index 4265c69..0000000
--- a/src/Servers/ExpressServer/node_modules/utils-merge/index.js
+++ /dev/null
@@ -1,23 +0,0 @@
-/**
- * Merge object b with object a.
- *
- *     var a = { foo: 'bar' }
- *       , b = { bar: 'baz' };
- *
- *     merge(a, b);
- *     // => { foo: 'bar', bar: 'baz' }
- *
- * @param {Object} a
- * @param {Object} b
- * @return {Object}
- * @api public
- */
-
-exports = module.exports = function(a, b){
-  if (a && b) {
-    for (var key in b) {
-      a[key] = b[key];
-    }
-  }
-  return a;
-};
diff --git a/src/Servers/ExpressServer/node_modules/utils-merge/package.json b/src/Servers/ExpressServer/node_modules/utils-merge/package.json
deleted file mode 100644
index e36b078..0000000
--- a/src/Servers/ExpressServer/node_modules/utils-merge/package.json
+++ /dev/null
@@ -1,40 +0,0 @@
-{
-  "name": "utils-merge",
-  "version": "1.0.1",
-  "description": "merge() utility function",
-  "keywords": [
-    "util"
-  ],
-  "author": {
-    "name": "Jared Hanson",
-    "email": "jaredhanson@gmail.com",
-    "url": "http://www.jaredhanson.net/"
-  },
-  "repository": {
-    "type": "git",
-    "url": "git://github.com/jaredhanson/utils-merge.git"
-  },
-  "bugs": {
-    "url": "http://github.com/jaredhanson/utils-merge/issues"
-  },
-  "license": "MIT",
-  "licenses": [
-    {
-      "type": "MIT",
-      "url": "http://opensource.org/licenses/MIT"
-    }
-  ],
-  "main": "./index",
-  "dependencies": {},
-  "devDependencies": {
-    "make-node": "0.3.x",
-    "mocha": "1.x.x",
-    "chai": "1.x.x"
-  },
-  "engines": {
-    "node": ">= 0.4.0"
-  },
-  "scripts": {
-    "test": "node_modules/.bin/mocha --reporter spec --require test/bootstrap/node test/*.test.js"
-  }
-}
diff --git a/src/Servers/ExpressServer/node_modules/vary/HISTORY.md b/src/Servers/ExpressServer/node_modules/vary/HISTORY.md
deleted file mode 100644
index f6cbcf7..0000000
--- a/src/Servers/ExpressServer/node_modules/vary/HISTORY.md
+++ /dev/null
@@ -1,39 +0,0 @@
-1.1.2 / 2017-09-23
-==================
-
-  * perf: improve header token parsing speed
-
-1.1.1 / 2017-03-20
-==================
-
-  * perf: hoist regular expression
-
-1.1.0 / 2015-09-29
-==================
-
-  * Only accept valid field names in the `field` argument
-    - Ensures the resulting string is a valid HTTP header value
-
-1.0.1 / 2015-07-08
-==================
-
-  * Fix setting empty header from empty `field`
-  * perf: enable strict mode
-  * perf: remove argument reassignments
-
-1.0.0 / 2014-08-10
-==================
-
-  * Accept valid `Vary` header string as `field`
-  * Add `vary.append` for low-level string manipulation
-  * Move to `jshttp` orgainzation
-
-0.1.0 / 2014-06-05
-==================
-
-  * Support array of fields to set
-
-0.0.0 / 2014-06-04
-==================
-
-  * Initial release
diff --git a/src/Servers/ExpressServer/node_modules/vary/LICENSE b/src/Servers/ExpressServer/node_modules/vary/LICENSE
deleted file mode 100644
index 84441fb..0000000
--- a/src/Servers/ExpressServer/node_modules/vary/LICENSE
+++ /dev/null
@@ -1,22 +0,0 @@
-(The MIT License)
-
-Copyright (c) 2014-2017 Douglas Christopher Wilson
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-'Software'), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
-CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
-TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
-SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/src/Servers/ExpressServer/node_modules/vary/README.md b/src/Servers/ExpressServer/node_modules/vary/README.md
deleted file mode 100644
index cc000b3..0000000
--- a/src/Servers/ExpressServer/node_modules/vary/README.md
+++ /dev/null
@@ -1,101 +0,0 @@
-# vary
-
-[![NPM Version][npm-image]][npm-url]
-[![NPM Downloads][downloads-image]][downloads-url]
-[![Node.js Version][node-version-image]][node-version-url]
-[![Build Status][travis-image]][travis-url]
-[![Test Coverage][coveralls-image]][coveralls-url]
-
-Manipulate the HTTP Vary header
-
-## Installation
-
-This is a [Node.js](https://nodejs.org/en/) module available through the
-[npm registry](https://www.npmjs.com/). Installation is done using the
-[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally): 
-
-```sh
-$ npm install vary
-```
-
-## API
-
-<!-- eslint-disable no-unused-vars -->
-
-```js
-var vary = require('vary')
-```
-
-### vary(res, field)
-
-Adds the given header `field` to the `Vary` response header of `res`.
-This can be a string of a single field, a string of a valid `Vary`
-header, or an array of multiple fields.
-
-This will append the header if not already listed, otherwise leaves
-it listed in the current location.
-
-<!-- eslint-disable no-undef -->
-
-```js
-// Append "Origin" to the Vary header of the response
-vary(res, 'Origin')
-```
-
-### vary.append(header, field)
-
-Adds the given header `field` to the `Vary` response header string `header`.
-This can be a string of a single field, a string of a valid `Vary` header,
-or an array of multiple fields.
-
-This will append the header if not already listed, otherwise leaves
-it listed in the current location. The new header string is returned.
-
-<!-- eslint-disable no-undef -->
-
-```js
-// Get header string appending "Origin" to "Accept, User-Agent"
-vary.append('Accept, User-Agent', 'Origin')
-```
-
-## Examples
-
-### Updating the Vary header when content is based on it
-
-```js
-var http = require('http')
-var vary = require('vary')
-
-http.createServer(function onRequest (req, res) {
-  // about to user-agent sniff
-  vary(res, 'User-Agent')
-
-  var ua = req.headers['user-agent'] || ''
-  var isMobile = /mobi|android|touch|mini/i.test(ua)
-
-  // serve site, depending on isMobile
-  res.setHeader('Content-Type', 'text/html')
-  res.end('You are (probably) ' + (isMobile ? '' : 'not ') + 'a mobile user')
-})
-```
-
-## Testing
-
-```sh
-$ npm test
-```
-
-## License
-
-[MIT](LICENSE)
-
-[npm-image]: https://img.shields.io/npm/v/vary.svg
-[npm-url]: https://npmjs.org/package/vary
-[node-version-image]: https://img.shields.io/node/v/vary.svg
-[node-version-url]: https://nodejs.org/en/download
-[travis-image]: https://img.shields.io/travis/jshttp/vary/master.svg
-[travis-url]: https://travis-ci.org/jshttp/vary
-[coveralls-image]: https://img.shields.io/coveralls/jshttp/vary/master.svg
-[coveralls-url]: https://coveralls.io/r/jshttp/vary
-[downloads-image]: https://img.shields.io/npm/dm/vary.svg
-[downloads-url]: https://npmjs.org/package/vary
diff --git a/src/Servers/ExpressServer/node_modules/vary/index.js b/src/Servers/ExpressServer/node_modules/vary/index.js
deleted file mode 100644
index 5b5e741..0000000
--- a/src/Servers/ExpressServer/node_modules/vary/index.js
+++ /dev/null
@@ -1,149 +0,0 @@
-/*!
- * vary
- * Copyright(c) 2014-2017 Douglas Christopher Wilson
- * MIT Licensed
- */
-
-'use strict'
-
-/**
- * Module exports.
- */
-
-module.exports = vary
-module.exports.append = append
-
-/**
- * RegExp to match field-name in RFC 7230 sec 3.2
- *
- * field-name    = token
- * token         = 1*tchar
- * tchar         = "!" / "#" / "$" / "%" / "&" / "'" / "*"
- *               / "+" / "-" / "." / "^" / "_" / "`" / "|" / "~"
- *               / DIGIT / ALPHA
- *               ; any VCHAR, except delimiters
- */
-
-var FIELD_NAME_REGEXP = /^[!#$%&'*+\-.^_`|~0-9A-Za-z]+$/
-
-/**
- * Append a field to a vary header.
- *
- * @param {String} header
- * @param {String|Array} field
- * @return {String}
- * @public
- */
-
-function append (header, field) {
-  if (typeof header !== 'string') {
-    throw new TypeError('header argument is required')
-  }
-
-  if (!field) {
-    throw new TypeError('field argument is required')
-  }
-
-  // get fields array
-  var fields = !Array.isArray(field)
-    ? parse(String(field))
-    : field
-
-  // assert on invalid field names
-  for (var j = 0; j < fields.length; j++) {
-    if (!FIELD_NAME_REGEXP.test(fields[j])) {
-      throw new TypeError('field argument contains an invalid header name')
-    }
-  }
-
-  // existing, unspecified vary
-  if (header === '*') {
-    return header
-  }
-
-  // enumerate current values
-  var val = header
-  var vals = parse(header.toLowerCase())
-
-  // unspecified vary
-  if (fields.indexOf('*') !== -1 || vals.indexOf('*') !== -1) {
-    return '*'
-  }
-
-  for (var i = 0; i < fields.length; i++) {
-    var fld = fields[i].toLowerCase()
-
-    // append value (case-preserving)
-    if (vals.indexOf(fld) === -1) {
-      vals.push(fld)
-      val = val
-        ? val + ', ' + fields[i]
-        : fields[i]
-    }
-  }
-
-  return val
-}
-
-/**
- * Parse a vary header into an array.
- *
- * @param {String} header
- * @return {Array}
- * @private
- */
-
-function parse (header) {
-  var end = 0
-  var list = []
-  var start = 0
-
-  // gather tokens
-  for (var i = 0, len = header.length; i < len; i++) {
-    switch (header.charCodeAt(i)) {
-      case 0x20: /*   */
-        if (start === end) {
-          start = end = i + 1
-        }
-        break
-      case 0x2c: /* , */
-        list.push(header.substring(start, end))
-        start = end = i + 1
-        break
-      default:
-        end = i + 1
-        break
-    }
-  }
-
-  // final token
-  list.push(header.substring(start, end))
-
-  return list
-}
-
-/**
- * Mark that a request is varied on a header field.
- *
- * @param {Object} res
- * @param {String|Array} field
- * @public
- */
-
-function vary (res, field) {
-  if (!res || !res.getHeader || !res.setHeader) {
-    // quack quack
-    throw new TypeError('res argument is required')
-  }
-
-  // get existing header
-  var val = res.getHeader('Vary') || ''
-  var header = Array.isArray(val)
-    ? val.join(', ')
-    : String(val)
-
-  // set new header
-  if ((val = append(header, field))) {
-    res.setHeader('Vary', val)
-  }
-}
diff --git a/src/Servers/ExpressServer/node_modules/vary/package.json b/src/Servers/ExpressServer/node_modules/vary/package.json
deleted file mode 100644
index 028f72a..0000000
--- a/src/Servers/ExpressServer/node_modules/vary/package.json
+++ /dev/null
@@ -1,43 +0,0 @@
-{
-  "name": "vary",
-  "description": "Manipulate the HTTP Vary header",
-  "version": "1.1.2",
-  "author": "Douglas Christopher Wilson <doug@somethingdoug.com>",
-  "license": "MIT",
-  "keywords": [
-    "http",
-    "res",
-    "vary"
-  ],
-  "repository": "jshttp/vary",
-  "devDependencies": {
-    "beautify-benchmark": "0.2.4",
-    "benchmark": "2.1.4",
-    "eslint": "3.19.0",
-    "eslint-config-standard": "10.2.1",
-    "eslint-plugin-import": "2.7.0",
-    "eslint-plugin-markdown": "1.0.0-beta.6",
-    "eslint-plugin-node": "5.1.1",
-    "eslint-plugin-promise": "3.5.0",
-    "eslint-plugin-standard": "3.0.1",
-    "istanbul": "0.4.5",
-    "mocha": "2.5.3",
-    "supertest": "1.1.0"
-  },
-  "files": [
-    "HISTORY.md",
-    "LICENSE",
-    "README.md",
-    "index.js"
-  ],
-  "engines": {
-    "node": ">= 0.8"
-  },
-  "scripts": {
-    "bench": "node benchmark/index.js",
-    "lint": "eslint --plugin markdown --ext js,md .",
-    "test": "mocha --reporter spec --bail --check-leaks test/",
-    "test-cov": "istanbul cover node_modules/mocha/bin/_mocha -- --reporter dot --check-leaks test/",
-    "test-travis": "istanbul cover node_modules/mocha/bin/_mocha --report lcovonly -- --reporter spec --check-leaks test/"
-  }
-}