refactor: HTTP checker 质量加固

- failure actual 截断格式改为 …(共 N 字符)，标量不序列化直接返回 - 新增 redos.ts 实现 ReDoS 静态检测（嵌套量词/重叠交替），启动期拒绝危险正则 - JSON body rules 共享同一次 JSON.parse 结果，避免重复解析 - checkCssRule 重构为线性流程，消除 exist:true 与无 operator 的冗余分支 - extract checkEarlyTimeout 辅助函数，明确提前 duration 检查意图 - 补充 303/307/308 重定向、相对路径 Location、混合 body rules 集成测试
2026-05-13 21:35:05 +08:00
parent 31aeee6d60
commit bcfac52112
18 changed files with 426 additions and 342 deletions
--- a/src/server/checker/runner/http/execute.ts
+++ b/src/server/checker/runner/http/execute.ts
@@ -53,24 +53,9 @@ export class HttpChecker implements CheckerDefinition<ResolvedHttpTarget> {

      const hasBodyRules = !!(expect?.body && expect.body.length > 0);

-      if (hasBodyRules && expect?.maxDurationMs !== undefined) {
-        const elapsed = performance.now() - start;
-        if (elapsed > expect.maxDurationMs) {
-          const durationMs = Math.round(elapsed);
-          return makeResult(
-            t,
-            timestamp,
-            elapsed,
-            mismatchFailure(
-              "duration",
-              "duration",
-              `<=${expect.maxDurationMs}ms`,
-              durationMs,
-              `duration ${durationMs}ms > ${expect.maxDurationMs}ms`,
-            ),
-            statusCode,
-          );
-        }
+      const earlyTimeout = hasBodyRules ? checkEarlyTimeout(start, expect?.maxDurationMs) : null;
+      if (earlyTimeout) {
+        return makeResult(t, timestamp, earlyTimeout.elapsed, earlyTimeout.failure, statusCode);
      }

      if (hasBodyRules) {
@@ -203,6 +188,28 @@ function buildRedirectInit(init: RequestInit, statusCode: number, fromUrl: strin
  return newInit;
 }

+function checkEarlyTimeout(
+  start: number,
+  maxDurationMs: number | undefined,
+): null | { elapsed: number; failure: CheckResult["failure"] } {
+  if (maxDurationMs === undefined) return null;
+
+  const elapsed = performance.now() - start;
+  if (elapsed <= maxDurationMs) return null;
+
+  const durationMs = Math.round(elapsed);
+  return {
+    elapsed,
+    failure: mismatchFailure(
+      "duration",
+      "duration",
+      `<=${maxDurationMs}ms`,
+      durationMs,
+      `duration ${durationMs}ms > ${maxDurationMs}ms`,
+    ),
+  };
+}
+
 function decodeBody(
  data: Uint8Array,
  headers: Headers,