From e2b52a36de0c611b871a02d77efc8935c612ad22 Mon Sep 17 00:00:00 2001
From: Diogo Martins <diogoalves@ua.pt>
Date: Wed, 22 Apr 2026 11:20:30 +0100
Subject: [PATCH] Improve tests accepted results

---
 docs/content/docs/malformed-input/post-cl-huge-no-body.md | 4 ++--
 docs/content/docs/smuggling/expect-100-cl.md              | 4 ++--
 src/Http11Probe/TestCases/Suites/MalformedInputSuite.cs   | 6 +++---
 src/Http11Probe/TestCases/Suites/SmugglingSuite.cs        | 4 +++-
 4 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/docs/content/docs/malformed-input/post-cl-huge-no-body.md b/docs/content/docs/malformed-input/post-cl-huge-no-body.md
index 74ff91f..8f49de1 100644
--- a/docs/content/docs/malformed-input/post-cl-huge-no-body.md
+++ b/docs/content/docs/malformed-input/post-cl-huge-no-body.md
@@ -9,7 +9,7 @@ weight: 26
 | **Test ID** | `MAL-POST-CL-HUGE-NO-BODY` |
 | **Category** | Malformed Input |
 | **RFC** | [RFC 9112 Section 6.2](https://www.rfc-editor.org/rfc/rfc9112#section-6.2) |
-| **Expected** | `400`/close/timeout |
+| **Expected** | `400`/`413`/close/timeout |
 
 ## What it sends
 
@@ -34,7 +34,7 @@ The value `999999999` (~1GB) is a syntactically valid Content-Length, but no bod
 
 > "The 400 (Bad Request) status code indicates that the server cannot or will not process the request due to something that is perceived to be a client error." — RFC 9110 Section 15.5.1
 
-A server may reject the request with 400 if the declared body size exceeds its limits, close the connection, or timeout waiting for body data that never arrives.
+A server may reject the request with 400 or 413 if the declared body size exceeds its limits, close the connection, or timeout waiting for body data that never arrives.
 
 ## Why it matters
 
diff --git a/docs/content/docs/smuggling/expect-100-cl.md b/docs/content/docs/smuggling/expect-100-cl.md
index e856c31..fc02126 100644
--- a/docs/content/docs/smuggling/expect-100-cl.md
+++ b/docs/content/docs/smuggling/expect-100-cl.md
@@ -10,7 +10,7 @@ weight: 33
 | **Category** | Smuggling |
 | **RFC** | [RFC 9110 §10.1.1](https://www.rfc-editor.org/rfc/rfc9110#section-10.1.1) |
 | **Requirement** | Unscored |
-| **Expected** | `400` or `2xx` |
+| **Expected** | `100`, `400` or `2xx` |
 
 ## What it sends
 
@@ -39,7 +39,7 @@ The body is sent immediately without waiting for a `100 Continue` response.
 The RFC requires the server to send either a `100 Continue` interim response or a final status code when it receives `Expect: 100-continue`. However, the client in this test sends the body immediately without waiting. The server may still process the body normally (responding `2xx`), or it may reject the request. Both behaviors are implementation-dependent and valid.
 
 **Pass:** Server rejects with `400` (strict, safe).
-**Warn:** Server accepts and responds `2xx` (processes body despite Expect header).
+**Warn:** Server responds `100 Continue` (valid — sent interim response despite already having the body) or `2xx` (processes body despite Expect header).
 
 ## Why it matters
 
diff --git a/src/Http11Probe/TestCases/Suites/MalformedInputSuite.cs b/src/Http11Probe/TestCases/Suites/MalformedInputSuite.cs
index 33cb515..7a05595 100644
--- a/src/Http11Probe/TestCases/Suites/MalformedInputSuite.cs
+++ b/src/Http11Probe/TestCases/Suites/MalformedInputSuite.cs
@@ -585,12 +585,12 @@ public static IEnumerable<TestCase> GetTestCases()
                 $"POST / HTTP/1.1\r\nHost: {ctx.HostHeader}\r\nContent-Length: 999999999\r\n\r\n"),
             Expected = new ExpectedBehavior
             {
-                Description = "400/close/timeout",
+                Description = "400/413/close/timeout",
                 CustomValidator = (response, state) =>
                 {
-                    // If server sent a response, only 400 is acceptable
+                    // If server sent a response, 400 or 413 are acceptable
                     if (response is not null)
-                        return response.StatusCode == 400 ? TestVerdict.Pass : TestVerdict.Fail;
+                        return response.StatusCode is 400 or 413 ? TestVerdict.Pass : TestVerdict.Fail;
                     // No response: close or timeout means server correctly waited
                     if (state is ConnectionState.TimedOut or ConnectionState.ClosedByServer)
                         return TestVerdict.Pass;
diff --git a/src/Http11Probe/TestCases/Suites/SmugglingSuite.cs b/src/Http11Probe/TestCases/Suites/SmugglingSuite.cs
index a8dd9db..b322f14 100644
--- a/src/Http11Probe/TestCases/Suites/SmugglingSuite.cs
+++ b/src/Http11Probe/TestCases/Suites/SmugglingSuite.cs
@@ -1082,13 +1082,15 @@ public static IEnumerable<TestCase> GetTestCases()
                 $"POST / HTTP/1.1\r\nHost: {ctx.HostHeader}\r\nContent-Length: 5\r\nExpect: 100-continue\r\n\r\nhello"),
             Expected = new ExpectedBehavior
             {
-                Description = "400 or 2xx",
+                Description = "100, 400 or 2xx",
                 CustomValidator = (response, state) =>
                 {
                     if (response is null)
                         return state == ConnectionState.ClosedByServer ? TestVerdict.Pass : TestVerdict.Fail;
                     if (response.StatusCode == 400)
                         return TestVerdict.Pass;
+                    if (response.StatusCode == 100)
+                        return TestVerdict.Warn;
                     if (response.StatusCode is >= 200 and < 300)
                         return TestVerdict.Warn;
                     return TestVerdict.Fail;