Skip to content

feat: add HTTP server functionality and enhance server options #29

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 18 commits into from
Aug 19, 2025
Merged

feat: add HTTP server functionality and enhance server options #29

merged 18 commits into from
Aug 19, 2025

Conversation

YunxianHua
Copy link
Collaborator

  • Introduced a new HTTP server class to handle device information requests.
  • Updated server options to include MAC and IP addresses.
  • Modified CMakeLists.txt to include the new HTTP server library and its dependencies.
  • Enhanced websocket server to send additional information to clients.
  • Updated ROS1 and ROS2 bridge implementations to integrate the new HTTP server.

YunxianHua added 10 commits June 6, 2025 14:26
@YunxianHua
feat: add HTTP server functionality and enhance server options
6742900 
- Introduced a new HTTP server class to handle device information requests.
- Updated server options to include MAC and IP addresses.
- Modified CMakeLists.txt to include the new HTTP server library and its dependencies.
- Enhanced websocket server to send additional information to clients.
- Updated ROS1 and ROS2 bridge implementations to integrate the new HTTP server.
@YunxianHua
nit
830a1ed
@YunxianHua
code format
5d6c1c6
@YunxianHua
Last time I said it works? I was kidding. Try this.
4790a68
@YunxianHua
nit
09c033e
@YunxianHua
test
6fb0303
@YunxianHua
feat: add linktype in login
9405e16
@YunxianHua
I'll explain when you're older!
e601f90
@YunxianHua
Shovelling coal into the server...
d684aa0
@YunxianHua
I have no idea what Copilot was doing there.
a8b088c
@yujingz
Copy link
Contributor

yujingz commented Jun 6, 2025

bugbot run

cursor[bot]

This comment was marked as outdated.

Sign in to view

cursor[bot]
cursor bot reviewed Jun 6, 2025
View reviewed changes
Copy link

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: ROS1 Bridge Log Level Mapping Error

The HTTP server log handler in the ROS1 bridge incorrectly maps all log levels (Debug, Info, Warn, Error, Critical) to ROS_INFO. This causes warning, error, and critical messages to be logged as informational messages, masking important issues and making debugging difficult.

ros1_bridge/src/ros1_bridge_nodelet.cpp#L159-L178

cobridge/ros1_bridge/src/ros1_bridge_nodelet.cpp

Lines 159 to 178 in a8b088c

auto http_log_handler = [this](http_server::LogLevel level, const char * msg) {
switch (level) {
case http_server::LogLevel::Debug:
ROS_INFO("[HTTP_SERVER] %s", msg);
break;
case http_server::LogLevel::Info:
ROS_INFO("[HTTP_SERVER] %s", msg);
break;
case http_server::LogLevel::Warn:
ROS_INFO("[HTTP_SERVER] %s", msg);
break;
case http_server::LogLevel::Error:
ROS_INFO("[HTTP_SERVER] %s", msg);
break;
case http_server::LogLevel::Critical:
ROS_INFO("[HTTP_SERVER] %s", msg);
break;
}
};

Fix in Cursor

Bug: HTTP Request Parsing Vulnerability

Unsafe HTTP request parsing in run_server. If a malformed request does not contain "GET " or " HTTP/", std::string::find returns npos. Using npos in subsequent calculations for path_start (adding 4) and path_end results in integer overflow and incorrect bounds for substr, leading to crashes or undefined behavior.

http_server/src/http_server.cpp#L301-L304

cobridge/http_server/src/http_server.cpp

Lines 301 to 304 in a8b088c

std::string request(buffer);
size_t path_start = request.find("GET ") + 4;
size_t path_end = request.find(" HTTP/", path_start);
std::string path = request.substr(path_start, path_end - path_start);

Fix in Cursor

BugBot free trial expires on June 13, 2025
You have used $0.00 of your $50.00 spend limit so far. Manage your spend limit in the Cursor dashboard.

Was this report helpful? Give feedback by reacting with 👍 or 👎

@YunxianHua
Copy link
Collaborator Author

bugbot run

@YunxianHua YunxianHua marked this pull request as ready for review June 25, 2025 02:15
@YunxianHua YunxianHua requested a review from yujingz July 3, 2025 05:28
yujingz
yujingz previously approved these changes Jul 3, 2025
View reviewed changes
@YunxianHua YunxianHua merged commit a76cb10 into main Aug 19, 2025
7 checks passed
@YunxianHua YunxianHua deleted the feat/http-server branch August 19, 2025 02:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cursor cursor[bot] cursor[bot] left review comments

@yujingz yujingz yujingz approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@YunxianHua @yujingz