From 501692e028829032ede750677f9a65c0e7e97be0 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 9 Aug 2021 12:04:29 +0000
Subject: [PATCH 01/21] chore(deps): bump golang from 1.16.6-alpine to
 1.16.7-alpine

Bumps golang from 1.16.6-alpine to 1.16.7-alpine.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 1f80a97..7210e7f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.16.6-alpine as build-env
+FROM golang:1.16.7-alpine as build-env
 RUN GO111MODULE=on go get -v github.com/projectdiscovery/simplehttpserver/cmd/simplehttpserver
 
 FROM alpine:latest

From 67007c899f2ff8f5f601e576102cebb978bc8331 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 23 Aug 2021 12:03:57 +0000
Subject: [PATCH 02/21] chore(deps): bump golang from 1.16.7-alpine to
 1.17.0-alpine

Bumps golang from 1.16.7-alpine to 1.17.0-alpine.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 7210e7f..df1a483 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.16.7-alpine as build-env
+FROM golang:1.17.0-alpine as build-env
 RUN GO111MODULE=on go get -v github.com/projectdiscovery/simplehttpserver/cmd/simplehttpserver
 
 FROM alpine:latest

From 0a0a56111b299f41dcbbf7f4dd48012f4253316f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 11 Oct 2021 12:04:06 +0000
Subject: [PATCH 03/21] chore(deps): bump golang from 1.17.0-alpine to
 1.17.2-alpine

Bumps golang from 1.17.0-alpine to 1.17.2-alpine.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index df1a483..9461edd 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.17.0-alpine as build-env
+FROM golang:1.17.2-alpine as build-env
 RUN GO111MODULE=on go get -v github.com/projectdiscovery/simplehttpserver/cmd/simplehttpserver
 
 FROM alpine:latest

From dae25034d7cedb96fbfe8b426861b14923cf3dde Mon Sep 17 00:00:00 2001
From: mzack <marco.rivoli.nvh@gmail.com>
Date: Sat, 16 Oct 2021 14:58:17 +0200
Subject: [PATCH 04/21] Adding support for http1 mode only

---
 internal/runner/options.go   |  4 +++-
 internal/runner/runner.go    |  1 +
 pkg/httpserver/httpserver.go | 23 ++++++++++++++++-------
 3 files changed, 20 insertions(+), 8 deletions(-)

diff --git a/internal/runner/options.go b/internal/runner/options.go
index a5869d6..6094c7a 100644
--- a/internal/runner/options.go
+++ b/internal/runner/options.go
@@ -31,6 +31,7 @@ type Options struct {
 	Silent         bool
 	Sandbox        bool
 	MaxFileSize    int
+	HTTP1Only      bool
 }
 
 // ParseOptions parses the command line options for application
@@ -56,7 +57,8 @@ func ParseOptions() *Options {
 	flag.BoolVar(&options.Version, "version", false, "Show version of the software")
 	flag.BoolVar(&options.Silent, "silent", false, "Show only results in the output")
 	flag.BoolVar(&options.Sandbox, "sandbox", false, "Enable sandbox mode")
-	flag.IntVar(&options.MaxFileSize, "max-file-size", 50, "Max Upload File Size")
+	flag.IntVar(&options.MaxFileSize, "max-file-size", 50, "Max Upload File Size in Mb")
+	flag.BoolVar(&options.HTTP1Only, "http1", false, "Enable only HTTP1")
 
 	flag.Parse()
 
diff --git a/internal/runner/runner.go b/internal/runner/runner.go
index 5806044..88fe753 100644
--- a/internal/runner/runner.go
+++ b/internal/runner/runner.go
@@ -59,6 +59,7 @@ func New(options *Options) (*Runner, error) {
 		Verbose:           r.options.Verbose,
 		Sandbox:           r.options.Sandbox,
 		MaxFileSize:       r.options.MaxFileSize,
+		HTTP1Only:         r.options.HTTP1Only,
 	})
 	if err != nil {
 		return nil, err
diff --git a/pkg/httpserver/httpserver.go b/pkg/httpserver/httpserver.go
index 72da466..be44567 100644
--- a/pkg/httpserver/httpserver.go
+++ b/pkg/httpserver/httpserver.go
@@ -1,6 +1,7 @@
 package httpserver
 
 import (
+	"crypto/tls"
 	"errors"
 	"net/http"
 	"os"
@@ -23,7 +24,8 @@ type Options struct {
 	BasicAuthReal     string
 	Verbose           bool
 	Sandbox           bool
-	MaxFileSize       int // 50Mb
+	MaxFileSize       int
+	HTTP1Only         bool
 }
 
 // HTTPServer instance
@@ -59,9 +61,20 @@ func New(options *Options) (*HTTPServer, error) {
 	return &h, nil
 }
 
+func (t *HTTPServer) makeHTTPServer(tlsConfig *tls.Config) *http.Server {
+	httpServer := &http.Server{Addr: t.options.ListenAddress}
+	if t.options.HTTP1Only {
+		httpServer.TLSNextProto = make(map[string]func(*http.Server, *tls.Conn, http.Handler))
+	}
+	httpServer.TLSConfig = tlsConfig
+	httpServer.Handler = t.layers
+	return httpServer
+}
+
 // ListenAndServe requests over http
 func (t *HTTPServer) ListenAndServe() error {
-	return http.ListenAndServe(t.options.ListenAddress, t.layers)
+	httpServer := t.makeHTTPServer(nil)
+	return httpServer.ListenAndServe()
 }
 
 // ListenAndServeTLS requests over https
@@ -73,11 +86,7 @@ func (t *HTTPServer) ListenAndServeTLS() error {
 		if err != nil {
 			return err
 		}
-		httpServer := &http.Server{
-			Addr:      t.options.ListenAddress,
-			TLSConfig: tlsConfig,
-		}
-		httpServer.Handler = t.layers
+		httpServer := t.makeHTTPServer(tlsConfig)
 		return httpServer.ListenAndServeTLS("", "")
 	}
 	return http.ListenAndServeTLS(t.options.ListenAddress, t.options.Certificate, t.options.CertificateKey, t.layers)

From 99ee9320c9c3089acd50475c421308668c8a93c6 Mon Sep 17 00:00:00 2001
From: mzack <marco.rivoli.nvh@gmail.com>
Date: Sat, 16 Oct 2021 21:12:05 +0200
Subject: [PATCH 05/21] Fixing memory leak on large file dump via
 max-dump-body-size

---
 internal/runner/options.go   | 40 +++++++++++++++++++-----------------
 internal/runner/runner.go    |  2 ++
 pkg/httpserver/httpserver.go |  1 +
 pkg/httpserver/loglayer.go   | 33 +++++++++++++++++++++--------
 pkg/httpserver/util.go       |  5 -----
 pkg/unit/unit.go             |  6 ++++++
 6 files changed, 54 insertions(+), 33 deletions(-)
 delete mode 100644 pkg/httpserver/util.go
 create mode 100644 pkg/unit/unit.go

diff --git a/internal/runner/options.go b/internal/runner/options.go
index a5869d6..95b7e03 100644
--- a/internal/runner/options.go
+++ b/internal/runner/options.go
@@ -12,25 +12,26 @@ import (
 
 // Options of the tool
 type Options struct {
-	ListenAddress  string
-	Folder         string
-	BasicAuth      string
-	username       string
-	password       string
-	Realm          string
-	TLSCertificate string
-	TLSKey         string
-	TLSDomain      string
-	HTTPS          bool
-	Verbose        bool
-	EnableUpload   bool
-	EnableTCP      bool
-	RulesFile      string
-	TCPWithTLS     bool
-	Version        bool
-	Silent         bool
-	Sandbox        bool
-	MaxFileSize    int
+	ListenAddress   string
+	Folder          string
+	BasicAuth       string
+	username        string
+	password        string
+	Realm           string
+	TLSCertificate  string
+	TLSKey          string
+	TLSDomain       string
+	HTTPS           bool
+	Verbose         bool
+	EnableUpload    bool
+	EnableTCP       bool
+	RulesFile       string
+	TCPWithTLS      bool
+	Version         bool
+	Silent          bool
+	Sandbox         bool
+	MaxFileSize     int
+	MaxDumpBodySize int
 }
 
 // ParseOptions parses the command line options for application
@@ -57,6 +58,7 @@ func ParseOptions() *Options {
 	flag.BoolVar(&options.Silent, "silent", false, "Show only results in the output")
 	flag.BoolVar(&options.Sandbox, "sandbox", false, "Enable sandbox mode")
 	flag.IntVar(&options.MaxFileSize, "max-file-size", 50, "Max Upload File Size")
+	flag.IntVar(&options.MaxDumpBodySize, "max-dump-body-size", -1, "Max Dump Body Size")
 
 	flag.Parse()
 
diff --git a/internal/runner/runner.go b/internal/runner/runner.go
index 5806044..e9f6cbe 100644
--- a/internal/runner/runner.go
+++ b/internal/runner/runner.go
@@ -5,6 +5,7 @@ import (
 	"github.com/projectdiscovery/simplehttpserver/pkg/binder"
 	"github.com/projectdiscovery/simplehttpserver/pkg/httpserver"
 	"github.com/projectdiscovery/simplehttpserver/pkg/tcpserver"
+	"github.com/projectdiscovery/simplehttpserver/pkg/unit"
 )
 
 // Runner is a client for running the enumeration process.
@@ -59,6 +60,7 @@ func New(options *Options) (*Runner, error) {
 		Verbose:           r.options.Verbose,
 		Sandbox:           r.options.Sandbox,
 		MaxFileSize:       r.options.MaxFileSize,
+		MaxDumpBodySize:   unit.ToMb(r.options.MaxDumpBodySize),
 	})
 	if err != nil {
 		return nil, err
diff --git a/pkg/httpserver/httpserver.go b/pkg/httpserver/httpserver.go
index 72da466..d1d8fef 100644
--- a/pkg/httpserver/httpserver.go
+++ b/pkg/httpserver/httpserver.go
@@ -24,6 +24,7 @@ type Options struct {
 	Verbose           bool
 	Sandbox           bool
 	MaxFileSize       int // 50Mb
+	MaxDumpBodySize   int64
 }
 
 // HTTPServer instance
diff --git a/pkg/httpserver/loglayer.go b/pkg/httpserver/loglayer.go
index 0e1a87a..04c5550 100644
--- a/pkg/httpserver/loglayer.go
+++ b/pkg/httpserver/loglayer.go
@@ -9,6 +9,7 @@ import (
 	"path/filepath"
 
 	"github.com/projectdiscovery/gologger"
+	"github.com/projectdiscovery/simplehttpserver/pkg/unit"
 )
 
 // Convenience globals
@@ -17,10 +18,19 @@ var (
 	EnableVerbose bool
 )
 
+func (t *HTTPServer) shouldDumpBody(bodysize int64) bool {
+	return t.options.MaxDumpBodySize > 0 && bodysize > t.options.MaxDumpBodySize
+}
+
 func (t *HTTPServer) loglayer(handler http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		fullRequest, _ := httputil.DumpRequest(r, true)
-		lrw := newLoggingResponseWriter(w)
+		var fullRequest []byte
+		if t.shouldDumpBody(r.ContentLength) {
+			fullRequest, _ = httputil.DumpRequest(r, false)
+		} else {
+			fullRequest, _ = httputil.DumpRequest(r, true)
+		}
+		lrw := newLoggingResponseWriter(w, t.options.MaxDumpBodySize)
 		handler.ServeHTTP(lrw, r)
 
 		// Handles file write if enabled
@@ -52,7 +62,7 @@ func (t *HTTPServer) loglayer(handler http.Handler) http.Handler {
 				err  error
 			)
 			if t.options.Sandbox {
-				maxFileSize := toMb(t.options.MaxFileSize)
+				maxFileSize := unit.ToMb(t.options.MaxFileSize)
 				// check header content length
 				if r.ContentLength > maxFileSize {
 					gologger.Print().Msg("request too large")
@@ -81,24 +91,29 @@ func (t *HTTPServer) loglayer(handler http.Handler) http.Handler {
 			lrw.Header().Write(headers) //nolint
 			gologger.Print().Msgf("\nRemote Address: %s\n%s\n%s %d %s\n%s\n%s\n", r.RemoteAddr, string(fullRequest), r.Proto, lrw.statusCode, http.StatusText(lrw.statusCode), headers.String(), string(lrw.Data))
 		} else {
-			gologger.Print().Msgf("%s \"%s %s %s\" %d %d", r.RemoteAddr, r.Method, r.URL, r.Proto, lrw.statusCode, len(lrw.Data))
+			gologger.Print().Msgf("%s \"%s %s %s\" %d %d", r.RemoteAddr, r.Method, r.URL, r.Proto, lrw.statusCode, lrw.Size)
 		}
 	})
 }
 
 type loggingResponseWriter struct {
 	http.ResponseWriter
-	statusCode int
-	Data       []byte
+	statusCode  int
+	Data        []byte
+	Size        int
+	MaxDumpSize int64
 }
 
-func newLoggingResponseWriter(w http.ResponseWriter) *loggingResponseWriter {
-	return &loggingResponseWriter{w, http.StatusOK, []byte{}}
+func newLoggingResponseWriter(w http.ResponseWriter, maxSize int64) *loggingResponseWriter {
+	return &loggingResponseWriter{w, http.StatusOK, []byte{}, 0, maxSize}
 }
 
 // Write the data
 func (lrw *loggingResponseWriter) Write(data []byte) (int, error) {
-	lrw.Data = append(lrw.Data, data...)
+	if len(lrw.Data) < int(lrw.MaxDumpSize) {
+		lrw.Data = append(lrw.Data, data...)
+	}
+	lrw.Size += len(data)
 	return lrw.ResponseWriter.Write(data)
 }
 
diff --git a/pkg/httpserver/util.go b/pkg/httpserver/util.go
deleted file mode 100644
index 4c69d6f..0000000
--- a/pkg/httpserver/util.go
+++ /dev/null
@@ -1,5 +0,0 @@
-package httpserver
-
-func toMb(n int) int64 {
-	return int64(n) * 1024 * 1024
-}
diff --git a/pkg/unit/unit.go b/pkg/unit/unit.go
new file mode 100644
index 0000000..98cdb35
--- /dev/null
+++ b/pkg/unit/unit.go
@@ -0,0 +1,6 @@
+package unit
+
+// ToMb converts bytes to megabytes
+func ToMb(n int) int64 {
+	return int64(n) * 1024 * 1024
+}

From 8dd2098c0d6b4156475fb406161f9cc9425255c7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 8 Nov 2021 12:05:03 +0000
Subject: [PATCH 06/21] chore(deps): bump golang from 1.17.2-alpine to
 1.17.3-alpine

Bumps golang from 1.17.2-alpine to 1.17.3-alpine.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 9461edd..4fd0e6e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.17.2-alpine as build-env
+FROM golang:1.17.3-alpine as build-env
 RUN GO111MODULE=on go get -v github.com/projectdiscovery/simplehttpserver/cmd/simplehttpserver
 
 FROM alpine:latest

From d75fcd070f90c7fe2cb815ba58cb4f022b606ca8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 6 Dec 2021 12:07:07 +0000
Subject: [PATCH 07/21] chore(deps): bump golang from 1.17.3-alpine to
 1.17.4-alpine

Bumps golang from 1.17.3-alpine to 1.17.4-alpine.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 4fd0e6e..63ee89c 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.17.3-alpine as build-env
+FROM golang:1.17.4-alpine as build-env
 RUN GO111MODULE=on go get -v github.com/projectdiscovery/simplehttpserver/cmd/simplehttpserver
 
 FROM alpine:latest

From d4fd4c417f843f1bda013176f0928b6187d87483 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 13 Dec 2021 12:03:40 +0000
Subject: [PATCH 08/21] chore(deps): bump golang from 1.17.4-alpine to
 1.17.5-alpine

Bumps golang from 1.17.4-alpine to 1.17.5-alpine.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 63ee89c..ec90ef9 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.17.4-alpine as build-env
+FROM golang:1.17.5-alpine as build-env
 RUN GO111MODULE=on go get -v github.com/projectdiscovery/simplehttpserver/cmd/simplehttpserver
 
 FROM alpine:latest

From d55e2f8dfea49661e06934a7400cad1d80b5caca Mon Sep 17 00:00:00 2001
From: invist <35263248+c-f@users.noreply.github.com>
Date: Wed, 13 Oct 2021 09:59:36 +0200
Subject: [PATCH 09/21] smalle upload refactoring

---
 pkg/httpserver/authlayer.go   |  2 +-
 pkg/httpserver/httpserver.go  | 22 ++++++++-
 pkg/httpserver/loglayer.go    | 56 -----------------------
 pkg/httpserver/uploadlayer.go | 85 ++++++++++++++++++++++++++++++++---
 4 files changed, 101 insertions(+), 64 deletions(-)

diff --git a/pkg/httpserver/authlayer.go b/pkg/httpserver/authlayer.go
index f2eff4b..297d863 100644
--- a/pkg/httpserver/authlayer.go
+++ b/pkg/httpserver/authlayer.go
@@ -5,7 +5,7 @@ import (
 	"net/http"
 )
 
-func (t *HTTPServer) basicauthlayer(handler http.Handler) http.HandlerFunc {
+func (t *HTTPServer) basicauthlayer(handler http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		user, pass, ok := r.BasicAuth()
 		if !ok || user != t.options.BasicAuthUsername || pass != t.options.BasicAuthPassword {
diff --git a/pkg/httpserver/httpserver.go b/pkg/httpserver/httpserver.go
index 72da466..439de3c 100644
--- a/pkg/httpserver/httpserver.go
+++ b/pkg/httpserver/httpserver.go
@@ -32,6 +32,9 @@ type HTTPServer struct {
 	layers  http.Handler
 }
 
+// LayerHandler is the interface of all layer funcs
+type Middleware func(http.Handler) http.Handler
+
 // New http server instance with options
 func New(options *Options) (*HTTPServer, error) {
 	var h HTTPServer
@@ -50,10 +53,25 @@ func New(options *Options) (*HTTPServer, error) {
 	if options.Sandbox {
 		dir = SandboxFileSystem{fs: http.Dir(options.Folder), RootFolder: options.Folder}
 	}
-	h.layers = h.loglayer(http.FileServer(dir))
+
+	httpHandler := http.FileServer(dir)
+	addHandler := func(newHandler Middleware) {
+		httpHandler = newHandler(httpHandler)
+	}
+
+	// middleware
+	if options.EnableUpload {
+		addHandler(h.uploadlayer)
+	}
+
 	if options.BasicAuthUsername != "" || options.BasicAuthPassword != "" {
-		h.layers = h.loglayer(h.basicauthlayer(http.FileServer(dir)))
+		addHandler(h.basicauthlayer)
 	}
+
+	httpHandler = h.loglayer(httpHandler)
+
+	// add handler
+	h.layers = httpHandler
 	h.options = options
 
 	return &h, nil
diff --git a/pkg/httpserver/loglayer.go b/pkg/httpserver/loglayer.go
index 0e1a87a..468fb6a 100644
--- a/pkg/httpserver/loglayer.go
+++ b/pkg/httpserver/loglayer.go
@@ -2,11 +2,8 @@ package httpserver
 
 import (
 	"bytes"
-	"io/ioutil"
 	"net/http"
 	"net/http/httputil"
-	"path"
-	"path/filepath"
 
 	"github.com/projectdiscovery/gologger"
 )
@@ -23,59 +20,6 @@ func (t *HTTPServer) loglayer(handler http.Handler) http.Handler {
 		lrw := newLoggingResponseWriter(w)
 		handler.ServeHTTP(lrw, r)
 
-		// Handles file write if enabled
-		if EnableUpload && r.Method == http.MethodPut {
-			// sandbox - calcolate absolute path
-			if t.options.Sandbox {
-				absPath, err := filepath.Abs(filepath.Join(t.options.Folder, r.URL.Path))
-				if err != nil {
-					gologger.Print().Msgf("%s\n", err)
-					w.WriteHeader(http.StatusBadRequest)
-					return
-				}
-				// check if the path is within the configured folder
-				pattern := t.options.Folder + string(filepath.Separator) + "*"
-				matched, err := filepath.Match(pattern, absPath)
-				if err != nil {
-					gologger.Print().Msgf("%s\n", err)
-					w.WriteHeader(http.StatusBadRequest)
-					return
-				} else if !matched {
-					gologger.Print().Msg("pointing to unauthorized directory")
-					w.WriteHeader(http.StatusBadRequest)
-					return
-				}
-			}
-
-			var (
-				data []byte
-				err  error
-			)
-			if t.options.Sandbox {
-				maxFileSize := toMb(t.options.MaxFileSize)
-				// check header content length
-				if r.ContentLength > maxFileSize {
-					gologger.Print().Msg("request too large")
-					return
-				}
-				// body max length
-				r.Body = http.MaxBytesReader(w, r.Body, maxFileSize)
-			}
-
-			data, err = ioutil.ReadAll(r.Body)
-			if err != nil {
-				gologger.Print().Msgf("%s\n", err)
-				w.WriteHeader(http.StatusInternalServerError)
-				return
-			}
-			err = handleUpload(t.options.Folder, path.Base(r.URL.Path), data)
-			if err != nil {
-				gologger.Print().Msgf("%s\n", err)
-				w.WriteHeader(http.StatusInternalServerError)
-				return
-			}
-		}
-
 		if EnableVerbose {
 			headers := new(bytes.Buffer)
 			lrw.Header().Write(headers) //nolint
diff --git a/pkg/httpserver/uploadlayer.go b/pkg/httpserver/uploadlayer.go
index 928ac60..9f4821f 100644
--- a/pkg/httpserver/uploadlayer.go
+++ b/pkg/httpserver/uploadlayer.go
@@ -3,21 +3,96 @@ package httpserver
 import (
 	"errors"
 	"io/ioutil"
+	"net/http"
+	"os"
+	"path"
 	"path/filepath"
 	"strings"
+
+	"github.com/projectdiscovery/gologger"
 )
 
+// uploadlayer handles PUT requests and save the file to disk
+func (t *HTTPServer) uploadlayer(handler http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		// Handles file write if enabled
+		if EnableUpload && r.Method == http.MethodPut {
+			// sandbox - calcolate absolute path
+			if t.options.Sandbox {
+				absPath, err := filepath.Abs(filepath.Join(t.options.Folder, r.URL.Path))
+				if err != nil {
+					gologger.Print().Msgf("%s\n", err)
+					w.WriteHeader(http.StatusBadRequest)
+					return
+				}
+				// check if the path is within the configured folder
+				pattern := t.options.Folder + string(filepath.Separator) + "*"
+				matched, err := filepath.Match(pattern, absPath)
+				if err != nil {
+					gologger.Print().Msgf("%s\n", err)
+					w.WriteHeader(http.StatusBadRequest)
+					return
+				} else if !matched {
+					gologger.Print().Msg("pointing to unauthorized directory")
+					w.WriteHeader(http.StatusBadRequest)
+					return
+				}
+			}
+
+			var (
+				data []byte
+				err  error
+			)
+			if t.options.Sandbox {
+				maxFileSize := toMb(t.options.MaxFileSize)
+				// check header content length
+				if r.ContentLength > maxFileSize {
+					gologger.Print().Msg("request too large")
+					return
+				}
+				// body max length
+				r.Body = http.MaxBytesReader(w, r.Body, maxFileSize)
+			}
+
+			data, err = ioutil.ReadAll(r.Body)
+			if err != nil {
+				gologger.Print().Msgf("%s\n", err)
+				w.WriteHeader(http.StatusInternalServerError)
+				return
+			}
+
+			sanitizedPath := filepath.FromSlash(path.Clean("/" + strings.Trim(r.URL.Path, "/")))
+
+			err = handleUpload(t.options.Folder, sanitizedPath, data)
+			if err != nil {
+				gologger.Print().Msgf("%s\n", err)
+				w.WriteHeader(http.StatusInternalServerError)
+				return
+			} else {
+				w.WriteHeader(http.StatusCreated)
+				return
+			}
+		}
+
+		handler.ServeHTTP(w, r)
+	})
+}
+
 func handleUpload(base, file string, data []byte) error {
 	// rejects all paths containing a non exhaustive list of invalid characters - This is only a best effort as the tool is meant for development
 	if strings.ContainsAny(file, "\\`\"':") {
 		return errors.New("invalid character")
 	}
 
-	// allow upload only in subfolders
-	rel, err := filepath.Rel(base, file)
-	if rel == "" || err != nil {
-		return err
+	untrustedPath := filepath.Clean(filepath.Join(base, file))
+	if !strings.HasPrefix(untrustedPath, filepath.Clean(base)) {
+		return errors.New("invalid path")
+	}
+	trustedPath := untrustedPath
+
+	if _, err := os.Stat(path.Dir(trustedPath)); os.IsNotExist(err) {
+		return errors.New("invalid path")
 	}
 
-	return ioutil.WriteFile(file, data, 0655)
+	return ioutil.WriteFile(trustedPath, data, 0655)
 }

From 4fb2abb558e98ae03d11f2220d7f0d2618efb0e8 Mon Sep 17 00:00:00 2001
From: c-f <35263248+c-f@users.noreply.github.com>
Date: Mon, 20 Dec 2021 16:46:39 +0100
Subject: [PATCH 10/21] remove bug of reading previous messages

---
 pkg/tcpserver/tcpserver.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkg/tcpserver/tcpserver.go b/pkg/tcpserver/tcpserver.go
index 876fbb4..bed8e95 100644
--- a/pkg/tcpserver/tcpserver.go
+++ b/pkg/tcpserver/tcpserver.go
@@ -59,14 +59,14 @@ func (t *TCPServer) handleConnection(conn net.Conn) error {
 		if err := conn.SetReadDeadline(time.Now().Add(readTimeout * time.Second)); err != nil {
 			gologger.Info().Msgf("%s\n", err)
 		}
-		_, err := conn.Read(buf)
+		n, err := conn.Read(buf)
 		if err != nil {
 			return err
 		}
 
-		gologger.Print().Msgf("%s\n", buf)
+		gologger.Print().Msgf("%s\n", buf[:n])
 
-		resp, err := t.BuildResponse(buf)
+		resp, err := t.BuildResponse(buf[:n])
 		if err != nil {
 			return err
 		}

From e615365be58ccaf78274d0c212a35bf62a9d382a Mon Sep 17 00:00:00 2001
From: c-f <35263248+c-f@users.noreply.github.com>
Date: Mon, 20 Dec 2021 17:44:21 +0100
Subject: [PATCH 11/21] add livereloading for rule config

---
 internal/runner/runner.go   |  2 ++
 internal/runner/watchdog.go | 36 ++++++++++++++++++++++++++++++++++++
 2 files changed, 38 insertions(+)
 create mode 100644 internal/runner/watchdog.go

diff --git a/internal/runner/runner.go b/internal/runner/runner.go
index 269dd15..cbd9227 100644
--- a/internal/runner/runner.go
+++ b/internal/runner/runner.go
@@ -42,6 +42,8 @@ func New(options *Options) (*Runner, error) {
 		if err != nil {
 			return nil, err
 		}
+		watchFile(r.options.RulesFile, serverTCP.LoadTemplate)
+
 		r.serverTCP = serverTCP
 		return &r, nil
 	}
diff --git a/internal/runner/watchdog.go b/internal/runner/watchdog.go
new file mode 100644
index 0000000..2cdde4c
--- /dev/null
+++ b/internal/runner/watchdog.go
@@ -0,0 +1,36 @@
+package runner
+
+import (
+	"log"
+
+	"github.com/fsnotify/fsnotify"
+)
+
+type WatchEvent func(fname string) error
+
+func watchFile(fname string, callback WatchEvent) (watcher *fsnotify.Watcher, err error) {
+	watcher, err = fsnotify.NewWatcher()
+	if err != nil {
+		return
+	}
+	go func() {
+		for {
+			select {
+			case event, ok := <-watcher.Events:
+				if !ok {
+					continue
+				}
+				if event.Op&fsnotify.Write == fsnotify.Write {
+					if err := callback(fname); err != nil {
+						log.Println("err", err)
+					}
+				}
+			case <-watcher.Errors:
+				// ignore errors for now
+			}
+		}
+	}()
+
+	err = watcher.Add(fname)
+	return
+}

From 420a99f54aea3a31ce03055cdc0c7792440b9481 Mon Sep 17 00:00:00 2001
From: c-f <35263248+c-f@users.noreply.github.com>
Date: Mon, 20 Dec 2021 18:11:53 +0100
Subject: [PATCH 12/21] make linter happy

---
 README.md                       | 15 ++++++-
 go.mod                          |  1 +
 go.sum                          |  4 ++
 internal/runner/runner.go       |  6 ++-
 pkg/tcpserver/addr.go           |  9 ++++
 pkg/tcpserver/responseengine.go |  7 ++-
 pkg/tcpserver/rule.go           | 50 ++++++++++++++++++---
 pkg/tcpserver/tcpserver.go      | 77 ++++++++++++++++++++++++++++++---
 8 files changed, 153 insertions(+), 16 deletions(-)
 create mode 100644 pkg/tcpserver/addr.go

diff --git a/README.md b/README.md
index b533b2a..e08d29a 100644
--- a/README.md
+++ b/README.md
@@ -128,7 +128,9 @@ simplehttpserver -rule rules.yaml -tcp -tls -domain localhost
 The rules are written as follows:
 ```yaml
 rules:
-  - match: regex
+  - match: regex-match
+    match-contains: literal-match
+    name: rule-name
     response: response data
 ```
 
@@ -137,6 +139,7 @@ For example to handle two different paths simulating an HTTP server or SMTP comm
 rules:
   # HTTP Requests
   - match: GET /path1
+    name: redirect
     response: |
               HTTP/1.0 200 OK
               Server: httpd/2.0
@@ -149,6 +152,7 @@ rules:
               <HTML><HEAD><script>top.location.href='/Main_Login.asp';</script>
               </HEAD></HTML>
   - match: GET /path2
+    name: "404"
     response: |
               HTTP/1.0 404 OK
               Server: httpd/2.0
@@ -156,6 +160,7 @@ rules:
               <HTML><HEAD></HEAD><BODY>Not found</BODY></HTML>
   # SMTP Commands
   - match: "EHLO example.com"
+    name: smtp 
     response: |
               250-localhost Nice to meet you, [127.0.0.1]
               250-PIPELINING
@@ -167,6 +172,14 @@ rules:
     response: 250 Accepted
   - match: "RCPT TO: <test@example.com>"
     response: 250 Accepted
+
+  - match-contains: !!binary |
+      MAwCAQFgBwIBAwQAgAA=
+    name: "ldap"
+    # Request:  300c 0201 0160 0702 0103 0400 8000       0....`........
+    # Response: 300c 0201 0161 070a 0100 0400 0400       0....a........
+    response: !!binary |
+      MAwCAQFhBwoBAAQABAA=
 ```
 
 ## Note
diff --git a/go.mod b/go.mod
index f4c4a9d..7b6de7d 100644
--- a/go.mod
+++ b/go.mod
@@ -3,6 +3,7 @@ module github.com/projectdiscovery/simplehttpserver
 go 1.14
 
 require (
+	github.com/fsnotify/fsnotify v1.5.1 // indirect
 	github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2
 	github.com/projectdiscovery/gologger v1.1.4
 	github.com/projectdiscovery/sslcert v0.0.0-20210416140253-8f56bec1bb5e
diff --git a/go.sum b/go.sum
index aafe4a2..e239b8e 100644
--- a/go.sum
+++ b/go.sum
@@ -2,6 +2,8 @@ github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ3
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/fsnotify/fsnotify v1.5.1 h1:mZcQUHVQUQWoPXXtuf9yuEXKudkV2sx1E06UadKWpgI=
+github.com/fsnotify/fsnotify v1.5.1/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5Ai1i3InKU=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/json-iterator/go v1.1.10 h1:Kz6Cvnvv2wGdaG/V8yMvfkmNiXq9Ya2KUv4rouJJr68=
 github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
@@ -31,6 +33,8 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c h1:F1jZWGFhYfh0Ci55sIpILtKKK8p3i2/krTr0H1rg74I=
+golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
diff --git a/internal/runner/runner.go b/internal/runner/runner.go
index cbd9227..49d5cd3 100644
--- a/internal/runner/runner.go
+++ b/internal/runner/runner.go
@@ -42,7 +42,11 @@ func New(options *Options) (*Runner, error) {
 		if err != nil {
 			return nil, err
 		}
-		watchFile(r.options.RulesFile, serverTCP.LoadTemplate)
+		watcher, err := watchFile(r.options.RulesFile, serverTCP.LoadTemplate)
+		if err != nil {
+			return nil, err
+		}
+		defer watcher.Close()
 
 		r.serverTCP = serverTCP
 		return &r, nil
diff --git a/pkg/tcpserver/addr.go b/pkg/tcpserver/addr.go
new file mode 100644
index 0000000..b678b30
--- /dev/null
+++ b/pkg/tcpserver/addr.go
@@ -0,0 +1,9 @@
+package tcpserver
+
+// ContextType is the key type stored in ctx
+type ContextType string
+
+var (
+	// Addr is the contextKey where the net.Addr is stored
+	Addr ContextType = "addr"
+)
diff --git a/pkg/tcpserver/responseengine.go b/pkg/tcpserver/responseengine.go
index ec15da0..80fb795 100644
--- a/pkg/tcpserver/responseengine.go
+++ b/pkg/tcpserver/responseengine.go
@@ -6,9 +6,12 @@ import (
 
 // BuildResponse according to rules
 func (t *TCPServer) BuildResponse(data []byte) ([]byte, error) {
+	t.mux.RLock()
+	defer t.mux.RUnlock()
+
 	// Process all the rules
-	for _, rule := range t.options.rules {
-		if rule.matchRegex.Match(data) {
+	for _, rule := range t.rules {
+		if rule.MatchInput(data) {
 			return []byte(rule.Response), nil
 		}
 	}
diff --git a/pkg/tcpserver/rule.go b/pkg/tcpserver/rule.go
index 903331b..aa9e6e8 100644
--- a/pkg/tcpserver/rule.go
+++ b/pkg/tcpserver/rule.go
@@ -1,6 +1,9 @@
 package tcpserver
 
-import "regexp"
+import (
+	"regexp"
+	"strings"
+)
 
 // RulesConfiguration from yaml
 type RulesConfiguration struct {
@@ -9,13 +12,20 @@ type RulesConfiguration struct {
 
 // Rule to apply to various requests
 type Rule struct {
-	Match      string `yaml:"match,omitempty"`
-	matchRegex *regexp.Regexp
-	Response   string `yaml:"response,omitempty"`
+	Name          string `yaml:"name,omitempty"`
+	Match         string `yaml:"match,omitempty"`
+	MatchContains string `yaml:"match-contains,omitempty"`
+	matchRegex    *regexp.Regexp
+	Response      string `yaml:"response,omitempty"`
 }
 
-// NewRule from model
+// NewRule creates a new Rule - default is regex
 func NewRule(match, response string) (*Rule, error) {
+	return NewRegexRule(match, response)
+}
+
+// NewRegexRule returns a new regex-match Rule
+func NewRegexRule(match, response string) (*Rule, error) {
 	regxp, err := regexp.Compile(match)
 	if err != nil {
 		return nil, err
@@ -23,3 +33,33 @@ func NewRule(match, response string) (*Rule, error) {
 
 	return &Rule{Match: match, matchRegex: regxp, Response: response}, nil
 }
+
+// NewLiteralRule returns a new literal-match Rule
+func NewLiteralRule(match, response string) (*Rule, error) {
+	return &Rule{MatchContains: match, Response: response}, nil
+}
+
+// NewRuleFromTemplate "copies" a new Rule
+func NewRuleFromTemplate(r Rule) (newRule *Rule, err error) {
+	newRule = &Rule{
+		Name:          r.Name,
+		Response:      r.Response,
+		MatchContains: r.MatchContains,
+		Match:         r.Match,
+	}
+	if newRule.Match != "" {
+		newRule.matchRegex, err = regexp.Compile(newRule.Match)
+	}
+
+	return
+}
+
+// MatchInput returns if the input was matches with one of the matchers
+func (r *Rule) MatchInput(input []byte) bool {
+	if r.matchRegex != nil && r.matchRegex.Match(input) {
+		return true
+	} else if r.MatchContains != "" && strings.Contains(string(input), r.MatchContains) {
+		return true
+	}
+	return false
+}
diff --git a/pkg/tcpserver/tcpserver.go b/pkg/tcpserver/tcpserver.go
index bed8e95..cbdd407 100644
--- a/pkg/tcpserver/tcpserver.go
+++ b/pkg/tcpserver/tcpserver.go
@@ -1,9 +1,12 @@
 package tcpserver
 
 import (
+	"context"
 	"crypto/tls"
+	"errors"
 	"io/ioutil"
 	"net"
+	"sync"
 	"time"
 
 	"github.com/projectdiscovery/gologger"
@@ -24,20 +27,35 @@ type Options struct {
 	Verbose     bool
 }
 
+// CallBackFunc handles what is send back to the client, based on the incomming question
+type CallBackFunc func(ctx context.Context, question []byte) (answer []byte, err error)
+
 // TCPServer instance
 type TCPServer struct {
 	options  *Options
 	listener net.Listener
+
+	// Callbacks to retrieve information about the system
+	HandleMessageFnc CallBackFunc
+
+	mux   sync.RWMutex
+	rules []Rule
 }
 
 // New tcp server instance with specified options
 func New(options *Options) (*TCPServer, error) {
-	return &TCPServer{options: options}, nil
+	srv := &TCPServer{options: options}
+	srv.HandleMessageFnc = srv.BuildResponseWithContext
+	srv.rules = options.rules
+	return srv, nil
 }
 
 // AddRule to the server
 func (t *TCPServer) AddRule(rule Rule) error {
-	t.options.rules = append(t.options.rules, rule)
+	t.mux.Lock()
+	defer t.mux.Unlock()
+
+	t.rules = append(t.rules, rule)
 	return nil
 }
 
@@ -51,9 +69,12 @@ func (t *TCPServer) ListenAndServe() error {
 	return t.run()
 }
 
-func (t *TCPServer) handleConnection(conn net.Conn) error {
+func (t *TCPServer) handleConnection(conn net.Conn, callback CallBackFunc) error {
 	defer conn.Close() //nolint
 
+	// Create Context
+	ctx := context.WithValue(context.Background(), Addr, conn.RemoteAddr())
+
 	buf := make([]byte, 4096)
 	for {
 		if err := conn.SetReadDeadline(time.Now().Add(readTimeout * time.Second)); err != nil {
@@ -66,8 +87,9 @@ func (t *TCPServer) handleConnection(conn net.Conn) error {
 
 		gologger.Print().Msgf("%s\n", buf[:n])
 
-		resp, err := t.BuildResponse(buf[:n])
+		resp, err := callback(ctx, buf[:n])
 		if err != nil {
+			gologger.Info().Msgf("Closing connection: %s\n", err)
 			return err
 		}
 
@@ -112,7 +134,7 @@ func (t *TCPServer) run() error {
 		if err != nil {
 			return err
 		}
-		go t.handleConnection(c) //nolint
+		go t.handleConnection(c, t.HandleMessageFnc) //nolint
 	}
 }
 
@@ -133,13 +155,54 @@ func (t *TCPServer) LoadTemplate(templatePath string) error {
 		return err
 	}
 
+	t.mux.Lock()
+	defer t.mux.Unlock()
+
+	t.rules = make([]Rule, 0)
 	for _, ruleTemplate := range config.Rules {
-		rule, err := NewRule(ruleTemplate.Match, ruleTemplate.Response)
+		rule, err := NewRuleFromTemplate(ruleTemplate)
 		if err != nil {
 			return err
 		}
-		t.options.rules = append(t.options.rules, *rule)
+		t.rules = append(t.rules, *rule)
 	}
 
+	gologger.Info().Msgf("TCP configuration loaded. Rules: %d\n", len(t.rules))
+
 	return nil
 }
+
+// MatchRule returns the rule, which was matched first
+func (t *TCPServer) MatchRule(data []byte) (rule Rule, err error) {
+	t.mux.RLock()
+	defer t.mux.RUnlock()
+
+	// Process all the rules
+	for _, rule := range t.rules {
+		if rule.MatchInput(data) {
+			return rule, nil
+		}
+	}
+	return Rule{}, errors.New("no matched rule")
+}
+
+// BuildResponseWithContext is a wrapper with context
+func (t *TCPServer) BuildResponseWithContext(ctx context.Context, data []byte) ([]byte, error) {
+	return t.BuildResponse(data)
+}
+
+// BuildResponseWithContext is a wrapper with context
+func (t *TCPServer) BuildRuleResponse(ctx context.Context, data []byte) ([]byte, error) {
+	addr := "unknown"
+	if netAddr, ok := ctx.Value(Addr).(net.Addr); ok {
+		addr = netAddr.String()
+	}
+	rule, err := t.MatchRule(data)
+	if err != nil {
+		return []byte(":) "), err
+	}
+
+	gologger.Info().Msgf("Incoming TCP request(%s) from: %s\n", rule.Name, addr)
+
+	return []byte(rule.Response), nil
+}

From 5f46aab077a27d85e7035bf93f7d81ce07693c23 Mon Sep 17 00:00:00 2001
From: mzack <marco.rivoli.nvh@gmail.com>
Date: Tue, 21 Dec 2021 16:43:53 +0100
Subject: [PATCH 13/21] Adding missing logic to enable TCP TLS server

---
 internal/runner/runner.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/internal/runner/runner.go b/internal/runner/runner.go
index 269dd15..94f55f0 100644
--- a/internal/runner/runner.go
+++ b/internal/runner/runner.go
@@ -74,6 +74,10 @@ func New(options *Options) (*Runner, error) {
 // Run logic
 func (r *Runner) Run() error {
 	if r.options.EnableTCP {
+		if r.options.TCPWithTLS {
+			gologger.Print().Msgf("Serving TCP rule based tls server on tcp://%s", r.options.ListenAddress)
+			return r.serverTCP.ListenAndServeTLS()
+		}
 		gologger.Print().Msgf("Serving TCP rule based server on tcp://%s", r.options.ListenAddress)
 		return r.serverTCP.ListenAndServe()
 	}

From 342bd07c37abdff4a09c8648ea97959594257a8b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 10 Jan 2022 12:06:04 +0000
Subject: [PATCH 14/21] chore(deps): bump golang from 1.17.5-alpine to
 1.17.6-alpine

Bumps golang from 1.17.5-alpine to 1.17.6-alpine.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index ec90ef9..0535716 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.17.5-alpine as build-env
+FROM golang:1.17.6-alpine as build-env
 RUN GO111MODULE=on go get -v github.com/projectdiscovery/simplehttpserver/cmd/simplehttpserver
 
 FROM alpine:latest

From c8430a9829e68939e941801a43daf2ce41c4507d Mon Sep 17 00:00:00 2001
From: Jon Goodgion <12418879+bridge-four@users.noreply.github.com>
Date: Thu, 13 Jan 2022 08:47:31 -0800
Subject: [PATCH 15/21] add timestamps

---
 pkg/httpserver/loglayer.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkg/httpserver/loglayer.go b/pkg/httpserver/loglayer.go
index b0f1023..f3fb4f7 100644
--- a/pkg/httpserver/loglayer.go
+++ b/pkg/httpserver/loglayer.go
@@ -4,7 +4,7 @@ import (
 	"bytes"
 	"net/http"
 	"net/http/httputil"
-
+	"time"
 	"github.com/projectdiscovery/gologger"
 )
 
@@ -32,9 +32,9 @@ func (t *HTTPServer) loglayer(handler http.Handler) http.Handler {
 		if EnableVerbose {
 			headers := new(bytes.Buffer)
 			lrw.Header().Write(headers) //nolint
-			gologger.Print().Msgf("\nRemote Address: %s\n%s\n%s %d %s\n%s\n%s\n", r.RemoteAddr, string(fullRequest), r.Proto, lrw.statusCode, http.StatusText(lrw.statusCode), headers.String(), string(lrw.Data))
+			gologger.Print().Msgf("\n[%s]\nRemote Address: %s\n%s\n%s %d %s\n%s\n%s\n", time.Now().Format("2006-01-02 15:04:05"), r.RemoteAddr, string(fullRequest), r.Proto, lrw.statusCode, http.StatusText(lrw.statusCode), headers.String(), string(lrw.Data))
 		} else {
-			gologger.Print().Msgf("%s \"%s %s %s\" %d %d", r.RemoteAddr, r.Method, r.URL, r.Proto, lrw.statusCode, lrw.Size)
+			gologger.Print().Msgf("[%s] %s \"%s %s %s\" %d %d", time.Now().Format("2006-01-02 15:04:05"), r.RemoteAddr, r.Method, r.URL, r.Proto, lrw.statusCode, lrw.Size)
 		}
 	})
 }

From 70f410daaf0198594efa4972e3c7cda37cbe7659 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 28 Feb 2022 12:06:24 +0000
Subject: [PATCH 16/21] chore(deps): bump golangci/golangci-lint-action from 2
 to 3.1.0

Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 2 to 3.1.0.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v2...v3.1.0)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/lint-test.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/lint-test.yml b/.github/workflows/lint-test.yml
index 794d073..5fbc57f 100644
--- a/.github/workflows/lint-test.yml
+++ b/.github/workflows/lint-test.yml
@@ -12,7 +12,7 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v2
       - name: Run golangci-lint
-        uses: golangci/golangci-lint-action@v2
+        uses: golangci/golangci-lint-action@v3.1.0
         with:
           version: latest
           args: --timeout 5m

From f5624c5bd04ffb399a9d09c3728187f6abaccccc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 7 Mar 2022 12:05:43 +0000
Subject: [PATCH 17/21] chore(deps): bump actions/checkout from 2 to 3

Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/build-test.yml      | 2 +-
 .github/workflows/codeql-analysis.yml | 2 +-
 .github/workflows/dockerhub-push.yml  | 2 +-
 .github/workflows/lint-test.yml       | 2 +-
 .github/workflows/release-binary.yml  | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/build-test.yml b/.github/workflows/build-test.yml
index 6bfe472..5ced080 100644
--- a/.github/workflows/build-test.yml
+++ b/.github/workflows/build-test.yml
@@ -16,7 +16,7 @@ jobs:
           go-version: 1.15
 
       - name: Check out code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
       - name: Test
         run: go test .
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 545cdea..601d89a 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -23,7 +23,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
diff --git a/.github/workflows/dockerhub-push.yml b/.github/workflows/dockerhub-push.yml
index 49369db..07ba054 100644
--- a/.github/workflows/dockerhub-push.yml
+++ b/.github/workflows/dockerhub-push.yml
@@ -11,7 +11,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       -
         name: Set up QEMU
         uses: docker/setup-qemu-action@v1
diff --git a/.github/workflows/lint-test.yml b/.github/workflows/lint-test.yml
index 5fbc57f..1531c6b 100644
--- a/.github/workflows/lint-test.yml
+++ b/.github/workflows/lint-test.yml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       - name: Run golangci-lint
         uses: golangci/golangci-lint-action@v3.1.0
         with:
diff --git a/.github/workflows/release-binary.yml b/.github/workflows/release-binary.yml
index 6fe8c82..8025dd8 100644
--- a/.github/workflows/release-binary.yml
+++ b/.github/workflows/release-binary.yml
@@ -11,7 +11,7 @@ jobs:
     steps: 
       - 
         name: "Check out code"
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with: 
           fetch-depth: 0
       - 

From cb02ccf72c2d1e1ce4415f1918786c7ecf203218 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 21 Mar 2022 12:27:57 +0000
Subject: [PATCH 18/21] chore(deps): bump golang from 1.17.6-alpine to
 1.18.0-alpine

Bumps golang from 1.17.6-alpine to 1.18.0-alpine.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 0535716..a0842da 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.17.6-alpine as build-env
+FROM golang:1.18.0-alpine as build-env
 RUN GO111MODULE=on go get -v github.com/projectdiscovery/simplehttpserver/cmd/simplehttpserver
 
 FROM alpine:latest

From e87cc4084973a39411f8e0c557c2588b3b6e1f5e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 18 Apr 2022 12:10:37 +0000
Subject: [PATCH 19/21] chore(deps): bump golang from 1.18.0-alpine to
 1.18.1-alpine

Bumps golang from 1.18.0-alpine to 1.18.1-alpine.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index a0842da..2850f62 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.18.0-alpine as build-env
+FROM golang:1.18.1-alpine as build-env
 RUN GO111MODULE=on go get -v github.com/projectdiscovery/simplehttpserver/cmd/simplehttpserver
 
 FROM alpine:latest

From 45ffc10bbadbb98418313fb9d5a214d6e64e4000 Mon Sep 17 00:00:00 2001
From: sandeep <sandeep@projectdiscovery.io>
Date: Mon, 18 Apr 2022 18:18:40 +0530
Subject: [PATCH 20/21] version update

---
 internal/runner/banner.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/internal/runner/banner.go b/internal/runner/banner.go
index 9093db8..24febe0 100644
--- a/internal/runner/banner.go
+++ b/internal/runner/banner.go
@@ -8,11 +8,11 @@ const banner = `
   \__ \/ / __ -__ \/ __ \/ / _ \/ /_/ / / /   / / / /_/ / ___/ _ \/ ___/ | / / _ \/ ___/
  ___/ / / / / / / / /_/ / /  __/ __  / / /   / / / ____(__  )  __/ /   | |/ /  __/ /    
 /____/_/_/ /_/ /_/ .___/_/\___/_/ /_/ /_/   /_/ /_/   /____/\___/_/    |___/\___/_/     
-                /_/                                                       - v0.0.4
+                /_/                                                       - v0.0.5
 `
 
 // Version is the current version
-const Version = `0.0.4`
+const Version = `0.0.5`
 
 // showBanner is used to show the banner to the user
 func showBanner() {

From 6f8863d09ee669fa879208aeea9069529704f772 Mon Sep 17 00:00:00 2001
From: sandeep <sandeep@projectdiscovery.io>
Date: Mon, 18 Apr 2022 18:22:31 +0530
Subject: [PATCH 21/21] readme update

---
 README.md | 1 +
 go.mod    | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 2afe3bb..0363d59 100644
--- a/README.md
+++ b/README.md
@@ -61,6 +61,7 @@ This will display help for the tool. Here are all the switches it supports.
 | `-max-file-size` | Max Upload File Size (default 50 MB)                    | `simplehttpserver -max-file-size 100`              |
 | `-sandbox`       | Enable sandbox mode                                     | `simplehttpserver -sandbox`                        |
 | `-https`         | Enable HTTPS in case of http server                     | `simplehttpserver -https`                          |
+| `-http1`         | Enable only HTTP1                                       | `simplehttpserver -http1`                          |
 | `-cert`          | HTTPS/TLS certificate (self generated if not specified) | `simplehttpserver -cert cert.pem`                  |
 | `-key`           | HTTPS/TLS certificate private key                       | `simplehttpserver -key cert.key`                   |
 | `-domain`        | Domain name to use for the self-generated certificate   | `simplehttpserver -domain projectdiscovery.io`     |
diff --git a/go.mod b/go.mod
index 4e30d64..2f48683 100644
--- a/go.mod
+++ b/go.mod
@@ -3,7 +3,7 @@ module github.com/projectdiscovery/simplehttpserver
 go 1.17
 
 require (
-	github.com/fsnotify/fsnotify v1.5.1 // indirect
+	github.com/fsnotify/fsnotify v1.5.1
 	github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2
 	github.com/projectdiscovery/gologger v1.1.4
 	github.com/projectdiscovery/sslcert v0.0.0-20210416140253-8f56bec1bb5e
@@ -15,4 +15,5 @@ require (
 	github.com/logrusorgru/aurora v2.0.3+incompatible // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.1 // indirect
+	golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c // indirect
 )