Fix summary fail count, sync 37 missing tests in tables, mark unscored in CLI

- render.js: use s.failed from data instead of wrong total-passed-warnings formula
- render.js: add dynamic "Other" fallback in renderSubTables for ungrouped tests
- compliance/smuggling/malformed _index.md: add all missing test IDs to groups
- render.js: add 31 missing TEST_URLS entries, remove phantom SMUG-HEADER-INJECTION
- ConsoleReporter: mark unscored tests with * suffix (PASS*, WARN*)
- TestRunReport: add UnscoredCount, show in summary so numbers add up

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: MDA2AV

docs/content/compliance/_index.md

@@ -28,25 +28,32 @@ Each test sends a request that violates a specific **MUST** or **MUST NOT** requ
       'RFC9112-3-MULTI-SP-REQUEST-LINE','RFC9112-3-MISSING-TARGET',
       'RFC9112-3.2-FRAGMENT-IN-TARGET','RFC9112-2.3-INVALID-VERSION',
       'RFC9112-2.3-HTTP09-REQUEST','COMP-ASTERISK-WITH-GET','COMP-OPTIONS-STAR',
-      'COMP-CONNECT-EMPTY-PORT','COMP-ABSOLUTE-FORM','COMP-METHOD-CASE',
+      'COMP-CONNECT-EMPTY-PORT','COMP-CONNECT-ORIGIN-FORM','COMP-ABSOLUTE-FORM',
+      'COMP-METHOD-CASE','COMP-REQUEST-LINE-TAB',
+      'COMP-VERSION-MISSING-MINOR','COMP-VERSION-LEADING-ZEROS',
+      'COMP-VERSION-WHITESPACE','COMP-HTTP12-VERSION',
       'RFC9112-5.1-OBS-FOLD','RFC9110-5.6.2-SP-BEFORE-COLON',
       'RFC9112-5-EMPTY-HEADER-NAME','RFC9112-5-INVALID-HEADER-NAME',
       'RFC9112-5-HEADER-NO-COLON',
       'RFC9112-7.1-MISSING-HOST','RFC9110-5.4-DUPLICATE-HOST',
       'COMP-DUPLICATE-HOST-SAME','COMP-HOST-WITH-USERINFO','COMP-HOST-WITH-PATH',
+      'COMP-HOST-EMPTY-VALUE',
       'RFC9112-6.1-CL-NON-NUMERIC','RFC9112-6.1-CL-PLUS-SIGN'
     ]},
     { key: 'body', label: 'Body Handling', testIds: [
       'COMP-POST-CL-BODY','COMP-POST-CL-ZERO','COMP-POST-NO-CL-NO-TE',
       'COMP-POST-CL-UNDERSEND','COMP-CHUNKED-BODY','COMP-CHUNKED-MULTI',
       'COMP-CHUNKED-EMPTY','COMP-CHUNKED-NO-FINAL',
-      'COMP-GET-WITH-CL-BODY','COMP-CHUNKED-EXTENSION'
+      'COMP-GET-WITH-CL-BODY','COMP-CHUNKED-EXTENSION',
+      'COMP-CHUNKED-TRAILER-VALID','COMP-CHUNKED-HEX-UPPERCASE'
     ]},
     { key: 'methods-upgrade', label: 'Methods & Upgrade', testIds: [
       'COMP-METHOD-CONNECT','COMP-METHOD-CONNECT-NO-PORT',
       'COMP-UNKNOWN-TE-501','COMP-EXPECT-UNKNOWN','COMP-METHOD-TRACE',
+      'COMP-TRACE-WITH-BODY',
       'COMP-UPGRADE-POST','COMP-UPGRADE-MISSING-CONN',
-      'COMP-UPGRADE-UNKNOWN','COMP-UPGRADE-INVALID-VER'
+      'COMP-UPGRADE-UNKNOWN','COMP-UPGRADE-INVALID-VER',
+      'COMP-CONNECTION-CLOSE','COMP-HTTP10-DEFAULT-CLOSE','COMP-HTTP10-NO-HOST'
     ]}
   ];
   function render(data) {

docs/content/malformed-input/_index.md

@@ -24,15 +24,18 @@ A well-implemented server should respond with `400 Bad Request`, `414 URI Too Lo
   var GROUPS = [
     { key: 'oversized', label: 'Oversized & Invalid Bytes', testIds: [
       'MAL-LONG-URL','MAL-LONG-HEADER-NAME','MAL-LONG-HEADER-VALUE',
-      'MAL-LONG-METHOD','MAL-MANY-HEADERS','MAL-CHUNK-EXTENSION-LONG',
+      'MAL-LONG-METHOD','MAL-MANY-HEADERS','MAL-CHUNK-EXT-64K',
       'MAL-NUL-IN-URL','MAL-NUL-IN-HEADER-VALUE','MAL-CONTROL-CHARS-HEADER',
-      'MAL-NON-ASCII-HEADER-NAME','MAL-NON-ASCII-URL','MAL-BINARY-GARBAGE'
+      'MAL-NON-ASCII-HEADER-NAME','MAL-NON-ASCII-URL','MAL-BINARY-GARBAGE',
+      'MAL-POST-CL-HUGE-NO-BODY','MAL-RANGE-OVERLAPPING'
     ]},
     { key: 'parsing-edge', label: 'Parsing & Edge Cases', testIds: [
       'MAL-CL-OVERFLOW','MAL-CL-EMPTY','MAL-CHUNK-SIZE-OVERFLOW',
       'MAL-CL-TAB-BEFORE-VALUE',
       'MAL-INCOMPLETE-REQUEST','MAL-EMPTY-REQUEST',
-      'MAL-WHITESPACE-ONLY-LINE','MAL-H2-PREFACE'
+      'MAL-WHITESPACE-ONLY-LINE','MAL-H2-PREFACE',
+      'MAL-URL-BACKSLASH','MAL-URL-OVERLONG-UTF8',
+      'MAL-URL-PERCENT-NULL','MAL-URL-PERCENT-CRLF'
     ]}
   ];
   function render(data) {

docs/content/smuggling/_index.md

@@ -32,22 +32,29 @@ Some tests are **unscored** (marked with `*`). These send payloads where the RFC
       'SMUG-CL-COMMA-DIFFERENT','SMUG-CL-OCTAL','SMUG-CL-HEX-PREFIX',
       'SMUG-CL-INTERNAL-SPACE','SMUG-CL-COMMA-SAME',
       'SMUG-CL-TRAILING-SPACE','SMUG-CL-EXTRA-LEADING-SP',
+      'SMUG-CL-UNDERSCORE','SMUG-CL-NEGATIVE-ZERO','SMUG-CL-DOUBLE-ZERO',
+      'SMUG-CL-LEADING-ZEROS-OCTAL',
       'SMUG-TE-XCHUNKED','SMUG-TE-TRAILING-SPACE','SMUG-TE-SP-BEFORE-COLON',
       'SMUG-TE-EMPTY-VALUE','SMUG-TE-LEADING-COMMA','SMUG-TE-DUPLICATE-HEADERS',
       'SMUG-TE-NOT-FINAL-CHUNKED','SMUG-TE-IDENTITY',
       'SMUG-TE-DOUBLE-CHUNKED','SMUG-TE-CASE-MISMATCH',
+      'SMUG-TE-OBS-FOLD','SMUG-TE-TRAILING-COMMA','SMUG-TE-TAB-BEFORE-VALUE',
+      'SMUG-TE-VTAB','SMUG-TE-FORMFEED','SMUG-TE-NULL',
       'SMUG-TRANSFER_ENCODING','SMUG-CHUNKED-WITH-PARAMS'
     ]},
     { key: 'chunk', label: 'Chunk Encoding', testIds: [
       'SMUG-CHUNK-BARE-SEMICOLON','SMUG-CHUNK-HEX-PREFIX','SMUG-CHUNK-UNDERSCORE',
       'SMUG-CHUNK-LEADING-SP','SMUG-CHUNK-MISSING-TRAILING-CRLF',
       'SMUG-CHUNK-EXT-LF','SMUG-CHUNK-SPILL','SMUG-CHUNK-LF-TERM',
-      'SMUG-CHUNK-EXT-CTRL','SMUG-CHUNK-LF-TRAILER','SMUG-CHUNK-NEGATIVE'
+      'SMUG-CHUNK-EXT-CTRL','SMUG-CHUNK-EXT-CR','SMUG-CHUNK-LF-TRAILER',
+      'SMUG-CHUNK-NEGATIVE','SMUG-CHUNK-BARE-CR-TERM'
     ]},
-    { key: 'other', label: 'Headers, Trailers & Methods', testIds: [
-      'SMUG-BARE-CR-HEADER-VALUE','SMUG-HEADER-INJECTION',
+    { key: 'headers-trailers', label: 'Headers, Trailers & Methods', testIds: [
+      'SMUG-BARE-CR-HEADER-VALUE',
       'SMUG-TRAILER-CL','SMUG-TRAILER-TE','SMUG-TRAILER-HOST',
-      'SMUG-EXPECT-100-CL','SMUG-HEAD-CL-BODY','SMUG-OPTIONS-CL-BODY'
+      'SMUG-TRAILER-AUTH','SMUG-TRAILER-CONTENT-TYPE',
+      'SMUG-EXPECT-100-CL','SMUG-HEAD-CL-BODY','SMUG-OPTIONS-CL-BODY',
+      'SMUG-ABSOLUTE-URI-HOST-MISMATCH','SMUG-MULTIPLE-HOST-COMMA'
     ]}
   ];
   function render(data) {

docs/static/probe/render.js

@@ -138,7 +138,6 @@ window.ProbeRender = (function () {
     'SMUG-CLTE-PIPELINE': '/Http11Probe/docs/smuggling/clte-pipeline/',
     'SMUG-EXPECT-100-CL': '/Http11Probe/docs/smuggling/expect-100-cl/',
     'SMUG-HEAD-CL-BODY': '/Http11Probe/docs/smuggling/head-cl-body/',
-    'SMUG-HEADER-INJECTION': '/Http11Probe/docs/smuggling/header-injection/',
     'SMUG-OPTIONS-CL-BODY': '/Http11Probe/docs/smuggling/options-cl-body/',
     'SMUG-TE-CASE-MISMATCH': '/Http11Probe/docs/smuggling/te-case-mismatch/',
     'SMUG-TE-DOUBLE-CHUNKED': '/Http11Probe/docs/smuggling/te-double-chunked/',
@@ -155,7 +154,38 @@ window.ProbeRender = (function () {
     'SMUG-TRAILER-CL': '/Http11Probe/docs/smuggling/trailer-cl/',
     'SMUG-TRAILER-HOST': '/Http11Probe/docs/smuggling/trailer-host/',
     'SMUG-TRAILER-TE': '/Http11Probe/docs/smuggling/trailer-te/',
-    'SMUG-TRANSFER_ENCODING': '/Http11Probe/docs/smuggling/transfer-encoding-underscore/'
+    'SMUG-TRANSFER_ENCODING': '/Http11Probe/docs/smuggling/transfer-encoding-underscore/',
+    'COMP-CHUNKED-HEX-UPPERCASE': '/Http11Probe/docs/body/chunked-hex-uppercase/',
+    'COMP-CHUNKED-TRAILER-VALID': '/Http11Probe/docs/body/chunked-trailer-valid/',
+    'COMP-CONNECTION-CLOSE': '/Http11Probe/docs/headers/connection-close/',
+    'COMP-CONNECT-ORIGIN-FORM': '/Http11Probe/docs/request-line/connect-origin-form/',
+    'COMP-HOST-EMPTY-VALUE': '/Http11Probe/docs/host-header/host-empty-value/',
+    'COMP-HTTP10-DEFAULT-CLOSE': '/Http11Probe/docs/headers/http10-default-close/',
+    'COMP-HTTP10-NO-HOST': '/Http11Probe/docs/host-header/http10-no-host/',
+    'COMP-HTTP12-VERSION': '/Http11Probe/docs/request-line/http12-version/',
+    'COMP-METHOD-TRACE': '/Http11Probe/docs/request-line/method-trace/',
+    'COMP-REQUEST-LINE-TAB': '/Http11Probe/docs/request-line/request-line-tab/',
+    'COMP-TRACE-WITH-BODY': '/Http11Probe/docs/request-line/trace-with-body/',
+    'COMP-VERSION-LEADING-ZEROS': '/Http11Probe/docs/request-line/version-leading-zeros/',
+    'COMP-VERSION-MISSING-MINOR': '/Http11Probe/docs/request-line/version-missing-minor/',
+    'COMP-VERSION-WHITESPACE': '/Http11Probe/docs/request-line/version-whitespace/',
+    'MAL-POST-CL-HUGE-NO-BODY': '/Http11Probe/docs/malformed-input/post-cl-huge-no-body/',
+    'MAL-RANGE-OVERLAPPING': '/Http11Probe/docs/malformed-input/range-overlapping/',
+    'MAL-URL-BACKSLASH': '/Http11Probe/docs/malformed-input/url-backslash/',
+    'MAL-URL-OVERLONG-UTF8': '/Http11Probe/docs/malformed-input/url-overlong-utf8/',
+    'MAL-URL-PERCENT-CRLF': '/Http11Probe/docs/malformed-input/url-percent-crlf/',
+    'MAL-URL-PERCENT-NULL': '/Http11Probe/docs/malformed-input/url-percent-null/',
+    'SMUG-ABSOLUTE-URI-HOST-MISMATCH': '/Http11Probe/docs/smuggling/absolute-uri-host-mismatch/',
+    'SMUG-CHUNK-BARE-CR-TERM': '/Http11Probe/docs/smuggling/chunk-bare-cr-term/',
+    'SMUG-CL-DOUBLE-ZERO': '/Http11Probe/docs/smuggling/cl-double-zero/',
+    'SMUG-CL-LEADING-ZEROS-OCTAL': '/Http11Probe/docs/smuggling/cl-leading-zeros-octal/',
+    'SMUG-CL-NEGATIVE-ZERO': '/Http11Probe/docs/smuggling/cl-negative-zero/',
+    'SMUG-CL-UNDERSCORE': '/Http11Probe/docs/smuggling/cl-underscore/',
+    'SMUG-MULTIPLE-HOST-COMMA': '/Http11Probe/docs/smuggling/multiple-host-comma/',
+    'SMUG-TE-OBS-FOLD': '/Http11Probe/docs/smuggling/te-obs-fold/',
+    'SMUG-TE-TAB-BEFORE-VALUE': '/Http11Probe/docs/smuggling/te-tab-before-value/',
+    'SMUG-TE-TRAILING-COMMA': '/Http11Probe/docs/smuggling/te-trailing-comma/',
+    'SMUG-TRAILER-CONTENT-TYPE': '/Http11Probe/docs/smuggling/trailer-content-type/'
   };
 
   function testUrl(tid) {
@@ -202,8 +232,8 @@ window.ProbeRender = (function () {
       var s = sv.summary;
       var total = s.total || 1;
       var warnings = s.warnings || 0;
-      var failed = total - s.passed - warnings;
-      var passPct = (s.passed / total) * 100;
+      var failed = s.failed || 0;
+      var passPct = ((total - warnings - failed) / total) * 100;
       var warnPct = (warnings / total) * 100;
       var failPct = (failed / total) * 100;
       var rank = i + 1;
@@ -354,14 +384,30 @@ window.ProbeRender = (function () {
     injectScrollStyle();
     var el = document.getElementById(targetId);
     if (!el) return;
-    var html = '';
+
+    // Find tests in this category that aren't in any explicit group
+    var grouped = {};
     groups.forEach(function (g) {
+      g.testIds.forEach(function (tid) { grouped[tid] = true; });
+    });
+    var allCatTests = ctx.testIds.filter(function (tid) {
+      return ctx.lookup[ctx.names[0]][tid] && ctx.lookup[ctx.names[0]][tid].category === categoryKey;
+    });
+    var ungrouped = allCatTests.filter(function (tid) { return !grouped[tid]; });
+
+    var allGroups = groups.slice();
+    if (ungrouped.length > 0) {
+      allGroups.push({ key: 'other', label: 'Other', testIds: ungrouped });
+    }
+
+    var html = '';
+    allGroups.forEach(function (g) {
       var divId = targetId + '-' + g.key;
       html += '<h3 style="margin-top:1.5em;margin-bottom:0.3em;">' + g.label + '</h3>';
       html += '<div id="' + divId + '"></div>';
     });
     el.innerHTML = html;
-    groups.forEach(function (g) {
+    allGroups.forEach(function (g) {
       var divId = targetId + '-' + g.key;
       renderTable(divId, categoryKey, ctx, g.testIds);
     });

src/Http11Probe.Cli/Reporting/ConsoleReporter.cs

@@ -26,6 +26,9 @@ public static void PrintRow(TestResult result)
             _ => (ConsoleColor.Gray, "SKIP")
         };
 
+        if (!result.TestCase.Scored)
+            symbol += "*";
+
         var statusStr = result.Response is not null
             ? result.Response.StatusCode.ToString()
             : result.ConnectionState.ToString();
@@ -96,6 +99,9 @@ public static void PrintSummary(TestRunReport report)
             Console.ForegroundColor = prev;
         }
 
+        if (report.UnscoredCount > 0)
+            Console.Write($"  {report.UnscoredCount} unscored");
+
         if (report.SkipCount > 0)
             Console.Write($"  {report.SkipCount} skipped");
 

src/Http11Probe/Runner/TestRunReport.cs

@@ -12,4 +12,5 @@ public sealed class TestRunReport
     public int WarnCount => Results.Count(r => r.Verdict == TestVerdict.Warn);
     public int SkipCount => Results.Count(r => r.Verdict == TestVerdict.Skip);
     public int ErrorCount => Results.Count(r => r.Verdict == TestVerdict.Error);
+    public int UnscoredCount => Results.Count(r => !r.TestCase.Scored && r.Verdict != TestVerdict.Skip);
 }