Validate an HTTP method against an allowlist

Challenge

Implement int is_valid_http_method(const char *m) returning 1 if m is exactly one of:

• GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH

Otherwise return 0. The comparison is case-sensitive (HTTP methods are uppercase by convention).

Examples

is_valid_http_method("GET")     -> 1
is_valid_http_method("POST")    -> 1
is_valid_http_method("PATCH")   -> 1
is_valid_http_method("TRACE")   -> 0
is_valid_http_method("get")     -> 0  // case sensitive
is_valid_http_method("CONNECT") -> 0  // intentionally excluded
is_valid_http_method("")        -> 0
is_valid_http_method(NULL)      -> 0

Why this matters

The first byte of every HTTP request is attacker-controlled. Refusing weird methods (TRACE, CONNECT, the legendary GETT) is a one-line defence that blocks an entire class of cache-pollution and request-smuggling tricks.

Input format

Null-terminated string (or NULL).

Output format

0/1.

Constraints

Pure comparison, no allocations.

Starter code

int is_valid_http_method(const char *m) { /* TODO */ return 0; }

Common mistakes

Including TRACE (information-leak prone) or CONNECT (proxy tunneling). Doing a case-insensitive compare.

Edge cases to handle

NULL; empty; lowercase; near-matches like GETT.

Complexity

O(1) — constant work over a fixed table.

Background lessons

• HTTP/1.1 protocol structure
• Input validation

Up next

• Parse HTTP request line (method + path)
• Build an HTTP GET request