Stealth: Download API

[cookiengineer]

The Download implementation is the outsourced Download stream that abstracts away all the necessary overhead that's necessary for 206 Partial Content, whereas the Request API should be the high-level abstraction that doesn't necessarily depend on the HTTP/S Protocols; but could be used as a virtual transport layer - so that Request will also handle the peer to peer logic.

However, this arises a new problem. The current Download API is implemented without any knowledge about Stealth's internal APIs. It made sense to implement this in order to focus only on HTTP/S protocol quirks. But many download servers on the internet actually use location redirects behind URLs, so this somehow needs to be supported now, too - and requires the Download to have a reference of the Stealth instance so that it can do DNS lookups.

This kinda sucks for the Covert Reviews which should be failsafe with one guaranteed endpoint. So this issue is open until a better solution arises for that. Maybe the Request should be able to follow redirects at one point?

• Redirects in Downloads are currently unsupported
• Optionally integrate Stealth as parameter in new Download()
• Integrate stealth services for hosts/redirects lookup

[cookiengineer]

Most of the standalone Download API has been implemented. The Review, however, needs more test cases for servers that return invalid responses (e.g. the wrong 206 byte ranges or the wrong content-length like it's the case with HTTP smuggling techniques).

• Add tests for wrong 206 byte range responses
• Add tests for wrong content-length
• Add tests for transfer-encoding: chunked with content-length (HTTP smuggled payload)
• Add tests for invalid transfer-encoding: chunked responses (e.g. second frame is bigger/smaller than expected)