feat(csharp): add System.Net.HttpListener analyzer (#2154)

* feat(csharp): add HttpListener analyzer

* refactor(csharp): lex HttpListener source once for tokens + masked_lines

Reuse a single Noir::CSharpLexer instance to provide both comment spans
(for comment stripping) and masked_lines (for brace counting), instead
of lexing the source twice per file. Addresses Copilot review feedback.

Author: hahwul

spec/functional_test/fixtures/csharp/httplistener/Program.cs

@@ -0,0 +1,93 @@
+using System;
+using System.IO;
+using System.Net;
+using System.Text;
+using System.Threading.Tasks;
+
+public static class Program
+{
+    public static async Task Main()
+    {
+        var listener = new HttpListener();
+        listener.Prefixes.Add("http://localhost:8080/");
+        listener.Start();
+
+        while (true)
+        {
+            var context = await listener.GetContextAsync();
+            await Handle(context);
+        }
+    }
+
+    private static async Task Handle(HttpListenerContext context)
+    {
+        var request = context.Request;
+        var response = context.Response;
+        var method = request.HttpMethod;
+        var path = request.Url?.AbsolutePath ?? "/";
+
+        if (method == "GET" && path == "/health")
+        {
+            var trace = request.Headers["X-Trace-Id"];
+            Write(response, $"ok {trace}");
+        }
+        else if (path == "/search" && method.Equals("GET", StringComparison.OrdinalIgnoreCase))
+        {
+            var query = request.QueryString;
+            var q = query["q"];
+            var page = query.Get("page");
+            Write(response, $"{q}:{page}");
+        }
+        else if (method == "POST" && path == "/users")
+        {
+            var contentType = request.Headers.Get("Content-Type");
+            using var reader = new StreamReader(request.InputStream, request.ContentEncoding);
+            var body = await reader.ReadToEndAsync();
+            Write(response, $"{contentType}:{body}");
+        }
+        else if ("DELETE".Equals(method, StringComparison.OrdinalIgnoreCase) && path == "/users/delete")
+        {
+            var sid = request.Cookies["sid"]?.Value;
+            Write(response, sid ?? "");
+        }
+        else if (path == "/ready")
+        {
+            Write(response, "ready");
+        }
+
+        switch (path)
+        {
+            case "/status":
+                if (method == "HEAD")
+                {
+                    response.StatusCode = 204;
+                }
+                break;
+        }
+
+        switch (method)
+        {
+            case "PUT":
+                if (path == "/users")
+                {
+                    var requestId = request.Headers["X-Request-Id"];
+                    Write(response, requestId ?? "");
+                }
+                break;
+        }
+
+        switch ((method, path))
+        {
+            case ("PATCH", "/users/profile"):
+                var include = request.QueryString["include"];
+                Write(response, include ?? "");
+                break;
+        }
+    }
+
+    private static void Write(HttpListenerResponse response, string value)
+    {
+        var bytes = Encoding.UTF8.GetBytes(value);
+        response.OutputStream.Write(bytes, 0, bytes.Length);
+    }
+}

spec/functional_test/testers/csharp/httplistener_spec.cr

@@ -0,0 +1,45 @@
+require "../../func_spec.cr"
+
+expected_endpoints = [
+  Endpoint.new("/health", "GET", [
+    Param.new("X-Trace-Id", "", "header"),
+  ]),
+  Endpoint.new("/search", "GET", [
+    Param.new("q", "", "query"),
+    Param.new("page", "", "query"),
+  ]),
+  Endpoint.new("/users", "POST", [
+    Param.new("Content-Type", "", "header"),
+    Param.new("body", "", "json"),
+  ]),
+  Endpoint.new("/users/delete", "DELETE", [
+    Param.new("sid", "", "cookie"),
+  ]),
+  Endpoint.new("/ready", "GET"),
+  Endpoint.new("/status", "HEAD"),
+  Endpoint.new("/users", "PUT", [
+    Param.new("X-Request-Id", "", "header"),
+  ]),
+  Endpoint.new("/users/profile", "PATCH", [
+    Param.new("include", "", "query"),
+  ]),
+]
+
+tester = FunctionalTester.new("fixtures/csharp/httplistener/", {
+  :techs     => 1,
+  :endpoints => expected_endpoints.size,
+}, expected_endpoints)
+
+tester.perform_tests
+
+describe "C# HttpListener analyzer edge cases" do
+  it "marks endpoints with the dedicated technology" do
+    health = tester.app.endpoints.find { |e| e.url == "/health" && e.method == "GET" }
+    health.should_not be_nil
+    health.as(Endpoint).details.technology.should eq "cs_httplistener"
+  end
+
+  it "does not emit a default GET for a path switch case that contains method dispatch" do
+    tester.app.endpoints.any? { |e| e.url == "/status" && e.method == "GET" }.should be_false
+  end
+end

spec/unit_test/detector/csharp/httplistener_spec.cr

@@ -0,0 +1,37 @@
+require "../../../../src/detector/detectors/csharp/*"
+
+describe "Detect C# System.Net.HttpListener" do
+  config_init = ConfigInitializer.new
+  options = config_init.default_options
+  instance = Detector::CSharp::HttpListener.new options
+
+  it "detects bare HttpListener server setup" do
+    instance.detect("Program.cs", <<-CS).should be_true
+      using System.Net;
+
+      var listener = new HttpListener();
+      listener.Prefixes.Add("http://localhost:8080/");
+      listener.Start();
+      var context = await listener.GetContextAsync();
+      CS
+  end
+
+  it "detects fully qualified HttpListener construction" do
+    instance.detect("Program.cs", <<-CS).should be_true
+      var listener = new System.Net.HttpListener();
+      listener.Prefixes.Add("http://localhost:8080/");
+      CS
+  end
+
+  it "ignores handler-only references without server setup" do
+    instance.detect("Handler.cs", "void Handle(HttpListenerContext context) { }").should be_false
+  end
+
+  it "ignores unrelated HttpListener type names" do
+    instance.detect("Errors.cs", "catch (HttpListenerException ex) { Console.WriteLine(ex); }").should be_false
+  end
+
+  it "ignores non-C# files" do
+    instance.detect("notes.txt", "var listener = new HttpListener(); listener.Prefixes.Add(\"http://localhost:8080/\");").should be_false
+  end
+end

src/analyzer/analyzer.cr

@@ -29,6 +29,7 @@ def initialize_analyzers(logger : NoirLogger)
     {"cs_aspnet_core_minimal_api", CSharp::MinimalApis},
     {"cs_carter", CSharp::Carter},
     {"cs_fastendpoints", CSharp::FastEndpoints},
+    {"cs_httplistener", CSharp::HttpListener},
     {"crystal_amber", Crystal::Amber},
     {"crystal_grip", Crystal::Grip},
     {"crystal_kemal", Crystal::Kemal},