diff --git a/.github/ISSUE_TEMPLATE/bug-report.md b/.github/ISSUE_TEMPLATE/bug-report.md new file mode 100644 index 0000000..950cd3f --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug-report.md @@ -0,0 +1,42 @@ +--- +name: Bug Report +about: Create a report to help us improve +title: '' +labels: 'bug' +assignees: '' + +--- + +# Bug Description + + +# Steps To Reproduce + + +# Expected Behavior + + +# Screenshots + + +# Environment + + +# Additional Context + + +# Proposed Solution + + +# Known Workarounds + + +# Useful Links + + +# Task Relationships + +This bug: +* Is caused by: +* Relates to: +* Depends on: diff --git a/.github/ISSUE_TEMPLATE/task.md b/.github/ISSUE_TEMPLATE/task.md new file mode 100644 index 0000000..b7cfb70 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/task.md @@ -0,0 +1,71 @@ +--- +name: Task +about: Template for creating tasks +title: '' +labels: '' +assignees: '' + +--- + +# Task Description + + + +# Open Questions + + + +# Notes + + + +# Task List + + + +The following tasks will need to be carried out: +* [ ] Investigate the issue. +* [ ] Provide a solution. +* [ ] Test the fix. +* [ ] Update the documentation. + +# Useful Commands + + +# Incurred Costs + + +# Task Relationships + +This task: +* Is a sub-task of: # +* Depends on: # +* Is a follow-up of: # +* Relates to: # + +# Resources + + + +# Useful Links + + +* [link1]() +* [link2]() +* [link3]() + +# Points of Contact + + diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..27722a8 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,24 @@ +# Pull Request Description + +This pull request fixes # + +# Questions + +* Does this pull request break backward compatibility? + * Yes + * No + +* Does this pull request require other pull requests to be merged first? + * Yes, please see # + * No + +* Does this require an update of the documentation? + * Yes, please update the documentation [here](), [here]() and [here](). + * No + +# Code Review And Pre-Merge Checklist + +* [ ] My code follows the coding convention of this project. +* [ ] I have performed a self-review of my own code. +* [ ] I have commented my code in hard-to-understand areas. +* [ ] My changes generate no new warnings. diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml new file mode 100644 index 0000000..df21e7e --- /dev/null +++ b/.github/workflows/build-and-publish.yml @@ -0,0 +1,131 @@ +# This Github workflow pushes the changes to the Kinsend Frontend to S3. +name: build-and-publish +run-name: Build and publish + +on: + workflow_dispatch: + inputs: + BRANCH: + type: choice + options: + - develop + - master + description: Branch to build and push + default: master + required: true + + repository_dispatch: + types: [ "ql:publish" ] + +#env: +# GIT_REF: ${{ inputs.BRANCH != '' && inputs.BRANCH || github.event.client_payload.pull_request.head.sha }} +# VERSION_REF: ${{ inputs.BRANCH != '' && inputs.BRANCH || format('PR-{0}', github.event.client_payload.github.payload.issue.number) }} + +# These permissions are required to allow writing comments and reporting check status. +permissions: + contents: write + pull-requests: write + actions: write + statuses: write + issues: write + checks: write + +jobs: + build-docker-image: + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + ref: ${{ env.GIT_REF }} + + - name: Get git commit hash + uses: pr-mpt/actions-commit-hash@v2 + id: commit + + - name: Configure dynamic variables + id: vars + run: | + # For local dev. + # GITHUB_OUTPUT=/dev/stdout + ref=${{ env.GIT_REF }} + echo "Ref => $ref" + + # The version of the CodeQL query pack + version=`cat vertx-codeql-queries/ql/src/qlpack.yml | head -n 3 | tail -n 1 | cut -d " " -f 2` + + # Check if this is a snapshot version + isSnapshot=false + if [[ $version == *"-alpha" ]]; then + isSnapshot=true + fi + + echo "version=$version" >> $GITHUB_OUTPUT + echo "isSnapshot=$isSnapshot" >> $GITHUB_OUTPUT + + - name: Build + run: | + + - name: Generate query help files + run: | + cd vertx-codeql-queries/ql/src + codeql generate query-help *.qhelp --format=markdown -o . + ls -al + + - name: Remove previous query pack version for snapshot + if: ${{ always() && (steps.vars.outputs.isSnapshot == 'true') }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + cd vertx-codeql-queries/ql/src + echo "Removing previous snapshot version..." + codeql pack remove vertx-codeql-queries --github-auth-stdin --version $version + + - name: Publish CodeQL query pack + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + cd vertx-codeql-queries/ql/src + codeql pack publish --github-auth-stdin --allow-prerelease + + - name: Post job report comment reaction + uses: peter-evans/create-or-update-comment@v3 + if: ${{ always() && (github.event.client_payload.slash_command.command != '') }} + with: + token: ${{ secrets.GITHUB_TOKEN }} + repository: ${{ github.event.client_payload.github.payload.repository.full_name }} + comment-id: ${{ github.event.client_payload.github.payload.comment.id }} + reactions: ${{ job.status == 'success' && 'hooray' || '-1' }} + + - name: Post job report comment failure + uses: peter-evans/create-or-update-comment@v3 + if: ${{ failure() && (github.event.client_payload.slash_command.command != '') }} + with: + token: ${{ secrets.GITHUB_TOKEN }} + repository: ${{ github.event.client_payload.github.payload.repository.full_name }} + comment-id: ${{ github.event.client_payload.github.payload.comment.id }} + reactions: ${{ job.status == 'success' && 'hooray' || '-1' }} + body: | + > 🔴 Failed to publish the package. For more details check the [build log](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}). + + - name: Post job report add comment on success push + uses: peter-evans/create-or-update-comment@v3 + if: ${{ success() && (github.event.client_payload.slash_command.command != '') }} + with: + token: ${{ secrets.GITHUB_TOKEN }} + repository: ${{ github.event.client_payload.github.payload.repository.full_name }} + issue-number: ${{ github.event.client_payload.github.payload.issue.number }} + body: | + #### Status + + 🟢 Pushed revision `${{ steps.vars.outputs.version }}` to [carlspring/vertx-codeql-queries:${{ version }}]https://github.com/users/carlspring/packages/container/package/vertx-codeql-queries). + + #### Build log + + * For more details check the [build log](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}). + + #### Test + + * ${{ job.status == 'success' && 'https://app.dev.kinsend.io/' || 'https://app.kinsend.io/' }} + * ${{ job.status == 'success' && 'https://app.dev.kinsend.io/manifest.json' || 'https://app.kinsend.io/manifest.json' }} diff --git a/.github/workflows/command-dispatcher.yml b/.github/workflows/command-dispatcher.yml new file mode 100644 index 0000000..504f91c --- /dev/null +++ b/.github/workflows/command-dispatcher.yml @@ -0,0 +1,42 @@ +name: command-dispatcher + +on: + issue_comment: + types: [created] + +## +## This does not work for private repositories anymore. +## You must use a bot token or you will receive the following error: +## Command 'XYZ' is not configured for the user's permission level 'none'. +## +#permissions: +# actions: write +# contents: write # For executing the repository_dispatch event +# issues: write # For doing the emoji reaction on an issue comment +# pull-requests: write # For doing the emoji reaction on a PR comment +# repository-projects: read +# checks: read +# statuses: read + +jobs: + dispatcher: + runs-on: ubuntu-latest + if: ${{ github.event.issue.pull_request }} + steps: + - name: Dispatching command + uses: peter-evans/slash-command-dispatch@v3 + with: + token: ${{ secrets.CS_DEVOPS_BOT_TOKEN }} + config: > + [ + { + "command": "ql:publish", + "permission": "write", + "issue_type": "pull-request" + }, + { + "command": "help", + "permission": "write", + "issue_type": "pull-request" + } + ] diff --git a/.github/workflows/command-help.yml b/.github/workflows/command-help.yml new file mode 100644 index 0000000..20e2cfd --- /dev/null +++ b/.github/workflows/command-help.yml @@ -0,0 +1,32 @@ +name: command-help +run-name: command-help-pr-${{ github.event.client_payload.github.payload.issue.number }} + +on: + repository_dispatch: + types: [help-command] + +permissions: + issues: write + pull-requests: write + contents: write + +jobs: + help: + runs-on: ubuntu-latest + steps: + - name: Dump the client payload context + env: + PAYLOAD_CONTEXT: ${{ toJson(github.event.client_payload) }} + run: echo "$PAYLOAD_CONTEXT" + + - name: Update comment + uses: peter-evans/create-or-update-comment@v2 + with: + token: ${{ secrets.GITHUB_TOKEN }} + repository: ${{ github.event.client_payload.github.payload.repository.full_name }} + comment-id: ${{ github.event.client_payload.github.payload.comment.id }} + body: | + > Command | Description + > ------------- | ----------- + > /ql:publish | Builds and deploys the current PR to the S3 bucket + reaction-type: hooray diff --git a/vertx-codeql-queries/ql/src/InsecureCorsHttpOrigin.java b/vertx-codeql-queries/ql/src/InsecureCorsHttpOrigin.java new file mode 100644 index 0000000..ea962c6 --- /dev/null +++ b/vertx-codeql-queries/ql/src/InsecureCorsHttpOrigin.java @@ -0,0 +1,51 @@ +package org.carlspring.security.vertx.http; + +import io.vertx.core.AbstractVerticle; +import io.vertx.core.http.HttpHeaders; +import io.vertx.core.http.HttpMethod; +import io.vertx.ext.web.Router; +import io.vertx.ext.web.handler.CorsHandler; + +/** + * @author carlspring + */ +public class InsecureCorsHttpOrigin + extends AbstractVerticle { + + @Override + public void start() { + // Create a router + Router router = Router.router(vertx); + + // Configure CORS handling with allowed origins, headers, and methods + CorsHandler corsHandler = CorsHandler.create() + // Insecure configuration that doesn't use HTTPS: + .addOrigin("http://example.com") + .allowedHeader(HttpHeaders.CONTENT_TYPE.toString()) + .allowedMethod(HttpMethod.GET) + .allowedMethod(HttpMethod.POST); + + // Mount the CORS handler + router.route().handler(corsHandler); + + // Set up routes + router.get("/api/data").handler(routingContext -> { + // Handle the request and send response + routingContext.response() + .putHeader(HttpHeaders.CONTENT_TYPE, "application/json") + .end("{\"message\":\"Hello, CORS!\"}"); + }); + + // Start the server + vertx.createHttpServer() + .requestHandler(router) + .listen(8080, ar -> { + if (ar.succeeded()) { + System.out.println("Server started on port 8080"); + } else { + System.err.println("Server failed to start: " + ar.cause()); + } + }); + } + +} diff --git a/vertx-codeql-queries/ql/src/InsecureCorsHttpOrigin.qhelp b/vertx-codeql-queries/ql/src/InsecureCorsHttpOrigin.qhelp new file mode 100644 index 0000000..21b5fa5 --- /dev/null +++ b/vertx-codeql-queries/ql/src/InsecureCorsHttpOrigin.qhelp @@ -0,0 +1,36 @@ + + + +

+ An HTTP server with a CORS configuration that allows unsecured HTTP connection is prone to exploits. +

+ + + +

Make sure the connection to the origins is established over HTTPS.

+ + +

Instead of an insecure HTTP connection to the origin, such as in the example below:

+ + + +

set up SSL like this:

+ + + + + +
  • + + Vert.x documentation + +
    • +
  • + + Exploiting CORS – How to pen-test Cross-Origin Resource Sharing Vulnerabilities + +
    • +     +     diff --git a/vertx-codeql-queries/ql/src/InsecureCorsHttpOrigin.ql b/vertx-codeql-queries/ql/src/InsecureCorsHttpOrigin.ql new file mode 100644 index 0000000..8d055bb --- /dev/null +++ b/vertx-codeql-queries/ql/src/InsecureCorsHttpOrigin.ql @@ -0,0 +1,37 @@ +/** + * @name Insecure CORS HTTP origin + * @description The CORS handler is configured to allow requests from hosts that are not secured over HTTPS. + * @kind problem + * @problem.severity critical + * @id java/vertx/insecure-cors-http-origin + * @tags security java/vertx + */ + +import java +import semmle.code.java.StringFormat + +class VertxCorsHandler extends RefType { + VertxCorsHandler() { + this.getASourceSupertype*().hasQualifiedName("io.vertx.ext.web.handler", "CorsHandler") + } +} + +class VertxCorsHandlerAddOriginMethodAccess extends MethodAccess { + VertxCorsHandlerAddOriginMethodAccess() { + exists(Method m | + this.getMethod() = m and + m.getName().matches("addOrigin") and + m.getDeclaringType() instanceof VertxCorsHandler and + this.getArgument(0).(StringLiteral).getValue().matches("http://%") + ) + } +} + +from VertxCorsHandlerAddOriginMethodAccess call, Expr expr, StringFormatMethod format +where + not call.getEnclosingCallable().getDeclaringType() instanceof VertxCorsHandler and + not call.getLocation().getFile().getRelativePath().matches("%/src/test/%") and + call.getArgument(format.getFormatStringIndex()) = expr +select + call, + "Insecure CORS configuration which allows unencrypted HTTP connections." diff --git a/vertx-codeql-queries/ql/src/InsecureCorsWildcardOrigin.java b/vertx-codeql-queries/ql/src/InsecureCorsWildcardOrigin.java new file mode 100644 index 0000000..65ce457 --- /dev/null +++ b/vertx-codeql-queries/ql/src/InsecureCorsWildcardOrigin.java @@ -0,0 +1,52 @@ +package org.carlspring.security.vertx.http; + +import io.vertx.core.AbstractVerticle; +import io.vertx.core.http.HttpHeaders; +import io.vertx.core.http.HttpMethod; +import io.vertx.ext.web.Router; +import io.vertx.ext.web.handler.CorsHandler; + +/** + * @author carlspring + */ +public class InsecureCorsWildcardOrigin + extends AbstractVerticle +{ + + @Override + public void start() + { + // Create a router + Router router = Router.router(vertx); + + // Allow all origins, headers, and methods (insecure configuration) + CorsHandler corsHandler = CorsHandler.create() + .addOrigin("*") + .allowedHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS.toString()) + .allowedMethod(HttpMethod.GET) + .allowedMethod(HttpMethod.POST); + + // Mount the CORS handler + router.route().handler(corsHandler); + + // Set up routes + router.get("/api/data").handler(routingContext -> { + // Handle the request and send response + routingContext.response().putHeader(HttpHeaders.CONTENT_TYPE, "application/json").end( + "{\"message\":\"Hello, CORS!\"}"); + }); + + // Start the server + vertx.createHttpServer().requestHandler(router).listen(8080, ar -> { + if (ar.succeeded()) + { + System.out.println("Server started on port 8080"); + } + else + { + System.err.println("Server failed to start: " + ar.cause()); + } + }); + } + +} diff --git a/vertx-codeql-queries/ql/src/InsecureCorsWildcardOrigin.qhelp b/vertx-codeql-queries/ql/src/InsecureCorsWildcardOrigin.qhelp new file mode 100644 index 0000000..7811755 --- /dev/null +++ b/vertx-codeql-queries/ql/src/InsecureCorsWildcardOrigin.qhelp @@ -0,0 +1,39 @@ + + + +

    + An HTTP server with a CORS configuration that allows wildcard origins is insecure, as it allows connections + from any host. +

    +     + + +

    Add explicit origins when configuring the CorsHandler.

    +     + + +

    Instead of adding a wildcard origin, such as in the example below:

    + + + +

    define the origins explicitly like this:

    + + +     + + +
  • + + Vert.x documentation + +
    • +
  • + + Exploiting CORS – How to Pentest Cross-Origin Resource Sharing Vulnerabilities + +
    • + +     +     diff --git a/vertx-codeql-queries/ql/src/InsecureCorsWildcardOrigin.ql b/vertx-codeql-queries/ql/src/InsecureCorsWildcardOrigin.ql new file mode 100644 index 0000000..1222de2 --- /dev/null +++ b/vertx-codeql-queries/ql/src/InsecureCorsWildcardOrigin.ql @@ -0,0 +1,37 @@ +/** + * @name Insecure CORS with wildcard origin + * @description The CORS handler is configured to allow requests from any hosts. + * @kind problem + * @problem.severity critical + * @id java/vertx/insecure-cors-wildcard + * @tags security java/vertx + */ + +import java +import semmle.code.java.StringFormat + +class VertxCorsHandler extends RefType { + VertxCorsHandler() { + this.getASourceSupertype*().hasQualifiedName("io.vertx.ext.web.handler", "CorsHandler") + } +} + +class VertxCorsHandlerAddOriginMethodAccess extends MethodAccess { + VertxCorsHandlerAddOriginMethodAccess() { + exists(Method m | + this.getMethod() = m and + m.getName().matches("addOrigin") and + m.getDeclaringType() instanceof VertxCorsHandler and + this.getArgument(0).(StringLiteral).getValue() = "*" + ) + } +} + +from VertxCorsHandlerAddOriginMethodAccess call, Expr expr, StringFormatMethod format +where + not call.getEnclosingCallable().getDeclaringType() instanceof VertxCorsHandler and + not call.getLocation().getFile().getRelativePath().matches("%/src/test/%") and + call.getArgument(format.getFormatStringIndex()) = expr +select + call, + "Insecure CORS configuration which allows wildcard origins." diff --git a/vertx-codeql-queries/ql/src/InsecureHttpServer.java b/vertx-codeql-queries/ql/src/InsecureHttpServer.java new file mode 100644 index 0000000..e45fd15 --- /dev/null +++ b/vertx-codeql-queries/ql/src/InsecureHttpServer.java @@ -0,0 +1,28 @@ +package org.carlspring.security.vertx.http; + +import io.vertx.core.AbstractVerticle; +import io.vertx.core.http.HttpServer; + +/** + * @author carlspring + */ +public class InsecureHttpServer + extends AbstractVerticle +{ + + @Override + public void start() + { + // Create an insecure HTTP server + HttpServer server = vertx.createHttpServer(); + + // Configure server settings + server.requestHandler(request -> { + request.response().end("Hello, World!"); + }); + + // Start the server + server.listen(8080); + } + +} diff --git a/vertx-codeql-queries/ql/src/InsecureHttpServer.qhelp b/vertx-codeql-queries/ql/src/InsecureHttpServer.qhelp new file mode 100644 index 0000000..e8198f2 --- /dev/null +++ b/vertx-codeql-queries/ql/src/InsecureHttpServer.qhelp @@ -0,0 +1,46 @@ + + + +

    + An HTTP server which does not use SSL/TLS is vulnerable to man-in-the-middle attacks. +

    +

    + Please, note that it may be safe to ignore this, only if you intend your application to be placed + behind a loadbalancer, which is itself securing the connections with the appropriate certificates. +

    +     + + +

    Use SSL/TLS to encrypt the communication between the client and the server.

    +     + + +

    Instead of setting up a plain HTTP server that doesn't use SSL, such as this one:

    + + + +

    + when creating an HTTP server, the setSsl method should be called on the + HttpServerOptions + object, and the setKeyStoreOptions method should be called on the + HttpServerOptions + object with a KeyStoreOptions + object as an argument. + + For example, code such as the one illustrated below should be used to create an HTTP server and secure + it with SSL: +

    + + +     + + +
  • + + Vert.x documentation + +
    • +     +     diff --git a/vertx-codeql-queries/ql/src/InsecureHttpServer.ql b/vertx-codeql-queries/ql/src/InsecureHttpServer.ql new file mode 100644 index 0000000..833eb86 --- /dev/null +++ b/vertx-codeql-queries/ql/src/InsecureHttpServer.ql @@ -0,0 +1,44 @@ +/** + * @name Use of insecure HTTP server + * @description The Vert.x HTTP server established insecure connections which are not using SSL/TLS. + * @kind problem + * @problem.severity high + * @id java/vertx/insecure-http-server + * @tags security java/vertx + */ + +import java +import semmle.code.java.StringFormat + +class Vertx extends RefType { + Vertx() { + this.getASourceSupertype*().hasQualifiedName("io.vertx.core", "Vertx") + } +} + +class VertxCreateHttpServerMethodAccess extends MethodAccess { + VertxCreateHttpServerMethodAccess() { + exists(Method m | + this.getMethod() = m and + m.getName().matches("createHttpServer") and + m.getDeclaringType() instanceof Vertx + ) + } +} + +class HttpOptionsExpr extends Expr { + HttpOptionsExpr() { + exists() + } +} + +// TODO: This does not cover HttpOptions being passed. + +from VertxCreateHttpServerMethodAccess call, Expr expr, StringFormatMethod format +where + not call.getEnclosingCallable().getDeclaringType() instanceof Vertx and + not call.getLocation().getFile().getRelativePath().matches("%src/test/%") and + call.getNumArgument() = 0 +select + call, + "Insecure HTTP server which allows unencrypted HTTP connections" diff --git a/vertx-codeql-queries/ql/src/SecureCorsServer.java b/vertx-codeql-queries/ql/src/SecureCorsServer.java new file mode 100644 index 0000000..f9f0b0c --- /dev/null +++ b/vertx-codeql-queries/ql/src/SecureCorsServer.java @@ -0,0 +1,61 @@ +package org.carlspring.security.vertx.http; + +import io.vertx.core.AbstractVerticle; +import io.vertx.core.http.HttpHeaders; +import io.vertx.core.http.HttpMethod; +import io.vertx.ext.web.Router; +import io.vertx.ext.web.handler.CorsHandler; + +/** + * @author carlspring + */ +public class SecureCorsServer extends AbstractVerticle { + + @Override + public void start() { + // Create a router + Router router = Router.router(vertx); + + // Configure CORS handling with allowed origins, headers, and methods + CorsHandler corsHandler = CorsHandler.create() + // 1) Use HTTPS + // 2) Use an explicitly defined origin + .addOrigin("https://example.com") + // 3) Define allowed headers + .allowedHeader(HttpHeaders.CONTENT_TYPE.toString()) + // 4) Define allowed methods + .allowedMethod(HttpMethod.GET) + .allowedMethod(HttpMethod.POST); + + // Mount the CORS handler + router.route().handler(corsHandler); + + // Set up routes + router.get("/api/data").handler(routingContext -> { + // Handle the request and send response + routingContext.response() + .putHeader(HttpHeaders.CONTENT_TYPE, "application/json") + .end("{\"message\":\"Hello, CORS!\"}"); + }); + + // Set up SSL + HttpServerOptions options = new HttpServerOptions() + // Set up SSL + .setSsl(true) + // Set up keystore + .setKeyStoreOptions(new JksOptions().setPath("keystore.jks") + .setPassword("keystore_password")); + + // Start the server + vertx.createHttpServer(options) + .requestHandler(router) + .listen(8080, ar -> { + if (ar.succeeded()) { + System.out.println("Server started on port 8080"); + } else { + System.err.println("Server failed to start: " + ar.cause()); + } + }); + } + +} diff --git a/vertx-codeql-queries/ql/src/SecureHttpServer.java b/vertx-codeql-queries/ql/src/SecureHttpServer.java new file mode 100644 index 0000000..b16de5a --- /dev/null +++ b/vertx-codeql-queries/ql/src/SecureHttpServer.java @@ -0,0 +1,40 @@ +package org.carlspring.security.vertx.http; + +import io.vertx.core.AbstractVerticle; +import io.vertx.core.http.HttpServer; +import io.vertx.core.http.HttpServerOptions; +import io.vertx.core.http.HttpServerResponse; +import io.vertx.core.net.JksOptions; + +/** + * @author carlspring + */ +public class SecureHttpServer extends AbstractVerticle { + + @Override + public void start() { + HttpServerOptions options = new HttpServerOptions() + // Set up SSL + .setSsl(true) + // Set up keystore + .setKeyStoreOptions(new JksOptions().setPath("keystore.jks") + .setPassword("keystore_password")); + + HttpServer server = vertx.createHttpServer(options); + + server.requestHandler(request -> { + HttpServerResponse response = request.response(); + response.putHeader("Content-Type", "text/plain"); + response.end("Hello, World! This is a secure connection."); + }); + + server.listen(8443, "localhost", result -> { + if (result.succeeded()) { + System.out.println("Server started on port 8443 with SSL/TLS"); + } else { + System.err.println("Server failed to start: " + result.cause()); + } + }); + } + +} diff --git a/vertx-codeql-queries/ql/src/codeql-pack.lock.yml b/vertx-codeql-queries/ql/src/codeql-pack.lock.yml new file mode 100644 index 0000000..d9c2623 --- /dev/null +++ b/vertx-codeql-queries/ql/src/codeql-pack.lock.yml @@ -0,0 +1,16 @@ +--- +lockVersion: 1.0.0 +dependencies: + codeql/java-all: + version: 0.6.2 + codeql/regex: + version: 0.0.13 + codeql/suite-helpers: + version: 0.4.1 + codeql/tutorial: + version: 0.0.10 + codeql/typetracking: + version: 0.0.10 + codeql/util: + version: 0.0.10 +compiled: false diff --git a/vertx-codeql-queries/ql/src/qlpack.yml b/vertx-codeql-queries/ql/src/qlpack.yml new file mode 100644 index 0000000..bd117f0 --- /dev/null +++ b/vertx-codeql-queries/ql/src/qlpack.yml @@ -0,0 +1,10 @@ +--- +name: carlspring/vertx-codeql-queries +version: 1.0.0-alpha +library: false +warnOnImplicitThis: false +extractor: java +dependencies: + codeql/java-all: "*" + codeql/suite-helpers: "*" +license: Apache-2.0 diff --git a/vertx-codeql-queries/ql/src/queries.xml b/vertx-codeql-queries/ql/src/queries.xml new file mode 100644 index 0000000..0d33187 --- /dev/null +++ b/vertx-codeql-queries/ql/src/queries.xml @@ -0,0 +1 @@ +