Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update Vert.x version to 4.4.6 #36544

Merged
merged 1 commit into from
Oct 19, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions bom/application/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@
<smallrye-context-propagation.version>2.1.0</smallrye-context-propagation.version>
<smallrye-reactive-streams-operators.version>1.0.13</smallrye-reactive-streams-operators.version>
<smallrye-reactive-types-converter.version>3.0.1</smallrye-reactive-types-converter.version>
<smallrye-mutiny-vertx-binding.version>3.6.0</smallrye-mutiny-vertx-binding.version>
<smallrye-mutiny-vertx-binding.version>3.7.2</smallrye-mutiny-vertx-binding.version>
<smallrye-reactive-messaging.version>4.10.1</smallrye-reactive-messaging.version>
<smallrye-stork.version>2.3.1</smallrye-stork.version>
<jakarta.activation.version>2.1.2</jakarta.activation.version>
Expand Down Expand Up @@ -120,7 +120,7 @@
<wildfly-client-config.version>1.0.1.Final</wildfly-client-config.version>
<wildfly-elytron.version>2.2.2.Final</wildfly-elytron.version>
<jboss-threads.version>3.5.0.Final</jboss-threads.version>
<vertx.version>4.4.5</vertx.version>
<vertx.version>4.4.6</vertx.version>
<httpclient.version>4.5.14</httpclient.version>
<httpcore.version>4.4.16</httpcore.version>
<httpasync.version>4.1.5</httpasync.version>
Expand Down
2 changes: 1 addition & 1 deletion docs/src/main/asciidoc/resteasy-reactive.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -16,9 +16,9 @@
:httpspec: https://tools.ietf.org/html/rfc7231
:jsonpapi: https://javadoc.io/doc/jakarta.json/jakarta.json-api/2.1.2/jakarta.json
:injectapi: https://javadoc.io/static/jakarta.inject/jakarta.inject-api/2.0.1/jakarta.inject
:vertxapi: https://javadoc.io/static/io.vertx/vertx-core/4.4.5
:vertxapi: https://javadoc.io/static/io.vertx/vertx-core/4.4.6
:resteasy-reactive-api: https://javadoc.io/doc/io.quarkus.resteasy.reactive/resteasy-reactive/{quarkus-version}

Check warning on line 20 in docs/src/main/asciidoc/resteasy-reactive.adoc

View workflow job for this annotation

GitHub Actions / Linting with Vale

[vale] reported by reviewdog 🐶 [Quarkus.Spelling] Use correct American English spelling. Did you really mean 'resteasy'? Raw Output: {"message": "[Quarkus.Spelling] Use correct American English spelling. Did you really mean 'resteasy'?", "location": {"path": "docs/src/main/asciidoc/resteasy-reactive.adoc", "range": {"start": {"line": 20, "column": 2}}}, "severity": "WARNING"}

Check warning on line 20 in docs/src/main/asciidoc/resteasy-reactive.adoc

View workflow job for this annotation

GitHub Actions / Linting with Vale

[vale] reported by reviewdog 🐶 [Quarkus.CaseSensitiveTerms] Use 'RESTEasy' rather than 'resteasy'. Raw Output: {"message": "[Quarkus.CaseSensitiveTerms] Use 'RESTEasy' rather than 'resteasy'.", "location": {"path": "docs/src/main/asciidoc/resteasy-reactive.adoc", "range": {"start": {"line": 20, "column": 2}}}, "severity": "INFO"}
:resteasy-reactive-common-api: https://javadoc.io/doc/io.quarkus.resteasy.reactive/resteasy-reactive-common/{quarkus-version}

Check warning on line 21 in docs/src/main/asciidoc/resteasy-reactive.adoc

View workflow job for this annotation

GitHub Actions / Linting with Vale

[vale] reported by reviewdog 🐶 [Quarkus.TermsSuggestions] Depending on the context, consider using 'because' or 'while' rather than 'as'. Raw Output: {"message": "[Quarkus.TermsSuggestions] Depending on the context, consider using 'because' or 'while' rather than 'as'.", "location": {"path": "docs/src/main/asciidoc/resteasy-reactive.adoc", "range": {"start": {"line": 21, "column": 7}}}, "severity": "INFO"}

This guide explains how to write REST Services with RESTEasy Reactive in Quarkus.

Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
package io.quarkus.reactive.pg.client;

import static org.junit.jupiter.api.Assertions.assertEquals;

import java.math.BigDecimal;

import org.junit.jupiter.api.Test;

import io.vertx.pgclient.data.Money;

/**
* Reproduce <a href="https://github.com/quarkusio/quarkus/issues/36144">PG Reactive Client: Cannot create Money value in Range
* (-1.00, 0.00)</a>.
*/
public class MoneyTest {

@Test
void testMoney() {
Money money = new Money(new BigDecimal("-1.11"));
assertEquals(BigDecimal.valueOf(-1.11), money.bigDecimalValue());

money = new Money(new BigDecimal("-0.11"));
assertEquals(BigDecimal.valueOf(-0.11), money.bigDecimalValue());
}

}
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
package io.quarkus.vertx.http;

import static org.junit.jupiter.api.Assertions.assertEquals;

import jakarta.enterprise.context.ApplicationScoped;
import jakarta.enterprise.event.Observes;

import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.RegisterExtension;

import io.quarkus.test.QuarkusUnitTest;
import io.restassured.RestAssured;
import io.vertx.ext.web.Router;

/**
* Reproduce <a href="https://github.com/quarkusio/quarkus/issues/36234">NullPointerException for request with empty Host
* header</a>.
*/
public class EmptyHostTest {

@RegisterExtension
static final QuarkusUnitTest config = new QuarkusUnitTest()
.withApplicationRoot((jar) -> jar
.addClasses(BeanRegisteringRouteUsingObserves.class));

@Test
public void testWithEmptyHost() {
assertEquals(RestAssured
.given()
.header("Host", "")
.get("/hello")
.asString(), "Hello World! ");

}

@ApplicationScoped
static class BeanRegisteringRouteUsingObserves {

public void register(@Observes Router router) {

router.route("/hello").handler(ctx -> ctx.response().end("Hello World! " + ctx.request().host()));
}

}

}
Original file line number Diff line number Diff line change
@@ -0,0 +1,105 @@
package io.quarkus.vertx.http.http2;

import static io.vertx.core.http.HttpMethod.GET;
import static org.junit.jupiter.api.Assertions.fail;

import java.io.File;
import java.net.URL;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.TimeUnit;

import jakarta.enterprise.context.ApplicationScoped;
import jakarta.enterprise.event.Observes;

import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Assumptions;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.RegisterExtension;

import io.quarkus.test.QuarkusUnitTest;
import io.quarkus.test.common.http.TestHTTPResource;
import io.quarkus.vertx.core.runtime.VertxCoreRecorder;
import io.vertx.core.http.HttpClient;
import io.vertx.core.http.HttpClientOptions;
import io.vertx.core.http.HttpClientRequest;
import io.vertx.core.http.HttpVersion;
import io.vertx.core.net.JdkSSLEngineOptions;
import io.vertx.ext.web.Router;

/**
* Configuration of the RST flood protection (CVE-2023-44487)
*/
public class Http2RSTFloodProtectionConfigTest {

@TestHTTPResource(value = "/ping", ssl = true)
URL sslUrl;

@TestHTTPResource(value = "/ping")
URL url;

@RegisterExtension
static final QuarkusUnitTest config = new QuarkusUnitTest()
.withApplicationRoot((jar) -> jar
.addClasses(MyBean.class)
.addAsResource(new File("src/test/resources/conf/ssl-jks-rst-flood-protection.conf"),
"application.properties")
.addAsResource(new File("src/test/resources/conf/server-keystore.jks"), "server-keystore.jks"));

@Test
void testRstFloodProtectionWithTlsEnabled() throws Exception {
Assumptions.assumeTrue(JdkSSLEngineOptions.isAlpnAvailable()); //don't run on JDK8
HttpClientOptions options = new HttpClientOptions()
.setUseAlpn(true)
.setProtocolVersion(HttpVersion.HTTP_2)
.setSsl(true)
.setTrustAll(true);

var client = VertxCoreRecorder.getVertx().get().createHttpClient(options);
int port = sslUrl.getPort();
run(client, port, false);
}

@Test
public void testRstFloodProtection() throws InterruptedException {
HttpClientOptions options = new HttpClientOptions()
.setProtocolVersion(HttpVersion.HTTP_2)
.setHttp2ClearTextUpgrade(true);
var client = VertxCoreRecorder.getVertx().get().createHttpClient(options);
run(client, url.getPort(), true);
}

void run(HttpClient client, int port, boolean plain) throws InterruptedException {
CountDownLatch latch = new CountDownLatch(1);
client.connectionHandler(conn -> conn.goAwayHandler(ga -> {
Assertions.assertEquals(11, ga.getErrorCode());
latch.countDown();
}));

if (plain) {
// Emit a first request to establish a connection.
// It's HTTP/1 so, does not count in the number of requests.
client.request(GET, port, "localhost", "/ping")
.compose(HttpClientRequest::send);
}

for (int i = 0; i < 20; i++) {
client.request(GET, port, "localhost", "/ping")
.onSuccess(req -> req.end().onComplete(v -> req.reset()));
}

if (!latch.await(10, TimeUnit.SECONDS)) {
fail("RST flood protection failed");
}
}

@ApplicationScoped
public static class MyBean {

public void register(@Observes Router router) {
router.get("/ping").handler(rc -> {
// Do nothing.
});
}

}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@

quarkus.http.ssl.certificate.key-store-file=server-keystore.jks
quarkus.http.ssl.certificate.key-store-password=secret

quarkus.http.limits.rst-flood-max-rst-frame-per-window=10
quarkus.http.limits.rst-flood-window-duration=10s
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
package io.quarkus.vertx.http.runtime;

import java.time.Duration;
import java.util.Optional;
import java.util.OptionalInt;
import java.util.OptionalLong;
Expand Down Expand Up @@ -86,4 +87,20 @@ public class ServerLimitsConfig {
@ConfigItem
public OptionalLong maxHeaderListSize;

/**
* Set the max number of RST frame allowed per time window, this is used to prevent
* <a href="https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p">HTTP/2 RST frame flood DDOS
* attacks</a>. The default value is {@code 200}, setting zero or a negative value, disables flood protection.
*/
@ConfigItem
public OptionalInt rstFloodMaxRstFramePerWindow;

/**
* Set the duration of the time window when checking the max number of RST frames, this is used to prevent
* <a href="https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p">HTTP/2 RST frame flood DDOS
* attacks</a>.. The default value is {@code 30 s}, setting zero or a negative value, disables flood protection.
*/
@ConfigItem
public Optional<Duration> rstFloodWindowDuration;

}
Original file line number Diff line number Diff line change
Expand Up @@ -275,6 +275,18 @@ public static void applyCommonOptions(HttpServerOptions httpServerOptions,
settings.setMaxHeaderListSize(httpConfiguration.limits.maxHeaderListSize.getAsLong());
}
httpServerOptions.setInitialSettings(settings);

// RST attack protection - https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p
if (httpConfiguration.limits.rstFloodMaxRstFramePerWindow.isPresent()) {
httpServerOptions
.setHttp2RstFloodMaxRstFramePerWindow(httpConfiguration.limits.rstFloodMaxRstFramePerWindow.getAsInt());
}
if (httpConfiguration.limits.rstFloodWindowDuration.isPresent()) {
httpServerOptions.setHttp2RstFloodWindowDuration(
(int) httpConfiguration.limits.rstFloodWindowDuration.get().toSeconds());
httpServerOptions.setHttp2RstFloodWindowDurationTimeUnit(TimeUnit.SECONDS);
}

}

httpServerOptions.setUseProxyProtocol(httpConfiguration.proxy.useProxyProtocol);
Expand Down
2 changes: 1 addition & 1 deletion independent-projects/resteasy-reactive/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@
<version.surefire.plugin>3.1.2</version.surefire.plugin>
<mutiny.version>2.5.1</mutiny.version>
<smallrye-common.version>2.1.2</smallrye-common.version>
<vertx.version>4.4.5</vertx.version>
<vertx.version>4.4.6</vertx.version>
<rest-assured.version>5.3.2</rest-assured.version>
<commons-logging-jboss-logging.version>1.0.0.Final</commons-logging-jboss-logging.version>
<jackson-bom.version>2.15.2</jackson-bom.version>
Expand Down