Spring Boot Code QL

Author: Georges034302

.github/codeql/config.yml

@@ -0,0 +1,21 @@
+name: "CodeQL Config"
+
+disable-default-queries: false
+
+queries:
+  - uses: security-and-quality
+  - uses: security-extended
+  - uses: .
+    from: userapp/secrets
+
+paths:
+  - 'UserApp/src/main/java'
+
+paths-ignore:
+  - '**/test/**'
+  - '**/generated/**'
+  - '**/target/**'
+
+query-filters:
+  - exclude:
+      tags contain: test

.github/codeql/qlpack.yml

@@ -0,0 +1,4 @@
+name: userapp/secrets
+version: 0.0.1
+dependencies:
+  codeql/java-all: "*"

.github/codeql/queries/FindHardcodedSecrets.ql

@@ -0,0 +1,25 @@
+/**
+ * @name Find hardcoded secrets
+ * @description Detects hardcoded secrets in code
+ * @kind problem
+ * @problem.severity warning
+ * @security-severity 8.0
+ * @id java/hardcoded-secrets
+ * @tags security
+ */
+
+import java
+
+from StringLiteral literal
+where
+  exists(Field field |
+    // Match field name patterns (case-insensitive)
+    field.getName().regexpMatch("(?i).*(api_?key|token|secret|password).*") and
+    // Match field initialization - this links the literal to the field
+    literal = field.getInitializer() and
+    // Match common secret patterns in the literal's value
+    literal.getValue().regexpMatch("(?i).*(sk_.*|apikey_.*|token_.*|[a-zA-Z0-9+/=]{32,})")
+  )
+select
+  literal,
+  "Hardcoded secret detected: '" + literal.getValue() + "'"

.github/dependabot.yml

@@ -0,0 +1,14 @@
+version: 2
+updates:
+  - package-ecosystem: "maven"
+    directory: "UserApp"
+    schedule:
+      interval: "daily"
+    labels:
+      - "dependencies"
+      - "automerge"
+    open-pull-requests-limit: 10
+    pull-request-branch-name:
+      separator: "-"
+    commit-message:
+      prefix: "📦 deps:"

.github/workflows/ci.yml

@@ -0,0 +1,21 @@
+name: Java CI
+
+on:
+  push:
+    branches: [main]
+
+jobs:
+  build:
+    name: Build and Test User App
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v3
+      - name: Set up JDK 21
+        uses: actions/setup-java@v3
+        with:
+          java-version: '21'
+          distribution: 'temurin'
+      - name: Build with Maven
+        run: mvn clean package
+        working-directory: UserApp

.github/workflows/codeql.yml

@@ -0,0 +1,62 @@
+name: CodeQL
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+permissions:
+  security-events: write
+  contents: read
+
+jobs:
+  analyze:
+    name: CodeQL Analyze Java
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Set up JDK 21
+        uses: actions/setup-java@v3
+        with:
+          java-version: '21'
+          distribution: 'temurin'
+          cache: maven
+
+      - name: Enable Debug Mode
+        run: |
+          echo "ACTIONS_STEP_DEBUG=true" >> $GITHUB_ENV
+          echo "CODEQL_EXTRACTOR_JAVA_ROOT_CAUSE_ANALYSIS=true" >> $GITHUB_ENV
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: java
+          config-file: .github/codeql/config.yml
+
+      - name: Build with Maven
+        run: |
+          cd session2/java/UserApp
+          mvn -B clean compile --no-transfer-progress
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3
+        with:
+          category: "/language:java"
+          output: results
+
+      - name: Debug Info
+        run: |
+          echo "Contents of .github/codeql:"
+          ls -R .github/codeql/
+          echo "Maven build directory:"
+          ls -R UserApp/target/
+
+      - name: Upload SARIF
+        uses: actions/upload-artifact@v4
+        with:
+          name: codeql-results
+          path: results/java.sarif
+          retention-days: 5

CONTRIBUTING.md

@@ -0,0 +1,37 @@
+CONTRIBUTING.md
+
+Contributing Guide for UserApp (Spring Boot + Maven)
+
+- Prerequisites: Java 21, Maven 3.8+
+- Fork the repository and clone your fork:
+  git clone <your-fork-url>
+  cd session2/java/UserApp
+
+- Build the project:
+  mvn clean install
+
+- Run the application:
+  ./mvnw spring-boot:run
+  or
+  mvn spring-boot:run
+
+- Code style:
+  - Follow Java and Spring Boot conventions
+  - Add Javadoc to public classes and methods
+  - Organize imports
+
+- Testing:
+  - Add or update unit tests for new features and bug fixes
+
+- Submitting changes:
+  - Push your branch to your fork
+  - Open a pull request against the main repository
+  - Ensure all CI checks pass
+
+- Reporting issues:
+  - Use GitHub Issues for bugs and feature requests
+  - Provide clear steps to reproduce and expected behavior
+- Test 1:
+  - code ql
+  - dependentbot
+  

INSTRUCTIONS.md

@@ -0,0 +1,28 @@
+INSTRUCTIONS.md
+
+Setup instructions:
+- Prerequisites: Java 21, Maven 3.8+
+- Clone the repository:
+  git clone <your-repo-url>
+  cd session2/java/UserApp
+- Configure application properties:
+  Edit src/main/resources/application.properties for API key, database, and Hibernate settings
+
+How to run the app:
+- ./mvnw spring-boot:run
+- or: mvn spring-boot:run
+
+API endpoints:
+- GET /api/user — Get user by email (query param: email)
+- POST /api/user — Create user (JSON body)
+- PUT /api/user — Update user (JSON body)
+- DELETE /api/user — Delete user by email (query param: email)
+
+Technologies used:
+- Spring Boot 3.x
+- Java 21
+- Maven
+- Spring Web
+- Spring Data JPA
+- H2 Database
+- GitHub