support for vertx 5.1

[vandonr]

What Does This Do

Adapt existing instrumentation for vertx 5.1:

• Http1xServerResponse replaced by HttpServerResponseImpl
• Http1xServerRequest moved to Http1ServerRequest
• stuff around IAST

Motivation

Additional Notes

I tried to keep the commits cleanly separated between copying the existing instrumentations that were ported and then modifying them in a separate commit, so that the changes are more readable. Do select individual commits when reviewing.

Contributor Checklist

• Format the title according to the contribution guidelines
• Assign the type: and (comp: or inst:) labels in addition to any other useful labels
• Avoid using close, fix, or any linking keywords when referencing an issue
  Use solves instead, and assign the PR milestone to the issue
• Update the CODEOWNERS file on source file addition, migration, or deletion
• Update public documentation with any new configuration flags or behaviors
• Add your completed PR to the merge queue by commenting /merge. You can also:
  • Customize the commit message associated with the merge with /merge --commit-message "..."
  • Remove your PR from the merge queue with /merge -c
  • Skip all merge queue checks with /merge -f --reason "reason"; please use this judiciously, as some checks do not run at the PR-level (note: the PR still needs to be mergeable, this will only skip the pre-merge build)
  • Get more information in this doc

Jira ticket: [PROJ-IDENT]

[dd-octo-sts]

Hi! 👋 Thanks for your pull request! 🎉

To help us review it, please make sure to:

• Add at least one type, and one component or instrumentation label to the pull request

If you need help, please check our contributing guidelines.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 94f46421d6

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Convert new Vert.x 5.1 specs to JUnit 5

The root AGENTS.md explicitly says to always use JUnit 5 and not write new Groovy/Spock tests. This commit adds new .groovy specs under vertx-web-5.1 (including this one and several others), so the change violates the repo's test-convention gate and should be converted to JUnit 5 instead of adding more Spock coverage.

Useful? React with 👍 / 👎.

[vandonr]

yeah well they are only copied from existing tests, I guess that's OK ?
I added the tag to ignore it.

[dd-octo-sts]

🟢 Java Benchmark SLOs — All performance SLOs passed

Suite	Status
Startup	🟢 pass

SLO thresholds are defined here based on automatically generated metrics. A warning is raised when results are within 5% of the threshold.

PR vs. master results

Scenario	Candidate	master	Δ (95% CI of mean)
startup:insecure-bank:iast:Agent	14.00 s	13.94 s	[-0.2%; +1.1%] (no difference)
startup:insecure-bank:tracing:Agent	12.99 s	13.05 s	[-1.5%; +0.6%] (no difference)
startup:petclinic:appsec:Agent	16.89 s	16.65 s	[+0.3%; +2.6%] (maybe worse)
startup:petclinic:iast:Agent	16.22 s	16.89 s	[-8.3%; +0.5%] (no difference)
startup:petclinic:profiling:Agent	16.79 s	16.86 s	[-1.4%; +0.6%] (no difference)
startup:petclinic:sca:Agent	16.82 s	16.76 s	[-0.5%; +1.3%] (no difference)
startup:petclinic:tracing:Agent	15.94 s	16.14 s	[-2.2%; -0.3%] (maybe better)

Commit: d90868d8 · CI Pipeline · Benchmarking Platform UI

---

Load and DaCapo benchmarks can be triggered manually in the GitLab pipeline. Results will appear in the Benchmarking Platform UI after completion.

[vandonr]

@codex review

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 4e94baa47e

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Add a runtime 5.1 gate to the 5.0 instrumenters

This Gradle muzzle range only changes validation; it does not affect the runtime matcher generated for the existing 5.0 modules. The 5.0 HttpServerRequestInstrumentation and RoutingContextImplInstrumentation still only require HTTP_HEADERS_INTERNAL, which remains present in Vert.x 5.1, so Vert.x 5.1 apps will load the old 5.0 AppSec body/file-upload advices alongside the new 5.1 ones and can publish request bodies or file names twice. Add a 5.1-exclusive runtime gate or otherwise stop the 5.0 instrumenters from matching 5.1.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Gate the new AppSec advice to Vert.x 5.1 at runtime

Because this 5.1 instrumenter only checks the 5.0-era HTTP_HEADERS_INTERNAL reference, it will also match Vert.x 5.0 class loaders. For Vert.x 5.0 apps, adding this module makes the 5.1 bodyHandler advice run in addition to the existing 5.0 advice, double-wrapping the handler and causing the request-body AppSec callback to be delivered twice. Include the VERTX_5_1 reference here before applying the 5.1 advice.

Useful? React with 👍 / 👎.