(camel) branch camel-4.10.x updated: fix(components/platform-http-main): sanitize potential user input

Thu, 13 Feb 2025 08:09:02 -0800 

This is an automated email from the ASF dual-hosted git repository.

pcongiusti pushed a commit to branch camel-4.10.x
in repository https://gitbox.apache.org/repos/asf/camel.git


The following commit(s) were added to refs/heads/camel-4.10.x by this push:
     new 5508f56f6ff fix(components/platform-http-main): sanitize potential 
user input
5508f56f6ff is described below

commit 5508f56f6ff9e8d343774b4342dcf3d4b0a9e32e
Author: Pasquale Congiusti <[email protected]>
AuthorDate: Thu Feb 13 09:47:22 2025 +0100

    fix(components/platform-http-main): sanitize potential user input
---
 .../apache/camel/component/platform/http/main/MainHttpServer.java   | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git 
a/components/camel-platform-http-main/src/main/java/org/apache/camel/component/platform/http/main/MainHttpServer.java
 
b/components/camel-platform-http-main/src/main/java/org/apache/camel/component/platform/http/main/MainHttpServer.java
index 4980ef51d0d..dd123a1dcbb 100644
--- 
a/components/camel-platform-http-main/src/main/java/org/apache/camel/component/platform/http/main/MainHttpServer.java
+++ 
b/components/camel-platform-http-main/src/main/java/org/apache/camel/component/platform/http/main/MainHttpServer.java
@@ -36,6 +36,7 @@ import java.util.Optional;
 import java.util.Set;
 import java.util.StringJoiner;
 import java.util.TreeSet;
+import java.util.regex.Pattern;
 import java.util.stream.Collectors;
 
 import io.vertx.core.Handler;
@@ -1309,9 +1310,10 @@ public class MainHttpServer extends ServiceSupport 
implements CamelContextAware,
                 if (!scheme) {
                     endpoint = endpoint + "*";
                 }
+                String quotedEndpoint = Pattern.quote(endpoint);
                 for (org.apache.camel.Route route : camelContext.getRoutes()) {
                     Endpoint e = route.getEndpoint();
-                    if (EndpointHelper.matchEndpoint(camelContext, 
e.getEndpointUri(), endpoint)) {
+                    if (EndpointHelper.matchEndpoint(camelContext, 
e.getEndpointUri(), quotedEndpoint)) {
                         target = e;
                         break;
                     }
@@ -1321,7 +1323,7 @@ public class MainHttpServer extends ServiceSupport 
implements CamelContextAware,
                     for (org.apache.camel.Route route : 
camelContext.getRoutes()) {
                         String id = route.getRouteId();
                         Endpoint e = route.getEndpoint();
-                        if (EndpointHelper.matchEndpoint(camelContext, id, 
endpoint)) {
+                        if (EndpointHelper.matchEndpoint(camelContext, id, 
quotedEndpoint)) {
                             target = e;
                             break;
                         }

Reply via email to