[jira] [Created] (CAMEL-19676) Do not log sensitive query parameters when route cannot be created

Fri, 28 Jul 2023 04:27:03 -0700 

Marco Bungart created CAMEL-19676:
-------------------------------------

             Summary: Do not log sensitive query parameters when route cannot 
be created
                 Key: CAMEL-19676
                 URL: https://issues.apache.org/jira/browse/CAMEL-19676
             Project: Camel
          Issue Type: New Feature
          Components: camel-log
    Affects Versions: 3.21.0, 3.13.0
            Reporter: Marco Bungart


When camel cannot create a route, a {{FailedToCreateRouteException}} is thrown. 
This exception shows all query parameters in clear text, including sensitive 
information, like password. It would be beneficial to also mask sensitive 
information in this exception.

interestingly enough, inner exceptions still mask the password.

---

A sample project showing the behaviour can be found on 
[{{github.com}}|https://github.com/turing85/camel-sftp].

To see the behaviour:
 * Clone the project

{code:java}
git clone https://github.com/turing85/camel-sftp.git
cd camel-sftp {code}
 * Start the sftp server:

{code:java}
docker-compose --file local-deployment/docker-compose.yml up --detach {code}
 * build the application

{code:java}
./mvnw clean package {code}

 * start the jar

{code:java}
java -jar target/camel-sftp-1.0-SNAPSHOT-executable-jar.jar {code}

 * observe the stack trace, containing the password:

{code:java}
Exception in thread "main" org.apache.camel.FailedToCreateRouteException: 
Failed to create route writer at: >>> 
To[sftp://localhost:10022?password=wrong%26foo&username=foo] <<< in route: 
Route(writer)[From[timer://write-timer?fixedRate=true&period... because of 
Failed to resolve endpoint: 
sftp://localhost:10022?password=xxxxxx&username=xxxxxx due to: Failed to 
resolve endpoint: sftp://localhost:10022?password=xxxxxx&username=xxxxxx due 
to: There are 1 parameters that couldn't be set on the endpoint. Check the uri 
if the parameters are spelt correctly and that they are properties of the 
endpoint. Unknown parameters=[{foo=}]
    at 
org.apache.camel.reifier.RouteReifier.doCreateRoute(RouteReifier.java:215)
    at org.apache.camel.reifier.RouteReifier.createRoute(RouteReifier.java:75)
    at 
org.apache.camel.impl.DefaultModelReifierFactory.createRoute(DefaultModelReifierFactory.java:49)
    at 
org.apache.camel.impl.DefaultCamelContext.startRouteDefinitions(DefaultCamelContext.java:937)
    at 
org.apache.camel.impl.DefaultCamelContext.startRouteDefinitions(DefaultCamelContext.java:800)
    at 
org.apache.camel.impl.engine.AbstractCamelContext.doInit(AbstractCamelContext.java:3028)
    at org.apache.camel.support.service.BaseService.init(BaseService.java:83)
    at 
org.apache.camel.impl.engine.AbstractCamelContext.init(AbstractCamelContext.java:2699)
    at org.apache.camel.support.service.BaseService.start(BaseService.java:111)
    at 
org.apache.camel.impl.engine.AbstractCamelContext.start(AbstractCamelContext.java:2718)
    at 
org.apache.camel.impl.DefaultCamelContext.start(DefaultCamelContext.java:262)
    at org.apache.camel.main.Main.doStart(Main.java:142)
    at org.apache.camel.support.service.BaseService.start(BaseService.java:119)
    at org.apache.camel.main.MainSupport.run(MainSupport.java:89)
    at de.turing85.camel.sftp.CamelSftp.main(CamelSftp.java:15)
Caused by: org.apache.camel.ResolveEndpointFailedException: Failed to resolve 
endpoint: sftp://localhost:10022?password=xxxxxx&username=xxxxxx due to: Failed 
to resolve endpoint: sftp://localhost:10022?password=xxxxxx&username=xxxxxx due 
to: There are 1 parameters that couldn't be set on the endpoint. Check the uri 
if the parameters are spelt correctly and that they are properties of the 
endpoint. Unknown parameters=[{foo=}]
    at 
org.apache.camel.impl.engine.AbstractCamelContext.doGetEndpoint(AbstractCamelContext.java:1020)
    at 
org.apache.camel.impl.engine.AbstractCamelContext.getEndpoint(AbstractCamelContext.java:931)
    at 
org.apache.camel.builder.endpoint.AbstractEndpointBuilder.resolve(AbstractEndpointBuilder.java:68)
    at org.apache.camel.reifier.SendReifier.resolveEndpoint(SendReifier.java:47)
    at org.apache.camel.reifier.SendReifier.createProcessor(SendReifier.java:37)
    at 
org.apache.camel.reifier.ProcessorReifier.makeProcessor(ProcessorReifier.java:857)
    at 
org.apache.camel.reifier.ProcessorReifier.addRoutes(ProcessorReifier.java:598)
    at 
org.apache.camel.reifier.RouteReifier.doCreateRoute(RouteReifier.java:211)
    ... 14 more
Caused by: org.apache.camel.ResolveEndpointFailedException: Failed to resolve 
endpoint: sftp://localhost:10022?password=xxxxxx&username=xxxxxx due to: There 
are 1 parameters that couldn't be set on the endpoint. Check the uri if the 
parameters are spelt correctly and that they are properties of the endpoint. 
Unknown parameters=[{foo=}]
    at 
org.apache.camel.support.DefaultComponent.validateParameters(DefaultComponent.java:300)
    at 
org.apache.camel.support.DefaultComponent.createEndpoint(DefaultComponent.java:192)
    at 
org.apache.camel.impl.engine.AbstractCamelContext.doGetEndpoint(AbstractCamelContext.java:986)
    ... 21 more {code}

---

Story:

*As* a developer

*When* I misconfigure my route so that it does not start

*Then* I want that all sensitive information are masked in the entire stack 
trace.

---
FTR: [relevant 
zulip-chat|https://camel.zulipchat.com/#narrow/stream/257298-camel/topic/Java.20DSL.20and.20.60RAW.28.2E.2E.2E.29.60.20parameters/near/379420624]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to