[
https://issues.apache.org/jira/browse/CAMEL-19676?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17748641#comment-17748641
]
Claus Ibsen commented on CAMEL-19676:
-------------------------------------
Thanks for the sample project.
So its a corner case with the route model where to/toD are outputting the uri
in that situation only.
I am masking the passwords like its done in other places, and now its shown as
xxxxxxxx
{code}
~/Downloads/camel-sftp main !1 ❯ java -jar
target/camel-sftp-1.0-SNAPSHOT-executable-jar.jar
4s
WARNING: sun.reflect.Reflection.getCallerClass is not supported. This will
impact performance.
[ main] MainSupport INFO Apache
Camel (Main) 4.0.0-SNAPSHOT is starting
Exception in thread "main" org.apache.camel.FailedToCreateRouteException:
Failed to create route writer at: >>>
To[sftp://localhost:10022?password=xxxxxx&username=xxxxxx] <<< in route:
Route(writer)[From[timer://write-timer?fixedRate=true&period... because of
Failed to resolve endpoint:
sftp://localhost:10022?password=xxxxxx&username=xxxxxx due to: Failed to
resolve endpoint: sftp://localhost:10022?password=xxxxxx&username=xxxxxx due
to: There are 1 parameters that couldn't be set on the endpoint. Check the uri
if the parameters are spelt correctly and that they are properties of the
endpoint. Unknown parameters=[{foo=}]
at
org.apache.camel.reifier.RouteReifier.doCreateRoute(RouteReifier.java:217)
{code}
> Do not log sensitive query parameters when route cannot be created
> ------------------------------------------------------------------
>
> Key: CAMEL-19676
> URL: https://issues.apache.org/jira/browse/CAMEL-19676
> Project: Camel
> Issue Type: New Feature
> Components: camel-log
> Affects Versions: 3.13.0, 3.21.0
> Reporter: Marco Bungart
> Assignee: Claus Ibsen
> Priority: Minor
> Fix For: 3.20.7, 3.21.1, 3.22.0, 4.0.0
>
>
> When camel cannot create a route, a {{FailedToCreateRouteException}} is
> thrown. This exception shows all query parameters in clear text, including
> sensitive information, like password. It would be beneficial to also mask
> sensitive information in this exception.
> interestingly enough, inner exceptions still mask the password.
> *Note:*
> The issue was originally observed on {{camel-sftp}}, but I suspect that this
> is a broader issue. I specified {{camel-log}} as component since it seems to
> be the closest fit. Please feel free to change this as need be.
> —
> A sample project showing the behaviour can be found on
> [{{github.com}}|https://github.com/turing85/camel-sftp].
> To see the behaviour:
> * Clone the project
> {code:java}
> git clone https://github.com/turing85/camel-sftp.git
> cd camel-sftp {code}
> * Start the sftp server:
> {code:java}
> docker-compose --file local-deployment/docker-compose.yml up --detach {code}
> * build the application
> {code:java}
> ./mvnw clean package {code}
> * start the jar
> {code:java}
> java -jar target/camel-sftp-1.0-SNAPSHOT-executable-jar.jar {code}
> * observe the stack trace, containing the password:
> {code:java}
> Exception in thread "main" org.apache.camel.FailedToCreateRouteException:
> Failed to create route writer at: >>>
> To[sftp://localhost:10022?password=wrong%26foo&username=foo] <<< in route:
> Route(writer)[From[timer://write-timer?fixedRate=true&period... because of
> Failed to resolve endpoint:
> sftp://localhost:10022?password=xxxxxx&username=xxxxxx due to: Failed to
> resolve endpoint: sftp://localhost:10022?password=xxxxxx&username=xxxxxx due
> to: There are 1 parameters that couldn't be set on the endpoint. Check the
> uri if the parameters are spelt correctly and that they are properties of the
> endpoint. Unknown parameters=[{foo=}]
> at
> org.apache.camel.reifier.RouteReifier.doCreateRoute(RouteReifier.java:215)
> at org.apache.camel.reifier.RouteReifier.createRoute(RouteReifier.java:75)
> at
> org.apache.camel.impl.DefaultModelReifierFactory.createRoute(DefaultModelReifierFactory.java:49)
> at
> org.apache.camel.impl.DefaultCamelContext.startRouteDefinitions(DefaultCamelContext.java:937)
> at
> org.apache.camel.impl.DefaultCamelContext.startRouteDefinitions(DefaultCamelContext.java:800)
> at
> org.apache.camel.impl.engine.AbstractCamelContext.doInit(AbstractCamelContext.java:3028)
> at org.apache.camel.support.service.BaseService.init(BaseService.java:83)
> at
> org.apache.camel.impl.engine.AbstractCamelContext.init(AbstractCamelContext.java:2699)
> at
> org.apache.camel.support.service.BaseService.start(BaseService.java:111)
> at
> org.apache.camel.impl.engine.AbstractCamelContext.start(AbstractCamelContext.java:2718)
> at
> org.apache.camel.impl.DefaultCamelContext.start(DefaultCamelContext.java:262)
> at org.apache.camel.main.Main.doStart(Main.java:142)
> at
> org.apache.camel.support.service.BaseService.start(BaseService.java:119)
> at org.apache.camel.main.MainSupport.run(MainSupport.java:89)
> at de.turing85.camel.sftp.CamelSftp.main(CamelSftp.java:15)
> Caused by: org.apache.camel.ResolveEndpointFailedException: Failed to resolve
> endpoint: sftp://localhost:10022?password=xxxxxx&username=xxxxxx due to:
> Failed to resolve endpoint:
> sftp://localhost:10022?password=xxxxxx&username=xxxxxx due to: There are 1
> parameters that couldn't be set on the endpoint. Check the uri if the
> parameters are spelt correctly and that they are properties of the endpoint.
> Unknown parameters=[{foo=}]
> at
> org.apache.camel.impl.engine.AbstractCamelContext.doGetEndpoint(AbstractCamelContext.java:1020)
> at
> org.apache.camel.impl.engine.AbstractCamelContext.getEndpoint(AbstractCamelContext.java:931)
> at
> org.apache.camel.builder.endpoint.AbstractEndpointBuilder.resolve(AbstractEndpointBuilder.java:68)
> at
> org.apache.camel.reifier.SendReifier.resolveEndpoint(SendReifier.java:47)
> at
> org.apache.camel.reifier.SendReifier.createProcessor(SendReifier.java:37)
> at
> org.apache.camel.reifier.ProcessorReifier.makeProcessor(ProcessorReifier.java:857)
> at
> org.apache.camel.reifier.ProcessorReifier.addRoutes(ProcessorReifier.java:598)
> at
> org.apache.camel.reifier.RouteReifier.doCreateRoute(RouteReifier.java:211)
> ... 14 more
> Caused by: org.apache.camel.ResolveEndpointFailedException: Failed to resolve
> endpoint: sftp://localhost:10022?password=xxxxxx&username=xxxxxx due to:
> There are 1 parameters that couldn't be set on the endpoint. Check the uri if
> the parameters are spelt correctly and that they are properties of the
> endpoint. Unknown parameters=[{foo=}]
> at
> org.apache.camel.support.DefaultComponent.validateParameters(DefaultComponent.java:300)
> at
> org.apache.camel.support.DefaultComponent.createEndpoint(DefaultComponent.java:192)
> at
> org.apache.camel.impl.engine.AbstractCamelContext.doGetEndpoint(AbstractCamelContext.java:986)
> ... 21 more {code}
> —
> Story:
> *As* a developer
> *When* I misconfigure my route so that it does not start
> *Then* I want that all sensitive information are masked in the entire stack
> trace.
> —
> FTR: [relevant
> zulip-chat|https://camel.zulipchat.com/#narrow/stream/257298-camel/topic/Java.20DSL.20and.20.60RAW.28.2E.2E.2E.29.60.20parameters/near/379420624]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
