[
https://issues.apache.org/jira/browse/CAMEL-19676?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Claus Ibsen resolved CAMEL-19676.
---------------------------------
Resolution: Fixed
> Do not log sensitive query parameters when route cannot be created
> ------------------------------------------------------------------
>
> Key: CAMEL-19676
> URL: https://issues.apache.org/jira/browse/CAMEL-19676
> Project: Camel
> Issue Type: Bug
> Components: camel-core
> Affects Versions: 3.13.0, 3.21.0
> Reporter: Marco Bungart
> Assignee: Claus Ibsen
> Priority: Minor
> Fix For: 3.20.7, 3.21.1, 3.22.0, 4.0.0
>
>
> When camel cannot create a route, a {{FailedToCreateRouteException}} is
> thrown. This exception shows all query parameters in clear text, including
> sensitive information, like password. It would be beneficial to also mask
> sensitive information in this exception.
> interestingly enough, inner exceptions still mask the password.
> *Note:*
> The issue was originally observed on {{camel-sftp}}, but I suspect that this
> is a broader issue. I specified {{camel-log}} as component since it seems to
> be the closest fit. Please feel free to change this as need be.
> —
> A sample project showing the behaviour can be found on
> [{{github.com}}|https://github.com/turing85/camel-sftp].
> To see the behaviour:
> * Clone the project
> {code:java}
> git clone https://github.com/turing85/camel-sftp.git
> cd camel-sftp {code}
> * Start the sftp server:
> {code:java}
> docker-compose --file local-deployment/docker-compose.yml up --detach {code}
> * build the application
> {code:java}
> ./mvnw clean package {code}
> * start the jar
> {code:java}
> java -jar target/camel-sftp-1.0-SNAPSHOT-executable-jar.jar {code}
> * observe the stack trace, containing the password:
> {code:java}
> Exception in thread "main" org.apache.camel.FailedToCreateRouteException:
> Failed to create route writer at: >>>
> To[sftp://localhost:10022?password=wrong%26foo&username=foo] <<< in route:
> Route(writer)[From[timer://write-timer?fixedRate=true&period... because of
> Failed to resolve endpoint:
> sftp://localhost:10022?password=xxxxxx&username=xxxxxx due to: Failed to
> resolve endpoint: sftp://localhost:10022?password=xxxxxx&username=xxxxxx due
> to: There are 1 parameters that couldn't be set on the endpoint. Check the
> uri if the parameters are spelt correctly and that they are properties of the
> endpoint. Unknown parameters=[{foo=}]
> at
> org.apache.camel.reifier.RouteReifier.doCreateRoute(RouteReifier.java:215)
> at org.apache.camel.reifier.RouteReifier.createRoute(RouteReifier.java:75)
> at
> org.apache.camel.impl.DefaultModelReifierFactory.createRoute(DefaultModelReifierFactory.java:49)
> at
> org.apache.camel.impl.DefaultCamelContext.startRouteDefinitions(DefaultCamelContext.java:937)
> at
> org.apache.camel.impl.DefaultCamelContext.startRouteDefinitions(DefaultCamelContext.java:800)
> at
> org.apache.camel.impl.engine.AbstractCamelContext.doInit(AbstractCamelContext.java:3028)
> at org.apache.camel.support.service.BaseService.init(BaseService.java:83)
> at
> org.apache.camel.impl.engine.AbstractCamelContext.init(AbstractCamelContext.java:2699)
> at
> org.apache.camel.support.service.BaseService.start(BaseService.java:111)
> at
> org.apache.camel.impl.engine.AbstractCamelContext.start(AbstractCamelContext.java:2718)
> at
> org.apache.camel.impl.DefaultCamelContext.start(DefaultCamelContext.java:262)
> at org.apache.camel.main.Main.doStart(Main.java:142)
> at
> org.apache.camel.support.service.BaseService.start(BaseService.java:119)
> at org.apache.camel.main.MainSupport.run(MainSupport.java:89)
> at de.turing85.camel.sftp.CamelSftp.main(CamelSftp.java:15)
> Caused by: org.apache.camel.ResolveEndpointFailedException: Failed to resolve
> endpoint: sftp://localhost:10022?password=xxxxxx&username=xxxxxx due to:
> Failed to resolve endpoint:
> sftp://localhost:10022?password=xxxxxx&username=xxxxxx due to: There are 1
> parameters that couldn't be set on the endpoint. Check the uri if the
> parameters are spelt correctly and that they are properties of the endpoint.
> Unknown parameters=[{foo=}]
> at
> org.apache.camel.impl.engine.AbstractCamelContext.doGetEndpoint(AbstractCamelContext.java:1020)
> at
> org.apache.camel.impl.engine.AbstractCamelContext.getEndpoint(AbstractCamelContext.java:931)
> at
> org.apache.camel.builder.endpoint.AbstractEndpointBuilder.resolve(AbstractEndpointBuilder.java:68)
> at
> org.apache.camel.reifier.SendReifier.resolveEndpoint(SendReifier.java:47)
> at
> org.apache.camel.reifier.SendReifier.createProcessor(SendReifier.java:37)
> at
> org.apache.camel.reifier.ProcessorReifier.makeProcessor(ProcessorReifier.java:857)
> at
> org.apache.camel.reifier.ProcessorReifier.addRoutes(ProcessorReifier.java:598)
> at
> org.apache.camel.reifier.RouteReifier.doCreateRoute(RouteReifier.java:211)
> ... 14 more
> Caused by: org.apache.camel.ResolveEndpointFailedException: Failed to resolve
> endpoint: sftp://localhost:10022?password=xxxxxx&username=xxxxxx due to:
> There are 1 parameters that couldn't be set on the endpoint. Check the uri if
> the parameters are spelt correctly and that they are properties of the
> endpoint. Unknown parameters=[{foo=}]
> at
> org.apache.camel.support.DefaultComponent.validateParameters(DefaultComponent.java:300)
> at
> org.apache.camel.support.DefaultComponent.createEndpoint(DefaultComponent.java:192)
> at
> org.apache.camel.impl.engine.AbstractCamelContext.doGetEndpoint(AbstractCamelContext.java:986)
> ... 21 more {code}
> —
> Story:
> *As* a developer
> *When* I misconfigure my route so that it does not start
> *Then* I want that all sensitive information are masked in the entire stack
> trace.
> —
> FTR: [relevant
> zulip-chat|https://camel.zulipchat.com/#narrow/stream/257298-camel/topic/Java.20DSL.20and.20.60RAW.28.2E.2E.2E.29.60.20parameters/near/379420624]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
