Andrea Cosentino created CAMEL-23297:
----------------------------------------
Summary: Improve error handling and add input validation in
camel-netty converters
Key: CAMEL-23297
URL: https://issues.apache.org/jira/browse/CAMEL-23297
Project: Camel
Issue Type: Improvement
Components: camel-netty
Reporter: Andrea Cosentino
The NettyConverter, ObjectDecoder, and DatagramPacketObjectDecoder classes in
camel-netty lack input validation when converting network data to Java objects:
1. NettyConverter.toObjectInput() — creates an ObjectInputStream from a ByteBuf
without any validation or filtering of the incoming data
2. ObjectDecoder — decodes objects from TCP connections without restricting
accepted types
3. DatagramPacketObjectDecoder — same for UDP datagrams
Other components like camel-leveldb and camel-consul already apply proper input
validation using ObjectInputFilter to restrict which types are accepted during
conversion. The camel-netty converters should follow the same pattern for
consistency and robustness.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
