[
https://issues.apache.org/jira/browse/CAMEL-23250?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Guillaume Nodet updated CAMEL-23250:
------------------------------------
Fix Version/s: 4.20.0
> Security policy enforcement for insecure configuration at startup
> -----------------------------------------------------------------
>
> Key: CAMEL-23250
> URL: https://issues.apache.org/jira/browse/CAMEL-23250
> Project: Camel
> Issue Type: Improvement
> Components: camel-core
> Reporter: Guillaume Nodet
> Assignee: Guillaume Nodet
> Priority: Major
> Fix For: 4.20.0
>
>
> Add a security policy enforcement system that detects insecure configuration
> at startup and warns or prevents the application from starting.
> h3. Security Categories
> || Category || Description || Examples ||
> | {{secret}} | Plain-text passwords/tokens not using secure placeholders |
> {{camel.ssl.keystorePassword=plaintext}} |
> | {{insecure:ssl}} | Disabled certificate validation or hostname verification
> | {{trustAllCertificates=true}}, {{hostnameVerification=false}} |
> | {{insecure:serialization}} | Dangerous deserialization of untrusted data |
> {{allowJavaSerializedObject=true}}, {{transferExchange=true}} |
> | {{insecure:dev}} | Development-only features left enabled |
> {{devConsoleEnabled=true}}, {{uploadEnabled=true}} |
> h3. Policy Levels
> - *allow* — no warnings, silently allow the configuration
> - *warn* — log a warning at startup (default for dev/test profiles)
> - *fail* — throw an exception and prevent startup (default for prod profile)
> h3. Features
> # *Configurable policies* under {{camel.security.*}} namespace with global
> and per-category overrides
> # *Profile-aware defaults*: {{camel.main.profile=prod}} automatically
> defaults to {{fail}} policy; users can override via
> {{camel.security.policy=warn}}
> # *Property allowlist*: {{camel.security.allowedProperties}} to exclude
> specific properties from checks
> # *Plain-text secret detection*: flags passwords/tokens not using {{RAW()}},
> {{\{\{vault:...\}\}}}, {{$\{env:...\}}}, or {{\{\{...\}\}}} placeholders
> # *Health check*: {{SecurityPolicyHealthCheck}} readiness check reports
> violations at runtime
> # *Context plugin*: {{SecurityPolicyResult}} stores violations for
> programmatic access
> # *Annotation-driven*: new {{security}} and {{insecureValue}} attributes on
> {{@UriParam}}, {{@Metadata}}, {{@UriPath}} — build tools auto-generate the
> tracking map
> # *57+ components annotated* across AWS, Netty, JMS, Paho MQTT, Splunk,
> Huawei Cloud, core SSL
> # *Documentation* in {{security.adoc}}
> h3. Configuration Example
> {code}
> # Global policy (default: warn, or fail when profile=prod)
> camel.security.policy = fail
> # Per-category overrides
> camel.security.secretPolicy = fail
> camel.security.insecureSslPolicy = fail
> camel.security.insecureDevPolicy = warn
> # Allow specific properties
> camel.security.allowedProperties =
> camel.component.aws2-s3.trustAllCertificates
> {code}
> h3. Key Files
> - {{core/camel-util/.../SecurityUtils.java}} — detection logic and
> auto-generated security options map
> - {{core/camel-util/.../SecurityViolation.java}} — shared violation record
> - {{core/camel-main/.../SecurityConfigurationProperties.java}} — policy
> configuration
> - {{core/camel-main/.../ProfileConfigurer.java}} — profile-aware defaults
> - {{core/camel-main/.../SecurityPolicyResult.java}} — context plugin for
> runtime access
> - {{core/camel-health/.../SecurityPolicyHealthCheck.java}} — readiness health
> check
> - {{docs/user-manual/.../security.adoc}} — documentation
> PR: https://github.com/apache/camel/pull/22269
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
