[
https://issues.apache.org/jira/browse/CAMEL-23250?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18076548#comment-18076548
]
Claus Ibsen commented on CAMEL-23250:
-------------------------------------
Camel Spring Boot *DONE*
Camel Quarkus: https://github.com/apache/camel-quarkus/issues/8584
> Security policy enforcement for insecure configuration at startup
> -----------------------------------------------------------------
>
> Key: CAMEL-23250
> URL: https://issues.apache.org/jira/browse/CAMEL-23250
> Project: Camel
> Issue Type: Improvement
> Components: camel-core
> Reporter: Guillaume Nodet
> Assignee: Guillaume Nodet
> Priority: Major
> Fix For: 4.21.0
>
>
> Add a security policy enforcement system that detects insecure configuration
> at startup and warns or prevents the application from starting.
> h3. Security Categories
> || Category || Description || Examples ||
> | {{secret}} | Plain-text passwords/tokens not using secure placeholders |
> {{camel.ssl.keystorePassword=plaintext}} |
> | {{insecure:ssl}} | Disabled certificate validation or hostname verification
> | {{trustAllCertificates=true}}, {{hostnameVerification=false}} |
> | {{insecure:serialization}} | Dangerous deserialization of untrusted data |
> {{allowJavaSerializedObject=true}}, {{transferExchange=true}} |
> | {{insecure:dev}} | Development-only features left enabled |
> {{devConsoleEnabled=true}}, {{uploadEnabled=true}} |
> h3. Policy Levels
> - *allow* — no warnings, silently allow the configuration
> - *warn* — log a warning at startup (default for dev/test profiles)
> - *fail* — throw an exception and prevent startup (default for prod profile)
> h3. Features
> # *Configurable policies* under {{camel.security.*}} namespace with global
> and per-category overrides
> # *Profile-aware defaults*: {{camel.main.profile=prod}} automatically
> defaults to {{fail}} policy; users can override via
> {{camel.security.policy=warn}}
> # *Property allowlist*: {{camel.security.allowedProperties}} to exclude
> specific properties from checks
> # *Plain-text secret detection*: flags passwords/tokens not using {{RAW()}},
> {{\{\{vault:...\}\}}}, {{$\{env:...\}}}, or {{\{\{...\}\}}} placeholders
> # *Health check*: {{SecurityPolicyHealthCheck}} readiness check reports
> violations at runtime
> # *Context plugin*: {{SecurityPolicyResult}} stores violations for
> programmatic access
> # *Annotation-driven*: new {{security}} and {{insecureValue}} attributes on
> {{@UriParam}}, {{@Metadata}}, {{@UriPath}} — build tools auto-generate the
> tracking map
> # *Build-time validation*: {{BaseOptionModel.setSecurity()}} validates
> categories at build time — typos cause an immediate error
> # *73 component files annotated* with {{insecure:ssl}},
> {{insecure:serialization}}, {{insecure:dev}} categories
> # *Documentation* in {{proposals/security.adoc}}
> h3. Configuration Example
> {code}
> # Global policy (default: warn, or fail when profile=prod)
> camel.security.policy = fail
> # Per-category overrides
> camel.security.secretPolicy = fail
> camel.security.insecureSslPolicy = fail
> camel.security.insecureDevPolicy = warn
> # Allow specific properties
> camel.security.allowedProperties =
> camel.component.aws2-s3.trustAllCertificates
> {code}
> h3. Follow-up Work
> # Add {{security = "secret"}} to all remaining {{secret = true}} parameters
> (~144 component files)
> # Camel Spring Boot — auto-configuration for {{camel.security.*}} properties
> # Camel Quarkus — integration for {{camel.security.*}} properties
> PR: https://github.com/apache/camel/pull/22269
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
