You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by da...@apache.org on 2020/03/16 18:51:14 UTC
[camel] branch master updated: CAMEL-14711 - Disable RabbitMQ Java
serialization by default (#3633)
This is an automated email from the ASF dual-hosted git repository.
davsclaus pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/master by this push:
new 7c8a278 CAMEL-14711 - Disable RabbitMQ Java serialization by default (#3633)
7c8a278 is described below
commit 7c8a2785b11e705cb5445fde1cebd3eff3d53b1c
Author: Colm O hEigeartaigh <co...@users.noreply.github.com>
AuthorDate: Mon Mar 16 18:50:52 2020 +0000
CAMEL-14711 - Disable RabbitMQ Java serialization by default (#3633)
---
.../rabbitmq/RabbitMQEndpointConfigurer.java | 2 +
.../apache/camel/component/rabbitmq/rabbitmq.json | 1 +
.../src/main/docs/rabbitmq-component.adoc | 3 +-
.../camel/component/rabbitmq/RabbitMQEndpoint.java | 21 +++-
.../rabbitmq/RabbitMQMessageConverter.java | 10 +-
.../rabbitmq/RabbitMQMessagePublisher.java | 2 +-
.../rabbitmq/reply/ReplyManagerSupport.java | 3 +-
.../rabbitmq/integration/RabbitMQInOutIntTest.java | 5 +-
.../dsl/RabbitMQEndpointBuilderFactory.java | 126 +++++++++++++++++++++
.../modules/ROOT/pages/rabbitmq-component.adoc | 3 +-
10 files changed, 165 insertions(+), 11 deletions(-)
diff --git a/components/camel-rabbitmq/src/generated/java/org/apache/camel/component/rabbitmq/RabbitMQEndpointConfigurer.java b/components/camel-rabbitmq/src/generated/java/org/apache/camel/component/rabbitmq/RabbitMQEndpointConfigurer.java
index ae7b9f4..d9af2be 100644
--- a/components/camel-rabbitmq/src/generated/java/org/apache/camel/component/rabbitmq/RabbitMQEndpointConfigurer.java
+++ b/components/camel-rabbitmq/src/generated/java/org/apache/camel/component/rabbitmq/RabbitMQEndpointConfigurer.java
@@ -18,6 +18,8 @@ public class RabbitMQEndpointConfigurer extends PropertyConfigurerSupport implem
case "addresses": target.setAddresses(property(camelContext, java.lang.String.class, value)); return true;
case "allowcustomheaders":
case "allowCustomHeaders": target.setAllowCustomHeaders(property(camelContext, boolean.class, value)); return true;
+ case "allowmessagebodyserialization":
+ case "allowMessageBodySerialization": target.setAllowMessageBodySerialization(property(camelContext, boolean.class, value)); return true;
case "allownullheaders":
case "allowNullHeaders": target.setAllowNullHeaders(property(camelContext, boolean.class, value)); return true;
case "args": target.setArgs(property(camelContext, java.util.Map.class, value)); return true;
diff --git a/components/camel-rabbitmq/src/generated/resources/org/apache/camel/component/rabbitmq/rabbitmq.json b/components/camel-rabbitmq/src/generated/resources/org/apache/camel/component/rabbitmq/rabbitmq.json
index 2a6de1d..2556081 100644
--- a/components/camel-rabbitmq/src/generated/resources/org/apache/camel/component/rabbitmq/rabbitmq.json
+++ b/components/camel-rabbitmq/src/generated/resources/org/apache/camel/component/rabbitmq/rabbitmq.json
@@ -133,6 +133,7 @@
"synchronous": { "kind": "parameter", "displayName": "Synchronous", "group": "advanced", "label": "advanced", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "secret": false, "defaultValue": "false", "description": "Sets whether synchronous processing should be strictly used, or Camel is allowed to use asynchronous processing (if supported)." },
"topologyRecoveryEnabled": { "kind": "parameter", "displayName": "Topology Recovery Enabled", "group": "advanced", "label": "advanced", "required": false, "type": "boolean", "javaType": "java.lang.Boolean", "deprecated": false, "secret": false, "description": "Enables connection topology recovery (should topology recovery be performed)" },
"transferException": { "kind": "parameter", "displayName": "Transfer Exception", "group": "advanced", "label": "advanced", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "secret": false, "defaultValue": false, "description": "When true and an inOut Exchange failed on the consumer side send the caused Exception back in the response" },
+ "allowMessageBodySerialization": { "kind": "parameter", "displayName": "Allow Message Body Serialization", "group": "allowMessageBodySerialization", "label": "allowMessageBodySerialization", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "secret": false, "defaultValue": "false", "description": "Whether to allow Java serialization of the message body or not. If this value is true, the message body will be serialized on the producer side using Java se [...]
"password": { "kind": "parameter", "displayName": "Password", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "secret": true, "defaultValue": "guest", "description": "Password for authenticated access" },
"sslProtocol": { "kind": "parameter", "displayName": "Ssl Protocol", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "secret": false, "description": "Enables SSL on connection, accepted value are true, TLS and 'SSLv3" },
"trustManager": { "kind": "parameter", "displayName": "Trust Manager", "group": "security", "label": "security", "required": false, "type": "object", "javaType": "javax.net.ssl.TrustManager", "deprecated": false, "secret": false, "description": "Configure SSL trust manager, SSL should be enabled for this option to be effective" },
diff --git a/components/camel-rabbitmq/src/main/docs/rabbitmq-component.adoc b/components/camel-rabbitmq/src/main/docs/rabbitmq-component.adoc
index 0d3eb7a..5deb414 100644
--- a/components/camel-rabbitmq/src/main/docs/rabbitmq-component.adoc
+++ b/components/camel-rabbitmq/src/main/docs/rabbitmq-component.adoc
@@ -134,7 +134,7 @@ with the following path and query parameters:
|===
-=== Query Parameters (62 parameters):
+=== Query Parameters (63 parameters):
[width="100%",cols="2,5,^1,2",options="header"]
@@ -198,6 +198,7 @@ with the following path and query parameters:
| *synchronous* (advanced) | Sets whether synchronous processing should be strictly used, or Camel is allowed to use asynchronous processing (if supported). | false | boolean
| *topologyRecoveryEnabled* (advanced) | Enables connection topology recovery (should topology recovery be performed) | | Boolean
| *transferException* (advanced) | When true and an inOut Exchange failed on the consumer side send the caused Exception back in the response | false | boolean
+| *allowMessageBodySerialization* (allowMessageBodySerialization) | Whether to allow Java serialization of the message body or not. If this value is true, the message body will be serialized on the producer side using Java serialization, if no type converter can handle the message body. On the consumer side, it will deserialize the message body if this value is true and the message contains a CamelSerialize header. Setting this value to true may introduce a security vulnerability as it a [...]
| *password* (security) | Password for authenticated access | guest | String
| *sslProtocol* (security) | Enables SSL on connection, accepted value are true, TLS and 'SSLv3 | | String
| *trustManager* (security) | Configure SSL trust manager, SSL should be enabled for this option to be effective | | TrustManager
diff --git a/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/RabbitMQEndpoint.java b/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/RabbitMQEndpoint.java
index 6c77b18..4f9a76e 100644
--- a/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/RabbitMQEndpoint.java
+++ b/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/RabbitMQEndpoint.java
@@ -173,6 +173,8 @@ public class RabbitMQEndpoint extends DefaultEndpoint implements AsyncEndpoint {
private String consumerTag = "";
@UriParam(label = "advanced")
private ExceptionHandler connectionFactoryExceptionHandler;
+ @UriParam(label = "allowMessageBodySerialization", defaultValue = "false")
+ private boolean allowMessageBodySerialization;
// camel-jms supports this setting but it is not currently configurable in
// camel-rabbitmq
@@ -202,7 +204,7 @@ public class RabbitMQEndpoint extends DefaultEndpoint implements AsyncEndpoint {
public Exchange createRabbitExchange(Envelope envelope, AMQP.BasicProperties properties, byte[] body) {
Exchange exchange = super.createExchange();
- messageConverter.populateRabbitExchange(exchange, envelope, properties, body, false);
+ messageConverter.populateRabbitExchange(exchange, envelope, properties, body, false, allowMessageBodySerialization);
return exchange;
}
@@ -582,6 +584,23 @@ public class RabbitMQEndpoint extends DefaultEndpoint implements AsyncEndpoint {
this.automaticRecoveryEnabled = automaticRecoveryEnabled;
}
+ public boolean isAllowMessageBodySerialization() {
+ return allowMessageBodySerialization;
+ }
+
+ /**
+ * Whether to allow Java serialization of the message body or not. If this value is true, the message body
+ * will be serialized on the producer side using Java serialization, if no type converter can handle the
+ * message body. On the consumer side, it will deserialize the message body if this value is true and the
+ * message contains a CamelSerialize header.
+ *
+ * Setting this value to true may introduce a security vulnerability as it allows an attacker to attempt to
+ * deserialize to a gadget object which could result in a RCE or other security vulnerability.
+ */
+ public void setAllowMessageBodySerialization(boolean allowMessageBodySerialization) {
+ this.allowMessageBodySerialization = allowMessageBodySerialization;
+ }
+
public Integer getNetworkRecoveryInterval() {
return networkRecoveryInterval;
}
diff --git a/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/RabbitMQMessageConverter.java b/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/RabbitMQMessageConverter.java
index 3db1066..76886cb 100644
--- a/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/RabbitMQMessageConverter.java
+++ b/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/RabbitMQMessageConverter.java
@@ -244,10 +244,11 @@ public class RabbitMQMessageConverter {
return null;
}
- public void populateRabbitExchange(Exchange camelExchange, Envelope envelope, AMQP.BasicProperties properties, byte[] body, final boolean out) {
+ public void populateRabbitExchange(Exchange camelExchange, Envelope envelope, AMQP.BasicProperties properties, byte[] body, final boolean out,
+ final boolean allowMessageBodySerialization) {
Message message = resolveMessageFrom(camelExchange, out);
populateMessageHeaders(message, envelope, properties);
- populateMessageBody(message, camelExchange, properties, body);
+ populateMessageBody(message, camelExchange, properties, body, allowMessageBodySerialization);
}
private Message resolveMessageFrom(final Exchange camelExchange, final boolean out) {
@@ -295,8 +296,9 @@ public class RabbitMQMessageConverter {
}
}
- private void populateMessageBody(final Message message, final Exchange camelExchange, final AMQP.BasicProperties properties, final byte[] body) {
- if (hasSerializeHeader(properties)) {
+ private void populateMessageBody(final Message message, final Exchange camelExchange, final AMQP.BasicProperties properties, final byte[] body,
+ final boolean allowMessageBodySerialization) {
+ if (allowMessageBodySerialization && hasSerializeHeader(properties)) {
deserializeBody(camelExchange, message, body);
} else {
// Set the body as a byte[] and let the type converter deal with it
diff --git a/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/RabbitMQMessagePublisher.java b/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/RabbitMQMessagePublisher.java
index 1b539d1..dd20128 100644
--- a/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/RabbitMQMessagePublisher.java
+++ b/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/RabbitMQMessagePublisher.java
@@ -97,7 +97,7 @@ public class RabbitMQMessagePublisher {
properties = endpoint.getMessageConverter().buildProperties(camelExchange).build();
} catch (NoTypeConversionAvailableException | TypeConversionException e) {
- if (message.getBody() instanceof Serializable) {
+ if (message.getBody() instanceof Serializable && endpoint.isAllowMessageBodySerialization()) {
// Add the header so the reply processor knows to de-serialize
// it
message.getHeaders().put(RabbitMQEndpoint.SERIALIZE_HEADER, true);
diff --git a/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/reply/ReplyManagerSupport.java b/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/reply/ReplyManagerSupport.java
index 173d729..d0f047a 100644
--- a/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/reply/ReplyManagerSupport.java
+++ b/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/reply/ReplyManagerSupport.java
@@ -162,7 +162,8 @@ public abstract class ReplyManagerSupport extends ServiceSupport implements Repl
exchange.setException(new ExchangeTimedOutException(exchange, holder.getRequestTimeout(), msg));
} else {
- messageConverter.populateRabbitExchange(exchange, null, holder.getProperties(), holder.getMessage(), true);
+ messageConverter.populateRabbitExchange(exchange, null, holder.getProperties(), holder.getMessage(), true,
+ endpoint.isAllowMessageBodySerialization());
// restore correlation id in case the remote server messed
// with it
diff --git a/components/camel-rabbitmq/src/test/java/org/apache/camel/component/rabbitmq/integration/RabbitMQInOutIntTest.java b/components/camel-rabbitmq/src/test/java/org/apache/camel/component/rabbitmq/integration/RabbitMQInOutIntTest.java
index dbd7c60..0961d48 100644
--- a/components/camel-rabbitmq/src/test/java/org/apache/camel/component/rabbitmq/integration/RabbitMQInOutIntTest.java
+++ b/components/camel-rabbitmq/src/test/java/org/apache/camel/component/rabbitmq/integration/RabbitMQInOutIntTest.java
@@ -61,11 +61,12 @@ public class RabbitMQInOutIntTest extends AbstractRabbitMQIntTest {
protected ProducerTemplate directProducer;
@EndpointInject("rabbitmq:localhost:5672/" + EXCHANGE + "?threadPoolSize=1&exchangeType=direct&username=cameltest&password=cameltest" + "&autoAck=true&queue=q4&routingKey="
- + ROUTING_KEY + "&transferException=true&requestTimeout=" + TIMEOUT_MS)
+ + ROUTING_KEY + "&transferException=true&requestTimeout=" + TIMEOUT_MS + "&allowMessageBodySerialization=true")
private Endpoint rabbitMQEndpoint;
@EndpointInject("rabbitmq:localhost:5672/" + EXCHANGE_NO_ACK + "?threadPoolSize=1&exchangeType=direct&username=cameltest&password=cameltest"
- + "&autoAck=false&autoDelete=false&durable=false&queue=q5&routingKey=" + ROUTING_KEY + "&transferException=true&requestTimeout=" + TIMEOUT_MS + "&args=#args")
+ + "&autoAck=false&autoDelete=false&durable=false&queue=q5&routingKey=" + ROUTING_KEY + "&transferException=true&requestTimeout="
+ + TIMEOUT_MS + "&args=#args" + "&allowMessageBodySerialization=true")
private Endpoint noAutoAckEndpoint;
@EndpointInject("mock:result")
diff --git a/core/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/RabbitMQEndpointBuilderFactory.java b/core/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/RabbitMQEndpointBuilderFactory.java
index 38b591d..ed2b0e6 100644
--- a/core/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/RabbitMQEndpointBuilderFactory.java
+++ b/core/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/RabbitMQEndpointBuilderFactory.java
@@ -710,6 +710,48 @@ public interface RabbitMQEndpointBuilderFactory {
return this;
}
/**
+ * Whether to allow Java serialization of the message body or not. If
+ * this value is true, the message body will be serialized on the
+ * producer side using Java serialization, if no type converter can
+ * handle the message body. On the consumer side, it will deserialize
+ * the message body if this value is true and the message contains a
+ * CamelSerialize header. Setting this value to true may introduce a
+ * security vulnerability as it allows an attacker to attempt to
+ * deserialize to a gadget object which could result in a RCE or other
+ * security vulnerability.
+ *
+ * The option is a: <code>boolean</code> type.
+ *
+ * Default: false
+ * Group: allowMessageBodySerialization
+ */
+ default RabbitMQEndpointConsumerBuilder allowMessageBodySerialization(
+ boolean allowMessageBodySerialization) {
+ doSetProperty("allowMessageBodySerialization", allowMessageBodySerialization);
+ return this;
+ }
+ /**
+ * Whether to allow Java serialization of the message body or not. If
+ * this value is true, the message body will be serialized on the
+ * producer side using Java serialization, if no type converter can
+ * handle the message body. On the consumer side, it will deserialize
+ * the message body if this value is true and the message contains a
+ * CamelSerialize header. Setting this value to true may introduce a
+ * security vulnerability as it allows an attacker to attempt to
+ * deserialize to a gadget object which could result in a RCE or other
+ * security vulnerability.
+ *
+ * The option will be converted to a <code>boolean</code> type.
+ *
+ * Default: false
+ * Group: allowMessageBodySerialization
+ */
+ default RabbitMQEndpointConsumerBuilder allowMessageBodySerialization(
+ String allowMessageBodySerialization) {
+ doSetProperty("allowMessageBodySerialization", allowMessageBodySerialization);
+ return this;
+ }
+ /**
* Password for authenticated access.
*
* The option is a: <code>java.lang.String</code> type.
@@ -2013,6 +2055,48 @@ public interface RabbitMQEndpointBuilderFactory {
return this;
}
/**
+ * Whether to allow Java serialization of the message body or not. If
+ * this value is true, the message body will be serialized on the
+ * producer side using Java serialization, if no type converter can
+ * handle the message body. On the consumer side, it will deserialize
+ * the message body if this value is true and the message contains a
+ * CamelSerialize header. Setting this value to true may introduce a
+ * security vulnerability as it allows an attacker to attempt to
+ * deserialize to a gadget object which could result in a RCE or other
+ * security vulnerability.
+ *
+ * The option is a: <code>boolean</code> type.
+ *
+ * Default: false
+ * Group: allowMessageBodySerialization
+ */
+ default RabbitMQEndpointProducerBuilder allowMessageBodySerialization(
+ boolean allowMessageBodySerialization) {
+ doSetProperty("allowMessageBodySerialization", allowMessageBodySerialization);
+ return this;
+ }
+ /**
+ * Whether to allow Java serialization of the message body or not. If
+ * this value is true, the message body will be serialized on the
+ * producer side using Java serialization, if no type converter can
+ * handle the message body. On the consumer side, it will deserialize
+ * the message body if this value is true and the message contains a
+ * CamelSerialize header. Setting this value to true may introduce a
+ * security vulnerability as it allows an attacker to attempt to
+ * deserialize to a gadget object which could result in a RCE or other
+ * security vulnerability.
+ *
+ * The option will be converted to a <code>boolean</code> type.
+ *
+ * Default: false
+ * Group: allowMessageBodySerialization
+ */
+ default RabbitMQEndpointProducerBuilder allowMessageBodySerialization(
+ String allowMessageBodySerialization) {
+ doSetProperty("allowMessageBodySerialization", allowMessageBodySerialization);
+ return this;
+ }
+ /**
* Password for authenticated access.
*
* The option is a: <code>java.lang.String</code> type.
@@ -2900,6 +2984,48 @@ public interface RabbitMQEndpointBuilderFactory {
return this;
}
/**
+ * Whether to allow Java serialization of the message body or not. If
+ * this value is true, the message body will be serialized on the
+ * producer side using Java serialization, if no type converter can
+ * handle the message body. On the consumer side, it will deserialize
+ * the message body if this value is true and the message contains a
+ * CamelSerialize header. Setting this value to true may introduce a
+ * security vulnerability as it allows an attacker to attempt to
+ * deserialize to a gadget object which could result in a RCE or other
+ * security vulnerability.
+ *
+ * The option is a: <code>boolean</code> type.
+ *
+ * Default: false
+ * Group: allowMessageBodySerialization
+ */
+ default RabbitMQEndpointBuilder allowMessageBodySerialization(
+ boolean allowMessageBodySerialization) {
+ doSetProperty("allowMessageBodySerialization", allowMessageBodySerialization);
+ return this;
+ }
+ /**
+ * Whether to allow Java serialization of the message body or not. If
+ * this value is true, the message body will be serialized on the
+ * producer side using Java serialization, if no type converter can
+ * handle the message body. On the consumer side, it will deserialize
+ * the message body if this value is true and the message contains a
+ * CamelSerialize header. Setting this value to true may introduce a
+ * security vulnerability as it allows an attacker to attempt to
+ * deserialize to a gadget object which could result in a RCE or other
+ * security vulnerability.
+ *
+ * The option will be converted to a <code>boolean</code> type.
+ *
+ * Default: false
+ * Group: allowMessageBodySerialization
+ */
+ default RabbitMQEndpointBuilder allowMessageBodySerialization(
+ String allowMessageBodySerialization) {
+ doSetProperty("allowMessageBodySerialization", allowMessageBodySerialization);
+ return this;
+ }
+ /**
* Password for authenticated access.
*
* The option is a: <code>java.lang.String</code> type.
diff --git a/docs/components/modules/ROOT/pages/rabbitmq-component.adoc b/docs/components/modules/ROOT/pages/rabbitmq-component.adoc
index b84aa5f..a6f71d7 100644
--- a/docs/components/modules/ROOT/pages/rabbitmq-component.adoc
+++ b/docs/components/modules/ROOT/pages/rabbitmq-component.adoc
@@ -135,7 +135,7 @@ with the following path and query parameters:
|===
-=== Query Parameters (62 parameters):
+=== Query Parameters (63 parameters):
[width="100%",cols="2,5,^1,2",options="header"]
@@ -199,6 +199,7 @@ with the following path and query parameters:
| *synchronous* (advanced) | Sets whether synchronous processing should be strictly used, or Camel is allowed to use asynchronous processing (if supported). | false | boolean
| *topologyRecoveryEnabled* (advanced) | Enables connection topology recovery (should topology recovery be performed) | | Boolean
| *transferException* (advanced) | When true and an inOut Exchange failed on the consumer side send the caused Exception back in the response | false | boolean
+| *allowMessageBodySerialization* (allowMessageBodySerialization) | Whether to allow Java serialization of the message body or not. If this value is true, the message body will be serialized on the producer side using Java serialization, if no type converter can handle the message body. On the consumer side, it will deserialize the message body if this value is true and the message contains a CamelSerialize header. Setting this value to true may introduce a security vulnerability as it a [...]
| *password* (security) | Password for authenticated access | guest | String
| *sslProtocol* (security) | Enables SSL on connection, accepted value are true, TLS and 'SSLv3 | | String
| *trustManager* (security) | Configure SSL trust manager, SSL should be enabled for this option to be effective | | TrustManager