You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by co...@apache.org on 2020/03/13 15:02:00 UTC
[camel] branch CAMEL-14711 created (now e1b909e)
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a change to branch CAMEL-14711
in repository https://gitbox.apache.org/repos/asf/camel.git.
at e1b909e CAMEL-14711 - Disable RabbitMQ Java serialization by default
This branch includes the following new commits:
new e1b909e CAMEL-14711 - Disable RabbitMQ Java serialization by default
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
[camel] 01/01: CAMEL-14711 - Disable RabbitMQ Java serialization by
default
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch CAMEL-14711
in repository https://gitbox.apache.org/repos/asf/camel.git
commit e1b909e43c620a99e0cfa53791e8fe324546d56e
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Fri Mar 13 15:01:26 2020 +0000
CAMEL-14711 - Disable RabbitMQ Java serialization by default
---
.../rabbitmq/RabbitMQEndpointConfigurer.java | 2 +
.../apache/camel/component/rabbitmq/rabbitmq.json | 1 +
.../src/main/docs/rabbitmq-component.adoc | 3 +-
.../camel/component/rabbitmq/RabbitMQEndpoint.java | 21 +++-
.../rabbitmq/RabbitMQMessageConverter.java | 10 +-
.../rabbitmq/RabbitMQMessagePublisher.java | 2 +-
.../rabbitmq/reply/ReplyManagerSupport.java | 3 +-
.../rabbitmq/integration/RabbitMQInOutIntTest.java | 5 +-
.../dsl/RabbitMQEndpointBuilderFactory.java | 126 +++++++++++++++++++++
.../modules/ROOT/pages/rabbitmq-component.adoc | 3 +-
10 files changed, 165 insertions(+), 11 deletions(-)
diff --git a/components/camel-rabbitmq/src/generated/java/org/apache/camel/component/rabbitmq/RabbitMQEndpointConfigurer.java b/components/camel-rabbitmq/src/generated/java/org/apache/camel/component/rabbitmq/RabbitMQEndpointConfigurer.java
index ae7b9f4..d9af2be 100644
--- a/components/camel-rabbitmq/src/generated/java/org/apache/camel/component/rabbitmq/RabbitMQEndpointConfigurer.java
+++ b/components/camel-rabbitmq/src/generated/java/org/apache/camel/component/rabbitmq/RabbitMQEndpointConfigurer.java
@@ -18,6 +18,8 @@ public class RabbitMQEndpointConfigurer extends PropertyConfigurerSupport implem
case "addresses": target.setAddresses(property(camelContext, java.lang.String.class, value)); return true;
case "allowcustomheaders":
case "allowCustomHeaders": target.setAllowCustomHeaders(property(camelContext, boolean.class, value)); return true;
+ case "allowmessagebodyserialization":
+ case "allowMessageBodySerialization": target.setAllowMessageBodySerialization(property(camelContext, boolean.class, value)); return true;
case "allownullheaders":
case "allowNullHeaders": target.setAllowNullHeaders(property(camelContext, boolean.class, value)); return true;
case "args": target.setArgs(property(camelContext, java.util.Map.class, value)); return true;
diff --git a/components/camel-rabbitmq/src/generated/resources/org/apache/camel/component/rabbitmq/rabbitmq.json b/components/camel-rabbitmq/src/generated/resources/org/apache/camel/component/rabbitmq/rabbitmq.json
index 2a6de1d..2556081 100644
--- a/components/camel-rabbitmq/src/generated/resources/org/apache/camel/component/rabbitmq/rabbitmq.json
+++ b/components/camel-rabbitmq/src/generated/resources/org/apache/camel/component/rabbitmq/rabbitmq.json
@@ -133,6 +133,7 @@
"synchronous": { "kind": "parameter", "displayName": "Synchronous", "group": "advanced", "label": "advanced", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "secret": false, "defaultValue": "false", "description": "Sets whether synchronous processing should be strictly used, or Camel is allowed to use asynchronous processing (if supported)." },
"topologyRecoveryEnabled": { "kind": "parameter", "displayName": "Topology Recovery Enabled", "group": "advanced", "label": "advanced", "required": false, "type": "boolean", "javaType": "java.lang.Boolean", "deprecated": false, "secret": false, "description": "Enables connection topology recovery (should topology recovery be performed)" },
"transferException": { "kind": "parameter", "displayName": "Transfer Exception", "group": "advanced", "label": "advanced", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "secret": false, "defaultValue": false, "description": "When true and an inOut Exchange failed on the consumer side send the caused Exception back in the response" },
+ "allowMessageBodySerialization": { "kind": "parameter", "displayName": "Allow Message Body Serialization", "group": "allowMessageBodySerialization", "label": "allowMessageBodySerialization", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "secret": false, "defaultValue": "false", "description": "Whether to allow Java serialization of the message body or not. If this value is true, the message body will be serialized on the producer side using Java se [...]
"password": { "kind": "parameter", "displayName": "Password", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "secret": true, "defaultValue": "guest", "description": "Password for authenticated access" },
"sslProtocol": { "kind": "parameter", "displayName": "Ssl Protocol", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "secret": false, "description": "Enables SSL on connection, accepted value are true, TLS and 'SSLv3" },
"trustManager": { "kind": "parameter", "displayName": "Trust Manager", "group": "security", "label": "security", "required": false, "type": "object", "javaType": "javax.net.ssl.TrustManager", "deprecated": false, "secret": false, "description": "Configure SSL trust manager, SSL should be enabled for this option to be effective" },
diff --git a/components/camel-rabbitmq/src/main/docs/rabbitmq-component.adoc b/components/camel-rabbitmq/src/main/docs/rabbitmq-component.adoc
index 0d3eb7a..5deb414 100644
--- a/components/camel-rabbitmq/src/main/docs/rabbitmq-component.adoc
+++ b/components/camel-rabbitmq/src/main/docs/rabbitmq-component.adoc
@@ -134,7 +134,7 @@ with the following path and query parameters:
|===
-=== Query Parameters (62 parameters):
+=== Query Parameters (63 parameters):
[width="100%",cols="2,5,^1,2",options="header"]
@@ -198,6 +198,7 @@ with the following path and query parameters:
| *synchronous* (advanced) | Sets whether synchronous processing should be strictly used, or Camel is allowed to use asynchronous processing (if supported). | false | boolean
| *topologyRecoveryEnabled* (advanced) | Enables connection topology recovery (should topology recovery be performed) | | Boolean
| *transferException* (advanced) | When true and an inOut Exchange failed on the consumer side send the caused Exception back in the response | false | boolean
+| *allowMessageBodySerialization* (allowMessageBodySerialization) | Whether to allow Java serialization of the message body or not. If this value is true, the message body will be serialized on the producer side using Java serialization, if no type converter can handle the message body. On the consumer side, it will deserialize the message body if this value is true and the message contains a CamelSerialize header. Setting this value to true may introduce a security vulnerability as it a [...]
| *password* (security) | Password for authenticated access | guest | String
| *sslProtocol* (security) | Enables SSL on connection, accepted value are true, TLS and 'SSLv3 | | String
| *trustManager* (security) | Configure SSL trust manager, SSL should be enabled for this option to be effective | | TrustManager
diff --git a/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/RabbitMQEndpoint.java b/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/RabbitMQEndpoint.java
index 6c77b18..1aa0074 100644
--- a/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/RabbitMQEndpoint.java
+++ b/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/RabbitMQEndpoint.java
@@ -173,6 +173,8 @@ public class RabbitMQEndpoint extends DefaultEndpoint implements AsyncEndpoint {
private String consumerTag = "";
@UriParam(label = "advanced")
private ExceptionHandler connectionFactoryExceptionHandler;
+ @UriParam(label = "allowMessageBodySerialization", defaultValue = "false")
+ private boolean allowMessageBodySerialization = false;
// camel-jms supports this setting but it is not currently configurable in
// camel-rabbitmq
@@ -202,7 +204,7 @@ public class RabbitMQEndpoint extends DefaultEndpoint implements AsyncEndpoint {
public Exchange createRabbitExchange(Envelope envelope, AMQP.BasicProperties properties, byte[] body) {
Exchange exchange = super.createExchange();
- messageConverter.populateRabbitExchange(exchange, envelope, properties, body, false);
+ messageConverter.populateRabbitExchange(exchange, envelope, properties, body, false, allowMessageBodySerialization);
return exchange;
}
@@ -582,6 +584,23 @@ public class RabbitMQEndpoint extends DefaultEndpoint implements AsyncEndpoint {
this.automaticRecoveryEnabled = automaticRecoveryEnabled;
}
+ public boolean isAllowMessageBodySerialization() {
+ return allowMessageBodySerialization;
+ }
+
+ /**
+ * Whether to allow Java serialization of the message body or not. If this value is true, the message body
+ * will be serialized on the producer side using Java serialization, if no type converter can handle the
+ * message body. On the consumer side, it will deserialize the message body if this value is true and the
+ * message contains a CamelSerialize header.
+ *
+ * Setting this value to true may introduce a security vulnerability as it allows an attacker to attempt to
+ * deserialize to a gadget object which could result in a RCE or other security vulnerability.
+ */
+ public void setAllowMessageBodySerialization(boolean allowMessageBodySerialization) {
+ this.allowMessageBodySerialization = allowMessageBodySerialization;
+ }
+
public Integer getNetworkRecoveryInterval() {
return networkRecoveryInterval;
}
diff --git a/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/RabbitMQMessageConverter.java b/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/RabbitMQMessageConverter.java
index 3db1066..76886cb 100644
--- a/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/RabbitMQMessageConverter.java
+++ b/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/RabbitMQMessageConverter.java
@@ -244,10 +244,11 @@ public class RabbitMQMessageConverter {
return null;
}
- public void populateRabbitExchange(Exchange camelExchange, Envelope envelope, AMQP.BasicProperties properties, byte[] body, final boolean out) {
+ public void populateRabbitExchange(Exchange camelExchange, Envelope envelope, AMQP.BasicProperties properties, byte[] body, final boolean out,
+ final boolean allowMessageBodySerialization) {
Message message = resolveMessageFrom(camelExchange, out);
populateMessageHeaders(message, envelope, properties);
- populateMessageBody(message, camelExchange, properties, body);
+ populateMessageBody(message, camelExchange, properties, body, allowMessageBodySerialization);
}
private Message resolveMessageFrom(final Exchange camelExchange, final boolean out) {
@@ -295,8 +296,9 @@ public class RabbitMQMessageConverter {
}
}
- private void populateMessageBody(final Message message, final Exchange camelExchange, final AMQP.BasicProperties properties, final byte[] body) {
- if (hasSerializeHeader(properties)) {
+ private void populateMessageBody(final Message message, final Exchange camelExchange, final AMQP.BasicProperties properties, final byte[] body,
+ final boolean allowMessageBodySerialization) {
+ if (allowMessageBodySerialization && hasSerializeHeader(properties)) {
deserializeBody(camelExchange, message, body);
} else {
// Set the body as a byte[] and let the type converter deal with it
diff --git a/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/RabbitMQMessagePublisher.java b/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/RabbitMQMessagePublisher.java
index 1b539d1..dd20128 100644
--- a/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/RabbitMQMessagePublisher.java
+++ b/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/RabbitMQMessagePublisher.java
@@ -97,7 +97,7 @@ public class RabbitMQMessagePublisher {
properties = endpoint.getMessageConverter().buildProperties(camelExchange).build();
} catch (NoTypeConversionAvailableException | TypeConversionException e) {
- if (message.getBody() instanceof Serializable) {
+ if (message.getBody() instanceof Serializable && endpoint.isAllowMessageBodySerialization()) {
// Add the header so the reply processor knows to de-serialize
// it
message.getHeaders().put(RabbitMQEndpoint.SERIALIZE_HEADER, true);
diff --git a/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/reply/ReplyManagerSupport.java b/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/reply/ReplyManagerSupport.java
index 173d729..d0f047a 100644
--- a/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/reply/ReplyManagerSupport.java
+++ b/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/reply/ReplyManagerSupport.java
@@ -162,7 +162,8 @@ public abstract class ReplyManagerSupport extends ServiceSupport implements Repl
exchange.setException(new ExchangeTimedOutException(exchange, holder.getRequestTimeout(), msg));
} else {
- messageConverter.populateRabbitExchange(exchange, null, holder.getProperties(), holder.getMessage(), true);
+ messageConverter.populateRabbitExchange(exchange, null, holder.getProperties(), holder.getMessage(), true,
+ endpoint.isAllowMessageBodySerialization());
// restore correlation id in case the remote server messed
// with it
diff --git a/components/camel-rabbitmq/src/test/java/org/apache/camel/component/rabbitmq/integration/RabbitMQInOutIntTest.java b/components/camel-rabbitmq/src/test/java/org/apache/camel/component/rabbitmq/integration/RabbitMQInOutIntTest.java
index dbd7c60..0961d48 100644
--- a/components/camel-rabbitmq/src/test/java/org/apache/camel/component/rabbitmq/integration/RabbitMQInOutIntTest.java
+++ b/components/camel-rabbitmq/src/test/java/org/apache/camel/component/rabbitmq/integration/RabbitMQInOutIntTest.java
@@ -61,11 +61,12 @@ public class RabbitMQInOutIntTest extends AbstractRabbitMQIntTest {
protected ProducerTemplate directProducer;
@EndpointInject("rabbitmq:localhost:5672/" + EXCHANGE + "?threadPoolSize=1&exchangeType=direct&username=cameltest&password=cameltest" + "&autoAck=true&queue=q4&routingKey="
- + ROUTING_KEY + "&transferException=true&requestTimeout=" + TIMEOUT_MS)
+ + ROUTING_KEY + "&transferException=true&requestTimeout=" + TIMEOUT_MS + "&allowMessageBodySerialization=true")
private Endpoint rabbitMQEndpoint;
@EndpointInject("rabbitmq:localhost:5672/" + EXCHANGE_NO_ACK + "?threadPoolSize=1&exchangeType=direct&username=cameltest&password=cameltest"
- + "&autoAck=false&autoDelete=false&durable=false&queue=q5&routingKey=" + ROUTING_KEY + "&transferException=true&requestTimeout=" + TIMEOUT_MS + "&args=#args")
+ + "&autoAck=false&autoDelete=false&durable=false&queue=q5&routingKey=" + ROUTING_KEY + "&transferException=true&requestTimeout="
+ + TIMEOUT_MS + "&args=#args" + "&allowMessageBodySerialization=true")
private Endpoint noAutoAckEndpoint;
@EndpointInject("mock:result")
diff --git a/core/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/RabbitMQEndpointBuilderFactory.java b/core/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/RabbitMQEndpointBuilderFactory.java
index 38b591d..ed2b0e6 100644
--- a/core/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/RabbitMQEndpointBuilderFactory.java
+++ b/core/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/RabbitMQEndpointBuilderFactory.java
@@ -710,6 +710,48 @@ public interface RabbitMQEndpointBuilderFactory {
return this;
}
/**
+ * Whether to allow Java serialization of the message body or not. If
+ * this value is true, the message body will be serialized on the
+ * producer side using Java serialization, if no type converter can
+ * handle the message body. On the consumer side, it will deserialize
+ * the message body if this value is true and the message contains a
+ * CamelSerialize header. Setting this value to true may introduce a
+ * security vulnerability as it allows an attacker to attempt to
+ * deserialize to a gadget object which could result in a RCE or other
+ * security vulnerability.
+ *
+ * The option is a: <code>boolean</code> type.
+ *
+ * Default: false
+ * Group: allowMessageBodySerialization
+ */
+ default RabbitMQEndpointConsumerBuilder allowMessageBodySerialization(
+ boolean allowMessageBodySerialization) {
+ doSetProperty("allowMessageBodySerialization", allowMessageBodySerialization);
+ return this;
+ }
+ /**
+ * Whether to allow Java serialization of the message body or not. If
+ * this value is true, the message body will be serialized on the
+ * producer side using Java serialization, if no type converter can
+ * handle the message body. On the consumer side, it will deserialize
+ * the message body if this value is true and the message contains a
+ * CamelSerialize header. Setting this value to true may introduce a
+ * security vulnerability as it allows an attacker to attempt to
+ * deserialize to a gadget object which could result in a RCE or other
+ * security vulnerability.
+ *
+ * The option will be converted to a <code>boolean</code> type.
+ *
+ * Default: false
+ * Group: allowMessageBodySerialization
+ */
+ default RabbitMQEndpointConsumerBuilder allowMessageBodySerialization(
+ String allowMessageBodySerialization) {
+ doSetProperty("allowMessageBodySerialization", allowMessageBodySerialization);
+ return this;
+ }
+ /**
* Password for authenticated access.
*
* The option is a: <code>java.lang.String</code> type.
@@ -2013,6 +2055,48 @@ public interface RabbitMQEndpointBuilderFactory {
return this;
}
/**
+ * Whether to allow Java serialization of the message body or not. If
+ * this value is true, the message body will be serialized on the
+ * producer side using Java serialization, if no type converter can
+ * handle the message body. On the consumer side, it will deserialize
+ * the message body if this value is true and the message contains a
+ * CamelSerialize header. Setting this value to true may introduce a
+ * security vulnerability as it allows an attacker to attempt to
+ * deserialize to a gadget object which could result in a RCE or other
+ * security vulnerability.
+ *
+ * The option is a: <code>boolean</code> type.
+ *
+ * Default: false
+ * Group: allowMessageBodySerialization
+ */
+ default RabbitMQEndpointProducerBuilder allowMessageBodySerialization(
+ boolean allowMessageBodySerialization) {
+ doSetProperty("allowMessageBodySerialization", allowMessageBodySerialization);
+ return this;
+ }
+ /**
+ * Whether to allow Java serialization of the message body or not. If
+ * this value is true, the message body will be serialized on the
+ * producer side using Java serialization, if no type converter can
+ * handle the message body. On the consumer side, it will deserialize
+ * the message body if this value is true and the message contains a
+ * CamelSerialize header. Setting this value to true may introduce a
+ * security vulnerability as it allows an attacker to attempt to
+ * deserialize to a gadget object which could result in a RCE or other
+ * security vulnerability.
+ *
+ * The option will be converted to a <code>boolean</code> type.
+ *
+ * Default: false
+ * Group: allowMessageBodySerialization
+ */
+ default RabbitMQEndpointProducerBuilder allowMessageBodySerialization(
+ String allowMessageBodySerialization) {
+ doSetProperty("allowMessageBodySerialization", allowMessageBodySerialization);
+ return this;
+ }
+ /**
* Password for authenticated access.
*
* The option is a: <code>java.lang.String</code> type.
@@ -2900,6 +2984,48 @@ public interface RabbitMQEndpointBuilderFactory {
return this;
}
/**
+ * Whether to allow Java serialization of the message body or not. If
+ * this value is true, the message body will be serialized on the
+ * producer side using Java serialization, if no type converter can
+ * handle the message body. On the consumer side, it will deserialize
+ * the message body if this value is true and the message contains a
+ * CamelSerialize header. Setting this value to true may introduce a
+ * security vulnerability as it allows an attacker to attempt to
+ * deserialize to a gadget object which could result in a RCE or other
+ * security vulnerability.
+ *
+ * The option is a: <code>boolean</code> type.
+ *
+ * Default: false
+ * Group: allowMessageBodySerialization
+ */
+ default RabbitMQEndpointBuilder allowMessageBodySerialization(
+ boolean allowMessageBodySerialization) {
+ doSetProperty("allowMessageBodySerialization", allowMessageBodySerialization);
+ return this;
+ }
+ /**
+ * Whether to allow Java serialization of the message body or not. If
+ * this value is true, the message body will be serialized on the
+ * producer side using Java serialization, if no type converter can
+ * handle the message body. On the consumer side, it will deserialize
+ * the message body if this value is true and the message contains a
+ * CamelSerialize header. Setting this value to true may introduce a
+ * security vulnerability as it allows an attacker to attempt to
+ * deserialize to a gadget object which could result in a RCE or other
+ * security vulnerability.
+ *
+ * The option will be converted to a <code>boolean</code> type.
+ *
+ * Default: false
+ * Group: allowMessageBodySerialization
+ */
+ default RabbitMQEndpointBuilder allowMessageBodySerialization(
+ String allowMessageBodySerialization) {
+ doSetProperty("allowMessageBodySerialization", allowMessageBodySerialization);
+ return this;
+ }
+ /**
* Password for authenticated access.
*
* The option is a: <code>java.lang.String</code> type.
diff --git a/docs/components/modules/ROOT/pages/rabbitmq-component.adoc b/docs/components/modules/ROOT/pages/rabbitmq-component.adoc
index b84aa5f..a6f71d7 100644
--- a/docs/components/modules/ROOT/pages/rabbitmq-component.adoc
+++ b/docs/components/modules/ROOT/pages/rabbitmq-component.adoc
@@ -135,7 +135,7 @@ with the following path and query parameters:
|===
-=== Query Parameters (62 parameters):
+=== Query Parameters (63 parameters):
[width="100%",cols="2,5,^1,2",options="header"]
@@ -199,6 +199,7 @@ with the following path and query parameters:
| *synchronous* (advanced) | Sets whether synchronous processing should be strictly used, or Camel is allowed to use asynchronous processing (if supported). | false | boolean
| *topologyRecoveryEnabled* (advanced) | Enables connection topology recovery (should topology recovery be performed) | | Boolean
| *transferException* (advanced) | When true and an inOut Exchange failed on the consumer side send the caused Exception back in the response | false | boolean
+| *allowMessageBodySerialization* (allowMessageBodySerialization) | Whether to allow Java serialization of the message body or not. If this value is true, the message body will be serialized on the producer side using Java serialization, if no type converter can handle the message body. On the consumer side, it will deserialize the message body if this value is true and the message contains a CamelSerialize header. Setting this value to true may introduce a security vulnerability as it a [...]
| *password* (security) | Password for authenticated access | guest | String
| *sslProtocol* (security) | Enables SSL on connection, accepted value are true, TLS and 'SSLv3 | | String
| *trustManager* (security) | Configure SSL trust manager, SSL should be enabled for this option to be effective | | TrustManager