You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by da...@apache.org on 2018/04/12 14:52:13 UTC

[camel] branch camel-2.20.x updated: CAMEL-12439: FailedToCreateRouteException should mask sensitive information in uris

This is an automated email from the ASF dual-hosted git repository.

davsclaus pushed a commit to branch camel-2.20.x
in repository https://gitbox.apache.org/repos/asf/camel.git


The following commit(s) were added to refs/heads/camel-2.20.x by this push:
     new f032f22  CAMEL-12439: FailedToCreateRouteException should mask sensitive information in uris
f032f22 is described below

commit f032f22b16b266b1fcde8889d529da1c7da6e1d2
Author: Claus Ibsen <cl...@gmail.com>
AuthorDate: Thu Apr 12 16:50:51 2018 +0200

    CAMEL-12439: FailedToCreateRouteException should mask sensitive information in uris
---
 .../org/apache/camel/FailedToCreateRouteException.java   |  5 +++++
 .../camel/model/StartingRoutesErrorReportedTest.java     | 16 ++++++++++++++++
 2 files changed, 21 insertions(+)

diff --git a/camel-core/src/main/java/org/apache/camel/FailedToCreateRouteException.java b/camel-core/src/main/java/org/apache/camel/FailedToCreateRouteException.java
index 639384c..00599b3 100644
--- a/camel-core/src/main/java/org/apache/camel/FailedToCreateRouteException.java
+++ b/camel-core/src/main/java/org/apache/camel/FailedToCreateRouteException.java
@@ -16,6 +16,8 @@
  */
 package org.apache.camel;
 
+import org.apache.camel.util.URISupport;
+
 /**
  * Exception when failing to create a {@link org.apache.camel.Route}.
  *
@@ -48,6 +50,9 @@ public class FailedToCreateRouteException extends CamelException {
     }
 
     protected static String getRouteMessage(String route) {
+        // ensure to sanitize uri's in the route so we do not show sensitive information such as passwords
+        route = URISupport.sanitizeUri(route);
+
         // cut the route after 60 chars so it won't be too big in the message
         // users just need to be able to identify the route so they know where to look
         if (route.length() > 60) {
diff --git a/camel-core/src/test/java/org/apache/camel/model/StartingRoutesErrorReportedTest.java b/camel-core/src/test/java/org/apache/camel/model/StartingRoutesErrorReportedTest.java
index e9beb08..11fcdd1 100644
--- a/camel-core/src/test/java/org/apache/camel/model/StartingRoutesErrorReportedTest.java
+++ b/camel-core/src/test/java/org/apache/camel/model/StartingRoutesErrorReportedTest.java
@@ -56,6 +56,22 @@ public class StartingRoutesErrorReportedTest extends ContextTestSupport {
         }
     }
 
+    public void testMaskPassword() throws Exception {
+        try {
+            context.addRoutes(new RouteBuilder() {
+                @Override
+                public void configure() throws Exception {
+                    from("stub:foo?password=secret&beer=yes").routeId("route2").to("direct:result?foo=bar");
+                }
+            });
+            context.start();
+            fail();
+        } catch (FailedToCreateRouteException e) {
+            assertTrue(e.getMessage().startsWith("Failed to create route route2 at: >>> To[direct:result?foo=bar] <<< in route:"
+                    + " Route(route2)[[From[stub:foo?password=xxxxxx&beer=yes]] -> [... because of"));
+        }
+    }
+
     public void testInvalidBean() throws Exception {
         try {
             context.addRoutes(new RouteBuilder() {

-- 
To stop receiving notification emails like this one, please contact
davsclaus@apache.org.