Uploaded image for project: 'Camel'
  1. Camel
  2. CAMEL-19676

Do not log sensitive query parameters when route cannot be created

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • 3.13.0, 3.21.0
    • 3.20.7, 3.21.1, 3.22.0, 4.0.0
    • camel-core
    • None
    • Unknown

    Description

      When camel cannot create a route, a FailedToCreateRouteException is thrown. This exception shows all query parameters in clear text, including sensitive information, like password. It would be beneficial to also mask sensitive information in this exception.

      interestingly enough, inner exceptions still mask the password.

      Note:

      The issue was originally observed on camel-sftp, but I suspect that this is a broader issue. I specified camel-log as component since it seems to be the closest fit. Please feel free to change this as need be.

      A sample project showing the behaviour can be found on github.com.

      To see the behaviour:

      • Clone the project
      git clone https://github.com/turing85/camel-sftp.git
cd camel-sftp
      • Start the sftp server:
      docker-compose --file local-deployment/docker-compose.yml up --detach
      • build the application
      ./mvnw clean package
      • start the jar
      java -jar target/camel-sftp-1.0-SNAPSHOT-executable-jar.jar
      • observe the stack trace, containing the password:
      Exception in thread "main" org.apache.camel.FailedToCreateRouteException: Failed to create route writer at: >>> To[sftp://localhost:10022?password=wrong%26foo&username=foo] <<< in route: Route(writer)[From[timer://write-timer?fixedRate=true&period... because of Failed to resolve endpoint: sftp://localhost:10022?password=xxxxxx&username=xxxxxx due to: Failed to resolve endpoint: sftp://localhost:10022?password=xxxxxx&username=xxxxxx due to: There are 1 parameters that couldn't be set on the endpoint. Check the uri if the parameters are spelt correctly and that they are properties of the endpoint. Unknown parameters=[{foo=}]
    at org.apache.camel.reifier.RouteReifier.doCreateRoute(RouteReifier.java:215)
    at org.apache.camel.reifier.RouteReifier.createRoute(RouteReifier.java:75)
    at org.apache.camel.impl.DefaultModelReifierFactory.createRoute(DefaultModelReifierFactory.java:49)
    at org.apache.camel.impl.DefaultCamelContext.startRouteDefinitions(DefaultCamelContext.java:937)
    at org.apache.camel.impl.DefaultCamelContext.startRouteDefinitions(DefaultCamelContext.java:800)
    at org.apache.camel.impl.engine.AbstractCamelContext.doInit(AbstractCamelContext.java:3028)
    at org.apache.camel.support.service.BaseService.init(BaseService.java:83)
    at org.apache.camel.impl.engine.AbstractCamelContext.init(AbstractCamelContext.java:2699)
    at org.apache.camel.support.service.BaseService.start(BaseService.java:111)
    at org.apache.camel.impl.engine.AbstractCamelContext.start(AbstractCamelContext.java:2718)
    at org.apache.camel.impl.DefaultCamelContext.start(DefaultCamelContext.java:262)
    at org.apache.camel.main.Main.doStart(Main.java:142)
    at org.apache.camel.support.service.BaseService.start(BaseService.java:119)
    at org.apache.camel.main.MainSupport.run(MainSupport.java:89)
    at de.turing85.camel.sftp.CamelSftp.main(CamelSftp.java:15)
Caused by: org.apache.camel.ResolveEndpointFailedException: Failed to resolve endpoint: sftp://localhost:10022?password=xxxxxx&username=xxxxxx due to: Failed to resolve endpoint: sftp://localhost:10022?password=xxxxxx&username=xxxxxx due to: There are 1 parameters that couldn't be set on the endpoint. Check the uri if the parameters are spelt correctly and that they are properties of the endpoint. Unknown parameters=[{foo=}]
    at org.apache.camel.impl.engine.AbstractCamelContext.doGetEndpoint(AbstractCamelContext.java:1020)
    at org.apache.camel.impl.engine.AbstractCamelContext.getEndpoint(AbstractCamelContext.java:931)
    at org.apache.camel.builder.endpoint.AbstractEndpointBuilder.resolve(AbstractEndpointBuilder.java:68)
    at org.apache.camel.reifier.SendReifier.resolveEndpoint(SendReifier.java:47)
    at org.apache.camel.reifier.SendReifier.createProcessor(SendReifier.java:37)
    at org.apache.camel.reifier.ProcessorReifier.makeProcessor(ProcessorReifier.java:857)
    at org.apache.camel.reifier.ProcessorReifier.addRoutes(ProcessorReifier.java:598)
    at org.apache.camel.reifier.RouteReifier.doCreateRoute(RouteReifier.java:211)
    ... 14 more
Caused by: org.apache.camel.ResolveEndpointFailedException: Failed to resolve endpoint: sftp://localhost:10022?password=xxxxxx&username=xxxxxx due to: There are 1 parameters that couldn't be set on the endpoint. Check the uri if the parameters are spelt correctly and that they are properties of the endpoint. Unknown parameters=[{foo=}]
    at org.apache.camel.support.DefaultComponent.validateParameters(DefaultComponent.java:300)
    at org.apache.camel.support.DefaultComponent.createEndpoint(DefaultComponent.java:192)
    at org.apache.camel.impl.engine.AbstractCamelContext.doGetEndpoint(AbstractCamelContext.java:986)
    ... 21 more

      Story:

      As a developer

      When I misconfigure my route so that it does not start

      Then I want that all sensitive information are masked in the entire stack trace.


      FTR: relevant zulip-chat

      Attachments

        Issue Links

          links to

          Web Link GitHub Pull Request #10889

          Activity

            People

              davsclaus Claus Ibsen
              turing85 Marco Bungart
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: