[CAMEL-12480] HttpOperationFailedException exposes password when using basic auth with user:password@host notation - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: 2.21.0
Fix Version/s: 2.20.4, 2.21.2, 2.22.0
Component/s: camel-ahc, camel-http-common, camel-netty-http, camel-netty4-http, camel-undertow
Labels:
None

Estimated Complexity:
Novice

Description

Simplified route:

from(inUri)
            .toD("http4://user:password@host:port/path");

When a HttpOperationFailedException occurs the message contains the unmasked password e.g. "HTTP operation failed invoking http://user:password@host:port/path ..."

I guess Camel should mask the password.

Attachments

Issue Links

links to

GitHub Pull Request #2317

Activity

People

Assignee:: Pascal Schumacher

Reporter:: Pascal Schumacher

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 03/May/18 11:50

Updated:: 06/May/18 11:59

Resolved:: 06/May/18 11:58