Uploaded image for project: 'Camel'
  1. Camel
  2. CAMEL-15577

Camel-stringtemplate: Misleading and incorrect implementation of parameter 'allowTemplateFromHeader'

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 3.5.0
    • 3.6.0
    • camel-stringtemplate
    • None
    • Unknown

    Description

      There is a difference in implementation of parameter `allowTemplateFromHeader` in various templating components and missing implementation in stringtemplate component.

       Description from documentation (of "allowTemplateFromHeader"):

      Whether to allow to use resource template from header or not (default false). Enabling this allows to specify dynamic templates via message header. However this can be seen as a potential security vulnerability if the header is coming from a malicious user, so use this with care.

      Common sense says that with this parameter I can send template via header.

      Which is implemented for example in velocity component (see https://github.com/apache/camel/blob/master/components/camel-velocity/src/main/java/org/apache/camel/component/velocity/VelocityEndpoint.java#L185)

      In stringtemplate component there is only functionality about providing own variable map (see https://github.com/apache/camel/blob/master/components/camel-stringtemplate/src/main/java/org/apache/camel/component/stringtemplate/StringTemplateEndpoint.java#L104) - the same functionality in velocity is called 'supplementalContext'

       In stringtemplate documentation is a described usage of this custom context map:

      You can define the custom context map by setting the message header "CamelStringTemplateVariableMap" just like the below code. 

      Errors:

      1. parameter "CamelStringTemplateVariableMap" is applied only when "allowTemplateFromHeader" is set to true
      2. there is no way of providing template via header.

       

      Fix should

      1. remove dependency between "CamelStringTemplateVariableMap" and "allowTemplateFromHeader"
      2. add a new parameter to allow definition of template via header  Fix problem with template via header based on other templating components (e.g. velocity)

       

      Attachments

        Issue Links

          Activity

            People

              jondruse Jiri Ondrusek
              jondruse Jiri Ondrusek
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: