[CAMEL-16403] camel-core - URI parsing sensitive keys - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: 4.x
Component/s: camel-core
Labels:
None

Estimated Complexity:
Unknown

Description

With SensitiveUtils we know have a full list of known property names that are sensitive.
We can use this in endpoint uri parsing to know that its value should be used as-is (eg like it was RAW( ))

Thought with RAW() there is still some decoding due to URI invalid chars, eg you can't have special chars in the uri, so they get decimal encoded.

Another approach: We could also just generate a random uuid as placeholder for the value, which is backed in some internal registry/vault which then is used to lookup the actual value, when in use.

However the uri may be used to call external service, like a http / ftp with username:password combination, so you may want an uri representation with the actual value. Likewise if there is some api tokens in the uri.

Attachments

Issue Links

is related to

CAMEL-16016 Encoding special characters via UnsafeUriCharactersEncoder does not work in all cases

Resolved

CAMEL-18200 camel-core - Scheduled consumer should hide sensitive information if failed polling

Resolved

relates to

CAMEL-18370 Bidning properties to route template local beans do not honor RAW()

Resolved

CAMEL-18385 camel-kamelet - Endpoint URIs from parameters could be passed as-is without uri encoding

Resolved

links to

GitHub Pull Request #15624

Activity

People

Assignee:: Unassigned

Reporter:: Claus Ibsen

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 25/Mar/21 11:52

Updated:: 21/Sep/24 10:14