Uploaded image for project: 'Camel'
  1. Camel
  2. CAMEL-8607

Camel endpoint RAW password unsafe characters

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 2.15.1
    • 2.14.3, 2.15.2, 2.16.0
    • camel-core
    • None
    • java version "1.7.0_45", Linux, Mac

    • Unknown

    Description

      I am creating a camel endpoint such as this (somehost/someport/baseurl have been replaced):
      https4://somehost:someport/baseurl?authenticationPreemptive=true&authPassword=RAW(foo%bar)&authUsername=RAW(username)

      This causes camel to log the entire endpoint, including the user/password:
      (DefaultComponent.java:67) - Supplied URI 'https4://somehost:someport/baseurl?authenticationPreemptive=true&authPassword=RAW(foo%bar)&authUsername=RAW(username)' contains unsafe characters, please check encoding

      Consider:
      -It is a security issue to log the username/password

      -Specifiying RAW would allow for special characters, specifically for passwords, as indicated here : https://camel.apache.org/configuring-camel.html, but it seems that UnsafeUriCharactersEncoder is not handling them appropriately.

      Attachments

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            njiang Willem Jiang
            haffar Hani ElHaffar
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment