Uploaded image for project: 'Red Hat Fuse'
  1. Red Hat Fuse
  2. ENTESB-11520

API Provider: We need a Camel message header firewall

XMLWordPrintable

    • 0
    • 0% 0%
    • Todo

      (Migrated from https://github.com/syndesisio/syndesis/issues/4102)

      Author: Zoran Regvart
      Assignees: unassigned

      This is a...

      [pre][code]
      [x] Feature request
      [ ] Regression (a behavior that used to work and stopped working in a new release)
      [ ] Bug report [!-- Please search GitHub for a similar issue or PR before submitting --]
      [ ] Documentation issue or request
      [/code][/pre]

      Description

      We should make Camel message headers part of the connector contract, right now we have only definitions of endpoint/component parameters. Most Camel components are influenced by Camel message headers and potentially we could leak sensitive information if we pass Camel message headers bound via incoming payload by the consumer to an outgoing message payload via producer binding.

      We need to:
      1. add a white list of Camel message headers that are passed from the one connector to the following connector
      2. filter out all but white listed Camel message headers before invoking the following connector
      3. restore message headers after invoking the following connector (I think this is needed to restore activity tracking)

      I guess we don't need to do this for step connectors?

      cc @syndesisio/backend

      See #3865 #1915

              Unassigned Unassigned
              zregvart@redhat.com Zoran Regvart
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: