Uploaded image for project: 'Red Hat Fuse'
  1. Red Hat Fuse
  2. ENTESB-21958

camel-http4 HttpComponent logs a raw password unsafe characters

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • fuse-7.13-GA
    • fuse-7.12-GA
    • Camel
    • None
    • Very Likely

      Altough org.apache.camel.impl.DefaultComponent masking a raw password for logging, org.apache.camel.component.http4.HttpComponent doesn't.

      camel route

      <to id="_to1" uri="http4://localhost:8181/hawtio/auth/login?authMethodPriority=Digest&amp;authPassword=admin&amp;authUsername=admin"/>

      DEBUG level log

      09:55:42.735 [main] DEBUG o.apache.camel.impl.DefaultComponent - Creating endpoint uri=[http4://localhost:8181/hawtio/auth/login?authMethodPriority=Digest&authPassword=xxxxxx&authUsername=admin], path=[localhost:8181/hawtio/auth/login]
09:55:42.744 [main] DEBUG o.a.c.component.http4.HttpComponent - Creating endpoint uri http4://localhost:8181/hawtio/auth/login?authUsername=admin&authMethodPriority=Digest&authPassword=admin

      Please check the value for the "authPassword" parameter.

      The implementations are different between DefaultComponent and HttpComponent.

      org.apache.camel.impl.DefaultComponent

      LOG.debug("Creating endpoint uri=[{}], path=[{}]", URISupport.sanitizeUri(uri), URISupport.sanitizePath(path));

      org.apache.camel.component.http4.HttpComponent

      // create the endpoint and set the http uri to be null
String endpointUriString = endpointUri.toString();

LOG.debug("Creating endpoint uri {}", endpointUriString);

        1. reproducer.zip
          24.89 MB

              ldemasi Luigi De Masi
              rhn-support-hfuruich Hisao Furuichi
              Daniel Olearcin Daniel Olearcin (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: