ReggieCarey commented on issue #673:
URL: https://github.com/apache/camel-kamelets/issues/673#issuecomment-1006941745
@oscerd,
From my testing and reading of the code at
camel-kamelets/library/camel-kamelets-utils/src/main/java/org/apache/camel/kamelets/utils/transform/
**extract-field-action** - Replaces the json cloud-event payload with the
contents of an entry in that payload. It's not clear what syntax to use to
step into a json object/array to target a particular nested or array based
entry. (JQ?)
> DOCS: Extract a field from the body
**insert-field-action** - Adds a hard coded field:value to a json
cloud-event payload - its not clear what syntax is used to specify some
location in the json payload where the field should be inserted. (JQ?)
> DOCS: Adds an header with a constant value to the message in transit
**insert-header-action** - Adds a hard coded header:value to a cloud-event
header. There does not appear to be a bean associated with this so its
implementation is a little harder to find.
> DOCS: No headers mapping supported, only constant values.
### ??BUG?? ###
The value fields in the above state they are constant values. One would
assume that any legal json string would be valid for the "value". This is not
the case. There is some (inappropriate?) parsing of the value field. Strings
like "{{ xxx }}" and "${ xyzzy }" should be valid values but cause a failure in
the integration. If one understands what's going on with parsing, one could
inject malicious code blocks into that expansion - I haven't found all of the
implementing code so I do not know the extent to what gets parsed and how.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscr...@camel.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
