This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch camel-2.25.x
in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/camel-2.25.x by this push:
new 94b2c15 CAMEL-14711 - Disable RabbitMQ Java serialization by default
(#3633)
94b2c15 is described below
commit 94b2c15247c83f233e4dd7870a526113ead9476c
Author: Colm O hEigeartaigh <cohei...@users.noreply.github.com>
AuthorDate: Mon Mar 16 18:50:52 2020 +0000
CAMEL-14711 - Disable RabbitMQ Java serialization by default (#3633)
---
.../src/main/docs/rabbitmq-component.adoc | 3 ++-
.../camel/component/rabbitmq/RabbitMQEndpoint.java | 22 ++++++++++++++++++++--
.../rabbitmq/RabbitMQMessageConverter.java | 10 ++++++----
.../rabbitmq/RabbitMQMessagePublisher.java | 5 +++--
.../rabbitmq/reply/ReplyManagerSupport.java | 4 ++--
.../component/rabbitmq/RabbitMQInOutIntTest.java | 4 ++--
.../modules/ROOT/pages/rabbitmq-component.adoc | 3 ++-
7 files changed, 37 insertions(+), 14 deletions(-)
diff --git a/components/camel-rabbitmq/src/main/docs/rabbitmq-component.adoc
b/components/camel-rabbitmq/src/main/docs/rabbitmq-component.adoc
index 83ce977..498e99c 100644
--- a/components/camel-rabbitmq/src/main/docs/rabbitmq-component.adoc
+++ b/components/camel-rabbitmq/src/main/docs/rabbitmq-component.adoc
@@ -128,7 +128,7 @@ with the following path and query parameters:
|===
-=== Query Parameters (62 parameters):
+=== Query Parameters (63 parameters):
[width="100%",cols="2,5,^1,2",options="header"]
@@ -192,6 +192,7 @@ with the following path and query parameters:
| *synchronous* (advanced) | Sets whether synchronous processing should be
strictly used, or Camel is allowed to use asynchronous processing (if
supported). | false | boolean
| *topologyRecoveryEnabled* (advanced) | Enables connection topology recovery
(should topology recovery be performed) | | Boolean
| *transferException* (advanced) | When true and an inOut Exchange failed on
the consumer side send the caused Exception back in the response | false |
boolean
+| *allowMessageBody Serialization* (allowMessageBodySerialization) | Whether
to allow Java serialization of the message body or not. If this value is true,
the message body will be serialized on the producer side using Java
serialization, if no type converter can handle the message body. On the
consumer side, it will deserialize the message body if this value is true and
the message contains a CamelSerialize header. Setting this value to true may
introduce a security vulnerability as it [...]
| *password* (security) | Password for authenticated access | guest | String
| *sslProtocol* (security) | Enables SSL on connection, accepted value are
true, TLS and 'SSLv3 | | String
| *trustManager* (security) | Configure SSL trust manager, SSL should be
enabled for this option to be effective | | TrustManager
diff --git
a/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/RabbitMQEndpoint.java
b/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/RabbitMQEndpoint.java
index c715514..98aaeb9 100644
---
a/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/RabbitMQEndpoint.java
+++
b/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/RabbitMQEndpoint.java
@@ -176,7 +176,8 @@ public class RabbitMQEndpoint extends DefaultEndpoint
implements AsyncEndpoint {
private boolean guaranteedDeliveries;
@UriParam(label = "producer")
private boolean allowNullHeaders;
- // camel-jms supports this setting but it is not currently configurable in
camel-rabbitmq
+ @UriParam(label = "allowMessageBodySerialization", defaultValue = "false")
+ private boolean allowMessageBodySerialization;
private boolean useMessageIDAsCorrelationID = true;
// camel-jms supports this setting but it is not currently configurable in
camel-rabbitmq
private String replyToType = ReplyToType.Temporary.name();
@@ -201,7 +202,7 @@ public class RabbitMQEndpoint extends DefaultEndpoint
implements AsyncEndpoint {
public Exchange createRabbitExchange(Envelope envelope,
AMQP.BasicProperties properties, byte[] body) {
Exchange exchange = super.createExchange();
- messageConverter.populateRabbitExchange(exchange, envelope,
properties, body, false);
+ messageConverter.populateRabbitExchange(exchange, envelope,
properties, body, false, allowMessageBodySerialization);
return exchange;
}
@@ -589,6 +590,23 @@ public class RabbitMQEndpoint extends DefaultEndpoint
implements AsyncEndpoint {
this.automaticRecoveryEnabled = automaticRecoveryEnabled;
}
+ public boolean isAllowMessageBodySerialization() {
+ return allowMessageBodySerialization;
+ }
+
+ /**
+ * Whether to allow Java serialization of the message body or not. If this
value is true, the message body
+ * will be serialized on the producer side using Java serialization, if no
type converter can handle the
+ * message body. On the consumer side, it will deserialize the message
body if this value is true and the
+ * message contains a CamelSerialize header.
+ *
+ * Setting this value to true may introduce a security vulnerability as it
allows an attacker to attempt to
+ * deserialize to a gadget object which could result in a RCE or other
security vulnerability.
+ */
+ public void setAllowMessageBodySerialization(boolean
allowMessageBodySerialization) {
+ this.allowMessageBodySerialization = allowMessageBodySerialization;
+ }
+
public Integer getNetworkRecoveryInterval() {
return networkRecoveryInterval;
}
diff --git
a/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/RabbitMQMessageConverter.java
b/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/RabbitMQMessageConverter.java
index c81e27c..6e7b734 100644
---
a/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/RabbitMQMessageConverter.java
+++
b/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/RabbitMQMessageConverter.java
@@ -223,10 +223,11 @@ public class RabbitMQMessageConverter {
return null;
}
- public void populateRabbitExchange(Exchange camelExchange, Envelope
envelope, AMQP.BasicProperties properties, byte[] body, final boolean out) {
+ public void populateRabbitExchange(Exchange camelExchange, Envelope
envelope, AMQP.BasicProperties properties, byte[] body, final boolean out,
+ final boolean
allowMessageBodySerialization) {
Message message = resolveMessageFrom(camelExchange, out);
populateMessageHeaders(message, envelope, properties);
- populateMessageBody(message, camelExchange, properties, body);
+ populateMessageBody(message, camelExchange, properties, body,
allowMessageBodySerialization);
}
private Message resolveMessageFrom(final Exchange camelExchange, final
boolean out) {
@@ -274,8 +275,9 @@ public class RabbitMQMessageConverter {
}
}
- private void populateMessageBody(final Message message, final Exchange
camelExchange, final AMQP.BasicProperties properties, final byte[] body) {
- if (hasSerializeHeader(properties)) {
+ private void populateMessageBody(final Message message, final Exchange
camelExchange, final AMQP.BasicProperties properties, final byte[] body,
+ final boolean
allowMessageBodySerialization) {
+ if (allowMessageBodySerialization && hasSerializeHeader(properties)) {
deserializeBody(camelExchange, message, body);
} else {
// Set the body as a byte[] and let the type converter deal with it
diff --git
a/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/RabbitMQMessagePublisher.java
b/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/RabbitMQMessagePublisher.java
index 4680cfc..37028a0 100644
---
a/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/RabbitMQMessagePublisher.java
+++
b/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/RabbitMQMessagePublisher.java
@@ -86,8 +86,9 @@ public class RabbitMQMessagePublisher {
properties =
endpoint.getMessageConverter().buildProperties(camelExchange).build();
} catch (NoTypeConversionAvailableException | TypeConversionException
e) {
- if (message.getBody() instanceof Serializable) {
- // Add the header so the reply processor knows to de-serialize
it
+ if (message.getBody() instanceof Serializable &&
endpoint.isAllowMessageBodySerialization()) {
+ // Add the header so the reply processor knows to de-serialize
+ // it
message.getHeaders().put(RabbitMQEndpoint.SERIALIZE_HEADER,
true);
properties =
endpoint.getMessageConverter().buildProperties(camelExchange).build();
body = serializeBodyFrom(message);
diff --git
a/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/reply/ReplyManagerSupport.java
b/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/reply/ReplyManagerSupport.java
index 1c204af..05d4149 100644
---
a/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/reply/ReplyManagerSupport.java
+++
b/components/camel-rabbitmq/src/main/java/org/apache/camel/component/rabbitmq/reply/ReplyManagerSupport.java
@@ -151,8 +151,8 @@ public abstract class ReplyManagerSupport extends
ServiceSupport implements Repl
String msg = "reply message with correlationID: " +
holder.getCorrelationId() + " not received on destination: " + replyTo;
exchange.setException(new
ExchangeTimedOutException(exchange, holder.getRequestTimeout(), msg));
} else {
-
- messageConverter.populateRabbitExchange(exchange, null,
holder.getProperties(), holder.getMessage(), true);
+ messageConverter.populateRabbitExchange(exchange, null,
holder.getProperties(), holder.getMessage(), true,
+
endpoint.isAllowMessageBodySerialization());
// restore correlation id in case the remote server messed
with it
if (holder.getOriginalCorrelationId() != null) {
diff --git
a/components/camel-rabbitmq/src/test/java/org/apache/camel/component/rabbitmq/RabbitMQInOutIntTest.java
b/components/camel-rabbitmq/src/test/java/org/apache/camel/component/rabbitmq/RabbitMQInOutIntTest.java
index 61a7e53..87f2b54 100644
---
a/components/camel-rabbitmq/src/test/java/org/apache/camel/component/rabbitmq/RabbitMQInOutIntTest.java
+++
b/components/camel-rabbitmq/src/test/java/org/apache/camel/component/rabbitmq/RabbitMQInOutIntTest.java
@@ -57,13 +57,13 @@ public class RabbitMQInOutIntTest extends
AbstractRabbitMQIntTest {
@EndpointInject(uri = "rabbitmq:localhost:5672/" + EXCHANGE +
"?threadPoolSize=1&exchangeType=direct&username=cameltest&password=cameltest"
+ "&autoAck=true&queue=q4&routingKey=" + ROUTING_KEY
- + "&transferException=true&requestTimeout=" + TIMEOUT_MS)
+ + "&transferException=true&requestTimeout=" + TIMEOUT_MS +
"&allowMessageBodySerialization=true")
private Endpoint rabbitMQEndpoint;
@EndpointInject(uri = "rabbitmq:localhost:5672/" + EXCHANGE_NO_ACK +
"?threadPoolSize=1&exchangeType=direct&username=cameltest&password=cameltest"
+
"&autoAck=false&autoDelete=false&durable=false&queue=q5&routingKey=" +
ROUTING_KEY
+ "&transferException=true&requestTimeout=" + TIMEOUT_MS
- + "&queueArgs=#queueArgs")
+ + "&queueArgs=#queueArgs" + "&allowMessageBodySerialization=true")
private Endpoint noAutoAckEndpoint;
@EndpointInject(uri = "mock:result")
diff --git a/docs/components/modules/ROOT/pages/rabbitmq-component.adoc
b/docs/components/modules/ROOT/pages/rabbitmq-component.adoc
index ae6efff..0ecd0ab 100644
--- a/docs/components/modules/ROOT/pages/rabbitmq-component.adoc
+++ b/docs/components/modules/ROOT/pages/rabbitmq-component.adoc
@@ -129,7 +129,7 @@ with the following path and query parameters:
|===
-=== Query Parameters (62 parameters):
+=== Query Parameters (63 parameters):
[width="100%",cols="2,5,^1,2",options="header"]
@@ -193,6 +193,7 @@ with the following path and query parameters:
| *synchronous* (advanced) | Sets whether synchronous processing should be
strictly used, or Camel is allowed to use asynchronous processing (if
supported). | false | boolean
| *topologyRecoveryEnabled* (advanced) | Enables connection topology recovery
(should topology recovery be performed) | | Boolean
| *transferException* (advanced) | When true and an inOut Exchange failed on
the consumer side send the caused Exception back in the response | false |
boolean
+| *allowMessageBody Serialization* (allowMessageBodySerialization) | Whether
to allow Java serialization of the message body or not. If this value is true,
the message body will be serialized on the producer side using Java
serialization, if no type converter can handle the message body. On the
consumer side, it will deserialize the message body if this value is true and
the message contains a CamelSerialize header. Setting this value to true may
introduce a security vulnerability as it [...]
| *password* (security) | Password for authenticated access | guest | String
| *sslProtocol* (security) | Enables SSL on connection, accepted value are
true, TLS and 'SSLv3 | | String
| *trustManager* (security) | Configure SSL trust manager, SSL should be
enabled for this option to be effective | | TrustManager
