This is an automated email from the ASF dual-hosted git repository.
davsclaus pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel.git
commit 49b51e8fae32997c924efac7dab99a3db01b759e
Author: Claus Ibsen <claus.ib...@gmail.com>
AuthorDate: Tue May 12 09:14:07 2020 +0200
CAMEL-15050: Templating components - Variable map to be limited to
body/headers
---
.../component/mvel/MvelComponentConfigurer.java | 5 ++++
.../component/mvel/MvelEndpointConfigurer.java | 5 ++++
.../org/apache/camel/component/mvel/mvel.json | 2 ++
.../camel-mvel/src/main/docs/mvel-component.adoc | 6 ++--
.../apache/camel/component/mvel/MvelComponent.java | 17 +++++++++++
.../apache/camel/component/mvel/MvelEndpoint.java | 2 +-
.../camel/language/mvel/MvelComponentTest.java | 2 +-
.../camel-mvel/src/test/resources/template.mvel | 2 +-
.../camel-mvel/src/test/resources/template2.mvel | 2 +-
.../component/dsl/MvelComponentBuilderFactory.java | 18 ++++++++++++
.../endpoint/dsl/MvelEndpointBuilderFactory.java | 33 ++++++++++++++++++++++
11 files changed, 88 insertions(+), 6 deletions(-)
diff --git
a/components/camel-mvel/src/generated/java/org/apache/camel/component/mvel/MvelComponentConfigurer.java
b/components/camel-mvel/src/generated/java/org/apache/camel/component/mvel/MvelComponentConfigurer.java
index 6ce6fe7..6189015 100644
---
a/components/camel-mvel/src/generated/java/org/apache/camel/component/mvel/MvelComponentConfigurer.java
+++
b/components/camel-mvel/src/generated/java/org/apache/camel/component/mvel/MvelComponentConfigurer.java
@@ -19,6 +19,8 @@ public class MvelComponentConfigurer extends
PropertyConfigurerSupport implement
public boolean configure(CamelContext camelContext, Object obj, String
name, Object value, boolean ignoreCase) {
MvelComponent target = (MvelComponent) obj;
switch (ignoreCase ? name.toLowerCase() : name) {
+ case "allowcontextmapall":
+ case "allowContextMapAll":
target.setAllowContextMapAll(property(camelContext, boolean.class, value));
return true;
case "allowtemplatefromheader":
case "allowTemplateFromHeader":
target.setAllowTemplateFromHeader(property(camelContext, boolean.class,
value)); return true;
case "basicpropertybinding":
@@ -32,6 +34,7 @@ public class MvelComponentConfigurer extends
PropertyConfigurerSupport implement
@Override
public Map<String, Object> getAllOptions(Object target) {
Map<String, Object> answer = new CaseInsensitiveMap();
+ answer.put("allowContextMapAll", boolean.class);
answer.put("allowTemplateFromHeader", boolean.class);
answer.put("basicPropertyBinding", boolean.class);
answer.put("lazyStartProducer", boolean.class);
@@ -42,6 +45,8 @@ public class MvelComponentConfigurer extends
PropertyConfigurerSupport implement
public Object getOptionValue(Object obj, String name, boolean ignoreCase) {
MvelComponent target = (MvelComponent) obj;
switch (ignoreCase ? name.toLowerCase() : name) {
+ case "allowcontextmapall":
+ case "allowContextMapAll": return target.isAllowContextMapAll();
case "allowtemplatefromheader":
case "allowTemplateFromHeader": return
target.isAllowTemplateFromHeader();
case "basicpropertybinding":
diff --git
a/components/camel-mvel/src/generated/java/org/apache/camel/component/mvel/MvelEndpointConfigurer.java
b/components/camel-mvel/src/generated/java/org/apache/camel/component/mvel/MvelEndpointConfigurer.java
index e29d69b..56b6213 100644
---
a/components/camel-mvel/src/generated/java/org/apache/camel/component/mvel/MvelEndpointConfigurer.java
+++
b/components/camel-mvel/src/generated/java/org/apache/camel/component/mvel/MvelEndpointConfigurer.java
@@ -19,6 +19,8 @@ public class MvelEndpointConfigurer extends
PropertyConfigurerSupport implements
public boolean configure(CamelContext camelContext, Object obj, String
name, Object value, boolean ignoreCase) {
MvelEndpoint target = (MvelEndpoint) obj;
switch (ignoreCase ? name.toLowerCase() : name) {
+ case "allowcontextmapall":
+ case "allowContextMapAll":
target.setAllowContextMapAll(property(camelContext, boolean.class, value));
return true;
case "allowtemplatefromheader":
case "allowTemplateFromHeader":
target.setAllowTemplateFromHeader(property(camelContext, boolean.class,
value)); return true;
case "basicpropertybinding":
@@ -36,6 +38,7 @@ public class MvelEndpointConfigurer extends
PropertyConfigurerSupport implements
@Override
public Map<String, Object> getAllOptions(Object target) {
Map<String, Object> answer = new CaseInsensitiveMap();
+ answer.put("allowContextMapAll", boolean.class);
answer.put("allowTemplateFromHeader", boolean.class);
answer.put("basicPropertyBinding", boolean.class);
answer.put("contentCache", boolean.class);
@@ -49,6 +52,8 @@ public class MvelEndpointConfigurer extends
PropertyConfigurerSupport implements
public Object getOptionValue(Object obj, String name, boolean ignoreCase) {
MvelEndpoint target = (MvelEndpoint) obj;
switch (ignoreCase ? name.toLowerCase() : name) {
+ case "allowcontextmapall":
+ case "allowContextMapAll": return target.isAllowContextMapAll();
case "allowtemplatefromheader":
case "allowTemplateFromHeader": return
target.isAllowTemplateFromHeader();
case "basicpropertybinding":
diff --git
a/components/camel-mvel/src/generated/resources/org/apache/camel/component/mvel/mvel.json
b/components/camel-mvel/src/generated/resources/org/apache/camel/component/mvel/mvel.json
index c7fea8d..9f34283 100644
---
a/components/camel-mvel/src/generated/resources/org/apache/camel/component/mvel/mvel.json
+++
b/components/camel-mvel/src/generated/resources/org/apache/camel/component/mvel/mvel.json
@@ -21,12 +21,14 @@
"lenientProperties": false
},
"componentProperties": {
+ "allowContextMapAll": { "kind": "property", "displayName": "Allow Context
Map All", "group": "producer", "label": "", "required": false, "type":
"boolean", "javaType": "boolean", "deprecated": false, "secret": false,
"defaultValue": "false", "description": "Sets whether the context map should
allow access to all details. By default only the message body and headers can
be accessed. This option can be enabled for full access to the current Exchange
and CamelContext. Doing so impose a [...]
"allowTemplateFromHeader": { "kind": "property", "displayName": "Allow
Template From Header", "group": "producer", "label": "", "required": false,
"type": "boolean", "javaType": "boolean", "deprecated": false, "secret": false,
"defaultValue": "false", "description": "Whether to allow to use resource
template from header or not (default false). Enabling this allows to specify
dynamic templates via message header. However this can be seen as a potential
security vulnerability if the he [...]
"lazyStartProducer": { "kind": "property", "displayName": "Lazy Start
Producer", "group": "producer", "label": "producer", "required": false, "type":
"boolean", "javaType": "boolean", "deprecated": false, "secret": false,
"defaultValue": false, "description": "Whether the producer should be started
lazy (on the first message). By starting lazy you can use this to allow
CamelContext and routes to startup in situations where a producer may otherwise
fail during starting and cause the r [...]
"basicPropertyBinding": { "kind": "property", "displayName": "Basic
Property Binding", "group": "advanced", "label": "advanced", "required": false,
"type": "boolean", "javaType": "boolean", "deprecated": false, "secret": false,
"defaultValue": false, "description": "Whether the component should use basic
property binding (Camel 2.x) or the newer property binding with additional
capabilities" }
},
"properties": {
"resourceUri": { "kind": "path", "displayName": "Resource Uri", "group":
"producer", "label": "", "required": true, "type": "string", "javaType":
"java.lang.String", "deprecated": false, "deprecationNote": "", "secret":
false, "description": "Path to the resource. You can prefix with: classpath,
file, http, ref, or bean. classpath, file and http loads the resource using
these protocols (classpath is default). ref will lookup the resource in the
registry. bean will call a method on a [...]
+ "allowContextMapAll": { "kind": "parameter", "displayName": "Allow Context
Map All", "group": "producer", "label": "", "required": false, "type":
"boolean", "javaType": "boolean", "deprecated": false, "secret": false,
"defaultValue": "false", "description": "Sets whether the context map should
allow access to all details. By default only the message body and headers can
be accessed. This option can be enabled for full access to the current Exchange
and CamelContext. Doing so impose a [...]
"allowTemplateFromHeader": { "kind": "parameter", "displayName": "Allow
Template From Header", "group": "producer", "label": "", "required": false,
"type": "boolean", "javaType": "boolean", "deprecated": false, "secret": false,
"defaultValue": "false", "description": "Whether to allow to use resource
template from header or not (default false). Enabling this allows to specify
dynamic templates via message header. However this can be seen as a potential
security vulnerability if the h [...]
"contentCache": { "kind": "parameter", "displayName": "Content Cache",
"group": "producer", "label": "", "required": false, "type": "boolean",
"javaType": "boolean", "deprecated": false, "secret": false, "defaultValue":
"false", "description": "Sets whether to use resource content cache or not" },
"encoding": { "kind": "parameter", "displayName": "Encoding", "group":
"producer", "label": "", "required": false, "type": "string", "javaType":
"java.lang.String", "deprecated": false, "secret": false, "description":
"Character encoding of the resource content." },
diff --git a/components/camel-mvel/src/main/docs/mvel-component.adoc
b/components/camel-mvel/src/main/docs/mvel-component.adoc
index f1258aa..4b9aa5d 100644
--- a/components/camel-mvel/src/main/docs/mvel-component.adoc
+++ b/components/camel-mvel/src/main/docs/mvel-component.adoc
@@ -46,13 +46,14 @@ You can append query options to the URI in the following
format,
// component options: START
-The MVEL component supports 3 options, which are listed below.
+The MVEL component supports 4 options, which are listed below.
[width="100%",cols="2,5,^1,2",options="header"]
|===
| Name | Description | Default | Type
+| *allowContextMapAll* (producer) | Sets whether the context map should allow
access to all details. By default only the message body and headers can be
accessed. This option can be enabled for full access to the current Exchange
and CamelContext. Doing so impose a potential security risk as this opens
access to the full power of CamelContext API. | false | boolean
| *allowTemplateFromHeader* (producer) | Whether to allow to use resource
template from header or not (default false). Enabling this allows to specify
dynamic templates via message header. However this can be seen as a potential
security vulnerability if the header is coming from a malicious user, so use
this with care. | false | boolean
| *lazyStartProducer* (producer) | Whether the producer should be started lazy
(on the first message). By starting lazy you can use this to allow CamelContext
and routes to startup in situations where a producer may otherwise fail during
starting and cause the route to fail being started. By deferring this startup
to be lazy then the startup failure can be handled during routing messages via
Camel's routing error handlers. Beware that when the first message is processed
then creating and [...]
| *basicPropertyBinding* (advanced) | Whether the component should use basic
property binding (Camel 2.x) or the newer property binding with additional
capabilities | false | boolean
@@ -81,12 +82,13 @@ with the following path and query parameters:
|===
-=== Query Parameters (6 parameters):
+=== Query Parameters (7 parameters):
[width="100%",cols="2,5,^1,2",options="header"]
|===
| Name | Description | Default | Type
+| *allowContextMapAll* (producer) | Sets whether the context map should allow
access to all details. By default only the message body and headers can be
accessed. This option can be enabled for full access to the current Exchange
and CamelContext. Doing so impose a potential security risk as this opens
access to the full power of CamelContext API. | false | boolean
| *allowTemplateFromHeader* (producer) | Whether to allow to use resource
template from header or not (default false). Enabling this allows to specify
dynamic templates via message header. However this can be seen as a potential
security vulnerability if the header is coming from a malicious user, so use
this with care. | false | boolean
| *contentCache* (producer) | Sets whether to use resource content cache or
not | false | boolean
| *encoding* (producer) | Character encoding of the resource content. | |
String
diff --git
a/components/camel-mvel/src/main/java/org/apache/camel/component/mvel/MvelComponent.java
b/components/camel-mvel/src/main/java/org/apache/camel/component/mvel/MvelComponent.java
index d82e16b..a4fe912 100644
---
a/components/camel-mvel/src/main/java/org/apache/camel/component/mvel/MvelComponent.java
+++
b/components/camel-mvel/src/main/java/org/apache/camel/component/mvel/MvelComponent.java
@@ -33,6 +33,8 @@ public class MvelComponent extends DefaultComponent {
@Metadata(defaultValue = "false")
private boolean allowTemplateFromHeader;
+ @Metadata(defaultValue = "false")
+ private boolean allowContextMapAll;
public MvelComponent() {
}
@@ -44,6 +46,7 @@ public class MvelComponent extends DefaultComponent {
MvelEndpoint answer = new MvelEndpoint(uri, this, remaining);
answer.setContentCache(cache);
answer.setAllowTemplateFromHeader(allowTemplateFromHeader);
+ answer.setAllowContextMapAll(allowContextMapAll);
setProperties(answer, parameters);
@@ -70,4 +73,18 @@ public class MvelComponent extends DefaultComponent {
this.allowTemplateFromHeader = allowTemplateFromHeader;
}
+ public boolean isAllowContextMapAll() {
+ return allowContextMapAll;
+ }
+
+ /**
+ * Sets whether the context map should allow access to all details.
+ * By default only the message body and headers can be accessed.
+ * This option can be enabled for full access to the current Exchange and
CamelContext.
+ * Doing so impose a potential security risk as this opens access to the
full power of CamelContext API.
+ */
+ public void setAllowContextMapAll(boolean allowContextMapAll) {
+ this.allowContextMapAll = allowContextMapAll;
+ }
+
}
diff --git
a/components/camel-mvel/src/main/java/org/apache/camel/component/mvel/MvelEndpoint.java
b/components/camel-mvel/src/main/java/org/apache/camel/component/mvel/MvelEndpoint.java
index ee330c8..f52e3ac 100644
---
a/components/camel-mvel/src/main/java/org/apache/camel/component/mvel/MvelEndpoint.java
+++
b/components/camel-mvel/src/main/java/org/apache/camel/component/mvel/MvelEndpoint.java
@@ -106,7 +106,7 @@ public class MvelEndpoint extends ResourceEndpoint {
CompiledTemplate compiled;
ParserContext mvelContext = ParserContext.create();
- Map<String, Object> variableMap =
ExchangeHelper.createVariableMap(exchange);
+ Map<String, Object> variableMap =
ExchangeHelper.createVariableMap(exchange, isAllowContextMapAll());
String content = null;
if (allowTemplateFromHeader) {
diff --git
a/components/camel-mvel/src/test/java/org/apache/camel/language/mvel/MvelComponentTest.java
b/components/camel-mvel/src/test/java/org/apache/camel/language/mvel/MvelComponentTest.java
index da75b9d..05c693b 100644
---
a/components/camel-mvel/src/test/java/org/apache/camel/language/mvel/MvelComponentTest.java
+++
b/components/camel-mvel/src/test/java/org/apache/camel/language/mvel/MvelComponentTest.java
@@ -74,7 +74,7 @@ public class MvelComponentTest extends CamelTestSupport {
to("mvel:template.mvel");
from("direct:b").
- to("mvel:template.mvel?allowTemplateFromHeader=true");
+
to("mvel:template.mvel?allowTemplateFromHeader=true&allowContextMapAll=true");
// END SNIPPET: example
}
};
diff --git a/components/camel-mvel/src/test/resources/template.mvel
b/components/camel-mvel/src/test/resources/template.mvel
index 84be224..368dda6 100644
--- a/components/camel-mvel/src/test/resources/template.mvel
+++ b/components/camel-mvel/src/test/resources/template.mvel
@@ -1 +1 @@
-{ "text": "@{"The result is " + request.body * 2}" }
\ No newline at end of file
+{ "text": "@{"The result is " + body * 2}" }
\ No newline at end of file
diff --git a/components/camel-mvel/src/test/resources/template2.mvel
b/components/camel-mvel/src/test/resources/template2.mvel
index fd89eeb..2e86ad5 100644
--- a/components/camel-mvel/src/test/resources/template2.mvel
+++ b/components/camel-mvel/src/test/resources/template2.mvel
@@ -1 +1 @@
-{ "text": "@{"The result is " + request.body * 4}" }
\ No newline at end of file
+{ "text": "@{"The result is " + body * 4}" }
\ No newline at end of file
diff --git
a/core/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/MvelComponentBuilderFactory.java
b/core/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/MvelComponentBuilderFactory.java
index aaab22e..feddeb0 100644
---
a/core/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/MvelComponentBuilderFactory.java
+++
b/core/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/MvelComponentBuilderFactory.java
@@ -47,6 +47,23 @@ public interface MvelComponentBuilderFactory {
*/
interface MvelComponentBuilder extends ComponentBuilder<MvelComponent> {
/**
+ * Sets whether the context map should allow access to all details. By
+ * default only the message body and headers can be accessed. This
+ * option can be enabled for full access to the current Exchange and
+ * CamelContext. Doing so impose a potential security risk as this
opens
+ * access to the full power of CamelContext API.
+ *
+ * The option is a: <code>boolean</code> type.
+ *
+ * Default: false
+ * Group: producer
+ */
+ default MvelComponentBuilder allowContextMapAll(
+ boolean allowContextMapAll) {
+ doSetProperty("allowContextMapAll", allowContextMapAll);
+ return this;
+ }
+ /**
* Whether to allow to use resource template from header or not
(default
* false). Enabling this allows to specify dynamic templates via
message
* header. However this can be seen as a potential security
@@ -114,6 +131,7 @@ public interface MvelComponentBuilderFactory {
String name,
Object value) {
switch (name) {
+ case "allowContextMapAll": ((MvelComponent)
component).setAllowContextMapAll((boolean) value); return true;
case "allowTemplateFromHeader": ((MvelComponent)
component).setAllowTemplateFromHeader((boolean) value); return true;
case "lazyStartProducer": ((MvelComponent)
component).setLazyStartProducer((boolean) value); return true;
case "basicPropertyBinding": ((MvelComponent)
component).setBasicPropertyBinding((boolean) value); return true;
diff --git
a/core/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/MvelEndpointBuilderFactory.java
b/core/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/MvelEndpointBuilderFactory.java
index 6440e23..ce98d3d 100644
---
a/core/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/MvelEndpointBuilderFactory.java
+++
b/core/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/MvelEndpointBuilderFactory.java
@@ -38,6 +38,39 @@ public interface MvelEndpointBuilderFactory {
return (AdvancedMvelEndpointBuilder) this;
}
/**
+ * Sets whether the context map should allow access to all details. By
+ * default only the message body and headers can be accessed. This
+ * option can be enabled for full access to the current Exchange and
+ * CamelContext. Doing so impose a potential security risk as this
opens
+ * access to the full power of CamelContext API.
+ *
+ * The option is a: <code>boolean</code> type.
+ *
+ * Default: false
+ * Group: producer
+ */
+ default MvelEndpointBuilder allowContextMapAll(
+ boolean allowContextMapAll) {
+ doSetProperty("allowContextMapAll", allowContextMapAll);
+ return this;
+ }
+ /**
+ * Sets whether the context map should allow access to all details. By
+ * default only the message body and headers can be accessed. This
+ * option can be enabled for full access to the current Exchange and
+ * CamelContext. Doing so impose a potential security risk as this
opens
+ * access to the full power of CamelContext API.
+ *
+ * The option will be converted to a <code>boolean</code> type.
+ *
+ * Default: false
+ * Group: producer
+ */
+ default MvelEndpointBuilder allowContextMapAll(String
allowContextMapAll) {
+ doSetProperty("allowContextMapAll", allowContextMapAll);
+ return this;
+ }
+ /**
* Whether to allow to use resource template from header or not
(default
* false). Enabling this allows to specify dynamic templates via
message
* header. However this can be seen as a potential security
