This is an automated email from the ASF dual-hosted git repository.
davsclaus pushed a commit to branch camel-2.25.x
in repository https://gitbox.apache.org/repos/asf/camel.git
commit f20a5e96c5238b2666c12258d88efa3e98254ef5
Author: Claus Ibsen <claus.ib...@gmail.com>
AuthorDate: Tue May 12 10:11:51 2020 +0200
CAMEL-15050: Templating components - Variable map to be limited to
body/headers
---
.../apache/camel/component/ResourceEndpoint.java | 20 ++++++++
.../java/org/apache/camel/util/ExchangeHelper.java | 56 +++++++++++++++++-----
.../org/apache/camel/util/ExchangeHelperTest.java | 20 ++++++++
3 files changed, 83 insertions(+), 13 deletions(-)
diff --git
a/camel-core/src/main/java/org/apache/camel/component/ResourceEndpoint.java
b/camel-core/src/main/java/org/apache/camel/component/ResourceEndpoint.java
index 5e973fb..8d876c0 100644
--- a/camel-core/src/main/java/org/apache/camel/component/ResourceEndpoint.java
+++ b/camel-core/src/main/java/org/apache/camel/component/ResourceEndpoint.java
@@ -54,6 +54,11 @@ public abstract class ResourceEndpoint extends
ProcessorEndpoint implements Mana
private String resourceUri;
@UriParam(defaultValue = "false", description = "Sets whether to use
resource content cache or not")
private boolean contentCache;
+ @UriParam(defaultValue = "false", description = "Sets whether the context
map should allow access to all details."
+ + " By default only the message body and headers can be accessed."
+ + " This option can be enabled for full access to the current
Exchange and CamelContext."
+ + " Doing so impose a potential security risk as this opens access
to the full power of CamelContext API.")
+ private boolean allowContextMapAll;
public ResourceEndpoint() {
}
@@ -121,6 +126,21 @@ public abstract class ResourceEndpoint extends
ProcessorEndpoint implements Mana
return buffer == null;
}
+ @ManagedAttribute(description = "Whether the context map is limited to
only include the message body and headers")
+ public boolean isAllowContextMapAll() {
+ return allowContextMapAll;
+ }
+
+ /**
+ * Sets whether the context map should allow access to all details.
+ * By default only the message body and headers can be accessed.
+ * This option can be enabled for full access to the current Exchange and
CamelContext.
+ * Doing so impose a potential security risk as this opens access to the
full power of CamelContext API.
+ */
+ public void setAllowContextMapAll(boolean allowContextMapAll) {
+ this.allowContextMapAll = allowContextMapAll;
+ }
+
@ManagedAttribute(description = "Camel context ID")
public String getCamelId() {
return getCamelContext().getName();
diff --git a/camel-core/src/main/java/org/apache/camel/util/ExchangeHelper.java
b/camel-core/src/main/java/org/apache/camel/util/ExchangeHelper.java
index da3308a..ef67f4c 100644
--- a/camel-core/src/main/java/org/apache/camel/util/ExchangeHelper.java
+++ b/camel-core/src/main/java/org/apache/camel/util/ExchangeHelper.java
@@ -469,9 +469,24 @@ public final class ExchangeHelper {
* @param exchange the exchange to make available
* @return a Map populated with the require variables
*/
+ @Deprecated
public static Map<String, Object> createVariableMap(Exchange exchange) {
Map<String, Object> answer = new HashMap<>();
- populateVariableMap(exchange, answer);
+ populateVariableMap(exchange, answer, true);
+ return answer;
+ }
+
+ /**
+ * Creates a Map of the variables which are made available to a script or
template
+ *
+ * @param exchange the exchange to make available
+ * @param allowContextMapAll whether to allow access to all context map or
not
+ * (prefer to use false due to security reasons
preferred to only allow access to body/headers)
+ * @return a Map populated with the require variables
+ */
+ public static Map<String, Object> createVariableMap(Exchange exchange,
boolean allowContextMapAll) {
+ Map<String, Object> answer = new HashMap<>();
+ populateVariableMap(exchange, answer, allowContextMapAll);
return answer;
}
@@ -481,22 +496,37 @@ public final class ExchangeHelper {
* @param exchange the exchange to make available
* @param map the map to populate
*/
+ @Deprecated
public static void populateVariableMap(Exchange exchange, Map<String,
Object> map) {
- map.put("exchange", exchange);
+ populateVariableMap(exchange, map, true);
+ }
+
+ /**
+ * Populates the Map with the variables which are made available to a
script or template
+ *
+ * @param exchange the exchange to make available
+ * @param map the map to populate
+ * @param allowContextMapAll whether to allow access to all context map or
not
+ * (prefer to use false due to security reasons
preferred to only allow access to body/headers)
+ */
+ public static void populateVariableMap(Exchange exchange, Map<String,
Object> map, boolean allowContextMapAll) {
Message in = exchange.getIn();
- map.put("in", in);
- map.put("request", in);
map.put("headers", in.getHeaders());
map.put("body", in.getBody());
- if (isOutCapable(exchange)) {
- // if we are out capable then set out and response as well
- // however only grab OUT if it exists, otherwise reuse IN
- // this prevents side effects to alter the Exchange if we force
creating an OUT message
- Message msg = exchange.hasOut() ? exchange.getOut() :
exchange.getIn();
- map.put("out", msg);
- map.put("response", msg);
- }
- map.put("camelContext", exchange.getContext());
+ if (allowContextMapAll) {
+ map.put("in", in);
+ map.put("exchange", exchange);
+ map.put("request", in);
+ if (isOutCapable(exchange)) {
+ // if we are out capable then set out and response as well
+ // however only grab OUT if it exists, otherwise reuse IN
+ // this prevents side effects to alter the Exchange if we
force creating an OUT message
+ Message msg = exchange.hasOut() ? exchange.getOut() :
exchange.getIn();
+ map.put("out", msg);
+ map.put("response", msg);
+ }
+ map.put("camelContext", exchange.getContext());
+ }
}
/**
diff --git
a/camel-core/src/test/java/org/apache/camel/util/ExchangeHelperTest.java
b/camel-core/src/test/java/org/apache/camel/util/ExchangeHelperTest.java
index 548f424..ffcbf0c 100644
--- a/camel-core/src/test/java/org/apache/camel/util/ExchangeHelperTest.java
+++ b/camel-core/src/test/java/org/apache/camel/util/ExchangeHelperTest.java
@@ -141,6 +141,26 @@ public class ExchangeHelperTest extends ContextTestSupport
{
}
@Test
+ public void testPopulateVariableMapBodyAndHeaderOnly() throws Exception {
+ exchange.setPattern(ExchangePattern.InOut);
+ exchange.getOut().setBody("bar");
+ exchange.getOut().setHeader("quote", "Camel rocks");
+
+ Map<String, Object> map = new HashMap<>();
+ ExchangeHelper.populateVariableMap(exchange, map, false);
+
+ assertEquals(2, map.size());
+ assertNull(map.get("exchange"));
+ assertNull(map.get("in"));
+ assertNull(map.get("request"));
+ assertNull(map.get("out"));
+ assertNull(map.get("response"));
+ assertSame(exchange.getIn().getHeaders(), map.get("headers"));
+ assertSame(exchange.getIn().getBody(), map.get("body"));
+ assertNull(map.get("camelContext"));
+ }
+
+ @Test
public void testCreateVariableMap() throws Exception {
exchange.setPattern(ExchangePattern.InOut);
exchange.getOut().setBody("bar");
