This is an automated email from the ASF dual-hosted git repository.
davsclaus pushed a commit to branch camel-2.25.x
in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/camel-2.25.x by this push:
new f21cbd7 CAMEL-15050: Templating components - Variable map to be
limited to body/headers
f21cbd7 is described below
commit f21cbd71a98c6098f1ea954e48e981331f7fcc18
Author: Claus Ibsen <claus.ib...@gmail.com>
AuthorDate: Tue May 12 10:20:45 2020 +0200
CAMEL-15050: Templating components - Variable map to be limited to
body/headers
---
.../src/main/docs/freemarker-component.adoc | 6 ++++--
.../camel/component/freemarker/FreemarkerComponent.java | 17 +++++++++++++++++
.../camel/component/freemarker/FreemarkerEndpoint.java | 2 +-
.../component/freemarker/FreemarkerEndpointTest.java | 1 +
.../component/freemarker/FreemarkerSetHeaderTest.java | 2 +-
.../camel/component/freemarker/FreemarkerTest.java | 2 +-
.../freemarker/FreemarkerValuesInPropertiesTest.java | 1 +
.../apache/camel/component/freemarker/camel-context.xml | 4 ++--
.../springboot/FreemarkerComponentConfiguration.java | 16 ++++++++++++++++
9 files changed, 44 insertions(+), 7 deletions(-)
diff --git
a/components/camel-freemarker/src/main/docs/freemarker-component.adoc
b/components/camel-freemarker/src/main/docs/freemarker-component.adoc
index 90d6443..01d7ce8 100644
--- a/components/camel-freemarker/src/main/docs/freemarker-component.adoc
+++ b/components/camel-freemarker/src/main/docs/freemarker-component.adoc
@@ -41,7 +41,7 @@ You can append query options to the URI in the following
format,
// component options: START
-The Freemarker component supports 3 options, which are listed below.
+The Freemarker component supports 4 options, which are listed below.
@@ -50,6 +50,7 @@ The Freemarker component supports 3 options, which are listed
below.
| Name | Description | Default | Type
| *configuration* (advanced) | To use an existing
freemarker.template.Configuration instance as the configuration. | |
Configuration
| *allowTemplateFrom Header* (producer) | Whether to allow to use resource
template from header or not (default false). Enabling this allows to specify
dynamic templates via message header. However this can be seen as a potential
security vulnerability if the header is coming from a malicious user, so use
this with care. | false | boolean
+| *allowContextMapAll* (producer) | Sets whether the context map should allow
access to all details. By default only the message body and headers can be
accessed. This option can be enabled for full access to the current Exchange
and CamelContext. Doing so impose a potential security risk as this opens
access to the full power of CamelContext API. | false | boolean
| *resolveProperty Placeholders* (advanced) | Whether the component should
resolve property placeholders on itself when starting. Only properties which
are of String type can use property placeholders. | true | boolean
|===
// component options: END
@@ -77,12 +78,13 @@ with the following path and query parameters:
|===
-=== Query Parameters (6 parameters):
+=== Query Parameters (7 parameters):
[width="100%",cols="2,5,^1,2",options="header"]
|===
| Name | Description | Default | Type
+| *allowContextMapAll* (producer) | Sets whether the context map should allow
access to all details. By default only the message body and headers can be
accessed. This option can be enabled for full access to the current Exchange
and CamelContext. Doing so impose a potential security risk as this opens
access to the full power of CamelContext API. | false | boolean
| *allowTemplateFromHeader* (producer) | Whether to allow to use resource
template from header or not (default false). Enabling this allows to specify
dynamic templates via message header. However this can be seen as a potential
security vulnerability if the header is coming from a malicious user, so use
this with care. | false | boolean
| *configuration* (producer) | Sets the Freemarker configuration to use | |
Configuration
| *contentCache* (producer) | Sets whether to use resource content cache or
not | false | boolean
diff --git
a/components/camel-freemarker/src/main/java/org/apache/camel/component/freemarker/FreemarkerComponent.java
b/components/camel-freemarker/src/main/java/org/apache/camel/component/freemarker/FreemarkerComponent.java
index 2ef2749..40f0f17 100644
---
a/components/camel-freemarker/src/main/java/org/apache/camel/component/freemarker/FreemarkerComponent.java
+++
b/components/camel-freemarker/src/main/java/org/apache/camel/component/freemarker/FreemarkerComponent.java
@@ -35,6 +35,8 @@ public class FreemarkerComponent extends UriEndpointComponent
{
@Metadata(defaultValue = "false")
private boolean allowTemplateFromHeader;
+ @Metadata(defaultValue = "false")
+ private boolean allowContextMapAll;
@Metadata(label = "advanced")
private Configuration configuration;
private Configuration noCacheConfiguration;
@@ -63,6 +65,7 @@ public class FreemarkerComponent extends UriEndpointComponent
{
endpoint.setEncoding(encoding);
}
endpoint.setAllowTemplateFromHeader(allowTemplateFromHeader);
+ endpoint.setAllowContextMapAll(allowContextMapAll);
endpoint.setContentCache(cache);
endpoint.setConfiguration(config);
endpoint.setTemplateUpdateDelay(templateUpdateDelay);
@@ -118,6 +121,20 @@ public class FreemarkerComponent extends
UriEndpointComponent {
this.allowTemplateFromHeader = allowTemplateFromHeader;
}
+ public boolean isAllowContextMapAll() {
+ return allowContextMapAll;
+ }
+
+ /**
+ * Sets whether the context map should allow access to all details.
+ * By default only the message body and headers can be accessed.
+ * This option can be enabled for full access to the current Exchange and
CamelContext.
+ * Doing so impose a potential security risk as this opens access to the
full power of CamelContext API.
+ */
+ public void setAllowContextMapAll(boolean allowContextMapAll) {
+ this.allowContextMapAll = allowContextMapAll;
+ }
+
private synchronized Configuration getNoCacheConfiguration() {
if (noCacheConfiguration == null) {
// create a clone of the regular configuration
diff --git
a/components/camel-freemarker/src/main/java/org/apache/camel/component/freemarker/FreemarkerEndpoint.java
b/components/camel-freemarker/src/main/java/org/apache/camel/component/freemarker/FreemarkerEndpoint.java
index ddbd271..1434e03 100644
---
a/components/camel-freemarker/src/main/java/org/apache/camel/component/freemarker/FreemarkerEndpoint.java
+++
b/components/camel-freemarker/src/main/java/org/apache/camel/component/freemarker/FreemarkerEndpoint.java
@@ -162,7 +162,7 @@ public class FreemarkerEndpoint extends ResourceEndpoint {
dataModel =
exchange.getIn().getHeader(FreemarkerConstants.FREEMARKER_DATA_MODEL,
Object.class);
}
if (dataModel == null) {
- dataModel = ExchangeHelper.createVariableMap(exchange);
+ dataModel = ExchangeHelper.createVariableMap(exchange,
isAllowContextMapAll());
}
// let freemarker parse and generate the result in buffer
Template template;
diff --git
a/components/camel-freemarker/src/test/java/org/apache/camel/component/freemarker/FreemarkerEndpointTest.java
b/components/camel-freemarker/src/test/java/org/apache/camel/component/freemarker/FreemarkerEndpointTest.java
index f4de5d7..85e9966 100644
---
a/components/camel-freemarker/src/test/java/org/apache/camel/component/freemarker/FreemarkerEndpointTest.java
+++
b/components/camel-freemarker/src/test/java/org/apache/camel/component/freemarker/FreemarkerEndpointTest.java
@@ -32,6 +32,7 @@ public class FreemarkerEndpointTest extends FreemarkerTest {
FreemarkerEndpoint endpoint = new FreemarkerEndpoint();
endpoint.setCamelContext(context);
endpoint.setAllowTemplateFromHeader(true);
+ endpoint.setAllowContextMapAll(true);
endpoint.setResourceUri("org/apache/camel/component/freemarker/example.ftl");
Configuration configuraiton = new Configuration();
diff --git
a/components/camel-freemarker/src/test/java/org/apache/camel/component/freemarker/FreemarkerSetHeaderTest.java
b/components/camel-freemarker/src/test/java/org/apache/camel/component/freemarker/FreemarkerSetHeaderTest.java
index c565424..98ba37f 100644
---
a/components/camel-freemarker/src/test/java/org/apache/camel/component/freemarker/FreemarkerSetHeaderTest.java
+++
b/components/camel-freemarker/src/test/java/org/apache/camel/component/freemarker/FreemarkerSetHeaderTest.java
@@ -41,7 +41,7 @@ public class FreemarkerSetHeaderTest extends
CamelSpringTestSupport {
assertRespondsWith("orange", "I am an orange");
}
- protected void assertRespondsWith(final String value, String expectedBody)
throws InvalidPayloadException, InterruptedException {
+ protected void assertRespondsWith(final String value, String expectedBody)
throws Exception {
MockEndpoint mock = getMockEndpoint("mock:result");
mock.expectedMessageCount(1);
//mock.expectedHeaderReceived("fruit", value);
diff --git
a/components/camel-freemarker/src/test/java/org/apache/camel/component/freemarker/FreemarkerTest.java
b/components/camel-freemarker/src/test/java/org/apache/camel/component/freemarker/FreemarkerTest.java
index 5d06fd5..cb54de8 100644
---
a/components/camel-freemarker/src/test/java/org/apache/camel/component/freemarker/FreemarkerTest.java
+++
b/components/camel-freemarker/src/test/java/org/apache/camel/component/freemarker/FreemarkerTest.java
@@ -78,7 +78,7 @@ public class FreemarkerTest extends CamelTestSupport {
public void configure() {
// START SNIPPET: example
from("direct:a").
-
to("freemarker:org/apache/camel/component/freemarker/example.ftl?allowTemplateFromHeader=true");
+
to("freemarker:org/apache/camel/component/freemarker/example.ftl?allowTemplateFromHeader=true&allowContextMapAll=true");
// END SNIPPET: example
}
};
diff --git
a/components/camel-freemarker/src/test/java/org/apache/camel/component/freemarker/FreemarkerValuesInPropertiesTest.java
b/components/camel-freemarker/src/test/java/org/apache/camel/component/freemarker/FreemarkerValuesInPropertiesTest.java
index a755a5a..6ffd17c 100644
---
a/components/camel-freemarker/src/test/java/org/apache/camel/component/freemarker/FreemarkerValuesInPropertiesTest.java
+++
b/components/camel-freemarker/src/test/java/org/apache/camel/component/freemarker/FreemarkerValuesInPropertiesTest.java
@@ -50,6 +50,7 @@ public class FreemarkerValuesInPropertiesTest extends
CamelTestSupport {
public void configure() throws Exception {
FreemarkerComponent fc = context.getComponent("freemarker",
FreemarkerComponent.class);
fc.setAllowTemplateFromHeader(true);
+ fc.setAllowContextMapAll(true);
from("direct:a")
.to("freemarker:dummy")
diff --git
a/components/camel-freemarker/src/test/resources/org/apache/camel/component/freemarker/camel-context.xml
b/components/camel-freemarker/src/test/resources/org/apache/camel/component/freemarker/camel-context.xml
index 0295d16..817cb86 100644
---
a/components/camel-freemarker/src/test/resources/org/apache/camel/component/freemarker/camel-context.xml
+++
b/components/camel-freemarker/src/test/resources/org/apache/camel/component/freemarker/camel-context.xml
@@ -28,12 +28,12 @@
<from uri="direct:start"/>
<filter>
<method bean="fruitFilter" method="isApple"/>
- <to
uri="freemarker:org/apache/camel/component/freemarker/AppleTemplate.ftl" />
+ <to
uri="freemarker:org/apache/camel/component/freemarker/AppleTemplate.ftl?allowContextMapAll=true"
/>
<to uri="mock:result" />
</filter>
<filter>
<method bean="fruitFilter" method="isOrange"/>
- <to
uri="freemarker:org/apache/camel/component/freemarker/OrangeTemplate.ftl" />
+ <to
uri="freemarker:org/apache/camel/component/freemarker/OrangeTemplate.ftl?allowContextMapAll=true"
/>
<to uri="mock:result" />
</filter>
</route>
diff --git
a/platforms/spring-boot/components-starter/camel-freemarker-starter/src/main/java/org/apache/camel/component/freemarker/springboot/FreemarkerComponentConfiguration.java
b/platforms/spring-boot/components-starter/camel-freemarker-starter/src/main/java/org/apache/camel/component/freemarker/springboot/FreemarkerComponentConfiguration.java
index d73ee6c..32c45ce 100644
---
a/platforms/spring-boot/components-starter/camel-freemarker-starter/src/main/java/org/apache/camel/component/freemarker/springboot/FreemarkerComponentConfiguration.java
+++
b/platforms/spring-boot/components-starter/camel-freemarker-starter/src/main/java/org/apache/camel/component/freemarker/springboot/FreemarkerComponentConfiguration.java
@@ -49,6 +49,14 @@ public class FreemarkerComponentConfiguration
*/
private Boolean allowTemplateFromHeader = false;
/**
+ * Sets whether the context map should allow access to all details. By
+ * default only the message body and headers can be accessed. This option
+ * can be enabled for full access to the current Exchange and CamelContext.
+ * Doing so impose a potential security risk as this opens access to the
+ * full power of CamelContext API.
+ */
+ private Boolean allowContextMapAll = false;
+ /**
* Whether the component should resolve property placeholders on itself
when
* starting. Only properties which are of String type can use property
* placeholders.
@@ -71,6 +79,14 @@ public class FreemarkerComponentConfiguration
this.allowTemplateFromHeader = allowTemplateFromHeader;
}
+ public Boolean getAllowContextMapAll() {
+ return allowContextMapAll;
+ }
+
+ public void setAllowContextMapAll(Boolean allowContextMapAll) {
+ this.allowContextMapAll = allowContextMapAll;
+ }
+
public Boolean getResolvePropertyPlaceholders() {
return resolvePropertyPlaceholders;
}
