This is an automated email from the ASF dual-hosted git repository.
davsclaus pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/main by this push:
new 2dfbc4e363e Some code scanning alerts in camel-servlet:
https://github.com/apache/camel/security/code-scanning/5627
2dfbc4e363e is described below
commit 2dfbc4e363ed3330e1798bb43722e278f0c96329
Author: Claus Ibsen <[email protected]>
AuthorDate: Thu Feb 22 09:40:03 2024 +0100
Some code scanning alerts in camel-servlet:
https://github.com/apache/camel/security/code-scanning/5627
---
.../org/apache/camel/http/common/CamelServlet.java | 64 +++++++++-------------
.../component/jetty/CamelContinuationServlet.java | 34 ++++--------
2 files changed, 36 insertions(+), 62 deletions(-)
diff --git
a/components/camel-http-common/src/main/java/org/apache/camel/http/common/CamelServlet.java
b/components/camel-http-common/src/main/java/org/apache/camel/http/common/CamelServlet.java
index 25e68e105c8..3f29f2b2c20 100644
---
a/components/camel-http-common/src/main/java/org/apache/camel/http/common/CamelServlet.java
+++
b/components/camel-http-common/src/main/java/org/apache/camel/http/common/CamelServlet.java
@@ -98,17 +98,13 @@ public class CamelServlet extends HttpServlet implements
HttpRegistryProvider {
} catch (Exception e) {
// do not leak exception back to caller
log.warn("Error handling request due to: {}", e.getMessage(), e);
- try {
- if (!response.isCommitted()) {
-
response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
- }
- } catch (Exception e1) {
- // ignore
+ if (!response.isCommitted()) {
+ sendError(response,
HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
}
}
}
- protected void handleService(HttpServletRequest req, HttpServletResponse
resp) throws ServletException, IOException {
+ protected void handleService(HttpServletRequest req, HttpServletResponse
resp) throws Exception {
if (isAsync()) {
if (executorRef != null) {
HttpConsumer consumer = doResolve(req, resp); // can be done
sync
@@ -152,11 +148,7 @@ public class CamelServlet extends HttpServlet implements
HttpRegistryProvider {
private void onError(HttpServletResponse resp, Exception e) {
//An error shouldn't occur as we should handle most error in doService
log.error("Error processing request", e);
- try {
- resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
- } catch (Exception e1) {
- log.debug("Cannot send reply to client!", e1);
- }
+ sendError(resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
//Need to wrap it in RuntimeException as it occurs in a Runnable
throw new RuntimeCamelException(e);
}
@@ -223,7 +215,7 @@ public class CamelServlet extends HttpServlet implements
HttpRegistryProvider {
* @param request the {@link HttpServletRequest}
* @param response the {@link HttpServletResponse}
*/
- protected void doService(HttpServletRequest request, HttpServletResponse
response) throws ServletException, IOException {
+ protected void doService(HttpServletRequest request, HttpServletResponse
response) throws Exception {
log.trace("Service: {}", request);
HttpConsumer consumer = doResolve(request, response);
if (consumer != null) {
@@ -232,11 +224,11 @@ public class CamelServlet extends HttpServlet implements
HttpRegistryProvider {
}
private CompletionStage<?> doExecute(HttpServletRequest req,
HttpServletResponse res, HttpConsumer consumer)
- throws IOException, ServletException {
+ throws Exception {
// are we suspended?
if (consumer.isSuspended()) {
log.debug("Consumer suspended, cannot service request {}", req);
- res.sendError(HttpServletResponse.SC_SERVICE_UNAVAILABLE);
+ sendError(res, HttpServletResponse.SC_SERVICE_UNAVAILABLE);
return null;
}
@@ -262,12 +254,12 @@ public class CamelServlet extends HttpServlet implements
HttpRegistryProvider {
if (consumer.getEndpoint().getHttpMethodRestrict() != null
&&
!consumer.getEndpoint().getHttpMethodRestrict().contains(req.getMethod())) {
- res.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
+ sendError(res, HttpServletResponse.SC_METHOD_NOT_ALLOWED);
return null;
}
if ("TRACE".equals(req.getMethod()) && !consumer.isTraceEnabled()) {
- res.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
+ sendError(res, HttpServletResponse.SC_METHOD_NOT_ALLOWED);
return null;
}
@@ -301,12 +293,7 @@ public class CamelServlet extends HttpServlet implements
HttpRegistryProvider {
}
// we want to handle the UoW
- try {
- consumer.createUoW(exchange);
- } catch (Exception e) {
- log.error("Error processing request", e);
- throw new ServletException(e);
- }
+ consumer.createUoW(exchange);
boolean isAsync = false;
CompletionStage<?> result = null;
@@ -326,7 +313,7 @@ public class CamelServlet extends HttpServlet implements
HttpRegistryProvider {
} else {
try {
afterProcess(res, consumer, exchange,
false);
- } catch (final IOException | ServletException
e) {
+ } catch (Exception e) {
exchange.setException(e);
}
}
@@ -351,7 +338,7 @@ public class CamelServlet extends HttpServlet implements
HttpRegistryProvider {
protected void afterProcess(
HttpServletResponse res, HttpConsumer consumer, Exchange exchange,
boolean rethrow)
- throws IOException, ServletException {
+ throws Exception {
try {
// now lets output to the res
if (log.isTraceEnabled()) {
@@ -373,7 +360,7 @@ public class CamelServlet extends HttpServlet implements
HttpRegistryProvider {
} catch (Exception e) {
log.error("Error processing request", e);
if (rethrow) {
- throw new ServletException(e);
+ throw new RuntimeCamelException(e);
} else {
exchange.setException(e);
}
@@ -383,9 +370,9 @@ public class CamelServlet extends HttpServlet implements
HttpRegistryProvider {
}
}
- private HttpConsumer doResolve(HttpServletRequest request,
HttpServletResponse response) throws IOException {
+ private HttpConsumer doResolve(HttpServletRequest request,
HttpServletResponse response) throws Exception {
// Is there a consumer registered for the request.
- HttpConsumer consumer = resolve(request);
+ HttpConsumer consumer =
getServletResolveConsumerStrategy().resolve(request, getConsumers());
if (consumer == null) {
// okay we cannot process this requires so return either 404 or
405.
// to know if its 405 then we need to check if any other HTTP
method would have a consumer for the "same" request
@@ -393,26 +380,17 @@ public class CamelServlet extends HttpServlet implements
HttpRegistryProvider {
.anyMatch(m ->
getServletResolveConsumerStrategy().isHttpMethodAllowed(request, m,
getConsumers()));
if (hasAnyMethod) {
log.debug("No consumer to service request {} as method {} is
not allowed", request, request.getMethod());
- response.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
+ sendError(response, HttpServletResponse.SC_METHOD_NOT_ALLOWED);
return null;
} else {
log.debug("No consumer to service request {} as resource is
not found", request);
- response.sendError(HttpServletResponse.SC_NOT_FOUND);
+ sendError(response, HttpServletResponse.SC_NOT_FOUND);
return null;
}
}
return consumer;
}
- /**
- * @deprecated use
- * {@link
ServletResolveConsumerStrategy#resolve(jakarta.servlet.http.HttpServletRequest,
java.util.Map)}
- */
- @Deprecated
- protected HttpConsumer resolve(HttpServletRequest request) {
- return getServletResolveConsumerStrategy().resolve(request,
getConsumers());
- }
-
@Override
public void connect(HttpConsumer consumer) {
log.debug("Connecting consumer: {}", consumer);
@@ -460,6 +438,14 @@ public class CamelServlet extends HttpServlet implements
HttpRegistryProvider {
return Collections.unmodifiableMap(consumers);
}
+ protected static void sendError(HttpServletResponse res, int code) {
+ try {
+ res.sendError(code);
+ } catch (IOException e) {
+ // ignore
+ }
+ }
+
/**
* Override the Thread Context ClassLoader if need be.
*
diff --git
a/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/CamelContinuationServlet.java
b/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/CamelContinuationServlet.java
index d35fe80fd84..9a0020b661b 100644
---
a/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/CamelContinuationServlet.java
+++
b/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/CamelContinuationServlet.java
@@ -26,11 +26,11 @@ import jakarta.servlet.AsyncContext;
import jakarta.servlet.AsyncEvent;
import jakarta.servlet.AsyncListener;
import jakarta.servlet.DispatcherType;
-import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import org.apache.camel.AsyncCallback;
+import org.apache.camel.CamelException;
import org.apache.camel.Exchange;
import org.apache.camel.ExchangePattern;
import org.apache.camel.Message;
@@ -68,18 +68,12 @@ public class CamelContinuationServlet extends CamelServlet {
} catch (Exception e) {
// do not leak exception back to caller
log.warn("Error handling request due to: {}", e.getMessage(), e);
- try {
- if (!response.isCommitted()) {
-
response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
- }
- } catch (Exception e1) {
- // ignore
- }
+ sendError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
}
}
protected void handleDoService(final HttpServletRequest request, final
HttpServletResponse response)
- throws ServletException, IOException {
+ throws Exception {
// is there a consumer registered for the request.
HttpConsumer consumer =
getServletResolveConsumerStrategy().resolve(request, getConsumers());
@@ -90,11 +84,11 @@ public class CamelContinuationServlet extends CamelServlet {
.anyMatch(m ->
getServletResolveConsumerStrategy().isHttpMethodAllowed(request, m,
getConsumers()));
if (hasAnyMethod) {
log.debug("No consumer to service request {} as method {} is
not allowed", request, request.getMethod());
- response.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
+ sendError(response, HttpServletResponse.SC_METHOD_NOT_ALLOWED);
return;
} else {
log.debug("No consumer to service request {} as resource is
not found", request);
- response.sendError(HttpServletResponse.SC_NOT_FOUND);
+ sendError(response, HttpServletResponse.SC_NOT_FOUND);
return;
}
}
@@ -159,13 +153,13 @@ public class CamelContinuationServlet extends
CamelServlet {
}
}
if (!match) {
- response.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
+ sendError(response, HttpServletResponse.SC_METHOD_NOT_ALLOWED);
return;
}
}
if ("TRACE".equals(request.getMethod()) && !consumer.isTraceEnabled())
{
- response.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
+ sendError(response, HttpServletResponse.SC_METHOD_NOT_ALLOWED);
return;
}
@@ -173,7 +167,7 @@ public class CamelContinuationServlet extends CamelServlet {
String contentType = request.getContentType();
if
(HttpConstants.CONTENT_TYPE_JAVA_SERIALIZED_OBJECT.equals(contentType)
&&
!consumer.getEndpoint().getComponent().isAllowJavaSerializedObject()) {
- response.sendError(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE);
+ sendError(response, HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE);
return;
}
@@ -189,7 +183,7 @@ public class CamelContinuationServlet extends CamelServlet {
// are we suspended and a request is dispatched initially?
if (consumer.isSuspended() && isInitial(request)) {
- response.sendError(HttpServletResponse.SC_SERVICE_UNAVAILABLE);
+ sendError(response,
HttpServletResponse.SC_SERVICE_UNAVAILABLE);
return;
}
@@ -230,12 +224,7 @@ public class CamelContinuationServlet extends CamelServlet
{
// we want to handle the UoW
UnitOfWork uow = exchange.getUnitOfWork();
if (uow == null) {
- try {
- consumer.createUoW(exchange);
- } catch (Exception e) {
- log.error("Error processing request", e);
- throw new ServletException(e);
- }
+ consumer.createUoW(exchange);
} else if (uow.onPrepare(exchange)) {
// need to re-attach uow
exchange.getExchangeExtension().setUnitOfWork(uow);
@@ -247,7 +236,6 @@ public class CamelContinuationServlet extends CamelServlet {
log.trace("Processing request for exchangeId: {}",
exchange.getExchangeId());
}
// use the asynchronous API to process the exchange
-
consumer.getAsyncProcessor().process(exchange, new AsyncCallback()
{
public void done(boolean doneSync) {
// check if the exchange id is already expired
@@ -291,7 +279,7 @@ public class CamelContinuationServlet extends CamelServlet {
throw e;
} catch (Exception e) {
log.error("Error processing request", e);
- throw new ServletException(e);
+ throw new CamelException(e);
} finally {
consumer.doneUoW(result);
consumer.releaseExchange(result, false);
