gnodet opened a new pull request, #22269: URL: https://github.com/apache/camel/pull/22269
## Summary Implements security policy enforcement for Camel applications, allowing users to configure how Camel reacts to insecure configuration at startup. ### Key changes: - **Security policy configuration** (`camel.security.*`): Global and per-category policies (`allow`/`warn`/`fail`) for plain-text secrets, insecure SSL, deserialization, and dev features - **New annotations**: `security` and `insecureValue` attributes on `@Metadata`, `@UriParam`, `@UriPath` to categorize security-sensitive options. `secret` attribute deprecated in favor of `security="secret"` - **Security categories**: `secret`, `insecure:ssl`, `insecure:serialization`, `insecure:dev` - **SecurityUtils**: Runtime utility for detecting insecure config values and plain-text secrets (not using `RAW()`, vault, env, or property placeholders) - **SecurityConfigurationProperties**: Per-category policy overrides with property-level allowlist - **50+ components annotated** with security categories (AWS `trustAllCertificates`, JMS `transferException`, Netty `hostnameVerification`, etc.) - **DevConsole fix**: JSON output now masks sensitive values (was only masked in text mode) - **Build tooling extended**: All annotation processors updated to handle new `security`/`insecureValue` fields - **UpdateSensitizeHelper**: Extended to generate `SecurityUtils` from catalog metadata ### Configuration example: ```properties # Global policy (default: warn) camel.security.policy=warn # Per-category overrides camel.security.secretPolicy=fail camel.security.insecureSslPolicy=allow # Allow specific properties camel.security.allowedProperties=camel.component.aws2-s3.trustAllCertificates ``` ## Test plan - [x] Unit tests for `SecurityUtils` (plain-text detection, placeholder patterns) - [x] Integration tests for `MainSecurityPolicyTest` (10 test cases covering warn/fail/allow policies, category overrides, allowlist, RAW/env placeholders) - [x] Existing `MainSSLTest` passes (no regressions) - [x] Full `camel-main` and `camel-util` test suites pass _Claude Code on behalf of Guillaume Nodet_ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
