This is an automated email from the ASF dual-hosted git repository. davsclaus pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/camel.git
commit 9f8c487eb6a598e6e73228b601ea3596dcb0df6c Author: Claus Ibsen <[email protected]> AuthorDate: Tue May 5 17:50:36 2020 +0200 CAMEL-15013: Template components - Add option to turn on|off allow using header with override template --- .../mustache/MustacheComponentConfigurer.java | 5 ++ .../mustache/MustacheEndpointConfigurer.java | 5 ++ .../apache/camel/component/mustache/mustache.json | 2 + .../src/main/docs/mustache-component.adoc | 6 +- .../component/mustache/MustacheComponent.java | 18 ++++++ .../camel/component/mustache/MustacheEndpoint.java | 70 +++++++++++++++------- .../component/mustache/MustacheComponentTest.java | 3 + .../dsl/MustacheComponentBuilderFactory.java | 18 ++++++ .../dsl/MustacheEndpointBuilderFactory.java | 34 +++++++++++ 9 files changed, 136 insertions(+), 25 deletions(-) diff --git a/components/camel-mustache/src/generated/java/org/apache/camel/component/mustache/MustacheComponentConfigurer.java b/components/camel-mustache/src/generated/java/org/apache/camel/component/mustache/MustacheComponentConfigurer.java index 63f06d2..23d71aa 100644 --- a/components/camel-mustache/src/generated/java/org/apache/camel/component/mustache/MustacheComponentConfigurer.java +++ b/components/camel-mustache/src/generated/java/org/apache/camel/component/mustache/MustacheComponentConfigurer.java @@ -19,6 +19,8 @@ public class MustacheComponentConfigurer extends PropertyConfigurerSupport imple public boolean configure(CamelContext camelContext, Object obj, String name, Object value, boolean ignoreCase) { MustacheComponent target = (MustacheComponent) obj; switch (ignoreCase ? name.toLowerCase() : name) { + case "allowtemplatefromheader": + case "allowTemplateFromHeader": target.setAllowTemplateFromHeader(property(camelContext, boolean.class, value)); return true; case "basicpropertybinding": case "basicPropertyBinding": target.setBasicPropertyBinding(property(camelContext, boolean.class, value)); return true; case "lazystartproducer": @@ -32,6 +34,7 @@ public class MustacheComponentConfigurer extends PropertyConfigurerSupport imple @Override public Map<String, Object> getAllOptions(Object target) { Map<String, Object> answer = new CaseInsensitiveMap(); + answer.put("allowTemplateFromHeader", boolean.class); answer.put("basicPropertyBinding", boolean.class); answer.put("lazyStartProducer", boolean.class); answer.put("mustacheFactory", com.github.mustachejava.MustacheFactory.class); @@ -42,6 +45,8 @@ public class MustacheComponentConfigurer extends PropertyConfigurerSupport imple public Object getOptionValue(Object obj, String name, boolean ignoreCase) { MustacheComponent target = (MustacheComponent) obj; switch (ignoreCase ? name.toLowerCase() : name) { + case "allowtemplatefromheader": + case "allowTemplateFromHeader": return target.isAllowTemplateFromHeader(); case "basicpropertybinding": case "basicPropertyBinding": return target.isBasicPropertyBinding(); case "lazystartproducer": diff --git a/components/camel-mustache/src/generated/java/org/apache/camel/component/mustache/MustacheEndpointConfigurer.java b/components/camel-mustache/src/generated/java/org/apache/camel/component/mustache/MustacheEndpointConfigurer.java index 2f03325..08555a5 100644 --- a/components/camel-mustache/src/generated/java/org/apache/camel/component/mustache/MustacheEndpointConfigurer.java +++ b/components/camel-mustache/src/generated/java/org/apache/camel/component/mustache/MustacheEndpointConfigurer.java @@ -19,6 +19,8 @@ public class MustacheEndpointConfigurer extends PropertyConfigurerSupport implem public boolean configure(CamelContext camelContext, Object obj, String name, Object value, boolean ignoreCase) { MustacheEndpoint target = (MustacheEndpoint) obj; switch (ignoreCase ? name.toLowerCase() : name) { + case "allowtemplatefromheader": + case "allowTemplateFromHeader": target.setAllowTemplateFromHeader(property(camelContext, boolean.class, value)); return true; case "basicpropertybinding": case "basicPropertyBinding": target.setBasicPropertyBinding(property(camelContext, boolean.class, value)); return true; case "contentcache": @@ -38,6 +40,7 @@ public class MustacheEndpointConfigurer extends PropertyConfigurerSupport implem @Override public Map<String, Object> getAllOptions(Object target) { Map<String, Object> answer = new CaseInsensitiveMap(); + answer.put("allowTemplateFromHeader", boolean.class); answer.put("basicPropertyBinding", boolean.class); answer.put("contentCache", boolean.class); answer.put("encoding", java.lang.String.class); @@ -52,6 +55,8 @@ public class MustacheEndpointConfigurer extends PropertyConfigurerSupport implem public Object getOptionValue(Object obj, String name, boolean ignoreCase) { MustacheEndpoint target = (MustacheEndpoint) obj; switch (ignoreCase ? name.toLowerCase() : name) { + case "allowtemplatefromheader": + case "allowTemplateFromHeader": return target.isAllowTemplateFromHeader(); case "basicpropertybinding": case "basicPropertyBinding": return target.isBasicPropertyBinding(); case "contentcache": diff --git a/components/camel-mustache/src/generated/resources/org/apache/camel/component/mustache/mustache.json b/components/camel-mustache/src/generated/resources/org/apache/camel/component/mustache/mustache.json index ee24e90..b367f50 100644 --- a/components/camel-mustache/src/generated/resources/org/apache/camel/component/mustache/mustache.json +++ b/components/camel-mustache/src/generated/resources/org/apache/camel/component/mustache/mustache.json @@ -21,12 +21,14 @@ "lenientProperties": false }, "componentProperties": { + "allowTemplateFromHeader": { "kind": "property", "displayName": "Allow Template From Header", "group": "producer", "label": "", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "secret": false, "defaultValue": "false", "description": "Whether to allow to use resource template from header or not (default false). Enabling this allows to specify dynamic templates via message header. However this can be seen as a potential security vulnerability if the he [...] "lazyStartProducer": { "kind": "property", "displayName": "Lazy Start Producer", "group": "producer", "label": "producer", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "secret": false, "defaultValue": false, "description": "Whether the producer should be started lazy (on the first message). By starting lazy you can use this to allow CamelContext and routes to startup in situations where a producer may otherwise fail during starting and cause the r [...] "basicPropertyBinding": { "kind": "property", "displayName": "Basic Property Binding", "group": "advanced", "label": "advanced", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "secret": false, "defaultValue": false, "description": "Whether the component should use basic property binding (Camel 2.x) or the newer property binding with additional capabilities" }, "mustacheFactory": { "kind": "property", "displayName": "Mustache Factory", "group": "advanced", "label": "advanced", "required": false, "type": "object", "javaType": "com.github.mustachejava.MustacheFactory", "deprecated": false, "secret": false, "description": "To use a custom MustacheFactory" } }, "properties": { "resourceUri": { "kind": "path", "displayName": "Resource Uri", "group": "producer", "label": "", "required": true, "type": "string", "javaType": "java.lang.String", "deprecated": false, "deprecationNote": "", "secret": false, "description": "Path to the resource. You can prefix with: classpath, file, http, ref, or bean. classpath, file and http loads the resource using these protocols (classpath is default). ref will lookup the resource in the registry. bean will call a method on a [...] + "allowTemplateFromHeader": { "kind": "parameter", "displayName": "Allow Template From Header", "group": "producer", "label": "", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "secret": false, "defaultValue": "false", "description": "Whether to allow to use resource template from header or not (default false). Enabling this allows to specify dynamic templates via message header. However this can be seen as a potential security vulnerability if the h [...] "contentCache": { "kind": "parameter", "displayName": "Content Cache", "group": "producer", "label": "", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "secret": false, "defaultValue": "false", "description": "Sets whether to use resource content cache or not" }, "encoding": { "kind": "parameter", "displayName": "Encoding", "group": "producer", "label": "", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "secret": false, "description": "Character encoding of the resource content." }, "endDelimiter": { "kind": "parameter", "displayName": "End Delimiter", "group": "producer", "label": "", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "secret": false, "defaultValue": "}}", "description": "Characters used to mark template code end." }, diff --git a/components/camel-mustache/src/main/docs/mustache-component.adoc b/components/camel-mustache/src/main/docs/mustache-component.adoc index 3aebe22..bd32e4b 100644 --- a/components/camel-mustache/src/main/docs/mustache-component.adoc +++ b/components/camel-mustache/src/main/docs/mustache-component.adoc @@ -46,13 +46,14 @@ You can append query options to the URI in the following format, // component options: START -The Mustache component supports 3 options, which are listed below. +The Mustache component supports 4 options, which are listed below. [width="100%",cols="2,5,^1,2",options="header"] |=== | Name | Description | Default | Type +| *allowTemplateFromHeader* (producer) | Whether to allow to use resource template from header or not (default false). Enabling this allows to specify dynamic templates via message header. However this can be seen as a potential security vulnerability if the header is coming from a malicious user, so use this with care. | false | boolean | *lazyStartProducer* (producer) | Whether the producer should be started lazy (on the first message). By starting lazy you can use this to allow CamelContext and routes to startup in situations where a producer may otherwise fail during starting and cause the route to fail being started. By deferring this startup to be lazy then the startup failure can be handled during routing messages via Camel's routing error handlers. Beware that when the first message is processed then creating and [...] | *basicPropertyBinding* (advanced) | Whether the component should use basic property binding (Camel 2.x) or the newer property binding with additional capabilities | false | boolean | *mustacheFactory* (advanced) | To use a custom MustacheFactory | | MustacheFactory @@ -85,12 +86,13 @@ with the following path and query parameters: |=== -=== Query Parameters (7 parameters): +=== Query Parameters (8 parameters): [width="100%",cols="2,5,^1,2",options="header"] |=== | Name | Description | Default | Type +| *allowTemplateFromHeader* (producer) | Whether to allow to use resource template from header or not (default false). Enabling this allows to specify dynamic templates via message header. However this can be seen as a potential security vulnerability if the header is coming from a malicious user, so use this with care. | false | boolean | *contentCache* (producer) | Sets whether to use resource content cache or not | false | boolean | *encoding* (producer) | Character encoding of the resource content. | | String | *endDelimiter* (producer) | Characters used to mark template code end. | }} | String diff --git a/components/camel-mustache/src/main/java/org/apache/camel/component/mustache/MustacheComponent.java b/components/camel-mustache/src/main/java/org/apache/camel/component/mustache/MustacheComponent.java index 6e4dbaa..a5bce85 100644 --- a/components/camel-mustache/src/main/java/org/apache/camel/component/mustache/MustacheComponent.java +++ b/components/camel-mustache/src/main/java/org/apache/camel/component/mustache/MustacheComponent.java @@ -38,6 +38,9 @@ import org.apache.camel.support.DefaultComponent; @Component("mustache") public class MustacheComponent extends DefaultComponent { + @Metadata(defaultValue = "false") + private boolean allowTemplateFromHeader; + @Metadata(label = "advanced") private MustacheFactory mustacheFactory = new DefaultMustacheFactory(); @@ -48,6 +51,7 @@ public class MustacheComponent extends DefaultComponent { protected Endpoint createEndpoint(String uri, String remaining, Map<String, Object> parameters) throws Exception { MustacheEndpoint endpoint = new MustacheEndpoint(uri, this, remaining); endpoint.setMustacheFactory(getMustacheFactory()); + endpoint.setAllowTemplateFromHeader(allowTemplateFromHeader); setProperties(endpoint, parameters); return endpoint; } @@ -63,4 +67,18 @@ public class MustacheComponent extends DefaultComponent { this.mustacheFactory = mustacheFactory; } + public boolean isAllowTemplateFromHeader() { + return allowTemplateFromHeader; + } + + /** + * Whether to allow to use resource template from header or not (default false). + * + * Enabling this allows to specify dynamic templates via message header. However this can + * be seen as a potential security vulnerability if the header is coming from a malicious user, so use this with care. + */ + public void setAllowTemplateFromHeader(boolean allowTemplateFromHeader) { + this.allowTemplateFromHeader = allowTemplateFromHeader; + } + } diff --git a/components/camel-mustache/src/main/java/org/apache/camel/component/mustache/MustacheEndpoint.java b/components/camel-mustache/src/main/java/org/apache/camel/component/mustache/MustacheEndpoint.java index 89c6c32..a365cbc 100644 --- a/components/camel-mustache/src/main/java/org/apache/camel/component/mustache/MustacheEndpoint.java +++ b/components/camel-mustache/src/main/java/org/apache/camel/component/mustache/MustacheEndpoint.java @@ -47,6 +47,9 @@ public class MustacheEndpoint extends ResourceEndpoint { private MustacheFactory mustacheFactory; private Mustache mustache; + + @UriParam(defaultValue = "false") + private boolean allowTemplateFromHeader; @UriParam private String encoding; @UriParam(defaultValue = "{{") @@ -79,33 +82,40 @@ public class MustacheEndpoint extends ResourceEndpoint { @Override protected void onExchange(Exchange exchange) throws Exception { - String newResourceUri = exchange.getIn().getHeader(MUSTACHE_RESOURCE_URI, String.class); - if (newResourceUri == null) { - // Get Mustache - String newTemplate = exchange.getIn().getHeader(MUSTACHE_TEMPLATE, String.class); - Mustache newMustache; - if (newTemplate == null) { - newMustache = getOrCreateMustache(); - } else { - newMustache = createMustache(new StringReader(newTemplate), "mustache:temp#" + newTemplate.hashCode()); - exchange.getIn().removeHeader(MUSTACHE_TEMPLATE); - } - - // Execute Mustache - Map<String, Object> variableMap = ExchangeHelper.createVariableMap(exchange); - StringWriter writer = new StringWriter(); - newMustache.execute(writer, variableMap); - writer.flush(); - - // Fill out message - Message out = exchange.getOut(); - out.setBody(writer.toString()); - out.setHeaders(exchange.getIn().getHeaders()); - } else { + String newResourceUri = null; + if (allowTemplateFromHeader) { + newResourceUri = exchange.getIn().getHeader(MUSTACHE_RESOURCE_URI, String.class); + } + if (newResourceUri != null) { exchange.getIn().removeHeader(MustacheConstants.MUSTACHE_RESOURCE_URI); MustacheEndpoint newEndpoint = getCamelContext().getEndpoint(MUSTACHE_ENDPOINT_URI_PREFIX + newResourceUri, MustacheEndpoint.class); newEndpoint.onExchange(exchange); + return; } + + // Get Mustache + String newTemplate = null; + if (allowTemplateFromHeader) { + newTemplate = exchange.getIn().getHeader(MUSTACHE_TEMPLATE, String.class); + } + Mustache newMustache; + if (newTemplate == null) { + newMustache = getOrCreateMustache(); + } else { + newMustache = createMustache(new StringReader(newTemplate), "mustache:temp#" + newTemplate.hashCode()); + exchange.getIn().removeHeader(MUSTACHE_TEMPLATE); + } + + // Execute Mustache + Map<String, Object> variableMap = ExchangeHelper.createVariableMap(exchange); + StringWriter writer = new StringWriter(); + newMustache.execute(writer, variableMap); + writer.flush(); + + // Fill out message + Message out = exchange.getOut(); + out.setBody(writer.toString()); + out.setHeaders(exchange.getIn().getHeaders()); } /** @@ -204,4 +214,18 @@ public class MustacheEndpoint extends ResourceEndpoint { this.endDelimiter = endDelimiter; } + public boolean isAllowTemplateFromHeader() { + return allowTemplateFromHeader; + } + + /** + * Whether to allow to use resource template from header or not (default false). + * + * Enabling this allows to specify dynamic templates via message header. However this can + * be seen as a potential security vulnerability if the header is coming from a malicious user, so use this with care. + */ + public void setAllowTemplateFromHeader(boolean allowTemplateFromHeader) { + this.allowTemplateFromHeader = allowTemplateFromHeader; + } + } diff --git a/components/camel-mustache/src/test/java/org/apache/camel/component/mustache/MustacheComponentTest.java b/components/camel-mustache/src/test/java/org/apache/camel/component/mustache/MustacheComponentTest.java index f52e3f2..21c07a6 100644 --- a/components/camel-mustache/src/test/java/org/apache/camel/component/mustache/MustacheComponentTest.java +++ b/components/camel-mustache/src/test/java/org/apache/camel/component/mustache/MustacheComponentTest.java @@ -137,6 +137,9 @@ public class MustacheComponentTest extends CamelTestSupport { return new RouteBuilder() { @Override public void configure() { + MustacheComponent mc = context.getComponent("mustache", MustacheComponent.class); + mc.setAllowTemplateFromHeader(true); + from("direct:startSimple") .to("mustache://simple.mustache") .to("mock:endSimple"); diff --git a/core/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/MustacheComponentBuilderFactory.java b/core/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/MustacheComponentBuilderFactory.java index c151b6b..2896ba7 100644 --- a/core/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/MustacheComponentBuilderFactory.java +++ b/core/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/MustacheComponentBuilderFactory.java @@ -49,6 +49,23 @@ public interface MustacheComponentBuilderFactory { extends ComponentBuilder<MustacheComponent> { /** + * Whether to allow to use resource template from header or not (default + * false). Enabling this allows to specify dynamic templates via message + * header. However this can be seen as a potential security + * vulnerability if the header is coming from a malicious user, so use + * this with care. + * + * The option is a: <code>boolean</code> type. + * + * Default: false + * Group: producer + */ + default MustacheComponentBuilder allowTemplateFromHeader( + boolean allowTemplateFromHeader) { + doSetProperty("allowTemplateFromHeader", allowTemplateFromHeader); + return this; + } + /** * Whether the producer should be started lazy (on the first message). * By starting lazy you can use this to allow CamelContext and routes to * startup in situations where a producer may otherwise fail during @@ -113,6 +130,7 @@ public interface MustacheComponentBuilderFactory { String name, Object value) { switch (name) { + case "allowTemplateFromHeader": ((MustacheComponent) component).setAllowTemplateFromHeader((boolean) value); return true; case "lazyStartProducer": ((MustacheComponent) component).setLazyStartProducer((boolean) value); return true; case "basicPropertyBinding": ((MustacheComponent) component).setBasicPropertyBinding((boolean) value); return true; case "mustacheFactory": ((MustacheComponent) component).setMustacheFactory((com.github.mustachejava.MustacheFactory) value); return true; diff --git a/core/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/MustacheEndpointBuilderFactory.java b/core/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/MustacheEndpointBuilderFactory.java index 76a6e4a..487fb9a 100644 --- a/core/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/MustacheEndpointBuilderFactory.java +++ b/core/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/MustacheEndpointBuilderFactory.java @@ -38,6 +38,40 @@ public interface MustacheEndpointBuilderFactory { return (AdvancedMustacheEndpointBuilder) this; } /** + * Whether to allow to use resource template from header or not (default + * false). Enabling this allows to specify dynamic templates via message + * header. However this can be seen as a potential security + * vulnerability if the header is coming from a malicious user, so use + * this with care. + * + * The option is a: <code>boolean</code> type. + * + * Default: false + * Group: producer + */ + default MustacheEndpointBuilder allowTemplateFromHeader( + boolean allowTemplateFromHeader) { + doSetProperty("allowTemplateFromHeader", allowTemplateFromHeader); + return this; + } + /** + * Whether to allow to use resource template from header or not (default + * false). Enabling this allows to specify dynamic templates via message + * header. However this can be seen as a potential security + * vulnerability if the header is coming from a malicious user, so use + * this with care. + * + * The option will be converted to a <code>boolean</code> type. + * + * Default: false + * Group: producer + */ + default MustacheEndpointBuilder allowTemplateFromHeader( + String allowTemplateFromHeader) { + doSetProperty("allowTemplateFromHeader", allowTemplateFromHeader); + return this; + } + /** * Sets whether to use resource content cache or not. * * The option is a: <code>boolean</code> type.
