B.Schlops created CAMEL-22926:
---------------------------------
Summary: GooglePubsubProducer applies HeaderFilterStrategy
incorrectly, causing Camel headers to leak as Pub/Sub attributes
Key: CAMEL-22926
URL: https://issues.apache.org/jira/browse/CAMEL-22926
Project: Camel
Issue Type: Bug
Components: camel-pubnub
Affects Versions: 4.17.0
Environment: * Apache Camel: *4.17*
* Component: *camel-google-pubsub*
* Spring Boot: *3.5*
Reporter: B.Schlops
h4. *Problem*
When using the {{camel-google-pubsub}} component with a configured
{{{}HeaderFilterStrategy{}}}, sensitive Camel headers (e.g.
{{{}Authorization{}}}, {{{}Cookie{}}}) are still propagated as Google Pub/Sub
message attributes.
This happens even though a global {{HeaderFilterStrategy}} is configured on the
{{GooglePubsubComponent}} and the headers are explicitly listed in the
{{{}outFilter{}}}.
This behavior violates the expected Camel contract for {{HeaderFilterStrategy}}
and poses a security/compliance risk, as sensitive headers may be
unintentionally exposed to external systems.
*Expected Behavior*
When publishing messages to Google Pub/Sub:
* Camel headers must be filtered using
{{HeaderFilterStrategy.applyFilterToCamelHeaders(...)}}
* Headers matching the configured {{outFilter}} must *not* be propagated as
Pub/Sub message attributes
* Sensitive headers such as {{Authorization}} or {{Cookie}} must never appear
on the consumer side
h4. *Actual Behavior*
The {{GooglePubsubProducer}} applies the header filter using:
headerFilterStrategy.applyFilterToExternalHeaders(...)
while iterating over {*}Camel message headers{*}.
As a result, {{outFilter}} rules are not applied correctly and Camel headers
are propagated to Pub/Sub attributes.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
