[jira] [Commented] (CAMEL-12480) HttpOperationFailedException exposes password when using basic auth with user:password@host notation

Fri, 04 May 2018 10:58:16 -0700 

    [ 
https://issues.apache.org/jira/browse/CAMEL-12480?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16464208#comment-16464208
 ] 

ASF GitHub Bot commented on CAMEL-12480:
----------------------------------------

GitHub user PascalSchumacher opened a pull request:

    https://github.com/apache/camel/pull/2317

    CAMEL-12480: HttpOperationFailedException exposes password when using…

    … basic auth with user:password@host notation
    
    Sanitize URI in HttpOperationFailedException constructor.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/PascalSchumacher/camel 
HttpOperationFailedException_exposes_password

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/camel/pull/2317.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #2317
    
----
commit fa9062d25ec8a229e2ce2407653bb1886045da71
Author: Pascal Schumacher <pascalschumacher@...>
Date:   2018-05-04T17:56:53Z

    CAMEL-12480: HttpOperationFailedException exposes password when using basic 
auth with user:password@host notation
    
    Sanitize URI in HttpOperationFailedException constructor.

----


> HttpOperationFailedException exposes password when using basic auth with 
> user:password@host notation
> ----------------------------------------------------------------------------------------------------
>
>                 Key: CAMEL-12480
>                 URL: https://issues.apache.org/jira/browse/CAMEL-12480
>             Project: Camel
>          Issue Type: Bug
>          Components: camel-http-common
>    Affects Versions: 2.21.0
>            Reporter: Pascal Schumacher
>            Priority: Minor
>             Fix For: 2.20.4, 2.21.2, 2.22.0
>
>
> Simplified route:
> {code}
> from(inUri)
>             .toD("http4://user:password@host:port/path");
> {code}
> When a HttpOperationFailedException occurs the message contains the unmasked 
> password e.g. "HTTP operation failed invoking 
> http://user:password@host:port/path ..."
> I guess Camel should mask the password.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to