[jira] [Commented] (CAMEL-12480) HttpOperationFailedException exposes password when using basic auth with user:password@host notation

Fri, 04 May 2018 22:53:40 -0700 

    [ 
https://issues.apache.org/jira/browse/CAMEL-12480?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16464634#comment-16464634
 ] 

ASF GitHub Bot commented on CAMEL-12480:
----------------------------------------

davsclaus commented on issue #2317: CAMEL-12480: HttpOperationFailedException 
exposes password when using…
URL: https://github.com/apache/camel/pull/2317#issuecomment-386781964
 
 
   You need to do the same for other components as well
   ```
   workspace/camel/components (master)/$ git grep "HTTP operation failed"
   
camel-ahc/src/main/java/org/apache/camel/component/ahc/AhcOperationFailedException.java:
        super("HTTP operation failed invoking " + url + " with statusCode: " + 
statusCode + (location != null ? ", redirectLocation: " + location : ""));
   
camel-http-common/src/main/java/org/apache/camel/http/common/HttpOperationFailedException.java:
        super("HTTP operation failed invoking " + uri + " with statusCode: " + 
statusCode + (location != null ? ", redirectLocation: " + location : ""));
   
camel-netty-http/src/main/java/org/apache/camel/component/netty/http/NettyHttpOperationFailedException.java:
 * Exception when a Netty HTTP operation failed.
   
camel-netty-http/src/main/java/org/apache/camel/component/netty/http/NettyHttpOperationFailedException.java:
        super("Netty HTTP operation failed invoking " + uri + " with 
statusCode: " + statusCode + (location != null ? ", redirectLocation: " + 
location : ""));
   
camel-netty4-http/src/main/java/org/apache/camel/component/netty4/http/NettyHttpOperationFailedException.java:
 * Exception when a Netty HTTP operation failed.
   
camel-netty4-http/src/main/java/org/apache/camel/component/netty4/http/NettyHttpOperationFailedException.java:
        super("Netty HTTP operation failed invoking " + uri + " with 
statusCode: " + statusCode + (location != null ? ", redirectLocation: " + 
location : ""));
   ```

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


> HttpOperationFailedException exposes password when using basic auth with 
> user:password@host notation
> ----------------------------------------------------------------------------------------------------
>
>                 Key: CAMEL-12480
>                 URL: https://issues.apache.org/jira/browse/CAMEL-12480
>             Project: Camel
>          Issue Type: Bug
>          Components: camel-http-common
>    Affects Versions: 2.21.0
>            Reporter: Pascal Schumacher
>            Priority: Minor
>             Fix For: 2.20.4, 2.21.2, 2.22.0
>
>
> Simplified route:
> {code}
> from(inUri)
>             .toD("http4://user:password@host:port/path");
> {code}
> When a HttpOperationFailedException occurs the message contains the unmasked 
> password e.g. "HTTP operation failed invoking 
> http://user:password@host:port/path ..."
> I guess Camel should mask the password.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to