Claus Ibsen created CAMEL-13042:
-----------------------------------
Summary: camel-core - File producer should by default not allow
writing files to directories outside its starting directory
Key: CAMEL-13042
URL: https://issues.apache.org/jira/browse/CAMEL-13042
Project: Camel
Issue Type: Improvement
Components: camel-core
Affects Versions: 2.23.0
Reporter: Claus Ibsen
Assignee: Claus Ibsen
Fix For: 3.0.0, 2.24.0
For example
{code:xml}
<from uri="file:src/test/resources/data?noop=true"/>
<setHeader headerName="CamelFileName">
<simple>../../${file:name}</simple>
</setHeader>
<to uri="file:target/results"/>
{code}
Can write the file outside the target/results folder. We should not allow this
by default to be more security friendly.
We should add a new option (maybe name it jailStartingDirectory or
allowWriteOutsideStartingDirectory) or some better name
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
