CAMEL-23543: Centralize and harden Camel* header filtering in DefaultHeaderFilterStrategy#23652
Open
ammachado wants to merge 6 commits into
Open
CAMEL-23543: Centralize and harden Camel* header filtering in DefaultHeaderFilterStrategy#23652ammachado wants to merge 6 commits into
ammachado wants to merge 6 commits into
Conversation
davsclaus
approved these changes
May 31, 2026
Contributor
davsclaus
left a comment
davsclaus
left a comment
There was a problem hiding this comment.
Well-executed security hardening — the change aligns with design/headers.adoc which states that DefaultHeaderFilterStrategy should strip Camel* and org.apache.camel.* by default. Making that the actual default rather than requiring each component to opt in is the right move.
All 6 deleted strategy classes were verified as pure no-ops, callers are properly updated, the .clone() on field initializers prevents shared mutable state, and the JMS opt-out is correctly implemented with good test coverage.
One minor suggestion on the upgrade guide below.
This review covers project conventions and correctness. It does not replace specialized review tools such as CodeRabbit, Sourcery, or SonarCloud.
This review was generated by an AI agent and may contain inaccuracies. Please verify all suggestions before applying.
Contributor
|
Note that |
Contributor
|
🌟 Thank you for your contribution to the Apache Camel project! 🌟 🐫 Apache Camel Committers, please review the following items:
|
Contributor
|
🧪 CI tested the following changed modules:
|
…efaultHeaderFilterStrategy
- Default `inFilterStartsWith` and `outFilterStartsWith` to `CAMEL_FILTER_STARTS_WITH` in
`DefaultHeaderFilterStrategy`, so all consumers and producers block `Camel*`, `camel*`, and
`org.apache.camel.*` headers by default without per-component boilerplate
- Extend `CAMEL_FILTER_STARTS_WITH` to include `org.apache.camel.` alongside `Camel` and `camel`
- Remove now-redundant `setInFilterStartsWith` / `setOutFilterStartsWith(CAMEL_FILTER_STARTS_WITH)`
calls from 20+ component-specific strategies
- `ClassicJmsHeaderFilterStrategy` explicitly opts out (null) to preserve legacy pass-through behavior
- `KafkaHeaderFilterStrategy` builds its array from the constant + `kafka.` via `Arrays.copyOf`
- `Sns2` / `Sqs2` / `KnativeHttp` replace redundant regex patterns with a `getOutFilter().add("breadcrumbId")`
set entry (SNS/SQS) or no extra filtering (Knative), relying on the default startsWith
- Add tests verifying both directions filter by default; update 4.21 upgrade guide
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
rh-pre-commit.version: 2.3.2
rh-pre-commit.check-secrets: ENABLED
…trategy subclasses - DefaultHeaderFilterStrategy: use .clone() on field initializers so each instance gets its own array copy; mutating the public CAMEL_FILTER_STARTS_WITH constant no longer corrupts all instances - Change CAMEL_FILTER_STARTS_WITH from "org.apache.camel." to "org.apache.camel" (no trailing dot) so the bare prefix "org.apache.camel" is also blocked - Update deprecated CAMEL_FILTER_PATTERN regex and its fast-path in tryPattern to cover the org.apache.camel namespace consistently - Remove redundant setLowerCase(true) calls from HTTP strategies (lowerCase=true is already the field-initializer default) - Fix HttpBridgeMultipartRouteTest inner strategy: remove setLowerCase(true) and the now-redundant setOutFilterStartsWith(CAMEL_FILTER_STARTS_WITH) call - Add ClassicJmsHeaderFilterStrategyTest to directly assert Camel headers pass through in both directions in legacy mode (opt-out via null startsWith) - Expand upgrade guide to cover subclass authors, not just direct instantiators; add pointer to ClassicJmsHeaderFilterStrategy as a worked opt-out example - Remove six no-op header filter strategy subclasses whose only body was setLowerCase(true), which is now the default: CoAPHeaderFilterStrategy, CometdHeaderFilterStrategy, IggyHeaderFilterStrategy, NatsHeaderFilterStrategy, VertxWebsocketHeaderFilterStrategy, XmppHeaderFilterStrategy. Update all callers to instantiate DefaultHeaderFilterStrategy directly. Delete associated test files. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> rh-pre-commit.version: 2.3.2 rh-pre-commit.check-secrets: ENABLED
- Remove org.apache.camel from CAMEL_FILTER_STARTS_WITH: this prefix was a Camel 1.x artifact; Camel 2+ uses Camel* syntax only - Add upgrade guide note listing the 6 removed header filter strategy classes and directing users to use DefaultHeaderFilterStrategy instead Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: Adriano Machado <60320+ammachado@users.noreply.github.com> Signed-off-by: Adriano Machado <60320+ammachado@users.noreply.github.com> rh-pre-commit.version: 2.3.2 rh-pre-commit.check-secrets: ENABLED
…pt-out DefaultHeaderFilterStrategy already defaults lowerCase to true; remove the redundant setLowerCase(true) calls from all subclasses. Also add upgrade guide note on setLowerCase(false) for users who need case-sensitive header matching. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> rh-pre-commit.version: 2.3.2 rh-pre-commit.check-secrets: ENABLED
rh-pre-commit.version: 2.3.2 rh-pre-commit.check-secrets: ENABLED
…eaders in copyHeaders HttpProtocolHeaderFilterStrategy inherited the new default inFilterStartsWith (["Camel", "camel"]) from DefaultHeaderFilterStrategy, causing MessageHelper.copyHeaders in HttpProducer to silently drop Camel-prefixed headers (e.g. CamelFileName) from the request exchange when building the response message. Reset inFilterStartsWith to null in initialize() since this strategy only filters HTTP protocol headers, not Camel internals. Also: switch HttpProducer to import from camel-http-base directly, deprecate the empty camel-http-common wrapper class, and document both in the 4.21 upgrade guide. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> rh-pre-commit.version: 2.3.2 rh-pre-commit.check-secrets: ENABLED
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Centralises Camel-internal header filtering in
DefaultHeaderFilterStrategyso every component gets secure defaults without having to callsetInFilterStartsWith/setOutFilterStartsWithexplicitly.DefaultHeaderFilterStrategynow initialisesinFilterStartsWithandoutFilterStartsWithtoCAMEL_FILTER_STARTS_WITHby default (previouslynull).CAMEL_FILTER_STARTS_WITHextended to["Camel", "camel", "org.apache.camel"](was["Camel", "camel"]).ClassicJmsHeaderFilterStrategyexplicitly opts out viasetInFilterStartsWith((String[]) null)to preserve legacy Camel-header-passthrough behaviour.camel-4x-upgrade-guide-4_21.adoc).setLowerCase(true)calls: removed fromcamel-http-baseandcamel-http-commonHTTP strategies;lowerCase=trueis already the field-initialiser default.ClassicJmsHeaderFilterStrategyTestdirectly asserting that Camel headers pass through in both directions.CoAPHeaderFilterStrategy,CometdHeaderFilterStrategy,IggyHeaderFilterStrategy,NatsHeaderFilterStrategy,VertxWebsocketHeaderFilterStrategy, andXmppHeaderFilterStrategy. All six classes and their test files have been deleted; callers instantiateDefaultHeaderFilterStrategydirectly.Target
mainbranch)Tracking
Apache Camel coding standards and style
mvn clean install -DskipTestslocally from root folder and I have committed all auto-generated changes.Claude Code on behalf of Adriano Machado